1<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5  margin: 0;
6  padding: 0;
7  border: 0;
8  font-weight: inherit;
9  font-style: inherit;
10  font-size: 100%;
11  font-family: inherit;
12  vertical-align: baseline;
13}
14
15body {
16  font-size: 13px;
17  padding: 1em;
18}
19
20h1 {
21  font-size: 26px;
22  margin-bottom: 1em;
23}
24
25h2 {
26  font-size: 24px;
27  margin-bottom: 1em;
28}
29
30h3 {
31  font-size: 20px;
32  margin-bottom: 1em;
33  margin-top: 1em;
34}
35
36pre, code {
37  line-height: 1.5;
38  font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42  margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46  font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50  border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54  margin-top: 0.5em;
55}
56
57.firstline {
58  margin-left: 2 em;
59}
60
61.method  {
62  margin-top: 1em;
63  border: solid 1px #CCC;
64  padding: 1em;
65  background: #EEE;
66}
67
68.details {
69  font-weight: bold;
70  font-size: 14px;
71}
72
73</style>
74
75<h1><a href="binaryauthorization_v1beta1.html">Binary Authorization API</a> . <a href="binaryauthorization_v1beta1.projects.html">projects</a> . <a href="binaryauthorization_v1beta1.projects.policy.html">policy</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78  <code><a href="#getIamPolicy">getIamPolicy(resource, x__xgafv=None)</a></code></p>
79<p class="firstline">Gets the access control policy for a resource.</p>
80<p class="toc_element">
81  <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p>
82<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p>
83<p class="toc_element">
84  <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p>
85<p class="firstline">Returns permissions that a caller has on the specified resource.</p>
86<h3>Method Details</h3>
87<div class="method">
88    <code class="details" id="getIamPolicy">getIamPolicy(resource, x__xgafv=None)</code>
89  <pre>Gets the access control policy for a resource.
90Returns an empty policy if the resource exists and does not have a policy
91set.
92
93Args:
94  resource: string, REQUIRED: The resource for which the policy is being requested.
95See the operation documentation for the appropriate value for this field. (required)
96  x__xgafv: string, V1 error format.
97    Allowed values
98      1 - v1 error format
99      2 - v2 error format
100
101Returns:
102  An object of the form:
103
104    { # Defines an Identity and Access Management (IAM) policy. It is used to
105      # specify access control policies for Cloud Platform resources.
106      #
107      #
108      # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
109      # `members` to a `role`, where the members can be user accounts, Google groups,
110      # Google domains, and service accounts. A `role` is a named list of permissions
111      # defined by IAM.
112      #
113      # **JSON Example**
114      #
115      #     {
116      #       "bindings": [
117      #         {
118      #           "role": "roles/owner",
119      #           "members": [
120      #             "user:mike@example.com",
121      #             "group:admins@example.com",
122      #             "domain:google.com",
123      #             "serviceAccount:my-other-app@appspot.gserviceaccount.com"
124      #           ]
125      #         },
126      #         {
127      #           "role": "roles/viewer",
128      #           "members": ["user:sean@example.com"]
129      #         }
130      #       ]
131      #     }
132      #
133      # **YAML Example**
134      #
135      #     bindings:
136      #     - members:
137      #       - user:mike@example.com
138      #       - group:admins@example.com
139      #       - domain:google.com
140      #       - serviceAccount:my-other-app@appspot.gserviceaccount.com
141      #       role: roles/owner
142      #     - members:
143      #       - user:sean@example.com
144      #       role: roles/viewer
145      #
146      #
147      # For a description of IAM and its features, see the
148      # [IAM developer's guide](https://cloud.google.com/iam/docs).
149    "bindings": [ # Associates a list of `members` to a `role`.
150        # `bindings` with no members will result in an error.
151      { # Associates `members` with a `role`.
152        "role": "A String", # Role that is assigned to `members`.
153            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
154        "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
155            # `members` can have the following values:
156            #
157            # * `allUsers`: A special identifier that represents anyone who is
158            #    on the internet; with or without a Google account.
