Close httplib2 connections.
create(parent, body=None, x__xgafv=None)
Creates a GcpUserAccessBinding. If the client specifies a name, the server ignores it. Fails if a resource already exists with the same group_key. Completion of this long-running operation does not necessarily signify that the new binding is deployed onto all affected users, which may take more time.
Deletes a GcpUserAccessBinding. Completion of this long-running operation does not necessarily signify that the binding deletion is deployed onto all affected users, which may take more time.
Gets the GcpUserAccessBinding with the given name.
list(parent, pageSize=None, pageToken=None, x__xgafv=None)
Lists all GcpUserAccessBindings for a Google Cloud organization.
Retrieves the next page of results.
patch(name, append=None, body=None, updateMask=None, x__xgafv=None)
Updates a GcpUserAccessBinding. Completion of this long-running operation does not necessarily signify that the changed binding is deployed onto all affected users, which may take more time.
close()
Close httplib2 connections.
create(parent, body=None, x__xgafv=None)
Creates a GcpUserAccessBinding. If the client specifies a name, the server ignores it. Fails if a resource already exists with the same group_key. Completion of this long-running operation does not necessarily signify that the new binding is deployed onto all affected users, which may take more time.
Args:
parent: string, Required. Example: "organizations/256" (required)
body: object, The request body.
The object takes the form of:
{ # Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"dryRunAccessLevels": [ # Optional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"groupKey": "A String", # Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the [G Suite Directory API's Groups resource] (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource). If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
"name": "A String", # Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
"restrictedClientApplications": [ # Optional. A list of applications that are subject to this binding's restrictions. If the list is empty, the binding restrictions will universally apply to all applications.
{ # An application that accesses Google Cloud APIs.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
],
"scopedAccessSettings": [ # Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. This field cannot be set if restricted_client_applications is set.
{ # A relationship between access settings and its scope.
"activeSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Access settings for this scoped access settings. This field may be empty if dry_run_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Presently only set for Cloud Apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling. Session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. Big red button to turn off GCSL. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when users GCP session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"dryRunSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Dry-run access settings for this scoped access settings. This field may be empty if active_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Presently only set for Cloud Apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling. Session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. Big red button to turn off GCSL. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when users GCP session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"scope": { # Access scope represents the client scope, etc. to which the settings will be applied to. # Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty.
"clientScope": { # Client scope represents the application, etc. subject to this binding's restrictions. # Optional. Client scope for this access scope.
"restrictedClientApplication": { # An application that accesses Google Cloud APIs. # Optional. The application that is subject to this binding's scope.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
},
},
},
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. GCSL policy for the group key.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Presently only set for Cloud Apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling. Session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. Big red button to turn off GCSL. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when users GCP session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # This resource represents a long-running operation that is the result of a network API call.
"done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
"error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
"name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
"response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
}
delete(name, x__xgafv=None)
Deletes a GcpUserAccessBinding. Completion of this long-running operation does not necessarily signify that the binding deletion is deployed onto all affected users, which may take more time.
Args:
name: string, Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N" (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # This resource represents a long-running operation that is the result of a network API call.
"done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
"error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
"name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
"response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
}
get(name, x__xgafv=None)
Gets the GcpUserAccessBinding with the given name.
Args:
name: string, Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N" (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"dryRunAccessLevels": [ # Optional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"groupKey": "A String", # Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the [G Suite Directory API's Groups resource] (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource). If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
"name": "A String", # Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
"restrictedClientApplications": [ # Optional. A list of applications that are subject to this binding's restrictions. If the list is empty, the binding restrictions will universally apply to all applications.
{ # An application that accesses Google Cloud APIs.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
],
"scopedAccessSettings": [ # Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. This field cannot be set if restricted_client_applications is set.
{ # A relationship between access settings and its scope.
"activeSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Access settings for this scoped access settings. This field may be empty if dry_run_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Presently only set for Cloud Apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling. Session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. Big red button to turn off GCSL. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when users GCP session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"dryRunSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Dry-run access settings for this scoped access settings. This field may be empty if active_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Presently only set for Cloud Apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling. Session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. Big red button to turn off GCSL. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when users GCP session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"scope": { # Access scope represents the client scope, etc. to which the settings will be applied to. # Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty.
"clientScope": { # Client scope represents the application, etc. subject to this binding's restrictions. # Optional. Client scope for this access scope.
"restrictedClientApplication": { # An application that accesses Google Cloud APIs. # Optional. The application that is subject to this binding's scope.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
},
},
},
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. GCSL policy for the group key.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Presently only set for Cloud Apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling. Session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. Big red button to turn off GCSL. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when users GCP session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
}
list(parent, pageSize=None, pageToken=None, x__xgafv=None)
Lists all GcpUserAccessBindings for a Google Cloud organization.
Args:
parent: string, Required. Example: "organizations/256" (required)
pageSize: integer, Optional. Maximum number of items to return. The server may return fewer items. If left blank, the server may return any number of items.
pageToken: string, Optional. If left blank, returns the first page. To enumerate all items, use the next_page_token from your previous list operation.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response of ListGcpUserAccessBindings.
"gcpUserAccessBindings": [ # GcpUserAccessBinding
{ # Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"dryRunAccessLevels": [ # Optional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"groupKey": "A String", # Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the [G Suite Directory API's Groups resource] (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource). If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
"name": "A String", # Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
"restrictedClientApplications": [ # Optional. A list of applications that are subject to this binding's restrictions. If the list is empty, the binding restrictions will universally apply to all applications.
