1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
|
<html><body>
<style>
body, h1, h2, h3, div, span, p, pre, a {
margin: 0;
padding: 0;
border: 0;
font-weight: inherit;
font-style: inherit;
font-size: 100%;
font-family: inherit;
vertical-align: baseline;
}
body {
font-size: 13px;
padding: 1em;
}
h1 {
font-size: 26px;
margin-bottom: 1em;
}
h2 {
font-size: 24px;
margin-bottom: 1em;
}
h3 {
font-size: 20px;
margin-bottom: 1em;
margin-top: 1em;
}
pre, code {
line-height: 1.5;
font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
}
pre {
margin-top: 0.5em;
}
h1, h2, h3, p {
font-family: Arial, sans serif;
}
h1, h2, h3 {
border-bottom: solid #CCC 1px;
}
.toc_element {
margin-top: 0.5em;
}
.firstline {
margin-left: 2 em;
}
.method {
margin-top: 1em;
border: solid 1px #CCC;
padding: 1em;
background: #EEE;
}
.details {
font-weight: bold;
font-size: 14px;
}
</style>
<h1><a href="accesscontextmanager_v1.html">Access Context Manager API</a> . <a href="accesscontextmanager_v1.organizations.html">organizations</a> . <a href="accesscontextmanager_v1.organizations.gcpUserAccessBindings.html">gcpUserAccessBindings</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
<code><a href="#close">close()</a></code></p>
<p class="firstline">Close httplib2 connections.</p>
<p class="toc_element">
<code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Creates a GcpUserAccessBinding. If the client specifies a name, the server ignores it. Fails if a resource already exists with the same group_key. Completion of this long-running operation does not necessarily signify that the new binding is deployed onto all affected users, which may take more time.</p>
<p class="toc_element">
<code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
<p class="firstline">Deletes a GcpUserAccessBinding. Completion of this long-running operation does not necessarily signify that the binding deletion is deployed onto all affected users, which may take more time.</p>
<p class="toc_element">
<code><a href="#get">get(name, x__xgafv=None)</a></code></p>
<p class="firstline">Gets the GcpUserAccessBinding with the given name.</p>
<p class="toc_element">
<code><a href="#list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</a></code></p>
<p class="firstline">Lists all GcpUserAccessBindings for a Google Cloud organization.</p>
<p class="toc_element">
<code><a href="#list_next">list_next()</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
<code><a href="#patch">patch(name, append=None, body=None, updateMask=None, x__xgafv=None)</a></code></p>
<p class="firstline">Updates a GcpUserAccessBinding. Completion of this long-running operation does not necessarily signify that the changed binding is deployed onto all affected users, which may take more time.</p>
<h3>Method Details</h3>
<div class="method">
<code class="details" id="close">close()</code>
<pre>Close httplib2 connections.</pre>
</div>
<div class="method">
<code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
<pre>Creates a GcpUserAccessBinding. If the client specifies a name, the server ignores it. Fails if a resource already exists with the same group_key. Completion of this long-running operation does not necessarily signify that the new binding is deployed onto all affected users, which may take more time.
Args:
parent: string, Required. Example: "organizations/256" (required)
body: object, The request body.
The object takes the form of:
{ # Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"dryRunAccessLevels": [ # Optional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"groupKey": "A String", # Optional. Immutable. Google Group id whose users are subject to this binding's restrictions. See "id" in the [Google Workspace Directory API's Group Resource] (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource). If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
"name": "A String", # Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
"restrictedClientApplications": [ # Optional. A list of applications that are subject to this binding's restrictions. If the list is empty, the binding restrictions will universally apply to all applications.
{ # An application that accesses Google Cloud APIs.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
],
"scopedAccessSettings": [ # Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. This field cannot be set if restricted_client_applications is set.
{ # A relationship between access settings and its scope.
"activeSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Access settings for this scoped access settings. This field may be empty if dry_run_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when user's Google Cloud session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"dryRunSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Dry-run access settings for this scoped access settings. This field may be empty if active_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when user's Google Cloud session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"scope": { # Access scope represents the client scope, etc. to which the settings will be applied to. # Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty.
"clientScope": { # Client scope represents the application, etc. subject to this binding's restrictions. # Optional. Client scope for this access scope.
"restrictedClientApplication": { # An application that accesses Google Cloud APIs. # Optional. The application that is subject to this binding's scope.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
},
},
},
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. The Google Cloud session length (GCSL) policy for the group key.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when user's Google Cloud session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # This resource represents a long-running operation that is the result of a network API call.
"done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
"error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
"name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
"response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
}</pre>
</div>
<div class="method">
<code class="details" id="delete">delete(name, x__xgafv=None)</code>
<pre>Deletes a GcpUserAccessBinding. Completion of this long-running operation does not necessarily signify that the binding deletion is deployed onto all affected users, which may take more time.
Args:
name: string, Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N" (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # This resource represents a long-running operation that is the result of a network API call.
"done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
"error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
"name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
"response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
}</pre>
</div>
<div class="method">
<code class="details" id="get">get(name, x__xgafv=None)</code>
<pre>Gets the GcpUserAccessBinding with the given name.
Args:
name: string, Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N" (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"dryRunAccessLevels": [ # Optional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"groupKey": "A String", # Optional. Immutable. Google Group id whose users are subject to this binding's restrictions. See "id" in the [Google Workspace Directory API's Group Resource] (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource). If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
"name": "A String", # Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
"restrictedClientApplications": [ # Optional. A list of applications that are subject to this binding's restrictions. If the list is empty, the binding restrictions will universally apply to all applications.
{ # An application that accesses Google Cloud APIs.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
],
"scopedAccessSettings": [ # Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. This field cannot be set if restricted_client_applications is set.
