1 <html><body> 2 <style> 3 4 body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13 } 14 15 body { 16 font-size: 13px; 17 padding: 1em; 18 } 19 20 h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23 } 24 25 h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28 } 29 30 h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34 } 35 36 pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39 } 40 41 pre { 42 margin-top: 0.5em; 43 } 44 45 h1, h2, h3, p { 46 font-family: Arial, sans serif; 47 } 48 49 h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51 } 52 53 .toc_element { 54 margin-top: 0.5em; 55 } 56 57 .firstline { 58 margin-left: 2 em; 59 } 60 61 .method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66 } 67 68 .details { 69 font-weight: bold; 70 font-size: 14px; 71 } 72 73 </style> 74 75 <h1><a href="spanner_v1.html">Cloud Spanner API</a> . <a href="spanner_v1.projects.html">projects</a> . <a href="spanner_v1.projects.instances.html">instances</a></h1> 76 <h2>Instance Methods</h2> 77 <p class="toc_element"> 78 <code><a href="spanner_v1.projects.instances.databases.html">databases()</a></code> 79 </p> 80 <p class="firstline">Returns the databases Resource.</p> 81 82 <p class="toc_element"> 83 <code><a href="spanner_v1.projects.instances.operations.html">operations()</a></code> 84 </p> 85 <p class="firstline">Returns the operations Resource.</p> 86 87 <p class="toc_element"> 88 <code><a href="#create">create(parent, body, x__xgafv=None)</a></code></p> 89 <p class="firstline">Creates an instance and begins preparing it to begin serving. The</p> 90 <p class="toc_element"> 91 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> 92 <p class="firstline">Deletes an instance.</p> 93 <p class="toc_element"> 94 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 95 <p class="firstline">Gets information about a particular instance.</p> 96 <p class="toc_element"> 97 <code><a href="#getIamPolicy">getIamPolicy(resource, body, x__xgafv=None)</a></code></p> 98 <p class="firstline">Gets the access control policy for an instance resource. Returns an empty</p> 99 <p class="toc_element"> 100 <code><a href="#list">list(parent, pageSize=None, filter=None, pageToken=None, x__xgafv=None)</a></code></p> 101 <p class="firstline">Lists all instances in the given project.</p> 102 <p class="toc_element"> 103 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 104 <p class="firstline">Retrieves the next page of results.</p> 105 <p class="toc_element"> 106 <code><a href="#patch">patch(name, body, x__xgafv=None)</a></code></p> 107 <p class="firstline">Updates an instance, and begins allocating or releasing resources</p> 108 <p class="toc_element"> 109 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 110 <p class="firstline">Sets the access control policy on an instance resource. Replaces any</p> 111 <p class="toc_element"> 112 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 113 <p class="firstline">Returns permissions that the caller has on the specified instance resource.</p> 114 <h3>Method Details</h3> 115 <div class="method"> 116 <code class="details" id="create">create(parent, body, x__xgafv=None)</code> 117 <pre>Creates an instance and begins preparing it to begin serving. The 118 returned long-running operation 119 can be used to track the progress of preparing the new 120 instance. The instance name is assigned by the caller. If the 121 named instance already exists, `CreateInstance` returns 122 `ALREADY_EXISTS`. 123 124 Immediately upon completion of this request: 125 126 * The instance is readable via the API, with all requested attributes 127 but no allocated resources. Its state is `CREATING`. 128 129 Until completion of the returned operation: 130 131 * Cancelling the operation renders the instance immediately unreadable 132 via the API. 133 * The instance can be deleted. 134 * All other attempts to modify the instance are rejected. 135 136 Upon completion of the returned operation: 137 138 * Billing for all successfully-allocated resources begins (some types 139 may have lower than the requested levels). 140 * Databases can be created in the instance. 141 * The instance's allocated resource levels are readable via the API. 142 * The instance's state becomes `READY`. 143 144 The returned long-running operation will 145 have a name of the format `<instance_name>/operations/<operation_id>` and 146 can be used to track creation of the instance. The 147 metadata field type is 148 CreateInstanceMetadata. 149 The response field type is 150 Instance, if successful. 151 152 Args: 153 parent: string, Required. The name of the project in which to create the instance. Values 154 are of the form `projects/<project>`. (required) 155 body: object, The request body. (required) 156 The object takes the form of: 157 158 { # The request for CreateInstance. 159 "instanceId": "A String", # Required. The ID of the instance to create. Valid identifiers are of the 160 # form `a-z*[a-z0-9]` and must be between 6 and 30 characters in 161 # length. 162 "instance": { # An isolated set of Cloud Spanner resources on which databases can be hosted. # Required. The instance to create. The name may be omitted, but if 163 # specified must be `<parent>/instances/<instance_id>`. 164 "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. 165 # Must be unique per project and between 4 and 30 characters in length. 166 "name": "A String", # Required. A unique identifier for the instance, which cannot be changed 167 # after the instance is created. Values are of the form 168 # `projects/<project>/instances/a-z*[a-z0-9]`. The final 169 # segment of the name must be between 6 and 30 characters in length. 170 "labels": { # Cloud Labels are a flexible and lightweight mechanism for organizing cloud 171 # resources into groups that reflect a customer's organizational needs and 172 # deployment strategies. Cloud Labels can be used to filter collections of 173 # resources. They can be used to control how resource metrics are aggregated. 174 # And they can be used as arguments to policy management rules (e.g. route, 175 # firewall, load balancing, etc.). 176 # 177 # * Label keys must be between 1 and 63 characters long and must conform to 178 # the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. 179 # * Label values must be between 0 and 63 characters long and must conform 180 # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. 181 # * No more than 64 labels can be associated with a given resource. 182 # 183 # See https://goo.gl/xmQnxf for more information on and examples of labels. 184 # 185 # If you plan to use labels in your own code, please note that additional 186 # characters may be allowed in the future. And so you are advised to use an 187 # internal label representation, such as JSON, which doesn't rely upon 188 # specific characters being disallowed. For example, representing labels 189 # as the string: name + "_" + value would prove problematic if we were to 190 # allow "_" in a future release. 191 "a_key": "A String", 192 }, 193 "state": "A String", # Output only. The current instance state. For 194 # CreateInstance, the state must be 195 # either omitted or set to `CREATING`. For 196 # UpdateInstance, the state must be 197 # either omitted or set to `READY`. 198 "nodeCount": 42, # Required. The number of nodes allocated to this instance. 