| <html><body> |
| <style> |
| |
| body, h1, h2, h3, div, span, p, pre, a { |
| margin: 0; |
| padding: 0; |
| border: 0; |
| font-weight: inherit; |
| font-style: inherit; |
| font-size: 100%; |
| font-family: inherit; |
| vertical-align: baseline; |
| } |
| |
| body { |
| font-size: 13px; |
| padding: 1em; |
| } |
| |
| h1 { |
| font-size: 26px; |
| margin-bottom: 1em; |
| } |
| |
| h2 { |
| font-size: 24px; |
| margin-bottom: 1em; |
| } |
| |
| h3 { |
| font-size: 20px; |
| margin-bottom: 1em; |
| margin-top: 1em; |
| } |
| |
| pre, code { |
| line-height: 1.5; |
| font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| } |
| |
| pre { |
| margin-top: 0.5em; |
| } |
| |
| h1, h2, h3, p { |
| font-family: Arial, sans serif; |
| } |
| |
| h1, h2, h3 { |
| border-bottom: solid #CCC 1px; |
| } |
| |
| .toc_element { |
| margin-top: 0.5em; |
| } |
| |
| .firstline { |
| margin-left: 2 em; |
| } |
| |
| .method { |
| margin-top: 1em; |
| border: solid 1px #CCC; |
| padding: 1em; |
| background: #EEE; |
| } |
| |
| .details { |
| font-weight: bold; |
| font-size: 14px; |
| } |
| |
| </style> |
| |
| <h1><a href="healthcare_v1beta1.html">Cloud Healthcare API</a> . <a href="healthcare_v1beta1.projects.html">projects</a> . <a href="healthcare_v1beta1.projects.locations.html">locations</a> . <a href="healthcare_v1beta1.projects.locations.datasets.html">datasets</a> . <a href="healthcare_v1beta1.projects.locations.datasets.fhirStores.html">fhirStores</a></h1> |
| <h2>Instance Methods</h2> |
| <p class="toc_element"> |
| <code><a href="healthcare_v1beta1.projects.locations.datasets.fhirStores.fhir.html">fhir()</a></code> |
| </p> |
| <p class="firstline">Returns the fhir Resource.</p> |
| |
| <p class="toc_element"> |
| <code><a href="#create">create(parent, body=None, fhirStoreId=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Creates a new FHIR store within the parent dataset.</p> |
| <p class="toc_element"> |
| <code><a href="#deidentify">deidentify(sourceStore, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">De-identifies data from the source store and writes it to the destination</p> |
| <p class="toc_element"> |
| <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> |
| <p class="firstline">Deletes the specified FHIR store and removes all resources within it.</p> |
| <p class="toc_element"> |
| <code><a href="#export">export(name, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Export resources from the FHIR store to the specified destination.</p> |
| <p class="toc_element"> |
| <code><a href="#get">get(name, x__xgafv=None)</a></code></p> |
| <p class="firstline">Gets the configuration of the specified FHIR store.</p> |
| <p class="toc_element"> |
| <code><a href="#getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Gets the access control policy for a resource.</p> |
| <p class="toc_element"> |
| <code><a href="#import_">import_(name, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Import resources to the FHIR store by loading data from the specified</p> |
| <p class="toc_element"> |
| <code><a href="#list">list(parent, pageToken=None, filter=None, pageSize=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Lists the FHIR stores in the given dataset.</p> |
| <p class="toc_element"> |
| <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> |
| <p class="firstline">Retrieves the next page of results.</p> |
| <p class="toc_element"> |
| <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Updates the configuration of the specified FHIR store.</p> |
| <p class="toc_element"> |
| <code><a href="#setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Sets the access control policy on the specified resource. Replaces any</p> |
| <p class="toc_element"> |
| <code><a href="#testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Returns permissions that a caller has on the specified resource.</p> |
| <h3>Method Details</h3> |
| <div class="method"> |
| <code class="details" id="create">create(parent, body=None, fhirStoreId=None, x__xgafv=None)</code> |
| <pre>Creates a new FHIR store within the parent dataset. |
| |
| Args: |
| parent: string, The name of the dataset this FHIR store belongs to. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Represents a FHIR store. |
| "version": "A String", # The FHIR specification version that this FHIR store supports natively. This |
| # field is immutable after store creation. Requests are rejected if they |
| # contain FHIR resources of a different version. |
| # An empty value is treated as STU3. |
| "notificationConfig": { # Specifies where to send notifications upon changes to a data store. # If non-empty, publish all resource modifications of this FHIR store to |
| # this destination. The Cloud Pub/Sub message attributes contain a map |
| # with a string describing the action that has triggered the notification. |
| # For example, "action":"CreateResource". |
| "pubsubTopic": "A String", # The [Cloud Pub/Sub](https://cloud.google.com/pubsub/docs/) topic that |
| # notifications of changes are published on. Supplied by the client. |
| # PubsubMessage.Data contains the resource name. |
| # PubsubMessage.MessageId is the ID of this message. It is guaranteed to be |
| # unique within the topic. |
| # PubsubMessage.PublishTime is the time at which the message was published. |
| # Notifications are only sent if the topic is |
| # non-empty. [Topic |
| # names](https://cloud.google.com/pubsub/docs/overview#names) must be scoped |
| # to a project. Cloud Healthcare API service account must have publisher |
| # permissions on the given Cloud Pub/Sub topic. Not having adequate |
| # permissions causes the calls that send notifications to fail. |
| # |
| # If a notification can't be published to Cloud Pub/Sub, errors are logged to |
| # Cloud Logging (see [Viewing |
| # logs](/healthcare/docs/how-tos/logging)). If the number of |
| # errors exceeds a certain rate, some aren't submitted. |
| }, |
| "disableResourceVersioning": True or False, # Whether to disable resource versioning for this FHIR store. This field can |
| # not be changed after the creation of FHIR store. |
| # If set to false, which is the default behavior, all write operations |
| # cause historical versions to be recorded automatically. The historical |
| # versions can be fetched through the history APIs, but cannot be updated. |
| # If set to true, no historical versions are kept. The server sends |
| # errors for attempts to read the historical versions. |
| "disableReferentialIntegrity": True or False, # Whether to disable referential integrity in this FHIR store. This field is |
| # immutable after FHIR store creation. |
| # The default value is false, meaning that the API enforces referential |
| # integrity and fails the requests that result in inconsistent state in |
| # the FHIR store. |
| # When this field is set to true, the API skips referential integrity |
| # checks. Consequently, operations that rely on references, such as |
| # GetPatientEverything, do not return all the results if broken references |
| # exist. |
| "enableUpdateCreate": True or False, # Whether this FHIR store has the [updateCreate |
| # capability](https://www.hl7.org/fhir/capabilitystatement-definitions.html#CapabilityStatement.rest.resource.updateCreate). |
| # This determines if the client can use an Update operation to create a new |
| # resource with a client-specified ID. If false, all IDs are server-assigned |
| # through the Create operation and attempts to update a non-existent resource |
| # return errors. Please treat the audit logs with appropriate levels of |
| # care if client-specified resource IDs contain sensitive data such as |
| # patient identifiers, those IDs are part of the FHIR resource path |
| # recorded in Cloud audit logs and Cloud Pub/Sub notifications. |
| "streamConfigs": [ # A list of streaming configs that configure the destinations of streaming |
| # export for every resource mutation in this FHIR store. Each store is |
| # allowed to have up to 10 streaming configs. |
| # After a new config is added, the next resource mutation is streamed to |
| # the new location in addition to the existing ones. |
| # When a location is removed from the list, the server stops |
| # streaming to that location. Before adding a new config, you must add the |
| # required |
| # [`bigquery.dataEditor`](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataEditor) |
| # role to your project's **Cloud Healthcare Service Agent** |
| # [service account](https://cloud.google.com/iam/docs/service-accounts). |
| # Some lag (typically on the order of dozens of seconds) is expected before |
| # the results show up in the streaming destination. |
| { # Contains configuration for streaming FHIR export. |
| "bigqueryDestination": { # The configuration for exporting to BigQuery. # The destination BigQuery structure that contains both the dataset |
| # location and corresponding schema config. |
| # |
| # The output is organized in one table per resource type. The server |
| # reuses the existing tables (if any) that are named after the resource |
| # types, e.g. "Patient", "Observation". When there is no existing table |
| # for a given resource type, the server attempts to create one. |
| # |
| # When a table schema doesn't align with the schema config, either |
| # because of existing incompatible schema or out of band incompatible |
| # modification, the server does not stream in new data. |
| # |
| # One resolution in this case is to delete the incompatible |
| # table and let the server recreate one, though the newly created table |
| # only contains data after the table recreation. |
| # |
| # BigQuery imposes a 1 MB limit on streaming insert row size, therefore |
| # any resource mutation that generates more than 1 MB of BigQuery data |
| # will not be streamed. |
| # |
| # Results are appended to the corresponding BigQuery tables. Different |
| # versions of the same resource are distinguishable by the meta.versionId |
| # and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that |
| # results in the new version is recorded in the meta.tag. |
| # |
| # The tables contain all historical resource versions since streaming was |
| # enabled. For query convenience, the server also creates one view per |
| # table of the same name containing only the current resource version. |
| # |
| # The streamed data in the BigQuery dataset is not guaranteed to be |
| # completely unique. The combination of the id and meta.versionId columns |
| # should ideally identify a single unique row. But in rare cases, |
| # duplicates may exist. At query time, users may use the SQL select |
| # statement to keep only one of the duplicate rows given an id and |
| # meta.versionId pair. Alternatively, the server created view mentioned |
| # above also filters out duplicates. |
| # |
| # If a resource mutation cannot be streamed to BigQuery, errors will be |
| # logged to Cloud Logging (see [Viewing logs](/healthcare/docs/how- |
| # tos/logging)). |
| "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server # The configuration for the exported BigQuery schema. |
| # generates the schema. |
| "schemaType": "A String", # Specifies the output schema type. If unspecified, the default is |
| # `LOSSLESS`. |
| "recursiveStructureDepth": "A String", # The depth for all recursive structures in the output analytics |
| # schema. For example, `concept` in the CodeSystem resource is a recursive |
| # structure; when the depth is 2, the CodeSystem table will have a column |
| # called `concept.concept` but not `concept.concept.concept`. If not |
| # specified or set to 0, the server will use the default value 2. The |
| # maximum depth allowed is 5. |
| }, |
| "datasetUri": "A String", # BigQuery URI to a dataset, up to 2000 characters long, in the format |
| # `bq://projectId.bqDatasetId` |
| "force": True or False, # If this flag is `TRUE`, all tables will be deleted from the dataset before |
| # the new exported tables are written. If the flag is not set and the |
| # destination dataset contains tables, the export call returns an error. |
| }, |
| "resourceTypes": [ # Supply a FHIR resource type (such as "Patient" or "Observation"). |
| # See https://www.hl7.org/fhir/valueset-resource-types.html for a list of |
| # all FHIR resource types. |
| # The server treats an empty list as an intent to stream all the |
| # supported resource types in this FHIR store. |
| "A String", |
| ], |
| }, |
| ], |
| "defaultSearchHandlingStrict": True or False, # If true, overrides the default search behavior for this FHIR store to |
| # `handling=strict` which returns an error for unrecognized search |
| # parameters. If false, uses the FHIR specification default |
| # `handling=lenient` which ignores unrecognized search parameters. |
| # The handling can always be changed from the default on an individual API |
| # call by setting the HTTP header `Prefer: handling=strict` or |
| # `Prefer: handling=lenient`. |
| "name": "A String", # Output only. Resource name of the FHIR store, of the form |
| # `projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. |
| "labels": { # User-supplied key-value pairs used to organize FHIR stores. |
| # |
| # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding |
| # of maximum 128 bytes, and must conform to the |
| # following PCRE regular expression: |
| # \p{Ll}\p{Lo}{0,62} |
| # |
| # Label values are optional, must be between 1 and 63 characters long, have |
| # a UTF-8 encoding of maximum 128 bytes, and must conform to the |
| # following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} |
| # |
| # No more than 64 labels can be associated with a given store. |
| "a_key": "A String", |
| }, |
| } |
| |
| fhirStoreId: string, The ID of the FHIR store that is being created. |
| The string must match the following regex: `[\p{L}\p{N}_\-\.]{1,256}`. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Represents a FHIR store. |
| "version": "A String", # The FHIR specification version that this FHIR store supports natively. This |
| # field is immutable after store creation. Requests are rejected if they |
| # contain FHIR resources of a different version. |
| # An empty value is treated as STU3. |
| "notificationConfig": { # Specifies where to send notifications upon changes to a data store. # If non-empty, publish all resource modifications of this FHIR store to |
| # this destination. The Cloud Pub/Sub message attributes contain a map |
| # with a string describing the action that has triggered the notification. |
| # For example, "action":"CreateResource". |
| "pubsubTopic": "A String", # The [Cloud Pub/Sub](https://cloud.google.com/pubsub/docs/) topic that |
| # notifications of changes are published on. Supplied by the client. |
| # PubsubMessage.Data contains the resource name. |
| # PubsubMessage.MessageId is the ID of this message. It is guaranteed to be |
| # unique within the topic. |
| # PubsubMessage.PublishTime is the time at which the message was published. |
| # Notifications are only sent if the topic is |
| # non-empty. [Topic |
| # names](https://cloud.google.com/pubsub/docs/overview#names) must be scoped |
| # to a project. Cloud Healthcare API service account must have publisher |
| # permissions on the given Cloud Pub/Sub topic. Not having adequate |
| # permissions causes the calls that send notifications to fail. |
| # |
| # If a notification can't be published to Cloud Pub/Sub, errors are logged to |
| # Cloud Logging (see [Viewing |
| # logs](/healthcare/docs/how-tos/logging)). If the number of |
| # errors exceeds a certain rate, some aren't submitted. |
| }, |
| "disableResourceVersioning": True or False, # Whether to disable resource versioning for this FHIR store. This field can |
| # not be changed after the creation of FHIR store. |
