OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-02-23 15:49:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a20241b2412723b0062d1c19a8ec792837b145a4
google-apis-rs/google_accesscontextmanager1_cli/access-policies_service-perimeters-create/index.html
Sebastian Thiel a20241b241 Update documentation
2022-03-08 15:36:16 +08:00

526 lines
22 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Service Perimeters Create - Access Context Manager v3.0.0+20220301</title>
<link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="../css/theme.css" type="text/css" />
<link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
<link rel="stylesheet" href="../css/highlight.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js"></script>
<script type="text/javascript" src="../js/highlight.pack.js"></script>
<script src="../js/theme.js"></script>
<style>
body {font-size: 90%;}
pre, code {font-size: 100%;}
h3, h4, h5, h6 {color: #2980b9; font-weight: 300}
</style>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
<div class="wy-side-nav-search">
<a href=".." class="icon icon-home"> Access Context Manager v3.0.0+20220301</a>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<ul class="current">
<span>Access Policies</span>
<li class="toctree-l1 ">
<a class="" href="../access-policies_access-levels-create">Access Levels Create</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_access-levels-delete">Access Levels Delete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_access-levels-get">Access Levels Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_access-levels-list">Access Levels List</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_access-levels-patch">Access Levels Patch</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_access-levels-replace-all">Access Levels Replace All</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_access-levels-test-iam-permissions">Access Levels Test Iam Permissions</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_create">Create</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_delete">Delete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_get">Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_get-iam-policy">Get Iam Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_list">List</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_patch">Patch</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_service-perimeters-commit">Service Perimeters Commit</a>
</li>
<li class="toctree-l1 current">
<a class="current" href=".">Service Perimeters Create</a>
<ul>
<li class="toctree-l2"><a href="#scopes">Scopes</a></li>
<li class="toctree-l2"><a href="#required-scalar-argument">Required Scalar Argument</a></li>
<li class="toctree-l2"><a href="#required-request-value">Required Request Value</a></li>
<li><a class="toctree-l3" href="#about-cursors">About Cursors</a></li>
<li class="toctree-l2"><a href="#optional-output-flags">Optional Output Flags</a></li>
<li class="toctree-l2"><a href="#optional-general-properties">Optional General Properties</a></li>
</ul>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_service-perimeters-delete">Service Perimeters Delete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_service-perimeters-get">Service Perimeters Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_service-perimeters-list">Service Perimeters List</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_service-perimeters-patch">Service Perimeters Patch</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_service-perimeters-replace-all">Service Perimeters Replace All</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_service-perimeters-test-iam-permissions">Service Perimeters Test Iam Permissions</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_set-iam-policy">Set Iam Policy</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../access-policies_test-iam-permissions">Test Iam Permissions</a>
</li>
<span>Operations</span>
<li class="toctree-l1 ">
<a class="" href="../operations_cancel">Cancel</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../operations_delete">Delete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../operations_get">Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../operations_list">List</a>
</li>
<span>Organizations</span>
<li class="toctree-l1 ">
<a class="" href="../organizations_gcp-user-access-bindings-create">Gcp User Access Bindings Create</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_gcp-user-access-bindings-delete">Gcp User Access Bindings Delete</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_gcp-user-access-bindings-get">Gcp User Access Bindings Get</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_gcp-user-access-bindings-list">Gcp User Access Bindings List</a>
</li>
<li class="toctree-l1 ">
<a class="" href="../organizations_gcp-user-access-bindings-patch">Gcp User Access Bindings Patch</a>
</li>
</ul>
</div>
&nbsp;
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="icon icon-reorder"></i>
<a href=".."></a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="..">Docs</a> &raquo;</li>
<li>Service Perimeters Create</li>
<li class="wy-breadcrumbs-aside">
<a href="https://github.com/Byron/google-apis-rs/tree/main/gen/accesscontextmanager1-cli" class="icon icon-github"> Edit on GitHub</a>
</li>
</ul>
<hr/>
</div>
<div role="main">
<div class="section">
<p>Creates a service perimeter. The long-running operation from this RPC has a successful status after the service perimeter propagates to long-lasting storage. If a service perimeter contains errors, an error response is returned for the first error encountered.</p>
<h1 id="scopes">Scopes</h1>
<p>You will need authorization for the <em>https://www.googleapis.com/auth/cloud-platform</em> scope to make a valid call.</p>
<p>If unset, the scope for this method defaults to <em>https://www.googleapis.com/auth/cloud-platform</em>.
You can set the scope for this method like this: <code>accesscontextmanager1 --scope &lt;scope&gt; access-policies service-perimeters-create ...</code></p>
<h1 id="required-scalar-argument">Required Scalar Argument</h1>
<ul>
<li><strong>&lt;parent&gt;</strong> <em>(string)</em><ul>
<li>Required. Resource name for the access policy which owns this Service Perimeter. Format: <code>accessPolicies/{policy_id}</code></li>
</ul>
</li>
</ul>
<h1 id="required-request-value">Required Request Value</h1>
<p>The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure.
