Google Git
Sign in
code / google-api-go-client / 54e5bea00225738f79be36b8f8b106f75e83b24a / . / cloudresourcemanager / v1beta1 / cloudresourcemanager-api.json
blob: 3702eaacb8ec739ac3b7fcdb00be70e31dc82577 [file] [log] [blame]
{
"auth": {
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
"description": "View and manage your data across Google Cloud Platform services"
},
"https://www.googleapis.com/auth/cloud-platform.read-only": {
"description": "View your data across Google Cloud Platform services"
}
}
}
},
"basePath": "",
"baseUrl": "https://cloudresourcemanager.googleapis.com/",
"batchPath": "batch",
"canonicalName": "Cloud Resource Manager",
"description": "Creates, reads, and updates metadata for Google Cloud Platform resource containers.",
"discoveryVersion": "v1",
"documentationLink": "https://cloud.google.com/resource-manager",
"fullyEncodeReservedExpansion": true,
"icons": {
"x16": "http://www.google.com/images/icons/product/search-16.gif",
"x32": "http://www.google.com/images/icons/product/search-32.gif"
},
"id": "cloudresourcemanager:v1beta1",
"kind": "discovery#restDescription",
"name": "cloudresourcemanager",
"ownerDomain": "google.com",
"ownerName": "Google",
"parameters": {
"$.xgafv": {
"description": "V1 error format.",
"enum": [
"1",
"2"
],
"enumDescriptions": [
"v1 error format",
"v2 error format"
],
"location": "query",
"type": "string"
},
"access_token": {
"description": "OAuth access token.",
"location": "query",
"type": "string"
},
"alt": {
"default": "json",
"description": "Data format for response.",
"enum": [
"json",
"media",
"proto"
],
"enumDescriptions": [
"Responses with Content-Type of application/json",
"Media download with context-dependent Content-Type",
"Responses with Content-Type of application/x-protobuf"
],
"location": "query",
"type": "string"
},
"callback": {
"description": "JSONP",
"location": "query",
"type": "string"
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"location": "query",
"type": "string"
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"location": "query",
"type": "string"
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"location": "query",
"type": "string"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
"location": "query",
"type": "boolean"
},
"quotaUser": {
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"location": "query",
"type": "string"
},
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"location": "query",
"type": "string"
},
"upload_protocol": {
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
"location": "query",
"type": "string"
}
},
"protocol": "rest",
"resources": {
"organizations": {
"methods": {
"get": {
"description": "Fetches an Organization resource identified by the specified resource name.",
"flatPath": "v1beta1/organizations/{organizationsId}",
"httpMethod": "GET",
"id": "cloudresourcemanager.organizations.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The resource name of the Organization to fetch. This is the organization's\nrelative path in the API, formatted as \"organizations/[organizationId]\".\nFor example, \"organizations/1234\".",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
},
"organizationId": {
"description": "The id of the Organization resource to fetch.\nThis field is deprecated and will be removed in v1. Use name instead.",
"location": "query",
"type": "string"
}
},
"path": "v1beta1/{+name}",
"response": {
"$ref": "Organization"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"getIamPolicy": {
"description": "Gets the access control policy for an Organization resource. May be empty\nif no such policy or resource exists. The `resource` field should be the\norganization's resource name, e.g. \"organizations/123\".",
"flatPath": "v1beta1/organizations/{organizationsId}:getIamPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.organizations.getIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+resource}:getIamPolicy",
"request": {
"$ref": "GetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"list": {
"description": "Lists Organization resources that are visible to the user and satisfy\nthe specified filter. This method returns Organizations in an unspecified\norder. New Organizations do not necessarily appear at the end of the list.",
"flatPath": "v1beta1/organizations",
"httpMethod": "GET",
"id": "cloudresourcemanager.organizations.list",
"parameterOrder": [],
"parameters": {
"filter": {
"description": "An optional query string used to filter the Organizations to return in\nthe response. Filter rules are case-insensitive.\n\n\nOrganizations may be filtered by `owner.directoryCustomerId` or by\n`domain`, where the domain is a G Suite domain, for example:\n\n* Filter `owner.directorycustomerid:123456789` returns Organization\nresources with `owner.directory_customer_id` equal to `123456789`.\n* Filter `domain:google.com` returns Organization resources corresponding\nto the domain `google.com`.\n\nThis field is optional.",