{ # An application that accesses Google Cloud APIs.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
],
"scopedAccessSettings": [ # Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. This field cannot be set if restricted_client_applications is set.
{ # A relationship between access settings and its scope.
"activeSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Access settings for this scoped access settings. This field may be empty if dry_run_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Presently only set for Cloud Apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling. Session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. Big red button to turn off GCSL. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when users GCP session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"dryRunSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Dry-run access settings for this scoped access settings. This field may be empty if active_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Presently only set for Cloud Apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling. Session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. Big red button to turn off GCSL. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when users GCP session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"scope": { # Access scope represents the client scope, etc. to which the settings will be applied to. # Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty.
"clientScope": { # Client scope represents the application, etc. subject to this binding's restrictions. # Optional. Client scope for this access scope.
"restrictedClientApplication": { # An application that accesses Google Cloud APIs. # Optional. The application that is subject to this binding's scope.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
},
},
},
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. GCSL policy for the group key.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Presently only set for Cloud Apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling. Session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. Big red button to turn off GCSL. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when users GCP session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
],
"nextPageToken": "A String", # Token to get the next page of items. If blank, there are no more items.
}
list_next()
Retrieves the next page of results.
Args:
previous_request: The request for the previous page. (required)
previous_response: The response from the request for the previous page. (required)
Returns:
A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.
patch(name, append=None, body=None, updateMask=None, x__xgafv=None)
Updates a GcpUserAccessBinding. Completion of this long-running operation does not necessarily signify that the changed binding is deployed onto all affected users, which may take more time.
Args:
name: string, Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N" (required)
body: object, The request body.
The object takes the form of:
{ # Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"dryRunAccessLevels": [ # Optional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"groupKey": "A String", # Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the [G Suite Directory API's Groups resource] (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource). If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"
"name": "A String", # Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
"restrictedClientApplications": [ # Optional. A list of applications that are subject to this binding's restrictions. If the list is empty, the binding restrictions will universally apply to all applications.
{ # An application that accesses Google Cloud APIs.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
],
"scopedAccessSettings": [ # Optional. A list of scoped access settings that set this binding's restrictions on a subset of applications. This field cannot be set if restricted_client_applications is set.
{ # A relationship between access settings and its scope.
"activeSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Access settings for this scoped access settings. This field may be empty if dry_run_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Presently only set for Cloud Apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling. Session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. Big red button to turn off GCSL. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when users GCP session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"dryRunSettings": { # Access settings represent the set of conditions that must be met for access to be granted. At least one of the fields must be set. # Optional. Dry-run access settings for this scoped access settings. This field may be empty if active_settings is set.
"accessLevels": [ # Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"
"A String",
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. Session settings applied to user access on a given AccessScope.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Presently only set for Cloud Apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling. Session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. Big red button to turn off GCSL. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when users GCP session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
},
"scope": { # Access scope represents the client scope, etc. to which the settings will be applied to. # Optional. Application, etc. to which the access settings will be applied to. Implicitly, this is the scoped access settings key; as such, it must be unique and non-empty.
"clientScope": { # Client scope represents the application, etc. subject to this binding's restrictions. # Optional. Client scope for this access scope.
"restrictedClientApplication": { # An application that accesses Google Cloud APIs. # Optional. The application that is subject to this binding's scope.
"clientId": "A String", # The OAuth client ID of the application.
"name": "A String", # The name of the application. Example: "Cloud Console"
},
},
},
},
],
"sessionSettings": { # Stores settings related to Google Cloud Session Length including session duration, the type of challenge (i.e. method) they should face when their session expires, and other related settings. # Optional. GCSL policy for the group key.
"maxInactivity": "A String", # Optional. How long a user is allowed to take between actions before a new access token must be issued. Presently only set for Cloud Apps.
"sessionLength": "A String", # Optional. The session length. Setting this field to zero is equal to disabling. Session. Also can set infinite session by flipping the enabled bit to false below. If use_oidc_max_age is true, for OIDC apps, the session length will be the minimum of this field and OIDC max_age param.
"sessionLengthEnabled": True or False, # Optional. Big red button to turn off GCSL. When false, all fields set above will be disregarded and the session length is basically infinite.
"sessionReauthMethod": "A String", # Optional. Session method when users GCP session is up.
"useOidcMaxAge": True or False, # Optional. Only useful for OIDC apps. When false, the OIDC max_age param, if passed in the authentication request will be ignored. When true, the re-auth period will be the minimum of the session_length field and the max_age OIDC param.
},
}
append: boolean, Optional. This field controls whether or not certain repeated settings in the update request overwrite or append to existing settings on the binding. If true, then append. Otherwise overwrite. So far, only scoped_access_settings with reauth_settings supports appending. Global access_levels, access_levels in scoped_access_settings, dry_run_access_levels, reauth_settings, and session_settings are not compatible with append functionality, and the request will return an error if append=true when these settings are in the update_mask. The request will also return an error if append=true when "scoped_access_settings" is not set in the update_mask.
updateMask: string, Required. Only the fields specified in this mask are updated. Because name and group_key cannot be changed, update_mask is required and may only contain the following fields: `access_levels`, `dry_run_access_levels`, `reauth_settings` `session_settings`, `scoped_access_settings`. update_mask { paths: "access_levels" }
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # This resource represents a long-running operation that is the result of a network API call.
"done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
"error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
"code": 42, # The status code, which should be an enum value of google.rpc.Code.
"details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
{
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
],
"message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
},
"metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
"name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
"response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
"a_key": "", # Properties of the object. Contains field @type with type URL.
},
}