1 <html><body> 2 <style> 3 4 body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13 } 14 15 body { 16 font-size: 13px; 17 padding: 1em; 18 } 19 20 h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23 } 24 25 h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28 } 29 30 h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34 } 35 36 pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39 } 40 41 pre { 42 margin-top: 0.5em; 43 } 44 45 h1, h2, h3, p { 46 font-family: Arial, sans serif; 47 } 48 49 h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51 } 52 53 .toc_element { 54 margin-top: 0.5em; 55 } 56 57 .firstline { 58 margin-left: 2 em; 59 } 60 61 .method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66 } 67 68 .details { 69 font-weight: bold; 70 font-size: 14px; 71 } 72 73 </style> 74 75 <h1><a href="cloudresourcemanager_v1.html">Google Cloud Resource Manager API</a> . <a href="cloudresourcemanager_v1.projects.html">projects</a></h1> 76 <h2>Instance Methods</h2> 77 <p class="toc_element"> 78 <code><a href="#clearOrgPolicy">clearOrgPolicy(resource, body, x__xgafv=None)</a></code></p> 79 <p class="firstline">Clears a `Policy` from a resource.</p> 80 <p class="toc_element"> 81 <code><a href="#create">create(body, x__xgafv=None)</a></code></p> 82 <p class="firstline">Request that a new Project be created. The result is an Operation which</p> 83 <p class="toc_element"> 84 <code><a href="#delete">delete(projectId, x__xgafv=None)</a></code></p> 85 <p class="firstline">Marks the Project identified by the specified</p> 86 <p class="toc_element"> 87 <code><a href="#get">get(projectId, x__xgafv=None)</a></code></p> 88 <p class="firstline">Retrieves the Project identified by the specified</p> 89 <p class="toc_element"> 90 <code><a href="#getAncestry">getAncestry(projectId, body, x__xgafv=None)</a></code></p> 91 <p class="firstline">Gets a list of ancestors in the resource hierarchy for the Project</p> 92 <p class="toc_element"> 93 <code><a href="#getEffectiveOrgPolicy">getEffectiveOrgPolicy(resource, body, x__xgafv=None)</a></code></p> 94 <p class="firstline">Gets the effective `Policy` on a resource. This is the result of merging</p> 95 <p class="toc_element"> 96 <code><a href="#getIamPolicy">getIamPolicy(resource, body, x__xgafv=None)</a></code></p> 97 <p class="firstline">Returns the IAM access control policy for the specified Project.</p> 98 <p class="toc_element"> 99 <code><a href="#getOrgPolicy">getOrgPolicy(resource, body, x__xgafv=None)</a></code></p> 100 <p class="firstline">Gets a `Policy` on a resource.</p> 101 <p class="toc_element"> 102 <code><a href="#list">list(pageSize=None, filter=None, pageToken=None, x__xgafv=None)</a></code></p> 103 <p class="firstline">Lists Projects that are visible to the user and satisfy the</p> 104 <p class="toc_element"> 105 <code><a href="#listAvailableOrgPolicyConstraints">listAvailableOrgPolicyConstraints(resource, body, x__xgafv=None)</a></code></p> 106 <p class="firstline">Lists `Constraints` that could be applied on the specified resource.</p> 107 <p class="toc_element"> 108 <code><a href="#listAvailableOrgPolicyConstraints_next">listAvailableOrgPolicyConstraints_next(previous_request, previous_response)</a></code></p> 109 <p class="firstline">Retrieves the next page of results.</p> 110 <p class="toc_element"> 111 <code><a href="#listOrgPolicies">listOrgPolicies(resource, body, x__xgafv=None)</a></code></p> 112 <p class="firstline">Lists all the `Policies` set for a particular resource.</p> 113 <p class="toc_element"> 114 <code><a href="#listOrgPolicies_next">listOrgPolicies_next(previous_request, previous_response)</a></code></p> 115 <p class="firstline">Retrieves the next page of results.</p> 116 <p class="toc_element"> 117 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 118 <p class="firstline">Retrieves the next page of results.</p> 119 <p class="toc_element"> 120 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 121 <p class="firstline">Sets the IAM access control policy for the specified Project. Replaces</p> 122 <p class="toc_element"> 123 <code><a href="#setOrgPolicy">setOrgPolicy(resource, body, x__xgafv=None)</a></code></p> 124 <p class="firstline">Updates the specified `Policy` on the resource. Creates a new `Policy` for</p> 125 <p class="toc_element"> 126 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 127 <p class="firstline">Returns permissions that a caller has on the specified Project.</p> 128 <p class="toc_element"> 129 <code><a href="#undelete">undelete(projectId, body, x__xgafv=None)</a></code></p> 130 <p class="firstline">Restores the Project identified by the specified</p> 131 <p class="toc_element"> 132 <code><a href="#update">update(projectId, body, x__xgafv=None)</a></code></p> 133 <p class="firstline">Updates the attributes of the Project identified by the specified</p> 134 <h3>Method Details</h3> 135 <div class="method"> 136 <code class="details" id="clearOrgPolicy">clearOrgPolicy(resource, body, x__xgafv=None)</code> 137 <pre>Clears a `Policy` from a resource. 138 139 Args: 140 resource: string, Name of the resource for the `Policy` to clear. (required) 141 body: object, The request body. (required) 142 The object takes the form of: 143 144 { # The request sent to the ClearOrgPolicy method. 145 "etag": "A String", # The current version, for concurrency control. Not sending an `etag` 146 # will cause the `Policy` to be cleared blindly. 147 "constraint": "A String", # Name of the `Constraint` of the `Policy` to clear. 148 } 149 150 x__xgafv: string, V1 error format. 151 Allowed values 152 1 - v1 error format 153 2 - v2 error format 154 155 Returns: 156 An object of the form: 157 158 { # A generic empty message that you can re-use to avoid defining duplicated 159 # empty messages in your APIs. A typical example is to use it as the request 160 # or the response type of an API method. For instance: 161 # 162 # service Foo { 163 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 164 # } 165 # 166 # The JSON representation for `Empty` is empty JSON object `{}`. 167 }</pre> 168 </div> 169 170 <div class="method"> 171 <code class="details" id="create">create(body, x__xgafv=None)</code> 172 <pre>Request that a new Project be created. The result is an Operation which 173 can be used to track the creation process. It is automatically deleted 174 after a few hours, so there is no need to call DeleteOperation. 175 176 Our SLO permits Project creation to take up to 30 seconds at the 90th 177 percentile. As of 2016-08-29, we are observing 6 seconds 50th percentile 178 latency. 95th percentile latency is around 11 seconds. We recommend 179 polling at the 5th second with an exponential backoff. 180 181 Args: 182 body: object, The request body. (required) 183 The object takes the form of: 184 185 { # A Project is a high-level Google Cloud Platform entity. It is a 186 # container for ACLs, APIs, App Engine Apps, VMs, and other 187 # Google Cloud Platform resources. 188 "name": "A String", # The user-assigned display name of the Project. 189 # It must be 4 to 30 characters. 190 # Allowed characters are: lowercase and uppercase letters, numbers, 191 # hyphen, single-quote, double-quote, space, and exclamation point. 192 # 193 # Example: <code>My Project</code> 194 # Read-write. 195 "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource. 196 # 197 # The only supported parent type is "organization". Once set, the parent 198 # cannot be modified. The `parent` can be set on creation or using the 199 # `UpdateProject` method; the end user must have the 200 # `resourcemanager.projects.create` permission on the parent. 201 # 202 # Read-write. 203 # Cloud Platform is a generic term for something you (a developer) may want to 204 # interact with through one of our API's. Some examples are an App Engine app, 205 # a Compute Engine instance, a Cloud SQL database, and so on. 206 "type": "A String", # Required field representing the resource type this id is for. 207 # At present, the valid types are: "organization" 208 "id": "A String", # Required field for the type-specific id. This should correspond to the id 209 # used in the type-specific API's. 210 }, 211 "projectId": "A String", # The unique, user-assigned ID of the Project. 212 # It must be 6 to 30 lowercase letters, digits, or hyphens. 213 # It must start with a letter. 214 # Trailing hyphens are prohibited. 215 # 216 # Example: <code>tokyo-rain-123</code> 217 # Read-only after creation. 218 "labels": { # The labels associated with this Project. 219 # 220 # Label keys must be between 1 and 63 characters long and must conform 221 # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. 222 # 223 # Label values must be between 0 and 63 characters long and must conform 224 # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. 225 # 226 # No more than 256 labels can be associated with a given resource. 227 # 228 # Clients should store labels in a representation such as JSON that does not 229 # depend on specific characters being disallowed. 230 # 231 # Example: <code>"environment" : "dev"</code> 232 # Read-write. 233 "a_key": "A String", 234 }, 235 "createTime": "A String", # Creation time. 236 # 237 # Read-only. 238 "lifecycleState": "A String", # The Project lifecycle state. 239 # 240 # Read-only. 241 "projectNumber": "A String", # The number uniquely identifying the project. 242 # 243 # Example: <code>415104041262</code> 244 # Read-only. 245 } 246 247 x__xgafv: string, V1 error format. 248 Allowed values 249 1 - v1 error format 250 2 - v2 error format 251 252 Returns: 253 An object of the form: 254 255 { # This resource represents a long-running operation that is the result of a 256 # network API call. 257 "metadata": { # Service-specific metadata associated with the operation. It typically 258 # contains progress information and common metadata such as create time. 259 # Some services might not provide such metadata. Any method that returns a 260 # long-running operation should document the metadata type, if any. 261 "a_key": "", # Properties of the object. Contains field @type with type URL. 262 }, 263 "error": { # The `Status` type defines a logical error model that is suitable for different # The error result of the operation in case of failure or cancellation. 264 # programming environments, including REST APIs and RPC APIs. It is used by 265 # [gRPC](https://github.com/grpc). The error model is designed to be: 266 # 267 # - Simple to use and understand for most users 268 # - Flexible enough to meet unexpected needs 269 # 270 # # Overview 271 # 272 # The `Status` message contains three pieces of data: error code, error message, 273 # and error details. The error code should be an enum value of 274 # google.rpc.Code, but it may accept additional error codes if needed. The 275 # error message should be a developer-facing English message that helps 276 # developers *understand* and *resolve* the error. If a localized user-facing 277 # error message is needed, put the localized message in the error details or 278 # localize it in the client. The optional error details may contain arbitrary 279 # information about the error. There is a predefined set of error detail types 280 # in the package `google.rpc` that can be used for common error conditions. 281 # 282 # # Language mapping 283 # 284 # The `Status` message is the logical representation of the error model, but it 285 # is not necessarily the actual wire format. When the `Status` message is 286 # exposed in different client libraries and different wire protocols, it can be 287 # mapped differently. For example, it will likely be mapped to some exceptions 288 # in Java, but more likely mapped to some error codes in C. 289 # 290 # # Other uses 291 # 292 # The error model and the `Status` message can be used in a variety of 293 # environments, either with or without APIs, to provide a 294 # consistent developer experience across different environments. 295 # 296 # Example uses of this error model include: 297 # 298 # - Partial errors. If a service needs to return partial errors to the client, 299 # it may embed the `Status` in the normal response to indicate the partial 300 # errors. 301 # 302 # - Workflow errors. A typical workflow has multiple steps. Each step may 303 # have a `Status` message for error reporting. 304 # 305 # - Batch operations. If a client uses batch request and batch response, the 306 # `Status` message should be used directly inside batch response, one for 307 # each error sub-response. 308 # 309 # - Asynchronous operations. If an API call embeds asynchronous operation 310 # results in its response, the status of those operations should be 311 # represented directly using the `Status` message. 312 # 313 # - Logging. If some API errors are stored in logs, the message `Status` could 314 # be used directly after any stripping needed for security/privacy reasons. 315 "message": "A String", # A developer-facing error message, which should be in English. Any 316 # user-facing error message should be localized and sent in the 317 # google.rpc.Status.details field, or localized by the client. 318 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 319 "details": [ # A list of messages that carry the error details. There will be a 320 # common set of message types for APIs to use. 321 { 322 "a_key": "", # Properties of the object. Contains field @type with type URL. 323 }, 324 ], 325 }, 326 "done": True or False, # If the value is `false`, it means the operation is still in progress. 327 # If true, the operation is completed, and either `error` or `response` is 328 # available. 329 "response": { # The normal response of the operation in case of success. If the original 330 # method returns no data on success, such as `Delete`, the response is 331 # `google.protobuf.Empty`. If the original method is standard 332 # `Get`/`Create`/`Update`, the response should be the resource. For other 333 # methods, the response should have the type `XxxResponse`, where `Xxx` 334 # is the original method name. For example, if the original method name 335 # is `TakeSnapshot()`, the inferred response type is 336 # `TakeSnapshotResponse`. 