| <html><body> |
| <style> |
| |
| body, h1, h2, h3, div, span, p, pre, a { |
| margin: 0; |
| padding: 0; |
| border: 0; |
| font-weight: inherit; |
| font-style: inherit; |
| font-size: 100%; |
| font-family: inherit; |
| vertical-align: baseline; |
| } |
| |
| body { |
| font-size: 13px; |
| padding: 1em; |
| } |
| |
| h1 { |
| font-size: 26px; |
| margin-bottom: 1em; |
| } |
| |
| h2 { |
| font-size: 24px; |
| margin-bottom: 1em; |
| } |
| |
| h3 { |
| font-size: 20px; |
| margin-bottom: 1em; |
| margin-top: 1em; |
| } |
| |
| pre, code { |
| line-height: 1.5; |
| font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| } |
| |
| pre { |
| margin-top: 0.5em; |
| } |
| |
| h1, h2, h3, p { |
| font-family: Arial, sans serif; |
| } |
| |
| h1, h2, h3 { |
| border-bottom: solid #CCC 1px; |
| } |
| |
| .toc_element { |
| margin-top: 0.5em; |
| } |
| |
| .firstline { |
| margin-left: 2 em; |
| } |
| |
| .method { |
| margin-top: 1em; |
| border: solid 1px #CCC; |
| padding: 1em; |
| background: #EEE; |
| } |
| |
| .details { |
| font-weight: bold; |
| font-size: 14px; |
| } |
| |
| </style> |
| |
| <h1><a href="accesscontextmanager_v1.html">Access Context Manager API</a> . <a href="accesscontextmanager_v1.accessPolicies.html">accessPolicies</a> . <a href="accesscontextmanager_v1.accessPolicies.servicePerimeters.html">servicePerimeters</a></h1> |
| <h2>Instance Methods</h2> |
| <p class="toc_element"> |
| <code><a href="#commit">commit(parent, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Commit the dry-run spec for all the Service Perimeters in an</p> |
| <p class="toc_element"> |
| <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Create a Service Perimeter. The</p> |
| <p class="toc_element"> |
| <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> |
| <p class="firstline">Delete a Service Perimeter by resource</p> |
| <p class="toc_element"> |
| <code><a href="#get">get(name, x__xgafv=None)</a></code></p> |
| <p class="firstline">Get a Service Perimeter by resource</p> |
| <p class="toc_element"> |
| <code><a href="#list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">List all Service Perimeters for an</p> |
| <p class="toc_element"> |
| <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> |
| <p class="firstline">Retrieves the next page of results.</p> |
| <p class="toc_element"> |
| <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Update a Service Perimeter. The</p> |
| <p class="toc_element"> |
| <code><a href="#replaceAll">replaceAll(parent, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Replace all existing Service Perimeters in an</p> |
| <h3>Method Details</h3> |
| <div class="method"> |
| <code class="details" id="commit">commit(parent, body=None, x__xgafv=None)</code> |
| <pre>Commit the dry-run spec for all the Service Perimeters in an |
| Access Policy. |
| A commit operation on a Service Perimeter involves copying its `spec` field |
| to that Service Perimeter's `status` field. Only Service Perimeters with |
| `use_explicit_dry_run_spec` field set to true are affected by a commit |
| operation. The longrunning operation from this RPC will have a successful |
| status once the dry-run specs for all the Service Perimeters have been |
| committed. If a commit fails, it will cause the longrunning operation to |
| return an error response and the entire commit operation will be cancelled. |
| When successful, Operation.response field will contain |
| CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will |
| be cleared after a successful commit operation. |
| |
| Args: |
| parent: string, Required. Resource name for the parent Access Policy which owns all |
| Service Perimeters in scope for |
| the commit operation. |
| |
| Format: `accessPolicies/{policy_id}` (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # A request to commit dry-run specs in all Service Perimeters belonging to |
| # an Access Policy. |
| "etag": "A String", # Optional. The etag for the version of the Access Policy that this |
| # commit operation is to be performed on. If, at the time of commit, the |
| # etag for the Access Policy stored in Access Context Manager is different |
| # from the specified etag, then the commit operation will not be performed |
| # and the call will fail. This field is not required. If etag is not |
| # provided, the operation will be performed as if a valid etag is provided. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # This resource represents a long-running operation that is the result of a |
| # network API call. |
| "name": "A String", # The server-assigned name, which is only unique within the same service that |
| # originally returns it. If you use the default HTTP mapping, the |
| # `name` should be a resource name ending with `operations/{unique_id}`. |
| "metadata": { # Service-specific metadata associated with the operation. It typically |
| # contains progress information and common metadata such as create time. |
| # Some services might not provide such metadata. Any method that returns a |
| # long-running operation should document the metadata type, if any. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| "response": { # The normal response of the operation in case of success. If the original |
| # method returns no data on success, such as `Delete`, the response is |
| # `google.protobuf.Empty`. If the original method is standard |
| # `Get`/`Create`/`Update`, the response should be the resource. For other |
| # methods, the response should have the type `XxxResponse`, where `Xxx` |
| # is the original method name. For example, if the original method name |
| # is `TakeSnapshot()`, the inferred response type is |
| # `TakeSnapshotResponse`. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| # If `true`, the operation is completed, and either `error` or `response` is |
| # available. |
| "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| # different programming environments, including REST APIs and RPC APIs. It is |
| # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| # three pieces of data: error code, error message, and error details. |
| # |
| # You can find out more about this error model and how to work with it in the |
| # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| "details": [ # A list of messages that carry the error details. There is a common set of |
| # message types for APIs to use. |
| { |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| ], |
| "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| "message": "A String", # A developer-facing error message, which should be in English. Any |
| # user-facing error message should be localized and sent in the |
| # google.rpc.Status.details field, or localized by the client. |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code> |
| <pre>Create a Service Perimeter. The |
| longrunning operation from this RPC will have a successful status once the |
| Service Perimeter has |
| propagated to long-lasting storage. Service Perimeters containing |
| errors will result in an error response for the first error encountered. |
| |
| Args: |
| parent: string, Required. Resource name for the access policy which owns this Service |
| Perimeter. |
| |
| Format: `accessPolicies/{policy_id}` (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # `ServicePerimeter` describes a set of Google Cloud resources which can freely |
| # import and export data amongst themselves, but not export outside of the |
| # `ServicePerimeter`. If a request with a source within this `ServicePerimeter` |
| # has a target outside of the `ServicePerimeter`, the request will be blocked. |
| # Otherwise the request is allowed. There are two types of Service Perimeter - |
| # Regular and Bridge. Regular Service Perimeters cannot overlap, a single |
| # Google Cloud project can only belong to a single regular Service Perimeter. |
| # Service Perimeter Bridges can contain only Google Cloud projects as members, |
| # a single Google Cloud project may belong to multiple Service Perimeter |
| # Bridges. |
| "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect |
| # behavior. |
| "perimeterType": "A String", # Perimeter type indicator. A single project is |
| # allowed to be a member of single regular perimeter, but multiple service |
| # perimeter bridges. A project cannot be a included in a perimeter bridge |
| # without being included in regular perimeter. For perimeter bridges, |
| # the restricted service list as well as access level lists must be |
| # empty. |
| "useExplicitDryRunSpec": True or False, # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly |
| # exists for all Service Perimeters, and that spec is identical to the |
| # status for those Service Perimeters. When this flag is set, it inhibits the |
| # generation of the implicit spec, thereby allowing the user to explicitly |
| # provide a configuration ("spec") to use in a dry-run version of the Service |
| # Perimeter. This allows the user to test changes to the enforced config |
| # ("status") without actually enforcing them. This testing is done through |
| # analyzing the differences between currently enforced and suggested |
| # restrictions. use_explicit_dry_run_spec must bet set to True if any of the |
| # fields in the spec are set to non-default values. |
| "title": "A String", # Human readable title. Must be unique within the Policy. |
| "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name` |
| # component must begin with a letter and only include alphanumeric and '_'. |
| # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}` |
| "spec": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Proposed (or dry run) ServicePerimeter configuration. This configuration |
| # allows to specify and test ServicePerimeter configuration without enforcing |
| # actual access restrictions. Only allowed to be set when the |
| # "use_explicit_dry_run_spec" flag is set. |
| # describe specific Service Perimeter configuration. |
| "resources": [ # A list of Google Cloud resources that are inside of the service perimeter. |
| # Currently only projects are allowed. Format: `projects/{project_number}` |
| "A String", |
| ], |
| "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter. |
| # Perimeter. |
| "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of |
| # APIs specified in 'allowed_services'. |
| "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty |
| # unless 'enable_restriction' is True. |
| "A String", |
| ], |
| }, |
| "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the |
| # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed |
| # must be in the same policy as this `ServicePerimeter`. Referencing a |
| # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are |
| # listed, resources within the perimeter can only be accessed via Google |
| # Cloud calls with request origins within the perimeter. Example: |
| # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. |
| # For Service Perimeter Bridge, must be empty. |
| "A String", |
| ], |
| "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter |
| # restrictions. For example, if `storage.googleapis.com` is specified, access |
| # to the storage buckets inside the perimeter must meet the perimeter's |
| # access restrictions. |
| "A String", |
| ], |
| }, |
| "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources, |
| # restricted services and access levels that determine perimeter |
| # content and boundaries. |
| # describe specific Service Perimeter configuration. |
| "resources": [ # A list of Google Cloud resources that are inside of the service perimeter. |
| # Currently only projects are allowed. Format: `projects/{project_number}` |
| "A String", |
| ], |
| "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter. |
| # Perimeter. |
| "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of |
| # APIs specified in 'allowed_services'. |
| "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty |
| # unless 'enable_restriction' is True. |
| "A String", |
| ], |
| }, |
| "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the |
| # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed |
| # must be in the same policy as this `ServicePerimeter`. Referencing a |
| # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are |
| # listed, resources within the perimeter can only be accessed via Google |
