1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="cloudresourcemanager_v1beta1.html">Cloud Resource Manager API</a> . <a href="cloudresourcemanager_v1beta1.organizations.html">organizations</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#get">get(name, organizationId=None, x__xgafv=None)</a></code></p> 79<p class="firstline">Fetches an Organization resource identified by the specified resource name.</p> 80<p class="toc_element"> 81 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p> 82<p class="firstline">Gets the access control policy for an Organization resource. May be empty</p> 83<p class="toc_element"> 84 <code><a href="#list">list(pageSize=None, pageToken=None, x__xgafv=None, filter=None)</a></code></p> 85<p class="firstline">Lists Organization resources that are visible to the user and satisfy</p> 86<p class="toc_element"> 87 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 88<p class="firstline">Retrieves the next page of results.</p> 89<p class="toc_element"> 90 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 91<p class="firstline">Sets the access control policy on an Organization resource. Replaces any</p> 92<p class="toc_element"> 93 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 94<p class="firstline">Returns permissions that a caller has on the specified Organization.</p> 95<p class="toc_element"> 96 <code><a href="#update">update(name, body, x__xgafv=None)</a></code></p> 97<p class="firstline">Updates an Organization resource identified by the specified resource name.</p> 98<h3>Method Details</h3> 99<div class="method"> 100 <code class="details" id="get">get(name, organizationId=None, x__xgafv=None)</code> 101 <pre>Fetches an Organization resource identified by the specified resource name. 102 103Args: 104 name: string, The resource name of the Organization to fetch. This is the organization's 105relative path in the API, formatted as "organizations/[organizationId]". 106For example, "organizations/1234". (required) 107 organizationId: string, The id of the Organization resource to fetch. 108This field is deprecated and will be removed in v1. Use name instead. 109 x__xgafv: string, V1 error format. 110 Allowed values 111 1 - v1 error format 112 2 - v2 error format 113 114Returns: 115 An object of the form: 116 117 { # The root node in the resource hierarchy to which a particular entity's 118 # (e.g., company) resources belong. 119 "displayName": "A String", # A human-readable string that refers to the Organization in the 120 # GCP Console UI. This string is set by the server and cannot be 121 # changed. The string will be set to the primary domain (for example, 122 # "google.com") of the G Suite customer that owns the organization. 123 # @OutputOnly 124 "name": "A String", # Output Only. The resource name of the organization. This is the 125 # organization's relative path in the API. Its format is 126 # "organizations/[organization_id]". For example, "organizations/1234". 127 "organizationId": "A String", # An immutable id for the Organization that is assigned on creation. This 128 # should be omitted when creating a new Organization. 129 # This field is read-only. 130 "creationTime": "A String", # Timestamp when the Organization was created. Assigned by the server. 131 # @OutputOnly 132 "lifecycleState": "A String", # The organization's current lifecycle state. Assigned by the server. 133 # @OutputOnly 134 "owner": { # The entity that owns an Organization. The lifetime of the Organization and # The owner of this Organization. The owner should be specified on 135 # creation. Once set, it cannot be changed. 136 # This field is required. 137 # all of its descendants are bound to the `OrganizationOwner`. If the 138 # `OrganizationOwner` is deleted, the Organization and all its descendants will 139 # be deleted. 140 "directoryCustomerId": "A String", # The G Suite customer id used in the Directory API. 141 }, 142 }</pre> 143</div> 144 145<div class="method"> 146 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code> 147 <pre>Gets the access control policy for an Organization resource. May be empty 148if no such policy or resource exists. The `resource` field should be the 149organization's resource name, e.g. "organizations/123". 150 151Args: 152 resource: string, REQUIRED: The resource for which the policy is being requested. 153See the operation documentation for the appropriate value for this field. (required) 154 body: object, The request body. 155 The object takes the form of: 156 157{ # Request message for `GetIamPolicy` method. 158 } 159 160 x__xgafv: string, V1 error format. 161 Allowed values 162 1 - v1 error format 163 2 - v2 error format 164 165Returns: 166 An object of the form: 167 168 { # Defines an Identity and Access Management (IAM) policy. It is used to 169 # specify access control policies for Cloud Platform resources. 