337 "a_key": "", # Properties of the object. Contains field @type with type URL. 338 }, 339 "name": "A String", # The server-assigned name, which is only unique within the same service that 340 # originally returns it. If you use the default HTTP mapping, the 341 # `name` should have the format of `operations/some/unique/name`. 342 }</pre> 343 </div> 344 345 <div class="method"> 346 <code class="details" id="delete">delete(projectId, x__xgafv=None)</code> 347 <pre>Marks the Project identified by the specified 348 `project_id` (for example, `my-project-123`) for deletion. 349 This method will only affect the Project if the following criteria are met: 350 351 + The Project does not have a billing account associated with it. 352 + The Project has a lifecycle state of 353 ACTIVE. 354 355 This method changes the Project's lifecycle state from 356 ACTIVE 357 to DELETE_REQUESTED. 358 The deletion starts at an unspecified time, 359 at which point the Project is no longer accessible. 360 361 Until the deletion completes, you can check the lifecycle state 362 checked by retrieving the Project with GetProject, 363 and the Project remains visible to ListProjects. 364 However, you cannot update the project. 365 366 After the deletion completes, the Project is not retrievable by 367 the GetProject and 368 ListProjects methods. 369 370 The caller must have modify permissions for this Project. 371 372 Args: 373 projectId: string, The Project ID (for example, `foo-bar-123`). 374 375 Required. (required) 376 x__xgafv: string, V1 error format. 377 Allowed values 378 1 - v1 error format 379 2 - v2 error format 380 381 Returns: 382 An object of the form: 383 384 { # A generic empty message that you can re-use to avoid defining duplicated 385 # empty messages in your APIs. A typical example is to use it as the request 386 # or the response type of an API method. For instance: 387 # 388 # service Foo { 389 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 390 # } 391 # 392 # The JSON representation for `Empty` is empty JSON object `{}`. 393 }</pre> 394 </div> 395 396 <div class="method"> 397 <code class="details" id="get">get(projectId, x__xgafv=None)</code> 398 <pre>Retrieves the Project identified by the specified 399 `project_id` (for example, `my-project-123`). 400 401 The caller must have read permissions for this Project. 402 403 Args: 404 projectId: string, The Project ID (for example, `my-project-123`). 405 406 Required. (required) 407 x__xgafv: string, V1 error format. 408 Allowed values 409 1 - v1 error format 410 2 - v2 error format 411 412 Returns: 413 An object of the form: 414 415 { # A Project is a high-level Google Cloud Platform entity. It is a 416 # container for ACLs, APIs, App Engine Apps, VMs, and other 417 # Google Cloud Platform resources. 418 "name": "A String", # The user-assigned display name of the Project. 419 # It must be 4 to 30 characters. 420 # Allowed characters are: lowercase and uppercase letters, numbers, 421 # hyphen, single-quote, double-quote, space, and exclamation point. 422 # 423 # Example: <code>My Project</code> 424 # Read-write. 425 "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource. 426 # 427 # The only supported parent type is "organization". Once set, the parent 428 # cannot be modified. The `parent` can be set on creation or using the 429 # `UpdateProject` method; the end user must have the 430 # `resourcemanager.projects.create` permission on the parent. 431 # 432 # Read-write. 433 # Cloud Platform is a generic term for something you (a developer) may want to 434 # interact with through one of our API's. Some examples are an App Engine app, 435 # a Compute Engine instance, a Cloud SQL database, and so on. 436 "type": "A String", # Required field representing the resource type this id is for. 437 # At present, the valid types are: "organization" 438 "id": "A String", # Required field for the type-specific id. This should correspond to the id 439 # used in the type-specific API's. 440 }, 441 "projectId": "A String", # The unique, user-assigned ID of the Project. 442 # It must be 6 to 30 lowercase letters, digits, or hyphens. 443 # It must start with a letter. 444 # Trailing hyphens are prohibited. 445 # 446 # Example: <code>tokyo-rain-123</code> 447 # Read-only after creation. 448 "labels": { # The labels associated with this Project. 449 # 450 # Label keys must be between 1 and 63 characters long and must conform 451 # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. 452 # 453 # Label values must be between 0 and 63 characters long and must conform 454 # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. 455 # 456 # No more than 256 labels can be associated with a given resource. 457 # 458 # Clients should store labels in a representation such as JSON that does not 459 # depend on specific characters being disallowed. 460 # 461 # Example: <code>"environment" : "dev"</code> 462 # Read-write. 463 "a_key": "A String", 464 }, 465 "createTime": "A String", # Creation time. 466 # 467 # Read-only. 468 "lifecycleState": "A String", # The Project lifecycle state. 469 # 470 # Read-only. 471 "projectNumber": "A String", # The number uniquely identifying the project. 472 # 473 # Example: <code>415104041262</code> 474 # Read-only. 475 }</pre> 476 </div> 477 478 <div class="method"> 479 <code class="details" id="getAncestry">getAncestry(projectId, body, x__xgafv=None)</code> 480 <pre>Gets a list of ancestors in the resource hierarchy for the Project 481 identified by the specified `project_id` (for example, `my-project-123`). 482 483 The caller must have read permissions for this Project. 484 485 Args: 486 projectId: string, The Project ID (for example, `my-project-123`). 487 488 Required. (required) 489 body: object, The request body. (required) 490 The object takes the form of: 491 492 { # The request sent to the 493 # GetAncestry 494 # method. 495 } 496 497 x__xgafv: string, V1 error format. 498 Allowed values 499 1 - v1 error format 500 2 - v2 error format 501 502 Returns: 503 An object of the form: 504 505 { # Response from the GetAncestry method. 506 "ancestor": [ # Ancestors are ordered from bottom to top of the resource hierarchy. The 507 # first ancestor is the project itself, followed by the project's parent, 508 # etc. 509 { # Identifying information for a single ancestor of a project. 510 "resourceId": { # A container to reference an id for any resource type. A `resource` in Google # Resource id of the ancestor. 511 # Cloud Platform is a generic term for something you (a developer) may want to 512 # interact with through one of our API's. Some examples are an App Engine app, 513 # a Compute Engine instance, a Cloud SQL database, and so on. 514 "type": "A String", # Required field representing the resource type this id is for. 515 # At present, the valid types are: "organization" 516 "id": "A String", # Required field for the type-specific id. This should correspond to the id 517 # used in the type-specific API's. 518 }, 519 }, 520 ], 521 }</pre> 522 </div> 523 524 <div class="method"> 525 <code class="details" id="getEffectiveOrgPolicy">getEffectiveOrgPolicy(resource, body, x__xgafv=None)</code> 526 <pre>Gets the effective `Policy` on a resource. This is the result of merging 527 `Policies` in the resource hierarchy. The returned `Policy` will not have 528 an `etag`set because it is a computed `Policy` across multiple resources. 529 530 Args: 531 resource: string, The name of the resource to start computing the effective `Policy`. (required) 532 body: object, The request body. (required) 533 The object takes the form of: 534 535 { # The request sent to the GetEffectiveOrgPolicy method. 536 "constraint": "A String", # The name of the `Constraint` to compute the effective `Policy`. 537 } 538 539 x__xgafv: string, V1 error format. 540 Allowed values 541 1 - v1 error format 542 2 - v2 error format 543 544 Returns: 545 An object of the form: 546 547 { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` 548 # for configurations of Cloud Platform resources. 549 "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the 550 # server, not specified by the caller, and represents the last time a call to 551 # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will 552 # be ignored. 553 "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, 554 # `constraints/serviceuser.services`. 555 # 556 # Immutable after creation. 557 "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of 558 # `Constraint` type. 559 # `constraint_default` enforcement behavior of the specific `Constraint` at 560 # this resource. 561 # 562 # Suppose that `constraint_default` is set to `ALLOW` for the 563 # `Constraint` `constraints/serviceuser.services`. Suppose that organization 564 # foo.com sets a `Policy` at their Organization resource node that restricts 565 # the allowed service activations to deny all service activations. They 566 # could then set a `Policy` with the `policy_type` `restore_default` on 567 # several experimental projects, restoring the `constraint_default` 568 # enforcement of the `Constraint` for only those projects, allowing those 569 # projects to have all services activated. 570 }, 571 "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed. 572 # resource. 573 # 574 # A `ListPolicy` can define specific values that are allowed or denied by 575 # setting either the `allowed_values` or `denied_values` fields. It can also 576 # be used to allow or deny all values, by setting the `all_values` field. If 577 # `all_values` is `ALL_VALUES_UNSPECIFIED`, exactly one of `allowed_values` 578 # or `denied_values` must be set (attempting to set both or neither will 579 # result in a failed request). If `all_values` is set to either `ALLOW` or 580 # `DENY`, `allowed_values` and `denied_values` must be unset. 581 "allValues": "A String", # The policy all_values state. 582 "allowedValues": [ # List of values allowed at this resource. an only be set if no values are 583 # set for `denied_values` and `all_values` is set to 584 # `ALL_VALUES_UNSPECIFIED`. 585 "A String", 586 ], 587 "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. 588 # 589 # By default, a `ListPolicy` set at a resource supercedes any `Policy` set 590 # anywhere up the resource hierarchy. However, if `inherit_from_parent` is 591 # set to `true`, then the values from the effective `Policy` of the parent 592 # resource are inherited, meaning the values set in this `Policy` are 593 # added to the values inherited up the hierarchy. 594 # 595 # Setting `Policy` hierarchies that inherit both allowed values and denied 596 # values isn't recommended in most circumstances to keep the configuration 597 # simple and understandable. However, it is possible to set a `Policy` with 598 # `allowed_values` set that inherits a `Policy` with `denied_values` set. 599 # In this case, the values that are allowed must be in `allowed_values` and 600 # not present in `denied_values`. 601 # 602 # For example, suppose you have a `Constraint` 603 # `constraints/serviceuser.services`, which has a `constraint_type` of 604 # `list_constraint`, and with `constraint_default` set to `ALLOW`. 605 # Suppose that at the Organization level, a `Policy` is applied that 606 # restricts the allowed API activations to {`E1`, `E2`}. Then, if a 607 # `Policy` is applied to a project below the Organization that has 608 # `inherit_from_parent` set to `false` and field all_values set to DENY, 609 # then an attempt to activate any API will be denied. 610 # 611 # The following examples demonstrate different possible layerings: 612 # 613 # Example 1 (no inherited values): 614 # `organizations/foo` has a `Policy` with values: 615 # {allowed_values: E1 allowed_values:E2} 616 # ``projects/bar`` has `inherit_from_parent` `false` and values: 617 # {allowed_values: "E3" allowed_values: "E4"} 618 # The accepted values at `organizations/foo` are `E1`, `E2`. 619 # The accepted values at `projects/bar` are `E3`, and `E4`. 620 # 621 # Example 2 (inherited values): 622 # `organizations/foo` has a `Policy` with values: 623 # {allowed_values: E1 allowed_values:E2} 624 # `projects/bar` has a `Policy` with values: 625 # {value: E3 value: E4 inherit_from_parent: true} 626 # The accepted values at `organizations/foo` are `E1`, `E2`. 627 # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. 628 # 629 # Example 3 (inheriting both allowed and denied values): 630 # `organizations/foo` has a `Policy` with values: 631 # {allowed_values: "E1" allowed_values: "E2"} 632 # `projects/bar` has a `Policy` with: 633 # {denied_values: "E1"} 634 # The accepted values at `organizations/foo` are `E1`, `E2`. 635 # The value accepted at `projects/bar` is `E2`. 636 # 637 # Example 4 (RestoreDefault): 638 # `organizations/foo` has a `Policy` with values: 639 # {allowed_values: E1 allowed_values:E2} 640 # `projects/bar` has a `Policy` with values: 641 # {RestoreDefault: {}} 642 # The accepted values at `organizations/foo` are `E1`, `E2`. 643 # The accepted values at `projects/bar` are either all or none depending on 644 # the value of `constraint_default` (if `ALLOW`, all; if 645 # `DENY`, none). 646 # 647 # Example 5 (no policy inherits parent policy): 648 # `organizations/foo` has no `Policy` set. 649 # `projects/bar` has no `Policy` set. 650 # The accepted values at both levels are either all or none depending on 651 # the value of `constraint_default` (if `ALLOW`, all; if 652 # `DENY`, none). 653 # 654 # Example 6 (ListConstraint allowing all): 655 # `organizations/foo` has a `Policy` with values: 656 # {allowed_values: E1 allowed_values: E2} 657 # `projects/bar` has a `Policy` with: 658 # {all: ALLOW} 659 # The accepted values at `organizations/foo` are `E1`, E2`. 660 # Any value is accepted at `projects/bar`. 661 # 662 # Example 7 (ListConstraint allowing none): 663 # `organizations/foo` has a `Policy` with values: 664 # {allowed_values: E1 allowed_values: E2} 665 # `projects/bar` has a `Policy` with: 666 # {all: DENY} 667 # The accepted values at `organizations/foo` are `E1`, E2`. 668 # No value is accepted at `projects/bar`. 669 "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration 670 # that matches the value specified in this `Policy`. If `suggested_value` 671 # is not set, it will inherit the value specified higher in the hierarchy, 672 # unless `inherit_from_parent` is `false`. 