1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="healthcare_v1beta1.html">Cloud Healthcare API</a> . <a href="healthcare_v1beta1.projects.html">projects</a> . <a href="healthcare_v1beta1.projects.locations.html">locations</a> . <a href="healthcare_v1beta1.projects.locations.datasets.html">datasets</a> . <a href="healthcare_v1beta1.projects.locations.datasets.fhirStores.html">fhirStores</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="healthcare_v1beta1.projects.locations.datasets.fhirStores.fhir.html">fhir()</a></code> 79</p> 80<p class="firstline">Returns the fhir Resource.</p> 81 82<p class="toc_element"> 83 <code><a href="#create">create(parent, body, fhirStoreId=None, x__xgafv=None)</a></code></p> 84<p class="firstline">Creates a new FHIR store within the parent dataset.</p> 85<p class="toc_element"> 86 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> 87<p class="firstline">Deletes the specified FHIR store and removes all resources within it.</p> 88<p class="toc_element"> 89 <code><a href="#export">export(name, body, x__xgafv=None)</a></code></p> 90<p class="firstline">Export resources from the FHIR store to the specified destination.</p> 91<p class="toc_element"> 92 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 93<p class="firstline">Gets the configuration of the specified FHIR store.</p> 94<p class="toc_element"> 95 <code><a href="#getIamPolicy">getIamPolicy(resource, x__xgafv=None)</a></code></p> 96<p class="firstline">Gets the access control policy for a resource.</p> 97<p class="toc_element"> 98 <code><a href="#import_">import_(name, body, x__xgafv=None)</a></code></p> 99<p class="firstline">Import resources to the FHIR store by loading data from the specified</p> 100<p class="toc_element"> 101 <code><a href="#list">list(parent, pageToken=None, x__xgafv=None, pageSize=None, filter=None)</a></code></p> 102<p class="firstline">Lists the FHIR stores in the given dataset.</p> 103<p class="toc_element"> 104 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 105<p class="firstline">Retrieves the next page of results.</p> 106<p class="toc_element"> 107 <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p> 108<p class="firstline">Updates the configuration of the specified FHIR store.</p> 109<p class="toc_element"> 110 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 111<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p> 112<p class="toc_element"> 113 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 114<p class="firstline">Returns permissions that a caller has on the specified resource.</p> 115<h3>Method Details</h3> 116<div class="method"> 117 <code class="details" id="create">create(parent, body, fhirStoreId=None, x__xgafv=None)</code> 118 <pre>Creates a new FHIR store within the parent dataset. 119 120Args: 121 parent: string, The name of the dataset this FHIR store belongs to. (required) 122 body: object, The request body. (required) 123 The object takes the form of: 124 125{ # Represents a FHIR store. 126 "enableHistoryImport": True or False, # Whether to allow the bulk import API to accept history bundles and directly 127 # insert historical resource versions into the FHIR store. Importing resource 128 # histories creates resource interactions that appear to have occurred in the 129 # past, which clients may not want to allow. If set to false, history bundles 130 # within an import will fail with an error. 131 "name": "A String", # Output only. Resource name of the FHIR store, of the form 132 # `projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. 133 "labels": { # User-supplied key-value pairs used to organize FHIR stores. 134 # 135 # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding 136 # of maximum 128 bytes, and must conform to the 137 # following PCRE regular expression: 138 # \p{Ll}\p{Lo}{0,62} 139 # 140 # Label values are optional, must be between 1 and 63 characters long, have 141 # a UTF-8 encoding of maximum 128 bytes, and must conform to the 142 # following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} 143 # 144 # No more than 64 labels can be associated with a given store. 145 "a_key": "A String", 146 }, 147 "enableUpdateCreate": True or False, # Whether this FHIR store has the [updateCreate 148 # capability](https://www.hl7.org/fhir/capabilitystatement-definitions.html#CapabilityStatement.rest.resource.updateCreate). 149 # This determines if the client can use an Update operation to create a new 150 # resource with a client-specified ID. If false, all IDs are server-assigned 151 # through the Create operation and attempts to Update a non-existent resource 152 # will return errors. Please treat the audit logs with appropriate levels of 153 # care if client-specified resource IDs contain sensitive data such as 154 # patient identifiers, those IDs will be part of the FHIR resource path 155 # recorded in Cloud audit logs and Cloud Pub/Sub notifications. 156 "notificationConfig": { # Specifies where notifications should be sent upon changes to a data store. # If non-empty, publish all resource modifications of this FHIR store to 157 # this destination. The Cloud Pub/Sub message attributes will contain a map 158 # with a string describing the action that has triggered the notification, 159 # e.g. "action":"CreateResource". 160 "pubsubTopic": "A String", # The [Cloud Pub/Sub](https://cloud.google.com/pubsub/docs/) topic that 161 # notifications of changes are published on. Supplied by the client. 162 # PubsubMessage.Data will contain the resource name. 163 # PubsubMessage.MessageId is the ID of this message. It is guaranteed to be 164 # unique within the topic. 165 # PubsubMessage.PublishTime is the time at which the message was published. 166 # Notifications are only sent if the topic is 167 # non-empty. [Topic 168 # names](https://cloud.google.com/pubsub/docs/overview#names) must be scoped 169 # to a project. cloud-healthcare@system.gserviceaccount.com must have 170 # publisher permissions on the given Cloud Pub/Sub topic. Not having adequate 171 # permissions will cause the calls that send notifications to fail. 172 }, 173 "disableReferentialIntegrity": True or False, # Whether to disable referential integrity in this FHIR store. This field is 174 # immutable after FHIR store creation. 175 # The default value is false, meaning that the API will enforce referential 176 # integrity and fail the requests that will result in inconsistent state in 177 # the FHIR store. 178 # When this field is set to true, the API will skip referential integrity 179 # check. Consequently, operations that rely on references, such as 180 # GetPatientEverything, will not return all the results if broken references 181 # exist. 182 "disableResourceVersioning": True or False, # Whether to disable resource versioning for this FHIR store. This field can 183 # not be changed after the creation of FHIR store. 184 # If set to false, which is the default behavior, all write operations will 185 # cause historical versions to be recorded automatically. The historical 186 # versions can be fetched through the history APIs, but cannot be updated. 187 # If set to true, no historical versions will be kept. The server will send 188 # back errors for attempts to read the historical versions. 189} 190 191 fhirStoreId: string, The ID of the FHIR store that is being created. 192The string must match the following regex: `[\p{L}\p{N}_\-\.]{1,256}`. 193 x__xgafv: string, V1 error format. 194 Allowed values 195 1 - v1 error format 196 2 - v2 error format 197 198Returns: 199 An object of the form: 200 201 { # Represents a FHIR store. 202 "enableHistoryImport": True or False, # Whether to allow the bulk import API to accept history bundles and directly 203 # insert historical resource versions into the FHIR store. Importing resource 204 # histories creates resource interactions that appear to have occurred in the 205 # past, which clients may not want to allow. If set to false, history bundles 206 # within an import will fail with an error. 207 "name": "A String", # Output only. Resource name of the FHIR store, of the form 208 # `projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. 209 "labels": { # User-supplied key-value pairs used to organize FHIR stores. 