170 # 171 # 172 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 173 # `members` to a `role`, where the members can be user accounts, Google groups, 174 # Google domains, and service accounts. A `role` is a named list of permissions 175 # defined by IAM. 176 # 177 # **JSON Example** 178 # 179 # { 180 # "bindings": [ 181 # { 182 # "role": "roles/owner", 183 # "members": [ 184 # "user:mike@example.com", 185 # "group:admins@example.com", 186 # "domain:google.com", 187 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 188 # ] 189 # }, 190 # { 191 # "role": "roles/viewer", 192 # "members": ["user:sean@example.com"] 193 # } 194 # ] 195 # } 196 # 197 # **YAML Example** 198 # 199 # bindings: 200 # - members: 201 # - user:mike@example.com 202 # - group:admins@example.com 203 # - domain:google.com 204 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 205 # role: roles/owner 206 # - members: 207 # - user:sean@example.com 208 # role: roles/viewer 209 # 210 # 211 # For a description of IAM and its features, see the 212 # [IAM developer's guide](https://cloud.google.com/iam/docs). 213 "bindings": [ # Associates a list of `members` to a `role`. 214 # `bindings` with no members will result in an error. 215 { # Associates `members` with a `role`. 216 "role": "A String", # Role that is assigned to `members`. 217 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 218 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 219 # NOTE: An unsatisfied condition will not allow user access via current 220 # binding. Different bindings, including their conditions, are examined 221 # independently. 222 # 223 # title: "User account presence" 224 # description: "Determines whether the request has a user account" 225 # expression: "size(request.user) > 0" 226 "description": "A String", # An optional description of the expression. This is a longer text which 227 # describes the expression, e.g. when hovered over it in a UI. 228 "expression": "A String", # Textual representation of an expression in 229 # Common Expression Language syntax. 230 # 231 # The application context of the containing message determines which 232 # well-known feature set of CEL is supported. 233 "location": "A String", # An optional string indicating the location of the expression for error 234 # reporting, e.g. a file name and a position in the file. 235 "title": "A String", # An optional title for the expression, i.e. a short string describing 236 # its purpose. This can be used e.g. in UIs which allow to enter the 237 # expression. 238 }, 239 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 240 # `members` can have the following values: 241 # 242 # * `allUsers`: A special identifier that represents anyone who is 243 # on the internet; with or without a Google account. 244 # 245 # * `allAuthenticatedUsers`: A special identifier that represents anyone 246 # who is authenticated with a Google account or a service account. 247 # 248 # * `user:{emailid}`: An email address that represents a specific Google 249 # account. For example, `alice@gmail.com` . 250 # 251 # 252 # * `serviceAccount:{emailid}`: An email address that represents a service 253 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 254 # 255 # * `group:{emailid}`: An email address that represents a Google group. 256 # For example, `admins@example.com`. 257 # 258 # 259 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 260 # users of that domain. For example, `google.com` or `example.com`. 261 # 262 "A String", 263 ], 264 }, 265 ], 266 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 267 { # Specifies the audit configuration for a service. 268 # The configuration determines which permission types are logged, and what 269 # identities, if any, are exempted from logging. 270 # An AuditConfig must have one or more AuditLogConfigs. 271 # 272 # If there are AuditConfigs for both `allServices` and a specific service, 273 # the union of the two AuditConfigs is used for that service: the log_types 274 # specified in each AuditConfig are enabled, and the exempted_members in each 275 # AuditLogConfig are exempted. 276 # 277 # Example Policy with multiple AuditConfigs: 278 # 279 # { 280 # "audit_configs": [ 281 # { 282 # "service": "allServices" 283 # "audit_log_configs": [ 284 # { 285 # "log_type": "DATA_READ", 286 # "exempted_members": [ 287 # "user:foo@gmail.com" 288 # ] 289 # }, 290 # { 291 # "log_type": "DATA_WRITE", 292 # }, 293 # { 294 # "log_type": "ADMIN_READ", 295 # } 296 # ] 297 # }, 298 # { 299 # "service": "fooservice.googleapis.com" 300 # "audit_log_configs": [ 301 # { 302 # "log_type": "DATA_READ", 303 # }, 304 # { 305 # "log_type": "DATA_WRITE", 306 # "exempted_members": [ 307 # "user:bar@gmail.com" 308 # ] 309 # } 310 # ] 311 # } 312 # ] 313 # } 314 # 315 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 316 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 317 # bar@gmail.com from DATA_WRITE logging. 318 "auditLogConfigs": [ # The configuration for logging of each type of permission. 319 { # Provides the configuration for logging a type of permissions. 