673 "deniedValues": [ # List of values denied at this resource. Can only be set if no values are 674 # set for `allowed_values` and `all_values` is set to 675 # `ALL_VALUES_UNSPECIFIED`. 676 "A String", 677 ], 678 }, 679 "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not. 680 # resource. 681 "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any 682 # configuration is acceptable. 683 # 684 # Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` 685 # with `constraint_default` set to `ALLOW`. A `Policy` for that 686 # `Constraint` exhibits the following behavior: 687 # - If the `Policy` at this resource has enforced set to `false`, serial 688 # port connection attempts will be allowed. 689 # - If the `Policy` at this resource has enforced set to `true`, serial 690 # port connection attempts will be refused. 691 # - If the `Policy` at this resource is `RestoreDefault`, serial port 692 # connection attempts will be allowed. 693 # - If no `Policy` is set at this resource or anywhere higher in the 694 # resource hierarchy, serial port connection attempts will be allowed. 695 # - If no `Policy` is set at this resource, but one exists higher in the 696 # resource hierarchy, the behavior is as if the`Policy` were set at 697 # this resource. 698 # 699 # The following examples demonstrate the different possible layerings: 700 # 701 # Example 1 (nearest `Constraint` wins): 702 # `organizations/foo` has a `Policy` with: 703 # {enforced: false} 704 # `projects/bar` has no `Policy` set. 705 # The constraint at `projects/bar` and `organizations/foo` will not be 706 # enforced. 707 # 708 # Example 2 (enforcement gets replaced): 709 # `organizations/foo` has a `Policy` with: 710 # {enforced: false} 711 # `projects/bar` has a `Policy` with: 712 # {enforced: true} 713 # The constraint at `organizations/foo` is not enforced. 714 # The constraint at `projects/bar` is enforced. 715 # 716 # Example 3 (RestoreDefault): 717 # `organizations/foo` has a `Policy` with: 718 # {enforced: true} 719 # `projects/bar` has a `Policy` with: 720 # {RestoreDefault: {}} 721 # The constraint at `organizations/foo` is enforced. 722 # The constraint at `projects/bar` is not enforced, because 723 # `constraint_default` for the `Constraint` is `ALLOW`. 724 }, 725 "version": 42, # Version of the `Policy`. Default version is 0; 726 "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for 727 # concurrency control. 728 # 729 # When the `Policy` is returned from either a `GetPolicy` or a 730 # `ListOrgPolicy` request, this `etag` indicates the version of the current 731 # `Policy` to use when executing a read-modify-write loop. 732 # 733 # When the `Policy` is returned from a `GetEffectivePolicy` request, the 734 # `etag` will be unset. 735 # 736 # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value 737 # that was returned from a `GetOrgPolicy` request as part of a 738 # read-modify-write loop for concurrency control. Not setting the `etag`in a 739 # `SetOrgPolicy` request will result in an unconditional write of the 740 # `Policy`. 741 }</pre> 742 </div> 743 744 <div class="method"> 745 <code class="details" id="getIamPolicy">getIamPolicy(resource, body, x__xgafv=None)</code> 746 <pre>Returns the IAM access control policy for the specified Project. 747 Permission is denied if the policy or the resource does not exist. 748 749 Args: 750 resource: string, REQUIRED: The resource for which the policy is being requested. 751 See the operation documentation for the appropriate value for this field. (required) 752 body: object, The request body. (required) 753 The object takes the form of: 754 755 { # Request message for `GetIamPolicy` method. 756 } 757 758 x__xgafv: string, V1 error format. 759 Allowed values 760 1 - v1 error format 761 2 - v2 error format 762 763 Returns: 764 An object of the form: 765 766 { # Defines an Identity and Access Management (IAM) policy. It is used to 767 # specify access control policies for Cloud Platform resources. 768 # 769 # 770 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 771 # `members` to a `role`, where the members can be user accounts, Google groups, 772 # Google domains, and service accounts. A `role` is a named list of permissions 773 # defined by IAM. 774 # 775 # **Example** 776 # 777 # { 778 # "bindings": [ 779 # { 780 # "role": "roles/owner", 781 # "members": [ 782 # "user:mike (a] example.com", 783 # "group:admins (a] example.com", 784 # "domain:google.com", 785 # "serviceAccount:my-other-app (a] appspot.gserviceaccount.com", 786 # ] 787 # }, 788 # { 789 # "role": "roles/viewer", 790 # "members": ["user:sean (a] example.com"] 791 # } 792 # ] 793 # } 794 # 795 # For a description of IAM and its features, see the 796 # [IAM developer's guide](https://cloud.google.com/iam). 797 "bindings": [ # Associates a list of `members` to a `role`. 798 # Multiple `bindings` must not be specified for the same `role`. 799 # `bindings` with no members will result in an error. 800 { # Associates `members` with a `role`. 801 "role": "A String", # Role that is assigned to `members`. 802 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 803 # Required 804 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 805 # `members` can have the following values: 806 # 807 # * `allUsers`: A special identifier that represents anyone who is 808 # on the internet; with or without a Google account. 809 # 810 # * `allAuthenticatedUsers`: A special identifier that represents anyone 811 # who is authenticated with a Google account or a service account. 812 # 813 # * `user:{emailid}`: An email address that represents a specific Google 814 # account. For example, `alice (a] gmail.com` or `joe (a] example.com`. 815 # 816 # 817 # * `serviceAccount:{emailid}`: An email address that represents a service 818 # account. For example, `my-other-app (a] appspot.gserviceaccount.com`. 819 # 820 # * `group:{emailid}`: An email address that represents a Google group. 821 # For example, `admins (a] example.com`. 822 # 823 # 824 # * `domain:{domain}`: A Google Apps domain name that represents all the 825 # users of that domain. For example, `google.com` or `example.com`. 826 # 827 "A String", 828 ], 829 }, 830 ], 831 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 832 { # Specifies the audit configuration for a service. 833 # The configuration determines which permission types are logged, and what 834 # identities, if any, are exempted from logging. 835 # An AuditConfig must have one or more AuditLogConfigs. 836 # 837 # If there are AuditConfigs for both `allServices` and a specific service, 838 # the union of the two AuditConfigs is used for that service: the log_types 839 # specified in each AuditConfig are enabled, and the exempted_members in each 840 # AuditConfig are exempted. 841 # 842 # Example Policy with multiple AuditConfigs: 843 # 844 # { 845 # "audit_configs": [ 846 # { 847 # "service": "allServices" 848 # "audit_log_configs": [ 849 # { 850 # "log_type": "DATA_READ", 851 # "exempted_members": [ 852 # "user:foo (a] gmail.com" 853 # ] 854 # }, 855 # { 856 # "log_type": "DATA_WRITE", 857 # }, 858 # { 859 # "log_type": "ADMIN_READ", 860 # } 861 # ] 862 # }, 863 # { 864 # "service": "fooservice.googleapis.com" 865 # "audit_log_configs": [ 866 # { 867 # "log_type": "DATA_READ", 868 # }, 869 # { 870 # "log_type": "DATA_WRITE", 871 # "exempted_members": [ 872 # "user:bar (a] gmail.com" 873 # ] 874 # } 875 # ] 876 # } 877 # ] 878 # } 879 # 880 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 881 # logging. It also exempts foo (a] gmail.com from DATA_READ logging, and 882 # bar (a] gmail.com from DATA_WRITE logging. 883 "auditLogConfigs": [ # The configuration for logging of each type of permission. 884 # Next ID: 4 885 { # Provides the configuration for logging a type of permissions. 886 # Example: 887 # 888 # { 889 # "audit_log_configs": [ 890 # { 891 # "log_type": "DATA_READ", 892 # "exempted_members": [ 893 # "user:foo (a] gmail.com" 894 # ] 895 # }, 896 # { 897 # "log_type": "DATA_WRITE", 898 # } 899 # ] 900 # } 901 # 902 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 903 # foo (a] gmail.com from DATA_READ logging. 904 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 905 # permission. 906 # Follows the same format of Binding.members. 907 "A String", 908 ], 909 "logType": "A String", # The log type that this config enables. 910 }, 911 ], 912 "service": "A String", # Specifies a service that will be enabled for audit logging. 913 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 914 # `allServices` is a special value that covers all services. 915 }, 916 ], 917 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 918 # prevent simultaneous updates of a policy from overwriting each other. 919 # It is strongly suggested that systems make use of the `etag` in the 920 # read-modify-write cycle to perform policy updates in order to avoid race 921 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 922 # systems are expected to put that etag in the request to `setIamPolicy` to 923 # ensure that their change will be applied to the same version of the policy. 924 # 925 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 926 # policy is overwritten blindly. 927 "version": 42, # Version of the `Policy`. The default version is 0. 928 }</pre> 929 </div> 930 931 <div class="method"> 932 <code class="details" id="getOrgPolicy">getOrgPolicy(resource, body, x__xgafv=None)</code> 933 <pre>Gets a `Policy` on a resource. 934 935 If no `Policy` is set on the resource, a `Policy` is returned with default 936 values including `POLICY_TYPE_NOT_SET` for the `policy_type oneof`. The 937 `etag` value can be used with `SetOrgPolicy()` to create or update a 938 `Policy` during read-modify-write. 939 940 Args: 941 resource: string, Name of the resource the `Policy` is set on. (required) 942 body: object, The request body. (required) 943 The object takes the form of: 944 945 { # The request sent to the GetOrgPolicy method. 946 "constraint": "A String", # Name of the `Constraint` to get the `Policy`. 947 } 948 949 x__xgafv: string, V1 error format. 950 Allowed values 951 1 - v1 error format 952 2 - v2 error format 953 954 Returns: 955 An object of the form: 956 957 { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` 958 # for configurations of Cloud Platform resources. 959 "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the 960 # server, not specified by the caller, and represents the last time a call to 961 # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will 962 # be ignored. 963 "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, 964 # `constraints/serviceuser.services`. 965 # 966 # Immutable after creation. 967 "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of 968 # `Constraint` type. 969 # `constraint_default` enforcement behavior of the specific `Constraint` at 970 # this resource. 971 # 972 # Suppose that `constraint_default` is set to `ALLOW` for the 973 # `Constraint` `constraints/serviceuser.services`. Suppose that organization 974 # foo.com sets a `Policy` at their Organization resource node that restricts 975 # the allowed service activations to deny all service activations. They 976 # could then set a `Policy` with the `policy_type` `restore_default` on 977 # several experimental projects, restoring the `constraint_default` 978 # enforcement of the `Constraint` for only those projects, allowing those 979 # projects to have all services activated. 980 }, 981 "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed. 982 # resource. 983 # 984 # A `ListPolicy` can define specific values that are allowed or denied by 985 # setting either the `allowed_values` or `denied_values` fields. It can also 986 # be used to allow or deny all values, by setting the `all_values` field. If 987 # `all_values` is `ALL_VALUES_UNSPECIFIED`, exactly one of `allowed_values` 988 # or `denied_values` must be set (attempting to set both or neither will 989 # result in a failed request). If `all_values` is set to either `ALLOW` or 990 # `DENY`, `allowed_values` and `denied_values` must be unset. 991 "allValues": "A String", # The policy all_values state. 992 "allowedValues": [ # List of values allowed at this resource. an only be set if no values are 993 # set for `denied_values` and `all_values` is set to 994 # `ALL_VALUES_UNSPECIFIED`. 995 "A String", 996 ], 997 "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. 998 # 999 # By default, a `ListPolicy` set at a resource supercedes any `Policy` set 1000 # anywhere up the resource hierarchy. However, if `inherit_from_parent` is 1001 # set to `true`, then the values from the effective `Policy` of the parent 1002 # resource are inherited, meaning the values set in this `Policy` are 1003 # added to the values inherited up the hierarchy. 1004 # 1005 # Setting `Policy` hierarchies that inherit both allowed values and denied 1006 # values isn't recommended in most circumstances to keep the configuration 1007 # simple and understandable. However, it is possible to set a `Policy` with 1008 # `allowed_values` set that inherits a `Policy` with `denied_values` set. 1009 # In this case, the values that are allowed must be in `allowed_values` and 1010 # not present in `denied_values`. 1011 # 1012 # For example, suppose you have a `Constraint` 1013 # `constraints/serviceuser.services`, which has a `constraint_type` of 1014 # `list_constraint`, and with `constraint_default` set to `ALLOW`. 1015 # Suppose that at the Organization level, a `Policy` is applied that 1016 # restricts the allowed API activations to {`E1`, `E2`}. Then, if a 1017 # `Policy` is applied to a project below the Organization that has 1018 # `inherit_from_parent` set to `false` and field all_values set to DENY, 1019 # then an attempt to activate any API will be denied. 1020 # 1021 # The following examples demonstrate different possible layerings: 1022 # 1023 # Example 1 (no inherited values): 1024 # `organizations/foo` has a `Policy` with values: 1025 # {allowed_values: E1 allowed_values:E2} 1026 # ``projects/bar`` has `inherit_from_parent` `false` and values: 1027 # {allowed_values: "E3" allowed_values: "E4"} 1028 # The accepted values at `organizations/foo` are `E1`, `E2`. 