Access Context Manager V1 Client - Class AccessContextManagerClient (0.3.5)

Reference documentation and code samples for the Access Context Manager V1 Client class AccessContextManagerClient.

Service Description: API for setting [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the organization.

AccessPolicies

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:

$accessContextManagerClient = new AccessContextManagerClient();
try {
    $formattedParent = $accessContextManagerClient->accessPolicyName('[ACCESS_POLICY]');
    $operationResponse = $accessContextManagerClient->commitServicePerimeters($formattedParent);
    $operationResponse->pollUntilComplete();
    if ($operationResponse->operationSucceeded()) {
        $result = $operationResponse->getResult();
    // doSomethingWith($result)
    } else {
        $error = $operationResponse->getError();
        // handleError($error)
    }
    // Alternatively:
    // start the operation, keep the operation name, and resume later
    $operationResponse = $accessContextManagerClient->commitServicePerimeters($formattedParent);
    $operationName = $operationResponse->getName();
    // ... do other work
    $newOperationResponse = $accessContextManagerClient->resumeOperation($operationName, 'commitServicePerimeters');
    while (!$newOperationResponse->isDone()) {
        // ... do other work
        $newOperationResponse->reload();
    }
    if ($newOperationResponse->operationSucceeded()) {
        $result = $newOperationResponse->getResult();
    // doSomethingWith($result)
    } else {
        $error = $newOperationResponse->getError();
        // handleError($error)
    }
} finally {
    $accessContextManagerClient->close();
}

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.

Methods

accessLevelName

Formats a string containing the fully-qualified path to represent a access_level resource.

Parameters
Name	Description
`accessPolicy`	`string`
`accessLevel`	`string`

Returns
Type	Description
`string`	The formatted access_level resource.

accessPolicyName

Formats a string containing the fully-qualified path to represent a access_policy resource.

Parameter
Name	Description
`accessPolicy`	`string`

Returns
Type	Description
`string`	The formatted access_policy resource.

gcpUserAccessBindingName

Formats a string containing the fully-qualified path to represent a gcp_user_access_binding resource.

Parameters
Name	Description
`organization`	`string`
`gcpUserAccessBinding`	`string`

Returns
Type	Description
`string`	The formatted gcp_user_access_binding resource.

organizationName

Formats a string containing the fully-qualified path to represent a organization resource.

Parameter
Name	Description
`organization`	`string`

Returns
Type	Description
`string`	The formatted organization resource.

servicePerimeterName

Formats a string containing the fully-qualified path to represent a service_perimeter resource.

Parameters
Name	Description
`accessPolicy`	`string`
`servicePerimeter`	`string`

Returns
Type	Description
`string`	The formatted service_perimeter resource.

parseName

Parses a formatted name string and returns an associative array of the components in the name.

The following name formats are supported: Template: Pattern

accessLevel: accessPolicies/{access_policy}/accessLevels/{access_level}
accessPolicy: accessPolicies/{access_policy}
gcpUserAccessBinding: organizations/{organization}/gcpUserAccessBindings/{gcp_user_access_binding}
organization: organizations/{organization}
servicePerimeter: accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}

The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.

Parameters
Name	Description
`formattedName`	`string` The formatted name string
`template`	`string` Optional name of template to match

Returns
Type	Description
`array`	An associative array from name component IDs to component values.

getOperationsClient

Return an OperationsClient object with the same endpoint as $this.

Returns
Type	Description
`Google\ApiCore\LongRunning\OperationsClient`

resumeOperation

Resume an existing long running operation that was previously started by a long running API method. If $methodName is not provided, or does not match a long running API method, then the operation can still be resumed, but the OperationResponse object will not deserialize the final response.

Parameters
Name	Description
`operationName`	`string` The name of the long running operation
`methodName`	`string` The name of the method used to start the operation

Returns
Type	Description
`Google\ApiCore\OperationResponse`

__construct

Constructor.

