1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="datafusion_v1beta1.html">Cloud Data Fusion API</a> . <a href="datafusion_v1beta1.projects.html">projects</a> . <a href="datafusion_v1beta1.projects.locations.html">locations</a> . <a href="datafusion_v1beta1.projects.locations.instances.html">instances</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="#create">create(parent, body, instanceId=None, x__xgafv=None)</a></code></p> 79<p class="firstline">Creates a new Data Fusion instance in the specified project and location.</p> 80<p class="toc_element"> 81 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> 82<p class="firstline">Deletes a single Date Fusion instance.</p> 83<p class="toc_element"> 84 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 85<p class="firstline">Gets details of a single Data Fusion instance.</p> 86<p class="toc_element"> 87 <code><a href="#getIamPolicy">getIamPolicy(resource, x__xgafv=None)</a></code></p> 88<p class="firstline">Gets the access control policy for a resource.</p> 89<p class="toc_element"> 90 <code><a href="#list">list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</a></code></p> 91<p class="firstline">Lists Data Fusion instances in the specified project and location.</p> 92<p class="toc_element"> 93 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 94<p class="firstline">Retrieves the next page of results.</p> 95<p class="toc_element"> 96 <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p> 97<p class="firstline">Updates a single Data Fusion instance.</p> 98<p class="toc_element"> 99 <code><a href="#restart">restart(name, body=None, x__xgafv=None)</a></code></p> 100<p class="firstline">Restart a single Data Fusion instance.</p> 101<p class="toc_element"> 102 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 103<p class="firstline">Sets the access control policy on the specified resource. Replaces any</p> 104<p class="toc_element"> 105 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 106<p class="firstline">Returns permissions that a caller has on the specified resource.</p> 107<p class="toc_element"> 108 <code><a href="#upgrade">upgrade(name, body=None, x__xgafv=None)</a></code></p> 109<p class="firstline">Upgrade a single Data Fusion instance.</p> 110<h3>Method Details</h3> 111<div class="method"> 112 <code class="details" id="create">create(parent, body, instanceId=None, x__xgafv=None)</code> 113 <pre>Creates a new Data Fusion instance in the specified project and location. 114 115Args: 116 parent: string, The instance's project and location in the format 117projects/{project}/locations/{location}. (required) 118 body: object, The request body. (required) 119 The object takes the form of: 120 121{ # Represents a Data Fusion instance. 122 "updateTime": "A String", # Output only. The time the instance was last updated. 123 "displayName": "A String", # Display name for an instance. 124 "description": "A String", # An optional description of this instance. 125 "zone": "A String", # Name of the zone in which the Data Fusion instance will be created. 126 "privateInstance": True or False, # Specifies whether the Data Fusion instance should be private. If set to 127 # true, all Data Fusion nodes will have private IP addresses and will not be 128 # able to access the public internet. 129 "enableStackdriverMonitoring": True or False, # Option to enable Stackdriver Monitoring. 130 "options": { # Map of additional options used to configure the behavior of 131 # Data Fusion instance. 132 "a_key": "A String", 133 }, 134 "labels": { # The resource labels for instance to use to annotate any related underlying 135 # resources such as GCE VMs. The character '=' is not allowed to be used 136 # within the labels. 137 "a_key": "A String", 138 }, 139 "enableStackdriverLogging": True or False, # Option to enable Stackdriver Logging. 140 "networkConfig": { # Network configuration for a Data Fusion instance. These configurations # Network configuration options. These are required when a private Data 141 # Fusion instance is to be created. 142 # are used for peering with the customer network. Configurations are optional 143 # when a public Data Fusion instance is to be created. However, providing 144 # these configurations allows several benefits, such as reduced network latency 145 # while accessing the customer resources from managed Data Fusion instance 146 # nodes, as well as access to the customer on-prem resources. 147 "network": "A String", # Name of the network in the customer project with which the Tenant Project 148 # will be peered for executing pipelines. 149 "ipAllocation": "A String", # The IP range in CIDR notation to use for the managed Data Fusion instance 150 # nodes. This range must not overlap with any other ranges used in the Data 151 # Fusion instance network. 152 }, 153 "serviceEndpoint": "A String", # Output only. Endpoint on which the Data Fusion UI and REST APIs are 154 # accessible. 155 "stateMessage": "A String", # Output only. Additional information about the current state of this Data 156 # Fusion instance if available. 157 "state": "A String", # Output only. The current state of this Data Fusion instance. 158 "version": "A String", # Output only. Current version of the Data Fusion. 159 "type": "A String", # Required. Instance type. 160 "createTime": "A String", # Output only. The time the instance was created. 161 "serviceAccount": "A String", # Output only. Service account which will be used to access resources in 162 # the customer project." 163 "name": "A String", # Output only. The name of this instance is in the form of 164 # projects/{project}/locations/{location}/instances/{instance}. 165} 166 167 instanceId: string, The name of the instance to create. 168 x__xgafv: string, V1 error format. 169 Allowed values 170 1 - v1 error format 171 2 - v2 error format 172 173Returns: 174 An object of the form: 175 176 { # This resource represents a long-running operation that is the result of a 177 # network API call. 178 "metadata": { # Service-specific metadata associated with the operation. It typically 179 # contains progress information and common metadata such as create time. 180 # Some services might not provide such metadata. Any method that returns a 181 # long-running operation should document the metadata type, if any. 182 "a_key": "", # Properties of the object. Contains field @type with type URL. 183 }, 184 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 185 # different programming environments, including REST APIs and RPC APIs. It is 186 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 187 # three pieces of data: error code, error message, and error details. 188 # 189 # You can find out more about this error model and how to work with it in the 190 # [API Design Guide](https://cloud.google.com/apis/design/errors). 191 "message": "A String", # A developer-facing error message, which should be in English. Any 192 # user-facing error message should be localized and sent in the 193 # google.rpc.Status.details field, or localized by the client. 194 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 195 "details": [ # A list of messages that carry the error details. There is a common set of 196 # message types for APIs to use. 197 { 198 "a_key": "", # Properties of the object. Contains field @type with type URL. 199 }, 200 ], 201 }, 202 "done": True or False, # If the value is `false`, it means the operation is still in progress. 203 # If `true`, the operation is completed, and either `error` or `response` is 204 # available. 205 "response": { # The normal response of the operation in case of success. If the original 206 # method returns no data on success, such as `Delete`, the response is 207 # `google.protobuf.Empty`. If the original method is standard 208 # `Get`/`Create`/`Update`, the response should be the resource. For other 209 # methods, the response should have the type `XxxResponse`, where `Xxx` 210 # is the original method name. For example, if the original method name 211 # is `TakeSnapshot()`, the inferred response type is 212 # `TakeSnapshotResponse`. 213 "a_key": "", # Properties of the object. Contains field @type with type URL. 214 }, 215 "name": "A String", # The server-assigned name, which is only unique within the same service that 216 # originally returns it. If you use the default HTTP mapping, the 217 # `name` should be a resource name ending with `operations/{unique_id}`. 218 }</pre> 219</div> 220 221<div class="method"> 222 <code class="details" id="delete">delete(name, x__xgafv=None)</code> 223 <pre>Deletes a single Date Fusion instance. 