1 <html><body> 2 <style> 3 4 body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13 } 14 15 body { 16 font-size: 13px; 17 padding: 1em; 18 } 19 20 h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23 } 24 25 h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28 } 29 30 h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34 } 35 36 pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39 } 40 41 pre { 42 margin-top: 0.5em; 43 } 44 45 h1, h2, h3, p { 46 font-family: Arial, sans serif; 47 } 48 49 h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51 } 52 53 .toc_element { 54 margin-top: 0.5em; 55 } 56 57 .firstline { 58 margin-left: 2 em; 59 } 60 61 .method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66 } 67 68 .details { 69 font-weight: bold; 70 font-size: 14px; 71 } 72 73 </style> 74 75 <h1><a href="cloudresourcemanager_v1beta1.html">Google Cloud Resource Manager API</a> . <a href="cloudresourcemanager_v1beta1.organizations.html">organizations</a></h1> 76 <h2>Instance Methods</h2> 77 <p class="toc_element"> 78 <code><a href="#get">get(name, organizationId=None, x__xgafv=None)</a></code></p> 79 <p class="firstline">Fetches an Organization resource identified by the specified resource name.</p> 80 <p class="toc_element"> 81 <code><a href="#getIamPolicy">getIamPolicy(resource, body, x__xgafv=None)</a></code></p> 82 <p class="firstline">Gets the access control policy for an Organization resource. May be empty</p> 83 <p class="toc_element"> 84 <code><a href="#list">list(pageSize=None, filter=None, pageToken=None, x__xgafv=None)</a></code></p> 85 <p class="firstline">Lists Organization resources that are visible to the user and satisfy</p> 86 <p class="toc_element"> 87 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 88 <p class="firstline">Retrieves the next page of results.</p> 89 <p class="toc_element"> 90 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 91 <p class="firstline">Sets the access control policy on an Organization resource. Replaces any</p> 92 <p class="toc_element"> 93 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 94 <p class="firstline">Returns permissions that a caller has on the specified Organization.</p> 95 <p class="toc_element"> 96 <code><a href="#update">update(name, body, x__xgafv=None)</a></code></p> 97 <p class="firstline">Updates an Organization resource identified by the specified resource name.</p> 98 <h3>Method Details</h3> 99 <div class="method"> 100 <code class="details" id="get">get(name, organizationId=None, x__xgafv=None)</code> 101 <pre>Fetches an Organization resource identified by the specified resource name. 102 103 Args: 104 name: string, The resource name of the Organization to fetch, e.g. "organizations/1234". (required) 105 organizationId: string, The id of the Organization resource to fetch. 106 This field is deprecated and will be removed in v1. Use name instead. 107 x__xgafv: string, V1 error format. 108 Allowed values 109 1 - v1 error format 110 2 - v2 error format 111 112 Returns: 113 An object of the form: 114 115 { # The root node in the resource hierarchy to which a particular entity's 116 # (e.g., company) resources belong. 117 "displayName": "A String", # A friendly string to be used to refer to the Organization in the UI. 118 # Assigned by the server, set to the primary domain of the G Suite 119 # customer that owns the organization. 120 # @OutputOnly 121 "name": "A String", # Output Only. The resource name of the organization. This is the 122 # organization's relative path in the API. Its format is 123 # "organizations/[organization_id]". For example, "organizations/1234". 124 "organizationId": "A String", # An immutable id for the Organization that is assigned on creation. This 125 # should be omitted when creating a new Organization. 126 # This field is read-only. 127 # This field is deprecated and will be removed in v1. Use name instead. 128 "creationTime": "A String", # Timestamp when the Organization was created. Assigned by the server. 129 # @OutputOnly 130 "lifecycleState": "A String", # The organization's current lifecycle state. Assigned by the server. 131 # @OutputOnly 132 "owner": { # The entity that owns an Organization. The lifetime of the Organization and # The owner of this Organization. The owner should be specified on 133 # creation. Once set, it cannot be changed. 134 # This field is required. 135 # all of its descendants are bound to the `OrganizationOwner`. If the 136 # `OrganizationOwner` is deleted, the Organization and all its descendants will 137 # be deleted. 