open-vault/vendor/google.golang.org/api/cloudresourcemanager/v1/cloudresourcemanager-api.json

2072 lines
109 KiB
JSON

{
"auth": {
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
"description": "View and manage your data across Google Cloud Platform services"
},
"https://www.googleapis.com/auth/cloud-platform.read-only": {
"description": "View your data across Google Cloud Platform services"
}
}
}
},
"basePath": "",
"baseUrl": "https://cloudresourcemanager.googleapis.com/",
"batchPath": "batch",
"canonicalName": "Cloud Resource Manager",
"description": "Creates, reads, and updates metadata for Google Cloud Platform resource containers.",
"discoveryVersion": "v1",
"documentationLink": "https://cloud.google.com/resource-manager",
"fullyEncodeReservedExpansion": true,
"icons": {
"x16": "http://www.google.com/images/icons/product/search-16.gif",
"x32": "http://www.google.com/images/icons/product/search-32.gif"
},
"id": "cloudresourcemanager:v1",
"kind": "discovery#restDescription",
"mtlsRootUrl": "https://cloudresourcemanager.mtls.googleapis.com/",
"name": "cloudresourcemanager",
"ownerDomain": "google.com",
"ownerName": "Google",
"parameters": {
"$.xgafv": {
"description": "V1 error format.",
"enum": [
"1",
"2"
],
"enumDescriptions": [
"v1 error format",
"v2 error format"
],
"location": "query",
"type": "string"
},
"access_token": {
"description": "OAuth access token.",
"location": "query",
"type": "string"
},
"alt": {
"default": "json",
"description": "Data format for response.",
"enum": [
"json",
"media",
"proto"
],
"enumDescriptions": [
"Responses with Content-Type of application/json",
"Media download with context-dependent Content-Type",
"Responses with Content-Type of application/x-protobuf"
],
"location": "query",
"type": "string"
},
"callback": {
"description": "JSONP",
"location": "query",
"type": "string"
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"location": "query",
"type": "string"
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"location": "query",
"type": "string"
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"location": "query",
"type": "string"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
"location": "query",
"type": "boolean"
},
"quotaUser": {
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"location": "query",
"type": "string"
},
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"location": "query",
"type": "string"
},
"upload_protocol": {
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
"location": "query",
"type": "string"
}
},
"protocol": "rest",
"resources": {
"folders": {
"methods": {
"clearOrgPolicy": {
"description": "Clears a `Policy` from a resource.",
"flatPath": "v1/folders/{foldersId}:clearOrgPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.folders.clearOrgPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Name of the resource for the `Policy` to clear.",
"location": "path",
"pattern": "^folders/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:clearOrgPolicy",
"request": {
"$ref": "ClearOrgPolicyRequest"
},
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"getEffectiveOrgPolicy": {
"description": "Gets the effective `Policy` on a resource. This is the result of merging\n`Policies` in the resource hierarchy. The returned `Policy` will not have\nan `etag`set because it is a computed `Policy` across multiple resources.\nSubtrees of Resource Manager resource hierarchy with 'under:' prefix will\nnot be expanded.",
"flatPath": "v1/folders/{foldersId}:getEffectiveOrgPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.folders.getEffectiveOrgPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "The name of the resource to start computing the effective `Policy`.",
"location": "path",
"pattern": "^folders/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:getEffectiveOrgPolicy",
"request": {
"$ref": "GetEffectiveOrgPolicyRequest"
},
"response": {
"$ref": "OrgPolicy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"getOrgPolicy": {
"description": "Gets a `Policy` on a resource.\n\nIf no `Policy` is set on the resource, a `Policy` is returned with default\nvalues including `POLICY_TYPE_NOT_SET` for the `policy_type oneof`. The\n`etag` value can be used with `SetOrgPolicy()` to create or update a\n`Policy` during read-modify-write.",
"flatPath": "v1/folders/{foldersId}:getOrgPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.folders.getOrgPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Name of the resource the `Policy` is set on.",
"location": "path",
"pattern": "^folders/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:getOrgPolicy",
"request": {
"$ref": "GetOrgPolicyRequest"
},
"response": {
"$ref": "OrgPolicy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"listAvailableOrgPolicyConstraints": {
"description": "Lists `Constraints` that could be applied on the specified resource.",
"flatPath": "v1/folders/{foldersId}:listAvailableOrgPolicyConstraints",
"httpMethod": "POST",
"id": "cloudresourcemanager.folders.listAvailableOrgPolicyConstraints",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Name of the resource to list `Constraints` for.",
"location": "path",
"pattern": "^folders/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:listAvailableOrgPolicyConstraints",
"request": {
"$ref": "ListAvailableOrgPolicyConstraintsRequest"
},
"response": {
"$ref": "ListAvailableOrgPolicyConstraintsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"listOrgPolicies": {
"description": "Lists all the `Policies` set for a particular resource.",
"flatPath": "v1/folders/{foldersId}:listOrgPolicies",
"httpMethod": "POST",
"id": "cloudresourcemanager.folders.listOrgPolicies",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Name of the resource to list Policies for.",
"location": "path",
"pattern": "^folders/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:listOrgPolicies",
"request": {
"$ref": "ListOrgPoliciesRequest"
},
"response": {
"$ref": "ListOrgPoliciesResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"setOrgPolicy": {
"description": "Updates the specified `Policy` on the resource. Creates a new `Policy` for\nthat `Constraint` on the resource if one does not exist.\n\nNot supplying an `etag` on the request `Policy` results in an unconditional\nwrite of the `Policy`.",
"flatPath": "v1/folders/{foldersId}:setOrgPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.folders.setOrgPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Resource name of the resource to attach the `Policy`.",
"location": "path",
"pattern": "^folders/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:setOrgPolicy",
"request": {
"$ref": "SetOrgPolicyRequest"
},
"response": {
"$ref": "OrgPolicy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
},
"liens": {
"methods": {
"create": {
"description": "Create a Lien which applies to the resource denoted by the `parent` field.\n\nCallers of this method will require permission on the `parent` resource.\nFor example, applying to `projects/1234` requires permission\n`resourcemanager.projects.updateLiens`.\n\nNOTE: Some resources may limit the number of Liens which may be applied.",
"flatPath": "v1/liens",
"httpMethod": "POST",
"id": "cloudresourcemanager.liens.create",
"parameterOrder": [],
"parameters": {},
"path": "v1/liens",
"request": {
"$ref": "Lien"
},
"response": {
"$ref": "Lien"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"delete": {
"description": "Delete a Lien by `name`.\n\nCallers of this method will require permission on the `parent` resource.\nFor example, a Lien with a `parent` of `projects/1234` requires permission\n`resourcemanager.projects.updateLiens`.",
"flatPath": "v1/liens/{liensId}",
"httpMethod": "DELETE",
"id": "cloudresourcemanager.liens.delete",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. The name/identifier of the Lien to delete.",
"location": "path",
"pattern": "^liens/.*$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"get": {
"description": "Retrieve a Lien by `name`.\n\nCallers of this method will require permission on the `parent` resource.\nFor example, a Lien with a `parent` of `projects/1234` requires permission\nrequires permission `resourcemanager.projects.get` or\n`resourcemanager.projects.updateLiens`.",
"flatPath": "v1/liens/{liensId}",
"httpMethod": "GET",
"id": "cloudresourcemanager.liens.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. The name/identifier of the Lien.",
"location": "path",
"pattern": "^liens/.*$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "Lien"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"list": {
"description": "List all Liens applied to the `parent` resource.\n\nCallers of this method will require permission on the `parent` resource.\nFor example, a Lien with a `parent` of `projects/1234` requires permission\n`resourcemanager.projects.get`.",
"flatPath": "v1/liens",
"httpMethod": "GET",
"id": "cloudresourcemanager.liens.list",
"parameterOrder": [],
"parameters": {
"pageSize": {
"description": "The maximum number of items to return. This is a suggestion for the server.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "The `next_page_token` value returned from a previous List request, if any.",
"location": "query",
"type": "string"
},
"parent": {
"description": "Required. The name of the resource to list all attached Liens.\nFor example, `projects/1234`.\n\n(google.api.field_policy).resource_type annotation is not set since the\nparent depends on the meta api implementation. This field could be a\nproject or other sub project resources.",
"location": "query",
"type": "string"
}
},
"path": "v1/liens",