In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely.</p>
<p>For example, a structure like this:</p>
<pre><code>ServicePerimeter:
description: string
name: string
perimeter-type: string
spec:
access-levels: [string]
resources: [string]
restricted-services: [string]
vpc-accessible-services:
allowed-services: [string]
enable-restriction: boolean
status:
access-levels: [string]
resources: [string]
restricted-services: [string]
vpc-accessible-services:
allowed-services: [string]
enable-restriction: boolean
title: string
use-explicit-dry-run-spec: boolean
</code></pre>
<p>can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.</p>
<ul>
<li><code>-r . description=ipsum</code><ul>
<li>Description of the <code>ServicePerimeter</code> and its use. Does not affect behavior.</li>
</ul>
</li>
<li><code>name=est</code><ul>
<li>Required. Resource name for the ServicePerimeter. The <code>short_name</code> component must begin with a letter and only include alphanumeric and &#39;_&#39;. Format: <code>accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}</code></li>
</ul>
</li>
<li><code>perimeter-type=gubergren</code><ul>
<li>Perimeter type indicator. A single project is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.</li>
</ul>
</li>
<li><code>spec access-levels=ea</code><ul>
<li>A list of <code>AccessLevel</code> resource names that allow resources within the <code>ServicePerimeter</code> to be accessed from the internet. <code>AccessLevels</code> listed must be in the same policy as this <code>ServicePerimeter</code>. Referencing a nonexistent <code>AccessLevel</code> is a syntax error. If no <code>AccessLevel</code> names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: <code>&amp;#34;accessPolicies/MY_POLICY/accessLevels/MY_LEVEL&amp;#34;</code>. For Service Perimeter Bridge, must be empty.</li>
<li>Each invocation of this argument appends the given value to the array.</li>
</ul>
</li>
<li><code>resources=dolor</code><ul>
<li>A list of Google Cloud resources that are inside of the service perimeter. Currently only projects are allowed. Format: <code>projects/{project_number}</code></li>
<li>Each invocation of this argument appends the given value to the array.</li>
</ul>
</li>
<li><code>restricted-services=lorem</code><ul>
<li>Google Cloud services that are subject to the Service Perimeter restrictions. For example, if <code>storage.googleapis.com</code> is specified, access to the storage buckets inside the perimeter must meet the perimeter&#39;s access restrictions.</li>
<li>Each invocation of this argument appends the given value to the array.</li>
</ul>
</li>
<li><code>vpc-accessible-services allowed-services=eos</code><ul>
<li>The list of APIs usable within the Service Perimeter. Must be empty unless &#39;enable_restriction&#39; is True. You can specify a list of individual services, as well as include the &#39;RESTRICTED-SERVICES&#39; value, which automatically includes all of the services protected by the perimeter.</li>
<li>Each invocation of this argument appends the given value to the array.</li>
</ul>
</li>
<li>
<p><code>enable-restriction=false</code></p>
<ul>
<li>Whether to restrict API calls within the Service Perimeter to the list of APIs specified in &#39;allowed_services&#39;.</li>
</ul>
</li>
<li>
<p><code>...status access-levels=sed</code></p>
<ul>
<li>A list of <code>AccessLevel</code> resource names that allow resources within the <code>ServicePerimeter</code> to be accessed from the internet. <code>AccessLevels</code> listed must be in the same policy as this <code>ServicePerimeter</code>. Referencing a nonexistent <code>AccessLevel</code> is a syntax error. If no <code>AccessLevel</code> names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: <code>&amp;#34;accessPolicies/MY_POLICY/accessLevels/MY_LEVEL&amp;#34;</code>. For Service Perimeter Bridge, must be empty.</li>
<li>Each invocation of this argument appends the given value to the array.</li>
</ul>
</li>
<li><code>resources=duo</code><ul>
<li>A list of Google Cloud resources that are inside of the service perimeter. Currently only projects are allowed. Format: <code>projects/{project_number}</code></li>
<li>Each invocation of this argument appends the given value to the array.</li>
</ul>
</li>
<li><code>restricted-services=sed</code><ul>
<li>Google Cloud services that are subject to the Service Perimeter restrictions. For example, if <code>storage.googleapis.com</code> is specified, access to the storage buckets inside the perimeter must meet the perimeter&#39;s access restrictions.</li>
<li>Each invocation of this argument appends the given value to the array.</li>
</ul>
</li>
<li><code>vpc-accessible-services allowed-services=no</code><ul>
