Google Git
Sign in
code / google-api-go-client / 2ab33c207318199ace1a47b541fe24c0b6e2b0b3 / . / accesscontextmanager / v1 / accesscontextmanager-api.json
blob: ae219479b74fe84a6e25e36baff8f750eaf02dcc [file] [log] [blame]
{
"auth": {
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
"description": "View and manage your data across Google Cloud Platform services"
}
}
}
},
"basePath": "",
"baseUrl": "https://accesscontextmanager.googleapis.com/",
"batchPath": "batch",
"canonicalName": "Access Context Manager",
"description": "An API for setting attribute based access control to requests to GCP services.",
"discoveryVersion": "v1",
"documentationLink": "https://cloud.google.com/access-context-manager/docs/reference/rest/",
"fullyEncodeReservedExpansion": true,
"icons": {
"x16": "http://www.google.com/images/icons/product/search-16.gif",
"x32": "http://www.google.com/images/icons/product/search-32.gif"
},
"id": "accesscontextmanager:v1",
"kind": "discovery#restDescription",
"mtlsRootUrl": "https://accesscontextmanager.mtls.googleapis.com/",
"name": "accesscontextmanager",
"ownerDomain": "google.com",
"ownerName": "Google",
"parameters": {
"$.xgafv": {
"description": "V1 error format.",
"enum": [
"1",
"2"
],
"enumDescriptions": [
"v1 error format",
"v2 error format"
],
"location": "query",
"type": "string"
},
"access_token": {
"description": "OAuth access token.",
"location": "query",
"type": "string"
},
"alt": {
"default": "json",
"description": "Data format for response.",
"enum": [
"json",
"media",
"proto"
],
"enumDescriptions": [
"Responses with Content-Type of application/json",
"Media download with context-dependent Content-Type",
"Responses with Content-Type of application/x-protobuf"
],
"location": "query",
"type": "string"
},
"callback": {
"description": "JSONP",
"location": "query",
"type": "string"
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"location": "query",
"type": "string"
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"location": "query",
"type": "string"
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"location": "query",
"type": "string"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
"location": "query",
"type": "boolean"
},
"quotaUser": {
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"location": "query",
"type": "string"
},
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"location": "query",
"type": "string"
},
"upload_protocol": {
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
"location": "query",
"type": "string"
}
},
"protocol": "rest",
"resources": {
"accessPolicies": {
"methods": {
"create": {
"description": "Create an `AccessPolicy`. Fails if this organization already has a\n`AccessPolicy`. The longrunning Operation will have a successful status\nonce the `AccessPolicy` has propagated to long-lasting storage.\nSyntactic and basic semantic errors will be returned in `metadata` as a\nBadRequest proto.",
"flatPath": "v1/accessPolicies",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.create",
"parameterOrder": [],
"parameters": {},
"path": "v1/accessPolicies",
"request": {
"$ref": "AccessPolicy"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"delete": {
"description": "Delete an AccessPolicy by resource\nname. The longrunning Operation will have a successful status once the\nAccessPolicy\nhas been removed from long-lasting storage.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}",
"httpMethod": "DELETE",
"id": "accesscontextmanager.accessPolicies.delete",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the access policy to delete.\n\nFormat `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Get an AccessPolicy by name.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the access policy to get.\n\nFormat `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "AccessPolicy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"list": {
"description": "List all AccessPolicies under a\ncontainer.",
"flatPath": "v1/accessPolicies",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.list",
"parameterOrder": [],
"parameters": {
"pageSize": {
"description": "Number of AccessPolicy instances to include in the list. Default 100.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Next page token for the next batch of AccessPolicy instances. Defaults to\nthe first page of results.",
"location": "query",
"type": "string"
},
"parent": {
"description": "Required. Resource name for the container to list AccessPolicy instances\nfrom.\n\nFormat:\n`organizations/{org_id}`",
"location": "query",
"type": "string"
}
},
"path": "v1/accessPolicies",
"response": {
"$ref": "ListAccessPoliciesResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"patch": {
"description": "Update an AccessPolicy. The\nlongrunning Operation from this RPC will have a successful status once the\nchanges to the AccessPolicy have propagated\nto long-lasting storage. Syntactic and basic semantic errors will be\nreturned in `metadata` as a BadRequest proto.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}",
"httpMethod": "PATCH",
"id": "accesscontextmanager.accessPolicies.patch",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
},
"updateMask": {
"description": "Required. Mask to control which fields get updated. Must be non-empty.",
"format": "google-fieldmask",
"location": "query",
"type": "string"
}
},
"path": "v1/{+name}",