210 # 211 # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding 212 # of maximum 128 bytes, and must conform to the 213 # following PCRE regular expression: 214 # \p{Ll}\p{Lo}{0,62} 215 # 216 # Label values are optional, must be between 1 and 63 characters long, have 217 # a UTF-8 encoding of maximum 128 bytes, and must conform to the 218 # following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} 219 # 220 # No more than 64 labels can be associated with a given store. 221 "a_key": "A String", 222 }, 223 "enableUpdateCreate": True or False, # Whether this FHIR store has the [updateCreate 224 # capability](https://www.hl7.org/fhir/capabilitystatement-definitions.html#CapabilityStatement.rest.resource.updateCreate). 225 # This determines if the client can use an Update operation to create a new 226 # resource with a client-specified ID. If false, all IDs are server-assigned 227 # through the Create operation and attempts to Update a non-existent resource 228 # will return errors. Please treat the audit logs with appropriate levels of 229 # care if client-specified resource IDs contain sensitive data such as 230 # patient identifiers, those IDs will be part of the FHIR resource path 231 # recorded in Cloud audit logs and Cloud Pub/Sub notifications. 232 "notificationConfig": { # Specifies where notifications should be sent upon changes to a data store. # If non-empty, publish all resource modifications of this FHIR store to 233 # this destination. The Cloud Pub/Sub message attributes will contain a map 234 # with a string describing the action that has triggered the notification, 235 # e.g. "action":"CreateResource". 236 "pubsubTopic": "A String", # The [Cloud Pub/Sub](https://cloud.google.com/pubsub/docs/) topic that 237 # notifications of changes are published on. Supplied by the client. 238 # PubsubMessage.Data will contain the resource name. 239 # PubsubMessage.MessageId is the ID of this message. It is guaranteed to be 240 # unique within the topic. 241 # PubsubMessage.PublishTime is the time at which the message was published. 242 # Notifications are only sent if the topic is 243 # non-empty. [Topic 244 # names](https://cloud.google.com/pubsub/docs/overview#names) must be scoped 245 # to a project. cloud-healthcare@system.gserviceaccount.com must have 246 # publisher permissions on the given Cloud Pub/Sub topic. Not having adequate 247 # permissions will cause the calls that send notifications to fail. 248 }, 249 "disableReferentialIntegrity": True or False, # Whether to disable referential integrity in this FHIR store. This field is 250 # immutable after FHIR store creation. 251 # The default value is false, meaning that the API will enforce referential 252 # integrity and fail the requests that will result in inconsistent state in 253 # the FHIR store. 254 # When this field is set to true, the API will skip referential integrity 255 # check. Consequently, operations that rely on references, such as 256 # GetPatientEverything, will not return all the results if broken references 257 # exist. 258 "disableResourceVersioning": True or False, # Whether to disable resource versioning for this FHIR store. This field can 259 # not be changed after the creation of FHIR store. 260 # If set to false, which is the default behavior, all write operations will 261 # cause historical versions to be recorded automatically. The historical 262 # versions can be fetched through the history APIs, but cannot be updated. 263 # If set to true, no historical versions will be kept. The server will send 264 # back errors for attempts to read the historical versions. 265 }</pre> 266</div> 267 268<div class="method"> 269 <code class="details" id="delete">delete(name, x__xgafv=None)</code> 270 <pre>Deletes the specified FHIR store and removes all resources within it. 271 272Args: 273 name: string, The resource name of the FHIR store to delete. (required) 274 x__xgafv: string, V1 error format. 275 Allowed values 276 1 - v1 error format 277 2 - v2 error format 278 279Returns: 280 An object of the form: 281 282 { # A generic empty message that you can re-use to avoid defining duplicated 283 # empty messages in your APIs. A typical example is to use it as the request 284 # or the response type of an API method. For instance: 285 # 286 # service Foo { 287 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 288 # } 289 # 290 # The JSON representation for `Empty` is empty JSON object `{}`. 291 }</pre> 292</div> 293 294<div class="method"> 295 <code class="details" id="export">export(name, body, x__xgafv=None)</code> 296 <pre>Export resources from the FHIR store to the specified destination. 297 298This method returns an Operation that can 299be used to track the status of the export by calling 300GetOperation. 301 302Immediate fatal errors appear in the 303error field. 304Otherwise, when the operation finishes, a detailed response of type 305ExportResourcesResponse is returned in the 306response field. 307The metadata field type for this 308operation is OperationMetadata. 309 310Args: 311 name: string, The name of the FHIR store to export resource from. The name should be in 312the format of 313`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. (required) 314 body: object, The request body. (required) 315 The object takes the form of: 316 317{ # Request to export resources. 318 "bigqueryDestination": { # The configuration for exporting to BigQuery. # The BigQuery output destination. 319 # 320 # The BigQuery location requires two IAM roles: 321 # `roles/bigquery.dataEditor` and `roles/bigquery.jobUser`. 322 # 323 # The output will be one BigQuery table per resource type. 324 "datasetUri": "A String", # BigQuery URI to a dataset, up to 2000 characters long, in the format 325 # `bq://projectId.bqDatasetId` 326 "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server # The configuration for the exported BigQuery schema. 327 # generates the schema. 328 "schemaType": "A String", # Specifies the output schema type. If unspecified, the default is 329 # `LOSSLESS`. 330 "recursiveStructureDepth": "A String", # The depth for all recursive structures in the output analytics 331 # schema. For example, `concept` in the CodeSystem resource is a recursive 332 # structure; when the depth is 2, the CodeSystem table will have a column 333 # called `concept.concept` but not `concept.concept.concept`. If not 334 # specified or set to 0, the server will use the default value 2. 335 }, 336 }, 337 "gcsDestination": { # The configuration for exporting to Cloud Storage. # The Cloud Storage output destination. 338 # 339 # The Cloud Storage location requires the `roles/storage.objectAdmin` Cloud 340 # IAM role. 341 # 342 # The exported outputs are 343 # organized by FHIR resource types. The server will create one object per 344 # resource type. Each object contains newline delimited JSON, and each line 345 # is a FHIR resource. 346 "uriPrefix": "A String", # URI for a Cloud Storage directory where result files should be written (in 347 # the format `gs://{bucket-id}/{path/to/destination/dir}`). If there is no 348 # trailing slash, the service will append one when composing the object path. 349 # The user is responsible for creating the Cloud Storage bucket referenced in 350 # `uri_prefix`. 351 }, 352 } 353 354 x__xgafv: string, V1 error format. 355 Allowed values 356 1 - v1 error format 357 2 - v2 error format 358 359Returns: 360 An object of the form: 361 362 { # This resource represents a long-running operation that is the result of a 363 # network API call. 364 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 365 # different programming environments, including REST APIs and RPC APIs. It is 366 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 367 # three pieces of data: error code, error message, and error details. 368 # 369 # You can find out more about this error model and how to work with it in the 370 # [API Design Guide](https://cloud.google.com/apis/design/errors). 371 "message": "A String", # A developer-facing error message, which should be in English. Any 372 # user-facing error message should be localized and sent in the 373 # google.rpc.Status.details field, or localized by the client. 374 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 375 "details": [ # A list of messages that carry the error details. There is a common set of 376 # message types for APIs to use. 377 { 378 "a_key": "", # Properties of the object. Contains field @type with type URL. 379 }, 380 ], 381 }, 382 "done": True or False, # If the value is `false`, it means the operation is still in progress. 383 # If `true`, the operation is completed, and either `error` or `response` is 384 # available. 