1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="securitycenter_v1.html">Cloud Security Command Center API</a> . <a href="securitycenter_v1.organizations.html">organizations</a> . <a href="securitycenter_v1.organizations.sources.html">sources</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="securitycenter_v1.organizations.sources.findings.html">findings()</a></code> 79</p> 80<p class="firstline">Returns the findings Resource.</p> 81 82<p class="toc_element"> 83 <code><a href="#create">create(parent, body, x__xgafv=None)</a></code></p> 84<p class="firstline">Creates a source.</p> 85<p class="toc_element"> 86 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 87<p class="firstline">Gets a source.</p> 88<p class="toc_element"> 89 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p> 90<p class="firstline">Gets the access control policy on the specified Source.</p> 91<p class="toc_element"> 92 <code><a href="#list">list(parent, pageToken=None, x__xgafv=None, pageSize=None)</a></code></p> 93<p class="firstline">Lists all sources belonging to an organization.</p> 94<p class="toc_element"> 95 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 96<p class="firstline">Retrieves the next page of results.</p> 97<p class="toc_element"> 98 <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p> 99<p class="firstline">Updates a source.</p> 100<p class="toc_element"> 101 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 102<p class="firstline">Sets the access control policy on the specified Source.</p> 103<p class="toc_element"> 104 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 105<p class="firstline">Returns the permissions that a caller has on the specified source.</p> 106<h3>Method Details</h3> 107<div class="method"> 108 <code class="details" id="create">create(parent, body, x__xgafv=None)</code> 109 <pre>Creates a source. 110 111Args: 112 parent: string, Resource name of the new source's parent. Its format should be 113"organizations/[organization_id]". (required) 114 body: object, The request body. (required) 115 The object takes the form of: 116 117{ # Cloud Security Command Center's (Cloud SCC) finding source. A finding source 118 # is an entity or a mechanism that can produce a finding. A source is like a 119 # container of findings that come from the same scanner, logger, monitor, etc. 120 "displayName": "A String", # The source's display name. 121 # A source's display name must be unique amongst its siblings, for example, 122 # two sources with the same parent can't share the same display name. 123 # The display name must have a length between 1 and 64 characters 124 # (inclusive). 125 "name": "A String", # The relative resource name of this source. See: 126 # https://cloud.google.com/apis/design/resource_names#relative_resource_name 127 # Example: 128 # "organizations/123/sources/456" 129 "description": "A String", # The description of the source (max of 1024 characters). 130 # Example: 131 # "Cloud Security Scanner is a web security scanner for common 132 # vulnerabilities in App Engine applications. It can automatically 133 # scan and detect four common vulnerabilities, including cross-site-scripting 134 # (XSS), Flash injection, mixed content (HTTP in HTTPS), and 135 # outdated/insecure libraries." 136} 137 138 x__xgafv: string, V1 error format. 139 Allowed values 140 1 - v1 error format 141 2 - v2 error format 142 143Returns: 144 An object of the form: 145 146 { # Cloud Security Command Center's (Cloud SCC) finding source. A finding source 147 # is an entity or a mechanism that can produce a finding. A source is like a 148 # container of findings that come from the same scanner, logger, monitor, etc. 149 "displayName": "A String", # The source's display name. 150 # A source's display name must be unique amongst its siblings, for example, 151 # two sources with the same parent can't share the same display name. 152 # The display name must have a length between 1 and 64 characters 153 # (inclusive). 154 "name": "A String", # The relative resource name of this source. See: 155 # https://cloud.google.com/apis/design/resource_names#relative_resource_name 156 # Example: 157 # "organizations/123/sources/456" 158 "description": "A String", # The description of the source (max of 1024 characters). 159 # Example: 160 # "Cloud Security Scanner is a web security scanner for common 161 # vulnerabilities in App Engine applications. It can automatically 162 # scan and detect four common vulnerabilities, including cross-site-scripting 163 # (XSS), Flash injection, mixed content (HTTP in HTTPS), and 164 # outdated/insecure libraries." 165 }</pre> 166</div> 167 168<div class="method"> 169 <code class="details" id="get">get(name, x__xgafv=None)</code> 170 <pre>Gets a source. 171 172Args: 173 name: string, Relative resource name of the source. Its format is 174"organizations/[organization_id]/source/[source_id]". (required) 175 x__xgafv: string, V1 error format. 