googleapis.cloudresourcemanager.v1 library
Classes
-
Ancestor
-
Identifying information for a single ancestor of a project.
-
AuditConfig
-
Specifies the audit configuration for a service. The configuration
determines which permission types are logged, and what identities, if any,
are exempted from logging. An AuditConfig must have one or more
AuditLogConfigs. If there are AuditConfigs for both
allServices and a
specific service, the union of the two AuditConfigs is used for that
service: the log_types specified in each AuditConfig are enabled, and the
exempted_members in each AuditLogConfig are exempted. Example Policy with
multiple AuditConfigs: { "audit_configs": [ { "service": "allServices",
"audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members":
"user:jose@example.com" }, { "log_type": "DATA_WRITE" }, { "log_type":
"ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com",
"audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type":
"DATA_WRITE", "exempted_members": "user:aliya@example.com" } ] } ] } For
sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
logging. It also exempts jose@example.com from DATA_READ logging, and
aliya@example.com from DATA_WRITE logging.
-
AuditLogConfig
-
Provides the configuration for logging a type of permissions. Example: {
"audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members":
"user:jose@example.com" }, { "log_type": "DATA_WRITE" } ] } This enables
'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
DATA_READ logging.
-
Binding
-
Associates
members with a role.
-
BooleanConstraint
-
A
Constraint that is either enforced or not. For example a constraint
constraints/compute.disableSerialPortAccess. If it is enforced on a VM
instance, serial port connections will not be opened to that instance.
-
BooleanPolicy
-
Used in
policy_type to specify how boolean_policy will behave at this
resource.
-
ClearOrgPolicyRequest
-
The request sent to the ClearOrgPolicy method.
-
CloudresourcemanagerApi
-
Creates, reads, and updates metadata for Google Cloud Platform resource
containers.
-
Constraint
-
A
Constraint describes a way in which a resource's configuration can be
restricted. For example, it controls which cloud services can be activated
across an organization, or whether a Compute Engine instance can have serial
port connections established. Constraints can be configured by the
organization's policy administrator to fit the needs of the organzation by
setting Policies for Constraints at different locations in the
organization's resource hierarchy. Policies are inherited down the resource
hierarchy from higher levels, but can also be overridden. For details about
the inheritance rules please read about
Policies. Constraints have a
default behavior determined by the constraint_default field, which is the
enforcement behavior that is used in the absence of a Policy being defined
or inherited for the resource in question.
-
Empty
-
A generic empty message that you can re-use to avoid defining duplicated
empty messages in your APIs. A typical example is to use it as the request
or the response type of an API method. For instance: service Foo { rpc
Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON
representation for
Empty is empty JSON object {}.
-
Expr
-
Represents a textual expression in the Common Expression Language (CEL)
syntax. CEL is a C-like expression language. The syntax and semantics of CEL
are documented at https://github.com/google/cel-spec. Example (Comparison):
title: "Summary size limit" description: "Determines if a summary is less
than 100 chars" expression: "document.summary.size() < 100" Example
(Equality): title: "Requestor is owner" description: "Determines if
requestor is the document owner" expression: "document.owner ==
request.auth.claims.email" Example (Logic): title: "Public documents"
description: "Determine whether the document should be publicly visible"
expression: "document.type != 'private' && document.type != 'internal'"
Example (Data Manipulation): title: "Notification string" description:
"Create a notification string with a timestamp." expression: "'New message
received at ' + string(document.create_time)" The exact variables and
functions that may be referenced within an expression are determined by the
service that evaluates it. See the service documentation for additional
information.
-
FolderOperation
-
Metadata describing a long running folder operation
-
FolderOperationError
-
A classification of the Folder Operation error.
-
FoldersResourceApi
-
-
GetAncestryRequest
-
The request sent to the GetAncestry method.
-
GetAncestryResponse
-
Response from the projects.getAncestry method.
-
GetEffectiveOrgPolicyRequest
-
The request sent to the GetEffectiveOrgPolicy method.
-
GetIamPolicyRequest
-
Request message for
GetIamPolicy method.
-
GetOrgPolicyRequest
-
The request sent to the GetOrgPolicy method.
-
GetPolicyOptions
-
Encapsulates settings provided to GetIamPolicy.
-
Lien
-
A Lien represents an encumbrance on the actions that can be performed on a
resource.
-
LiensResourceApi
-
-
ListAvailableOrgPolicyConstraintsRequest
-
The request sent to the
ListAvailableOrgPolicyConstraints method on the
project, folder, or organization.
-
ListAvailableOrgPolicyConstraintsResponse
-
The response returned from the
ListAvailableOrgPolicyConstraints method.
Returns all Constraints that could be set at this level of the hierarchy
(contrast with the response from ListPolicies, which returns all policies
which are set).
-
ListConstraint
-
A
Constraint that allows or disallows a list of string values, which are
configured by an Organization's policy administrator with a Policy.
-
ListLiensResponse
-
The response message for Liens.ListLiens.
-
ListOrgPoliciesRequest
-
The request sent to the ListOrgPolicies method.
-
ListOrgPoliciesResponse
-
The response returned from the
ListOrgPolicies method. It will be empty if
no Policies are set on the resource.
-
ListPolicy
-
Used in
policy_type to specify how list_policy behaves at this resource.