| # If set to false, which is the default behavior, all write operations |
| # cause historical versions to be recorded automatically. The historical |
| # versions can be fetched through the history APIs, but cannot be updated. |
| # If set to true, no historical versions are kept. The server sends |
| # errors for attempts to read the historical versions. |
| "disableReferentialIntegrity": True or False, # Whether to disable referential integrity in this FHIR store. This field is |
| # immutable after FHIR store creation. |
| # The default value is false, meaning that the API enforces referential |
| # integrity and fails the requests that result in inconsistent state in |
| # the FHIR store. |
| # When this field is set to true, the API skips referential integrity |
| # checks. Consequently, operations that rely on references, such as |
| # GetPatientEverything, do not return all the results if broken references |
| # exist. |
| "enableUpdateCreate": True or False, # Whether this FHIR store has the [updateCreate |
| # capability](https://www.hl7.org/fhir/capabilitystatement-definitions.html#CapabilityStatement.rest.resource.updateCreate). |
| # This determines if the client can use an Update operation to create a new |
| # resource with a client-specified ID. If false, all IDs are server-assigned |
| # through the Create operation and attempts to update a non-existent resource |
| # return errors. Please treat the audit logs with appropriate levels of |
| # care if client-specified resource IDs contain sensitive data such as |
| # patient identifiers, those IDs are part of the FHIR resource path |
| # recorded in Cloud audit logs and Cloud Pub/Sub notifications. |
| "streamConfigs": [ # A list of streaming configs that configure the destinations of streaming |
| # export for every resource mutation in this FHIR store. Each store is |
| # allowed to have up to 10 streaming configs. |
| # After a new config is added, the next resource mutation is streamed to |
| # the new location in addition to the existing ones. |
| # When a location is removed from the list, the server stops |
| # streaming to that location. Before adding a new config, you must add the |
| # required |
| # [`bigquery.dataEditor`](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataEditor) |
| # role to your project's **Cloud Healthcare Service Agent** |
| # [service account](https://cloud.google.com/iam/docs/service-accounts). |
| # Some lag (typically on the order of dozens of seconds) is expected before |
| # the results show up in the streaming destination. |
| { # Contains configuration for streaming FHIR export. |
| "bigqueryDestination": { # The configuration for exporting to BigQuery. # The destination BigQuery structure that contains both the dataset |
| # location and corresponding schema config. |
| # |
| # The output is organized in one table per resource type. The server |
| # reuses the existing tables (if any) that are named after the resource |
| # types, e.g. "Patient", "Observation". When there is no existing table |
| # for a given resource type, the server attempts to create one. |
| # |
| # When a table schema doesn't align with the schema config, either |
| # because of existing incompatible schema or out of band incompatible |
| # modification, the server does not stream in new data. |
| # |
| # One resolution in this case is to delete the incompatible |
| # table and let the server recreate one, though the newly created table |
| # only contains data after the table recreation. |
| # |
| # BigQuery imposes a 1 MB limit on streaming insert row size, therefore |
| # any resource mutation that generates more than 1 MB of BigQuery data |
| # will not be streamed. |
| # |
| # Results are appended to the corresponding BigQuery tables. Different |
| # versions of the same resource are distinguishable by the meta.versionId |
| # and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that |
| # results in the new version is recorded in the meta.tag. |
| # |
| # The tables contain all historical resource versions since streaming was |
| # enabled. For query convenience, the server also creates one view per |
| # table of the same name containing only the current resource version. |
| # |
| # The streamed data in the BigQuery dataset is not guaranteed to be |
| # completely unique. The combination of the id and meta.versionId columns |
| # should ideally identify a single unique row. But in rare cases, |
| # duplicates may exist. At query time, users may use the SQL select |
| # statement to keep only one of the duplicate rows given an id and |
| # meta.versionId pair. Alternatively, the server created view mentioned |
| # above also filters out duplicates. |
| # |
| # If a resource mutation cannot be streamed to BigQuery, errors will be |
| # logged to Cloud Logging (see [Viewing logs](/healthcare/docs/how- |
| # tos/logging)). |
| "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server # The configuration for the exported BigQuery schema. |
| # generates the schema. |
| "schemaType": "A String", # Specifies the output schema type. If unspecified, the default is |
| # `LOSSLESS`. |
| "recursiveStructureDepth": "A String", # The depth for all recursive structures in the output analytics |
| # schema. For example, `concept` in the CodeSystem resource is a recursive |
| # structure; when the depth is 2, the CodeSystem table will have a column |
| # called `concept.concept` but not `concept.concept.concept`. If not |
| # specified or set to 0, the server will use the default value 2. The |
| # maximum depth allowed is 5. |
| }, |
| "datasetUri": "A String", # BigQuery URI to a dataset, up to 2000 characters long, in the format |
| # `bq://projectId.bqDatasetId` |
| "force": True or False, # If this flag is `TRUE`, all tables will be deleted from the dataset before |
| # the new exported tables are written. If the flag is not set and the |
| # destination dataset contains tables, the export call returns an error. |
| }, |
| "resourceTypes": [ # Supply a FHIR resource type (such as "Patient" or "Observation"). |
| # See https://www.hl7.org/fhir/valueset-resource-types.html for a list of |
| # all FHIR resource types. |
| # The server treats an empty list as an intent to stream all the |
| # supported resource types in this FHIR store. |
| "A String", |
| ], |
| }, |
| ], |
| "defaultSearchHandlingStrict": True or False, # If true, overrides the default search behavior for this FHIR store to |
| # `handling=strict` which returns an error for unrecognized search |
| # parameters. If false, uses the FHIR specification default |
| # `handling=lenient` which ignores unrecognized search parameters. |
| # The handling can always be changed from the default on an individual API |
| # call by setting the HTTP header `Prefer: handling=strict` or |
| # `Prefer: handling=lenient`. |
| "name": "A String", # Output only. Resource name of the FHIR store, of the form |
| # `projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. |
| "labels": { # User-supplied key-value pairs used to organize FHIR stores. |
| # |
| # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding |
| # of maximum 128 bytes, and must conform to the |
| # following PCRE regular expression: |
| # \p{Ll}\p{Lo}{0,62} |
| # |
| # Label values are optional, must be between 1 and 63 characters long, have |
| # a UTF-8 encoding of maximum 128 bytes, and must conform to the |
| # following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} |
| # |
| # No more than 64 labels can be associated with a given store. |
| "a_key": "A String", |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="deidentify">deidentify(sourceStore, body=None, x__xgafv=None)</code> |
| <pre>De-identifies data from the source store and writes it to the destination |
| store. The metadata field type |
| is OperationMetadata. |
| If the request is successful, the |
| response field type is |
| DeidentifyFhirStoreSummary. If errors occur, |
| error |
| details field type is |
| DeidentifyErrorDetails. |
| Errors are also logged to Cloud Logging |
| (see [Viewing logs](/healthcare/docs/how-tos/logging)). |
| |
| Args: |
| sourceStore: string, Source FHIR store resource name. For example, |
| `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Creates a new FHIR store with sensitive information de-identified. |
| "resourceFilter": { # Filter configuration. # A filter specifying the resources to include in the output. If not |
| # specified, all resources are included in the output. |
| "resources": { # A list of FHIR resources. # List of resources to include in the output. If this list is empty or |
| # not specified, all resources are included in the output. |
| "resources": [ # List of resources IDs. For example, "Patient/1234". |
| "A String", |
| ], |
| }, |
| }, |
| "config": { # Configures de-id options specific to different types of content. # Deidentify configuration. |
| # Each submessage customizes the handling of an |
| # https://tools.ietf.org/html/rfc6838 media type or subtype. Configs are |
| # applied in a nested manner at runtime. |
| "dicom": { # Specifies the parameters needed for de-identification of DICOM stores. # Configures de-id of application/DICOM content. |
| "removeList": { # List of tags to be filtered. # List of tags to remove. Keep all other tags. |
| "tags": [ # Tags to be filtered. Tags must be DICOM Data Elements, File Meta |
| # Elements, or Directory Structuring Elements, as defined at: |
| # http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,. |
| # They may be provided by "Keyword" or "Tag". For example, "PatientID", |
| # "00100010". |
| "A String", |
| ], |
| }, |
| "keepList": { # List of tags to be filtered. # List of tags to keep. Remove all other tags. |
| "tags": [ # Tags to be filtered. Tags must be DICOM Data Elements, File Meta |
| # Elements, or Directory Structuring Elements, as defined at: |
| # http://dicom.nema.org/medical/dicom/current/output/html/part06.html#table_6-1,. |
| # They may be provided by "Keyword" or "Tag". For example, "PatientID", |
| # "00100010". |
| "A String", |
| ], |
| }, |
| "filterProfile": "A String", # Tag filtering profile that determines which tags to keep/remove. |
| "skipIdRedaction": True or False, # If true, skip replacing StudyInstanceUID, SeriesInstanceUID, |
| # SOPInstanceUID, and MediaStorageSOPInstanceUID and leave them untouched. |
| # The Cloud Healthcare API regenerates these UIDs by default based on the |
| # DICOM Standard's reasoning: "Whilst these UIDs cannot be mapped directly |
| # to an individual out of context, given access to the original images, or |
| # to a database of the original images containing the UIDs, it would be |
| # possible to recover the individual's identity." |
| # http://dicom.nema.org/medical/dicom/current/output/chtml/part15/sect_E.3.9.html |
| }, |
| "image": { # Specifies how to handle de-identification of image pixels. # Configures de-identification of image pixels wherever they are found in the |
| # source_dataset. |
| "textRedactionMode": "A String", # Determines how to redact text from image. |
| }, |
| "fhir": { # Specifies how to handle de-identification of a FHIR store. # Configures de-id of application/FHIR content. |
| "fieldMetadataList": [ # Specifies FHIR paths to match and how to transform them. Any field that |
| # is not matched by a FieldMetadata is passed through to the output |
| # dataset unmodified. All extensions are removed in the output. |
| # If a field can be matched by more than one FieldMetadata, the first |
| # FieldMetadata.Action is applied. |
| { # Specifies FHIR paths to match, and how to handle de-identification of |
| # matching fields. |
| "paths": [ # List of paths to FHIR fields to redact. Each path is a |
| # period-separated list where each component is either a field name or |
| # FHIR type name. All types begin with an upper case letter. For example, |
| # the resource field "Patient.Address.city", which uses a string type, |
| # can be matched by "Patient.Address.String". Path also supports partial |
| # matching. For example, "Patient.Address.city" can be matched by |
| # "Address.city" (Patient omitted). Partial matching and type matching |
| # can be combined. For example, "Patient.Address.city" can be matched by |
| # "Address.String". For "choice" types (those defined in the FHIR spec |
| # with the form: field[x]), use two separate components. For example, |
| # "deceasedAge.unit" is matched by "Deceased.Age.unit". Supported types |
| # are: AdministrativeGenderCode, Code, Date, DateTime, Decimal, |
| # HumanName, Id, LanguageCode, Markdown, Oid, String, Uri, Uuid, Xhtml. |
| # The sub-type for HumanName, such as HumanName.given or |
| # HumanName.family, can be omitted. |
| "A String", |
| ], |
| "action": "A String", # Deidentify action for one field. |
| }, |
| ], |
| }, |
| "annotation": { # Specifies how to store annotations during de-identification operation. # Configures how annotations, meaning that the location and infoType |
| # of sensitive information findings, are created during de-identification. |
| # If unspecified, no annotations are created. |
| "storeQuote": True or False, # If set to true, the sensitive texts are included in |
| # SensitiveTextAnnotation |
| # of Annotation. |
| "annotationStoreName": "A String", # The name of the annotation store, in the form |
| # `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/annotationStores/{annotation_store_id}`). |
| # |
| # * The destination annotation store must be in the same project as the |
| # source data. De-identifying data across multiple projects is not |
| # supported. |
| # * The destination annotation store must exist when using |
| # DeidentifyDicomStore or |
| # DeidentifyFhirStore. |
| # DeidentifyDataset |
| # automatically creates the destination annotation store. |
| }, |
| "text": { # Configures de-identification of text wherever it is found in the |
| # source_dataset. |
| "transformations": [ # The transformations to apply to the detected data. |
| { # A transformation to apply to text that is identified as a specific |
| # info_type. |
| "replaceWithInfoTypeConfig": { # When using the # Config for replace with InfoType. |
| # INSPECT_AND_TRANSFORM |
| # action, each match is replaced with the name of the info_type. For example, |
| # "My name is Jane" becomes "My name is [PERSON_NAME]." The |
| # TRANSFORM |
| # action is equivalent to redacting. |
| }, |
| "characterMaskConfig": { # Mask a string by replacing its characters with a fixed character. # Config for character mask. |
| "maskingCharacter": "A String", # Character to mask the sensitive values. If not supplied, defaults to "*". |
| }, |
| "redactConfig": { # Define how to redact sensitive values. Default behaviour is erase. # Config for text redaction. |
| # For example, "My name is Jane." becomes "My name is ." |
| }, |
| "infoTypes": [ # InfoTypes to apply this transformation to. If this is not specified, this |
| # transformation becomes the default transformation, and is used for any |
| # info_type that is not specified in another transformation. |
| "A String", |
| ], |
| "dateShiftConfig": { # Shift a date forward or backward in time by a random amount which is # Config for date shift. |
| # consistent for a given patient and crypto key combination. |
| "cryptoKey": "A String", # An AES 128/192/256 bit key. Causes the shift to be computed based on this |
| # key and the patient ID. A default key is generated for each |
| # Deidentify operation and is used wherever crypto_key is not specified. |
| }, |
| "cryptoHashConfig": { # Pseudonymization method that generates surrogates via cryptographic hashing. # Config for crypto hash. |
| # Uses SHA-256. |
| # Outputs a base64-encoded representation of the hashed output. |
| # For example, `L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=`. |
