1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="iap_v1.html">Cloud Identity-Aware Proxy API</a> . <a href="iap_v1.v1.html">v1</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p> 79<p class="firstline">Gets the access control policy for an Identity-Aware Proxy protected</p> 80<p class="toc_element"> 81 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 82<p class="firstline">Sets the access control policy for an Identity-Aware Proxy protected</p> 83<p class="toc_element"> 84 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 85<p class="firstline">Returns permissions that a caller has on the Identity-Aware Proxy protected</p> 86<h3>Method Details</h3> 87<div class="method"> 88 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code> 89 <pre>Gets the access control policy for an Identity-Aware Proxy protected 90resource. 91More information about managing access via IAP can be found at: 92https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api 93 94Args: 95 resource: string, REQUIRED: The resource for which the policy is being requested. 96See the operation documentation for the appropriate value for this field. (required) 97 body: object, The request body. 98 The object takes the form of: 99 100{ # Request message for `GetIamPolicy` method. 101 } 102 103 x__xgafv: string, V1 error format. 104 Allowed values 105 1 - v1 error format 106 2 - v2 error format 107 108Returns: 109 An object of the form: 110 111 { # Defines an Identity and Access Management (IAM) policy. It is used to 112 # specify access control policies for Cloud Platform resources. 113 # 114 # 115 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 116 # `members` to a `role`, where the members can be user accounts, Google groups, 117 # Google domains, and service accounts. A `role` is a named list of permissions 118 # defined by IAM. 119 # 120 # **JSON Example** 121 # 122 # { 123 # "bindings": [ 124 # { 125 # "role": "roles/owner", 126 # "members": [ 127 # "user:mike@example.com", 128 # "group:admins@example.com", 129 # "domain:google.com", 130 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 131 # ] 132 # }, 133 # { 134 # "role": "roles/viewer", 135 # "members": ["user:sean@example.com"] 136 # } 137 # ] 138 # } 139 # 140 # **YAML Example** 141 # 142 # bindings: 143 # - members: 144 # - user:mike@example.com 145 # - group:admins@example.com 146 # - domain:google.com 147 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 148 # role: roles/owner 149 # - members: 150 # - user:sean@example.com 151 # role: roles/viewer 152 # 153 # 154 # For a description of IAM and its features, see the 155 # [IAM developer's guide](https://cloud.google.com/iam/docs). 156 "bindings": [ # Associates a list of `members` to a `role`. 157 # `bindings` with no members will result in an error. 158 { # Associates `members` with a `role`. 159 "role": "A String", # Role that is assigned to `members`. 160 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 161 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 162 # NOTE: An unsatisfied condition will not allow user access via current 163 # binding. Different bindings, including their conditions, are examined 164 # independently. 165 # 166 # title: "User account presence" 167 # description: "Determines whether the request has a user account" 168 # expression: "size(request.user) > 0" 169 "location": "A String", # An optional string indicating the location of the expression for error 170 # reporting, e.g. a file name and a position in the file. 171 "expression": "A String", # Textual representation of an expression in 172 # Common Expression Language syntax. 173 # 174 # The application context of the containing message determines which 175 # well-known feature set of CEL is supported. 176 "description": "A String", # An optional description of the expression. This is a longer text which 177 # describes the expression, e.g. when hovered over it in a UI. 178 "title": "A String", # An optional title for the expression, i.e. a short string describing 179 # its purpose. This can be used e.g. in UIs which allow to enter the 180 # expression. 181 }, 182 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 183 # `members` can have the following values: 184 # 185 # * `allUsers`: A special identifier that represents anyone who is 186 # on the internet; with or without a Google account. 187 # 188 # * `allAuthenticatedUsers`: A special identifier that represents anyone 189 # who is authenticated with a Google account or a service account. 190 # 191 # * `user:{emailid}`: An email address that represents a specific Google 192 # account. For example, `alice@gmail.com` . 193 # 194 # 195 # * `serviceAccount:{emailid}`: An email address that represents a service 196 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 197 # 198 # * `group:{emailid}`: An email address that represents a Google group. 199 # For example, `admins@example.com`. 200 # 201 # 202 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 203 # users of that domain. For example, `google.com` or `example.com`. 204 # 205 "A String", 206 ], 207 }, 208 ], 209 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 210 # prevent simultaneous updates of a policy from overwriting each other. 211 # It is strongly suggested that systems make use of the `etag` in the 212 # read-modify-write cycle to perform policy updates in order to avoid race 213 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 214 # systems are expected to put that etag in the request to `setIamPolicy` to 215 # ensure that their change will be applied to the same version of the policy. 