159            #
160            # * `allAuthenticatedUsers`: A special identifier that represents anyone
161            #    who is authenticated with a Google account or a service account.
162            #
163            # * `user:{emailid}`: An email address that represents a specific Google
164            #    account. For example, `alice@gmail.com` .
165            #
166            #
167            # * `serviceAccount:{emailid}`: An email address that represents a service
168            #    account. For example, `my-other-app@appspot.gserviceaccount.com`.
169            #
170            # * `group:{emailid}`: An email address that represents a Google group.
171            #    For example, `admins@example.com`.
172            #
173            #
174            # * `domain:{domain}`: The G Suite domain (primary) that represents all the
175            #    users of that domain. For example, `google.com` or `example.com`.
176            #
177          "A String",
178        ],
179        "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
180            # NOTE: An unsatisfied condition will not allow user access via current
181            # binding. Different bindings, including their conditions, are examined
182            # independently.
183            #
184            #     title: "User account presence"
185            #     description: "Determines whether the request has a user account"
186            #     expression: "size(request.user) > 0"
187          "location": "A String", # An optional string indicating the location of the expression for error
188              # reporting, e.g. a file name and a position in the file.
189          "expression": "A String", # Textual representation of an expression in
190              # Common Expression Language syntax.
191              #
192              # The application context of the containing message determines which
193              # well-known feature set of CEL is supported.
194          "description": "A String", # An optional description of the expression. This is a longer text which
195              # describes the expression, e.g. when hovered over it in a UI.
196          "title": "A String", # An optional title for the expression, i.e. a short string describing
197              # its purpose. This can be used e.g. in UIs which allow to enter the
198              # expression.
199        },
200      },
201    ],
202    "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
203        # prevent simultaneous updates of a policy from overwriting each other.
204        # It is strongly suggested that systems make use of the `etag` in the
205        # read-modify-write cycle to perform policy updates in order to avoid race
206        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
207        # systems are expected to put that etag in the request to `setIamPolicy` to
208        # ensure that their change will be applied to the same version of the policy.
209        #
210        # If no `etag` is provided in the call to `setIamPolicy`, then the existing
211        # policy is overwritten blindly.
212    "version": 42, # Deprecated.
213  }</pre>
214</div>
215
216<div class="method">
217    <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code>
218  <pre>Sets the access control policy on the specified resource. Replaces any
219existing policy.
220
221Args:
222  resource: string, REQUIRED: The resource for which the policy is being specified.
223See the operation documentation for the appropriate value for this field. (required)
224  body: object, The request body. (required)
225    The object takes the form of:
226
227{ # Request message for `SetIamPolicy` method.
228    "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
229        # the policy is limited to a few 10s of KB. An empty policy is a
230        # valid policy but certain Cloud Platform services (such as Projects)
231        # might reject them.
232        # specify access control policies for Cloud Platform resources.
233        #
234        #
235        # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
236        # `members` to a `role`, where the members can be user accounts, Google groups,
237        # Google domains, and service accounts. A `role` is a named list of permissions
238        # defined by IAM.
239        #
240        # **JSON Example**
241        #
242        #     {
243        #       "bindings": [
244        #         {
245        #           "role": "roles/owner",
246        #           "members": [
247        #             "user:mike@example.com",
248        #             "group:admins@example.com",
249        #             "domain:google.com",
250        #             "serviceAccount:my-other-app@appspot.gserviceaccount.com"
251        #           ]
252        #         },
253        #         {
254        #           "role": "roles/viewer",
255        #           "members": ["user:sean@example.com"]
256        #         }
257        #       ]
258        #     }
259        #
260        # **YAML Example**
261        #
262        #     bindings:
263        #     - members:
264        #       - user:mike@example.com
265        #       - group:admins@example.com
266        #       - domain:google.com
267        #       - serviceAccount:my-other-app@appspot.gserviceaccount.com
268        #       role: roles/owner
269        #     - members:
270        #       - user:sean@example.com
271        #       role: roles/viewer
272        #
273        #
274        # For a description of IAM and its features, see the
275        # [IAM developer's guide](https://cloud.google.com/iam/docs).