224 225Args: 226 name: string, The instance resource name in the format 227projects/{project}/locations/{location}/instances/{instance} (required) 228 x__xgafv: string, V1 error format. 229 Allowed values 230 1 - v1 error format 231 2 - v2 error format 232 233Returns: 234 An object of the form: 235 236 { # This resource represents a long-running operation that is the result of a 237 # network API call. 238 "metadata": { # Service-specific metadata associated with the operation. It typically 239 # contains progress information and common metadata such as create time. 240 # Some services might not provide such metadata. Any method that returns a 241 # long-running operation should document the metadata type, if any. 242 "a_key": "", # Properties of the object. Contains field @type with type URL. 243 }, 244 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 245 # different programming environments, including REST APIs and RPC APIs. It is 246 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 247 # three pieces of data: error code, error message, and error details. 248 # 249 # You can find out more about this error model and how to work with it in the 250 # [API Design Guide](https://cloud.google.com/apis/design/errors). 251 "message": "A String", # A developer-facing error message, which should be in English. Any 252 # user-facing error message should be localized and sent in the 253 # google.rpc.Status.details field, or localized by the client. 254 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 255 "details": [ # A list of messages that carry the error details. There is a common set of 256 # message types for APIs to use. 257 { 258 "a_key": "", # Properties of the object. Contains field @type with type URL. 259 }, 260 ], 261 }, 262 "done": True or False, # If the value is `false`, it means the operation is still in progress. 263 # If `true`, the operation is completed, and either `error` or `response` is 264 # available. 265 "response": { # The normal response of the operation in case of success. If the original 266 # method returns no data on success, such as `Delete`, the response is 267 # `google.protobuf.Empty`. If the original method is standard 268 # `Get`/`Create`/`Update`, the response should be the resource. For other 269 # methods, the response should have the type `XxxResponse`, where `Xxx` 270 # is the original method name. For example, if the original method name 271 # is `TakeSnapshot()`, the inferred response type is 272 # `TakeSnapshotResponse`. 273 "a_key": "", # Properties of the object. Contains field @type with type URL. 274 }, 275 "name": "A String", # The server-assigned name, which is only unique within the same service that 276 # originally returns it. If you use the default HTTP mapping, the 277 # `name` should be a resource name ending with `operations/{unique_id}`. 278 }</pre> 279</div> 280 281<div class="method"> 282 <code class="details" id="get">get(name, x__xgafv=None)</code> 283 <pre>Gets details of a single Data Fusion instance. 284 285Args: 286 name: string, The instance resource name in the format 287projects/{project}/locations/{location}/instances/{instance}. (required) 288 x__xgafv: string, V1 error format. 289 Allowed values 290 1 - v1 error format 291 2 - v2 error format 292 293Returns: 294 An object of the form: 295 296 { # Represents a Data Fusion instance. 297 "updateTime": "A String", # Output only. The time the instance was last updated. 298 "displayName": "A String", # Display name for an instance. 299 "description": "A String", # An optional description of this instance. 300 "zone": "A String", # Name of the zone in which the Data Fusion instance will be created. 301 "privateInstance": True or False, # Specifies whether the Data Fusion instance should be private. If set to 302 # true, all Data Fusion nodes will have private IP addresses and will not be 303 # able to access the public internet. 304 "enableStackdriverMonitoring": True or False, # Option to enable Stackdriver Monitoring. 305 "options": { # Map of additional options used to configure the behavior of 306 # Data Fusion instance. 307 "a_key": "A String", 308 }, 309 "labels": { # The resource labels for instance to use to annotate any related underlying 310 # resources such as GCE VMs. The character '=' is not allowed to be used 311 # within the labels. 312 "a_key": "A String", 313 }, 314 "enableStackdriverLogging": True or False, # Option to enable Stackdriver Logging. 315 "networkConfig": { # Network configuration for a Data Fusion instance. These configurations # Network configuration options. These are required when a private Data 316 # Fusion instance is to be created. 317 # are used for peering with the customer network. Configurations are optional 318 # when a public Data Fusion instance is to be created. However, providing 319 # these configurations allows several benefits, such as reduced network latency 320 # while accessing the customer resources from managed Data Fusion instance 321 # nodes, as well as access to the customer on-prem resources. 322 "network": "A String", # Name of the network in the customer project with which the Tenant Project 323 # will be peered for executing pipelines. 324 "ipAllocation": "A String", # The IP range in CIDR notation to use for the managed Data Fusion instance 325 # nodes. This range must not overlap with any other ranges used in the Data 326 # Fusion instance network. 327 }, 328 "serviceEndpoint": "A String", # Output only. Endpoint on which the Data Fusion UI and REST APIs are 329 # accessible. 330 "stateMessage": "A String", # Output only. Additional information about the current state of this Data 331 # Fusion instance if available. 332 "state": "A String", # Output only. The current state of this Data Fusion instance. 333 "version": "A String", # Output only. Current version of the Data Fusion. 334 "type": "A String", # Required. Instance type. 335 "createTime": "A String", # Output only. The time the instance was created. 336 "serviceAccount": "A String", # Output only. Service account which will be used to access resources in 337 # the customer project." 338 "name": "A String", # Output only. The name of this instance is in the form of 339 # projects/{project}/locations/{location}/instances/{instance}. 340 }</pre> 341</div> 342 343<div class="method"> 344 <code class="details" id="getIamPolicy">getIamPolicy(resource, x__xgafv=None)</code> 345 <pre>Gets the access control policy for a resource. 346Returns an empty policy if the resource exists and does not have a policy 347set. 348 349Args: 350 resource: string, REQUIRED: The resource for which the policy is being requested. 351See the operation documentation for the appropriate value for this field. (required) 352 x__xgafv: string, V1 error format. 353 Allowed values 354 1 - v1 error format 355 2 - v2 error format 356 357Returns: 358 An object of the form: 359 360 { # Defines an Identity and Access Management (IAM) policy. It is used to 361 # specify access control policies for Cloud Platform resources. 362 # 363 # 364 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 365 # `members` to a `role`, where the members can be user accounts, Google groups, 366 # Google domains, and service accounts. A `role` is a named list of permissions 367 # defined by IAM. 368 # 369 # **JSON Example** 370 # 371 # { 372 # "bindings": [ 373 # { 374 # "role": "roles/owner", 375 # "members": [ 376 # "user:mike@example.com", 377 # "group:admins@example.com", 378 # "domain:google.com", 379 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 380 # ] 381 # }, 382 # { 383 # "role": "roles/viewer", 384 # "members": ["user:sean@example.com"] 385 # } 386 # ] 387 # } 388 # 389 # **YAML Example** 390 # 391 # bindings: 392 # - members: 393 # - user:mike@example.com 394 # - group:admins@example.com 395 # - domain:google.com 396 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 397 # role: roles/owner 398 # - members: 399 # - user:sean@example.com 400 # role: roles/viewer 401 # 402 # 403 # For a description of IAM and its features, see the 404 # [IAM developer's guide](https://cloud.google.com/iam/docs). 405 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 406 { # Specifies the audit configuration for a service. 407 # The configuration determines which permission types are logged, and what 408 # identities, if any, are exempted from logging. 409 # An AuditConfig must have one or more AuditLogConfigs. 410 # 411 # If there are AuditConfigs for both `allServices` and a specific service, 412 # the union of the two AuditConfigs is used for that service: the log_types 413 # specified in each AuditConfig are enabled, and the exempted_members in each 414 # AuditLogConfig are exempted. 