"response": {
"$ref": "ListLiensResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
}
}
},
"operations": {
"methods": {
"get": {
"description": "Gets the latest state of a long-running operation. Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice.",
"flatPath": "v1/operations/{operationsId}",
"httpMethod": "GET",
"id": "cloudresourcemanager.operations.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The name of the operation resource.",
"location": "path",
"pattern": "^operations/.*$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
}
}
},
"organizations": {
"methods": {
"clearOrgPolicy": {
"description": "Clears a `Policy` from a resource.",
"flatPath": "v1/organizations/{organizationsId}:clearOrgPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.organizations.clearOrgPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Name of the resource for the `Policy` to clear.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:clearOrgPolicy",
"request": {
"$ref": "ClearOrgPolicyRequest"
},
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Fetches an Organization resource identified by the specified resource name.",
"flatPath": "v1/organizations/{organizationsId}",
"httpMethod": "GET",
"id": "cloudresourcemanager.organizations.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The resource name of the Organization to fetch. This is the organization's\nrelative path in the API, formatted as \"organizations/[organizationId]\".\nFor example, \"organizations/1234\".",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "Organization"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"getEffectiveOrgPolicy": {
"description": "Gets the effective `Policy` on a resource. This is the result of merging\n`Policies` in the resource hierarchy. The returned `Policy` will not have\nan `etag`set because it is a computed `Policy` across multiple resources.\nSubtrees of Resource Manager resource hierarchy with 'under:' prefix will\nnot be expanded.",
"flatPath": "v1/organizations/{organizationsId}:getEffectiveOrgPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.organizations.getEffectiveOrgPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "The name of the resource to start computing the effective `Policy`.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:getEffectiveOrgPolicy",
"request": {
"$ref": "GetEffectiveOrgPolicyRequest"
},
"response": {
"$ref": "OrgPolicy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"getIamPolicy": {
"description": "Gets the access control policy for an Organization resource. May be empty\nif no such policy or resource exists. The `resource` field should be the\norganization's resource name, e.g. \"organizations/123\".\n\nAuthorization requires the Google IAM permission\n`resourcemanager.organizations.getIamPolicy` on the specified organization",
"flatPath": "v1/organizations/{organizationsId}:getIamPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.organizations.getIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:getIamPolicy",
"request": {
"$ref": "GetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"getOrgPolicy": {
"description": "Gets a `Policy` on a resource.\n\nIf no `Policy` is set on the resource, a `Policy` is returned with default\nvalues including `POLICY_TYPE_NOT_SET` for the `policy_type oneof`. The\n`etag` value can be used with `SetOrgPolicy()` to create or update a\n`Policy` during read-modify-write.",
"flatPath": "v1/organizations/{organizationsId}:getOrgPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.organizations.getOrgPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Name of the resource the `Policy` is set on.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:getOrgPolicy",
"request": {
"$ref": "GetOrgPolicyRequest"
},
"response": {
"$ref": "OrgPolicy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"listAvailableOrgPolicyConstraints": {
"description": "Lists `Constraints` that could be applied on the specified resource.",
"flatPath": "v1/organizations/{organizationsId}:listAvailableOrgPolicyConstraints",
"httpMethod": "POST",
"id": "cloudresourcemanager.organizations.listAvailableOrgPolicyConstraints",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Name of the resource to list `Constraints` for.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:listAvailableOrgPolicyConstraints",
"request": {
"$ref": "ListAvailableOrgPolicyConstraintsRequest"
},
"response": {
"$ref": "ListAvailableOrgPolicyConstraintsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"listOrgPolicies": {
"description": "Lists all the `Policies` set for a particular resource.",
"flatPath": "v1/organizations/{organizationsId}:listOrgPolicies",
"httpMethod": "POST",
"id": "cloudresourcemanager.organizations.listOrgPolicies",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Name of the resource to list Policies for.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:listOrgPolicies",
"request": {
"$ref": "ListOrgPoliciesRequest"
},
"response": {
"$ref": "ListOrgPoliciesResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"search": {
"description": "Searches Organization resources that are visible to the user and satisfy\nthe specified filter. This method returns Organizations in an unspecified\norder. New Organizations do not necessarily appear at the end of the\nresults.\n\nSearch will only return organizations on which the user has the permission\n`resourcemanager.organizations.get`",
"flatPath": "v1/organizations:search",
"httpMethod": "POST",
"id": "cloudresourcemanager.organizations.search",
"parameterOrder": [],
"parameters": {},
"path": "v1/organizations:search",
"request": {
"$ref": "SearchOrganizationsRequest"
},
"response": {
"$ref": "SearchOrganizationsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"setIamPolicy": {
"description": "Sets the access control policy on an Organization resource. Replaces any\nexisting policy. The `resource` field should be the organization's resource\nname, e.g. \"organizations/123\".\n\nAuthorization requires the Google IAM permission\n`resourcemanager.organizations.setIamPolicy` on the specified organization",
"flatPath": "v1/organizations/{organizationsId}:setIamPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.organizations.setIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:setIamPolicy",
"request": {
"$ref": "SetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"setOrgPolicy": {
"description": "Updates the specified `Policy` on the resource. Creates a new `Policy` for\nthat `Constraint` on the resource if one does not exist.\n\nNot supplying an `etag` on the request `Policy` results in an unconditional\nwrite of the `Policy`.",
"flatPath": "v1/organizations/{organizationsId}:setOrgPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.organizations.setOrgPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Resource name of the resource to attach the `Policy`.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:setOrgPolicy",
"request": {
"$ref": "SetOrgPolicyRequest"
},
"response": {
"$ref": "OrgPolicy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified Organization.\nThe `resource` field should be the organization's resource name,\ne.g. \"organizations/123\".\n\nThere are no permissions required for making this API call.",
"flatPath": "v1/organizations/{organizationsId}:testIamPermissions",
"httpMethod": "POST",
"id": "cloudresourcemanager.organizations.testIamPermissions",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:testIamPermissions",
"request": {
"$ref": "TestIamPermissionsRequest"
},
"response": {
"$ref": "TestIamPermissionsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
}
}
},
"projects": {
"methods": {
"clearOrgPolicy": {
"description": "Clears a `Policy` from a resource.",
"flatPath": "v1/projects/{projectsId}:clearOrgPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.clearOrgPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Name of the resource for the `Policy` to clear.",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:clearOrgPolicy",
"request": {
"$ref": "ClearOrgPolicyRequest"
},
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"create": {
"description": "Request that a new Project be created. The result is an Operation which\ncan be used to track the creation process. This process usually takes a few\nseconds, but can sometimes take much longer. The tracking Operation is\nautomatically deleted after a few hours, so there is no need to call\nDeleteOperation.\n\nAuthorization requires the Google IAM permission\n`resourcemanager.projects.create` on the specified parent for the new\nproject. The parent is identified by a specified ResourceId,\nwhich must include both an ID and a type, such as organization.\n\nThis method does not associate the new project with a billing account.\nYou can set or update the billing account associated with a project using\nthe [`projects.updateBillingInfo`]\n(/billing/reference/rest/v1/projects/updateBillingInfo) method.",
"flatPath": "v1/projects",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.create",
"parameterOrder": [],
"parameters": {},
"path": "v1/projects",
"request": {
"$ref": "Project"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"delete": {