385 "response": { # The normal response of the operation in case of success. If the original 386 # method returns no data on success, such as `Delete`, the response is 387 # `google.protobuf.Empty`. If the original method is standard 388 # `Get`/`Create`/`Update`, the response should be the resource. For other 389 # methods, the response should have the type `XxxResponse`, where `Xxx` 390 # is the original method name. For example, if the original method name 391 # is `TakeSnapshot()`, the inferred response type is 392 # `TakeSnapshotResponse`. 393 "a_key": "", # Properties of the object. Contains field @type with type URL. 394 }, 395 "name": "A String", # The server-assigned name, which is only unique within the same service that 396 # originally returns it. If you use the default HTTP mapping, the 397 # `name` should be a resource name ending with `operations/{unique_id}`. 398 "metadata": { # Service-specific metadata associated with the operation. It typically 399 # contains progress information and common metadata such as create time. 400 # Some services might not provide such metadata. Any method that returns a 401 # long-running operation should document the metadata type, if any. 402 "a_key": "", # Properties of the object. Contains field @type with type URL. 403 }, 404 }</pre> 405</div> 406 407<div class="method"> 408 <code class="details" id="get">get(name, x__xgafv=None)</code> 409 <pre>Gets the configuration of the specified FHIR store. 410 411Args: 412 name: string, The resource name of the FHIR store to get. (required) 413 x__xgafv: string, V1 error format. 414 Allowed values 415 1 - v1 error format 416 2 - v2 error format 417 418Returns: 419 An object of the form: 420 421 { # Represents a FHIR store. 422 "enableHistoryImport": True or False, # Whether to allow the bulk import API to accept history bundles and directly 423 # insert historical resource versions into the FHIR store. Importing resource 424 # histories creates resource interactions that appear to have occurred in the 425 # past, which clients may not want to allow. If set to false, history bundles 426 # within an import will fail with an error. 427 "name": "A String", # Output only. Resource name of the FHIR store, of the form 428 # `projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. 429 "labels": { # User-supplied key-value pairs used to organize FHIR stores. 430 # 431 # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding 432 # of maximum 128 bytes, and must conform to the 433 # following PCRE regular expression: 434 # \p{Ll}\p{Lo}{0,62} 435 # 436 # Label values are optional, must be between 1 and 63 characters long, have 437 # a UTF-8 encoding of maximum 128 bytes, and must conform to the 438 # following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} 439 # 440 # No more than 64 labels can be associated with a given store. 441 "a_key": "A String", 442 }, 443 "enableUpdateCreate": True or False, # Whether this FHIR store has the [updateCreate 444 # capability](https://www.hl7.org/fhir/capabilitystatement-definitions.html#CapabilityStatement.rest.resource.updateCreate). 445 # This determines if the client can use an Update operation to create a new 446 # resource with a client-specified ID. If false, all IDs are server-assigned 447 # through the Create operation and attempts to Update a non-existent resource 448 # will return errors. Please treat the audit logs with appropriate levels of 449 # care if client-specified resource IDs contain sensitive data such as 450 # patient identifiers, those IDs will be part of the FHIR resource path 451 # recorded in Cloud audit logs and Cloud Pub/Sub notifications. 452 "notificationConfig": { # Specifies where notifications should be sent upon changes to a data store. # If non-empty, publish all resource modifications of this FHIR store to 453 # this destination. The Cloud Pub/Sub message attributes will contain a map 454 # with a string describing the action that has triggered the notification, 455 # e.g. "action":"CreateResource". 456 "pubsubTopic": "A String", # The [Cloud Pub/Sub](https://cloud.google.com/pubsub/docs/) topic that 457 # notifications of changes are published on. Supplied by the client. 458 # PubsubMessage.Data will contain the resource name. 459 # PubsubMessage.MessageId is the ID of this message. It is guaranteed to be 460 # unique within the topic. 461 # PubsubMessage.PublishTime is the time at which the message was published. 462 # Notifications are only sent if the topic is 463 # non-empty. [Topic 464 # names](https://cloud.google.com/pubsub/docs/overview#names) must be scoped 465 # to a project. cloud-healthcare@system.gserviceaccount.com must have 466 # publisher permissions on the given Cloud Pub/Sub topic. Not having adequate 467 # permissions will cause the calls that send notifications to fail. 468 }, 469 "disableReferentialIntegrity": True or False, # Whether to disable referential integrity in this FHIR store. This field is 470 # immutable after FHIR store creation. 471 # The default value is false, meaning that the API will enforce referential 472 # integrity and fail the requests that will result in inconsistent state in 473 # the FHIR store. 474 # When this field is set to true, the API will skip referential integrity 475 # check. Consequently, operations that rely on references, such as 476 # GetPatientEverything, will not return all the results if broken references 477 # exist. 478 "disableResourceVersioning": True or False, # Whether to disable resource versioning for this FHIR store. This field can 479 # not be changed after the creation of FHIR store. 480 # If set to false, which is the default behavior, all write operations will 481 # cause historical versions to be recorded automatically. The historical 482 # versions can be fetched through the history APIs, but cannot be updated. 483 # If set to true, no historical versions will be kept. The server will send 484 # back errors for attempts to read the historical versions. 485 }</pre> 486</div> 487 488<div class="method"> 489 <code class="details" id="getIamPolicy">getIamPolicy(resource, x__xgafv=None)</code> 490 <pre>Gets the access control policy for a resource. 491Returns an empty policy if the resource exists and does not have a policy 492set. 493 494Args: 495 resource: string, REQUIRED: The resource for which the policy is being requested. 496See the operation documentation for the appropriate value for this field. (required) 497 x__xgafv: string, V1 error format. 498 Allowed values 499 1 - v1 error format 500 2 - v2 error format 501 502Returns: 503 An object of the form: 504 505 { # Defines an Identity and Access Management (IAM) policy. It is used to 506 # specify access control policies for Cloud Platform resources. 507 # 508 # 509 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 510 # `members` to a `role`, where the members can be user accounts, Google groups, 511 # Google domains, and service accounts. A `role` is a named list of permissions 512 # defined by IAM. 513 # 514 # **JSON Example** 515 # 516 # { 517 # "bindings": [ 518 # { 519 # "role": "roles/owner", 520 # "members": [ 521 # "user:mike@example.com", 522 # "group:admins@example.com", 523 # "domain:google.com", 524 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 525 # ] 526 # }, 527 # { 528 # "role": "roles/viewer", 529 # "members": ["user:sean@example.com"] 530 # } 531 # ] 532 # } 533 # 534 # **YAML Example** 535 # 536 # bindings: 537 # - members: 538 # - user:mike@example.com 539 # - group:admins@example.com 540 # - domain:google.com 541 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 542 # role: roles/owner 543 # - members: 544 # - user:sean@example.com 545 # role: roles/viewer 546 # 547 # 548 # For a description of IAM and its features, see the 549 # [IAM developer's guide](https://cloud.google.com/iam/docs). 550 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 551 { # Specifies the audit configuration for a service. 552 # The configuration determines which permission types are logged, and what 553 # identities, if any, are exempted from logging. 554 # An AuditConfig must have one or more AuditLogConfigs. 555 # 556 # If there are AuditConfigs for both `allServices` and a specific service, 557 # the union of the two AuditConfigs is used for that service: the log_types 558 # specified in each AuditConfig are enabled, and the exempted_members in each 559 # AuditLogConfig are exempted. 