415 # 416 # Example Policy with multiple AuditConfigs: 417 # 418 # { 419 # "audit_configs": [ 420 # { 421 # "service": "allServices" 422 # "audit_log_configs": [ 423 # { 424 # "log_type": "DATA_READ", 425 # "exempted_members": [ 426 # "user:foo@gmail.com" 427 # ] 428 # }, 429 # { 430 # "log_type": "DATA_WRITE", 431 # }, 432 # { 433 # "log_type": "ADMIN_READ", 434 # } 435 # ] 436 # }, 437 # { 438 # "service": "fooservice.googleapis.com" 439 # "audit_log_configs": [ 440 # { 441 # "log_type": "DATA_READ", 442 # }, 443 # { 444 # "log_type": "DATA_WRITE", 445 # "exempted_members": [ 446 # "user:bar@gmail.com" 447 # ] 448 # } 449 # ] 450 # } 451 # ] 452 # } 453 # 454 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 455 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 456 # bar@gmail.com from DATA_WRITE logging. 457 "exemptedMembers": [ 458 "A String", 459 ], 460 "auditLogConfigs": [ # The configuration for logging of each type of permission. 461 { # Provides the configuration for logging a type of permissions. 462 # Example: 463 # 464 # { 465 # "audit_log_configs": [ 466 # { 467 # "log_type": "DATA_READ", 468 # "exempted_members": [ 469 # "user:foo@gmail.com" 470 # ] 471 # }, 472 # { 473 # "log_type": "DATA_WRITE", 474 # } 475 # ] 476 # } 477 # 478 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 479 # foo@gmail.com from DATA_READ logging. 480 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 481 # permission. 482 # Follows the same format of Binding.members. 483 "A String", 484 ], 485 "logType": "A String", # The log type that this config enables. 486 }, 487 ], 488 "service": "A String", # Specifies a service that will be enabled for audit logging. 489 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 490 # `allServices` is a special value that covers all services. 491 }, 492 ], 493 "rules": [ # If more than one rule is specified, the rules are applied in the following 494 # manner: 495 # - All matching LOG rules are always applied. 496 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 497 # Logging will be applied if one or more matching rule requires logging. 498 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 499 # granted. 500 # Logging will be applied if one or more matching rule requires logging. 501 # - Otherwise, if no rule applies, permission is denied. 502 { # A rule to be applied in a Policy. 503 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 504 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 505 # The format for in and not_in entries can be found at in the Local IAM 506 # documentation (see go/local-iam#features). 507 "A String", 508 ], 509 "description": "A String", # Human-readable description of the rule. 510 "in": [ # If one or more 'in' clauses are specified, the rule matches if 511 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 512 "A String", 513 ], 514 "action": "A String", # Required 515 "conditions": [ # Additional restrictions that must be met. All conditions must pass for the 516 # rule to match. 517 { # A condition to be met. 518 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 519 # the IAM system for access control. 520 "iam": "A String", # Trusted attributes supplied by the IAM system. 521 "values": [ # The objects of the condition. 522 "A String", 523 ], 524 "svc": "A String", # Trusted attributes discharged by the service. 525 "op": "A String", # An operator to apply the subject with. 526 }, 527 ], 528 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 529 # that match the LOG action. 530 { # Specifies what kind of log the caller must write 531 "counter": { # Increment a streamz counter with the specified metric and field names. # Counter options. 532 # 533 # Metric names should start with a '/', generally be lowercase-only, 534 # and end in "_count". Field names should not contain an initial slash. 535 # The actual exported metric names will have "/iam/policy" prepended. 536 # 537 # Field names correspond to IAM request parameters and field values are 538 # their respective values. 539 # 540 # Supported field names: 541 # - "authority", which is "[token]" if IAMContext.token is present, 542 # otherwise the value of IAMContext.authority_selector if present, and 543 # otherwise a representation of IAMContext.principal; or 544 # - "iam_principal", a representation of IAMContext.principal even if a 545 # token or authority selector is present; or 546 # - "" (empty string), resulting in a counter with no fields. 547 # 548 # Examples: 549 # counter { metric: "/debug_access_count" field: "iam_principal" } 550 # ==> increment counter /iam/policy/backend_debug_access_count 551 # {iam_principal=[value of IAMContext.principal]} 552 # 553 # At this time we do not support multiple field names (though this may be 554 # supported in the future). 555 "field": "A String", # The field value to attribute. 556 "metric": "A String", # The metric to update. 557 }, 558 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 559 "logMode": "A String", # Whether Gin logging should happen in a fail-closed manner at the caller. 560 # This is relevant only in the LocalIAM implementation, for now. 561 }, 562 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 563 "logName": "A String", # The log_name to populate in the Cloud Audit Record. 564 "authorizationLoggingOptions": { # Authorization-related information used by Cloud Audit Logging. # Information used by the Cloud Audit Logging pipeline. 565 "permissionType": "A String", # The type of the permission that was checked. 566 }, 567 }, 568 }, 569 ], 570 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 571 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 572 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 573 "A String", 574 ], 575 }, 576 ], 577 "version": 42, # Deprecated. 578 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 579 # prevent simultaneous updates of a policy from overwriting each other. 580 # It is strongly suggested that systems make use of the `etag` in the 581 # read-modify-write cycle to perform policy updates in order to avoid race 582 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 583 # systems are expected to put that etag in the request to `setIamPolicy` to 584 # ensure that their change will be applied to the same version of the policy. 585 # 586 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 587 # policy is overwritten blindly. 588 "bindings": [ # Associates a list of `members` to a `role`. 589 # `bindings` with no members will result in an error. 590 { # Associates `members` with a `role`. 591 "role": "A String", # Role that is assigned to `members`. 592 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 593 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 594 # NOTE: An unsatisfied condition will not allow user access via current 595 # binding. Different bindings, including their conditions, are examined 596 # independently. 597 # 598 # title: "User account presence" 599 # description: "Determines whether the request has a user account" 600 # expression: "size(request.user) > 0" 601 "description": "A String", # An optional description of the expression. This is a longer text which 602 # describes the expression, e.g. when hovered over it in a UI. 603 "expression": "A String", # Textual representation of an expression in 604 # Common Expression Language syntax. 605 # 606 # The application context of the containing message determines which 607 # well-known feature set of CEL is supported. 608 "location": "A String", # An optional string indicating the location of the expression for error 609 # reporting, e.g. a file name and a position in the file. 610 "title": "A String", # An optional title for the expression, i.e. a short string describing 611 # its purpose. This can be used e.g. in UIs which allow to enter the 612 # expression. 613 }, 614 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 615 # `members` can have the following values: 616 # 617 # * `allUsers`: A special identifier that represents anyone who is 618 # on the internet; with or without a Google account. 619 # 620 # * `allAuthenticatedUsers`: A special identifier that represents anyone 621 # who is authenticated with a Google account or a service account. 622 # 623 # * `user:{emailid}`: An email address that represents a specific Google 624 # account. For example, `alice@gmail.com` . 625 # 626 # 627 # * `serviceAccount:{emailid}`: An email address that represents a service 628 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 629 # 630 # * `group:{emailid}`: An email address that represents a Google group. 