"description": "Marks the Project identified by the specified\n`project_id` (for example, `my-project-123`) for deletion.\nThis method will only affect the Project if it has a lifecycle state of\nACTIVE.\n\nThis method changes the Project's lifecycle state from\nACTIVE\nto DELETE_REQUESTED.\nThe deletion starts at an unspecified time,\nat which point the Project is no longer accessible.\n\nUntil the deletion completes, you can check the lifecycle state\nchecked by retrieving the Project with GetProject,\nand the Project remains visible to ListProjects.\nHowever, you cannot update the project.\n\nAfter the deletion completes, the Project is not retrievable by\nthe GetProject and\nListProjects methods.\n\nThe caller must have modify permissions for this Project.",
"flatPath": "v1/projects/{projectId}",
"httpMethod": "DELETE",
"id": "cloudresourcemanager.projects.delete",
"parameterOrder": [
"projectId"
],
"parameters": {
"projectId": {
"description": "The Project ID (for example, `foo-bar-123`).\n\nRequired.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1/projects/{projectId}",
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Retrieves the Project identified by the specified\n`project_id` (for example, `my-project-123`).\n\nThe caller must have read permissions for this Project.",
"flatPath": "v1/projects/{projectId}",
"httpMethod": "GET",
"id": "cloudresourcemanager.projects.get",
"parameterOrder": [
"projectId"
],
"parameters": {
"projectId": {
"description": "The Project ID (for example, `my-project-123`).\n\nRequired.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1/projects/{projectId}",
"response": {
"$ref": "Project"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"getAncestry": {
"description": "Gets a list of ancestors in the resource hierarchy for the Project\nidentified by the specified `project_id` (for example, `my-project-123`).\n\nThe caller must have read permissions for this Project.",
"flatPath": "v1/projects/{projectId}:getAncestry",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.getAncestry",
"parameterOrder": [
"projectId"
],
"parameters": {
"projectId": {
"description": "The Project ID (for example, `my-project-123`).\n\nRequired.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1/projects/{projectId}:getAncestry",
"request": {
"$ref": "GetAncestryRequest"
},
"response": {
"$ref": "GetAncestryResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"getEffectiveOrgPolicy": {
"description": "Gets the effective `Policy` on a resource. This is the result of merging\n`Policies` in the resource hierarchy. The returned `Policy` will not have\nan `etag`set because it is a computed `Policy` across multiple resources.\nSubtrees of Resource Manager resource hierarchy with 'under:' prefix will\nnot be expanded.",
"flatPath": "v1/projects/{projectsId}:getEffectiveOrgPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.getEffectiveOrgPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "The name of the resource to start computing the effective `Policy`.",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:getEffectiveOrgPolicy",
"request": {
"$ref": "GetEffectiveOrgPolicyRequest"
},
"response": {
"$ref": "OrgPolicy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"getIamPolicy": {
"description": "Returns the IAM access control policy for the specified Project.\nPermission is denied if the policy or the resource does not exist.\n\nAuthorization requires the Google IAM permission\n`resourcemanager.projects.getIamPolicy` on the project.\n\nFor additional information about resource structure and identification,\nsee [Resource Names](/apis/design/resource_names).",
"flatPath": "v1/projects/{resource}:getIamPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.getIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1/projects/{resource}:getIamPolicy",
"request": {
"$ref": "GetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"getOrgPolicy": {
"description": "Gets a `Policy` on a resource.\n\nIf no `Policy` is set on the resource, a `Policy` is returned with default\nvalues including `POLICY_TYPE_NOT_SET` for the `policy_type oneof`. The\n`etag` value can be used with `SetOrgPolicy()` to create or update a\n`Policy` during read-modify-write.",
"flatPath": "v1/projects/{projectsId}:getOrgPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.getOrgPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Name of the resource the `Policy` is set on.",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:getOrgPolicy",
"request": {
"$ref": "GetOrgPolicyRequest"
},
"response": {
"$ref": "OrgPolicy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"list": {
"description": "Lists Projects that the caller has the `resourcemanager.projects.get`\npermission on and satisfy the specified filter.\n\nThis method returns Projects in an unspecified order.\nThis method is eventually consistent with project mutations; this means\nthat a newly created project may not appear in the results or recent\nupdates to an existing project may not be reflected in the results. To\nretrieve the latest state of a project, use the\nGetProject method.\n\nNOTE: If the request filter contains a `parent.type` and `parent.id` and\nthe caller has the `resourcemanager.projects.list` permission on the\nparent, the results will be drawn from an alternate index which provides\nmore consistent results. In future versions of this API, this List method\nwill be split into List and Search to properly capture the behavorial\ndifference.",
"flatPath": "v1/projects",
"httpMethod": "GET",
"id": "cloudresourcemanager.projects.list",
"parameterOrder": [],
"parameters": {
"filter": {
"description": "An expression for filtering the results of the request. Filter rules are\ncase insensitive. The fields eligible for filtering are:\n\n+ `name`\n+ `id`\n+ `labels.\u003ckey\u003e` (where *key* is the name of a label)\n+ `parent.type`\n+ `parent.id`\n\nSome examples of using labels as filters:\n\n| Filter | Description |\n|------------------|-----------------------------------------------------|\n| name:how* | The project's name starts with \"how\". |\n| name:Howl | The project's name is `Howl` or `howl`. |\n| name:HOWL | Equivalent to above. |\n| NAME:howl | Equivalent to above. |\n| labels.color:* | The project has the label `color`. |\n| labels.color:red | The project's label `color` has the value `red`. |\n| labels.color:red\u0026nbsp;labels.size:big |The project's label `color` has\n the value `red` and its label `size` has the value `big`. |\n\nIf no filter is specified, the call will return projects for which the user\nhas the `resourcemanager.projects.get` permission.\n\nNOTE: To perform a by-parent query (eg., what projects are directly in a\nFolder), the caller must have the `resourcemanager.projects.list`\npermission on the parent and the filter must contain both a `parent.type`\nand a `parent.id` restriction\n(example: \"parent.type:folder parent.id:123\"). In this case an alternate\nsearch index is used which provides more consistent results.\n\nOptional.",
"location": "query",
"type": "string"
},
"pageSize": {
"description": "The maximum number of Projects to return in the response.\nThe server can return fewer Projects than requested.\nIf unspecified, server picks an appropriate default.\n\nOptional.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "A pagination token returned from a previous call to ListProjects\nthat indicates from where listing should continue.\n\nOptional.",
"location": "query",
"type": "string"
}
},
"path": "v1/projects",
"response": {
"$ref": "ListProjectsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"listAvailableOrgPolicyConstraints": {
"description": "Lists `Constraints` that could be applied on the specified resource.",
"flatPath": "v1/projects/{projectsId}:listAvailableOrgPolicyConstraints",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.listAvailableOrgPolicyConstraints",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Name of the resource to list `Constraints` for.",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:listAvailableOrgPolicyConstraints",
"request": {
"$ref": "ListAvailableOrgPolicyConstraintsRequest"
},
"response": {
"$ref": "ListAvailableOrgPolicyConstraintsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"listOrgPolicies": {
"description": "Lists all the `Policies` set for a particular resource.",
"flatPath": "v1/projects/{projectsId}:listOrgPolicies",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.listOrgPolicies",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Name of the resource to list Policies for.",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:listOrgPolicies",
"request": {
"$ref": "ListOrgPoliciesRequest"
},
"response": {
"$ref": "ListOrgPoliciesResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"setIamPolicy": {
