Access Context Manager V1 Client - Class AccessContextManagerClient (0.4.5)

Reference documentation and code samples for the Access Context Manager V1 Client class AccessContextManagerClient.

Service Description: API for setting access levels and service perimeters for Google Cloud projects. Each organization has one access policy that contains the access levels and service perimeters. This access policy is applicable to all resources in the organization.

AccessPolicies

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:

$accessContextManagerClient = new AccessContextManagerClient();
try {
    $formattedParent = $accessContextManagerClient->accessPolicyName('[ACCESS_POLICY]');
    $operationResponse = $accessContextManagerClient->commitServicePerimeters($formattedParent);
    $operationResponse->pollUntilComplete();
    if ($operationResponse->operationSucceeded()) {
        $result = $operationResponse->getResult();
    // doSomethingWith($result)
    } else {
        $error = $operationResponse->getError();
        // handleError($error)
    }
    // Alternatively:
    // start the operation, keep the operation name, and resume later
    $operationResponse = $accessContextManagerClient->commitServicePerimeters($formattedParent);
    $operationName = $operationResponse->getName();
    // ... do other work
    $newOperationResponse = $accessContextManagerClient->resumeOperation($operationName, 'commitServicePerimeters');
    while (!$newOperationResponse->isDone()) {
        // ... do other work
        $newOperationResponse->reload();
    }
    if ($newOperationResponse->operationSucceeded()) {
        $result = $newOperationResponse->getResult();
    // doSomethingWith($result)
    } else {
        $error = $newOperationResponse->getError();
        // handleError($error)
    }
} finally {
    $accessContextManagerClient->close();
}

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.

This service has a new (beta) implementation. See Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient to use the new surface.

Namespace

Google \ Identity \ AccessContextManager \ V1

Methods

__construct

Constructor.

Parameters
NameDescription
options array

Optional. Options for configuring the service API wrapper.

↳ apiEndpoint string

The address of the API remote host. May optionally include the port, formatted as "

↳ credentials string|array|FetchAuthTokenInterface|CredentialsWrapper

The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored.

↳ credentialsConfig array

Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() .

↳ disableRetries bool

Determines whether or not retries defined by the client configuration should be disabled. Defaults to false.

↳ clientConfig string|array

Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder.

↳ transport string|TransportInterface

The transport used for executing network requests. May be either the string rest or grpc. Defaults to grpc if gRPC support is detected on the system. Advanced usage: Additionally, it is possible to pass in an already instantiated Google\ApiCore\Transport\TransportInterface object. Note that when this object is provided, any settings in $transportConfig, and any $apiEndpoint setting, will be ignored.

↳ transportConfig array

Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options.

↳ clientCertSource callable

A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS.

commitServicePerimeters

Commits the dry-run specification for all the service perimeters in an access policy.

A commit operation on a service perimeter involves copying its spec field to the status field of the service perimeter. Only service perimeters with use_explicit_dry_run_spec field set to true are affected by a commit operation. The long-running operation from this RPC has a successful status after the dry-run specifications for all the service perimeters have been committed. If a commit fails, it causes the long-running operation to return an error response and the entire commit operation is cancelled. When successful, the Operation.response field contains CommitServicePerimetersResponse. The dry_run and the spec fields are cleared after a successful commit operation.

Parameters
NameDescription
parent string

Required. Resource name for the parent Access Policy which owns all Service Perimeters in scope for the commit operation.

Format: accessPolicies/{policy_id}

optionalArgs array

Optional.

↳ etag string

Optional. The etag for the version of the [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that this commit operation is to be performed on. If, at the time of commit, the etag for the Access Policy stored in Access Context Manager is different from the specified etag, then the commit operation will not be performed and the call will fail. This field is not required. If etag is not provided, the operation will be performed as if a valid etag is provided.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\CommitServicePerimetersRequest;
use Google\Identity\AccessContextManager\V1\CommitServicePerimetersResponse;
use Google\Rpc\Status;

/**
 * @param string $formattedParent Resource name for the parent [Access Policy]
 *                                [google.identity.accesscontextmanager.v1.AccessPolicy] which owns all
 *                                [Service Perimeters]
 *                                [google.identity.accesscontextmanager.v1.ServicePerimeter] in scope for
 *                                the commit operation.
 *
 *                                Format: `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function commit_service_perimeters_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new CommitServicePerimetersRequest())
        ->setParent($formattedParent);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->commitServicePerimeters($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var CommitServicePerimetersResponse $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    commit_service_perimeters_sample($formattedParent);
}

createAccessLevel

Creates an access level. The long-running operation from this RPC has a successful status after the access level propagates to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered.

Parameters
NameDescription
parent string

Required. Resource name for the access policy which owns this Access Level.