631 # For example, `admins@example.com`. 632 # 633 # 634 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 635 # users of that domain. For example, `google.com` or `example.com`. 636 # 637 "A String", 638 ], 639 }, 640 ], 641 "iamOwned": True or False, 642 }</pre> 643</div> 644 645<div class="method"> 646 <code class="details" id="list">list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</code> 647 <pre>Lists Data Fusion instances in the specified project and location. 648 649Args: 650 parent: string, The project and location for which to retrieve instance information 651in the format projects/{project}/locations/{location}. If the location is 652specified as '-' (wildcard), then all regions available to the project 653are queried, and the results are aggregated. (required) 654 orderBy: string, Sort results. Supported values are "name", "name desc", or "" (unsorted). 655 pageSize: integer, The maximum number of items to return. 656 pageToken: string, The next_page_token value to use if there are additional 657results to retrieve for this list request. 658 x__xgafv: string, V1 error format. 659 Allowed values 660 1 - v1 error format 661 2 - v2 error format 662 filter: string, List filter. 663 664Returns: 665 An object of the form: 666 667 { # Response message for the list instance request. 668 "nextPageToken": "A String", # Token to retrieve the next page of results or empty if there are no more 669 # results in the list. 670 "unreachable": [ # Locations that could not be reached. 671 "A String", 672 ], 673 "instances": [ # Represents a list of Data Fusion instances. 674 { # Represents a Data Fusion instance. 675 "updateTime": "A String", # Output only. The time the instance was last updated. 676 "displayName": "A String", # Display name for an instance. 677 "description": "A String", # An optional description of this instance. 678 "zone": "A String", # Name of the zone in which the Data Fusion instance will be created. 679 "privateInstance": True or False, # Specifies whether the Data Fusion instance should be private. If set to 680 # true, all Data Fusion nodes will have private IP addresses and will not be 681 # able to access the public internet. 682 "enableStackdriverMonitoring": True or False, # Option to enable Stackdriver Monitoring. 683 "options": { # Map of additional options used to configure the behavior of 684 # Data Fusion instance. 685 "a_key": "A String", 686 }, 687 "labels": { # The resource labels for instance to use to annotate any related underlying 688 # resources such as GCE VMs. The character '=' is not allowed to be used 689 # within the labels. 690 "a_key": "A String", 691 }, 692 "enableStackdriverLogging": True or False, # Option to enable Stackdriver Logging. 693 "networkConfig": { # Network configuration for a Data Fusion instance. These configurations # Network configuration options. These are required when a private Data 694 # Fusion instance is to be created. 695 # are used for peering with the customer network. Configurations are optional 696 # when a public Data Fusion instance is to be created. However, providing 697 # these configurations allows several benefits, such as reduced network latency 698 # while accessing the customer resources from managed Data Fusion instance 699 # nodes, as well as access to the customer on-prem resources. 700 "network": "A String", # Name of the network in the customer project with which the Tenant Project 701 # will be peered for executing pipelines. 702 "ipAllocation": "A String", # The IP range in CIDR notation to use for the managed Data Fusion instance 703 # nodes. This range must not overlap with any other ranges used in the Data 704 # Fusion instance network. 705 }, 706 "serviceEndpoint": "A String", # Output only. Endpoint on which the Data Fusion UI and REST APIs are 707 # accessible. 708 "stateMessage": "A String", # Output only. Additional information about the current state of this Data 709 # Fusion instance if available. 710 "state": "A String", # Output only. The current state of this Data Fusion instance. 711 "version": "A String", # Output only. Current version of the Data Fusion. 712 "type": "A String", # Required. Instance type. 713 "createTime": "A String", # Output only. The time the instance was created. 714 "serviceAccount": "A String", # Output only. Service account which will be used to access resources in 715 # the customer project." 716 "name": "A String", # Output only. The name of this instance is in the form of 717 # projects/{project}/locations/{location}/instances/{instance}. 718 }, 719 ], 720 }</pre> 721</div> 722 723<div class="method"> 724 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 725 <pre>Retrieves the next page of results. 726 727Args: 728 previous_request: The request for the previous page. (required) 729 previous_response: The response from the request for the previous page. (required) 730 731Returns: 732 A request object that you can call 'execute()' on to request the next 733 page. Returns None if there are no more items in the collection. 734 </pre> 735</div> 736 737<div class="method"> 738 <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code> 739 <pre>Updates a single Data Fusion instance. 740 741Args: 742 name: string, Output only. The name of this instance is in the form of 743projects/{project}/locations/{location}/instances/{instance}. (required) 744 body: object, The request body. (required) 745 The object takes the form of: 746 747{ # Represents a Data Fusion instance. 748 "updateTime": "A String", # Output only. The time the instance was last updated. 749 "displayName": "A String", # Display name for an instance. 750 "description": "A String", # An optional description of this instance. 751 "zone": "A String", # Name of the zone in which the Data Fusion instance will be created. 752 "privateInstance": True or False, # Specifies whether the Data Fusion instance should be private. If set to 753 # true, all Data Fusion nodes will have private IP addresses and will not be 754 # able to access the public internet. 755 "enableStackdriverMonitoring": True or False, # Option to enable Stackdriver Monitoring. 756 "options": { # Map of additional options used to configure the behavior of 757 # Data Fusion instance. 758 "a_key": "A String", 759 }, 760 "labels": { # The resource labels for instance to use to annotate any related underlying 761 # resources such as GCE VMs. The character '=' is not allowed to be used 762 # within the labels. 763 "a_key": "A String", 764 }, 765 "enableStackdriverLogging": True or False, # Option to enable Stackdriver Logging. 766 "networkConfig": { # Network configuration for a Data Fusion instance. These configurations # Network configuration options. These are required when a private Data 767 # Fusion instance is to be created. 768 # are used for peering with the customer network. Configurations are optional 769 # when a public Data Fusion instance is to be created. However, providing 770 # these configurations allows several benefits, such as reduced network latency 771 # while accessing the customer resources from managed Data Fusion instance 772 # nodes, as well as access to the customer on-prem resources. 773 "network": "A String", # Name of the network in the customer project with which the Tenant Project 774 # will be peered for executing pipelines. 775 "ipAllocation": "A String", # The IP range in CIDR notation to use for the managed Data Fusion instance 776 # nodes. This range must not overlap with any other ranges used in the Data 777 # Fusion instance network. 778 }, 779 "serviceEndpoint": "A String", # Output only. Endpoint on which the Data Fusion UI and REST APIs are 780 # accessible. 781 "stateMessage": "A String", # Output only. Additional information about the current state of this Data 782 # Fusion instance if available. 783 "state": "A String", # Output only. The current state of this Data Fusion instance. 784 "version": "A String", # Output only. Current version of the Data Fusion. 785 "type": "A String", # Required. Instance type. 786 "createTime": "A String", # Output only. The time the instance was created. 787 "serviceAccount": "A String", # Output only. Service account which will be used to access resources in 788 # the customer project." 789 "name": "A String", # Output only. The name of this instance is in the form of 790 # projects/{project}/locations/{location}/instances/{instance}. 