Package com.google.identity.accesscontextmanager.v1 (1.29.0)

A client to Access Context Manager API

The interfaces provided are listed below, along with usage samples.

AccessContextManagerClient

Service Description: API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies

Sample for AccessContextManagerClient:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 try (AccessContextManagerClient accessContextManagerClient =
     AccessContextManagerClient.create()) {
   AccessPolicyName name = AccessPolicyName.of("[ACCESS_POLICY]");
   AccessPolicy response = accessContextManagerClient.getAccessPolicy(name);
 }
 

Classes

AccessContextManagerClient

Service Description: API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 try (AccessContextManagerClient accessContextManagerClient =
     AccessContextManagerClient.create()) {
   AccessPolicyName name = AccessPolicyName.of("[ACCESS_POLICY]");
   AccessPolicy response = accessContextManagerClient.getAccessPolicy(name);
 }
 

Note: close() needs to be called on the AccessContextManagerClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().

The surface of this class includes several types of Java methods for each of the API's methods:

  1. A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
  2. A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
  3. A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.

See the individual methods for example code.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.

This class can be customized by passing in a custom instance of AccessContextManagerSettings to create(). For example:

To customize credentials:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 AccessContextManagerSettings accessContextManagerSettings =
     AccessContextManagerSettings.newBuilder()
         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
         .build();
 AccessContextManagerClient accessContextManagerClient =
     AccessContextManagerClient.create(accessContextManagerSettings);
 

To customize the endpoint:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 AccessContextManagerSettings accessContextManagerSettings =
     AccessContextManagerSettings.newBuilder().setEndpoint(myEndpoint).build();
 AccessContextManagerClient accessContextManagerClient =
     AccessContextManagerClient.create(accessContextManagerSettings);
 

To use REST (HTTP1.1/JSON) transport (instead of gRPC) for sending and receiving requests over the wire:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 AccessContextManagerSettings accessContextManagerSettings =
     AccessContextManagerSettings.newHttpJsonBuilder().build();
 AccessContextManagerClient accessContextManagerClient =
     AccessContextManagerClient.create(accessContextManagerSettings);
 

Please refer to the GitHub repository's samples for more quickstart code snippets.

AccessContextManagerClient.ListAccessLevelsFixedSizeCollection

AccessContextManagerClient.ListAccessLevelsPage

AccessContextManagerClient.ListAccessLevelsPagedResponse

AccessContextManagerClient.ListAccessPoliciesFixedSizeCollection

AccessContextManagerClient.ListAccessPoliciesPage

AccessContextManagerClient.ListAccessPoliciesPagedResponse

AccessContextManagerClient.ListGcpUserAccessBindingsFixedSizeCollection

AccessContextManagerClient.ListGcpUserAccessBindingsPage

AccessContextManagerClient.ListGcpUserAccessBindingsPagedResponse

AccessContextManagerClient.ListServicePerimetersFixedSizeCollection

AccessContextManagerClient.ListServicePerimetersPage

AccessContextManagerClient.ListServicePerimetersPagedResponse

AccessContextManagerGrpc

API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies

AccessContextManagerGrpc.AccessContextManagerBlockingStub

A stub to allow clients to do synchronous rpc calls to service AccessContextManager.

API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies

AccessContextManagerGrpc.AccessContextManagerFutureStub

A stub to allow clients to do ListenableFuture-style rpc calls to service AccessContextManager.

API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies

AccessContextManagerGrpc.AccessContextManagerImplBase

Base class for the server implementation of the service AccessContextManager.

API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies

AccessContextManagerGrpc.AccessContextManagerStub

A stub to allow clients to do asynchronous rpc calls to service AccessContextManager.

API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies

AccessContextManagerOperationMetadata

Metadata of Access Context Manager's Long Running Operations.

Protobuf type google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata

AccessContextManagerOperationMetadata.Builder

Metadata of Access Context Manager's Long Running Operations.