Parameters
Name	Description
`options`	`array` Optional. Options for configuring the service API wrapper.
`↳ apiEndpoint`	`string` The address of the API remote host. May optionally include the port, formatted as "
`↳ credentials`	`string\|array\|FetchAuthTokenInterface\|CredentialsWrapper` The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored.
`↳ credentialsConfig`	`array` Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() .
`↳ disableRetries`	`bool` Determines whether or not retries defined by the client configuration should be disabled. Defaults to `false`.
`↳ clientConfig`	`string\|array` Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder.
`↳ transport`	`string\|TransportInterface` The transport used for executing network requests. May be either the string `rest` or `grpc`. Defaults to `grpc` if gRPC support is detected on the system. Advanced usage: Additionally, it is possible to pass in an already instantiated Google\ApiCore\Transport\TransportInterface object. Note that when this object is provided, any settings in $transportConfig, and any $apiEndpoint setting, will be ignored.
`↳ transportConfig`	`array` Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options.
`↳ clientCertSource`	`callable` A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS.

commitServicePerimeters

Commits the dry-run specification for all the [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] in an access policy.

A commit operation on a service perimeter involves copying its spec field to the status field of the service perimeter. Only [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] with use_explicit_dry_run_spec field set to true are affected by a commit operation. The long-running operation from this RPC has a successful status after the dry-run specifications for all the [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] have been committed. If a commit fails, it causes the long-running operation to return an error response and the entire commit operation is cancelled. When successful, the Operation.response field contains CommitServicePerimetersResponse. The dry_run and the spec fields are cleared after a successful commit operation.

Parameters
Name	Description
`parent`	`string` Required. Resource name for the parent [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] which owns all [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] in scope for the commit operation. Format: `accessPolicies/{policy_id}`
`optionalArgs`	`array` Optional.
`↳ etag`	`string` Optional. The etag for the version of the [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that this commit operation is to be performed on. If, at the time of commit, the etag for the Access Policy stored in Access Context Manager is different from the specified etag, then the commit operation will not be performed and the call will fail. This field is not required. If etag is not provided, the operation will be performed as if a valid etag is provided.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\CommitServicePerimetersResponse;
use Google\Rpc\Status;

/**
 * @param string $formattedParent Resource name for the parent [Access Policy]
 *                                [google.identity.accesscontextmanager.v1.AccessPolicy] which owns all
 *                                [Service Perimeters]
 *                                [google.identity.accesscontextmanager.v1.ServicePerimeter] in scope for
 *                                the commit operation.
 *
 *                                Format: `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function commit_service_perimeters_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->commitServicePerimeters($formattedParent);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CommitServicePerimetersResponse $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    commit_service_perimeters_sample($formattedParent);
}

createAccessLevel

Creates an [access level] [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running operation from this RPC has a successful status after the [access level] [google.identity.accesscontextmanager.v1.AccessLevel] propagates to long-lasting storage. If [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] contain errors, an error response is returned for the first error encountered.

Parameters
Name	Description
`parent`	`string` Required. Resource name for the access policy which owns this [Access Level] [google.identity.accesscontextmanager.v1.AccessLevel]. Format: `accessPolicies/{policy_id}`
`accessLevel`	`Google\Identity\AccessContextManager\V1\AccessLevel` Required. The [Access Level] [google.identity.accesscontextmanager.v1.AccessLevel] to create. Syntactic correctness of the [Access Level] [google.identity.accesscontextmanager.v1.AccessLevel] is a precondition for creation.
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\AccessLevel;
use Google\Rpc\Status;

/**
 * @param string $formattedParent Resource name for the access policy which owns this [Access
 *                                Level] [google.identity.accesscontextmanager.v1.AccessLevel].
 *
 *                                Format: `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function create_access_level_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $accessLevel = new AccessLevel();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->createAccessLevel($formattedParent, $accessLevel);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var AccessLevel $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    create_access_level_sample($formattedParent);
}

createAccessPolicy

Creates an access policy. This method fails if the organization already has an access policy. The long-running operation has a successful status after the access policy propagates to long-lasting storage.

Syntactic and basic semantic errors are returned in metadata as a BadRequest proto.

