Module types (1.3.0)

API documentation for asset_v1p1beta1.types module.

One delta entry for AuditConfig. Each individual change (only one exempted_member in each entry) to a AuditConfig will be a separate entry.

.. attribute:: action

The action that was performed on an audit configuration in a policy. Required

A single identity that is exempted from “data access” audit logging for the service specified above. Follows the same format of Binding.members.

Associates members with a role.

.. attribute:: role

Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.

The condition that is associated with this binding. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.

One delta entry for Binding. Each individual change (only one member in each entry) to a binding will be a separate entry.

.. attribute:: action

The action that was performed on a Binding. Required

A single identity requesting access for a Cloud Platform resource. Follows the same format of Binding.members. Required

API documentation for asset_v1p1beta1.types.Expr class.

The result for a IAM Policy search.

The project that the associated GCP resource belongs to, in the form of projects/{project_number}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, the project field will be empty.

Explanation about the IAM policy search result. It contains additional information to explain why the search result matches the query.

IAM permissions

Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.

A Policy consists of a list of bindings. A binding binds a list of members to a role, where the members can be user accounts, Google groups, Google domains, and service accounts. A role is a named list of permissions defined by IAM.

JSON Example

::

{ "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-other-app@appspot.gserviceaccount.com" ] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] }

YAML Example

::

bindings:

• members:
  • user:mike@example.com
  • group:admins@example.com
  • domain:google.com
  • serviceAccount:my-other-app@appspot.gserviceaccount.com role: roles/owner
• members:
  • user:sean@example.com role: roles/viewer

For a description of IAM and its features, see the IAM developer’s guide <https://cloud.google.com/iam/docs>__.

.. attribute:: version

Deprecated.

etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy, and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. If no etag is provided in the call to setIamPolicy, then the existing policy is overwritten blindly.

The difference delta between two policies.

.. attribute:: binding_deltas

The delta for Bindings between two policies.

Search all IAM policies request.

Optional. The query statement. Examples: * “policy:myuser@mydomain.com” * “policy:(myuser@mydomain.com viewer)”

Optional. If present, retrieve the next batch of results from the preceding call to this method. page_token must be the value of next_page_token from the previous response. The values of all other method parameters must be identical to those in the previous call.

Search all IAM policies response.

Set if there are more results than those appearing in this response; to get the next set of results, call this method again, using this value as the page_token.

Search all resources request.

Optional. The query statement.

Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as next_page_token is returned.

Optional. A comma separated list of fields specifying the sorting order of the results. The default order is ascending. Add " desc" after the field name to indicate descending order. Redundant space characters are ignored. For example, " foo , bar desc ".

Search all resources response.

If there are more results than those appearing in this response, then next_page_token is included. To get the next set of results, call this method again using the value of next_page_token as page_token.

The standard metadata of a cloud resource.

The type of this resource. For example: “compute.googleapis.com/Disk”.

The display name of this resource.

Additional searchable attributes of this resource. Informational only. The exact set of attributes is subject to change. For example: project id, DNS name etc.

Labels associated with this resource. See Labelling and grouping GCP resources <https://cloud.google.com/blog/products/gcp/labelling-and- grouping-your-google-cloud-platform-resources>__ for more information.