791} 792 793 updateMask: string, Field mask is used to specify the fields that the update will overwrite 794in an instance resource. The fields specified in the update_mask are 795relative to the resource, not the full request. 796A field will be overwritten if it is in the mask. 797If the user does not provide a mask, all the supported fields (labels and 798options currently) will be overwritten. 799 x__xgafv: string, V1 error format. 800 Allowed values 801 1 - v1 error format 802 2 - v2 error format 803 804Returns: 805 An object of the form: 806 807 { # This resource represents a long-running operation that is the result of a 808 # network API call. 809 "metadata": { # Service-specific metadata associated with the operation. It typically 810 # contains progress information and common metadata such as create time. 811 # Some services might not provide such metadata. Any method that returns a 812 # long-running operation should document the metadata type, if any. 813 "a_key": "", # Properties of the object. Contains field @type with type URL. 814 }, 815 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 816 # different programming environments, including REST APIs and RPC APIs. It is 817 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 818 # three pieces of data: error code, error message, and error details. 819 # 820 # You can find out more about this error model and how to work with it in the 821 # [API Design Guide](https://cloud.google.com/apis/design/errors). 822 "message": "A String", # A developer-facing error message, which should be in English. Any 823 # user-facing error message should be localized and sent in the 824 # google.rpc.Status.details field, or localized by the client. 825 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 826 "details": [ # A list of messages that carry the error details. There is a common set of 827 # message types for APIs to use. 828 { 829 "a_key": "", # Properties of the object. Contains field @type with type URL. 830 }, 831 ], 832 }, 833 "done": True or False, # If the value is `false`, it means the operation is still in progress. 834 # If `true`, the operation is completed, and either `error` or `response` is 835 # available. 836 "response": { # The normal response of the operation in case of success. If the original 837 # method returns no data on success, such as `Delete`, the response is 838 # `google.protobuf.Empty`. If the original method is standard 839 # `Get`/`Create`/`Update`, the response should be the resource. For other 840 # methods, the response should have the type `XxxResponse`, where `Xxx` 841 # is the original method name. For example, if the original method name 842 # is `TakeSnapshot()`, the inferred response type is 843 # `TakeSnapshotResponse`. 844 "a_key": "", # Properties of the object. Contains field @type with type URL. 845 }, 846 "name": "A String", # The server-assigned name, which is only unique within the same service that 847 # originally returns it. If you use the default HTTP mapping, the 848 # `name` should be a resource name ending with `operations/{unique_id}`. 849 }</pre> 850</div> 851 852<div class="method"> 853 <code class="details" id="restart">restart(name, body=None, x__xgafv=None)</code> 854 <pre>Restart a single Data Fusion instance. 855At the end of an operation instance is fully restarted. 856 857Args: 858 name: string, Name of the Data Fusion instance which need to be restarted in the form of 859projects/{project}/locations/{location}/instances/{instance} (required) 860 body: object, The request body. 861 The object takes the form of: 862 863{ # Request message for restarting a Data Fusion instance. 864 } 865 866 x__xgafv: string, V1 error format. 867 Allowed values 868 1 - v1 error format 869 2 - v2 error format 870 871Returns: 872 An object of the form: 873 874 { # This resource represents a long-running operation that is the result of a 875 # network API call. 876 "metadata": { # Service-specific metadata associated with the operation. It typically 877 # contains progress information and common metadata such as create time. 878 # Some services might not provide such metadata. Any method that returns a 879 # long-running operation should document the metadata type, if any. 880 "a_key": "", # Properties of the object. Contains field @type with type URL. 881 }, 882 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 883 # different programming environments, including REST APIs and RPC APIs. It is 884 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 885 # three pieces of data: error code, error message, and error details. 886 # 887 # You can find out more about this error model and how to work with it in the 888 # [API Design Guide](https://cloud.google.com/apis/design/errors). 889 "message": "A String", # A developer-facing error message, which should be in English. Any 890 # user-facing error message should be localized and sent in the 891 # google.rpc.Status.details field, or localized by the client. 892 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 893 "details": [ # A list of messages that carry the error details. There is a common set of 894 # message types for APIs to use. 895 { 896 "a_key": "", # Properties of the object. Contains field @type with type URL. 897 }, 898 ], 899 }, 900 "done": True or False, # If the value is `false`, it means the operation is still in progress. 901 # If `true`, the operation is completed, and either `error` or `response` is 902 # available. 903 "response": { # The normal response of the operation in case of success. If the original 904 # method returns no data on success, such as `Delete`, the response is 905 # `google.protobuf.Empty`. If the original method is standard 906 # `Get`/`Create`/`Update`, the response should be the resource. For other 907 # methods, the response should have the type `XxxResponse`, where `Xxx` 908 # is the original method name. For example, if the original method name 909 # is `TakeSnapshot()`, the inferred response type is 910 # `TakeSnapshotResponse`. 911 "a_key": "", # Properties of the object. Contains field @type with type URL. 912 }, 913 "name": "A String", # The server-assigned name, which is only unique within the same service that 914 # originally returns it. If you use the default HTTP mapping, the 915 # `name` should be a resource name ending with `operations/{unique_id}`. 916 }</pre> 917</div> 918 919<div class="method"> 920 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 921 <pre>Sets the access control policy on the specified resource. Replaces any 922existing policy. 923 924Args: 925 resource: string, REQUIRED: The resource for which the policy is being specified. 926See the operation documentation for the appropriate value for this field. (required) 927 body: object, The request body. (required) 928 The object takes the form of: 929 930{ # Request message for `SetIamPolicy` method. 931 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 932 # the policy is limited to a few 10s of KB. An empty policy is a 933 # valid policy but certain Cloud Platform services (such as Projects) 934 # might reject them. 935 # specify access control policies for Cloud Platform resources. 936 # 937 # 938 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 939 # `members` to a `role`, where the members can be user accounts, Google groups, 940 # Google domains, and service accounts. A `role` is a named list of permissions 941 # defined by IAM. 942 # 943 # **JSON Example** 944 # 945 # { 946 # "bindings": [ 947 # { 948 # "role": "roles/owner", 949 # "members": [ 950 # "user:mike@example.com", 951 # "group:admins@example.com", 952 # "domain:google.com", 953 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 954 # ] 955 # }, 956 # { 957 # "role": "roles/viewer", 958 # "members": ["user:sean@example.com"] 959 # } 960 # ] 961 # } 962 # 963 # **YAML Example** 964 # 965 # bindings: 966 # - members: 967 # - user:mike@example.com 968 # - group:admins@example.com 969 # - domain:google.com 970 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 971 # role: roles/owner 972 # - members: 973 # - user:sean@example.com 974 # role: roles/viewer 975 # 976 # 977 # For a description of IAM and its features, see the 978 # [IAM developer's guide](https://cloud.google.com/iam/docs). 979 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 980 { # Specifies the audit configuration for a service. 981 # The configuration determines which permission types are logged, and what 982 # identities, if any, are exempted from logging. 983 # An AuditConfig must have one or more AuditLogConfigs. 