Parameters
Name	Description
`optionalArgs`	`array` Optional.
`↳ name`	`string` Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`
`↳ parent`	`string` Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}`
`↳ title`	`string` Required. Human readable title. Does not affect behavior.
`↳ scopes`	`string[]` The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
`↳ createTime`	`Timestamp` Output only. Time the `AccessPolicy` was created in UTC.
`↳ updateTime`	`Timestamp` Output only. Time the `AccessPolicy` was updated in UTC.
`↳ etag`	`string` Output only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\AccessPolicy;
use Google\Rpc\Status;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function create_access_policy_sample(): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->createAccessPolicy();
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var AccessPolicy $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

createGcpUserAccessBinding

Creates a [GcpUserAccessBinding] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the client specifies a [name] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name], the server ignores it. Fails if a resource already exists with the same [group_key] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].

Completion of this long-running operation does not necessarily signify that the new binding is deployed onto all affected users, which may take more time.

Parameters
Name	Description
`parent`	`string` Required. Example: "organizations/256"
`gcpUserAccessBinding`	`Google\Identity\AccessContextManager\V1\GcpUserAccessBinding` Required. [GcpUserAccessBinding] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\GcpUserAccessBinding;
use Google\Rpc\Status;

/**
 * @param string $formattedParent                                  Example: "organizations/256"
 *                                                                 Please see {@see AccessContextManagerClient::organizationName()} for help formatting this field.
 * @param string $gcpUserAccessBindingGroupKey                     Immutable. Google Group id whose members are subject to this binding's restrictions.
 *                                                                 See "id" in the [G Suite Directory API's Groups resource]
 *                                                                 (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource).
 *                                                                 If a group's email address/alias is changed, this resource will continue
 *                                                                 to point at the changed group. This field does not accept group email
 *                                                                 addresses or aliases.
 *                                                                 Example: "01d520gv4vjcrht"
 * @param string $formattedGcpUserAccessBindingAccessLevelsElement Access level that a user must have to be granted access. Only one access
 *                                                                 level is supported, not multiple. This repeated field must have exactly
 *                                                                 one element.
 *                                                                 Example: "accessPolicies/9522/accessLevels/device_trusted"
 *                                                                 Please see {@see AccessContextManagerClient::accessLevelName()} for help formatting this field.
 */
function create_gcp_user_access_binding_sample(
    string $formattedParent,
    string $gcpUserAccessBindingGroupKey,
    string $formattedGcpUserAccessBindingAccessLevelsElement
): void {
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $formattedGcpUserAccessBindingAccessLevels = [
        $formattedGcpUserAccessBindingAccessLevelsElement,
    ];
    $gcpUserAccessBinding = (new GcpUserAccessBinding())
        ->setGroupKey($gcpUserAccessBindingGroupKey)
        ->setAccessLevels($formattedGcpUserAccessBindingAccessLevels);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->createGcpUserAccessBinding(
            $formattedParent,
            $gcpUserAccessBinding
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var GcpUserAccessBinding $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::organizationName('[ORGANIZATION]');
    $gcpUserAccessBindingGroupKey = '[GROUP_KEY]';
    $formattedGcpUserAccessBindingAccessLevelsElement = AccessContextManagerClient::accessLevelName(
        '[ACCESS_POLICY]',
        '[ACCESS_LEVEL]'
    );

    create_gcp_user_access_binding_sample(
        $formattedParent,
        $gcpUserAccessBindingGroupKey,
        $formattedGcpUserAccessBindingAccessLevelsElement
    );
}

createServicePerimeter

Creates a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The long-running operation from this RPC has a successful status after the [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] propagates to long-lasting storage. If a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] contains errors, an error response is returned for the first error encountered.

Parameters
Name	Description
`parent`	`string` Required. Resource name for the access policy which owns this [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. Format: `accessPolicies/{policy_id}`
`servicePerimeter`	`Google\Identity\AccessContextManager\V1\ServicePerimeter` Required. The [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] to create. Syntactic correctness of the [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] is a precondition for creation.
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\ServicePerimeter;
use Google\Rpc\Status;

/**
 * @param string $formattedParent Resource name for the access policy which owns this [Service
 *                                Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter].
 *
 *                                Format: `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function create_service_perimeter_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $servicePerimeter = new ServicePerimeter();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->createServicePerimeter(
            $formattedParent,
            $servicePerimeter
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var ServicePerimeter $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    create_service_perimeter_sample($formattedParent);
}

deleteAccessLevel

Deletes an [access level] [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource name. The long-running operation from this RPC has a successful status after the [access level] [google.identity.accesscontextmanager.v1.AccessLevel] has been removed from long-lasting storage.

