Apigee API . organizations

Instance Methods

analytics()

Returns the analytics Resource.

apiproducts()

Returns the apiproducts Resource.

apis()

Returns the apis Resource.

appgroups()

Returns the appgroups Resource.

apps()

Returns the apps Resource.

datacollectors()

Returns the datacollectors Resource.

deployments()

Returns the deployments Resource.

developers()

Returns the developers Resource.

endpointAttachments()

Returns the endpointAttachments Resource.

envgroups()

Returns the envgroups Resource.

environments()

Returns the environments Resource.

hostQueries()

Returns the hostQueries Resource.

hostSecurityReports()

Returns the hostSecurityReports Resource.

hostStats()

Returns the hostStats Resource.

instances()

Returns the instances Resource.

keyvaluemaps()

Returns the keyvaluemaps Resource.

operations()

Returns the operations Resource.

optimizedHostStats()

Returns the optimizedHostStats Resource.

reports()

Returns the reports Resource.

securityAssessmentResults()

Returns the securityAssessmentResults Resource.

securityProfiles()

Returns the securityProfiles Resource.

securityProfilesV2()

Returns the securityProfilesV2 Resource.

sharedflows()

Returns the sharedflows Resource.

sites()

Returns the sites Resource.

close()

Close httplib2 connections.

create(body=None, parent=None, x__xgafv=None)

Creates an Apigee organization. See [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).

delete(name, retention=None, x__xgafv=None)

Delete an Apigee organization. For organizations with BillingType EVALUATION, an immediate deletion is performed. For paid organizations (Subscription or Pay-as-you-go), a soft-deletion is performed. The organization can be restored within the soft-deletion period, which is specified using the `retention` field in the request or by filing a support ticket with Apigee. During the data retention period specified in the request, the Apigee organization cannot be recreated in the same Google Cloud project. **IMPORTANT: The default data retention setting for this operation is 7 days. To permanently delete the organization in 24 hours, set the retention parameter to `MINIMUM`.**

get(name, x__xgafv=None)

Gets the profile for an Apigee organization. See [Understanding organizations](https://cloud.google.com/apigee/docs/api-platform/fundamentals/organization-structure).

getControlPlaneAccess(name, x__xgafv=None)

Lists the service accounts allowed to access Apigee control plane directly for limited functionality. **Note**: Available to Apigee hybrid only.

getDeployedIngressConfig(name, view=None, x__xgafv=None)

Gets the deployed ingress configuration for an organization.

getProjectMapping(name, x__xgafv=None)

Gets the project ID and region for an Apigee organization.

getRuntimeConfig(name, x__xgafv=None)

Get runtime config for an organization.

getSecuritySettings(name, x__xgafv=None)

GetSecuritySettings gets the security settings for API Security.

getSyncAuthorization(name, body=None, x__xgafv=None)

Lists the service accounts with the permissions required to allow the Synchronizer to download environment data from the control plane. An ETag is returned in the response to `getSyncAuthorization`. Pass that ETag when calling [setSyncAuthorization](setSyncAuthorization) to ensure that you are updating the correct version. If you don't pass the ETag in the call to `setSyncAuthorization`, then the existing authorization is overwritten indiscriminately. For more information, see [Configure the Synchronizer](https://cloud.google.com/apigee/docs/hybrid/latest/synchronizer-access). **Note**: Available to Apigee hybrid only.

list(parent, x__xgafv=None)

Lists the Apigee organizations and associated Google Cloud projects that you have permission to access. See [Understanding organizations](https://cloud.google.com/apigee/docs/api-platform/fundamentals/organization-structure).

setAddons(org, body=None, x__xgafv=None)

Configures the add-ons for the Apigee organization. The existing add-on configuration will be fully replaced.

setSyncAuthorization(name, body=None, x__xgafv=None)