| "cryptoKey": "A String", # An AES 128/192/256 bit key. Causes the hash to be computed based on this |
| # key. A default key is generated for each Deidentify operation and is used |
| # wherever crypto_key is not specified. |
| }, |
| }, |
| ], |
| }, |
| }, |
| "destinationStore": "A String", # The name of the FHIR store to create and write the redacted data to. |
| # For example, |
| # `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. |
| # |
| # * The destination dataset must exist. |
| # * The source dataset and destination dataset must both reside in the same |
| # project. De-identifying data across multiple projects is not supported. |
| # * The destination FHIR store must exist. |
| # * The caller must have the healthcare.fhirResources.update permission to |
| # write to the destination FHIR store. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # This resource represents a long-running operation that is the result of a |
| # network API call. |
| "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| # If `true`, the operation is completed, and either `error` or `response` is |
| # available. |
| "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| # different programming environments, including REST APIs and RPC APIs. It is |
| # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| # three pieces of data: error code, error message, and error details. |
| # |
| # You can find out more about this error model and how to work with it in the |
| # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| "message": "A String", # A developer-facing error message, which should be in English. Any |
| # user-facing error message should be localized and sent in the |
| # google.rpc.Status.details field, or localized by the client. |
| "details": [ # A list of messages that carry the error details. There is a common set of |
| # message types for APIs to use. |
| { |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| ], |
| }, |
| "metadata": { # Service-specific metadata associated with the operation. It typically |
| # contains progress information and common metadata such as create time. |
| # Some services might not provide such metadata. Any method that returns a |
| # long-running operation should document the metadata type, if any. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| "name": "A String", # The server-assigned name, which is only unique within the same service that |
| # originally returns it. If you use the default HTTP mapping, the |
| # `name` should be a resource name ending with `operations/{unique_id}`. |
| "response": { # The normal response of the operation in case of success. If the original |
| # method returns no data on success, such as `Delete`, the response is |
| # `google.protobuf.Empty`. If the original method is standard |
| # `Get`/`Create`/`Update`, the response should be the resource. For other |
| # methods, the response should have the type `XxxResponse`, where `Xxx` |
| # is the original method name. For example, if the original method name |
| # is `TakeSnapshot()`, the inferred response type is |
| # `TakeSnapshotResponse`. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="delete">delete(name, x__xgafv=None)</code> |
| <pre>Deletes the specified FHIR store and removes all resources within it. |
| |
| Args: |
| name: string, The resource name of the FHIR store to delete. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A generic empty message that you can re-use to avoid defining duplicated |
| # empty messages in your APIs. A typical example is to use it as the request |
| # or the response type of an API method. For instance: |
| # |
| # service Foo { |
| # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); |
| # } |
| # |
| # The JSON representation for `Empty` is empty JSON object `{}`. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="export">export(name, body=None, x__xgafv=None)</code> |
| <pre>Export resources from the FHIR store to the specified destination. |
| |
| This method returns an Operation that can |
| be used to track the status of the export by calling |
| GetOperation. |
| |
| Immediate fatal errors appear in the |
| error field, errors are also logged |
| to Cloud Logging (see [Viewing |
| logs](/healthcare/docs/how-tos/logging)). |
| Otherwise, when the operation finishes, a detailed response of type |
| ExportResourcesResponse is returned in the |
| response field. |
| The metadata field type for this |
| operation is OperationMetadata. |
| |
| Args: |
| name: string, The name of the FHIR store to export resource from, in the format of |
| `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Request to export resources. |
| "bigqueryDestination": { # The configuration for exporting to BigQuery. # The BigQuery output destination. |
| # |
| # The BigQuery location requires two IAM roles: |
| # `roles/bigquery.dataEditor` and `roles/bigquery.jobUser`. |
| # |
| # The output is one BigQuery table per resource type. |
| "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server # The configuration for the exported BigQuery schema. |
| # generates the schema. |
| "schemaType": "A String", # Specifies the output schema type. If unspecified, the default is |
| # `LOSSLESS`. |
| "recursiveStructureDepth": "A String", # The depth for all recursive structures in the output analytics |
| # schema. For example, `concept` in the CodeSystem resource is a recursive |
| # structure; when the depth is 2, the CodeSystem table will have a column |
| # called `concept.concept` but not `concept.concept.concept`. If not |
| # specified or set to 0, the server will use the default value 2. The |
| # maximum depth allowed is 5. |
| }, |
| "datasetUri": "A String", # BigQuery URI to a dataset, up to 2000 characters long, in the format |
| # `bq://projectId.bqDatasetId` |
| "force": True or False, # If this flag is `TRUE`, all tables will be deleted from the dataset before |
| # the new exported tables are written. If the flag is not set and the |
| # destination dataset contains tables, the export call returns an error. |
| }, |
| "gcsDestination": { # The configuration for exporting to Cloud Storage. # The Cloud Storage output destination. |
| # |
| # The Cloud Storage location requires the `roles/storage.objectAdmin` Cloud |
| # IAM role. |
| # |
| # The exported outputs are |
| # organized by FHIR resource types. The server creates one object per |
| # resource type. Each object contains newline delimited JSON, and each line |
| # is a FHIR resource. |
| "uriPrefix": "A String", # URI for a Cloud Storage directory where result files should be written (in |
| # the format `gs://{bucket-id}/{path/to/destination/dir}`). If there is no |
| # trailing slash, the service appends one when composing the object path. |
| # The user is responsible for creating the Cloud Storage bucket referenced in |
| # `uri_prefix`. |
| }, |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # This resource represents a long-running operation that is the result of a |
| # network API call. |
| "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| # If `true`, the operation is completed, and either `error` or `response` is |
| # available. |
| "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| # different programming environments, including REST APIs and RPC APIs. It is |
| # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| # three pieces of data: error code, error message, and error details. |
| # |
| # You can find out more about this error model and how to work with it in the |
| # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| "message": "A String", # A developer-facing error message, which should be in English. Any |
| # user-facing error message should be localized and sent in the |
| # google.rpc.Status.details field, or localized by the client. |
| "details": [ # A list of messages that carry the error details. There is a common set of |
| # message types for APIs to use. |
| { |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| ], |
| }, |
| "metadata": { # Service-specific metadata associated with the operation. It typically |
| # contains progress information and common metadata such as create time. |
| # Some services might not provide such metadata. Any method that returns a |
| # long-running operation should document the metadata type, if any. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| "name": "A String", # The server-assigned name, which is only unique within the same service that |
| # originally returns it. If you use the default HTTP mapping, the |
| # `name` should be a resource name ending with `operations/{unique_id}`. |
| "response": { # The normal response of the operation in case of success. If the original |
| # method returns no data on success, such as `Delete`, the response is |
| # `google.protobuf.Empty`. If the original method is standard |
| # `Get`/`Create`/`Update`, the response should be the resource. For other |
| # methods, the response should have the type `XxxResponse`, where `Xxx` |
| # is the original method name. For example, if the original method name |
| # is `TakeSnapshot()`, the inferred response type is |
| # `TakeSnapshotResponse`. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="get">get(name, x__xgafv=None)</code> |
| <pre>Gets the configuration of the specified FHIR store. |
| |
| Args: |
| name: string, The resource name of the FHIR store to get. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Represents a FHIR store. |
| "version": "A String", # The FHIR specification version that this FHIR store supports natively. This |
| # field is immutable after store creation. Requests are rejected if they |
| # contain FHIR resources of a different version. |
| # An empty value is treated as STU3. |
| "notificationConfig": { # Specifies where to send notifications upon changes to a data store. # If non-empty, publish all resource modifications of this FHIR store to |
| # this destination. The Cloud Pub/Sub message attributes contain a map |
| # with a string describing the action that has triggered the notification. |
| # For example, "action":"CreateResource". |
| "pubsubTopic": "A String", # The [Cloud Pub/Sub](https://cloud.google.com/pubsub/docs/) topic that |
| # notifications of changes are published on. Supplied by the client. |
| # PubsubMessage.Data contains the resource name. |
| # PubsubMessage.MessageId is the ID of this message. It is guaranteed to be |
| # unique within the topic. |
| # PubsubMessage.PublishTime is the time at which the message was published. |
| # Notifications are only sent if the topic is |
| # non-empty. [Topic |
| # names](https://cloud.google.com/pubsub/docs/overview#names) must be scoped |
| # to a project. Cloud Healthcare API service account must have publisher |
| # permissions on the given Cloud Pub/Sub topic. Not having adequate |
| # permissions causes the calls that send notifications to fail. |
| # |
| # If a notification can't be published to Cloud Pub/Sub, errors are logged to |
| # Cloud Logging (see [Viewing |
| # logs](/healthcare/docs/how-tos/logging)). If the number of |
| # errors exceeds a certain rate, some aren't submitted. |
| }, |
| "disableResourceVersioning": True or False, # Whether to disable resource versioning for this FHIR store. This field can |
| # not be changed after the creation of FHIR store. |
| # If set to false, which is the default behavior, all write operations |
| # cause historical versions to be recorded automatically. The historical |
| # versions can be fetched through the history APIs, but cannot be updated. |
| # If set to true, no historical versions are kept. The server sends |
| # errors for attempts to read the historical versions. |
| "disableReferentialIntegrity": True or False, # Whether to disable referential integrity in this FHIR store. This field is |
| # immutable after FHIR store creation. |
| # The default value is false, meaning that the API enforces referential |
| # integrity and fails the requests that result in inconsistent state in |
| # the FHIR store. |
| # When this field is set to true, the API skips referential integrity |
| # checks. Consequently, operations that rely on references, such as |
| # GetPatientEverything, do not return all the results if broken references |
| # exist. |
| "enableUpdateCreate": True or False, # Whether this FHIR store has the [updateCreate |
| # capability](https://www.hl7.org/fhir/capabilitystatement-definitions.html#CapabilityStatement.rest.resource.updateCreate). |
| # This determines if the client can use an Update operation to create a new |
| # resource with a client-specified ID. If false, all IDs are server-assigned |
| # through the Create operation and attempts to update a non-existent resource |
| # return errors. Please treat the audit logs with appropriate levels of |
| # care if client-specified resource IDs contain sensitive data such as |
| # patient identifiers, those IDs are part of the FHIR resource path |
| # recorded in Cloud audit logs and Cloud Pub/Sub notifications. |
| "streamConfigs": [ # A list of streaming configs that configure the destinations of streaming |
| # export for every resource mutation in this FHIR store. Each store is |
| # allowed to have up to 10 streaming configs. |
| # After a new config is added, the next resource mutation is streamed to |
| # the new location in addition to the existing ones. |
| # When a location is removed from the list, the server stops |
| # streaming to that location. Before adding a new config, you must add the |
| # required |
| # [`bigquery.dataEditor`](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataEditor) |
| # role to your project's **Cloud Healthcare Service Agent** |
| # [service account](https://cloud.google.com/iam/docs/service-accounts). |
| # Some lag (typically on the order of dozens of seconds) is expected before |
| # the results show up in the streaming destination. |
| { # Contains configuration for streaming FHIR export. |
| "bigqueryDestination": { # The configuration for exporting to BigQuery. # The destination BigQuery structure that contains both the dataset |
| # location and corresponding schema config. |
| # |
| # The output is organized in one table per resource type. The server |
| # reuses the existing tables (if any) that are named after the resource |
| # types, e.g. "Patient", "Observation". When there is no existing table |
| # for a given resource type, the server attempts to create one. |
| # |
| # When a table schema doesn't align with the schema config, either |
| # because of existing incompatible schema or out of band incompatible |
| # modification, the server does not stream in new data. |
| # |
| # One resolution in this case is to delete the incompatible |
| # table and let the server recreate one, though the newly created table |
| # only contains data after the table recreation. |
| # |
| # BigQuery imposes a 1 MB limit on streaming insert row size, therefore |
| # any resource mutation that generates more than 1 MB of BigQuery data |
| # will not be streamed. |
| # |
| # Results are appended to the corresponding BigQuery tables. Different |
| # versions of the same resource are distinguishable by the meta.versionId |
| # and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that |
| # results in the new version is recorded in the meta.tag. |
| # |
| # The tables contain all historical resource versions since streaming was |
| # enabled. For query convenience, the server also creates one view per |
| # table of the same name containing only the current resource version. |
| # |
| # The streamed data in the BigQuery dataset is not guaranteed to be |
| # completely unique. The combination of the id and meta.versionId columns |
| # should ideally identify a single unique row. But in rare cases, |