320 # Example: 321 # 322 # { 323 # "audit_log_configs": [ 324 # { 325 # "log_type": "DATA_READ", 326 # "exempted_members": [ 327 # "user:foo@gmail.com" 328 # ] 329 # }, 330 # { 331 # "log_type": "DATA_WRITE", 332 # } 333 # ] 334 # } 335 # 336 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 337 # foo@gmail.com from DATA_READ logging. 338 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 339 # permission. 340 # Follows the same format of Binding.members. 341 "A String", 342 ], 343 "logType": "A String", # The log type that this config enables. 344 }, 345 ], 346 "service": "A String", # Specifies a service that will be enabled for audit logging. 347 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 348 # `allServices` is a special value that covers all services. 349 }, 350 ], 351 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 352 # prevent simultaneous updates of a policy from overwriting each other. 353 # It is strongly suggested that systems make use of the `etag` in the 354 # read-modify-write cycle to perform policy updates in order to avoid race 355 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 356 # systems are expected to put that etag in the request to `setIamPolicy` to 357 # ensure that their change will be applied to the same version of the policy. 358 # 359 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 360 # policy is overwritten blindly. 361 "version": 42, # Deprecated. 362 }</pre> 363</div> 364 365<div class="method"> 366 <code class="details" id="list">list(pageSize=None, pageToken=None, x__xgafv=None, filter=None)</code> 367 <pre>Lists Organization resources that are visible to the user and satisfy 368the specified filter. This method returns Organizations in an unspecified 369order. New Organizations do not necessarily appear at the end of the list. 370 371Args: 372 pageSize: integer, The maximum number of Organizations to return in the response. 373This field is optional. 374 pageToken: string, A pagination token returned from a previous call to `ListOrganizations` 375that indicates from where listing should continue. 376This field is optional. 377 x__xgafv: string, V1 error format. 378 Allowed values 379 1 - v1 error format 380 2 - v2 error format 381 filter: string, An optional query string used to filter the Organizations to return in 382the response. Filter rules are case-insensitive. 383 384 385Organizations may be filtered by `owner.directoryCustomerId` or by 386`domain`, where the domain is a G Suite domain, for example: 387 388|Filter|Description| 389|------|-----------| 390|owner.directorycustomerid:123456789|Organizations with 391`owner.directory_customer_id` equal to `123456789`.| 392|domain:google.com|Organizations corresponding to the domain `google.com`.| 393 394This field is optional. 395 396Returns: 397 An object of the form: 398 399 { # The response returned from the `ListOrganizations` method. 400 "nextPageToken": "A String", # A pagination token to be used to retrieve the next page of results. If the 401 # result is too large to fit within the page size specified in the request, 402 # this field will be set with a token that can be used to fetch the next page 403 # of results. If this field is empty, it indicates that this response 404 # contains the last page of results. 405 "organizations": [ # The list of Organizations that matched the list query, possibly paginated. 406 { # The root node in the resource hierarchy to which a particular entity's 407 # (e.g., company) resources belong. 408 "displayName": "A String", # A human-readable string that refers to the Organization in the 409 # GCP Console UI. This string is set by the server and cannot be 410 # changed. The string will be set to the primary domain (for example, 411 # "google.com") of the G Suite customer that owns the organization. 412 # @OutputOnly 413 "name": "A String", # Output Only. The resource name of the organization. This is the 414 # organization's relative path in the API. Its format is 415 # "organizations/[organization_id]". For example, "organizations/1234". 416 "organizationId": "A String", # An immutable id for the Organization that is assigned on creation. This 417 # should be omitted when creating a new Organization. 418 # This field is read-only. 419 "creationTime": "A String", # Timestamp when the Organization was created. Assigned by the server. 420 # @OutputOnly 421 "lifecycleState": "A String", # The organization's current lifecycle state. Assigned by the server. 422 # @OutputOnly 423 "owner": { # The entity that owns an Organization. The lifetime of the Organization and # The owner of this Organization. The owner should be specified on 424 # creation. Once set, it cannot be changed. 425 # This field is required. 426 # all of its descendants are bound to the `OrganizationOwner`. If the 427 # `OrganizationOwner` is deleted, the Organization and all its descendants will 428 # be deleted. 429 "directoryCustomerId": "A String", # The G Suite customer id used in the Directory API. 430 }, 431 }, 432 ], 433 }</pre> 434</div> 435 436<div class="method"> 437 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 438 <pre>Retrieves the next page of results. 