1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="cloudbilling_v1.html">Cloud Billing API</a> . <a href="cloudbilling_v1.billingAccounts.html">billingAccounts</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="cloudbilling_v1.billingAccounts.projects.html">projects()</a></code> 79</p> 80<p class="firstline">Returns the projects Resource.</p> 81 82<p class="toc_element"> 83 <code><a href="#create">create(body, x__xgafv=None)</a></code></p> 84<p class="firstline">Creates a billing account.</p> 85<p class="toc_element"> 86 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 87<p class="firstline">Gets information about a billing account. The current authenticated user</p> 88<p class="toc_element"> 89 <code><a href="#getIamPolicy">getIamPolicy(resource, x__xgafv=None)</a></code></p> 90<p class="firstline">Gets the access control policy for a billing account.</p> 91<p class="toc_element"> 92 <code><a href="#list">list(pageSize=None, pageToken=None, x__xgafv=None, filter=None)</a></code></p> 93<p class="firstline">Lists the billing accounts that the current authenticated user has</p> 94<p class="toc_element"> 95 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 96<p class="firstline">Retrieves the next page of results.</p> 97<p class="toc_element"> 98 <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p> 99<p class="firstline">Updates a billing account's fields.</p> 100<p class="toc_element"> 101 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 102<p class="firstline">Sets the access control policy for a billing account. Replaces any existing</p> 103<p class="toc_element"> 104 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 105<p class="firstline">Tests the access control policy for a billing account. This method takes</p> 106<h3>Method Details</h3> 107<div class="method"> 108 <code class="details" id="create">create(body, x__xgafv=None)</code> 109 <pre>Creates a billing account. 110This method can only be used to create 111[billing subaccounts](https://cloud.google.com/billing/docs/concepts) 112by GCP resellers. 113When creating a subaccount, the current authenticated user must have the 114`billing.accounts.update` IAM permission on the master account, which is 115typically given to billing account 116[administrators](https://cloud.google.com/billing/docs/how-to/billing-access). 117This method will return an error if the master account has not been 118provisioned as a reseller account. 119 120Args: 121 body: object, The request body. (required) 122 The object takes the form of: 123 124{ # A billing account in [GCP Console](https://console.cloud.google.com/). 125 # You can assign a billing account to one or more projects. 126 "displayName": "A String", # The display name given to the billing account, such as `My Billing 127 # Account`. This name is displayed in the GCP Console. 128 "masterBillingAccount": "A String", # If this account is a 129 # [subaccount](https://cloud.google.com/billing/docs/concepts), then this 130 # will be the resource name of the master billing account that it is being 131 # resold through. 132 # Otherwise this will be empty. 133 "open": True or False, # True if the billing account is open, and will therefore be charged for any 134 # usage on associated projects. False if the billing account is closed, and 135 # therefore projects associated with it will be unable to use paid services. 136 "name": "A String", # The resource name of the billing account. The resource name has the form 137 # `billingAccounts/{billing_account_id}`. For example, 138 # `billingAccounts/012345-567890-ABCDEF` would be the resource name for 139 # billing account `012345-567890-ABCDEF`. 140} 141 142 x__xgafv: string, V1 error format. 143 Allowed values 144 1 - v1 error format 145 2 - v2 error format 146 147Returns: 148 An object of the form: 149 150 { # A billing account in [GCP Console](https://console.cloud.google.com/). 151 # You can assign a billing account to one or more projects. 152 "displayName": "A String", # The display name given to the billing account, such as `My Billing 153 # Account`. This name is displayed in the GCP Console. 154 "masterBillingAccount": "A String", # If this account is a 155 # [subaccount](https://cloud.google.com/billing/docs/concepts), then this 156 # will be the resource name of the master billing account that it is being 157 # resold through. 158 # Otherwise this will be empty. 159 "open": True or False, # True if the billing account is open, and will therefore be charged for any 160 # usage on associated projects. False if the billing account is closed, and 161 # therefore projects associated with it will be unable to use paid services. 