560 # 561 # Example Policy with multiple AuditConfigs: 562 # 563 # { 564 # "audit_configs": [ 565 # { 566 # "service": "allServices" 567 # "audit_log_configs": [ 568 # { 569 # "log_type": "DATA_READ", 570 # "exempted_members": [ 571 # "user:foo@gmail.com" 572 # ] 573 # }, 574 # { 575 # "log_type": "DATA_WRITE", 576 # }, 577 # { 578 # "log_type": "ADMIN_READ", 579 # } 580 # ] 581 # }, 582 # { 583 # "service": "fooservice.googleapis.com" 584 # "audit_log_configs": [ 585 # { 586 # "log_type": "DATA_READ", 587 # }, 588 # { 589 # "log_type": "DATA_WRITE", 590 # "exempted_members": [ 591 # "user:bar@gmail.com" 592 # ] 593 # } 594 # ] 595 # } 596 # ] 597 # } 598 # 599 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 600 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 601 # bar@gmail.com from DATA_WRITE logging. 602 "auditLogConfigs": [ # The configuration for logging of each type of permission. 603 { # Provides the configuration for logging a type of permissions. 604 # Example: 605 # 606 # { 607 # "audit_log_configs": [ 608 # { 609 # "log_type": "DATA_READ", 610 # "exempted_members": [ 611 # "user:foo@gmail.com" 612 # ] 613 # }, 614 # { 615 # "log_type": "DATA_WRITE", 616 # } 617 # ] 618 # } 619 # 620 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 621 # foo@gmail.com from DATA_READ logging. 622 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 623 # permission. 624 # Follows the same format of Binding.members. 625 "A String", 626 ], 627 "logType": "A String", # The log type that this config enables. 628 }, 629 ], 630 "service": "A String", # Specifies a service that will be enabled for audit logging. 631 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 632 # `allServices` is a special value that covers all services. 633 }, 634 ], 635 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 636 # prevent simultaneous updates of a policy from overwriting each other. 637 # It is strongly suggested that systems make use of the `etag` in the 638 # read-modify-write cycle to perform policy updates in order to avoid race 639 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 640 # systems are expected to put that etag in the request to `setIamPolicy` to 641 # ensure that their change will be applied to the same version of the policy. 642 # 643 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 644 # policy is overwritten blindly. 645 "bindings": [ # Associates a list of `members` to a `role`. 646 # `bindings` with no members will result in an error. 647 { # Associates `members` with a `role`. 648 "role": "A String", # Role that is assigned to `members`. 649 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 650 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 651 # `members` can have the following values: 652 # 653 # * `allUsers`: A special identifier that represents anyone who is 654 # on the internet; with or without a Google account. 655 # 656 # * `allAuthenticatedUsers`: A special identifier that represents anyone 657 # who is authenticated with a Google account or a service account. 658 # 659 # * `user:{emailid}`: An email address that represents a specific Google 660 # account. For example, `alice@gmail.com` . 661 # 662 # 663 # * `serviceAccount:{emailid}`: An email address that represents a service 664 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 665 # 666 # * `group:{emailid}`: An email address that represents a Google group. 667 # For example, `admins@example.com`. 668 # 669 # 670 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 671 # users of that domain. For example, `google.com` or `example.com`. 672 # 673 "A String", 674 ], 675 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 676 # NOTE: An unsatisfied condition will not allow user access via current 677 # binding. Different bindings, including their conditions, are examined 678 # independently. 679 # 680 # title: "User account presence" 681 # description: "Determines whether the request has a user account" 682 # expression: "size(request.user) > 0" 683 "location": "A String", # An optional string indicating the location of the expression for error 684 # reporting, e.g. a file name and a position in the file. 685 "expression": "A String", # Textual representation of an expression in 686 # Common Expression Language syntax. 687 # 688 # The application context of the containing message determines which 689 # well-known feature set of CEL is supported. 690 "description": "A String", # An optional description of the expression. This is a longer text which 691 # describes the expression, e.g. when hovered over it in a UI. 692 "title": "A String", # An optional title for the expression, i.e. a short string describing 693 # its purpose. This can be used e.g. in UIs which allow to enter the 694 # expression. 695 }, 696 }, 697 ], 698 "version": 42, # Deprecated. 699 }</pre> 700</div> 701 702<div class="method"> 703 <code class="details" id="import_">import_(name, body, x__xgafv=None)</code> 704 <pre>Import resources to the FHIR store by loading data from the specified 705sources. Each resource must have a client-supplied ID, which is retained 706by the server. 707 708The import operation is idempotent. Upon retry, the most recent data 709(matching the client-supplied ID) is overwritten, without creating a new 710resource version. If partial failures occur during the import, successful 711changes are not rolled back. 712 713If history imports are enabled 714(enable_history_import is set in the 715FHIR store's configuration), you can import historical versions of a 716resource by supplying a bundle of type `history`. The historical versions 717in the bundle must have `lastUpdated` timestamps. If a current or 718historical version with the supplied resource ID already exists, the 719bundle is rejected. 720 721This method returns an Operation that can 722be used to track the status of the import by calling 723GetOperation. 724 725Immediate fatal errors appear in the 726error field. 727Otherwise, when the operation finishes, a detailed response of type 728ImportResourcesResponse is returned in the 729response field. 730The metadata field type for this 731operation is OperationMetadata. 732 733Args: 734 name: string, The name of the FHIR store to import FHIR resources to. The name should be 735in the format of 736`projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. (required) 737 body: object, The request body. (required) 738 The object takes the form of: 739 740{ # Request to import resources. 741 "contentStructure": "A String", # The content structure in the source location. If not specified, the server 742 # treats the input source files as BUNDLE. 743 "gcsSource": { # Specifies the configuration for importing data from Cloud Storage. # Cloud Storage source data location and import configuration. 744 # 745 # The Cloud Storage location requires the `roles/storage.objectViewer` 746 # Cloud IAM role. 747 # 748 # Each Cloud Storage object should be a text file that contains the format 749 # specified in ContentStructure. 750 "uri": "A String", # Points to a Cloud Storage URI containing file(s) to import. 751 # 752 # The URI must be in the following format: `gs://{bucket_id}/{object_id}`. 753 # The URI can include wildcards in `object_id` and thus identify multiple 754 # files. Supported wildcards: 755 # 756 # * `*` to match 0 or more non-separator characters 757 # * `**` to match 0 or more characters (including separators). Must be used 758 # at the end of a path and with no other wildcards in the 759 # path. Can also be used with a file extension (such as .ndjson), which 760 # imports all files with the extension in the specified directory and 761 # its sub-directories. For example, `gs://my-bucket/my-directory/**.ndjson` 762 # imports all files with `.ndjson` extensions in `my-directory/` and its 763 # sub-directories. 764 # * `?` to match 1 character 765 # 766 # Files matching the wildcard are expected to contain content only, no 767 # metadata. 768 }, 769 } 770 771 x__xgafv: string, V1 error format. 772 Allowed values 773 1 - v1 error format 774 2 - v2 error format 775 776Returns: 777 An object of the form: 778 779 { # This resource represents a long-running operation that is the result of a 780 # network API call. 781 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 782 # different programming environments, including REST APIs and RPC APIs. It is 783 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 784 # three pieces of data: error code, error message, and error details. 