1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="iap_v1beta1.html">Cloud Identity-Aware Proxy API</a> . <a href="iap_v1beta1.v1beta1.html">v1beta1</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p> 79<p class="firstline">Gets the access control policy for an Identity-Aware Proxy protected</p> 80<p class="toc_element"> 81 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 82<p class="firstline">Sets the access control policy for an Identity-Aware Proxy protected</p> 83<p class="toc_element"> 84 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 85<p class="firstline">Returns permissions that a caller has on the Identity-Aware Proxy protected</p> 86<h3>Method Details</h3> 87<div class="method"> 88 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code> 89 <pre>Gets the access control policy for an Identity-Aware Proxy protected 90resource. 91More information about managing access via IAP can be found at: 92https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api 93 94Args: 95 resource: string, REQUIRED: The resource for which the policy is being requested. 96See the operation documentation for the appropriate value for this field. (required) 97 body: object, The request body. 98 The object takes the form of: 99 100{ # Request message for `GetIamPolicy` method. 101 } 102 103 x__xgafv: string, V1 error format. 104 Allowed values 105 1 - v1 error format 106 2 - v2 error format 107 108Returns: 109 An object of the form: 110 111 { # Defines an Identity and Access Management (IAM) policy. It is used to 112 # specify access control policies for Cloud Platform resources. 113 # 114 # 115 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 116 # `members` to a `role`, where the members can be user accounts, Google groups, 117 # Google domains, and service accounts. A `role` is a named list of permissions 118 # defined by IAM. 119 # 120 # **JSON Example** 121 # 122 # { 123 # "bindings": [ 124 # { 125 # "role": "roles/owner", 126 # "members": [ 127 # "user:mike@example.com", 128 # "group:admins@example.com", 129 # "domain:google.com", 130 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 131 # ] 132 # }, 133 # { 134 # "role": "roles/viewer", 135 # "members": ["user:sean@example.com"] 136 # } 137 # ] 138 # } 139 # 140 # **YAML Example** 141 # 142 # bindings: 143 # - members: 144 # - user:mike@example.com 145 # - group:admins@example.com 146 # - domain:google.com 147 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 148 # role: roles/owner 149 # - members: 150 # - user:sean@example.com 151 # role: roles/viewer 152 # 153 # 154 # For a description of IAM and its features, see the 155 # [IAM developer's guide](https://cloud.google.com/iam/docs). 156 "bindings": [ # Associates a list of `members` to a `role`. 157 # `bindings` with no members will result in an error. 158 { # Associates `members` with a `role`. 159 "role": "A String", # Role that is assigned to `members`. 160 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 161 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 162 # `members` can have the following values: 163 # 164 # * `allUsers`: A special identifier that represents anyone who is 165 # on the internet; with or without a Google account. 166 # 167 # * `allAuthenticatedUsers`: A special identifier that represents anyone 168 # who is authenticated with a Google account or a service account. 169 # 170 # * `user:{emailid}`: An email address that represents a specific Google 171 # account. For example, `alice@gmail.com` . 172 # 173 # 174 # * `serviceAccount:{emailid}`: An email address that represents a service 175 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 176 # 177 # * `group:{emailid}`: An email address that represents a Google group. 178 # For example, `admins@example.com`. 179 # 180 # 181 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 182 # users of that domain. For example, `google.com` or `example.com`. 183 # 184 "A String", 185 ], 186 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 187 # NOTE: An unsatisfied condition will not allow user access via current 188 # binding. Different bindings, including their conditions, are examined 189 # independently. 190 # 191 # title: "User account presence" 192 # description: "Determines whether the request has a user account" 193 # expression: "size(request.user) > 0" 194 "description": "A String", # An optional description of the expression. This is a longer text which 195 # describes the expression, e.g. when hovered over it in a UI. 196 "expression": "A String", # Textual representation of an expression in 197 # Common Expression Language syntax. 198 # 199 # The application context of the containing message determines which 200 # well-known feature set of CEL is supported. 201 "location": "A String", # An optional string indicating the location of the expression for error 202 # reporting, e.g. a file name and a position in the file. 203 "title": "A String", # An optional title for the expression, i.e. a short string describing 204 # its purpose. This can be used e.g. in UIs which allow to enter the 205 # expression. 206 }, 207 }, 208 ], 209 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 210 # prevent simultaneous updates of a policy from overwriting each other. 211 # It is strongly suggested that systems make use of the `etag` in the 212 # read-modify-write cycle to perform policy updates in order to avoid race 213 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 214 # systems are expected to put that etag in the request to `setIamPolicy` to 215 # ensure that their change will be applied to the same version of the policy. 