mirror of
https://github.com/OMGeeky/google-apis-rs.git
synced 2026-01-29 13:22:37 +01:00
1 line
300 KiB
JSON
1 line
300 KiB
JSON
{"config":{"indexing":"full","lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"The accesscontextmanager1 command-line interface (CLI) allows to use most features of the Google Access Context Manager service from the comfort of your terminal. By default all output is printed to standard out, but flags can be set to direct it into a file independent of your shell's capabilities. Errors will be printed to standard error, and cause the program's exit code to be non-zero. If data-structures are requested, these will be returned as pretty-printed JSON, to be useful as input to other tools. Everything else about the Access Context Manager API can be found at the official documentation site . Installation and Source Code Install the command-line interface with cargo using: cargo install google-accesscontextmanager1-cli Find the source code on github . Usage This documentation was generated from the Access Context Manager API at revision 20240226 . The CLI is at version 5.0.4 . accesscontextmanager1 [options] access-policies access-levels-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] access-levels-delete <name> [-p <v>]... [-o <out>] access-levels-get <name> [-p <v>]... [-o <out>] access-levels-list <parent> [-p <v>]... [-o <out>] access-levels-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] access-levels-replace-all <parent> (-r <kv>)... [-p <v>]... [-o <out>] access-levels-test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] authorized-orgs-descs-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] authorized-orgs-descs-delete <name> [-p <v>]... [-o <out>] authorized-orgs-descs-get <name> [-p <v>]... [-o <out>] authorized-orgs-descs-list <parent> [-p <v>]... [-o <out>] authorized-orgs-descs-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] create (-r <kv>)... [-p <v>]... [-o <out>] delete <name> [-p <v>]... [-o <out>] get <name> [-p <v>]... [-o <out>] get-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] list [-p <v>]... [-o <out>] patch <name> (-r <kv>)... [-p <v>]... [-o <out>] service-perimeters-commit <parent> (-r <kv>)... [-p <v>]... [-o <out>] service-perimeters-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] service-perimeters-delete <name> [-p <v>]... [-o <out>] service-perimeters-get <name> [-p <v>]... [-o <out>] service-perimeters-list <parent> [-p <v>]... [-o <out>] service-perimeters-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] service-perimeters-replace-all <parent> (-r <kv>)... [-p <v>]... [-o <out>] service-perimeters-test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] set-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] operations cancel <name> (-r <kv>)... [-p <v>]... [-o <out>] delete <name> [-p <v>]... [-o <out>] get <name> [-p <v>]... [-o <out>] list <name> [-p <v>]... [-o <out>] organizations gcp-user-access-bindings-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] gcp-user-access-bindings-delete <name> [-p <v>]... [-o <out>] gcp-user-access-bindings-get <name> [-p <v>]... [-o <out>] gcp-user-access-bindings-list <parent> [-p <v>]... [-o <out>] gcp-user-access-bindings-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] services get <name> [-p <v>]... [-o <out>] list [-p <v>]... [-o <out>] accesscontextmanager1 --help Configuration: [--scope <url>]... Specify the authentication a method should be executed in. Each scope requires the user to grant this application permission to use it. If unset, it defaults to the shortest scope url for a particular method. --config-dir <folder> A directory into which we will store our persistent data. Defaults to a user-writable directory that we will create during the first invocation. [default: ~/.google-service-cli] Configuration The program will store all persistent data in the ~/.google-service-cli directory in JSON files prefixed with accesscontextmanager1- . You can change the directory used to store configuration with the --config-dir flag on a per-invocation basis. More information about the various kinds of persistent data are given in the following paragraphs. Authentication Most APIs require a user to authenticate any request. If this is the case, the scope determines the set of permissions granted. The granularity of these is usually no more than read-only or full-access . If not set, the system will automatically select the smallest feasible scope, e.g. when invoking a method that is read-only, it will ask only for a read-only scope. You may use the --scope flag to specify a scope directly. All applicable scopes are documented in the respective method's CLI documentation. The first time a scope is used, the user is asked for permission. Follow the instructions given by the CLI to grant permissions, or to decline. If a scope was authenticated by the user, the respective information will be stored as JSON in the configuration directory, e.g. ~/.google-service-cli/accesscontextmanager1-token-<scope-hash>.json . No manual management of these tokens is necessary. To revoke granted authentication, please refer to the official documentation . Application Secrets In order to allow any application to use Google services, it will need to be registered using the Google Developer Console . APIs the application may use are then enabled for it one by one. Most APIs can be used for free and have a daily quota. To allow more comfortable usage of the CLI without forcing anyone to register an own application, the CLI comes with a default application secret that is configured accordingly. This also means that heavy usage all around the world may deplete the daily quota. You can workaround this limitation by putting your own secrets file at this location: ~/.google-service-cli/accesscontextmanager1-secret.json , assuming that the required accesscontextmanager API was enabled for it. Such a secret file can be downloaded in the Google Developer Console at APIs & auth -> Credentials -> Download JSON and used as is. Learn more about how to setup Google projects and enable APIs using the official documentation . Debugging Even though the CLI does its best to provide usable error messages, sometimes it might be desirable to know what exactly led to a particular issue. This is done by allowing all client-server communication to be output to standard error as-is . The --debug flag will print errors using the Debug representation to standard error. You may consider redirecting standard error into a file for ease of use, e.g. accesscontextmanager1 --debug <resource> <method> [options] 2>debug.txt .","title":"Home"},{"location":"#installation-and-source-code","text":"Install the command-line interface with cargo using: cargo install google-accesscontextmanager1-cli Find the source code on github .","title":"Installation and Source Code"},{"location":"#usage","text":"This documentation was generated from the Access Context Manager API at revision 20240226 . The CLI is at version 5.0.4 . accesscontextmanager1 [options] access-policies access-levels-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] access-levels-delete <name> [-p <v>]... [-o <out>] access-levels-get <name> [-p <v>]... [-o <out>] access-levels-list <parent> [-p <v>]... [-o <out>] access-levels-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] access-levels-replace-all <parent> (-r <kv>)... [-p <v>]... [-o <out>] access-levels-test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] authorized-orgs-descs-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] authorized-orgs-descs-delete <name> [-p <v>]... [-o <out>] authorized-orgs-descs-get <name> [-p <v>]... [-o <out>] authorized-orgs-descs-list <parent> [-p <v>]... [-o <out>] authorized-orgs-descs-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] create (-r <kv>)... [-p <v>]... [-o <out>] delete <name> [-p <v>]... [-o <out>] get <name> [-p <v>]... [-o <out>] get-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] list [-p <v>]... [-o <out>] patch <name> (-r <kv>)... [-p <v>]... [-o <out>] service-perimeters-commit <parent> (-r <kv>)... [-p <v>]... [-o <out>] service-perimeters-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] service-perimeters-delete <name> [-p <v>]... [-o <out>] service-perimeters-get <name> [-p <v>]... [-o <out>] service-perimeters-list <parent> [-p <v>]... [-o <out>] service-perimeters-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] service-perimeters-replace-all <parent> (-r <kv>)... [-p <v>]... [-o <out>] service-perimeters-test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] set-iam-policy <resource> (-r <kv>)... [-p <v>]... [-o <out>] test-iam-permissions <resource> (-r <kv>)... [-p <v>]... [-o <out>] operations cancel <name> (-r <kv>)... [-p <v>]... [-o <out>] delete <name> [-p <v>]... [-o <out>] get <name> [-p <v>]... [-o <out>] list <name> [-p <v>]... [-o <out>] organizations gcp-user-access-bindings-create <parent> (-r <kv>)... [-p <v>]... [-o <out>] gcp-user-access-bindings-delete <name> [-p <v>]... [-o <out>] gcp-user-access-bindings-get <name> [-p <v>]... [-o <out>] gcp-user-access-bindings-list <parent> [-p <v>]... [-o <out>] gcp-user-access-bindings-patch <name> (-r <kv>)... [-p <v>]... [-o <out>] services get <name> [-p <v>]... [-o <out>] list [-p <v>]... [-o <out>] accesscontextmanager1 --help Configuration: [--scope <url>]... Specify the authentication a method should be executed in. Each scope requires the user to grant this application permission to use it. If unset, it defaults to the shortest scope url for a particular method. --config-dir <folder> A directory into which we will store our persistent data. Defaults to a user-writable directory that we will create during the first invocation. [default: ~/.google-service-cli]","title":"Usage"},{"location":"#configuration","text":"The program will store all persistent data in the ~/.google-service-cli directory in JSON files prefixed with accesscontextmanager1- . You can change the directory used to store configuration with the --config-dir flag on a per-invocation basis. More information about the various kinds of persistent data are given in the following paragraphs.","title":"Configuration"},{"location":"#authentication","text":"Most APIs require a user to authenticate any request. If this is the case, the scope determines the set of permissions granted. The granularity of these is usually no more than read-only or full-access . If not set, the system will automatically select the smallest feasible scope, e.g. when invoking a method that is read-only, it will ask only for a read-only scope. You may use the --scope flag to specify a scope directly. All applicable scopes are documented in the respective method's CLI documentation. The first time a scope is used, the user is asked for permission. Follow the instructions given by the CLI to grant permissions, or to decline. If a scope was authenticated by the user, the respective information will be stored as JSON in the configuration directory, e.g. ~/.google-service-cli/accesscontextmanager1-token-<scope-hash>.json . No manual management of these tokens is necessary. To revoke granted authentication, please refer to the official documentation .","title":"Authentication"},{"location":"#application-secrets","text":"In order to allow any application to use Google services, it will need to be registered using the Google Developer Console . APIs the application may use are then enabled for it one by one. Most APIs can be used for free and have a daily quota. To allow more comfortable usage of the CLI without forcing anyone to register an own application, the CLI comes with a default application secret that is configured accordingly. This also means that heavy usage all around the world may deplete the daily quota. You can workaround this limitation by putting your own secrets file at this location: ~/.google-service-cli/accesscontextmanager1-secret.json , assuming that the required accesscontextmanager API was enabled for it. Such a secret file can be downloaded in the Google Developer Console at APIs & auth -> Credentials -> Download JSON and used as is. Learn more about how to setup Google projects and enable APIs using the official documentation .","title":"Application Secrets"},{"location":"#debugging","text":"Even though the CLI does its best to provide usable error messages, sometimes it might be desirable to know what exactly led to a particular issue. This is done by allowing all client-server communication to be output to standard error as-is . The --debug flag will print errors using the Debug representation to standard error. You may consider redirecting standard error into a file for ease of use, e.g. accesscontextmanager1 --debug <resource> <method> [options] 2>debug.txt .","title":"Debugging"},{"location":"access-policies_access-levels-create/","text":"Creates an access level. The long-running operation from this RPC has a successful status after the access level propagates to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-create ... Required Scalar Argument <parent> (string) Required. Resource name for the access policy which owns this Access Level. Format: accessPolicies/{policy_id} Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: AccessLevel: basic: combining-function: string custom: expr: description: string expression: string location: string title: string description: string name: string title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .basic combining-function=et How the conditions list should be combined to determine if a request is granted this AccessLevel . If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND. ..custom.expr description=magna Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. expression=no Textual representation of an expression in Common Expression Language syntax. location=ipsum Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. title=voluptua. Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. ... description=at Description of the AccessLevel and its use. Does not affect behavior. name=sanctus Resource name for the AccessLevel . Format: accessPolicies/{access_policy}/accessLevels/{access_level} . The access_level component must begin with a letter, followed by alphanumeric characters or _ . Its maximum length is 50 characters. After you create an AccessLevel , you cannot change its name . title=sed Human readable title. Must be unique within the Policy. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Access Levels Create"},{"location":"access-policies_access-levels-create/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-create ...","title":"Scopes"},{"location":"access-policies_access-levels-create/#required-scalar-argument","text":"<parent> (string) Required. Resource name for the access policy which owns this Access Level. Format: accessPolicies/{policy_id}","title":"Required Scalar Argument"},{"location":"access-policies_access-levels-create/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: AccessLevel: basic: combining-function: string custom: expr: description: string expression: string location: string title: string description: string name: string title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .basic combining-function=et How the conditions list should be combined to determine if a request is granted this AccessLevel . If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND. ..custom.expr description=magna Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. expression=no Textual representation of an expression in Common Expression Language syntax. location=ipsum Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. title=voluptua. Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. ... description=at Description of the AccessLevel and its use. Does not affect behavior. name=sanctus Resource name for the AccessLevel . Format: accessPolicies/{access_policy}/accessLevels/{access_level} . The access_level component must begin with a letter, followed by alphanumeric characters or _ . Its maximum length is 50 characters. After you create an AccessLevel , you cannot change its name . title=sed Human readable title. Must be unique within the Policy.","title":"Required Request Value"},{"location":"access-policies_access-levels-create/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_access-levels-create/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_access-levels-create/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_access-levels-delete/","text":"Deletes an access level based on the resource name. The long-running operation from this RPC has a successful status after the access level has been removed from long-lasting storage. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-delete ... Required Scalar Argument <name> (string) Required. Resource name for the Access Level. Format: accessPolicies/{policy_id}/accessLevels/{access_level_id} Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Access Levels Delete"},{"location":"access-policies_access-levels-delete/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-delete ...","title":"Scopes"},{"location":"access-policies_access-levels-delete/#required-scalar-argument","text":"<name> (string) Required. Resource name for the Access Level. Format: accessPolicies/{policy_id}/accessLevels/{access_level_id}","title":"Required Scalar Argument"},{"location":"access-policies_access-levels-delete/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_access-levels-delete/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_access-levels-get/","text":"Gets an access level based on the resource name. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-get ... Required Scalar Argument <name> (string) Required. Resource name for the Access Level. Format: accessPolicies/{policy_id}/accessLevels/{access_level_id} Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p access-level-format=string Whether to return BasicLevels in the Cloud Common Expression Language rather than as BasicLevels . Defaults to AS_DEFINED, where Access Levels are returned as BasicLevels or CustomLevels based on how they were created. If set to CEL, all Access Levels are returned as CustomLevels . In the CEL case, BasicLevels are translated to equivalent CustomLevels . Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Access Levels Get"},{"location":"access-policies_access-levels-get/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-get ...","title":"Scopes"},{"location":"access-policies_access-levels-get/#required-scalar-argument","text":"<name> (string) Required. Resource name for the Access Level. Format: accessPolicies/{policy_id}/accessLevels/{access_level_id}","title":"Required Scalar Argument"},{"location":"access-policies_access-levels-get/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_access-levels-get/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p access-level-format=string Whether to return BasicLevels in the Cloud Common Expression Language rather than as BasicLevels . Defaults to AS_DEFINED, where Access Levels are returned as BasicLevels or CustomLevels based on how they were created. If set to CEL, all Access Levels are returned as CustomLevels . In the CEL case, BasicLevels are translated to equivalent CustomLevels .","title":"Optional Method Properties"},{"location":"access-policies_access-levels-get/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_access-levels-list/","text":"Lists all access levels for an access policy. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-list ... Required Scalar Argument <parent> (string) Required. Resource name for the access policy to list Access Levels from. Format: accessPolicies/{policy_id} Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p access-level-format=string Whether to return BasicLevels in the Cloud Common Expression language, as CustomLevels , rather than as BasicLevels . Defaults to returning AccessLevels in the format they were defined. -p page-size=integer Number of Access Levels to include in the list. Default 100. -p page-token=string Next page token for the next batch of Access Level instances. Defaults to the first page of results. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Access Levels List"},{"location":"access-policies_access-levels-list/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-list ...","title":"Scopes"},{"location":"access-policies_access-levels-list/#required-scalar-argument","text":"<parent> (string) Required. Resource name for the access policy to list Access Levels from. Format: accessPolicies/{policy_id}","title":"Required Scalar Argument"},{"location":"access-policies_access-levels-list/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_access-levels-list/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p access-level-format=string Whether to return BasicLevels in the Cloud Common Expression language, as CustomLevels , rather than as BasicLevels . Defaults to returning AccessLevels in the format they were defined. -p page-size=integer Number of Access Levels to include in the list. Default 100. -p page-token=string Next page token for the next batch of Access Level instances. Defaults to the first page of results.","title":"Optional Method Properties"},{"location":"access-policies_access-levels-list/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_access-levels-patch/","text":"Updates an access level. The long-running operation from this RPC has a successful status after the changes to the access level propagate to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-patch ... Required Scalar Argument <name> (string) Resource name for the AccessLevel . Format: accessPolicies/{access_policy}/accessLevels/{access_level} . The access_level component must begin with a letter, followed by alphanumeric characters or _ . Its maximum length is 50 characters. After you create an AccessLevel , you cannot change its name . Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: AccessLevel: basic: combining-function: string custom: expr: description: string expression: string location: string title: string description: string name: string title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .basic combining-function=amet. How the conditions list should be combined to determine if a request is granted this AccessLevel . If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND. ..custom.expr description=takimata Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. expression=amet. Textual representation of an expression in Common Expression Language syntax. location=duo Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. title=ipsum Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. ... description=gubergren Description of the AccessLevel and its use. Does not affect behavior. name=lorem Resource name for the AccessLevel . Format: accessPolicies/{access_policy}/accessLevels/{access_level} . The access_level component must begin with a letter, followed by alphanumeric characters or _ . Its maximum length is 50 characters. After you create an AccessLevel , you cannot change its name . title=gubergren Human readable title. Must be unique within the Policy. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string Required. Mask to control which fields get updated. Must be non-empty. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Access Levels Patch"},{"location":"access-policies_access-levels-patch/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-patch ...","title":"Scopes"},{"location":"access-policies_access-levels-patch/#required-scalar-argument","text":"<name> (string) Resource name for the AccessLevel . Format: accessPolicies/{access_policy}/accessLevels/{access_level} . The access_level component must begin with a letter, followed by alphanumeric characters or _ . Its maximum length is 50 characters. After you create an AccessLevel , you cannot change its name .","title":"Required Scalar Argument"},{"location":"access-policies_access-levels-patch/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: AccessLevel: basic: combining-function: string custom: expr: description: string expression: string location: string title: string description: string name: string title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .basic combining-function=amet. How the conditions list should be combined to determine if a request is granted this AccessLevel . If AND is used, each Condition in conditions must be satisfied for the AccessLevel to be applied. If OR is used, at least one Condition in conditions must be satisfied for the AccessLevel to be applied. Default behavior is AND. ..custom.expr description=takimata Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. expression=amet. Textual representation of an expression in Common Expression Language syntax. location=duo Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. title=ipsum Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. ... description=gubergren Description of the AccessLevel and its use. Does not affect behavior. name=lorem Resource name for the AccessLevel . Format: accessPolicies/{access_policy}/accessLevels/{access_level} . The access_level component must begin with a letter, followed by alphanumeric characters or _ . Its maximum length is 50 characters. After you create an AccessLevel , you cannot change its name . title=gubergren Human readable title. Must be unique within the Policy.","title":"Required Request Value"},{"location":"access-policies_access-levels-patch/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_access-levels-patch/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_access-levels-patch/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string Required. Mask to control which fields get updated. Must be non-empty.","title":"Optional Method Properties"},{"location":"access-policies_access-levels-patch/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_access-levels-replace-all/","text":"Replaces all existing access levels in an access policy with the access levels provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. If the replacement contains errors, an error response is returned for the first error encountered. Upon error, the replacement is cancelled, and existing access levels are not affected. The Operation.response field contains ReplaceAccessLevelsResponse. Removing access levels contained in existing service perimeters result in an error. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-replace-all ... Required Scalar Argument <parent> (string) Required. Resource name for the access policy which owns these Access Levels. Format: accessPolicies/{policy_id} Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: ReplaceAccessLevelsRequest: etag: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . etag=eos Optional. The etag for the version of the Access Policy that this replace operation is to be performed on. If, at the time of replace, the etag for the Access Policy stored in Access Context Manager is different from the specified etag, then the replace operation will not be performed and the call will fail. This field is not required. If etag is not provided, the operation will be performed as if a valid etag is provided. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Access Levels Replace All"},{"location":"access-policies_access-levels-replace-all/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-replace-all ...","title":"Scopes"},{"location":"access-policies_access-levels-replace-all/#required-scalar-argument","text":"<parent> (string) Required. Resource name for the access policy which owns these Access Levels. Format: accessPolicies/{policy_id}","title":"Required Scalar Argument"},{"location":"access-policies_access-levels-replace-all/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: ReplaceAccessLevelsRequest: etag: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . etag=eos Optional. The etag for the version of the Access Policy that this replace operation is to be performed on. If, at the time of replace, the etag for the Access Policy stored in Access Context Manager is different from the specified etag, then the replace operation will not be performed and the call will fail. This field is not required. If etag is not provided, the operation will be performed as if a valid etag is provided.","title":"Required Request Value"},{"location":"access-policies_access-levels-replace-all/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_access-levels-replace-all/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_access-levels-replace-all/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_access-levels-test-iam-permissions/","text":"Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or ServicePerimeter. This method does not support other resources. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-test-iam-permissions ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=dolor The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Access Levels Test Iam Permissions"},{"location":"access-policies_access-levels-test-iam-permissions/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies access-levels-test-iam-permissions ...","title":"Scopes"},{"location":"access-policies_access-levels-test-iam-permissions/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"access-policies_access-levels-test-iam-permissions/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=dolor The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array.","title":"Required Request Value"},{"location":"access-policies_access-levels-test-iam-permissions/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_access-levels-test-iam-permissions/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_access-levels-test-iam-permissions/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_authorized-orgs-descs-create/","text":"Creates an authorized orgs desc. The long-running operation from this RPC has a successful status after the authorized orgs desc propagates to long-lasting storage. If a authorized orgs desc contains errors, an error response is returned for the first error encountered. The name of this AuthorizedOrgsDesc will be assigned during creation. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies authorized-orgs-descs-create ... Required Scalar Argument <parent> (string) Required. Resource name for the access policy which owns this Authorized Orgs Desc. Format: accessPolicies/{policy_id} Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: AuthorizedOrgsDesc: asset-type: string authorization-direction: string authorization-type: string name: string orgs: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . asset-type=ea The asset type of this authorized orgs desc. Valid values are ASSET_TYPE_DEVICE , and ASSET_TYPE_CREDENTIAL_STRENGTH . authorization-direction=ipsum The direction of the authorization relationship between this organization and the organizations listed in the orgs field. The valid values for this field include the following: AUTHORIZATION_DIRECTION_FROM : Allows this organization to evaluate traffic in the organizations listed in the orgs field. AUTHORIZATION_DIRECTION_TO : Allows the organizations listed in the orgs field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organizations must authorize and specify the appropriate relationship direction. For example, if organization A authorized organization B and C to evaluate its traffic, by specifying AUTHORIZATION_DIRECTION_TO as the authorization direction, organizations B and C must specify AUTHORIZATION_DIRECTION_FROM as the authorization direction in their AuthorizedOrgsDesc resource. authorization-type=invidunt A granular control type for authorization levels. Valid value is AUTHORIZATION_TYPE_TRUST . name=amet Resource name for the AuthorizedOrgsDesc . Format: accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc} . The authorized_orgs_desc component must begin with a letter, followed by alphanumeric characters or _ . After you create an AuthorizedOrgsDesc , you cannot change its name . orgs=duo The list of organization ids in this AuthorizedOrgsDesc. Format: organizations/ Example: organizations/123456 Each invocation of this argument appends the given value to the array. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Authorized Orgs Descs Create"},{"location":"access-policies_authorized-orgs-descs-create/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies authorized-orgs-descs-create ...","title":"Scopes"},{"location":"access-policies_authorized-orgs-descs-create/#required-scalar-argument","text":"<parent> (string) Required. Resource name for the access policy which owns this Authorized Orgs Desc. Format: accessPolicies/{policy_id}","title":"Required Scalar Argument"},{"location":"access-policies_authorized-orgs-descs-create/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: AuthorizedOrgsDesc: asset-type: string authorization-direction: string authorization-type: string name: string orgs: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . asset-type=ea The asset type of this authorized orgs desc. Valid values are ASSET_TYPE_DEVICE , and ASSET_TYPE_CREDENTIAL_STRENGTH . authorization-direction=ipsum The direction of the authorization relationship between this organization and the organizations listed in the orgs field. The valid values for this field include the following: AUTHORIZATION_DIRECTION_FROM : Allows this organization to evaluate traffic in the organizations listed in the orgs field. AUTHORIZATION_DIRECTION_TO : Allows the organizations listed in the orgs field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organizations must authorize and specify the appropriate relationship direction. For example, if organization A authorized organization B and C to evaluate its traffic, by specifying AUTHORIZATION_DIRECTION_TO as the authorization direction, organizations B and C must specify AUTHORIZATION_DIRECTION_FROM as the authorization direction in their AuthorizedOrgsDesc resource. authorization-type=invidunt A granular control type for authorization levels. Valid value is AUTHORIZATION_TYPE_TRUST . name=amet Resource name for the AuthorizedOrgsDesc . Format: accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc} . The authorized_orgs_desc component must begin with a letter, followed by alphanumeric characters or _ . After you create an AuthorizedOrgsDesc , you cannot change its name . orgs=duo The list of organization ids in this AuthorizedOrgsDesc. Format: organizations/ Example: organizations/123456 Each invocation of this argument appends the given value to the array.","title":"Required Request Value"},{"location":"access-policies_authorized-orgs-descs-create/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_authorized-orgs-descs-create/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_authorized-orgs-descs-create/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_authorized-orgs-descs-delete/","text":"Deletes an authorized orgs desc based on the resource name. The long-running operation from this RPC has a successful status after the authorized orgs desc is removed from long-lasting storage. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies authorized-orgs-descs-delete ... Required Scalar Argument <name> (string) Required. Resource name for the Authorized Orgs Desc. Format: accessPolicies/{policy_id}/authorizedOrgsDesc/{authorized_orgs_desc_id} Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Authorized Orgs Descs Delete"},{"location":"access-policies_authorized-orgs-descs-delete/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies authorized-orgs-descs-delete ...","title":"Scopes"},{"location":"access-policies_authorized-orgs-descs-delete/#required-scalar-argument","text":"<name> (string) Required. Resource name for the Authorized Orgs Desc. Format: accessPolicies/{policy_id}/authorizedOrgsDesc/{authorized_orgs_desc_id}","title":"Required Scalar Argument"},{"location":"access-policies_authorized-orgs-descs-delete/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_authorized-orgs-descs-delete/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_authorized-orgs-descs-get/","text":"Gets an authorized orgs desc based on the resource name. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies authorized-orgs-descs-get ... Required Scalar Argument <name> (string) Required. Resource name for the Authorized Orgs Desc. Format: accessPolicies/{policy_id}/authorizedOrgsDescs/{authorized_orgs_descs_id} Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Authorized Orgs Descs Get"},{"location":"access-policies_authorized-orgs-descs-get/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies authorized-orgs-descs-get ...","title":"Scopes"},{"location":"access-policies_authorized-orgs-descs-get/#required-scalar-argument","text":"<name> (string) Required. Resource name for the Authorized Orgs Desc. Format: accessPolicies/{policy_id}/authorizedOrgsDescs/{authorized_orgs_descs_id}","title":"Required Scalar Argument"},{"location":"access-policies_authorized-orgs-descs-get/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_authorized-orgs-descs-get/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_authorized-orgs-descs-list/","text":"Lists all authorized orgs descs for an access policy. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies authorized-orgs-descs-list ... Required Scalar Argument <parent> (string) Required. Resource name for the access policy to list Authorized Orgs Desc from. Format: accessPolicies/{policy_id} Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p page-size=integer Number of Authorized Orgs Descs to include in the list. Default 100. -p page-token=string Next page token for the next batch of Authorized Orgs Desc instances. Defaults to the first page of results. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Authorized Orgs Descs List"},{"location":"access-policies_authorized-orgs-descs-list/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies authorized-orgs-descs-list ...","title":"Scopes"},{"location":"access-policies_authorized-orgs-descs-list/#required-scalar-argument","text":"<parent> (string) Required. Resource name for the access policy to list Authorized Orgs Desc from. Format: accessPolicies/{policy_id}","title":"Required Scalar Argument"},{"location":"access-policies_authorized-orgs-descs-list/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_authorized-orgs-descs-list/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p page-size=integer Number of Authorized Orgs Descs to include in the list. Default 100. -p page-token=string Next page token for the next batch of Authorized Orgs Desc instances. Defaults to the first page of results.","title":"Optional Method Properties"},{"location":"access-policies_authorized-orgs-descs-list/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_authorized-orgs-descs-patch/","text":"Updates an authorized orgs desc. The long-running operation from this RPC has a successful status after the authorized orgs desc propagates to long-lasting storage. If a authorized orgs desc contains errors, an error response is returned for the first error encountered. Only the organization list in AuthorizedOrgsDesc can be updated. The name, authorization_type, asset_type and authorization_direction cannot be updated. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies authorized-orgs-descs-patch ... Required Scalar Argument <name> (string) Resource name for the AuthorizedOrgsDesc . Format: accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc} . The authorized_orgs_desc component must begin with a letter, followed by alphanumeric characters or _ . After you create an AuthorizedOrgsDesc , you cannot change its name . Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: AuthorizedOrgsDesc: asset-type: string authorization-direction: string authorization-type: string name: string orgs: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . asset-type=ipsum The asset type of this authorized orgs desc. Valid values are ASSET_TYPE_DEVICE , and ASSET_TYPE_CREDENTIAL_STRENGTH . authorization-direction=sed The direction of the authorization relationship between this organization and the organizations listed in the orgs field. The valid values for this field include the following: AUTHORIZATION_DIRECTION_FROM : Allows this organization to evaluate traffic in the organizations listed in the orgs field. AUTHORIZATION_DIRECTION_TO : Allows the organizations listed in the orgs field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organizations must authorize and specify the appropriate relationship direction. For example, if organization A authorized organization B and C to evaluate its traffic, by specifying AUTHORIZATION_DIRECTION_TO as the authorization direction, organizations B and C must specify AUTHORIZATION_DIRECTION_FROM as the authorization direction in their AuthorizedOrgsDesc resource. authorization-type=ut A granular control type for authorization levels. Valid value is AUTHORIZATION_TYPE_TRUST . name=gubergren Resource name for the AuthorizedOrgsDesc . Format: accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc} . The authorized_orgs_desc component must begin with a letter, followed by alphanumeric characters or _ . After you create an AuthorizedOrgsDesc , you cannot change its name . orgs=rebum. The list of organization ids in this AuthorizedOrgsDesc. Format: organizations/ Example: organizations/123456 Each invocation of this argument appends the given value to the array. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string Required. Mask to control which fields get updated. Must be non-empty. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Authorized Orgs Descs Patch"},{"location":"access-policies_authorized-orgs-descs-patch/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies authorized-orgs-descs-patch ...","title":"Scopes"},{"location":"access-policies_authorized-orgs-descs-patch/#required-scalar-argument","text":"<name> (string) Resource name for the AuthorizedOrgsDesc . Format: accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc} . The authorized_orgs_desc component must begin with a letter, followed by alphanumeric characters or _ . After you create an AuthorizedOrgsDesc , you cannot change its name .","title":"Required Scalar Argument"},{"location":"access-policies_authorized-orgs-descs-patch/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: AuthorizedOrgsDesc: asset-type: string authorization-direction: string authorization-type: string name: string orgs: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . asset-type=ipsum The asset type of this authorized orgs desc. Valid values are ASSET_TYPE_DEVICE , and ASSET_TYPE_CREDENTIAL_STRENGTH . authorization-direction=sed The direction of the authorization relationship between this organization and the organizations listed in the orgs field. The valid values for this field include the following: AUTHORIZATION_DIRECTION_FROM : Allows this organization to evaluate traffic in the organizations listed in the orgs field. AUTHORIZATION_DIRECTION_TO : Allows the organizations listed in the orgs field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organizations must authorize and specify the appropriate relationship direction. For example, if organization A authorized organization B and C to evaluate its traffic, by specifying AUTHORIZATION_DIRECTION_TO as the authorization direction, organizations B and C must specify AUTHORIZATION_DIRECTION_FROM as the authorization direction in their AuthorizedOrgsDesc resource. authorization-type=ut A granular control type for authorization levels. Valid value is AUTHORIZATION_TYPE_TRUST . name=gubergren Resource name for the AuthorizedOrgsDesc . Format: accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc} . The authorized_orgs_desc component must begin with a letter, followed by alphanumeric characters or _ . After you create an AuthorizedOrgsDesc , you cannot change its name . orgs=rebum. The list of organization ids in this AuthorizedOrgsDesc. Format: organizations/ Example: organizations/123456 Each invocation of this argument appends the given value to the array.","title":"Required Request Value"},{"location":"access-policies_authorized-orgs-descs-patch/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_authorized-orgs-descs-patch/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_authorized-orgs-descs-patch/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string Required. Mask to control which fields get updated. Must be non-empty.","title":"Optional Method Properties"},{"location":"access-policies_authorized-orgs-descs-patch/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_create/","text":"Creates an access policy. This method fails if the organization already has an access policy. The long-running operation has a successful status after the access policy propagates to long-lasting storage. Syntactic and basic semantic errors are returned in metadata as a BadRequest proto. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies create ... Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: AccessPolicy: etag: string name: string parent: string scopes: [string] title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . etag=est Output only. An opaque identifier for the current version of the AccessPolicy . This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format. name=ipsum Output only. Resource name of the AccessPolicy . Format: accessPolicies/{access_policy} parent=ipsum Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id} scopes=est The scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with scopes=["folders/123"] has the following behavior: - ServicePerimeter can only restrict projects within folders/123 . - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes folders/123 will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number} Each invocation of this argument appends the given value to the array. title=gubergren Required. Human readable title. Does not affect behavior. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Create"},{"location":"access-policies_create/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies create ...","title":"Scopes"},{"location":"access-policies_create/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: AccessPolicy: etag: string name: string parent: string scopes: [string] title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . etag=est Output only. An opaque identifier for the current version of the AccessPolicy . This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format. name=ipsum Output only. Resource name of the AccessPolicy . Format: accessPolicies/{access_policy} parent=ipsum Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id} scopes=est The scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with scopes=["folders/123"] has the following behavior: - ServicePerimeter can only restrict projects within folders/123 . - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes folders/123 will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number} Each invocation of this argument appends the given value to the array. title=gubergren Required. Human readable title. Does not affect behavior.","title":"Required Request Value"},{"location":"access-policies_create/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_create/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_create/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_delete/","text":"Deletes an access policy based on the resource name. The long-running operation has a successful status after the access policy is removed from long-lasting storage. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies delete ... Required Scalar Argument <name> (string) Required. Resource name for the access policy to delete. Format accessPolicies/{policy_id} Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Delete"},{"location":"access-policies_delete/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies delete ...","title":"Scopes"},{"location":"access-policies_delete/#required-scalar-argument","text":"<name> (string) Required. Resource name for the access policy to delete. Format accessPolicies/{policy_id}","title":"Required Scalar Argument"},{"location":"access-policies_delete/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_delete/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_get-iam-policy/","text":"Gets the IAM policy for the specified Access Context Manager access policy. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies get-iam-policy ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy is being requested. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GetIamPolicyRequest: options: requested-policy-version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .options requested-policy-version=84 Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the IAM documentation . About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Get Iam Policy"},{"location":"access-policies_get-iam-policy/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies get-iam-policy ...","title":"Scopes"},{"location":"access-policies_get-iam-policy/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy is being requested. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"access-policies_get-iam-policy/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GetIamPolicyRequest: options: requested-policy-version: integer can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .options requested-policy-version=84 Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the IAM documentation .","title":"Required Request Value"},{"location":"access-policies_get-iam-policy/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_get-iam-policy/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_get-iam-policy/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_get/","text":"Returns an access policy based on the name. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies get ... Required Scalar Argument <name> (string) Required. Resource name for the access policy to get. Format accessPolicies/{policy_id} Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Get"},{"location":"access-policies_get/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies get ...","title":"Scopes"},{"location":"access-policies_get/#required-scalar-argument","text":"<name> (string) Required. Resource name for the access policy to get. Format accessPolicies/{policy_id}","title":"Required Scalar Argument"},{"location":"access-policies_get/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_get/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_list/","text":"Lists all access policies in an organization. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies list ... Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p page-size=integer Number of AccessPolicy instances to include in the list. Default 100. -p page-token=string Next page token for the next batch of AccessPolicy instances. Defaults to the first page of results. -p parent=string Required. Resource name for the container to list AccessPolicy instances from. Format: organizations/{org_id} Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"List"},{"location":"access-policies_list/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies list ...","title":"Scopes"},{"location":"access-policies_list/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_list/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p page-size=integer Number of AccessPolicy instances to include in the list. Default 100. -p page-token=string Next page token for the next batch of AccessPolicy instances. Defaults to the first page of results. -p parent=string Required. Resource name for the container to list AccessPolicy instances from. Format: organizations/{org_id}","title":"Optional Method Properties"},{"location":"access-policies_list/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_patch/","text":"Updates an access policy. The long-running operation from this RPC has a successful status after the changes to the access policy propagate to long-lasting storage. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies patch ... Required Scalar Argument <name> (string) Output only. Resource name of the AccessPolicy . Format: accessPolicies/{access_policy} Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: AccessPolicy: etag: string name: string parent: string scopes: [string] title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . etag=dolor Output only. An opaque identifier for the current version of the AccessPolicy . This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format. name=lorem Output only. Resource name of the AccessPolicy . Format: accessPolicies/{access_policy} parent=eos Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id} scopes=labore The scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with scopes=["folders/123"] has the following behavior: - ServicePerimeter can only restrict projects within folders/123 . - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes folders/123 will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number} Each invocation of this argument appends the given value to the array. title=sed Required. Human readable title. Does not affect behavior. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string Required. Mask to control which fields get updated. Must be non-empty. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Patch"},{"location":"access-policies_patch/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies patch ...","title":"Scopes"},{"location":"access-policies_patch/#required-scalar-argument","text":"<name> (string) Output only. Resource name of the AccessPolicy . Format: accessPolicies/{access_policy}","title":"Required Scalar Argument"},{"location":"access-policies_patch/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: AccessPolicy: etag: string name: string parent: string scopes: [string] title: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . etag=dolor Output only. An opaque identifier for the current version of the AccessPolicy . This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format. name=lorem Output only. Resource name of the AccessPolicy . Format: accessPolicies/{access_policy} parent=eos Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id} scopes=labore The scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with scopes=["folders/123"] has the following behavior: - ServicePerimeter can only restrict projects within folders/123 . - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes folders/123 will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number} Each invocation of this argument appends the given value to the array. title=sed Required. Human readable title. Does not affect behavior.","title":"Required Request Value"},{"location":"access-policies_patch/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_patch/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_patch/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string Required. Mask to control which fields get updated. Must be non-empty.","title":"Optional Method Properties"},{"location":"access-policies_patch/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_service-perimeters-commit/","text":"Commits the dry-run specification for all the service perimeters in an access policy. A commit operation on a service perimeter involves copying its spec field to the status field of the service perimeter. Only service perimeters with use_explicit_dry_run_spec field set to true are affected by a commit operation. The long-running operation from this RPC has a successful status after the dry-run specifications for all the service perimeters have been committed. If a commit fails, it causes the long-running operation to return an error response and the entire commit operation is cancelled. When successful, the Operation.response field contains CommitServicePerimetersResponse. The dry_run and the spec fields are cleared after a successful commit operation. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-commit ... Required Scalar Argument <parent> (string) Required. Resource name for the parent Access Policy which owns all Service Perimeters in scope for the commit operation. Format: accessPolicies/{policy_id} Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: CommitServicePerimetersRequest: etag: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . etag=duo Optional. The etag for the version of the Access Policy that this commit operation is to be performed on. If, at the time of commit, the etag for the Access Policy stored in Access Context Manager is different from the specified etag, then the commit operation will not be performed and the call will fail. This field is not required. If etag is not provided, the operation will be performed as if a valid etag is provided. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Service Perimeters Commit"},{"location":"access-policies_service-perimeters-commit/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-commit ...","title":"Scopes"},{"location":"access-policies_service-perimeters-commit/#required-scalar-argument","text":"<parent> (string) Required. Resource name for the parent Access Policy which owns all Service Perimeters in scope for the commit operation. Format: accessPolicies/{policy_id}","title":"Required Scalar Argument"},{"location":"access-policies_service-perimeters-commit/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: CommitServicePerimetersRequest: etag: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . etag=duo Optional. The etag for the version of the Access Policy that this commit operation is to be performed on. If, at the time of commit, the etag for the Access Policy stored in Access Context Manager is different from the specified etag, then the commit operation will not be performed and the call will fail. This field is not required. If etag is not provided, the operation will be performed as if a valid etag is provided.","title":"Required Request Value"},{"location":"access-policies_service-perimeters-commit/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_service-perimeters-commit/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_service-perimeters-commit/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_service-perimeters-create/","text":"Creates a service perimeter. The long-running operation from this RPC has a successful status after the service perimeter propagates to long-lasting storage. If a service perimeter contains errors, an error response is returned for the first error encountered. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-create ... Required Scalar Argument <parent> (string) Required. Resource name for the access policy which owns this Service Perimeter. Format: accessPolicies/{policy_id} Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: ServicePerimeter: description: string name: string perimeter-type: string spec: access-levels: [string] resources: [string] restricted-services: [string] vpc-accessible-services: allowed-services: [string] enable-restriction: boolean status: access-levels: [string] resources: [string] restricted-services: [string] vpc-accessible-services: allowed-services: [string] enable-restriction: boolean title: string use-explicit-dry-run-spec: boolean can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . description=sed Description of the ServicePerimeter and its use. Does not affect behavior. name=no Resource name for the ServicePerimeter . Format: accessPolicies/{access_policy}/servicePerimeters/{service_perimeter} . The service_perimeter component must begin with a letter, followed by alphanumeric characters or _ . After you create a ServicePerimeter , you cannot change its name . perimeter-type=stet Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty. spec access-levels=kasd A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter . Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL" . For Service Perimeter Bridge, must be empty. Each invocation of this argument appends the given value to the array. resources=et A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: projects/{project_number} VPC network format: //compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME} . Each invocation of this argument appends the given value to the array. restricted-services=sed Google Cloud services that are subject to the Service Perimeter restrictions. For example, if storage.googleapis.com is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. Each invocation of this argument appends the given value to the array. vpc-accessible-services allowed-services=et The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter. Each invocation of this argument appends the given value to the array. enable-restriction=true Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'. ...status access-levels=vero A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter . Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL" . For Service Perimeter Bridge, must be empty. Each invocation of this argument appends the given value to the array. resources=erat A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: projects/{project_number} VPC network format: //compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME} . Each invocation of this argument appends the given value to the array. restricted-services=sed Google Cloud services that are subject to the Service Perimeter restrictions. For example, if storage.googleapis.com is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. Each invocation of this argument appends the given value to the array. vpc-accessible-services allowed-services=duo The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter. Each invocation of this argument appends the given value to the array. enable-restriction=false Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'. ... title=diam Human readable title. Must be unique within the Policy. use-explicit-dry-run-spec=true Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration (\"spec\") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config (\"status\") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Service Perimeters Create"},{"location":"access-policies_service-perimeters-create/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-create ...","title":"Scopes"},{"location":"access-policies_service-perimeters-create/#required-scalar-argument","text":"<parent> (string) Required. Resource name for the access policy which owns this Service Perimeter. Format: accessPolicies/{policy_id}","title":"Required Scalar Argument"},{"location":"access-policies_service-perimeters-create/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: ServicePerimeter: description: string name: string perimeter-type: string spec: access-levels: [string] resources: [string] restricted-services: [string] vpc-accessible-services: allowed-services: [string] enable-restriction: boolean status: access-levels: [string] resources: [string] restricted-services: [string] vpc-accessible-services: allowed-services: [string] enable-restriction: boolean title: string use-explicit-dry-run-spec: boolean can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . description=sed Description of the ServicePerimeter and its use. Does not affect behavior. name=no Resource name for the ServicePerimeter . Format: accessPolicies/{access_policy}/servicePerimeters/{service_perimeter} . The service_perimeter component must begin with a letter, followed by alphanumeric characters or _ . After you create a ServicePerimeter , you cannot change its name . perimeter-type=stet Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty. spec access-levels=kasd A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter . Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL" . For Service Perimeter Bridge, must be empty. Each invocation of this argument appends the given value to the array. resources=et A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: projects/{project_number} VPC network format: //compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME} . Each invocation of this argument appends the given value to the array. restricted-services=sed Google Cloud services that are subject to the Service Perimeter restrictions. For example, if storage.googleapis.com is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. Each invocation of this argument appends the given value to the array. vpc-accessible-services allowed-services=et The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter. Each invocation of this argument appends the given value to the array. enable-restriction=true Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'. ...status access-levels=vero A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter . Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL" . For Service Perimeter Bridge, must be empty. Each invocation of this argument appends the given value to the array. resources=erat A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: projects/{project_number} VPC network format: //compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME} . Each invocation of this argument appends the given value to the array. restricted-services=sed Google Cloud services that are subject to the Service Perimeter restrictions. For example, if storage.googleapis.com is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. Each invocation of this argument appends the given value to the array. vpc-accessible-services allowed-services=duo The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter. Each invocation of this argument appends the given value to the array. enable-restriction=false Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'. ... title=diam Human readable title. Must be unique within the Policy. use-explicit-dry-run-spec=true Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration (\"spec\") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config (\"status\") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.","title":"Required Request Value"},{"location":"access-policies_service-perimeters-create/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_service-perimeters-create/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_service-perimeters-create/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_service-perimeters-delete/","text":"Deletes a service perimeter based on the resource name. The long-running operation from this RPC has a successful status after the service perimeter is removed from long-lasting storage. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-delete ... Required Scalar Argument <name> (string) Required. Resource name for the Service Perimeter. Format: accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id} Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Service Perimeters Delete"},{"location":"access-policies_service-perimeters-delete/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-delete ...","title":"Scopes"},{"location":"access-policies_service-perimeters-delete/#required-scalar-argument","text":"<name> (string) Required. Resource name for the Service Perimeter. Format: accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}","title":"Required Scalar Argument"},{"location":"access-policies_service-perimeters-delete/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_service-perimeters-delete/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_service-perimeters-get/","text":"Gets a service perimeter based on the resource name. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-get ... Required Scalar Argument <name> (string) Required. Resource name for the Service Perimeter. Format: accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id} Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Service Perimeters Get"},{"location":"access-policies_service-perimeters-get/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-get ...","title":"Scopes"},{"location":"access-policies_service-perimeters-get/#required-scalar-argument","text":"<name> (string) Required. Resource name for the Service Perimeter. Format: accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}","title":"Required Scalar Argument"},{"location":"access-policies_service-perimeters-get/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_service-perimeters-get/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_service-perimeters-list/","text":"Lists all service perimeters for an access policy. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-list ... Required Scalar Argument <parent> (string) Required. Resource name for the access policy to list Service Perimeters from. Format: accessPolicies/{policy_id} Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p page-size=integer Number of Service Perimeters to include in the list. Default 100. -p page-token=string Next page token for the next batch of Service Perimeter instances. Defaults to the first page of results. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Service Perimeters List"},{"location":"access-policies_service-perimeters-list/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-list ...","title":"Scopes"},{"location":"access-policies_service-perimeters-list/#required-scalar-argument","text":"<parent> (string) Required. Resource name for the access policy to list Service Perimeters from. Format: accessPolicies/{policy_id}","title":"Required Scalar Argument"},{"location":"access-policies_service-perimeters-list/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_service-perimeters-list/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p page-size=integer Number of Service Perimeters to include in the list. Default 100. -p page-token=string Next page token for the next batch of Service Perimeter instances. Defaults to the first page of results.","title":"Optional Method Properties"},{"location":"access-policies_service-perimeters-list/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_service-perimeters-patch/","text":"Updates a service perimeter. The long-running operation from this RPC has a successful status after the service perimeter propagates to long-lasting storage. If a service perimeter contains errors, an error response is returned for the first error encountered. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-patch ... Required Scalar Argument <name> (string) Resource name for the ServicePerimeter . Format: accessPolicies/{access_policy}/servicePerimeters/{service_perimeter} . The service_perimeter component must begin with a letter, followed by alphanumeric characters or _ . After you create a ServicePerimeter , you cannot change its name . Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: ServicePerimeter: description: string name: string perimeter-type: string spec: access-levels: [string] resources: [string] restricted-services: [string] vpc-accessible-services: allowed-services: [string] enable-restriction: boolean status: access-levels: [string] resources: [string] restricted-services: [string] vpc-accessible-services: allowed-services: [string] enable-restriction: boolean title: string use-explicit-dry-run-spec: boolean can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . description=et Description of the ServicePerimeter and its use. Does not affect behavior. name=et Resource name for the ServicePerimeter . Format: accessPolicies/{access_policy}/servicePerimeters/{service_perimeter} . The service_perimeter component must begin with a letter, followed by alphanumeric characters or _ . After you create a ServicePerimeter , you cannot change its name . perimeter-type=sadipscing Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty. spec access-levels=stet A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter . Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL" . For Service Perimeter Bridge, must be empty. Each invocation of this argument appends the given value to the array. resources=dolor A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: projects/{project_number} VPC network format: //compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME} . Each invocation of this argument appends the given value to the array. restricted-services=duo Google Cloud services that are subject to the Service Perimeter restrictions. For example, if storage.googleapis.com is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. Each invocation of this argument appends the given value to the array. vpc-accessible-services allowed-services=vero The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter. Each invocation of this argument appends the given value to the array. enable-restriction=false Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'. ...status access-levels=invidunt A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter . Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL" . For Service Perimeter Bridge, must be empty. Each invocation of this argument appends the given value to the array. resources=stet A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: projects/{project_number} VPC network format: //compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME} . Each invocation of this argument appends the given value to the array. restricted-services=vero Google Cloud services that are subject to the Service Perimeter restrictions. For example, if storage.googleapis.com is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. Each invocation of this argument appends the given value to the array. vpc-accessible-services allowed-services=elitr The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter. Each invocation of this argument appends the given value to the array. enable-restriction=true Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'. ... title=ipsum Human readable title. Must be unique within the Policy. use-explicit-dry-run-spec=true Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration (\"spec\") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config (\"status\") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string Required. Mask to control which fields get updated. Must be non-empty. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Service Perimeters Patch"},{"location":"access-policies_service-perimeters-patch/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-patch ...","title":"Scopes"},{"location":"access-policies_service-perimeters-patch/#required-scalar-argument","text":"<name> (string) Resource name for the ServicePerimeter . Format: accessPolicies/{access_policy}/servicePerimeters/{service_perimeter} . The service_perimeter component must begin with a letter, followed by alphanumeric characters or _ . After you create a ServicePerimeter , you cannot change its name .","title":"Required Scalar Argument"},{"location":"access-policies_service-perimeters-patch/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: ServicePerimeter: description: string name: string perimeter-type: string spec: access-levels: [string] resources: [string] restricted-services: [string] vpc-accessible-services: allowed-services: [string] enable-restriction: boolean status: access-levels: [string] resources: [string] restricted-services: [string] vpc-accessible-services: allowed-services: [string] enable-restriction: boolean title: string use-explicit-dry-run-spec: boolean can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . description=et Description of the ServicePerimeter and its use. Does not affect behavior. name=et Resource name for the ServicePerimeter . Format: accessPolicies/{access_policy}/servicePerimeters/{service_perimeter} . The service_perimeter component must begin with a letter, followed by alphanumeric characters or _ . After you create a ServicePerimeter , you cannot change its name . perimeter-type=sadipscing Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty. spec access-levels=stet A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter . Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL" . For Service Perimeter Bridge, must be empty. Each invocation of this argument appends the given value to the array. resources=dolor A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: projects/{project_number} VPC network format: //compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME} . Each invocation of this argument appends the given value to the array. restricted-services=duo Google Cloud services that are subject to the Service Perimeter restrictions. For example, if storage.googleapis.com is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. Each invocation of this argument appends the given value to the array. vpc-accessible-services allowed-services=vero The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter. Each invocation of this argument appends the given value to the array. enable-restriction=false Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'. ...status access-levels=invidunt A list of AccessLevel resource names that allow resources within the ServicePerimeter to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter . Referencing a nonexistent AccessLevel is a syntax error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL" . For Service Perimeter Bridge, must be empty. Each invocation of this argument appends the given value to the array. resources=stet A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: projects/{project_number} VPC network format: //compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME} . Each invocation of this argument appends the given value to the array. restricted-services=vero Google Cloud services that are subject to the Service Perimeter restrictions. For example, if storage.googleapis.com is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. Each invocation of this argument appends the given value to the array. vpc-accessible-services allowed-services=elitr The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter. Each invocation of this argument appends the given value to the array. enable-restriction=true Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'. ... title=ipsum Human readable title. Must be unique within the Policy. use-explicit-dry-run-spec=true Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration (\"spec\") to use in a dry-run version of the Service Perimeter. This allows the user to test changes to the enforced config (\"status\") without actually enforcing them. This testing is done through analyzing the differences between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.","title":"Required Request Value"},{"location":"access-policies_service-perimeters-patch/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_service-perimeters-patch/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_service-perimeters-patch/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string Required. Mask to control which fields get updated. Must be non-empty.","title":"Optional Method Properties"},{"location":"access-policies_service-perimeters-patch/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_service-perimeters-replace-all/","text":"Replace all existing service perimeters in an access policy with the service perimeters provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. Replacements containing errors result in an error response for the first error encountered. Upon an error, replacement are cancelled and existing service perimeters are not affected. The Operation.response field contains ReplaceServicePerimetersResponse. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-replace-all ... Required Scalar Argument <parent> (string) Required. Resource name for the access policy which owns these Service Perimeters. Format: accessPolicies/{policy_id} Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: ReplaceServicePerimetersRequest: etag: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . etag=consetetur Optional. The etag for the version of the Access Policy that this replace operation is to be performed on. If, at the time of replace, the etag for the Access Policy stored in Access Context Manager is different from the specified etag, then the replace operation will not be performed and the call will fail. This field is not required. If etag is not provided, the operation will be performed as if a valid etag is provided. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Service Perimeters Replace All"},{"location":"access-policies_service-perimeters-replace-all/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-replace-all ...","title":"Scopes"},{"location":"access-policies_service-perimeters-replace-all/#required-scalar-argument","text":"<parent> (string) Required. Resource name for the access policy which owns these Service Perimeters. Format: accessPolicies/{policy_id}","title":"Required Scalar Argument"},{"location":"access-policies_service-perimeters-replace-all/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: ReplaceServicePerimetersRequest: etag: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . etag=consetetur Optional. The etag for the version of the Access Policy that this replace operation is to be performed on. If, at the time of replace, the etag for the Access Policy stored in Access Context Manager is different from the specified etag, then the replace operation will not be performed and the call will fail. This field is not required. If etag is not provided, the operation will be performed as if a valid etag is provided.","title":"Required Request Value"},{"location":"access-policies_service-perimeters-replace-all/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_service-perimeters-replace-all/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_service-perimeters-replace-all/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_service-perimeters-test-iam-permissions/","text":"Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or ServicePerimeter. This method does not support other resources. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-test-iam-permissions ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=voluptua. The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Service Perimeters Test Iam Permissions"},{"location":"access-policies_service-perimeters-test-iam-permissions/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies service-perimeters-test-iam-permissions ...","title":"Scopes"},{"location":"access-policies_service-perimeters-test-iam-permissions/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"access-policies_service-perimeters-test-iam-permissions/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=voluptua. The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array.","title":"Required Request Value"},{"location":"access-policies_service-perimeters-test-iam-permissions/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_service-perimeters-test-iam-permissions/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_service-perimeters-test-iam-permissions/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_set-iam-policy/","text":"Sets the IAM policy for the specified Access Context Manager access policy. This method replaces the existing IAM policy on the access policy. The IAM policy controls the set of users who can perform specific operations on the Access Context Manager access policy. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies set-iam-policy ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: SetIamPolicyRequest: policy: etag: string version: integer update-mask: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .policy etag=et etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy , and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. version=70 Specifies the format of the policy. Valid values are 0 , 1 , and 3 . Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3 . This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation . .. update-mask=consetetur OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: paths: "bindings, etag" About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Set Iam Policy"},{"location":"access-policies_set-iam-policy/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies set-iam-policy ...","title":"Scopes"},{"location":"access-policies_set-iam-policy/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"access-policies_set-iam-policy/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: SetIamPolicyRequest: policy: etag: string version: integer update-mask: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r .policy etag=et etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy , and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. version=70 Specifies the format of the policy. Valid values are 0 , 1 , and 3 . Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version 3 . This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy . If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation . .. update-mask=consetetur OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: paths: "bindings, etag"","title":"Required Request Value"},{"location":"access-policies_set-iam-policy/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_set-iam-policy/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_set-iam-policy/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"access-policies_test-iam-permissions/","text":"Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or ServicePerimeter. This method does not support other resources. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies test-iam-permissions ... Required Scalar Argument <resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=amet. The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Test Iam Permissions"},{"location":"access-policies_test-iam-permissions/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> access-policies test-iam-permissions ...","title":"Scopes"},{"location":"access-policies_test-iam-permissions/#required-scalar-argument","text":"<resource> (string) REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.","title":"Required Scalar Argument"},{"location":"access-policies_test-iam-permissions/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: TestIamPermissionsRequest: permissions: [string] can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . permissions=amet. The set of permissions to check for the resource . Permissions with wildcards (such as * or storage.* ) are not allowed. For more information see IAM Overview . Each invocation of this argument appends the given value to the array.","title":"Required Request Value"},{"location":"access-policies_test-iam-permissions/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"access-policies_test-iam-permissions/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"access-policies_test-iam-permissions/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"operations_cancel/","text":"Starts asynchronous cancellation on a long-running operation. The server makes a best effort to cancel the operation, but success is not guaranteed. If the server doesn't support this method, it returns google.rpc.Code.UNIMPLEMENTED . Clients can use Operations.GetOperation or other methods to check whether the cancellation succeeded or whether the operation completed despite cancellation. On successful cancellation, the operation is not deleted; instead, it becomes an operation with an Operation.error value with a google.rpc.Status.code of 1, corresponding to Code.CANCELLED . Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> operations cancel ... Required Scalar Argument <name> (string) The name of the operation resource to be cancelled. Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: CancelOperationRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Cancel"},{"location":"operations_cancel/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> operations cancel ...","title":"Scopes"},{"location":"operations_cancel/#required-scalar-argument","text":"<name> (string) The name of the operation resource to be cancelled.","title":"Required Scalar Argument"},{"location":"operations_cancel/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: CancelOperationRequest: can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time.","title":"Required Request Value"},{"location":"operations_cancel/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"operations_cancel/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"operations_cancel/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"operations_delete/","text":"Deletes a long-running operation. This method indicates that the client is no longer interested in the operation result. It does not cancel the operation. If the server doesn't support this method, it returns google.rpc.Code.UNIMPLEMENTED . Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> operations delete ... Required Scalar Argument <name> (string) The name of the operation resource to be deleted. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Delete"},{"location":"operations_delete/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> operations delete ...","title":"Scopes"},{"location":"operations_delete/#required-scalar-argument","text":"<name> (string) The name of the operation resource to be deleted.","title":"Required Scalar Argument"},{"location":"operations_delete/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"operations_delete/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"operations_get/","text":"Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> operations get ... Required Scalar Argument <name> (string) The name of the operation resource. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Get"},{"location":"operations_get/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> operations get ...","title":"Scopes"},{"location":"operations_get/#required-scalar-argument","text":"<name> (string) The name of the operation resource.","title":"Required Scalar Argument"},{"location":"operations_get/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"operations_get/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"operations_list/","text":"Lists operations that match the specified filter in the request. If the server doesn't support this method, it returns UNIMPLEMENTED . Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> operations list ... Required Scalar Argument <name> (string) The name of the operation's parent resource. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The standard list filter. -p page-size=integer The standard list page size. -p page-token=string The standard list page token. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"List"},{"location":"operations_list/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> operations list ...","title":"Scopes"},{"location":"operations_list/#required-scalar-argument","text":"<name> (string) The name of the operation's parent resource.","title":"Required Scalar Argument"},{"location":"operations_list/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"operations_list/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p filter=string The standard list filter. -p page-size=integer The standard list page size. -p page-token=string The standard list page token.","title":"Optional Method Properties"},{"location":"operations_list/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"organizations_gcp-user-access-bindings-create/","text":"Creates a GcpUserAccessBinding. If the client specifies a name, the server ignores it. Fails if a resource already exists with the same group_key. Completion of this long-running operation does not necessarily signify that the new binding is deployed onto all affected users, which may take more time. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> organizations gcp-user-access-bindings-create ... Required Scalar Argument <parent> (string) Required. Example: \"organizations/256\" Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GcpUserAccessBinding: access-levels: [string] dry-run-access-levels: [string] group-key: string name: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . access-levels=sed Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\" Each invocation of this argument appends the given value to the array. dry-run-access-levels=takimata Optional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\" Each invocation of this argument appends the given value to the array. group-key=dolores Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See \"id\" in the [G Suite Directory API's Groups resource] (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource). If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: \"01d520gv4vjcrht\" name=gubergren Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3 ). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\" About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Gcp User Access Bindings Create"},{"location":"organizations_gcp-user-access-bindings-create/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> organizations gcp-user-access-bindings-create ...","title":"Scopes"},{"location":"organizations_gcp-user-access-bindings-create/#required-scalar-argument","text":"<parent> (string) Required. Example: \"organizations/256\"","title":"Required Scalar Argument"},{"location":"organizations_gcp-user-access-bindings-create/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GcpUserAccessBinding: access-levels: [string] dry-run-access-levels: [string] group-key: string name: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . access-levels=sed Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\" Each invocation of this argument appends the given value to the array. dry-run-access-levels=takimata Optional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\" Each invocation of this argument appends the given value to the array. group-key=dolores Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See \"id\" in the [G Suite Directory API's Groups resource] (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource). If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: \"01d520gv4vjcrht\" name=gubergren Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3 ). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\"","title":"Required Request Value"},{"location":"organizations_gcp-user-access-bindings-create/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"organizations_gcp-user-access-bindings-create/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"organizations_gcp-user-access-bindings-create/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"organizations_gcp-user-access-bindings-delete/","text":"Deletes a GcpUserAccessBinding. Completion of this long-running operation does not necessarily signify that the binding deletion is deployed onto all affected users, which may take more time. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> organizations gcp-user-access-bindings-delete ... Required Scalar Argument <name> (string) Required. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\" Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Gcp User Access Bindings Delete"},{"location":"organizations_gcp-user-access-bindings-delete/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> organizations gcp-user-access-bindings-delete ...","title":"Scopes"},{"location":"organizations_gcp-user-access-bindings-delete/#required-scalar-argument","text":"<name> (string) Required. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\"","title":"Required Scalar Argument"},{"location":"organizations_gcp-user-access-bindings-delete/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"organizations_gcp-user-access-bindings-delete/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"organizations_gcp-user-access-bindings-get/","text":"Gets the GcpUserAccessBinding with the given name. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> organizations gcp-user-access-bindings-get ... Required Scalar Argument <name> (string) Required. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\" Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Gcp User Access Bindings Get"},{"location":"organizations_gcp-user-access-bindings-get/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> organizations gcp-user-access-bindings-get ...","title":"Scopes"},{"location":"organizations_gcp-user-access-bindings-get/#required-scalar-argument","text":"<name> (string) Required. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\"","title":"Required Scalar Argument"},{"location":"organizations_gcp-user-access-bindings-get/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"organizations_gcp-user-access-bindings-get/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"organizations_gcp-user-access-bindings-list/","text":"Lists all GcpUserAccessBindings for a Google Cloud organization. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> organizations gcp-user-access-bindings-list ... Required Scalar Argument <parent> (string) Required. Example: \"organizations/256\" Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p page-size=integer Optional. Maximum number of items to return. The server may return fewer items. If left blank, the server may return any number of items. -p page-token=string Optional. If left blank, returns the first page. To enumerate all items, use the next_page_token from your previous list operation. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Gcp User Access Bindings List"},{"location":"organizations_gcp-user-access-bindings-list/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> organizations gcp-user-access-bindings-list ...","title":"Scopes"},{"location":"organizations_gcp-user-access-bindings-list/#required-scalar-argument","text":"<parent> (string) Required. Example: \"organizations/256\"","title":"Required Scalar Argument"},{"location":"organizations_gcp-user-access-bindings-list/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"organizations_gcp-user-access-bindings-list/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p page-size=integer Optional. Maximum number of items to return. The server may return fewer items. If left blank, the server may return any number of items. -p page-token=string Optional. If left blank, returns the first page. To enumerate all items, use the next_page_token from your previous list operation.","title":"Optional Method Properties"},{"location":"organizations_gcp-user-access-bindings-list/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"organizations_gcp-user-access-bindings-patch/","text":"Updates a GcpUserAccessBinding. Completion of this long-running operation does not necessarily signify that the changed binding is deployed onto all affected users, which may take more time. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> organizations gcp-user-access-bindings-patch ... Required Scalar Argument <name> (string) Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3 ). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\" Required Request Value The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GcpUserAccessBinding: access-levels: [string] dry-run-access-levels: [string] group-key: string name: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . access-levels=et Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\" Each invocation of this argument appends the given value to the array. dry-run-access-levels=accusam Optional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\" Each invocation of this argument appends the given value to the array. group-key=voluptua. Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See \"id\" in the [G Suite Directory API's Groups resource] (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource). If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: \"01d520gv4vjcrht\" name=dolore Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3 ). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\" About Cursors The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up. Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string Required. Only the fields specified in this mask are updated. Because name and group_key cannot be changed, update_mask is required and may only contain the following fields: access_levels , dry_run_access_levels . update_mask { paths: \"access_levels\" } Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Gcp User Access Bindings Patch"},{"location":"organizations_gcp-user-access-bindings-patch/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> organizations gcp-user-access-bindings-patch ...","title":"Scopes"},{"location":"organizations_gcp-user-access-bindings-patch/#required-scalar-argument","text":"<name> (string) Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3 ). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\"","title":"Required Scalar Argument"},{"location":"organizations_gcp-user-access-bindings-patch/#required-request-value","text":"The request value is a data-structure with various fields. Each field may be a simple scalar or another data-structure. In the latter case it is advised to set the field-cursor to the data-structure's field to specify values more concisely. For example, a structure like this: GcpUserAccessBinding: access-levels: [string] dry-run-access-levels: [string] group-key: string name: string can be set completely with the following arguments which are assumed to be executed in the given order. Note how the cursor position is adjusted to the respective structures, allowing simple field names to be used most of the time. -r . access-levels=et Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\" Each invocation of this argument appends the given value to the array. dry-run-access-levels=accusam Optional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\" Each invocation of this argument appends the given value to the array. group-key=voluptua. Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See \"id\" in the [G Suite Directory API's Groups resource] (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource). If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: \"01d520gv4vjcrht\" name=dolore Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3 ). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\"","title":"Required Request Value"},{"location":"organizations_gcp-user-access-bindings-patch/#about-cursors","text":"The cursor position is key to comfortably set complex nested structures. The following rules apply: The cursor position is always set relative to the current one, unless the field name starts with the . character. Fields can be nested such as in -r f.s.o . The cursor position is set relative to the top-level structure if it starts with . , e.g. -r .s.s You can also set nested fields without setting the cursor explicitly. For example, to set a value relative to the current cursor position, you would specify -r struct.sub_struct=bar . You can move the cursor one level up by using .. . Each additional . moves it up one additional level. E.g. ... would go three levels up.","title":"About Cursors"},{"location":"organizations_gcp-user-access-bindings-patch/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"organizations_gcp-user-access-bindings-patch/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p update-mask=string Required. Only the fields specified in this mask are updated. Because name and group_key cannot be changed, update_mask is required and may only contain the following fields: access_levels , dry_run_access_levels . update_mask { paths: \"access_levels\" }","title":"Optional Method Properties"},{"location":"organizations_gcp-user-access-bindings-patch/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"services_get/","text":"Returns a VPC-SC supported service based on the service name. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> services get ... Required Scalar Argument <name> (string) The name of the service to get information about. The names must be in the same format as used in defining a service perimeter, for example, storage.googleapis.com . Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Get"},{"location":"services_get/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> services get ...","title":"Scopes"},{"location":"services_get/#required-scalar-argument","text":"<name> (string) The name of the service to get information about. The names must be in the same format as used in defining a service perimeter, for example, storage.googleapis.com .","title":"Required Scalar Argument"},{"location":"services_get/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"services_get/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"},{"location":"services_list/","text":"Lists all VPC-SC supported services. Scopes You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> services list ... Optional Output Flags The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output. Optional Method Properties You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p page-size=integer This flag specifies the maximum number of services to return per page. Default is 100. -p page-token=string Token to start on a later page. Default is the first page. Optional General Properties The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"List"},{"location":"services_list/#scopes","text":"You will need authorization for the https://www.googleapis.com/auth/cloud-platform scope to make a valid call. If unset, the scope for this method defaults to https://www.googleapis.com/auth/cloud-platform . You can set the scope for this method like this: accesscontextmanager1 --scope <scope> services list ...","title":"Scopes"},{"location":"services_list/#optional-output-flags","text":"The method's return value a JSON encoded structure, which will be written to standard output by default. -o out out specifies the destination to which to write the server's result to. It will be a JSON-encoded structure. The destination may be - to indicate standard output, or a filepath that is to contain the received bytes. If unset, it defaults to standard output.","title":"Optional Output Flags"},{"location":"services_list/#optional-method-properties","text":"You may set the following properties to further configure the call. Please note that -p is followed by one or more key-value-pairs, and is called like this -p k1=v1 k2=v2 even though the listing below repeats the -p for completeness. -p page-size=integer This flag specifies the maximum number of services to return per page. Default is 100. -p page-token=string Token to start on a later page. Default is the first page.","title":"Optional Method Properties"},{"location":"services_list/#optional-general-properties","text":"The following properties can configure any call, and are not specific to this method. -p $-xgafv=string V1 error format. -p access-token=string OAuth access token. -p alt=string Data format for response. -p callback=string JSONP -p fields=string Selector specifying which fields to include in a partial response. -p key=string API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. -p oauth-token=string OAuth 2.0 token for the current user. -p pretty-print=boolean Returns response with indentations and line breaks. -p quota-user=string Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. -p upload-type=string Legacy upload protocol for media (e.g. \"media\", \"multipart\"). -p upload-protocol=string Upload protocol for media (e.g. \"raw\", \"multipart\").","title":"Optional General Properties"}]} |