Format: accessPolicies/{policy_id}

accessLevel Google\Identity\AccessContextManager\V1\AccessLevel

Required. The Access Level to create. Syntactic correctness of the Access Level is a precondition for creation.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessLevel;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\CreateAccessLevelRequest;
use Google\Rpc\Status;

/**
 * @param string $formattedParent Resource name for the access policy which owns this [Access
 *                                Level] [google.identity.accesscontextmanager.v1.AccessLevel].
 *
 *                                Format: `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function create_access_level_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $accessLevel = new AccessLevel();
    $request = (new CreateAccessLevelRequest())
        ->setParent($formattedParent)
        ->setAccessLevel($accessLevel);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->createAccessLevel($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var AccessLevel $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    create_access_level_sample($formattedParent);
}

createAccessPolicy

Creates an access policy. This method fails if the organization already has an access policy. The long-running operation has a successful status after the access policy propagates to long-lasting storage.

Syntactic and basic semantic errors are returned in metadata as a BadRequest proto.

Parameters
NameDescription
optionalArgs array

Optional.

↳ name string

Output only. Resource name of the AccessPolicy. Format: accessPolicies/{access_policy}

↳ parent string

Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id}

↳ title string

Required. Human readable title. Does not affect behavior.

↳ scopes string[]

The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number}

↳ createTime Timestamp

Output only. Time the AccessPolicy was created in UTC.

↳ updateTime Timestamp

Output only. Time the AccessPolicy was updated in UTC.

↳ etag string

Output only. An opaque identifier for the current version of the AccessPolicy. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessPolicy;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Rpc\Status;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function create_access_policy_sample(): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = new AccessPolicy();

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->createAccessPolicy($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var AccessPolicy $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

createGcpUserAccessBinding

Creates a GcpUserAccessBinding. If the client specifies a name, the server ignores it. Fails if a resource already exists with the same group_key.

Completion of this long-running operation does not necessarily signify that the new binding is deployed onto all affected users, which may take more time.

Parameters
NameDescription
parent string

Required. Example: "organizations/256"

gcpUserAccessBinding Google\Identity\AccessContextManager\V1\GcpUserAccessBinding

Required. GcpUserAccessBinding

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\CreateGcpUserAccessBindingRequest;
use Google\Identity\AccessContextManager\V1\GcpUserAccessBinding;
use Google\Rpc\Status;

/**
 * @param string $formattedParent                                  Example: "organizations/256"
 *                                                                 Please see {@see AccessContextManagerClient::organizationName()} for help formatting this field.
 * @param string $gcpUserAccessBindingGroupKey                     Immutable. Google Group id whose members are subject to this binding's restrictions.
 *                                                                 See "id" in the [G Suite Directory API's Groups resource]
 *                                                                 (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource).
 *                                                                 If a group's email address/alias is changed, this resource will continue
 *                                                                 to point at the changed group. This field does not accept group email
 *                                                                 addresses or aliases.
 *                                                                 Example: "01d520gv4vjcrht"
 * @param string $formattedGcpUserAccessBindingAccessLevelsElement Access level that a user must have to be granted access. Only one access
 *                                                                 level is supported, not multiple. This repeated field must have exactly
 *                                                                 one element.
 *                                                                 Example: "accessPolicies/9522/accessLevels/device_trusted"
 *                                                                 Please see {@see AccessContextManagerClient::accessLevelName()} for help formatting this field.
 */
function create_gcp_user_access_binding_sample(
    string $formattedParent,
    string $gcpUserAccessBindingGroupKey,
    string $formattedGcpUserAccessBindingAccessLevelsElement
): void {
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $formattedGcpUserAccessBindingAccessLevels = [
        $formattedGcpUserAccessBindingAccessLevelsElement,
    ];
    $gcpUserAccessBinding = (new GcpUserAccessBinding())
        ->setGroupKey($gcpUserAccessBindingGroupKey)
        ->setAccessLevels($formattedGcpUserAccessBindingAccessLevels);
    $request = (new CreateGcpUserAccessBindingRequest())
        ->setParent($formattedParent)
        ->setGcpUserAccessBinding($gcpUserAccessBinding);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->createGcpUserAccessBinding($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var GcpUserAccessBinding $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::organizationName('[ORGANIZATION]');
    $gcpUserAccessBindingGroupKey = '[GROUP_KEY]';
    $formattedGcpUserAccessBindingAccessLevelsElement = AccessContextManagerClient::accessLevelName(
        '[ACCESS_POLICY]',
        '[ACCESS_LEVEL]'
    );

    create_gcp_user_access_binding_sample(
        $formattedParent,
        $gcpUserAccessBindingGroupKey,
        $formattedGcpUserAccessBindingAccessLevelsElement
    );
}

createServicePerimeter

Creates a service perimeter. The long-running operation from this RPC has a successful status after the service perimeter propagates to long-lasting storage. If a service perimeter contains errors, an error response is returned for the first error encountered.