162 "name": "A String", # The resource name of the billing account. The resource name has the form 163 # `billingAccounts/{billing_account_id}`. For example, 164 # `billingAccounts/012345-567890-ABCDEF` would be the resource name for 165 # billing account `012345-567890-ABCDEF`. 166 }</pre> 167</div> 168 169<div class="method"> 170 <code class="details" id="get">get(name, x__xgafv=None)</code> 171 <pre>Gets information about a billing account. The current authenticated user 172must be a [viewer of the billing 173account](https://cloud.google.com/billing/docs/how-to/billing-access). 174 175Args: 176 name: string, The resource name of the billing account to retrieve. For example, 177`billingAccounts/012345-567890-ABCDEF`. (required) 178 x__xgafv: string, V1 error format. 179 Allowed values 180 1 - v1 error format 181 2 - v2 error format 182 183Returns: 184 An object of the form: 185 186 { # A billing account in [GCP Console](https://console.cloud.google.com/). 187 # You can assign a billing account to one or more projects. 188 "displayName": "A String", # The display name given to the billing account, such as `My Billing 189 # Account`. This name is displayed in the GCP Console. 190 "masterBillingAccount": "A String", # If this account is a 191 # [subaccount](https://cloud.google.com/billing/docs/concepts), then this 192 # will be the resource name of the master billing account that it is being 193 # resold through. 194 # Otherwise this will be empty. 195 "open": True or False, # True if the billing account is open, and will therefore be charged for any 196 # usage on associated projects. False if the billing account is closed, and 197 # therefore projects associated with it will be unable to use paid services. 198 "name": "A String", # The resource name of the billing account. The resource name has the form 199 # `billingAccounts/{billing_account_id}`. For example, 200 # `billingAccounts/012345-567890-ABCDEF` would be the resource name for 201 # billing account `012345-567890-ABCDEF`. 202 }</pre> 203</div> 204 205<div class="method"> 206 <code class="details" id="getIamPolicy">getIamPolicy(resource, x__xgafv=None)</code> 207 <pre>Gets the access control policy for a billing account. 208The caller must have the `billing.accounts.getIamPolicy` permission on the 209account, which is often given to billing account 210[viewers](https://cloud.google.com/billing/docs/how-to/billing-access). 211 212Args: 213 resource: string, REQUIRED: The resource for which the policy is being requested. 214See the operation documentation for the appropriate value for this field. (required) 215 x__xgafv: string, V1 error format. 216 Allowed values 217 1 - v1 error format 218 2 - v2 error format 219 220Returns: 221 An object of the form: 222 223 { # Defines an Identity and Access Management (IAM) policy. It is used to 224 # specify access control policies for Cloud Platform resources. 225 # 226 # 227 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 228 # `members` to a `role`, where the members can be user accounts, Google groups, 229 # Google domains, and service accounts. A `role` is a named list of permissions 230 # defined by IAM. 231 # 232 # **JSON Example** 233 # 234 # { 235 # "bindings": [ 236 # { 237 # "role": "roles/owner", 238 # "members": [ 239 # "user:mike@example.com", 240 # "group:admins@example.com", 241 # "domain:google.com", 242 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 243 # ] 244 # }, 245 # { 246 # "role": "roles/viewer", 247 # "members": ["user:sean@example.com"] 248 # } 249 # ] 250 # } 251 # 252 # **YAML Example** 253 # 254 # bindings: 255 # - members: 256 # - user:mike@example.com 257 # - group:admins@example.com 258 # - domain:google.com 259 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 260 # role: roles/owner 261 # - members: 262 # - user:sean@example.com 263 # role: roles/viewer 264 # 265 # 266 # For a description of IAM and its features, see the 267 # [IAM developer's guide](https://cloud.google.com/iam/docs). 268 "bindings": [ # Associates a list of `members` to a `role`. 269 # `bindings` with no members will result in an error. 270 { # Associates `members` with a `role`. 271 "role": "A String", # Role that is assigned to `members`. 272 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 273 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 274 # `members` can have the following values: 275 # 276 # * `allUsers`: A special identifier that represents anyone who is 277 # on the internet; with or without a Google account. 