984 # 985 # If there are AuditConfigs for both `allServices` and a specific service, 986 # the union of the two AuditConfigs is used for that service: the log_types 987 # specified in each AuditConfig are enabled, and the exempted_members in each 988 # AuditLogConfig are exempted. 989 # 990 # Example Policy with multiple AuditConfigs: 991 # 992 # { 993 # "audit_configs": [ 994 # { 995 # "service": "allServices" 996 # "audit_log_configs": [ 997 # { 998 # "log_type": "DATA_READ", 999 # "exempted_members": [ 1000 # "user:foo@gmail.com" 1001 # ] 1002 # }, 1003 # { 1004 # "log_type": "DATA_WRITE", 1005 # }, 1006 # { 1007 # "log_type": "ADMIN_READ", 1008 # } 1009 # ] 1010 # }, 1011 # { 1012 # "service": "fooservice.googleapis.com" 1013 # "audit_log_configs": [ 1014 # { 1015 # "log_type": "DATA_READ", 1016 # }, 1017 # { 1018 # "log_type": "DATA_WRITE", 1019 # "exempted_members": [ 1020 # "user:bar@gmail.com" 1021 # ] 1022 # } 1023 # ] 1024 # } 1025 # ] 1026 # } 1027 # 1028 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1029 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 1030 # bar@gmail.com from DATA_WRITE logging. 1031 "exemptedMembers": [ 1032 "A String", 1033 ], 1034 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1035 { # Provides the configuration for logging a type of permissions. 1036 # Example: 1037 # 1038 # { 1039 # "audit_log_configs": [ 1040 # { 1041 # "log_type": "DATA_READ", 1042 # "exempted_members": [ 1043 # "user:foo@gmail.com" 1044 # ] 1045 # }, 1046 # { 1047 # "log_type": "DATA_WRITE", 1048 # } 1049 # ] 1050 # } 1051 # 1052 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1053 # foo@gmail.com from DATA_READ logging. 1054 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1055 # permission. 1056 # Follows the same format of Binding.members. 1057 "A String", 1058 ], 1059 "logType": "A String", # The log type that this config enables. 1060 }, 1061 ], 1062 "service": "A String", # Specifies a service that will be enabled for audit logging. 1063 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 1064 # `allServices` is a special value that covers all services. 1065 }, 1066 ], 1067 "rules": [ # If more than one rule is specified, the rules are applied in the following 1068 # manner: 1069 # - All matching LOG rules are always applied. 1070 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 1071 # Logging will be applied if one or more matching rule requires logging. 1072 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 1073 # granted. 1074 # Logging will be applied if one or more matching rule requires logging. 1075 # - Otherwise, if no rule applies, permission is denied. 1076 { # A rule to be applied in a Policy. 1077 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 1078 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 1079 # The format for in and not_in entries can be found at in the Local IAM 1080 # documentation (see go/local-iam#features). 1081 "A String", 1082 ], 1083 "description": "A String", # Human-readable description of the rule. 1084 "in": [ # If one or more 'in' clauses are specified, the rule matches if 1085 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 1086 "A String", 1087 ], 1088 "action": "A String", # Required 1089 "conditions": [ # Additional restrictions that must be met. All conditions must pass for the 1090 # rule to match. 1091 { # A condition to be met. 1092 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 1093 # the IAM system for access control. 1094 "iam": "A String", # Trusted attributes supplied by the IAM system. 1095 "values": [ # The objects of the condition. 1096 "A String", 1097 ], 1098 "svc": "A String", # Trusted attributes discharged by the service. 1099 "op": "A String", # An operator to apply the subject with. 1100 }, 1101 ], 1102 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 1103 # that match the LOG action. 1104 { # Specifies what kind of log the caller must write 1105 "counter": { # Increment a streamz counter with the specified metric and field names. # Counter options. 1106 # 1107 # Metric names should start with a '/', generally be lowercase-only, 1108 # and end in "_count". Field names should not contain an initial slash. 1109 # The actual exported metric names will have "/iam/policy" prepended. 1110 # 1111 # Field names correspond to IAM request parameters and field values are 1112 # their respective values. 1113 # 1114 # Supported field names: 1115 # - "authority", which is "[token]" if IAMContext.token is present, 1116 # otherwise the value of IAMContext.authority_selector if present, and 1117 # otherwise a representation of IAMContext.principal; or 1118 # - "iam_principal", a representation of IAMContext.principal even if a 1119 # token or authority selector is present; or 1120 # - "" (empty string), resulting in a counter with no fields. 1121 # 1122 # Examples: 1123 # counter { metric: "/debug_access_count" field: "iam_principal" } 1124 # ==> increment counter /iam/policy/backend_debug_access_count 1125 # {iam_principal=[value of IAMContext.principal]} 1126 # 1127 # At this time we do not support multiple field names (though this may be 1128 # supported in the future). 1129 "field": "A String", # The field value to attribute. 1130 "metric": "A String", # The metric to update. 1131 }, 1132 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 1133 "logMode": "A String", # Whether Gin logging should happen in a fail-closed manner at the caller. 1134 # This is relevant only in the LocalIAM implementation, for now. 1135 }, 1136 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 1137 "logName": "A String", # The log_name to populate in the Cloud Audit Record. 1138 "authorizationLoggingOptions": { # Authorization-related information used by Cloud Audit Logging. # Information used by the Cloud Audit Logging pipeline. 1139 "permissionType": "A String", # The type of the permission that was checked. 1140 }, 1141 }, 1142 }, 1143 ], 1144 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 1145 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 1146 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 1147 "A String", 1148 ], 1149 }, 1150 ], 1151 "version": 42, # Deprecated. 1152 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1153 # prevent simultaneous updates of a policy from overwriting each other. 1154 # It is strongly suggested that systems make use of the `etag` in the 1155 # read-modify-write cycle to perform policy updates in order to avoid race 1156 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1157 # systems are expected to put that etag in the request to `setIamPolicy` to 1158 # ensure that their change will be applied to the same version of the policy. 1159 # 1160 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1161 # policy is overwritten blindly. 1162 "bindings": [ # Associates a list of `members` to a `role`. 1163 # `bindings` with no members will result in an error. 1164 { # Associates `members` with a `role`. 1165 "role": "A String", # Role that is assigned to `members`. 1166 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1167 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 1168 # NOTE: An unsatisfied condition will not allow user access via current 1169 # binding. Different bindings, including their conditions, are examined 1170 # independently. 1171 # 1172 # title: "User account presence" 1173 # description: "Determines whether the request has a user account" 1174 # expression: "size(request.user) > 0" 1175 "description": "A String", # An optional description of the expression. This is a longer text which 1176 # describes the expression, e.g. when hovered over it in a UI. 1177 "expression": "A String", # Textual representation of an expression in 1178 # Common Expression Language syntax. 1179 # 1180 # The application context of the containing message determines which 1181 # well-known feature set of CEL is supported. 1182 "location": "A String", # An optional string indicating the location of the expression for error 1183 # reporting, e.g. a file name and a position in the file. 1184 "title": "A String", # An optional title for the expression, i.e. a short string describing 1185 # its purpose. This can be used e.g. in UIs which allow to enter the 1186 # expression. 1187 }, 1188 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1189 # `members` can have the following values: 1190 # 1191 # * `allUsers`: A special identifier that represents anyone who is 1192 # on the internet; with or without a Google account. 1193 # 1194 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1195 # who is authenticated with a Google account or a service account. 1196 # 1197 # * `user:{emailid}`: An email address that represents a specific Google 1198 # account. For example, `alice@gmail.com` . 1199 # 1200 # 1201 # * `serviceAccount:{emailid}`: An email address that represents a service 1202 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 1203 # 1204 # * `group:{emailid}`: An email address that represents a Google group. 1205 # For example, `admins@example.com`. 1206 # 1207 # 1208 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 1209 # users of that domain. For example, `google.com` or `example.com`. 1210 # 1211 "A String", 1212 ], 1213 }, 1214 ], 1215 "iamOwned": True or False, 1216 }, 1217 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 1218 # the fields in the mask will be modified. If no mask is provided, the 1219 # following default mask is used: 1220 # paths: "bindings, etag" 1221 # This field is only used by Cloud IAM. 1222 } 1223 1224 x__xgafv: string, V1 error format. 1225 Allowed values 1226 1 - v1 error format 1227 2 - v2 error format 1228 1229Returns: 1230 An object of the form: 1231 1232 { # Defines an Identity and Access Management (IAM) policy. It is used to 1233 # specify access control policies for Cloud Platform resources. 1234 # 1235 # 1236 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 1237 # `members` to a `role`, where the members can be user accounts, Google groups, 1238 # Google domains, and service accounts. A `role` is a named list of permissions 1239 # defined by IAM. 1240 # 1241 # **JSON Example** 1242 # 1243 # { 1244 # "bindings": [ 1245 # { 1246 # "role": "roles/owner", 1247 # "members": [ 1248 # "user:mike@example.com", 1249 # "group:admins@example.com", 1250 # "domain:google.com", 1251 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 1252 # ] 1253 # }, 1254 # { 1255 # "role": "roles/viewer", 1256 # "members": ["user:sean@example.com"] 1257 # } 1258 # ] 1259 # } 1260 # 1261 # **YAML Example** 1262 # 1263 # bindings: 1264 # - members: 1265 # - user:mike@example.com 1266 # - group:admins@example.com 1267 # - domain:google.com 1268 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 1269 # role: roles/owner 1270 # - members: 1271 # - user:sean@example.com 1272 # role: roles/viewer 1273 # 1274 # 1275 # For a description of IAM and its features, see the 1276 # [IAM developer's guide](https://cloud.google.com/iam/docs). 1277 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 1278 { # Specifies the audit configuration for a service. 1279 # The configuration determines which permission types are logged, and what 1280 # identities, if any, are exempted from logging. 1281 # An AuditConfig must have one or more AuditLogConfigs. 1282 # 1283 # If there are AuditConfigs for both `allServices` and a specific service, 1284 # the union of the two AuditConfigs is used for that service: the log_types 1285 # specified in each AuditConfig are enabled, and the exempted_members in each 1286 # AuditLogConfig are exempted. 1287 # 1288 # Example Policy with multiple AuditConfigs: 1289 # 1290 # { 1291 # "audit_configs": [ 1292 # { 1293 # "service": "allServices" 1294 # "audit_log_configs": [ 1295 # { 1296 # "log_type": "DATA_READ", 1297 # "exempted_members": [ 1298 # "user:foo@gmail.com" 1299 # ] 1300 # }, 1301 # { 1302 # "log_type": "DATA_WRITE", 1303 # }, 1304 # { 1305 # "log_type": "ADMIN_READ", 1306 # } 1307 # ] 1308 # }, 1309 # { 1310 # "service": "fooservice.googleapis.com" 1311 # "audit_log_configs": [ 1312 # { 1313 # "log_type": "DATA_READ", 1314 # }, 1315 # { 1316 # "log_type": "DATA_WRITE", 1317 # "exempted_members": [ 1318 # "user:bar@gmail.com" 1319 # ] 1320 # } 1321 # ] 1322 # } 1323 # ] 1324 # } 1325 # 1326 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1327 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 1328 # bar@gmail.com from DATA_WRITE logging. 1329 "exemptedMembers": [ 1330 "A String", 1331 ], 1332 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1333 { # Provides the configuration for logging a type of permissions. 1334 # Example: 1335 # 1336 # { 1337 # "audit_log_configs": [ 1338 # { 1339 # "log_type": "DATA_READ", 1340 # "exempted_members": [ 1341 # "user:foo@gmail.com" 1342 # ] 1343 # }, 1344 # { 1345 # "log_type": "DATA_WRITE", 1346 # } 1347 # ] 1348 # } 1349 # 1350 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1351 # foo@gmail.com from DATA_READ logging. 1352 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1353 # permission. 1354 # Follows the same format of Binding.members. 1355 "A String", 1356 ], 1357 "logType": "A String", # The log type that this config enables. 1358 }, 1359 ], 1360 "service": "A String", # Specifies a service that will be enabled for audit logging. 1361 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 1362 # `allServices` is a special value that covers all services. 1363 }, 1364 ], 1365 "rules": [ # If more than one rule is specified, the rules are applied in the following 1366 # manner: 1367 # - All matching LOG rules are always applied. 1368 # - If any DENY/DENY_WITH_LOG rule matches, permission is denied. 1369 # Logging will be applied if one or more matching rule requires logging. 1370 # - Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is 1371 # granted. 1372 # Logging will be applied if one or more matching rule requires logging. 1373 # - Otherwise, if no rule applies, permission is denied. 1374 { # A rule to be applied in a Policy. 1375 "notIn": [ # If one or more 'not_in' clauses are specified, the rule matches 1376 # if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. 1377 # The format for in and not_in entries can be found at in the Local IAM 1378 # documentation (see go/local-iam#features). 1379 "A String", 1380 ], 1381 "description": "A String", # Human-readable description of the rule. 1382 "in": [ # If one or more 'in' clauses are specified, the rule matches if 1383 # the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. 1384 "A String", 1385 ], 1386 "action": "A String", # Required 1387 "conditions": [ # Additional restrictions that must be met. All conditions must pass for the 1388 # rule to match. 1389 { # A condition to be met. 1390 "sys": "A String", # Trusted attributes supplied by any service that owns resources and uses 1391 # the IAM system for access control. 1392 "iam": "A String", # Trusted attributes supplied by the IAM system. 1393 "values": [ # The objects of the condition. 1394 "A String", 1395 ], 1396 "svc": "A String", # Trusted attributes discharged by the service. 1397 "op": "A String", # An operator to apply the subject with. 1398 }, 1399 ], 1400 "logConfig": [ # The config returned to callers of tech.iam.IAM.CheckPolicy for any entries 1401 # that match the LOG action. 1402 { # Specifies what kind of log the caller must write 1403 "counter": { # Increment a streamz counter with the specified metric and field names. # Counter options. 1404 # 1405 # Metric names should start with a '/', generally be lowercase-only, 1406 # and end in "_count". Field names should not contain an initial slash. 1407 # The actual exported metric names will have "/iam/policy" prepended. 1408 # 1409 # Field names correspond to IAM request parameters and field values are 1410 # their respective values. 1411 # 1412 # Supported field names: 1413 # - "authority", which is "[token]" if IAMContext.token is present, 1414 # otherwise the value of IAMContext.authority_selector if present, and 1415 # otherwise a representation of IAMContext.principal; or 1416 # - "iam_principal", a representation of IAMContext.principal even if a 1417 # token or authority selector is present; or 1418 # - "" (empty string), resulting in a counter with no fields. 1419 # 1420 # Examples: 1421 # counter { metric: "/debug_access_count" field: "iam_principal" } 1422 # ==> increment counter /iam/policy/backend_debug_access_count 1423 # {iam_principal=[value of IAMContext.principal]} 1424 # 1425 # At this time we do not support multiple field names (though this may be 1426 # supported in the future). 1427 "field": "A String", # The field value to attribute. 1428 "metric": "A String", # The metric to update. 1429 }, 1430 "dataAccess": { # Write a Data Access (Gin) log # Data access options. 1431 "logMode": "A String", # Whether Gin logging should happen in a fail-closed manner at the caller. 1432 # This is relevant only in the LocalIAM implementation, for now. 1433 }, 1434 "cloudAudit": { # Write a Cloud Audit log # Cloud audit options. 1435 "logName": "A String", # The log_name to populate in the Cloud Audit Record. 1436 "authorizationLoggingOptions": { # Authorization-related information used by Cloud Audit Logging. # Information used by the Cloud Audit Logging pipeline. 