"location": "query",
"type": "string"
},
"pageSize": {
"description": "The maximum number of Organizations to return in the response.\nThis field is optional.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "A pagination token returned from a previous call to `ListOrganizations`\nthat indicates from where listing should continue.\nThis field is optional.",
"location": "query",
"type": "string"
}
},
"path": "v1beta1/organizations",
"response": {
"$ref": "ListOrganizationsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"setIamPolicy": {
"description": "Sets the access control policy on an Organization resource. Replaces any\nexisting policy. The `resource` field should be the organization's resource\nname, e.g. \"organizations/123\".",
"flatPath": "v1beta1/organizations/{organizationsId}:setIamPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.organizations.setIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+resource}:setIamPolicy",
"request": {
"$ref": "SetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified Organization.\nThe `resource` field should be the organization's resource name,\ne.g. \"organizations/123\".",
"flatPath": "v1beta1/organizations/{organizationsId}:testIamPermissions",
"httpMethod": "POST",
"id": "cloudresourcemanager.organizations.testIamPermissions",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+resource}:testIamPermissions",
"request": {
"$ref": "TestIamPermissionsRequest"
},
"response": {
"$ref": "TestIamPermissionsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"update": {
"description": "Updates an Organization resource identified by the specified resource name.",
"flatPath": "v1beta1/organizations/{organizationsId}",
"httpMethod": "PUT",
"id": "cloudresourcemanager.organizations.update",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Output only. The resource name of the organization. This is the\norganization's relative path in the API. Its format is\n\"organizations/[organization_id]\". For example, \"organizations/1234\".",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+name}",
"request": {
"$ref": "Organization"
},
"response": {
"$ref": "Organization"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
},
"projects": {
"methods": {
"create": {
"description": "Creates a Project resource.\n\nInitially, the Project resource is owned by its creator exclusively.\nThe creator can later grant permission to others to read or update the\nProject.\n\nSeveral APIs are activated automatically for the Project, including\nGoogle Cloud Storage. The parent is identified by a specified\nResourceId, which must include both an ID and a type, such as\nproject, folder, or organization.\n\nThis method does not associate the new project with a billing account.\nYou can set or update the billing account associated with a project using\nthe [`projects.updateBillingInfo`]\n(/billing/reference/rest/v1/projects/updateBillingInfo) method.",
"flatPath": "v1beta1/projects",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.create",
"parameterOrder": [],
"parameters": {
"useLegacyStack": {
"description": "A safety hatch to opt out of the new reliable project creation process.",
"location": "query",
"type": "boolean"
}
},
"path": "v1beta1/projects",
"request": {
"$ref": "Project"
},
"response": {
"$ref": "Project"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"delete": {
"description": "Marks the Project identified by the specified\n`project_id` (for example, `my-project-123`) for deletion.\nThis method will only affect the Project if it has a lifecycle state of\nACTIVE.\n\nThis method changes the Project's lifecycle state from\nACTIVE\nto DELETE_REQUESTED.\nThe deletion starts at an unspecified time, at which point the project is\nno longer accessible.\n\nUntil the deletion completes, you can check the lifecycle state\nchecked by retrieving the Project with GetProject,\nand the Project remains visible to ListProjects.\nHowever, you cannot update the project.\n\nAfter the deletion completes, the Project is not retrievable by\nthe GetProject\nand ListProjects\nmethods.\n\nThe caller must have modify permissions for this Project.",
"flatPath": "v1beta1/projects/{projectId}",
"httpMethod": "DELETE",
"id": "cloudresourcemanager.projects.delete",
"parameterOrder": [
"projectId"
],
"parameters": {
"projectId": {
"description": "The Project ID (for example, `foo-bar-123`).\n\nRequired.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1beta1/projects/{projectId}",