216 # 217 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 218 # policy is overwritten blindly. 219 "version": 42, # Deprecated. 220 }</pre> 221</div> 222 223<div class="method"> 224 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 225 <pre>Sets the access control policy for an Identity-Aware Proxy protected 226resource. Replaces any existing policy. 227More information about managing access via IAP can be found at: 228https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api 229 230Args: 231 resource: string, REQUIRED: The resource for which the policy is being specified. 232See the operation documentation for the appropriate value for this field. (required) 233 body: object, The request body. (required) 234 The object takes the form of: 235 236{ # Request message for `SetIamPolicy` method. 237 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 238 # the policy is limited to a few 10s of KB. An empty policy is a 239 # valid policy but certain Cloud Platform services (such as Projects) 240 # might reject them. 241 # specify access control policies for Cloud Platform resources. 242 # 243 # 244 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 245 # `members` to a `role`, where the members can be user accounts, Google groups, 246 # Google domains, and service accounts. A `role` is a named list of permissions 247 # defined by IAM. 248 # 249 # **JSON Example** 250 # 251 # { 252 # "bindings": [ 253 # { 254 # "role": "roles/owner", 255 # "members": [ 256 # "user:mike@example.com", 257 # "group:admins@example.com", 258 # "domain:google.com", 259 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 260 # ] 261 # }, 262 # { 263 # "role": "roles/viewer", 264 # "members": ["user:sean@example.com"] 265 # } 266 # ] 267 # } 268 # 269 # **YAML Example** 270 # 271 # bindings: 272 # - members: 273 # - user:mike@example.com 274 # - group:admins@example.com 275 # - domain:google.com 276 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 277 # role: roles/owner 278 # - members: 279 # - user:sean@example.com 280 # role: roles/viewer 281 # 282 # 283 # For a description of IAM and its features, see the 284 # [IAM developer's guide](https://cloud.google.com/iam/docs). 285 "bindings": [ # Associates a list of `members` to a `role`. 286 # `bindings` with no members will result in an error. 287 { # Associates `members` with a `role`. 288 "role": "A String", # Role that is assigned to `members`. 289 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 290 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 291 # NOTE: An unsatisfied condition will not allow user access via current 292 # binding. Different bindings, including their conditions, are examined 293 # independently. 294 # 295 # title: "User account presence" 296 # description: "Determines whether the request has a user account" 297 # expression: "size(request.user) > 0" 298 "location": "A String", # An optional string indicating the location of the expression for error 299 # reporting, e.g. a file name and a position in the file. 300 "expression": "A String", # Textual representation of an expression in 301 # Common Expression Language syntax. 302 # 303 # The application context of the containing message determines which 304 # well-known feature set of CEL is supported. 305 "description": "A String", # An optional description of the expression. This is a longer text which 306 # describes the expression, e.g. when hovered over it in a UI. 307 "title": "A String", # An optional title for the expression, i.e. a short string describing 308 # its purpose. This can be used e.g. in UIs which allow to enter the 309 # expression. 310 }, 311 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 312 # `members` can have the following values: 313 # 314 # * `allUsers`: A special identifier that represents anyone who is 315 # on the internet; with or without a Google account. 316 # 317 # * `allAuthenticatedUsers`: A special identifier that represents anyone 318 # who is authenticated with a Google account or a service account. 319 # 320 # * `user:{emailid}`: An email address that represents a specific Google 321 # account. For example, `alice@gmail.com` . 322 # 323 # 324 # * `serviceAccount:{emailid}`: An email address that represents a service 325 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 326 # 327 # * `group:{emailid}`: An email address that represents a Google group. 328 # For example, `admins@example.com`. 329 # 330 # 331 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 332 # users of that domain. For example, `google.com` or `example.com`. 333 # 334 "A String", 335 ], 336 }, 337 ], 338 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 339 # prevent simultaneous updates of a policy from overwriting each other. 340 # It is strongly suggested that systems make use of the `etag` in the 341 # read-modify-write cycle to perform policy updates in order to avoid race 342 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 343 # systems are expected to put that etag in the request to `setIamPolicy` to 344 # ensure that their change will be applied to the same version of the policy. 345 # 346 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 347 # policy is overwritten blindly. 348 "version": 42, # Deprecated. 349 }, 350 } 351 352 x__xgafv: string, V1 error format. 353 Allowed values 354 1 - v1 error format 355 2 - v2 error format 356 357Returns: 358 An object of the form: 359 360 { # Defines an Identity and Access Management (IAM) policy. It is used to 361 # specify access control policies for Cloud Platform resources. 