278 # 279 # * `allAuthenticatedUsers`: A special identifier that represents anyone 280 # who is authenticated with a Google account or a service account. 281 # 282 # * `user:{emailid}`: An email address that represents a specific Google 283 # account. For example, `alice@gmail.com` . 284 # 285 # 286 # * `serviceAccount:{emailid}`: An email address that represents a service 287 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 288 # 289 # * `group:{emailid}`: An email address that represents a Google group. 290 # For example, `admins@example.com`. 291 # 292 # 293 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 294 # users of that domain. For example, `google.com` or `example.com`. 295 # 296 "A String", 297 ], 298 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 299 # NOTE: An unsatisfied condition will not allow user access via current 300 # binding. Different bindings, including their conditions, are examined 301 # independently. 302 # 303 # title: "User account presence" 304 # description: "Determines whether the request has a user account" 305 # expression: "size(request.user) > 0" 306 "description": "A String", # An optional description of the expression. This is a longer text which 307 # describes the expression, e.g. when hovered over it in a UI. 308 "expression": "A String", # Textual representation of an expression in 309 # Common Expression Language syntax. 310 # 311 # The application context of the containing message determines which 312 # well-known feature set of CEL is supported. 313 "location": "A String", # An optional string indicating the location of the expression for error 314 # reporting, e.g. a file name and a position in the file. 315 "title": "A String", # An optional title for the expression, i.e. a short string describing 316 # its purpose. This can be used e.g. in UIs which allow to enter the 317 # expression. 318 }, 319 }, 320 ], 321 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 322 # prevent simultaneous updates of a policy from overwriting each other. 323 # It is strongly suggested that systems make use of the `etag` in the 324 # read-modify-write cycle to perform policy updates in order to avoid race 325 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 326 # systems are expected to put that etag in the request to `setIamPolicy` to 327 # ensure that their change will be applied to the same version of the policy. 328 # 329 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 330 # policy is overwritten blindly. 331 "version": 42, # Deprecated. 332 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 333 { # Specifies the audit configuration for a service. 334 # The configuration determines which permission types are logged, and what 335 # identities, if any, are exempted from logging. 336 # An AuditConfig must have one or more AuditLogConfigs. 337 # 338 # If there are AuditConfigs for both `allServices` and a specific service, 339 # the union of the two AuditConfigs is used for that service: the log_types 340 # specified in each AuditConfig are enabled, and the exempted_members in each 341 # AuditLogConfig are exempted. 342 # 343 # Example Policy with multiple AuditConfigs: 344 # 345 # { 346 # "audit_configs": [ 347 # { 348 # "service": "allServices" 349 # "audit_log_configs": [ 350 # { 351 # "log_type": "DATA_READ", 352 # "exempted_members": [ 353 # "user:foo@gmail.com" 354 # ] 355 # }, 356 # { 357 # "log_type": "DATA_WRITE", 358 # }, 359 # { 360 # "log_type": "ADMIN_READ", 361 # } 362 # ] 363 # }, 364 # { 365 # "service": "fooservice.googleapis.com" 366 # "audit_log_configs": [ 367 # { 368 # "log_type": "DATA_READ", 369 # }, 370 # { 371 # "log_type": "DATA_WRITE", 372 # "exempted_members": [ 373 # "user:bar@gmail.com" 374 # ] 375 # } 376 # ] 377 # } 378 # ] 379 # } 380 # 381 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 382 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 383 # bar@gmail.com from DATA_WRITE logging. 384 "auditLogConfigs": [ # The configuration for logging of each type of permission. 385 { # Provides the configuration for logging a type of permissions. 386 # Example: 387 # 388 # { 389 # "audit_log_configs": [ 390 # { 391 # "log_type": "DATA_READ", 392 # "exempted_members": [ 393 # "user:foo@gmail.com" 394 # ] 395 # }, 396 # { 397 # "log_type": "DATA_WRITE", 398 # } 399 # ] 400 # } 401 # 402 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 403 # foo@gmail.com from DATA_READ logging. 404 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 405 # permission. 406 # Follows the same format of Binding.members. 407 "A String", 408 ], 409 "logType": "A String", # The log type that this config enables. 410 }, 411 ], 412 "service": "A String", # Specifies a service that will be enabled for audit logging. 413 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 414 # `allServices` is a special value that covers all services. 415 }, 416 ], 417 }</pre> 418</div> 419 420<div class="method"> 421 <code class="details" id="list">list(pageSize=None, pageToken=None, x__xgafv=None, filter=None)</code> 422 <pre>Lists the billing accounts that the current authenticated user has 423permission to 424[view](https://cloud.google.com/billing/docs/how-to/billing-access). 425 426Args: 427 pageSize: integer, Requested page size. The maximum page size is 100; this is also the 428default. 429 pageToken: string, A token identifying a page of results to return. This should be a 430`next_page_token` value returned from a previous `ListBillingAccounts` 431call. If unspecified, the first page of results is returned. 432 x__xgafv: string, V1 error format. 433 Allowed values 434 1 - v1 error format 435 2 - v2 error format 436 filter: string, Options for how to filter the returned billing accounts. 437Currently this only supports filtering for 438[subaccounts](https://cloud.google.com/billing/docs/concepts) under a 439single provided reseller billing account. 440(e.g. "master_billing_account=billingAccounts/012345-678901-ABCDEF"). 441Boolean algebra and other fields are not currently supported. 442 443Returns: 444 An object of the form: 445 446 { # Response message for `ListBillingAccounts`. 447 "nextPageToken": "A String", # A token to retrieve the next page of results. To retrieve the next page, 448 # call `ListBillingAccounts` again with the `page_token` field set to this 449 # value. This field is empty if there are no more results to retrieve. 450 "billingAccounts": [ # A list of billing accounts. 451 { # A billing account in [GCP Console](https://console.cloud.google.com/). 452 # You can assign a billing account to one or more projects. 453 "displayName": "A String", # The display name given to the billing account, such as `My Billing 454 # Account`. This name is displayed in the GCP Console. 455 "masterBillingAccount": "A String", # If this account is a 456 # [subaccount](https://cloud.google.com/billing/docs/concepts), then this 457 # will be the resource name of the master billing account that it is being 458 # resold through. 459 # Otherwise this will be empty. 460 "open": True or False, # True if the billing account is open, and will therefore be charged for any 461 # usage on associated projects. False if the billing account is closed, and 462 # therefore projects associated with it will be unable to use paid services. 463 "name": "A String", # The resource name of the billing account. The resource name has the form 464 # `billingAccounts/{billing_account_id}`. For example, 465 # `billingAccounts/012345-567890-ABCDEF` would be the resource name for 466 # billing account `012345-567890-ABCDEF`. 467 }, 468 ], 469 }</pre> 470</div> 471 472<div class="method"> 473 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 474 <pre>Retrieves the next page of results. 475 476Args: 477 previous_request: The request for the previous page. (required) 478 previous_response: The response from the request for the previous page. (required) 479 480Returns: 481 A request object that you can call 'execute()' on to request the next 482 page. Returns None if there are no more items in the collection. 483 </pre> 484</div> 485 486<div class="method"> 487 <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code> 488 <pre>Updates a billing account's fields. 489Currently the only field that can be edited is `display_name`. 490The current authenticated user must have the `billing.accounts.update` 491IAM permission, which is typically given to the 492[administrator](https://cloud.google.com/billing/docs/how-to/billing-access) 493of the billing account. 494 495Args: 496 name: string, The name of the billing account resource to be updated. (required) 497 body: object, The request body. (required) 498 The object takes the form of: 499 500{ # A billing account in [GCP Console](https://console.cloud.google.com/). 501 # You can assign a billing account to one or more projects. 502 "displayName": "A String", # The display name given to the billing account, such as `My Billing 503 # Account`. This name is displayed in the GCP Console. 