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Retrieves the Project identified by the specified\n`project_id` (for example, `my-project-123`).\n\nThe caller must have read permissions for this Project.",
"flatPath": "v1beta1/projects/{projectId}",
"httpMethod": "GET",
"id": "cloudresourcemanager.projects.get",
"parameterOrder": [
"projectId"
],
"parameters": {
"projectId": {
"description": "The Project ID (for example, `my-project-123`).\n\nRequired.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1beta1/projects/{projectId}",
"response": {
"$ref": "Project"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"getAncestry": {
"description": "Gets a list of ancestors in the resource hierarchy for the Project\nidentified by the specified `project_id` (for example, `my-project-123`).\n\nThe caller must have read permissions for this Project.",
"flatPath": "v1beta1/projects/{projectId}:getAncestry",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.getAncestry",
"parameterOrder": [
"projectId"
],
"parameters": {
"projectId": {
"description": "The Project ID (for example, `my-project-123`).\n\nRequired.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1beta1/projects/{projectId}:getAncestry",
"request": {
"$ref": "GetAncestryRequest"
},
"response": {
"$ref": "GetAncestryResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"getIamPolicy": {
"description": "Returns the IAM access control policy for the specified Project.\nPermission is denied if the policy or the resource does not exist.\n\nFor additional information about resource structure and identification,\nsee [Resource Names](/apis/design/resource_names).",
"flatPath": "v1beta1/projects/{resource}:getIamPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.getIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1beta1/projects/{resource}:getIamPolicy",
"request": {
"$ref": "GetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"list": {
"description": "Lists Projects that the caller has the `resourcemanager.projects.get`\npermission on and satisfy the specified filter.\n\nThis method returns Projects in an unspecified order.\nThis method is eventually consistent with project mutations; this means\nthat a newly created project may not appear in the results or recent\nupdates to an existing project may not be reflected in the results. To\nretrieve the latest state of a project, use the\nGetProject method.\n\nNOTE: If the request filter contains a `parent.type` and `parent.id` and\nthe caller has the `resourcemanager.projects.list` permission on the\nparent, the results will be drawn from an alternate index which provides\nmore consistent results. In future versions of this API, this List method\nwill be split into List and Search to properly capture the behavorial\ndifference.",
"flatPath": "v1beta1/projects",
"httpMethod": "GET",
"id": "cloudresourcemanager.projects.list",
"parameterOrder": [],
"parameters": {
"filter": {
"description": "An expression for filtering the results of the request. Filter rules are\ncase insensitive. The fields eligible for filtering are:\n\n+ `name`\n+ `id`\n+ `labels.\u003ckey\u003e` (where *key* is the name of a label)\n+ `parent.type`\n+ `parent.id`\n\nSome examples of using labels as filters:\n\n| Filter | Description |\n|------------------|-----------------------------------------------------|\n| name:how* | The project's name starts with \"how\". |\n| name:Howl | The project's name is `Howl` or `howl`. |\n| name:HOWL | Equivalent to above. |\n| NAME:howl | Equivalent to above. |\n| labels.color:* | The project has the label `color`. |\n| labels.color:red | The project's label `color` has the value `red`. |\n| labels.color:red\u0026nbsp;labels.size:big |The project's label `color` has\n the value `red` and its label `size` has the value `big`. |\n\nIf no filter is specified, the call will return projects for which the user\nhas the `resourcemanager.projects.get` permission.\n\nNOTE: To perform a by-parent query (eg., what projects are directly in a\nFolder), the caller must have the `resourcemanager.projects.list`\npermission on the parent and the filter must contain both a `parent.type`\nand a `parent.id` restriction\n(example: \"parent.type:folder parent.id:123\"). In this case an alternate\nsearch index is used which provides more consistent results.\n\nOptional.",
"location": "query",
"type": "string"
},
"pageSize": {
"description": "The maximum number of Projects to return in the response.\nThe server can return fewer Projects than requested.\nIf unspecified, server picks an appropriate default.\n\nOptional.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "A pagination token returned from a previous call to ListProjects\nthat indicates from where listing should continue.\n\nOptional.",