Sets the permissions required to allow the Synchronizer to download environment data from the control plane. You must call this API to enable proper functioning of hybrid. Pass the ETag when calling `setSyncAuthorization` to ensure that you are updating the correct version. To get an ETag, call [getSyncAuthorization](getSyncAuthorization). If you don't pass the ETag in the call to `setSyncAuthorization`, then the existing authorization is overwritten indiscriminately. For more information, see [Configure the Synchronizer](https://cloud.google.com/apigee/docs/hybrid/latest/synchronizer-access). **Note**: Available to Apigee hybrid only.

update(name, body=None, x__xgafv=None)

Updates the properties for an Apigee organization. No other fields in the organization profile will be updated.

updateControlPlaneAccess(name, body=None, updateMask=None, x__xgafv=None)

Updates the permissions required to allow Apigee runtime-plane components access to the control plane. Currently, the permissions required are to: 1. Allow runtime components to publish analytics data to the control plane. **Note**: Available to Apigee hybrid only.

updateSecuritySettings(name, body=None, updateMask=None, x__xgafv=None)

UpdateSecuritySettings updates the current security settings for API Security.

Method Details

close()
Close httplib2 connections.
create(body=None, parent=None, x__xgafv=None)
Creates an Apigee organization. See [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).

Args:
  body: object, The request body.
    The object takes the form of:

{
  "addonsConfig": { # Add-on configurations for the Apigee organization. # Addon configurations of the Apigee organization.
    "advancedApiOpsConfig": { # Configuration for the Advanced API Ops add-on. # Configuration for the Advanced API Ops add-on.
      "enabled": True or False, # Flag that specifies whether the Advanced API Ops add-on is enabled.
    },
    "analyticsConfig": { # Configuration for the Analytics add-on. # Configuration for the Analytics add-on. Only used in organizations.environments.addonsConfig.
      "enabled": True or False, # Whether the Analytics add-on is enabled.
      "expireTimeMillis": "A String", # Output only. Time at which the Analytics add-on expires in milliseconds since epoch. If unspecified, the add-on will never expire.
      "state": "A String", # Output only. The state of the Analytics add-on.
      "updateTime": "A String", # Output only. The latest update time.
    },
    "apiSecurityConfig": { # Configurations of the API Security add-on. # Configuration for the API Security add-on.
      "enabled": True or False, # Flag that specifies whether the API security add-on is enabled.
      "expiresAt": "A String", # Output only. Time at which the API Security add-on expires in in milliseconds since epoch. If unspecified, the add-on will never expire.
    },
    "connectorsPlatformConfig": { # Configuration for the Connectors Platform add-on. # Configuration for the Connectors Platform add-on.
      "enabled": True or False, # Flag that specifies whether the Connectors Platform add-on is enabled.
      "expiresAt": "A String", # Output only. Time at which the Connectors Platform add-on expires in milliseconds since epoch. If unspecified, the add-on will never expire.
    },
    "integrationConfig": { # Configuration for the Integration add-on. # Configuration for the Integration add-on.
      "enabled": True or False, # Flag that specifies whether the Integration add-on is enabled.
    },
    "monetizationConfig": { # Configuration for the Monetization add-on. # Configuration for the Monetization add-on.
      "enabled": True or False, # Flag that specifies whether the Monetization add-on is enabled.
    },
  },
  "analyticsRegion": "A String", # Required. DEPRECATED: This field will eventually be deprecated and replaced with a differently-named field. Primary Google Cloud region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).
  "apiConsumerDataEncryptionKeyName": "A String", # Cloud KMS key name used for encrypting API consumer data. If not specified or [BillingType](#BillingType) is `EVALUATION`, a Google-Managed encryption key will be used. Format: `projects/*/locations/*/keyRings/*/cryptoKeys/*`
  "apiConsumerDataLocation": "A String", # This field is needed only for customers using non-default data residency regions. Apigee stores some control plane data only in single region. This field determines which single region Apigee should use. For example: "us-west1" when control plane is in US or "europe-west2" when control plane is in EU.
  "apigeeProjectId": "A String", # Output only. Apigee Project ID associated with the organization. Use this project to allowlist Apigee in the Service Attachment when using private service connect with Apigee.
  "attributes": [ # Not used by Apigee.
    "A String",
  ],
  "authorizedNetwork": "A String", # Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started). Valid only when [RuntimeType](#RuntimeType) is set to `CLOUD`. The value must be set before the creation of a runtime instance and can be updated only when there are no runtime instances. For example: `default`. When changing authorizedNetwork, you must reconfigure VPC peering. After VPC peering with previous network is deleted, [run the following command](https://cloud.google.com/sdk/gcloud/reference/services/vpc-peerings/delete): `gcloud services vpc-peerings delete --network=NETWORK`, where `NETWORK` is the name of the previous network. This will delete the previous Service Networking. Otherwise, you will get the following error: `The resource 'projects/...-tp' is already linked to another shared VPC host 'projects/...-tp`. Apigee also supports shared VPC (that is, the host network project is not the same as the one that is peering with Apigee). See [Shared VPC overview](https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid.
  "billingType": "A String", # Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing).
  "caCertificate": "A String", # Output only. Base64-encoded public certificate for the root CA of the Apigee organization. Valid only when [RuntimeType](#RuntimeType) is `CLOUD`.
  "controlPlaneEncryptionKeyName": "A String", # Cloud KMS key name used for encrypting control plane data that is stored in a multi region. Only used for the data residency region "US" or "EU". If not specified or [BillingType](#BillingType) is `EVALUATION`, a Google-Managed encryption key will be used. Format: `projects/*/locations/*/keyRings/*/cryptoKeys/*`
  "createdAt": "A String", # Output only. Time that the Apigee organization was created in milliseconds since epoch.
  "customerName": "A String", # Not used by Apigee.
  "description": "A String", # Description of the Apigee organization.
  "disableVpcPeering": True or False, # Optional. Flag that specifies whether the VPC Peering through Private Google Access should be disabled between the consumer network and Apigee. Valid only when RuntimeType is set to CLOUD. Required if an authorizedNetwork on the consumer project is not provided, in which case the flag should be set to true. The value must be set before the creation of any Apigee runtime instance and can be updated only when there are no runtime instances. **Note:** Apigee will be deprecating the vpc peering model that requires you to provide 'authorizedNetwork', by making the non-peering model as the default way of provisioning Apigee organization in future. So, this will be a temporary flag to enable the transition. Not supported for Apigee hybrid.
  "displayName": "A String", # Display name for the Apigee organization. Unused, but reserved for future use.
  "environments": [ # Output only. List of environments in the Apigee organization.
    "A String",
  ],
  "expiresAt": "A String", # Output only. Time that the Apigee organization is scheduled for deletion.
  "lastModifiedAt": "A String", # Output only. Time that the Apigee organization was last modified in milliseconds since epoch.
  "name": "A String", # Output only. Name of the Apigee organization.
  "portalDisabled": True or False, # Configuration for the Portals settings.
  "projectId": "A String", # Output only. Project ID associated with the Apigee organization.
  "properties": { # Message for compatibility with legacy Edge specification for Java Properties object in JSON. # Properties defined in the Apigee organization profile.
    "property": [ # List of all properties in the object
      { # A single property entry in the Properties message.
        "name": "A String", # The property key
        "value": "A String", # The property value
      },
    ],
  },
  "runtimeDatabaseEncryptionKeyName": "A String", # Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. If not specified or [RuntimeType](#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid.
  "runtimeType": "A String", # Required. Runtime type of the Apigee organization based on the Apigee subscription purchased.
  "state": "A String", # Output only. State of the organization. Values other than ACTIVE means the resource is not ready to use.
  "subscriptionPlan": "A String", # Output only. Subscription plan that the customer has purchased. Output only.
  "subscriptionType": "A String", # Output only. DEPRECATED: This will eventually be replaced by BillingType. Subscription type of the Apigee organization. Valid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased). See [Apigee pricing](https://cloud.google.com/apigee/pricing/).
  "type": "A String", # Not used by Apigee.
}