"request": {
"$ref": "AccessPolicy"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
},
"resources": {
"accessLevels": {
"methods": {
"create": {
"description": "Create an Access Level. The longrunning\noperation from this RPC will have a successful status once the Access\nLevel has\npropagated to long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.accessLevels.create",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. Resource name for the access policy which owns this Access\nLevel.\n\nFormat: `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+parent}/accessLevels",
"request": {
"$ref": "AccessLevel"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"delete": {
"description": "Delete an Access Level by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Access Level has been removed\nfrom long-lasting storage.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
"httpMethod": "DELETE",
"id": "accesscontextmanager.accessPolicies.accessLevels.delete",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Get an Access Level by resource\nname.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.accessLevels.get",
"parameterOrder": [
"name"
],
"parameters": {
"accessLevelFormat": {
"description": "Whether to return `BasicLevels` in the Cloud Common Expression\nLanguage rather than as `BasicLevels`. Defaults to AS_DEFINED, where\nAccess Levels\nare returned as `BasicLevels` or `CustomLevels` based on how they were\ncreated. If set to CEL, all Access Levels are returned as\n`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent\n`CustomLevels`.",
"enum": [
"LEVEL_FORMAT_UNSPECIFIED",
"AS_DEFINED",
"CEL"
],
"location": "query",
"type": "string"
},
"name": {
"description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "AccessLevel"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"list": {
"description": "List all Access Levels for an access\npolicy.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.accessLevels.list",
"parameterOrder": [
"parent"
],
"parameters": {
"accessLevelFormat": {
"description": "Whether to return `BasicLevels` in the Cloud Common Expression language, as\n`CustomLevels`, rather than as `BasicLevels`. Defaults to returning\n`AccessLevels` in the format they were defined.",
"enum": [
"LEVEL_FORMAT_UNSPECIFIED",
"AS_DEFINED",
"CEL"
],
"location": "query",
"type": "string"
},
"pageSize": {
"description": "Number of Access Levels to include in\nthe list. Default 100.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Next page token for the next batch of Access Level instances.\nDefaults to the first page of results.",
"location": "query",
"type": "string"
},
"parent": {
"description": "Required. Resource name for the access policy to list Access Levels from.\n\nFormat:\n`accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+parent}/accessLevels",
"response": {
"$ref": "ListAccessLevelsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"patch": {
"description": "Update an Access Level. The longrunning\noperation from this RPC will have a successful status once the changes to\nthe Access Level have propagated\nto long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
"httpMethod": "PATCH",
"id": "accesscontextmanager.accessPolicies.accessLevels.patch",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
"required": true,
"type": "string"
},
"updateMask": {
"description": "Required. Mask to control which fields get updated. Must be non-empty.",
"format": "google-fieldmask",
"location": "query",
"type": "string"
}
},
"path": "v1/{+name}",
"request": {
"$ref": "AccessLevel"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"replaceAll": {
"description": "Replace all existing Access Levels in an Access\nPolicy with\nthe Access Levels provided. This\nis done within one transaction. The longrunning operation from this RPC\nwill have a successful status once all replacements have propagated to\nlong-lasting storage. Replacements containing errors will result in an\nerror response for the first error encountered and the transaction will be\ncancelled. Operation.response field will contain\nReplaceAccessLevelsResponse. Removing Access Levels contained in existing\nService Perimeters will result in\nerror.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels:replaceAll",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.accessLevels.replaceAll",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. Resource name for the access policy which owns these\nAccess Levels.\n\nFormat: `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+parent}/accessLevels:replaceAll",
"request": {
"$ref": "ReplaceAccessLevelsRequest"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
},
"servicePerimeters": {
"methods": {
"commit": {
"description": "Commit the dry-run spec for all the Service Perimeters in an\nAccess Policy.\nA commit operation on a Service Perimeter involves copying its `spec` field\nto that Service Perimeter's `status` field. Only Service Perimeters with\n`use_explicit_dry_run_spec` field set to true are affected by a commit\noperation. The longrunning operation from this RPC will have a successful\nstatus once the dry-run specs for all the Service Perimeters have been\ncommitted. If a commit fails, it will cause the longrunning operation to\nreturn an error response and the entire commit operation will be cancelled.\nWhen successful, Operation.response field will contain\nCommitServicePerimetersResponse. The `dry_run` and the `spec` fields will\nbe cleared after a successful commit operation.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters:commit",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.commit",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. Resource name for the parent Access Policy which owns all\nService Perimeters in scope for\nthe commit operation.\n\nFormat: `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+parent}/servicePerimeters:commit",