138 "directoryCustomerId": "A String", # The Google for Work customer id used in the Directory API. 139 }, 140 }</pre> 141 </div> 142 143 <div class="method"> 144 <code class="details" id="getIamPolicy">getIamPolicy(resource, body, x__xgafv=None)</code> 145 <pre>Gets the access control policy for an Organization resource. May be empty 146 if no such policy or resource exists. The `resource` field should be the 147 organization's resource name, e.g. "organizations/123". 148 149 Args: 150 resource: string, REQUIRED: The resource for which the policy is being requested. 151 See the operation documentation for the appropriate value for this field. (required) 152 body: object, The request body. (required) 153 The object takes the form of: 154 155 { # Request message for `GetIamPolicy` method. 156 } 157 158 x__xgafv: string, V1 error format. 159 Allowed values 160 1 - v1 error format 161 2 - v2 error format 162 163 Returns: 164 An object of the form: 165 166 { # Defines an Identity and Access Management (IAM) policy. It is used to 167 # specify access control policies for Cloud Platform resources. 168 # 169 # 170 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 171 # `members` to a `role`, where the members can be user accounts, Google groups, 172 # Google domains, and service accounts. A `role` is a named list of permissions 173 # defined by IAM. 174 # 175 # **Example** 176 # 177 # { 178 # "bindings": [ 179 # { 180 # "role": "roles/owner", 181 # "members": [ 182 # "user:mike (a] example.com", 183 # "group:admins (a] example.com", 184 # "domain:google.com", 185 # "serviceAccount:my-other-app (a] appspot.gserviceaccount.com", 186 # ] 187 # }, 188 # { 189 # "role": "roles/viewer", 190 # "members": ["user:sean (a] example.com"] 191 # } 192 # ] 193 # } 194 # 195 # For a description of IAM and its features, see the 196 # [IAM developer's guide](https://cloud.google.com/iam). 197 "bindings": [ # Associates a list of `members` to a `role`. 198 # Multiple `bindings` must not be specified for the same `role`. 199 # `bindings` with no members will result in an error. 200 { # Associates `members` with a `role`. 201 "role": "A String", # Role that is assigned to `members`. 202 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 203 # Required 204 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 205 # `members` can have the following values: 206 # 207 # * `allUsers`: A special identifier that represents anyone who is 208 # on the internet; with or without a Google account. 209 # 210 # * `allAuthenticatedUsers`: A special identifier that represents anyone 211 # who is authenticated with a Google account or a service account. 212 # 213 # * `user:{emailid}`: An email address that represents a specific Google 214 # account. For example, `alice (a] gmail.com` or `joe (a] example.com`. 215 # 216 # 217 # * `serviceAccount:{emailid}`: An email address that represents a service 218 # account. For example, `my-other-app (a] appspot.gserviceaccount.com`. 219 # 220 # * `group:{emailid}`: An email address that represents a Google group. 221 # For example, `admins (a] example.com`. 222 # 223 # 224 # * `domain:{domain}`: A Google Apps domain name that represents all the 225 # users of that domain. For example, `google.com` or `example.com`. 226 # 227 "A String", 228 ], 229 }, 230 ], 231 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 232 { # Specifies the audit configuration for a service. 233 # The configuration determines which permission types are logged, and what 234 # identities, if any, are exempted from logging. 235 # An AuditConfig must have one or more AuditLogConfigs. 236 # 237 # If there are AuditConfigs for both `allServices` and a specific service, 238 # the union of the two AuditConfigs is used for that service: the log_types 239 # specified in each AuditConfig are enabled, and the exempted_members in each 240 # AuditConfig are exempted. 241 # 242 # Example Policy with multiple AuditConfigs: 243 # 244 # { 245 # "audit_configs": [ 246 # { 247 # "service": "allServices" 248 # "audit_log_configs": [ 249 # { 250 # "log_type": "DATA_READ", 251 # "exempted_members": [ 252 # "user:foo (a] gmail.com" 253 # ] 254 # }, 255 # { 256 # "log_type": "DATA_WRITE", 257 # }, 258 # { 259 # "log_type": "ADMIN_READ", 260 # } 261 # ] 262 # }, 263 # { 264 # "service": "fooservice.googleapis.com" 265 # "audit_log_configs": [ 266 # { 267 # "log_type": "DATA_READ", 268 # }, 269 # { 270 # "log_type": "DATA_WRITE", 271 # "exempted_members": [ 272 # "user:bar (a] gmail.com" 273 # ] 274 # } 275 # ] 276 # } 277 # ] 278 # } 279 # 280 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 281 # logging. It also exempts foo (a] gmail.com from DATA_READ logging, and 282 # bar (a] gmail.com from DATA_WRITE logging. 