"description": "Sets the IAM access control policy for the specified Project. Overwrites\nany existing policy.\n\nThe following constraints apply when using `setIamPolicy()`:\n\n+ Project does not support `allUsers` and `allAuthenticatedUsers` as\n`members` in a `Binding` of a `Policy`.\n\n+ The owner role can be granted to a `user`, `serviceAccount`, or a group\nthat is part of an organization. For example,\ngroup@myownpersonaldomain.com could be added as an owner to a project in\nthe myownpersonaldomain.com organization, but not the examplepetstore.com\norganization.\n\n+ Service accounts can be made owners of a project directly\nwithout any restrictions. However, to be added as an owner, a user must be\ninvited via Cloud Platform console and must accept the invitation.\n\n+ A user cannot be granted the owner role using `setIamPolicy()`. The user\nmust be granted the owner role using the Cloud Platform Console and must\nexplicitly accept the invitation.\n\n+ You can only grant ownership of a project to a member by using the\nGCP Console. Inviting a member will deliver an invitation email that\nthey must accept. An invitation email is not generated if you are\ngranting a role other than owner, or if both the member you are inviting\nand the project are part of your organization.\n\n+ Membership changes that leave the project without any owners that have\naccepted the Terms of Service (ToS) will be rejected.\n\n+ If the project is not part of an organization, there must be at least\none owner who has accepted the Terms of Service (ToS) agreement in the\npolicy. Calling `setIamPolicy()` to remove the last ToS-accepted owner\nfrom the policy will fail. This restriction also applies to legacy\nprojects that no longer have owners who have accepted the ToS. Edits to\nIAM policies will be rejected until the lack of a ToS-accepting owner is\nrectified.\n\n+ This method will replace the existing policy, and cannot be used to\nappend additional IAM settings.\n\nNote: Removing service accounts from policies or changing their roles\ncan render services completely inoperable. It is important to understand\nhow the service account is being used before removing or updating its\nroles.\n\nAuthorization requires the Google IAM permission\n`resourcemanager.projects.setIamPolicy` on the project",
"flatPath": "v1/projects/{resource}:setIamPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.setIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1/projects/{resource}:setIamPolicy",
"request": {
"$ref": "SetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"setOrgPolicy": {
"description": "Updates the specified `Policy` on the resource. Creates a new `Policy` for\nthat `Constraint` on the resource if one does not exist.\n\nNot supplying an `etag` on the request `Policy` results in an unconditional\nwrite of the `Policy`.",
"flatPath": "v1/projects/{projectsId}:setOrgPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.setOrgPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "Resource name of the resource to attach the `Policy`.",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:setOrgPolicy",
"request": {
"$ref": "SetOrgPolicyRequest"
},
"response": {
"$ref": "OrgPolicy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified Project.\n\nThere are no permissions required for making this API call.",
"flatPath": "v1/projects/{resource}:testIamPermissions",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.testIamPermissions",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1/projects/{resource}:testIamPermissions",
"request": {
"$ref": "TestIamPermissionsRequest"
},
"response": {
"$ref": "TestIamPermissionsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"undelete": {
"description": "Restores the Project identified by the specified\n`project_id` (for example, `my-project-123`).\nYou can only use this method for a Project that has a lifecycle state of\nDELETE_REQUESTED.\nAfter deletion starts, the Project cannot be restored.\n\nThe caller must have modify permissions for this Project.",
"flatPath": "v1/projects/{projectId}:undelete",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.undelete",
"parameterOrder": [
"projectId"
],
"parameters": {
"projectId": {
"description": "The project ID (for example, `foo-bar-123`).\n\nRequired.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1/projects/{projectId}:undelete",
"request": {
"$ref": "UndeleteProjectRequest"
},
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"update": {
"description": "Updates the attributes of the Project identified by the specified\n`project_id` (for example, `my-project-123`).\n\nThe caller must have modify permissions for this Project.",
"flatPath": "v1/projects/{projectId}",
"httpMethod": "PUT",
"id": "cloudresourcemanager.projects.update",
"parameterOrder": [
"projectId"
],
"parameters": {
"projectId": {
"description": "The project ID (for example, `my-project-123`).\n\nRequired.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "v1/projects/{projectId}",
"request": {
"$ref": "Project"
},
"response": {
"$ref": "Project"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
},
"revision": "20200415",
"rootUrl": "https://cloudresourcemanager.googleapis.com/",
"schemas": {
"Ancestor": {
"description": "Identifying information for a single ancestor of a project.",
"id": "Ancestor",
"properties": {
"resourceId": {
"$ref": "ResourceId",
"description": "Resource id of the ancestor."
}
},
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
"description": "The configuration for logging of each type of permission.",
"items": {
"$ref": "AuditLogConfig"
},
"type": "array"
},
"service": {
"description": "Specifies a service that will be enabled for audit logging.\nFor example, `storage.googleapis.com`, `cloudsql.googleapis.com`.\n`allServices` is a special value that covers all services.",
"type": "string"
}
},
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
"description": "Specifies the identities that do not cause logging for this type of\npermission.\nFollows the same format of Binding.members.",
"items": {
"type": "string"
},
"type": "array"
},
"logType": {
"description": "The log type that this config enables.",
"enum": [
"LOG_TYPE_UNSPECIFIED",
"ADMIN_READ",
"DATA_WRITE",
"DATA_READ"
],
"enumDescriptions": [
"Default case. Should never be this.",
"Admin reads. Example: CloudIAM getIamPolicy",
"Data writes. Example: CloudSQL Users create",
"Data reads. Example: CloudSQL Users list"
],
"type": "string"
}
},
"type": "object"
},
"Binding": {
"description": "Associates `members` with a `role`.",
"id": "Binding",
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
"items": {
"type": "string"
},
"type": "array"
},
"role": {
"description": "Role that is assigned to `members`.\nFor example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
"type": "string"
}
},
"type": "object"
},
"BooleanConstraint": {
"description": "A `Constraint` that is either enforced or not.\n\nFor example a constraint `constraints/compute.disableSerialPortAccess`.\nIf it is enforced on a VM instance, serial port connections will not be\nopened to that instance.",
"id": "BooleanConstraint",
"properties": {},
"type": "object"
},
"BooleanPolicy": {
"description": "Used in `policy_type` to specify how `boolean_policy` will behave at this\nresource.",
"id": "BooleanPolicy",
"properties": {
"enforced": {
"description": "If `true`, then the `Policy` is enforced. If `false`, then any\nconfiguration is acceptable.\n\nSuppose you have a `Constraint`\n`constraints/compute.disableSerialPortAccess` with `constraint_default`\nset to `ALLOW`. A `Policy` for that `Constraint` exhibits the following\nbehavior:\n - If the `Policy` at this resource has enforced set to `false`, serial\n port connection attempts will be allowed.\n - If the `Policy` at this resource has enforced set to `true`, serial\n port connection attempts will be refused.\n - If the `Policy` at this resource is `RestoreDefault`, serial port\n connection attempts will be allowed.\n - If no `Policy` is set at this resource or anywhere higher in the\n resource hierarchy, serial port connection attempts will be allowed.\n - If no `Policy` is set at this resource, but one exists higher in the\n resource hierarchy, the behavior is as if the`Policy` were set at\n this resource.\n\nThe following examples demonstrate the different possible layerings:\n\nExample 1 (nearest `Constraint` wins):\n `organizations/foo` has a `Policy` with:\n {enforced: false}\n `projects/bar` has no `Policy` set.\nThe constraint at `projects/bar` and `organizations/foo` will not be\nenforced.\n\nExample 2 (enforcement gets replaced):\n `organizations/foo` has a `Policy` with:\n {enforced: false}\n `projects/bar` has a `Policy` with:\n {enforced: true}\nThe constraint at `organizations/foo` is not enforced.\nThe constraint at `projects/bar` is enforced.\n\nExample 3 (RestoreDefault):\n `organizations/foo` has a `Policy` with:\n {enforced: true}\n `projects/bar` has a `Policy` with:\n {RestoreDefault: {}}\nThe constraint at `organizations/foo` is enforced.\nThe constraint at `projects/bar` is not enforced, because\n`constraint_default` for the `Constraint` is `ALLOW`.",
"type": "boolean"
}
},
"type": "object"
},
"ClearOrgPolicyRequest": {
"description": "The request sent to the ClearOrgPolicy method.",
"id": "ClearOrgPolicyRequest",
"properties": {
"constraint": {
"description": "Name of the `Constraint` of the `Policy` to clear.",
"type": "string"
},
"etag": {
"description": "The current version, for concurrency control. Not sending an `etag`\nwill cause the `Policy` to be cleared blindly.",
"format": "byte",
"type": "string"
}
},
"type": "object"
},
"Constraint": {
"description": "A `Constraint` describes a way in which a resource's configuration can be\nrestricted. For example, it controls which cloud services can be activated\nacross an organization, or whether a Compute Engine instance can have\nserial port connections established. `Constraints` can be configured by the\norganization's policy adminstrator to fit the needs of the organzation by\nsetting Policies for `Constraints` at different locations in the\norganization's resource hierarchy. Policies are inherited down the resource\nhierarchy from higher levels, but can also be overridden. For details about\nthe inheritance rules please read about\nPolicies.\n\n`Constraints` have a default behavior determined by the `constraint_default`\nfield, which is the enforcement behavior that is used in the absence of a\n`Policy` being defined or inherited for the resource in question.",
"id": "Constraint",
"properties": {
"booleanConstraint": {
"$ref": "BooleanConstraint",
"description": "Defines this constraint as being a BooleanConstraint."