<li>The list of APIs usable within the Service Perimeter. Must be empty unless &#39;enable_restriction&#39; is True. You can specify a list of individual services, as well as include the &#39;RESTRICTED-SERVICES&#39; value, which automatically includes all of the services protected by the perimeter.</li>
<li>Each invocation of this argument appends the given value to the array.</li>
</ul>
</li>
<li>
<p><code>enable-restriction=true</code></p>
<ul>
<li>Whether to restrict API calls within the Service Perimeter to the list of APIs specified in &#39;allowed_services&#39;.</li>
</ul>
</li>
<li>
<p><code>... title=et</code></p>
<ul>
<li>Human readable title. Must be unique within the Policy.</li>
</ul>
</li>
<li><code>use-explicit-dry-run-spec=true</code><ul>
<li>Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration (&#34;spec&#34;) to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config (&#34;status&#34;) without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.</li>
</ul>
</li>
</ul>
<h3 id="about-cursors">About Cursors</h3>
<p>The cursor position is key to comfortably set complex nested structures. The following rules apply:</p>
<ul>
<li>The cursor position is always set relative to the current one, unless the field name starts with the <code>.</code> character. Fields can be nested such as in <code>-r f.s.o</code> .</li>
<li>The cursor position is set relative to the top-level structure if it starts with <code>.</code>, e.g. <code>-r .s.s</code></li>
<li>You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify <code>-r struct.sub_struct=bar</code>.</li>
<li>You can move the cursor one level up by using <code>..</code>. Each additional <code>.</code> moves it up one additional level. E.g. <code>...</code> would go three levels up.</li>
</ul>
<h1 id="optional-output-flags">Optional Output Flags</h1>
<p>The method's return value a JSON encoded structure, which will be written to standard output by default.</p>
<ul>
<li><strong>-o out</strong><ul>
<li><em>out</em> specifies the <em>destination</em> to which to write the server's result to.
It will be a JSON-encoded structure.
The <em>destination</em> may be <code>-</code> to indicate standard output, or a filepath that is to contain the received bytes.
If unset, it defaults to standard output.</li>
</ul>
</li>
</ul>
<h1 id="optional-general-properties">Optional General Properties</h1>
<p>The following properties can configure any call, and are not specific to this method.</p>
<ul>
<li>
<p><strong>-p $-xgafv=string</strong></p>
<ul>
<li>V1 error format.</li>
</ul>
</li>
<li>
<p><strong>-p access-token=string</strong></p>
<ul>
<li>OAuth access token.</li>
</ul>
</li>
<li>
<p><strong>-p alt=string</strong></p>
<ul>
<li>Data format for response.</li>
</ul>
</li>
<li>
<p><strong>-p callback=string</strong></p>
<ul>
<li>JSONP</li>
</ul>
</li>
<li>
<p><strong>-p fields=string</strong></p>
<ul>
<li>Selector specifying which fields to include in a partial response.</li>
</ul>
</li>
<li>
<p><strong>-p key=string</strong></p>
<ul>
<li>API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.</li>
</ul>
</li>
<li>
<p><strong>-p oauth-token=string</strong></p>
<ul>
<li>OAuth 2.0 token for the current user.</li>
</ul>
</li>
<li>
<p><strong>-p pretty-print=boolean</strong></p>
<ul>
<li>Returns response with indentations and line breaks.</li>
</ul>
</li>
<li>
<p><strong>-p quota-user=string</strong></p>
<ul>
<li>Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.</li>
</ul>
</li>
<li>
<p><strong>-p upload-type=string</strong></p>
<ul>
<li>Legacy upload protocol for media (e.g. &#34;media&#34;, &#34;multipart&#34;).</li>
</ul>
</li>
<li>
<p><strong>-p upload-protocol=string</strong></p>
<ul>
<li>Upload protocol for media (e.g. &#34;raw&#34;, &#34;multipart&#34;).</li>
</ul>
</li>
</ul>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="../access-policies_service-perimeters-delete" class="btn btn-neutral float-right" title="Service Perimeters Delete"/>Next <span class="icon icon-circle-arrow-right"></span></a>
<a href="../access-policies_service-perimeters-commit" class="btn btn-neutral" title="Service Perimeters Commit"><span class="icon icon-circle-arrow-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<p>
<!-- Copyright etc -->
</p>
</div>
Built with <a href="http://www.mkdocs.org">MkDocs</a>, using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<div class="rst-versions" role="note" style="cursor: pointer">
<span class="rst-current-version" data-toggle="rst-current-version">
<a class="icon icon-github" style="float: left; color: #fcfcfc"> GitHub</a>
<span><a href="../access-policies_service-perimeters-commit" style="color: #fcfcfc;">&laquo; Previous</a></span>
<span style="margin-left: 15px"><a href="../access-policies_service-perimeters-delete" style="color: #fcfcfc">Next &raquo;</a></span>
</span>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink