- 1.55.0 (latest)
- 1.54.0
- 1.53.0
- 1.52.0
- 1.50.0
- 1.49.0
- 1.48.0
- 1.47.0
- 1.46.0
- 1.45.0
- 1.44.0
- 1.43.0
- 1.42.0
- 1.41.0
- 1.40.0
- 1.38.0
- 1.37.0
- 1.36.0
- 1.35.0
- 1.34.0
- 1.33.0
- 1.32.0
- 1.31.0
- 1.30.0
- 1.29.0
- 1.28.0
- 1.25.0
- 1.24.0
- 1.23.0
- 1.22.0
- 1.21.0
- 1.20.0
- 1.19.0
- 1.18.0
- 1.17.0
- 1.16.0
- 1.15.0
- 1.14.0
- 1.13.0
- 1.12.0
- 1.11.0
- 1.10.0
- 1.9.0
- 1.8.0
- 1.7.0
- 1.6.0
- 1.5.0
- 1.4.5
- 1.3.1
- 1.2.10
A client to Access Context Manager API
The interfaces provided are listed below, along with usage samples.
AccessContextManagerClient
Service Description: API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies
Sample for AccessContextManagerClient:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (AccessContextManagerClient accessContextManagerClient =
AccessContextManagerClient.create()) {
AccessPolicyName name = AccessPolicyName.of("[ACCESS_POLICY]");
AccessPolicy response = accessContextManagerClient.getAccessPolicy(name);
}
Classes
AccessContextManagerClient
Service Description: API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (AccessContextManagerClient accessContextManagerClient =
AccessContextManagerClient.create()) {
AccessPolicyName name = AccessPolicyName.of("[ACCESS_POLICY]");
AccessPolicy response = accessContextManagerClient.getAccessPolicy(name);
}
Note: close() needs to be called on the AccessContextManagerClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().
The surface of this class includes several types of Java methods for each of the API's methods:
- A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
- A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
- A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.
See the individual methods for example code.
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.
This class can be customized by passing in a custom instance of AccessContextManagerSettings to create(). For example:
To customize credentials:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
AccessContextManagerSettings accessContextManagerSettings =
AccessContextManagerSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
.build();
AccessContextManagerClient accessContextManagerClient =
AccessContextManagerClient.create(accessContextManagerSettings);
To customize the endpoint:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
AccessContextManagerSettings accessContextManagerSettings =
AccessContextManagerSettings.newBuilder().setEndpoint(myEndpoint).build();
AccessContextManagerClient accessContextManagerClient =
AccessContextManagerClient.create(accessContextManagerSettings);
To use REST (HTTP1.1/JSON) transport (instead of gRPC) for sending and receiving requests over the wire:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
AccessContextManagerSettings accessContextManagerSettings =
AccessContextManagerSettings.newHttpJsonBuilder().build();
AccessContextManagerClient accessContextManagerClient =
AccessContextManagerClient.create(accessContextManagerSettings);
Please refer to the GitHub repository's samples for more quickstart code snippets.
AccessContextManagerClient.ListAccessLevelsFixedSizeCollection
AccessContextManagerClient.ListAccessLevelsPage
AccessContextManagerClient.ListAccessLevelsPagedResponse
AccessContextManagerClient.ListAccessPoliciesFixedSizeCollection
AccessContextManagerClient.ListAccessPoliciesPage
AccessContextManagerClient.ListAccessPoliciesPagedResponse
AccessContextManagerClient.ListGcpUserAccessBindingsFixedSizeCollection
AccessContextManagerClient.ListGcpUserAccessBindingsPage
AccessContextManagerClient.ListGcpUserAccessBindingsPagedResponse
AccessContextManagerClient.ListServicePerimetersFixedSizeCollection
AccessContextManagerClient.ListServicePerimetersPage
AccessContextManagerClient.ListServicePerimetersPagedResponse
AccessContextManagerGrpc
API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies
AccessContextManagerGrpc.AccessContextManagerBlockingStub
API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies
AccessContextManagerGrpc.AccessContextManagerFutureStub
API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies
AccessContextManagerGrpc.AccessContextManagerImplBase
API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies
AccessContextManagerGrpc.AccessContextManagerStub
API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization. AccessPolicies
AccessContextManagerOperationMetadata
Metadata of Access Context Manager's Long Running Operations.