Protobuf type google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata

AccessContextManagerProto

AccessContextManagerSettings

Settings class to configure an instance of AccessContextManagerClient.

The default instance has everything set to sensible defaults:

  • The default service address (accesscontextmanager.googleapis.com) and default port (443) are used.
  • Credentials are acquired automatically through Application Default Credentials.
  • Retries are configured for idempotent methods but not for non-idempotent methods.

The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.

For example, to set the total timeout of getAccessPolicy to 30 seconds:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 AccessContextManagerSettings.Builder accessContextManagerSettingsBuilder =
     AccessContextManagerSettings.newBuilder();
 accessContextManagerSettingsBuilder
     .getAccessPolicySettings()
     .setRetrySettings(
         accessContextManagerSettingsBuilder
             .getAccessPolicySettings()
             .getRetrySettings()
             .toBuilder()
             .setTotalTimeout(Duration.ofSeconds(30))
             .build());
 AccessContextManagerSettings accessContextManagerSettings =
     accessContextManagerSettingsBuilder.build();
 

AccessContextManagerSettings.Builder

Builder for AccessContextManagerSettings.

AccessLevel

An AccessLevel is a label that can be applied to requests to Google Cloud services, along with a list of requirements necessary for the label to be applied.

Protobuf type google.identity.accesscontextmanager.v1.AccessLevel

AccessLevel.Builder

An AccessLevel is a label that can be applied to requests to Google Cloud services, along with a list of requirements necessary for the label to be applied.

Protobuf type google.identity.accesscontextmanager.v1.AccessLevel

AccessLevelName

AccessLevelName.Builder

Builder for accessPolicies/{access_policy}/accessLevels/{access_level}.

AccessLevelProto

AccessPolicy

AccessPolicy is a container for AccessLevels (which define the necessary attributes to use Google Cloud services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.

Protobuf type google.identity.accesscontextmanager.v1.AccessPolicy

AccessPolicy.Builder

AccessPolicy is a container for AccessLevels (which define the necessary attributes to use Google Cloud services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.

Protobuf type google.identity.accesscontextmanager.v1.AccessPolicy

AccessPolicyName

AccessPolicyName.Builder

Builder for accessPolicies/{access_policy}.

BasicLevel

BasicLevel is an AccessLevel using a set of recommended features.

Protobuf type google.identity.accesscontextmanager.v1.BasicLevel

BasicLevel.Builder

BasicLevel is an AccessLevel using a set of recommended features.

Protobuf type google.identity.accesscontextmanager.v1.BasicLevel

CommitServicePerimetersRequest

A request to commit dry-run specs in all [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] belonging to an Access Policy.

Protobuf type google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest

CommitServicePerimetersRequest.Builder

A request to commit dry-run specs in all [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] belonging to an Access Policy.

Protobuf type google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest

CommitServicePerimetersResponse

A response to CommitServicePerimetersRequest. This will be put inside of Operation.response field.

Protobuf type google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse

CommitServicePerimetersResponse.Builder

A response to CommitServicePerimetersRequest. This will be put inside of Operation.response field.

Protobuf type google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse

Condition

A condition necessary for an AccessLevel to be granted. The Condition is an AND over its fields. So a Condition is true if: 1) the request IP is from one of the listed subnetworks AND 2) the originating device complies with the listed device policy AND 3) all listed access levels are granted AND 4) the request was sent at a time allowed by the DateTimeRestriction.

Protobuf type google.identity.accesscontextmanager.v1.Condition

Condition.Builder

A condition necessary for an AccessLevel to be granted. The Condition is an AND over its fields. So a Condition is true if: 1) the request IP is from one of the listed subnetworks AND 2) the originating device complies with the listed device policy AND 3) all listed access levels are granted AND 4) the request was sent at a time allowed by the DateTimeRestriction.

Protobuf type google.identity.accesscontextmanager.v1.Condition

CreateAccessLevelRequest

A request to create an AccessLevel.