},
"constraintDefault": {
"description": "The evaluation behavior of this constraint in the absense of 'Policy'.",
"enum": [
"CONSTRAINT_DEFAULT_UNSPECIFIED",
"ALLOW",
"DENY"
],
"enumDescriptions": [
"This is only used for distinguishing unset values and should never be\nused.",
"Indicate that all values are allowed for list constraints.\nIndicate that enforcement is off for boolean constraints.",
"Indicate that all values are denied for list constraints.\nIndicate that enforcement is on for boolean constraints."
],
"type": "string"
},
"description": {
"description": "Detailed description of what this `Constraint` controls as well as how and\nwhere it is enforced.\n\nMutable.",
"type": "string"
},
"displayName": {
"description": "The human readable name.\n\nMutable.",
"type": "string"
},
"listConstraint": {
"$ref": "ListConstraint",
"description": "Defines this constraint as being a ListConstraint."
},
"name": {
"description": "Immutable value, required to globally be unique. For example,\n`constraints/serviceuser.services`",
"type": "string"
},
"version": {
"description": "Version of the `Constraint`. Default version is 0;",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"Empty": {
"description": "A generic empty message that you can re-use to avoid defining duplicated\nempty messages in your APIs. A typical example is to use it as the request\nor the response type of an API method. For instance:\n\n service Foo {\n rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n }\n\nThe JSON representation for `Empty` is empty JSON object `{}`.",
"id": "Empty",
"properties": {},
"type": "object"
},
"Expr": {
"description": "Represents a textual expression in the Common Expression Language (CEL)\nsyntax. CEL is a C-like expression language. The syntax and semantics of CEL\nare documented at https://github.com/google/cel-spec.\n\nExample (Comparison):\n\n title: \"Summary size limit\"\n description: \"Determines if a summary is less than 100 chars\"\n expression: \"document.summary.size() \u003c 100\"\n\nExample (Equality):\n\n title: \"Requestor is owner\"\n description: \"Determines if requestor is the document owner\"\n expression: \"document.owner == request.auth.claims.email\"\n\nExample (Logic):\n\n title: \"Public documents\"\n description: \"Determine whether the document should be publicly visible\"\n expression: \"document.type != 'private' \u0026\u0026 document.type != 'internal'\"\n\nExample (Data Manipulation):\n\n title: \"Notification string\"\n description: \"Create a notification string with a timestamp.\"\n expression: \"'New message received at ' + string(document.create_time)\"\n\nThe exact variables and functions that may be referenced within an expression\nare determined by the service that evaluates it. See the service\ndocumentation for additional information.",
"id": "Expr",
"properties": {
"description": {
"description": "Optional. Description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"type": "string"
},
"expression": {
"description": "Textual representation of an expression in Common Expression Language\nsyntax.",
"type": "string"
},
"location": {
"description": "Optional. String indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"type": "string"
},
"title": {
"description": "Optional. Title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"type": "string"
}
},
"type": "object"
},
"FolderOperation": {
"description": "Metadata describing a long running folder operation",
"id": "FolderOperation",
"properties": {
"destinationParent": {
"description": "The resource name of the folder or organization we are either creating\nthe folder under or moving the folder to.",
"type": "string"
},
"displayName": {
"description": "The display name of the folder.",
"type": "string"
},
"operationType": {
"description": "The type of this operation.",
"enum": [
"OPERATION_TYPE_UNSPECIFIED",
"CREATE",
"MOVE"
],
"enumDescriptions": [
"Operation type not specified.",
"A create folder operation.",
"A move folder operation."
],
"type": "string"
},
"sourceParent": {
"description": "The resource name of the folder's parent.\nOnly applicable when the operation_type is MOVE.",
"type": "string"
}
},
"type": "object"
},
"FolderOperationError": {
"description": "A classification of the Folder Operation error.",
"id": "FolderOperationError",
"properties": {
"errorMessageId": {
"description": "The type of operation error experienced.",
"enum": [
"ERROR_TYPE_UNSPECIFIED",
"ACTIVE_FOLDER_HEIGHT_VIOLATION",
"MAX_CHILD_FOLDERS_VIOLATION",
"FOLDER_NAME_UNIQUENESS_VIOLATION",
"RESOURCE_DELETED_VIOLATION",
"PARENT_DELETED_VIOLATION",
"CYCLE_INTRODUCED_VIOLATION",
"FOLDER_BEING_MOVED_VIOLATION",
"FOLDER_TO_DELETE_NON_EMPTY_VIOLATION",
"DELETED_FOLDER_HEIGHT_VIOLATION"
],
"enumDescriptions": [
"The error type was unrecognized or unspecified.",
"The attempted action would violate the max folder depth constraint.",
"The attempted action would violate the max child folders constraint.",
"The attempted action would violate the locally-unique folder\ndisplay_name constraint.",
"The resource being moved has been deleted.",
"The resource a folder was being added to has been deleted.",
"The attempted action would introduce cycle in resource path.",
"The attempted action would move a folder that is already being moved.",
"The folder the caller is trying to delete contains active resources.",
"The attempted action would violate the max deleted folder depth\nconstraint."
