{ "schemas": { "GoogleIamV3betaAccessPolicyRule": { "id": "GoogleIamV3betaAccessPolicyRule", "description": "Access Policy Rule that determines the behavior of the policy.", "type": "object", "properties": { "description": { "description": "Optional. Customer specified description of the rule. Must be less than or equal to 256 characters.", "type": "string" }, "effect": { "description": "Required. The effect of the rule.", "type": "string", "enumDescriptions": [ "The effect is unspecified.", "The policy will deny access if it evaluates to true.", "The policy will grant access if it evaluates to true." ], "enum": [ "EFFECT_UNSPECIFIED", "DENY", "ALLOW" ] }, "conditions": { "description": "Optional. The conditions that determine whether this rule applies to a request. Conditions are identified by their key, which is the FQDN of the service that they are relevant to. For example: ``` \"conditions\": { \"iam.googleapis.com\": { \"expression\": } } ``` Each rule is evaluated independently. If this rule does not apply to a request, other rules might still apply. Currently supported keys are as follows: * `eventarc.googleapis.com`: Can use `CEL` functions that evaluate resource fields. * `iam.googleapis.com`: Can use `CEL` functions that evaluate [resource tags](https://cloud.google.com/iam/help/conditions/resource-tags) and combine them using boolean and logical operators. Other functions and operators are not supported.", "type": "object", "additionalProperties": { "$ref": "GoogleTypeExpr" } }, "principals": { "items": { "type": "string" }, "description": "Required. The identities for which this rule's effect governs using one or more permissions on Google Cloud resources. This field can contain the following values: * `principal://goog/subject/{email_id}`: A specific Google Account. Includes Gmail, Cloud Identity, and Google Workspace user accounts. For example, `principal://goog/subject/alice@example.com`. * `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}`: A Google Cloud service account. For example, `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com`. * `principalSet://goog/group/{group_id}`: A Google group. For example, `principalSet://goog/group/admins@example.com`. * `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the principals associated with the specified Google Workspace or Cloud Identity customer ID. For example, `principalSet://goog/cloudIdentityCustomerId/C01Abc35`. If an identifier that was previously set on a policy is soft deleted, then calls to read that policy will return the identifier with a deleted prefix. Users cannot set identifiers with this syntax. * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific Google Account that was deleted recently. For example, `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If the Google Account is recovered, this identifier reverts to the standard identifier for a Google Account. * `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group that was deleted recently. For example, `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If the Google group is restored, this identifier reverts to the standard identifier for a Google group. * `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_id}?uid={uid}`: A Google Cloud service account that was deleted recently. For example, `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account@iam.gserviceaccount.com?uid=1234567890`. If the service account is undeleted, this identifier reverts to the standard identifier for a service account.", "type": "array" }, "operation": { "description": "Required. Attributes that are used to determine whether this rule applies to a request.", "$ref": "GoogleIamV3betaAccessPolicyRuleOperation" }, "excludedPrincipals": { "items": { "type": "string" }, "description": "Optional. The identities that are excluded from the access policy rule, even if they are listed in the `principals`. For example, you could add a Google group to the `principals`, then exclude specific users who belong to that group.", "type": "array" } } }, "GoogleIamV3betaSearchTargetPolicyBindingsResponse": { "id": "GoogleIamV3betaSearchTargetPolicyBindingsResponse", "description": "Response message for SearchTargetPolicyBindings method.", "type": "object", "properties": { "policyBindings": { "items": { "$ref": "GoogleIamV3betaPolicyBinding" }, "description": "The policy bindings bound to the specified target.", "type": "array" }, "nextPageToken": { "description": "Optional. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.", "type": "string" } } }, "GoogleIamV3betaAccessPolicy": { "id": "GoogleIamV3betaAccessPolicy", "description": "An IAM access policy resource.", "type": "object", "properties": { "uid": { "description": "Output only. The globally unique ID of the access policy.", "readOnly": true, "type": "string" }, "details": { "$ref": "GoogleIamV3betaAccessPolicyDetails", "description": "Optional. The details for the access policy." }, "createTime": { "description": "Output only. The time when the access policy was created.", "readOnly": true, "type": "string", "format": "google-datetime" }, "updateTime": { "format": "google-datetime", "description": "Output only. The time when the access policy was most recently updated.", "readOnly": true, "type": "string" }, "displayName": { "description": "Optional. The description of the access policy. Must be less than or equal to 63 characters.", "type": "string" }, "name": { "description": "Identifier. The resource name of the access policy. The following formats are supported: * `projects/{project_id}/locations/{location}/accessPolicies/{policy_id}` * `projects/{project_number}/locations/{location}/accessPolicies/{policy_id}` * `folders/{folder_id}/locations/{location}/accessPolicies/{policy_id}` * `organizations/{organization_id}/locations/{location}/accessPolicies/{policy_id}`", "type": "string" }, "etag": { "description": "Optional. The etag for the access policy. If this is provided on update, it must match the server's etag.", "type": "string" }, "annotations": { "description": "Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations", "type": "object", "additionalProperties": { "type": "string" } } } }, "GoogleIamV3betaListAccessPoliciesResponse": { "id": "GoogleIamV3betaListAccessPoliciesResponse", "description": "Response message for ListAccessPolicies method.", "type": "object", "properties": { "nextPageToken": { "description": "Optional. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.", "type": "string" }, "accessPolicies": { "description": "The access policies from the specified parent.", "type": "array", "items": { "$ref": "GoogleIamV3betaAccessPolicy" } } } }, "GoogleRpcStatus": { "id": "GoogleRpcStatus", "description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).", "type": "object", "properties": { "code": { "description": "The status code, which should be an enum value of google.rpc.Code.", "type": "integer", "format": "int32" }, "message": { "description": "A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.", "type": "string" }, "details": { "description": "A list of messages that carry the error details. There is a common set of message types for APIs to use.", "type": "array", "items": { "type": "object", "additionalProperties": { "type": "any", "description": "Properties of the object. Contains field @type with type URL." } } } } }, "GoogleTypeExpr": { "id": "GoogleTypeExpr", "description": "Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() \u003c 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\" expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description: \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.", "type": "object", "properties": { "description": { "description": "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.", "type": "string" }, "location": { "description": "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.", "type": "string" }, "expression": { "description": "Textual representation of an expression in Common Expression Language syntax.", "type": "string" }, "title": { "description": "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.", "type": "string" } } }, "GoogleIamV3betaAccessPolicyDetails": { "id": "GoogleIamV3betaAccessPolicyDetails", "description": "Access policy details.", "type": "object", "properties": { "rules": { "items": { "$ref": "GoogleIamV3betaAccessPolicyRule" }, "description": "Required. A list of access policy rules.", "type": "array" } } }, "GoogleIamV3betaAccessPolicyRuleOperation": { "id": "GoogleIamV3betaAccessPolicyRuleOperation", "description": "Attributes that are used to determine whether this rule applies to a request.", "type": "object", "properties": { "excludedPermissions": { "items": { "type": "string" }, "description": "Optional. Specifies the permissions that this rule excludes from the set of affected permissions given by `permissions`. If a permission appears in `permissions` _and_ in `excluded_permissions` then it will _not_ be subject to the policy effect. The excluded permissions can be specified using the same syntax as `permissions`.", "type": "array" }, "permissions": { "items": { "type": "string" }, "description": "Optional. The permissions that are explicitly affected by this rule. Each permission uses the format `{service_fqdn}/{resource}.{verb}`, where `{service_fqdn}` is the fully qualified domain name for the service. Currently supported permissions are as follows: * `eventarc.googleapis.com/messageBuses.publish`.", "type": "array" } } }, "GoogleIamV3betaListPrincipalAccessBoundaryPoliciesResponse": { "id": "GoogleIamV3betaListPrincipalAccessBoundaryPoliciesResponse", "description": "Response message for ListPrincipalAccessBoundaryPolicies method.", "type": "object", "properties": { "nextPageToken": { "description": "Optional. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.", "type": "string" }, "principalAccessBoundaryPolicies": { "items": { "$ref": "GoogleIamV3betaPrincipalAccessBoundaryPolicy" }, "description": "The principal access boundary policies from the specified parent.", "type": "array" } } }, "GoogleIamV3betaPrincipalAccessBoundaryPolicyDetails": { "id": "GoogleIamV3betaPrincipalAccessBoundaryPolicyDetails", "description": "Principal access boundary policy details", "type": "object", "properties": { "rules": { "description": "Required. A list of principal access boundary policy rules. The number of rules in a policy is limited to 500.", "type": "array", "items": { "$ref": "GoogleIamV3betaPrincipalAccessBoundaryPolicyRule" } }, "enforcementVersion": { "description": "Optional. The version number (for example, `1` or `latest`) that indicates which permissions are able to be blocked by the policy. If empty, the PAB policy version will be set to the most recent version number at the time of the policy's creation.", "type": "string" } } }, "GoogleIamAdminV1AuditData": { "id": "GoogleIamAdminV1AuditData", "description": "Audit log information specific to Cloud IAM admin APIs. This message is serialized as an `Any` type in the `ServiceData` message of an `AuditLog` message.", "type": "object", "properties": { "permissionDelta": { "description": "The permission_delta when when creating or updating a Role.", "$ref": "GoogleIamAdminV1AuditDataPermissionDelta" } } }, "GoogleIamV3betaPrincipalAccessBoundaryPolicyRule": { "id": "GoogleIamV3betaPrincipalAccessBoundaryPolicyRule", "description": "Principal access boundary policy rule that defines the resource boundary.", "type": "object", "properties": { "description": { "description": "Optional. The description of the principal access boundary policy rule. Must be less than or equal to 256 characters.", "type": "string" }, "effect": { "description": "Required. The access relationship of principals to the resources in this rule.", "type": "string", "enumDescriptions": [ "Effect unspecified.", "Allows access to the resources in this rule." ], "enum": [ "EFFECT_UNSPECIFIED", "ALLOW" ] }, "resources": { "description": "Required. A list of Resource Manager resources. If a resource is listed in the rule, then the rule applies for that resource and its descendants. The number of resources in a policy is limited to 500 across all rules in the policy. The following resource types are supported: * Organizations, such as `//cloudresourcemanager.googleapis.com/organizations/123`. * Folders, such as `//cloudresourcemanager.googleapis.com/folders/123`. * Projects, such as `//cloudresourcemanager.googleapis.com/projects/123` or `//cloudresourcemanager.googleapis.com/projects/my-project-id`.", "type": "array", "items": { "type": "string" } } } }, "GoogleIamAdminV1AuditDataPermissionDelta": { "id": "GoogleIamAdminV1AuditDataPermissionDelta", "description": "A PermissionDelta message to record the added_permissions and removed_permissions inside a role.", "type": "object", "properties": { "addedPermissions": { "description": "Added permissions.", "type": "array", "items": { "type": "string" } }, "removedPermissions": { "description": "Removed permissions.", "type": "array", "items": { "type": "string" } } } }, "GoogleIamV3betaSearchAccessPolicyBindingsResponse": { "id": "GoogleIamV3betaSearchAccessPolicyBindingsResponse", "description": "Response message for SearchAccessPolicyBindings rpc.", "type": "object", "properties": { "policyBindings": { "description": "The policy bindings that reference the specified policy.", "type": "array", "items": { "$ref": "GoogleIamV3betaPolicyBinding" } }, "nextPageToken": { "description": "Optional. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.", "type": "string" } } }, "GoogleLongrunningOperation": { "id": "GoogleLongrunningOperation", "description": "This resource represents a long-running operation that is the result of a network API call.", "type": "object", "properties": { "error": { "$ref": "GoogleRpcStatus", "description": "The error result of the operation in case of failure or cancellation." }, "response": { "additionalProperties": { "type": "any", "description": "Properties of the object. Contains field @type with type URL." }, "description": "The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.", "type": "object" }, "metadata": { "additionalProperties": { "type": "any", "description": "Properties of the object. Contains field @type with type URL." }, "description": "Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.", "type": "object" }, "name": { "description": "The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.", "type": "string" }, "done": { "description": "If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.", "type": "boolean" } } }, "GoogleIamV3betaPolicyBinding": { "id": "GoogleIamV3betaPolicyBinding", "description": "IAM policy binding resource.", "type": "object", "properties": { "displayName": { "description": "Optional. The description of the policy binding. Must be less than or equal to 63 characters.", "type": "string" }, "policy": { "description": "Required. Immutable. The resource name of the policy to be bound. The binding parent and policy must belong to the same organization.", "type": "string" }, "name": { "description": "Identifier. The name of the policy binding, in the format `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target. Format: * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}` * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}` * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}` * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`", "type": "string" }, "condition": { "description": "Optional. The condition to apply to the policy binding. When set, the `expression` field in the `Expr` must include from 1 to 10 subexpressions, joined by the \"||\"(Logical OR), \"&&\"(Logical AND) or \"!\"(Logical NOT) operators and cannot contain more than 250 characters. The condition is currently only supported when bound to policies of kind principal access boundary. When the bound policy is a principal access boundary policy, the only supported attributes in any subexpression are `principal.type` and `principal.subject`. An example expression is: \"principal.type == 'iam.googleapis.com/ServiceAccount'\" or \"principal.subject == 'bob@example.com'\". Allowed operations for `principal.subject`: - `principal.subject == ` - `principal.subject != ` - `principal.subject in []` - `principal.subject.startsWith()` - `principal.subject.endsWith()` Allowed operations for `principal.type`: - `principal.type == ` - `principal.type != ` - `principal.type in []` Supported principal types are workspace, workforce pool, workload pool, service account, and Agent Identity. Allowed string must be one of: - `iam.googleapis.com/WorkspaceIdentity` - `iam.googleapis.com/WorkforcePoolIdentity` - `iam.googleapis.com/WorkloadPoolIdentity` - `iam.googleapis.com/ServiceAccount` - `iam.googleapis.com/AgentPoolIdentity` (available in Preview)", "$ref": "GoogleTypeExpr" }, "uid": { "description": "Output only. The globally unique ID of the policy binding. Assigned when the policy binding is created.", "readOnly": true, "type": "string" }, "policyKind": { "enumDescriptions": [ "Unspecified policy kind; Not a valid state", "Principal access boundary policy kind", "Access policy kind." ], "enum": [ "POLICY_KIND_UNSPECIFIED", "PRINCIPAL_ACCESS_BOUNDARY", "ACCESS" ], "description": "Immutable. The kind of the policy to attach in this binding. This field must be one of the following: - Left empty (will be automatically set to the policy kind) - The input policy kind", "type": "string" }, "policyUid": { "description": "Output only. The globally unique ID of the policy to be bound.", "readOnly": true, "type": "string" }, "updateTime": { "description": "Output only. The time when the policy binding was most recently updated.", "readOnly": true, "type": "string", "format": "google-datetime" }, "etag": { "description": "Optional. The etag for the policy binding. If this is provided on update, it must match the server's etag.", "type": "string" }, "annotations": { "description": "Optional. User-defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations", "type": "object", "additionalProperties": { "type": "string" } }, "target": { "$ref": "GoogleIamV3betaPolicyBindingTarget", "description": "Required. Immutable. The full resource name of the resource to which the policy will be bound. Immutable once set." }, "createTime": { "description": "Output only. The time when the policy binding was created.", "readOnly": true, "type": "string", "format": "google-datetime" } } }, "GoogleIamV3betaPrincipalAccessBoundaryPolicy": { "id": "GoogleIamV3betaPrincipalAccessBoundaryPolicy", "description": "An IAM principal access boundary policy resource.", "type": "object", "properties": { "etag": { "description": "Optional. The etag for the principal access boundary. If this is provided on update, it must match the server's etag.", "type": "string" }, "annotations": { "description": "Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations", "type": "object", "additionalProperties": { "type": "string" } }, "displayName": { "description": "Optional. The description of the principal access boundary policy. Must be less than or equal to 63 characters.", "type": "string" }, "name": { "description": "Identifier. The resource name of the principal access boundary policy. The following format is supported: `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id}`", "type": "string" }, "createTime": { "format": "google-datetime", "description": "Output only. The time when the principal access boundary policy was created.", "readOnly": true, "type": "string" }, "updateTime": { "description": "Output only. The time when the principal access boundary policy was most recently updated.", "readOnly": true, "type": "string", "format": "google-datetime" }, "uid": { "description": "Output only. The globally unique ID of the principal access boundary policy.", "readOnly": true, "type": "string" }, "details": { "$ref": "GoogleIamV3betaPrincipalAccessBoundaryPolicyDetails", "description": "Optional. The details for the principal access boundary policy." } } }, "GoogleIamV3betaSearchPrincipalAccessBoundaryPolicyBindingsResponse": { "id": "GoogleIamV3betaSearchPrincipalAccessBoundaryPolicyBindingsResponse", "description": "Response message for SearchPrincipalAccessBoundaryPolicyBindings rpc.", "type": "object", "properties": { "policyBindings": { "description": "The policy bindings that reference the specified policy.", "type": "array", "items": { "$ref": "GoogleIamV3betaPolicyBinding" } }, "nextPageToken": { "description": "Optional. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.", "type": "string" } } }, "GoogleIamV3betaListPolicyBindingsResponse": { "id": "GoogleIamV3betaListPolicyBindingsResponse", "description": "Response message for ListPolicyBindings method.", "type": "object", "properties": { "policyBindings": { "description": "The policy bindings from the specified parent.", "type": "array", "items": { "$ref": "GoogleIamV3betaPolicyBinding" } }, "nextPageToken": { "description": "Optional. A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.", "type": "string" } } }, "GoogleIamV3betaOperationMetadata": { "id": "GoogleIamV3betaOperationMetadata", "description": "Represents the metadata of the long-running operation.", "type": "object", "properties": { "endTime": { "description": "Output only. The time the operation finished running.", "readOnly": true, "type": "string", "format": "google-datetime" }, "apiVersion": { "description": "Output only. API version used to start the operation.", "readOnly": true, "type": "string" }, "verb": { "description": "Output only. Name of the verb executed by the operation.", "readOnly": true, "type": "string" }, "statusMessage": { "description": "Output only. Human-readable status of the operation, if any.", "readOnly": true, "type": "string" }, "createTime": { "format": "google-datetime", "description": "Output only. The time the operation was created.", "readOnly": true, "type": "string" }, "target": { "description": "Output only. Server-defined resource path for the target of the", "readOnly": true, "type": "string" }, "requestedCancellation": { "description": "Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have Operation.error value with a google.rpc.Status.code of 1, corresponding to `Code.CANCELLED`.", "readOnly": true, "type": "boolean" } } }, "GoogleIamV3betaPolicyBindingTarget": { "id": "GoogleIamV3betaPolicyBindingTarget", "description": "The full resource name of the resource to which the policy will be bound. Immutable once set.", "type": "object", "properties": { "principalSet": { "description": "Immutable. The full resource name that's used for principal access boundary policy bindings. The principal set must be directly parented by the policy binding's parent or same as the parent if the target is a project, folder, or organization. Examples: * For bindings parented by an organization: * Organization: `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID` * Workforce Identity: `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID` * Workspace Identity: `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID` * For bindings parented by a folder: * Folder: `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID` * For bindings parented by a project: * Project: * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER` * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID` * Workload Identity Pool: `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`", "type": "string" }, "resource": { "description": "Immutable. The full resource name that's used for access policy bindings. Examples: * Organization: `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID` * Folder: `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID` * Project: * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER` * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`", "type": "string" } } } }, "rootUrl": "https://iam.googleapis.com/", "icons": { "x16": "http://www.google.com/images/icons/product/search-16.gif", "x32": "http://www.google.com/images/icons/product/search-32.gif" }, "batchPath": "batch", "canonicalName": "Iam", "baseUrl": "https://iam.googleapis.com/", "ownerName": "Google", "ownerDomain": "google.com", "mtlsRootUrl": "https://iam.mtls.googleapis.com/", "protocol": "rest", "discoveryVersion": "v1", "revision": "20260403", "name": "iam", "version_module": true, "parameters": { "alt": { "enum": [ "json", "media", "proto" ], "enumDescriptions": [ "Responses with Content-Type of application/json", "Media download with context-dependent Content-Type", "Responses with Content-Type of application/x-protobuf" ], "type": "string", "description": "Data format for response.", "location": "query", "default": "json" }, "fields": { "type": "string", "description": "Selector specifying which fields to include in a partial response.", "location": "query" }, "prettyPrint": { "type": "boolean", "description": "Returns response with indentations and line breaks.", "location": "query", "default": "true" }, "uploadType": { "type": "string", "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").", "location": "query" }, "key": { "type": "string", "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", "location": "query" }, "oauth_token": { "type": "string", "description": "OAuth 2.0 token for the current user.", "location": "query" }, "access_token": { "type": "string", "description": "OAuth access token.", "location": "query" }, "upload_protocol": { "type": "string", "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").", "location": "query" }, "quotaUser": { "type": "string", "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.", "location": "query" }, "callback": { "type": "string", "description": "JSONP", "location": "query" }, "$.xgafv": { "type": "string", "description": "V1 error format.", "location": "query", "enumDescriptions": [ "v1 error format", "v2 error format" ], "enum": [ "1", "2" ] } }, "fullyEncodeReservedExpansion": true, "basePath": "", "documentationLink": "https://cloud.google.com/iam/", "version": "v3beta", "resources": { "folders": { "resources": { "locations": { "resources": { "policyBindings": { "methods": { "delete": { "parameters": { "etag": { "description": "Optional. The etag of the policy binding. If this is provided, it must match the server's etag.", "location": "query", "type": "string" }, "validateOnly": { "description": "Optional. If set, validate the request and preview the deletion, but do not actually post it.", "location": "query", "type": "boolean" }, "name": { "description": "Required. The name of the policy binding to delete. Format: * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}` * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}` * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}` * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`", "location": "path", "required": true, "type": "string", "pattern": "^folders/[^/]+/locations/[^/]+/policyBindings/[^/]+$" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "httpMethod": "DELETE", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "iam.folders.locations.policyBindings.delete", "path": "v3beta/{+name}", "flatPath": "v3beta/folders/{foldersId}/locations/{locationsId}/policyBindings/{policyBindingsId}", "description": "Deletes a policy binding and returns a long-running operation. Callers will need the IAM permissions on both the policy and target. After the binding is deleted, the policy no longer applies to the target." }, "get": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "GET", "id": "iam.folders.locations.policyBindings.get", "path": "v3beta/{+name}", "flatPath": "v3beta/folders/{foldersId}/locations/{locationsId}/policyBindings/{policyBindingsId}", "description": "Gets a policy binding.", "parameters": { "name": { "description": "Required. The name of the policy binding to retrieve. Format: * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}` * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}` * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}` * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`", "location": "path", "required": true, "type": "string", "pattern": "^folders/[^/]+/locations/[^/]+/policyBindings/[^/]+$" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleIamV3betaPolicyBinding" } }, "list": { "id": "iam.folders.locations.policyBindings.list", "path": "v3beta/{+parent}/policyBindings", "flatPath": "v3beta/folders/{foldersId}/locations/{locationsId}/policyBindings", "description": "Lists policy bindings.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "GET", "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleIamV3betaListPolicyBindingsResponse" }, "parameters": { "parent": { "pattern": "^folders/[^/]+/locations/[^/]+$", "description": "Required. The parent resource, which owns the collection of policy bindings. Format: * `projects/{project_id}/locations/{location}` * `projects/{project_number}/locations/{location}` * `folders/{folder_id}/locations/{location}` * `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" }, "pageSize": { "format": "int32", "description": "Optional. The maximum number of policy bindings to return. The service may return fewer than this value. The default value is 50. The maximum value is 1000.", "location": "query", "type": "integer" }, "pageToken": { "description": "Optional. A page token, received from a previous `ListPolicyBindings` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListPolicyBindings` must match the call that provided the page token.", "location": "query", "type": "string" }, "filter": { "description": "Optional. An expression for filtering the results of the request. Filter rules are case insensitive. Some eligible fields for filtering are the following: + `target` + `policy` Some examples of filter queries: * `target:ex*`: The binding target's name starts with \"ex\". * `target:example`: The binding target's name is `example`. * `policy:example`: The binding policy's name is `example`.", "location": "query", "type": "string" } } }, "patch": { "request": { "$ref": "GoogleIamV3betaPolicyBinding" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "PATCH", "id": "iam.folders.locations.policyBindings.patch", "path": "v3beta/{+name}", "flatPath": "v3beta/folders/{foldersId}/locations/{locationsId}/policyBindings/{policyBindingsId}", "description": "Updates a policy binding and returns a long-running operation. Callers will need the IAM permissions on the policy and target in the binding to update. Target and policy are immutable and cannot be updated.", "parameters": { "validateOnly": { "description": "Optional. If set, validate the request and preview the update, but do not actually post it.", "location": "query", "type": "boolean" }, "updateMask": { "description": "Optional. The list of fields to update", "location": "query", "type": "string", "format": "google-fieldmask" }, "name": { "pattern": "^folders/[^/]+/locations/[^/]+/policyBindings/[^/]+$", "description": "Identifier. The name of the policy binding, in the format `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target. Format: * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}` * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}` * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}` * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" } }, "searchTargetPolicyBindings": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "GET", "id": "iam.folders.locations.policyBindings.searchTargetPolicyBindings", "path": "v3beta/{+parent}/policyBindings:searchTargetPolicyBindings", "flatPath": "v3beta/folders/{foldersId}/locations/{locationsId}/policyBindings:searchTargetPolicyBindings", "description": "Search policy bindings by target. Returns all policy binding objects bound directly to target.", "parameters": { "parent": { "description": "Required. The parent resource where this search will be performed. This should be the nearest Resource Manager resource (project, folder, or organization) to the target. Format: * `projects/{project_id}/locations/{location}` * `projects/{project_number}/locations/{location}` * `folders/{folder_id}/locations/{location}` * `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string", "pattern": "^folders/[^/]+/locations/[^/]+$" }, "filter": { "description": "Optional. Filtering currently only supports the kind of policies to return, and must be in the format \"policy_kind={policy_kind}\". If String is empty, bindings bound to all kinds of policies would be returned. The only supported values are the following: * \"policy_kind=PRINCIPAL_ACCESS_BOUNDARY\", * \"policy_kind=ACCESS\"", "location": "query", "type": "string" }, "pageSize": { "description": "Optional. The maximum number of policy bindings to return. The service may return fewer than this value. The default value is 50. The maximum value is 1000.", "location": "query", "type": "integer", "format": "int32" }, "target": { "description": "Required. The target resource, which is bound to the policy in the binding. Format: * `//iam.googleapis.com/locations/global/workforcePools/POOL_ID` * `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID` * `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID` * `//cloudresourcemanager.googleapis.com/projects/{project_number}` * `//cloudresourcemanager.googleapis.com/folders/{folder_id}` * `//cloudresourcemanager.googleapis.com/organizations/{organization_id}`", "location": "query", "type": "string" }, "pageToken": { "description": "Optional. A page token, received from a previous `SearchTargetPolicyBindingsRequest` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `SearchTargetPolicyBindingsRequest` must match the call that provided the page token.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleIamV3betaSearchTargetPolicyBindingsResponse" } }, "create": { "httpMethod": "POST", "request": { "$ref": "GoogleIamV3betaPolicyBinding" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "iam.folders.locations.policyBindings.create", "path": "v3beta/{+parent}/policyBindings", "flatPath": "v3beta/folders/{foldersId}/locations/{locationsId}/policyBindings", "description": "Creates a policy binding and returns a long-running operation. Callers will need the IAM permissions on both the policy and target. After the binding is created, the policy is applied to the target.", "parameters": { "parent": { "description": "Required. The parent resource where this policy binding will be created. The binding parent is the closest Resource Manager resource (project, folder or organization) to the binding target. Format: * `projects/{project_id}/locations/{location}` * `projects/{project_number}/locations/{location}` * `folders/{folder_id}/locations/{location}` * `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string", "pattern": "^folders/[^/]+/locations/[^/]+$" }, "validateOnly": { "description": "Optional. If set, validate the request and preview the creation, but do not actually post it.", "location": "query", "type": "boolean" }, "policyBindingId": { "description": "Required. The ID to use for the policy binding, which will become the final component of the policy binding's resource name. This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /a-z{2,62}/.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleLongrunningOperation" } } } }, "accessPolicies": { "methods": { "delete": { "parameters": { "name": { "description": "Required. The name of the access policy to delete. Format: `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}` `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}` `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`", "location": "path", "required": true, "type": "string", "pattern": "^folders/[^/]+/locations/[^/]+/accessPolicies/[^/]+$" }, "force": { "description": "Optional. If set to true, the request will force the deletion of the Policy even if the Policy references PolicyBindings.", "location": "query", "type": "boolean" }, "validateOnly": { "description": "Optional. If set, validate the request and preview the deletion, but do not actually post it.", "location": "query", "type": "boolean" }, "etag": { "description": "Optional. The etag of the access policy. If this is provided, it must match the server's etag.", "location": "query", "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "DELETE", "id": "iam.folders.locations.accessPolicies.delete", "path": "v3beta/{+name}", "flatPath": "v3beta/folders/{foldersId}/locations/{locationsId}/accessPolicies/{accessPoliciesId}", "description": "Deletes an access policy." }, "searchPolicyBindings": { "parameters": { "pageToken": { "description": "Optional. A page token, received from a previous `SearchAccessPolicyBindingsRequest` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `SearchAccessPolicyBindingsRequest` must match the call that provided the page token.", "location": "query", "type": "string" }, "name": { "description": "Required. The name of the access policy. Format: `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}` `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}`", "location": "path", "required": true, "type": "string", "pattern": "^folders/[^/]+/locations/[^/]+/accessPolicies/[^/]+$" }, "pageSize": { "format": "int32", "description": "Optional. The maximum number of policy bindings to return. The service may return fewer than this value. If unspecified, at most 50 policy bindings will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.", "location": "query", "type": "integer" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleIamV3betaSearchAccessPolicyBindingsResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "GET", "id": "iam.folders.locations.accessPolicies.searchPolicyBindings", "path": "v3beta/{+name}:searchPolicyBindings", "flatPath": "v3beta/folders/{foldersId}/locations/{locationsId}/accessPolicies/{accessPoliciesId}:searchPolicyBindings", "description": "Returns all policy bindings that bind a specific policy if a user has searchPolicyBindings permission on that policy." }, "get": { "parameters": { "name": { "pattern": "^folders/[^/]+/locations/[^/]+/accessPolicies/[^/]+$", "description": "Required. The name of the access policy to retrieve. Format: `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}` `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}` `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleIamV3betaAccessPolicy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "GET", "id": "iam.folders.locations.accessPolicies.get", "path": "v3beta/{+name}", "flatPath": "v3beta/folders/{foldersId}/locations/{locationsId}/accessPolicies/{accessPoliciesId}", "description": "Gets an access policy." }, "list": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "GET", "id": "iam.folders.locations.accessPolicies.list", "path": "v3beta/{+parent}/accessPolicies", "flatPath": "v3beta/folders/{foldersId}/locations/{locationsId}/accessPolicies", "description": "Lists access policies.", "parameters": { "pageSize": { "format": "int32", "description": "Optional. The maximum number of access policies to return. The service may return fewer than this value. If unspecified, at most 50 access policies will be returned. Valid value ranges from 1 to 1000; values above 1000 will be coerced to 1000.", "location": "query", "type": "integer" }, "parent": { "pattern": "^folders/[^/]+/locations/[^/]+$", "description": "Required. The parent resource, which owns the collection of access policy resources. Format: `projects/{project_id}/locations/{location}` `projects/{project_number}/locations/{location}` `folders/{folder_id}/locations/{location}` `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" }, "pageToken": { "description": "Optional. A page token, received from a previous `ListAccessPolicies` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListAccessPolicies` must match the call that provided the page token.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleIamV3betaListAccessPoliciesResponse" } }, "create": { "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleLongrunningOperation" }, "parameters": { "validateOnly": { "description": "Optional. If set, validate the request and preview the creation, but do not actually post it.", "location": "query", "type": "boolean" }, "parent": { "pattern": "^folders/[^/]+/locations/[^/]+$", "description": "Required. The parent resource where this access policy will be created. Format: `projects/{project_id}/locations/{location}` `projects/{project_number}/locations/{location}` `folders/{folder_id}/locations/{location}` `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" }, "accessPolicyId": { "description": "Required. The ID to use for the access policy, which will become the final component of the access policy's resource name. This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /a-z{2,62}/. This value must be unique among all access policies with the same parent.", "location": "query", "type": "string" } }, "id": "iam.folders.locations.accessPolicies.create", "path": "v3beta/{+parent}/accessPolicies", "flatPath": "v3beta/folders/{foldersId}/locations/{locationsId}/accessPolicies", "description": "Creates an access policy, and returns a long running operation.", "request": { "$ref": "GoogleIamV3betaAccessPolicy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "POST" }, "patch": { "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "parameters": { "name": { "description": "Identifier. The resource name of the access policy. The following formats are supported: * `projects/{project_id}/locations/{location}/accessPolicies/{policy_id}` * `projects/{project_number}/locations/{location}/accessPolicies/{policy_id}` * `folders/{folder_id}/locations/{location}/accessPolicies/{policy_id}` * `organizations/{organization_id}/locations/{location}/accessPolicies/{policy_id}`", "location": "path", "required": true, "type": "string", "pattern": "^folders/[^/]+/locations/[^/]+/accessPolicies/[^/]+$" }, "validateOnly": { "description": "Optional. If set, validate the request and preview the update, but do not actually post it.", "location": "query", "type": "boolean" } }, "id": "iam.folders.locations.accessPolicies.patch", "path": "v3beta/{+name}", "flatPath": "v3beta/folders/{foldersId}/locations/{locationsId}/accessPolicies/{accessPoliciesId}", "description": "Updates an access policy.", "request": { "$ref": "GoogleIamV3betaAccessPolicy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "PATCH" } } }, "operations": { "methods": { "get": { "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "parameters": { "name": { "description": "The name of the operation