1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="spanner_v1.html">Cloud Spanner API</a> . <a href="spanner_v1.projects.html">projects</a> . <a href="spanner_v1.projects.instances.html">instances</a> . <a href="spanner_v1.projects.instances.databases.html">databases</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="spanner_v1.projects.instances.databases.operations.html">operations()</a></code> 79</p> 80<p class="firstline">Returns the operations Resource.</p> 81 82<p class="toc_element"> 83 <code><a href="spanner_v1.projects.instances.databases.sessions.html">sessions()</a></code> 84</p> 85<p class="firstline">Returns the sessions Resource.</p> 86 87<p class="toc_element"> 88 <code><a href="#create">create(parent, body, x__xgafv=None)</a></code></p> 89<p class="firstline">Creates a new Cloud Spanner database and starts to prepare it for serving.</p> 90<p class="toc_element"> 91 <code><a href="#dropDatabase">dropDatabase(database, x__xgafv=None)</a></code></p> 92<p class="firstline">Drops (aka deletes) a Cloud Spanner database.</p> 93<p class="toc_element"> 94 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 95<p class="firstline">Gets the state of a Cloud Spanner database.</p> 96<p class="toc_element"> 97 <code><a href="#getDdl">getDdl(database, x__xgafv=None)</a></code></p> 98<p class="firstline">Returns the schema of a Cloud Spanner database as a list of formatted</p> 99<p class="toc_element"> 100 <code><a href="#getIamPolicy">getIamPolicy(resource, body, x__xgafv=None)</a></code></p> 101<p class="firstline">Gets the access control policy for a database resource. Returns an empty</p> 102<p class="toc_element"> 103 <code><a href="#list">list(parent, pageToken=None, x__xgafv=None, pageSize=None)</a></code></p> 104<p class="firstline">Lists Cloud Spanner databases.</p> 105<p class="toc_element"> 106 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 107<p class="firstline">Retrieves the next page of results.</p> 108<p class="toc_element"> 109 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 110<p class="firstline">Sets the access control policy on a database resource. Replaces any</p> 111<p class="toc_element"> 112 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 113<p class="firstline">Returns permissions that the caller has on the specified database resource.</p> 114<p class="toc_element"> 115 <code><a href="#updateDdl">updateDdl(database, body, x__xgafv=None)</a></code></p> 116<p class="firstline">Updates the schema of a Cloud Spanner database by</p> 117<h3>Method Details</h3> 118<div class="method"> 119 <code class="details" id="create">create(parent, body, x__xgafv=None)</code> 120 <pre>Creates a new Cloud Spanner database and starts to prepare it for serving. 121The returned long-running operation will 122have a name of the format `<database_name>/operations/<operation_id>` and 123can be used to track preparation of the database. The 124metadata field type is 125CreateDatabaseMetadata. The 126response field type is 127Database, if successful. 128 129Args: 130 parent: string, Required. The name of the instance that will serve the new database. 131Values are of the form `projects/<project>/instances/<instance>`. (required) 132 body: object, The request body. (required) 133 The object takes the form of: 134 135{ # The request for CreateDatabase. 136 "extraStatements": [ # An optional list of DDL statements to run inside the newly created 137 # database. Statements can create tables, indexes, etc. These 138 # statements execute atomically with the creation of the database: 139 # if there is an error in any statement, the database is not created. 140 "A String", 141 ], 142 "createStatement": "A String", # Required. A `CREATE DATABASE` statement, which specifies the ID of the 143 # new database. The database ID must conform to the regular expression 144 # `a-z*[a-z0-9]` and be between 2 and 30 characters in length. 145 # If the database ID is a reserved word or if it contains a hyphen, the 146 # database ID must be enclosed in backticks (`` ` ``). 147 } 148 149 x__xgafv: string, V1 error format. 150 Allowed values 151 1 - v1 error format 152 2 - v2 error format 153 154Returns: 155 An object of the form: 156 157 { # This resource represents a long-running operation that is the result of a 158 # network API call. 159 "metadata": { # Service-specific metadata associated with the operation. It typically 160 # contains progress information and common metadata such as create time. 161 # Some services might not provide such metadata. Any method that returns a 162 # long-running operation should document the metadata type, if any. 163 "a_key": "", # Properties of the object. Contains field @type with type URL. 164 }, 165 "done": True or False, # If the value is `false`, it means the operation is still in progress. 166 # If true, the operation is completed, and either `error` or `response` is 167 # available. 168 "response": { # The normal response of the operation in case of success. If the original 169 # method returns no data on success, such as `Delete`, the response is 170 # `google.protobuf.Empty`. If the original method is standard 171 # `Get`/`Create`/`Update`, the response should be the resource. For other 172 # methods, the response should have the type `XxxResponse`, where `Xxx` 173 # is the original method name. For example, if the original method name 174 # is `TakeSnapshot()`, the inferred response type is 175 # `TakeSnapshotResponse`. 176 "a_key": "", # Properties of the object. Contains field @type with type URL. 177 }, 178 "name": "A String", # The server-assigned name, which is only unique within the same service that 179 # originally returns it. If you use the default HTTP mapping, the 180 # `name` should have the format of `operations/some/unique/name`. 181 "error": { # The `Status` type defines a logical error model that is suitable for different # The error result of the operation in case of failure or cancellation. 