Parameters
Name	Description
`name`	`string` Required. Resource name for the [Access Level] [google.identity.accesscontextmanager.v1.AccessLevel]. Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName Resource name for the [Access Level]
 *                              [google.identity.accesscontextmanager.v1.AccessLevel].
 *
 *                              Format:
 *                              `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
 *                              Please see {@see AccessContextManagerClient::accessLevelName()} for help formatting this field.
 */
function delete_access_level_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->deleteAccessLevel($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            printf('Operation completed successfully.' . PHP_EOL);
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::accessLevelName('[ACCESS_POLICY]', '[ACCESS_LEVEL]');

    delete_access_level_sample($formattedName);
}

deleteAccessPolicy

Deletes an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] based on the resource name. The long-running operation has a successful status after the [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is removed from long-lasting storage.

Parameters
Name	Description
`name`	`string` Required. Resource name for the access policy to delete. Format `accessPolicies/{policy_id}`
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName Resource name for the access policy to delete.
 *
 *                              Format `accessPolicies/{policy_id}`
 *                              Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function delete_access_policy_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->deleteAccessPolicy($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            printf('Operation completed successfully.' . PHP_EOL);
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    delete_access_policy_sample($formattedName);
}

deleteGcpUserAccessBinding

Deletes a [GcpUserAccessBinding] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].

Completion of this long-running operation does not necessarily signify that the binding deletion is deployed onto all affected users, which may take more time.

Parameters
Name	Description
`name`	`string` Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
 *                              Please see {@see AccessContextManagerClient::gcpUserAccessBindingName()} for help formatting this field.
 */
function delete_gcp_user_access_binding_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->deleteGcpUserAccessBinding($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            printf('Operation completed successfully.' . PHP_EOL);
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::gcpUserAccessBindingName(
        '[ORGANIZATION]',
        '[GCP_USER_ACCESS_BINDING]'
    );

    delete_gcp_user_access_binding_sample($formattedName);
}

deleteServicePerimeter

Deletes a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the resource name. The long-running operation from this RPC has a successful status after the [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from long-lasting storage.

Parameters
Name	Description
`name`	`string` Required. Resource name for the [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Rpc\Status;

/**
 * @param string $formattedName Resource name for the [Service Perimeter]
 *                              [google.identity.accesscontextmanager.v1.ServicePerimeter].
 *
 *                              Format:
 *                              `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
 *                              Please see {@see AccessContextManagerClient::servicePerimeterName()} for help formatting this field.
 */
function delete_service_perimeter_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->deleteServicePerimeter($formattedName);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            printf('Operation completed successfully.' . PHP_EOL);
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::servicePerimeterName(
        '[ACCESS_POLICY]',
        '[SERVICE_PERIMETER]'
    );

    delete_service_perimeter_sample($formattedName);
}

getAccessLevel

Gets an [access level] [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource name.

Parameters
Name	Description
`name`	`string` Required. Resource name for the [Access Level] [google.identity.accesscontextmanager.v1.AccessLevel]. Format: `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
`optionalArgs`	`array` Optional.
`↳ accessLevelFormat`	`int` Whether to return `BasicLevels` in the Cloud Common Expression Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel] are returned as `BasicLevels` or `CustomLevels` based on how they were created. If set to CEL, all [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel] are returned as `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent `CustomLevels`. For allowed values, use constants defined on Google\Identity\AccessContextManager\V1\LevelFormat
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Identity\AccessContextManager\V1\AccessLevel`

Example

use Google\ApiCore\ApiException;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\AccessLevel;

/**
 * @param string $formattedName Resource name for the [Access Level]
 *                              [google.identity.accesscontextmanager.v1.AccessLevel].
 *
 *                              Format:
 *                              `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
 *                              Please see {@see AccessContextManagerClient::accessLevelName()} for help formatting this field.
 */
function get_access_level_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var AccessLevel $response */
        $response = $accessContextManagerClient->getAccessLevel($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::accessLevelName('[ACCESS_POLICY]', '[ACCESS_LEVEL]');

    get_access_level_sample($formattedName);
}

getAccessPolicy

Returns an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.