],
"type": "string"
}
},
"type": "object"
},
"GetAncestryRequest": {
"description": "The request sent to the\nGetAncestry\nmethod.",
"id": "GetAncestryRequest",
"properties": {},
"type": "object"
},
"GetAncestryResponse": {
"description": "Response from the GetAncestry method.",
"id": "GetAncestryResponse",
"properties": {
"ancestor": {
"description": "Ancestors are ordered from bottom to top of the resource hierarchy. The\nfirst ancestor is the project itself, followed by the project's parent,\netc..",
"items": {
"$ref": "Ancestor"
},
"type": "array"
}
},
"type": "object"
},
"GetEffectiveOrgPolicyRequest": {
"description": "The request sent to the GetEffectiveOrgPolicy method.",
"id": "GetEffectiveOrgPolicyRequest",
"properties": {
"constraint": {
"description": "The name of the `Constraint` to compute the effective `Policy`.",
"type": "string"
}
},
"type": "object"
},
"GetIamPolicyRequest": {
"description": "Request message for `GetIamPolicy` method.",
"id": "GetIamPolicyRequest",
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
},
"GetOrgPolicyRequest": {
"description": "The request sent to the GetOrgPolicy method.",
"id": "GetOrgPolicyRequest",
"properties": {
"constraint": {
"description": "Name of the `Constraint` to get the `Policy`.",
"type": "string"
}
},
"type": "object"
},
"GetPolicyOptions": {
"description": "Encapsulates settings provided to GetIamPolicy.",
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"Lien": {
"description": "A Lien represents an encumbrance on the actions that can be performed on a\nresource.",
"id": "Lien",
"properties": {
"createTime": {
"description": "The creation time of this Lien.",
"format": "google-datetime",
"type": "string"
},
"name": {
"description": "A system-generated unique identifier for this Lien.\n\nExample: `liens/1234abcd`",
"type": "string"
},
"origin": {
"description": "A stable, user-visible/meaningful string identifying the origin of the\nLien, intended to be inspected programmatically. Maximum length of 200\ncharacters.\n\nExample: 'compute.googleapis.com'",
"type": "string"
},
"parent": {
"description": "A reference to the resource this Lien is attached to. The server will\nvalidate the parent against those for which Liens are supported.\n\nExample: `projects/1234`",
"type": "string"
},
"reason": {
"description": "Concise user-visible strings indicating why an action cannot be performed\non a resource. Maximum length of 200 characters.\n\nExample: 'Holds production API key'",
"type": "string"
},
"restrictions": {
"description": "The types of operations which should be blocked as a result of this Lien.\nEach value should correspond to an IAM permission. The server will\nvalidate the permissions against those for which Liens are supported.\n\nAn empty list is meaningless and will be rejected.\n\nExample: ['resourcemanager.projects.delete']",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"ListAvailableOrgPolicyConstraintsRequest": {
"description": "The request sent to the [ListAvailableOrgPolicyConstraints]\ngoogle.cloud.OrgPolicy.v1.ListAvailableOrgPolicyConstraints] method.",
"id": "ListAvailableOrgPolicyConstraintsRequest",
"properties": {
"pageSize": {
"description": "Size of the pages to be returned. This is currently unsupported and will\nbe ignored. The server may at any point start using this field to limit\npage size.",
"format": "int32",
"type": "integer"
},
"pageToken": {
"description": "Page token used to retrieve the next page. This is currently unsupported\nand will be ignored. The server may at any point start using this field.",
"type": "string"
}
},
"type": "object"
},
"ListAvailableOrgPolicyConstraintsResponse": {
"description": "The response returned from the ListAvailableOrgPolicyConstraints method.\nReturns all `Constraints` that could be set at this level of the hierarchy\n(contrast with the response from `ListPolicies`, which returns all policies\nwhich are set).",
"id": "ListAvailableOrgPolicyConstraintsResponse",
"properties": {
"constraints": {
"description": "The collection of constraints that are settable on the request resource.",
"items": {
"$ref": "Constraint"
},
"type": "array"
},
"nextPageToken": {
"description": "Page token used to retrieve the next page. This is currently not used.",
"type": "string"
}
},
"type": "object"
},
"ListConstraint": {
"description": "A `Constraint` that allows or disallows a list of string values, which are\nconfigured by an Organization's policy administrator with a `Policy`.",
"id": "ListConstraint",
"properties": {
"suggestedValue": {
"description": "Optional. The Google Cloud Console will try to default to a configuration\nthat matches the value specified in this `Constraint`.",
"type": "string"
},
"supportsUnder": {
"description": "Indicates whether subtrees of Cloud Resource Manager resource hierarchy\ncan be used in `Policy.allowed_values` and `Policy.denied_values`. For\nexample, `\"under:folders/123\"` would match any resource under the\n'folders/123' folder.",
"type": "boolean"
}
},
"type": "object"
},
"ListLiensResponse": {
"description": "The response message for Liens.ListLiens.",
"id": "ListLiensResponse",
"properties": {
"liens": {
"description": "A list of Liens.",
"items": {
"$ref": "Lien"
},
"type": "array"
},
"nextPageToken": {
"description": "Token to retrieve the next page of results, or empty if there are no more\nresults in the list.",
"type": "string"
}
},
"type": "object"
},
"ListOrgPoliciesRequest": {
"description": "The request sent to the ListOrgPolicies method.",
"id": "ListOrgPoliciesRequest",
"properties": {
"pageSize": {
"description": "Size of the pages to be returned. This is currently unsupported and will\nbe ignored. The server may at any point start using this field to limit\npage size.",
"format": "int32",
"type": "integer"
},
"pageToken": {
"description": "Page token used to retrieve the next page. This is currently unsupported\nand will be ignored. The server may at any point start using this field.",
"type": "string"
}
},
"type": "object"
},
"ListOrgPoliciesResponse": {
"description": "The response returned from the ListOrgPolicies method. It will be empty\nif no `Policies` are set on the resource.",
"id": "ListOrgPoliciesResponse",
"properties": {
"nextPageToken": {
"description": "Page token used to retrieve the next page. This is currently not used, but\nthe server may at any point start supplying a valid token.",
"type": "string"
},
"policies": {
"description": "The `Policies` that are set on the resource. It will be empty if no\n`Policies` are set.",
"items": {
"$ref": "OrgPolicy"
},
"type": "array"
}
},
"type": "object"
},
"ListPolicy": {
"description": "Used in `policy_type` to specify how `list_policy` behaves at this\nresource.\n\n`ListPolicy` can define specific values and subtrees of Cloud Resource\nManager resource hierarchy (`Organizations`, `Folders`, `Projects`) that\nare allowed or denied by setting the `allowed_values` and `denied_values`\nfields. This is achieved by using the `under:` and optional `is:` prefixes.\nThe `under:` prefix is used to denote resource subtree values.\nThe `is:` prefix is used to denote specific values, and is required only\nif the value contains a \":\". Values prefixed with \"is:\" are treated the\nsame as values with no prefix.\nAncestry subtrees must be in one of the following formats:\n - \"projects/\u003cproject-id\u003e\", e.g. \"projects/tokyo-rain-123\"\n - \"folders/\u003cfolder-id\u003e\", e.g. \"folders/1234\"\n - \"organizations/\u003corganization-id\u003e\", e.g. \"organizations/1234\"\nThe `supports_under` field of the associated `Constraint` defines whether\nancestry prefixes can be used. You can set `allowed_values` and\n`denied_values` in the same `Policy` if `all_values` is\n`ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all\nvalues. If `all_values` is set to either `ALLOW` or `DENY`,\n`allowed_values` and `denied_values` must be unset.",
"id": "ListPolicy",
"properties": {
"allValues": {
"description": "The policy all_values state.",
"enum": [
"ALL_VALUES_UNSPECIFIED",
"ALLOW",
"DENY"
],
"enumDescriptions": [
"Indicates that allowed_values or denied_values must be set.",
"A policy with this set allows all values.",
"A policy with this set denies all values."
