AuthorizationPolicy is a resource that specifies how a server should authorize incoming connections. This resource in itself does not change the configuration unless it’s attached to a target https proxy or endpoint config selector resource.
The request message for Operations.CancelOperation.
Specification of a TLS certificate provider instance. Workloads may have one or more CertificateProvider instances (plugins) and one of them is enabled and configured by specifying this message. Workloads use the values from this message to locate and load the CertificateProvider instance configuration.
ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
Specification of traffic destination attributes.
A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: “Summary size limit” description: “Determines if a summary is less than 100 chars” expression: “document.summary.size() < 100” Example (Equality): title: “Requestor is owner” description: “Determines if requestor is the document owner” expression: “document.owner == request.auth.claims.email” Example (Logic): title: “Public documents” description: “Determine whether the document should be publicly visible” expression: “document.type != ‘private’ && document.type != ‘internal’” Example (Data Manipulation): title: “Notification string” description: “Create a notification string with a timestamp.” expression: “’New message received at ’ + string(document.create_time)” The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
Specification of certificate provider. Defines the mechanism to obtain the certificate and private key for peer to peer authentication.
Specification of the GRPC Endpoint.
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { “audit_configs”: [ { “service”: “allServices”, “audit_log_configs”: [ { “log_type”: “DATA_READ”, “exempted_members”: [ “user:jose@example.com” ] }, { “log_type”: “DATA_WRITE” }, { “log_type”: “ADMIN_READ” } ] }, { “service”: “sampleservice.googleapis.com”, “audit_log_configs”: [ { “log_type”: “DATA_READ” }, { “log_type”: “DATA_WRITE”, “exempted_members”: [ “user:aliya@example.com” ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.
Provides the configuration for logging a type of permissions. Example: { “audit_log_configs”: [ { “log_type”: “DATA_READ”, “exempted_members”: [ “user:jose@example.com” ] }, { “log_type”: “DATA_WRITE” } ] } This enables ‘DATA_READ’ and ‘DATA_WRITE’ logging, while exempting jose@example.com from DATA_READ logging.
Associates members, or principals, with a role.
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A
Policy is a collection of
bindings. A
binding binds one or more
members, or principals, to a single
role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A
role is a named list of permissions; each
role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a
binding can also specify a
condition, which is a logical expression that allows access to a resource only if the expression evaluates to
true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the
IAM documentation.
JSON example: { “bindings”: [ { “role”: “roles/resourcemanager.organizationAdmin”, “members”: [ “user:mike@example.com”, “group:admins@example.com”, “domain:google.com”, “serviceAccount:my-project-id@appspot.gserviceaccount.com” ] }, { “role”: “roles/resourcemanager.organizationViewer”, “members”: [ “user:eve@example.com” ], “condition”: { “title”: “expirable access”, “description”: “Does not grant access after Sep 2020”, “expression”: “request.time < timestamp(‘2020-10-01T00:00:00.000Z’)”, } } ], “etag”: “BwWWja0YfJA=”, “version”: 3 }
YAML example: bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp(‘2020-10-01T00:00:00.000Z’) etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the
IAM documentation.
Request message for SetIamPolicy method.
Request message for TestIamPermissions method.
Response message for TestIamPermissions method.
Specification of HTTP header match attributes.
Response returned by the ListAuthorizationPolicies method.
Response returned by the ListClientTlsPolicies method.
The response message for Locations.ListLocations.
The response message for Operations.ListOperations.
Response returned by the ListServerTlsPolicies method.
A resource that represents Google Cloud Platform location.
Specification of the MTLSPolicy.
Central instance to access all NetworkSecurity related resource activities
This resource represents a long-running operation that is the result of a network API call.
Creates a new AuthorizationPolicy in a given project and location.
Deletes a single AuthorizationPolicy.
Gets details of a single AuthorizationPolicy.
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
Lists AuthorizationPolicies in a given project and location.
Updates the parameters of a single AuthorizationPolicy.
Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may “fail open” without warning.
Creates a new ClientTlsPolicy in a given project and location.
Deletes a single ClientTlsPolicy.
Gets details of a single ClientTlsPolicy.
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
Lists ClientTlsPolicies in a given project and location.
Updates the parameters of a single ClientTlsPolicy.
Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may “fail open” without warning.
Gets information about a location.
Lists information about the supported locations for this service.
Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn’t support this method, it returns google.rpc.Code.UNIMPLEMENTED. Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to Code.CANCELLED.
Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn’t support this method, it returns google.rpc.Code.UNIMPLEMENTED.
Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.
Lists operations that match the specified filter in the request. If the server doesn’t support this method, it returns UNIMPLEMENTED. NOTE: the name binding allows API services to override the binding to use different resource name schemes, such as users/*/operations. To override the binding, API services can add a binding such as "/v1/{name=users/*}/operations" to their service configuration. For backwards compatibility, the default name includes the operations collection id, however overriding users must ensure the name binding is the parent resource, without the operations collection id.
Creates a new ServerTlsPolicy in a given project and location.
Deletes a single ServerTlsPolicy.
Gets details of a single ServerTlsPolicy.
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
Lists ServerTlsPolicies in a given project and location.
Updates the parameters of a single ServerTlsPolicy.
Sets the access control policy on the specified resource. Replaces any existing policy. Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may “fail open” without warning.
A builder providing access to all methods supported on
project resources.
It is not used directly, but through the
NetworkSecurity hub.
Specification of rules.
ServerTlsPolicy is a resource that specifies how a server should authenticate incoming requests. This resource itself does not affect configuration unless it is attached to a target HTTPS proxy or endpoint config selector resource.
Specification of traffic source attributes.
The
Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by
gRPC. Each
Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the
API Design Guide.
Specification of ValidationCA. Defines the mechanism to obtain the Certificate Authority certificate to validate the peer certificate.