1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="binaryauthorization_v1beta1.html">Binary Authorization API</a> . <a href="binaryauthorization_v1beta1.projects.html">projects</a> . <a href="binaryauthorization_v1beta1.projects.policy.html">policy</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#getIamPolicy">getIamPolicy(resource, x__xgafv=None)</a></code></p> 79<p class="firstline">Gets the access control policy for a resource.</p> 80<p class="toc_element"> 81 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 82<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p> 83<p class="toc_element"> 84 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 85<p class="firstline">Returns permissions that a caller has on the specified resource.</p> 86<h3>Method Details</h3> 87<div class="method"> 88 <code class="details" id="getIamPolicy">getIamPolicy(resource, x__xgafv=None)</code> 89 <pre>Gets the access control policy for a resource. 90Returns an empty policy if the resource exists and does not have a policy 91set. 92 93Args: 94 resource: string, REQUIRED: The resource for which the policy is being requested. 95See the operation documentation for the appropriate value for this field. (required) 96 x__xgafv: string, V1 error format. 97 Allowed values 98 1 - v1 error format 99 2 - v2 error format 100 101Returns: 102 An object of the form: 103 104 { # Defines an Identity and Access Management (IAM) policy. It is used to 105 # specify access control policies for Cloud Platform resources. 106 # 107 # 108 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 109 # `members` to a `role`, where the members can be user accounts, Google groups, 110 # Google domains, and service accounts. A `role` is a named list of permissions 111 # defined by IAM. 112 # 113 # **JSON Example** 114 # 115 # { 116 # "bindings": [ 117 # { 118 # "role": "roles/owner", 119 # "members": [ 120 # "user:mike@example.com", 121 # "group:admins@example.com", 122 # "domain:google.com", 123 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 124 # ] 125 # }, 126 # { 127 # "role": "roles/viewer", 128 # "members": ["user:sean@example.com"] 129 # } 130 # ] 131 # } 132 # 133 # **YAML Example** 134 # 135 # bindings: 136 # - members: 137 # - user:mike@example.com 138 # - group:admins@example.com 139 # - domain:google.com 140 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 141 # role: roles/owner 142 # - members: 143 # - user:sean@example.com 144 # role: roles/viewer 145 # 146 # 147 # For a description of IAM and its features, see the 148 # [IAM developer's guide](https://cloud.google.com/iam/docs). 149 "bindings": [ # Associates a list of `members` to a `role`. 150 # `bindings` with no members will result in an error. 151 { # Associates `members` with a `role`. 152 "role": "A String", # Role that is assigned to `members`. 153 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 154 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 155 # `members` can have the following values: 156 # 157 # * `allUsers`: A special identifier that represents anyone who is 158 # on the internet; with or without a Google account. 159 # 160 # * `allAuthenticatedUsers`: A special identifier that represents anyone 161 # who is authenticated with a Google account or a service account. 162 # 163 # * `user:{emailid}`: An email address that represents a specific Google 164 # account. For example, `alice@gmail.com` . 165 # 166 # 167 # * `serviceAccount:{emailid}`: An email address that represents a service 168 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 169 # 170 # * `group:{emailid}`: An email address that represents a Google group. 171 # For example, `admins@example.com`. 172 # 173 # 174 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 175 # users of that domain. For example, `google.com` or `example.com`. 176 # 177 "A String", 178 ], 179 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 180 # NOTE: An unsatisfied condition will not allow user access via current 181 # binding. Different bindings, including their conditions, are examined 182 # independently. 183 # 184 # title: "User account presence" 185 # description: "Determines whether the request has a user account" 186 # expression: "size(request.user) > 0" 187 "location": "A String", # An optional string indicating the location of the expression for error 188 # reporting, e.g. a file name and a position in the file. 189 "expression": "A String", # Textual representation of an expression in 190 # Common Expression Language syntax. 191 # 192 # The application context of the containing message determines which 193 # well-known feature set of CEL is supported. 194 "description": "A String", # An optional description of the expression. This is a longer text which 195 # describes the expression, e.g. when hovered over it in a UI. 196 "title": "A String", # An optional title for the expression, i.e. a short string describing 197 # its purpose. This can be used e.g. in UIs which allow to enter the 198 # expression. 199 }, 200 }, 201 ], 202 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 203 # prevent simultaneous updates of a policy from overwriting each other. 204 # It is strongly suggested that systems make use of the `etag` in the 205 # read-modify-write cycle to perform policy updates in order to avoid race 206 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 207 # systems are expected to put that etag in the request to `setIamPolicy` to 208 # ensure that their change will be applied to the same version of the policy. 