182 # programming environments, including REST APIs and RPC APIs. It is used by 183 # [gRPC](https://github.com/grpc). The error model is designed to be: 184 # 185 # - Simple to use and understand for most users 186 # - Flexible enough to meet unexpected needs 187 # 188 # # Overview 189 # 190 # The `Status` message contains three pieces of data: error code, error message, 191 # and error details. The error code should be an enum value of 192 # google.rpc.Code, but it may accept additional error codes if needed. The 193 # error message should be a developer-facing English message that helps 194 # developers *understand* and *resolve* the error. If a localized user-facing 195 # error message is needed, put the localized message in the error details or 196 # localize it in the client. The optional error details may contain arbitrary 197 # information about the error. There is a predefined set of error detail types 198 # in the package `google.rpc` which can be used for common error conditions. 199 # 200 # # Language mapping 201 # 202 # The `Status` message is the logical representation of the error model, but it 203 # is not necessarily the actual wire format. When the `Status` message is 204 # exposed in different client libraries and different wire protocols, it can be 205 # mapped differently. For example, it will likely be mapped to some exceptions 206 # in Java, but more likely mapped to some error codes in C. 207 # 208 # # Other uses 209 # 210 # The error model and the `Status` message can be used in a variety of 211 # environments, either with or without APIs, to provide a 212 # consistent developer experience across different environments. 213 # 214 # Example uses of this error model include: 215 # 216 # - Partial errors. If a service needs to return partial errors to the client, 217 # it may embed the `Status` in the normal response to indicate the partial 218 # errors. 219 # 220 # - Workflow errors. A typical workflow has multiple steps. Each step may 221 # have a `Status` message for error reporting purpose. 222 # 223 # - Batch operations. If a client uses batch request and batch response, the 224 # `Status` message should be used directly inside batch response, one for 225 # each error sub-response. 226 # 227 # - Asynchronous operations. If an API call embeds asynchronous operation 228 # results in its response, the status of those operations should be 229 # represented directly using the `Status` message. 230 # 231 # - Logging. If some API errors are stored in logs, the message `Status` could 232 # be used directly after any stripping needed for security/privacy reasons. 233 "message": "A String", # A developer-facing error message, which should be in English. Any 234 # user-facing error message should be localized and sent in the 235 # google.rpc.Status.details field, or localized by the client. 236 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 237 "details": [ # A list of messages that carry the error details. There will be a 238 # common set of message types for APIs to use. 239 { 240 "a_key": "", # Properties of the object. Contains field @type with type URL. 241 }, 242 ], 243 }, 244 }</pre> 245</div> 246 247<div class="method"> 248 <code class="details" id="dropDatabase">dropDatabase(database, x__xgafv=None)</code> 249 <pre>Drops (aka deletes) a Cloud Spanner database. 250 251Args: 252 database: string, Required. The database to be dropped. (required) 253 x__xgafv: string, V1 error format. 254 Allowed values 255 1 - v1 error format 256 2 - v2 error format 257 258Returns: 259 An object of the form: 260 261 { # A generic empty message that you can re-use to avoid defining duplicated 262 # empty messages in your APIs. A typical example is to use it as the request 263 # or the response type of an API method. For instance: 264 # 265 # service Foo { 266 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 267 # } 268 # 269 # The JSON representation for `Empty` is empty JSON object `{}`. 270 }</pre> 271</div> 272 273<div class="method"> 274 <code class="details" id="get">get(name, x__xgafv=None)</code> 275 <pre>Gets the state of a Cloud Spanner database. 276 277Args: 278 name: string, Required. The name of the requested database. Values are of the form 279`projects/<project>/instances/<instance>/databases/<database>`. (required) 280 x__xgafv: string, V1 error format. 281 Allowed values 282 1 - v1 error format 283 2 - v2 error format 284 285Returns: 286 An object of the form: 287 288 { # A Cloud Spanner database. 289 "state": "A String", # Output only. The current database state. 290 "name": "A String", # Required. The name of the database. Values are of the form 291 # `projects/<project>/instances/<instance>/databases/<database>`, 292 # where `<database>` is as specified in the `CREATE DATABASE` 293 # statement. This name can be passed to other API methods to 294 # identify the database. 295 }</pre> 296</div> 297 298<div class="method"> 299 <code class="details" id="getDdl">getDdl(database, x__xgafv=None)</code> 300 <pre>Returns the schema of a Cloud Spanner database as a list of formatted 301DDL statements. This method does not show pending schema updates, those may 302be queried using the Operations API. 303 304Args: 305 database: string, Required. The database whose schema we wish to get. (required) 306 x__xgafv: string, V1 error format. 307 Allowed values 308 1 - v1 error format 309 2 - v2 error format 310 311Returns: 312 An object of the form: 313 314 { # The response for GetDatabaseDdl. 315 "statements": [ # A list of formatted DDL statements defining the schema of the database 316 # specified in the request. 317 "A String", 318 ], 319 }</pre> 320</div> 321 322<div class="method"> 323 <code class="details" id="getIamPolicy">getIamPolicy(resource, body, x__xgafv=None)</code> 324 <pre>Gets the access control policy for a database resource. Returns an empty 325policy if a database exists but does not have a policy set. 326 327Authorization requires `spanner.databases.getIamPolicy` permission on 328resource. 