| # duplicates may exist. At query time, users may use the SQL select |
| # statement to keep only one of the duplicate rows given an id and |
| # meta.versionId pair. Alternatively, the server created view mentioned |
| # above also filters out duplicates. |
| # |
| # If a resource mutation cannot be streamed to BigQuery, errors will be |
| # logged to Cloud Logging (see [Viewing logs](/healthcare/docs/how- |
| # tos/logging)). |
| "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server # The configuration for the exported BigQuery schema. |
| # generates the schema. |
| "schemaType": "A String", # Specifies the output schema type. If unspecified, the default is |
| # `LOSSLESS`. |
| "recursiveStructureDepth": "A String", # The depth for all recursive structures in the output analytics |
| # schema. For example, `concept` in the CodeSystem resource is a recursive |
| # structure; when the depth is 2, the CodeSystem table will have a column |
| # called `concept.concept` but not `concept.concept.concept`. If not |
| # specified or set to 0, the server will use the default value 2. The |
| # maximum depth allowed is 5. |
| }, |
| "datasetUri": "A String", # BigQuery URI to a dataset, up to 2000 characters long, in the format |
| # `bq://projectId.bqDatasetId` |
| "force": True or False, # If this flag is `TRUE`, all tables will be deleted from the dataset before |
| # the new exported tables are written. If the flag is not set and the |
| # destination dataset contains tables, the export call returns an error. |
| }, |
| "resourceTypes": [ # Supply a FHIR resource type (such as "Patient" or "Observation"). |
| # See https://www.hl7.org/fhir/valueset-resource-types.html for a list of |
| # all FHIR resource types. |
| # The server treats an empty list as an intent to stream all the |
| # supported resource types in this FHIR store. |
| "A String", |
| ], |
| }, |
| ], |
| "defaultSearchHandlingStrict": True or False, # If true, overrides the default search behavior for this FHIR store to |
| # `handling=strict` which returns an error for unrecognized search |
| # parameters. If false, uses the FHIR specification default |
| # `handling=lenient` which ignores unrecognized search parameters. |
| # The handling can always be changed from the default on an individual API |
| # call by setting the HTTP header `Prefer: handling=strict` or |
| # `Prefer: handling=lenient`. |
| "name": "A String", # Output only. Resource name of the FHIR store, of the form |
| # `projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. |
| "labels": { # User-supplied key-value pairs used to organize FHIR stores. |
| # |
| # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding |
| # of maximum 128 bytes, and must conform to the |
| # following PCRE regular expression: |
| # \p{Ll}\p{Lo}{0,62} |
| # |
| # Label values are optional, must be between 1 and 63 characters long, have |
| # a UTF-8 encoding of maximum 128 bytes, and must conform to the |
| # following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} |
| # |
| # No more than 64 labels can be associated with a given store. |
| "a_key": "A String", |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="getIamPolicy">getIamPolicy(resource, options_requestedPolicyVersion=None, x__xgafv=None)</code> |
| <pre>Gets the access control policy for a resource. |
| Returns an empty policy if the resource exists and does not have a policy |
| set. |
| |
| Args: |
| resource: string, REQUIRED: The resource for which the policy is being requested. |
| See the operation documentation for the appropriate value for this field. (required) |
| options_requestedPolicyVersion: integer, Optional. The policy format version to be returned. |
| |
| Valid values are 0, 1, and 3. Requests specifying an invalid value will be |
| rejected. |
| |
| Requests for policies with any conditional bindings must specify version 3. |
| Policies without any conditional bindings may specify any valid value or |
| leave the field unset. |
| |
| To learn which resources support conditions in their IAM policies, see the |
| [IAM |
| documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # An Identity and Access Management (IAM) policy, which specifies access |
| # controls for Google Cloud resources. |
| # |
| # |
| # A `Policy` is a collection of `bindings`. A `binding` binds one or more |
| # `members` to a single `role`. Members can be user accounts, service accounts, |
| # Google groups, and domains (such as G Suite). A `role` is a named list of |
| # permissions; each `role` can be an IAM predefined role or a user-created |
| # custom role. |
| # |
| # For some types of Google Cloud resources, a `binding` can also specify a |
| # `condition`, which is a logical expression that allows access to a resource |
| # only if the expression evaluates to `true`. A condition can add constraints |
| # based on attributes of the request, the resource, or both. To learn which |
| # resources support conditions in their IAM policies, see the |
| # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| # |
| # **JSON example:** |
| # |
| # { |
| # "bindings": [ |
| # { |
| # "role": "roles/resourcemanager.organizationAdmin", |
| # "members": [ |
| # "user:mike@example.com", |
| # "group:admins@example.com", |
| # "domain:google.com", |
| # "serviceAccount:my-project-id@appspot.gserviceaccount.com" |
| # ] |
| # }, |
| # { |
| # "role": "roles/resourcemanager.organizationViewer", |
| # "members": [ |
| # "user:eve@example.com" |
| # ], |
| # "condition": { |
| # "title": "expirable access", |
| # "description": "Does not grant access after Sep 2020", |
| # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", |
| # } |
| # } |
| # ], |
| # "etag": "BwWWja0YfJA=", |
| # "version": 3 |
| # } |
| # |
| # **YAML example:** |
| # |
| # bindings: |
| # - members: |
| # - user:mike@example.com |
| # - group:admins@example.com |
| # - domain:google.com |
| # - serviceAccount:my-project-id@appspot.gserviceaccount.com |
| # role: roles/resourcemanager.organizationAdmin |
| # - members: |
| # - user:eve@example.com |
| # role: roles/resourcemanager.organizationViewer |
| # condition: |
| # title: expirable access |
| # description: Does not grant access after Sep 2020 |
| # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') |
| # - etag: BwWWja0YfJA= |
| # - version: 3 |
| # |
| # For a description of IAM and its features, see the |
| # [IAM documentation](https://cloud.google.com/iam/docs/). |
| "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a |
| # `condition` that determines how and when the `bindings` are applied. Each |
| # of the `bindings` must contain at least one member. |
| { # Associates `members` with a `role`. |
| "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding. |
| # |
| # If the condition evaluates to `true`, then this binding applies to the |
| # current request. |
| # |
| # If the condition evaluates to `false`, then this binding does not apply to |
| # the current request. However, a different role binding might grant the same |
| # role to one or more of the members in this binding. |
| # |
| # To learn which resources support conditions in their IAM policies, see the |
| # [IAM |
| # documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| # are documented at https://github.com/google/cel-spec. |
| # |
| # Example (Comparison): |
| # |
| # title: "Summary size limit" |
| # description: "Determines if a summary is less than 100 chars" |
| # expression: "document.summary.size() < 100" |
| # |
| # Example (Equality): |
| # |
| # title: "Requestor is owner" |
| # description: "Determines if requestor is the document owner" |
| # expression: "document.owner == request.auth.claims.email" |
| # |
| # Example (Logic): |
| # |
| # title: "Public documents" |
| # description: "Determine whether the document should be publicly visible" |
| # expression: "document.type != 'private' && document.type != 'internal'" |
| # |
| # Example (Data Manipulation): |
| # |
| # title: "Notification string" |
| # description: "Create a notification string with a timestamp." |
| # expression: "'New message received at ' + string(document.create_time)" |
| # |
| # The exact variables and functions that may be referenced within an expression |
| # are determined by the service that evaluates it. See the service |
| # documentation for additional information. |
| "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| # its purpose. This can be used e.g. in UIs which allow to enter the |
| # expression. |
| "description": "A String", # Optional. Description of the expression. This is a longer text which |
| # describes the expression, e.g. when hovered over it in a UI. |
| "expression": "A String", # Textual representation of an expression in Common Expression Language |
| # syntax. |
| "location": "A String", # Optional. String indicating the location of the expression for error |
| # reporting, e.g. a file name and a position in the file. |
| }, |
| "members": [ # Specifies the identities requesting access for a Cloud Platform resource. |
| # `members` can have the following values: |
| # |
| # * `allUsers`: A special identifier that represents anyone who is |
| # on the internet; with or without a Google account. |
| # |
| # * `allAuthenticatedUsers`: A special identifier that represents anyone |
| # who is authenticated with a Google account or a service account. |
| # |
| # * `user:{emailid}`: An email address that represents a specific Google |
| # account. For example, `alice@example.com` . |
| # |
| # |
| # * `serviceAccount:{emailid}`: An email address that represents a service |
| # account. For example, `my-other-app@appspot.gserviceaccount.com`. |
| # |
| # * `group:{emailid}`: An email address that represents a Google group. |
| # For example, `admins@example.com`. |
| # |
| # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a user that has been recently deleted. For |
| # example, `alice@example.com?uid=123456789012345678901`. If the user is |
| # recovered, this value reverts to `user:{emailid}` and the recovered user |
| # retains the role in the binding. |
| # |
| # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus |
| # unique identifier) representing a service account that has been recently |
| # deleted. For example, |
| # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. |
| # If the service account is undeleted, this value reverts to |
| # `serviceAccount:{emailid}` and the undeleted service account retains the |
| # role in the binding. |
| # |
| # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a Google group that has been recently |
| # deleted. For example, `admins@example.com?uid=123456789012345678901`. If |
| # the group is recovered, this value reverts to `group:{emailid}` and the |
| # recovered group retains the role in the binding. |
| # |
| # |
| # * `domain:{domain}`: The G Suite domain (primary) that represents all the |
| # users of that domain. For example, `google.com` or `example.com`. |
| # |
| "A String", |
| ], |
| "role": "A String", # Role that is assigned to `members`. |
| # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. |
| }, |
| ], |
| "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help |
| # prevent simultaneous updates of a policy from overwriting each other. |
| # It is strongly suggested that systems make use of the `etag` in the |
| # read-modify-write cycle to perform policy updates in order to avoid race |
| # conditions: An `etag` is returned in the response to `getIamPolicy`, and |
| # systems are expected to put that etag in the request to `setIamPolicy` to |
| # ensure that their change will be applied to the same version of the policy. |
| # |
| # **Important:** If you use IAM Conditions, you must include the `etag` field |
| # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| # you to overwrite a version `3` policy with a version `1` policy, and all of |
| # the conditions in the version `3` policy are lost. |
| "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. |
| { # Specifies the audit configuration for a service. |
| # The configuration determines which permission types are logged, and what |
| # identities, if any, are exempted from logging. |
| # An AuditConfig must have one or more AuditLogConfigs. |
| # |
| # If there are AuditConfigs for both `allServices` and a specific service, |
| # the union of the two AuditConfigs is used for that service: the log_types |
| # specified in each AuditConfig are enabled, and the exempted_members in each |
| # AuditLogConfig are exempted. |
| # |
| # Example Policy with multiple AuditConfigs: |
| # |
| # { |
| # "audit_configs": [ |
| # { |
| # "service": "allServices", |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ", |
| # "exempted_members": [ |
| # "user:jose@example.com" |
| # ] |
| # }, |
| # { |
| # "log_type": "DATA_WRITE" |
| # }, |
| # { |
| # "log_type": "ADMIN_READ" |
| # } |
| # ] |
| # }, |
| # { |
| # "service": "sampleservice.googleapis.com", |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ" |
| # }, |
| # { |
| # "log_type": "DATA_WRITE", |
| # "exempted_members": [ |
| # "user:aliya@example.com" |
| # ] |
| # } |
| # ] |
| # } |
| # ] |
| # } |
| # |
| # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ |
| # logging. It also exempts jose@example.com from DATA_READ logging, and |
| # aliya@example.com from DATA_WRITE logging. |
| "auditLogConfigs": [ # The configuration for logging of each type of permission. |
| { # Provides the configuration for logging a type of permissions. |
| # Example: |
| # |
| # { |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ", |
| # "exempted_members": [ |
| # "user:jose@example.com" |
| # ] |
| # }, |
| # { |
| # "log_type": "DATA_WRITE" |
| # } |
| # ] |
| # } |
| # |
| # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting |
| # jose@example.com from DATA_READ logging. |
| "logType": "A String", # The log type that this config enables. |
| "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of |
| # permission. |
| # Follows the same format of Binding.members. |
| "A String", |
| ], |
| }, |
| ], |
| "service": "A String", # Specifies a service that will be enabled for audit logging. |
| # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. |
| # `allServices` is a special value that covers all services. |
| }, |
| ], |
| "version": 42, # Specifies the format of the policy. |
| # |
| # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value |
| # are rejected. |
| # |
| # Any operation that affects conditional role bindings must specify version |
| # `3`. This requirement applies to the following operations: |
| # |
| # * Getting a policy that includes a conditional role binding |
| # * Adding a conditional role binding to a policy |
| # * Changing a conditional role binding in a policy |
| # * Removing any role binding, with or without a condition, from a policy |
| # that includes conditions |
| # |
| # **Important:** If you use IAM Conditions, you must include the `etag` field |
| # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| # you to overwrite a version `3` policy with a version `1` policy, and all of |
| # the conditions in the version `3` policy are lost. |
| # |
| # If a policy does not include any conditions, operations on that policy may |
| # specify any valid version or leave the field unset. |
| # |
| # To learn which resources support conditions in their IAM policies, see the |
| # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="import_">import_(name, body=None, x__xgafv=None)</code> |
| <pre>Import resources to the FHIR store by loading data from the specified |
| sources. This method is optimized to load large quantities of data using |
| import semantics that ignore some FHIR store configuration options and are |