176 Allowed values 177 1 - v1 error format 178 2 - v2 error format 179 180Returns: 181 An object of the form: 182 183 { # Cloud Security Command Center's (Cloud SCC) finding source. A finding source 184 # is an entity or a mechanism that can produce a finding. A source is like a 185 # container of findings that come from the same scanner, logger, monitor, etc. 186 "displayName": "A String", # The source's display name. 187 # A source's display name must be unique amongst its siblings, for example, 188 # two sources with the same parent can't share the same display name. 189 # The display name must have a length between 1 and 64 characters 190 # (inclusive). 191 "name": "A String", # The relative resource name of this source. See: 192 # https://cloud.google.com/apis/design/resource_names#relative_resource_name 193 # Example: 194 # "organizations/123/sources/456" 195 "description": "A String", # The description of the source (max of 1024 characters). 196 # Example: 197 # "Cloud Security Scanner is a web security scanner for common 198 # vulnerabilities in App Engine applications. It can automatically 199 # scan and detect four common vulnerabilities, including cross-site-scripting 200 # (XSS), Flash injection, mixed content (HTTP in HTTPS), and 201 # outdated/insecure libraries." 202 }</pre> 203</div> 204 205<div class="method"> 206 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code> 207 <pre>Gets the access control policy on the specified Source. 208 209Args: 210 resource: string, REQUIRED: The resource for which the policy is being requested. 211See the operation documentation for the appropriate value for this field. (required) 212 body: object, The request body. 213 The object takes the form of: 214 215{ # Request message for `GetIamPolicy` method. 216 } 217 218 x__xgafv: string, V1 error format. 219 Allowed values 220 1 - v1 error format 221 2 - v2 error format 222 223Returns: 224 An object of the form: 225 226 { # Defines an Identity and Access Management (IAM) policy. It is used to 227 # specify access control policies for Cloud Platform resources. 228 # 229 # 230 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 231 # `members` to a `role`, where the members can be user accounts, Google groups, 232 # Google domains, and service accounts. A `role` is a named list of permissions 233 # defined by IAM. 234 # 235 # **JSON Example** 236 # 237 # { 238 # "bindings": [ 239 # { 240 # "role": "roles/owner", 241 # "members": [ 242 # "user:mike@example.com", 243 # "group:admins@example.com", 244 # "domain:google.com", 245 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 246 # ] 247 # }, 248 # { 249 # "role": "roles/viewer", 250 # "members": ["user:sean@example.com"] 251 # } 252 # ] 253 # } 254 # 255 # **YAML Example** 256 # 257 # bindings: 258 # - members: 259 # - user:mike@example.com 260 # - group:admins@example.com 261 # - domain:google.com 262 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 263 # role: roles/owner 264 # - members: 265 # - user:sean@example.com 266 # role: roles/viewer 267 # 268 # 269 # For a description of IAM and its features, see the 270 # [IAM developer's guide](https://cloud.google.com/iam/docs). 271 "bindings": [ # Associates a list of `members` to a `role`. 272 # `bindings` with no members will result in an error. 273 { # Associates `members` with a `role`. 274 "role": "A String", # Role that is assigned to `members`. 275 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 276 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 277 # NOTE: An unsatisfied condition will not allow user access via current 278 # binding. Different bindings, including their conditions, are examined 279 # independently. 280 # 281 # title: "User account presence" 282 # description: "Determines whether the request has a user account" 283 # expression: "size(request.user) > 0" 284 "description": "A String", # An optional description of the expression. This is a longer text which 285 # describes the expression, e.g. when hovered over it in a UI. 286 "expression": "A String", # Textual representation of an expression in 287 # Common Expression Language syntax. 288 # 289 # The application context of the containing message determines which 290 # well-known feature set of CEL is supported. 291 "location": "A String", # An optional string indicating the location of the expression for error 292 # reporting, e.g. a file name and a position in the file. 293 "title": "A String", # An optional title for the expression, i.e. a short string describing 294 # its purpose. This can be used e.g. in UIs which allow to enter the 295 # expression. 296 }, 297 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 298 # `members` can have the following values: 299 # 300 # * `allUsers`: A special identifier that represents anyone who is 301 # on the internet; with or without a Google account. 302 # 303 # * `allAuthenticatedUsers`: A special identifier that represents anyone 304 # who is authenticated with a Google account or a service account. 