1029 # The accepted values at `projects/bar` are `E3`, and `E4`. 1030 # 1031 # Example 2 (inherited values): 1032 # `organizations/foo` has a `Policy` with values: 1033 # {allowed_values: E1 allowed_values:E2} 1034 # `projects/bar` has a `Policy` with values: 1035 # {value: E3 value: E4 inherit_from_parent: true} 1036 # The accepted values at `organizations/foo` are `E1`, `E2`. 1037 # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. 1038 # 1039 # Example 3 (inheriting both allowed and denied values): 1040 # `organizations/foo` has a `Policy` with values: 1041 # {allowed_values: "E1" allowed_values: "E2"} 1042 # `projects/bar` has a `Policy` with: 1043 # {denied_values: "E1"} 1044 # The accepted values at `organizations/foo` are `E1`, `E2`. 1045 # The value accepted at `projects/bar` is `E2`. 1046 # 1047 # Example 4 (RestoreDefault): 1048 # `organizations/foo` has a `Policy` with values: 1049 # {allowed_values: E1 allowed_values:E2} 1050 # `projects/bar` has a `Policy` with values: 1051 # {RestoreDefault: {}} 1052 # The accepted values at `organizations/foo` are `E1`, `E2`. 1053 # The accepted values at `projects/bar` are either all or none depending on 1054 # the value of `constraint_default` (if `ALLOW`, all; if 1055 # `DENY`, none). 1056 # 1057 # Example 5 (no policy inherits parent policy): 1058 # `organizations/foo` has no `Policy` set. 1059 # `projects/bar` has no `Policy` set. 1060 # The accepted values at both levels are either all or none depending on 1061 # the value of `constraint_default` (if `ALLOW`, all; if 1062 # `DENY`, none). 1063 # 1064 # Example 6 (ListConstraint allowing all): 1065 # `organizations/foo` has a `Policy` with values: 1066 # {allowed_values: E1 allowed_values: E2} 1067 # `projects/bar` has a `Policy` with: 1068 # {all: ALLOW} 1069 # The accepted values at `organizations/foo` are `E1`, E2`. 1070 # Any value is accepted at `projects/bar`. 1071 # 1072 # Example 7 (ListConstraint allowing none): 1073 # `organizations/foo` has a `Policy` with values: 1074 # {allowed_values: E1 allowed_values: E2} 1075 # `projects/bar` has a `Policy` with: 1076 # {all: DENY} 1077 # The accepted values at `organizations/foo` are `E1`, E2`. 1078 # No value is accepted at `projects/bar`. 1079 "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration 1080 # that matches the value specified in this `Policy`. If `suggested_value` 1081 # is not set, it will inherit the value specified higher in the hierarchy, 1082 # unless `inherit_from_parent` is `false`. 1083 "deniedValues": [ # List of values denied at this resource. Can only be set if no values are 1084 # set for `allowed_values` and `all_values` is set to 1085 # `ALL_VALUES_UNSPECIFIED`. 1086 "A String", 1087 ], 1088 }, 1089 "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not. 1090 # resource. 1091 "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any 1092 # configuration is acceptable. 1093 # 1094 # Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` 1095 # with `constraint_default` set to `ALLOW`. A `Policy` for that 1096 # `Constraint` exhibits the following behavior: 1097 # - If the `Policy` at this resource has enforced set to `false`, serial 1098 # port connection attempts will be allowed. 1099 # - If the `Policy` at this resource has enforced set to `true`, serial 1100 # port connection attempts will be refused. 1101 # - If the `Policy` at this resource is `RestoreDefault`, serial port 1102 # connection attempts will be allowed. 1103 # - If no `Policy` is set at this resource or anywhere higher in the 1104 # resource hierarchy, serial port connection attempts will be allowed. 1105 # - If no `Policy` is set at this resource, but one exists higher in the 1106 # resource hierarchy, the behavior is as if the`Policy` were set at 1107 # this resource. 1108 # 1109 # The following examples demonstrate the different possible layerings: 1110 # 1111 # Example 1 (nearest `Constraint` wins): 1112 # `organizations/foo` has a `Policy` with: 1113 # {enforced: false} 1114 # `projects/bar` has no `Policy` set. 1115 # The constraint at `projects/bar` and `organizations/foo` will not be 1116 # enforced. 1117 # 1118 # Example 2 (enforcement gets replaced): 1119 # `organizations/foo` has a `Policy` with: 1120 # {enforced: false} 1121 # `projects/bar` has a `Policy` with: 1122 # {enforced: true} 1123 # The constraint at `organizations/foo` is not enforced. 1124 # The constraint at `projects/bar` is enforced. 1125 # 1126 # Example 3 (RestoreDefault): 1127 # `organizations/foo` has a `Policy` with: 1128 # {enforced: true} 1129 # `projects/bar` has a `Policy` with: 1130 # {RestoreDefault: {}} 1131 # The constraint at `organizations/foo` is enforced. 1132 # The constraint at `projects/bar` is not enforced, because 1133 # `constraint_default` for the `Constraint` is `ALLOW`. 1134 }, 1135 "version": 42, # Version of the `Policy`. Default version is 0; 1136 "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for 1137 # concurrency control. 1138 # 1139 # When the `Policy` is returned from either a `GetPolicy` or a 1140 # `ListOrgPolicy` request, this `etag` indicates the version of the current 1141 # `Policy` to use when executing a read-modify-write loop. 1142 # 1143 # When the `Policy` is returned from a `GetEffectivePolicy` request, the 1144 # `etag` will be unset. 1145 # 1146 # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value 1147 # that was returned from a `GetOrgPolicy` request as part of a 1148 # read-modify-write loop for concurrency control. Not setting the `etag`in a 1149 # `SetOrgPolicy` request will result in an unconditional write of the 1150 # `Policy`. 1151 }</pre> 1152 </div> 1153 1154 <div class="method"> 1155 <code class="details" id="list">list(pageSize=None, filter=None, pageToken=None, x__xgafv=None)</code> 1156 <pre>Lists Projects that are visible to the user and satisfy the 1157 specified filter. This method returns Projects in an unspecified order. 1158 New Projects do not necessarily appear at the end of the list. 1159 1160 Args: 1161 pageSize: integer, The maximum number of Projects to return in the response. 1162 The server can return fewer Projects than requested. 1163 If unspecified, server picks an appropriate default. 1164 1165 Optional. 1166 filter: string, An expression for filtering the results of the request. Filter rules are 1167 case insensitive. The fields eligible for filtering are: 1168 1169 + `name` 1170 + `id` 1171 + <code>labels.<em>key</em></code> where *key* is the name of a label 1172 1173 Some examples of using labels as filters: 1174 1175 |Filter|Description| 1176 |------|-----------| 1177 |name:how*|The project's name starts with "how".| 1178 |name:Howl|The project's name is `Howl` or `howl`.| 1179 |name:HOWL|Equivalent to above.| 1180 |NAME:howl|Equivalent to above.| 1181 |labels.color:*|The project has the label `color`.| 1182 |labels.color:red|The project's label `color` has the value `red`.| 1183 |labels.color:red labels.size:big|The project's label `color` has the 1184 value `red` and its label `size` has the value `big`. 1185 1186 Optional. 1187 pageToken: string, A pagination token returned from a previous call to ListProjects 1188 that indicates from where listing should continue. 1189 1190 Optional. 1191 x__xgafv: string, V1 error format. 1192 Allowed values 1193 1 - v1 error format 1194 2 - v2 error format 1195 1196 Returns: 1197 An object of the form: 1198 1199 { # A page of the response received from the 1200 # ListProjects 1201 # method. 1202 # 1203 # A paginated response where more pages are available has 1204 # `next_page_token` set. This token can be used in a subsequent request to 1205 # retrieve the next request page. 1206 "nextPageToken": "A String", # Pagination token. 1207 # 1208 # If the result set is too large to fit in a single response, this token 1209 # is returned. It encodes the position of the current result cursor. 1210 # Feeding this value into a new list request with the `page_token` parameter 1211 # gives the next page of the results. 1212 # 1213 # When `next_page_token` is not filled in, there is no next page and 1214 # the list returned is the last page in the result set. 1215 # 1216 # Pagination tokens have a limited lifetime. 1217 "projects": [ # The list of Projects that matched the list filter. This list can 1218 # be paginated. 1219 { # A Project is a high-level Google Cloud Platform entity. It is a 1220 # container for ACLs, APIs, App Engine Apps, VMs, and other 1221 # Google Cloud Platform resources. 1222 "name": "A String", # The user-assigned display name of the Project. 1223 # It must be 4 to 30 characters. 1224 # Allowed characters are: lowercase and uppercase letters, numbers, 1225 # hyphen, single-quote, double-quote, space, and exclamation point. 1226 # 1227 # Example: <code>My Project</code> 1228 # Read-write. 1229 "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource. 1230 # 1231 # The only supported parent type is "organization". Once set, the parent 1232 # cannot be modified. The `parent` can be set on creation or using the 1233 # `UpdateProject` method; the end user must have the 1234 # `resourcemanager.projects.create` permission on the parent. 1235 # 1236 # Read-write. 1237 # Cloud Platform is a generic term for something you (a developer) may want to 1238 # interact with through one of our API's. Some examples are an App Engine app, 1239 # a Compute Engine instance, a Cloud SQL database, and so on. 1240 "type": "A String", # Required field representing the resource type this id is for. 1241 # At present, the valid types are: "organization" 1242 "id": "A String", # Required field for the type-specific id. This should correspond to the id 1243 # used in the type-specific API's. 1244 }, 1245 "projectId": "A String", # The unique, user-assigned ID of the Project. 1246 # It must be 6 to 30 lowercase letters, digits, or hyphens. 1247 # It must start with a letter. 1248 # Trailing hyphens are prohibited. 1249 # 1250 # Example: <code>tokyo-rain-123</code> 1251 # Read-only after creation. 1252 "labels": { # The labels associated with this Project. 1253 # 1254 # Label keys must be between 1 and 63 characters long and must conform 1255 # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. 1256 # 1257 # Label values must be between 0 and 63 characters long and must conform 1258 # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. 1259 # 1260 # No more than 256 labels can be associated with a given resource. 1261 # 1262 # Clients should store labels in a representation such as JSON that does not 1263 # depend on specific characters being disallowed. 1264 # 1265 # Example: <code>"environment" : "dev"</code> 1266 # Read-write. 1267 "a_key": "A String", 1268 }, 1269 "createTime": "A String", # Creation time. 1270 # 1271 # Read-only. 1272 "lifecycleState": "A String", # The Project lifecycle state. 1273 # 1274 # Read-only. 1275 "projectNumber": "A String", # The number uniquely identifying the project. 1276 # 1277 # Example: <code>415104041262</code> 1278 # Read-only. 1279 }, 1280 ], 1281 }</pre> 1282 </div> 1283 1284 <div class="method"> 1285 <code class="details" id="listAvailableOrgPolicyConstraints">listAvailableOrgPolicyConstraints(resource, body, x__xgafv=None)</code> 1286 <pre>Lists `Constraints` that could be applied on the specified resource. 1287 1288 Args: 1289 resource: string, Name of the resource to list `Constraints` for. (required) 1290 body: object, The request body. (required) 1291 The object takes the form of: 1292 1293 { # The request sent to the [ListAvailableOrgPolicyConstraints] 1294 # google.cloud.OrgPolicy.v1.ListAvailableOrgPolicyConstraints] method. 1295 "pageToken": "A String", # Page token used to retrieve the next page. This is currently unsupported 1296 # and will be ignored. The server may at any point start using this field. 1297 "pageSize": 42, # Size of the pages to be returned. This is currently unsupported and will 1298 # be ignored. The server may at any point start using this field to limit 1299 # page size. 1300 } 1301 1302 x__xgafv: string, V1 error format. 1303 Allowed values 1304 1 - v1 error format 1305 2 - v2 error format 1306 1307 Returns: 1308 An object of the form: 1309 1310 { # The response returned from the ListAvailableOrgPolicyConstraints method. 1311 # Returns all `Constraints` that could be set at this level of the hierarchy 1312 # (contrast with the response from `ListPolicies`, which returns all policies 1313 # which are set). 1314 "nextPageToken": "A String", # Page token used to retrieve the next page. This is currently not used. 1315 "constraints": [ # The collection of constraints that are settable on the request resource. 1316 { # A `Constraint` describes a way in which a resource's configuration can be 1317 # restricted. For example, it controls which cloud services can be activated 1318 # across an organization, or whether a Compute Engine instance can have 1319 # serial port connections established. `Constraints` can be configured by the 1320 # organization's policy adminstrator to fit the needs of the organzation by 1321 # setting Policies for `Constraints` at different locations in the 1322 # organization's resource hierarchy. Policies are inherited down the resource 1323 # hierarchy from higher levels, but can also be overridden. For details about 1324 # the inheritance rules please read about 1325 # Policies. 1326 # 1327 # `Constraints` have a default behavior determined by the `constraint_default` 1328 # field, which is the enforcement behavior that is used in the absence of a 1329 # `Policy` being defined or inherited for the resource in question. 1330 "constraintDefault": "A String", # The evaluation behavior of this constraint in the absense of 'Policy'. 1331 "displayName": "A String", # The human readable name. 1332 # 1333 # Mutable. 1334 "description": "A String", # Detailed description of what this `Constraint` controls as well as how and 1335 # where it is enforced. 1336 # 1337 # Mutable. 1338 "booleanConstraint": { # A `Constraint` that is either enforced or not. # Defines this constraint as being a BooleanConstraint. 1339 # 1340 # For example a constraint `constraints/compute.disableSerialPortAccess`. 