785 # 786 # You can find out more about this error model and how to work with it in the 787 # [API Design Guide](https://cloud.google.com/apis/design/errors). 788 "message": "A String", # A developer-facing error message, which should be in English. Any 789 # user-facing error message should be localized and sent in the 790 # google.rpc.Status.details field, or localized by the client. 791 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 792 "details": [ # A list of messages that carry the error details. There is a common set of 793 # message types for APIs to use. 794 { 795 "a_key": "", # Properties of the object. Contains field @type with type URL. 796 }, 797 ], 798 }, 799 "done": True or False, # If the value is `false`, it means the operation is still in progress. 800 # If `true`, the operation is completed, and either `error` or `response` is 801 # available. 802 "response": { # The normal response of the operation in case of success. If the original 803 # method returns no data on success, such as `Delete`, the response is 804 # `google.protobuf.Empty`. If the original method is standard 805 # `Get`/`Create`/`Update`, the response should be the resource. For other 806 # methods, the response should have the type `XxxResponse`, where `Xxx` 807 # is the original method name. For example, if the original method name 808 # is `TakeSnapshot()`, the inferred response type is 809 # `TakeSnapshotResponse`. 810 "a_key": "", # Properties of the object. Contains field @type with type URL. 811 }, 812 "name": "A String", # The server-assigned name, which is only unique within the same service that 813 # originally returns it. If you use the default HTTP mapping, the 814 # `name` should be a resource name ending with `operations/{unique_id}`. 815 "metadata": { # Service-specific metadata associated with the operation. It typically 816 # contains progress information and common metadata such as create time. 817 # Some services might not provide such metadata. Any method that returns a 818 # long-running operation should document the metadata type, if any. 819 "a_key": "", # Properties of the object. Contains field @type with type URL. 820 }, 821 }</pre> 822</div> 823 824<div class="method"> 825 <code class="details" id="list">list(parent, pageToken=None, x__xgafv=None, pageSize=None, filter=None)</code> 826 <pre>Lists the FHIR stores in the given dataset. 827 828Args: 829 parent: string, Name of the dataset. (required) 830 pageToken: string, The next_page_token value returned from the previous List request, if any. 831 x__xgafv: string, V1 error format. 832 Allowed values 833 1 - v1 error format 834 2 - v2 error format 835 pageSize: integer, Limit on the number of FHIR stores to return in a single response. If zero 836the default page size of 100 is used. 837 filter: string, Restricts stores returned to those matching a filter. Syntax: 838https://cloud.google.com/appengine/docs/standard/python/search/query_strings 839Only filtering on labels is supported, for example `labels.key=value`. 840 841Returns: 842 An object of the form: 843 844 { # Lists the FHIR stores in the given dataset. 845 "nextPageToken": "A String", # Token to retrieve the next page of results or empty if there are no more 846 # results in the list. 847 "fhirStores": [ # The returned FHIR stores. Won't be more FHIR stores than the value of 848 # page_size in the request. 849 { # Represents a FHIR store. 850 "enableHistoryImport": True or False, # Whether to allow the bulk import API to accept history bundles and directly 851 # insert historical resource versions into the FHIR store. Importing resource 852 # histories creates resource interactions that appear to have occurred in the 853 # past, which clients may not want to allow. If set to false, history bundles 854 # within an import will fail with an error. 855 "name": "A String", # Output only. Resource name of the FHIR store, of the form 856 # `projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. 857 "labels": { # User-supplied key-value pairs used to organize FHIR stores. 858 # 859 # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding 860 # of maximum 128 bytes, and must conform to the 861 # following PCRE regular expression: 862 # \p{Ll}\p{Lo}{0,62} 863 # 864 # Label values are optional, must be between 1 and 63 characters long, have 865 # a UTF-8 encoding of maximum 128 bytes, and must conform to the 866 # following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} 867 # 868 # No more than 64 labels can be associated with a given store. 869 "a_key": "A String", 870 }, 871 "enableUpdateCreate": True or False, # Whether this FHIR store has the [updateCreate 872 # capability](https://www.hl7.org/fhir/capabilitystatement-definitions.html#CapabilityStatement.rest.resource.updateCreate). 873 # This determines if the client can use an Update operation to create a new 874 # resource with a client-specified ID. If false, all IDs are server-assigned 875 # through the Create operation and attempts to Update a non-existent resource 876 # will return errors. Please treat the audit logs with appropriate levels of 877 # care if client-specified resource IDs contain sensitive data such as 878 # patient identifiers, those IDs will be part of the FHIR resource path 879 # recorded in Cloud audit logs and Cloud Pub/Sub notifications. 880 "notificationConfig": { # Specifies where notifications should be sent upon changes to a data store. # If non-empty, publish all resource modifications of this FHIR store to 881 # this destination. The Cloud Pub/Sub message attributes will contain a map 882 # with a string describing the action that has triggered the notification, 883 # e.g. "action":"CreateResource". 884 "pubsubTopic": "A String", # The [Cloud Pub/Sub](https://cloud.google.com/pubsub/docs/) topic that 885 # notifications of changes are published on. Supplied by the client. 886 # PubsubMessage.Data will contain the resource name. 887 # PubsubMessage.MessageId is the ID of this message. It is guaranteed to be 888 # unique within the topic. 889 # PubsubMessage.PublishTime is the time at which the message was published. 890 # Notifications are only sent if the topic is 891 # non-empty. [Topic 892 # names](https://cloud.google.com/pubsub/docs/overview#names) must be scoped 893 # to a project. cloud-healthcare@system.gserviceaccount.com must have 894 # publisher permissions on the given Cloud Pub/Sub topic. Not having adequate 895 # permissions will cause the calls that send notifications to fail. 896 }, 897 "disableReferentialIntegrity": True or False, # Whether to disable referential integrity in this FHIR store. This field is 898 # immutable after FHIR store creation. 899 # The default value is false, meaning that the API will enforce referential 900 # integrity and fail the requests that will result in inconsistent state in 901 # the FHIR store. 902 # When this field is set to true, the API will skip referential integrity 903 # check. Consequently, operations that rely on references, such as 904 # GetPatientEverything, will not return all the results if broken references 905 # exist. 906 "disableResourceVersioning": True or False, # Whether to disable resource versioning for this FHIR store. This field can 907 # not be changed after the creation of FHIR store. 908 # If set to false, which is the default behavior, all write operations will 909 # cause historical versions to be recorded automatically. The historical 910 # versions can be fetched through the history APIs, but cannot be updated. 911 # If set to true, no historical versions will be kept. The server will send 912 # back errors for attempts to read the historical versions. 913 }, 914 ], 915 }</pre> 916</div> 917 918<div class="method"> 919 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 920 <pre>Retrieves the next page of results. 921 922Args: 923 previous_request: The request for the previous page. (required) 924 previous_response: The response from the request for the previous page. (required) 925 926Returns: 927 A request object that you can call 'execute()' on to request the next 928 page. Returns None if there are no more items in the collection. 929 </pre> 930</div> 931 932<div class="method"> 933 <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code> 934 <pre>Updates the configuration of the specified FHIR store. 