  parent: string, Required. Name of the Google Cloud project in which to associate the Apigee organization. Pass the information as a query parameter using the following structure in your request: `projects/`
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        "a_key": "", # Properties of the object. Contains field @type with type URL.
      },
    ],
    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  "response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
}
delete(name, retention=None, x__xgafv=None)
Delete an Apigee organization. For organizations with BillingType EVALUATION, an immediate deletion is performed. For paid organizations (Subscription or Pay-as-you-go), a soft-deletion is performed. The organization can be restored within the soft-deletion period, which is specified using the `retention` field in the request or by filing a support ticket with Apigee. During the data retention period specified in the request, the Apigee organization cannot be recreated in the same Google Cloud project. **IMPORTANT: The default data retention setting for this operation is 7 days. To permanently delete the organization in 24 hours, set the retention parameter to `MINIMUM`.**

Args:
  name: string, Required. Name of the organization. Use the following structure in your request: `organizations/{org}` (required)
  retention: string, Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType is not EVALUATION). It controls how long Organization data will be retained after the initial delete operation completes. During this period, the Organization may be restored to its last known state. After this period, the Organization will no longer be able to be restored. **Note: During the data retention period specified using this field, the Apigee organization cannot be recreated in the same Google Cloud project.**
    Allowed values
      DELETION_RETENTION_UNSPECIFIED - Default data retention setting of seven days will be applied.
      MINIMUM - Organization data will be retained for the minimum period of 24 hours.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        "a_key": "", # Properties of the object. Contains field @type with type URL.
      },
    ],
    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  "response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
}
get(name, x__xgafv=None)
Gets the profile for an Apigee organization. See [Understanding organizations](https://cloud.google.com/apigee/docs/api-platform/fundamentals/organization-structure).