329 330Args: 331 resource: string, REQUIRED: The Cloud Spanner resource for which the policy is being retrieved. The format is `projects/<project ID>/instances/<instance ID>` for instance resources and `projects/<project ID>/instances/<instance ID>/databases/<database ID>` for database resources. (required) 332 body: object, The request body. (required) 333 The object takes the form of: 334 335{ # Request message for `GetIamPolicy` method. 336 } 337 338 x__xgafv: string, V1 error format. 339 Allowed values 340 1 - v1 error format 341 2 - v2 error format 342 343Returns: 344 An object of the form: 345 346 { # Defines an Identity and Access Management (IAM) policy. It is used to 347 # specify access control policies for Cloud Platform resources. 348 # 349 # 350 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 351 # `members` to a `role`, where the members can be user accounts, Google groups, 352 # Google domains, and service accounts. A `role` is a named list of permissions 353 # defined by IAM. 354 # 355 # **Example** 356 # 357 # { 358 # "bindings": [ 359 # { 360 # "role": "roles/owner", 361 # "members": [ 362 # "user:mike@example.com", 363 # "group:admins@example.com", 364 # "domain:google.com", 365 # "serviceAccount:my-other-app@appspot.gserviceaccount.com", 366 # ] 367 # }, 368 # { 369 # "role": "roles/viewer", 370 # "members": ["user:sean@example.com"] 371 # } 372 # ] 373 # } 374 # 375 # For a description of IAM and its features, see the 376 # [IAM developer's guide](https://cloud.google.com/iam). 377 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 378 { # Specifies the audit configuration for a service. 379 # The configuration determines which permission types are logged, and what 380 # identities, if any, are exempted from logging. 381 # An AuditConifg must have one or more AuditLogConfigs. 382 # 383 # If there are AuditConfigs for both `allServices` and a specific service, 384 # the union of the two AuditConfigs is used for that service: the log_types 385 # specified in each AuditConfig are enabled, and the exempted_members in each 386 # AuditConfig are exempted. 387 # 388 # Example Policy with multiple AuditConfigs: 389 # 390 # { 391 # "audit_configs": [ 392 # { 393 # "service": "allServices" 394 # "audit_log_configs": [ 395 # { 396 # "log_type": "DATA_READ", 397 # "exempted_members": [ 398 # "user:foo@gmail.com" 399 # ] 400 # }, 401 # { 402 # "log_type": "DATA_WRITE", 403 # }, 404 # { 405 # "log_type": "ADMIN_READ", 406 # } 407 # ] 408 # }, 409 # { 410 # "service": "fooservice.googleapis.com" 411 # "audit_log_configs": [ 412 # { 413 # "log_type": "DATA_READ", 414 # }, 415 # { 416 # "log_type": "DATA_WRITE", 417 # "exempted_members": [ 418 # "user:bar@gmail.com" 419 # ] 420 # } 421 # ] 422 # } 423 # ] 424 # } 425 # 426 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 427 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 428 # bar@gmail.com from DATA_WRITE logging. 429 "exemptedMembers": [ 430 "A String", 431 ], 432 "auditLogConfigs": [ # The configuration for logging of each type of permission. 433 # Next ID: 4 434 { # Provides the configuration for logging a type of permissions. 435 # Example: 436 # 437 # { 438 # "audit_log_configs": [ 439 # { 440 # "log_type": "DATA_READ", 441 # "exempted_members": [ 442 # "user:foo@gmail.com" 443 # ] 444 # }, 445 # { 446 # "log_type": "DATA_WRITE", 447 # } 448 # ] 449 # } 450 # 451 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 452 # foo@gmail.com from DATA_READ logging. 453 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 454 # permission. 455 # Follows the same format of Binding.members. 456 "A String", 457 ], 458 "logType": "A String", # The log type that this config enables. 459 }, 460 ], 461 "service": "A String", # Specifies a service that will be enabled for audit logging. 462 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 463 # `allServices` is a special value that covers all services. 464 }, 465 ], 466 "rules": [ # If more than one rule is specified, the rules are applied in the following 467 # manner: 468 # - All matching LOG rules are always applied. 469 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 470 # Logging will be applied if one or more matching rule requires logging. 471 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 472 # granted. 473 # Logging will be applied if one or more matching rule requires logging. 474 # - Otherwise, if no rule applies, permission is denied. 475 { # A rule to be applied in a Policy. 476 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 477 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 478 # The format for in and not_in entries is the same as for members in a 479 # Binding (see google/iam/v1/policy.proto). 480 "A String", 481 ], 482 "description": "A String", # Human-readable description of the rule. 483 "in": [ # If one or more 'in' clauses are specified, the rule matches if 484 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 485 "A String", 486 ], 487 "action": "A String", # Required 488 "conditions": [ # Additional restrictions that must be met 489 { # A condition to be met. 490 "iam": "A String", # Trusted attributes supplied by the IAM system. 491 "svc": "A String", # Trusted attributes discharged by the service. 492 "value": "A String", # DEPRECATED. Use 'values' instead. 493 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 494 # the IAM system for access control. 495 "values": [ # The objects of the condition. This is mutually exclusive with 'value'. 496 "A String", 497 ], 498 "op": "A String", # An operator to apply the subject with. 499 }, 500 ], 501 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 502 # that match the LOG action. 503 { # Specifies what kind of log the caller must write 504 "counter": { # Options for counters # Counter options. 505 "field": "A String", # The field value to attribute. 506 "metric": "A String", # The metric to update. 507 }, 508 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 509 }, 510 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 511 }, 512 }, 513 ], 514 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 515 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 516 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 517 "A String", 518 ], 519 }, 520 ], 521 "version": 42, # Version of the `Policy`. The default version is 0. 