305 # 306 # * `user:{emailid}`: An email address that represents a specific Google 307 # account. For example, `alice@gmail.com` . 308 # 309 # 310 # * `serviceAccount:{emailid}`: An email address that represents a service 311 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 312 # 313 # * `group:{emailid}`: An email address that represents a Google group. 314 # For example, `admins@example.com`. 315 # 316 # 317 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 318 # users of that domain. For example, `google.com` or `example.com`. 319 # 320 "A String", 321 ], 322 }, 323 ], 324 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 325 { # Specifies the audit configuration for a service. 326 # The configuration determines which permission types are logged, and what 327 # identities, if any, are exempted from logging. 328 # An AuditConfig must have one or more AuditLogConfigs. 329 # 330 # If there are AuditConfigs for both `allServices` and a specific service, 331 # the union of the two AuditConfigs is used for that service: the log_types 332 # specified in each AuditConfig are enabled, and the exempted_members in each 333 # AuditLogConfig are exempted. 334 # 335 # Example Policy with multiple AuditConfigs: 336 # 337 # { 338 # "audit_configs": [ 339 # { 340 # "service": "allServices" 341 # "audit_log_configs": [ 342 # { 343 # "log_type": "DATA_READ", 344 # "exempted_members": [ 345 # "user:foo@gmail.com" 346 # ] 347 # }, 348 # { 349 # "log_type": "DATA_WRITE", 350 # }, 351 # { 352 # "log_type": "ADMIN_READ", 353 # } 354 # ] 355 # }, 356 # { 357 # "service": "fooservice.googleapis.com" 358 # "audit_log_configs": [ 359 # { 360 # "log_type": "DATA_READ", 361 # }, 362 # { 363 # "log_type": "DATA_WRITE", 364 # "exempted_members": [ 365 # "user:bar@gmail.com" 366 # ] 367 # } 368 # ] 369 # } 370 # ] 371 # } 372 # 373 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 374 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 375 # bar@gmail.com from DATA_WRITE logging. 376 "auditLogConfigs": [ # The configuration for logging of each type of permission. 377 { # Provides the configuration for logging a type of permissions. 378 # Example: 379 # 380 # { 381 # "audit_log_configs": [ 382 # { 383 # "log_type": "DATA_READ", 384 # "exempted_members": [ 385 # "user:foo@gmail.com" 386 # ] 387 # }, 388 # { 389 # "log_type": "DATA_WRITE", 390 # } 391 # ] 392 # } 393 # 394 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 395 # foo@gmail.com from DATA_READ logging. 396 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 397 # permission. 398 # Follows the same format of Binding.members. 399 "A String", 400 ], 401 "logType": "A String", # The log type that this config enables. 402 }, 403 ], 404 "service": "A String", # Specifies a service that will be enabled for audit logging. 405 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 406 # `allServices` is a special value that covers all services. 407 }, 408 ], 409 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 410 # prevent simultaneous updates of a policy from overwriting each other. 411 # It is strongly suggested that systems make use of the `etag` in the 412 # read-modify-write cycle to perform policy updates in order to avoid race 413 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 414 # systems are expected to put that etag in the request to `setIamPolicy` to 415 # ensure that their change will be applied to the same version of the policy. 416 # 417 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 418 # policy is overwritten blindly. 419 "version": 42, # Deprecated. 420 }</pre> 421</div> 422 423<div class="method"> 424 <code class="details" id="list">list(parent, pageToken=None, x__xgafv=None, pageSize=None)</code> 425 <pre>Lists all sources belonging to an organization. 426 427Args: 428 parent: string, Resource name of the parent of sources to list. Its format should be 429"organizations/[organization_id]". (required) 430 pageToken: string, The value returned by the last `ListSourcesResponse`; indicates 431that this is a continuation of a prior `ListSources` call, and 432that the system should return the next page of data. 433 x__xgafv: string, V1 error format. 434 Allowed values 435 1 - v1 error format 436 2 - v2 error format 437 pageSize: integer, The maximum number of results to return in a single response. Default is 43810, minimum is 1, maximum is 1000. 439 440Returns: 441 An object of the form: 442 443 { # Response message for listing sources. 444 "nextPageToken": "A String", # Token to retrieve the next page of results, or empty if there are no more 445 # results. 446 "sources": [ # Sources belonging to the requested parent. 447 { # Cloud Security Command Center's (Cloud SCC) finding source. A finding source 448 # is an entity or a mechanism that can produce a finding. A source is like a 449 # container of findings that come from the same scanner, logger, monitor, etc. 450 "displayName": "A String", # The source's display name. 451 # A source's display name must be unique amongst its siblings, for example, 452 # two sources with the same parent can't share the same display name. 453 # The display name must have a length between 1 and 64 characters 454 # (inclusive). 