"location": "query",
"type": "string"
}
},
"path": "v1beta1/projects",
"response": {
"$ref": "ListProjectsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"setIamPolicy": {
"description": "Sets the IAM access control policy for the specified Project. Overwrites\nany existing policy.\n\nThe following constraints apply when using `setIamPolicy()`:\n\n+ Project does not support `allUsers` and `allAuthenticatedUsers` as\n`members` in a `Binding` of a `Policy`.\n\n+ The owner role can be granted to a `user`, `serviceAccount`, or a group\nthat is part of an organization. For example,\ngroup@myownpersonaldomain.com could be added as an owner to a project in\nthe myownpersonaldomain.com organization, but not the examplepetstore.com\norganization.\n\n+ Service accounts can be made owners of a project directly\nwithout any restrictions. However, to be added as an owner, a user must be\ninvited via Cloud Platform console and must accept the invitation.\n\n+ A user cannot be granted the owner role using `setIamPolicy()`. The user\nmust be granted the owner role using the Cloud Platform Console and must\nexplicitly accept the invitation.\n\n+ Invitations to grant the owner role cannot be sent using\n`setIamPolicy()`; they must be sent only using the Cloud Platform Console.\n\n+ Membership changes that leave the project without any owners that have\naccepted the Terms of Service (ToS) will be rejected.\n\n+ If the project is not part of an organization, there must be at least\none owner who has accepted the Terms of Service (ToS) agreement in the\npolicy. Calling `setIamPolicy()` to remove the last ToS-accepted owner\nfrom the policy will fail. This restriction also applies to legacy\nprojects that no longer have owners who have accepted the ToS. Edits to\nIAM policies will be rejected until the lack of a ToS-accepting owner is\nrectified.\n\n+ This method will replace the existing policy, and cannot be used to\nappend additional IAM settings.\n\nNote: Removing service accounts from policies or changing their roles\ncan render services completely inoperable. It is important to understand\nhow the service account is being used before removing or updating its\nroles.",
"flatPath": "v1beta1/projects/{resource}:setIamPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.setIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1beta1/projects/{resource}:setIamPolicy",
"request": {
"$ref": "SetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified Project.",
"flatPath": "v1beta1/projects/{resource}:testIamPermissions",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.testIamPermissions",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1beta1/projects/{resource}:testIamPermissions",
"request": {
"$ref": "TestIamPermissionsRequest"
},
"response": {
"$ref": "TestIamPermissionsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"undelete": {
"description": "Restores the Project identified by the specified\n`project_id` (for example, `my-project-123`).\nYou can only use this method for a Project that has a lifecycle state of\nDELETE_REQUESTED.\nAfter deletion starts, the Project cannot be restored.\n\nThe caller must have modify permissions for this Project.",
"flatPath": "v1beta1/projects/{projectId}:undelete",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.undelete",
"parameterOrder": [
"projectId"
],
"parameters": {
"projectId": {
"description": "The project ID (for example, `foo-bar-123`).\n\nRequired.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1beta1/projects/{projectId}:undelete",
"request": {
"$ref": "UndeleteProjectRequest"
},
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"update": {
"description": "Updates the attributes of the Project identified by the specified\n`project_id` (for example, `my-project-123`).\n\nThe caller must have modify permissions for this Project.",
"flatPath": "v1beta1/projects/{projectId}",
"httpMethod": "PUT",
"id": "cloudresourcemanager.projects.update",
"parameterOrder": [
"projectId"
],
"parameters": {
"projectId": {
"description": "The project ID (for example, `my-project-123`).\n\nRequired.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1beta1/projects/{projectId}",
"request": {
"$ref": "Project"
},
"response": {
"$ref": "Project"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
},
"revision": "20191115",
"rootUrl": "https://cloudresourcemanager.googleapis.com/",
"schemas": {
"Ancestor": {
"description": "Identifying information for a single ancestor of a project.",
"id": "Ancestor",
"properties": {
"resourceId": {
"$ref": "ResourceId",
"description": "Resource id of the ancestor."