{ # A relationship between access settings and its scope.
"activeSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Access settings for this scoped access settings. This field may be empty if dry_run_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when user's Google Cloud session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"dryRunSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Dry-run access settings for this scoped access settings. This field may be empty if active_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when user's Google Cloud session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"scope": { # Access scope represents the client scope, etc. to which the settings will be applied to. # Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty.
"clientScope": { # Client scope represents the application, etc. subject to this binding's restrictions. # Optional. Client scope for this access scope.
"restrictedClientApplication": { # An application that accesses Google Cloud APIs. # Optional. The application that is subject to this binding's scope.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
},
},
},
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. The Google Cloud session length (GCSL) policy for the group key.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when user's Google Cloud session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
}</pre>
</div>
<div class="method">
<code class="details" id="list">list(parent, pageSize=None, pageToken=None, x__xgafv=None)</code>
<pre>Lists all GcpUserAccessBindings for a Google Cloud organization.
Args:
parent: string, Required. Example: "organizations/256" (required)
pageSize: integer, Optional. Maximum number of items to return. The server may return fewer items. If left blank, the server may return any number of items.
pageToken: string, Optional. If left blank, returns the first page. To enumerate all items, use the next_page_token from your previous list operation.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response of ListGcpUserAccessBindings.
"gcpUserAccessBindings": [ # GcpUserAccessBinding
{ # Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"dryRunAccessLevels": [ # Optional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"groupKey": "A String", # Optional. Immutable. Google Group id whose users are subject to this binding's restrictions. See "id" in the [Google Workspace Directory API's Group Resource] (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource). If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
"name": "A String", # Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
"restrictedClientApplications": [ # Optional. A list of applications that are subject to this binding's restrictions. If the list is empty, the binding restrictions will universally apply to all applications.
{ # An application that accesses Google Cloud APIs.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
],
"scopedAccessSettings": [ # Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. This field cannot be set if restricted_client_applications is set.
{ # A relationship between access settings and its scope.
"activeSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Access settings for this scoped access settings. This field may be empty if dry_run_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when user's Google Cloud session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"dryRunSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Dry-run access settings for this scoped access settings. This field may be empty if active_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when user's Google Cloud session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"scope": { # Access scope represents the client scope, etc. to which the settings will be applied to. # Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty.
"clientScope": { # Client scope represents the application, etc. subject to this binding's restrictions. # Optional. Client scope for this access scope.
"restrictedClientApplication": { # An application that accesses Google Cloud APIs. # Optional. The application that is subject to this binding's scope.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
},
},
},
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. The Google Cloud session length (GCSL) policy for the group key.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when user's Google Cloud session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
],
"nextPageToken": "A String", # Token to get the next page of items. If blank, there are no more items.
}</pre>
</div>
<div class="method">
<code class="details" id="list_next">list_next()</code>
<pre>Retrieves the next page of results.
Args:
previous_request: The request for the previous page. (required)
previous_response: The response from the request for the previous page. (required)
Returns:
A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.
</pre>
</div>
<div class="method">
<code class="details" id="patch">patch(name, append=None, body=None, updateMask=None, x__xgafv=None)</code>
<pre>Updates a GcpUserAccessBinding. Completion of this long-running operation does not necessarily signify that the changed binding is deployed onto all affected users, which may take more time.
Args:
name: string, Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N" (required)
body: object, The request body.
The object takes the form of:
{ # Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"dryRunAccessLevels": [ # Optional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"groupKey": "A String", # Optional. Immutable. Google Group id whose users are subject to this binding's restrictions. See "id" in the [Google Workspace Directory API's Group Resource] (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource). If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
"name": "A String", # Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
"restrictedClientApplications": [ # Optional. A list of applications that are subject to this binding's restrictions. If the list is empty, the binding restrictions will universally apply to all applications.
{ # An application that accesses Google Cloud APIs.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
],
"scopedAccessSettings": [ # Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. This field cannot be set if restricted_client_applications is set.
{ # A relationship between access settings and its scope.
"activeSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Access settings for this scoped access settings. This field may be empty if dry_run_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when user's Google Cloud session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"dryRunSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Dry-run access settings for this scoped access settings. This field may be empty if active_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when user's Google Cloud session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"scope": { # Access scope represents the client scope, etc. to which the settings will be applied to. # Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty.
"clientScope": { # Client scope represents the application, etc. subject to this binding's restrictions. # Optional. Client scope for this access scope.
"restrictedClientApplication": { # An application that accesses Google Cloud APIs. # Optional. The application that is subject to this binding's scope.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
},
},
},
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. The Google Cloud session length (GCSL) policy for the group key.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Only set for Google Cloud apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. This field enables or disables Google Cloud session length. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when user's Google Cloud session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
}
append: boolean, Optional. This field controls whether or not certain repeated settings in the update request overwrite or append to existing settings on the binding. If true, then append. Otherwise overwrite. So far, only scoped_access_settings with session_settings supports appending. Global access_levels, access_levels in scoped_access_settings, dry_run_access_levels, and session_settings are not compatible with append functionality, and the request will return an error if append=true when these settings are in the update_mask. The request will also return an error if append=true when "scoped_access_settings" is not set in the update_mask.
updateMask: string, Required. Only the fields specified in this mask are updated. Because name and group_key cannot be changed, update_mask is required and may only contain the following fields: `access_levels`, `dry_run_access_levels`, `session_settings`, `scoped_access_settings`. update_mask { paths: "access_levels" }
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # This resource represents a long-running operation that is the result of a network API call.
"done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
"error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
"name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
"response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
}</pre>
</div>
</body></html>
|
