Access Context Manager API

An API for setting attribute based access control to requests to Google Cloud services.

Service: accesscontextmanager.googleapis.com

To call this service, we recommend that you use the Google-provided client libraries. If your application needs to use your own libraries to call this service, use the following information when you make the API requests.

Discovery document

A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery documents:

Service endpoint

A service endpoint is a base URL that specifies the network address of an API service. One service might have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:

  • https://accesscontextmanager.googleapis.com

REST Resource: v1alpha.accessPolicies

Methods
create POST /v1alpha/accessPolicies
Creates an access policy.
delete DELETE /v1alpha/{name=accessPolicies/*}
Deletes an access policy based on the resource name.
get GET /v1alpha/{name=accessPolicies/*}
Returns an access policy based on the name.
getIamPolicy POST /v1alpha/{resource=accessPolicies/*}:getIamPolicy
Gets the IAM policy for the specified Access Context Manager access policy.
list GET /v1alpha/accessPolicies
Lists all access policies in an organization.
patch PATCH /v1alpha/{policy.name=accessPolicies/*}
Updates an access policy.
setIamPolicy POST /v1alpha/{resource=accessPolicies/*}:setIamPolicy
Sets the IAM policy for the specified Access Context Manager access policy.
testIamPermissions POST /v1alpha/{resource=accessPolicies/*}:testIamPermissions
Returns the IAM permissions that the caller has on the specified Access Context Manager resource.

REST Resource: v1alpha.accessPolicies.accessLevels

Methods
create POST /v1alpha/{parent=accessPolicies/*}/accessLevels
Creates an access level.
delete DELETE /v1alpha/{name=accessPolicies/*/accessLevels/*}
Deletes an access level based on the resource name.
get GET /v1alpha/{name=accessPolicies/*/accessLevels/*}
Gets an access level based on the resource name.
list GET /v1alpha/{parent=accessPolicies/*}/accessLevels
Lists all access levels for an access policy.
patch PATCH /v1alpha/{accessLevel.name=accessPolicies/*/accessLevels/*}
Updates an access level.
replaceAll POST /v1alpha/{parent=accessPolicies/*}/accessLevels:replaceAll
Replaces all existing access levels in an access policy with the access levels provided.
testIamPermissions POST /v1alpha/{resource=accessPolicies/*/accessLevels/*}:testIamPermissions
Returns the IAM permissions that the caller has on the specified Access Context Manager resource.

REST Resource: v1alpha.accessPolicies.authorizedOrgsDescs

Methods
create POST /v1alpha/{parent=accessPolicies/*}/authorizedOrgsDescs
Creates an authorized orgs desc.
delete DELETE /v1alpha/{name=accessPolicies/*/authorizedOrgsDescs/*}
Deletes an authorized orgs desc based on the resource name.
get GET /v1alpha/{name=accessPolicies/*/authorizedOrgsDescs/*}
Gets an authorized orgs desc based on the resource name.
list GET /v1alpha/{parent=accessPolicies/*}/authorizedOrgsDescs
Lists all authorized orgs descs for an access policy.
patch PATCH /v1alpha/{authorizedOrgsDesc.name=accessPolicies/*/authorizedOrgsDescs/*}
Updates an authorized orgs desc.

REST Resource: v1alpha.accessPolicies.servicePerimeters

Methods
commit POST /v1alpha/{parent=accessPolicies/*}/servicePerimeters:commit
Commits the dry-run specification for all the service perimeters in an access policy.
create POST /v1alpha/{parent=accessPolicies/*}/servicePerimeters
Creates a service perimeter.
delete DELETE /v1alpha/{name=accessPolicies/*/servicePerimeters/*}
Deletes a service perimeter based on the resource name.
get GET /v1alpha/{name=accessPolicies/*/servicePerimeters/*}
Gets a service perimeter based on the resource name.
list GET /v1alpha/{parent=accessPolicies/*}/servicePerimeters
Lists all service perimeters for an access policy.
patch PATCH /v1alpha/{servicePerimeter.name=accessPolicies/*/servicePerimeters/*}
Updates a service perimeter.
replaceAll POST /v1alpha/{parent=accessPolicies/*}/servicePerimeters:replaceAll
Replace all existing service perimeters in an access policy with the service perimeters provided.
testIamPermissions POST /v1alpha/{resource=accessPolicies/*/servicePerimeters/*}:testIamPermissions
Returns the IAM permissions that the caller has on the specified Access Context Manager resource.

REST Resource: v1alpha.operations

Methods
get GET /v1alpha/{name=operations/**}
Gets the latest state of a long-running operation.

REST Resource: v1alpha.organizations.gcpUserAccessBindings

Methods
create POST /v1alpha/{parent=organizations/*}/gcpUserAccessBindings
Creates a GcpUserAccessBinding.
delete DELETE /v1alpha/{name=organizations/*/gcpUserAccessBindings/*}
Deletes a GcpUserAccessBinding.
get GET /v1alpha/{name=organizations/*/gcpUserAccessBindings/*}
Gets the GcpUserAccessBinding with the given name.
list GET /v1alpha/{parent=organizations/*}/gcpUserAccessBindings
Lists all GcpUserAccessBindings for a Google Cloud organization.
patch PATCH /v1alpha/{gcpUserAccessBinding.name=organizations/*/gcpUserAccessBindings/*}
Updates a GcpUserAccessBinding.