Parameters
NameDescription
parent string

Required. Resource name for the access policy which owns this Service Perimeter.

Format: accessPolicies/{policy_id}

servicePerimeter Google\Identity\AccessContextManager\V1\ServicePerimeter

Required. The Service Perimeter to create. Syntactic correctness of the Service Perimeter is a precondition for creation.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\CreateServicePerimeterRequest;
use Google\Identity\AccessContextManager\V1\ServicePerimeter;
use Google\Rpc\Status;

/**
 * @param string $formattedParent Resource name for the access policy which owns this [Service
 *                                Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter].
 *
 *                                Format: `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function create_service_perimeter_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $servicePerimeter = new ServicePerimeter();
    $request = (new CreateServicePerimeterRequest())
        ->setParent($formattedParent)
        ->setServicePerimeter($servicePerimeter);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->createServicePerimeter($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var ServicePerimeter $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    create_service_perimeter_sample($formattedParent);
}

deleteAccessLevel

Deletes an access level based on the resource name. The long-running operation from this RPC has a successful status after the access level has been removed from long-lasting storage.

Parameters
NameDescription
name string

Required. Resource name for the Access Level.

Format: accessPolicies/{policy_id}/accessLevels/{access_level_id}

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\DeleteAccessLevelRequest;
use Google\Rpc\Status;

/**
 * @param string $formattedName Resource name for the [Access Level]
 *                              [google.identity.accesscontextmanager.v1.AccessLevel].
 *
 *                              Format:
 *                              `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
 *                              Please see {@see AccessContextManagerClient::accessLevelName()} for help formatting this field.
 */
function delete_access_level_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new DeleteAccessLevelRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->deleteAccessLevel($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            printf('Operation completed successfully.' . PHP_EOL);
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::accessLevelName('[ACCESS_POLICY]', '[ACCESS_LEVEL]');

    delete_access_level_sample($formattedName);
}

deleteAccessPolicy

Deletes an access policy based on the resource name. The long-running operation has a successful status after the access policy is removed from long-lasting storage.

Parameters
NameDescription
name string

Required. Resource name for the access policy to delete.

Format accessPolicies/{policy_id}

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\DeleteAccessPolicyRequest;
use Google\Rpc\Status;

/**
 * @param string $formattedName Resource name for the access policy to delete.
 *
 *                              Format `accessPolicies/{policy_id}`
 *                              Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function delete_access_policy_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new DeleteAccessPolicyRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->deleteAccessPolicy($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            printf('Operation completed successfully.' . PHP_EOL);
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    delete_access_policy_sample($formattedName);
}

deleteGcpUserAccessBinding

Deletes a GcpUserAccessBinding.

Completion of this long-running operation does not necessarily signify that the binding deletion is deployed onto all affected users, which may take more time.

Parameters
NameDescription
name string

Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\DeleteGcpUserAccessBindingRequest;
use Google\Rpc\Status;

/**
 * @param string $formattedName Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
 *                              Please see {@see AccessContextManagerClient::gcpUserAccessBindingName()} for help formatting this field.
 */
function delete_gcp_user_access_binding_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new DeleteGcpUserAccessBindingRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->deleteGcpUserAccessBinding($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            printf('Operation completed successfully.' . PHP_EOL);
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::gcpUserAccessBindingName(
        '[ORGANIZATION]',
        '[GCP_USER_ACCESS_BINDING]'
    );

    delete_gcp_user_access_binding_sample($formattedName);
}

deleteServicePerimeter

Deletes a service perimeter based on the resource name. The long-running operation from this RPC has a successful status after the service perimeter is removed from long-lasting storage.

Parameters
NameDescription
name string

Required. Resource name for the Service Perimeter.

Format: accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\DeleteServicePerimeterRequest;
use Google\Rpc\Status;

/**
 * @param string $formattedName Resource name for the [Service Perimeter]
 *                              [google.identity.accesscontextmanager.v1.ServicePerimeter].
 *
 *                              Format:
 *                              `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
 *                              Please see {@see AccessContextManagerClient::servicePerimeterName()} for help formatting this field.
 */
function delete_service_perimeter_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new DeleteServicePerimeterRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->deleteServicePerimeter($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            printf('Operation completed successfully.' . PHP_EOL);
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::servicePerimeterName(
        '[ACCESS_POLICY]',
        '[SERVICE_PERIMETER]'
    );

    delete_service_perimeter_sample($formattedName);
}

getAccessLevel

Gets an access level based on the resource name.

Parameters
NameDescription
name string

Required. Resource name for the Access Level.