455 "name": "A String", # The relative resource name of this source. See: 456 # https://cloud.google.com/apis/design/resource_names#relative_resource_name 457 # Example: 458 # "organizations/123/sources/456" 459 "description": "A String", # The description of the source (max of 1024 characters). 460 # Example: 461 # "Cloud Security Scanner is a web security scanner for common 462 # vulnerabilities in App Engine applications. It can automatically 463 # scan and detect four common vulnerabilities, including cross-site-scripting 464 # (XSS), Flash injection, mixed content (HTTP in HTTPS), and 465 # outdated/insecure libraries." 466 }, 467 ], 468 }</pre> 469</div> 470 471<div class="method"> 472 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 473 <pre>Retrieves the next page of results. 474 475Args: 476 previous_request: The request for the previous page. (required) 477 previous_response: The response from the request for the previous page. (required) 478 479Returns: 480 A request object that you can call 'execute()' on to request the next 481 page. Returns None if there are no more items in the collection. 482 </pre> 483</div> 484 485<div class="method"> 486 <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code> 487 <pre>Updates a source. 488 489Args: 490 name: string, The relative resource name of this source. See: 491https://cloud.google.com/apis/design/resource_names#relative_resource_name 492Example: 493"organizations/123/sources/456" (required) 494 body: object, The request body. (required) 495 The object takes the form of: 496 497{ # Cloud Security Command Center's (Cloud SCC) finding source. A finding source 498 # is an entity or a mechanism that can produce a finding. A source is like a 499 # container of findings that come from the same scanner, logger, monitor, etc. 500 "displayName": "A String", # The source's display name. 501 # A source's display name must be unique amongst its siblings, for example, 502 # two sources with the same parent can't share the same display name. 503 # The display name must have a length between 1 and 64 characters 504 # (inclusive). 505 "name": "A String", # The relative resource name of this source. See: 506 # https://cloud.google.com/apis/design/resource_names#relative_resource_name 507 # Example: 508 # "organizations/123/sources/456" 509 "description": "A String", # The description of the source (max of 1024 characters). 510 # Example: 511 # "Cloud Security Scanner is a web security scanner for common 512 # vulnerabilities in App Engine applications. It can automatically 513 # scan and detect four common vulnerabilities, including cross-site-scripting 514 # (XSS), Flash injection, mixed content (HTTP in HTTPS), and 515 # outdated/insecure libraries." 516} 517 518 updateMask: string, The FieldMask to use when updating the source resource. 519 520If empty all mutable fields will be updated. 521 x__xgafv: string, V1 error format. 522 Allowed values 523 1 - v1 error format 524 2 - v2 error format 525 526Returns: 527 An object of the form: 528 529 { # Cloud Security Command Center's (Cloud SCC) finding source. A finding source 530 # is an entity or a mechanism that can produce a finding. A source is like a 531 # container of findings that come from the same scanner, logger, monitor, etc. 532 "displayName": "A String", # The source's display name. 533 # A source's display name must be unique amongst its siblings, for example, 534 # two sources with the same parent can't share the same display name. 535 # The display name must have a length between 1 and 64 characters 536 # (inclusive). 537 "name": "A String", # The relative resource name of this source. See: 538 # https://cloud.google.com/apis/design/resource_names#relative_resource_name 539 # Example: 540 # "organizations/123/sources/456" 541 "description": "A String", # The description of the source (max of 1024 characters). 542 # Example: 543 # "Cloud Security Scanner is a web security scanner for common 544 # vulnerabilities in App Engine applications. It can automatically 545 # scan and detect four common vulnerabilities, including cross-site-scripting 546 # (XSS), Flash injection, mixed content (HTTP in HTTPS), and 547 # outdated/insecure libraries." 548 }</pre> 549</div> 550 551<div class="method"> 552 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 553 <pre>Sets the access control policy on the specified Source. 554 555Args: 556 resource: string, REQUIRED: The resource for which the policy is being specified. 557See the operation documentation for the appropriate value for this field. (required) 558 body: object, The request body. (required) 559 The object takes the form of: 560 561{ # Request message for `SetIamPolicy` method. 