Args:
  name: string, Required. Apigee organization name in the following format: `organizations/{org}` (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    {
  "addonsConfig": { # Add-on configurations for the Apigee organization. # Addon configurations of the Apigee organization.
    "advancedApiOpsConfig": { # Configuration for the Advanced API Ops add-on. # Configuration for the Advanced API Ops add-on.
      "enabled": True or False, # Flag that specifies whether the Advanced API Ops add-on is enabled.
    },
    "analyticsConfig": { # Configuration for the Analytics add-on. # Configuration for the Analytics add-on. Only used in organizations.environments.addonsConfig.
      "enabled": True or False, # Whether the Analytics add-on is enabled.
      "expireTimeMillis": "A String", # Output only. Time at which the Analytics add-on expires in milliseconds since epoch. If unspecified, the add-on will never expire.
      "state": "A String", # Output only. The state of the Analytics add-on.
      "updateTime": "A String", # Output only. The latest update time.
    },
    "apiSecurityConfig": { # Configurations of the API Security add-on. # Configuration for the API Security add-on.
      "enabled": True or False, # Flag that specifies whether the API security add-on is enabled.
      "expiresAt": "A String", # Output only. Time at which the API Security add-on expires in in milliseconds since epoch. If unspecified, the add-on will never expire.
    },
    "connectorsPlatformConfig": { # Configuration for the Connectors Platform add-on. # Configuration for the Connectors Platform add-on.
      "enabled": True or False, # Flag that specifies whether the Connectors Platform add-on is enabled.
      "expiresAt": "A String", # Output only. Time at which the Connectors Platform add-on expires in milliseconds since epoch. If unspecified, the add-on will never expire.
    },
    "integrationConfig": { # Configuration for the Integration add-on. # Configuration for the Integration add-on.
      "enabled": True or False, # Flag that specifies whether the Integration add-on is enabled.
    },
    "monetizationConfig": { # Configuration for the Monetization add-on. # Configuration for the Monetization add-on.
      "enabled": True or False, # Flag that specifies whether the Monetization add-on is enabled.
    },
  },
  "analyticsRegion": "A String", # Required. DEPRECATED: This field will eventually be deprecated and replaced with a differently-named field. Primary Google Cloud region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).
  "apiConsumerDataEncryptionKeyName": "A String", # Cloud KMS key name used for encrypting API consumer data. If not specified or [BillingType](#BillingType) is `EVALUATION`, a Google-Managed encryption key will be used. Format: `projects/*/locations/*/keyRings/*/cryptoKeys/*`
  "apiConsumerDataLocation": "A String", # This field is needed only for customers using non-default data residency regions. Apigee stores some control plane data only in single region. This field determines which single region Apigee should use. For example: "us-west1" when control plane is in US or "europe-west2" when control plane is in EU.
  "apigeeProjectId": "A String", # Output only. Apigee Project ID associated with the organization. Use this project to allowlist Apigee in the Service Attachment when using private service connect with Apigee.
  "attributes": [ # Not used by Apigee.
    "A String",
  ],
  "authorizedNetwork": "A String", # Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started). Valid only when [RuntimeType](#RuntimeType) is set to `CLOUD`. The value must be set before the creation of a runtime instance and can be updated only when there are no runtime instances. For example: `default`. When changing authorizedNetwork, you must reconfigure VPC peering. After VPC peering with previous network is deleted, [run the following command](https://cloud.google.com/sdk/gcloud/reference/services/vpc-peerings/delete): `gcloud services vpc-peerings delete --network=NETWORK`, where `NETWORK` is the name of the previous network. This will delete the previous Service Networking. Otherwise, you will get the following error: `The resource 'projects/...-tp' is already linked to another shared VPC host 'projects/...-tp`. Apigee also supports shared VPC (that is, the host network project is not the same as the one that is peering with Apigee). See [Shared VPC overview](https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid.
  "billingType": "A String", # Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing).
  "caCertificate": "A String", # Output only. Base64-encoded public certificate for the root CA of the Apigee organization. Valid only when [RuntimeType](#RuntimeType) is `CLOUD`.
  "controlPlaneEncryptionKeyName": "A String", # Cloud KMS key name used for encrypting control plane data that is stored in a multi region. Only used for the data residency region "US" or "EU". If not specified or [BillingType](#BillingType) is `EVALUATION`, a Google-Managed encryption key will be used. Format: `projects/*/locations/*/keyRings/*/cryptoKeys/*`
  "createdAt": "A String", # Output only. Time that the Apigee organization was created in milliseconds since epoch.
  "customerName": "A String", # Not used by Apigee.
  "description": "A String", # Description of the Apigee organization.
  "disableVpcPeering": True or False, # Optional. Flag that specifies whether the VPC Peering through Private Google Access should be disabled between the consumer network and Apigee. Valid only when RuntimeType is set to CLOUD. Required if an authorizedNetwork on the consumer project is not provided, in which case the flag should be set to true. The value must be set before the creation of any Apigee runtime instance and can be updated only when there are no runtime instances. **Note:** Apigee will be deprecating the vpc peering model that requires you to provide 'authorizedNetwork', by making the non-peering model as the default way of provisioning Apigee organization in future. So, this will be a temporary flag to enable the transition. Not supported for Apigee hybrid.
  "displayName": "A String", # Display name for the Apigee organization. Unused, but reserved for future use.
  "environments": [ # Output only. List of environments in the Apigee organization.
    "A String",
  ],
  "expiresAt": "A String", # Output only. Time that the Apigee organization is scheduled for deletion.
  "lastModifiedAt": "A String", # Output only. Time that the Apigee organization was last modified in milliseconds since epoch.
  "name": "A String", # Output only. Name of the Apigee organization.
  "portalDisabled": True or False, # Configuration for the Portals settings.
  "projectId": "A String", # Output only. Project ID associated with the Apigee organization.
  "properties": { # Message for compatibility with legacy Edge specification for Java Properties object in JSON. # Properties defined in the Apigee organization profile.
    "property": [ # List of all properties in the object
      { # A single property entry in the Properties message.
        "name": "A String", # The property key
        "value": "A String", # The property value
      },
    ],
  },
  "runtimeDatabaseEncryptionKeyName": "A String", # Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. If not specified or [RuntimeType](#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid.
  "runtimeType": "A String", # Required. Runtime type of the Apigee organization based on the Apigee subscription purchased.
  "state": "A String", # Output only. State of the organization. Values other than ACTIVE means the resource is not ready to use.
  "subscriptionPlan": "A String", # Output only. Subscription plan that the customer has purchased. Output only.
  "subscriptionType": "A String", # Output only. DEPRECATED: This will eventually be replaced by BillingType. Subscription type of the Apigee organization. Valid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased). See [Apigee pricing](https://cloud.google.com/apigee/pricing/).
  "type": "A String", # Not used by Apigee.
}
getControlPlaneAccess(name, x__xgafv=None)
Lists the service accounts allowed to access Apigee control plane directly for limited functionality. **Note**: Available to Apigee hybrid only.