935 936Args: 937 name: string, Output only. Resource name of the FHIR store, of the form 938`projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. (required) 939 body: object, The request body. (required) 940 The object takes the form of: 941 942{ # Represents a FHIR store. 943 "enableHistoryImport": True or False, # Whether to allow the bulk import API to accept history bundles and directly 944 # insert historical resource versions into the FHIR store. Importing resource 945 # histories creates resource interactions that appear to have occurred in the 946 # past, which clients may not want to allow. If set to false, history bundles 947 # within an import will fail with an error. 948 "name": "A String", # Output only. Resource name of the FHIR store, of the form 949 # `projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. 950 "labels": { # User-supplied key-value pairs used to organize FHIR stores. 951 # 952 # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding 953 # of maximum 128 bytes, and must conform to the 954 # following PCRE regular expression: 955 # \p{Ll}\p{Lo}{0,62} 956 # 957 # Label values are optional, must be between 1 and 63 characters long, have 958 # a UTF-8 encoding of maximum 128 bytes, and must conform to the 959 # following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} 960 # 961 # No more than 64 labels can be associated with a given store. 962 "a_key": "A String", 963 }, 964 "enableUpdateCreate": True or False, # Whether this FHIR store has the [updateCreate 965 # capability](https://www.hl7.org/fhir/capabilitystatement-definitions.html#CapabilityStatement.rest.resource.updateCreate). 966 # This determines if the client can use an Update operation to create a new 967 # resource with a client-specified ID. If false, all IDs are server-assigned 968 # through the Create operation and attempts to Update a non-existent resource 969 # will return errors. Please treat the audit logs with appropriate levels of 970 # care if client-specified resource IDs contain sensitive data such as 971 # patient identifiers, those IDs will be part of the FHIR resource path 972 # recorded in Cloud audit logs and Cloud Pub/Sub notifications. 973 "notificationConfig": { # Specifies where notifications should be sent upon changes to a data store. # If non-empty, publish all resource modifications of this FHIR store to 974 # this destination. The Cloud Pub/Sub message attributes will contain a map 975 # with a string describing the action that has triggered the notification, 976 # e.g. "action":"CreateResource". 977 "pubsubTopic": "A String", # The [Cloud Pub/Sub](https://cloud.google.com/pubsub/docs/) topic that 978 # notifications of changes are published on. Supplied by the client. 979 # PubsubMessage.Data will contain the resource name. 980 # PubsubMessage.MessageId is the ID of this message. It is guaranteed to be 981 # unique within the topic. 982 # PubsubMessage.PublishTime is the time at which the message was published. 983 # Notifications are only sent if the topic is 984 # non-empty. [Topic 985 # names](https://cloud.google.com/pubsub/docs/overview#names) must be scoped 986 # to a project. cloud-healthcare@system.gserviceaccount.com must have 987 # publisher permissions on the given Cloud Pub/Sub topic. Not having adequate 988 # permissions will cause the calls that send notifications to fail. 989 }, 990 "disableReferentialIntegrity": True or False, # Whether to disable referential integrity in this FHIR store. This field is 991 # immutable after FHIR store creation. 992 # The default value is false, meaning that the API will enforce referential 993 # integrity and fail the requests that will result in inconsistent state in 994 # the FHIR store. 995 # When this field is set to true, the API will skip referential integrity 996 # check. Consequently, operations that rely on references, such as 997 # GetPatientEverything, will not return all the results if broken references 998 # exist. 999 "disableResourceVersioning": True or False, # Whether to disable resource versioning for this FHIR store. This field can 1000 # not be changed after the creation of FHIR store. 1001 # If set to false, which is the default behavior, all write operations will 1002 # cause historical versions to be recorded automatically. The historical 1003 # versions can be fetched through the history APIs, but cannot be updated. 1004 # If set to true, no historical versions will be kept. The server will send 1005 # back errors for attempts to read the historical versions. 1006} 1007 1008 updateMask: string, The update mask applies to the resource. For the `FieldMask` definition, 1009see 1010https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask 1011 x__xgafv: string, V1 error format. 1012 Allowed values 1013 1 - v1 error format 1014 2 - v2 error format 1015 1016Returns: 1017 An object of the form: 1018 1019 { # Represents a FHIR store. 1020 "enableHistoryImport": True or False, # Whether to allow the bulk import API to accept history bundles and directly 1021 # insert historical resource versions into the FHIR store. Importing resource 1022 # histories creates resource interactions that appear to have occurred in the 1023 # past, which clients may not want to allow. If set to false, history bundles 1024 # within an import will fail with an error. 1025 "name": "A String", # Output only. Resource name of the FHIR store, of the form 1026 # `projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. 1027 "labels": { # User-supplied key-value pairs used to organize FHIR stores. 1028 # 1029 # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding 1030 # of maximum 128 bytes, and must conform to the 1031 # following PCRE regular expression: 1032 # \p{Ll}\p{Lo}{0,62} 1033 # 1034 # Label values are optional, must be between 1 and 63 characters long, have 1035 # a UTF-8 encoding of maximum 128 bytes, and must conform to the 1036 # following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} 1037 # 1038 # No more than 64 labels can be associated with a given store. 1039 "a_key": "A String", 1040 }, 1041 "enableUpdateCreate": True or False, # Whether this FHIR store has the [updateCreate 1042 # capability](https://www.hl7.org/fhir/capabilitystatement-definitions.html#CapabilityStatement.rest.resource.updateCreate). 1043 # This determines if the client can use an Update operation to create a new 1044 # resource with a client-specified ID. If false, all IDs are server-assigned 1045 # through the Create operation and attempts to Update a non-existent resource 1046 # will return errors. Please treat the audit logs with appropriate levels of 1047 # care if client-specified resource IDs contain sensitive data such as 1048 # patient identifiers, those IDs will be part of the FHIR resource path 1049 # recorded in Cloud audit logs and Cloud Pub/Sub notifications. 1050 "notificationConfig": { # Specifies where notifications should be sent upon changes to a data store. # If non-empty, publish all resource modifications of this FHIR store to 1051 # this destination. The Cloud Pub/Sub message attributes will contain a map 1052 # with a string describing the action that has triggered the notification, 1053 # e.g. "action":"CreateResource". 1054 "pubsubTopic": "A String", # The [Cloud Pub/Sub](https://cloud.google.com/pubsub/docs/) topic that 1055 # notifications of changes are published on. Supplied by the client. 1056 # PubsubMessage.Data will contain the resource name. 1057 # PubsubMessage.MessageId is the ID of this message. It is guaranteed to be 1058 # unique within the topic. 1059 # PubsubMessage.PublishTime is the time at which the message was published. 1060 # Notifications are only sent if the topic is 1061 # non-empty. [Topic 1062 # names](https://cloud.google.com/pubsub/docs/overview#names) must be scoped 1063 # to a project. cloud-healthcare@system.gserviceaccount.com must have 1064 # publisher permissions on the given Cloud Pub/Sub topic. Not having adequate 1065 # permissions will cause the calls that send notifications to fail. 1066 }, 1067 "disableReferentialIntegrity": True or False, # Whether to disable referential integrity in this FHIR store. This field is 1068 # immutable after FHIR store creation. 1069 # The default value is false, meaning that the API will enforce referential 1070 # integrity and fail the requests that will result in inconsistent state in 1071 # the FHIR store. 