Parameters
Name	Description
`name`	`string` Required. Resource name for the access policy to get. Format `accessPolicies/{policy_id}`
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Identity\AccessContextManager\V1\AccessPolicy`

Example

use Google\ApiCore\ApiException;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\AccessPolicy;

/**
 * @param string $formattedName Resource name for the access policy to get.
 *
 *                              Format `accessPolicies/{policy_id}`
 *                              Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function get_access_policy_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var AccessPolicy $response */
        $response = $accessContextManagerClient->getAccessPolicy($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    get_access_policy_sample($formattedName);
}

getGcpUserAccessBinding

Gets the [GcpUserAccessBinding] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] with the given name.

Parameters
Name	Description
`name`	`string` Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Identity\AccessContextManager\V1\GcpUserAccessBinding`

Example

use Google\ApiCore\ApiException;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\GcpUserAccessBinding;

/**
 * @param string $formattedName Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
 *                              Please see {@see AccessContextManagerClient::gcpUserAccessBindingName()} for help formatting this field.
 */
function get_gcp_user_access_binding_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var GcpUserAccessBinding $response */
        $response = $accessContextManagerClient->getGcpUserAccessBinding($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::gcpUserAccessBindingName(
        '[ORGANIZATION]',
        '[GCP_USER_ACCESS_BINDING]'
    );

    get_gcp_user_access_binding_sample($formattedName);
}

getIamPolicy

Gets the IAM policy for the specified Access Context Manager access policy.

Parameters
Name	Description
`resource`	`string` REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.
`optionalArgs`	`array` Optional.
`↳ options`	`GetPolicyOptions` OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Iam\V1\Policy`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\Policy;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;

/**
 * @param string $resource REQUIRED: The resource for which the policy is being requested.
 *                         See the operation documentation for the appropriate value for this field.
 */
function get_iam_policy_sample(string $resource): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var Policy $response */
        $response = $accessContextManagerClient->getIamPolicy($resource);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';

    get_iam_policy_sample($resource);
}

getServicePerimeter

Gets a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the resource name.

Parameters
Name	Description
`name`	`string` Required. Resource name for the [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. Format: `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Identity\AccessContextManager\V1\ServicePerimeter`

Example

use Google\ApiCore\ApiException;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\ServicePerimeter;

/**
 * @param string $formattedName Resource name for the [Service Perimeter]
 *                              [google.identity.accesscontextmanager.v1.ServicePerimeter].
 *
 *                              Format:
 *                              `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
 *                              Please see {@see AccessContextManagerClient::servicePerimeterName()} for help formatting this field.
 */
function get_service_perimeter_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var ServicePerimeter $response */
        $response = $accessContextManagerClient->getServicePerimeter($formattedName);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::servicePerimeterName(
        '[ACCESS_POLICY]',
        '[SERVICE_PERIMETER]'
    );

    get_service_perimeter_sample($formattedName);
}

listAccessLevels

Lists all [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] for an access policy.

Parameters
Name	Description
`parent`	`string` Required. Resource name for the access policy to list [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel] from. Format: `accessPolicies/{policy_id}`
`optionalArgs`	`array` Optional.
`↳ pageSize`	`int` The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
`↳ pageToken`	`string` A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
`↳ accessLevelFormat`	`int` Whether to return `BasicLevels` in the Cloud Common Expression language, as `CustomLevels`, rather than as `BasicLevels`. Defaults to returning `AccessLevels` in the format they were defined. For allowed values, use constants defined on Google\Identity\AccessContextManager\V1\LevelFormat
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\PagedListResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\AccessLevel;

/**
 * @param string $formattedParent Resource name for the access policy to list [Access Levels]
 *                                [google.identity.accesscontextmanager.v1.AccessLevel] from.
 *
 *                                Format:
 *                                `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function list_access_levels_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $accessContextManagerClient->listAccessLevels($formattedParent);

        /** @var AccessLevel $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    list_access_levels_sample($formattedParent);
}

listAccessPolicies

Lists all [access policies] [google.identity.accesscontextmanager.v1.AccessPolicy] in an organization.