504 "masterBillingAccount": "A String", # If this account is a 505 # [subaccount](https://cloud.google.com/billing/docs/concepts), then this 506 # will be the resource name of the master billing account that it is being 507 # resold through. 508 # Otherwise this will be empty. 509 "open": True or False, # True if the billing account is open, and will therefore be charged for any 510 # usage on associated projects. False if the billing account is closed, and 511 # therefore projects associated with it will be unable to use paid services. 512 "name": "A String", # The resource name of the billing account. The resource name has the form 513 # `billingAccounts/{billing_account_id}`. For example, 514 # `billingAccounts/012345-567890-ABCDEF` would be the resource name for 515 # billing account `012345-567890-ABCDEF`. 516} 517 518 updateMask: string, The update mask applied to the resource. 519Only "display_name" is currently supported. 520 x__xgafv: string, V1 error format. 521 Allowed values 522 1 - v1 error format 523 2 - v2 error format 524 525Returns: 526 An object of the form: 527 528 { # A billing account in [GCP Console](https://console.cloud.google.com/). 529 # You can assign a billing account to one or more projects. 530 "displayName": "A String", # The display name given to the billing account, such as `My Billing 531 # Account`. This name is displayed in the GCP Console. 532 "masterBillingAccount": "A String", # If this account is a 533 # [subaccount](https://cloud.google.com/billing/docs/concepts), then this 534 # will be the resource name of the master billing account that it is being 535 # resold through. 536 # Otherwise this will be empty. 537 "open": True or False, # True if the billing account is open, and will therefore be charged for any 538 # usage on associated projects. False if the billing account is closed, and 539 # therefore projects associated with it will be unable to use paid services. 540 "name": "A String", # The resource name of the billing account. The resource name has the form 541 # `billingAccounts/{billing_account_id}`. For example, 542 # `billingAccounts/012345-567890-ABCDEF` would be the resource name for 543 # billing account `012345-567890-ABCDEF`. 544 }</pre> 545</div> 546 547<div class="method"> 548 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 549 <pre>Sets the access control policy for a billing account. Replaces any existing 550policy. 551The caller must have the `billing.accounts.setIamPolicy` permission on the 552account, which is often given to billing account 553[administrators](https://cloud.google.com/billing/docs/how-to/billing-access). 554 555Args: 556 resource: string, REQUIRED: The resource for which the policy is being specified. 557See the operation documentation for the appropriate value for this field. (required) 558 body: object, The request body. (required) 559 The object takes the form of: 560 561{ # Request message for `SetIamPolicy` method. 562 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 563 # the policy is limited to a few 10s of KB. An empty policy is a 564 # valid policy but certain Cloud Platform services (such as Projects) 565 # might reject them. 566 # specify access control policies for Cloud Platform resources. 567 # 568 # 569 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 570 # `members` to a `role`, where the members can be user accounts, Google groups, 571 # Google domains, and service accounts. A `role` is a named list of permissions 572 # defined by IAM. 573 # 574 # **JSON Example** 575 # 576 # { 577 # "bindings": [ 578 # { 579 # "role": "roles/owner", 580 # "members": [ 581 # "user:mike@example.com", 582 # "group:admins@example.com", 583 # "domain:google.com", 584 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 585 # ] 586 # }, 587 # { 588 # "role": "roles/viewer", 589 # "members": ["user:sean@example.com"] 590 # } 591 # ] 592 # } 593 # 594 # **YAML Example** 595 # 596 # bindings: 597 # - members: 598 # - user:mike@example.com 599 # - group:admins@example.com 600 # - domain:google.com 601 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 602 # role: roles/owner 603 # - members: 604 # - user:sean@example.com 605 # role: roles/viewer 606 # 607 # 608 # For a description of IAM and its features, see the 609 # [IAM developer's guide](https://cloud.google.com/iam/docs). 610 "bindings": [ # Associates a list of `members` to a `role`. 611 # `bindings` with no members will result in an error. 612 { # Associates `members` with a `role`. 