"request": {
"$ref": "CommitServicePerimetersRequest"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"create": {
"description": "Create an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nService Perimeter has\npropagated to long-lasting storage. Service Perimeters containing\nerrors will result in an error response for the first error encountered.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.create",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. Resource name for the access policy which owns this Service\nPerimeter.\n\nFormat: `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+parent}/servicePerimeters",
"request": {
"$ref": "ServicePerimeter"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"delete": {
"description": "Delete an Service Perimeter by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Service Perimeter has been\nremoved from long-lasting storage.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
"httpMethod": "DELETE",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.delete",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Get an Service Perimeter by resource\nname.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "ServicePerimeter"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"list": {
"description": "List all Service Perimeters for an\naccess policy.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.list",
"parameterOrder": [
"parent"
],
"parameters": {
"pageSize": {
"description": "Number of Service Perimeters to include\nin the list. Default 100.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Next page token for the next batch of Service Perimeter instances.\nDefaults to the first page of results.",
"location": "query",
"type": "string"
},
"parent": {
"description": "Required. Resource name for the access policy to list Service Perimeters from.\n\nFormat:\n`accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+parent}/servicePerimeters",
"response": {
"$ref": "ListServicePerimetersResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"patch": {
"description": "Update an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nchanges to the Service Perimeter have\npropagated to long-lasting storage. Service Perimeter containing\nerrors will result in an error response for the first error encountered.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
"httpMethod": "PATCH",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.patch",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the ServicePerimeter. The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
"required": true,
"type": "string"
},
"updateMask": {
"description": "Required. Mask to control which fields get updated. Must be non-empty.",
"format": "google-fieldmask",
"location": "query",
"type": "string"
}
},
"path": "v1/{+name}",
"request": {
"$ref": "ServicePerimeter"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"replaceAll": {
"description": "Replace all existing Service Perimeters in an\nAccess Policy\nwith the Service Perimeters provided.\nThis is done within one transaction. The longrunning operation from this\nRPC will have a successful status once all replacements have propagated to\nlong-lasting storage. Replacements containing errors will result in an\nerror response for the first error encountered and the transaction will be\ncancelled. Operation.response field will contain\nReplaceServicePerimetersResponse.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters:replaceAll",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.replaceAll",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. Resource name for the access policy which owns these\nService Perimeters.\n\nFormat: `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+parent}/servicePerimeters:replaceAll",
"request": {
"$ref": "ReplaceServicePerimetersRequest"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
}
},
"operations": {
"methods": {
"cancel": {
"description": "Starts asynchronous cancellation on a long-running operation. The server\nmakes a best effort to cancel the operation, but success is not\nguaranteed. If the server doesn't support this method, it returns\n`google.rpc.Code.UNIMPLEMENTED`. Clients can use\nOperations.GetOperation or\nother methods to check whether the cancellation succeeded or whether the\noperation completed despite cancellation. On successful cancellation,\nthe operation is not deleted; instead, it becomes an operation with\nan Operation.error value with a google.rpc.Status.code of 1,\ncorresponding to `Code.CANCELLED`.",
"flatPath": "v1/operations/{operationsId}:cancel",
"httpMethod": "POST",
"id": "accesscontextmanager.operations.cancel",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The name of the operation resource to be cancelled.",
"location": "path",
