AccessContextManager
import { AccessContextManager } from "https://googleapis.deno.dev/v1/accesscontextmanager:v1.ts";
An API for setting attribute based access control to requests to Google Cloud services. Warning: Do not mix v1alpha and v1 API usage in the same access policy. The v1alpha API supports new Access Context Manager features, which may have different attributes or behaviors that are not supported by v1. The practice of mixed API usage within a policy may result in the inability to update that policy, including any access levels or service perimeters belonging to it. It is not recommended to use both v1 and v1alpha for modifying policies with critical service perimeters. Modifications using v1alpha should be limited to policies with non-production/non-critical service perimeters.
§Methods
Creates an access level. The long-running operation from this RPC has a successful status after the access level propagates to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered.
Required. Resource name for the access policy which owns this Access Level. Format: accessPolicies/{policy_id}
Deletes an access level based on the resource name. The long-running operation from this RPC has a successful status after the access level has been removed from long-lasting storage.
Required. Resource name for the Access Level. Format: accessPolicies/{policy_id}/accessLevels/{access_level_id}
Gets an access level based on the resource name.
Required. Resource name for the Access Level. Format: accessPolicies/{policy_id}/accessLevels/{access_level_id}
Lists all access levels for an access policy.
Required. Resource name for the access policy to list Access Levels from. Format: accessPolicies/{policy_id}
Updates an access level. The long-running operation from this RPC has a successful status after the changes to the access level propagate to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered.
Resource name for the AccessLevel
. Format: accessPolicies/{access_policy}/accessLevels/{access_level}
. The access_level
component must begin with a letter, followed by alphanumeric characters or _
. Its maximum length is 50 characters. After you create an AccessLevel
, you cannot change its name
.
Replaces all existing access levels in an access policy with the access levels provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. If the replacement contains errors, an error response is returned for the first error encountered. Upon error, the replacement is cancelled, and existing access levels are not affected. The Operation.response field contains ReplaceAccessLevelsResponse. Removing access levels contained in existing service perimeters result in an error.
Required. Resource name for the access policy which owns these Access Levels. Format: accessPolicies/{policy_id}
Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or ServicePerimeter. This method does not support other resources.
REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.
Creates an authorized orgs desc. The long-running operation from this RPC
has a successful status after the authorized orgs desc propagates to
long-lasting storage. If a authorized orgs desc contains errors, an error
response is returned for the first error encountered. The name of this
AuthorizedOrgsDesc
will be assigned during creation.
Required. Resource name for the access policy which owns this Authorized Orgs Desc. Format: accessPolicies/{policy_id}
Deletes an authorized orgs desc based on the resource name. The long-running operation from this RPC has a successful status after the authorized orgs desc is removed from long-lasting storage.
Required. Resource name for the Authorized Orgs Desc. Format: accessPolicies/{policy_id}/authorizedOrgsDesc/{authorized_orgs_desc_id}
Gets an authorized orgs desc based on the resource name.
Required. Resource name for the Authorized Orgs Desc. Format: accessPolicies/{policy_id}/authorizedOrgsDescs/{authorized_orgs_descs_id}
Lists all authorized orgs descs for an access policy.
Required. Resource name for the access policy to list Authorized Orgs Desc from. Format: accessPolicies/{policy_id}
Updates an authorized orgs desc. The long-running operation from this RPC
has a successful status after the authorized orgs desc propagates to
long-lasting storage. If a authorized orgs desc contains errors, an error
response is returned for the first error encountered. Only the organization
list in AuthorizedOrgsDesc
can be updated. The name, authorization_type,
asset_type and authorization_direction cannot be updated.
Resource name for the AuthorizedOrgsDesc
. Format: accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}
. The authorized_orgs_desc
component must begin with a letter, followed by alphanumeric characters or _
. After you create an AuthorizedOrgsDesc
, you cannot change its name
.
Creates an access policy. This method fails if the organization already
has an access policy. The long-running operation has a successful status
after the access policy propagates to long-lasting storage. Syntactic and
basic semantic errors are returned in metadata
as a BadRequest proto.
Deletes an access policy based on the resource name. The long-running operation has a successful status after the access policy is removed from long-lasting storage.
Required. Resource name for the access policy to delete. Format accessPolicies/{policy_id}
Returns an access policy based on the name.
Required. Resource name for the access policy to get. Format accessPolicies/{policy_id}
Gets the IAM policy for the specified Access Context Manager access policy.
REQUIRED: The resource for which the policy is being requested. See Resource names for the appropriate value for this field.
Lists all access policies in an organization.