283 "auditLogConfigs": [ # The configuration for logging of each type of permission. 284 # Next ID: 4 285 { # Provides the configuration for logging a type of permissions. 286 # Example: 287 # 288 # { 289 # "audit_log_configs": [ 290 # { 291 # "log_type": "DATA_READ", 292 # "exempted_members": [ 293 # "user:foo (a] gmail.com" 294 # ] 295 # }, 296 # { 297 # "log_type": "DATA_WRITE", 298 # } 299 # ] 300 # } 301 # 302 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 303 # foo (a] gmail.com from DATA_READ logging. 304 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 305 # permission. 306 # Follows the same format of Binding.members. 307 "A String", 308 ], 309 "logType": "A String", # The log type that this config enables. 310 }, 311 ], 312 "service": "A String", # Specifies a service that will be enabled for audit logging. 313 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 314 # `allServices` is a special value that covers all services. 315 }, 316 ], 317 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 318 # prevent simultaneous updates of a policy from overwriting each other. 319 # It is strongly suggested that systems make use of the `etag` in the 320 # read-modify-write cycle to perform policy updates in order to avoid race 321 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 322 # systems are expected to put that etag in the request to `setIamPolicy` to 323 # ensure that their change will be applied to the same version of the policy. 324 # 325 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 326 # policy is overwritten blindly. 327 "version": 42, # Version of the `Policy`. The default version is 0. 328 }</pre> 329 </div> 330 331 <div class="method"> 332 <code class="details" id="list">list(pageSize=None, filter=None, pageToken=None, x__xgafv=None)</code> 333 <pre>Lists Organization resources that are visible to the user and satisfy 334 the specified filter. This method returns Organizations in an unspecified 335 order. New Organizations do not necessarily appear at the end of the list. 336 337 Args: 338 pageSize: integer, The maximum number of Organizations to return in the response. 339 This field is optional. 340 filter: string, An optional query string used to filter the Organizations to return in 341 the response. Filter rules are case-insensitive. 342 343 344 Organizations may be filtered by `owner.directoryCustomerId` or by 345 `domain`, where the domain is a Google for Work domain, for example: 346 347 |Filter|Description| 348 |------|-----------| 349 |owner.directorycustomerid:123456789|Organizations with `owner.directory_customer_id` equal to `123456789`.| 350 |domain:google.com|Organizations corresponding to the domain `google.com`.| 351 352 This field is optional. 353 pageToken: string, A pagination token returned from a previous call to `ListOrganizations` 354 that indicates from where listing should continue. 355 This field is optional. 356 x__xgafv: string, V1 error format. 357 Allowed values 358 1 - v1 error format 359 2 - v2 error format 360 361 Returns: 362 An object of the form: 363 364 { # The response returned from the `ListOrganizations` method. 365 "nextPageToken": "A String", # A pagination token to be used to retrieve the next page of results. If the 366 # result is too large to fit within the page size specified in the request, 367 # this field will be set with a token that can be used to fetch the next page 368 # of results. If this field is empty, it indicates that this response 369 # contains the last page of results. 370 "organizations": [ # The list of Organizations that matched the list query, possibly paginated. 371 { # The root node in the resource hierarchy to which a particular entity's 372 # (e.g., company) resources belong. 373 "displayName": "A String", # A friendly string to be used to refer to the Organization in the UI. 374 # Assigned by the server, set to the primary domain of the G Suite 375 # customer that owns the organization. 376 # @OutputOnly 377 "name": "A String", # Output Only. The resource name of the organization. This is the 378 # organization's relative path in the API. Its format is 379 # "organizations/[organization_id]". For example, "organizations/1234". 380 "organizationId": "A String", # An immutable id for the Organization that is assigned on creation. This 381 # should be omitted when creating a new Organization. 382 # This field is read-only. 383 # This field is deprecated and will be removed in v1. Use name instead. 