accesscontextmanager/v1 library

Access Context Manager API - v1

An API for setting attribute based access control to requests to Google Cloud services. Warning: Do not mix v1alpha and v1 API usage in the same access policy. The v1alpha API supports new Access Context Manager features, which may have different attributes or behaviors that are not supported by v1. The practice of mixed API usage within a policy may result in the inability to update that policy, including any access levels or service perimeters belonging to it. It is not recommended to use both v1 and v1alpha for modifying policies with critical service perimeters. Modifications using v1alpha should be limited to policies with non-production/non-critical service perimeters.

For more information, see cloud.google.com/access-context-manager/docs/reference/rest/

Create an instance of AccessContextManagerApi to access these resources:

• AccessPoliciesResource
  • AccessPoliciesAccessLevelsResource
  • AccessPoliciesAuthorizedOrgsDescsResource
  • AccessPoliciesServicePerimetersResource
• OperationsResource
• OrganizationsResource
  • OrganizationsGcpUserAccessBindingsResource
• ServicesResource

Classes

AccessContextManagerApi

An API for setting attribute based access control to requests to Google Cloud services.

AccessLevel

An AccessLevel is a label that can be applied to requests to Google Cloud services, along with a list of requirements necessary for the label to be applied.

AccessPoliciesAccessLevelsResource

AccessPoliciesAuthorizedOrgsDescsResource

AccessPoliciesResource

AccessPoliciesServicePerimetersResource

ApiOperation

Identification for an API Operation.

AuditConfig

Specifies the audit configuration for a service.

AuthorizedOrgsDesc

AuthorizedOrgsDesc contains data for an organization's authorization policy.

BasicLevel

BasicLevel is an AccessLevel using a set of recommended features.

Binding

Associates members, or principals, with a role.

CommitServicePerimetersRequest

A request to commit dry-run specs in all Service Perimeters belonging to an Access Policy.

Condition

A condition necessary for an AccessLevel to be granted.

CustomLevel

CustomLevel is an AccessLevel using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.

DevicePolicy

DevicePolicy specifies device specific restrictions necessary to acquire a given access level.

EgressFrom

Defines the conditions under which an EgressPolicy matches a request.

EgressPolicy

Policy for egress from perimeter.

EgressTo

Defines the conditions under which an EgressPolicy matches a request.

GcpUserAccessBinding

Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.

GetIamPolicyRequest

Request message for GetIamPolicy method.

IngressFrom

Defines the conditions under which an IngressPolicy matches a request.

IngressPolicy

Policy for ingress into ServicePerimeter.

IngressTo

Defines the conditions under which an IngressPolicy matches a request.

ListAccessLevelsResponse

A response to ListAccessLevelsRequest.

ListAccessPoliciesResponse

A response to ListAccessPoliciesRequest.

ListAuthorizedOrgsDescsResponse

A response to ListAuthorizedOrgsDescsRequest.

ListGcpUserAccessBindingsResponse

Response of ListGcpUserAccessBindings.

ListOperationsResponse

The response message for Operations.ListOperations.

ListServicePerimetersResponse

A response to ListServicePerimetersRequest.

ListSupportedServicesResponse

A response to ListSupportedServicesRequest.

Operation

This resource represents a long-running operation that is the result of a network API call.

OperationsResource

OrganizationsGcpUserAccessBindingsResource

OrganizationsResource

Policy

An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.

ReplaceAccessLevelsRequest

A request to replace all existing Access Levels in an Access Policy with the Access Levels provided.

ReplaceServicePerimetersRequest

A request to replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided.

ServicePerimeter

ServicePerimeter describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the ServicePerimeter.

ServicePerimeterConfig

ServicePerimeterConfig specifies a set of Google Cloud resources that describe specific Service Perimeter configuration.

ServicesResource

SetIamPolicyRequest

Request message for SetIamPolicy method.

SupportedService

SupportedService specifies the VPC Service Controls and its properties.

VpcNetworkSource

The originating network source in Google Cloud.

Typedefs

AccessPolicy = $AccessPolicy

AccessPolicy is a container for AccessLevels (which define the necessary attributes to use Google Cloud services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter).

AuditLogConfig = $AuditLogConfig

Provides the configuration for logging a type of permissions.

CancelOperationRequest = $Empty

The request message for Operations.CancelOperation.

EgressSource = $EgressSource

The source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside the ServicePerimeter boundaries.

Empty = $Empty

A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.

Expr = $Expr

Represents a textual expression in the Common Expression Language (CEL) syntax.

GetPolicyOptions = $GetPolicyOptions

Encapsulates settings provided to GetIamPolicy.

IngressSource = $IngressSource

The source that IngressPolicy authorizes access from.

MethodSelector = $MethodSelector

An allowed method or permission of a service specified in ApiOperation.

OsConstraint = $OsConstraint

A restriction on the OS type and version of devices making requests.

Status = $Status

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs.

TestIamPermissionsRequest = $TestIamPermissionsRequest00

Request message for TestIamPermissions method.

TestIamPermissionsResponse = $PermissionsResponse

Response message for TestIamPermissions method.

VpcAccessibleServices = $VpcAccessibleServices

Specifies how APIs are allowed to communicate within the Service Perimeter.

VpcSubNetwork = $VpcSubNetwork

Sub-segment ranges inside of a VPC Network.

Exceptions / Errors

ApiRequestError

Represents a general error reported by the API endpoint.

DetailedApiRequestError

Represents a specific error reported by the API endpoint.