1341 # If it is enforced on a VM instance, serial port connections will not be 1342 # opened to that instance. 1343 }, 1344 "version": 42, # Version of the `Constraint`. Default version is 0; 1345 "listConstraint": { # A `Constraint` that allows or disallows a list of string values, which are # Defines this constraint as being a ListConstraint. 1346 # configured by an Organization's policy administrator with a `Policy`. 1347 "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration 1348 # that matches the value specified in this `Constraint`. 1349 }, 1350 "name": "A String", # Immutable value, required to globally be unique. For example, 1351 # `constraints/serviceuser.services` 1352 }, 1353 ], 1354 }</pre> 1355 </div> 1356 1357 <div class="method"> 1358 <code class="details" id="listAvailableOrgPolicyConstraints_next">listAvailableOrgPolicyConstraints_next(previous_request, previous_response)</code> 1359 <pre>Retrieves the next page of results. 1360 1361 Args: 1362 previous_request: The request for the previous page. (required) 1363 previous_response: The response from the request for the previous page. (required) 1364 1365 Returns: 1366 A request object that you can call 'execute()' on to request the next 1367 page. Returns None if there are no more items in the collection. 1368 </pre> 1369 </div> 1370 1371 <div class="method"> 1372 <code class="details" id="listOrgPolicies">listOrgPolicies(resource, body, x__xgafv=None)</code> 1373 <pre>Lists all the `Policies` set for a particular resource. 1374 1375 Args: 1376 resource: string, Name of the resource to list Policies for. (required) 1377 body: object, The request body. (required) 1378 The object takes the form of: 1379 1380 { # The request sent to the ListOrgPolicies method. 1381 "pageToken": "A String", # Page token used to retrieve the next page. This is currently unsupported 1382 # and will be ignored. The server may at any point start using this field. 1383 "pageSize": 42, # Size of the pages to be returned. This is currently unsupported and will 1384 # be ignored. The server may at any point start using this field to limit 1385 # page size. 1386 } 1387 1388 x__xgafv: string, V1 error format. 1389 Allowed values 1390 1 - v1 error format 1391 2 - v2 error format 1392 1393 Returns: 1394 An object of the form: 1395 1396 { # The response returned from the ListOrgPolicies method. It will be empty 1397 # if no `Policies` are set on the resource. 1398 "nextPageToken": "A String", # Page token used to retrieve the next page. This is currently not used, but 1399 # the server may at any point start supplying a valid token. 1400 "policies": [ # The `Policies` that are set on the resource. It will be empty if no 1401 # `Policies` are set. 1402 { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` 1403 # for configurations of Cloud Platform resources. 1404 "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the 1405 # server, not specified by the caller, and represents the last time a call to 1406 # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will 1407 # be ignored. 1408 "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, 1409 # `constraints/serviceuser.services`. 1410 # 1411 # Immutable after creation. 1412 "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of 1413 # `Constraint` type. 1414 # `constraint_default` enforcement behavior of the specific `Constraint` at 1415 # this resource. 1416 # 1417 # Suppose that `constraint_default` is set to `ALLOW` for the 1418 # `Constraint` `constraints/serviceuser.services`. Suppose that organization 1419 # foo.com sets a `Policy` at their Organization resource node that restricts 1420 # the allowed service activations to deny all service activations. They 1421 # could then set a `Policy` with the `policy_type` `restore_default` on 1422 # several experimental projects, restoring the `constraint_default` 1423 # enforcement of the `Constraint` for only those projects, allowing those 1424 # projects to have all services activated. 1425 }, 1426 "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed. 1427 # resource. 1428 # 1429 # A `ListPolicy` can define specific values that are allowed or denied by 1430 # setting either the `allowed_values` or `denied_values` fields. It can also 1431 # be used to allow or deny all values, by setting the `all_values` field. If 1432 # `all_values` is `ALL_VALUES_UNSPECIFIED`, exactly one of `allowed_values` 1433 # or `denied_values` must be set (attempting to set both or neither will 1434 # result in a failed request). If `all_values` is set to either `ALLOW` or 1435 # `DENY`, `allowed_values` and `denied_values` must be unset. 1436 "allValues": "A String", # The policy all_values state. 1437 "allowedValues": [ # List of values allowed at this resource. an only be set if no values are 1438 # set for `denied_values` and `all_values` is set to 1439 # `ALL_VALUES_UNSPECIFIED`. 1440 "A String", 1441 ], 1442 "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. 1443 # 1444 # By default, a `ListPolicy` set at a resource supercedes any `Policy` set 1445 # anywhere up the resource hierarchy. However, if `inherit_from_parent` is 1446 # set to `true`, then the values from the effective `Policy` of the parent 1447 # resource are inherited, meaning the values set in this `Policy` are 1448 # added to the values inherited up the hierarchy. 1449 # 1450 # Setting `Policy` hierarchies that inherit both allowed values and denied 1451 # values isn't recommended in most circumstances to keep the configuration 1452 # simple and understandable. However, it is possible to set a `Policy` with 1453 # `allowed_values` set that inherits a `Policy` with `denied_values` set. 1454 # In this case, the values that are allowed must be in `allowed_values` and 1455 # not present in `denied_values`. 1456 # 1457 # For example, suppose you have a `Constraint` 1458 # `constraints/serviceuser.services`, which has a `constraint_type` of 1459 # `list_constraint`, and with `constraint_default` set to `ALLOW`. 1460 # Suppose that at the Organization level, a `Policy` is applied that 1461 # restricts the allowed API activations to {`E1`, `E2`}. Then, if a 1462 # `Policy` is applied to a project below the Organization that has 1463 # `inherit_from_parent` set to `false` and field all_values set to DENY, 1464 # then an attempt to activate any API will be denied. 1465 # 1466 # The following examples demonstrate different possible layerings: 1467 # 1468 # Example 1 (no inherited values): 1469 # `organizations/foo` has a `Policy` with values: 1470 # {allowed_values: E1 allowed_values:E2} 1471 # ``projects/bar`` has `inherit_from_parent` `false` and values: 1472 # {allowed_values: "E3" allowed_values: "E4"} 1473 # The accepted values at `organizations/foo` are `E1`, `E2`. 1474 # The accepted values at `projects/bar` are `E3`, and `E4`. 1475 # 1476 # Example 2 (inherited values): 1477 # `organizations/foo` has a `Policy` with values: 1478 # {allowed_values: E1 allowed_values:E2} 1479 # `projects/bar` has a `Policy` with values: 1480 # {value: E3 value: E4 inherit_from_parent: true} 1481 # The accepted values at `organizations/foo` are `E1`, `E2`. 1482 # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. 1483 # 1484 # Example 3 (inheriting both allowed and denied values): 1485 # `organizations/foo` has a `Policy` with values: 1486 # {allowed_values: "E1" allowed_values: "E2"} 1487 # `projects/bar` has a `Policy` with: 1488 # {denied_values: "E1"} 1489 # The accepted values at `organizations/foo` are `E1`, `E2`. 1490 # The value accepted at `projects/bar` is `E2`. 1491 # 1492 # Example 4 (RestoreDefault): 1493 # `organizations/foo` has a `Policy` with values: 1494 # {allowed_values: E1 allowed_values:E2} 1495 # `projects/bar` has a `Policy` with values: 1496 # {RestoreDefault: {}} 1497 # The accepted values at `organizations/foo` are `E1`, `E2`. 1498 # The accepted values at `projects/bar` are either all or none depending on 1499 # the value of `constraint_default` (if `ALLOW`, all; if 1500 # `DENY`, none). 1501 # 1502 # Example 5 (no policy inherits parent policy): 1503 # `organizations/foo` has no `Policy` set. 1504 # `projects/bar` has no `Policy` set. 1505 # The accepted values at both levels are either all or none depending on 1506 # the value of `constraint_default` (if `ALLOW`, all; if 1507 # `DENY`, none). 1508 # 1509 # Example 6 (ListConstraint allowing all): 1510 # `organizations/foo` has a `Policy` with values: 1511 # {allowed_values: E1 allowed_values: E2} 1512 # `projects/bar` has a `Policy` with: 1513 # {all: ALLOW} 1514 # The accepted values at `organizations/foo` are `E1`, E2`. 1515 # Any value is accepted at `projects/bar`. 1516 # 1517 # Example 7 (ListConstraint allowing none): 1518 # `organizations/foo` has a `Policy` with values: 1519 # {allowed_values: E1 allowed_values: E2} 1520 # `projects/bar` has a `Policy` with: 1521 # {all: DENY} 1522 # The accepted values at `organizations/foo` are `E1`, E2`. 1523 # No value is accepted at `projects/bar`. 1524 "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration 1525 # that matches the value specified in this `Policy`. If `suggested_value` 1526 # is not set, it will inherit the value specified higher in the hierarchy, 1527 # unless `inherit_from_parent` is `false`. 1528 "deniedValues": [ # List of values denied at this resource. Can only be set if no values are 1529 # set for `allowed_values` and `all_values` is set to 1530 # `ALL_VALUES_UNSPECIFIED`. 1531 "A String", 1532 ], 1533 }, 1534 "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not. 1535 # resource. 1536 "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any 1537 # configuration is acceptable. 1538 # 1539 # Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` 1540 # with `constraint_default` set to `ALLOW`. A `Policy` for that 1541 # `Constraint` exhibits the following behavior: 1542 # - If the `Policy` at this resource has enforced set to `false`, serial 1543 # port connection attempts will be allowed. 1544 # - If the `Policy` at this resource has enforced set to `true`, serial 1545 # port connection attempts will be refused. 1546 # - If the `Policy` at this resource is `RestoreDefault`, serial port 1547 # connection attempts will be allowed. 1548 # - If no `Policy` is set at this resource or anywhere higher in the 1549 # resource hierarchy, serial port connection attempts will be allowed. 1550 # - If no `Policy` is set at this resource, but one exists higher in the 1551 # resource hierarchy, the behavior is as if the`Policy` were set at 1552 # this resource. 1553 # 1554 # The following examples demonstrate the different possible layerings: 1555 # 1556 # Example 1 (nearest `Constraint` wins): 1557 # `organizations/foo` has a `Policy` with: 1558 # {enforced: false} 1559 # `projects/bar` has no `Policy` set. 1560 # The constraint at `projects/bar` and `organizations/foo` will not be 1561 # enforced. 1562 # 1563 # Example 2 (enforcement gets replaced): 1564 # `organizations/foo` has a `Policy` with: 1565 # {enforced: false} 1566 # `projects/bar` has a `Policy` with: 1567 # {enforced: true} 1568 # The constraint at `organizations/foo` is not enforced. 1569 # The constraint at `projects/bar` is enforced. 1570 # 1571 # Example 3 (RestoreDefault): 1572 # `organizations/foo` has a `Policy` with: 1573 # {enforced: true} 1574 # `projects/bar` has a `Policy` with: 1575 # {RestoreDefault: {}} 1576 # The constraint at `organizations/foo` is enforced. 1577 # The constraint at `projects/bar` is not enforced, because 1578 # `constraint_default` for the `Constraint` is `ALLOW`. 1579 }, 1580 "version": 42, # Version of the `Policy`. Default version is 0; 1581 "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for 1582 # concurrency control. 1583 # 1584 # When the `Policy` is returned from either a `GetPolicy` or a 1585 # `ListOrgPolicy` request, this `etag` indicates the version of the current 1586 # `Policy` to use when executing a read-modify-write loop. 1587 # 1588 # When the `Policy` is returned from a `GetEffectivePolicy` request, the 1589 # `etag` will be unset. 1590 # 1591 # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value 1592 # that was returned from a `GetOrgPolicy` request as part of a 1593 # read-modify-write loop for concurrency control. Not setting the `etag`in a 1594 # `SetOrgPolicy` request will result in an unconditional write of the 1595 # `Policy`. 1596 }, 1597 ], 1598 }</pre> 1599 </div> 1600 1601 <div class="method"> 1602 <code class="details" id="listOrgPolicies_next">listOrgPolicies_next(previous_request, previous_response)</code> 1603 <pre>Retrieves the next page of results. 1604 1605 Args: 1606 previous_request: The request for the previous page. (required) 1607 previous_response: The response from the request for the previous page. (required) 1608 1609 Returns: 1610 A request object that you can call 'execute()' on to request the next 1611 page. Returns None if there are no more items in the collection. 1612 </pre> 1613 </div> 1614 1615 <div class="method"> 1616 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 1617 <pre>Retrieves the next page of results. 1618 1619 Args: 1620 previous_request: The request for the previous page. (required) 1621 previous_response: The response from the request for the previous page. (required) 1622 1623 Returns: 1624 A request object that you can call 'execute()' on to request the next 1625 page. Returns None if there are no more items in the collection. 1626 </pre> 1627 </div> 1628 1629 <div class="method"> 1630 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 1631 <pre>Sets the IAM access control policy for the specified Project. Replaces 1632 any existing policy. 1633 1634 The following constraints apply when using `setIamPolicy()`: 1635 1636 + Project does not support `allUsers` and `allAuthenticatedUsers` as 1637 `members` in a `Binding` of a `Policy`. 1638 1639 + The owner role can be granted only to `user` and `serviceAccount`. 1640 1641 + Service accounts can be made owners of a project directly 1642 without any restrictions. However, to be added as an owner, a user must be 1643 invited via Cloud Platform console and must accept the invitation. 