439 440Args: 441 previous_request: The request for the previous page. (required) 442 previous_response: The response from the request for the previous page. (required) 443 444Returns: 445 A request object that you can call 'execute()' on to request the next 446 page. Returns None if there are no more items in the collection. 447 </pre> 448</div> 449 450<div class="method"> 451 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 452 <pre>Sets the access control policy on an Organization resource. Replaces any 453existing policy. The `resource` field should be the organization's resource 454name, e.g. "organizations/123". 455 456Args: 457 resource: string, REQUIRED: The resource for which the policy is being specified. 458See the operation documentation for the appropriate value for this field. (required) 459 body: object, The request body. (required) 460 The object takes the form of: 461 462{ # Request message for `SetIamPolicy` method. 463 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 464 # the policy is limited to a few 10s of KB. An empty policy is a 465 # valid policy but certain Cloud Platform services (such as Projects) 466 # might reject them. 467 # specify access control policies for Cloud Platform resources. 468 # 469 # 470 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 471 # `members` to a `role`, where the members can be user accounts, Google groups, 472 # Google domains, and service accounts. A `role` is a named list of permissions 473 # defined by IAM. 474 # 475 # **JSON Example** 476 # 477 # { 478 # "bindings": [ 479 # { 480 # "role": "roles/owner", 481 # "members": [ 482 # "user:mike@example.com", 483 # "group:admins@example.com", 484 # "domain:google.com", 485 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 486 # ] 487 # }, 488 # { 489 # "role": "roles/viewer", 490 # "members": ["user:sean@example.com"] 491 # } 492 # ] 493 # } 494 # 495 # **YAML Example** 496 # 497 # bindings: 498 # - members: 499 # - user:mike@example.com 500 # - group:admins@example.com 501 # - domain:google.com 502 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 503 # role: roles/owner 504 # - members: 505 # - user:sean@example.com 506 # role: roles/viewer 507 # 508 # 509 # For a description of IAM and its features, see the 510 # [IAM developer's guide](https://cloud.google.com/iam/docs). 511 "bindings": [ # Associates a list of `members` to a `role`. 512 # `bindings` with no members will result in an error. 513 { # Associates `members` with a `role`. 514 "role": "A String", # Role that is assigned to `members`. 515 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 516 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 517 # NOTE: An unsatisfied condition will not allow user access via current 518 # binding. Different bindings, including their conditions, are examined 519 # independently. 520 # 521 # title: "User account presence" 522 # description: "Determines whether the request has a user account" 523 # expression: "size(request.user) > 0" 524 "description": "A String", # An optional description of the expression. This is a longer text which 525 # describes the expression, e.g. when hovered over it in a UI. 526 "expression": "A String", # Textual representation of an expression in 527 # Common Expression Language syntax. 528 # 529 # The application context of the containing message determines which 530 # well-known feature set of CEL is supported. 531 "location": "A String", # An optional string indicating the location of the expression for error 532 # reporting, e.g. a file name and a position in the file. 533 "title": "A String", # An optional title for the expression, i.e. a short string describing 534 # its purpose. This can be used e.g. in UIs which allow to enter the 535 # expression. 536 }, 537 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 538 # `members` can have the following values: 539 # 540 # * `allUsers`: A special identifier that represents anyone who is 541 # on the internet; with or without a Google account. 542 # 543 # * `allAuthenticatedUsers`: A special identifier that represents anyone 544 # who is authenticated with a Google account or a service account. 545 # 546 # * `user:{emailid}`: An email address that represents a specific Google 547 # account. For example, `alice@gmail.com` . 548 # 549 # 550 # * `serviceAccount:{emailid}`: An email address that represents a service 551 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 552 # 553 # * `group:{emailid}`: An email address that represents a Google group. 554 # For example, `admins@example.com`. 555 # 556 # 557 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 558 # users of that domain. For example, `google.com` or `example.com`. 559 # 560 "A String", 561 ], 562 }, 563 ], 564 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 565 { # Specifies the audit configuration for a service. 