"pattern": "^operations/.*$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}:cancel",
"request": {
"$ref": "CancelOperationRequest"
},
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"delete": {
"description": "Deletes a long-running operation. This method indicates that the client is\nno longer interested in the operation result. It does not cancel the\noperation. If the server doesn't support this method, it returns\n`google.rpc.Code.UNIMPLEMENTED`.",
"flatPath": "v1/operations/{operationsId}",
"httpMethod": "DELETE",
"id": "accesscontextmanager.operations.delete",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The name of the operation resource to be deleted.",
"location": "path",
"pattern": "^operations/.*$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Gets the latest state of a long-running operation. Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice.",
"flatPath": "v1/operations/{operationsId}",
"httpMethod": "GET",
"id": "accesscontextmanager.operations.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The name of the operation resource.",
"location": "path",
"pattern": "^operations/.*$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"list": {
"description": "Lists operations that match the specified filter in the request. If the\nserver doesn't support this method, it returns `UNIMPLEMENTED`.\n\nNOTE: the `name` binding allows API services to override the binding\nto use different resource name schemes, such as `users/*/operations`. To\noverride the binding, API services can add a binding such as\n`\"/v1/{name=users/*}/operations\"` to their service configuration.\nFor backwards compatibility, the default name includes the operations\ncollection id, however overriding users must ensure the name binding\nis the parent resource, without the operations collection id.",
"flatPath": "v1/operations",
"httpMethod": "GET",
"id": "accesscontextmanager.operations.list",
"parameterOrder": [
"name"
],
"parameters": {
"filter": {
"description": "The standard list filter.",
"location": "query",
"type": "string"
},
"name": {
"description": "The name of the operation's parent resource.",
"location": "path",
"pattern": "^operations$",
"required": true,
"type": "string"
},
"pageSize": {
"description": "The standard list page size.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "The standard list page token.",
"location": "query",
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "ListOperationsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
},
"revision": "20200215",
"rootUrl": "https://accesscontextmanager.googleapis.com/",
"schemas": {
"AccessLevel": {
"description": "An `AccessLevel` is a label that can be applied to requests to Google Cloud\nservices, along with a list of requirements necessary for the label to be\napplied.",
"id": "AccessLevel",
"properties": {
"basic": {
"$ref": "BasicLevel",
"description": "A `BasicLevel` composed of `Conditions`."
},
"createTime": {
"description": "Output only. Time the `AccessLevel` was created in UTC.",
"format": "google-datetime",
"type": "string"
},
"custom": {
"$ref": "CustomLevel",
"description": "A `CustomLevel` written in the Common Expression Language."
},
"description": {
"description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
"type": "string"
},
"name": {
"description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
"type": "string"
},
"title": {
"description": "Human readable title. Must be unique within the Policy.",
"type": "string"
},
"updateTime": {
"description": "Output only. Time the `AccessLevel` was updated in UTC.",
"format": "google-datetime",
"type": "string"
}
},
"type": "object"
},
"AccessPolicy": {
"description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use Google Cloud services) and `ServicePerimeters` (which\ndefine regions of services able to freely pass data within a perimeter). An\naccess policy is globally visible within an organization, and the\nrestrictions it specifies apply to all projects within an organization.",
"id": "AccessPolicy",
"properties": {
"createTime": {
"description": "Output only. Time the `AccessPolicy` was created in UTC.",
"format": "google-datetime",
"type": "string"
},
"name": {
"description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
"type": "string"
},
"parent": {
"description": "Required. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`",
"type": "string"
},
"title": {
"description": "Required. Human readable title. Does not affect behavior.",
"type": "string"
},
"updateTime": {
"description": "Output only. Time the `AccessPolicy` was updated in UTC.",
"format": "google-datetime",
"type": "string"
}
},
"type": "object"
},
"BasicLevel": {
"description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
"id": "BasicLevel",
"properties": {
"combiningFunction": {
"description": "How the `conditions` list should be combined to determine if a request is\ngranted this `AccessLevel`. If AND is used, each `Condition` in\n`conditions` must be satisfied for the `AccessLevel` to be applied. If OR\nis used, at least one `Condition` in `conditions` must be satisfied for the\n`AccessLevel` to be applied. Default behavior is AND.",
"enum": [
"AND",
"OR"
],
"enumDescriptions": [
"All `Conditions` must be true for the `BasicLevel` to be true.",
"If at least one `Condition` is true, then the `BasicLevel` is true."
],
"type": "string"
},
"conditions": {
"description": "Required. A list of requirements for the `AccessLevel` to be granted.",
"items": {
"$ref": "Condition"
},
"type": "array"
}
},
"type": "object"
},
"CancelOperationRequest": {
"description": "The request message for Operations.CancelOperation.",
"id": "CancelOperationRequest",
"properties": {},
"type": "object"
},
"CommitServicePerimetersRequest": {
"description": "A request to commit dry-run specs in all Service Perimeters belonging to\nan Access Policy.",
"id": "CommitServicePerimetersRequest",
"properties": {
"etag": {
"description": "Optional. The etag for the version of the Access Policy that this\ncommit operation is to be performed on. If, at the time of commit, the\netag for the Access Policy stored in Access Context Manager is different\nfrom the specified etag, then the commit operation will not be performed\nand the call will fail. This field is not required. If etag is not\nprovided, the operation will be performed as if a valid etag is provided.",
"type": "string"
}
},
"type": "object"
},
"CommitServicePerimetersResponse": {
"description": "A response to CommitServicePerimetersRequest. This will be put inside of\nOperation.response field.",
"id": "CommitServicePerimetersResponse",
"properties": {
"servicePerimeters": {
"description": "List of all the Service Perimeter instances in\nthe Access Policy.",
"items": {
"$ref": "ServicePerimeter"
},
"type": "array"
}
},
"type": "object"
},
"Condition": {
"description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
"id": "Condition",
"properties": {
"devicePolicy": {
"$ref": "DevicePolicy",
"description": "Device specific restrictions, all restrictions must hold for the\nCondition to be true. If not specified, all devices are allowed."
},
"ipSubnetworks": {
"description": "CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for\na CIDR IP address block, the specified IP address portion must be properly\ntruncated (i.e. all the host bits must be zero) or the input is considered\nmalformed. For example, \"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is\nnot. Similarly, for IPv6, \"2001:db8::/32\" is accepted whereas\n\"2001:db8::1/32\" is not. The originating IP of a request must be in one of\nthe listed subnets in order for this Condition to be true. If empty, all IP\naddresses are allowed.",
"items": {
"type": "string"
},
"type": "array"
},
"members": {
"description": "The request must be made by one of the provided user or service\naccounts. Groups are not supported.\nSyntax:\n`user:{emailid}`\n`serviceAccount:{emailid}`\nIf not specified, a request may come from any user.",
"items": {
"type": "string"
},
"type": "array"
},
"negate": {
"description": "Whether to negate the Condition. If true, the Condition becomes a NAND over\nits non-empty fields, each field must be false for the Condition overall to\nbe satisfied. Defaults to false.",
"type": "boolean"
},
"regions": {
"description": "The request must originate from one of the provided countries/regions.\nMust be valid ISO 3166-1 alpha-2 codes.",
"items": {
"type": "string"
},
"type": "array"
},
"requiredAccessLevels": {
"description": "A list of other access levels defined in the same `Policy`, referenced by\nresource name. Referencing an `AccessLevel` which does not exist is an\nerror. All access levels listed must be granted for the Condition\nto be true. Example:\n\"`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME\"`",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"CustomLevel": {
"description": "`CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language\nto represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec",
"id": "CustomLevel",
"properties": {
"expr": {
"$ref": "Expr",
"description": "Required. A Cloud CEL expression evaluating to a boolean."
}
},
"type": "object"
},
"DevicePolicy": {
"description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
"id": "DevicePolicy",
"properties": {
"allowedDeviceManagementLevels": {
"description": "Allowed device management levels, an empty list allows all management\nlevels.",
"enumDescriptions": [
"The device's management level is not specified or not known.",
"The device is not managed.",
"Basic management is enabled, which is generally limited to monitoring and\nwiping the corporate account.",
"Complete device management. This includes more thorough monitoring and the\nability to directly manage the device (such as remote wiping). This can be\nenabled through the Android Enterprise Platform."
],
"items": {
"enum": [
"MANAGEMENT_UNSPECIFIED",
"NONE",
"BASIC",
"COMPLETE"
],
"type": "string"
},
"type": "array"
},
"allowedEncryptionStatuses": {
"description": "Allowed encryptions statuses, an empty list allows all statuses.",
"enumDescriptions": [
"The encryption status of the device is not specified or not known.",
"The device does not support encryption.",
"The device supports encryption, but is currently unencrypted.",
"The device is encrypted."
],
"items": {
"enum": [
"ENCRYPTION_UNSPECIFIED",
"ENCRYPTION_UNSUPPORTED",
"UNENCRYPTED",
"ENCRYPTED"
],
"type": "string"
},
"type": "array"
},
"osConstraints": {
"description": "Allowed OS versions, an empty list allows all types and all versions.",
"items": {
"$ref": "OsConstraint"
},
"type": "array"
},
"requireAdminApproval": {
"description": "Whether the device needs to be approved by the customer admin.",
"type": "boolean"
},
"requireCorpOwned": {
"description": "Whether the device needs to be corp owned.",
"type": "boolean"
},
"requireScreenlock": {
"description": "Whether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`.",
"type": "boolean"
}
},
"type": "object"
},
"Empty": {
"description": "A generic empty message that you can re-use to avoid defining duplicated\nempty messages in your APIs. A typical example is to use it as the request\nor the response type of an API method. For instance:\n\n service Foo {\n rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n }\n\nThe JSON representation for `Empty` is empty JSON object `{}`.",
"id": "Empty",
"properties": {},
"type": "object"
},
"Expr": {
"description": "Represents a textual expression in the Common Expression Language (CEL)\nsyntax. CEL is a C-like expression language. The syntax and semantics of CEL\nare documented at https://github.com/google/cel-spec.\n\nExample (Comparison):\n\n title: \"Summary size limit\"\n description: \"Determines if a summary is less than 100 chars\"\n expression: \"document.summary.size() \u003c 100\"\n\nExample (Equality):\n\n title: \"Requestor is owner\"\n description: \"Determines if requestor is the document owner\"\n expression: \"document.owner == request.auth.claims.email\"\n\nExample (Logic):\n\n title: \"Public documents\"\n description: \"Determine whether the document should be publicly visible\"\n expression: \"document.type != 'private' \u0026\u0026 document.type != 'internal'\"\n\nExample (Data Manipulation):\n\n title: \"Notification string\"\n description: \"Create a notification string with a timestamp.\"\n expression: \"'New message received at ' + string(document.create_time)\"\n\nThe exact variables and functions that may be referenced within an expression\nare determined by the service that evaluates it. See the service\ndocumentation for additional information.",
"id": "Expr",
"properties": {
"description": {
"description": "Optional. Description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"type": "string"
},
"expression": {
"description": "Textual representation of an expression in Common Expression Language\nsyntax.",
"type": "string"
},
"location": {
"description": "Optional. String indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"type": "string"
},
"title": {
"description": "Optional. Title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"type": "string"
}
},
"type": "object"
},
"ListAccessLevelsResponse": {
"description": "A response to `ListAccessLevelsRequest`.",
"id": "ListAccessLevelsResponse",
"properties": {
"accessLevels": {
"description": "List of the Access Level instances.",
"items": {
"$ref": "AccessLevel"
},
"type": "array"
},
"nextPageToken": {
"description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
"type": "string"
}
},
"type": "object"
},
"ListAccessPoliciesResponse": {
"description": "A response to `ListAccessPoliciesRequest`.",
"id": "ListAccessPoliciesResponse",
"properties": {
"accessPolicies": {
"description": "List of the AccessPolicy instances.",
"items": {
"$ref": "AccessPolicy"
},
"type": "array"
},
"nextPageToken": {
"description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
"type": "string"
}
},
"type": "object"
},
"ListOperationsResponse": {
"description": "The response message for Operations.ListOperations.",
"id": "ListOperationsResponse",
"properties": {
"nextPageToken": {
"description": "The standard List next-page token.",
"type": "string"
},
"operations": {
"description": "A list of operations that matches the specified filter in the request.",
"items": {
"$ref": "Operation"
},
"type": "array"
}
},
"type": "object"
},
"ListServicePerimetersResponse": {
"description": "A response to `ListServicePerimetersRequest`.",
"id": "ListServicePerimetersResponse",
"properties": {
"nextPageToken": {
"description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
"type": "string"
},
"servicePerimeters": {
"description": "List of the Service Perimeter instances.",
"items": {
"$ref": "ServicePerimeter"
},
"type": "array"
}
},
"type": "object"
},
"Operation": {
"description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
"id": "Operation",
"properties": {
"done": {
"description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
"type": "boolean"
},
"error": {
"$ref": "Status",
"description": "The error result of the operation in case of failure or cancellation."