522 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 523 # prevent simultaneous updates of a policy from overwriting each other. 524 # It is strongly suggested that systems make use of the `etag` in the 525 # read-modify-write cycle to perform policy updates in order to avoid race 526 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 527 # systems are expected to put that etag in the request to `setIamPolicy` to 528 # ensure that their change will be applied to the same version of the policy. 529 # 530 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 531 # policy is overwritten blindly. 532 "bindings": [ # Associates a list of `members` to a `role`. 533 # Multiple `bindings` must not be specified for the same `role`. 534 # `bindings` with no members will result in an error. 535 { # Associates `members` with a `role`. 536 "role": "A String", # Role that is assigned to `members`. 537 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 538 # Required 539 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 540 # `members` can have the following values: 541 # 542 # * `allUsers`: A special identifier that represents anyone who is 543 # on the internet; with or without a Google account. 544 # 545 # * `allAuthenticatedUsers`: A special identifier that represents anyone 546 # who is authenticated with a Google account or a service account. 547 # 548 # * `user:{emailid}`: An email address that represents a specific Google 549 # account. For example, `alice@gmail.com` or `joe@example.com`. 550 # 551 # 552 # * `serviceAccount:{emailid}`: An email address that represents a service 553 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 554 # 555 # * `group:{emailid}`: An email address that represents a Google group. 556 # For example, `admins@example.com`. 557 # 558 # * `domain:{domain}`: A Google Apps domain name that represents all the 559 # users of that domain. For example, `google.com` or `example.com`. 560 # 561 "A String", 562 ], 563 }, 564 ], 565 "iamOwned": True or False, 566 }</pre> 567</div> 568 569<div class="method"> 570 <code class="details" id="list">list(parent, pageToken=None, x__xgafv=None, pageSize=None)</code> 571 <pre>Lists Cloud Spanner databases. 572 573Args: 574 parent: string, Required. The instance whose databases should be listed. 575Values are of the form `projects/<project>/instances/<instance>`. (required) 576 pageToken: string, If non-empty, `page_token` should contain a 577next_page_token from a 578previous ListDatabasesResponse. 579 x__xgafv: string, V1 error format. 580 Allowed values 581 1 - v1 error format 582 2 - v2 error format 583 pageSize: integer, Number of databases to be returned in the response. If 0 or less, 584defaults to the server's maximum allowed page size. 585 586Returns: 587 An object of the form: 588 589 { # The response for ListDatabases. 590 "nextPageToken": "A String", # `next_page_token` can be sent in a subsequent 591 # ListDatabases call to fetch more 592 # of the matching databases. 593 "databases": [ # Databases that matched the request. 594 { # A Cloud Spanner database. 595 "state": "A String", # Output only. The current database state. 596 "name": "A String", # Required. The name of the database. Values are of the form 597 # `projects/<project>/instances/<instance>/databases/<database>`, 598 # where `<database>` is as specified in the `CREATE DATABASE` 599 # statement. This name can be passed to other API methods to 600 # identify the database. 601 }, 602 ], 603 }</pre> 604</div> 605 606<div class="method"> 607 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 608 <pre>Retrieves the next page of results. 609 610Args: 611 previous_request: The request for the previous page. (required) 612 previous_response: The response from the request for the previous page. (required) 613 614Returns: 615 A request object that you can call 'execute()' on to request the next 616 page. Returns None if there are no more items in the collection. 617 </pre> 618</div> 619 620<div class="method"> 621 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 622 <pre>Sets the access control policy on a database resource. Replaces any 623existing policy. 624 625Authorization requires `spanner.databases.setIamPolicy` permission on 626resource. 627 628Args: 629 resource: string, REQUIRED: The Cloud Spanner resource for which the policy is being set. The format is `projects/<project ID>/instances/<instance ID>` for instance resources and `projects/<project ID>/instances/<instance ID>/databases/<database ID>` for databases resources. (required) 630 body: object, The request body. (required) 631 The object takes the form of: 632 633{ # Request message for `SetIamPolicy` method. 634 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 635 # the policy is limited to a few 10s of KB. An empty policy is a 636 # valid policy but certain Cloud Platform services (such as Projects) 637 # might reject them. 638 # specify access control policies for Cloud Platform resources. 639 # 640 # 641 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 642 # `members` to a `role`, where the members can be user accounts, Google groups, 643 # Google domains, and service accounts. A `role` is a named list of permissions 644 # defined by IAM. 645 # 646 # **Example** 647 # 648 # { 649 # "bindings": [ 650 # { 651 # "role": "roles/owner", 652 # "members": [ 653 # "user:mike@example.com", 654 # "group:admins@example.com", 655 # "domain:google.com", 656 # "serviceAccount:my-other-app@appspot.gserviceaccount.com", 657 # ] 658 # }, 659 # { 660 # "role": "roles/viewer", 661 # "members": ["user:sean@example.com"] 662 # } 663 # ] 664 # } 665 # 666 # For a description of IAM and its features, see the 667 # [IAM developer's guide](https://cloud.google.com/iam). 668 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 669 { # Specifies the audit configuration for a service. 