| # Cloud calls with request origins within the perimeter. Example: |
| # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. |
| # For Service Perimeter Bridge, must be empty. |
| "A String", |
| ], |
| "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter |
| # restrictions. For example, if `storage.googleapis.com` is specified, access |
| # to the storage buckets inside the perimeter must meet the perimeter's |
| # access restrictions. |
| "A String", |
| ], |
| }, |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # This resource represents a long-running operation that is the result of a |
| # network API call. |
| "name": "A String", # The server-assigned name, which is only unique within the same service that |
| # originally returns it. If you use the default HTTP mapping, the |
| # `name` should be a resource name ending with `operations/{unique_id}`. |
| "metadata": { # Service-specific metadata associated with the operation. It typically |
| # contains progress information and common metadata such as create time. |
| # Some services might not provide such metadata. Any method that returns a |
| # long-running operation should document the metadata type, if any. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| "response": { # The normal response of the operation in case of success. If the original |
| # method returns no data on success, such as `Delete`, the response is |
| # `google.protobuf.Empty`. If the original method is standard |
| # `Get`/`Create`/`Update`, the response should be the resource. For other |
| # methods, the response should have the type `XxxResponse`, where `Xxx` |
| # is the original method name. For example, if the original method name |
| # is `TakeSnapshot()`, the inferred response type is |
| # `TakeSnapshotResponse`. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| # If `true`, the operation is completed, and either `error` or `response` is |
| # available. |
| "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| # different programming environments, including REST APIs and RPC APIs. It is |
| # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| # three pieces of data: error code, error message, and error details. |
| # |
| # You can find out more about this error model and how to work with it in the |
| # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| "details": [ # A list of messages that carry the error details. There is a common set of |
| # message types for APIs to use. |
| { |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| ], |
| "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| "message": "A String", # A developer-facing error message, which should be in English. Any |
| # user-facing error message should be localized and sent in the |
| # google.rpc.Status.details field, or localized by the client. |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="delete">delete(name, x__xgafv=None)</code> |
| <pre>Delete a Service Perimeter by resource |
| name. The longrunning operation from this RPC will have a successful status |
| once the Service Perimeter has been |
| removed from long-lasting storage. |
| |
| Args: |
| name: string, Required. Resource name for the Service Perimeter. |
| |
| Format: |
| `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}` (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # This resource represents a long-running operation that is the result of a |
| # network API call. |
| "name": "A String", # The server-assigned name, which is only unique within the same service that |
| # originally returns it. If you use the default HTTP mapping, the |
| # `name` should be a resource name ending with `operations/{unique_id}`. |
| "metadata": { # Service-specific metadata associated with the operation. It typically |
| # contains progress information and common metadata such as create time. |
| # Some services might not provide such metadata. Any method that returns a |
| # long-running operation should document the metadata type, if any. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| "response": { # The normal response of the operation in case of success. If the original |
| # method returns no data on success, such as `Delete`, the response is |
| # `google.protobuf.Empty`. If the original method is standard |
| # `Get`/`Create`/`Update`, the response should be the resource. For other |
| # methods, the response should have the type `XxxResponse`, where `Xxx` |
| # is the original method name. For example, if the original method name |
| # is `TakeSnapshot()`, the inferred response type is |
| # `TakeSnapshotResponse`. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| # If `true`, the operation is completed, and either `error` or `response` is |
| # available. |
| "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| # different programming environments, including REST APIs and RPC APIs. It is |
| # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| # three pieces of data: error code, error message, and error details. |
| # |
| # You can find out more about this error model and how to work with it in the |
| # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| "details": [ # A list of messages that carry the error details. There is a common set of |
| # message types for APIs to use. |
| { |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| ], |
| "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| "message": "A String", # A developer-facing error message, which should be in English. Any |
| # user-facing error message should be localized and sent in the |
| # google.rpc.Status.details field, or localized by the client. |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="get">get(name, x__xgafv=None)</code> |
| <pre>Get a Service Perimeter by resource |
| name. |
| |
| Args: |
| name: string, Required. Resource name for the Service Perimeter. |
| |
| Format: |
| `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}` (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # `ServicePerimeter` describes a set of Google Cloud resources which can freely |
| # import and export data amongst themselves, but not export outside of the |
| # `ServicePerimeter`. If a request with a source within this `ServicePerimeter` |
