IdentityAwareProxyAdminServiceAsyncClient(*, credentials: typing.Optional[google.auth.credentials.Credentials] = None, transport: typing.Optional[typing.Union[str, google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.base.IdentityAwareProxyAdminServiceTransport, typing.Callable[[...], google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.base.IdentityAwareProxyAdminServiceTransport]]] = 'grpc_asyncio', client_options: typing.Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
APIs for Identity-Aware Proxy Admin configurations.
Properties
api_endpoint
Return the API endpoint used by the client instance.
Returns | |
---|---|
Type | Description |
str |
The API endpoint used by the client instance. |
transport
Returns the transport used by the client instance.
Returns | |
---|---|
Type | Description |
IdentityAwareProxyAdminServiceTransport |
The transport used by the client instance. |
universe_domain
Return the universe domain used by the client instance.
Returns | |
---|---|
Type | Description |
str |
The universe domain used by the client instance. |
Methods
IdentityAwareProxyAdminServiceAsyncClient
IdentityAwareProxyAdminServiceAsyncClient(*, credentials: typing.Optional[google.auth.credentials.Credentials] = None, transport: typing.Optional[typing.Union[str, google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.base.IdentityAwareProxyAdminServiceTransport, typing.Callable[[...], google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.base.IdentityAwareProxyAdminServiceTransport]]] = 'grpc_asyncio', client_options: typing.Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Instantiates the identity aware proxy admin service async client.
Parameters | |
---|---|
Name | Description |
credentials |
Optional[google.auth.credentials.Credentials]
The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. |
transport |
Optional[Union[str,IdentityAwareProxyAdminServiceTransport,Callable[..., IdentityAwareProxyAdminServiceTransport]]]
The transport to use, or a Callable that constructs and returns a new transport to use. If a Callable is given, it will be called with the same set of initialization arguments as used in the IdentityAwareProxyAdminServiceTransport constructor. If set to None, a transport is chosen automatically. |
client_options |
Optional[Union[google.api_core.client_options.ClientOptions, dict]]
Custom options for the client. 1. The |
client_info |
google.api_core.gapic_v1.client_info.ClientInfo
The client info used to send a user-agent string along with API requests. If |
Exceptions | |
---|---|
Type | Description |
google.auth.exceptions.MutualTlsChannelError |
If mutual TLS transport creation failed for any reason. |
common_billing_account_path
common_billing_account_path(billing_account: str) -> str
Returns a fully-qualified billing_account string.
common_folder_path
common_folder_path(folder: str) -> str
Returns a fully-qualified folder string.
common_location_path
common_location_path(project: str, location: str) -> str
Returns a fully-qualified location string.
common_organization_path
common_organization_path(organization: str) -> str
Returns a fully-qualified organization string.
common_project_path
common_project_path(project: str) -> str
Returns a fully-qualified project string.
create_tunnel_dest_group
create_tunnel_dest_group(
request: typing.Optional[
typing.Union[
google.cloud.iap_v1.types.service.CreateTunnelDestGroupRequest, dict
]
] = None,
*,
parent: typing.Optional[str] = None,
tunnel_dest_group: typing.Optional[
google.cloud.iap_v1.types.service.TunnelDestGroup
] = None,
tunnel_dest_group_id: typing.Optional[str] = None,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary_async.AsyncRetry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.cloud.iap_v1.types.service.TunnelDestGroup
Creates a new TunnelDestGroup.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iap_v1
async def sample_create_tunnel_dest_group():
# Create a client
client = iap_v1.IdentityAwareProxyAdminServiceAsyncClient()
# Initialize request argument(s)
tunnel_dest_group = iap_v1.TunnelDestGroup()
tunnel_dest_group.name = "name_value"
request = iap_v1.CreateTunnelDestGroupRequest(
parent="parent_value",
tunnel_dest_group=tunnel_dest_group,
tunnel_dest_group_id="tunnel_dest_group_id_value",
)
# Make the request
response = await client.create_tunnel_dest_group(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Optional[Union[google.cloud.iap_v1.types.CreateTunnelDestGroupRequest, dict]]
The request object. The request to CreateTunnelDestGroup. |
parent |
Required. Google Cloud Project ID and location. In the following format: |
tunnel_dest_group |
TunnelDestGroup
Required. The TunnelDestGroup to create. This corresponds to the |
tunnel_dest_group_id |
Required. The ID to use for the TunnelDestGroup, which becomes the final component of the resource name. This value must be 4-63 characters, and valid characters are |
retry |
google.api_core.retry_async.AsyncRetry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
Returns | |
---|---|
Type | Description |
google.cloud.iap_v1.types.TunnelDestGroup |
A TunnelDestGroup. |
delete_tunnel_dest_group
delete_tunnel_dest_group(
request: typing.Optional[
typing.Union[
google.cloud.iap_v1.types.service.DeleteTunnelDestGroupRequest, dict
]
] = None,
*,
name: typing.Optional[str] = None,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary_async.AsyncRetry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> None
Deletes a TunnelDestGroup.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iap_v1
async def sample_delete_tunnel_dest_group():
# Create a client
client = iap_v1.IdentityAwareProxyAdminServiceAsyncClient()
# Initialize request argument(s)
request = iap_v1.DeleteTunnelDestGroupRequest(
name="name_value",
)
# Make the request
await client.delete_tunnel_dest_group(request=request)
Parameters | |
---|---|
Name | Description |
request |
Optional[Union[google.cloud.iap_v1.types.DeleteTunnelDestGroupRequest, dict]]
The request object. The request to DeleteTunnelDestGroup. |
name |
Required. Name of the TunnelDestGroup to delete. In the following format: |
retry |
google.api_core.retry_async.AsyncRetry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
from_service_account_file
from_service_account_file(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
IdentityAwareProxyAdminServiceAsyncClient |
The constructed client. |
from_service_account_info
from_service_account_info(info: dict, *args, **kwargs)
Creates an instance of this client using the provided credentials info.