resource.", "location": "path", "required": true, "type": "string", "pattern": "^folders/[^/]+/locations/[^/]+/operations/[^/]+$" } }, "id": "iam.folders.locations.operations.get", "path": "v3beta/{+name}", "flatPath": "v3beta/folders/{foldersId}/locations/{locationsId}/operations/{operationsId}", "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.", "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] } } } } } } }, "projects": { "resources": { "locations": { "resources": { "operations": { "methods": { "get": { "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "parameters": { "name": { "pattern": "^projects/[^/]+/locations/[^/]+/operations/[^/]+$", "description": "The name of the operation resource.", "location": "path", "required": true, "type": "string" } }, "id": "iam.projects.locations.operations.get", "path": "v3beta/{+name}", "flatPath": "v3beta/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}", "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "GET" } } }, "accessPolicies": { "methods": { "create": { "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleLongrunningOperation" }, "parameters": { "validateOnly": { "description": "Optional. If set, validate the request and preview the creation, but do not actually post it.", "location": "query", "type": "boolean" }, "parent": { "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. The parent resource where this access policy will be created. Format: `projects/{project_id}/locations/{location}` `projects/{project_number}/locations/{location}` `folders/{folder_id}/locations/{location}` `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" }, "accessPolicyId": { "description": "Required. The ID to use for the access policy, which will become the final component of the access policy's resource name. This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /a-z{2,62}/. This value must be unique among all access policies with the same parent.", "location": "query", "type": "string" } }, "id": "iam.projects.locations.accessPolicies.create", "path": "v3beta/{+parent}/accessPolicies", "flatPath": "v3beta/projects/{projectsId}/locations/{locationsId}/accessPolicies", "description": "Creates an access policy, and returns a long running operation.", "httpMethod": "POST", "request": { "$ref": "GoogleIamV3betaAccessPolicy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "patch": { "id": "iam.projects.locations.accessPolicies.patch", "path": "v3beta/{+name}", "flatPath": "v3beta/projects/{projectsId}/locations/{locationsId}/accessPolicies/{accessPoliciesId}", "description": "Updates an access policy.", "httpMethod": "PATCH", "request": { "$ref": "GoogleIamV3betaAccessPolicy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "parameters": { "name": { "description": "Identifier. The resource name of the access policy. The following formats are supported: * `projects/{project_id}/locations/{location}/accessPolicies/{policy_id}` * `projects/{project_number}/locations/{location}/accessPolicies/{policy_id}` * `folders/{folder_id}/locations/{location}/accessPolicies/{policy_id}` * `organizations/{organization_id}/locations/{location}/accessPolicies/{policy_id}`", "location": "path", "required": true, "type": "string", "pattern": "^projects/[^/]+/locations/[^/]+/accessPolicies/[^/]+$" }, "validateOnly": { "description": "Optional. If set, validate the request and preview the update, but do not actually post it.", "location": "query", "type": "boolean" } } }, "get": { "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "iam.projects.locations.accessPolicies.get", "path": "v3beta/{+name}", "flatPath": "v3beta/projects/{projectsId}/locations/{locationsId}/accessPolicies/{accessPoliciesId}", "description": "Gets an access policy.", "parameters": { "name": { "description": "Required. The name of the access policy to retrieve. Format: `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}` `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}` `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`", "location": "path", "required": true, "type": "string", "pattern": "^projects/[^/]+/locations/[^/]+/accessPolicies/[^/]+$" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleIamV3betaAccessPolicy" } }, "list": { "id": "iam.projects.locations.accessPolicies.list", "path": "v3beta/{+parent}/accessPolicies", "flatPath": "v3beta/projects/{projectsId}/locations/{locationsId}/accessPolicies", "description": "Lists access policies.", "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleIamV3betaListAccessPoliciesResponse" }, "parameters": { "parent": { "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. The parent resource, which owns the collection of access policy resources. Format: `projects/{project_id}/locations/{location}` `projects/{project_number}/locations/{location}` `folders/{folder_id}/locations/{location}` `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "Optional. The maximum number of access policies to return. The service may return fewer than this value. If unspecified, at most 50 access policies will be returned. Valid value ranges from 1 to 1000; values above 1000 will be coerced to 1000.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "Optional. A page token, received from a previous `ListAccessPolicies` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListAccessPolicies` must match the call that provided the page token.", "location": "query", "type": "string" } } }, "delete": { "parameters": { "etag": { "description": "Optional. The etag of the access policy. If this is provided, it must match the server's etag.", "location": "query", "type": "string" }, "validateOnly": { "description": "Optional. If set, validate the request and preview the deletion, but do not actually post it.", "location": "query", "type": "boolean" }, "name": { "pattern": "^projects/[^/]+/locations/[^/]+/accessPolicies/[^/]+$", "description": "Required. The name of the access policy to delete. Format: `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}` `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}` `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`", "location": "path", "required": true, "type": "string" }, "force": { "description": "Optional. If set to true, the request will force the deletion of the Policy even if the Policy references PolicyBindings.", "location": "query", "type": "boolean" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "httpMethod": "DELETE", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "iam.projects.locations.accessPolicies.delete", "path": "v3beta/{+name}", "flatPath": "v3beta/projects/{projectsId}/locations/{locationsId}/accessPolicies/{accessPoliciesId}", "description": "Deletes an access policy." }, "searchPolicyBindings": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "GET", "id": "iam.projects.locations.accessPolicies.searchPolicyBindings", "path": "v3beta/{+name}:searchPolicyBindings", "flatPath": "v3beta/projects/{projectsId}/locations/{locationsId}/accessPolicies/{accessPoliciesId}:searchPolicyBindings", "description": "Returns all policy bindings that bind a specific policy if a user has searchPolicyBindings permission on that policy.", "parameters": { "pageToken": { "description": "Optional. A page token, received from a previous `SearchAccessPolicyBindingsRequest` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `SearchAccessPolicyBindingsRequest` must match the call that provided the page token.", "location": "query", "type": "string" }, "name": { "description": "Required. The name of the access policy. Format: `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}` `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}`", "location": "path", "required": true, "type": "string", "pattern": "^projects/[^/]+/locations/[^/]+/accessPolicies/[^/]+$" }, "pageSize": { "description": "Optional. The maximum number of policy bindings to return. The service may return fewer than this value. If unspecified, at most 50 policy bindings will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.", "location": "query", "type": "integer", "format": "int32" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleIamV3betaSearchAccessPolicyBindingsResponse" } } } }, "policyBindings": { "methods": { "patch": { "parameters": { "updateMask": { "description": "Optional. The list of fields to update", "location": "query", "type": "string", "format": "google-fieldmask" }, "name": { "description": "Identifier. The name of the policy binding, in the format `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target. Format: * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}` * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}` * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}` * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`", "location": "path", "required": true, "type": "string", "pattern": "^projects/[^/]+/locations/[^/]+/policyBindings/[^/]+$" }, "validateOnly": { "description": "Optional. If set, validate the request and preview the update, but do not actually post it.", "location": "query", "type": "boolean" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "request": { "$ref": "GoogleIamV3betaPolicyBinding" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "PATCH", "id": "iam.projects.locations.policyBindings.patch", "path": "v3beta/{+name}", "flatPath": "v3beta/projects/{projectsId}/locations/{locationsId}/policyBindings/{policyBindingsId}", "description": "Updates a policy binding and returns a long-running operation. Callers will need the IAM permissions on the policy and target in the binding to update. Target and policy are immutable and cannot be updated." }, "searchTargetPolicyBindings": { "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleIamV3betaSearchTargetPolicyBindingsResponse" }, "parameters": { "target": { "description": "Required. The target resource, which is bound to the policy in the binding. Format: * `//iam.googleapis.com/locations/global/workforcePools/POOL_ID` * `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID` * `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID` * `//cloudresourcemanager.googleapis.com/projects/{project_number}` * `//cloudresourcemanager.googleapis.com/folders/{folder_id}` * `//cloudresourcemanager.googleapis.com/organizations/{organization_id}`", "location": "query", "type": "string" }, "pageToken": { "description": "Optional. A page token, received from a previous `SearchTargetPolicyBindingsRequest` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `SearchTargetPolicyBindingsRequest` must match the call that provided the page token.", "location": "query", "type": "string" }, "pageSize": { "description": "Optional. The maximum number of policy bindings to return. The service may return fewer than this value. The default value is 50. The maximum value is 1000.", "location": "query", "type": "integer", "format": "int32" }, "filter": { "description": "Optional. Filtering currently only supports the kind of policies to return, and must be in the format \"policy_kind={policy_kind}\". If String is empty, bindings bound to all kinds of policies would be returned. The only supported values are the following: * \"policy_kind=PRINCIPAL_ACCESS_BOUNDARY\", * \"policy_kind=ACCESS\"", "location": "query", "type": "string" }, "parent": { "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. The parent resource where this search will be performed. This should be the nearest Resource Manager resource (project, folder, or organization) to the target. Format: * `projects/{project_id}/locations/{location}` * `projects/{project_number}/locations/{location}` * `folders/{folder_id}/locations/{location}` * `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" } }, "id": "iam.projects.locations.policyBindings.searchTargetPolicyBindings", "path": "v3beta/{+parent}/policyBindings:searchTargetPolicyBindings", "flatPath": "v3beta/projects/{projectsId}/locations/{locationsId}/policyBindings:searchTargetPolicyBindings", "description": "Search policy bindings by target. Returns all policy binding objects bound directly to target.