199 "config": "A String", # Required. The name of the instance's configuration. Values are of the form 200 # `projects/<project>/instanceConfigs/<configuration>`. See 201 # also InstanceConfig and 202 # ListInstanceConfigs. 203 }, 204 } 205 206 x__xgafv: string, V1 error format. 207 Allowed values 208 1 - v1 error format 209 2 - v2 error format 210 211 Returns: 212 An object of the form: 213 214 { # This resource represents a long-running operation that is the result of a 215 # network API call. 216 "metadata": { # Service-specific metadata associated with the operation. It typically 217 # contains progress information and common metadata such as create time. 218 # Some services might not provide such metadata. Any method that returns a 219 # long-running operation should document the metadata type, if any. 220 "a_key": "", # Properties of the object. Contains field @type with type URL. 221 }, 222 "done": True or False, # If the value is `false`, it means the operation is still in progress. 223 # If true, the operation is completed, and either `error` or `response` is 224 # available. 225 "response": { # The normal response of the operation in case of success. If the original 226 # method returns no data on success, such as `Delete`, the response is 227 # `google.protobuf.Empty`. If the original method is standard 228 # `Get`/`Create`/`Update`, the response should be the resource. For other 229 # methods, the response should have the type `XxxResponse`, where `Xxx` 230 # is the original method name. For example, if the original method name 231 # is `TakeSnapshot()`, the inferred response type is 232 # `TakeSnapshotResponse`. 233 "a_key": "", # Properties of the object. Contains field @type with type URL. 234 }, 235 "name": "A String", # The server-assigned name, which is only unique within the same service that 236 # originally returns it. If you use the default HTTP mapping, the 237 # `name` should have the format of `operations/some/unique/name`. 238 "error": { # The `Status` type defines a logical error model that is suitable for different # The error result of the operation in case of failure or cancellation. 239 # programming environments, including REST APIs and RPC APIs. It is used by 240 # [gRPC](https://github.com/grpc). The error model is designed to be: 241 # 242 # - Simple to use and understand for most users 243 # - Flexible enough to meet unexpected needs 244 # 245 # # Overview 246 # 247 # The `Status` message contains three pieces of data: error code, error message, 248 # and error details. The error code should be an enum value of 249 # google.rpc.Code, but it may accept additional error codes if needed. The 250 # error message should be a developer-facing English message that helps 251 # developers *understand* and *resolve* the error. If a localized user-facing 252 # error message is needed, put the localized message in the error details or 253 # localize it in the client. The optional error details may contain arbitrary 254 # information about the error. There is a predefined set of error detail types 255 # in the package `google.rpc` which can be used for common error conditions. 256 # 257 # # Language mapping 258 # 259 # The `Status` message is the logical representation of the error model, but it 260 # is not necessarily the actual wire format. When the `Status` message is 261 # exposed in different client libraries and different wire protocols, it can be 262 # mapped differently. For example, it will likely be mapped to some exceptions 263 # in Java, but more likely mapped to some error codes in C. 264 # 265 # # Other uses 266 # 267 # The error model and the `Status` message can be used in a variety of 268 # environments, either with or without APIs, to provide a 269 # consistent developer experience across different environments. 270 # 271 # Example uses of this error model include: 272 # 273 # - Partial errors. If a service needs to return partial errors to the client, 274 # it may embed the `Status` in the normal response to indicate the partial 275 # errors. 276 # 277 # - Workflow errors. A typical workflow has multiple steps. Each step may 278 # have a `Status` message for error reporting purpose. 279 # 280 # - Batch operations. If a client uses batch request and batch response, the 281 # `Status` message should be used directly inside batch response, one for 282 # each error sub-response. 283 # 284 # - Asynchronous operations. If an API call embeds asynchronous operation 285 # results in its response, the status of those operations should be 286 # represented directly using the `Status` message. 287 # 288 # - Logging. If some API errors are stored in logs, the message `Status` could 289 # be used directly after any stripping needed for security/privacy reasons. 290 "message": "A String", # A developer-facing error message, which should be in English. Any 291 # user-facing error message should be localized and sent in the 292 # google.rpc.Status.details field, or localized by the client. 293 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 294 "details": [ # A list of messages that carry the error details. There will be a 295 # common set of message types for APIs to use. 296 { 297 "a_key": "", # Properties of the object. Contains field @type with type URL. 298 }, 299 ], 300 }, 301 }</pre> 302 </div> 303 304 <div class="method"> 305 <code class="details" id="delete">delete(name, x__xgafv=None)</code> 306 <pre>Deletes an instance. 307 308 Immediately upon completion of the request: 309 310 * Billing ceases for all of the instance's reserved resources. 311 312 Soon afterward: 313 314 * The instance and *all of its databases* immediately and 315 irrevocably disappear from the API. All data in the databases 316 is permanently deleted. 317 318 Args: 319 name: string, Required. The name of the instance to be deleted. Values are of the form 320 `projects/<project>/instances/<instance>` (required) 321 x__xgafv: string, V1 error format. 322 Allowed values 323 1 - v1 error format 324 2 - v2 error format 325 326 Returns: 327 An object of the form: 328 329 { # A generic empty message that you can re-use to avoid defining duplicated 330 # empty messages in your APIs. A typical example is to use it as the request 331 # or the response type of an API method. For instance: 332 # 333 # service Foo { 334 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 335 # } 336 # 337 # The JSON representation for `Empty` is empty JSON object `{}`. 338 }</pre> 339 </div> 340 341 <div class="method"> 342 <code class="details" id="get">get(name, x__xgafv=None)</code> 343 <pre>Gets information about a particular instance. 344 345 Args: 346 name: string, Required. The name of the requested instance. Values are of the form 347 `projects/<project>/instances/<instance>`. (required) 348 x__xgafv: string, V1 error format. 349 Allowed values 350 1 - v1 error format 351 2 - v2 error format 352 353 Returns: 354 An object of the form: 355 356 { # An isolated set of Cloud Spanner resources on which databases can be hosted. 357 "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. 358 # Must be unique per project and between 4 and 30 characters in length. 359 "name": "A String", # Required. A unique identifier for the instance, which cannot be changed 360 # after the instance is created. Values are of the form 361 # `projects/<project>/instances/a-z*[a-z0-9]`. The final 362 # segment of the name must be between 6 and 30 characters in length. 