209 # 210 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 211 # policy is overwritten blindly. 212 "version": 42, # Deprecated. 213 }</pre> 214</div> 215 216<div class="method"> 217 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 218 <pre>Sets the access control policy on the specified resource. Replaces any 219existing policy. 220 221Args: 222 resource: string, REQUIRED: The resource for which the policy is being specified. 223See the operation documentation for the appropriate value for this field. (required) 224 body: object, The request body. (required) 225 The object takes the form of: 226 227{ # Request message for `SetIamPolicy` method. 228 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 229 # the policy is limited to a few 10s of KB. An empty policy is a 230 # valid policy but certain Cloud Platform services (such as Projects) 231 # might reject them. 232 # specify access control policies for Cloud Platform resources. 233 # 234 # 235 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 236 # `members` to a `role`, where the members can be user accounts, Google groups, 237 # Google domains, and service accounts. A `role` is a named list of permissions 238 # defined by IAM. 239 # 240 # **JSON Example** 241 # 242 # { 243 # "bindings": [ 244 # { 245 # "role": "roles/owner", 246 # "members": [ 247 # "user:mike@example.com", 248 # "group:admins@example.com", 249 # "domain:google.com", 250 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 251 # ] 252 # }, 253 # { 254 # "role": "roles/viewer", 255 # "members": ["user:sean@example.com"] 256 # } 257 # ] 258 # } 259 # 260 # **YAML Example** 261 # 262 # bindings: 263 # - members: 264 # - user:mike@example.com 265 # - group:admins@example.com 266 # - domain:google.com 267 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 268 # role: roles/owner 269 # - members: 270 # - user:sean@example.com 271 # role: roles/viewer 272 # 273 # 274 # For a description of IAM and its features, see the 275 # [IAM developer's guide](https://cloud.google.com/iam/docs). 276 "bindings": [ # Associates a list of `members` to a `role`. 277 # `bindings` with no members will result in an error. 278 { # Associates `members` with a `role`. 279 "role": "A String", # Role that is assigned to `members`. 280 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 281 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 282 # `members` can have the following values: 283 # 284 # * `allUsers`: A special identifier that represents anyone who is 285 # on the internet; with or without a Google account. 286 # 287 # * `allAuthenticatedUsers`: A special identifier that represents anyone 288 # who is authenticated with a Google account or a service account. 289 # 290 # * `user:{emailid}`: An email address that represents a specific Google 291 # account. For example, `alice@gmail.com` . 292 # 293 # 294 # * `serviceAccount:{emailid}`: An email address that represents a service 295 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 296 # 297 # * `group:{emailid}`: An email address that represents a Google group. 298 # For example, `admins@example.com`. 299 # 300 # 301 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 302 # users of that domain. For example, `google.com` or `example.com`. 303 # 304 "A String", 305 ], 306 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 307 # NOTE: An unsatisfied condition will not allow user access via current 308 # binding. Different bindings, including their conditions, are examined 309 # independently. 310 # 311 # title: "User account presence" 312 # description: "Determines whether the request has a user account" 313 # expression: "size(request.user) > 0" 314 "location": "A String", # An optional string indicating the location of the expression for error 315 # reporting, e.g. a file name and a position in the file. 316 "expression": "A String", # Textual representation of an expression in 317 # Common Expression Language syntax. 318 # 319 # The application context of the containing message determines which 320 # well-known feature set of CEL is supported. 321 "description": "A String", # An optional description of the expression. This is a longer text which 322 # describes the expression, e.g. when hovered over it in a UI. 323 "title": "A String", # An optional title for the expression, i.e. a short string describing 324 # its purpose. This can be used e.g. in UIs which allow to enter the 325 # expression. 326 }, 327 }, 328 ], 329 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 330 # prevent simultaneous updates of a policy from overwriting each other. 331 # It is strongly suggested that systems make use of the `etag` in the 332 # read-modify-write cycle to perform policy updates in order to avoid race 333 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 334 # systems are expected to put that etag in the request to `setIamPolicy` to 335 # ensure that their change will be applied to the same version of the policy. 336 # 337 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 338 # policy is overwritten blindly. 339 "version": 42, # Deprecated. 340 }, 341 } 342 343 x__xgafv: string, V1 error format. 344 Allowed values 345 1 - v1 error format 346 2 - v2 error format 347 348Returns: 349 An object of the form: 350 351 { # Defines an Identity and Access Management (IAM) policy. It is used to 352 # specify access control policies for Cloud Platform resources. 