Protobuf type
google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
AccessContextManagerOperationMetadata.Builder
Metadata of Access Context Manager's Long Running Operations.
Protobuf type
google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata
AccessContextManagerProto
AccessContextManagerSettings
Settings class to configure an instance of AccessContextManagerClient.
The default instance has everything set to sensible defaults:
- The default service address (accesscontextmanager.googleapis.com) and default port (443) are used.
- Credentials are acquired automatically through Application Default Credentials.
- Retries are configured for idempotent methods but not for non-idempotent methods.
The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.
For example, to set the total timeout of getAccessPolicy to 30 seconds:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
AccessContextManagerSettings.Builder accessContextManagerSettingsBuilder =
AccessContextManagerSettings.newBuilder();
accessContextManagerSettingsBuilder
.getAccessPolicySettings()
.setRetrySettings(
accessContextManagerSettingsBuilder
.getAccessPolicySettings()
.getRetrySettings()
.toBuilder()
.setTotalTimeout(Duration.ofSeconds(30))
.build());
AccessContextManagerSettings accessContextManagerSettings =
accessContextManagerSettingsBuilder.build();
AccessContextManagerSettings.Builder
Builder for AccessContextManagerSettings.
AccessLevel
An AccessLevel
is a label that can be applied to requests to Google Cloud
services, along with a list of requirements necessary for the label to be
applied.
Protobuf type google.identity.accesscontextmanager.v1.AccessLevel
AccessLevel.Builder
An AccessLevel
is a label that can be applied to requests to Google Cloud
services, along with a list of requirements necessary for the label to be
applied.
Protobuf type google.identity.accesscontextmanager.v1.AccessLevel
AccessLevelName
AccessLevelName.Builder
Builder for accessPolicies/{access_policy}/accessLevels/{access_level}.
AccessLevelProto
AccessPolicy
AccessPolicy
is a container for AccessLevels
(which define the necessary
attributes to use Google Cloud services) and ServicePerimeters
(which
define regions of services able to freely pass data within a perimeter). An
access policy is globally visible within an organization, and the
restrictions it specifies apply to all projects within an organization.
Protobuf type google.identity.accesscontextmanager.v1.AccessPolicy
AccessPolicy.Builder
AccessPolicy
is a container for AccessLevels
(which define the necessary
attributes to use Google Cloud services) and ServicePerimeters
(which
define regions of services able to freely pass data within a perimeter). An
access policy is globally visible within an organization, and the
restrictions it specifies apply to all projects within an organization.
Protobuf type google.identity.accesscontextmanager.v1.AccessPolicy
AccessPolicyName
AccessPolicyName.Builder
Builder for accessPolicies/{access_policy}.
BasicLevel
BasicLevel
is an AccessLevel
using a set of recommended features.
Protobuf type google.identity.accesscontextmanager.v1.BasicLevel
BasicLevel.Builder
BasicLevel
is an AccessLevel
using a set of recommended features.
Protobuf type google.identity.accesscontextmanager.v1.BasicLevel
CommitServicePerimetersRequest
A request to commit dry-run specs in all [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] belonging to an Access Policy.
Protobuf type google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
CommitServicePerimetersRequest.Builder
A request to commit dry-run specs in all [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] belonging to an Access Policy.
Protobuf type google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest
CommitServicePerimetersResponse
A response to CommitServicePerimetersRequest. This will be put inside of Operation.response field.
Protobuf type google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse
CommitServicePerimetersResponse.Builder
A response to CommitServicePerimetersRequest. This will be put inside of Operation.response field.
Protobuf type google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse
Condition
A condition necessary for an AccessLevel
to be granted. The Condition is an
AND over its fields. So a Condition is true if: 1) the request IP is from one
of the listed subnetworks AND 2) the originating device complies with the
listed device policy AND 3) all listed access levels are granted AND 4) the
request was sent at a time allowed by the DateTimeRestriction.
Protobuf type google.identity.accesscontextmanager.v1.Condition
Condition.Builder
A condition necessary for an AccessLevel
to be granted. The Condition is an
AND over its fields. So a Condition is true if: 1) the request IP is from one
of the listed subnetworks AND 2) the originating device complies with the
listed device policy AND 3) all listed access levels are granted AND 4) the
request was sent at a time allowed by the DateTimeRestriction.