670 # The configuration determines which permission types are logged, and what 671 # identities, if any, are exempted from logging. 672 # An AuditConifg must have one or more AuditLogConfigs. 673 # 674 # If there are AuditConfigs for both `allServices` and a specific service, 675 # the union of the two AuditConfigs is used for that service: the log_types 676 # specified in each AuditConfig are enabled, and the exempted_members in each 677 # AuditConfig are exempted. 678 # 679 # Example Policy with multiple AuditConfigs: 680 # 681 # { 682 # "audit_configs": [ 683 # { 684 # "service": "allServices" 685 # "audit_log_configs": [ 686 # { 687 # "log_type": "DATA_READ", 688 # "exempted_members": [ 689 # "user:foo@gmail.com" 690 # ] 691 # }, 692 # { 693 # "log_type": "DATA_WRITE", 694 # }, 695 # { 696 # "log_type": "ADMIN_READ", 697 # } 698 # ] 699 # }, 700 # { 701 # "service": "fooservice.googleapis.com" 702 # "audit_log_configs": [ 703 # { 704 # "log_type": "DATA_READ", 705 # }, 706 # { 707 # "log_type": "DATA_WRITE", 708 # "exempted_members": [ 709 # "user:bar@gmail.com" 710 # ] 711 # } 712 # ] 713 # } 714 # ] 715 # } 716 # 717 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 718 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 719 # bar@gmail.com from DATA_WRITE logging. 720 "exemptedMembers": [ 721 "A String", 722 ], 723 "auditLogConfigs": [ # The configuration for logging of each type of permission. 724 # Next ID: 4 725 { # Provides the configuration for logging a type of permissions. 726 # Example: 727 # 728 # { 729 # "audit_log_configs": [ 730 # { 731 # "log_type": "DATA_READ", 732 # "exempted_members": [ 733 # "user:foo@gmail.com" 734 # ] 735 # }, 736 # { 737 # "log_type": "DATA_WRITE", 738 # } 739 # ] 740 # } 741 # 742 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 743 # foo@gmail.com from DATA_READ logging. 744 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 745 # permission. 746 # Follows the same format of Binding.members. 747 "A String", 748 ], 749 "logType": "A String", # The log type that this config enables. 750 }, 751 ], 752 "service": "A String", # Specifies a service that will be enabled for audit logging. 753 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 754 # `allServices` is a special value that covers all services. 755 }, 756 ], 757 "rules": [ # If more than one rule is specified, the rules are applied in the following 758 # manner: 759 # - All matching LOG rules are always applied. 760 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 761 # Logging will be applied if one or more matching rule requires logging. 762 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 763 # granted. 764 # Logging will be applied if one or more matching rule requires logging. 765 # - Otherwise, if no rule applies, permission is denied. 766 { # A rule to be applied in a Policy. 767 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 768 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 769 # The format for in and not_in entries is the same as for members in a 770 # Binding (see google/iam/v1/policy.proto). 771 "A String", 772 ], 773 "description": "A String", # Human-readable description of the rule. 774 "in": [ # If one or more 'in' clauses are specified, the rule matches if 775 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 776 "A String", 777 ], 778 "action": "A String", # Required 779 "conditions": [ # Additional restrictions that must be met 780 { # A condition to be met. 781 "iam": "A String", # Trusted attributes supplied by the IAM system. 782 "svc": "A String", # Trusted attributes discharged by the service. 783 "value": "A String", # DEPRECATED. Use 'values' instead. 784 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 785 # the IAM system for access control. 786 "values": [ # The objects of the condition. This is mutually exclusive with 'value'. 787 "A String", 788 ], 789 "op": "A String", # An operator to apply the subject with. 790 }, 791 ], 792 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 793 # that match the LOG action. 794 { # Specifies what kind of log the caller must write 795 "counter": { # Options for counters # Counter options. 796 "field": "A String", # The field value to attribute. 797 "metric": "A String", # The metric to update. 798 }, 799 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 800 }, 801 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 802 }, 803 }, 804 ], 805 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 806 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 807 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 808 "A String", 809 ], 810 }, 811 ], 812 "version": 42, # Version of the `Policy`. The default version is 0. 813 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 814 # prevent simultaneous updates of a policy from overwriting each other. 815 # It is strongly suggested that systems make use of the `etag` in the 816 # read-modify-write cycle to perform policy updates in order to avoid race 817 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 818 # systems are expected to put that etag in the request to `setIamPolicy` to 819 # ensure that their change will be applied to the same version of the policy. 820 # 821 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 822 # policy is overwritten blindly. 823 "bindings": [ # Associates a list of `members` to a `role`. 824 # Multiple `bindings` must not be specified for the same `role`. 825 # `bindings` with no members will result in an error. 826 { # Associates `members` with a `role`. 827 "role": "A String", # Role that is assigned to `members`. 828 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 829 # Required 830 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 831 # `members` can have the following values: 832 # 833 # * `allUsers`: A special identifier that represents anyone who is 834 # on the internet; with or without a Google account. 835 # 836 # * `allAuthenticatedUsers`: A special identifier that represents anyone 837 # who is authenticated with a Google account or a service account. 