216 # 217 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 218 # policy is overwritten blindly. 219 "version": 42, # Deprecated. 220 }</pre> 221</div> 222 223<div class="method"> 224 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 225 <pre>Sets the access control policy for an Identity-Aware Proxy protected 226resource. Replaces any existing policy. 227More information about managing access via IAP can be found at: 228https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api 229 230Args: 231 resource: string, REQUIRED: The resource for which the policy is being specified. 232See the operation documentation for the appropriate value for this field. (required) 233 body: object, The request body. (required) 234 The object takes the form of: 235 236{ # Request message for `SetIamPolicy` method. 237 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 238 # the policy is limited to a few 10s of KB. An empty policy is a 239 # valid policy but certain Cloud Platform services (such as Projects) 240 # might reject them. 241 # specify access control policies for Cloud Platform resources. 242 # 243 # 244 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 245 # `members` to a `role`, where the members can be user accounts, Google groups, 246 # Google domains, and service accounts. A `role` is a named list of permissions 247 # defined by IAM. 248 # 249 # **JSON Example** 250 # 251 # { 252 # "bindings": [ 253 # { 254 # "role": "roles/owner", 255 # "members": [ 256 # "user:mike@example.com", 257 # "group:admins@example.com", 258 # "domain:google.com", 259 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 260 # ] 261 # }, 262 # { 263 # "role": "roles/viewer", 264 # "members": ["user:sean@example.com"] 265 # } 266 # ] 267 # } 268 # 269 # **YAML Example** 270 # 271 # bindings: 272 # - members: 273 # - user:mike@example.com 274 # - group:admins@example.com 275 # - domain:google.com 276 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 277 # role: roles/owner 278 # - members: 279 # - user:sean@example.com 280 # role: roles/viewer 281 # 282 # 283 # For a description of IAM and its features, see the 284 # [IAM developer's guide](https://cloud.google.com/iam/docs). 285 "bindings": [ # Associates a list of `members` to a `role`. 286 # `bindings` with no members will result in an error. 287 { # Associates `members` with a `role`. 288 "role": "A String", # Role that is assigned to `members`. 289 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 290 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 291 # `members` can have the following values: 292 # 293 # * `allUsers`: A special identifier that represents anyone who is 294 # on the internet; with or without a Google account. 295 # 296 # * `allAuthenticatedUsers`: A special identifier that represents anyone 297 # who is authenticated with a Google account or a service account. 298 # 299 # * `user:{emailid}`: An email address that represents a specific Google 300 # account. For example, `alice@gmail.com` . 301 # 302 # 303 # * `serviceAccount:{emailid}`: An email address that represents a service 304 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 305 # 306 # * `group:{emailid}`: An email address that represents a Google group. 307 # For example, `admins@example.com`. 308 # 309 # 310 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 311 # users of that domain. For example, `google.com` or `example.com`. 312 # 313 "A String", 314 ], 315 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 316 # NOTE: An unsatisfied condition will not allow user access via current 317 # binding. Different bindings, including their conditions, are examined 318 # independently. 319 # 320 # title: "User account presence" 321 # description: "Determines whether the request has a user account" 322 # expression: "size(request.user) > 0" 323 "description": "A String", # An optional description of the expression. This is a longer text which 324 # describes the expression, e.g. when hovered over it in a UI. 325 "expression": "A String", # Textual representation of an expression in 326 # Common Expression Language syntax. 327 # 328 # The application context of the containing message determines which 329 # well-known feature set of CEL is supported. 330 "location": "A String", # An optional string indicating the location of the expression for error 331 # reporting, e.g. a file name and a position in the file. 332 "title": "A String", # An optional title for the expression, i.e. a short string describing 333 # its purpose. This can be used e.g. in UIs which allow to enter the 334 # expression. 335 }, 336 }, 337 ], 338 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 339 # prevent simultaneous updates of a policy from overwriting each other. 340 # It is strongly suggested that systems make use of the `etag` in the 341 # read-modify-write cycle to perform policy updates in order to avoid race 342 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 343 # systems are expected to put that etag in the request to `setIamPolicy` to 344 # ensure that their change will be applied to the same version of the policy. 345 # 346 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 347 # policy is overwritten blindly. 348 "version": 42, # Deprecated. 349 }, 350 } 351 352 x__xgafv: string, V1 error format. 353 Allowed values 354 1 - v1 error format 355 2 - v2 error format 356 357Returns: 358 An object of the form: 359 360 { # Defines an Identity and Access Management (IAM) policy. It is used to 361 # specify access control policies for Cloud Platform resources. 