Protobuf type google.identity.accesscontextmanager.v1.Condition
CreateAccessLevelRequest
A request to create an AccessLevel
.
Protobuf type google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
CreateAccessLevelRequest.Builder
A request to create an AccessLevel
.
Protobuf type google.identity.accesscontextmanager.v1.CreateAccessLevelRequest
CreateGcpUserAccessBindingRequest
Request of [CreateGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.CreateGcpUserAccessBinding].
Protobuf type google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
CreateGcpUserAccessBindingRequest.Builder
Request of [CreateGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.CreateGcpUserAccessBinding].
Protobuf type google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest
CreateServicePerimeterRequest
A request to create a ServicePerimeter
.
Protobuf type google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
CreateServicePerimeterRequest.Builder
A request to create a ServicePerimeter
.
Protobuf type google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest
CustomLevel
CustomLevel
is an AccessLevel
using the Cloud Common Expression Language
to represent the necessary conditions for the level to apply to a request.
See CEL spec at: https://github.com/google/cel-spec
Protobuf type google.identity.accesscontextmanager.v1.CustomLevel
CustomLevel.Builder
CustomLevel
is an AccessLevel
using the Cloud Common Expression Language
to represent the necessary conditions for the level to apply to a request.
See CEL spec at: https://github.com/google/cel-spec
Protobuf type google.identity.accesscontextmanager.v1.CustomLevel
DeleteAccessLevelRequest
A request to delete an AccessLevel
.
Protobuf type google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest
DeleteAccessLevelRequest.Builder
A request to delete an AccessLevel
.
Protobuf type google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest
DeleteAccessPolicyRequest
A request to delete an AccessPolicy
.
Protobuf type google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest
DeleteAccessPolicyRequest.Builder
A request to delete an AccessPolicy
.
Protobuf type google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest
DeleteGcpUserAccessBindingRequest
Request of [DeleteGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.DeleteGcpUserAccessBinding].
Protobuf type google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest
DeleteGcpUserAccessBindingRequest.Builder
Request of [DeleteGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.DeleteGcpUserAccessBinding].
Protobuf type google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest
DeleteServicePerimeterRequest
A request to delete a ServicePerimeter
.
Protobuf type google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest
DeleteServicePerimeterRequest.Builder
A request to delete a ServicePerimeter
.
Protobuf type google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest
DevicePolicy
DevicePolicy
specifies device specific restrictions necessary to acquire a
given access level. A DevicePolicy
specifies requirements for requests from
devices to be granted access levels, it does not do any enforcement on the
device. DevicePolicy
acts as an AND over all specified fields, and each
repeated field is an OR over its elements. Any unset fields are ignored. For
example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
true for requests originating from encrypted Linux desktops and encrypted
Windows desktops.
Protobuf type google.identity.accesscontextmanager.v1.DevicePolicy
DevicePolicy.Builder
DevicePolicy
specifies device specific restrictions necessary to acquire a
given access level. A DevicePolicy
specifies requirements for requests from
devices to be granted access levels, it does not do any enforcement on the
device. DevicePolicy
acts as an AND over all specified fields, and each
repeated field is an OR over its elements. Any unset fields are ignored. For
example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
true for requests originating from encrypted Linux desktops and encrypted
Windows desktops.
Protobuf type google.identity.accesscontextmanager.v1.DevicePolicy
GcpUserAccessBinding
Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
Protobuf type google.identity.accesscontextmanager.v1.GcpUserAccessBinding
GcpUserAccessBinding.Builder
Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
Protobuf type google.identity.accesscontextmanager.v1.GcpUserAccessBinding
GcpUserAccessBindingName
GcpUserAccessBindingName.Builder
Builder for organizations/{organization}/gcpUserAccessBindings/{gcp_user_access_binding}.
GcpUserAccessBindingOperationMetadata
Currently, a completed operation means nothing. In the future, this metadata and a completed operation may indicate that the binding has taken effect and is affecting access decisions for all users.
Protobuf type
google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
GcpUserAccessBindingOperationMetadata.Builder
Currently, a completed operation means nothing. In the future, this metadata and a completed operation may indicate that the binding has taken effect and is affecting access decisions for all users.
Protobuf type
google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata
GcpUserAccessBindingProto
GetAccessLevelRequest
A request to get a particular AccessLevel
.