562 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 563 # the policy is limited to a few 10s of KB. An empty policy is a 564 # valid policy but certain Cloud Platform services (such as Projects) 565 # might reject them. 566 # specify access control policies for Cloud Platform resources. 567 # 568 # 569 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 570 # `members` to a `role`, where the members can be user accounts, Google groups, 571 # Google domains, and service accounts. A `role` is a named list of permissions 572 # defined by IAM. 573 # 574 # **JSON Example** 575 # 576 # { 577 # "bindings": [ 578 # { 579 # "role": "roles/owner", 580 # "members": [ 581 # "user:mike@example.com", 582 # "group:admins@example.com", 583 # "domain:google.com", 584 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 585 # ] 586 # }, 587 # { 588 # "role": "roles/viewer", 589 # "members": ["user:sean@example.com"] 590 # } 591 # ] 592 # } 593 # 594 # **YAML Example** 595 # 596 # bindings: 597 # - members: 598 # - user:mike@example.com 599 # - group:admins@example.com 600 # - domain:google.com 601 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 602 # role: roles/owner 603 # - members: 604 # - user:sean@example.com 605 # role: roles/viewer 606 # 607 # 608 # For a description of IAM and its features, see the 609 # [IAM developer's guide](https://cloud.google.com/iam/docs). 610 "bindings": [ # Associates a list of `members` to a `role`. 611 # `bindings` with no members will result in an error. 612 { # Associates `members` with a `role`. 613 "role": "A String", # Role that is assigned to `members`. 614 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 615 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 616 # NOTE: An unsatisfied condition will not allow user access via current 617 # binding. Different bindings, including their conditions, are examined 618 # independently. 619 # 620 # title: "User account presence" 621 # description: "Determines whether the request has a user account" 622 # expression: "size(request.user) > 0" 623 "description": "A String", # An optional description of the expression. This is a longer text which 624 # describes the expression, e.g. when hovered over it in a UI. 625 "expression": "A String", # Textual representation of an expression in 626 # Common Expression Language syntax. 627 # 628 # The application context of the containing message determines which 629 # well-known feature set of CEL is supported. 630 "location": "A String", # An optional string indicating the location of the expression for error 631 # reporting, e.g. a file name and a position in the file. 632 "title": "A String", # An optional title for the expression, i.e. a short string describing 633 # its purpose. This can be used e.g. in UIs which allow to enter the 634 # expression. 635 }, 636 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 637 # `members` can have the following values: 638 # 639 # * `allUsers`: A special identifier that represents anyone who is 640 # on the internet; with or without a Google account. 641 # 642 # * `allAuthenticatedUsers`: A special identifier that represents anyone 643 # who is authenticated with a Google account or a service account. 644 # 645 # * `user:{emailid}`: An email address that represents a specific Google 646 # account. For example, `alice@gmail.com` . 647 # 648 # 649 # * `serviceAccount:{emailid}`: An email address that represents a service 650 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 651 # 652 # * `group:{emailid}`: An email address that represents a Google group. 653 # For example, `admins@example.com`. 654 # 655 # 656 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 657 # users of that domain. For example, `google.com` or `example.com`. 658 # 659 "A String", 660 ], 661 }, 662 ], 663 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 664 { # Specifies the audit configuration for a service. 665 # The configuration determines which permission types are logged, and what 666 # identities, if any, are exempted from logging. 667 # An AuditConfig must have one or more AuditLogConfigs. 668 # 669 # If there are AuditConfigs for both `allServices` and a specific service, 670 # the union of the two AuditConfigs is used for that service: the log_types 671 # specified in each AuditConfig are enabled, and the exempted_members in each 672 # AuditLogConfig are exempted. 673 # 674 # Example Policy with multiple AuditConfigs: 675 # 676 # { 677 # "audit_configs": [ 678 # { 679 # "service": "allServices" 680 # "audit_log_configs": [ 681 # { 682 # "log_type": "DATA_READ", 683 # "exempted_members": [ 684 # "user:foo@gmail.com" 685 # ] 686 # }, 687 # { 688 # "log_type": "DATA_WRITE", 689 # }, 690 # { 691 # "log_type": "ADMIN_READ", 692 # } 693 # ] 694 # }, 695 # { 696 # "service": "fooservice.googleapis.com" 697 # "audit_log_configs": [ 698 # { 699 # "log_type": "DATA_READ", 700 # }, 701 # { 702 # "log_type": "DATA_WRITE", 703 # "exempted_members": [ 704 # "user:bar@gmail.com" 705 # ] 706 # } 707 # ] 708 # } 709 # ] 710 # } 711 # 712 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 713 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 714 # bar@gmail.com from DATA_WRITE logging. 