1072 # When this field is set to true, the API will skip referential integrity 1073 # check. Consequently, operations that rely on references, such as 1074 # GetPatientEverything, will not return all the results if broken references 1075 # exist. 1076 "disableResourceVersioning": True or False, # Whether to disable resource versioning for this FHIR store. This field can 1077 # not be changed after the creation of FHIR store. 1078 # If set to false, which is the default behavior, all write operations will 1079 # cause historical versions to be recorded automatically. The historical 1080 # versions can be fetched through the history APIs, but cannot be updated. 1081 # If set to true, no historical versions will be kept. The server will send 1082 # back errors for attempts to read the historical versions. 1083 }</pre> 1084</div> 1085 1086<div class="method"> 1087 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 1088 <pre>Sets the access control policy on the specified resource. Replaces any 1089existing policy. 1090 1091Args: 1092 resource: string, REQUIRED: The resource for which the policy is being specified. 1093See the operation documentation for the appropriate value for this field. (required) 1094 body: object, The request body. (required) 1095 The object takes the form of: 1096 1097{ # Request message for `SetIamPolicy` method. 1098 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 1099 # the policy is limited to a few 10s of KB. An empty policy is a 1100 # valid policy but certain Cloud Platform services (such as Projects) 1101 # might reject them. 1102 # specify access control policies for Cloud Platform resources. 1103 # 1104 # 1105 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 1106 # `members` to a `role`, where the members can be user accounts, Google groups, 1107 # Google domains, and service accounts. A `role` is a named list of permissions 1108 # defined by IAM. 1109 # 1110 # **JSON Example** 1111 # 1112 # { 1113 # "bindings": [ 1114 # { 1115 # "role": "roles/owner", 1116 # "members": [ 1117 # "user:mike@example.com", 1118 # "group:admins@example.com", 1119 # "domain:google.com", 1120 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 1121 # ] 1122 # }, 1123 # { 1124 # "role": "roles/viewer", 1125 # "members": ["user:sean@example.com"] 1126 # } 1127 # ] 1128 # } 1129 # 1130 # **YAML Example** 1131 # 1132 # bindings: 1133 # - members: 1134 # - user:mike@example.com 1135 # - group:admins@example.com 1136 # - domain:google.com 1137 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 1138 # role: roles/owner 1139 # - members: 1140 # - user:sean@example.com 1141 # role: roles/viewer 1142 # 1143 # 1144 # For a description of IAM and its features, see the 1145 # [IAM developer's guide](https://cloud.google.com/iam/docs). 1146 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 1147 { # Specifies the audit configuration for a service. 1148 # The configuration determines which permission types are logged, and what 1149 # identities, if any, are exempted from logging. 1150 # An AuditConfig must have one or more AuditLogConfigs. 1151 # 1152 # If there are AuditConfigs for both `allServices` and a specific service, 1153 # the union of the two AuditConfigs is used for that service: the log_types 1154 # specified in each AuditConfig are enabled, and the exempted_members in each 1155 # AuditLogConfig are exempted. 1156 # 1157 # Example Policy with multiple AuditConfigs: 1158 # 1159 # { 1160 # "audit_configs": [ 1161 # { 1162 # "service": "allServices" 1163 # "audit_log_configs": [ 1164 # { 1165 # "log_type": "DATA_READ", 1166 # "exempted_members": [ 1167 # "user:foo@gmail.com" 1168 # ] 1169 # }, 1170 # { 1171 # "log_type": "DATA_WRITE", 1172 # }, 1173 # { 1174 # "log_type": "ADMIN_READ", 1175 # } 1176 # ] 1177 # }, 1178 # { 1179 # "service": "fooservice.googleapis.com" 1180 # "audit_log_configs": [ 1181 # { 1182 # "log_type": "DATA_READ", 1183 # }, 1184 # { 1185 # "log_type": "DATA_WRITE", 1186 # "exempted_members": [ 1187 # "user:bar@gmail.com" 1188 # ] 1189 # } 1190 # ] 1191 # } 1192 # ] 1193 # } 1194 # 1195 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1196 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 1197 # bar@gmail.com from DATA_WRITE logging. 1198 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1199 { # Provides the configuration for logging a type of permissions. 1200 # Example: 1201 # 1202 # { 1203 # "audit_log_configs": [ 1204 # { 1205 # "log_type": "DATA_READ", 1206 # "exempted_members": [ 1207 # "user:foo@gmail.com" 1208 # ] 1209 # }, 1210 # { 1211 # "log_type": "DATA_WRITE", 1212 # } 1213 # ] 1214 # } 1215 # 1216 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1217 # foo@gmail.com from DATA_READ logging. 1218 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1219 # permission. 1220 # Follows the same format of Binding.members. 1221 "A String", 1222 ], 1223 "logType": "A String", # The log type that this config enables. 1224 }, 1225 ], 1226 "service": "A String", # Specifies a service that will be enabled for audit logging. 1227 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 1228 # `allServices` is a special value that covers all services. 1229 }, 1230 ], 1231 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1232 # prevent simultaneous updates of a policy from overwriting each other. 1233 # It is strongly suggested that systems make use of the `etag` in the 1234 # read-modify-write cycle to perform policy updates in order to avoid race 1235 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1236 # systems are expected to put that etag in the request to `setIamPolicy` to 1237 # ensure that their change will be applied to the same version of the policy. 1238 # 1239 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1240 # policy is overwritten blindly. 1241 "bindings": [ # Associates a list of `members` to a `role`. 1242 # `bindings` with no members will result in an error. 1243 { # Associates `members` with a `role`. 1244 "role": "A String", # Role that is assigned to `members`. 1245 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1246 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1247 # `members` can have the following values: 1248 # 1249 # * `allUsers`: A special identifier that represents anyone who is 1250 # on the internet; with or without a Google account. 1251 # 1252 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1253 # who is authenticated with a Google account or a service account. 1254 # 1255 # * `user:{emailid}`: An email address that represents a specific Google 1256 # account. For example, `alice@gmail.com` . 1257 # 1258 # 1259 # * `serviceAccount:{emailid}`: An email address that represents a service 1260 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 1261 # 1262 # * `group:{emailid}`: An email address that represents a Google group. 1263 # For example, `admins@example.com`. 1264 # 1265 # 1266 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 1267 # users of that domain. For example, `google.com` or `example.com`. 1268 # 1269 "A String", 1270 ], 1271 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 1272 # NOTE: An unsatisfied condition will not allow user access via current 1273 # binding. Different bindings, including their conditions, are examined 1274 # independently. 1275 # 1276 # title: "User account presence" 1277 # description: "Determines whether the request has a user account" 1278 # expression: "size(request.user) > 0" 1279 "location": "A String", # An optional string indicating the location of the expression for error 1280 # reporting, e.g. a file name and a position in the file. 1281 "expression": "A String", # Textual representation of an expression in 1282 # Common Expression Language syntax. 1283 # 1284 # The application context of the containing message determines which 1285 # well-known feature set of CEL is supported. 1286 "description": "A String", # An optional description of the expression. This is a longer text which 1287 # describes the expression, e.g. when hovered over it in a UI. 1288 "title": "A String", # An optional title for the expression, i.e. a short string describing 1289 # its purpose. This can be used e.g. in UIs which allow to enter the 1290 # expression. 1291 }, 1292 }, 1293 ], 1294 "version": 42, # Deprecated. 1295 }, 1296 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 1297 # the fields in the mask will be modified. If no mask is provided, the 1298 # following default mask is used: 1299 # paths: "bindings, etag" 1300 # This field is only used by Cloud IAM. 1301 } 1302 1303 x__xgafv: string, V1 error format. 