1437 "permissionType": "A String", # The type of the permission that was checked. 1438 }, 1439 }, 1440 }, 1441 ], 1442 "permissions": [ # A permission is a string of form '<service>.<resource type>.<verb>' 1443 # (e.g., 'storage.buckets.list'). A value of '*' matches all permissions, 1444 # and a verb part of '*' (e.g., 'storage.buckets.*') matches all verbs. 1445 "A String", 1446 ], 1447 }, 1448 ], 1449 "version": 42, # Deprecated. 1450 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1451 # prevent simultaneous updates of a policy from overwriting each other. 1452 # It is strongly suggested that systems make use of the `etag` in the 1453 # read-modify-write cycle to perform policy updates in order to avoid race 1454 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1455 # systems are expected to put that etag in the request to `setIamPolicy` to 1456 # ensure that their change will be applied to the same version of the policy. 1457 # 1458 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1459 # policy is overwritten blindly. 1460 "bindings": [ # Associates a list of `members` to a `role`. 1461 # `bindings` with no members will result in an error. 1462 { # Associates `members` with a `role`. 1463 "role": "A String", # Role that is assigned to `members`. 1464 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1465 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 1466 # NOTE: An unsatisfied condition will not allow user access via current 1467 # binding. Different bindings, including their conditions, are examined 1468 # independently. 1469 # 1470 # title: "User account presence" 1471 # description: "Determines whether the request has a user account" 1472 # expression: "size(request.user) > 0" 1473 "description": "A String", # An optional description of the expression. This is a longer text which 1474 # describes the expression, e.g. when hovered over it in a UI. 1475 "expression": "A String", # Textual representation of an expression in 1476 # Common Expression Language syntax. 1477 # 1478 # The application context of the containing message determines which 1479 # well-known feature set of CEL is supported. 1480 "location": "A String", # An optional string indicating the location of the expression for error 1481 # reporting, e.g. a file name and a position in the file. 1482 "title": "A String", # An optional title for the expression, i.e. a short string describing 1483 # its purpose. This can be used e.g. in UIs which allow to enter the 1484 # expression. 1485 }, 1486 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1487 # `members` can have the following values: 1488 # 1489 # * `allUsers`: A special identifier that represents anyone who is 1490 # on the internet; with or without a Google account. 1491 # 1492 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1493 # who is authenticated with a Google account or a service account. 1494 # 1495 # * `user:{emailid}`: An email address that represents a specific Google 1496 # account. For example, `alice@gmail.com` . 1497 # 1498 # 1499 # * `serviceAccount:{emailid}`: An email address that represents a service 1500 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 1501 # 1502 # * `group:{emailid}`: An email address that represents a Google group. 1503 # For example, `admins@example.com`. 1504 # 1505 # 1506 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 1507 # users of that domain. For example, `google.com` or `example.com`. 1508 # 1509 "A String", 1510 ], 1511 }, 1512 ], 1513 "iamOwned": True or False, 1514 }</pre> 1515</div> 1516 1517<div class="method"> 1518 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 1519 <pre>Returns permissions that a caller has on the specified resource. 1520If the resource does not exist, this will return an empty set of 1521permissions, not a NOT_FOUND error. 1522 1523Note: This operation is designed to be used for building permission-aware 1524UIs and command-line tools, not for authorization checking. This operation 1525may "fail open" without warning. 1526 1527Args: 1528 resource: string, REQUIRED: The resource for which the policy detail is being requested. 1529See the operation documentation for the appropriate value for this field. (required) 1530 body: object, The request body. (required) 1531 The object takes the form of: 1532 1533{ # Request message for `TestIamPermissions` method. 1534 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 1535 # wildcards (such as '*' or 'storage.*') are not allowed. For more 1536 # information see 1537 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 1538 "A String", 1539 ], 1540 } 1541 1542 x__xgafv: string, V1 error format. 1543 Allowed values 1544 1 - v1 error format 1545 2 - v2 error format 1546 1547Returns: 1548 An object of the form: 1549 1550 { # Response message for `TestIamPermissions` method. 1551 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 1552 # allowed. 1553 "A String", 1554 ], 1555 }</pre> 1556</div> 1557 1558<div class="method"> 1559 <code class="details" id="upgrade">upgrade(name, body=None, x__xgafv=None)</code> 1560 <pre>Upgrade a single Data Fusion instance. 1561At the end of an operation instance is fully upgraded. 1562 1563Args: 1564 name: string, Name of the Data Fusion instance which need to be upgraded in the form of 1565projects/{project}/locations/{location}/instances/{instance} 1566Instance will be upgraded with the latest stable version of the Data 1567Fusion. (required) 1568 body: object, The request body. 1569 The object takes the form of: 1570 1571{ # Request message for upgrading a Data Fusion instance. 1572 # To change the instance properties, instance update should be used. 1573 } 1574 1575 x__xgafv: string, V1 error format. 1576 Allowed values 1577 1 - v1 error format 1578 2 - v2 error format 1579 1580Returns: 1581 An object of the form: 1582 1583 { # This resource represents a long-running operation that is the result of a 1584 # network API call. 1585 "metadata": { # Service-specific metadata associated with the operation. It typically 1586 # contains progress information and common metadata such as create time. 1587 # Some services might not provide such metadata. Any method that returns a 1588 # long-running operation should document the metadata type, if any. 1589 "a_key": "", # Properties of the object. Contains field @type with type URL. 1590 }, 1591 "error": { # The `Status` type defines a logical error model that is suitable for # The error result of the operation in case of failure or cancellation. 1592 # different programming environments, including REST APIs and RPC APIs. It is 1593 # used by [gRPC](https://github.com/grpc). Each `Status` message contains 1594 # three pieces of data: error code, error message, and error details. 1595 # 1596 # You can find out more about this error model and how to work with it in the 1597 # [API Design Guide](https://cloud.google.com/apis/design/errors). 1598 "message": "A String", # A developer-facing error message, which should be in English. Any 1599 # user-facing error message should be localized and sent in the 1600 # google.rpc.Status.details field, or localized by the client. 1601 "code": 42, # The status code, which should be an enum value of google.rpc.Code. 1602 "details": [ # A list of messages that carry the error details. There is a common set of 1603 # message types for APIs to use. 1604 { 1605 "a_key": "", # Properties of the object. Contains field @type with type URL. 1606 }, 1607 ], 1608 }, 1609 "done": True or False, # If the value is `false`, it means the operation is still in progress. 1610 # If `true`, the operation is completed, and either `error` or `response` is 1611 # available. 1612 "response": { # The normal response of the operation in case of success. If the original 1613 # method returns no data on success, such as `Delete`, the response is 1614 # `google.protobuf.Empty`. If the original method is standard 1615 # `Get`/`Create`/`Update`, the response should be the resource. For other 1616 # methods, the response should have the type `XxxResponse`, where `Xxx` 1617 # is the original method name. For example, if the original method name 1618 # is `TakeSnapshot()`, the inferred response type is 1619 # `TakeSnapshotResponse`. 1620 "a_key": "", # Properties of the object. Contains field @type with type URL. 1621 }, 1622 "name": "A String", # The server-assigned name, which is only unique within the same service that 1623 # originally returns it. If you use the default HTTP mapping, the 1624 # `name` should be a resource name ending with `operations/{unique_id}`. 1625 }</pre> 1626</div> 1627 1628</body></html>