566 # The configuration determines which permission types are logged, and what 567 # identities, if any, are exempted from logging. 568 # An AuditConfig must have one or more AuditLogConfigs. 569 # 570 # If there are AuditConfigs for both `allServices` and a specific service, 571 # the union of the two AuditConfigs is used for that service: the log_types 572 # specified in each AuditConfig are enabled, and the exempted_members in each 573 # AuditLogConfig are exempted. 574 # 575 # Example Policy with multiple AuditConfigs: 576 # 577 # { 578 # "audit_configs": [ 579 # { 580 # "service": "allServices" 581 # "audit_log_configs": [ 582 # { 583 # "log_type": "DATA_READ", 584 # "exempted_members": [ 585 # "user:foo@gmail.com" 586 # ] 587 # }, 588 # { 589 # "log_type": "DATA_WRITE", 590 # }, 591 # { 592 # "log_type": "ADMIN_READ", 593 # } 594 # ] 595 # }, 596 # { 597 # "service": "fooservice.googleapis.com" 598 # "audit_log_configs": [ 599 # { 600 # "log_type": "DATA_READ", 601 # }, 602 # { 603 # "log_type": "DATA_WRITE", 604 # "exempted_members": [ 605 # "user:bar@gmail.com" 606 # ] 607 # } 608 # ] 609 # } 610 # ] 611 # } 612 # 613 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 614 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 615 # bar@gmail.com from DATA_WRITE logging. 616 "auditLogConfigs": [ # The configuration for logging of each type of permission. 617 { # Provides the configuration for logging a type of permissions. 618 # Example: 619 # 620 # { 621 # "audit_log_configs": [ 622 # { 623 # "log_type": "DATA_READ", 624 # "exempted_members": [ 625 # "user:foo@gmail.com" 626 # ] 627 # }, 628 # { 629 # "log_type": "DATA_WRITE", 630 # } 631 # ] 632 # } 633 # 634 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 635 # foo@gmail.com from DATA_READ logging. 636 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 637 # permission. 638 # Follows the same format of Binding.members. 639 "A String", 640 ], 641 "logType": "A String", # The log type that this config enables. 642 }, 643 ], 644 "service": "A String", # Specifies a service that will be enabled for audit logging. 645 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 646 # `allServices` is a special value that covers all services. 647 }, 648 ], 649 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 650 # prevent simultaneous updates of a policy from overwriting each other. 651 # It is strongly suggested that systems make use of the `etag` in the 652 # read-modify-write cycle to perform policy updates in order to avoid race 653 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 654 # systems are expected to put that etag in the request to `setIamPolicy` to 655 # ensure that their change will be applied to the same version of the policy. 656 # 657 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 658 # policy is overwritten blindly. 659 "version": 42, # Deprecated. 660 }, 661 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 662 # the fields in the mask will be modified. If no mask is provided, the 663 # following default mask is used: 664 # paths: "bindings, etag" 665 # This field is only used by Cloud IAM. 666 } 667 668 x__xgafv: string, V1 error format. 669 Allowed values 670 1 - v1 error format 671 2 - v2 error format 672 673Returns: 674 An object of the form: 675 676 { # Defines an Identity and Access Management (IAM) policy. It is used to 677 # specify access control policies for Cloud Platform resources. 678 # 679 # 680 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 681 # `members` to a `role`, where the members can be user accounts, Google groups, 682 # Google domains, and service accounts. A `role` is a named list of permissions 683 # defined by IAM. 684 # 685 # **JSON Example** 686 # 687 # { 688 # "bindings": [ 689 # { 690 # "role": "roles/owner", 691 # "members": [ 692 # "user:mike@example.com", 693 # "group:admins@example.com", 694 # "domain:google.com", 695 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 696 # ] 697 # }, 698 # { 699 # "role": "roles/viewer", 700 # "members": ["user:sean@example.com"] 701 # } 702 # ] 703 # } 704 # 705 # **YAML Example** 706 # 707 # bindings: 708 # - members: 709 # - user:mike@example.com 710 # - group:admins@example.com 711 # - domain:google.com 712 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 713 # role: roles/owner 714 # - members: 715 # - user:sean@example.com 716 # role: roles/viewer 717 # 718 # 719 # For a description of IAM and its features, see the 720 # [IAM developer's guide](https://cloud.google.com/iam/docs). 721 "bindings": [ # Associates a list of `members` to a `role`. 722 # `bindings` with no members will result in an error. 723 { # Associates `members` with a `role`. 724 "role": "A String", # Role that is assigned to `members`. 725 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 726 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 727 # NOTE: An unsatisfied condition will not allow user access via current 728 # binding. Different bindings, including their conditions, are examined 729 # independently. 