384 "creationTime": "A String", # Timestamp when the Organization was created. Assigned by the server. 385 # @OutputOnly 386 "lifecycleState": "A String", # The organization's current lifecycle state. Assigned by the server. 387 # @OutputOnly 388 "owner": { # The entity that owns an Organization. The lifetime of the Organization and # The owner of this Organization. The owner should be specified on 389 # creation. Once set, it cannot be changed. 390 # This field is required. 391 # all of its descendants are bound to the `OrganizationOwner`. If the 392 # `OrganizationOwner` is deleted, the Organization and all its descendants will 393 # be deleted. 394 "directoryCustomerId": "A String", # The Google for Work customer id used in the Directory API. 395 }, 396 }, 397 ], 398 }</pre> 399 </div> 400 401 <div class="method"> 402 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 403 <pre>Retrieves the next page of results. 404 405 Args: 406 previous_request: The request for the previous page. (required) 407 previous_response: The response from the request for the previous page. (required) 408 409 Returns: 410 A request object that you can call 'execute()' on to request the next 411 page. Returns None if there are no more items in the collection. 412 </pre> 413 </div> 414 415 <div class="method"> 416 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 417 <pre>Sets the access control policy on an Organization resource. Replaces any 418 existing policy. The `resource` field should be the organization's resource 419 name, e.g. "organizations/123". 420 421 Args: 422 resource: string, REQUIRED: The resource for which the policy is being specified. 423 See the operation documentation for the appropriate value for this field. (required) 424 body: object, The request body. (required) 425 The object takes the form of: 426 427 { # Request message for `SetIamPolicy` method. 428 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 429 # the policy is limited to a few 10s of KB. An empty policy is a 430 # valid policy but certain Cloud Platform services (such as Projects) 431 # might reject them. 432 # specify access control policies for Cloud Platform resources. 433 # 434 # 435 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 436 # `members` to a `role`, where the members can be user accounts, Google groups, 437 # Google domains, and service accounts. A `role` is a named list of permissions 438 # defined by IAM. 439 # 440 # **Example** 441 # 442 # { 443 # "bindings": [ 444 # { 445 # "role": "roles/owner", 446 # "members": [ 447 # "user:mike (a] example.com", 448 # "group:admins (a] example.com", 449 # "domain:google.com", 450 # "serviceAccount:my-other-app (a] appspot.gserviceaccount.com", 451 # ] 452 # }, 453 # { 454 # "role": "roles/viewer", 455 # "members": ["user:sean (a] example.com"] 456 # } 457 # ] 458 # } 459 # 460 # For a description of IAM and its features, see the 461 # [IAM developer's guide](https://cloud.google.com/iam). 462 "bindings": [ # Associates a list of `members` to a `role`. 463 # Multiple `bindings` must not be specified for the same `role`. 464 # `bindings` with no members will result in an error. 465 { # Associates `members` with a `role`. 466 "role": "A String", # Role that is assigned to `members`. 467 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 468 # Required 469 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 470 # `members` can have the following values: 471 # 472 # * `allUsers`: A special identifier that represents anyone who is 473 # on the internet; with or without a Google account. 474 # 475 # * `allAuthenticatedUsers`: A special identifier that represents anyone 476 # who is authenticated with a Google account or a service account. 477 # 478 # * `user:{emailid}`: An email address that represents a specific Google 479 # account. For example, `alice (a] gmail.com` or `joe (a] example.com`. 480 # 481 # 482 # * `serviceAccount:{emailid}`: An email address that represents a service 483 # account. For example, `my-other-app (a] appspot.gserviceaccount.com`. 484 # 485 # * `group:{emailid}`: An email address that represents a Google group. 486 # For example, `admins (a] example.com`. 487 # 488 # 489 # * `domain:{domain}`: A Google Apps domain name that represents all the 490 # users of that domain. For example, `google.com` or `example.com`. 491 # 492 "A String", 493 ], 494 }, 495 ], 496 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 497 { # Specifies the audit configuration for a service. 498 # The configuration determines which permission types are logged, and what 499 # identities, if any, are exempted from logging. 