],
"type": "string"
},
"allowedValues": {
"description": "List of values allowed at this resource. Can only be set if `all_values`\nis set to `ALL_VALUES_UNSPECIFIED`.",
"items": {
"type": "string"
},
"type": "array"
},
"deniedValues": {
"description": "List of values denied at this resource. Can only be set if `all_values`\nis set to `ALL_VALUES_UNSPECIFIED`.",
"items": {
"type": "string"
},
"type": "array"
},
"inheritFromParent": {
"description": "Determines the inheritance behavior for this `Policy`.\n\nBy default, a `ListPolicy` set at a resource supercedes any `Policy` set\nanywhere up the resource hierarchy. However, if `inherit_from_parent` is\nset to `true`, then the values from the effective `Policy` of the parent\nresource are inherited, meaning the values set in this `Policy` are\nadded to the values inherited up the hierarchy.\n\nSetting `Policy` hierarchies that inherit both allowed values and denied\nvalues isn't recommended in most circumstances to keep the configuration\nsimple and understandable. However, it is possible to set a `Policy` with\n`allowed_values` set that inherits a `Policy` with `denied_values` set.\nIn this case, the values that are allowed must be in `allowed_values` and\nnot present in `denied_values`.\n\nFor example, suppose you have a `Constraint`\n`constraints/serviceuser.services`, which has a `constraint_type` of\n`list_constraint`, and with `constraint_default` set to `ALLOW`.\nSuppose that at the Organization level, a `Policy` is applied that\nrestricts the allowed API activations to {`E1`, `E2`}. Then, if a\n`Policy` is applied to a project below the Organization that has\n`inherit_from_parent` set to `false` and field all_values set to DENY,\nthen an attempt to activate any API will be denied.\n\nThe following examples demonstrate different possible layerings for\n`projects/bar` parented by `organizations/foo`:\n\nExample 1 (no inherited values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has `inherit_from_parent` `false` and values:\n {allowed_values: \"E3\" allowed_values: \"E4\"}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are `E3`, and `E4`.\n\nExample 2 (inherited values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has a `Policy` with values:\n {value: \"E3\" value: \"E4\" inherit_from_parent: true}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.\n\nExample 3 (inheriting both allowed and denied values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {denied_values: \"E1\"}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe value accepted at `projects/bar` is `E2`.\n\nExample 4 (RestoreDefault):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has a `Policy` with values:\n {RestoreDefault: {}}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are either all or none depending on\nthe value of `constraint_default` (if `ALLOW`, all; if\n`DENY`, none).\n\nExample 5 (no policy inherits parent policy):\n `organizations/foo` has no `Policy` set.\n `projects/bar` has no `Policy` set.\nThe accepted values at both levels are either all or none depending on\nthe value of `constraint_default` (if `ALLOW`, all; if\n`DENY`, none).\n\nExample 6 (ListConstraint allowing all):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {all: ALLOW}\nThe accepted values at `organizations/foo` are `E1`, E2`.\nAny value is accepted at `projects/bar`.\n\nExample 7 (ListConstraint allowing none):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {all: DENY}\nThe accepted values at `organizations/foo` are `E1`, E2`.\nNo value is accepted at `projects/bar`.\n\nExample 10 (allowed and denied subtrees of Resource Manager hierarchy):\nGiven the following resource hierarchy\n O1-\u003e{F1, F2}; F1-\u003e{P1}; F2-\u003e{P2, P3},\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"under:organizations/O1\"}\n `projects/bar` has a `Policy` with:\n {allowed_values: \"under:projects/P3\"}\n {denied_values: \"under:folders/F2\"}\nThe accepted values at `organizations/foo` are `organizations/O1`,\n `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,\n `projects/P3`.\nThe accepted values at `projects/bar` are `organizations/O1`,\n `folders/F1`, `projects/P1`.",
"type": "boolean"
},
"suggestedValue": {
"description": "Optional. The Google Cloud Console will try to default to a configuration\nthat matches the value specified in this `Policy`. If `suggested_value`\nis not set, it will inherit the value specified higher in the hierarchy,\nunless `inherit_from_parent` is `false`.",
"type": "string"
}
},
"type": "object"
},
"ListProjectsResponse": {
"description": "A page of the response received from the\nListProjects\nmethod.\n\nA paginated response where more pages are available has\n`next_page_token` set. This token can be used in a subsequent request to\nretrieve the next request page.",
"id": "ListProjectsResponse",
"properties": {
"nextPageToken": {
"description": "Pagination token.\n\nIf the result set is too large to fit in a single response, this token\nis returned. It encodes the position of the current result cursor.\nFeeding this value into a new list request with the `page_token` parameter\ngives the next page of the results.\n\nWhen `next_page_token` is not filled in, there is no next page and\nthe list returned is the last page in the result set.\n\nPagination tokens have a limited lifetime.",
"type": "string"
},
"projects": {
"description": "The list of Projects that matched the list filter. This list can\nbe paginated.",
"items": {
"$ref": "Project"
},
"type": "array"
}
},
"type": "object"
},
"Operation": {
"description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
"id": "Operation",
"properties": {
"done": {
"description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
"type": "boolean"
},
"error": {
"$ref": "Status",
"description": "The error result of the operation in case of failure or cancellation."
},
"metadata": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "Service-specific metadata associated with the operation. It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata. Any method that returns a\nlong-running operation should document the metadata type, if any.",
"type": "object"
},
"name": {
"description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should be a resource name ending with `operations/{unique_id}`.",
"type": "string"
},
"response": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "The normal response of the operation in case of success. If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`. If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource. For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name. For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
"type": "object"
}
},
"type": "object"
},
"OrgPolicy": {
"description": "Defines a Cloud Organization `Policy` which is used to specify `Constraints`\nfor configurations of Cloud Platform resources.",
"id": "OrgPolicy",
"properties": {
"booleanPolicy": {
"$ref": "BooleanPolicy",
"description": "For boolean `Constraints`, whether to enforce the `Constraint` or not."
},
"constraint": {
"description": "The name of the `Constraint` the `Policy` is configuring, for example,\n`constraints/serviceuser.services`.\n\nImmutable after creation.",
"type": "string"
},
"etag": {
"description": "An opaque tag indicating the current version of the `Policy`, used for\nconcurrency control.\n\nWhen the `Policy` is returned from either a `GetPolicy` or a\n`ListOrgPolicy` request, this `etag` indicates the version of the current\n`Policy` to use when executing a read-modify-write loop.\n\nWhen the `Policy` is returned from a `GetEffectivePolicy` request, the\n`etag` will be unset.\n\nWhen the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value\nthat was returned from a `GetOrgPolicy` request as part of a\nread-modify-write loop for concurrency control. Not setting the `etag`in a\n`SetOrgPolicy` request will result in an unconditional write of the\n`Policy`.",
"format": "byte",
"type": "string"
},
"listPolicy": {
"$ref": "ListPolicy",
"description": "List of values either allowed or disallowed."
},
"restoreDefault": {
"$ref": "RestoreDefault",
"description": "Restores the default behavior of the constraint; independent of\n`Constraint` type."
},
"updateTime": {
"description": "The time stamp the `Policy` was previously updated. This is set by the\nserver, not specified by the caller, and represents the last time a call to\n`SetOrgPolicy` was made for that `Policy`. Any value set by the client will\nbe ignored.",
"format": "google-datetime",
"type": "string"
},
"version": {
"description": "Version of the `Policy`. Default version is 0;",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"Organization": {
"description": "The root node in the resource hierarchy to which a particular entity's\n(e.g., company) resources belong.",
"id": "Organization",
"properties": {
"creationTime": {
"description": "Timestamp when the Organization was created. Assigned by the server.",
"format": "google-datetime",
"type": "string"
},
"displayName": {
"description": "A human-readable string that refers to the Organization in the\nGCP Console UI. This string is set by the server and cannot be\nchanged. The string will be set to the primary domain (for example,\n\"google.com\") of the G Suite customer that owns the organization.",
"type": "string"
},
"lifecycleState": {
"description": "The organization's current lifecycle state. Assigned by the server.",
"enum": [
"LIFECYCLE_STATE_UNSPECIFIED",
"ACTIVE",
"DELETE_REQUESTED"
],
"enumDescriptions": [
"Unspecified state. This is only useful for distinguishing unset values.",
"The normal and active state.",
"The organization has been marked for deletion by the user."
],
"type": "string"
},
"name": {
"description": "Output only. The resource name of the organization. This is the\norganization's relative path in the API. Its format is\n\"organizations/[organization_id]\". For example, \"organizations/1234\".",
"type": "string"
},
"owner": {
"$ref": "OrganizationOwner",
"description": "The owner of this Organization. The owner should be specified on\ncreation. Once set, it cannot be changed.\nThis field is required."
}
},
"type": "object"
},
"OrganizationOwner": {
"description": "The entity that owns an Organization. The lifetime of the Organization and\nall of its descendants are bound to the `OrganizationOwner`. If the\n`OrganizationOwner` is deleted, the Organization and all its descendants will\nbe deleted.",
"id": "OrganizationOwner",
"properties": {
"directoryCustomerId": {
"description": "The G Suite customer id used in the Directory API.",
"type": "string"
}
},
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time \u003c timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time \u003c timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
"description": "Specifies cloud audit logging configuration for this policy.",
"items": {
"$ref": "AuditConfig"
},
"type": "array"
},
"bindings": {
"description": "Associates a list of `members` to a `role`. Optionally, may specify a\n`condition` that determines how and when the `bindings` are applied. Each\nof the `bindings` must contain at least one member.",
"items": {
"$ref": "Binding"
},
"type": "array"
},
"etag": {
"description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.",
"format": "byte",
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"Project": {
"description": "A Project is a high-level Google Cloud Platform entity. It is a\ncontainer for ACLs, APIs, App Engine Apps, VMs, and other\nGoogle Cloud Platform resources.",
"id": "Project",
"properties": {
"createTime": {
"description": "Creation time.\n\nRead-only.",
"format": "google-datetime",
"type": "string"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"description": "The labels associated with this Project.\n\nLabel keys must be between 1 and 63 characters long and must conform\nto the following regular expression: \\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?.\n\nLabel values must be between 0 and 63 characters long and must conform\nto the regular expression (\\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?)?. A label\nvalue can be empty.\n\nNo more than 256 labels can be associated with a given resource.\n\nClients should store labels in a representation such as JSON that does not\ndepend on specific characters being disallowed.\n\nExample: \u003ccode\u003e\"environment\" : \"dev\"\u003c/code\u003e\nRead-write.",
"type": "object"
},
"lifecycleState": {
"description": "The Project lifecycle state.\n\nRead-only.",
"enum": [
"LIFECYCLE_STATE_UNSPECIFIED",
"ACTIVE",
"DELETE_REQUESTED",
"DELETE_IN_PROGRESS"
],
"enumDescriptions": [
"Unspecified state. This is only used/useful for distinguishing\nunset values.",
"The normal and active state.",
"The project has been marked for deletion by the user\n(by invoking\nDeleteProject)\nor by the system (Google Cloud Platform).\nThis can generally be reversed by invoking UndeleteProject.",
"This lifecycle state is no longer used and not returned by the API."