| # has a target outside of the `ServicePerimeter`, the request will be blocked. |
| # Otherwise the request is allowed. There are two types of Service Perimeter - |
| # Regular and Bridge. Regular Service Perimeters cannot overlap, a single |
| # Google Cloud project can only belong to a single regular Service Perimeter. |
| # Service Perimeter Bridges can contain only Google Cloud projects as members, |
| # a single Google Cloud project may belong to multiple Service Perimeter |
| # Bridges. |
| "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect |
| # behavior. |
| "perimeterType": "A String", # Perimeter type indicator. A single project is |
| # allowed to be a member of single regular perimeter, but multiple service |
| # perimeter bridges. A project cannot be a included in a perimeter bridge |
| # without being included in regular perimeter. For perimeter bridges, |
| # the restricted service list as well as access level lists must be |
| # empty. |
| "useExplicitDryRunSpec": True or False, # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly |
| # exists for all Service Perimeters, and that spec is identical to the |
| # status for those Service Perimeters. When this flag is set, it inhibits the |
| # generation of the implicit spec, thereby allowing the user to explicitly |
| # provide a configuration ("spec") to use in a dry-run version of the Service |
| # Perimeter. This allows the user to test changes to the enforced config |
| # ("status") without actually enforcing them. This testing is done through |
| # analyzing the differences between currently enforced and suggested |
| # restrictions. use_explicit_dry_run_spec must bet set to True if any of the |
| # fields in the spec are set to non-default values. |
| "title": "A String", # Human readable title. Must be unique within the Policy. |
| "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name` |
| # component must begin with a letter and only include alphanumeric and '_'. |
| # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}` |
| "spec": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Proposed (or dry run) ServicePerimeter configuration. This configuration |
| # allows to specify and test ServicePerimeter configuration without enforcing |
| # actual access restrictions. Only allowed to be set when the |
| # "use_explicit_dry_run_spec" flag is set. |
| # describe specific Service Perimeter configuration. |
| "resources": [ # A list of Google Cloud resources that are inside of the service perimeter. |
| # Currently only projects are allowed. Format: `projects/{project_number}` |
| "A String", |
| ], |
| "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter. |
| # Perimeter. |
| "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of |
| # APIs specified in 'allowed_services'. |
| "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty |
| # unless 'enable_restriction' is True. |
| "A String", |
| ], |
| }, |
| "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the |
| # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed |
| # must be in the same policy as this `ServicePerimeter`. Referencing a |
| # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are |
| # listed, resources within the perimeter can only be accessed via Google |
| # Cloud calls with request origins within the perimeter. Example: |
| # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. |
| # For Service Perimeter Bridge, must be empty. |
| "A String", |
| ], |
| "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter |
| # restrictions. For example, if `storage.googleapis.com` is specified, access |
| # to the storage buckets inside the perimeter must meet the perimeter's |
| # access restrictions. |
| "A String", |
| ], |
| }, |
| "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources, |
| # restricted services and access levels that determine perimeter |
| # content and boundaries. |
| # describe specific Service Perimeter configuration. |
| "resources": [ # A list of Google Cloud resources that are inside of the service perimeter. |
| # Currently only projects are allowed. Format: `projects/{project_number}` |
| "A String", |
| ], |
| "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter. |
| # Perimeter. |
| "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of |
| # APIs specified in 'allowed_services'. |
| "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty |
| # unless 'enable_restriction' is True. |
| "A String", |
| ], |
| }, |
| "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the |
| # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed |
| # must be in the same policy as this `ServicePerimeter`. Referencing a |
| # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are |
| # listed, resources within the perimeter can only be accessed via Google |
| # Cloud calls with request origins within the perimeter. Example: |
| # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. |
| # For Service Perimeter Bridge, must be empty. |
| "A String", |
| ], |
| "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter |
| # restrictions. For example, if `storage.googleapis.com` is specified, access |
| # to the storage buckets inside the perimeter must meet the perimeter's |
| # access restrictions. |
| "A String", |
| ], |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list">list(parent, pageToken=None, pageSize=None, x__xgafv=None)</code> |
| <pre>List all Service Perimeters for an |
| access policy. |
| |
| Args: |
| parent: string, Required. Resource name for the access policy to list Service Perimeters from. |
| |
| Format: |
| `accessPolicies/{policy_id}` (required) |
| pageToken: string, Next page token for the next batch of Service Perimeter instances. |
| Defaults to the first page of results. |
| pageSize: integer, Number of Service Perimeters to include |
| in the list. Default 100. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A response to `ListServicePerimetersRequest`. |
| "nextPageToken": "A String", # The pagination token to retrieve the next page of results. If the value is |
| # empty, no further results remain. |
| "servicePerimeters": [ # List of the Service Perimeter instances. |