363 "labels": { # Cloud Labels are a flexible and lightweight mechanism for organizing cloud 364 # resources into groups that reflect a customer's organizational needs and 365 # deployment strategies. Cloud Labels can be used to filter collections of 366 # resources. They can be used to control how resource metrics are aggregated. 367 # And they can be used as arguments to policy management rules (e.g. route, 368 # firewall, load balancing, etc.). 369 # 370 # * Label keys must be between 1 and 63 characters long and must conform to 371 # the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. 372 # * Label values must be between 0 and 63 characters long and must conform 373 # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. 374 # * No more than 64 labels can be associated with a given resource. 375 # 376 # See https://goo.gl/xmQnxf for more information on and examples of labels. 377 # 378 # If you plan to use labels in your own code, please note that additional 379 # characters may be allowed in the future. And so you are advised to use an 380 # internal label representation, such as JSON, which doesn't rely upon 381 # specific characters being disallowed. For example, representing labels 382 # as the string: name + "_" + value would prove problematic if we were to 383 # allow "_" in a future release. 384 "a_key": "A String", 385 }, 386 "state": "A String", # Output only. The current instance state. For 387 # CreateInstance, the state must be 388 # either omitted or set to `CREATING`. For 389 # UpdateInstance, the state must be 390 # either omitted or set to `READY`. 391 "nodeCount": 42, # Required. The number of nodes allocated to this instance. 392 "config": "A String", # Required. The name of the instance's configuration. Values are of the form 393 # `projects/<project>/instanceConfigs/<configuration>`. See 394 # also InstanceConfig and 395 # ListInstanceConfigs. 396 }</pre> 397 </div> 398 399 <div class="method"> 400 <code class="details" id="getIamPolicy">getIamPolicy(resource, body, x__xgafv=None)</code> 401 <pre>Gets the access control policy for an instance resource. Returns an empty 402 policy if an instance exists but does not have a policy set. 403 404 Authorization requires `spanner.instances.getIamPolicy` on 405 resource. 406 407 Args: 408 resource: string, REQUIRED: The Cloud Spanner resource for which the policy is being retrieved. The format is `projects/<project ID>/instances/<instance ID>` for instance resources and `projects/<project ID>/instances/<instance ID>/databases/<database ID>` for database resources. (required) 409 body: object, The request body. (required) 410 The object takes the form of: 411 412 { # Request message for `GetIamPolicy` method. 413 } 414 415 x__xgafv: string, V1 error format. 416 Allowed values 417 1 - v1 error format 418 2 - v2 error format 419 420 Returns: 421 An object of the form: 422 423 { # Defines an Identity and Access Management (IAM) policy. It is used to 424 # specify access control policies for Cloud Platform resources. 425 # 426 # 427 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 428 # `members` to a `role`, where the members can be user accounts, Google groups, 429 # Google domains, and service accounts. A `role` is a named list of permissions 430 # defined by IAM. 431 # 432 # **Example** 433 # 434 # { 435 # "bindings": [ 436 # { 437 # "role": "roles/owner", 438 # "members": [ 439 # "user:mike (a] example.com", 440 # "group:admins (a] example.com", 441 # "domain:google.com", 442 # "serviceAccount:my-other-app (a] appspot.gserviceaccount.com", 443 # ] 444 # }, 445 # { 446 # "role": "roles/viewer", 447 # "members": ["user:sean (a] example.com"] 448 # } 449 # ] 450 # } 451 # 452 # For a description of IAM and its features, see the 453 # [IAM developer's guide](https://cloud.google.com/iam). 454 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 455 { # Specifies the audit configuration for a service. 456 # The configuration determines which permission types are logged, and what 457 # identities, if any, are exempted from logging. 458 # An AuditConifg must have one or more AuditLogConfigs. 459 # 460 # If there are AuditConfigs for both `allServices` and a specific service, 461 # the union of the two AuditConfigs is used for that service: the log_types 462 # specified in each AuditConfig are enabled, and the exempted_members in each 463 # AuditConfig are exempted. 464 # 465 # Example Policy with multiple AuditConfigs: 466 # 467 # { 468 # "audit_configs": [ 469 # { 470 # "service": "allServices" 471 # "audit_log_configs": [ 472 # { 473 # "log_type": "DATA_READ", 474 # "exempted_members": [ 475 # "user:foo (a] gmail.com" 476 # ] 477 # }, 478 # { 479 # "log_type": "DATA_WRITE", 480 # }, 481 # { 482 # "log_type": "ADMIN_READ", 483 # } 484 # ] 485 # }, 486 # { 487 # "service": "fooservice.googleapis.com" 488 # "audit_log_configs": [ 489 # { 490 # "log_type": "DATA_READ", 491 # }, 492 # { 493 # "log_type": "DATA_WRITE", 494 # "exempted_members": [ 495 # "user:bar (a] gmail.com" 496 # ] 497 # } 498 # ] 499 # } 500 # ] 501 # } 502 # 503 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 504 # logging. It also exempts foo (a] gmail.com from DATA_READ logging, and 505 # bar (a] gmail.com from DATA_WRITE logging. 506 "exemptedMembers": [ 507 "A String", 508 ], 509 "auditLogConfigs": [ # The configuration for logging of each type of permission. 510 # Next ID: 4 511 { # Provides the configuration for logging a type of permissions. 512 # Example: 513 # 514 # { 515 # "audit_log_configs": [ 516 # { 517 # "log_type": "DATA_READ", 518 # "exempted_members": [ 519 # "user:foo (a] gmail.com" 520 # ] 521 # }, 522 # { 523 # "log_type": "DATA_WRITE", 524 # } 525 # ] 526 # } 527 # 528 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 529 # foo (a] gmail.com from DATA_READ logging. 530 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 531 # permission. 532 # Follows the same format of Binding.members. 533 "A String", 534 ], 535 "logType": "A String", # The log type that this config enables. 536 }, 537 ], 538 "service": "A String", # Specifies a service that will be enabled for audit logging. 539 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 540 # `allServices` is a special value that covers all services. 541 }, 542 ], 543 "rules": [ # If more than one rule is specified, the rules are applied in the following 544 # manner: 545 # - All matching LOG rules are always applied. 546 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 547 # Logging will be applied if one or more matching rule requires logging. 548 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 549 # granted. 550 # Logging will be applied if one or more matching rule requires logging. 551 # - Otherwise, if no rule applies, permission is denied. 552 { # A rule to be applied in a Policy. 553 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 554 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 555 # The format for in and not_in entries is the same as for members in a 556 # Binding (see google/iam/v1/policy.proto). 557 "A String", 558 ], 559 "description": "A String", # Human-readable description of the rule. 560 "in": [ # If one or more 'in' clauses are specified, the rule matches if 561 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 562 "A String", 563 ], 564 "action": "A String", # Required 565 "conditions": [ # Additional restrictions that must be met 566 { # A condition to be met. 567 "iam": "A String", # Trusted attributes supplied by the IAM system. 568 "svc": "A String", # Trusted attributes discharged by the service. 569 "value": "A String", # DEPRECATED. Use 'values' instead. 570 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 571 # the IAM system for access control. 572 "values": [ # The objects of the condition. This is mutually exclusive with 'value'. 573 "A String", 574 ], 575 "op": "A String", # An operator to apply the subject with. 576 }, 577 ], 578 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 579 # that match the LOG action. 580 { # Specifies what kind of log the caller must write 581 "counter": { # Options for counters # Counter options. 582 "field": "A String", # The field value to attribute. 583 "metric": "A String", # The metric to update. 584 }, 585 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 586 }, 587 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 588 }, 589 }, 590 ], 591 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 592 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 593 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 594 "A String", 595 ], 596 }, 597 ], 598 "version": 42, # Version of the `Policy`. The default version is 0. 599 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 600 # prevent simultaneous updates of a policy from overwriting each other. 601 # It is strongly suggested that systems make use of the `etag` in the 602 # read-modify-write cycle to perform policy updates in order to avoid race 603 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 604 # systems are expected to put that etag in the request to `setIamPolicy` to 605 # ensure that their change will be applied to the same version of the policy. 606 # 607 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 608 # policy is overwritten blindly. 609 "bindings": [ # Associates a list of `members` to a `role`. 610 # Multiple `bindings` must not be specified for the same `role`. 611 # `bindings` with no members will result in an error. 612 { # Associates `members` with a `role`. 613 "role": "A String", # Role that is assigned to `members`. 614 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 615 # Required 616 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 617 # `members` can have the following values: 618 # 619 # * `allUsers`: A special identifier that represents anyone who is 620 # on the internet; with or without a Google account. 621 # 622 # * `allAuthenticatedUsers`: A special identifier that represents anyone 623 # who is authenticated with a Google account or a service account. 624 # 625 # * `user:{emailid}`: An email address that represents a specific Google 626 # account. For example, `alice (a] gmail.com` or `joe (a] example.com`. 627 # 628 # 629 # * `serviceAccount:{emailid}`: An email address that represents a service 630 # account. For example, `my-other-app (a] appspot.gserviceaccount.com`. 631 # 632 # * `group:{emailid}`: An email address that represents a Google group. 633 # For example, `admins (a] example.com`. 634 # 635 # * `domain:{domain}`: A Google Apps domain name that represents all the 636 # users of that domain. For example, `google.com` or `example.com`. 637 # 638 "A String", 639 ], 640 }, 641 ], 642 "iamOwned": True or False, 643 }</pre> 644 </div> 645 646 <div class="method"> 647 <code class="details" id="list">list(parent, pageSize=None, filter=None, pageToken=None, x__xgafv=None)</code> 648 <pre>Lists all instances in the given project. 649 650 Args: 651 parent: string, Required. The name of the project for which a list of instances is 652 requested. Values are of the form `projects/<project>`. (required) 653 pageSize: integer, Number of instances to be returned in the response. If 0 or less, defaults 654 to the server's maximum allowed page size. 655 filter: string, An expression for filtering the results of the request. Filter rules are 656 case insensitive. The fields eligible for filtering are: 657 658 * name 659 * display_name 660 * labels.key where key is the name of a label 661 662 Some examples of using filters are: 663 664 * name:* --> The instance has a name. 665 * name:Howl --> The instance's name contains the string "howl". 666 * name:HOWL --> Equivalent to above. 667 * NAME:howl --> Equivalent to above. 668 * labels.env:* --> The instance has the label "env". 669 * labels.env:dev --> The instance has the label "env" and the value of 670 the label contains the string "dev". 671 * name:howl labels.env:dev --> The instance's name contains "howl" and 672 it has the label "env" with its value 673 containing "dev". 674 pageToken: string, If non-empty, `page_token` should contain a 675 next_page_token from a 676 previous ListInstancesResponse. 677 x__xgafv: string, V1 error format. 678 Allowed values 679 1 - v1 error format 680 2 - v2 error format 681 682 Returns: 683 An object of the form: 684 685 { # The response for ListInstances. 686 "nextPageToken": "A String", # `next_page_token` can be sent in a subsequent 687 # ListInstances call to fetch more 688 # of the matching instances. 689 "instances": [ # The list of requested instances. 690 { # An isolated set of Cloud Spanner resources on which databases can be hosted. 691 "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. 692 # Must be unique per project and between 4 and 30 characters in length. 693 "name": "A String", # Required. A unique identifier for the instance, which cannot be changed 694 # after the instance is created. Values are of the form 695 # `projects/<project>/instances/a-z*[a-z0-9]`. The final 696 # segment of the name must be between 6 and 30 characters in length. 697 "labels": { # Cloud Labels are a flexible and lightweight mechanism for organizing cloud 698 # resources into groups that reflect a customer's organizational needs and 699 # deployment strategies. Cloud Labels can be used to filter collections of 700 # resources. They can be used to control how resource metrics are aggregated. 701 # And they can be used as arguments to policy management rules (e.g. route, 702 # firewall, load balancing, etc.). 703 # 704 # * Label keys must be between 1 and 63 characters long and must conform to 705 # the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. 706 # * Label values must be between 0 and 63 characters long and must conform 707 # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. 708 # * No more than 64 labels can be associated with a given resource. 709 # 710 # See https://goo.gl/xmQnxf for more information on and examples of labels. 711 # 712 # If you plan to use labels in your own code, please note that additional 713 # characters may be allowed in the future. And so you are advised to use an 714 # internal label representation, such as JSON, which doesn't rely upon 715 # specific characters being disallowed. For example, representing labels 716 # as the string: name + "_" + value would prove problematic if we were to 717 # allow "_" in a future release. 718 "a_key": "A String", 719 }, 720 "state": "A String", # Output only. The current instance state. For 721 # CreateInstance, the state must be 722 # either omitted or set to `CREATING`. For 723 # UpdateInstance, the state must be 724 # either omitted or set to `READY`. 725 "nodeCount": 42, # Required. The number of nodes allocated to this instance. 726 "config": "A String", # Required. The name of the instance's configuration. Values are of the form 727 # `projects/<project>/instanceConfigs/<configuration>`. See 728 # also InstanceConfig and 729 # ListInstanceConfigs. 730 }, 731 ], 732 }</pre> 733 </div> 734 735 <div class="method"> 736 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 737 <pre>Retrieves the next page of results. 738 739 Args: 740 previous_request: The request for the previous page. (required) 741 previous_response: The response from the request for the previous page. (required) 742 743 Returns: 744 A request object that you can call 'execute()' on to request the next 745 page. Returns None if there are no more items in the collection. 746 </pre> 747 </div> 748 749 <div class="method"> 750 <code class="details" id="patch">patch(name, body, x__xgafv=None)</code> 751 <pre>Updates an instance, and begins allocating or releasing resources 752 as requested. The returned long-running 753 operation can be used to track the 754 progress of updating the instance. If the named instance does not 755 exist, returns `NOT_FOUND`. 756 757 Immediately upon completion of this request: 758 759 * For resource types for which a decrease in the instance's allocation 760 has been requested, billing is based on the newly-requested level. 761 762 Until completion of the returned operation: 763 764 * Cancelling the operation sets its metadata's 765 cancel_time, and begins 766 restoring resources to their pre-request values. The operation 767 is guaranteed to succeed at undoing all resource changes, 768 after which point it terminates with a `CANCELLED` status. 769 * All other attempts to modify the instance are rejected. 770 * Reading the instance via the API continues to give the pre-request 771 resource levels. 772 773 Upon completion of the returned operation: 774 775 * Billing begins for all successfully-allocated resources (some types 776 may have lower than the requested levels). 777 * All newly-reserved resources are available for serving the instance's 778 tables. 779 * The instance's new resource levels are readable via the API. 780 781 The returned long-running operation will 782 have a name of the format `<instance_name>/operations/<operation_id>` and 783 can be used to track the instance modification. The 784 metadata field type is 785 UpdateInstanceMetadata. 786 The response field type is 787 Instance, if successful. 788 789 Authorization requires `spanner.instances.update` permission on 790 resource name. 791 792 Args: 793 name: string, Required. A unique identifier for the instance, which cannot be changed 794 after the instance is created. Values are of the form 795 `projects/<project>/instances/a-z*[a-z0-9]`. The final 796 segment of the name must be between 6 and 30 characters in length. (required) 797 body: object, The request body. (required) 798 The object takes the form of: 799 800 { # The request for UpdateInstance. 801 "instance": { # An isolated set of Cloud Spanner resources on which databases can be hosted. # Required. The instance to update, which must always include the instance 802 # name. Otherwise, only fields mentioned in [][google.spanner.admin.instance.v1.UpdateInstanceRequest.field_mask] need be included. 803 "displayName": "A String", # Required. The descriptive name for this instance as it appears in UIs. 804 # Must be unique per project and between 4 and 30 characters in length. 805 "name": "A String", # Required. A unique identifier for the instance, which cannot be changed 806 # after the instance is created. Values are of the form 807 # `projects/<project>/instances/a-z*[a-z0-9]`. The final 808 # segment of the name must be between 6 and 30 characters in length. 809 "labels": { # Cloud Labels are a flexible and lightweight mechanism for organizing cloud 810 # resources into groups that reflect a customer's organizational needs and 811 # deployment strategies. Cloud Labels can be used to filter collections of 812 # resources. They can be used to control how resource metrics are aggregated. 813 # And they can be used as arguments to policy management rules (e.g. route, 814 # firewall, load balancing, etc.). 815 # 816 # * Label keys must be between 1 and 63 characters long and must conform to 817 # the following regular expression: `[a-z]([-a-z0-9]*[a-z0-9])?`. 818 # * Label values must be between 0 and 63 characters long and must conform 819 # to the regular expression `([a-z]([-a-z0-9]*[a-z0-9])?)?`. 820 # * No more than 64 labels can be associated with a given resource. 821 # 822 # See https://goo.gl/xmQnxf for more information on and examples of labels. 823 # 824 # If you plan to use labels in your own code, please note that additional 825 # characters may be allowed in the future. And so you are advised to use an 826 # internal label representation, such as JSON, which doesn't rely upon 827 # specific characters being disallowed. For example, representing labels 828 # as the string: name + "_" + value would prove problematic if we were to 829 # allow "_" in a future release. 830 "a_key": "A String", 831 }, 832 "state": "A String", # Output only. The current instance state. For 833 # CreateInstance, the state must be 834 # either omitted or set to `CREATING`. For 835 # UpdateInstance, the state must be 836 # either omitted or set to `READY`. 837 "nodeCount": 42, # Required. The number of nodes allocated to this instance. 838 "config": "A String", # Required. The name of the instance's configuration. Values are of the form 839 # `projects/<project>/instanceConfigs/<configuration>`. See 840 # also InstanceConfig and 841 # ListInstanceConfigs. 842 }, 843 "fieldMask": "A String", # Required. A mask specifying which fields in [][google.spanner.admin.instance.v1.UpdateInstanceRequest.instance] should be updated. 844 # The field mask must always be specified; this prevents any future fields in 845 # [][google.spanner.admin.instance.v1.Instance] from being erased accidentally by clients that do not know 846 # about them. 847 } 848 849 x__xgafv: string, V1 error format. 850 Allowed values 851 1 - v1 error format 852 2 - v2 error format 853 854 Returns: 855 An object of the form: 856 857 { # This resource represents a long-running operation that is the result of a 858 # network API call. 859 "metadata": { # Service-specific metadata associated with the operation. It typically 860 # contains progress information and common metadata such as create time. 861 # Some services might not provide such metadata. Any method that returns a 862 # long-running operation should document the metadata type, if any. 863 "a_key": "", # Properties of the object. Contains field @type with type URL. 864 }, 865 "done": True or False, # If the value is `false`, it means the operation is still in progress. 866 # If true, the operation is completed, and either `error` or `response` is 867 # available. 868 "response": { # The normal response of the operation in case of success. If the original 869 # method returns no data on success, such as `Delete`, the response is 870 # `google.protobuf.Empty`. If the original method is standard 871 # `Get`/`Create`/`Update`, the response should be the resource. For other 872 # methods, the response should have the type `XxxResponse`, where `Xxx` 873 # is the original method name. For example, if the original method name 874 # is `TakeSnapshot()`, the inferred response type is 875 # `TakeSnapshotResponse`. 876 "a_key": "", # Properties of the object. Contains field @type with type URL. 877 }, 878 "name": "A String", # The server-assigned name, which is only unique within the same service that 879 # originally returns it. If you use the default HTTP mapping, the 880 # `name` should have the format of `operations/some/unique/name`. 881 "error": { # The `Status` type defines a logical error model that is suitable for different # The error result of the operation in case of failure or cancellation. 882 # programming environments, including REST APIs and RPC APIs. It is used by 883 # [gRPC](https://github.com/grpc). The error model is designed to be: 884 # 885 # - Simple to use and understand for most users 886 # - Flexible enough to meet unexpected needs 887 # 888 # # Overview 889 # 890 # The `Status` message contains three pieces of data: error code, error message, 891 # and error details. The error code should be an enum value of 892 # google.rpc.Code, but it may accept additional error codes if needed. The 893 # error message should be a developer-facing English message that helps 894 # developers *understand* and *resolve* the error. If a localized user-facing 895 # error message is needed, put the localized message in the error details or 896 # localize it in the client. The optional error details may contain arbitrary 897 # information about the error. There is a predefined set of error detail types 898 # in the package `google.rpc` which can be used for common error conditions. 899 # 900 # # Language mapping 901 # 902 # The `Status` message is the logical representation of the error model, but it 903 # is not necessarily the actual wire format. When the `Status` message is 904 # exposed in different client libraries and different wire protocols, it can be 905 # mapped differently. For example, it will likely be mapped to some exceptions 906 # in Java, but more likely mapped to some error codes in C. 907 # 908 # # Other uses 909 # 910 # The error model and the `Status` message can be used in a variety of 911 # environments, either with or without APIs, to provide a 912 # consistent developer experience across different environments. 913 # 914 # Example uses of this error model include: 915 # 916 # - Partial errors. If a service needs to return partial errors to the client, 917 # it may embed the `Status` in the normal response to indicate the partial 918 # errors. 919 # 920 # - Workflow errors. A typical workflow has multiple steps. Each step may 921 # have a `Status` message for error reporting purpose. 922 # 923 # - Batch operations. If a client uses batch request and batch response, the 924 # `Status` message should be used directly inside batch response, one for 925 # each error sub-response. 926 # 927 # - Asynchronous operations. If an API call embeds asynchronous operation 928 # results in its response, the status of those operations should be 929 # represented directly using the `Status` message. 930 # 931 # - Logging. If some API errors are stored in logs, the message `Status` could 932 # be used directly after any stripping needed for security/privacy reasons. 933 "message": "A String", # A developer-facing error message, which should be in English. Any 934 # user-facing error message should be localized and sent in the 935 # google.rpc.Status.details field, or localized by the client. 936 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 937 "details": [ # A list of messages that carry the error details. There will be a 938 # common set of message types for APIs to use. 939 { 940 "a_key": "", # Properties of the object. Contains field @type with type URL. 941 }, 942 ], 943 }, 944 }</pre> 945 </div> 946 947 <div class="method"> 948 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 949 <pre>Sets the access control policy on an instance resource. Replaces any 950 existing policy. 951 952 Authorization requires `spanner.instances.setIamPolicy` on 953 resource. 954 955 Args: 956 resource: string, REQUIRED: The Cloud Spanner resource for which the policy is being set. The format is `projects/<project ID>/instances/<instance ID>` for instance resources and `projects/<project ID>/instances/<instance ID>/databases/<database ID>` for databases resources. (required) 957 body: object, The request body. (required) 958 The object takes the form of: 959 960 { # Request message for `SetIamPolicy` method. 961 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 962 # the policy is limited to a few 10s of KB. An empty policy is a 963 # valid policy but certain Cloud Platform services (such as Projects) 964 # might reject them. 965 # specify access control policies for Cloud Platform resources. 966 # 967 # 968 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 969 # `members` to a `role`, where the members can be user accounts, Google groups, 970 # Google domains, and service accounts. A `role` is a named list of permissions 971 # defined by IAM. 972 # 973 # **Example** 974 # 975 # { 976 # "bindings": [ 977 # { 978 # "role": "roles/owner", 979 # "members": [ 980 # "user:mike (a] example.com", 981 # "group:admins (a] example.com", 982 # "domain:google.com", 983 # "serviceAccount:my-other-app (a] appspot.gserviceaccount.com", 984 # ] 985 # }, 986 # { 987 # "role": "roles/viewer", 988 # "members": ["user:sean (a] example.com"] 989 # } 990 # ] 991 # } 992 # 993 # For a description of IAM and its features, see the 994 # [IAM developer's guide](https://cloud.google.com/iam). 995 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 996 { # Specifies the audit configuration for a service. 997 # The configuration determines which permission types are logged, and what 998 # identities, if any, are exempted from logging. 999 # An AuditConifg must have one or more AuditLogConfigs. 1000 # 1001 # If there are AuditConfigs for both `allServices` and a specific service, 1002 # the union of the two AuditConfigs is used for that service: the log_types 1003 # specified in each AuditConfig are enabled, and the exempted_members in each 1004 # AuditConfig are exempted. 1005 # 1006 # Example Policy with multiple AuditConfigs: 1007 # 1008 # { 1009 # "audit_configs": [ 1010 # { 1011 # "service": "allServices" 1012 # "audit_log_configs": [ 1013 # { 1014 # "log_type": "DATA_READ", 1015 # "exempted_members": [ 1016 # "user:foo (a] gmail.com" 1017 # ] 1018 # }, 1019 # { 1020 # "log_type": "DATA_WRITE", 1021 # }, 1022 # { 1023 # "log_type": "ADMIN_READ", 1024 # } 1025 # ] 1026 # }, 1027 # { 1028 # "service": "fooservice.googleapis.com" 1029 # "audit_log_configs": [ 1030 # { 1031 # "log_type": "DATA_READ", 1032 # }, 1033 # { 1034 # "log_type": "DATA_WRITE", 1035 # "exempted_members": [ 1036 # "user:bar (a] gmail.com" 1037 # ] 1038 # } 1039 # ] 1040 # } 1041 # ] 1042 # } 1043 # 1044 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1045 # logging. It also exempts foo (a] gmail.com from DATA_READ logging, and 1046 # bar (a] gmail.com from DATA_WRITE logging. 1047 "exemptedMembers": [ 1048 "A String", 1049 ], 1050 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1051 # Next ID: 4 1052 { # Provides the configuration for logging a type of permissions. 1053 # Example: 1054 # 1055 # { 1056 # "audit_log_configs": [ 1057 # { 1058 # "log_type": "DATA_READ", 1059 # "exempted_members": [ 1060 # "user:foo (a] gmail.com" 1061 # ] 1062 # }, 1063 # { 1064 # "log_type": "DATA_WRITE", 1065 # } 1066 # ] 1067 # } 1068 # 1069 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1070 # foo (a] gmail.com from DATA_READ logging. 1071 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1072 # permission. 1073 # Follows the same format of Binding.members. 1074 "A String", 1075 ], 1076 "logType": "A String", # The log type that this config enables. 1077 }, 1078 ], 1079 "service": "A String", # Specifies a service that will be enabled for audit logging. 1080 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 1081 # `allServices` is a special value that covers all services. 1082 }, 1083 ], 1084 "rules": [ # If more than one rule is specified, the rules are applied in the following 1085 # manner: 1086 # - All matching LOG rules are always applied. 1087 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 1088 # Logging will be applied if one or more matching rule requires logging. 1089 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 1090 # granted. 1091 # Logging will be applied if one or more matching rule requires logging. 1092 # - Otherwise, if no rule applies, permission is denied. 1093 { # A rule to be applied in a Policy. 1094 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 1095 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 1096 # The format for in and not_in entries is the same as for members in a 1097 # Binding (see google/iam/v1/policy.proto). 1098 "A String", 1099 ], 1100 "description": "A String", # Human-readable description of the rule. 1101 "in": [ # If one or more 'in' clauses are specified, the rule matches if 1102 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 1103 "A String", 1104 ], 1105 "action": "A String", # Required 1106 "conditions": [ # Additional restrictions that must be met 1107 { # A condition to be met. 1108 "iam": "A String", # Trusted attributes supplied by the IAM system. 1109 "svc": "A String", # Trusted attributes discharged by the service. 1110 "value": "A String", # DEPRECATED. Use 'values' instead. 1111 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 1112 # the IAM system for access control. 1113 "values": [ # The objects of the condition. This is mutually exclusive with 'value'. 1114 "A String", 1115 ], 1116 "op": "A String", # An operator to apply the subject with. 1117 }, 1118 ], 1119 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 1120 # that match the LOG action. 1121 { # Specifies what kind of log the caller must write 1122 "counter": { # Options for counters # Counter options. 1123 "field": "A String", # The field value to attribute. 1124 "metric": "A String", # The metric to update. 1125 }, 1126 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 1127 }, 1128 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 1129 }, 1130 }, 1131 ], 1132 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 1133 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 1134 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 1135 "A String", 1136 ], 1137 }, 1138 ], 1139 "version": 42, # Version of the `Policy`. The default version is 0. 1140 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1141 # prevent simultaneous updates of a policy from overwriting each other. 1142 # It is strongly suggested that systems make use of the `etag` in the 1143 # read-modify-write cycle to perform policy updates in order to avoid race 1144 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1145 # systems are expected to put that etag in the request to `setIamPolicy` to 1146 # ensure that their change will be applied to the same version of the policy. 1147 # 1148 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1149 # policy is overwritten blindly. 1150 "bindings": [ # Associates a list of `members` to a `role`. 1151 # Multiple `bindings` must not be specified for the same `role`. 1152 # `bindings` with no members will result in an error. 1153 { # Associates `members` with a `role`. 1154 "role": "A String", # Role that is assigned to `members`. 1155 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1156 # Required 1157 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1158 # `members` can have the following values: 1159 # 1160 # * `allUsers`: A special identifier that represents anyone who is 1161 # on the internet; with or without a Google account. 1162 # 1163 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1164 # who is authenticated with a Google account or a service account. 1165 # 1166 # * `user:{emailid}`: An email address that represents a specific Google 1167 # account. For example, `alice (a] gmail.com` or `joe (a] example.com`. 1168 # 1169 # 1170 # * `serviceAccount:{emailid}`: An email address that represents a service 1171 # account. For example, `my-other-app (a] appspot.gserviceaccount.com`. 1172 # 1173 # * `group:{emailid}`: An email address that represents a Google group. 1174 # For example, `admins (a] example.com`. 1175 # 1176 # * `domain:{domain}`: A Google Apps domain name that represents all the 1177 # users of that domain. For example, `google.com` or `example.com`. 1178 # 1179 "A String", 1180 ], 1181 }, 1182 ], 1183 "iamOwned": True or False, 1184 }, 1185 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 1186 # the fields in the mask will be modified. If no mask is provided, the 1187 # following default mask is used: 1188 # paths: "bindings, etag" 1189 # This field is only used by Cloud IAM. 1190 } 1191 1192 x__xgafv: string, V1 error format. 1193 Allowed values 1194 1 - v1 error format 1195 2 - v2 error format 1196 1197 Returns: 1198 An object of the form: 1199 1200 { # Defines an Identity and Access Management (IAM) policy. It is used to 1201 # specify access control policies for Cloud Platform resources. 1202 # 1203 # 1204 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 1205 # `members` to a `role`, where the members can be user accounts, Google groups, 1206 # Google domains, and service accounts. A `role` is a named list of permissions 1207 # defined by IAM. 1208 # 1209 # **Example** 1210 # 1211 # { 1212 # "bindings": [ 1213 # { 1214 # "role": "roles/owner", 1215 # "members": [ 1216 # "user:mike (a] example.com", 1217 # "group:admins (a] example.com", 1218 # "domain:google.com", 1219 # "serviceAccount:my-other-app (a] appspot.gserviceaccount.com", 1220 # ] 1221 # }, 1222 # { 1223 # "role": "roles/viewer", 1224 # "members": ["user:sean (a] example.com"] 1225 # } 1226 # ] 1227 # } 1228 # 1229 # For a description of IAM and its features, see the 1230 # [IAM developer's guide](https://cloud.google.com/iam). 1231 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 1232 { # Specifies the audit configuration for a service. 1233 # The configuration determines which permission types are logged, and what 1234 # identities, if any, are exempted from logging. 1235 # An AuditConifg must have one or more AuditLogConfigs. 1236 # 1237 # If there are AuditConfigs for both `allServices` and a specific service, 1238 # the union of the two AuditConfigs is used for that service: the log_types 1239 # specified in each AuditConfig are enabled, and the exempted_members in each 1240 # AuditConfig are exempted. 1241 # 1242 # Example Policy with multiple AuditConfigs: 1243 # 1244 # { 1245 # "audit_configs": [ 1246 # { 1247 # "service": "allServices" 1248 # "audit_log_configs": [ 1249 # { 1250 # "log_type": "DATA_READ", 1251 # "exempted_members": [ 1252 # "user:foo (a] gmail.com" 1253 # ] 1254 # }, 1255 # { 1256 # "log_type": "DATA_WRITE", 1257 # }, 1258 # { 1259 # "log_type": "ADMIN_READ", 1260 # } 1261 # ] 1262 # }, 1263 # { 1264 # "service": "fooservice.googleapis.com" 1265 # "audit_log_configs": [ 1266 # { 1267 # "log_type": "DATA_READ", 1268 # }, 1269 # { 1270 # "log_type": "DATA_WRITE", 1271 # "exempted_members": [ 1272 # "user:bar (a] gmail.com" 1273 # ] 1274 # } 1275 # ] 1276 # } 1277 # ] 1278 # } 1279 # 1280 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1281 # logging. It also exempts foo (a] gmail.com from DATA_READ logging, and 1282 # bar (a] gmail.com from DATA_WRITE logging. 