| not suitable for all use cases. It is primarily intended to load data into |
| an empty FHIR store that is not being used by other clients. In cases |
| where this method is not appropriate, consider using ExecuteBundle to |
| load data. |
| |
| Every resource in the input must contain a client-supplied ID. Each |
| resource is stored using the supplied ID regardless of the |
| enable_update_create setting on the FHIR |
| store. |
| |
| The import process does not enforce referential integrity, regardless of |
| the |
| disable_referential_integrity |
| setting on the FHIR store. This allows the import of resources with |
| arbitrary interdependencies without considering grouping or ordering, but |
| if the input data contains invalid references or if some resources fail to |
| be imported, the FHIR store might be left in a state that violates |
| referential integrity. |
| |
| The import process does not trigger Cloud Pub/Sub notification or BigQuery |
| streaming update, regardless of how those are configured on the FHIR store. |
| |
| If a resource with the specified ID already exists, the most recent |
| version of the resource is overwritten without creating a new historical |
| version, regardless of the |
| disable_resource_versioning |
| setting on the FHIR store. If transient failures occur during the import, |
| it is possible that successfully imported resources will be overwritten |
| more than once. |
| |
| The import operation is idempotent unless the input data contains multiple |
| valid resources with the same ID but different contents. In that case, |
| after the import completes, the store contains exactly one resource |
| with that ID but there is no ordering guarantee on which version of the |
| contents it will have. The operation result counters do not count |
| duplicate IDs as an error and count one success for each resource in |
| the input, which might result in a success count larger than the number |
| of resources in the FHIR store. This often occurs when importing data |
| organized in bundles produced by Patient-everything |
| where each bundle contains its own copy of a resource such as Practitioner |
| that might be referred to by many patients. |
| |
| If some resources fail to import, for example due to parsing errors, |
| successfully imported resources are not rolled back. |
| |
| The location and format of the input data is specified by the parameters |
| below. Note that if no format is specified, this method assumes the |
| `BUNDLE` format. When using the `BUNDLE` format this method ignores the |
| `Bundle.type` field, except that `history` bundles are rejected, and does |
| not apply any of the bundle processing semantics for batch or transaction |
| bundles. Unlike in ExecuteBundle, transaction bundles are not executed |
| as a single transaction and bundle-internal references are not rewritten. |
| The bundle is treated as a collection of resources to be written as |
| provided in `Bundle.entry.resource`, ignoring `Bundle.entry.request`. As |
| an example, this allows the import of `searchset` bundles produced by a |
| FHIR search or |
| Patient-everything operation. |
| |
| This method returns an Operation that can |
| be used to track the status of the import by calling |
| GetOperation. |
| |
| Immediate fatal errors appear in the |
| error field, errors are also logged |
| to Cloud Logging (see [Viewing |
| logs](/healthcare/docs/how-tos/logging)). Otherwise, when the |
| operation finishes, a detailed response of type ImportResourcesResponse |
| is returned in the response field. |
| The metadata field type for this |
| operation is OperationMetadata. |
| |
| Args: |
| name: string, The name of the FHIR store to import FHIR resources to, in the format of |
| `projects/{project_id}/locations/{location_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Request to import resources. |
| "contentStructure": "A String", # The content structure in the source location. If not specified, the server |
| # treats the input source files as BUNDLE. |
| "gcsSource": { # Specifies the configuration for importing data from Cloud Storage. # Cloud Storage source data location and import configuration. |
| # |
| # The Cloud Storage location requires the `roles/storage.objectViewer` |
| # Cloud IAM role. |
| # |
| # Each Cloud Storage object should be a text file that contains the format |
| # specified in ContentStructure. |
| "uri": "A String", # Points to a Cloud Storage URI containing file(s) to import. |
| # |
| # The URI must be in the following format: `gs://{bucket_id}/{object_id}`. |
| # The URI can include wildcards in `object_id` and thus identify multiple |
| # files. Supported wildcards: |
| # |
| # * `*` to match 0 or more non-separator characters |
| # * `**` to match 0 or more characters (including separators). Must be used |
| # at the end of a path and with no other wildcards in the |
| # path. Can also be used with a file extension (such as .ndjson), which |
| # imports all files with the extension in the specified directory and |
| # its sub-directories. For example, `gs://my-bucket/my-directory/**.ndjson` |
| # imports all files with `.ndjson` extensions in `my-directory/` and its |
| # sub-directories. |
| # * `?` to match 1 character |
| # |
| # Files matching the wildcard are expected to contain content only, no |
| # metadata. |
| }, |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # This resource represents a long-running operation that is the result of a |
| # network API call. |
| "done": True or False, # If the value is `false`, it means the operation is still in progress. |
| # If `true`, the operation is completed, and either `error` or `response` is |
| # available. |
| "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. |
| # different programming environments, including REST APIs and RPC APIs. It is |
| # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| # three pieces of data: error code, error message, and error details. |
| # |
| # You can find out more about this error model and how to work with it in the |
| # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| "message": "A String", # A developer-facing error message, which should be in English. Any |
| # user-facing error message should be localized and sent in the |
| # google.rpc.Status.details field, or localized by the client. |
| "details": [ # A list of messages that carry the error details. There is a common set of |
| # message types for APIs to use. |
| { |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| ], |
| }, |
| "metadata": { # Service-specific metadata associated with the operation. It typically |
| # contains progress information and common metadata such as create time. |
| # Some services might not provide such metadata. Any method that returns a |
| # long-running operation should document the metadata type, if any. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| "name": "A String", # The server-assigned name, which is only unique within the same service that |
| # originally returns it. If you use the default HTTP mapping, the |
| # `name` should be a resource name ending with `operations/{unique_id}`. |
| "response": { # The normal response of the operation in case of success. If the original |
| # method returns no data on success, such as `Delete`, the response is |
| # `google.protobuf.Empty`. If the original method is standard |
| # `Get`/`Create`/`Update`, the response should be the resource. For other |
| # methods, the response should have the type `XxxResponse`, where `Xxx` |
| # is the original method name. For example, if the original method name |
| # is `TakeSnapshot()`, the inferred response type is |
| # `TakeSnapshotResponse`. |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list">list(parent, pageToken=None, filter=None, pageSize=None, x__xgafv=None)</code> |
| <pre>Lists the FHIR stores in the given dataset. |
| |
| Args: |
| parent: string, Name of the dataset. (required) |
| pageToken: string, The next_page_token value returned from the previous List request, if any. |
| filter: string, Restricts stores returned to those matching a filter. Syntax: |
| https://cloud.google.com/appengine/docs/standard/python/search/query_strings |
| Only filtering on labels is supported, for example `labels.key=value`. |
| pageSize: integer, Limit on the number of FHIR stores to return in a single response. If zero |
| the default page size of 100 is used. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Lists the FHIR stores in the given dataset. |
| "fhirStores": [ # The returned FHIR stores. Won't be more FHIR stores than the value of |
| # page_size in the request. |
| { # Represents a FHIR store. |
| "version": "A String", # The FHIR specification version that this FHIR store supports natively. This |
| # field is immutable after store creation. Requests are rejected if they |
| # contain FHIR resources of a different version. |
| # An empty value is treated as STU3. |
| "notificationConfig": { # Specifies where to send notifications upon changes to a data store. # If non-empty, publish all resource modifications of this FHIR store to |
| # this destination. The Cloud Pub/Sub message attributes contain a map |
| # with a string describing the action that has triggered the notification. |
| # For example, "action":"CreateResource". |
| "pubsubTopic": "A String", # The [Cloud Pub/Sub](https://cloud.google.com/pubsub/docs/) topic that |
| # notifications of changes are published on. Supplied by the client. |
| # PubsubMessage.Data contains the resource name. |
| # PubsubMessage.MessageId is the ID of this message. It is guaranteed to be |
| # unique within the topic. |
| # PubsubMessage.PublishTime is the time at which the message was published. |
| # Notifications are only sent if the topic is |
| # non-empty. [Topic |
| # names](https://cloud.google.com/pubsub/docs/overview#names) must be scoped |
| # to a project. Cloud Healthcare API service account must have publisher |
| # permissions on the given Cloud Pub/Sub topic. Not having adequate |
| # permissions causes the calls that send notifications to fail. |
| # |
| # If a notification can't be published to Cloud Pub/Sub, errors are logged to |
| # Cloud Logging (see [Viewing |
| # logs](/healthcare/docs/how-tos/logging)). If the number of |
| # errors exceeds a certain rate, some aren't submitted. |
| }, |
| "disableResourceVersioning": True or False, # Whether to disable resource versioning for this FHIR store. This field can |
| # not be changed after the creation of FHIR store. |
| # If set to false, which is the default behavior, all write operations |
| # cause historical versions to be recorded automatically. The historical |
| # versions can be fetched through the history APIs, but cannot be updated. |
| # If set to true, no historical versions are kept. The server sends |
| # errors for attempts to read the historical versions. |
| "disableReferentialIntegrity": True or False, # Whether to disable referential integrity in this FHIR store. This field is |
| # immutable after FHIR store creation. |
| # The default value is false, meaning that the API enforces referential |
| # integrity and fails the requests that result in inconsistent state in |
| # the FHIR store. |
| # When this field is set to true, the API skips referential integrity |
| # checks. Consequently, operations that rely on references, such as |
| # GetPatientEverything, do not return all the results if broken references |
| # exist. |
| "enableUpdateCreate": True or False, # Whether this FHIR store has the [updateCreate |
| # capability](https://www.hl7.org/fhir/capabilitystatement-definitions.html#CapabilityStatement.rest.resource.updateCreate). |
| # This determines if the client can use an Update operation to create a new |
| # resource with a client-specified ID. If false, all IDs are server-assigned |
| # through the Create operation and attempts to update a non-existent resource |
| # return errors. Please treat the audit logs with appropriate levels of |
| # care if client-specified resource IDs contain sensitive data such as |
| # patient identifiers, those IDs are part of the FHIR resource path |
| # recorded in Cloud audit logs and Cloud Pub/Sub notifications. |
| "streamConfigs": [ # A list of streaming configs that configure the destinations of streaming |
| # export for every resource mutation in this FHIR store. Each store is |
| # allowed to have up to 10 streaming configs. |
| # After a new config is added, the next resource mutation is streamed to |
| # the new location in addition to the existing ones. |
| # When a location is removed from the list, the server stops |
| # streaming to that location. Before adding a new config, you must add the |
| # required |
| # [`bigquery.dataEditor`](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataEditor) |
| # role to your project's **Cloud Healthcare Service Agent** |
| # [service account](https://cloud.google.com/iam/docs/service-accounts). |
| # Some lag (typically on the order of dozens of seconds) is expected before |
| # the results show up in the streaming destination. |
| { # Contains configuration for streaming FHIR export. |
| "bigqueryDestination": { # The configuration for exporting to BigQuery. # The destination BigQuery structure that contains both the dataset |
| # location and corresponding schema config. |
| # |
| # The output is organized in one table per resource type. The server |
| # reuses the existing tables (if any) that are named after the resource |
| # types, e.g. "Patient", "Observation". When there is no existing table |
| # for a given resource type, the server attempts to create one. |
| # |
| # When a table schema doesn't align with the schema config, either |
| # because of existing incompatible schema or out of band incompatible |
| # modification, the server does not stream in new data. |
| # |
| # One resolution in this case is to delete the incompatible |
| # table and let the server recreate one, though the newly created table |
| # only contains data after the table recreation. |
| # |
| # BigQuery imposes a 1 MB limit on streaming insert row size, therefore |
| # any resource mutation that generates more than 1 MB of BigQuery data |
| # will not be streamed. |
| # |
| # Results are appended to the corresponding BigQuery tables. Different |
| # versions of the same resource are distinguishable by the meta.versionId |
| # and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that |
| # results in the new version is recorded in the meta.tag. |
| # |
| # The tables contain all historical resource versions since streaming was |
| # enabled. For query convenience, the server also creates one view per |
| # table of the same name containing only the current resource version. |
| # |
| # The streamed data in the BigQuery dataset is not guaranteed to be |
| # completely unique. The combination of the id and meta.versionId columns |
| # should ideally identify a single unique row. But in rare cases, |
| # duplicates may exist. At query time, users may use the SQL select |
| # statement to keep only one of the duplicate rows given an id and |
| # meta.versionId pair. Alternatively, the server created view mentioned |
| # above also filters out duplicates. |
| # |
| # If a resource mutation cannot be streamed to BigQuery, errors will be |
| # logged to Cloud Logging (see [Viewing logs](/healthcare/docs/how- |
| # tos/logging)). |
| "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server # The configuration for the exported BigQuery schema. |
| # generates the schema. |
| "schemaType": "A String", # Specifies the output schema type. If unspecified, the default is |
| # `LOSSLESS`. |
| "recursiveStructureDepth": "A String", # The depth for all recursive structures in the output analytics |