838 # 839 # * `user:{emailid}`: An email address that represents a specific Google 840 # account. For example, `alice@gmail.com` or `joe@example.com`. 841 # 842 # 843 # * `serviceAccount:{emailid}`: An email address that represents a service 844 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 845 # 846 # * `group:{emailid}`: An email address that represents a Google group. 847 # For example, `admins@example.com`. 848 # 849 # * `domain:{domain}`: A Google Apps domain name that represents all the 850 # users of that domain. For example, `google.com` or `example.com`. 851 # 852 "A String", 853 ], 854 }, 855 ], 856 "iamOwned": True or False, 857 }, 858 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 859 # the fields in the mask will be modified. If no mask is provided, the 860 # following default mask is used: 861 # paths: "bindings, etag" 862 # This field is only used by Cloud IAM. 863 } 864 865 x__xgafv: string, V1 error format. 866 Allowed values 867 1 - v1 error format 868 2 - v2 error format 869 870Returns: 871 An object of the form: 872 873 { # Defines an Identity and Access Management (IAM) policy. It is used to 874 # specify access control policies for Cloud Platform resources. 875 # 876 # 877 # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of 878 # `members` to a `role`, where the members can be user accounts, Google groups, 879 # Google domains, and service accounts. A `role` is a named list of permissions 880 # defined by IAM. 881 # 882 # **Example** 883 # 884 # { 885 # "bindings": [ 886 # { 887 # "role": "roles/owner", 888 # "members": [ 889 # "user:mike@example.com", 890 # "group:admins@example.com", 891 # "domain:google.com", 892 # "serviceAccount:my-other-app@appspot.gserviceaccount.com", 893 # ] 894 # }, 895 # { 896 # "role": "roles/viewer", 897 # "members": ["user:sean@example.com"] 898 # } 899 # ] 900 # } 901 # 902 # For a description of IAM and its features, see the 903 # [IAM developer's guide](https://cloud.google.com/iam). 904 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 905 { # Specifies the audit configuration for a service. 906 # The configuration determines which permission types are logged, and what 907 # identities, if any, are exempted from logging. 908 # An AuditConifg must have one or more AuditLogConfigs. 909 # 910 # If there are AuditConfigs for both `allServices` and a specific service, 911 # the union of the two AuditConfigs is used for that service: the log_types 912 # specified in each AuditConfig are enabled, and the exempted_members in each 913 # AuditConfig are exempted. 914 # 915 # Example Policy with multiple AuditConfigs: 916 # 917 # { 918 # "audit_configs": [ 919 # { 920 # "service": "allServices" 921 # "audit_log_configs": [ 922 # { 923 # "log_type": "DATA_READ", 924 # "exempted_members": [ 925 # "user:foo@gmail.com" 926 # ] 927 # }, 928 # { 929 # "log_type": "DATA_WRITE", 930 # }, 931 # { 932 # "log_type": "ADMIN_READ", 933 # } 934 # ] 935 # }, 936 # { 937 # "service": "fooservice.googleapis.com" 938 # "audit_log_configs": [ 939 # { 940 # "log_type": "DATA_READ", 941 # }, 942 # { 943 # "log_type": "DATA_WRITE", 944 # "exempted_members": [ 945 # "user:bar@gmail.com" 946 # ] 947 # } 948 # ] 949 # } 950 # ] 951 # } 952 # 953 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 954 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 955 # bar@gmail.com from DATA_WRITE logging. 956 "exemptedMembers": [ 957 "A String", 958 ], 959 "auditLogConfigs": [ # The configuration for logging of each type of permission. 960 # Next ID: 4 961 { # Provides the configuration for logging a type of permissions. 962 # Example: 963 # 964 # { 965 # "audit_log_configs": [ 966 # { 967 # "log_type": "DATA_READ", 968 # "exempted_members": [ 969 # "user:foo@gmail.com" 970 # ] 971 # }, 972 # { 973 # "log_type": "DATA_WRITE", 974 # } 975 # ] 976 # } 977 # 978 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 979 # foo@gmail.com from DATA_READ logging. 980 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 981 # permission. 982 # Follows the same format of Binding.members. 983 "A String", 984 ], 985 "logType": "A String", # The log type that this config enables. 986 }, 987 ], 988 "service": "A String", # Specifies a service that will be enabled for audit logging. 989 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 990 # `allServices` is a special value that covers all services. 991 }, 992 ], 993 "rules": [ # If more than one rule is specified, the rules are applied in the following 994 # manner: 995 # - All matching LOG rules are always applied. 996 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 997 # Logging will be applied if one or more matching rule requires logging. 998 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 999 # granted. 1000 # Logging will be applied if one or more matching rule requires logging. 1001 # - Otherwise, if no rule applies, permission is denied. 1002 { # A rule to be applied in a Policy. 1003 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 1004 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 1005 # The format for in and not_in entries is the same as for members in a 1006 # Binding (see google/iam/v1/policy.proto). 1007 "A String", 1008 ], 1009 "description": "A String", # Human-readable description of the rule. 1010 "in": [ # If one or more 'in' clauses are specified, the rule matches if 1011 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 1012 "A String", 1013 ], 1014 "action": "A String", # Required 1015 "conditions": [ # Additional restrictions that must be met 1016 { # A condition to be met. 1017 "iam": "A String", # Trusted attributes supplied by the IAM system. 1018 "svc": "A String", # Trusted attributes discharged by the service. 1019 "value": "A String", # DEPRECATED. Use 'values' instead. 1020 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 1021 # the IAM system for access control. 1022 "values": [ # The objects of the condition. This is mutually exclusive with 'value'. 