Parameters
Name	Description
`parent`	`string` Required. Resource name for the container to list AccessPolicy instances from. Format: `organizations/{org_id}`
`optionalArgs`	`array` Optional.
`↳ pageSize`	`int` The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
`↳ pageToken`	`string` A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\PagedListResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\AccessPolicy;

/**
 * @param string $formattedParent Resource name for the container to list AccessPolicy instances
 *                                from.
 *
 *                                Format:
 *                                `organizations/{org_id}`
 *                                Please see {@see AccessContextManagerClient::organizationName()} for help formatting this field.
 */
function list_access_policies_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $accessContextManagerClient->listAccessPolicies($formattedParent);

        /** @var AccessPolicy $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::organizationName('[ORGANIZATION]');

    list_access_policies_sample($formattedParent);
}

listGcpUserAccessBindings

Lists all [GcpUserAccessBindings] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] for a Google Cloud organization.

Parameters
Name	Description
`parent`	`string` Required. Example: "organizations/256"
`optionalArgs`	`array` Optional.
`↳ pageSize`	`int` The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
`↳ pageToken`	`string` A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\PagedListResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\GcpUserAccessBinding;

/**
 * @param string $formattedParent Example: "organizations/256"
 *                                Please see {@see AccessContextManagerClient::organizationName()} for help formatting this field.
 */
function list_gcp_user_access_bindings_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $accessContextManagerClient->listGcpUserAccessBindings($formattedParent);

        /** @var GcpUserAccessBinding $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::organizationName('[ORGANIZATION]');

    list_gcp_user_access_bindings_sample($formattedParent);
}

listServicePerimeters

Lists all [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for an access policy.

Parameters
Name	Description
`parent`	`string` Required. Resource name for the access policy to list [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] from. Format: `accessPolicies/{policy_id}`
`optionalArgs`	`array` Optional.
`↳ pageSize`	`int` The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.
`↳ pageToken`	`string` A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\PagedListResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\ServicePerimeter;

/**
 * @param string $formattedParent Resource name for the access policy to list [Service Perimeters]
 *                                [google.identity.accesscontextmanager.v1.ServicePerimeter] from.
 *
 *                                Format:
 *                                `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function list_service_perimeters_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $accessContextManagerClient->listServicePerimeters($formattedParent);

        /** @var ServicePerimeter $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    list_service_perimeters_sample($formattedParent);
}

replaceAccessLevels

Replaces all existing [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] in an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. If the replacement contains errors, an error response is returned for the first error encountered. Upon error, the replacement is cancelled, and existing [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] are not affected. The Operation.response field contains ReplaceAccessLevelsResponse. Removing [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an error.

Parameters
Name	Description
`parent`	`string` Required. Resource name for the access policy which owns these [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]. Format: `accessPolicies/{policy_id}`
`accessLevels`	`array<Google\Identity\AccessContextManager\V1\AccessLevel>` Required. The desired [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel] that should replace all existing [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel] in the [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy].
`optionalArgs`	`array` Optional.
`↳ etag`	`string` Optional. The etag for the version of the [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that this replace operation is to be performed on. If, at the time of replace, the etag for the Access Policy stored in Access Context Manager is different from the specified etag, then the replace operation will not be performed and the call will fail. This field is not required. If etag is not provided, the operation will be performed as if a valid etag is provided.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\AccessLevel;
use Google\Identity\AccessContextManager\V1\ReplaceAccessLevelsResponse;
use Google\Rpc\Status;

/**
 * @param string $formattedParent Resource name for the access policy which owns these
 *                                [Access Levels]
 *                                [google.identity.accesscontextmanager.v1.AccessLevel].
 *
 *                                Format: `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function replace_access_levels_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $accessLevels = [new AccessLevel()];

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->replaceAccessLevels($formattedParent, $accessLevels);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var ReplaceAccessLevelsResponse $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    replace_access_levels_sample($formattedParent);
}

replaceServicePerimeters

Replace all existing [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage.

Replacements containing errors result in an error response for the first error encountered. Upon an error, replacement are cancelled and existing [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] are not affected. The Operation.response field contains ReplaceServicePerimetersResponse.