REST Resource: v1alpha.services

Methods
get GET /v1alpha/services/{name}
Get a VPS-SC Supported Service by name.
list GET /v1alpha/services
Lists all VPC-SC supported services.

REST Resource: v1.accessPolicies

Methods
create POST /v1/accessPolicies
Creates an access policy.
delete DELETE /v1/{name=accessPolicies/*}
Deletes an access policy based on the resource name.
get GET /v1/{name=accessPolicies/*}
Returns an access policy based on the name.
getIamPolicy POST /v1/{resource=accessPolicies/*}:getIamPolicy
Gets the IAM policy for the specified Access Context Manager access policy.
list GET /v1/accessPolicies
Lists all access policies in an organization.
patch PATCH /v1/{policy.name=accessPolicies/*}
Updates an access policy.
setIamPolicy POST /v1/{resource=accessPolicies/*}:setIamPolicy
Sets the IAM policy for the specified Access Context Manager access policy.
testIamPermissions POST /v1/{resource=accessPolicies/*}:testIamPermissions
Returns the IAM permissions that the caller has on the specified Access Context Manager resource.

REST Resource: v1.accessPolicies.accessLevels

Methods
create POST /v1/{parent=accessPolicies/*}/accessLevels
Creates an access level.
delete DELETE /v1/{name=accessPolicies/*/accessLevels/*}
Deletes an access level based on the resource name.
get GET /v1/{name=accessPolicies/*/accessLevels/*}
Gets an access level based on the resource name.
list GET /v1/{parent=accessPolicies/*}/accessLevels
Lists all access levels for an access policy.
patch PATCH /v1/{accessLevel.name=accessPolicies/*/accessLevels/*}
Updates an access level.
replaceAll POST /v1/{parent=accessPolicies/*}/accessLevels:replaceAll
Replaces all existing access levels in an access policy with the access levels provided.
testIamPermissions POST /v1/{resource=accessPolicies/*/accessLevels/*}:testIamPermissions
Returns the IAM permissions that the caller has on the specified Access Context Manager resource.

REST Resource: v1.accessPolicies.authorizedOrgsDescs

Methods
create POST /v1/{parent=accessPolicies/*}/authorizedOrgsDescs
Creates an authorized orgs desc.
delete DELETE /v1/{name=accessPolicies/*/authorizedOrgsDescs/*}
Deletes an authorized orgs desc based on the resource name.
get GET /v1/{name=accessPolicies/*/authorizedOrgsDescs/*}
Gets an authorized orgs desc based on the resource name.
list GET /v1/{parent=accessPolicies/*}/authorizedOrgsDescs
Lists all authorized orgs descs for an access policy.
patch PATCH /v1/{authorizedOrgsDesc.name=accessPolicies/*/authorizedOrgsDescs/*}
Updates an authorized orgs desc.

REST Resource: v1.accessPolicies.servicePerimeters

Methods
commit POST /v1/{parent=accessPolicies/*}/servicePerimeters:commit
Commits the dry-run specification for all the service perimeters in an access policy.
create POST /v1/{parent=accessPolicies/*}/servicePerimeters
Creates a service perimeter.
delete DELETE /v1/{name=accessPolicies/*/servicePerimeters/*}
Deletes a service perimeter based on the resource name.
get GET /v1/{name=accessPolicies/*/servicePerimeters/*}
Gets a service perimeter based on the resource name.
list GET /v1/{parent=accessPolicies/*}/servicePerimeters
Lists all service perimeters for an access policy.
patch PATCH /v1/{servicePerimeter.name=accessPolicies/*/servicePerimeters/*}
Updates a service perimeter.
replaceAll POST /v1/{parent=accessPolicies/*}/servicePerimeters:replaceAll
Replace all existing service perimeters in an access policy with the service perimeters provided.
testIamPermissions POST /v1/{resource=accessPolicies/*/servicePerimeters/*}:testIamPermissions
Returns the IAM permissions that the caller has on the specified Access Context Manager resource.

REST Resource: v1.operations

Methods
cancel POST /v1/{name=operations/**}:cancel
Starts asynchronous cancellation on a long-running operation.
delete DELETE /v1/{name=operations/**}
Deletes a long-running operation.
get GET /v1/{name=operations/**}
Gets the latest state of a long-running operation.
list GET /v1/{name}
Lists operations that match the specified filter in the request.

REST Resource: v1.organizations.gcpUserAccessBindings

Methods
create POST /v1/{parent=organizations/*}/gcpUserAccessBindings
Creates a GcpUserAccessBinding.
delete DELETE /v1/{name=organizations/*/gcpUserAccessBindings/*}
Deletes a GcpUserAccessBinding.
get GET /v1/{name=organizations/*/gcpUserAccessBindings/*}
Gets the GcpUserAccessBinding with the given name.
list GET /v1/{parent=organizations/*}/gcpUserAccessBindings
Lists all GcpUserAccessBindings for a Google Cloud organization.
patch PATCH /v1/{gcpUserAccessBinding.name=organizations/*/gcpUserAccessBindings/*}
Updates a GcpUserAccessBinding.

REST Resource: v1.services

Methods
get GET /v1/services/{name}
Returns a VPC-SC supported service based on the service name.
list GET /v1/services
Lists all VPC-SC supported services.