Parameter | |
---|---|
Name | Description |
info |
dict
The service account private key info. |
Returns | |
---|---|
Type | Description |
IdentityAwareProxyAdminServiceAsyncClient |
The constructed client. |
from_service_account_json
from_service_account_json(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
IdentityAwareProxyAdminServiceAsyncClient |
The constructed client. |
get_iam_policy
get_iam_policy(
request: typing.Optional[
typing.Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]
] = None,
*,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary_async.AsyncRetry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.iam.v1.policy_pb2.Policy
Gets the access control policy for an Identity-Aware Proxy protected resource. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iap_v1
from google.iam.v1 import iam_policy_pb2 # type: ignore
async def sample_get_iam_policy():
# Create a client
client = iap_v1.IdentityAwareProxyAdminServiceAsyncClient()
# Initialize request argument(s)
request = iam_policy_pb2.GetIamPolicyRequest(
resource="resource_value",
)
# Make the request
response = await client.get_iam_policy(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Optional[Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]]
The request object. Request message for |
retry |
google.api_core.retry_async.AsyncRetry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
Returns | |
---|---|
Type | Description |
google.iam.v1.policy_pb2.Policy |
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** :literal:\ { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ],="" "etag":="" "bwwwja0yfja=", " version":="" 3="">\ \ **YAML example:** :literal:\ bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01t00:00:00.000z')="" etag:="" bwwwja0yfja="version:">\ \ For a description of IAM and its features, see the [IAM documentation](\ https://cloud.google.com/iam/docs/). |
get_iap_settings
get_iap_settings(
request: typing.Optional[
typing.Union[google.cloud.iap_v1.types.service.GetIapSettingsRequest, dict]
] = None,
*,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary_async.AsyncRetry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.cloud.iap_v1.types.service.IapSettings
Gets the IAP settings on a particular IAP protected resource.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iap_v1
async def sample_get_iap_settings():
# Create a client
client = iap_v1.IdentityAwareProxyAdminServiceAsyncClient()
# Initialize request argument(s)
request = iap_v1.GetIapSettingsRequest(
name="name_value",
)
# Make the request
response = await client.get_iap_settings(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Optional[Union[google.cloud.iap_v1.types.GetIapSettingsRequest, dict]]
The request object. The request sent to GetIapSettings. |
retry |
google.api_core.retry_async.AsyncRetry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
Returns | |
---|---|
Type | Description |
google.cloud.iap_v1.types.IapSettings |
The IAP configurable settings. |
get_mtls_endpoint_and_cert_source
get_mtls_endpoint_and_cert_source(
client_options: typing.Optional[
google.api_core.client_options.ClientOptions
] = None,
)
Return the API endpoint and client cert source for mutual TLS.
The client cert source is determined in the following order:
(1) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is not "true", the
client cert source is None.
(2) if client_options.client_cert_source
is provided, use the provided one; if the
default client cert source exists, use the default one; otherwise the client cert
source is None.
The API endpoint is determined in the following order:
(1) if client_options.api_endpoint
if provided, use the provided one.
(2) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is "always", use the
default mTLS endpoint; if the environment variable is "never", use the default API
endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
use the default API endpoint.
More details can be found at https://google.aip.dev/auth/4114.