},
"metadata": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "Service-specific metadata associated with the operation. It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata. Any method that returns a\nlong-running operation should document the metadata type, if any.",
"type": "object"
},
"name": {
"description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should be a resource name ending with `operations/{unique_id}`.",
"type": "string"
},
"response": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "The normal response of the operation in case of success. If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`. If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource. For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name. For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
"type": "object"
}
},
"type": "object"
},
"OsConstraint": {
"description": "A restriction on the OS type and version of devices making requests.",
"id": "OsConstraint",
"properties": {
"minimumVersion": {
"description": "The minimum allowed OS version. If not set, any version of this OS\nsatisfies the constraint. Format: `\"major.minor.patch\"`.\nExamples: `\"10.5.301\"`, `\"9.2.1\"`.",
"type": "string"
},
"osType": {
"description": "Required. The allowed OS type.",
"enum": [
"OS_UNSPECIFIED",
"DESKTOP_MAC",
"DESKTOP_WINDOWS",
"DESKTOP_LINUX",
"DESKTOP_CHROME_OS",
"ANDROID",
"IOS"
],
"enumDescriptions": [
"The operating system of the device is not specified or not known.",
"A desktop Mac operating system.",
"A desktop Windows operating system.",
"A desktop Linux operating system.",
"A desktop ChromeOS operating system.",
"An Android operating system.",
"An iOS operating system."
],
"type": "string"
},
"requireVerifiedChromeOs": {
"description": "Only allows requests from devices with a verified Chrome OS.\nVerifications includes requirements that the device is enterprise-managed,\nconformant to domain policies, and the caller has permission to call\nthe API targeted by the request.",
"type": "boolean"
}
},
"type": "object"
},
"ReplaceAccessLevelsRequest": {
"description": "A request to replace all existing Access Levels in an Access Policy with\nthe Access Levels provided. This is done within one transaction.",
"id": "ReplaceAccessLevelsRequest",
"properties": {
"accessLevels": {
"description": "Required. The desired Access Levels that should\nreplace all existing Access Levels in the\nAccess Policy.",
"items": {
"$ref": "AccessLevel"
},
"type": "array"
},
"etag": {
"description": "Optional. The etag for the version of the Access Policy that this\nreplace operation is to be performed on. If, at the time of replace, the\netag for the Access Policy stored in Access Context Manager is different\nfrom the specified etag, then the replace operation will not be performed\nand the call will fail. This field is not required. If etag is not\nprovided, the operation will be performed as if a valid etag is provided.",
"type": "string"
}
},
"type": "object"
},
"ReplaceAccessLevelsResponse": {
"description": "A response to ReplaceAccessLevelsRequest. This will be put inside of\nOperation.response field.",
"id": "ReplaceAccessLevelsResponse",
"properties": {
"accessLevels": {
"description": "List of the Access Level instances.",
"items": {
"$ref": "AccessLevel"
},
"type": "array"
}
},
"type": "object"
},
"ReplaceServicePerimetersRequest": {
"description": "A request to replace all existing Service Perimeters in an Access Policy\nwith the Service Perimeters provided. This is done within one transaction.",
"id": "ReplaceServicePerimetersRequest",
"properties": {
"etag": {
"description": "Optional. The etag for the version of the Access Policy that this\nreplace operation is to be performed on. If, at the time of replace, the\netag for the Access Policy stored in Access Context Manager is different\nfrom the specified etag, then the replace operation will not be performed\nand the call will fail. This field is not required. If etag is not\nprovided, the operation will be performed as if a valid etag is provided.",
"type": "string"
},
"servicePerimeters": {
"description": "Required. The desired Service Perimeters that should\nreplace all existing Service Perimeters in the\nAccess Policy.",
"items": {
"$ref": "ServicePerimeter"
},
"type": "array"
}
},
"type": "object"
},
"ReplaceServicePerimetersResponse": {
"description": "A response to ReplaceServicePerimetersRequest. This will be put inside of\nOperation.response field.",
"id": "ReplaceServicePerimetersResponse",
"properties": {
"servicePerimeters": {
"description": "List of the Service Perimeter instances.",
"items": {
"$ref": "ServicePerimeter"
},
"type": "array"
}
},
"type": "object"
},
"ServicePerimeter": {
"description": "`ServicePerimeter` describes a set of Google Cloud resources which can freely\nimport and export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single\nGoogle Cloud project can only belong to a single regular Service Perimeter.\nService Perimeter Bridges can contain only Google Cloud projects as members,\na single Google Cloud project may belong to multiple Service Perimeter\nBridges.",
"id": "ServicePerimeter",
"properties": {
"createTime": {
"description": "Output only. Time the `ServicePerimeter` was created in UTC.",
"format": "google-datetime",
"type": "string"
},
"description": {
"description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
"type": "string"
},
"name": {
"description": "Required. Resource name for the ServicePerimeter. The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
"type": "string"
},
"perimeterType": {
"description": "Perimeter type indicator. A single project is\nallowed to be a member of single regular perimeter, but multiple service\nperimeter bridges. A project cannot be a included in a perimeter bridge\nwithout being included in regular perimeter. For perimeter bridges,\nthe restricted service list as well as access level lists must be\nempty.",
"enum": [
"PERIMETER_TYPE_REGULAR",
"PERIMETER_TYPE_BRIDGE"
],
"enumDescriptions": [
"Regular Perimeter.",
"Perimeter Bridge."