Parameters
Name	Description
`parent`	`string` Required. Resource name for the access policy which owns these [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. Format: `accessPolicies/{policy_id}`
`servicePerimeters`	`array<Google\Identity\AccessContextManager\V1\ServicePerimeter>` Required. The desired [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] that should replace all existing [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] in the [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy].
`optionalArgs`	`array` Optional.
`↳ etag`	`string` Optional. The etag for the version of the [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that this replace operation is to be performed on. If, at the time of replace, the etag for the Access Policy stored in Access Context Manager is different from the specified etag, then the replace operation will not be performed and the call will fail. This field is not required. If etag is not provided, the operation will be performed as if a valid etag is provided.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\ReplaceServicePerimetersResponse;
use Google\Identity\AccessContextManager\V1\ServicePerimeter;
use Google\Rpc\Status;

/**
 * @param string $formattedParent Resource name for the access policy which owns these
 *                                [Service Perimeters]
 *                                [google.identity.accesscontextmanager.v1.ServicePerimeter].
 *
 *                                Format: `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function replace_service_perimeters_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $servicePerimeters = [new ServicePerimeter()];

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->replaceServicePerimeters(
            $formattedParent,
            $servicePerimeters
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var ReplaceServicePerimetersResponse $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    replace_service_perimeters_sample($formattedParent);
}

setIamPolicy

Sets the IAM policy for the specified Access Context Manager access policy.

This method replaces the existing IAM policy on the access policy. The IAM policy controls the set of users who can perform specific operations on the Access Context Manager access policy.

Parameters
Name	Description
`resource`	`string` REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
`policy`	`Google\Cloud\Iam\V1\Policy` REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
`optionalArgs`	`array` Optional.
`↳ updateMask`	`FieldMask` OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"`
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Iam\V1\Policy`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\Policy;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;

/**
 * @param string $resource REQUIRED: The resource for which the policy is being specified.
 *                         See the operation documentation for the appropriate value for this field.
 */
function set_iam_policy_sample(string $resource): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $policy = new Policy();

    // Call the API and handle any network failures.
    try {
        /** @var Policy $response */
        $response = $accessContextManagerClient->setIamPolicy($resource, $policy);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';

    set_iam_policy_sample($resource);
}

testIamPermissions

Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter ]. This method does not support other resources.

Parameters
Name	Description
`resource`	`string` REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
`permissions`	`string[]` The set of permissions to check for the `resource`. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\Iam\V1\TestIamPermissionsResponse`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\TestIamPermissionsResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;

/**
 * @param string $resource           REQUIRED: The resource for which the policy detail is being requested.
 *                                   See the operation documentation for the appropriate value for this field.
 * @param string $permissionsElement The set of permissions to check for the `resource`. Permissions with
 *                                   wildcards (such as '*' or 'storage.*') are not allowed. For more
 *                                   information see
 *                                   [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
 */
function test_iam_permissions_sample(string $resource, string $permissionsElement): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $permissions = [$permissionsElement,];

    // Call the API and handle any network failures.
    try {
        /** @var TestIamPermissionsResponse $response */
        $response = $accessContextManagerClient->testIamPermissions($resource, $permissions);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';
    $permissionsElement = '[PERMISSIONS]';

    test_iam_permissions_sample($resource, $permissionsElement);
}

updateAccessLevel

Updates an [access level] [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running operation from this RPC has a successful status after the changes to the [access level] [google.identity.accesscontextmanager.v1.AccessLevel] propagate to long-lasting storage. If [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] contain errors, an error response is returned for the first error encountered.

Parameters
Name	Description
`accessLevel`	`Google\Identity\AccessContextManager\V1\AccessLevel` Required. The updated [Access Level] [google.identity.accesscontextmanager.v1.AccessLevel]. Syntactic correctness of the [Access Level] [google.identity.accesscontextmanager.v1.AccessLevel] is a precondition for creation.
`updateMask`	`Google\Protobuf\FieldMask` Required. Mask to control which fields get updated. Must be non-empty.
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\AccessLevel;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_access_level_sample(): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $accessLevel = new AccessLevel();
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->updateAccessLevel($accessLevel, $updateMask);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var AccessLevel $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

updateAccessPolicy

Updates an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]. The long-running operation from this RPC has a successful status after the changes to the [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] propagate to long-lasting storage.