Format: accessPolicies/{policy_id}/accessLevels/{access_level_id}

optionalArgs array

Optional.

↳ accessLevelFormat int

Whether to return BasicLevels in the Cloud Common Expression Language rather than as BasicLevels. Defaults to AS_DEFINED, where Access Levels are returned as BasicLevels or CustomLevels based on how they were created. If set to CEL, all [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel] are returned as CustomLevels. In the CEL case, BasicLevels are translated to equivalent CustomLevels. For allowed values, use constants defined on Google\Identity\AccessContextManager\V1\LevelFormat

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Identity\AccessContextManager\V1\AccessLevel
Example
use Google\ApiCore\ApiException;
use Google\Identity\AccessContextManager\V1\AccessLevel;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\GetAccessLevelRequest;

/**
 * @param string $formattedName Resource name for the [Access Level]
 *                              [google.identity.accesscontextmanager.v1.AccessLevel].
 *
 *                              Format:
 *                              `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
 *                              Please see {@see AccessContextManagerClient::accessLevelName()} for help formatting this field.
 */
function get_access_level_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new GetAccessLevelRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        /** @var AccessLevel $response */
        $response = $accessContextManagerClient->getAccessLevel($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::accessLevelName('[ACCESS_POLICY]', '[ACCESS_LEVEL]');

    get_access_level_sample($formattedName);
}

getAccessPolicy

Returns an access policy based on the name.

Parameters
NameDescription
name string

Required. Resource name for the access policy to get.

Format accessPolicies/{policy_id}

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Identity\AccessContextManager\V1\AccessPolicy
Example
use Google\ApiCore\ApiException;
use Google\Identity\AccessContextManager\V1\AccessPolicy;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\GetAccessPolicyRequest;

/**
 * @param string $formattedName Resource name for the access policy to get.
 *
 *                              Format `accessPolicies/{policy_id}`
 *                              Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function get_access_policy_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new GetAccessPolicyRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        /** @var AccessPolicy $response */
        $response = $accessContextManagerClient->getAccessPolicy($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    get_access_policy_sample($formattedName);
}

getGcpUserAccessBinding

Gets the GcpUserAccessBinding with the given name.

Parameters
NameDescription
name string

Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Identity\AccessContextManager\V1\GcpUserAccessBinding
Example
use Google\ApiCore\ApiException;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\GcpUserAccessBinding;
use Google\Identity\AccessContextManager\V1\GetGcpUserAccessBindingRequest;

/**
 * @param string $formattedName Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
 *                              Please see {@see AccessContextManagerClient::gcpUserAccessBindingName()} for help formatting this field.
 */
function get_gcp_user_access_binding_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new GetGcpUserAccessBindingRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        /** @var GcpUserAccessBinding $response */
        $response = $accessContextManagerClient->getGcpUserAccessBinding($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::gcpUserAccessBindingName(
        '[ORGANIZATION]',
        '[GCP_USER_ACCESS_BINDING]'
    );

    get_gcp_user_access_binding_sample($formattedName);
}

getIamPolicy

Gets the IAM policy for the specified Access Context Manager access policy.

Parameters
NameDescription
resource string

REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.

optionalArgs array

Optional.

↳ options GetPolicyOptions

OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Iam\V1\Policy
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\GetIamPolicyRequest;
use Google\Cloud\Iam\V1\Policy;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;

/**
 * @param string $resource REQUIRED: The resource for which the policy is being requested.
 *                         See the operation documentation for the appropriate value for this field.
 */
function get_iam_policy_sample(string $resource): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new GetIamPolicyRequest())
        ->setResource($resource);

    // Call the API and handle any network failures.
    try {
        /** @var Policy $response */
        $response = $accessContextManagerClient->getIamPolicy($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';

    get_iam_policy_sample($resource);
}

getServicePerimeter

Gets a service perimeter based on the resource name.

Parameters
NameDescription
name string

Required. Resource name for the Service Perimeter.

Format: accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Identity\AccessContextManager\V1\ServicePerimeter
Example
use Google\ApiCore\ApiException;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\GetServicePerimeterRequest;
use Google\Identity\AccessContextManager\V1\ServicePerimeter;

/**
 * @param string $formattedName Resource name for the [Service Perimeter]
 *                              [google.identity.accesscontextmanager.v1.ServicePerimeter].
 *
 *                              Format:
 *                              `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
 *                              Please see {@see AccessContextManagerClient::servicePerimeterName()} for help formatting this field.
 */
function get_service_perimeter_sample(string $formattedName): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new GetServicePerimeterRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        /** @var ServicePerimeter $response */
        $response = $accessContextManagerClient->getServicePerimeter($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = AccessContextManagerClient::servicePerimeterName(
        '[ACCESS_POLICY]',
        '[SERVICE_PERIMETER]'
    );

    get_service_perimeter_sample($formattedName);
}

listAccessLevels

Lists all access levels for an access policy.