Updates an access policy. The long-running operation from this RPC has a successful status after the changes to the access policy propagate to long-lasting storage.
Output only. Resource name of the AccessPolicy
. Format: accessPolicies/{access_policy}
Commits the dry-run specification for all the service perimeters in an
access policy. A commit operation on a service perimeter involves copying
its spec
field to the status
field of the service perimeter. Only
service perimeters with use_explicit_dry_run_spec
field set to true are
affected by a commit operation. The long-running operation from this RPC
has a successful status after the dry-run specifications for all the
service perimeters have been committed. If a commit fails, it causes the
long-running operation to return an error response and the entire commit
operation is cancelled. When successful, the Operation.response field
contains CommitServicePerimetersResponse. The dry_run
and the spec
fields are cleared after a successful commit operation.
Required. Resource name for the parent Access Policy which owns all Service Perimeters in scope for the commit operation. Format: accessPolicies/{policy_id}
Creates a service perimeter. The long-running operation from this RPC has a successful status after the service perimeter propagates to long-lasting storage. If a service perimeter contains errors, an error response is returned for the first error encountered.
Required. Resource name for the access policy which owns this Service Perimeter. Format: accessPolicies/{policy_id}
Deletes a service perimeter based on the resource name. The long-running operation from this RPC has a successful status after the service perimeter is removed from long-lasting storage.
Required. Resource name for the Service Perimeter. Format: accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}
Gets a service perimeter based on the resource name.
Required. Resource name for the Service Perimeter. Format: accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}
Lists all service perimeters for an access policy.
Required. Resource name for the access policy to list Service Perimeters from. Format: accessPolicies/{policy_id}
Updates a service perimeter. The long-running operation from this RPC has a successful status after the service perimeter propagates to long-lasting storage. If a service perimeter contains errors, an error response is returned for the first error encountered.
Resource name for the ServicePerimeter
. Format: accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}
. The service_perimeter
component must begin with a letter, followed by alphanumeric characters or _
. After you create a ServicePerimeter
, you cannot change its name
.
Replace all existing service perimeters in an access policy with the service perimeters provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. Replacements containing errors result in an error response for the first error encountered. Upon an error, replacement are cancelled and existing service perimeters are not affected. The Operation.response field contains ReplaceServicePerimetersResponse.
Required. Resource name for the access policy which owns these Service Perimeters. Format: accessPolicies/{policy_id}
Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or ServicePerimeter. This method does not support other resources.
REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.
Sets the IAM policy for the specified Access Context Manager access policy. This method replaces the existing IAM policy on the access policy. The IAM policy controls the set of users who can perform specific operations on the Access Context Manager access policy.
REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field.
Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or ServicePerimeter. This method does not support other resources.
REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.
Starts asynchronous cancellation on a long-running operation. The server
makes a best effort to cancel the operation, but success is not guaranteed.
If the server doesn't support this method, it returns
google.rpc.Code.UNIMPLEMENTED
. Clients can use Operations.GetOperation or
other methods to check whether the cancellation succeeded or whether the
operation completed despite cancellation. On successful cancellation, the
operation is not deleted; instead, it becomes an operation with an
Operation.error value with a google.rpc.Status.code of 1, corresponding to
Code.CANCELLED
.
The name of the operation resource to be cancelled.
Deletes a long-running operation. This method indicates that the client is
no longer interested in the operation result. It does not cancel the
operation. If the server doesn't support this method, it returns
google.rpc.Code.UNIMPLEMENTED
.
The name of the operation resource to be deleted.
Lists operations that match the specified filter in the request. If the
server doesn't support this method, it returns UNIMPLEMENTED
.
The name of the operation's parent resource.
Creates a GcpUserAccessBinding. If the client specifies a name, the server ignores it. Fails if a resource already exists with the same group_key. Completion of this long-running operation does not necessarily signify that the new binding is deployed onto all affected users, which may take more time.
Required. Example: "organizations/256"
Deletes a GcpUserAccessBinding. Completion of this long-running operation does not necessarily signify that the binding deletion is deployed onto all affected users, which may take more time.
Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
Gets the GcpUserAccessBinding with the given name.
Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
Lists all GcpUserAccessBindings for a Google Cloud organization.
Required. Example: "organizations/256"
Updates a GcpUserAccessBinding. Completion of this long-running operation does not necessarily signify that the changed binding is deployed onto all affected users, which may take more time.
Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
Returns a VPC-SC supported service based on the service name.
The name of the service to get information about. The names must be in the same format as used in defining a service perimeter, for example, storage.googleapis.com
.
Lists all VPC-SC supported services.