Types for Container Analysis API Client#
-
class
google.cloud.devtools.containeranalysis_v1.types.
AuditConfigDelta
# One delta entry for AuditConfig. Each individual change (only one exempted_member in each entry) to a AuditConfig will be a separate entry.
-
action
# The action that was performed on an audit configuration in a policy. Required
-
service
# Specifies a service that was configured for Cloud Audit Logging. For example,
storage.googleapis.com
,cloudsql.googleapis.com
.allServices
is a special value that covers all services. Required
-
exempted_member
# A single identity that is exempted from “data access” audit logging for the
service
specified above. Follows the same format of Binding.members.
-
log_type
# Specifies the log_type that was be enabled. ADMIN_ACTIVITY is always enabled, and cannot be configured. Required
-
action
Field google.iam.v1.AuditConfigDelta.action
-
exempted_member
Field google.iam.v1.AuditConfigDelta.exempted_member
-
log_type
Field google.iam.v1.AuditConfigDelta.log_type
-
service
Field google.iam.v1.AuditConfigDelta.service
-
-
class
google.cloud.devtools.containeranalysis_v1.types.
Binding
# Associates
members
with arole
.-
role
# Role that is assigned to
members
. For example,roles/viewer
,roles/editor
, orroles/owner
.
-
members
# Specifies the identities requesting access for a Cloud Platform resource.
members
can have the following values: -allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account. -allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account. -user:{emailid}
: An email address that represents a specific Google account. For example,alice@gmail.com
. -serviceAccount:{emailid}
: An email address that represents a service account. For example,my-other- app@appspot.gserviceaccount.com
. -group:{emailid}
: An email address that represents a Google group. For example,admins@example.com
. -domain:{domain}
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
.
-
condition
# The condition that is associated with this binding. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently.
-
condition
Field google.iam.v1.Binding.condition
-
members
Field google.iam.v1.Binding.members
-
role
Field google.iam.v1.Binding.role
-
-
class
google.cloud.devtools.containeranalysis_v1.types.
BindingDelta
# One delta entry for Binding. Each individual change (only one member in each entry) to a binding will be a separate entry.
-
action
# The action that was performed on a Binding. Required
-
role
# Role that is assigned to
members
. For example,roles/viewer
,roles/editor
, orroles/owner
. Required
-
member
# A single identity requesting access for a Cloud Platform resource. Follows the same format of Binding.members. Required
-
condition
# Unimplemented. The condition that is associated with this binding. This field is logged only for Cloud Audit Logging.
-
action
Field google.iam.v1.BindingDelta.action
-
condition
Field google.iam.v1.BindingDelta.condition
-
member
Field google.iam.v1.BindingDelta.member
-
role
Field google.iam.v1.BindingDelta.role
-
-
class
google.cloud.devtools.containeranalysis_v1.types.
Expr
# -
description
# Field google.type.Expr.description
-
expression
# Field google.type.Expr.expression
-
location
# Field google.type.Expr.location
-
title
# Field google.type.Expr.title
-
-
class
google.cloud.devtools.containeranalysis_v1.types.
GetIamPolicyRequest
# Request message for
GetIamPolicy
method.-
resource
# REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.
-
options
# OPTIONAL: A
GetPolicyOptions
object for specifying options toGetIamPolicy
. This field is only used by Cloud IAM.
-
options
Field google.iam.v1.GetIamPolicyRequest.options
-
resource
Field google.iam.v1.GetIamPolicyRequest.resource
-
-
class
google.cloud.devtools.containeranalysis_v1.types.
GetPolicyOptions
# Encapsulates settings provided to GetIamPolicy.
-
requested_policy_version
# Optional. The policy format version to be returned. Acceptable values are 0 and 1. If the value is 0, or the field is omitted, policy format version 1 will be returned.
-
requested_policy_version
Field google.iam.v1.GetPolicyOptions.requested_policy_version
-
-
class
google.cloud.devtools.containeranalysis_v1.types.
Policy
# Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.
A
Policy
consists of a list ofbindings
. Abinding
binds a list ofmembers
to arole
, where the members can be user accounts, Google groups, Google domains, and service accounts. Arole
is a named list of permissions defined by IAM.JSON Example
{ "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-other-app@appspot.gserviceaccount.com" ] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] }
YAML Example
bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-other-app@appspot.gserviceaccount.com role: roles/owner - members: - user:sean@example.com role: roles/viewer
For a description of IAM and its features, see the IAM developer’s guide.
-
version
# Deprecated.
-
bindings
# Associates a list of
members
to arole
.bindings
with no members will result in an error.
-
etag
# etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of theetag
in the read-modify-write cycle to perform policy updates in order to avoid race conditions: Anetag
is returned in the response togetIamPolicy
, and systems are expected to put that etag in the request tosetIamPolicy
to ensure that their change will be applied to the same version of the policy. If noetag
is provided in the call tosetIamPolicy
, then the existing policy is overwritten blindly.
-
bindings
Field google.iam.v1.Policy.bindings
-
etag
Field google.iam.v1.Policy.etag
-
version
Field google.iam.v1.Policy.version
-
-
class
google.cloud.devtools.containeranalysis_v1.types.
PolicyDelta
# The difference delta between two policies.
-
binding_deltas
# The delta for Bindings between two policies.
-
audit_config_deltas
# The delta for AuditConfigs between two policies.
-
audit_config_deltas
Field google.iam.v1.PolicyDelta.audit_config_deltas
-
binding_deltas
Field google.iam.v1.PolicyDelta.binding_deltas
-
-
class
google.cloud.devtools.containeranalysis_v1.types.
SetIamPolicyRequest
# Request message for
SetIamPolicy
method.-
resource
# REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
-
policy
# REQUIRED: The complete policy to be applied to the
resource
. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.
-
policy
Field google.iam.v1.SetIamPolicyRequest.policy
-
resource
Field google.iam.v1.SetIamPolicyRequest.resource
-
-
class
google.cloud.devtools.containeranalysis_v1.types.
TestIamPermissionsRequest
# Request message for
TestIamPermissions
method.-
resource
# REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
-
permissions
# The set of permissions to check for the
resource
. Permissions with wildcards (such as ‘*’ or ’storage.*’) are not allowed. For more information see IAM Overview.
-
permissions
Field google.iam.v1.TestIamPermissionsRequest.permissions
-
resource
Field google.iam.v1.TestIamPermissionsRequest.resource
-