Google Git
Sign in
code / google-api-go-client / 8038894d941cca8b87f2924d5d7b05711cab0023 / . / accesscontextmanager / v1beta / accesscontextmanager-api.json
blob: 71ee3dc92da9804d63960d55d3bfa6f4764a8c6a [file] [log] [blame]
{
"auth": {
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
"description": "View and manage your data across Google Cloud Platform services"
}
}
}
},
"basePath": "",
"baseUrl": "https://accesscontextmanager.googleapis.com/",
"batchPath": "batch",
"canonicalName": "Access Context Manager",
"description": "An API for setting attribute based access control to requests to GCP services.",
"discoveryVersion": "v1",
"documentationLink": "https://cloud.google.com/access-context-manager/docs/reference/rest/",
"fullyEncodeReservedExpansion": true,
"icons": {
"x16": "http://www.google.com/images/icons/product/search-16.gif",
"x32": "http://www.google.com/images/icons/product/search-32.gif"
},
"id": "accesscontextmanager:v1beta",
"kind": "discovery#restDescription",
"name": "accesscontextmanager",
"ownerDomain": "google.com",
"ownerName": "Google",
"parameters": {
"$.xgafv": {
"description": "V1 error format.",
"enum": [
"1",
"2"
],
"enumDescriptions": [
"v1 error format",
"v2 error format"
],
"location": "query",
"type": "string"
},
"access_token": {
"description": "OAuth access token.",
"location": "query",
"type": "string"
},
"alt": {
"default": "json",
"description": "Data format for response.",
"enum": [
"json",
"media",
"proto"
],
"enumDescriptions": [
"Responses with Content-Type of application/json",
"Media download with context-dependent Content-Type",
"Responses with Content-Type of application/x-protobuf"
],
"location": "query",
"type": "string"
},
"callback": {
"description": "JSONP",
"location": "query",
"type": "string"
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"location": "query",
"type": "string"
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"location": "query",
"type": "string"
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"location": "query",
"type": "string"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
"location": "query",
"type": "boolean"
},
"quotaUser": {
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"location": "query",
"type": "string"
},
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"location": "query",
"type": "string"
},
"upload_protocol": {
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
"location": "query",
"type": "string"
}
},
"protocol": "rest",
"resources": {
"accessPolicies": {
"methods": {
"create": {
"description": "Create an `AccessPolicy`. Fails if this organization already has a\n`AccessPolicy`. The longrunning Operation will have a successful status\nonce the `AccessPolicy` has propagated to long-lasting storage.\nSyntactic and basic semantic errors will be returned in `metadata` as a\nBadRequest proto.",
"flatPath": "v1beta/accessPolicies",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.create",
"parameterOrder": [],
"parameters": {},
"path": "v1beta/accessPolicies",
"request": {
"$ref": "AccessPolicy"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"delete": {
"description": "Delete an AccessPolicy by resource\nname. The longrunning Operation will have a successful status once the\nAccessPolicy\nhas been removed from long-lasting storage.",
"flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
"httpMethod": "DELETE",
"id": "accesscontextmanager.accessPolicies.delete",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the access policy to delete.\n\nFormat `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta/{+name}",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Get an AccessPolicy by name.",
"flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the access policy to get.\n\nFormat `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta/{+name}",
"response": {
"$ref": "AccessPolicy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"list": {
"description": "List all AccessPolicies under a\ncontainer.",
"flatPath": "v1beta/accessPolicies",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.list",
"parameterOrder": [],
"parameters": {
"pageSize": {
"description": "Number of AccessPolicy instances to include in the list. Default 100.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Next page token for the next batch of AccessPolicy instances. Defaults to\nthe first page of results.",
"location": "query",
"type": "string"
},
"parent": {
"description": "Required. Resource name for the container to list AccessPolicy instances\nfrom.\n\nFormat:\n`organizations/{org_id}`",
"location": "query",
"type": "string"
}
},
"path": "v1beta/accessPolicies",
"response": {
"$ref": "ListAccessPoliciesResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"patch": {
"description": "Update an AccessPolicy. The\nlongrunning Operation from this RPC will have a successful status once the\nchanges to the AccessPolicy have propagated\nto long-lasting storage. Syntactic and basic semantic errors will be\nreturned in `metadata` as a BadRequest proto.",
"flatPath": "v1beta/accessPolicies/{accessPoliciesId}",
"httpMethod": "PATCH",
"id": "accesscontextmanager.accessPolicies.patch",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
},
"updateMask": {