| # schema. For example, `concept` in the CodeSystem resource is a recursive |
| # structure; when the depth is 2, the CodeSystem table will have a column |
| # called `concept.concept` but not `concept.concept.concept`. If not |
| # specified or set to 0, the server will use the default value 2. The |
| # maximum depth allowed is 5. |
| }, |
| "datasetUri": "A String", # BigQuery URI to a dataset, up to 2000 characters long, in the format |
| # `bq://projectId.bqDatasetId` |
| "force": True or False, # If this flag is `TRUE`, all tables will be deleted from the dataset before |
| # the new exported tables are written. If the flag is not set and the |
| # destination dataset contains tables, the export call returns an error. |
| }, |
| "resourceTypes": [ # Supply a FHIR resource type (such as "Patient" or "Observation"). |
| # See https://www.hl7.org/fhir/valueset-resource-types.html for a list of |
| # all FHIR resource types. |
| # The server treats an empty list as an intent to stream all the |
| # supported resource types in this FHIR store. |
| "A String", |
| ], |
| }, |
| ], |
| "defaultSearchHandlingStrict": True or False, # If true, overrides the default search behavior for this FHIR store to |
| # `handling=strict` which returns an error for unrecognized search |
| # parameters. If false, uses the FHIR specification default |
| # `handling=lenient` which ignores unrecognized search parameters. |
| # The handling can always be changed from the default on an individual API |
| # call by setting the HTTP header `Prefer: handling=strict` or |
| # `Prefer: handling=lenient`. |
| "name": "A String", # Output only. Resource name of the FHIR store, of the form |
| # `projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. |
| "labels": { # User-supplied key-value pairs used to organize FHIR stores. |
| # |
| # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding |
| # of maximum 128 bytes, and must conform to the |
| # following PCRE regular expression: |
| # \p{Ll}\p{Lo}{0,62} |
| # |
| # Label values are optional, must be between 1 and 63 characters long, have |
| # a UTF-8 encoding of maximum 128 bytes, and must conform to the |
| # following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} |
| # |
| # No more than 64 labels can be associated with a given store. |
| "a_key": "A String", |
| }, |
| }, |
| ], |
| "nextPageToken": "A String", # Token to retrieve the next page of results or empty if there are no more |
| # results in the list. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list_next">list_next(previous_request, previous_response)</code> |
| <pre>Retrieves the next page of results. |
| |
| Args: |
| previous_request: The request for the previous page. (required) |
| previous_response: The response from the request for the previous page. (required) |
| |
| Returns: |
| A request object that you can call 'execute()' on to request the next |
| page. Returns None if there are no more items in the collection. |
| </pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code> |
| <pre>Updates the configuration of the specified FHIR store. |
| |
| Args: |
| name: string, Output only. Resource name of the FHIR store, of the form |
| `projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Represents a FHIR store. |
| "version": "A String", # The FHIR specification version that this FHIR store supports natively. This |
| # field is immutable after store creation. Requests are rejected if they |
| # contain FHIR resources of a different version. |
| # An empty value is treated as STU3. |
| "notificationConfig": { # Specifies where to send notifications upon changes to a data store. # If non-empty, publish all resource modifications of this FHIR store to |
| # this destination. The Cloud Pub/Sub message attributes contain a map |
| # with a string describing the action that has triggered the notification. |
| # For example, "action":"CreateResource". |
| "pubsubTopic": "A String", # The [Cloud Pub/Sub](https://cloud.google.com/pubsub/docs/) topic that |
| # notifications of changes are published on. Supplied by the client. |
| # PubsubMessage.Data contains the resource name. |
| # PubsubMessage.MessageId is the ID of this message. It is guaranteed to be |
| # unique within the topic. |
| # PubsubMessage.PublishTime is the time at which the message was published. |
| # Notifications are only sent if the topic is |
| # non-empty. [Topic |
| # names](https://cloud.google.com/pubsub/docs/overview#names) must be scoped |
| # to a project. Cloud Healthcare API service account must have publisher |
| # permissions on the given Cloud Pub/Sub topic. Not having adequate |
| # permissions causes the calls that send notifications to fail. |
| # |
| # If a notification can't be published to Cloud Pub/Sub, errors are logged to |
| # Cloud Logging (see [Viewing |
| # logs](/healthcare/docs/how-tos/logging)). If the number of |
| # errors exceeds a certain rate, some aren't submitted. |
| }, |
| "disableResourceVersioning": True or False, # Whether to disable resource versioning for this FHIR store. This field can |
| # not be changed after the creation of FHIR store. |
| # If set to false, which is the default behavior, all write operations |
| # cause historical versions to be recorded automatically. The historical |
| # versions can be fetched through the history APIs, but cannot be updated. |
| # If set to true, no historical versions are kept. The server sends |
| # errors for attempts to read the historical versions. |
| "disableReferentialIntegrity": True or False, # Whether to disable referential integrity in this FHIR store. This field is |
| # immutable after FHIR store creation. |
| # The default value is false, meaning that the API enforces referential |
| # integrity and fails the requests that result in inconsistent state in |
| # the FHIR store. |
| # When this field is set to true, the API skips referential integrity |
| # checks. Consequently, operations that rely on references, such as |
| # GetPatientEverything, do not return all the results if broken references |
| # exist. |
| "enableUpdateCreate": True or False, # Whether this FHIR store has the [updateCreate |
| # capability](https://www.hl7.org/fhir/capabilitystatement-definitions.html#CapabilityStatement.rest.resource.updateCreate). |
| # This determines if the client can use an Update operation to create a new |
| # resource with a client-specified ID. If false, all IDs are server-assigned |
| # through the Create operation and attempts to update a non-existent resource |
| # return errors. Please treat the audit logs with appropriate levels of |
| # care if client-specified resource IDs contain sensitive data such as |
| # patient identifiers, those IDs are part of the FHIR resource path |
| # recorded in Cloud audit logs and Cloud Pub/Sub notifications. |
| "streamConfigs": [ # A list of streaming configs that configure the destinations of streaming |
| # export for every resource mutation in this FHIR store. Each store is |
| # allowed to have up to 10 streaming configs. |
| # After a new config is added, the next resource mutation is streamed to |
| # the new location in addition to the existing ones. |
| # When a location is removed from the list, the server stops |
| # streaming to that location. Before adding a new config, you must add the |
| # required |
| # [`bigquery.dataEditor`](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataEditor) |
| # role to your project's **Cloud Healthcare Service Agent** |
| # [service account](https://cloud.google.com/iam/docs/service-accounts). |
| # Some lag (typically on the order of dozens of seconds) is expected before |
| # the results show up in the streaming destination. |
| { # Contains configuration for streaming FHIR export. |
| "bigqueryDestination": { # The configuration for exporting to BigQuery. # The destination BigQuery structure that contains both the dataset |
| # location and corresponding schema config. |
| # |
| # The output is organized in one table per resource type. The server |
| # reuses the existing tables (if any) that are named after the resource |
| # types, e.g. "Patient", "Observation". When there is no existing table |
| # for a given resource type, the server attempts to create one. |
| # |
| # When a table schema doesn't align with the schema config, either |
| # because of existing incompatible schema or out of band incompatible |
| # modification, the server does not stream in new data. |
| # |
| # One resolution in this case is to delete the incompatible |
| # table and let the server recreate one, though the newly created table |
| # only contains data after the table recreation. |
| # |
| # BigQuery imposes a 1 MB limit on streaming insert row size, therefore |
| # any resource mutation that generates more than 1 MB of BigQuery data |
| # will not be streamed. |
| # |
| # Results are appended to the corresponding BigQuery tables. Different |
| # versions of the same resource are distinguishable by the meta.versionId |
| # and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that |
| # results in the new version is recorded in the meta.tag. |
| # |
| # The tables contain all historical resource versions since streaming was |
| # enabled. For query convenience, the server also creates one view per |
| # table of the same name containing only the current resource version. |
| # |
| # The streamed data in the BigQuery dataset is not guaranteed to be |
| # completely unique. The combination of the id and meta.versionId columns |
| # should ideally identify a single unique row. But in rare cases, |
| # duplicates may exist. At query time, users may use the SQL select |
| # statement to keep only one of the duplicate rows given an id and |
| # meta.versionId pair. Alternatively, the server created view mentioned |
| # above also filters out duplicates. |
| # |
| # If a resource mutation cannot be streamed to BigQuery, errors will be |
| # logged to Cloud Logging (see [Viewing logs](/healthcare/docs/how- |
| # tos/logging)). |
| "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server # The configuration for the exported BigQuery schema. |
| # generates the schema. |
| "schemaType": "A String", # Specifies the output schema type. If unspecified, the default is |
| # `LOSSLESS`. |
| "recursiveStructureDepth": "A String", # The depth for all recursive structures in the output analytics |
| # schema. For example, `concept` in the CodeSystem resource is a recursive |
| # structure; when the depth is 2, the CodeSystem table will have a column |
| # called `concept.concept` but not `concept.concept.concept`. If not |
| # specified or set to 0, the server will use the default value 2. The |
| # maximum depth allowed is 5. |
| }, |
| "datasetUri": "A String", # BigQuery URI to a dataset, up to 2000 characters long, in the format |
| # `bq://projectId.bqDatasetId` |
| "force": True or False, # If this flag is `TRUE`, all tables will be deleted from the dataset before |
| # the new exported tables are written. If the flag is not set and the |
| # destination dataset contains tables, the export call returns an error. |
| }, |
| "resourceTypes": [ # Supply a FHIR resource type (such as "Patient" or "Observation"). |
| # See https://www.hl7.org/fhir/valueset-resource-types.html for a list of |
| # all FHIR resource types. |
| # The server treats an empty list as an intent to stream all the |
| # supported resource types in this FHIR store. |
| "A String", |
| ], |
| }, |
| ], |
| "defaultSearchHandlingStrict": True or False, # If true, overrides the default search behavior for this FHIR store to |
| # `handling=strict` which returns an error for unrecognized search |
| # parameters. If false, uses the FHIR specification default |
| # `handling=lenient` which ignores unrecognized search parameters. |
| # The handling can always be changed from the default on an individual API |
| # call by setting the HTTP header `Prefer: handling=strict` or |
| # `Prefer: handling=lenient`. |
| "name": "A String", # Output only. Resource name of the FHIR store, of the form |
| # `projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. |
| "labels": { # User-supplied key-value pairs used to organize FHIR stores. |
| # |
| # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding |
| # of maximum 128 bytes, and must conform to the |
| # following PCRE regular expression: |
| # \p{Ll}\p{Lo}{0,62} |
| # |
| # Label values are optional, must be between 1 and 63 characters long, have |
| # a UTF-8 encoding of maximum 128 bytes, and must conform to the |
| # following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} |
| # |
| # No more than 64 labels can be associated with a given store. |
| "a_key": "A String", |
| }, |
| } |
| |
| updateMask: string, The update mask applies to the resource. For the `FieldMask` definition, |
| see |
| https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Represents a FHIR store. |
| "version": "A String", # The FHIR specification version that this FHIR store supports natively. This |
| # field is immutable after store creation. Requests are rejected if they |
| # contain FHIR resources of a different version. |
| # An empty value is treated as STU3. |
| "notificationConfig": { # Specifies where to send notifications upon changes to a data store. # If non-empty, publish all resource modifications of this FHIR store to |
| # this destination. The Cloud Pub/Sub message attributes contain a map |
| # with a string describing the action that has triggered the notification. |
| # For example, "action":"CreateResource". |
| "pubsubTopic": "A String", # The [Cloud Pub/Sub](https://cloud.google.com/pubsub/docs/) topic that |
| # notifications of changes are published on. Supplied by the client. |
| # PubsubMessage.Data contains the resource name. |
| # PubsubMessage.MessageId is the ID of this message. It is guaranteed to be |
| # unique within the topic. |
| # PubsubMessage.PublishTime is the time at which the message was published. |
| # Notifications are only sent if the topic is |
| # non-empty. [Topic |
| # names](https://cloud.google.com/pubsub/docs/overview#names) must be scoped |
| # to a project. Cloud Healthcare API service account must have publisher |
| # permissions on the given Cloud Pub/Sub topic. Not having adequate |
| # permissions causes the calls that send notifications to fail. |
| # |
| # If a notification can't be published to Cloud Pub/Sub, errors are logged to |
| # Cloud Logging (see [Viewing |
| # logs](/healthcare/docs/how-tos/logging)). If the number of |
| # errors exceeds a certain rate, some aren't submitted. |
| }, |
| "disableResourceVersioning": True or False, # Whether to disable resource versioning for this FHIR store. This field can |
| # not be changed after the creation of FHIR store. |
| # If set to false, which is the default behavior, all write operations |
| # cause historical versions to be recorded automatically. The historical |
| # versions can be fetched through the history APIs, but cannot be updated. |
| # If set to true, no historical versions are kept. The server sends |
| # errors for attempts to read the historical versions. |
| "disableReferentialIntegrity": True or False, # Whether to disable referential integrity in this FHIR store. This field is |
| # immutable after FHIR store creation. |
| # The default value is false, meaning that the API enforces referential |
| # integrity and fails the requests that result in inconsistent state in |
| # the FHIR store. |
| # When this field is set to true, the API skips referential integrity |
| # checks. Consequently, operations that rely on references, such as |
| # GetPatientEverything, do not return all the results if broken references |
| # exist. |
| "enableUpdateCreate": True or False, # Whether this FHIR store has the [updateCreate |