353 # 354 # 355 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 356 # `members` to a `role`, where the members can be user accounts, Google groups, 357 # Google domains, and service accounts. A `role` is a named list of permissions 358 # defined by IAM. 359 # 360 # **JSON Example** 361 # 362 # { 363 # "bindings": [ 364 # { 365 # "role": "roles/owner", 366 # "members": [ 367 # "user:mike@example.com", 368 # "group:admins@example.com", 369 # "domain:google.com", 370 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 371 # ] 372 # }, 373 # { 374 # "role": "roles/viewer", 375 # "members": ["user:sean@example.com"] 376 # } 377 # ] 378 # } 379 # 380 # **YAML Example** 381 # 382 # bindings: 383 # - members: 384 # - user:mike@example.com 385 # - group:admins@example.com 386 # - domain:google.com 387 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 388 # role: roles/owner 389 # - members: 390 # - user:sean@example.com 391 # role: roles/viewer 392 # 393 # 394 # For a description of IAM and its features, see the 395 # [IAM developer's guide](https://cloud.google.com/iam/docs). 396 "bindings": [ # Associates a list of `members` to a `role`. 397 # `bindings` with no members will result in an error. 398 { # Associates `members` with a `role`. 399 "role": "A String", # Role that is assigned to `members`. 400 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 401 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 402 # `members` can have the following values: 403 # 404 # * `allUsers`: A special identifier that represents anyone who is 405 # on the internet; with or without a Google account. 406 # 407 # * `allAuthenticatedUsers`: A special identifier that represents anyone 408 # who is authenticated with a Google account or a service account. 409 # 410 # * `user:{emailid}`: An email address that represents a specific Google 411 # account. For example, `alice@gmail.com` . 412 # 413 # 414 # * `serviceAccount:{emailid}`: An email address that represents a service 415 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 416 # 417 # * `group:{emailid}`: An email address that represents a Google group. 418 # For example, `admins@example.com`. 419 # 420 # 421 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 422 # users of that domain. For example, `google.com` or `example.com`. 423 # 424 "A String", 425 ], 426 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 427 # NOTE: An unsatisfied condition will not allow user access via current 428 # binding. Different bindings, including their conditions, are examined 429 # independently. 430 # 431 # title: "User account presence" 432 # description: "Determines whether the request has a user account" 433 # expression: "size(request.user) > 0" 434 "location": "A String", # An optional string indicating the location of the expression for error 435 # reporting, e.g. a file name and a position in the file. 436 "expression": "A String", # Textual representation of an expression in 437 # Common Expression Language syntax. 438 # 439 # The application context of the containing message determines which 440 # well-known feature set of CEL is supported. 441 "description": "A String", # An optional description of the expression. This is a longer text which 442 # describes the expression, e.g. when hovered over it in a UI. 443 "title": "A String", # An optional title for the expression, i.e. a short string describing 444 # its purpose. This can be used e.g. in UIs which allow to enter the 445 # expression. 446 }, 447 }, 448 ], 449 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 450 # prevent simultaneous updates of a policy from overwriting each other. 451 # It is strongly suggested that systems make use of the `etag` in the 452 # read-modify-write cycle to perform policy updates in order to avoid race 453 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 454 # systems are expected to put that etag in the request to `setIamPolicy` to 455 # ensure that their change will be applied to the same version of the policy. 456 # 457 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 458 # policy is overwritten blindly. 459 "version": 42, # Deprecated. 460 }</pre> 461</div> 462 463<div class="method"> 464 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 465 <pre>Returns permissions that a caller has on the specified resource. 466If the resource does not exist, this will return an empty set of 467permissions, not a NOT_FOUND error. 468 469Note: This operation is designed to be used for building permission-aware 470UIs and command-line tools, not for authorization checking. This operation 471may "fail open" without warning. 472 473Args: 474 resource: string, REQUIRED: The resource for which the policy detail is being requested. 475See the operation documentation for the appropriate value for this field. (required) 476 body: object, The request body. (required) 477 The object takes the form of: 478 479{ # Request message for `TestIamPermissions` method. 480 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 481 # wildcards (such as '*' or 'storage.*') are not allowed. For more 482 # information see 483 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 484 "A String", 485 ], 486 } 487 488 x__xgafv: string, V1 error format. 489 Allowed values 490 1 - v1 error format 491 2 - v2 error format 492 493Returns: 494 An object of the form: 495 496 { # Response message for `TestIamPermissions` method. 497 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 498 # allowed. 499 "A String", 500 ], 501 }</pre> 502</div> 503 504</body></html>