}
},
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
"description": "The configuration for logging of each type of permission.",
"items": {
"$ref": "AuditLogConfig"
},
"type": "array"
},
"service": {
"description": "Specifies a service that will be enabled for audit logging.\nFor example, `storage.googleapis.com`, `cloudsql.googleapis.com`.\n`allServices` is a special value that covers all services.",
"type": "string"
}
},
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
"description": "Specifies the identities that do not cause logging for this type of\npermission.\nFollows the same format of Binding.members.",
"items": {
"type": "string"
},
"type": "array"
},
"logType": {
"description": "The log type that this config enables.",
"enum": [
"LOG_TYPE_UNSPECIFIED",
"ADMIN_READ",
"DATA_WRITE",
"DATA_READ"
],
"enumDescriptions": [
"Default case. Should never be this.",
"Admin reads. Example: CloudIAM getIamPolicy",
"Data writes. Example: CloudSQL Users create",
"Data reads. Example: CloudSQL Users list"
],
"type": "string"
}
},
"type": "object"
},
"Binding": {
"description": "Associates `members` with a `role`.",
"id": "Binding",
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
"items": {
"type": "string"
},
"type": "array"
},
"role": {
"description": "Role that is assigned to `members`.\nFor example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
"type": "string"
}
},
"type": "object"
},
"Empty": {
"description": "A generic empty message that you can re-use to avoid defining duplicated\nempty messages in your APIs. A typical example is to use it as the request\nor the response type of an API method. For instance:\n\n service Foo {\n rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n }\n\nThe JSON representation for `Empty` is empty JSON object `{}`.",
"id": "Empty",
"properties": {},
"type": "object"
},
"Expr": {
"description": "Represents an expression text. Example:\n\n title: \"User account presence\"\n description: \"Determines whether the request has a user account\"\n expression: \"size(request.user) \u003e 0\"",
"id": "Expr",
"properties": {
"description": {
"description": "An optional description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"type": "string"
},
"expression": {
"description": "Textual representation of an expression in\nCommon Expression Language syntax.\n\nThe application context of the containing message determines which\nwell-known feature set of CEL is supported.",
"type": "string"
},
"location": {
"description": "An optional string indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"type": "string"
},
"title": {
"description": "An optional title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"type": "string"
}
},
"type": "object"
},
"FolderOperation": {
"description": "Metadata describing a long running folder operation",
"id": "FolderOperation",
"properties": {
"destinationParent": {
"description": "The resource name of the folder or organization we are either creating\nthe folder under or moving the folder to.",
"type": "string"
},
"displayName": {
"description": "The display name of the folder.",
"type": "string"
},
"operationType": {
"description": "The type of this operation.",
"enum": [
"OPERATION_TYPE_UNSPECIFIED",
"CREATE",
"MOVE"
],
"enumDescriptions": [
"Operation type not specified.",
"A create folder operation.",
"A move folder operation."
],
"type": "string"
},
"sourceParent": {
"description": "The resource name of the folder's parent.\nOnly applicable when the operation_type is MOVE.",
"type": "string"
}
},
"type": "object"
},
"FolderOperationError": {
"description": "A classification of the Folder Operation error.",
"id": "FolderOperationError",
"properties": {
"errorMessageId": {
"description": "The type of operation error experienced.",
"enum": [
"ERROR_TYPE_UNSPECIFIED",
"ACTIVE_FOLDER_HEIGHT_VIOLATION",
"MAX_CHILD_FOLDERS_VIOLATION",
"FOLDER_NAME_UNIQUENESS_VIOLATION",
"RESOURCE_DELETED_VIOLATION",
"PARENT_DELETED_VIOLATION",
"CYCLE_INTRODUCED_VIOLATION",
"FOLDER_BEING_MOVED_VIOLATION",
"FOLDER_TO_DELETE_NON_EMPTY_VIOLATION",
"DELETED_FOLDER_HEIGHT_VIOLATION"
],
"enumDescriptions": [
"The error type was unrecognized or unspecified.",
"The attempted action would violate the max folder depth constraint.",
"The attempted action would violate the max child folders constraint.",
"The attempted action would violate the locally-unique folder\ndisplay_name constraint.",
"The resource being moved has been deleted.",
"The resource a folder was being added to has been deleted.",
"The attempted action would introduce cycle in resource path.",
"The attempted action would move a folder that is already being moved.",
"The folder the caller is trying to delete contains active resources.",
"The attempted action would violate the max deleted folder depth\nconstraint."