Protobuf type google.identity.accesscontextmanager.v1.CreateAccessLevelRequest

CreateAccessLevelRequest.Builder

A request to create an AccessLevel.

Protobuf type google.identity.accesscontextmanager.v1.CreateAccessLevelRequest

CreateGcpUserAccessBindingRequest

Request of [CreateGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.CreateGcpUserAccessBinding].

Protobuf type google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest

CreateGcpUserAccessBindingRequest.Builder

Request of [CreateGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.CreateGcpUserAccessBinding].

Protobuf type google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest

CreateServicePerimeterRequest

A request to create a ServicePerimeter.

Protobuf type google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest

CreateServicePerimeterRequest.Builder

A request to create a ServicePerimeter.

Protobuf type google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest

CustomLevel

CustomLevel is an AccessLevel using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. See CEL spec at: https://github.com/google/cel-spec

Protobuf type google.identity.accesscontextmanager.v1.CustomLevel

CustomLevel.Builder

CustomLevel is an AccessLevel using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. See CEL spec at: https://github.com/google/cel-spec

Protobuf type google.identity.accesscontextmanager.v1.CustomLevel

DeleteAccessLevelRequest

A request to delete an AccessLevel.

Protobuf type google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest

DeleteAccessLevelRequest.Builder

A request to delete an AccessLevel.

Protobuf type google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest

DeleteAccessPolicyRequest

A request to delete an AccessPolicy.

Protobuf type google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest

DeleteAccessPolicyRequest.Builder

A request to delete an AccessPolicy.

Protobuf type google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest

DeleteGcpUserAccessBindingRequest

Request of [DeleteGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.DeleteGcpUserAccessBinding].

Protobuf type google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest

DeleteGcpUserAccessBindingRequest.Builder

Request of [DeleteGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.DeleteGcpUserAccessBinding].

Protobuf type google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest

DeleteServicePerimeterRequest

A request to delete a ServicePerimeter.

Protobuf type google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest

DeleteServicePerimeterRequest.Builder

A request to delete a ServicePerimeter.

Protobuf type google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest

DevicePolicy

DevicePolicy specifies device specific restrictions necessary to acquire a given access level. A DevicePolicy specifies requirements for requests from devices to be granted access levels, it does not do any enforcement on the device. DevicePolicy acts as an AND over all specified fields, and each repeated field is an OR over its elements. Any unset fields are ignored. For example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be true for requests originating from encrypted Linux desktops and encrypted Windows desktops.

Protobuf type google.identity.accesscontextmanager.v1.DevicePolicy

DevicePolicy.Builder

DevicePolicy specifies device specific restrictions necessary to acquire a given access level. A DevicePolicy specifies requirements for requests from devices to be granted access levels, it does not do any enforcement on the device. DevicePolicy acts as an AND over all specified fields, and each repeated field is an OR over its elements. Any unset fields are ignored. For example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be true for requests originating from encrypted Linux desktops and encrypted Windows desktops.

Protobuf type google.identity.accesscontextmanager.v1.DevicePolicy

GcpUserAccessBinding

Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.

Protobuf type google.identity.accesscontextmanager.v1.GcpUserAccessBinding

GcpUserAccessBinding.Builder

Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.

Protobuf type google.identity.accesscontextmanager.v1.GcpUserAccessBinding

GcpUserAccessBindingName

GcpUserAccessBindingName.Builder

Builder for organizations/{organization}/gcpUserAccessBindings/{gcp_user_access_binding}.

GcpUserAccessBindingOperationMetadata

Currently, a completed operation means nothing. In the future, this metadata and a completed operation may indicate that the binding has taken effect and is affecting access decisions for all users.

Protobuf type google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata

GcpUserAccessBindingOperationMetadata.Builder

Currently, a completed operation means nothing. In the future, this metadata and a completed operation may indicate that the binding has taken effect and is affecting access decisions for all users.

Protobuf type google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata

GcpUserAccessBindingProto

GetAccessLevelRequest

A request to get a particular AccessLevel.

Protobuf type google.identity.accesscontextmanager.v1.GetAccessLevelRequest

GetAccessLevelRequest.Builder

A request to get a particular AccessLevel.

Protobuf type google.identity.accesscontextmanager.v1.GetAccessLevelRequest

GetAccessPolicyRequest

A request to get a particular AccessPolicy.

Protobuf type google.identity.accesscontextmanager.v1.GetAccessPolicyRequest

GetAccessPolicyRequest.Builder

A request to get a particular AccessPolicy.

Protobuf type google.identity.accesscontextmanager.v1.GetAccessPolicyRequest

GetGcpUserAccessBindingRequest

Request of [GetGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.GetGcpUserAccessBinding].

Protobuf type google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest

GetGcpUserAccessBindingRequest.Builder

Request of [GetGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.GetGcpUserAccessBinding].

Protobuf type google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest

GetServicePerimeterRequest

A request to get a particular ServicePerimeter.

Protobuf type google.identity.accesscontextmanager.v1.GetServicePerimeterRequest

GetServicePerimeterRequest.Builder

A request to get a particular ServicePerimeter.

Protobuf type google.identity.accesscontextmanager.v1.GetServicePerimeterRequest

ListAccessLevelsRequest

A request to list all AccessLevels in an AccessPolicy.

Protobuf type google.identity.accesscontextmanager.v1.ListAccessLevelsRequest

ListAccessLevelsRequest.Builder

A request to list all AccessLevels in an AccessPolicy.

Protobuf type google.identity.accesscontextmanager.v1.ListAccessLevelsRequest

ListAccessLevelsResponse

A response to ListAccessLevelsRequest.

Protobuf type google.identity.accesscontextmanager.v1.ListAccessLevelsResponse

ListAccessLevelsResponse.Builder

A response to ListAccessLevelsRequest.

Protobuf type google.identity.accesscontextmanager.v1.ListAccessLevelsResponse

ListAccessPoliciesRequest

A request to list all AccessPolicies for a container.

Protobuf type google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest

ListAccessPoliciesRequest.Builder

A request to list all AccessPolicies for a container.

Protobuf type google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest

ListAccessPoliciesResponse

A response to ListAccessPoliciesRequest.

Protobuf type google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse

ListAccessPoliciesResponse.Builder

A response to ListAccessPoliciesRequest.

Protobuf type google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse

ListGcpUserAccessBindingsRequest

Request of [ListGcpUserAccessBindings] [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].

Protobuf type google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest

ListGcpUserAccessBindingsRequest.Builder

Request of [ListGcpUserAccessBindings] [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].

Protobuf type google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest

ListGcpUserAccessBindingsResponse

Response of [ListGcpUserAccessBindings] [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].

Protobuf type google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse

ListGcpUserAccessBindingsResponse.Builder

Response of [ListGcpUserAccessBindings] [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].

Protobuf type google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse

ListServicePerimetersRequest

A request to list all ServicePerimeters in an AccessPolicy.

Protobuf type google.identity.accesscontextmanager.v1.ListServicePerimetersRequest

ListServicePerimetersRequest.Builder

A request to list all ServicePerimeters in an AccessPolicy.

Protobuf type google.identity.accesscontextmanager.v1.ListServicePerimetersRequest

ListServicePerimetersResponse

A response to ListServicePerimetersRequest.

Protobuf type google.identity.accesscontextmanager.v1.ListServicePerimetersResponse

ListServicePerimetersResponse.Builder

A response to ListServicePerimetersRequest.

Protobuf type google.identity.accesscontextmanager.v1.ListServicePerimetersResponse

OrganizationName

OrganizationName.Builder

Builder for organizations/{organization}.

OsConstraint

A restriction on the OS type and version of devices making requests.

Protobuf type google.identity.accesscontextmanager.v1.OsConstraint

OsConstraint.Builder

A restriction on the OS type and version of devices making requests.