276      "bindings": [ # Associates a list of `members` to a `role`.
277          # `bindings` with no members will result in an error.
278        { # Associates `members` with a `role`.
279          "role": "A String", # Role that is assigned to `members`.
280              # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
281          "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
282              # `members` can have the following values:
283              #
284              # * `allUsers`: A special identifier that represents anyone who is
285              #    on the internet; with or without a Google account.
286              #
287              # * `allAuthenticatedUsers`: A special identifier that represents anyone
288              #    who is authenticated with a Google account or a service account.
289              #
290              # * `user:{emailid}`: An email address that represents a specific Google
291              #    account. For example, `alice@gmail.com` .
292              #
293              #
294              # * `serviceAccount:{emailid}`: An email address that represents a service
295              #    account. For example, `my-other-app@appspot.gserviceaccount.com`.
296              #
297              # * `group:{emailid}`: An email address that represents a Google group.
298              #    For example, `admins@example.com`.
299              #
300              #
301              # * `domain:{domain}`: The G Suite domain (primary) that represents all the
302              #    users of that domain. For example, `google.com` or `example.com`.
303              #
304            "A String",
305          ],
306          "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
307              # NOTE: An unsatisfied condition will not allow user access via current
308              # binding. Different bindings, including their conditions, are examined
309              # independently.
310              #
311              #     title: "User account presence"
312              #     description: "Determines whether the request has a user account"
313              #     expression: "size(request.user) > 0"
314            "location": "A String", # An optional string indicating the location of the expression for error
315                # reporting, e.g. a file name and a position in the file.
316            "expression": "A String", # Textual representation of an expression in
317                # Common Expression Language syntax.
318                #
319                # The application context of the containing message determines which
320                # well-known feature set of CEL is supported.
321            "description": "A String", # An optional description of the expression. This is a longer text which
322                # describes the expression, e.g. when hovered over it in a UI.
323            "title": "A String", # An optional title for the expression, i.e. a short string describing
324                # its purpose. This can be used e.g. in UIs which allow to enter the
325                # expression.
326          },
327        },
328      ],
329      "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
330          # prevent simultaneous updates of a policy from overwriting each other.
331          # It is strongly suggested that systems make use of the `etag` in the
332          # read-modify-write cycle to perform policy updates in order to avoid race
333          # conditions: An `etag` is returned in the response to `getIamPolicy`, and
334          # systems are expected to put that etag in the request to `setIamPolicy` to
335          # ensure that their change will be applied to the same version of the policy.
336          #
337          # If no `etag` is provided in the call to `setIamPolicy`, then the existing
338          # policy is overwritten blindly.
339      "version": 42, # Deprecated.
340    },
341  }
342
343  x__xgafv: string, V1 error format.
344    Allowed values
345      1 - v1 error format
346      2 - v2 error format
347
348Returns:
349  An object of the form:
350
351    { # Defines an Identity and Access Management (IAM) policy. It is used to
352      # specify access control policies for Cloud Platform resources.
353      #
354      #
355      # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
356      # `members` to a `role`, where the members can be user accounts, Google groups,
357      # Google domains, and service accounts. A `role` is a named list of permissions
358      # defined by IAM.
359      #
360      # **JSON Example**
361      #
362      #     {
363      #       "bindings": [
364      #         {
365      #           "role": "roles/owner",
366      #           "members": [
367      #             "user:mike@example.com",
368      #             "group:admins@example.com",
369      #             "domain:google.com",
370      #             "serviceAccount:my-other-app@appspot.gserviceaccount.com"
371      #           ]
372      #         },
373      #         {
374      #           "role": "roles/viewer",
375      #           "members": ["user:sean@example.com"]
376      #         }
377      #       ]
378      #     }
379      #
380      # **YAML Example**
381      #
382      #     bindings:
383      #     - members:
384      #       - user:mike@example.com
385      #       - group:admins@example.com
386      #       - domain:google.com
387      #       - serviceAccount:my-other-app@appspot.gserviceaccount.com
388      #       role: roles/owner
389      #     - members:
390      #       - user:sean@example.com
391      #       role: roles/viewer
392      #
393      #
394      # For a description of IAM and its features, see the
395      # [IAM developer's guide](https://cloud.google.com/iam/docs).
396    "bindings": [ # Associates a list of `members` to a `role`.
397        # `bindings` with no members will result in an error.
398      { # Associates `members` with a `role`.
399        "role": "A String", # Role that is assigned to `members`.
400            # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
401        "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
402            # `members` can have the following values:
403            #
404            # * `allUsers`: A special identifier that represents anyone who is
405            #    on the internet; with or without a Google account.
406            #
407            # * `allAuthenticatedUsers`: A special identifier that represents anyone
408            #    who is authenticated with a Google account or a service account.
409            #
410            # * `user:{emailid}`: An email address that represents a specific Google
411            #    account. For example, `alice@gmail.com` .
412            #
413            #
414            # * `serviceAccount:{emailid}`: An email address that represents a service
415            #    account. For example, `my-other-app@appspot.gserviceaccount.com`.
416            #
417            # * `group:{emailid}`: An email address that represents a Google group.
418            #    For example, `admins@example.com`.
419            #
420            #
421            # * `domain:{domain}`: The G Suite domain (primary) that represents all the
422            #    users of that domain. For example, `google.com` or `example.com`.
423            #
424          "A String",
425        ],
426        "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
427            # NOTE: An unsatisfied condition will not allow user access via current
428            # binding. Different bindings, including their conditions, are examined
429            # independently.
430            #
431            #     title: "User account presence"
432            #     description: "Determines whether the request has a user account"
433            #     expression: "size(request.user) > 0"
434          "location": "A String", # An optional string indicating the location of the expression for error
435              # reporting, e.g. a file name and a position in the file.
436          "expression": "A String", # Textual representation of an expression in
437              # Common Expression Language syntax.
438              #
439              # The application context of the containing message determines which
440              # well-known feature set of CEL is supported.
441          "description": "A String", # An optional description of the expression. This is a longer text which
442              # describes the expression, e.g. when hovered over it in a UI.
443          "title": "A String", # An optional title for the expression, i.e. a short string describing
444              # its purpose. This can be used e.g. in UIs which allow to enter the
445              # expression.
446        },
447      },
448    ],
449    "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
450        # prevent simultaneous updates of a policy from overwriting each other.
451        # It is strongly suggested that systems make use of the `etag` in the
452        # read-modify-write cycle to perform policy updates in order to avoid race
453        # conditions: An `etag` is returned in the response to `getIamPolicy`, and
454        # systems are expected to put that etag in the request to `setIamPolicy` to
455        # ensure that their change will be applied to the same version of the policy.
456        #
457        # If no `etag` is provided in the call to `setIamPolicy`, then the existing
458        # policy is overwritten blindly.
459    "version": 42, # Deprecated.
460  }</pre>
461</div>
462
463<div class="method">
464    <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code>
465  <pre>Returns permissions that a caller has on the specified resource.
466If the resource does not exist, this will return an empty set of
467permissions, not a NOT_FOUND error.
468
469Note: This operation is designed to be used for building permission-aware
470UIs and command-line tools, not for authorization checking. This operation
471may "fail open" without warning.
472
473Args:
474  resource: string, REQUIRED: The resource for which the policy detail is being requested.
475See the operation documentation for the appropriate value for this field. (required)
476  body: object, The request body. (required)
477    The object takes the form of:
478
479{ # Request message for `TestIamPermissions` method.
480    "permissions": [ # The set of permissions to check for the `resource`. Permissions with
481        # wildcards (such as '*' or 'storage.*') are not allowed. For more
482        # information see
483        # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
484      "A String",
485    ],
486  }
487
488  x__xgafv: string, V1 error format.
489    Allowed values
490      1 - v1 error format
491      2 - v2 error format
492
493Returns:
494  An object of the form:
495
496    { # Response message for `TestIamPermissions` method.
497    "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
498        # allowed.
499      "A String",
500    ],
501  }</pre>
502</div>
503
504</body></html>