],
"type": "string"
},
"spec": {
"$ref": "ServicePerimeterConfig",
"description": "Proposed (or dry run) ServicePerimeter configuration. This configuration\nallows to specify and test ServicePerimeter configuration without enforcing\nactual access restrictions. Only allowed to be set when the\n\"use_explicit_dry_run_spec\" flag is set."
},
"status": {
"$ref": "ServicePerimeterConfig",
"description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine perimeter\ncontent and boundaries."
},
"title": {
"description": "Human readable title. Must be unique within the Policy.",
"type": "string"
},
"updateTime": {
"description": "Output only. Time the `ServicePerimeter` was updated in UTC.",
"format": "google-datetime",
"type": "string"
},
"useExplicitDryRunSpec": {
"description": "Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly\nexists for all Service Perimeters, and that spec is identical to the\nstatus for those Service Perimeters. When this flag is set, it inhibits the\ngeneration of the implicit spec, thereby allowing the user to explicitly\nprovide a configuration (\"spec\") to use in a dry-run version of the Service\nPerimeter. This allows the user to test changes to the enforced config\n(\"status\") without actually enforcing them. This testing is done through\nanalyzing the differences between currently enforced and suggested\nrestrictions. use_explicit_dry_run_spec must bet set to True if any of the\nfields in the spec are set to non-default values.",
"type": "boolean"
}
},
"type": "object"
},
"ServicePerimeterConfig": {
"description": "`ServicePerimeterConfig` specifies a set of Google Cloud resources that\ndescribe specific Service Perimeter configuration.",
"id": "ServicePerimeterConfig",
"properties": {
"accessLevels": {
"description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via Google\nCloud calls with request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
"items": {
"type": "string"
},
"type": "array"
},
"resources": {
"description": "A list of Google Cloud resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
"items": {
"type": "string"
},
"type": "array"
},
"restrictedServices": {
"description": "Google Cloud services that are subject to the Service Perimeter\nrestrictions. For example, if `storage.googleapis.com` is specified, access\nto the storage buckets inside the perimeter must meet the perimeter's\naccess restrictions.",
"items": {
"type": "string"
},
"type": "array"
},
"vpcAccessibleServices": {
"$ref": "VpcAccessibleServices",
"description": "Configuration for within Perimeter allowed APIs."
}
},
"type": "object"
},
"Status": {
"description": "The `Status` type defines a logical error model that is suitable for\ndifferent programming environments, including REST APIs and RPC APIs. It is\nused by [gRPC](https://github.com/grpc). Each `Status` message contains\nthree pieces of data: error code, error message, and error details.\n\nYou can find out more about this error model and how to work with it in the\n[API Design Guide](https://cloud.google.com/apis/design/errors).",
"id": "Status",
"properties": {
"code": {
"description": "The status code, which should be an enum value of google.rpc.Code.",
"format": "int32",
"type": "integer"
},
"details": {
"description": "A list of messages that carry the error details. There is a common set of\nmessage types for APIs to use.",
"items": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"type": "object"
},
"type": "array"
},
"message": {
"description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
"type": "string"
}
},
"type": "object"
},
"VpcAccessibleServices": {
"description": "Specifies how APIs are allowed to communicate within the Service\nPerimeter.",
"id": "VpcAccessibleServices",
"properties": {
"allowedServices": {
"description": "The list of APIs usable within the Service Perimeter. Must be empty\nunless 'enable_restriction' is True.",
"items": {
"type": "string"
},
"type": "array"
},
"enableRestriction": {
"description": "Whether to restrict API calls within the Service Perimeter to the list of\nAPIs specified in 'allowed_services'.",
"type": "boolean"
}
},
"type": "object"
}
},
"servicePath": "",
"title": "Access Context Manager API",
"version": "v1",
"version_module": true
}