1023 "A String", 1024 ], 1025 "op": "A String", # An operator to apply the subject with. 1026 }, 1027 ], 1028 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 1029 # that match the LOG action. 1030 { # Specifies what kind of log the caller must write 1031 "counter": { # Options for counters # Counter options. 1032 "field": "A String", # The field value to attribute. 1033 "metric": "A String", # The metric to update. 1034 }, 1035 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 1036 }, 1037 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 1038 }, 1039 }, 1040 ], 1041 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 1042 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 1043 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 1044 "A String", 1045 ], 1046 }, 1047 ], 1048 "version": 42, # Version of the `Policy`. The default version is 0. 1049 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1050 # prevent simultaneous updates of a policy from overwriting each other. 1051 # It is strongly suggested that systems make use of the `etag` in the 1052 # read-modify-write cycle to perform policy updates in order to avoid race 1053 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1054 # systems are expected to put that etag in the request to `setIamPolicy` to 1055 # ensure that their change will be applied to the same version of the policy. 1056 # 1057 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1058 # policy is overwritten blindly. 1059 "bindings": [ # Associates a list of `members` to a `role`. 1060 # Multiple `bindings` must not be specified for the same `role`. 1061 # `bindings` with no members will result in an error. 1062 { # Associates `members` with a `role`. 1063 "role": "A String", # Role that is assigned to `members`. 1064 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1065 # Required 1066 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1067 # `members` can have the following values: 1068 # 1069 # * `allUsers`: A special identifier that represents anyone who is 1070 # on the internet; with or without a Google account. 1071 # 1072 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1073 # who is authenticated with a Google account or a service account. 1074 # 1075 # * `user:{emailid}`: An email address that represents a specific Google 1076 # account. For example, `alice@gmail.com` or `joe@example.com`. 1077 # 1078 # 1079 # * `serviceAccount:{emailid}`: An email address that represents a service 1080 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 1081 # 1082 # * `group:{emailid}`: An email address that represents a Google group. 1083 # For example, `admins@example.com`. 1084 # 1085 # * `domain:{domain}`: A Google Apps domain name that represents all the 1086 # users of that domain. For example, `google.com` or `example.com`. 1087 # 1088 "A String", 1089 ], 1090 }, 1091 ], 1092 "iamOwned": True or False, 1093 }</pre> 1094</div> 1095 1096<div class="method"> 1097 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 1098 <pre>Returns permissions that the caller has on the specified database resource. 1099 1100Attempting this RPC on a non-existent Cloud Spanner database will result in 1101a NOT_FOUND error if the user has `spanner.databases.list` permission on 1102the containing Cloud Spanner instance. Otherwise returns an empty set of 1103permissions. 1104 1105Args: 1106 resource: string, REQUIRED: The Cloud Spanner resource for which permissions are being tested. The format is `projects/<project ID>/instances/<instance ID>` for instance resources and `projects/<project ID>/instances/<instance ID>/databases/<database ID>` for database resources. (required) 1107 body: object, The request body. (required) 1108 The object takes the form of: 1109 1110{ # Request message for `TestIamPermissions` method. 1111 "permissions": [ # REQUIRED: The set of permissions to check for 'resource'. 1112 # Permissions with wildcards (such as '*', 'spanner.*', 'spanner.instances.*') are not allowed. 1113 "A String", 1114 ], 1115 } 1116 1117 x__xgafv: string, V1 error format. 1118 Allowed values 1119 1 - v1 error format 1120 2 - v2 error format 1121 1122Returns: 1123 An object of the form: 1124 1125 { # Response message for `TestIamPermissions` method. 1126 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 1127 # allowed. 1128 "A String", 1129 ], 1130 }</pre> 1131</div> 1132 1133<div class="method"> 1134 <code class="details" id="updateDdl">updateDdl(database, body, x__xgafv=None)</code> 1135 <pre>Updates the schema of a Cloud Spanner database by 1136creating/altering/dropping tables, columns, indexes, etc. The returned 1137long-running operation will have a name of 1138the format `<database_name>/operations/<operation_id>` and can be used to 1139track execution of the schema change(s). The 1140metadata field type is 1141UpdateDatabaseDdlMetadata. The operation has no response. 1142 1143Args: 1144 database: string, Required. The database to update. (required) 1145 body: object, The request body. (required) 1146 The object takes the form of: 1147 1148{ # Enqueues the given DDL statements to be applied, in order but not 1149 # necessarily all at once, to the database schema at some point (or 1150 # points) in the future. The server checks that the statements 1151 # are executable (syntactically valid, name tables that exist, etc.) 1152 # before enqueueing them, but they may still fail upon 1153 # later execution (e.g., if a statement from another batch of 1154 # statements is applied first and it conflicts in some way, or if 1155 # there is some data-related problem like a `NULL` value in a column to 1156 # which `NOT NULL` would be added). If a statement fails, all 1157 # subsequent statements in the batch are automatically cancelled. 1158 # 1159 # Each batch of statements is assigned a name which can be used with 1160 # the Operations API to monitor 1161 # progress. See the 1162 # operation_id field for more 1163 # details. 1164 "statements": [ # DDL statements to be applied to the database. 