| { # `ServicePerimeter` describes a set of Google Cloud resources which can freely |
| # import and export data amongst themselves, but not export outside of the |
| # `ServicePerimeter`. If a request with a source within this `ServicePerimeter` |
| # has a target outside of the `ServicePerimeter`, the request will be blocked. |
| # Otherwise the request is allowed. There are two types of Service Perimeter - |
| # Regular and Bridge. Regular Service Perimeters cannot overlap, a single |
| # Google Cloud project can only belong to a single regular Service Perimeter. |
| # Service Perimeter Bridges can contain only Google Cloud projects as members, |
| # a single Google Cloud project may belong to multiple Service Perimeter |
| # Bridges. |
| "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect |
| # behavior. |
| "perimeterType": "A String", # Perimeter type indicator. A single project is |
| # allowed to be a member of single regular perimeter, but multiple service |
| # perimeter bridges. A project cannot be a included in a perimeter bridge |
| # without being included in regular perimeter. For perimeter bridges, |
| # the restricted service list as well as access level lists must be |
| # empty. |
| "useExplicitDryRunSpec": True or False, # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly |
| # exists for all Service Perimeters, and that spec is identical to the |
| # status for those Service Perimeters. When this flag is set, it inhibits the |
| # generation of the implicit spec, thereby allowing the user to explicitly |
| # provide a configuration ("spec") to use in a dry-run version of the Service |
| # Perimeter. This allows the user to test changes to the enforced config |
| # ("status") without actually enforcing them. This testing is done through |
| # analyzing the differences between currently enforced and suggested |
| # restrictions. use_explicit_dry_run_spec must bet set to True if any of the |
| # fields in the spec are set to non-default values. |
| "title": "A String", # Human readable title. Must be unique within the Policy. |
| "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name` |
| # component must begin with a letter and only include alphanumeric and '_'. |
| # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}` |
| "spec": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Proposed (or dry run) ServicePerimeter configuration. This configuration |
| # allows to specify and test ServicePerimeter configuration without enforcing |
| # actual access restrictions. Only allowed to be set when the |
| # "use_explicit_dry_run_spec" flag is set. |
| # describe specific Service Perimeter configuration. |
| "resources": [ # A list of Google Cloud resources that are inside of the service perimeter. |
| # Currently only projects are allowed. Format: `projects/{project_number}` |
| "A String", |
| ], |
| "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter. |
| # Perimeter. |
| "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of |
| # APIs specified in 'allowed_services'. |
| "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty |
| # unless 'enable_restriction' is True. |
| "A String", |
| ], |
| }, |
| "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the |
| # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed |
| # must be in the same policy as this `ServicePerimeter`. Referencing a |
| # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are |
| # listed, resources within the perimeter can only be accessed via Google |
| # Cloud calls with request origins within the perimeter. Example: |
| # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. |
| # For Service Perimeter Bridge, must be empty. |
| "A String", |
| ], |
| "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter |
| # restrictions. For example, if `storage.googleapis.com` is specified, access |
| # to the storage buckets inside the perimeter must meet the perimeter's |
| # access restrictions. |
| "A String", |
| ], |
| }, |
| "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources, |
| # restricted services and access levels that determine perimeter |
| # content and boundaries. |
| # describe specific Service Perimeter configuration. |
| "resources": [ # A list of Google Cloud resources that are inside of the service perimeter. |
| # Currently only projects are allowed. Format: `projects/{project_number}` |
| "A String", |
| ], |
| "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter. |
| # Perimeter. |
| "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of |
| # APIs specified in 'allowed_services'. |
| "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty |
| # unless 'enable_restriction' is True. |
| "A String", |
| ], |
| }, |
| "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the |
| # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed |
| # must be in the same policy as this `ServicePerimeter`. Referencing a |
| # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are |
| # listed, resources within the perimeter can only be accessed via Google |
| # Cloud calls with request origins within the perimeter. Example: |
| # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. |
| # For Service Perimeter Bridge, must be empty. |
| "A String", |
| ], |
| "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter |
| # restrictions. For example, if `storage.googleapis.com` is specified, access |
| # to the storage buckets inside the perimeter must meet the perimeter's |
| # access restrictions. |
| "A String", |
| ], |
| }, |
| }, |
| ], |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list_next">list_next(previous_request, previous_response)</code> |
| <pre>Retrieves the next page of results. |
| |
| Args: |
| previous_request: The request for the previous page. (required) |
| previous_response: The response from the request for the previous page. (required) |
| |
| Returns: |
| A request object that you can call 'execute()' on to request the next |
| page. Returns None if there are no more items in the collection. |
| </pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code> |
| <pre>Update a Service Perimeter. The |