500 # An AuditConfig must have one or more AuditLogConfigs. 501 # 502 # If there are AuditConfigs for both `allServices` and a specific service, 503 # the union of the two AuditConfigs is used for that service: the log_types 504 # specified in each AuditConfig are enabled, and the exempted_members in each 505 # AuditConfig are exempted. 506 # 507 # Example Policy with multiple AuditConfigs: 508 # 509 # { 510 # "audit_configs": [ 511 # { 512 # "service": "allServices" 513 # "audit_log_configs": [ 514 # { 515 # "log_type": "DATA_READ", 516 # "exempted_members": [ 517 # "user:foo (a] gmail.com" 518 # ] 519 # }, 520 # { 521 # "log_type": "DATA_WRITE", 522 # }, 523 # { 524 # "log_type": "ADMIN_READ", 525 # } 526 # ] 527 # }, 528 # { 529 # "service": "fooservice.googleapis.com" 530 # "audit_log_configs": [ 531 # { 532 # "log_type": "DATA_READ", 533 # }, 534 # { 535 # "log_type": "DATA_WRITE", 536 # "exempted_members": [ 537 # "user:bar (a] gmail.com" 538 # ] 539 # } 540 # ] 541 # } 542 # ] 543 # } 544 # 545 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 546 # logging. It also exempts foo (a] gmail.com from DATA_READ logging, and 547 # bar (a] gmail.com from DATA_WRITE logging. 548 "auditLogConfigs": [ # The configuration for logging of each type of permission. 549 # Next ID: 4 550 { # Provides the configuration for logging a type of permissions. 551 # Example: 552 # 553 # { 554 # "audit_log_configs": [ 555 # { 556 # "log_type": "DATA_READ", 557 # "exempted_members": [ 558 # "user:foo (a] gmail.com" 559 # ] 560 # }, 561 # { 562 # "log_type": "DATA_WRITE", 563 # } 564 # ] 565 # } 566 # 567 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 568 # foo (a] gmail.com from DATA_READ logging. 569 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 570 # permission. 571 # Follows the same format of Binding.members. 572 "A String", 573 ], 574 "logType": "A String", # The log type that this config enables. 575 }, 576 ], 577 "service": "A String", # Specifies a service that will be enabled for audit logging. 578 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 579 # `allServices` is a special value that covers all services. 580 }, 581 ], 582 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 583 # prevent simultaneous updates of a policy from overwriting each other. 584 # It is strongly suggested that systems make use of the `etag` in the 585 # read-modify-write cycle to perform policy updates in order to avoid race 586 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 587 # systems are expected to put that etag in the request to `setIamPolicy` to 588 # ensure that their change will be applied to the same version of the policy. 589 # 590 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 591 # policy is overwritten blindly. 592 "version": 42, # Version of the `Policy`. The default version is 0. 593 }, 594 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 595 # the fields in the mask will be modified. If no mask is provided, the 596 # following default mask is used: 597 # paths: "bindings, etag" 598 # This field is only used by Cloud IAM. 599 } 600 601 x__xgafv: string, V1 error format. 602 Allowed values 603 1 - v1 error format 604 2 - v2 error format 605 606 Returns: 607 An object of the form: 608 609 { # Defines an Identity and Access Management (IAM) policy. It is used to 610 # specify access control policies for Cloud Platform resources. 611 # 612 # 613 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 614 # `members` to a `role`, where the members can be user accounts, Google groups, 615 # Google domains, and service accounts. A `role` is a named list of permissions 616 # defined by IAM. 617 # 618 # **Example** 619 # 620 # { 621 # "bindings": [ 622 # { 623 # "role": "roles/owner", 624 # "members": [ 625 # "user:mike (a] example.com", 626 # "group:admins (a] example.com", 627 # "domain:google.com", 628 # "serviceAccount:my-other-app (a] appspot.gserviceaccount.com", 629 # ] 630 # }, 631 # { 632 # "role": "roles/viewer", 633 # "members": ["user:sean (a] example.com"] 634 # } 635 # ] 636 # } 637 # 638 # For a description of IAM and its features, see the 639 # [IAM developer's guide](https://cloud.google.com/iam). 640 "bindings": [ # Associates a list of `members` to a `role`. 641 # Multiple `bindings` must not be specified for the same `role`. 642 # `bindings` with no members will result in an error. 643 { # Associates `members` with a `role`. 644 "role": "A String", # Role that is assigned to `members`. 