613 "role": "A String", # Role that is assigned to `members`. 614 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 615 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 616 # `members` can have the following values: 617 # 618 # * `allUsers`: A special identifier that represents anyone who is 619 # on the internet; with or without a Google account. 620 # 621 # * `allAuthenticatedUsers`: A special identifier that represents anyone 622 # who is authenticated with a Google account or a service account. 623 # 624 # * `user:{emailid}`: An email address that represents a specific Google 625 # account. For example, `alice@gmail.com` . 626 # 627 # 628 # * `serviceAccount:{emailid}`: An email address that represents a service 629 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 630 # 631 # * `group:{emailid}`: An email address that represents a Google group. 632 # For example, `admins@example.com`. 633 # 634 # 635 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 636 # users of that domain. For example, `google.com` or `example.com`. 637 # 638 "A String", 639 ], 640 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 641 # NOTE: An unsatisfied condition will not allow user access via current 642 # binding. Different bindings, including their conditions, are examined 643 # independently. 644 # 645 # title: "User account presence" 646 # description: "Determines whether the request has a user account" 647 # expression: "size(request.user) > 0" 648 "description": "A String", # An optional description of the expression. This is a longer text which 649 # describes the expression, e.g. when hovered over it in a UI. 650 "expression": "A String", # Textual representation of an expression in 651 # Common Expression Language syntax. 652 # 653 # The application context of the containing message determines which 654 # well-known feature set of CEL is supported. 655 "location": "A String", # An optional string indicating the location of the expression for error 656 # reporting, e.g. a file name and a position in the file. 657 "title": "A String", # An optional title for the expression, i.e. a short string describing 658 # its purpose. This can be used e.g. in UIs which allow to enter the 659 # expression. 660 }, 661 }, 662 ], 663 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 664 # prevent simultaneous updates of a policy from overwriting each other. 665 # It is strongly suggested that systems make use of the `etag` in the 666 # read-modify-write cycle to perform policy updates in order to avoid race 667 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 668 # systems are expected to put that etag in the request to `setIamPolicy` to 669 # ensure that their change will be applied to the same version of the policy. 670 # 671 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 672 # policy is overwritten blindly. 673 "version": 42, # Deprecated. 674 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 675 { # Specifies the audit configuration for a service. 676 # The configuration determines which permission types are logged, and what 677 # identities, if any, are exempted from logging. 678 # An AuditConfig must have one or more AuditLogConfigs. 679 # 680 # If there are AuditConfigs for both `allServices` and a specific service, 681 # the union of the two AuditConfigs is used for that service: the log_types 682 # specified in each AuditConfig are enabled, and the exempted_members in each 683 # AuditLogConfig are exempted. 684 # 685 # Example Policy with multiple AuditConfigs: 686 # 687 # { 688 # "audit_configs": [ 689 # { 690 # "service": "allServices" 691 # "audit_log_configs": [ 692 # { 693 # "log_type": "DATA_READ", 694 # "exempted_members": [ 695 # "user:foo@gmail.com" 696 # ] 697 # }, 698 # { 699 # "log_type": "DATA_WRITE", 700 # }, 701 # { 702 # "log_type": "ADMIN_READ", 703 # } 704 # ] 705 # }, 706 # { 707 # "service": "fooservice.googleapis.com" 708 # "audit_log_configs": [ 709 # { 710 # "log_type": "DATA_READ", 711 # }, 712 # { 713 # "log_type": "DATA_WRITE", 714 # "exempted_members": [ 715 # "user:bar@gmail.com" 716 # ] 717 # } 718 # ] 719 # } 720 # ] 721 # } 722 # 723 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 724 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 725 # bar@gmail.com from DATA_WRITE logging. 726 "auditLogConfigs": [ # The configuration for logging of each type of permission. 727 { # Provides the configuration for logging a type of permissions. 