730 # 731 # title: "User account presence" 732 # description: "Determines whether the request has a user account" 733 # expression: "size(request.user) > 0" 734 "description": "A String", # An optional description of the expression. This is a longer text which 735 # describes the expression, e.g. when hovered over it in a UI. 736 "expression": "A String", # Textual representation of an expression in 737 # Common Expression Language syntax. 738 # 739 # The application context of the containing message determines which 740 # well-known feature set of CEL is supported. 741 "location": "A String", # An optional string indicating the location of the expression for error 742 # reporting, e.g. a file name and a position in the file. 743 "title": "A String", # An optional title for the expression, i.e. a short string describing 744 # its purpose. This can be used e.g. in UIs which allow to enter the 745 # expression. 746 }, 747 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 748 # `members` can have the following values: 749 # 750 # * `allUsers`: A special identifier that represents anyone who is 751 # on the internet; with or without a Google account. 752 # 753 # * `allAuthenticatedUsers`: A special identifier that represents anyone 754 # who is authenticated with a Google account or a service account. 755 # 756 # * `user:{emailid}`: An email address that represents a specific Google 757 # account. For example, `alice@gmail.com` . 758 # 759 # 760 # * `serviceAccount:{emailid}`: An email address that represents a service 761 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 762 # 763 # * `group:{emailid}`: An email address that represents a Google group. 764 # For example, `admins@example.com`. 765 # 766 # 767 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 768 # users of that domain. For example, `google.com` or `example.com`. 769 # 770 "A String", 771 ], 772 }, 773 ], 774 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 775 { # Specifies the audit configuration for a service. 776 # The configuration determines which permission types are logged, and what 777 # identities, if any, are exempted from logging. 778 # An AuditConfig must have one or more AuditLogConfigs. 779 # 780 # If there are AuditConfigs for both `allServices` and a specific service, 781 # the union of the two AuditConfigs is used for that service: the log_types 782 # specified in each AuditConfig are enabled, and the exempted_members in each 783 # AuditLogConfig are exempted. 784 # 785 # Example Policy with multiple AuditConfigs: 786 # 787 # { 788 # "audit_configs": [ 789 # { 790 # "service": "allServices" 791 # "audit_log_configs": [ 792 # { 793 # "log_type": "DATA_READ", 794 # "exempted_members": [ 795 # "user:foo@gmail.com" 796 # ] 797 # }, 798 # { 799 # "log_type": "DATA_WRITE", 800 # }, 801 # { 802 # "log_type": "ADMIN_READ", 803 # } 804 # ] 805 # }, 806 # { 807 # "service": "fooservice.googleapis.com" 808 # "audit_log_configs": [ 809 # { 810 # "log_type": "DATA_READ", 811 # }, 812 # { 813 # "log_type": "DATA_WRITE", 814 # "exempted_members": [ 815 # "user:bar@gmail.com" 816 # ] 817 # } 818 # ] 819 # } 820 # ] 821 # } 822 # 823 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 824 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 825 # bar@gmail.com from DATA_WRITE logging. 826 "auditLogConfigs": [ # The configuration for logging of each type of permission. 827 { # Provides the configuration for logging a type of permissions. 828 # Example: 829 # 830 # { 831 # "audit_log_configs": [ 832 # { 833 # "log_type": "DATA_READ", 834 # "exempted_members": [ 835 # "user:foo@gmail.com" 836 # ] 837 # }, 838 # { 839 # "log_type": "DATA_WRITE", 840 # } 841 # ] 842 # } 843 # 844 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 845 # foo@gmail.com from DATA_READ logging. 846 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 847 # permission. 848 # Follows the same format of Binding.members. 849 "A String", 850 ], 851 "logType": "A String", # The log type that this config enables. 852 }, 853 ], 854 "service": "A String", # Specifies a service that will be enabled for audit logging. 855 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 856 # `allServices` is a special value that covers all services. 857 }, 858 ], 859 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 860 # prevent simultaneous updates of a policy from overwriting each other. 861 # It is strongly suggested that systems make use of the `etag` in the 862 # read-modify-write cycle to perform policy updates in order to avoid race 863 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 864 # systems are expected to put that etag in the request to `setIamPolicy` to 865 # ensure that their change will be applied to the same version of the policy. 866 # 867 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 868 # policy is overwritten blindly. 869 "version": 42, # Deprecated. 870 }</pre> 871</div> 872 873<div class="method"> 874 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 875 <pre>Returns permissions that a caller has on the specified Organization. 