Parameters
Name	Description
`policy`	`Google\Identity\AccessContextManager\V1\AccessPolicy` Required. The updated AccessPolicy.
`updateMask`	`Google\Protobuf\FieldMask` Required. Mask to control which fields get updated. Must be non-empty.
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\AccessPolicy;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_access_policy_sample(): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $policy = new AccessPolicy();
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->updateAccessPolicy($policy, $updateMask);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var AccessPolicy $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

updateGcpUserAccessBinding

Updates a [GcpUserAccessBinding] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].

Completion of this long-running operation does not necessarily signify that the changed binding is deployed onto all affected users, which may take more time.

Parameters
Name	Description
`gcpUserAccessBinding`	`Google\Identity\AccessContextManager\V1\GcpUserAccessBinding` Required. [GcpUserAccessBinding] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
`updateMask`	`Google\Protobuf\FieldMask` Required. Only the fields specified in this mask are updated. Because name and group_key cannot be changed, update_mask is required and must always be: update_mask { paths: "access_levels" }
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\GcpUserAccessBinding;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * @param string $gcpUserAccessBindingGroupKey                     Immutable. Google Group id whose members are subject to this binding's restrictions.
 *                                                                 See "id" in the [G Suite Directory API's Groups resource]
 *                                                                 (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource).
 *                                                                 If a group's email address/alias is changed, this resource will continue
 *                                                                 to point at the changed group. This field does not accept group email
 *                                                                 addresses or aliases.
 *                                                                 Example: "01d520gv4vjcrht"
 * @param string $formattedGcpUserAccessBindingAccessLevelsElement Access level that a user must have to be granted access. Only one access
 *                                                                 level is supported, not multiple. This repeated field must have exactly
 *                                                                 one element.
 *                                                                 Example: "accessPolicies/9522/accessLevels/device_trusted"
 *                                                                 Please see {@see AccessContextManagerClient::accessLevelName()} for help formatting this field.
 */
function update_gcp_user_access_binding_sample(
    string $gcpUserAccessBindingGroupKey,
    string $formattedGcpUserAccessBindingAccessLevelsElement
): void {
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $formattedGcpUserAccessBindingAccessLevels = [
        $formattedGcpUserAccessBindingAccessLevelsElement,
    ];
    $gcpUserAccessBinding = (new GcpUserAccessBinding())
        ->setGroupKey($gcpUserAccessBindingGroupKey)
        ->setAccessLevels($formattedGcpUserAccessBindingAccessLevels);
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->updateGcpUserAccessBinding(
            $gcpUserAccessBinding,
            $updateMask
        );
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var GcpUserAccessBinding $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $gcpUserAccessBindingGroupKey = '[GROUP_KEY]';
    $formattedGcpUserAccessBindingAccessLevelsElement = AccessContextManagerClient::accessLevelName(
        '[ACCESS_POLICY]',
        '[ACCESS_LEVEL]'
    );

    update_gcp_user_access_binding_sample(
        $gcpUserAccessBindingGroupKey,
        $formattedGcpUserAccessBindingAccessLevelsElement
    );
}

updateServicePerimeter

Updates a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The long-running operation from this RPC has a successful status after the [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] propagates to long-lasting storage. If a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] contains errors, an error response is returned for the first error encountered.

Parameters
Name	Description
`servicePerimeter`	`Google\Identity\AccessContextManager\V1\ServicePerimeter` Required. The updated `ServicePerimeter`. Syntactic correctness of the `ServicePerimeter` is a precondition for creation.
`updateMask`	`Google\Protobuf\FieldMask` Required. Mask to control which fields get updated. Must be non-empty.
`optionalArgs`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\OperationResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\ServicePerimeter;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_service_perimeter_sample(): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare any non-scalar elements to be passed along with the request.
    $servicePerimeter = new ServicePerimeter();
    $updateMask = new FieldMask();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->updateServicePerimeter($servicePerimeter, $updateMask);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var ServicePerimeter $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

Constants

SERVICE_NAME

Value: 'google.identity.accesscontextmanager.v1.AccessContextManager'

The name of the service.

SERVICE_ADDRESS

Value: 'accesscontextmanager.googleapis.com'

The default address of the service.

DEFAULT_SERVICE_PORT

Value: 443

The default port of the service.

CODEGEN_NAME

Value: 'gapic'

The name of the code generator, to be included in the agent header.