Protobuf type google.identity.accesscontextmanager.v1.GetAccessLevelRequest
GetAccessLevelRequest.Builder
A request to get a particular AccessLevel
.
Protobuf type google.identity.accesscontextmanager.v1.GetAccessLevelRequest
GetAccessPolicyRequest
A request to get a particular AccessPolicy
.
Protobuf type google.identity.accesscontextmanager.v1.GetAccessPolicyRequest
GetAccessPolicyRequest.Builder
A request to get a particular AccessPolicy
.
Protobuf type google.identity.accesscontextmanager.v1.GetAccessPolicyRequest
GetGcpUserAccessBindingRequest
Request of [GetGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.GetGcpUserAccessBinding].
Protobuf type google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest
GetGcpUserAccessBindingRequest.Builder
Request of [GetGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.GetGcpUserAccessBinding].
Protobuf type google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest
GetServicePerimeterRequest
A request to get a particular ServicePerimeter
.
Protobuf type google.identity.accesscontextmanager.v1.GetServicePerimeterRequest
GetServicePerimeterRequest.Builder
A request to get a particular ServicePerimeter
.
Protobuf type google.identity.accesscontextmanager.v1.GetServicePerimeterRequest
ListAccessLevelsRequest
A request to list all AccessLevels
in an AccessPolicy
.
Protobuf type google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
ListAccessLevelsRequest.Builder
A request to list all AccessLevels
in an AccessPolicy
.
Protobuf type google.identity.accesscontextmanager.v1.ListAccessLevelsRequest
ListAccessLevelsResponse
A response to ListAccessLevelsRequest
.
Protobuf type google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
ListAccessLevelsResponse.Builder
A response to ListAccessLevelsRequest
.
Protobuf type google.identity.accesscontextmanager.v1.ListAccessLevelsResponse
ListAccessPoliciesRequest
A request to list all AccessPolicies
for a container.
Protobuf type google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
ListAccessPoliciesRequest.Builder
A request to list all AccessPolicies
for a container.
Protobuf type google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest
ListAccessPoliciesResponse
A response to ListAccessPoliciesRequest
.
Protobuf type google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
ListAccessPoliciesResponse.Builder
A response to ListAccessPoliciesRequest
.
Protobuf type google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
ListGcpUserAccessBindingsRequest
Request of [ListGcpUserAccessBindings] [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
Protobuf type google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
ListGcpUserAccessBindingsRequest.Builder
Request of [ListGcpUserAccessBindings] [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
Protobuf type google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest
ListGcpUserAccessBindingsResponse
Response of [ListGcpUserAccessBindings] [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
Protobuf type google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
ListGcpUserAccessBindingsResponse.Builder
Response of [ListGcpUserAccessBindings] [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
Protobuf type google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse
ListServicePerimetersRequest
A request to list all ServicePerimeters
in an AccessPolicy
.
Protobuf type google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
ListServicePerimetersRequest.Builder
A request to list all ServicePerimeters
in an AccessPolicy
.
Protobuf type google.identity.accesscontextmanager.v1.ListServicePerimetersRequest
ListServicePerimetersResponse
A response to ListServicePerimetersRequest
.
Protobuf type google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
ListServicePerimetersResponse.Builder
A response to ListServicePerimetersRequest
.
Protobuf type google.identity.accesscontextmanager.v1.ListServicePerimetersResponse
OrganizationName
OrganizationName.Builder
Builder for organizations/{organization}.
OsConstraint
A restriction on the OS type and version of devices making requests.
Protobuf type google.identity.accesscontextmanager.v1.OsConstraint
OsConstraint.Builder
A restriction on the OS type and version of devices making requests.
Protobuf type google.identity.accesscontextmanager.v1.OsConstraint
PolicyProto
ReplaceAccessLevelsRequest
A request to replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically.
Protobuf type google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
ReplaceAccessLevelsRequest.Builder
A request to replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically.
Protobuf type google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest
ReplaceAccessLevelsResponse
A response to ReplaceAccessLevelsRequest. This will be put inside of Operation.response field.
Protobuf type google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse
ReplaceAccessLevelsResponse.Builder
A response to ReplaceAccessLevelsRequest. This will be put inside of Operation.response field.
Protobuf type google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse
ReplaceServicePerimetersRequest
A request to replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically.