1165 "A String", 1166 ], 1167 "operationId": "A String", # If empty, the new update request is assigned an 1168 # automatically-generated operation ID. Otherwise, `operation_id` 1169 # is used to construct the name of the resulting 1170 # Operation. 1171 # 1172 # Specifying an explicit operation ID simplifies determining 1173 # whether the statements were executed in the event that the 1174 # UpdateDatabaseDdl call is replayed, 1175 # or the return value is otherwise lost: the database and 1176 # `operation_id` fields can be combined to form the 1177 # name of the resulting 1178 # longrunning.Operation: `<database>/operations/<operation_id>`. 1179 # 1180 # `operation_id` should be unique within the database, and must be 1181 # a valid identifier: `a-z*`. Note that 1182 # automatically-generated operation IDs always begin with an 1183 # underscore. If the named operation already exists, 1184 # UpdateDatabaseDdl returns 1185 # `ALREADY_EXISTS`. 1186 } 1187 1188 x__xgafv: string, V1 error format. 1189 Allowed values 1190 1 - v1 error format 1191 2 - v2 error format 1192 1193Returns: 1194 An object of the form: 1195 1196 { # This resource represents a long-running operation that is the result of a 1197 # network API call. 1198 "metadata": { # Service-specific metadata associated with the operation. It typically 1199 # contains progress information and common metadata such as create time. 1200 # Some services might not provide such metadata. Any method that returns a 1201 # long-running operation should document the metadata type, if any. 1202 "a_key": "", # Properties of the object. Contains field @type with type URL. 1203 }, 1204 "done": True or False, # If the value is `false`, it means the operation is still in progress. 1205 # If true, the operation is completed, and either `error` or `response` is 1206 # available. 1207 "response": { # The normal response of the operation in case of success. If the original 1208 # method returns no data on success, such as `Delete`, the response is 1209 # `google.protobuf.Empty`. If the original method is standard 1210 # `Get`/`Create`/`Update`, the response should be the resource. For other 1211 # methods, the response should have the type `XxxResponse`, where `Xxx` 1212 # is the original method name. For example, if the original method name 1213 # is `TakeSnapshot()`, the inferred response type is 1214 # `TakeSnapshotResponse`. 1215 "a_key": "", # Properties of the object. Contains field @type with type URL. 1216 }, 1217 "name": "A String", # The server-assigned name, which is only unique within the same service that 1218 # originally returns it. If you use the default HTTP mapping, the 1219 # `name` should have the format of `operations/some/unique/name`. 1220 "error": { # The `Status` type defines a logical error model that is suitable for different # The error result of the operation in case of failure or cancellation. 1221 # programming environments, including REST APIs and RPC APIs. It is used by 1222 # [gRPC](https://github.com/grpc). The error model is designed to be: 1223 # 1224 # - Simple to use and understand for most users 1225 # - Flexible enough to meet unexpected needs 1226 # 1227 # # Overview 1228 # 1229 # The `Status` message contains three pieces of data: error code, error message, 1230 # and error details. The error code should be an enum value of 1231 # google.rpc.Code, but it may accept additional error codes if needed. The 1232 # error message should be a developer-facing English message that helps 1233 # developers *understand* and *resolve* the error. If a localized user-facing 1234 # error message is needed, put the localized message in the error details or 1235 # localize it in the client. The optional error details may contain arbitrary 1236 # information about the error. There is a predefined set of error detail types 1237 # in the package `google.rpc` which can be used for common error conditions. 1238 # 1239 # # Language mapping 1240 # 1241 # The `Status` message is the logical representation of the error model, but it 1242 # is not necessarily the actual wire format. When the `Status` message is 1243 # exposed in different client libraries and different wire protocols, it can be 1244 # mapped differently. For example, it will likely be mapped to some exceptions 1245 # in Java, but more likely mapped to some error codes in C. 1246 # 1247 # # Other uses 1248 # 1249 # The error model and the `Status` message can be used in a variety of 1250 # environments, either with or without APIs, to provide a 1251 # consistent developer experience across different environments. 1252 # 1253 # Example uses of this error model include: 1254 # 1255 # - Partial errors. If a service needs to return partial errors to the client, 1256 # it may embed the `Status` in the normal response to indicate the partial 1257 # errors. 1258 # 1259 # - Workflow errors. A typical workflow has multiple steps. Each step may 1260 # have a `Status` message for error reporting purpose. 1261 # 1262 # - Batch operations. If a client uses batch request and batch response, the 1263 # `Status` message should be used directly inside batch response, one for 1264 # each error sub-response. 1265 # 1266 # - Asynchronous operations. If an API call embeds asynchronous operation 1267 # results in its response, the status of those operations should be 1268 # represented directly using the `Status` message. 1269 # 1270 # - Logging. If some API errors are stored in logs, the message `Status` could 1271 # be used directly after any stripping needed for security/privacy reasons. 1272 "message": "A String", # A developer-facing error message, which should be in English. Any 1273 # user-facing error message should be localized and sent in the 1274 # google.rpc.Status.details field, or localized by the client. 1275 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 1276 "details": [ # A list of messages that carry the error details. There will be a 1277 # common set of message types for APIs to use. 1278 { 1279 "a_key": "", # Properties of the object. Contains field @type with type URL. 1280 }, 1281 ], 1282 }, 1283 }</pre> 1284</div> 1285 1286</body></html>