],
"type": "string"
}
},
"type": "object"
},
"GetAncestryRequest": {
"description": "The request sent to the\nGetAncestry\nmethod.",
"id": "GetAncestryRequest",
"properties": {},
"type": "object"
},
"GetAncestryResponse": {
"description": "Response from the GetAncestry method.",
"id": "GetAncestryResponse",
"properties": {
"ancestor": {
"description": "Ancestors are ordered from bottom to top of the resource hierarchy. The\nfirst ancestor is the project itself, followed by the project's parent,\netc.",
"items": {
"$ref": "Ancestor"
},
"type": "array"
}
},
"type": "object"
},
"GetIamPolicyRequest": {
"description": "Request message for `GetIamPolicy` method.",
"id": "GetIamPolicyRequest",
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
}
},
"type": "object"
},
"GetPolicyOptions": {
"description": "Encapsulates settings provided to GetIamPolicy.",
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"ListOrganizationsResponse": {
"description": "The response returned from the `ListOrganizations` method.",
"id": "ListOrganizationsResponse",
"properties": {
"nextPageToken": {
"description": "A pagination token to be used to retrieve the next page of results. If the\nresult is too large to fit within the page size specified in the request,\nthis field will be set with a token that can be used to fetch the next page\nof results. If this field is empty, it indicates that this response\ncontains the last page of results.",
"type": "string"
},
"organizations": {
"description": "The list of Organizations that matched the list query, possibly paginated.",
"items": {
"$ref": "Organization"
},
"type": "array"
}
},
"type": "object"
},
"ListProjectsResponse": {
"description": "A page of the response received from the\nListProjects\nmethod.\n\nA paginated response where more pages are available has\n`next_page_token` set. This token can be used in a subsequent request to\nretrieve the next request page.",
"id": "ListProjectsResponse",
"properties": {
"nextPageToken": {
"description": "Pagination token.\n\nIf the result set is too large to fit in a single response, this token\nis returned. It encodes the position of the current result cursor.\nFeeding this value into a new list request with the `page_token` parameter\ngives the next page of the results.\n\nWhen `next_page_token` is not filled in, there is no next page and\nthe list returned is the last page in the result set.\n\nPagination tokens have a limited lifetime.",
"type": "string"
},
"projects": {
"description": "The list of Projects that matched the list filter. This list can\nbe paginated.",
"items": {
"$ref": "Project"
},
"type": "array"
}
},
"type": "object"
},
"Organization": {
"description": "The root node in the resource hierarchy to which a particular entity's\n(e.g., company) resources belong.",
"id": "Organization",
"properties": {
"creationTime": {
"description": "Timestamp when the Organization was created. Assigned by the server.",
"format": "google-datetime",
"type": "string"
},
"displayName": {
"description": "A human-readable string that refers to the Organization in the\nGCP Console UI. This string is set by the server and cannot be\nchanged. The string will be set to the primary domain (for example,\n\"google.com\") of the G Suite customer that owns the organization.",
"type": "string"
},
"lifecycleState": {
"description": "The organization's current lifecycle state. Assigned by the server.",
"enum": [
"LIFECYCLE_STATE_UNSPECIFIED",
"ACTIVE",
"DELETE_REQUESTED"
],
"enumDescriptions": [
"Unspecified state. This is only useful for distinguishing unset values.",
"The normal and active state.",
"The organization has been marked for deletion by the user."