Protobuf type google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
ReplaceServicePerimetersRequest.Builder
A request to replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically.
Protobuf type google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest
ReplaceServicePerimetersResponse
A response to ReplaceServicePerimetersRequest. This will be put inside of Operation.response field.
Protobuf type google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse
ReplaceServicePerimetersResponse.Builder
A response to ReplaceServicePerimetersRequest. This will be put inside of Operation.response field.
Protobuf type google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse
ServicePerimeter
ServicePerimeter
describes a set of Google Cloud resources which can freely
import and export data amongst themselves, but not export outside of the
ServicePerimeter
. If a request with a source within this ServicePerimeter
has a target outside of the ServicePerimeter
, the request will be blocked.
Otherwise the request is allowed. There are two types of Service Perimeter -
Regular and Bridge. Regular Service Perimeters cannot overlap, a single
Google Cloud project can only belong to a single regular Service Perimeter.
Service Perimeter Bridges can contain only Google Cloud projects as members,
a single Google Cloud project may belong to multiple Service Perimeter
Bridges.
Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeter
ServicePerimeter.Builder
ServicePerimeter
describes a set of Google Cloud resources which can freely
import and export data amongst themselves, but not export outside of the
ServicePerimeter
. If a request with a source within this ServicePerimeter
has a target outside of the ServicePerimeter
, the request will be blocked.
Otherwise the request is allowed. There are two types of Service Perimeter -
Regular and Bridge. Regular Service Perimeters cannot overlap, a single
Google Cloud project can only belong to a single regular Service Perimeter.
Service Perimeter Bridges can contain only Google Cloud projects as members,
a single Google Cloud project may belong to multiple Service Perimeter
Bridges.
Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeter
ServicePerimeterConfig
ServicePerimeterConfig
specifies a set of Google Cloud resources that
describe specific Service Perimeter configuration.
Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig
ServicePerimeterConfig.ApiOperation
Identification for an API Operation.
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
ServicePerimeterConfig.ApiOperation.Builder
Identification for an API Operation.
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
ServicePerimeterConfig.Builder
ServicePerimeterConfig
specifies a set of Google Cloud resources that
describe specific Service Perimeter configuration.
Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig
ServicePerimeterConfig.EgressFrom
Defines the conditions under which an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter], then that [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] must have an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] which allows access in order for this request to succeed.
Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
ServicePerimeterConfig.EgressFrom.Builder
Defines the conditions under which an [EgressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy] matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter], then that [ServicePerimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] must have an [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] which allows access in order for this request to succeed.
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom
ServicePerimeterConfig.EgressPolicy
Policy for egress from perimeter.
[EgressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
match requests based on egress_from
and egress_to
stanzas. For an
[EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
to match, both egress_from
and egress_to
stanzas must be matched. If an
[EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
matches a request, the request is allowed to span the [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] boundary.
For example, an [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
can be used to allow VMs on networks within the [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] to access a
defined set of projects outside the perimeter in certain contexts (e.g. to
read data from a Cloud Storage bucket or query against a BigQuery dataset).
[EgressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
are concerned with the resources that a request relates as well as the
API services and API actions being used. They do not related to the
direction of data movement. More detailed documentation for this concept
can be found in the descriptions of [EgressFrom]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]
and [EgressTo]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo].
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
ServicePerimeterConfig.EgressPolicy.Builder
Policy for egress from perimeter.
[EgressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
match requests based on egress_from
and egress_to
stanzas. For an
[EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
to match, both egress_from
and egress_to
stanzas must be matched. If an
[EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
matches a request, the request is allowed to span the [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] boundary.
For example, an [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
can be used to allow VMs on networks within the [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] to access a
defined set of projects outside the perimeter in certain contexts (e.g. to
read data from a Cloud Storage bucket or query against a BigQuery dataset).
[EgressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
are concerned with the resources that a request relates as well as the
API services and API actions being used. They do not related to the
direction of data movement. More detailed documentation for this concept
can be found in the descriptions of [EgressFrom]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]
and [EgressTo]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo].
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy
ServicePerimeterConfig.EgressTo
Defines the conditions under which an [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
matches a request. Conditions are based on information about the
[ApiOperation]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
intended to be performed on the resources
specified. Note that if the
destination of the request is also protected by a [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter], then that
[ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] must have
an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
which allows access in order for this request to succeed. The request must
match operations
AND resources
fields in order to be allowed egress out
of the perimeter.
Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
ServicePerimeterConfig.EgressTo.Builder
Defines the conditions under which an [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
matches a request. Conditions are based on information about the
[ApiOperation]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
intended to be performed on the resources
specified. Note that if the
destination of the request is also protected by a [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter], then that
[ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] must have
an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
which allows access in order for this request to succeed. The request must
match operations
AND resources
fields in order to be allowed egress out
of the perimeter.
Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
ServicePerimeterConfig.IngressFrom
Defines the conditions under which an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
matches a request. Conditions are based on information about the source of
the request. The request must satisfy what is defined in sources
AND
identity related fields in order to match.
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
ServicePerimeterConfig.IngressFrom.Builder
Defines the conditions under which an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
matches a request. Conditions are based on information about the source of
the request. The request must satisfy what is defined in sources
AND
identity related fields in order to match.
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
ServicePerimeterConfig.IngressPolicy
Policy for ingress into [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter].
[IngressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
match requests based on ingress_from
and ingress_to
stanzas. For an
ingress policy to match, both the ingress_from
and ingress_to
stanzas
must be matched. If an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
matches a request, the request is allowed through the perimeter boundary
from outside the perimeter.
For example, access from the internet can be allowed either
based on an [AccessLevel]
[google.identity.accesscontextmanager.v1.AccessLevel] or, for traffic
hosted on Google Cloud, the project of the source network. For access from
private networks, using the project of the hosting network is required.
Individual ingress policies can be limited by restricting which
services and/or actions they match using the ingress_to
field.
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
ServicePerimeterConfig.IngressPolicy.Builder
Policy for ingress into [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter].
[IngressPolicies]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
match requests based on ingress_from
and ingress_to
stanzas. For an
ingress policy to match, both the ingress_from
and ingress_to
stanzas
must be matched. If an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
matches a request, the request is allowed through the perimeter boundary
from outside the perimeter.
For example, access from the internet can be allowed either
based on an [AccessLevel]
[google.identity.accesscontextmanager.v1.AccessLevel] or, for traffic
hosted on Google Cloud, the project of the source network. For access from
private networks, using the project of the hosting network is required.
Individual ingress policies can be limited by restricting which
services and/or actions they match using the ingress_to
field.
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy
ServicePerimeterConfig.IngressSource
The source that [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] authorizes access from.
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
ServicePerimeterConfig.IngressSource.Builder
The source that [IngressPolicy] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy] authorizes access from.
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
ServicePerimeterConfig.IngressTo
Defines the conditions under which an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
matches a request. Conditions are based on information about the
[ApiOperation]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
intended to be performed on the target resource of the request. The request
must satisfy what is defined in operations
AND resources
in order to
match.
Protobuf type google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
ServicePerimeterConfig.IngressTo.Builder
Defines the conditions under which an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
matches a request. Conditions are based on information about the
[ApiOperation]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
intended to be performed on the target resource of the request. The request
must satisfy what is defined in operations
AND resources
in order to
match.
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo
ServicePerimeterConfig.MethodSelector
An allowed method or permission of a service specified in [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
ServicePerimeterConfig.MethodSelector.Builder
An allowed method or permission of a service specified in [ApiOperation] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector
ServicePerimeterConfig.VpcAccessibleServices
Specifies how APIs are allowed to communicate within the Service Perimeter.
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
ServicePerimeterConfig.VpcAccessibleServices.Builder
Specifies how APIs are allowed to communicate within the Service Perimeter.
Protobuf type
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices
ServicePerimeterName
ServicePerimeterName.Builder
Builder for accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}.
ServicePerimeterProto
UpdateAccessLevelRequest
A request to update an AccessLevel
.
Protobuf type google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
UpdateAccessLevelRequest.Builder
A request to update an AccessLevel
.
Protobuf type google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest
UpdateAccessPolicyRequest
A request to update an AccessPolicy
.
Protobuf type google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
UpdateAccessPolicyRequest.Builder
A request to update an AccessPolicy
.
Protobuf type google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest
UpdateGcpUserAccessBindingRequest
Request of [UpdateGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.UpdateGcpUserAccessBinding].