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "GET" }, "create": { "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleLongrunningOperation" }, "parameters": { "parent": { "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. The parent resource where this policy binding will be created. The binding parent is the closest Resource Manager resource (project, folder or organization) to the binding target. Format: * `projects/{project_id}/locations/{location}` * `projects/{project_number}/locations/{location}` * `folders/{folder_id}/locations/{location}` * `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" }, "policyBindingId": { "description": "Required. The ID to use for the policy binding, which will become the final component of the policy binding's resource name. This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /a-z{2,62}/.", "location": "query", "type": "string" }, "validateOnly": { "description": "Optional. If set, validate the request and preview the creation, but do not actually post it.", "location": "query", "type": "boolean" } }, "id": "iam.projects.locations.policyBindings.create", "path": "v3beta/{+parent}/policyBindings", "flatPath": "v3beta/projects/{projectsId}/locations/{locationsId}/policyBindings", "description": "Creates a policy binding and returns a long-running operation. Callers will need the IAM permissions on both the policy and target. After the binding is created, the policy is applied to the target.", "request": { "$ref": "GoogleIamV3betaPolicyBinding" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "POST" }, "get": { "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "iam.projects.locations.policyBindings.get", "path": "v3beta/{+name}", "flatPath": "v3beta/projects/{projectsId}/locations/{locationsId}/policyBindings/{policyBindingsId}", "description": "Gets a policy binding.", "parameters": { "name": { "description": "Required. The name of the policy binding to retrieve. Format: * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}` * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}` * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}` * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`", "location": "path", "required": true, "type": "string", "pattern": "^projects/[^/]+/locations/[^/]+/policyBindings/[^/]+$" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleIamV3betaPolicyBinding" } }, "list": { "id": "iam.projects.locations.policyBindings.list", "path": "v3beta/{+parent}/policyBindings", "flatPath": "v3beta/projects/{projectsId}/locations/{locationsId}/policyBindings", "description": "Lists policy bindings.", "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleIamV3betaListPolicyBindingsResponse" }, "parameters": { "parent": { "pattern": "^projects/[^/]+/locations/[^/]+$", "description": "Required. The parent resource, which owns the collection of policy bindings. Format: * `projects/{project_id}/locations/{location}` * `projects/{project_number}/locations/{location}` * `folders/{folder_id}/locations/{location}` * `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "Optional. The maximum number of policy bindings to return. The service may return fewer than this value. The default value is 50. The maximum value is 1000.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "Optional. A page token, received from a previous `ListPolicyBindings` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListPolicyBindings` must match the call that provided the page token.", "location": "query", "type": "string" }, "filter": { "description": "Optional. An expression for filtering the results of the request. Filter rules are case insensitive. Some eligible fields for filtering are the following: + `target` + `policy` Some examples of filter queries: * `target:ex*`: The binding target's name starts with \"ex\". * `target:example`: The binding target's name is `example`. * `policy:example`: The binding policy's name is `example`.", "location": "query", "type": "string" } } }, "delete": { "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "parameters": { "validateOnly": { "description": "Optional. If set, validate the request and preview the deletion, but do not actually post it.", "location": "query", "type": "boolean" }, "etag": { "description": "Optional. The etag of the policy binding. If this is provided, it must match the server's etag.", "location": "query", "type": "string" }, "name": { "description": "Required. The name of the policy binding to delete. Format: * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}` * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}` * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}` * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`", "location": "path", "required": true, "type": "string", "pattern": "^projects/[^/]+/locations/[^/]+/policyBindings/[^/]+$" } }, "id": "iam.projects.locations.policyBindings.delete", "path": "v3beta/{+name}", "flatPath": "v3beta/projects/{projectsId}/locations/{locationsId}/policyBindings/{policyBindingsId}", "description": "Deletes a policy binding and returns a long-running operation. Callers will need the IAM permissions on both the policy and target. After the binding is deleted, the policy no longer applies to the target.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "DELETE" } } } } } } }, "organizations": { "resources": { "locations": { "resources": { "policyBindings": { "methods": { "delete": { "parameters": { "name": { "description": "Required. The name of the policy binding to delete. Format: * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}` * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}` * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}` * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`", "location": "path", "required": true, "type": "string", "pattern": "^organizations/[^/]+/locations/[^/]+/policyBindings/[^/]+$" }, "validateOnly": { "description": "Optional. If set, validate the request and preview the deletion, but do not actually post it.", "location": "query", "type": "boolean" }, "etag": { "description": "Optional. The etag of the policy binding. If this is provided, it must match the server's etag.", "location": "query", "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "httpMethod": "DELETE", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "iam.organizations.locations.policyBindings.delete", "path": "v3beta/{+name}", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/policyBindings/{policyBindingsId}", "description": "Deletes a policy binding and returns a long-running operation. Callers will need the IAM permissions on both the policy and target. After the binding is deleted, the policy no longer applies to the target." }, "get": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "GET", "id": "iam.organizations.locations.policyBindings.get", "path": "v3beta/{+name}", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/policyBindings/{policyBindingsId}", "description": "Gets a policy binding.", "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/policyBindings/[^/]+$", "description": "Required. The name of the policy binding to retrieve. Format: * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}` * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}` * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}` * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleIamV3betaPolicyBinding" } }, "list": { "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleIamV3betaListPolicyBindingsResponse" }, "parameters": { "pageSize": { "description": "Optional. The maximum number of policy bindings to return. The service may return fewer than this value. The default value is 50. The maximum value is 1000.", "location": "query", "type": "integer", "format": "int32" }, "parent": { "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. The parent resource, which owns the collection of policy bindings. Format: * `projects/{project_id}/locations/{location}` * `projects/{project_number}/locations/{location}` * `folders/{folder_id}/locations/{location}` * `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" }, "pageToken": { "description": "Optional. A page token, received from a previous `ListPolicyBindings` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListPolicyBindings` must match the call that provided the page token.", "location": "query", "type": "string" }, "filter": { "description": "Optional. An expression for filtering the results of the request. Filter rules are case insensitive. Some eligible fields for filtering are the following: + `target` + `policy` Some examples of filter queries: * `target:ex*`: The binding target's name starts with \"ex\". * `target:example`: The binding target's name is `example`. * `policy:example`: The binding policy's name is `example`.", "location": "query", "type": "string" } }, "id": "iam.organizations.locations.policyBindings.list", "path": "v3beta/{+parent}/policyBindings", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/policyBindings", "description": "Lists policy bindings.", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "GET" }, "patch": { "parameters": { "validateOnly": { "description": "Optional. If set, validate the request and preview the update, but do not actually post it.", "location": "query", "type": "boolean" }, "name": { "description": "Identifier. The name of the policy binding, in the format `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`. The