Parameters
NameDescription
parent string

Required. Resource name for the access policy to list Access Levels from.

Format: accessPolicies/{policy_id}

optionalArgs array

Optional.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ accessLevelFormat int

Whether to return BasicLevels in the Cloud Common Expression language, as CustomLevels, rather than as BasicLevels. Defaults to returning AccessLevels in the format they were defined. For allowed values, use constants defined on Google\Identity\AccessContextManager\V1\LevelFormat

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Identity\AccessContextManager\V1\AccessLevel;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\ListAccessLevelsRequest;

/**
 * @param string $formattedParent Resource name for the access policy to list [Access Levels]
 *                                [google.identity.accesscontextmanager.v1.AccessLevel] from.
 *
 *                                Format:
 *                                `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function list_access_levels_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new ListAccessLevelsRequest())
        ->setParent($formattedParent);

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $accessContextManagerClient->listAccessLevels($request);

        /** @var AccessLevel $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    list_access_levels_sample($formattedParent);
}

listAccessPolicies

Lists all access policies in an organization.

Parameters
NameDescription
parent string

Required. Resource name for the container to list AccessPolicy instances from.

Format: organizations/{org_id}

optionalArgs array

Optional.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Identity\AccessContextManager\V1\AccessPolicy;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\ListAccessPoliciesRequest;

/**
 * @param string $formattedParent Resource name for the container to list AccessPolicy instances
 *                                from.
 *
 *                                Format:
 *                                `organizations/{org_id}`
 *                                Please see {@see AccessContextManagerClient::organizationName()} for help formatting this field.
 */
function list_access_policies_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new ListAccessPoliciesRequest())
        ->setParent($formattedParent);

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $accessContextManagerClient->listAccessPolicies($request);

        /** @var AccessPolicy $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::organizationName('[ORGANIZATION]');

    list_access_policies_sample($formattedParent);
}

listGcpUserAccessBindings

Lists all GcpUserAccessBindings for a Google Cloud organization.

Parameters
NameDescription
parent string

Required. Example: "organizations/256"

optionalArgs array

Optional.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\GcpUserAccessBinding;
use Google\Identity\AccessContextManager\V1\ListGcpUserAccessBindingsRequest;

/**
 * @param string $formattedParent Example: "organizations/256"
 *                                Please see {@see AccessContextManagerClient::organizationName()} for help formatting this field.
 */
function list_gcp_user_access_bindings_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new ListGcpUserAccessBindingsRequest())
        ->setParent($formattedParent);

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $accessContextManagerClient->listGcpUserAccessBindings($request);

        /** @var GcpUserAccessBinding $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::organizationName('[ORGANIZATION]');

    list_gcp_user_access_bindings_sample($formattedParent);
}

listServicePerimeters

Lists all service perimeters for an access policy.

Parameters
NameDescription
parent string

Required. Resource name for the access policy to list Service Perimeters from.

Format: accessPolicies/{policy_id}

optionalArgs array

Optional.

↳ pageSize int

The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved.

↳ pageToken string

A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\PagedListResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\ListServicePerimetersRequest;
use Google\Identity\AccessContextManager\V1\ServicePerimeter;

/**
 * @param string $formattedParent Resource name for the access policy to list [Service Perimeters]
 *                                [google.identity.accesscontextmanager.v1.ServicePerimeter] from.
 *
 *                                Format:
 *                                `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function list_service_perimeters_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $request = (new ListServicePerimetersRequest())
        ->setParent($formattedParent);

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $accessContextManagerClient->listServicePerimeters($request);

        /** @var ServicePerimeter $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    list_service_perimeters_sample($formattedParent);
}

replaceAccessLevels

Replaces all existing access levels in an access policy with the access levels provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. If the replacement contains errors, an error response is returned for the first error encountered. Upon error, the replacement is cancelled, and existing access levels are not affected. The Operation.response field contains ReplaceAccessLevelsResponse. Removing access levels contained in existing service perimeters result in an error.

Parameters
NameDescription
parent string

Required. Resource name for the access policy which owns these Access Levels.

Format: accessPolicies/{policy_id}

accessLevels array<Google\Identity\AccessContextManager\V1\AccessLevel>

Required. The desired Access Levels that should replace all existing Access Levels in the Access Policy.

optionalArgs array

Optional.