876The `resource` field should be the organization's resource name, 877e.g. "organizations/123". 878 879Args: 880 resource: string, REQUIRED: The resource for which the policy detail is being requested. 881See the operation documentation for the appropriate value for this field. (required) 882 body: object, The request body. (required) 883 The object takes the form of: 884 885{ # Request message for `TestIamPermissions` method. 886 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 887 # wildcards (such as '*' or 'storage.*') are not allowed. For more 888 # information see 889 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 890 "A String", 891 ], 892 } 893 894 x__xgafv: string, V1 error format. 895 Allowed values 896 1 - v1 error format 897 2 - v2 error format 898 899Returns: 900 An object of the form: 901 902 { # Response message for `TestIamPermissions` method. 903 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 904 # allowed. 905 "A String", 906 ], 907 }</pre> 908</div> 909 910<div class="method"> 911 <code class="details" id="update">update(name, body, x__xgafv=None)</code> 912 <pre>Updates an Organization resource identified by the specified resource name. 913 914Args: 915 name: string, Output Only. The resource name of the organization. This is the 916organization's relative path in the API. Its format is 917"organizations/[organization_id]". For example, "organizations/1234". (required) 918 body: object, The request body. (required) 919 The object takes the form of: 920 921{ # The root node in the resource hierarchy to which a particular entity's 922 # (e.g., company) resources belong. 923 "displayName": "A String", # A human-readable string that refers to the Organization in the 924 # GCP Console UI. This string is set by the server and cannot be 925 # changed. The string will be set to the primary domain (for example, 926 # "google.com") of the G Suite customer that owns the organization. 927 # @OutputOnly 928 "name": "A String", # Output Only. The resource name of the organization. This is the 929 # organization's relative path in the API. Its format is 930 # "organizations/[organization_id]". For example, "organizations/1234". 931 "organizationId": "A String", # An immutable id for the Organization that is assigned on creation. This 932 # should be omitted when creating a new Organization. 933 # This field is read-only. 934 "creationTime": "A String", # Timestamp when the Organization was created. Assigned by the server. 935 # @OutputOnly 936 "lifecycleState": "A String", # The organization's current lifecycle state. Assigned by the server. 937 # @OutputOnly 938 "owner": { # The entity that owns an Organization. The lifetime of the Organization and # The owner of this Organization. The owner should be specified on 939 # creation. Once set, it cannot be changed. 940 # This field is required. 941 # all of its descendants are bound to the `OrganizationOwner`. If the 942 # `OrganizationOwner` is deleted, the Organization and all its descendants will 943 # be deleted. 944 "directoryCustomerId": "A String", # The G Suite customer id used in the Directory API. 945 }, 946} 947 948 x__xgafv: string, V1 error format. 949 Allowed values 950 1 - v1 error format 951 2 - v2 error format 952 953Returns: 954 An object of the form: 955 956 { # The root node in the resource hierarchy to which a particular entity's 957 # (e.g., company) resources belong. 958 "displayName": "A String", # A human-readable string that refers to the Organization in the 959 # GCP Console UI. This string is set by the server and cannot be 960 # changed. The string will be set to the primary domain (for example, 961 # "google.com") of the G Suite customer that owns the organization. 962 # @OutputOnly 963 "name": "A String", # Output Only. The resource name of the organization. This is the 964 # organization's relative path in the API. Its format is 965 # "organizations/[organization_id]". For example, "organizations/1234". 966 "organizationId": "A String", # An immutable id for the Organization that is assigned on creation. This 967 # should be omitted when creating a new Organization. 968 # This field is read-only. 969 "creationTime": "A String", # Timestamp when the Organization was created. Assigned by the server. 970 # @OutputOnly 971 "lifecycleState": "A String", # The organization's current lifecycle state. Assigned by the server. 972 # @OutputOnly 973 "owner": { # The entity that owns an Organization. The lifetime of the Organization and # The owner of this Organization. The owner should be specified on 974 # creation. Once set, it cannot be changed. 975 # This field is required. 976 # all of its descendants are bound to the `OrganizationOwner`. If the 977 # `OrganizationOwner` is deleted, the Organization and all its descendants will 978 # be deleted. 979 "directoryCustomerId": "A String", # The G Suite customer id used in the Directory API. 980 }, 981 }</pre> 982</div> 983 984</body></html>