728 # Example: 729 # 730 # { 731 # "audit_log_configs": [ 732 # { 733 # "log_type": "DATA_READ", 734 # "exempted_members": [ 735 # "user:foo@gmail.com" 736 # ] 737 # }, 738 # { 739 # "log_type": "DATA_WRITE", 740 # } 741 # ] 742 # } 743 # 744 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 745 # foo@gmail.com from DATA_READ logging. 746 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 747 # permission. 748 # Follows the same format of Binding.members. 749 "A String", 750 ], 751 "logType": "A String", # The log type that this config enables. 752 }, 753 ], 754 "service": "A String", # Specifies a service that will be enabled for audit logging. 755 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 756 # `allServices` is a special value that covers all services. 757 }, 758 ], 759 }, 760 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 761 # the fields in the mask will be modified. If no mask is provided, the 762 # following default mask is used: 763 # paths: "bindings, etag" 764 # This field is only used by Cloud IAM. 765 } 766 767 x__xgafv: string, V1 error format. 768 Allowed values 769 1 - v1 error format 770 2 - v2 error format 771 772Returns: 773 An object of the form: 774 775 { # Defines an Identity and Access Management (IAM) policy. It is used to 776 # specify access control policies for Cloud Platform resources. 777 # 778 # 779 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 780 # `members` to a `role`, where the members can be user accounts, Google groups, 781 # Google domains, and service accounts. A `role` is a named list of permissions 782 # defined by IAM. 783 # 784 # **JSON Example** 785 # 786 # { 787 # "bindings": [ 788 # { 789 # "role": "roles/owner", 790 # "members": [ 791 # "user:mike@example.com", 792 # "group:admins@example.com", 793 # "domain:google.com", 794 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 795 # ] 796 # }, 797 # { 798 # "role": "roles/viewer", 799 # "members": ["user:sean@example.com"] 800 # } 801 # ] 802 # } 803 # 804 # **YAML Example** 805 # 806 # bindings: 807 # - members: 808 # - user:mike@example.com 809 # - group:admins@example.com 810 # - domain:google.com 811 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 812 # role: roles/owner 813 # - members: 814 # - user:sean@example.com 815 # role: roles/viewer 816 # 817 # 818 # For a description of IAM and its features, see the 819 # [IAM developer's guide](https://cloud.google.com/iam/docs). 820 "bindings": [ # Associates a list of `members` to a `role`. 821 # `bindings` with no members will result in an error. 822 { # Associates `members` with a `role`. 823 "role": "A String", # Role that is assigned to `members`. 824 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 825 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 826 # `members` can have the following values: 827 # 828 # * `allUsers`: A special identifier that represents anyone who is 829 # on the internet; with or without a Google account. 830 # 831 # * `allAuthenticatedUsers`: A special identifier that represents anyone 832 # who is authenticated with a Google account or a service account. 833 # 834 # * `user:{emailid}`: An email address that represents a specific Google 835 # account. For example, `alice@gmail.com` . 836 # 837 # 838 # * `serviceAccount:{emailid}`: An email address that represents a service 839 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 840 # 841 # * `group:{emailid}`: An email address that represents a Google group. 842 # For example, `admins@example.com`. 843 # 844 # 845 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 846 # users of that domain. For example, `google.com` or `example.com`. 847 # 848 "A String", 849 ], 850 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 851 # NOTE: An unsatisfied condition will not allow user access via current 852 # binding. Different bindings, including their conditions, are examined 853 # independently. 854 # 855 # title: "User account presence" 856 # description: "Determines whether the request has a user account" 857 # expression: "size(request.user) > 0" 858 "description": "A String", # An optional description of the expression. This is a longer text which 859 # describes the expression, e.g. when hovered over it in a UI. 860 "expression": "A String", # Textual representation of an expression in 861 # Common Expression Language syntax. 862 # 863 # The application context of the containing message determines which 864 # well-known feature set of CEL is supported. 