↳ etag string

Optional. The etag for the version of the [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that this replace operation is to be performed on. If, at the time of replace, the etag for the Access Policy stored in Access Context Manager is different from the specified etag, then the replace operation will not be performed and the call will fail. This field is not required. If etag is not provided, the operation will be performed as if a valid etag is provided.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessLevel;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\ReplaceAccessLevelsRequest;
use Google\Identity\AccessContextManager\V1\ReplaceAccessLevelsResponse;
use Google\Rpc\Status;

/**
 * @param string $formattedParent Resource name for the access policy which owns these
 *                                [Access Levels]
 *                                [google.identity.accesscontextmanager.v1.AccessLevel].
 *
 *                                Format: `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function replace_access_levels_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $accessLevels = [new AccessLevel()];
    $request = (new ReplaceAccessLevelsRequest())
        ->setParent($formattedParent)
        ->setAccessLevels($accessLevels);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->replaceAccessLevels($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var ReplaceAccessLevelsResponse $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    replace_access_levels_sample($formattedParent);
}

replaceServicePerimeters

Replace all existing service perimeters in an access policy with the service perimeters provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage.

Replacements containing errors result in an error response for the first error encountered. Upon an error, replacement are cancelled and existing service perimeters are not affected. The Operation.response field contains ReplaceServicePerimetersResponse.

Parameters
NameDescription
parent string

Required. Resource name for the access policy which owns these Service Perimeters.

Format: accessPolicies/{policy_id}

servicePerimeters array<Google\Identity\AccessContextManager\V1\ServicePerimeter>

Required. The desired Service Perimeters that should replace all existing Service Perimeters in the Access Policy.

optionalArgs array

Optional.

↳ etag string

Optional. The etag for the version of the [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that this replace operation is to be performed on. If, at the time of replace, the etag for the Access Policy stored in Access Context Manager is different from the specified etag, then the replace operation will not be performed and the call will fail. This field is not required. If etag is not provided, the operation will be performed as if a valid etag is provided.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\ReplaceServicePerimetersRequest;
use Google\Identity\AccessContextManager\V1\ReplaceServicePerimetersResponse;
use Google\Identity\AccessContextManager\V1\ServicePerimeter;
use Google\Rpc\Status;

/**
 * @param string $formattedParent Resource name for the access policy which owns these
 *                                [Service Perimeters]
 *                                [google.identity.accesscontextmanager.v1.ServicePerimeter].
 *
 *                                Format: `accessPolicies/{policy_id}`
 *                                Please see {@see AccessContextManagerClient::accessPolicyName()} for help formatting this field.
 */
function replace_service_perimeters_sample(string $formattedParent): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $servicePerimeters = [new ServicePerimeter()];
    $request = (new ReplaceServicePerimetersRequest())
        ->setParent($formattedParent)
        ->setServicePerimeters($servicePerimeters);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->replaceServicePerimeters($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var ReplaceServicePerimetersResponse $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = AccessContextManagerClient::accessPolicyName('[ACCESS_POLICY]');

    replace_service_perimeters_sample($formattedParent);
}

setIamPolicy

Sets the IAM policy for the specified Access Context Manager access policy.

This method replaces the existing IAM policy on the access policy. The IAM policy controls the set of users who can perform specific operations on the Access Context Manager access policy.

Parameters
NameDescription
resource string

REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.

policy Google\Cloud\Iam\V1\Policy

REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.

optionalArgs array

Optional.

↳ updateMask FieldMask

OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: paths: "bindings, etag"

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Iam\V1\Policy
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\Policy;
use Google\Cloud\Iam\V1\SetIamPolicyRequest;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;

/**
 * @param string $resource REQUIRED: The resource for which the policy is being specified.
 *                         See the operation documentation for the appropriate value for this field.
 */
function set_iam_policy_sample(string $resource): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $policy = new Policy();
    $request = (new SetIamPolicyRequest())
        ->setResource($resource)
        ->setPolicy($policy);

    // Call the API and handle any network failures.
    try {
        /** @var Policy $response */
        $response = $accessContextManagerClient->setIamPolicy($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';

    set_iam_policy_sample($resource);
}

testIamPermissions

Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter ]. This method does not support other resources.

Parameters
NameDescription
resource string

REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.

permissions string[]

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\Cloud\Iam\V1\TestIamPermissionsResponse
Example
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\TestIamPermissionsRequest;
use Google\Cloud\Iam\V1\TestIamPermissionsResponse;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;

/**
 * @param string $resource           REQUIRED: The resource for which the policy detail is being requested.
 *                                   See the operation documentation for the appropriate value for this field.
 * @param string $permissionsElement The set of permissions to check for the `resource`. Permissions with
 *                                   wildcards (such as '*' or 'storage.*') are not allowed. For more
 *                                   information see
 *                                   [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
 */
function test_iam_permissions_sample(string $resource, string $permissionsElement): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $permissions = [$permissionsElement,];
    $request = (new TestIamPermissionsRequest())
        ->setResource($resource)
        ->setPermissions($permissions);

    // Call the API and handle any network failures.
    try {
        /** @var TestIamPermissionsResponse $response */
        $response = $accessContextManagerClient->testIamPermissions($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $resource = '[RESOURCE]';
    $permissionsElement = '[PERMISSIONS]';

    test_iam_permissions_sample($resource, $permissionsElement);
}

updateAccessLevel

Updates an access level. The long-running operation from this RPC has a successful status after the changes to the access level propagate to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered.