1644 1645 + A user cannot be granted the owner role using `setIamPolicy()`. The user 1646 must be granted the owner role using the Cloud Platform Console and must 1647 explicitly accept the invitation. 1648 1649 + Invitations to grant the owner role cannot be sent using 1650 `setIamPolicy()`; 1651 they must be sent only using the Cloud Platform Console. 1652 1653 + Membership changes that leave the project without any owners that have 1654 accepted the Terms of Service (ToS) will be rejected. 1655 1656 + There must be at least one owner who has accepted the Terms of 1657 Service (ToS) agreement in the policy. Calling `setIamPolicy()` to 1658 remove the last ToS-accepted owner from the policy will fail. This 1659 restriction also applies to legacy projects that no longer have owners 1660 who have accepted the ToS. Edits to IAM policies will be rejected until 1661 the lack of a ToS-accepting owner is rectified. 1662 1663 + Calling this method requires enabling the App Engine Admin API. 1664 1665 Note: Removing service accounts from policies or changing their roles 1666 can render services completely inoperable. It is important to understand 1667 how the service account is being used before removing or updating its 1668 roles. 1669 1670 Args: 1671 resource: string, REQUIRED: The resource for which the policy is being specified. 1672 See the operation documentation for the appropriate value for this field. (required) 1673 body: object, The request body. (required) 1674 The object takes the form of: 1675 1676 { # Request message for `SetIamPolicy` method. 1677 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 1678 # the policy is limited to a few 10s of KB. An empty policy is a 1679 # valid policy but certain Cloud Platform services (such as Projects) 1680 # might reject them. 1681 # specify access control policies for Cloud Platform resources. 1682 # 1683 # 1684 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 1685 # `members` to a `role`, where the members can be user accounts, Google groups, 1686 # Google domains, and service accounts. A `role` is a named list of permissions 1687 # defined by IAM. 1688 # 1689 # **Example** 1690 # 1691 # { 1692 # "bindings": [ 1693 # { 1694 # "role": "roles/owner", 1695 # "members": [ 1696 # "user:mike (a] example.com", 1697 # "group:admins (a] example.com", 1698 # "domain:google.com", 1699 # "serviceAccount:my-other-app (a] appspot.gserviceaccount.com", 1700 # ] 1701 # }, 1702 # { 1703 # "role": "roles/viewer", 1704 # "members": ["user:sean (a] example.com"] 1705 # } 1706 # ] 1707 # } 1708 # 1709 # For a description of IAM and its features, see the 1710 # [IAM developer's guide](https://cloud.google.com/iam). 1711 "bindings": [ # Associates a list of `members` to a `role`. 1712 # Multiple `bindings` must not be specified for the same `role`. 1713 # `bindings` with no members will result in an error. 1714 { # Associates `members` with a `role`. 1715 "role": "A String", # Role that is assigned to `members`. 1716 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1717 # Required 1718 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1719 # `members` can have the following values: 1720 # 1721 # * `allUsers`: A special identifier that represents anyone who is 1722 # on the internet; with or without a Google account. 1723 # 1724 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1725 # who is authenticated with a Google account or a service account. 1726 # 1727 # * `user:{emailid}`: An email address that represents a specific Google 1728 # account. For example, `alice (a] gmail.com` or `joe (a] example.com`. 1729 # 1730 # 1731 # * `serviceAccount:{emailid}`: An email address that represents a service 1732 # account. For example, `my-other-app (a] appspot.gserviceaccount.com`. 1733 # 1734 # * `group:{emailid}`: An email address that represents a Google group. 1735 # For example, `admins (a] example.com`. 1736 # 1737 # 1738 # * `domain:{domain}`: A Google Apps domain name that represents all the 1739 # users of that domain. For example, `google.com` or `example.com`. 1740 # 1741 "A String", 1742 ], 1743 }, 1744 ], 1745 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 1746 { # Specifies the audit configuration for a service. 1747 # The configuration determines which permission types are logged, and what 1748 # identities, if any, are exempted from logging. 1749 # An AuditConfig must have one or more AuditLogConfigs. 1750 # 1751 # If there are AuditConfigs for both `allServices` and a specific service, 1752 # the union of the two AuditConfigs is used for that service: the log_types 1753 # specified in each AuditConfig are enabled, and the exempted_members in each 1754 # AuditConfig are exempted. 1755 # 1756 # Example Policy with multiple AuditConfigs: 1757 # 1758 # { 1759 # "audit_configs": [ 1760 # { 1761 # "service": "allServices" 1762 # "audit_log_configs": [ 1763 # { 1764 # "log_type": "DATA_READ", 1765 # "exempted_members": [ 1766 # "user:foo (a] gmail.com" 1767 # ] 1768 # }, 1769 # { 1770 # "log_type": "DATA_WRITE", 1771 # }, 1772 # { 1773 # "log_type": "ADMIN_READ", 1774 # } 1775 # ] 1776 # }, 1777 # { 1778 # "service": "fooservice.googleapis.com" 1779 # "audit_log_configs": [ 1780 # { 1781 # "log_type": "DATA_READ", 1782 # }, 1783 # { 1784 # "log_type": "DATA_WRITE", 1785 # "exempted_members": [ 1786 # "user:bar (a] gmail.com" 1787 # ] 1788 # } 1789 # ] 1790 # } 1791 # ] 1792 # } 1793 # 1794 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1795 # logging. It also exempts foo (a] gmail.com from DATA_READ logging, and 1796 # bar (a] gmail.com from DATA_WRITE logging. 1797 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1798 # Next ID: 4 1799 { # Provides the configuration for logging a type of permissions. 1800 # Example: 1801 # 1802 # { 1803 # "audit_log_configs": [ 1804 # { 1805 # "log_type": "DATA_READ", 1806 # "exempted_members": [ 1807 # "user:foo (a] gmail.com" 1808 # ] 1809 # }, 1810 # { 1811 # "log_type": "DATA_WRITE", 1812 # } 1813 # ] 1814 # } 1815 # 1816 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1817 # foo (a] gmail.com from DATA_READ logging. 1818 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1819 # permission. 1820 # Follows the same format of Binding.members. 1821 "A String", 1822 ], 1823 "logType": "A String", # The log type that this config enables. 1824 }, 1825 ], 1826 "service": "A String", # Specifies a service that will be enabled for audit logging. 1827 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 1828 # `allServices` is a special value that covers all services. 1829 }, 1830 ], 1831 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1832 # prevent simultaneous updates of a policy from overwriting each other. 1833 # It is strongly suggested that systems make use of the `etag` in the 1834 # read-modify-write cycle to perform policy updates in order to avoid race 1835 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1836 # systems are expected to put that etag in the request to `setIamPolicy` to 1837 # ensure that their change will be applied to the same version of the policy. 1838 # 1839 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1840 # policy is overwritten blindly. 1841 "version": 42, # Version of the `Policy`. The default version is 0. 1842 }, 1843 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 1844 # the fields in the mask will be modified. If no mask is provided, the 1845 # following default mask is used: 1846 # paths: "bindings, etag" 1847 # This field is only used by Cloud IAM. 1848 } 1849 1850 x__xgafv: string, V1 error format. 1851 Allowed values 1852 1 - v1 error format 1853 2 - v2 error format 1854 1855 Returns: 1856 An object of the form: 1857 1858 { # Defines an Identity and Access Management (IAM) policy. It is used to 1859 # specify access control policies for Cloud Platform resources. 1860 # 1861 # 1862 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 1863 # `members` to a `role`, where the members can be user accounts, Google groups, 1864 # Google domains, and service accounts. A `role` is a named list of permissions 1865 # defined by IAM. 1866 # 1867 # **Example** 1868 # 1869 # { 1870 # "bindings": [ 1871 # { 1872 # "role": "roles/owner", 1873 # "members": [ 1874 # "user:mike (a] example.com", 1875 # "group:admins (a] example.com", 1876 # "domain:google.com", 1877 # "serviceAccount:my-other-app (a] appspot.gserviceaccount.com", 1878 # ] 1879 # }, 1880 # { 1881 # "role": "roles/viewer", 1882 # "members": ["user:sean (a] example.com"] 1883 # } 1884 # ] 1885 # } 1886 # 1887 # For a description of IAM and its features, see the 1888 # [IAM developer's guide](https://cloud.google.com/iam). 1889 "bindings": [ # Associates a list of `members` to a `role`. 1890 # Multiple `bindings` must not be specified for the same `role`. 1891 # `bindings` with no members will result in an error. 1892 { # Associates `members` with a `role`. 1893 "role": "A String", # Role that is assigned to `members`. 1894 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1895 # Required 1896 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1897 # `members` can have the following values: 1898 # 1899 # * `allUsers`: A special identifier that represents anyone who is 1900 # on the internet; with or without a Google account. 1901 # 1902 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1903 # who is authenticated with a Google account or a service account. 1904 # 1905 # * `user:{emailid}`: An email address that represents a specific Google 1906 # account. For example, `alice (a] gmail.com` or `joe (a] example.com`. 1907 # 1908 # 1909 # * `serviceAccount:{emailid}`: An email address that represents a service 1910 # account. For example, `my-other-app (a] appspot.gserviceaccount.com`. 1911 # 1912 # * `group:{emailid}`: An email address that represents a Google group. 1913 # For example, `admins (a] example.com`. 1914 # 1915 # 1916 # * `domain:{domain}`: A Google Apps domain name that represents all the 1917 # users of that domain. For example, `google.com` or `example.com`. 1918 # 1919 "A String", 1920 ], 1921 }, 1922 ], 1923 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 1924 { # Specifies the audit configuration for a service. 1925 # The configuration determines which permission types are logged, and what 1926 # identities, if any, are exempted from logging. 1927 # An AuditConfig must have one or more AuditLogConfigs. 1928 # 1929 # If there are AuditConfigs for both `allServices` and a specific service, 1930 # the union of the two AuditConfigs is used for that service: the log_types 1931 # specified in each AuditConfig are enabled, and the exempted_members in each 1932 # AuditConfig are exempted. 1933 # 1934 # Example Policy with multiple AuditConfigs: 1935 # 1936 # { 1937 # "audit_configs": [ 1938 # { 1939 # "service": "allServices" 1940 # "audit_log_configs": [ 1941 # { 1942 # "log_type": "DATA_READ", 1943 # "exempted_members": [ 1944 # "user:foo (a] gmail.com" 1945 # ] 1946 # }, 1947 # { 1948 # "log_type": "DATA_WRITE", 1949 # }, 1950 # { 1951 # "log_type": "ADMIN_READ", 1952 # } 1953 # ] 1954 # }, 1955 # { 1956 # "service": "fooservice.googleapis.com" 1957 # "audit_log_configs": [ 1958 # { 1959 # "log_type": "DATA_READ", 1960 # }, 1961 # { 1962 # "log_type": "DATA_WRITE", 1963 # "exempted_members": [ 1964 # "user:bar (a] gmail.com" 1965 # ] 1966 # } 1967 # ] 1968 # } 1969 # ] 1970 # } 1971 # 1972 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1973 # logging. It also exempts foo (a] gmail.com from DATA_READ logging, and 1974 # bar (a] gmail.com from DATA_WRITE logging. 1975 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1976 # Next ID: 4 1977 { # Provides the configuration for logging a type of permissions. 1978 # Example: 1979 # 1980 # { 1981 # "audit_log_configs": [ 1982 # { 1983 # "log_type": "DATA_READ", 1984 # "exempted_members": [ 1985 # "user:foo (a] gmail.com" 1986 # ] 1987 # }, 1988 # { 1989 # "log_type": "DATA_WRITE", 1990 # } 1991 # ] 1992 # } 1993 # 1994 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1995 # foo (a] gmail.com from DATA_READ logging. 1996 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1997 # permission. 1998 # Follows the same format of Binding.members. 1999 "A String", 2000 ], 2001 "logType": "A String", # The log type that this config enables. 2002 }, 2003 ], 2004 "service": "A String", # Specifies a service that will be enabled for audit logging. 2005 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 2006 # `allServices` is a special value that covers all services. 2007 }, 2008 ], 2009 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 2010 # prevent simultaneous updates of a policy from overwriting each other. 2011 # It is strongly suggested that systems make use of the `etag` in the 2012 # read-modify-write cycle to perform policy updates in order to avoid race 2013 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 2014 # systems are expected to put that etag in the request to `setIamPolicy` to 2015 # ensure that their change will be applied to the same version of the policy. 2016 # 2017 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 2018 # policy is overwritten blindly. 2019 "version": 42, # Version of the `Policy`. The default version is 0. 2020 }</pre> 2021 </div> 2022 2023 <div class="method"> 2024 <code class="details" id="setOrgPolicy">setOrgPolicy(resource, body, x__xgafv=None)</code> 2025 <pre>Updates the specified `Policy` on the resource. Creates a new `Policy` for 2026 that `Constraint` on the resource if one does not exist. 2027 2028 Not supplying an `etag` on the request `Policy` results in an unconditional 2029 write of the `Policy`. 2030 2031 Args: 2032 resource: string, Resource name of the resource to attach the `Policy`. (required) 2033 body: object, The request body. (required) 2034 The object takes the form of: 2035 2036 { # The request sent to the SetOrgPolicyRequest method. 2037 "policy": { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` # `Policy` to set on the resource. 2038 # for configurations of Cloud Platform resources. 2039 "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the 2040 # server, not specified by the caller, and represents the last time a call to 2041 # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will 2042 # be ignored. 