362 # 363 # 364 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 365 # `members` to a `role`, where the members can be user accounts, Google groups, 366 # Google domains, and service accounts. A `role` is a named list of permissions 367 # defined by IAM. 368 # 369 # **JSON Example** 370 # 371 # { 372 # "bindings": [ 373 # { 374 # "role": "roles/owner", 375 # "members": [ 376 # "user:mike@example.com", 377 # "group:admins@example.com", 378 # "domain:google.com", 379 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 380 # ] 381 # }, 382 # { 383 # "role": "roles/viewer", 384 # "members": ["user:sean@example.com"] 385 # } 386 # ] 387 # } 388 # 389 # **YAML Example** 390 # 391 # bindings: 392 # - members: 393 # - user:mike@example.com 394 # - group:admins@example.com 395 # - domain:google.com 396 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 397 # role: roles/owner 398 # - members: 399 # - user:sean@example.com 400 # role: roles/viewer 401 # 402 # 403 # For a description of IAM and its features, see the 404 # [IAM developer's guide](https://cloud.google.com/iam/docs). 405 "bindings": [ # Associates a list of `members` to a `role`. 406 # `bindings` with no members will result in an error. 407 { # Associates `members` with a `role`. 408 "role": "A String", # Role that is assigned to `members`. 409 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 410 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 411 # `members` can have the following values: 412 # 413 # * `allUsers`: A special identifier that represents anyone who is 414 # on the internet; with or without a Google account. 415 # 416 # * `allAuthenticatedUsers`: A special identifier that represents anyone 417 # who is authenticated with a Google account or a service account. 418 # 419 # * `user:{emailid}`: An email address that represents a specific Google 420 # account. For example, `alice@gmail.com` . 421 # 422 # 423 # * `serviceAccount:{emailid}`: An email address that represents a service 424 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 425 # 426 # * `group:{emailid}`: An email address that represents a Google group. 427 # For example, `admins@example.com`. 428 # 429 # 430 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 431 # users of that domain. For example, `google.com` or `example.com`. 432 # 433 "A String", 434 ], 435 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 436 # NOTE: An unsatisfied condition will not allow user access via current 437 # binding. Different bindings, including their conditions, are examined 438 # independently. 439 # 440 # title: "User account presence" 441 # description: "Determines whether the request has a user account" 442 # expression: "size(request.user) > 0" 443 "description": "A String", # An optional description of the expression. This is a longer text which 444 # describes the expression, e.g. when hovered over it in a UI. 445 "expression": "A String", # Textual representation of an expression in 446 # Common Expression Language syntax. 447 # 448 # The application context of the containing message determines which 449 # well-known feature set of CEL is supported. 450 "location": "A String", # An optional string indicating the location of the expression for error 451 # reporting, e.g. a file name and a position in the file. 452 "title": "A String", # An optional title for the expression, i.e. a short string describing 453 # its purpose. This can be used e.g. in UIs which allow to enter the 454 # expression. 455 }, 456 }, 457 ], 458 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 459 # prevent simultaneous updates of a policy from overwriting each other. 460 # It is strongly suggested that systems make use of the `etag` in the 461 # read-modify-write cycle to perform policy updates in order to avoid race 462 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 463 # systems are expected to put that etag in the request to `setIamPolicy` to 464 # ensure that their change will be applied to the same version of the policy. 465 # 466 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 467 # policy is overwritten blindly. 468 "version": 42, # Deprecated. 469 }</pre> 470</div> 471 472<div class="method"> 473 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 474 <pre>Returns permissions that a caller has on the Identity-Aware Proxy protected 475resource. If the resource does not exist or the caller does not have 476Identity-Aware Proxy permissions a [google.rpc.Code.PERMISSION_DENIED] 477will be returned. 478More information about managing access via IAP can be found at: 479https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api 480 481Args: 482 resource: string, REQUIRED: The resource for which the policy detail is being requested. 483See the operation documentation for the appropriate value for this field. (required) 484 body: object, The request body. (required) 485 The object takes the form of: 486 487{ # Request message for `TestIamPermissions` method. 488 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 489 # wildcards (such as '*' or 'storage.*') are not allowed. For more 490 # information see 491 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 492 "A String", 493 ], 494 } 495 496 x__xgafv: string, V1 error format. 497 Allowed values 498 1 - v1 error format 499 2 - v2 error format 500 501Returns: 502 An object of the form: 503 504 { # Response message for `TestIamPermissions` method. 505 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 506 # allowed. 507 "A String", 508 ], 509 }</pre> 510</div> 511 512</body></html>