Parameters
NameDescription
accessLevel Google\Identity\AccessContextManager\V1\AccessLevel

Required. The updated Access Level. Syntactic correctness of the Access Level is a precondition for creation.

updateMask Google\Protobuf\FieldMask

Required. Mask to control which fields get updated. Must be non-empty.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessLevel;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\UpdateAccessLevelRequest;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_access_level_sample(): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $accessLevel = new AccessLevel();
    $updateMask = new FieldMask();
    $request = (new UpdateAccessLevelRequest())
        ->setAccessLevel($accessLevel)
        ->setUpdateMask($updateMask);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->updateAccessLevel($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var AccessLevel $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

updateAccessPolicy

Updates an access policy. The long-running operation from this RPC has a successful status after the changes to the access policy propagate to long-lasting storage.

Parameters
NameDescription
policy Google\Identity\AccessContextManager\V1\AccessPolicy

Required. The updated AccessPolicy.

updateMask Google\Protobuf\FieldMask

Required. Mask to control which fields get updated. Must be non-empty.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\AccessPolicy;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\UpdateAccessPolicyRequest;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_access_policy_sample(): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $policy = new AccessPolicy();
    $updateMask = new FieldMask();
    $request = (new UpdateAccessPolicyRequest())
        ->setPolicy($policy)
        ->setUpdateMask($updateMask);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->updateAccessPolicy($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var AccessPolicy $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

updateGcpUserAccessBinding

Updates a GcpUserAccessBinding.

Completion of this long-running operation does not necessarily signify that the changed binding is deployed onto all affected users, which may take more time.

Parameters
NameDescription
gcpUserAccessBinding Google\Identity\AccessContextManager\V1\GcpUserAccessBinding

Required. GcpUserAccessBinding

updateMask Google\Protobuf\FieldMask

Required. Only the fields specified in this mask are updated. Because name and group_key cannot be changed, update_mask is required and must always be:

update_mask { paths: "access_levels" }

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\GcpUserAccessBinding;
use Google\Identity\AccessContextManager\V1\UpdateGcpUserAccessBindingRequest;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * @param string $gcpUserAccessBindingGroupKey                     Immutable. Google Group id whose members are subject to this binding's restrictions.
 *                                                                 See "id" in the [G Suite Directory API's Groups resource]
 *                                                                 (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource).
 *                                                                 If a group's email address/alias is changed, this resource will continue
 *                                                                 to point at the changed group. This field does not accept group email
 *                                                                 addresses or aliases.
 *                                                                 Example: "01d520gv4vjcrht"
 * @param string $formattedGcpUserAccessBindingAccessLevelsElement Access level that a user must have to be granted access. Only one access
 *                                                                 level is supported, not multiple. This repeated field must have exactly
 *                                                                 one element.
 *                                                                 Example: "accessPolicies/9522/accessLevels/device_trusted"
 *                                                                 Please see {@see AccessContextManagerClient::accessLevelName()} for help formatting this field.
 */
function update_gcp_user_access_binding_sample(
    string $gcpUserAccessBindingGroupKey,
    string $formattedGcpUserAccessBindingAccessLevelsElement
): void {
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $formattedGcpUserAccessBindingAccessLevels = [
        $formattedGcpUserAccessBindingAccessLevelsElement,
    ];
    $gcpUserAccessBinding = (new GcpUserAccessBinding())
        ->setGroupKey($gcpUserAccessBindingGroupKey)
        ->setAccessLevels($formattedGcpUserAccessBindingAccessLevels);
    $updateMask = new FieldMask();
    $request = (new UpdateGcpUserAccessBindingRequest())
        ->setGcpUserAccessBinding($gcpUserAccessBinding)
        ->setUpdateMask($updateMask);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->updateGcpUserAccessBinding($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var GcpUserAccessBinding $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $gcpUserAccessBindingGroupKey = '[GROUP_KEY]';
    $formattedGcpUserAccessBindingAccessLevelsElement = AccessContextManagerClient::accessLevelName(
        '[ACCESS_POLICY]',
        '[ACCESS_LEVEL]'
    );

    update_gcp_user_access_binding_sample(
        $gcpUserAccessBindingGroupKey,
        $formattedGcpUserAccessBindingAccessLevelsElement
    );
}

updateServicePerimeter

Updates a service perimeter. The long-running operation from this RPC has a successful status after the service perimeter propagates to long-lasting storage. If a service perimeter contains errors, an error response is returned for the first error encountered.