binding parent is the closest Resource Manager resource (project, folder, or organization) to the binding target. Format: * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}` * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}` * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}` * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`", "location": "path", "required": true, "type": "string", "pattern": "^organizations/[^/]+/locations/[^/]+/policyBindings/[^/]+$" }, "updateMask": { "format": "google-fieldmask", "description": "Optional. The list of fields to update", "location": "query", "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "httpMethod": "PATCH", "request": { "$ref": "GoogleIamV3betaPolicyBinding" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "iam.organizations.locations.policyBindings.patch", "path": "v3beta/{+name}", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/policyBindings/{policyBindingsId}", "description": "Updates a policy binding and returns a long-running operation. Callers will need the IAM permissions on the policy and target in the binding to update. Target and policy are immutable and cannot be updated." }, "searchTargetPolicyBindings": { "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "GET", "id": "iam.organizations.locations.policyBindings.searchTargetPolicyBindings", "path": "v3beta/{+parent}/policyBindings:searchTargetPolicyBindings", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/policyBindings:searchTargetPolicyBindings", "description": "Search policy bindings by target. Returns all policy binding objects bound directly to target.", "parameters": { "filter": { "description": "Optional. Filtering currently only supports the kind of policies to return, and must be in the format \"policy_kind={policy_kind}\". If String is empty, bindings bound to all kinds of policies would be returned. The only supported values are the following: * \"policy_kind=PRINCIPAL_ACCESS_BOUNDARY\", * \"policy_kind=ACCESS\"", "location": "query", "type": "string" }, "parent": { "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. The parent resource where this search will be performed. This should be the nearest Resource Manager resource (project, folder, or organization) to the target. Format: * `projects/{project_id}/locations/{location}` * `projects/{project_number}/locations/{location}` * `folders/{folder_id}/locations/{location}` * `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" }, "target": { "description": "Required. The target resource, which is bound to the policy in the binding. Format: * `//iam.googleapis.com/locations/global/workforcePools/POOL_ID` * `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID` * `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID` * `//cloudresourcemanager.googleapis.com/projects/{project_number}` * `//cloudresourcemanager.googleapis.com/folders/{folder_id}` * `//cloudresourcemanager.googleapis.com/organizations/{organization_id}`", "location": "query", "type": "string" }, "pageToken": { "description": "Optional. A page token, received from a previous `SearchTargetPolicyBindingsRequest` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `SearchTargetPolicyBindingsRequest` must match the call that provided the page token.", "location": "query", "type": "string" }, "pageSize": { "description": "Optional. The maximum number of policy bindings to return. The service may return fewer than this value. The default value is 50. The maximum value is 1000.", "location": "query", "type": "integer", "format": "int32" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleIamV3betaSearchTargetPolicyBindingsResponse" } }, "create": { "id": "iam.organizations.locations.policyBindings.create", "path": "v3beta/{+parent}/policyBindings", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/policyBindings", "description": "Creates a policy binding and returns a long-running operation. Callers will need the IAM permissions on both the policy and target. After the binding is created, the policy is applied to the target.", "httpMethod": "POST", "request": { "$ref": "GoogleIamV3betaPolicyBinding" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleLongrunningOperation" }, "parameters": { "parent": { "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. The parent resource where this policy binding will be created. The binding parent is the closest Resource Manager resource (project, folder or organization) to the binding target. Format: * `projects/{project_id}/locations/{location}` * `projects/{project_number}/locations/{location}` * `folders/{folder_id}/locations/{location}` * `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" }, "policyBindingId": { "description": "Required. The ID to use for the policy binding, which will become the final component of the policy binding's resource name. This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /a-z{2,62}/.", "location": "query", "type": "string" }, "validateOnly": { "description": "Optional. If set, validate the request and preview the creation, but do not actually post it.", "location": "query", "type": "boolean" } } } } }, "accessPolicies": { "methods": { "create": { "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleLongrunningOperation" }, "parameters": { "validateOnly": { "description": "Optional. If set, validate the request and preview the creation, but do not actually post it.", "location": "query", "type": "boolean" }, "parent": { "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. The parent resource where this access policy will be created. Format: `projects/{project_id}/locations/{location}` `projects/{project_number}/locations/{location}` `folders/{folder_id}/locations/{location}` `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" }, "accessPolicyId": { "description": "Required. The ID to use for the access policy, which will become the final component of the access policy's resource name. This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /a-z{2,62}/. This value must be unique among all access policies with the same parent.", "location": "query", "type": "string" } }, "id": "iam.organizations.locations.accessPolicies.create", "path": "v3beta/{+parent}/accessPolicies", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/accessPolicies", "description": "Creates an access policy, and returns a long running operation.", "httpMethod": "POST", "request": { "$ref": "GoogleIamV3betaAccessPolicy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "patch": { "httpMethod": "PATCH", "request": { "$ref": "GoogleIamV3betaAccessPolicy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "iam.organizations.locations.accessPolicies.patch", "path": "v3beta/{+name}", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/accessPolicies/{accessPoliciesId}", "description": "Updates an access policy.", "parameters": { "name": { "description": "Identifier. The resource name of the access policy. The following formats are supported: * `projects/{project_id}/locations/{location}/accessPolicies/{policy_id}` * `projects/{project_number}/locations/{location}/accessPolicies/{policy_id}` * `folders/{folder_id}/locations/{location}/accessPolicies/{policy_id}` * `organizations/{organization_id}/locations/{location}/accessPolicies/{policy_id}`", "location": "path", "required": true, "type": "string", "pattern": "^organizations/[^/]+/locations/[^/]+/accessPolicies/[^/]+$" }, "validateOnly": { "description": "Optional. If set, validate the request and preview the update, but do not actually post it.", "location": "query", "type": "boolean" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" } }, "get": { "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/accessPolicies/[^/]+$", "description": "Required. The name of the access policy to retrieve. Format: `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}` `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}` `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleIamV3betaAccessPolicy" }, "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "iam.organizations.locations.accessPolicies.get", "path": "v3beta/{+name}", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/accessPolicies/{accessPoliciesId}", "description": "Gets an access policy." }, "list": { "parameters": { "pageToken": { "description": "Optional. A page token, received from a previous `ListAccessPolicies` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListAccessPolicies` must match the call that provided the page token.", "location": "query", "type": "string" }, "pageSize": { "format": "int32", "description": "Optional. The maximum number of access policies to return. The service may return fewer than this value. If unspecified, at most 50 access policies will be returned. Valid value ranges from 1 to 1000; values above 1000 will be coerced to 1000.", "location": "query", "type": "integer" }, "parent": { "description": "Required. The parent resource, which owns the collection of access policy resources. Format: `projects/{project_id}/locations/{location}` `projects/{project_number}/locations/{location}` `folders/{folder_id}/locations/{location}` `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string", "pattern": "^organizations/[^/]+/locations/[^/]+$" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleIamV3betaListAccessPoliciesResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "GET", "id": "iam.organizations.locations.accessPolicies.list", "path": "v3beta/{+parent}/accessPolicies", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/accessPolicies", "description": "Lists access policies." }, "delete": { "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "parameters": { "etag": { "description": "Optional. The etag of the access policy. If this is provided, it must match the server's etag.", "location": "query", "type": "string" }, "validateOnly": { "description": "Optional. If set, validate the request and preview the deletion, but do not actually post it.", "location": "query", "type": "boolean" }, "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/accessPolicies/[^/]+$", "description": "Required. The name of the access policy to delete. Format: `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}` `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}` `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}`", "location": "path", "required": true, "type": "string" }, "force": { "description": "Optional. If set to true, the request will force the deletion of the Policy even if the Policy references PolicyBindings.", "location": "query", "type": "boolean" } }, "id": "iam.organizations.locations.accessPolicies.delete", "path": "v3beta/{+name}", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/accessPolicies/{accessPoliciesId}", "description": "Deletes an access policy.", "httpMethod": "DELETE", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "searchPolicyBindings": { "id": "iam.organizations.locations.accessPolicies.searchPolicyBindings", "path": "v3beta/{+name}:searchPolicyBindings", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/accessPolicies/{accessPoliciesId}:searchPolicyBindings", "description": "Returns all policy bindings that bind a specific policy if a user has searchPolicyBindings permission on that policy.", "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameterOrder": [ "name" ], "response": { "$ref": "GoogleIamV3betaSearchAccessPolicyBindingsResponse" }, "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/accessPolicies/[^/]+$", "description": "Required. The name of the access policy. Format: `organizations/{organization_id}/locations/{location}/accessPolicies/{access_policy_id}` `folders/{folder_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_id}/locations/{location}/accessPolicies/{access_policy_id}` `projects/{project_number}/locations/{location}/accessPolicies/{access_policy_id}`", "location": "path", "required": true, "type": "string" }, "pageSize": { "description": "Optional. The maximum number of policy bindings to return. The service may return fewer than this value. If unspecified, at most 50 policy bindings will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.", "location": "query", "type": "integer", "format": "int32" }, "pageToken": { "description": "Optional. A page token, received from a previous `SearchAccessPolicyBindingsRequest` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `SearchAccessPolicyBindingsRequest` must match the call that provided the page token.", "location": "query", "type": "string" } } } } }, "principalAccessBoundaryPolicies": { "methods": { "patch": { "request": { "$ref": "GoogleIamV3betaPrincipalAccessBoundaryPolicy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "PATCH", "id": "iam.organizations.locations.principalAccessBoundaryPolicies.patch", "path": "v3beta/{+name}", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/principalAccessBoundaryPolicies/{principalAccessBoundaryPoliciesId}", "description": "Updates a principal access boundary policy.", "parameters": { "validateOnly": { "description": "Optional. If set, validate the request and preview the update, but do not actually post it.", "location": "query", "type": "boolean" }, "updateMask": { "format": "google-fieldmask", "description": "Optional. The list of fields to update", "location": "query", "type": "string" }, "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/principalAccessBoundaryPolicies/[^/]+$", "description": "Identifier. The resource name of the principal access boundary policy. The following format is supported: `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id}`", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" } }, "create": { "request": { "$ref": "GoogleIamV3betaPrincipalAccessBoundaryPolicy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "httpMethod": "POST", "id": "iam.organizations.locations.principalAccessBoundaryPolicies.create", "path": "v3beta/{+parent}/principalAccessBoundaryPolicies", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/principalAccessBoundaryPolicies", "description": "Creates a principal access boundary policy, and returns a long running operation.", "parameters": { "validateOnly": { "description": "Optional. If set, validate the request and preview the creation, but do not actually post it.", "location": "query", "type": "boolean" }, "principalAccessBoundaryPolicyId": { "description": "Required. The ID to use for the principal access boundary policy, which will become the final component of the principal access boundary policy's resource name. This value must start with a lowercase letter followed by up to 62 lowercase letters, numbers, hyphens, or dots. Pattern, /a-z{2,62}/.", "location": "query", "type": "string" }, "parent": { "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. The parent resource where this principal access boundary policy will be created. Only organizations are supported. Format: `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleLongrunningOperation" } }, "delete": { "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "parameters": { "validateOnly": { "description": "Optional. If set, validate the request and preview the deletion, but do not actually post it.", "location": "query", "type": "boolean" }, "etag": { "description": "Optional. The etag of the principal access boundary policy. If this is provided, it must match the server's etag.", "location": "query", "type": "string" }, "name": { "description": "Required. The name of the principal access boundary policy to delete. Format: `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}`", "location": "path", "required": true, "type": "string", "pattern": "^organizations/[^/]+/locations/[^/]+/principalAccessBoundaryPolicies/[^/]+$" }, "force": { "description": "Optional. If set to true, the request will force the deletion of the policy even if the policy is referenced in policy bindings.", "location": "query", "type": "boolean" } }, "id": "iam.organizations.locations.principalAccessBoundaryPolicies.delete", "path": "v3beta/{+name}", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/principalAccessBoundaryPolicies/{principalAccessBoundaryPoliciesId}", "description": "Deletes a principal access boundary policy.", "httpMethod": "DELETE", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "searchPolicyBindings": { "id": "iam.organizations.locations.principalAccessBoundaryPolicies.searchPolicyBindings", "path": "v3beta/{+name}:searchPolicyBindings", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/principalAccessBoundaryPolicies/{principalAccessBoundaryPoliciesId}:searchPolicyBindings", "description": "Returns all policy bindings that bind a specific policy if a user has searchPolicyBindings permission on that policy.", "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameterOrder": [ "name" ], "response": { "$ref": "GoogleIamV3betaSearchPrincipalAccessBoundaryPolicyBindingsResponse" }, "parameters": { "pageToken": { "description": "Optional. A page token, received from a previous `SearchPrincipalAccessBoundaryPolicyBindingsRequest` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `SearchPrincipalAccessBoundaryPolicyBindingsRequest` must match the call that provided the page token.", "location": "query", "type": "string" }, "name": { "description": "Required. The name of the principal access boundary policy. Format: `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}`", "location": "path", "required": true, "type": "string", "pattern": "^organizations/[^/]+/locations/[^/]+/principalAccessBoundaryPolicies/[^/]+$" }, "pageSize": { "description": "Optional. The maximum number of policy bindings to return. The service may return fewer than this value. If unspecified, at most 50 policy bindings will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.", "location": "query", "type": "integer", "format": "int32" } } }, "get": { "id": "iam.organizations.locations.principalAccessBoundaryPolicies.get", "path": "v3beta/{+name}", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/principalAccessBoundaryPolicies/{principalAccessBoundaryPoliciesId}", "description": "Gets a principal access boundary policy.", "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameterOrder": [ "name" ], "response": { "$ref": "GoogleIamV3betaPrincipalAccessBoundaryPolicy" }, "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/principalAccessBoundaryPolicies/[^/]+$", "description": "Required. The name of the principal access boundary policy to retrieve. Format: `organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{principal_access_boundary_policy_id}`", "location": "path", "required": true, "type": "string" } } }, "list": { "parameters": { "pageSize": { "format": "int32", "description": "Optional. The maximum number of principal access boundary policies to return. The service may return fewer than this value. If unspecified, at most 50 principal access boundary policies will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.", "location": "query", "type": "integer" }, "parent": { "pattern": "^organizations/[^/]+/locations/[^/]+$", "description": "Required. The parent resource, which owns the collection of principal access boundary policies. Format: `organizations/{organization_id}/locations/{location}`", "location": "path", "required": true, "type": "string" }, "pageToken": { "description": "Optional. A page token, received from a previous `ListPrincipalAccessBoundaryPolicies` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListPrincipalAccessBoundaryPolicies` must match the call that provided the page token.", "location": "query", "type": "string" } }, "parameterOrder": [ "parent" ], "response": { "$ref": "GoogleIamV3betaListPrincipalAccessBoundaryPoliciesResponse" }, "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "id": "iam.organizations.locations.principalAccessBoundaryPolicies.list", "path": "v3beta/{+parent}/principalAccessBoundaryPolicies", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/principalAccessBoundaryPolicies", "description": "Lists principal access boundary policies." } } }, "operations": { "methods": { "get": { "id": "iam.organizations.locations.operations.get", "path": "v3beta/{+name}", "flatPath": "v3beta/organizations/{organizationsId}/locations/{locationsId}/operations/{operationsId}", "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.", "httpMethod": "GET", "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ], "parameterOrder": [ "name" ], "response": { "$ref": "GoogleLongrunningOperation" }, "parameters": { "name": { "pattern": "^organizations/[^/]+/locations/[^/]+/operations/[^/]+$", "description": "The name of the operation resource.", "location": "path", "required": true, "type": "string" } } } } } } } } } }, "description": "Manages identity and access control for Google Cloud resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. Enabling this API also enables the IAM Service Account Credentials API (iamcredentials.googleapis.com). However, disabling this API doesn't disable the IAM Service Account Credentials API. ", "id": "iam:v3beta", "kind": "discovery#restDescription", "title": "Identity and Access Management (IAM) API", "servicePath": "", "auth": { "oauth2": { "scopes": { "https://www.googleapis.com/auth/cloud-platform": { "description": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account." } } } } }