ListPolicy can define specific values and subtrees of Cloud Resource
Manager resource hierarchy (Organizations, Folders, Projects) that are
allowed or denied by setting the allowed_values and denied_values
fields. This is achieved by using the under: and optional is: prefixes.
The under: prefix is used to denote resource subtree values. The is:
prefix is used to denote specific values, and is required only if the value
contains a ":". Values prefixed with "is:" are treated the same as values
with no prefix. Ancestry subtrees must be in one of the following formats: -
"projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g.
"folders/1234" - "organizations/", e.g. "organizations/1234" The
supports_under field of the associated Constraint defines whether
ancestry prefixes can be used. You can set allowed_values and
denied_values in the same Policy if all_values is
ALL_VALUES_UNSPECIFIED. ALLOW or DENY are used to allow or deny all
values. If all_values is set to either ALLOW or DENY, allowed_values
and denied_values must be unset.
-
ListProjectsResponse
-
A page of the response received from the ListProjects method. A paginated
response where more pages are available has
next_page_token set. This
token can be used in a subsequent request to retrieve the next request page.
-
Operation
-
This resource represents a long-running operation that is the result of a
network API call.
-
OperationsResourceApi
-
-
Organization
-
The root node in the resource hierarchy to which a particular entity's
(e.g., company) resources belong.
-
OrganizationOwner
-
The entity that owns an Organization. The lifetime of the Organization and
all of its descendants are bound to the
OrganizationOwner. If the
OrganizationOwner is deleted, the Organization and all its descendants
will be deleted.
-
OrganizationsResourceApi
-
-
OrgPolicy
-
Defines a Cloud Organization
Policy which is used to specify Constraints
for configurations of Cloud Platform resources.
-
Policy
-
An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources. A
Policy is a collection of
bindings. A binding binds one or more members to a single role.
Members can be user accounts, service accounts, Google groups, and domains
(such as G Suite). A role is a named list of permissions; each role can
be an IAM predefined role or a user-created custom role. For some types of
Google Cloud resources, a binding can also specify a condition, which is
a logical expression that allows access to a resource only if the expression
evaluates to true. A condition can add constraints based on attributes of
the request, the resource, or both. To learn which resources support
conditions in their IAM policies, see the IAM
documentation.
JSON example: { "bindings": [ { "role":
"roles/resourcemanager.organizationAdmin", "members":
"user:mike@example.com", "group:admins@example.com", "domain:google.com",
"serviceAccount:my-project-id@appspot.gserviceaccount.com" }, { "role":
"roles/resourcemanager.organizationViewer", "members":
"user:eve@example.com" , "condition": { "title": "expirable access",
"description": "Does not grant access after Sep 2020", "expression":
"request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag":
"BwWWja0YfJA=", "version": 3 } YAML example: bindings: - members: -
user:mike@example.com - group:admins@example.com - domain:google.com -
serviceAccount:my-project-id@appspot.gserviceaccount.com role:
roles/resourcemanager.organizationAdmin - members: - user:eve@example.com
role: roles/resourcemanager.organizationViewer condition: title: expirable
access description: Does not grant access after Sep 2020 expression:
request.time < timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= -
version: 3 For a description of IAM and its features, see the IAM
documentation.
-
Project
-
A Project is a high-level Google Cloud Platform entity. It is a container
for ACLs, APIs, App Engine Apps, VMs, and other Google Cloud Platform
resources.
-
ProjectCreationStatus
-
A status object which is used as the
metadata field for the Operation
returned by CreateProject. It provides insight for when significant phases
of Project creation have completed.
-
ProjectsResourceApi
-
-
ResourceId
-
A container to reference an id for any resource type. A
resource in Google
Cloud Platform is a generic term for something you (a developer) may want to
interact with through one of our API's. Some examples are an App Engine app,
a Compute Engine instance, a Cloud SQL database, and so on.
-
RestoreDefault
-
Ignores policies set above this resource and restores the
constraint_default enforcement behavior of the specific Constraint at
this resource. Suppose that constraint_default is set to ALLOW for the
Constraint constraints/serviceuser.services. Suppose that organization
foo.com sets a Policy at their Organization resource node that restricts
the allowed service activations to deny all service activations. They could
then set a Policy with the policy_type restore_default on several
experimental projects, restoring the constraint_default enforcement of the
Constraint for only those projects, allowing those projects to have all
services activated.
-
SearchOrganizationsRequest
-
The request sent to the
SearchOrganizations method.
-
SearchOrganizationsResponse
-
The response returned from the
SearchOrganizations method.
-
SetIamPolicyRequest
-
Request message for
SetIamPolicy method.
-
SetOrgPolicyRequest
-
The request sent to the SetOrgPolicyRequest method.
-
Status
-
The
Status type defines a logical error model that is suitable for
different programming environments, including REST APIs and RPC APIs. It is
used by gRPC. Each Status message contains
three pieces of data: error code, error message, and error details. You can
find out more about this error model and how to work with it in the API
Design Guide.
-
TestIamPermissionsRequest
-
Request message for
TestIamPermissions method.
-
TestIamPermissionsResponse
-
Response message for
TestIamPermissions method.
-
UndeleteProjectRequest
-
The request sent to the UndeleteProject method.