Parameter | |
---|---|
Name | Description |
client_options |
google.api_core.client_options.ClientOptions
Custom options for the client. Only the |
Exceptions | |
---|---|
Type | Description |
google.auth.exceptions.MutualTLSChannelError |
If any errors happen. |
Returns | |
---|---|
Type | Description |
Tuple[str, Callable[[], Tuple[bytes, bytes]]] |
returns the API endpoint and the client cert source to use. |
get_transport_class
get_transport_class(
label: typing.Optional[str] = None,
) -> typing.Type[
google.cloud.iap_v1.services.identity_aware_proxy_admin_service.transports.base.IdentityAwareProxyAdminServiceTransport
]
Returns an appropriate transport class.
Parameter | |
---|---|
Name | Description |
label |
typing.Optional[str]
The name of the desired transport. If none is provided, then the first transport in the registry is used. |
get_tunnel_dest_group
get_tunnel_dest_group(
request: typing.Optional[
typing.Union[google.cloud.iap_v1.types.service.GetTunnelDestGroupRequest, dict]
] = None,
*,
name: typing.Optional[str] = None,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary_async.AsyncRetry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.cloud.iap_v1.types.service.TunnelDestGroup
Retrieves an existing TunnelDestGroup.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iap_v1
async def sample_get_tunnel_dest_group():
# Create a client
client = iap_v1.IdentityAwareProxyAdminServiceAsyncClient()
# Initialize request argument(s)
request = iap_v1.GetTunnelDestGroupRequest(
name="name_value",
)
# Make the request
response = await client.get_tunnel_dest_group(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Optional[Union[google.cloud.iap_v1.types.GetTunnelDestGroupRequest, dict]]
The request object. The request to GetTunnelDestGroup. |
name |
Required. Name of the TunnelDestGroup to be fetched. In the following format: |
retry |
google.api_core.retry_async.AsyncRetry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
Returns | |
---|---|
Type | Description |
google.cloud.iap_v1.types.TunnelDestGroup |
A TunnelDestGroup. |
list_tunnel_dest_groups
list_tunnel_dest_groups(
request: typing.Optional[
typing.Union[
google.cloud.iap_v1.types.service.ListTunnelDestGroupsRequest, dict
]
] = None,
*,
parent: typing.Optional[str] = None,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary_async.AsyncRetry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> (
google.cloud.iap_v1.services.identity_aware_proxy_admin_service.pagers.ListTunnelDestGroupsAsyncPager
)
Lists the existing TunnelDestGroups. To group across all
locations, use a -
as the location ID. For example:
/v1/projects/123/iap_tunnel/locations/-/destGroups
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iap_v1
async def sample_list_tunnel_dest_groups():
# Create a client
client = iap_v1.IdentityAwareProxyAdminServiceAsyncClient()
# Initialize request argument(s)
request = iap_v1.ListTunnelDestGroupsRequest(
parent="parent_value",
)
# Make the request
page_result = client.list_tunnel_dest_groups(request=request)
# Handle the response
async for response in page_result:
print(response)
Parameters | |
---|---|
Name | Description |
request |
Optional[Union[google.cloud.iap_v1.types.ListTunnelDestGroupsRequest, dict]]
The request object. The request to ListTunnelDestGroups. |
parent |
Required. Google Cloud Project ID and location. In the following format: |
retry |
google.api_core.retry_async.AsyncRetry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
Returns | |
---|---|
Type | Description |
google.cloud.iap_v1.services.identity_aware_proxy_admin_service.pagers.ListTunnelDestGroupsAsyncPager |
The response from ListTunnelDestGroups. Iterating over this object will yield results and resolve additional pages automatically. |
parse_common_billing_account_path
parse_common_billing_account_path(path: str) -> typing.Dict[str, str]
Parse a billing_account path into its component segments.
parse_common_folder_path
parse_common_folder_path(path: str) -> typing.Dict[str, str]
Parse a folder path into its component segments.
parse_common_location_path
parse_common_location_path(path: str) -> typing.Dict[str, str]
Parse a location path into its component segments.
parse_common_organization_path
parse_common_organization_path(path: str) -> typing.Dict[str, str]
Parse a organization path into its component segments.
parse_common_project_path
parse_common_project_path(path: str) -> typing.Dict[str, str]
Parse a project path into its component segments.
parse_tunnel_dest_group_path
parse_tunnel_dest_group_path(path: str) -> typing.Dict[str, str]
Parses a tunnel_dest_group path into its component segments.
parse_tunnel_location_path
parse_tunnel_location_path(path: str) -> typing.Dict[str, str]
Parses a tunnel_location path into its component segments.