715 "auditLogConfigs": [ # The configuration for logging of each type of permission. 716 { # Provides the configuration for logging a type of permissions. 717 # Example: 718 # 719 # { 720 # "audit_log_configs": [ 721 # { 722 # "log_type": "DATA_READ", 723 # "exempted_members": [ 724 # "user:foo@gmail.com" 725 # ] 726 # }, 727 # { 728 # "log_type": "DATA_WRITE", 729 # } 730 # ] 731 # } 732 # 733 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 734 # foo@gmail.com from DATA_READ logging. 735 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 736 # permission. 737 # Follows the same format of Binding.members. 738 "A String", 739 ], 740 "logType": "A String", # The log type that this config enables. 741 }, 742 ], 743 "service": "A String", # Specifies a service that will be enabled for audit logging. 744 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 745 # `allServices` is a special value that covers all services. 746 }, 747 ], 748 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 749 # prevent simultaneous updates of a policy from overwriting each other. 750 # It is strongly suggested that systems make use of the `etag` in the 751 # read-modify-write cycle to perform policy updates in order to avoid race 752 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 753 # systems are expected to put that etag in the request to `setIamPolicy` to 754 # ensure that their change will be applied to the same version of the policy. 755 # 756 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 757 # policy is overwritten blindly. 758 "version": 42, # Deprecated. 759 }, 760 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 761 # the fields in the mask will be modified. If no mask is provided, the 762 # following default mask is used: 763 # paths: "bindings, etag" 764 # This field is only used by Cloud IAM. 765 } 766 767 x__xgafv: string, V1 error format. 768 Allowed values 769 1 - v1 error format 770 2 - v2 error format 771 772Returns: 773 An object of the form: 774 775 { # Defines an Identity and Access Management (IAM) policy. It is used to 776 # specify access control policies for Cloud Platform resources. 777 # 778 # 779 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 780 # `members` to a `role`, where the members can be user accounts, Google groups, 781 # Google domains, and service accounts. A `role` is a named list of permissions 782 # defined by IAM. 783 # 784 # **JSON Example** 785 # 786 # { 787 # "bindings": [ 788 # { 789 # "role": "roles/owner", 790 # "members": [ 791 # "user:mike@example.com", 792 # "group:admins@example.com", 793 # "domain:google.com", 794 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 795 # ] 796 # }, 797 # { 798 # "role": "roles/viewer", 799 # "members": ["user:sean@example.com"] 800 # } 801 # ] 802 # } 803 # 804 # **YAML Example** 805 # 806 # bindings: 807 # - members: 808 # - user:mike@example.com 809 # - group:admins@example.com 810 # - domain:google.com 811 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 812 # role: roles/owner 813 # - members: 814 # - user:sean@example.com 815 # role: roles/viewer 816 # 817 # 818 # For a description of IAM and its features, see the 819 # [IAM developer's guide](https://cloud.google.com/iam/docs). 820 "bindings": [ # Associates a list of `members` to a `role`. 821 # `bindings` with no members will result in an error. 822 { # Associates `members` with a `role`. 823 "role": "A String", # Role that is assigned to `members`. 824 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 825 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 826 # NOTE: An unsatisfied condition will not allow user access via current 827 # binding. Different bindings, including their conditions, are examined 828 # independently. 829 # 830 # title: "User account presence" 831 # description: "Determines whether the request has a user account" 832 # expression: "size(request.user) > 0" 833 "description": "A String", # An optional description of the expression. This is a longer text which 834 # describes the expression, e.g. when hovered over it in a UI. 835 "expression": "A String", # Textual representation of an expression in 836 # Common Expression Language syntax. 837 # 838 # The application context of the containing message determines which 839 # well-known feature set of CEL is supported. 840 "location": "A String", # An optional string indicating the location of the expression for error 841 # reporting, e.g. a file name and a position in the file. 842 "title": "A String", # An optional title for the expression, i.e. a short string describing 843 # its purpose. This can be used e.g. in UIs which allow to enter the 844 # expression. 