362 # 363 # 364 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 365 # `members` to a `role`, where the members can be user accounts, Google groups, 366 # Google domains, and service accounts. A `role` is a named list of permissions 367 # defined by IAM. 368 # 369 # **JSON Example** 370 # 371 # { 372 # "bindings": [ 373 # { 374 # "role": "roles/owner", 375 # "members": [ 376 # "user:mike@example.com", 377 # "group:admins@example.com", 378 # "domain:google.com", 379 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 380 # ] 381 # }, 382 # { 383 # "role": "roles/viewer", 384 # "members": ["user:sean@example.com"] 385 # } 386 # ] 387 # } 388 # 389 # **YAML Example** 390 # 391 # bindings: 392 # - members: 393 # - user:mike@example.com 394 # - group:admins@example.com 395 # - domain:google.com 396 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 397 # role: roles/owner 398 # - members: 399 # - user:sean@example.com 400 # role: roles/viewer 401 # 402 # 403 # For a description of IAM and its features, see the 404 # [IAM developer's guide](https://cloud.google.com/iam/docs). 405 "bindings": [ # Associates a list of `members` to a `role`. 406 # `bindings` with no members will result in an error. 407 { # Associates `members` with a `role`. 408 "role": "A String", # Role that is assigned to `members`. 409 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 410 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 411 # NOTE: An unsatisfied condition will not allow user access via current 412 # binding. Different bindings, including their conditions, are examined 413 # independently. 414 # 415 # title: "User account presence" 416 # description: "Determines whether the request has a user account" 417 # expression: "size(request.user) > 0" 418 "location": "A String", # An optional string indicating the location of the expression for error 419 # reporting, e.g. a file name and a position in the file. 420 "expression": "A String", # Textual representation of an expression in 421 # Common Expression Language syntax. 422 # 423 # The application context of the containing message determines which 424 # well-known feature set of CEL is supported. 425 "description": "A String", # An optional description of the expression. This is a longer text which 426 # describes the expression, e.g. when hovered over it in a UI. 427 "title": "A String", # An optional title for the expression, i.e. a short string describing 428 # its purpose. This can be used e.g. in UIs which allow to enter the 429 # expression. 430 }, 431 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 432 # `members` can have the following values: 433 # 434 # * `allUsers`: A special identifier that represents anyone who is 435 # on the internet; with or without a Google account. 436 # 437 # * `allAuthenticatedUsers`: A special identifier that represents anyone 438 # who is authenticated with a Google account or a service account. 439 # 440 # * `user:{emailid}`: An email address that represents a specific Google 441 # account. For example, `alice@gmail.com` . 442 # 443 # 444 # * `serviceAccount:{emailid}`: An email address that represents a service 445 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 446 # 447 # * `group:{emailid}`: An email address that represents a Google group. 448 # For example, `admins@example.com`. 449 # 450 # 451 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 452 # users of that domain. For example, `google.com` or `example.com`. 453 # 454 "A String", 455 ], 456 }, 457 ], 458 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 459 # prevent simultaneous updates of a policy from overwriting each other. 460 # It is strongly suggested that systems make use of the `etag` in the 461 # read-modify-write cycle to perform policy updates in order to avoid race 462 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 463 # systems are expected to put that etag in the request to `setIamPolicy` to 464 # ensure that their change will be applied to the same version of the policy. 465 # 466 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 467 # policy is overwritten blindly. 468 "version": 42, # Deprecated. 469 }</pre> 470</div> 471 472<div class="method"> 473 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 474 <pre>Returns permissions that a caller has on the Identity-Aware Proxy protected 475resource. 476More information about managing access via IAP can be found at: 477https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api 478 479Args: 480 resource: string, REQUIRED: The resource for which the policy detail is being requested. 481See the operation documentation for the appropriate value for this field. (required) 482 body: object, The request body. (required) 483 The object takes the form of: 484 485{ # Request message for `TestIamPermissions` method. 486 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 487 # wildcards (such as '*' or 'storage.*') are not allowed. For more 488 # information see 489 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 490 "A String", 491 ], 492 } 493 494 x__xgafv: string, V1 error format. 495 Allowed values 496 1 - v1 error format 497 2 - v2 error format 498 499Returns: 500 An object of the form: 501 502 { # Response message for `TestIamPermissions` method. 503 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 504 # allowed. 505 "A String", 506 ], 507 }</pre> 508</div> 509 510</body></html>