1304 Allowed values 1305 1 - v1 error format 1306 2 - v2 error format 1307 1308Returns: 1309 An object of the form: 1310 1311 { # Defines an Identity and Access Management (IAM) policy. It is used to 1312 # specify access control policies for Cloud Platform resources. 1313 # 1314 # 1315 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 1316 # `members` to a `role`, where the members can be user accounts, Google groups, 1317 # Google domains, and service accounts. A `role` is a named list of permissions 1318 # defined by IAM. 1319 # 1320 # **JSON Example** 1321 # 1322 # { 1323 # "bindings": [ 1324 # { 1325 # "role": "roles/owner", 1326 # "members": [ 1327 # "user:mike@example.com", 1328 # "group:admins@example.com", 1329 # "domain:google.com", 1330 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 1331 # ] 1332 # }, 1333 # { 1334 # "role": "roles/viewer", 1335 # "members": ["user:sean@example.com"] 1336 # } 1337 # ] 1338 # } 1339 # 1340 # **YAML Example** 1341 # 1342 # bindings: 1343 # - members: 1344 # - user:mike@example.com 1345 # - group:admins@example.com 1346 # - domain:google.com 1347 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 1348 # role: roles/owner 1349 # - members: 1350 # - user:sean@example.com 1351 # role: roles/viewer 1352 # 1353 # 1354 # For a description of IAM and its features, see the 1355 # [IAM developer's guide](https://cloud.google.com/iam/docs). 1356 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 1357 { # Specifies the audit configuration for a service. 1358 # The configuration determines which permission types are logged, and what 1359 # identities, if any, are exempted from logging. 1360 # An AuditConfig must have one or more AuditLogConfigs. 1361 # 1362 # If there are AuditConfigs for both `allServices` and a specific service, 1363 # the union of the two AuditConfigs is used for that service: the log_types 1364 # specified in each AuditConfig are enabled, and the exempted_members in each 1365 # AuditLogConfig are exempted. 1366 # 1367 # Example Policy with multiple AuditConfigs: 1368 # 1369 # { 1370 # "audit_configs": [ 1371 # { 1372 # "service": "allServices" 1373 # "audit_log_configs": [ 1374 # { 1375 # "log_type": "DATA_READ", 1376 # "exempted_members": [ 1377 # "user:foo@gmail.com" 1378 # ] 1379 # }, 1380 # { 1381 # "log_type": "DATA_WRITE", 1382 # }, 1383 # { 1384 # "log_type": "ADMIN_READ", 1385 # } 1386 # ] 1387 # }, 1388 # { 1389 # "service": "fooservice.googleapis.com" 1390 # "audit_log_configs": [ 1391 # { 1392 # "log_type": "DATA_READ", 1393 # }, 1394 # { 1395 # "log_type": "DATA_WRITE", 1396 # "exempted_members": [ 1397 # "user:bar@gmail.com" 1398 # ] 1399 # } 1400 # ] 1401 # } 1402 # ] 1403 # } 1404 # 1405 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1406 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 1407 # bar@gmail.com from DATA_WRITE logging. 1408 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1409 { # Provides the configuration for logging a type of permissions. 1410 # Example: 1411 # 1412 # { 1413 # "audit_log_configs": [ 1414 # { 1415 # "log_type": "DATA_READ", 1416 # "exempted_members": [ 1417 # "user:foo@gmail.com" 1418 # ] 1419 # }, 1420 # { 1421 # "log_type": "DATA_WRITE", 1422 # } 1423 # ] 1424 # } 1425 # 1426 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1427 # foo@gmail.com from DATA_READ logging. 1428 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1429 # permission. 1430 # Follows the same format of Binding.members. 1431 "A String", 1432 ], 1433 "logType": "A String", # The log type that this config enables. 1434 }, 1435 ], 1436 "service": "A String", # Specifies a service that will be enabled for audit logging. 1437 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 1438 # `allServices` is a special value that covers all services. 1439 }, 1440 ], 1441 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1442 # prevent simultaneous updates of a policy from overwriting each other. 1443 # It is strongly suggested that systems make use of the `etag` in the 1444 # read-modify-write cycle to perform policy updates in order to avoid race 1445 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1446 # systems are expected to put that etag in the request to `setIamPolicy` to 1447 # ensure that their change will be applied to the same version of the policy. 1448 # 1449 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1450 # policy is overwritten blindly. 1451 "bindings": [ # Associates a list of `members` to a `role`. 1452 # `bindings` with no members will result in an error. 1453 { # Associates `members` with a `role`. 1454 "role": "A String", # Role that is assigned to `members`. 1455 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1456 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1457 # `members` can have the following values: 1458 # 1459 # * `allUsers`: A special identifier that represents anyone who is 1460 # on the internet; with or without a Google account. 1461 # 1462 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1463 # who is authenticated with a Google account or a service account. 1464 # 1465 # * `user:{emailid}`: An email address that represents a specific Google 1466 # account. For example, `alice@gmail.com` . 1467 # 1468 # 1469 # * `serviceAccount:{emailid}`: An email address that represents a service 1470 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 1471 # 1472 # * `group:{emailid}`: An email address that represents a Google group. 1473 # For example, `admins@example.com`. 1474 # 1475 # 1476 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 1477 # users of that domain. For example, `google.com` or `example.com`. 1478 # 1479 "A String", 1480 ], 1481 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 1482 # NOTE: An unsatisfied condition will not allow user access via current 1483 # binding. Different bindings, including their conditions, are examined 1484 # independently. 1485 # 1486 # title: "User account presence" 1487 # description: "Determines whether the request has a user account" 1488 # expression: "size(request.user) > 0" 1489 "location": "A String", # An optional string indicating the location of the expression for error 1490 # reporting, e.g. a file name and a position in the file. 1491 "expression": "A String", # Textual representation of an expression in 1492 # Common Expression Language syntax. 1493 # 1494 # The application context of the containing message determines which 1495 # well-known feature set of CEL is supported. 1496 "description": "A String", # An optional description of the expression. This is a longer text which 1497 # describes the expression, e.g. when hovered over it in a UI. 1498 "title": "A String", # An optional title for the expression, i.e. a short string describing 1499 # its purpose. This can be used e.g. in UIs which allow to enter the 1500 # expression. 1501 }, 1502 }, 1503 ], 1504 "version": 42, # Deprecated. 1505 }</pre> 1506</div> 1507 1508<div class="method"> 1509 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 1510 <pre>Returns permissions that a caller has on the specified resource. 1511If the resource does not exist, this will return an empty set of 1512permissions, not a NOT_FOUND error. 1513 1514Note: This operation is designed to be used for building permission-aware 1515UIs and command-line tools, not for authorization checking. This operation 1516may "fail open" without warning. 1517 1518Args: 1519 resource: string, REQUIRED: The resource for which the policy detail is being requested. 1520See the operation documentation for the appropriate value for this field. (required) 1521 body: object, The request body. (required) 1522 The object takes the form of: 1523 1524{ # Request message for `TestIamPermissions` method. 1525 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 1526 # wildcards (such as '*' or 'storage.*') are not allowed. For more 1527 # information see 1528 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 1529 "A String", 1530 ], 1531 } 1532 1533 x__xgafv: string, V1 error format. 1534 Allowed values 1535 1 - v1 error format 1536 2 - v2 error format 1537 1538Returns: 1539 An object of the form: 1540 1541 { # Response message for `TestIamPermissions` method. 1542 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 1543 # allowed. 1544 "A String", 1545 ], 1546 }</pre> 1547</div> 1548 1549</body></html>