845 }, 846 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 847 # `members` can have the following values: 848 # 849 # * `allUsers`: A special identifier that represents anyone who is 850 # on the internet; with or without a Google account. 851 # 852 # * `allAuthenticatedUsers`: A special identifier that represents anyone 853 # who is authenticated with a Google account or a service account. 854 # 855 # * `user:{emailid}`: An email address that represents a specific Google 856 # account. For example, `alice@gmail.com` . 857 # 858 # 859 # * `serviceAccount:{emailid}`: An email address that represents a service 860 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 861 # 862 # * `group:{emailid}`: An email address that represents a Google group. 863 # For example, `admins@example.com`. 864 # 865 # 866 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 867 # users of that domain. For example, `google.com` or `example.com`. 868 # 869 "A String", 870 ], 871 }, 872 ], 873 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 874 { # Specifies the audit configuration for a service. 875 # The configuration determines which permission types are logged, and what 876 # identities, if any, are exempted from logging. 877 # An AuditConfig must have one or more AuditLogConfigs. 878 # 879 # If there are AuditConfigs for both `allServices` and a specific service, 880 # the union of the two AuditConfigs is used for that service: the log_types 881 # specified in each AuditConfig are enabled, and the exempted_members in each 882 # AuditLogConfig are exempted. 883 # 884 # Example Policy with multiple AuditConfigs: 885 # 886 # { 887 # "audit_configs": [ 888 # { 889 # "service": "allServices" 890 # "audit_log_configs": [ 891 # { 892 # "log_type": "DATA_READ", 893 # "exempted_members": [ 894 # "user:foo@gmail.com" 895 # ] 896 # }, 897 # { 898 # "log_type": "DATA_WRITE", 899 # }, 900 # { 901 # "log_type": "ADMIN_READ", 902 # } 903 # ] 904 # }, 905 # { 906 # "service": "fooservice.googleapis.com" 907 # "audit_log_configs": [ 908 # { 909 # "log_type": "DATA_READ", 910 # }, 911 # { 912 # "log_type": "DATA_WRITE", 913 # "exempted_members": [ 914 # "user:bar@gmail.com" 915 # ] 916 # } 917 # ] 918 # } 919 # ] 920 # } 921 # 922 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 923 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 924 # bar@gmail.com from DATA_WRITE logging. 925 "auditLogConfigs": [ # The configuration for logging of each type of permission. 926 { # Provides the configuration for logging a type of permissions. 927 # Example: 928 # 929 # { 930 # "audit_log_configs": [ 931 # { 932 # "log_type": "DATA_READ", 933 # "exempted_members": [ 934 # "user:foo@gmail.com" 935 # ] 936 # }, 937 # { 938 # "log_type": "DATA_WRITE", 939 # } 940 # ] 941 # } 942 # 943 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 944 # foo@gmail.com from DATA_READ logging. 945 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 946 # permission. 947 # Follows the same format of Binding.members. 948 "A String", 949 ], 950 "logType": "A String", # The log type that this config enables. 951 }, 952 ], 953 "service": "A String", # Specifies a service that will be enabled for audit logging. 954 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 955 # `allServices` is a special value that covers all services. 956 }, 957 ], 958 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 959 # prevent simultaneous updates of a policy from overwriting each other. 960 # It is strongly suggested that systems make use of the `etag` in the 961 # read-modify-write cycle to perform policy updates in order to avoid race 962 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 963 # systems are expected to put that etag in the request to `setIamPolicy` to 964 # ensure that their change will be applied to the same version of the policy. 965 # 966 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 967 # policy is overwritten blindly. 968 "version": 42, # Deprecated. 969 }</pre> 970</div> 971 972<div class="method"> 973 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 974 <pre>Returns the permissions that a caller has on the specified source. 975 976Args: 977 resource: string, REQUIRED: The resource for which the policy detail is being requested. 978See the operation documentation for the appropriate value for this field. (required) 979 body: object, The request body. (required) 980 The object takes the form of: 981 982{ # Request message for `TestIamPermissions` method. 983 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 984 # wildcards (such as '*' or 'storage.*') are not allowed. For more 985 # information see 986 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 987 "A String", 988 ], 989 } 990 991 x__xgafv: string, V1 error format. 992 Allowed values 993 1 - v1 error format 994 2 - v2 error format 995 996Returns: 997 An object of the form: 998 999 { # Response message for `TestIamPermissions` method. 1000 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 1001 # allowed. 1002 "A String", 1003 ], 1004 }</pre> 1005</div> 1006 1007</body></html>