645 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 646 # Required 647 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 648 # `members` can have the following values: 649 # 650 # * `allUsers`: A special identifier that represents anyone who is 651 # on the internet; with or without a Google account. 652 # 653 # * `allAuthenticatedUsers`: A special identifier that represents anyone 654 # who is authenticated with a Google account or a service account. 655 # 656 # * `user:{emailid}`: An email address that represents a specific Google 657 # account. For example, `alice (a] gmail.com` or `joe (a] example.com`. 658 # 659 # 660 # * `serviceAccount:{emailid}`: An email address that represents a service 661 # account. For example, `my-other-app (a] appspot.gserviceaccount.com`. 662 # 663 # * `group:{emailid}`: An email address that represents a Google group. 664 # For example, `admins (a] example.com`. 665 # 666 # 667 # * `domain:{domain}`: A Google Apps domain name that represents all the 668 # users of that domain. For example, `google.com` or `example.com`. 669 # 670 "A String", 671 ], 672 }, 673 ], 674 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 675 { # Specifies the audit configuration for a service. 676 # The configuration determines which permission types are logged, and what 677 # identities, if any, are exempted from logging. 678 # An AuditConfig must have one or more AuditLogConfigs. 679 # 680 # If there are AuditConfigs for both `allServices` and a specific service, 681 # the union of the two AuditConfigs is used for that service: the log_types 682 # specified in each AuditConfig are enabled, and the exempted_members in each 683 # AuditConfig are exempted. 684 # 685 # Example Policy with multiple AuditConfigs: 686 # 687 # { 688 # "audit_configs": [ 689 # { 690 # "service": "allServices" 691 # "audit_log_configs": [ 692 # { 693 # "log_type": "DATA_READ", 694 # "exempted_members": [ 695 # "user:foo (a] gmail.com" 696 # ] 697 # }, 698 # { 699 # "log_type": "DATA_WRITE", 700 # }, 701 # { 702 # "log_type": "ADMIN_READ", 703 # } 704 # ] 705 # }, 706 # { 707 # "service": "fooservice.googleapis.com" 708 # "audit_log_configs": [ 709 # { 710 # "log_type": "DATA_READ", 711 # }, 712 # { 713 # "log_type": "DATA_WRITE", 714 # "exempted_members": [ 715 # "user:bar (a] gmail.com" 716 # ] 717 # } 718 # ] 719 # } 720 # ] 721 # } 722 # 723 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 724 # logging. It also exempts foo (a] gmail.com from DATA_READ logging, and 725 # bar (a] gmail.com from DATA_WRITE logging. 726 "auditLogConfigs": [ # The configuration for logging of each type of permission. 727 # Next ID: 4 728 { # Provides the configuration for logging a type of permissions. 729 # Example: 730 # 731 # { 732 # "audit_log_configs": [ 733 # { 734 # "log_type": "DATA_READ", 735 # "exempted_members": [ 736 # "user:foo (a] gmail.com" 737 # ] 738 # }, 739 # { 740 # "log_type": "DATA_WRITE", 741 # } 742 # ] 743 # } 744 # 745 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 746 # foo (a] gmail.com from DATA_READ logging. 747 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 748 # permission. 749 # Follows the same format of Binding.members. 750 "A String", 751 ], 752 "logType": "A String", # The log type that this config enables. 753 }, 754 ], 755 "service": "A String", # Specifies a service that will be enabled for audit logging. 756 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 757 # `allServices` is a special value that covers all services. 758 }, 759 ], 760 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 761 # prevent simultaneous updates of a policy from overwriting each other. 762 # It is strongly suggested that systems make use of the `etag` in the 763 # read-modify-write cycle to perform policy updates in order to avoid race 764 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 765 # systems are expected to put that etag in the request to `setIamPolicy` to 766 # ensure that their change will be applied to the same version of the policy. 767 # 768 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 769 # policy is overwritten blindly. 770 "version": 42, # Version of the `Policy`. The default version is 0. 771 }</pre> 772 </div> 773 774 <div class="method"> 775 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 776 <pre>Returns permissions that a caller has on the specified Organization. 777 The `resource` field should be the organization's resource name, 778 e.g. "organizations/123". 779 780 Args: 781 resource: string, REQUIRED: The resource for which the policy detail is being requested. 782 See the operation documentation for the appropriate value for this field. (required) 783 body: object, The request body. (required) 784 The object takes the form of: 785 786 { # Request message for `TestIamPermissions` method. 