Parameters
NameDescription
servicePerimeter Google\Identity\AccessContextManager\V1\ServicePerimeter

Required. The updated ServicePerimeter. Syntactic correctness of the ServicePerimeter is a precondition for creation.

updateMask Google\Protobuf\FieldMask

Required. Mask to control which fields get updated. Must be non-empty.

optionalArgs array

Optional.

↳ retrySettings RetrySettings|array

Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
TypeDescription
Google\ApiCore\OperationResponse
Example
use Google\ApiCore\ApiException;
use Google\ApiCore\OperationResponse;
use Google\Identity\AccessContextManager\V1\Client\AccessContextManagerClient;
use Google\Identity\AccessContextManager\V1\ServicePerimeter;
use Google\Identity\AccessContextManager\V1\UpdateServicePerimeterRequest;
use Google\Protobuf\FieldMask;
use Google\Rpc\Status;

/**
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function update_service_perimeter_sample(): void
{
    // Create a client.
    $accessContextManagerClient = new AccessContextManagerClient();

    // Prepare the request message.
    $servicePerimeter = new ServicePerimeter();
    $updateMask = new FieldMask();
    $request = (new UpdateServicePerimeterRequest())
        ->setServicePerimeter($servicePerimeter)
        ->setUpdateMask($updateMask);

    // Call the API and handle any network failures.
    try {
        /** @var OperationResponse $response */
        $response = $accessContextManagerClient->updateServicePerimeter($request);
        $response->pollUntilComplete();

        if ($response->operationSucceeded()) {
            /** @var ServicePerimeter $result */
            $result = $response->getResult();
            printf('Operation successful with response data: %s' . PHP_EOL, $result->serializeToJsonString());
        } else {
            /** @var Status $error */
            $error = $response->getError();
            printf('Operation failed with error data: %s' . PHP_EOL, $error->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

getOperationsClient

Return an OperationsClient object with the same endpoint as $this.

Returns
TypeDescription
Google\ApiCore\LongRunning\OperationsClient

resumeOperation

Resume an existing long running operation that was previously started by a long running API method. If $methodName is not provided, or does not match a long running API method, then the operation can still be resumed, but the OperationResponse object will not deserialize the final response.

Parameters
NameDescription
operationName string

The name of the long running operation

methodName string

The name of the method used to start the operation

Returns
TypeDescription
Google\ApiCore\OperationResponse

static::accessLevelName

Formats a string containing the fully-qualified path to represent a access_level resource.

Parameters
NameDescription
accessPolicy string
accessLevel string
Returns
TypeDescription
stringThe formatted access_level resource.

static::accessPolicyName

Formats a string containing the fully-qualified path to represent a access_policy resource.

Parameter
NameDescription
accessPolicy string
Returns
TypeDescription
stringThe formatted access_policy resource.

static::gcpUserAccessBindingName

Formats a string containing the fully-qualified path to represent a gcp_user_access_binding resource.

Parameters
NameDescription
organization string
gcpUserAccessBinding string
Returns
TypeDescription
stringThe formatted gcp_user_access_binding resource.

static::organizationName

Formats a string containing the fully-qualified path to represent a organization resource.

Parameter
NameDescription
organization string
Returns
TypeDescription
stringThe formatted organization resource.

static::servicePerimeterName

Formats a string containing the fully-qualified path to represent a service_perimeter resource.

Parameters
NameDescription
accessPolicy string
servicePerimeter string
Returns
TypeDescription
stringThe formatted service_perimeter resource.

static::parseName

Parses a formatted name string and returns an associative array of the components in the name.

The following name formats are supported: Template: Pattern

  • accessLevel: accessPolicies/{access_policy}/accessLevels/{access_level}
  • accessPolicy: accessPolicies/{access_policy}
  • gcpUserAccessBinding: organizations/{organization}/gcpUserAccessBindings/{gcp_user_access_binding}
  • organization: organizations/{organization}
  • servicePerimeter: accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}

The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.

Parameters
NameDescription
formattedName string

The formatted name string

template string

Optional name of template to match

Returns
TypeDescription
arrayAn associative array from name component IDs to component values.

Constants

SERVICE_NAME

Value: 'google.identity.accesscontextmanager.v1.AccessContextManager'

The name of the service.

SERVICE_ADDRESS

Value: 'accesscontextmanager.googleapis.com'

The default address of the service.

DEFAULT_SERVICE_PORT

Value: 443

The default port of the service.

CODEGEN_NAME

Value: 'gapic'

The name of the code generator, to be included in the agent header.