],
"type": "string"
},
"name": {
"description": "Output only. The resource name of the organization. This is the\norganization's relative path in the API. Its format is\n\"organizations/[organization_id]\". For example, \"organizations/1234\".",
"type": "string"
},
"organizationId": {
"description": "An immutable id for the Organization that is assigned on creation. This\nshould be omitted when creating a new Organization.\nThis field is read-only.",
"type": "string"
},
"owner": {
"$ref": "OrganizationOwner",
"description": "The owner of this Organization. The owner should be specified on\ncreation. Once set, it cannot be changed.\nThis field is required."
}
},
"type": "object"
},
"OrganizationOwner": {
"description": "The entity that owns an Organization. The lifetime of the Organization and\nall of its descendants are bound to the `OrganizationOwner`. If the\n`OrganizationOwner` is deleted, the Organization and all its descendants will\nbe deleted.",
"id": "OrganizationOwner",
"properties": {
"directoryCustomerId": {
"description": "The G Suite customer id used in the Directory API.",
"type": "string"
}
},
"type": "object"
},
"Policy": {
"description": "Defines an Identity and Access Management (IAM) policy. It is used to\nspecify access control policies for Cloud Platform resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions (defined by IAM or configured by users). A `binding` can\noptionally specify a `condition`, which is a logic expression that further\nconstrains the role binding based on attributes about the request and/or\ntarget resource.\n\n**JSON Example**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time \u003c\n timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ]\n }\n\n**YAML Example**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time \u003c timestamp('2020-10-01T00:00:00.000Z')\n\nFor a description of IAM and its features, see the\n[IAM developer's guide](https://cloud.google.com/iam/docs).",
"id": "Policy",
"properties": {
"auditConfigs": {
"description": "Specifies cloud audit logging configuration for this policy.",
"items": {
"$ref": "AuditConfig"
},
"type": "array"
},
"bindings": {
"description": "Associates a list of `members` to a `role`. Optionally may specify a\n`condition` that determines when binding is in effect.\n`bindings` with no members will result in an error.",
"items": {
"$ref": "Binding"
},
"type": "array"
},
"etag": {
"description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\nIf no `etag` is provided in the call to `setIamPolicy`, then the existing\npolicy is overwritten. Due to blind-set semantics of an etag-less policy,\n'setIamPolicy' will not fail even if the incoming policy version does not\nmeet the requirements for modifying the stored policy.",
"format": "byte",
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nOperations affecting conditional bindings must specify version 3. This can\nbe either setting a conditional policy, modifying a conditional binding,\nor removing a binding (conditional or unconditional) from the stored\nconditional policy.\nOperations on non-conditional policies may specify any valid value or\nleave the field unset.\n\nIf no etag is provided in the call to `setIamPolicy`, version compliance\nchecks against the stored policy is skipped.",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"Project": {
"description": "A Project is a high-level Google Cloud Platform entity. It is a\ncontainer for ACLs, APIs, App Engine Apps, VMs, and other\nGoogle Cloud Platform resources.",
"id": "Project",
"properties": {
"createTime": {
"description": "Creation time.\n\nRead-only.",
"format": "google-datetime",
"type": "string"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"description": "The labels associated with this Project.\n\nLabel keys must be between 1 and 63 characters long and must conform\nto the following regular expression: \\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?.\n\nLabel values must be between 0 and 63 characters long and must conform\nto the regular expression (\\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?)?. A label\nvalue can be empty.\n\nNo more than 256 labels can be associated with a given resource.\n\nClients should store labels in a representation such as JSON that does not\ndepend on specific characters being disallowed.\n\nExample: \u003ccode\u003e\"environment\" : \"dev\"\u003c/code\u003e\nRead-write.",
"type": "object"
},
"lifecycleState": {
"description": "The Project lifecycle state.\n\nRead-only.",
"enum": [
"LIFECYCLE_STATE_UNSPECIFIED",
"ACTIVE",
"DELETE_REQUESTED",
"DELETE_IN_PROGRESS"
],
"enumDescriptions": [
"Unspecified state. This is only used/useful for distinguishing\nunset values.",
"The normal and active state.",
"The project has been marked for deletion by the user\n(by invoking\nDeleteProject)\nor by the system (Google Cloud Platform).\nThis can generally be reversed by invoking UndeleteProject.",
"This lifecycle state is no longer used and is not returned by the API."
],
"type": "string"
},
"name": {
"description": "The optional user-assigned display name of the Project.\nWhen present it must be between 4 to 30 characters.\nAllowed characters are: lowercase and uppercase letters, numbers,\nhyphen, single-quote, double-quote, space, and exclamation point.\n\nExample: \u003ccode\u003eMy Project\u003c/code\u003e\nRead-write.",
"type": "string"
},
"parent": {
"$ref": "ResourceId",
"description": "An optional reference to a parent Resource.\n\nSupported parent types include \"organization\" and \"folder\". Once set, the\nparent cannot be cleared. The `parent` can be set on creation or using the\n`UpdateProject` method; the end user must have the\n`resourcemanager.projects.create` permission on the parent.\n\nRead-write."
},
"projectId": {
"description": "The unique, user-assigned ID of the Project.\nIt must be 6 to 30 lowercase letters, digits, or hyphens.\nIt must start with a letter.\nTrailing hyphens are prohibited.\n\nExample: \u003ccode\u003etokyo-rain-123\u003c/code\u003e\nRead-only after creation.",
"type": "string"
},
"projectNumber": {
"description": "The number uniquely identifying the project.\n\nExample: \u003ccode\u003e415104041262\u003c/code\u003e\nRead-only.",
"format": "int64",
"type": "string"
}
},
"type": "object"
},
"ProjectCreationStatus": {
"description": "A status object which is used as the `metadata` field for the Operation\nreturned by CreateProject. It provides insight for when significant phases of\nProject creation have completed.",
"id": "ProjectCreationStatus",
"properties": {
"createTime": {
"description": "Creation time of the project creation workflow.",
"format": "google-datetime",
"type": "string"
},
"gettable": {
"description": "True if the project can be retrieved using GetProject. No other operations\non the project are guaranteed to work until the project creation is\ncomplete.",
"type": "boolean"
},
"ready": {
"description": "True if the project creation process is complete.",
"type": "boolean"
}
},
"type": "object"
},
"ResourceId": {
"description": "A container to reference an id for any resource type. A `resource` in Google\nCloud Platform is a generic term for something you (a developer) may want to\ninteract with through one of our API's. Some examples are an App Engine app,\na Compute Engine instance, a Cloud SQL database, and so on.",
"id": "ResourceId",
"properties": {
"id": {
"description": "Required field for the type-specific id. This should correspond to the id\nused in the type-specific API's.",
"type": "string"
},
"type": {
"description": "Required field representing the resource type this id is for.\nAt present, the valid types are \"project\", \"folder\", and \"organization\".",
"type": "string"
}
},
"type": "object"
},
"SetIamPolicyRequest": {
"description": "Request message for `SetIamPolicy` method.",
"id": "SetIamPolicyRequest",
"properties": {
"policy": {
"$ref": "Policy",
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
"format": "google-fieldmask",
"type": "string"
}
},
"type": "object"
},
"TestIamPermissionsRequest": {
"description": "Request message for `TestIamPermissions` method.",
"id": "TestIamPermissionsRequest",
"properties": {
"permissions": {
"description": "The set of permissions to check for the `resource`. Permissions with\nwildcards (such as '*' or 'storage.*') are not allowed. For more\ninformation see\n[IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"TestIamPermissionsResponse": {
"description": "Response message for `TestIamPermissions` method.",
"id": "TestIamPermissionsResponse",
"properties": {
"permissions": {
"description": "A subset of `TestPermissionsRequest.permissions` that the caller is\nallowed.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"UndeleteProjectRequest": {
"description": "The request sent to the UndeleteProject\nmethod.",
"id": "UndeleteProjectRequest",
"properties": {},
"type": "object"
}
},
"servicePath": "",
"title": "Cloud Resource Manager API",
"version": "v1beta1"
}