787 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 788 # wildcards (such as '*' or 'storage.*') are not allowed. For more 789 # information see 790 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 791 "A String", 792 ], 793 } 794 795 x__xgafv: string, V1 error format. 796 Allowed values 797 1 - v1 error format 798 2 - v2 error format 799 800 Returns: 801 An object of the form: 802 803 { # Response message for `TestIamPermissions` method. 804 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 805 # allowed. 806 "A String", 807 ], 808 }</pre> 809 </div> 810 811 <div class="method"> 812 <code class="details" id="update">update(name, body, x__xgafv=None)</code> 813 <pre>Updates an Organization resource identified by the specified resource name. 814 815 Args: 816 name: string, Output Only. The resource name of the organization. This is the 817 organization's relative path in the API. Its format is 818 "organizations/[organization_id]". For example, "organizations/1234". (required) 819 body: object, The request body. (required) 820 The object takes the form of: 821 822 { # The root node in the resource hierarchy to which a particular entity's 823 # (e.g., company) resources belong. 824 "displayName": "A String", # A friendly string to be used to refer to the Organization in the UI. 825 # Assigned by the server, set to the primary domain of the G Suite 826 # customer that owns the organization. 827 # @OutputOnly 828 "name": "A String", # Output Only. The resource name of the organization. This is the 829 # organization's relative path in the API. Its format is 830 # "organizations/[organization_id]". For example, "organizations/1234". 831 "organizationId": "A String", # An immutable id for the Organization that is assigned on creation. This 832 # should be omitted when creating a new Organization. 833 # This field is read-only. 834 # This field is deprecated and will be removed in v1. Use name instead. 835 "creationTime": "A String", # Timestamp when the Organization was created. Assigned by the server. 836 # @OutputOnly 837 "lifecycleState": "A String", # The organization's current lifecycle state. Assigned by the server. 838 # @OutputOnly 839 "owner": { # The entity that owns an Organization. The lifetime of the Organization and # The owner of this Organization. The owner should be specified on 840 # creation. Once set, it cannot be changed. 841 # This field is required. 842 # all of its descendants are bound to the `OrganizationOwner`. If the 843 # `OrganizationOwner` is deleted, the Organization and all its descendants will 844 # be deleted. 845 "directoryCustomerId": "A String", # The Google for Work customer id used in the Directory API. 846 }, 847 } 848 849 x__xgafv: string, V1 error format. 850 Allowed values 851 1 - v1 error format 852 2 - v2 error format 853 854 Returns: 855 An object of the form: 856 857 { # The root node in the resource hierarchy to which a particular entity's 858 # (e.g., company) resources belong. 859 "displayName": "A String", # A friendly string to be used to refer to the Organization in the UI. 860 # Assigned by the server, set to the primary domain of the G Suite 861 # customer that owns the organization. 862 # @OutputOnly 863 "name": "A String", # Output Only. The resource name of the organization. This is the 864 # organization's relative path in the API. Its format is 865 # "organizations/[organization_id]". For example, "organizations/1234". 866 "organizationId": "A String", # An immutable id for the Organization that is assigned on creation. This 867 # should be omitted when creating a new Organization. 868 # This field is read-only. 869 # This field is deprecated and will be removed in v1. Use name instead. 870 "creationTime": "A String", # Timestamp when the Organization was created. Assigned by the server. 871 # @OutputOnly 872 "lifecycleState": "A String", # The organization's current lifecycle state. Assigned by the server. 873 # @OutputOnly 874 "owner": { # The entity that owns an Organization. The lifetime of the Organization and # The owner of this Organization. The owner should be specified on 875 # creation. Once set, it cannot be changed. 876 # This field is required. 877 # all of its descendants are bound to the `OrganizationOwner`. If the 878 # `OrganizationOwner` is deleted, the Organization and all its descendants will 879 # be deleted. 880 "directoryCustomerId": "A String", # The Google for Work customer id used in the Directory API. 881 }, 882 }</pre> 883 </div> 884 885 </body></html>