| # capability](https://www.hl7.org/fhir/capabilitystatement-definitions.html#CapabilityStatement.rest.resource.updateCreate). |
| # This determines if the client can use an Update operation to create a new |
| # resource with a client-specified ID. If false, all IDs are server-assigned |
| # through the Create operation and attempts to update a non-existent resource |
| # return errors. Please treat the audit logs with appropriate levels of |
| # care if client-specified resource IDs contain sensitive data such as |
| # patient identifiers, those IDs are part of the FHIR resource path |
| # recorded in Cloud audit logs and Cloud Pub/Sub notifications. |
| "streamConfigs": [ # A list of streaming configs that configure the destinations of streaming |
| # export for every resource mutation in this FHIR store. Each store is |
| # allowed to have up to 10 streaming configs. |
| # After a new config is added, the next resource mutation is streamed to |
| # the new location in addition to the existing ones. |
| # When a location is removed from the list, the server stops |
| # streaming to that location. Before adding a new config, you must add the |
| # required |
| # [`bigquery.dataEditor`](https://cloud.google.com/bigquery/docs/access-control#bigquery.dataEditor) |
| # role to your project's **Cloud Healthcare Service Agent** |
| # [service account](https://cloud.google.com/iam/docs/service-accounts). |
| # Some lag (typically on the order of dozens of seconds) is expected before |
| # the results show up in the streaming destination. |
| { # Contains configuration for streaming FHIR export. |
| "bigqueryDestination": { # The configuration for exporting to BigQuery. # The destination BigQuery structure that contains both the dataset |
| # location and corresponding schema config. |
| # |
| # The output is organized in one table per resource type. The server |
| # reuses the existing tables (if any) that are named after the resource |
| # types, e.g. "Patient", "Observation". When there is no existing table |
| # for a given resource type, the server attempts to create one. |
| # |
| # When a table schema doesn't align with the schema config, either |
| # because of existing incompatible schema or out of band incompatible |
| # modification, the server does not stream in new data. |
| # |
| # One resolution in this case is to delete the incompatible |
| # table and let the server recreate one, though the newly created table |
| # only contains data after the table recreation. |
| # |
| # BigQuery imposes a 1 MB limit on streaming insert row size, therefore |
| # any resource mutation that generates more than 1 MB of BigQuery data |
| # will not be streamed. |
| # |
| # Results are appended to the corresponding BigQuery tables. Different |
| # versions of the same resource are distinguishable by the meta.versionId |
| # and meta.lastUpdated columns. The operation (CREATE/UPDATE/DELETE) that |
| # results in the new version is recorded in the meta.tag. |
| # |
| # The tables contain all historical resource versions since streaming was |
| # enabled. For query convenience, the server also creates one view per |
| # table of the same name containing only the current resource version. |
| # |
| # The streamed data in the BigQuery dataset is not guaranteed to be |
| # completely unique. The combination of the id and meta.versionId columns |
| # should ideally identify a single unique row. But in rare cases, |
| # duplicates may exist. At query time, users may use the SQL select |
| # statement to keep only one of the duplicate rows given an id and |
| # meta.versionId pair. Alternatively, the server created view mentioned |
| # above also filters out duplicates. |
| # |
| # If a resource mutation cannot be streamed to BigQuery, errors will be |
| # logged to Cloud Logging (see [Viewing logs](/healthcare/docs/how- |
| # tos/logging)). |
| "schemaConfig": { # Configuration for the FHIR BigQuery schema. Determines how the server # The configuration for the exported BigQuery schema. |
| # generates the schema. |
| "schemaType": "A String", # Specifies the output schema type. If unspecified, the default is |
| # `LOSSLESS`. |
| "recursiveStructureDepth": "A String", # The depth for all recursive structures in the output analytics |
| # schema. For example, `concept` in the CodeSystem resource is a recursive |
| # structure; when the depth is 2, the CodeSystem table will have a column |
| # called `concept.concept` but not `concept.concept.concept`. If not |
| # specified or set to 0, the server will use the default value 2. The |
| # maximum depth allowed is 5. |
| }, |
| "datasetUri": "A String", # BigQuery URI to a dataset, up to 2000 characters long, in the format |
| # `bq://projectId.bqDatasetId` |
| "force": True or False, # If this flag is `TRUE`, all tables will be deleted from the dataset before |
| # the new exported tables are written. If the flag is not set and the |
| # destination dataset contains tables, the export call returns an error. |
| }, |
| "resourceTypes": [ # Supply a FHIR resource type (such as "Patient" or "Observation"). |
| # See https://www.hl7.org/fhir/valueset-resource-types.html for a list of |
| # all FHIR resource types. |
| # The server treats an empty list as an intent to stream all the |
| # supported resource types in this FHIR store. |
| "A String", |
| ], |
| }, |
| ], |
| "defaultSearchHandlingStrict": True or False, # If true, overrides the default search behavior for this FHIR store to |
| # `handling=strict` which returns an error for unrecognized search |
| # parameters. If false, uses the FHIR specification default |
| # `handling=lenient` which ignores unrecognized search parameters. |
| # The handling can always be changed from the default on an individual API |
| # call by setting the HTTP header `Prefer: handling=strict` or |
| # `Prefer: handling=lenient`. |
| "name": "A String", # Output only. Resource name of the FHIR store, of the form |
| # `projects/{project_id}/datasets/{dataset_id}/fhirStores/{fhir_store_id}`. |
| "labels": { # User-supplied key-value pairs used to organize FHIR stores. |
| # |
| # Label keys must be between 1 and 63 characters long, have a UTF-8 encoding |
| # of maximum 128 bytes, and must conform to the |
| # following PCRE regular expression: |
| # \p{Ll}\p{Lo}{0,62} |
| # |
| # Label values are optional, must be between 1 and 63 characters long, have |
| # a UTF-8 encoding of maximum 128 bytes, and must conform to the |
| # following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} |
| # |
| # No more than 64 labels can be associated with a given store. |
| "a_key": "A String", |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="setIamPolicy">setIamPolicy(resource, body=None, x__xgafv=None)</code> |
| <pre>Sets the access control policy on the specified resource. Replaces any |
| existing policy. |
| |
| Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. |
| |
| Args: |
| resource: string, REQUIRED: The resource for which the policy is being specified. |
| See the operation documentation for the appropriate value for this field. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Request message for `SetIamPolicy` method. |
| "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only |
| # the fields in the mask will be modified. If no mask is provided, the |
| # following default mask is used: |
| # |
| # `paths: "bindings, etag"` |
| "policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the `resource`. The size of |
| # the policy is limited to a few 10s of KB. An empty policy is a |
| # valid policy but certain Cloud Platform services (such as Projects) |
| # might reject them. |
| # controls for Google Cloud resources. |
| # |
| # |
| # A `Policy` is a collection of `bindings`. A `binding` binds one or more |
| # `members` to a single `role`. Members can be user accounts, service accounts, |
| # Google groups, and domains (such as G Suite). A `role` is a named list of |
| # permissions; each `role` can be an IAM predefined role or a user-created |
| # custom role. |
| # |
| # For some types of Google Cloud resources, a `binding` can also specify a |
| # `condition`, which is a logical expression that allows access to a resource |
| # only if the expression evaluates to `true`. A condition can add constraints |
| # based on attributes of the request, the resource, or both. To learn which |
| # resources support conditions in their IAM policies, see the |
| # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| # |
| # **JSON example:** |
| # |
| # { |
| # "bindings": [ |
| # { |
| # "role": "roles/resourcemanager.organizationAdmin", |
| # "members": [ |
| # "user:mike@example.com", |
| # "group:admins@example.com", |
| # "domain:google.com", |
| # "serviceAccount:my-project-id@appspot.gserviceaccount.com" |
| # ] |
| # }, |
| # { |
| # "role": "roles/resourcemanager.organizationViewer", |
| # "members": [ |
| # "user:eve@example.com" |
| # ], |
| # "condition": { |
| # "title": "expirable access", |
| # "description": "Does not grant access after Sep 2020", |
| # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", |
| # } |
| # } |
| # ], |
| # "etag": "BwWWja0YfJA=", |
| # "version": 3 |
| # } |
| # |
| # **YAML example:** |
| # |
| # bindings: |
| # - members: |
| # - user:mike@example.com |
| # - group:admins@example.com |
| # - domain:google.com |
| # - serviceAccount:my-project-id@appspot.gserviceaccount.com |
| # role: roles/resourcemanager.organizationAdmin |
| # - members: |
| # - user:eve@example.com |
| # role: roles/resourcemanager.organizationViewer |
| # condition: |
| # title: expirable access |
| # description: Does not grant access after Sep 2020 |
| # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') |
| # - etag: BwWWja0YfJA= |
| # - version: 3 |
| # |
| # For a description of IAM and its features, see the |
| # [IAM documentation](https://cloud.google.com/iam/docs/). |
| "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a |
| # `condition` that determines how and when the `bindings` are applied. Each |
| # of the `bindings` must contain at least one member. |
| { # Associates `members` with a `role`. |
| "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding. |
| # |
| # If the condition evaluates to `true`, then this binding applies to the |
| # current request. |
| # |
| # If the condition evaluates to `false`, then this binding does not apply to |
| # the current request. However, a different role binding might grant the same |
| # role to one or more of the members in this binding. |
| # |
| # To learn which resources support conditions in their IAM policies, see the |
| # [IAM |
| # documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| # are documented at https://github.com/google/cel-spec. |
| # |
| # Example (Comparison): |
| # |
| # title: "Summary size limit" |
| # description: "Determines if a summary is less than 100 chars" |
| # expression: "document.summary.size() < 100" |
| # |
| # Example (Equality): |
| # |
| # title: "Requestor is owner" |
| # description: "Determines if requestor is the document owner" |
| # expression: "document.owner == request.auth.claims.email" |
| # |
| # Example (Logic): |
| # |
| # title: "Public documents" |
| # description: "Determine whether the document should be publicly visible" |
| # expression: "document.type != 'private' && document.type != 'internal'" |
| # |
| # Example (Data Manipulation): |
| # |
| # title: "Notification string" |
| # description: "Create a notification string with a timestamp." |
| # expression: "'New message received at ' + string(document.create_time)" |
| # |
| # The exact variables and functions that may be referenced within an expression |
| # are determined by the service that evaluates it. See the service |
| # documentation for additional information. |
| "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| # its purpose. This can be used e.g. in UIs which allow to enter the |
| # expression. |
| "description": "A String", # Optional. Description of the expression. This is a longer text which |
| # describes the expression, e.g. when hovered over it in a UI. |
| "expression": "A String", # Textual representation of an expression in Common Expression Language |
| # syntax. |
| "location": "A String", # Optional. String indicating the location of the expression for error |
| # reporting, e.g. a file name and a position in the file. |
| }, |
| "members": [ # Specifies the identities requesting access for a Cloud Platform resource. |
| # `members` can have the following values: |
| # |
| # * `allUsers`: A special identifier that represents anyone who is |
| # on the internet; with or without a Google account. |
| # |
| # * `allAuthenticatedUsers`: A special identifier that represents anyone |
| # who is authenticated with a Google account or a service account. |
| # |
| # * `user:{emailid}`: An email address that represents a specific Google |
| # account. For example, `alice@example.com` . |
| # |
| # |
| # * `serviceAccount:{emailid}`: An email address that represents a service |
| # account. For example, `my-other-app@appspot.gserviceaccount.com`. |
| # |
| # * `group:{emailid}`: An email address that represents a Google group. |
| # For example, `admins@example.com`. |
| # |
| # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a user that has been recently deleted. For |
| # example, `alice@example.com?uid=123456789012345678901`. If the user is |
| # recovered, this value reverts to `user:{emailid}` and the recovered user |
| # retains the role in the binding. |
| # |
| # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus |
| # unique identifier) representing a service account that has been recently |
| # deleted. For example, |
| # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. |
| # If the service account is undeleted, this value reverts to |
| # `serviceAccount:{emailid}` and the undeleted service account retains the |
| # role in the binding. |
| # |
| # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a Google group that has been recently |
| # deleted. For example, `admins@example.com?uid=123456789012345678901`. If |
| # the group is recovered, this value reverts to `group:{emailid}` and the |
| # recovered group retains the role in the binding. |
| # |
| # |
| # * `domain:{domain}`: The G Suite domain (primary) that represents all the |
| # users of that domain. For example, `google.com` or `example.com`. |
| # |
| "A String", |
| ], |
| "role": "A String", # Role that is assigned to `members`. |
| # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. |
| }, |
| ], |
| "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help |
| # prevent simultaneous updates of a policy from overwriting each other. |
| # It is strongly suggested that systems make use of the `etag` in the |
| # read-modify-write cycle to perform policy updates in order to avoid race |
| # conditions: An `etag` is returned in the response to `getIamPolicy`, and |
| # systems are expected to put that etag in the request to `setIamPolicy` to |
| # ensure that their change will be applied to the same version of the policy. |
| # |
| # **Important:** If you use IAM Conditions, you must include the `etag` field |
| # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| # you to overwrite a version `3` policy with a version `1` policy, and all of |
| # the conditions in the version `3` policy are lost. |
| "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. |
| { # Specifies the audit configuration for a service. |
| # The configuration determines which permission types are logged, and what |
| # identities, if any, are exempted from logging. |
| # An AuditConfig must have one or more AuditLogConfigs. |
| # |
| # If there are AuditConfigs for both `allServices` and a specific service, |