865 "location": "A String", # An optional string indicating the location of the expression for error 866 # reporting, e.g. a file name and a position in the file. 867 "title": "A String", # An optional title for the expression, i.e. a short string describing 868 # its purpose. This can be used e.g. in UIs which allow to enter the 869 # expression. 870 }, 871 }, 872 ], 873 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 874 # prevent simultaneous updates of a policy from overwriting each other. 875 # It is strongly suggested that systems make use of the `etag` in the 876 # read-modify-write cycle to perform policy updates in order to avoid race 877 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 878 # systems are expected to put that etag in the request to `setIamPolicy` to 879 # ensure that their change will be applied to the same version of the policy. 880 # 881 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 882 # policy is overwritten blindly. 883 "version": 42, # Deprecated. 884 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 885 { # Specifies the audit configuration for a service. 886 # The configuration determines which permission types are logged, and what 887 # identities, if any, are exempted from logging. 888 # An AuditConfig must have one or more AuditLogConfigs. 889 # 890 # If there are AuditConfigs for both `allServices` and a specific service, 891 # the union of the two AuditConfigs is used for that service: the log_types 892 # specified in each AuditConfig are enabled, and the exempted_members in each 893 # AuditLogConfig are exempted. 894 # 895 # Example Policy with multiple AuditConfigs: 896 # 897 # { 898 # "audit_configs": [ 899 # { 900 # "service": "allServices" 901 # "audit_log_configs": [ 902 # { 903 # "log_type": "DATA_READ", 904 # "exempted_members": [ 905 # "user:foo@gmail.com" 906 # ] 907 # }, 908 # { 909 # "log_type": "DATA_WRITE", 910 # }, 911 # { 912 # "log_type": "ADMIN_READ", 913 # } 914 # ] 915 # }, 916 # { 917 # "service": "fooservice.googleapis.com" 918 # "audit_log_configs": [ 919 # { 920 # "log_type": "DATA_READ", 921 # }, 922 # { 923 # "log_type": "DATA_WRITE", 924 # "exempted_members": [ 925 # "user:bar@gmail.com" 926 # ] 927 # } 928 # ] 929 # } 930 # ] 931 # } 932 # 933 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 934 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 935 # bar@gmail.com from DATA_WRITE logging. 936 "auditLogConfigs": [ # The configuration for logging of each type of permission. 937 { # Provides the configuration for logging a type of permissions. 938 # Example: 939 # 940 # { 941 # "audit_log_configs": [ 942 # { 943 # "log_type": "DATA_READ", 944 # "exempted_members": [ 945 # "user:foo@gmail.com" 946 # ] 947 # }, 948 # { 949 # "log_type": "DATA_WRITE", 950 # } 951 # ] 952 # } 953 # 954 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 955 # foo@gmail.com from DATA_READ logging. 956 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 957 # permission. 958 # Follows the same format of Binding.members. 959 "A String", 960 ], 961 "logType": "A String", # The log type that this config enables. 962 }, 963 ], 964 "service": "A String", # Specifies a service that will be enabled for audit logging. 965 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 966 # `allServices` is a special value that covers all services. 967 }, 968 ], 969 }</pre> 970</div> 971 972<div class="method"> 973 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 974 <pre>Tests the access control policy for a billing account. This method takes 975the resource and a set of permissions as input and returns the subset of 976the input permissions that the caller is allowed for that resource. 977 978Args: 979 resource: string, REQUIRED: The resource for which the policy detail is being requested. 980See the operation documentation for the appropriate value for this field. (required) 981 body: object, The request body. (required) 982 The object takes the form of: 983 984{ # Request message for `TestIamPermissions` method. 985 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 986 # wildcards (such as '*' or 'storage.*') are not allowed. For more 987 # information see 988 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 989 "A String", 990 ], 991 } 992 993 x__xgafv: string, V1 error format. 994 Allowed values 995 1 - v1 error format 996 2 - v2 error format 997 998Returns: 999 An object of the form: 1000 1001 { # Response message for `TestIamPermissions` method. 1002 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 1003 # allowed. 1004 "A String", 1005 ], 1006 }</pre> 1007</div> 1008 1009</body></html>