2043 "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, 2044 # `constraints/serviceuser.services`. 2045 # 2046 # Immutable after creation. 2047 "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of 2048 # `Constraint` type. 2049 # `constraint_default` enforcement behavior of the specific `Constraint` at 2050 # this resource. 2051 # 2052 # Suppose that `constraint_default` is set to `ALLOW` for the 2053 # `Constraint` `constraints/serviceuser.services`. Suppose that organization 2054 # foo.com sets a `Policy` at their Organization resource node that restricts 2055 # the allowed service activations to deny all service activations. They 2056 # could then set a `Policy` with the `policy_type` `restore_default` on 2057 # several experimental projects, restoring the `constraint_default` 2058 # enforcement of the `Constraint` for only those projects, allowing those 2059 # projects to have all services activated. 2060 }, 2061 "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed. 2062 # resource. 2063 # 2064 # A `ListPolicy` can define specific values that are allowed or denied by 2065 # setting either the `allowed_values` or `denied_values` fields. It can also 2066 # be used to allow or deny all values, by setting the `all_values` field. If 2067 # `all_values` is `ALL_VALUES_UNSPECIFIED`, exactly one of `allowed_values` 2068 # or `denied_values` must be set (attempting to set both or neither will 2069 # result in a failed request). If `all_values` is set to either `ALLOW` or 2070 # `DENY`, `allowed_values` and `denied_values` must be unset. 2071 "allValues": "A String", # The policy all_values state. 2072 "allowedValues": [ # List of values allowed at this resource. an only be set if no values are 2073 # set for `denied_values` and `all_values` is set to 2074 # `ALL_VALUES_UNSPECIFIED`. 2075 "A String", 2076 ], 2077 "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. 2078 # 2079 # By default, a `ListPolicy` set at a resource supercedes any `Policy` set 2080 # anywhere up the resource hierarchy. However, if `inherit_from_parent` is 2081 # set to `true`, then the values from the effective `Policy` of the parent 2082 # resource are inherited, meaning the values set in this `Policy` are 2083 # added to the values inherited up the hierarchy. 2084 # 2085 # Setting `Policy` hierarchies that inherit both allowed values and denied 2086 # values isn't recommended in most circumstances to keep the configuration 2087 # simple and understandable. However, it is possible to set a `Policy` with 2088 # `allowed_values` set that inherits a `Policy` with `denied_values` set. 2089 # In this case, the values that are allowed must be in `allowed_values` and 2090 # not present in `denied_values`. 2091 # 2092 # For example, suppose you have a `Constraint` 2093 # `constraints/serviceuser.services`, which has a `constraint_type` of 2094 # `list_constraint`, and with `constraint_default` set to `ALLOW`. 2095 # Suppose that at the Organization level, a `Policy` is applied that 2096 # restricts the allowed API activations to {`E1`, `E2`}. Then, if a 2097 # `Policy` is applied to a project below the Organization that has 2098 # `inherit_from_parent` set to `false` and field all_values set to DENY, 2099 # then an attempt to activate any API will be denied. 2100 # 2101 # The following examples demonstrate different possible layerings: 2102 # 2103 # Example 1 (no inherited values): 2104 # `organizations/foo` has a `Policy` with values: 2105 # {allowed_values: E1 allowed_values:E2} 2106 # ``projects/bar`` has `inherit_from_parent` `false` and values: 2107 # {allowed_values: "E3" allowed_values: "E4"} 2108 # The accepted values at `organizations/foo` are `E1`, `E2`. 2109 # The accepted values at `projects/bar` are `E3`, and `E4`. 2110 # 2111 # Example 2 (inherited values): 2112 # `organizations/foo` has a `Policy` with values: 2113 # {allowed_values: E1 allowed_values:E2} 2114 # `projects/bar` has a `Policy` with values: 2115 # {value: E3 value: E4 inherit_from_parent: true} 2116 # The accepted values at `organizations/foo` are `E1`, `E2`. 2117 # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. 2118 # 2119 # Example 3 (inheriting both allowed and denied values): 2120 # `organizations/foo` has a `Policy` with values: 2121 # {allowed_values: "E1" allowed_values: "E2"} 2122 # `projects/bar` has a `Policy` with: 2123 # {denied_values: "E1"} 2124 # The accepted values at `organizations/foo` are `E1`, `E2`. 2125 # The value accepted at `projects/bar` is `E2`. 2126 # 2127 # Example 4 (RestoreDefault): 2128 # `organizations/foo` has a `Policy` with values: 2129 # {allowed_values: E1 allowed_values:E2} 2130 # `projects/bar` has a `Policy` with values: 2131 # {RestoreDefault: {}} 2132 # The accepted values at `organizations/foo` are `E1`, `E2`. 2133 # The accepted values at `projects/bar` are either all or none depending on 2134 # the value of `constraint_default` (if `ALLOW`, all; if 2135 # `DENY`, none). 2136 # 2137 # Example 5 (no policy inherits parent policy): 2138 # `organizations/foo` has no `Policy` set. 2139 # `projects/bar` has no `Policy` set. 2140 # The accepted values at both levels are either all or none depending on 2141 # the value of `constraint_default` (if `ALLOW`, all; if 2142 # `DENY`, none). 2143 # 2144 # Example 6 (ListConstraint allowing all): 2145 # `organizations/foo` has a `Policy` with values: 2146 # {allowed_values: E1 allowed_values: E2} 2147 # `projects/bar` has a `Policy` with: 2148 # {all: ALLOW} 2149 # The accepted values at `organizations/foo` are `E1`, E2`. 2150 # Any value is accepted at `projects/bar`. 2151 # 2152 # Example 7 (ListConstraint allowing none): 2153 # `organizations/foo` has a `Policy` with values: 2154 # {allowed_values: E1 allowed_values: E2} 2155 # `projects/bar` has a `Policy` with: 2156 # {all: DENY} 2157 # The accepted values at `organizations/foo` are `E1`, E2`. 2158 # No value is accepted at `projects/bar`. 2159 "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration 2160 # that matches the value specified in this `Policy`. If `suggested_value` 2161 # is not set, it will inherit the value specified higher in the hierarchy, 2162 # unless `inherit_from_parent` is `false`. 2163 "deniedValues": [ # List of values denied at this resource. Can only be set if no values are 2164 # set for `allowed_values` and `all_values` is set to 2165 # `ALL_VALUES_UNSPECIFIED`. 2166 "A String", 2167 ], 2168 }, 2169 "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not. 2170 # resource. 2171 "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any 2172 # configuration is acceptable. 2173 # 2174 # Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` 2175 # with `constraint_default` set to `ALLOW`. A `Policy` for that 2176 # `Constraint` exhibits the following behavior: 2177 # - If the `Policy` at this resource has enforced set to `false`, serial 2178 # port connection attempts will be allowed. 2179 # - If the `Policy` at this resource has enforced set to `true`, serial 2180 # port connection attempts will be refused. 2181 # - If the `Policy` at this resource is `RestoreDefault`, serial port 2182 # connection attempts will be allowed. 2183 # - If no `Policy` is set at this resource or anywhere higher in the 2184 # resource hierarchy, serial port connection attempts will be allowed. 2185 # - If no `Policy` is set at this resource, but one exists higher in the 2186 # resource hierarchy, the behavior is as if the`Policy` were set at 2187 # this resource. 2188 # 2189 # The following examples demonstrate the different possible layerings: 2190 # 2191 # Example 1 (nearest `Constraint` wins): 2192 # `organizations/foo` has a `Policy` with: 2193 # {enforced: false} 2194 # `projects/bar` has no `Policy` set. 2195 # The constraint at `projects/bar` and `organizations/foo` will not be 2196 # enforced. 2197 # 2198 # Example 2 (enforcement gets replaced): 2199 # `organizations/foo` has a `Policy` with: 2200 # {enforced: false} 2201 # `projects/bar` has a `Policy` with: 2202 # {enforced: true} 2203 # The constraint at `organizations/foo` is not enforced. 2204 # The constraint at `projects/bar` is enforced. 2205 # 2206 # Example 3 (RestoreDefault): 2207 # `organizations/foo` has a `Policy` with: 2208 # {enforced: true} 2209 # `projects/bar` has a `Policy` with: 2210 # {RestoreDefault: {}} 2211 # The constraint at `organizations/foo` is enforced. 2212 # The constraint at `projects/bar` is not enforced, because 2213 # `constraint_default` for the `Constraint` is `ALLOW`. 2214 }, 2215 "version": 42, # Version of the `Policy`. Default version is 0; 2216 "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for 2217 # concurrency control. 2218 # 2219 # When the `Policy` is returned from either a `GetPolicy` or a 2220 # `ListOrgPolicy` request, this `etag` indicates the version of the current 2221 # `Policy` to use when executing a read-modify-write loop. 2222 # 2223 # When the `Policy` is returned from a `GetEffectivePolicy` request, the 2224 # `etag` will be unset. 2225 # 2226 # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value 2227 # that was returned from a `GetOrgPolicy` request as part of a 2228 # read-modify-write loop for concurrency control. Not setting the `etag`in a 2229 # `SetOrgPolicy` request will result in an unconditional write of the 2230 # `Policy`. 2231 }, 2232 } 2233 2234 x__xgafv: string, V1 error format. 2235 Allowed values 2236 1 - v1 error format 2237 2 - v2 error format 2238 2239 Returns: 2240 An object of the form: 2241 2242 { # Defines a Cloud Organization `Policy` which is used to specify `Constraints` 2243 # for configurations of Cloud Platform resources. 2244 "updateTime": "A String", # The time stamp the `Policy` was previously updated. This is set by the 2245 # server, not specified by the caller, and represents the last time a call to 2246 # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will 2247 # be ignored. 2248 "constraint": "A String", # The name of the `Constraint` the `Policy` is configuring, for example, 2249 # `constraints/serviceuser.services`. 2250 # 2251 # Immutable after creation. 2252 "restoreDefault": { # Ignores policies set above this resource and restores the # Restores the default behavior of the constraint; independent of 2253 # `Constraint` type. 2254 # `constraint_default` enforcement behavior of the specific `Constraint` at 2255 # this resource. 2256 # 2257 # Suppose that `constraint_default` is set to `ALLOW` for the 2258 # `Constraint` `constraints/serviceuser.services`. Suppose that organization 2259 # foo.com sets a `Policy` at their Organization resource node that restricts 2260 # the allowed service activations to deny all service activations. They 2261 # could then set a `Policy` with the `policy_type` `restore_default` on 2262 # several experimental projects, restoring the `constraint_default` 2263 # enforcement of the `Constraint` for only those projects, allowing those 2264 # projects to have all services activated. 2265 }, 2266 "listPolicy": { # Used in `policy_type` to specify how `list_policy` behaves at this # List of values either allowed or disallowed. 2267 # resource. 2268 # 2269 # A `ListPolicy` can define specific values that are allowed or denied by 2270 # setting either the `allowed_values` or `denied_values` fields. It can also 2271 # be used to allow or deny all values, by setting the `all_values` field. If 2272 # `all_values` is `ALL_VALUES_UNSPECIFIED`, exactly one of `allowed_values` 2273 # or `denied_values` must be set (attempting to set both or neither will 2274 # result in a failed request). If `all_values` is set to either `ALLOW` or 2275 # `DENY`, `allowed_values` and `denied_values` must be unset. 2276 "allValues": "A String", # The policy all_values state. 2277 "allowedValues": [ # List of values allowed at this resource. an only be set if no values are 2278 # set for `denied_values` and `all_values` is set to 2279 # `ALL_VALUES_UNSPECIFIED`. 2280 "A String", 2281 ], 2282 "inheritFromParent": True or False, # Determines the inheritance behavior for this `Policy`. 2283 # 2284 # By default, a `ListPolicy` set at a resource supercedes any `Policy` set 2285 # anywhere up the resource hierarchy. However, if `inherit_from_parent` is 2286 # set to `true`, then the values from the effective `Policy` of the parent 2287 # resource are inherited, meaning the values set in this `Policy` are 2288 # added to the values inherited up the hierarchy. 2289 # 2290 # Setting `Policy` hierarchies that inherit both allowed values and denied 2291 # values isn't recommended in most circumstances to keep the configuration 2292 # simple and understandable. However, it is possible to set a `Policy` with 2293 # `allowed_values` set that inherits a `Policy` with `denied_values` set. 2294 # In this case, the values that are allowed must be in `allowed_values` and 2295 # not present in `denied_values`. 2296 # 2297 # For example, suppose you have a `Constraint` 2298 # `constraints/serviceuser.services`, which has a `constraint_type` of 2299 # `list_constraint`, and with `constraint_default` set to `ALLOW`. 2300 # Suppose that at the Organization level, a `Policy` is applied that 2301 # restricts the allowed API activations to {`E1`, `E2`}. Then, if a 2302 # `Policy` is applied to a project below the Organization that has 2303 # `inherit_from_parent` set to `false` and field all_values set to DENY, 2304 # then an attempt to activate any API will be denied. 2305 # 2306 # The following examples demonstrate different possible layerings: 2307 # 2308 # Example 1 (no inherited values): 2309 # `organizations/foo` has a `Policy` with values: 2310 # {allowed_values: E1 allowed_values:E2} 2311 # ``projects/bar`` has `inherit_from_parent` `false` and values: 2312 # {allowed_values: "E3" allowed_values: "E4"} 2313 # The accepted values at `organizations/foo` are `E1`, `E2`. 2314 # The accepted values at `projects/bar` are `E3`, and `E4`. 2315 # 2316 # Example 2 (inherited values): 2317 # `organizations/foo` has a `Policy` with values: 2318 # {allowed_values: E1 allowed_values:E2} 2319 # `projects/bar` has a `Policy` with values: 2320 # {value: E3 value: E4 inherit_from_parent: true} 2321 # The accepted values at `organizations/foo` are `E1`, `E2`. 