Protobuf type google.identity.accesscontextmanager.v1.OsConstraint

PolicyProto

ReplaceAccessLevelsRequest

A request to replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically.

Protobuf type google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest

ReplaceAccessLevelsRequest.Builder

A request to replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically.

Protobuf type google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest

ReplaceAccessLevelsResponse

A response to ReplaceAccessLevelsRequest. This will be put inside of Operation.response field.

Protobuf type google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse

ReplaceAccessLevelsResponse.Builder

A response to ReplaceAccessLevelsRequest. This will be put inside of Operation.response field.

Protobuf type google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse

ReplaceServicePerimetersRequest

A request to replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically.

Protobuf type google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest

ReplaceServicePerimetersRequest.Builder

A request to replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically.

Protobuf type google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest

ReplaceServicePerimetersResponse

A response to ReplaceServicePerimetersRequest. This will be put inside of Operation.response field.

Protobuf type google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse

ReplaceServicePerimetersResponse.Builder

A response to ReplaceServicePerimetersRequest. This will be put inside of Operation.response field.

Protobuf type google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse

ServicePerimeter

ServicePerimeter describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the ServicePerimeter. If a request with a source within this ServicePerimeter has a target outside of the ServicePerimeter, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeter

ServicePerimeter.Builder

ServicePerimeter describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the ServicePerimeter. If a request with a source within this ServicePerimeter has a target outside of the ServicePerimeter, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeter

ServicePerimeterConfig

ServicePerimeterConfig specifies a set of Google Cloud resources that describe specific Service Perimeter configuration.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig

ServicePerimeterConfig.ApiOperation

Identification for an API Operation.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation

ServicePerimeterConfig.ApiOperation.Builder

Identification for an API Operation.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation

ServicePerimeterConfig.Builder

ServicePerimeterConfig specifies a set of Google Cloud resources that describe specific Service Perimeter configuration.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig

ServicePerimeterConfig.EgressFrom

Defines the conditions under which an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter], then that [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] must have an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] which allows access in order for this request to succeed.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom

ServicePerimeterConfig.EgressFrom.Builder

Defines the conditions under which an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter], then that [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] must have an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] which allows access in order for this request to succeed.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom

ServicePerimeterConfig.EgressPolicy

Policy for egress from perimeter.

[EgressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] match requests based on egress_from and egress_to stanzas. For an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] to match, both egress_from and egress_to stanzas must be matched. If an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] matches a request, the request is allowed to span the [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] boundary. For example, an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] can be used to allow VMs on networks within the [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset).

[EgressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] are concerned with the resources that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom] and [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo].

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy

ServicePerimeterConfig.EgressPolicy.Builder

Policy for egress from perimeter.

[EgressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] match requests based on egress_from and egress_to stanzas. For an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] to match, both egress_from and egress_to stanzas must be matched. If an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] matches a request, the request is allowed to span the [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] boundary. For example, an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] can be used to allow VMs on networks within the [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset).

[EgressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] are concerned with the resources that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom] and [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo].

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy

ServicePerimeterConfig.EgressTo

Defines the conditions under which an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] matches a request. Conditions are based on information about the [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] intended to be performed on the resources specified. Note that if the destination of the request is also protected by a [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter], then that [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] must have an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] which allows access in order for this request to succeed. The request must match operations AND resources fields in order to be allowed egress out of the perimeter.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo

ServicePerimeterConfig.EgressTo.Builder

Defines the conditions under which an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] matches a request. Conditions are based on information about the [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] intended to be performed on the resources specified. Note that if the destination of the request is also protected by a [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter], then that [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] must have an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] which allows access in order for this request to succeed. The request must match operations AND resources fields in order to be allowed egress out of the perimeter.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo

ServicePerimeterConfig.IngressFrom

Defines the conditions under which an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] matches a request. Conditions are based on information about the source of the request. The request must satisfy what is defined in sources AND identity related fields in order to match.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom

ServicePerimeterConfig.IngressFrom.Builder

Defines the conditions under which an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] matches a request. Conditions are based on information about the source of the request. The request must satisfy what is defined in sources AND identity related fields in order to match.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom

ServicePerimeterConfig.IngressPolicy

Policy for ingress into [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter].

[IngressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] match requests based on ingress_from and ingress_to stanzas. For an ingress policy to match, both the ingress_from and ingress_to stanzas must be matched. If an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] matches a request, the request is allowed through the perimeter boundary from outside the perimeter.

For example, access from the internet can be allowed either based on an [AccessLevel] [google.identity.accesscontextmanager.v1.AccessLevel] or, for traffic hosted on Google Cloud, the project of the source network. For access from private networks, using the project of the hosting network is required.

Individual ingress policies can be limited by restricting which services and/or actions they match using the ingress_to field.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy

ServicePerimeterConfig.IngressPolicy.Builder

Policy for ingress into [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter].

[IngressPolicies] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] match requests based on ingress_from and ingress_to stanzas. For an ingress policy to match, both the ingress_from and ingress_to stanzas must be matched. If an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] matches a request, the request is allowed through the perimeter boundary from outside the perimeter.

For example, access from the internet can be allowed either based on an [AccessLevel] [google.identity.accesscontextmanager.v1.AccessLevel] or, for traffic hosted on Google Cloud, the project of the source network. For access from private networks, using the project of the hosting network is required.

Individual ingress policies can be limited by restricting which services and/or actions they match using the ingress_to field.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy

ServicePerimeterConfig.IngressSource

The source that [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] authorizes access from.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource

ServicePerimeterConfig.IngressSource.Builder

The source that [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] authorizes access from.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource

ServicePerimeterConfig.IngressTo

Defines the conditions under which an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] matches a request. Conditions are based on information about the [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] intended to be performed on the target resource of the request. The request must satisfy what is defined in operations AND resources in order to match.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo

ServicePerimeterConfig.IngressTo.Builder

Defines the conditions under which an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] matches a request. Conditions are based on information about the [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] intended to be performed on the target resource of the request. The request must satisfy what is defined in operations AND resources in order to match.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo

ServicePerimeterConfig.MethodSelector

An allowed method or permission of a service specified in [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector

ServicePerimeterConfig.MethodSelector.Builder

An allowed method or permission of a service specified in [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector

ServicePerimeterConfig.VpcAccessibleServices

Specifies how APIs are allowed to communicate within the Service Perimeter.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices

ServicePerimeterConfig.VpcAccessibleServices.Builder

Specifies how APIs are allowed to communicate within the Service Perimeter.

Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices

ServicePerimeterName

ServicePerimeterName.Builder

Builder for accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}.

ServicePerimeterProto

UpdateAccessLevelRequest

A request to update an AccessLevel.

Protobuf type google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest

UpdateAccessLevelRequest.Builder

A request to update an AccessLevel.

Protobuf type google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest

UpdateAccessPolicyRequest

A request to update an AccessPolicy.

Protobuf type google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest

UpdateAccessPolicyRequest.Builder

A request to update an AccessPolicy.

Protobuf type google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest

UpdateGcpUserAccessBindingRequest

Request of [UpdateGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.UpdateGcpUserAccessBinding].

Protobuf type google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest

UpdateGcpUserAccessBindingRequest.Builder

Request of [UpdateGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.UpdateGcpUserAccessBinding].

Protobuf type google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest

UpdateServicePerimeterRequest

A request to update a ServicePerimeter.

Protobuf type google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest

UpdateServicePerimeterRequest.Builder

A request to update a ServicePerimeter.

