Method: services.check

Private Preview. This feature is only available for approved services.

This method provides admission control for services that are integrated with Service Infrastructure. It checks whether an operation should be allowed based on the service configuration and relevant policies. It must be called before the operation is executed. For more information, see Admission Control.

NOTE: The admission control has an expected policy propagation delay of 60s. The caller must not depend on the most recent policy changes.

NOTE: The admission control has a hard limit of 1 referenced resources per call. If an operation refers to more than 1 resources, the caller must call the services.check method multiple times.

This method requires the servicemanagement.services.check permission on the specified service. For more information, see Service Control API Access Control.

HTTP request

POST https://servicecontrol.googleapis.com/v2/services/{serviceName}:check

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
serviceName

string

The service name as specified in its service configuration. For example, "pubsub.googleapis.com".

See google.api.Service for the definition of a service name.

Request body

The request body contains data with the following structure:

JSON representation
{
  "serviceConfigId": string,
  "attributes": {
    object (AttributeContext)
  },
  "resources": [
    {
      object (ResourceInfo)
    }
  ]
}
Fields
serviceConfigId

string

Specifies the version of the service configuration that should be used to process the request. Must not be empty. Set this field to 'latest' to specify using the latest configuration.

attributes

object (AttributeContext)

Describes attributes about the operation being executed by the service.

resources[]

object (ResourceInfo)

Describes the resources and the policies applied to each resource.

Response body

If successful, the response body contains data with the following structure:

Response message for the services.check method.

JSON representation
{
  "status": {
    object (Status)
  },
  "headers": {
    string: string,
    ...
  }
}
Fields
status

object (Status)

An 'OK' status allows the operation. Any other status indicates a denial; google.rpc.Status.details would contain additional details about the denial.

headers

map (key: string, value: string)

Returns a set of request contexts generated from the CheckRequest.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

Authorization Scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/servicecontrol
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ResourceInfo

Describes a resource referenced in the request.

JSON representation
{
  "name": string,
  "type": string,
  "permission": string
}
Fields
name

string

The name of the resource referenced in the request.

type

string

The resource type in the format of "{service}/{kind}".

permission

string

The resource permission needed for this request. The format must be "{service}/{plural}.{verb}".