| longrunning operation from this RPC will have a successful status once the |
| changes to the Service Perimeter have |
| propagated to long-lasting storage. Service Perimeter containing |
| errors will result in an error response for the first error encountered. |
| |
| Args: |
| name: string, Required. Resource name for the ServicePerimeter. The `short_name` |
| component must begin with a letter and only include alphanumeric and '_'. |
| Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}` (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # `ServicePerimeter` describes a set of Google Cloud resources which can freely |
| # import and export data amongst themselves, but not export outside of the |
| # `ServicePerimeter`. If a request with a source within this `ServicePerimeter` |
| # has a target outside of the `ServicePerimeter`, the request will be blocked. |
| # Otherwise the request is allowed. There are two types of Service Perimeter - |
| # Regular and Bridge. Regular Service Perimeters cannot overlap, a single |
| # Google Cloud project can only belong to a single regular Service Perimeter. |
| # Service Perimeter Bridges can contain only Google Cloud projects as members, |
| # a single Google Cloud project may belong to multiple Service Perimeter |
| # Bridges. |
| "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect |
| # behavior. |
| "perimeterType": "A String", # Perimeter type indicator. A single project is |
| # allowed to be a member of single regular perimeter, but multiple service |
| # perimeter bridges. A project cannot be a included in a perimeter bridge |
| # without being included in regular perimeter. For perimeter bridges, |
| # the restricted service list as well as access level lists must be |
| # empty. |
| "useExplicitDryRunSpec": True or False, # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly |
| # exists for all Service Perimeters, and that spec is identical to the |
| # status for those Service Perimeters. When this flag is set, it inhibits the |
| # generation of the implicit spec, thereby allowing the user to explicitly |
| # provide a configuration ("spec") to use in a dry-run version of the Service |
| # Perimeter. This allows the user to test changes to the enforced config |
| # ("status") without actually enforcing them. This testing is done through |
| # analyzing the differences between currently enforced and suggested |
| # restrictions. use_explicit_dry_run_spec must bet set to True if any of the |
| # fields in the spec are set to non-default values. |
| "title": "A String", # Human readable title. Must be unique within the Policy. |
| "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name` |
| # component must begin with a letter and only include alphanumeric and '_'. |
| # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}` |
| "spec": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Proposed (or dry run) ServicePerimeter configuration. This configuration |
| # allows to specify and test ServicePerimeter configuration without enforcing |
| # actual access restrictions. Only allowed to be set when the |
| # "use_explicit_dry_run_spec" flag is set. |
| # describe specific Service Perimeter configuration. |
| "resources": [ # A list of Google Cloud resources that are inside of the service perimeter. |
| # Currently only projects are allowed. Format: `projects/{project_number}` |
| "A String", |
| ], |
| "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter. |
| # Perimeter. |
| "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of |
| # APIs specified in 'allowed_services'. |
| "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty |
| # unless 'enable_restriction' is True. |
| "A String", |
| ], |
| }, |
| "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the |
| # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed |
| # must be in the same policy as this `ServicePerimeter`. Referencing a |
| # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are |
| # listed, resources within the perimeter can only be accessed via Google |
| # Cloud calls with request origins within the perimeter. Example: |
| # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. |
| # For Service Perimeter Bridge, must be empty. |
| "A String", |
| ], |
| "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter |
| # restrictions. For example, if `storage.googleapis.com` is specified, access |
| # to the storage buckets inside the perimeter must meet the perimeter's |
| # access restrictions. |
| "A String", |
| ], |
| }, |
| "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources, |
| # restricted services and access levels that determine perimeter |
| # content and boundaries. |
| # describe specific Service Perimeter configuration. |
| "resources": [ # A list of Google Cloud resources that are inside of the service perimeter. |
| # Currently only projects are allowed. Format: `projects/{project_number}` |
| "A String", |
| ], |
| "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter. |
| # Perimeter. |
| "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of |
| # APIs specified in 'allowed_services'. |
| "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty |
| # unless 'enable_restriction' is True. |
| "A String", |
| ], |
| }, |
| "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the |
| # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed |
| # must be in the same policy as this `ServicePerimeter`. Referencing a |
| # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are |
| # listed, resources within the perimeter can only be accessed via Google |
| # Cloud calls with request origins within the perimeter. Example: |
| # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. |
| # For Service Perimeter Bridge, must be empty. |
| "A String", |
| ], |
| "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter |
| # restrictions. For example, if `storage.googleapis.com` is specified, access |
| # to the storage buckets inside the perimeter must meet the perimeter's |
| # access restrictions. |
| "A String", |
| ], |
| }, |
| } |
| |