Protobuf type google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest

Interfaces

AccessContextManagerGrpc.AsyncService

API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies

AccessContextManagerOperationMetadataOrBuilder

AccessLevelOrBuilder

AccessPolicyOrBuilder

BasicLevelOrBuilder

CommitServicePerimetersRequestOrBuilder

CommitServicePerimetersResponseOrBuilder

ConditionOrBuilder

CreateAccessLevelRequestOrBuilder

CreateGcpUserAccessBindingRequestOrBuilder

CreateServicePerimeterRequestOrBuilder

CustomLevelOrBuilder

DeleteAccessLevelRequestOrBuilder

DeleteAccessPolicyRequestOrBuilder

DeleteGcpUserAccessBindingRequestOrBuilder

DeleteServicePerimeterRequestOrBuilder

DevicePolicyOrBuilder

GcpUserAccessBindingOperationMetadataOrBuilder

GcpUserAccessBindingOrBuilder

GetAccessLevelRequestOrBuilder

GetAccessPolicyRequestOrBuilder

GetGcpUserAccessBindingRequestOrBuilder

GetServicePerimeterRequestOrBuilder

ListAccessLevelsRequestOrBuilder

ListAccessLevelsResponseOrBuilder

ListAccessPoliciesRequestOrBuilder

ListAccessPoliciesResponseOrBuilder

ListGcpUserAccessBindingsRequestOrBuilder

ListGcpUserAccessBindingsResponseOrBuilder

ListServicePerimetersRequestOrBuilder

ListServicePerimetersResponseOrBuilder

OsConstraintOrBuilder

ReplaceAccessLevelsRequestOrBuilder

ReplaceAccessLevelsResponseOrBuilder

ReplaceServicePerimetersRequestOrBuilder

ReplaceServicePerimetersResponseOrBuilder

ServicePerimeterConfig.ApiOperationOrBuilder

ServicePerimeterConfig.EgressFromOrBuilder

ServicePerimeterConfig.EgressPolicyOrBuilder

ServicePerimeterConfig.EgressToOrBuilder

ServicePerimeterConfig.IngressFromOrBuilder

ServicePerimeterConfig.IngressPolicyOrBuilder

ServicePerimeterConfig.IngressSourceOrBuilder

ServicePerimeterConfig.IngressToOrBuilder

ServicePerimeterConfig.MethodSelectorOrBuilder

ServicePerimeterConfig.VpcAccessibleServicesOrBuilder

ServicePerimeterConfigOrBuilder

ServicePerimeterOrBuilder

UpdateAccessLevelRequestOrBuilder

UpdateAccessPolicyRequestOrBuilder

UpdateGcpUserAccessBindingRequestOrBuilder

UpdateServicePerimeterRequestOrBuilder

Enums

AccessLevel.LevelCase

BasicLevel.ConditionCombiningFunction

Options for how the conditions list should be combined to determine if this AccessLevel is applied. Default is AND.

Protobuf enum google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction

LevelFormat

The format used in an AccessLevel.

Protobuf enum google.identity.accesscontextmanager.v1.LevelFormat

ServicePerimeter.PerimeterType

Specifies the type of the Perimeter. There are two types: regular and bridge. Regular Service Perimeter contains resources, access levels, and restricted services. Every resource can be in at most ONE regular Service Perimeter.

In addition to being in a regular service perimeter, a resource can also be in zero or more perimeter bridges. A perimeter bridge only contains resources. Cross project operations are permitted if all effected resources share some perimeter (whether bridge or regular). Perimeter Bridge does not contain access levels or services: those are governed entirely by the regular perimeter that resource is in.

Perimeter Bridges are typically useful when building more complex toplogies with many independent perimeters that need to share some data with a common perimeter, but should not be able to share data among themselves.

Protobuf enum google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType

ServicePerimeterConfig.IdentityType

Specifies the types of identities that are allowed access in either [IngressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom] or [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom] rules.

Protobuf enum google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType

ServicePerimeterConfig.IngressSource.SourceCase

ServicePerimeterConfig.MethodSelector.KindCase