"description": "Required. Mask to control which fields get updated. Must be non-empty.",
"format": "google-fieldmask",
"location": "query",
"type": "string"
}
},
"path": "v1beta/{+name}",
"request": {
"$ref": "AccessPolicy"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
},
"resources": {
"accessLevels": {
"methods": {
"create": {
"description": "Create an Access Level. The longrunning\noperation from this RPC will have a successful status once the Access\nLevel has\npropagated to long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
"flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.accessLevels.create",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. Resource name for the access policy which owns this Access\nLevel.\n\nFormat: `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta/{+parent}/accessLevels",
"request": {
"$ref": "AccessLevel"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"delete": {
"description": "Delete an Access Level by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Access Level has been removed\nfrom long-lasting storage.",
"flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
"httpMethod": "DELETE",
"id": "accesscontextmanager.accessPolicies.accessLevels.delete",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta/{+name}",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Get an Access Level by resource\nname.",
"flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.accessLevels.get",
"parameterOrder": [
"name"
],
"parameters": {
"accessLevelFormat": {
"description": "Whether to return `BasicLevels` in the Cloud Common Expression\nLanguage rather than as `BasicLevels`. Defaults to AS_DEFINED, where\nAccess Levels\nare returned as `BasicLevels` or `CustomLevels` based on how they were\ncreated. If set to CEL, all Access Levels are returned as\n`CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent\n`CustomLevels`.",
"enum": [
"LEVEL_FORMAT_UNSPECIFIED",
"AS_DEFINED",
"CEL"
],
"location": "query",
"type": "string"
},
"name": {
"description": "Required. Resource name for the Access Level.\n\nFormat:\n`accessPolicies/{policy_id}/accessLevels/{access_level_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta/{+name}",
"response": {
"$ref": "AccessLevel"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"list": {
"description": "List all Access Levels for an access\npolicy.",
"flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.accessLevels.list",
"parameterOrder": [
"parent"
],
"parameters": {
"accessLevelFormat": {
"description": "Whether to return `BasicLevels` in the Cloud Common Expression language, as\n`CustomLevels`, rather than as `BasicLevels`. Defaults to returning\n`AccessLevels` in the format they were defined.",
"enum": [
"LEVEL_FORMAT_UNSPECIFIED",
"AS_DEFINED",
"CEL"
],
"location": "query",
"type": "string"
},
"pageSize": {
"description": "Number of Access Levels to include in\nthe list. Default 100.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Next page token for the next batch of Access Level instances.\nDefaults to the first page of results.",
"location": "query",
"type": "string"
},
"parent": {
"description": "Required. Resource name for the access policy to list Access Levels from.\n\nFormat:\n`accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta/{+parent}/accessLevels",
"response": {
"$ref": "ListAccessLevelsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"patch": {
"description": "Update an Access Level. The longrunning\noperation from this RPC will have a successful status once the changes to\nthe Access Level have propagated\nto long-lasting storage. Access Levels containing\nerrors will result in an error response for the first error encountered.",
"flatPath": "v1beta/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
"httpMethod": "PATCH",
"id": "accesscontextmanager.accessPolicies.accessLevels.patch",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
"required": true,
"type": "string"
},
"updateMask": {
"description": "Required. Mask to control which fields get updated. Must be non-empty.",
"format": "google-fieldmask",
"location": "query",
"type": "string"
}
},
"path": "v1beta/{+name}",
"request": {
"$ref": "AccessLevel"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
},
"servicePerimeters": {
"methods": {
"create": {
"description": "Create an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nService Perimeter has\npropagated to long-lasting storage. Service Perimeters containing\nerrors will result in an error response for the first error encountered.",
"flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.create",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. Resource name for the access policy which owns this Service\nPerimeter.\n\nFormat: `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta/{+parent}/servicePerimeters",
"request": {
"$ref": "ServicePerimeter"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"delete": {
"description": "Delete an Service Perimeter by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Service Perimeter has been\nremoved from long-lasting storage.",
"flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
"httpMethod": "DELETE",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.delete",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta/{+name}",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Get an Service Perimeter by resource\nname.",
"flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the Service Perimeter.\n\nFormat:\n`accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta/{+name}",
"response": {
"$ref": "ServicePerimeter"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"list": {
"description": "List all Service Perimeters for an\naccess policy.",
"flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.list",
"parameterOrder": [
"parent"
],
"parameters": {
"pageSize": {
"description": "Number of Service Perimeters to include\nin the list. Default 100.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Next page token for the next batch of Service Perimeter instances.\nDefaults to the first page of results.",
"location": "query",
"type": "string"
},
"parent": {
"description": "Required. Resource name for the access policy to list Service Perimeters from.\n\nFormat:\n`accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta/{+parent}/servicePerimeters",
"response": {
"$ref": "ListServicePerimetersResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"patch": {
"description": "Update an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nchanges to the Service Perimeter have\npropagated to long-lasting storage. Service Perimeter containing\nerrors will result in an error response for the first error encountered.",
"flatPath": "v1beta/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
"httpMethod": "PATCH",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.patch",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. Resource name for the ServicePerimeter. The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
"required": true,
"type": "string"
},
"updateMask": {
"description": "Required. Mask to control which fields get updated. Must be non-empty.",
"format": "google-fieldmask",
"location": "query",
"type": "string"
}
},
"path": "v1beta/{+name}",
"request": {
"$ref": "ServicePerimeter"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
}
},
"operations": {
"methods": {
"get": {
"description": "Gets the latest state of a long-running operation. Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice.",
"flatPath": "v1beta/operations/{operationsId}",
"httpMethod": "GET",
"id": "accesscontextmanager.operations.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The name of the operation resource.",
"location": "path",
"pattern": "^operations/.+$",
"required": true,
"type": "string"
}
},
"path": "v1beta/{+name}",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
},
"revision": "20191018",
"rootUrl": "https://accesscontextmanager.googleapis.com/",
"schemas": {
"AccessLevel": {
"description": "An `AccessLevel` is a label that can be applied to requests to GCP services,\nalong with a list of requirements necessary for the label to be applied.",
"id": "AccessLevel",
"properties": {
"basic": {
"$ref": "BasicLevel",
"description": "A `BasicLevel` composed of `Conditions`."
},
"createTime": {
"description": "Output only. Time the `AccessLevel` was created in UTC.",
"format": "google-datetime",
"type": "string"
},
"description": {
"description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
"type": "string"
},
"name": {
"description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
"type": "string"
},
"title": {
"description": "Human readable title. Must be unique within the Policy.",
"type": "string"
},
"updateTime": {
"description": "Output only. Time the `AccessLevel` was updated in UTC.",
"format": "google-datetime",
"type": "string"
}
},
"type": "object"
},
"AccessPolicy": {
"description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use GCP services) and `ServicePerimeters` (which define regions\nof services able to freely pass data within a perimeter). An access policy is\nglobally visible within an organization, and the restrictions it specifies\napply to all projects within an organization.",
"id": "AccessPolicy",
"properties": {
"createTime": {
"description": "Output only. Time the `AccessPolicy` was created in UTC.",
"format": "google-datetime",
"type": "string"
},
"name": {
"description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
"type": "string"
},
"parent": {
"description": "Required. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`",
"type": "string"
},
"title": {
"description": "Required. Human readable title. Does not affect behavior.",
"type": "string"
},
"updateTime": {
"description": "Output only. Time the `AccessPolicy` was updated in UTC.",
"format": "google-datetime",
"type": "string"
}
},
"type": "object"
},
"BasicLevel": {
"description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
"id": "BasicLevel",
"properties": {
"combiningFunction": {
"description": "How the `conditions` list should be combined to determine if a request is\ngranted this `AccessLevel`. If AND is used, each `Condition` in\n`conditions` must be satisfied for the `AccessLevel` to be applied. If OR\nis used, at least one `Condition` in `conditions` must be satisfied for the\n`AccessLevel` to be applied. Default behavior is AND.",
"enum": [
"AND",
"OR"
],
"enumDescriptions": [
"All `Conditions` must be true for the `BasicLevel` to be true.",
"If at least one `Condition` is true, then the `BasicLevel` is true."
],
"type": "string"
},
"conditions": {
"description": "Required. A list of requirements for the `AccessLevel` to be granted.",
"items": {
"$ref": "Condition"
},
"type": "array"
}
},
"type": "object"
},
"Condition": {
"description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
"id": "Condition",
"properties": {
"devicePolicy": {
"$ref": "DevicePolicy",
"description": "Device specific restrictions, all restrictions must hold for the\nCondition to be true. If not specified, all devices are allowed."
},
"ipSubnetworks": {
"description": "CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for\na CIDR IP address block, the specified IP address portion must be properly\ntruncated (i.e. all the host bits must be zero) or the input is considered\nmalformed. For example, \"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is\nnot. Similarly, for IPv6, \"2001:db8::/32\" is accepted whereas\n\"2001:db8::1/32\" is not. The originating IP of a request must be in one of\nthe listed subnets in order for this Condition to be true. If empty, all IP\naddresses are allowed.",
"items": {
"type": "string"
},
"type": "array"
},
"members": {
"description": "The request must be made by one of the provided user or service\naccounts. Groups are not supported.\nSyntax:\n`user:{emailid}`\n`serviceAccount:{emailid}`\nIf not specified, a request may come from any user.",
"items": {
"type": "string"
},
"type": "array"
},
"negate": {
"description": "Whether to negate the Condition. If true, the Condition becomes a NAND over\nits non-empty fields, each field must be false for the Condition overall to\nbe satisfied. Defaults to false.",
"type": "boolean"
},
"regions": {
"description": "The request must originate from one of the provided countries/regions.\nMust be valid ISO 3166-1 alpha-2 codes.",
"items": {
"type": "string"
},
"type": "array"
},
"requiredAccessLevels": {
"description": "A list of other access levels defined in the same `Policy`, referenced by\nresource name. Referencing an `AccessLevel` which does not exist is an\nerror. All access levels listed must be granted for the Condition\nto be true. Example:\n\"`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME\"`",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"DevicePolicy": {
"description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
"id": "DevicePolicy",
"properties": {
"allowedDeviceManagementLevels": {
"description": "Allowed device management levels, an empty list allows all management\nlevels.",
"enumDescriptions": [
"The device's management level is not specified or not known.",
"The device is not managed.",
"Basic management is enabled, which is generally limited to monitoring and\nwiping the corporate account.",
"Complete device management. This includes more thorough monitoring and the\nability to directly manage the device (such as remote wiping). This can be\nenabled through the Android Enterprise Platform."
],
"items": {
"enum": [
"MANAGEMENT_UNSPECIFIED",
"NONE",
"BASIC",
"COMPLETE"
],
"type": "string"
},
"type": "array"
},
"allowedEncryptionStatuses": {
"description": "Allowed encryptions statuses, an empty list allows all statuses.",
"enumDescriptions": [
"The encryption status of the device is not specified or not known.",
"The device does not support encryption.",
"The device supports encryption, but is currently unencrypted.",
"The device is encrypted."
],
"items": {
"enum": [
"ENCRYPTION_UNSPECIFIED",
"ENCRYPTION_UNSUPPORTED",
"UNENCRYPTED",
"ENCRYPTED"
],
"type": "string"
},
"type": "array"
},
"osConstraints": {
"description": "Allowed OS versions, an empty list allows all types and all versions.",
"items": {
"$ref": "OsConstraint"
},
"type": "array"
},
"requireAdminApproval": {
"description": "Whether the device needs to be approved by the customer admin.",
"type": "boolean"
},
"requireCorpOwned": {
"description": "Whether the device needs to be corp owned.",
"type": "boolean"
},
"requireScreenlock": {
"description": "Whether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`.",
"type": "boolean"
}
},
"type": "object"
},
"ListAccessLevelsResponse": {
"description": "A response to `ListAccessLevelsRequest`.",
"id": "ListAccessLevelsResponse",
"properties": {
"accessLevels": {
"description": "List of the Access Level instances.",
"items": {
"$ref": "AccessLevel"
},
"type": "array"
},
"nextPageToken": {
"description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
"type": "string"
}
},
"type": "object"
},
"ListAccessPoliciesResponse": {
"description": "A response to `ListAccessPoliciesRequest`.",
"id": "ListAccessPoliciesResponse",
"properties": {
"accessPolicies": {
"description": "List of the AccessPolicy instances.",
"items": {
"$ref": "AccessPolicy"
},
"type": "array"
},
"nextPageToken": {
"description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
"type": "string"
}
},
"type": "object"
},
"ListServicePerimetersResponse": {
"description": "A response to `ListServicePerimetersRequest`.",
"id": "ListServicePerimetersResponse",
"properties": {
"nextPageToken": {
"description": "The pagination token to retrieve the next page of results. If the value is\nempty, no further results remain.",
"type": "string"
},
"servicePerimeters": {
"description": "List of the Service Perimeter instances.",
"items": {
"$ref": "ServicePerimeter"
},
"type": "array"
}
},
"type": "object"
},
"Operation": {
"description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
"id": "Operation",
"properties": {
"done": {
"description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
"type": "boolean"
},
"error": {
"$ref": "Status",
"description": "The error result of the operation in case of failure or cancellation."
},
"metadata": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "Service-specific metadata associated with the operation. It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata. Any method that returns a\nlong-running operation should document the metadata type, if any.",
"type": "object"
},
"name": {
"description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should be a resource name ending with `operations/{unique_id}`.",
"type": "string"
},
"response": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "The normal response of the operation in case of success. If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`. If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource. For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name. For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
"type": "object"
}
},
"type": "object"
},
"OsConstraint": {
"description": "A restriction on the OS type and version of devices making requests.",
"id": "OsConstraint",
"properties": {
"minimumVersion": {
"description": "The minimum allowed OS version. If not set, any version of this OS\nsatisfies the constraint. Format: `\"major.minor.patch\"`.\nExamples: `\"10.5.301\"`, `\"9.2.1\"`.",
"type": "string"
},
"osType": {
"description": "Required. The allowed OS type.",
"enum": [
"OS_UNSPECIFIED",
"DESKTOP_MAC",
"DESKTOP_WINDOWS",
"DESKTOP_LINUX",
"DESKTOP_CHROME_OS"
],
"enumDescriptions": [
"The operating system of the device is not specified or not known.",
"A desktop Mac operating system.",
"A desktop Windows operating system.",
"A desktop Linux operating system.",
"A desktop ChromeOS operating system."
],
"type": "string"
},
"requireVerifiedChromeOs": {
"description": "Only allows requests from devices with a verified Chrome OS.\nVerifications includes requirements that the device is enterprise-managed,\nconformant to domain policies, and the caller has permission to call\nthe API targeted by the request.",
"type": "boolean"
}
},
"type": "object"
},
"ServicePerimeter": {
"description": "`ServicePerimeter` describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single GCP\nproject can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.",
"id": "ServicePerimeter",
"properties": {
"createTime": {
"description": "Output only. Time the `ServicePerimeter` was created in UTC.",
"format": "google-datetime",
"type": "string"
},
"description": {
"description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
"type": "string"
},
"name": {
"description": "Required. Resource name for the ServicePerimeter. The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
"type": "string"
},
"perimeterType": {
"description": "Perimeter type indicator. A single project is\nallowed to be a member of single regular perimeter, but multiple service\nperimeter bridges. A project cannot be a included in a perimeter bridge\nwithout being included in regular perimeter. For perimeter bridges,\nrestricted/unrestricted service lists as well as access lists must be\nempty.",
"enum": [
"PERIMETER_TYPE_REGULAR",
"PERIMETER_TYPE_BRIDGE"
],
"enumDescriptions": [
"Regular Perimeter.",
"Perimeter Bridge."
],
"type": "string"
},
"status": {
"$ref": "ServicePerimeterConfig",
"description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted/unrestricted services and access levels that determine perimeter\ncontent and boundaries."
},
"title": {
"description": "Human readable title. Must be unique within the Policy.",
"type": "string"
},
"updateTime": {
"description": "Output only. Time the `ServicePerimeter` was updated in UTC.",
"format": "google-datetime",
"type": "string"
}
},
"type": "object"
},
"ServicePerimeterConfig": {
"description": "`ServicePerimeterConfig` specifies a set of GCP resources that describe\nspecific Service Perimeter configuration.",
"id": "ServicePerimeterConfig",
"properties": {
"accessLevels": {
"description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via GCP calls\nwith request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
"items": {
"type": "string"
},
"type": "array"
},
"resources": {
"description": "A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
"items": {
"type": "string"
},
"type": "array"
},
"restrictedServices": {
"description": "GCP services that are subject to the Service Perimeter restrictions. Must\ncontain a list of services. For example, if\n`storage.googleapis.com` is specified, access to the storage buckets\ninside the perimeter must meet the perimeter's access restrictions.",
"items": {
"type": "string"
},
"type": "array"
},
"unrestrictedServices": {
"description": "GCP services that are not subject to the Service Perimeter\nrestrictions. Deprecated. Must be set to a single wildcard \"*\".\n\nThe wildcard means that unless explicitly specified by\n\"restricted_services\" list, any service is treated as unrestricted.",
"items": {
"type": "string"
},
"type": "array"
},
"vpcServiceRestriction": {
"$ref": "VpcServiceRestriction",
"description": "Alpha. Configuration for within Perimeter allowed APIs."
}
},
"type": "object"
},
"Status": {
"description": "The `Status` type defines a logical error model that is suitable for\ndifferent programming environments, including REST APIs and RPC APIs. It is\nused by [gRPC](https://github.com/grpc). Each `Status` message contains\nthree pieces of data: error code, error message, and error details.\n\nYou can find out more about this error model and how to work with it in the\n[API Design Guide](https://cloud.google.com/apis/design/errors).",
"id": "Status",
"properties": {
"code": {
"description": "The status code, which should be an enum value of google.rpc.Code.",
"format": "int32",
"type": "integer"
},
"details": {
"description": "A list of messages that carry the error details. There is a common set of\nmessage types for APIs to use.",
"items": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"type": "object"
},
"type": "array"
},
"message": {
"description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
"type": "string"
}
},
"type": "object"
},
"VpcServiceRestriction": {
"description": "Alpha. Specifies how APIs are allowed to communicate within the Service\nPerimeter.",
"id": "VpcServiceRestriction",
"properties": {
"allowedServices": {
"description": "The list of APIs usable within the Service Perimeter. Must be empty\nunless 'enable_restriction' is True.",
"items": {
"type": "string"
},
"type": "array"
},
"enableRestriction": {
"description": "Whether to restrict API calls within the Service Perimeter to the list of\nAPIs specified in 'allowed_services'.",
"type": "boolean"
}
},
"type": "object"
}
},
"servicePath": "",
"title": "Access Context Manager API",
"version": "v1beta",
"version_module": true
}