2322 # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. 2323 # 2324 # Example 3 (inheriting both allowed and denied values): 2325 # `organizations/foo` has a `Policy` with values: 2326 # {allowed_values: "E1" allowed_values: "E2"} 2327 # `projects/bar` has a `Policy` with: 2328 # {denied_values: "E1"} 2329 # The accepted values at `organizations/foo` are `E1`, `E2`. 2330 # The value accepted at `projects/bar` is `E2`. 2331 # 2332 # Example 4 (RestoreDefault): 2333 # `organizations/foo` has a `Policy` with values: 2334 # {allowed_values: E1 allowed_values:E2} 2335 # `projects/bar` has a `Policy` with values: 2336 # {RestoreDefault: {}} 2337 # The accepted values at `organizations/foo` are `E1`, `E2`. 2338 # The accepted values at `projects/bar` are either all or none depending on 2339 # the value of `constraint_default` (if `ALLOW`, all; if 2340 # `DENY`, none). 2341 # 2342 # Example 5 (no policy inherits parent policy): 2343 # `organizations/foo` has no `Policy` set. 2344 # `projects/bar` has no `Policy` set. 2345 # The accepted values at both levels are either all or none depending on 2346 # the value of `constraint_default` (if `ALLOW`, all; if 2347 # `DENY`, none). 2348 # 2349 # Example 6 (ListConstraint allowing all): 2350 # `organizations/foo` has a `Policy` with values: 2351 # {allowed_values: E1 allowed_values: E2} 2352 # `projects/bar` has a `Policy` with: 2353 # {all: ALLOW} 2354 # The accepted values at `organizations/foo` are `E1`, E2`. 2355 # Any value is accepted at `projects/bar`. 2356 # 2357 # Example 7 (ListConstraint allowing none): 2358 # `organizations/foo` has a `Policy` with values: 2359 # {allowed_values: E1 allowed_values: E2} 2360 # `projects/bar` has a `Policy` with: 2361 # {all: DENY} 2362 # The accepted values at `organizations/foo` are `E1`, E2`. 2363 # No value is accepted at `projects/bar`. 2364 "suggestedValue": "A String", # Optional. The Google Cloud Console will try to default to a configuration 2365 # that matches the value specified in this `Policy`. If `suggested_value` 2366 # is not set, it will inherit the value specified higher in the hierarchy, 2367 # unless `inherit_from_parent` is `false`. 2368 "deniedValues": [ # List of values denied at this resource. Can only be set if no values are 2369 # set for `allowed_values` and `all_values` is set to 2370 # `ALL_VALUES_UNSPECIFIED`. 2371 "A String", 2372 ], 2373 }, 2374 "booleanPolicy": { # Used in `policy_type` to specify how `boolean_policy` will behave at this # For boolean `Constraints`, whether to enforce the `Constraint` or not. 2375 # resource. 2376 "enforced": True or False, # If `true`, then the `Policy` is enforced. If `false`, then any 2377 # configuration is acceptable. 2378 # 2379 # Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` 2380 # with `constraint_default` set to `ALLOW`. A `Policy` for that 2381 # `Constraint` exhibits the following behavior: 2382 # - If the `Policy` at this resource has enforced set to `false`, serial 2383 # port connection attempts will be allowed. 2384 # - If the `Policy` at this resource has enforced set to `true`, serial 2385 # port connection attempts will be refused. 2386 # - If the `Policy` at this resource is `RestoreDefault`, serial port 2387 # connection attempts will be allowed. 2388 # - If no `Policy` is set at this resource or anywhere higher in the 2389 # resource hierarchy, serial port connection attempts will be allowed. 2390 # - If no `Policy` is set at this resource, but one exists higher in the 2391 # resource hierarchy, the behavior is as if the`Policy` were set at 2392 # this resource. 2393 # 2394 # The following examples demonstrate the different possible layerings: 2395 # 2396 # Example 1 (nearest `Constraint` wins): 2397 # `organizations/foo` has a `Policy` with: 2398 # {enforced: false} 2399 # `projects/bar` has no `Policy` set. 2400 # The constraint at `projects/bar` and `organizations/foo` will not be 2401 # enforced. 2402 # 2403 # Example 2 (enforcement gets replaced): 2404 # `organizations/foo` has a `Policy` with: 2405 # {enforced: false} 2406 # `projects/bar` has a `Policy` with: 2407 # {enforced: true} 2408 # The constraint at `organizations/foo` is not enforced. 2409 # The constraint at `projects/bar` is enforced. 2410 # 2411 # Example 3 (RestoreDefault): 2412 # `organizations/foo` has a `Policy` with: 2413 # {enforced: true} 2414 # `projects/bar` has a `Policy` with: 2415 # {RestoreDefault: {}} 2416 # The constraint at `organizations/foo` is enforced. 2417 # The constraint at `projects/bar` is not enforced, because 2418 # `constraint_default` for the `Constraint` is `ALLOW`. 2419 }, 2420 "version": 42, # Version of the `Policy`. Default version is 0; 2421 "etag": "A String", # An opaque tag indicating the current version of the `Policy`, used for 2422 # concurrency control. 2423 # 2424 # When the `Policy` is returned from either a `GetPolicy` or a 2425 # `ListOrgPolicy` request, this `etag` indicates the version of the current 2426 # `Policy` to use when executing a read-modify-write loop. 2427 # 2428 # When the `Policy` is returned from a `GetEffectivePolicy` request, the 2429 # `etag` will be unset. 2430 # 2431 # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value 2432 # that was returned from a `GetOrgPolicy` request as part of a 2433 # read-modify-write loop for concurrency control. Not setting the `etag`in a 2434 # `SetOrgPolicy` request will result in an unconditional write of the 2435 # `Policy`. 2436 }</pre> 2437 </div> 2438 2439 <div class="method"> 2440 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 2441 <pre>Returns permissions that a caller has on the specified Project. 2442 2443 Args: 2444 resource: string, REQUIRED: The resource for which the policy detail is being requested. 2445 See the operation documentation for the appropriate value for this field. (required) 2446 body: object, The request body. (required) 2447 The object takes the form of: 2448 2449 { # Request message for `TestIamPermissions` method. 2450 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 2451 # wildcards (such as '*' or 'storage.*') are not allowed. For more 2452 # information see 2453 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 2454 "A String", 2455 ], 2456 } 2457 2458 x__xgafv: string, V1 error format. 2459 Allowed values 2460 1 - v1 error format 2461 2 - v2 error format 2462 2463 Returns: 2464 An object of the form: 2465 2466 { # Response message for `TestIamPermissions` method. 2467 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 2468 # allowed. 2469 "A String", 2470 ], 2471 }</pre> 2472 </div> 2473 2474 <div class="method"> 2475 <code class="details" id="undelete">undelete(projectId, body, x__xgafv=None)</code> 2476 <pre>Restores the Project identified by the specified 2477 `project_id` (for example, `my-project-123`). 2478 You can only use this method for a Project that has a lifecycle state of 2479 DELETE_REQUESTED. 2480 After deletion starts, the Project cannot be restored. 2481 2482 The caller must have modify permissions for this Project. 2483 2484 Args: 2485 projectId: string, The project ID (for example, `foo-bar-123`). 2486 2487 Required. (required) 2488 body: object, The request body. (required) 2489 The object takes the form of: 2490 2491 { # The request sent to the UndeleteProject 2492 # method. 2493 } 2494 2495 x__xgafv: string, V1 error format. 2496 Allowed values 2497 1 - v1 error format 2498 2 - v2 error format 2499 2500 Returns: 2501 An object of the form: 2502 2503 { # A generic empty message that you can re-use to avoid defining duplicated 2504 # empty messages in your APIs. A typical example is to use it as the request 2505 # or the response type of an API method. For instance: 2506 # 2507 # service Foo { 2508 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 2509 # } 2510 # 2511 # The JSON representation for `Empty` is empty JSON object `{}`. 2512 }</pre> 2513 </div> 2514 2515 <div class="method"> 2516 <code class="details" id="update">update(projectId, body, x__xgafv=None)</code> 2517 <pre>Updates the attributes of the Project identified by the specified 2518 `project_id` (for example, `my-project-123`). 2519 2520 The caller must have modify permissions for this Project. 2521 2522 Args: 2523 projectId: string, The project ID (for example, `my-project-123`). 2524 2525 Required. (required) 2526 body: object, The request body. (required) 2527 The object takes the form of: 2528 2529 { # A Project is a high-level Google Cloud Platform entity. It is a 2530 # container for ACLs, APIs, App Engine Apps, VMs, and other 2531 # Google Cloud Platform resources. 2532 "name": "A String", # The user-assigned display name of the Project. 2533 # It must be 4 to 30 characters. 2534 # Allowed characters are: lowercase and uppercase letters, numbers, 2535 # hyphen, single-quote, double-quote, space, and exclamation point. 2536 # 2537 # Example: <code>My Project</code> 2538 # Read-write. 2539 "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource. 2540 # 2541 # The only supported parent type is "organization". Once set, the parent 2542 # cannot be modified. The `parent` can be set on creation or using the 2543 # `UpdateProject` method; the end user must have the 2544 # `resourcemanager.projects.create` permission on the parent. 2545 # 2546 # Read-write. 2547 # Cloud Platform is a generic term for something you (a developer) may want to 2548 # interact with through one of our API's. Some examples are an App Engine app, 2549 # a Compute Engine instance, a Cloud SQL database, and so on. 2550 "type": "A String", # Required field representing the resource type this id is for. 2551 # At present, the valid types are: "organization" 2552 "id": "A String", # Required field for the type-specific id. This should correspond to the id 2553 # used in the type-specific API's. 2554 }, 2555 "projectId": "A String", # The unique, user-assigned ID of the Project. 2556 # It must be 6 to 30 lowercase letters, digits, or hyphens. 2557 # It must start with a letter. 2558 # Trailing hyphens are prohibited. 2559 # 2560 # Example: <code>tokyo-rain-123</code> 2561 # Read-only after creation. 2562 "labels": { # The labels associated with this Project. 2563 # 2564 # Label keys must be between 1 and 63 characters long and must conform 2565 # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. 2566 # 2567 # Label values must be between 0 and 63 characters long and must conform 2568 # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. 2569 # 2570 # No more than 256 labels can be associated with a given resource. 2571 # 2572 # Clients should store labels in a representation such as JSON that does not 2573 # depend on specific characters being disallowed. 2574 # 2575 # Example: <code>"environment" : "dev"</code> 2576 # Read-write. 2577 "a_key": "A String", 2578 }, 2579 "createTime": "A String", # Creation time. 2580 # 2581 # Read-only. 2582 "lifecycleState": "A String", # The Project lifecycle state. 2583 # 2584 # Read-only. 2585 "projectNumber": "A String", # The number uniquely identifying the project. 2586 # 2587 # Example: <code>415104041262</code> 2588 # Read-only. 2589 } 2590 2591 x__xgafv: string, V1 error format. 2592 Allowed values 2593 1 - v1 error format 2594 2 - v2 error format 2595 2596 Returns: 2597 An object of the form: 2598 2599 { # A Project is a high-level Google Cloud Platform entity. It is a 2600 # container for ACLs, APIs, App Engine Apps, VMs, and other 2601 # Google Cloud Platform resources. 2602 "name": "A String", # The user-assigned display name of the Project. 2603 # It must be 4 to 30 characters. 2604 # Allowed characters are: lowercase and uppercase letters, numbers, 2605 # hyphen, single-quote, double-quote, space, and exclamation point. 2606 # 2607 # Example: <code>My Project</code> 2608 # Read-write. 2609 "parent": { # A container to reference an id for any resource type. A `resource` in Google # An optional reference to a parent Resource. 2610 # 2611 # The only supported parent type is "organization". Once set, the parent 2612 # cannot be modified. The `parent` can be set on creation or using the 2613 # `UpdateProject` method; the end user must have the 2614 # `resourcemanager.projects.create` permission on the parent. 2615 # 2616 # Read-write. 2617 # Cloud Platform is a generic term for something you (a developer) may want to 2618 # interact with through one of our API's. Some examples are an App Engine app, 2619 # a Compute Engine instance, a Cloud SQL database, and so on. 2620 "type": "A String", # Required field representing the resource type this id is for. 2621 # At present, the valid types are: "organization" 2622 "id": "A String", # Required field for the type-specific id. This should correspond to the id 2623 # used in the type-specific API's. 2624 }, 2625 "projectId": "A String", # The unique, user-assigned ID of the Project. 2626 # It must be 6 to 30 lowercase letters, digits, or hyphens. 2627 # It must start with a letter. 2628 # Trailing hyphens are prohibited. 2629 # 2630 # Example: <code>tokyo-rain-123</code> 2631 # Read-only after creation. 2632 "labels": { # The labels associated with this Project. 2633 # 2634 # Label keys must be between 1 and 63 characters long and must conform 2635 # to the following regular expression: \[a-z\](\[-a-z0-9\]*\[a-z0-9\])?. 2636 # 2637 # Label values must be between 0 and 63 characters long and must conform 2638 # to the regular expression (\[a-z\](\[-a-z0-9\]*\[a-z0-9\])?)?. 2639 # 2640 # No more than 256 labels can be associated with a given resource. 2641 # 2642 # Clients should store labels in a representation such as JSON that does not 2643 # depend on specific characters being disallowed. 2644 # 2645 # Example: <code>"environment" : "dev"</code> 2646 # Read-write. 2647 "a_key": "A String", 2648 }, 2649 "createTime": "A String", # Creation time. 2650 # 2651 # Read-only. 2652 "lifecycleState": "A String", # The Project lifecycle state. 2653 # 2654 # Read-only. 2655 "projectNumber": "A String", # The number uniquely identifying the project. 2656 # 2657 # Example: <code>415104041262</code> 2658 # Read-only. 2659 }</pre> 2660 </div> 2661 2662 </body></html>