| updateMask: string, Required. Mask to control which fields get updated. Must be non-empty. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # This resource represents a long-running operation that is the result of a |
| # network API call. |
| "name": "A String", # The server-assigned name, which is only unique within the same service that |
| # originally returns it. If you use the default HTTP mapping, the |
| # `name` should be a resource name ending with `operations/{unique_id}`. |
| "metadata": { # Service-specific metadata associated with the operation. It typically |
| # contains progress information and common metadata such as create time. |
| # Some services might not provide such metadata. Any method that returns a |
| # long-running operation should document the metadata type, if any. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| "response": { # The normal response of the operation in case of success. If the original |
| # method returns no data on success, such as `Delete`, the response is |
| # `google.protobuf.Empty`. If the original method is standard |
| # `Get`/`Create`/`Update`, the response should be the resource. For other |
| # methods, the response should have the type `XxxResponse`, where `Xxx` |
| # is the original method name. For example, if the original method name |
| # is `TakeSnapshot()`, the inferred response type is |
| # `TakeSnapshotResponse`. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| # If `true`, the operation is completed, and either `error` or `response` is |
| # available. |
| "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| # different programming environments, including REST APIs and RPC APIs. It is |
| # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| # three pieces of data: error code, error message, and error details. |
| # |
| # You can find out more about this error model and how to work with it in the |
| # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| "details": [ # A list of messages that carry the error details. There is a common set of |
| # message types for APIs to use. |
| { |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| ], |
| "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| "message": "A String", # A developer-facing error message, which should be in English. Any |
| # user-facing error message should be localized and sent in the |
| # google.rpc.Status.details field, or localized by the client. |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="replaceAll">replaceAll(parent, body=None, x__xgafv=None)</code> |
| <pre>Replace all existing Service Perimeters in an |
| Access Policy |
| with the Service Perimeters provided. |
| This is done atomically. The longrunning operation from this |
| RPC will have a successful status once all replacements have propagated to |
| long-lasting storage. Replacements containing errors will result in an |
| error response for the first error encountered. Replacement will be |
| cancelled on error, existing Service Perimeters will not be |
| affected. Operation.response field will contain |
| ReplaceServicePerimetersResponse. |
| |
| Args: |
| parent: string, Required. Resource name for the access policy which owns these |
| Service Perimeters. |
| |
| Format: `accessPolicies/{policy_id}` (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # A request to replace all existing Service Perimeters in an Access Policy |
| # with the Service Perimeters provided. This is done atomically. |
| "servicePerimeters": [ # Required. The desired Service Perimeters that should |
| # replace all existing Service Perimeters in the |
| # Access Policy. |
| { # `ServicePerimeter` describes a set of Google Cloud resources which can freely |
| # import and export data amongst themselves, but not export outside of the |
| # `ServicePerimeter`. If a request with a source within this `ServicePerimeter` |
| # has a target outside of the `ServicePerimeter`, the request will be blocked. |
| # Otherwise the request is allowed. There are two types of Service Perimeter - |
| # Regular and Bridge. Regular Service Perimeters cannot overlap, a single |
| # Google Cloud project can only belong to a single regular Service Perimeter. |
| # Service Perimeter Bridges can contain only Google Cloud projects as members, |
| # a single Google Cloud project may belong to multiple Service Perimeter |
| # Bridges. |
| "description": "A String", # Description of the `ServicePerimeter` and its use. Does not affect |
| # behavior. |
| "perimeterType": "A String", # Perimeter type indicator. A single project is |
| # allowed to be a member of single regular perimeter, but multiple service |
| # perimeter bridges. A project cannot be a included in a perimeter bridge |
| # without being included in regular perimeter. For perimeter bridges, |
| # the restricted service list as well as access level lists must be |
| # empty. |
| "useExplicitDryRunSpec": True or False, # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly |
| # exists for all Service Perimeters, and that spec is identical to the |
| # status for those Service Perimeters. When this flag is set, it inhibits the |
| # generation of the implicit spec, thereby allowing the user to explicitly |
| # provide a configuration ("spec") to use in a dry-run version of the Service |
| # Perimeter. This allows the user to test changes to the enforced config |
| # ("status") without actually enforcing them. This testing is done through |
| # analyzing the differences between currently enforced and suggested |
| # restrictions. use_explicit_dry_run_spec must bet set to True if any of the |
| # fields in the spec are set to non-default values. |
| "title": "A String", # Human readable title. Must be unique within the Policy. |
| "name": "A String", # Required. Resource name for the ServicePerimeter. The `short_name` |
| # component must begin with a letter and only include alphanumeric and '_'. |
| # Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}` |
| "spec": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Proposed (or dry run) ServicePerimeter configuration. This configuration |
| # allows to specify and test ServicePerimeter configuration without enforcing |
| # actual access restrictions. Only allowed to be set when the |