| # the union of the two AuditConfigs is used for that service: the log_types |
| # specified in each AuditConfig are enabled, and the exempted_members in each |
| # AuditLogConfig are exempted. |
| # |
| # Example Policy with multiple AuditConfigs: |
| # |
| # { |
| # "audit_configs": [ |
| # { |
| # "service": "allServices", |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ", |
| # "exempted_members": [ |
| # "user:jose@example.com" |
| # ] |
| # }, |
| # { |
| # "log_type": "DATA_WRITE" |
| # }, |
| # { |
| # "log_type": "ADMIN_READ" |
| # } |
| # ] |
| # }, |
| # { |
| # "service": "sampleservice.googleapis.com", |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ" |
| # }, |
| # { |
| # "log_type": "DATA_WRITE", |
| # "exempted_members": [ |
| # "user:aliya@example.com" |
| # ] |
| # } |
| # ] |
| # } |
| # ] |
| # } |
| # |
| # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ |
| # logging. It also exempts jose@example.com from DATA_READ logging, and |
| # aliya@example.com from DATA_WRITE logging. |
| "auditLogConfigs": [ # The configuration for logging of each type of permission. |
| { # Provides the configuration for logging a type of permissions. |
| # Example: |
| # |
| # { |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ", |
| # "exempted_members": [ |
| # "user:jose@example.com" |
| # ] |
| # }, |
| # { |
| # "log_type": "DATA_WRITE" |
| # } |
| # ] |
| # } |
| # |
| # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting |
| # jose@example.com from DATA_READ logging. |
| "logType": "A String", # The log type that this config enables. |
| "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of |
| # permission. |
| # Follows the same format of Binding.members. |
| "A String", |
| ], |
| }, |
| ], |
| "service": "A String", # Specifies a service that will be enabled for audit logging. |
| # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. |
| # `allServices` is a special value that covers all services. |
| }, |
| ], |
| "version": 42, # Specifies the format of the policy. |
| # |
| # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value |
| # are rejected. |
| # |
| # Any operation that affects conditional role bindings must specify version |
| # `3`. This requirement applies to the following operations: |
| # |
| # * Getting a policy that includes a conditional role binding |
| # * Adding a conditional role binding to a policy |
| # * Changing a conditional role binding in a policy |
| # * Removing any role binding, with or without a condition, from a policy |
| # that includes conditions |
| # |
| # **Important:** If you use IAM Conditions, you must include the `etag` field |
| # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| # you to overwrite a version `3` policy with a version `1` policy, and all of |
| # the conditions in the version `3` policy are lost. |
| # |
| # If a policy does not include any conditions, operations on that policy may |
| # specify any valid version or leave the field unset. |
| # |
| # To learn which resources support conditions in their IAM policies, see the |
| # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| }, |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # An Identity and Access Management (IAM) policy, which specifies access |
| # controls for Google Cloud resources. |
| # |
| # |
| # A `Policy` is a collection of `bindings`. A `binding` binds one or more |
| # `members` to a single `role`. Members can be user accounts, service accounts, |
| # Google groups, and domains (such as G Suite). A `role` is a named list of |
| # permissions; each `role` can be an IAM predefined role or a user-created |
| # custom role. |
| # |
| # For some types of Google Cloud resources, a `binding` can also specify a |
| # `condition`, which is a logical expression that allows access to a resource |
| # only if the expression evaluates to `true`. A condition can add constraints |
| # based on attributes of the request, the resource, or both. To learn which |
| # resources support conditions in their IAM policies, see the |
| # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| # |
| # **JSON example:** |
| # |
| # { |
| # "bindings": [ |
| # { |
| # "role": "roles/resourcemanager.organizationAdmin", |
| # "members": [ |
| # "user:mike@example.com", |
| # "group:admins@example.com", |
| # "domain:google.com", |
| # "serviceAccount:my-project-id@appspot.gserviceaccount.com" |
| # ] |
| # }, |
| # { |
| # "role": "roles/resourcemanager.organizationViewer", |
| # "members": [ |
| # "user:eve@example.com" |
| # ], |
| # "condition": { |
| # "title": "expirable access", |
| # "description": "Does not grant access after Sep 2020", |
| # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", |
| # } |
| # } |
| # ], |
| # "etag": "BwWWja0YfJA=", |
| # "version": 3 |
| # } |
| # |
| # **YAML example:** |
| # |
| # bindings: |
| # - members: |
| # - user:mike@example.com |
| # - group:admins@example.com |
| # - domain:google.com |
| # - serviceAccount:my-project-id@appspot.gserviceaccount.com |
| # role: roles/resourcemanager.organizationAdmin |
| # - members: |
| # - user:eve@example.com |
| # role: roles/resourcemanager.organizationViewer |
| # condition: |
| # title: expirable access |
| # description: Does not grant access after Sep 2020 |
| # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') |
| # - etag: BwWWja0YfJA= |
| # - version: 3 |
| # |
| # For a description of IAM and its features, see the |
| # [IAM documentation](https://cloud.google.com/iam/docs/). |
| "bindings": [ # Associates a list of `members` to a `role`. Optionally, may specify a |
| # `condition` that determines how and when the `bindings` are applied. Each |
| # of the `bindings` must contain at least one member. |
| { # Associates `members` with a `role`. |
| "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding. |
| # |
| # If the condition evaluates to `true`, then this binding applies to the |
| # current request. |
| # |
| # If the condition evaluates to `false`, then this binding does not apply to |
| # the current request. However, a different role binding might grant the same |
| # role to one or more of the members in this binding. |
| # |
| # To learn which resources support conditions in their IAM policies, see the |
| # [IAM |
| # documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| # are documented at https://github.com/google/cel-spec. |
| # |
| # Example (Comparison): |
| # |
| # title: "Summary size limit" |
| # description: "Determines if a summary is less than 100 chars" |
| # expression: "document.summary.size() < 100" |
| # |
| # Example (Equality): |
| # |
| # title: "Requestor is owner" |
| # description: "Determines if requestor is the document owner" |
| # expression: "document.owner == request.auth.claims.email" |
| # |
| # Example (Logic): |
| # |
| # title: "Public documents" |
| # description: "Determine whether the document should be publicly visible" |
| # expression: "document.type != 'private' && document.type != 'internal'" |
| # |
| # Example (Data Manipulation): |
| # |
| # title: "Notification string" |
| # description: "Create a notification string with a timestamp." |
| # expression: "'New message received at ' + string(document.create_time)" |
| # |
| # The exact variables and functions that may be referenced within an expression |
| # are determined by the service that evaluates it. See the service |
| # documentation for additional information. |
| "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| # its purpose. This can be used e.g. in UIs which allow to enter the |
| # expression. |
| "description": "A String", # Optional. Description of the expression. This is a longer text which |
| # describes the expression, e.g. when hovered over it in a UI. |
| "expression": "A String", # Textual representation of an expression in Common Expression Language |
| # syntax. |
| "location": "A String", # Optional. String indicating the location of the expression for error |
| # reporting, e.g. a file name and a position in the file. |
| }, |
| "members": [ # Specifies the identities requesting access for a Cloud Platform resource. |
| # `members` can have the following values: |
| # |
| # * `allUsers`: A special identifier that represents anyone who is |
| # on the internet; with or without a Google account. |
| # |
| # * `allAuthenticatedUsers`: A special identifier that represents anyone |
| # who is authenticated with a Google account or a service account. |
| # |
| # * `user:{emailid}`: An email address that represents a specific Google |
| # account. For example, `alice@example.com` . |
| # |
| # |
| # * `serviceAccount:{emailid}`: An email address that represents a service |
| # account. For example, `my-other-app@appspot.gserviceaccount.com`. |
| # |
| # * `group:{emailid}`: An email address that represents a Google group. |
| # For example, `admins@example.com`. |
| # |
| # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a user that has been recently deleted. For |
| # example, `alice@example.com?uid=123456789012345678901`. If the user is |
| # recovered, this value reverts to `user:{emailid}` and the recovered user |
| # retains the role in the binding. |
| # |
| # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus |
| # unique identifier) representing a service account that has been recently |
| # deleted. For example, |
| # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. |
| # If the service account is undeleted, this value reverts to |
| # `serviceAccount:{emailid}` and the undeleted service account retains the |
| # role in the binding. |
| # |
| # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a Google group that has been recently |
| # deleted. For example, `admins@example.com?uid=123456789012345678901`. If |
| # the group is recovered, this value reverts to `group:{emailid}` and the |
| # recovered group retains the role in the binding. |
| # |
| # |
| # * `domain:{domain}`: The G Suite domain (primary) that represents all the |
| # users of that domain. For example, `google.com` or `example.com`. |
| # |
| "A String", |
| ], |
| "role": "A String", # Role that is assigned to `members`. |
| # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. |
| }, |
| ], |
| "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help |
| # prevent simultaneous updates of a policy from overwriting each other. |
| # It is strongly suggested that systems make use of the `etag` in the |
| # read-modify-write cycle to perform policy updates in order to avoid race |
| # conditions: An `etag` is returned in the response to `getIamPolicy`, and |
| # systems are expected to put that etag in the request to `setIamPolicy` to |
| # ensure that their change will be applied to the same version of the policy. |
| # |
| # **Important:** If you use IAM Conditions, you must include the `etag` field |
| # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| # you to overwrite a version `3` policy with a version `1` policy, and all of |
| # the conditions in the version `3` policy are lost. |
| "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. |
| { # Specifies the audit configuration for a service. |
| # The configuration determines which permission types are logged, and what |
| # identities, if any, are exempted from logging. |
| # An AuditConfig must have one or more AuditLogConfigs. |
| # |
| # If there are AuditConfigs for both `allServices` and a specific service, |
| # the union of the two AuditConfigs is used for that service: the log_types |
| # specified in each AuditConfig are enabled, and the exempted_members in each |
| # AuditLogConfig are exempted. |
| # |
| # Example Policy with multiple AuditConfigs: |
| # |
| # { |
| # "audit_configs": [ |
| # { |
| # "service": "allServices", |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ", |
| # "exempted_members": [ |
| # "user:jose@example.com" |
| # ] |
| # }, |
| # { |
| # "log_type": "DATA_WRITE" |
| # }, |
| # { |
| # "log_type": "ADMIN_READ" |
| # } |
| # ] |
| # }, |
| # { |
| # "service": "sampleservice.googleapis.com", |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ" |
| # }, |
| # { |
| # "log_type": "DATA_WRITE", |
| # "exempted_members": [ |
| # "user:aliya@example.com" |
| # ] |
| # } |
| # ] |
| # } |
| # ] |
| # } |
| # |
| # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ |
| # logging. It also exempts jose@example.com from DATA_READ logging, and |
| # aliya@example.com from DATA_WRITE logging. |
| "auditLogConfigs": [ # The configuration for logging of each type of permission. |
| { # Provides the configuration for logging a type of permissions. |
| # Example: |
| # |
| # { |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ", |
| # "exempted_members": [ |
| # "user:jose@example.com" |
| # ] |
| # }, |
| # { |
| # "log_type": "DATA_WRITE" |
| # } |
| # ] |
| # } |
| # |
| # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting |
| # jose@example.com from DATA_READ logging. |
| "logType": "A String", # The log type that this config enables. |
| "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of |
| # permission. |
| # Follows the same format of Binding.members. |
| "A String", |
| ], |
| }, |
| ], |
| "service": "A String", # Specifies a service that will be enabled for audit logging. |
| # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. |
| # `allServices` is a special value that covers all services. |
| }, |
| ], |
| "version": 42, # Specifies the format of the policy. |
| # |
| # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value |
| # are rejected. |
| # |
| # Any operation that affects conditional role bindings must specify version |
| # `3`. This requirement applies to the following operations: |
| # |
| # * Getting a policy that includes a conditional role binding |
| # * Adding a conditional role binding to a policy |
| # * Changing a conditional role binding in a policy |
| # * Removing any role binding, with or without a condition, from a policy |
| # that includes conditions |
| # |
| # **Important:** If you use IAM Conditions, you must include the `etag` field |
| # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| # you to overwrite a version `3` policy with a version `1` policy, and all of |
| # the conditions in the version `3` policy are lost. |
| # |
| # If a policy does not include any conditions, operations on that policy may |
| # specify any valid version or leave the field unset. |
| # |
| # To learn which resources support conditions in their IAM policies, see the |
| # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="testIamPermissions">testIamPermissions(resource, body=None, x__xgafv=None)</code> |
| <pre>Returns permissions that a caller has on the specified resource. |
| If the resource does not exist, this will return an empty set of |
| permissions, not a `NOT_FOUND` error. |
| |
| Note: This operation is designed to be used for building permission-aware |
| UIs and command-line tools, not for authorization checking. This operation |
| may "fail open" without warning. |
| |
| Args: |
| resource: string, REQUIRED: The resource for which the policy detail is being requested. |
| See the operation documentation for the appropriate value for this field. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Request message for `TestIamPermissions` method. |
| "permissions": [ # The set of permissions to check for the `resource`. Permissions with |
| # wildcards (such as '*' or 'storage.*') are not allowed. For more |
| # information see |
| # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). |
| "A String", |
| ], |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Response message for `TestIamPermissions` method. |
| "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is |
| # allowed. |
| "A String", |
| ], |
| }</pre> |
| </div> |
| |
| </body></html> |