1283 "exemptedMembers": [ 1284 "A String", 1285 ], 1286 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1287 # Next ID: 4 1288 { # Provides the configuration for logging a type of permissions. 1289 # Example: 1290 # 1291 # { 1292 # "audit_log_configs": [ 1293 # { 1294 # "log_type": "DATA_READ", 1295 # "exempted_members": [ 1296 # "user:foo (a] gmail.com" 1297 # ] 1298 # }, 1299 # { 1300 # "log_type": "DATA_WRITE", 1301 # } 1302 # ] 1303 # } 1304 # 1305 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1306 # foo (a] gmail.com from DATA_READ logging. 1307 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1308 # permission. 1309 # Follows the same format of Binding.members. 1310 "A String", 1311 ], 1312 "logType": "A String", # The log type that this config enables. 1313 }, 1314 ], 1315 "service": "A String", # Specifies a service that will be enabled for audit logging. 1316 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 1317 # `allServices` is a special value that covers all services. 1318 }, 1319 ], 1320 "rules": [ # If more than one rule is specified, the rules are applied in the following 1321 # manner: 1322 # - All matching LOG rules are always applied. 1323 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 1324 # Logging will be applied if one or more matching rule requires logging. 1325 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 1326 # granted. 1327 # Logging will be applied if one or more matching rule requires logging. 1328 # - Otherwise, if no rule applies, permission is denied. 1329 { # A rule to be applied in a Policy. 1330 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 1331 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 1332 # The format for in and not_in entries is the same as for members in a 1333 # Binding (see google/iam/v1/policy.proto). 1334 "A String", 1335 ], 1336 "description": "A String", # Human-readable description of the rule. 1337 "in": [ # If one or more 'in' clauses are specified, the rule matches if 1338 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 1339 "A String", 1340 ], 1341 "action": "A String", # Required 1342 "conditions": [ # Additional restrictions that must be met 1343 { # A condition to be met. 1344 "iam": "A String", # Trusted attributes supplied by the IAM system. 1345 "svc": "A String", # Trusted attributes discharged by the service. 1346 "value": "A String", # DEPRECATED. Use 'values' instead. 1347 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 1348 # the IAM system for access control. 1349 "values": [ # The objects of the condition. This is mutually exclusive with 'value'. 1350 "A String", 1351 ], 1352 "op": "A String", # An operator to apply the subject with. 1353 }, 1354 ], 1355 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 1356 # that match the LOG action. 1357 { # Specifies what kind of log the caller must write 1358 "counter": { # Options for counters # Counter options. 1359 "field": "A String", # The field value to attribute. 1360 "metric": "A String", # The metric to update. 1361 }, 1362 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 1363 }, 1364 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 1365 }, 1366 }, 1367 ], 1368 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 1369 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 1370 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 1371 "A String", 1372 ], 1373 }, 1374 ], 1375 "version": 42, # Version of the `Policy`. The default version is 0. 1376 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1377 # prevent simultaneous updates of a policy from overwriting each other. 1378 # It is strongly suggested that systems make use of the `etag` in the 1379 # read-modify-write cycle to perform policy updates in order to avoid race 1380 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1381 # systems are expected to put that etag in the request to `setIamPolicy` to 1382 # ensure that their change will be applied to the same version of the policy. 1383 # 1384 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1385 # policy is overwritten blindly. 1386 "bindings": [ # Associates a list of `members` to a `role`. 1387 # Multiple `bindings` must not be specified for the same `role`. 1388 # `bindings` with no members will result in an error. 1389 { # Associates `members` with a `role`. 1390 "role": "A String", # Role that is assigned to `members`. 1391 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1392 # Required 1393 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1394 # `members` can have the following values: 1395 # 1396 # * `allUsers`: A special identifier that represents anyone who is 1397 # on the internet; with or without a Google account. 1398 # 1399 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1400 # who is authenticated with a Google account or a service account. 1401 # 1402 # * `user:{emailid}`: An email address that represents a specific Google 1403 # account. For example, `alice (a] gmail.com` or `joe (a] example.com`. 1404 # 1405 # 1406 # * `serviceAccount:{emailid}`: An email address that represents a service 1407 # account. For example, `my-other-app (a] appspot.gserviceaccount.com`. 1408 # 1409 # * `group:{emailid}`: An email address that represents a Google group. 1410 # For example, `admins (a] example.com`. 1411 # 1412 # * `domain:{domain}`: A Google Apps domain name that represents all the 1413 # users of that domain. For example, `google.com` or `example.com`. 1414 # 1415 "A String", 1416 ], 1417 }, 1418 ], 1419 "iamOwned": True or False, 1420 }</pre> 1421 </div> 1422 1423 <div class="method"> 1424 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 1425 <pre>Returns permissions that the caller has on the specified instance resource. 1426 1427 Attempting this RPC on a non-existent Cloud Spanner instance resource will 1428 result in a NOT_FOUND error if the user has `spanner.instances.list` 1429 permission on the containing Google Cloud Project. Otherwise returns an 1430 empty set of permissions. 1431 1432 Args: 1433 resource: string, REQUIRED: The Cloud Spanner resource for which permissions are being tested. The format is `projects/<project ID>/instances/<instance ID>` for instance resources and `projects/<project ID>/instances/<instance ID>/databases/<database ID>` for database resources. (required) 1434 body: object, The request body. (required) 1435 The object takes the form of: 1436 1437 { # Request message for `TestIamPermissions` method. 1438 "permissions": [ # REQUIRED: The set of permissions to check for 'resource'. 1439 # Permissions with wildcards (such as '*', 'spanner.*', 'spanner.instances.*') are not allowed. 1440 "A String", 1441 ], 1442 } 1443 1444 x__xgafv: string, V1 error format. 1445 Allowed values 1446 1 - v1 error format 1447 2 - v2 error format 1448 1449 Returns: 1450 An object of the form: 1451 1452 { # Response message for `TestIamPermissions` method. 1453 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 1454 # allowed. 1455 "A String", 1456 ], 1457 }</pre> 1458 </div> 1459 1460 </body></html>
