Access Context Manager V1 Client - Class AccessPolicy (0.5.5)

Reference documentation and code samples for the Access Context Manager V1 Client class AccessPolicy.

AccessPolicy is a container for AccessLevels (which define the necessary attributes to use Google Cloud services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.

Generated from protobuf message google.identity.accesscontextmanager.v1.AccessPolicy

Namespace

Google \ Identity \ AccessContextManager \ V1

Methods

__construct

Constructor.

Parameters
Name Description
data array

Optional. Data for populating the Message object.

↳ name string

Output only. Resource name of the AccessPolicy. Format: accessPolicies/{access_policy}

↳ parent string

Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id}

↳ title string

Required. Human readable title. Does not affect behavior.

↳ scopes array

The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number}

↳ create_time Google\Protobuf\Timestamp

Output only. Time the AccessPolicy was created in UTC.

↳ update_time Google\Protobuf\Timestamp

Output only. Time the AccessPolicy was updated in UTC.

↳ etag string

Output only. An opaque identifier for the current version of the AccessPolicy. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.

getName

Output only. Resource name of the AccessPolicy. Format: accessPolicies/{access_policy}

Returns
Type Description
string

setName

Output only. Resource name of the AccessPolicy. Format: accessPolicies/{access_policy}

Parameter
Name Description
var string
Returns
Type Description
$this

getParent

Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id}

Returns
Type Description
string

setParent

Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id}

Parameter
Name Description
var string
Returns
Type Description
$this

getTitle

Required. Human readable title. Does not affect behavior.

Returns
Type Description
string

setTitle

Required. Human readable title. Does not affect behavior.

Parameter
Name Description
var string
Returns
Type Description
$this

getScopes

The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced.

For example, a policy with scopes=["folders/123"] has the following behavior:

  • vpcsc perimeters can only restrict projects within folders/123
  • access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number}
Returns
Type Description
Google\Protobuf\Internal\RepeatedField

setScopes

The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced.

For example, a policy with scopes=["folders/123"] has the following behavior:

  • vpcsc perimeters can only restrict projects within folders/123
  • access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number}
Parameter
Name Description
var string[]
Returns
Type Description
$this

getCreateTime

Output only. Time the AccessPolicy was created in UTC.

Returns
Type Description
Google\Protobuf\Timestamp|null

hasCreateTime

clearCreateTime

setCreateTime

Output only. Time the AccessPolicy was created in UTC.

Parameter
Name Description
var Google\Protobuf\Timestamp
Returns
Type Description
$this

getUpdateTime

Output only. Time the AccessPolicy was updated in UTC.

Returns
Type Description
Google\Protobuf\Timestamp|null

hasUpdateTime

clearUpdateTime

setUpdateTime

Output only. Time the AccessPolicy was updated in UTC.

Parameter
Name Description
var Google\Protobuf\Timestamp
Returns
Type Description
$this

getEtag

Output only. An opaque identifier for the current version of the AccessPolicy. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.

Returns
Type Description
string

setEtag

Output only. An opaque identifier for the current version of the AccessPolicy. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.

Parameter
Name Description
var string
Returns
Type Description
$this