| # "use_explicit_dry_run_spec" flag is set. |
| # describe specific Service Perimeter configuration. |
| "resources": [ # A list of Google Cloud resources that are inside of the service perimeter. |
| # Currently only projects are allowed. Format: `projects/{project_number}` |
| "A String", |
| ], |
| "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter. |
| # Perimeter. |
| "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of |
| # APIs specified in 'allowed_services'. |
| "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty |
| # unless 'enable_restriction' is True. |
| "A String", |
| ], |
| }, |
| "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the |
| # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed |
| # must be in the same policy as this `ServicePerimeter`. Referencing a |
| # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are |
| # listed, resources within the perimeter can only be accessed via Google |
| # Cloud calls with request origins within the perimeter. Example: |
| # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. |
| # For Service Perimeter Bridge, must be empty. |
| "A String", |
| ], |
| "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter |
| # restrictions. For example, if `storage.googleapis.com` is specified, access |
| # to the storage buckets inside the perimeter must meet the perimeter's |
| # access restrictions. |
| "A String", |
| ], |
| }, |
| "status": { # `ServicePerimeterConfig` specifies a set of Google Cloud resources that # Current ServicePerimeter configuration. Specifies sets of resources, |
| # restricted services and access levels that determine perimeter |
| # content and boundaries. |
| # describe specific Service Perimeter configuration. |
| "resources": [ # A list of Google Cloud resources that are inside of the service perimeter. |
| # Currently only projects are allowed. Format: `projects/{project_number}` |
| "A String", |
| ], |
| "vpcAccessibleServices": { # Specifies how APIs are allowed to communicate within the Service # Configuration for APIs allowed within Perimeter. |
| # Perimeter. |
| "enableRestriction": True or False, # Whether to restrict API calls within the Service Perimeter to the list of |
| # APIs specified in 'allowed_services'. |
| "allowedServices": [ # The list of APIs usable within the Service Perimeter. Must be empty |
| # unless 'enable_restriction' is True. |
| "A String", |
| ], |
| }, |
| "accessLevels": [ # A list of `AccessLevel` resource names that allow resources within the |
| # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed |
| # must be in the same policy as this `ServicePerimeter`. Referencing a |
| # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are |
| # listed, resources within the perimeter can only be accessed via Google |
| # Cloud calls with request origins within the perimeter. Example: |
| # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. |
| # For Service Perimeter Bridge, must be empty. |
| "A String", |
| ], |
| "restrictedServices": [ # Google Cloud services that are subject to the Service Perimeter |
| # restrictions. For example, if `storage.googleapis.com` is specified, access |
| # to the storage buckets inside the perimeter must meet the perimeter's |
| # access restrictions. |
| "A String", |
| ], |
| }, |
| }, |
| ], |
| "etag": "A String", # Optional. The etag for the version of the Access Policy that this |
| # replace operation is to be performed on. If, at the time of replace, the |
| # etag for the Access Policy stored in Access Context Manager is different |
| # from the specified etag, then the replace operation will not be performed |
| # and the call will fail. This field is not required. If etag is not |
| # provided, the operation will be performed as if a valid etag is provided. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # This resource represents a long-running operation that is the result of a |
| # network API call. |
| "name": "A String", # The server-assigned name, which is only unique within the same service that |
| # originally returns it. If you use the default HTTP mapping, the |
| # `name` should be a resource name ending with `operations/{unique_id}`. |
| "metadata": { # Service-specific metadata associated with the operation. It typically |
| # contains progress information and common metadata such as create time. |
| # Some services might not provide such metadata. Any method that returns a |
| # long-running operation should document the metadata type, if any. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| "response": { # The normal response of the operation in case of success. If the original |
| # method returns no data on success, such as `Delete`, the response is |
| # `google.protobuf.Empty`. If the original method is standard |
| # `Get`/`Create`/`Update`, the response should be the resource. For other |
| # methods, the response should have the type `XxxResponse`, where `Xxx` |
| # is the original method name. For example, if the original method name |
| # is `TakeSnapshot()`, the inferred response type is |
| # `TakeSnapshotResponse`. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| # If `true`, the operation is completed, and either `error` or `response` is |
| # available. |
| "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| # different programming environments, including REST APIs and RPC APIs. It is |
| # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| # three pieces of data: error code, error message, and error details. |
| # |
| # You can find out more about this error model and how to work with it in the |
| # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| "details": [ # A list of messages that carry the error details. There is a common set of |
| # message types for APIs to use. |
| { |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| ], |
| "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| "message": "A String", # A developer-facing error message, which should be in English. Any |
| # user-facing error message should be localized and sent in the |
| # google.rpc.Status.details field, or localized by the client. |
| }, |
| }</pre> |
| </div> |
| |
| </body></html> |