Protobuf type google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
UpdateGcpUserAccessBindingRequest.Builder
Request of [UpdateGcpUserAccessBinding] [google.identity.accesscontextmanager.v1.AccessContextManager.UpdateGcpUserAccessBinding].
Protobuf type google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest
UpdateServicePerimeterRequest
A request to update a ServicePerimeter
.
Protobuf type google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
UpdateServicePerimeterRequest.Builder
A request to update a ServicePerimeter
.
Protobuf type google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest
Interfaces
AccessContextManagerOperationMetadataOrBuilder
AccessLevelOrBuilder
AccessPolicyOrBuilder
BasicLevelOrBuilder
CommitServicePerimetersRequestOrBuilder
CommitServicePerimetersResponseOrBuilder
ConditionOrBuilder
CreateAccessLevelRequestOrBuilder
CreateGcpUserAccessBindingRequestOrBuilder
CreateServicePerimeterRequestOrBuilder
CustomLevelOrBuilder
DeleteAccessLevelRequestOrBuilder
DeleteAccessPolicyRequestOrBuilder
DeleteGcpUserAccessBindingRequestOrBuilder
DeleteServicePerimeterRequestOrBuilder
DevicePolicyOrBuilder
GcpUserAccessBindingOperationMetadataOrBuilder
GcpUserAccessBindingOrBuilder
GetAccessLevelRequestOrBuilder
GetAccessPolicyRequestOrBuilder
GetGcpUserAccessBindingRequestOrBuilder
GetServicePerimeterRequestOrBuilder
ListAccessLevelsRequestOrBuilder
ListAccessLevelsResponseOrBuilder
ListAccessPoliciesRequestOrBuilder
ListAccessPoliciesResponseOrBuilder
ListGcpUserAccessBindingsRequestOrBuilder
ListGcpUserAccessBindingsResponseOrBuilder
ListServicePerimetersRequestOrBuilder
ListServicePerimetersResponseOrBuilder
OsConstraintOrBuilder
ReplaceAccessLevelsRequestOrBuilder
ReplaceAccessLevelsResponseOrBuilder
ReplaceServicePerimetersRequestOrBuilder
ReplaceServicePerimetersResponseOrBuilder
ServicePerimeterConfig.ApiOperationOrBuilder
ServicePerimeterConfig.EgressFromOrBuilder
ServicePerimeterConfig.EgressPolicyOrBuilder
ServicePerimeterConfig.EgressToOrBuilder
ServicePerimeterConfig.IngressFromOrBuilder
ServicePerimeterConfig.IngressPolicyOrBuilder
ServicePerimeterConfig.IngressSourceOrBuilder
ServicePerimeterConfig.IngressToOrBuilder
ServicePerimeterConfig.MethodSelectorOrBuilder
ServicePerimeterConfig.VpcAccessibleServicesOrBuilder
ServicePerimeterConfigOrBuilder
ServicePerimeterOrBuilder
UpdateAccessLevelRequestOrBuilder
UpdateAccessPolicyRequestOrBuilder
UpdateGcpUserAccessBindingRequestOrBuilder
UpdateServicePerimeterRequestOrBuilder
Enums
AccessLevel.LevelCase
BasicLevel.ConditionCombiningFunction
Options for how the conditions
list should be combined to determine if
this AccessLevel
is applied. Default is AND.
Protobuf enum
google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction
LevelFormat
The format used in an AccessLevel
.
Protobuf enum google.identity.accesscontextmanager.v1.LevelFormat
ServicePerimeter.PerimeterType
Specifies the type of the Perimeter. There are two types: regular and bridge. Regular Service Perimeter contains resources, access levels, and restricted services. Every resource can be in at most ONE regular Service Perimeter. In addition to being in a regular service perimeter, a resource can also be in zero or more perimeter bridges. A perimeter bridge only contains resources. Cross project operations are permitted if all effected resources share some perimeter (whether bridge or regular). Perimeter Bridge does not contain access levels or services: those are governed entirely by the regular perimeter that resource is in. Perimeter Bridges are typically useful when building more complex toplogies with many independent perimeters that need to share some data with a common perimeter, but should not be able to share data among themselves.
Protobuf enum google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType
ServicePerimeterConfig.IdentityType
Specifies the types of identities that are allowed access in either [IngressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom] or [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom] rules.
Protobuf enum
google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType