Namespace Google.Apis.CloudResourceManager.v1.Data

Classes

Ancestor

Identifying information for a single ancestor of a project.

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.

AuditLogConfig

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

Binding

Associates members, or principals, with a role.

BooleanConstraint

A Constraint that is either enforced or not. For example a constraint constraints/compute.disableSerialPortAccess. If it is enforced on a VM instance, serial port connections will not be opened to that instance.

BooleanPolicy

Used in policy_type to specify how boolean_policy will behave at this resource.

ClearOrgPolicyRequest

The request sent to the ClearOrgPolicy method.

CloudresourcemanagerGoogleCloudResourcemanagerV2alpha1FolderOperation

Metadata describing a long running folder operation

CloudresourcemanagerGoogleCloudResourcemanagerV2beta1FolderOperation

Metadata describing a long running folder operation

Constraint

A Constraint describes a way in which a resource's configuration can be restricted. For example, it controls which cloud services can be activated across an organization, or whether a Compute Engine instance can have serial port connections established. Constraints can be configured by the organization's policy administrator to fit the needs of the organzation by setting Policies for Constraints at different locations in the organization's resource hierarchy. Policies are inherited down the resource hierarchy from higher levels, but can also be overridden. For details about the inheritance rules please read about Policies. Constraints have a default behavior determined by the constraint_default field, which is the enforcement behavior that is used in the absence of a Policy being defined or inherited for the resource in question.

CreateFolderMetadata

Metadata pertaining to the Folder creation process.

CreateProjectMetadata

A status object which is used as the metadata field for the Operation returned by CreateProject. It provides insight for when significant phases of Project creation have completed.

CreateTagBindingMetadata

Runtime operation information for creating a TagValue.

CreateTagKeyMetadata

Runtime operation information for creating a TagKey.

CreateTagValueMetadata

Runtime operation information for creating a TagValue.

DeleteFolderMetadata

A status object which is used as the metadata field for the Operation returned by DeleteFolder.

DeleteOrganizationMetadata

A status object which is used as the metadata field for the operation returned by DeleteOrganization.

DeleteProjectMetadata

A status object which is used as the metadata field for the Operation returned by DeleteProject.

DeleteTagBindingMetadata

Runtime operation information for deleting a TagBinding.

DeleteTagKeyMetadata

Runtime operation information for deleting a TagKey.

DeleteTagValueMetadata

Runtime operation information for deleting a TagValue.

Empty

A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }

Expr

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

FolderOperation

Metadata describing a long running folder operation

FolderOperationError

A classification of the Folder Operation error.

GetAncestryRequest

The request sent to the GetAncestry method.

GetAncestryResponse

Response from the projects.getAncestry method.

GetEffectiveOrgPolicyRequest

The request sent to the GetEffectiveOrgPolicy method.

GetIamPolicyRequest

Request message for GetIamPolicy method.

GetOrgPolicyRequest

The request sent to the GetOrgPolicy method.

GetPolicyOptions

Encapsulates settings provided to GetIamPolicy.

Lien

A Lien represents an encumbrance on the actions that can be performed on a resource.

ListAvailableOrgPolicyConstraintsRequest

The request sent to the ListAvailableOrgPolicyConstraints method on the project, folder, or organization.

ListAvailableOrgPolicyConstraintsResponse

The response returned from the ListAvailableOrgPolicyConstraints method. Returns all Constraints that could be set at this level of the hierarchy (contrast with the response from ListPolicies, which returns all policies which are set).

ListConstraint

A Constraint that allows or disallows a list of string values, which are configured by an Organization's policy administrator with a Policy.

ListLiensResponse

The response message for Liens.ListLiens.

ListOrgPoliciesRequest

The request sent to the ListOrgPolicies method.

ListOrgPoliciesResponse

The response returned from the ListOrgPolicies method. It will be empty if no Policies are set on the resource.

ListPolicy

Used in policy_type to specify how list_policy behaves at this resource. ListPolicy can define specific values and subtrees of Cloud Resource Manager resource hierarchy (Organizations, Folders, Projects) that are allowed or denied by setting the allowed_values and denied_values fields. This is achieved by using the under: and optional is: prefixes. The under: prefix is used to denote resource subtree values. The is: prefix is used to denote specific values, and is required only if the value contains a ":". Values prefixed with "is:" are treated the same as values with no prefix. Ancestry subtrees must be in one of the following formats:

"projects/", e.g. "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/", e.g. "organizations/1234" The supports_under field of the associated Constraint defines whether ancestry prefixes can be used. You can set allowed_values and denied_values in the same Policy if all_values is ALL_VALUES_UNSPECIFIED. ALLOW or DENY are used to allow or deny all values. If all_values is set to either ALLOW or DENY, allowed_values and denied_values must be unset.

ListProjectsResponse

A page of the response received from the ListProjects method. A paginated response where more pages are available has next_page_token set. This token can be used in a subsequent request to retrieve the next request page.

MoveFolderMetadata

Metadata pertaining to the folder move process.

MoveProjectMetadata

A status object which is used as the metadata field for the Operation returned by MoveProject.

Operation

This resource represents a long-running operation that is the result of a network API call.

OrgPolicy

Defines a Cloud Organization Policy which is used to specify Constraints for configurations of Cloud Platform resources.

Organization

The root node in the resource hierarchy to which a particular entity's (e.g., company) resources belong.

OrganizationOwner

The entity that owns an Organization. The lifetime of the Organization and all of its descendants are bound to the OrganizationOwner. If the OrganizationOwner is deleted, the Organization and all its descendants will be deleted.

Policy

An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation. JSON example:

{
"bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com",
"group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] },
{ "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": {
"title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time
&lt; timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }

YAML example:

bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com -
serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin -
members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable
access description: Does not grant access after Sep 2020 expression: request.time &lt;
timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3

For a description of IAM and its features, see the IAM documentation.

Project

A Project is a high-level Google Cloud Platform entity. It is a container for ACLs, APIs, App Engine Apps, VMs, and other Google Cloud Platform resources.

ProjectCreationStatus

A status object which is used as the metadata field for the Operation returned by CreateProject. It provides insight for when significant phases of Project creation have completed.

ResourceId

A container to reference an id for any resource type. A resource in Google Cloud Platform is a generic term for something you (a developer) may want to interact with through one of our API's. Some examples are an App Engine app, a Compute Engine instance, a Cloud SQL database, and so on.

RestoreDefault

Ignores policies set above this resource and restores the constraint_default enforcement behavior of the specific Constraint at this resource. Suppose that constraint_default is set to ALLOW for the Constraint constraints/serviceuser.services. Suppose that organization foo.com sets a Policy at their Organization resource node that restricts the allowed service activations to deny all service activations. They could then set a Policy with the policy_type restore_default on several experimental projects, restoring the constraint_default enforcement of the Constraint for only those projects, allowing those projects to have all services activated.

SearchOrganizationsRequest

The request sent to the SearchOrganizations method.

SearchOrganizationsResponse

The response returned from the SearchOrganizations method.

SetIamPolicyRequest

Request message for SetIamPolicy method.

SetOrgPolicyRequest

The request sent to the SetOrgPolicyRequest method.

Status

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.