],
"type": "string"
},
"name": {
"description": "The optional user-assigned display name of the Project.\nWhen present it must be between 4 to 30 characters.\nAllowed characters are: lowercase and uppercase letters, numbers,\nhyphen, single-quote, double-quote, space, and exclamation point.\n\nExample: \u003ccode\u003eMy Project\u003c/code\u003e\nRead-write.",
"type": "string"
},
"parent": {
"$ref": "ResourceId",
"description": "An optional reference to a parent Resource.\n\nSupported parent types include \"organization\" and \"folder\". Once set, the\nparent cannot be cleared. The `parent` can be set on creation or using the\n`UpdateProject` method; the end user must have the\n`resourcemanager.projects.create` permission on the parent.\n\nRead-write."
},
"projectId": {
"description": "The unique, user-assigned ID of the Project.\nIt must be 6 to 30 lowercase letters, digits, or hyphens.\nIt must start with a letter.\nTrailing hyphens are prohibited.\n\nExample: \u003ccode\u003etokyo-rain-123\u003c/code\u003e\nRead-only after creation.",
"type": "string"
},
"projectNumber": {
"description": "The number uniquely identifying the project.\n\nExample: \u003ccode\u003e415104041262\u003c/code\u003e\nRead-only.",
"format": "int64",
"type": "string"
}
},
"type": "object"
},
"ProjectCreationStatus": {
"description": "A status object which is used as the `metadata` field for the Operation\nreturned by CreateProject. It provides insight for when significant phases of\nProject creation have completed.",
"id": "ProjectCreationStatus",
"properties": {
"createTime": {
"description": "Creation time of the project creation workflow.",
"format": "google-datetime",
"type": "string"
},
"gettable": {
"description": "True if the project can be retrieved using GetProject. No other operations\non the project are guaranteed to work until the project creation is\ncomplete.",
"type": "boolean"
},
"ready": {
"description": "True if the project creation process is complete.",
"type": "boolean"
}
},
"type": "object"
},
"ResourceId": {
"description": "A container to reference an id for any resource type. A `resource` in Google\nCloud Platform is a generic term for something you (a developer) may want to\ninteract with through one of our API's. Some examples are an App Engine app,\na Compute Engine instance, a Cloud SQL database, and so on.",
"id": "ResourceId",
"properties": {
"id": {
"description": "Required field for the type-specific id. This should correspond to the id\nused in the type-specific API's.",
"type": "string"
},
"type": {
"description": "Required field representing the resource type this id is for.\nAt present, the valid types are: \"organization\", \"folder\", and \"project\".",
"type": "string"
}
},
"type": "object"
},
"RestoreDefault": {
"description": "Ignores policies set above this resource and restores the\n`constraint_default` enforcement behavior of the specific `Constraint` at\nthis resource.\n\nSuppose that `constraint_default` is set to `ALLOW` for the\n`Constraint` `constraints/serviceuser.services`. Suppose that organization\nfoo.com sets a `Policy` at their Organization resource node that restricts\nthe allowed service activations to deny all service activations. They\ncould then set a `Policy` with the `policy_type` `restore_default` on\nseveral experimental projects, restoring the `constraint_default`\nenforcement of the `Constraint` for only those projects, allowing those\nprojects to have all services activated.",
"id": "RestoreDefault",
"properties": {},
"type": "object"
},
"SearchOrganizationsRequest": {
"description": "The request sent to the `SearchOrganizations` method.",
"id": "SearchOrganizationsRequest",
"properties": {
"filter": {
"description": "An optional query string used to filter the Organizations to return in\nthe response. Filter rules are case-insensitive.\n\n\nOrganizations may be filtered by `owner.directoryCustomerId` or by\n`domain`, where the domain is a G Suite domain, for example:\n\n* Filter `owner.directorycustomerid:123456789` returns Organization\nresources with `owner.directory_customer_id` equal to `123456789`.\n* Filter `domain:google.com` returns Organization resources corresponding\nto the domain `google.com`.\n\nThis field is optional.",
"type": "string"
},
"pageSize": {
"description": "The maximum number of Organizations to return in the response.\nThis field is optional.",
"format": "int32",
"type": "integer"
},
"pageToken": {
"description": "A pagination token returned from a previous call to `SearchOrganizations`\nthat indicates from where listing should continue.\nThis field is optional.",
"type": "string"
}
},
"type": "object"
},
"SearchOrganizationsResponse": {
"description": "The response returned from the `SearchOrganizations` method.",
"id": "SearchOrganizationsResponse",
"properties": {
"nextPageToken": {
"description": "A pagination token to be used to retrieve the next page of results. If the\nresult is too large to fit within the page size specified in the request,\nthis field will be set with a token that can be used to fetch the next page\nof results. If this field is empty, it indicates that this response\ncontains the last page of results.",
"type": "string"
},
"organizations": {
"description": "The list of Organizations that matched the search query, possibly\npaginated.",
"items": {
"$ref": "Organization"
},
"type": "array"
}
},
"type": "object"
},
"SetIamPolicyRequest": {
"description": "Request message for `SetIamPolicy` method.",
"id": "SetIamPolicyRequest",
"properties": {
"policy": {
"$ref": "Policy",
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}
},
"type": "object"
},
"SetOrgPolicyRequest": {
"description": "The request sent to the SetOrgPolicyRequest method.",
"id": "SetOrgPolicyRequest",
"properties": {
"policy": {
"$ref": "OrgPolicy",
"description": "`Policy` to set on the resource."
}
},
"type": "object"
},
"Status": {
"description": "The `Status` type defines a logical error model that is suitable for\ndifferent programming environments, including REST APIs and RPC APIs. It is\nused by [gRPC](https://github.com/grpc). Each `Status` message contains\nthree pieces of data: error code, error message, and error details.\n\nYou can find out more about this error model and how to work with it in the\n[API Design Guide](https://cloud.google.com/apis/design/errors).",
"id": "Status",
"properties": {
"code": {
"description": "The status code, which should be an enum value of google.rpc.Code.",
"format": "int32",
"type": "integer"
},
"details": {
"description": "A list of messages that carry the error details. There is a common set of\nmessage types for APIs to use.",
"items": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"type": "object"
},
"type": "array"
},
"message": {
"description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
"type": "string"
}
},
"type": "object"
},
"TestIamPermissionsRequest": {
"description": "Request message for `TestIamPermissions` method.",
"id": "TestIamPermissionsRequest",
"properties": {
"permissions": {
"description": "The set of permissions to check for the `resource`. Permissions with\nwildcards (such as '*' or 'storage.*') are not allowed. For more\ninformation see\n[IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"TestIamPermissionsResponse": {
"description": "Response message for `TestIamPermissions` method.",
"id": "TestIamPermissionsResponse",
"properties": {
"permissions": {
"description": "A subset of `TestPermissionsRequest.permissions` that the caller is\nallowed.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"UndeleteProjectRequest": {
"description": "The request sent to the UndeleteProject\nmethod.",
"id": "UndeleteProjectRequest",
"properties": {},
"type": "object"
}
},
"servicePath": "",
"title": "Cloud Resource Manager API",
"version": "v1"
}