set_iam_policy
set_iam_policy(
request: typing.Optional[
typing.Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]
] = None,
*,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary_async.AsyncRetry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.iam.v1.policy_pb2.Policy
Sets the access control policy for an Identity-Aware Proxy protected resource. Replaces any existing policy. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iap_v1
from google.iam.v1 import iam_policy_pb2 # type: ignore
async def sample_set_iam_policy():
# Create a client
client = iap_v1.IdentityAwareProxyAdminServiceAsyncClient()
# Initialize request argument(s)
request = iam_policy_pb2.SetIamPolicyRequest(
resource="resource_value",
)
# Make the request
response = await client.set_iam_policy(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Optional[Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]]
The request object. Request message for |
retry |
google.api_core.retry_async.AsyncRetry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
Returns | |
---|---|
Type | Description |
google.iam.v1.policy_pb2.Policy |
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** :literal:\ { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ],="" "etag":="" "bwwwja0yfja=", " version":="" 3="">\ \ **YAML example:** :literal:\ bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01t00:00:00.000z')="" etag:="" bwwwja0yfja="version:">\ \ For a description of IAM and its features, see the [IAM documentation](\ https://cloud.google.com/iam/docs/). |
test_iam_permissions
test_iam_permissions(
request: typing.Optional[
typing.Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]
] = None,
*,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary_async.AsyncRetry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse
Returns permissions that a caller has on the Identity-Aware Proxy protected resource. More information about managing access via IAP can be found at: https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iap_v1
from google.iam.v1 import iam_policy_pb2 # type: ignore
async def sample_test_iam_permissions():
# Create a client
client = iap_v1.IdentityAwareProxyAdminServiceAsyncClient()
# Initialize request argument(s)
request = iam_policy_pb2.TestIamPermissionsRequest(
resource="resource_value",
permissions=['permissions_value1', 'permissions_value2'],
)
# Make the request
response = await client.test_iam_permissions(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Optional[Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]]
The request object. Request message for |
retry |
google.api_core.retry_async.AsyncRetry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
Returns | |
---|---|
Type | Description |
google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse |
Response message for TestIamPermissions method. |
tunnel_dest_group_path
tunnel_dest_group_path(project: str, location: str, dest_group: str) -> str
Returns a fully-qualified tunnel_dest_group string.
tunnel_location_path
tunnel_location_path(project: str, location: str) -> str
Returns a fully-qualified tunnel_location string.
update_iap_settings
update_iap_settings(
request: typing.Optional[
typing.Union[google.cloud.iap_v1.types.service.UpdateIapSettingsRequest, dict]
] = None,
*,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary_async.AsyncRetry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.cloud.iap_v1.types.service.IapSettings
Updates the IAP settings on a particular IAP protected resource.
It replaces all fields unless the update_mask
is set.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iap_v1
async def sample_update_iap_settings():
# Create a client
client = iap_v1.IdentityAwareProxyAdminServiceAsyncClient()
# Initialize request argument(s)
iap_settings = iap_v1.IapSettings()
iap_settings.name = "name_value"
request = iap_v1.UpdateIapSettingsRequest(
iap_settings=iap_settings,
)
# Make the request
response = await client.update_iap_settings(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Optional[Union[google.cloud.iap_v1.types.UpdateIapSettingsRequest, dict]]
The request object. The request sent to UpdateIapSettings. |
retry |
google.api_core.retry_async.AsyncRetry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
Returns | |
---|---|
Type | Description |
google.cloud.iap_v1.types.IapSettings |
The IAP configurable settings. |
update_tunnel_dest_group
update_tunnel_dest_group(
request: typing.Optional[
typing.Union[
google.cloud.iap_v1.types.service.UpdateTunnelDestGroupRequest, dict
]
] = None,
*,
tunnel_dest_group: typing.Optional[
google.cloud.iap_v1.types.service.TunnelDestGroup
] = None,
update_mask: typing.Optional[google.protobuf.field_mask_pb2.FieldMask] = None,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary_async.AsyncRetry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.cloud.iap_v1.types.service.TunnelDestGroup
Updates a TunnelDestGroup.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import iap_v1
async def sample_update_tunnel_dest_group():
# Create a client
client = iap_v1.IdentityAwareProxyAdminServiceAsyncClient()
# Initialize request argument(s)
tunnel_dest_group = iap_v1.TunnelDestGroup()
tunnel_dest_group.name = "name_value"
request = iap_v1.UpdateTunnelDestGroupRequest(
tunnel_dest_group=tunnel_dest_group,
)
# Make the request
response = await client.update_tunnel_dest_group(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Optional[Union[google.cloud.iap_v1.types.UpdateTunnelDestGroupRequest, dict]]
The request object. The request to UpdateTunnelDestGroup. |
tunnel_dest_group |
TunnelDestGroup
Required. The new values for the TunnelDestGroup. This corresponds to the |
update_mask |
A field mask that specifies which IAP settings to update. If omitted, then all of the settings are updated. See https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask This corresponds to the |
retry |
google.api_core.retry_async.AsyncRetry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
Returns | |
---|---|
Type | Description |
google.cloud.iap_v1.types.TunnelDestGroup |
A TunnelDestGroup. |