Args:
  name: string, Required. Resource name of the Control Plane Access. Use the following structure in your request: `organizations/{org}/controlPlaneAccess` (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # ControlPlaneAccess is the request body and response body of UpdateControlPlaneAccess. and the response body of GetControlPlaneAccess. The input identities contains an array of service accounts to grant access to the respective control plane resource, with each service account specified using the following format: `serviceAccount:`***service-account-name***. The ***service-account-name*** is formatted like an email address. For example: `my-control-plane-service_account@my_project_id.iam.gserviceaccount.com` You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one.
  "analyticsPublisherIdentities": [ # Optional. Array of service accounts authorized to publish analytics data to the control plane (for the Message Processor component).
    "A String",
  ],
  "name": "A String", # Identifier. The resource name of the ControlPlaneAccess. Format: "organizations/{org}/controlPlaneAccess"
  "synchronizerIdentities": [ # Optional. Array of service accounts to grant access to control plane resources (for the Synchronizer component). The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/latest/sa-about#create-the-service-accounts).
    "A String",
  ],
}
getDeployedIngressConfig(name, view=None, x__xgafv=None)
Gets the deployed ingress configuration for an organization.

Args:
  name: string, Required. Name of the deployed configuration for the organization in the following format: 'organizations/{org}/deployedIngressConfig'. (required)
  view: string, When set to FULL, additional details about the specific deployments receiving traffic will be included in the IngressConfig response's RoutingRules.
    Allowed values
      INGRESS_CONFIG_VIEW_UNSPECIFIED - The default/unset value. The API will default to the BASIC view.
      BASIC - Include all ingress config data necessary for the runtime to configure ingress, but no more. Routing rules will include only basepath and destination environment. This the default value.
      FULL - Include all ingress config data, including internal debug info for each routing rule such as the proxy claiming a particular basepath and when the routing rule first appeared in the env group.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    {
  "environmentGroups": [ # List of environment groups in the organization.
    { # EnvironmentGroupConfig is a revisioned snapshot of an EnvironmentGroup and its associated routing rules.
      "endpointChainingRules": [ # A list of proxies in each deployment group for proxy chaining calls.
        { # EndpointChainingRule specifies the proxies contained in a particular deployment group, so that other deployment groups can find them in chaining calls.
          "deploymentGroup": "A String", # The deployment group to target for cross-shard chaining calls to these proxies.
          "proxyIds": [ # List of proxy ids which may be found in the given deployment group.
            "A String",
          ],
        },
      ],
      "hostnames": [ # Host names for the environment group.
        "A String",
      ],
      "location": "A String", # When this message appears in the top-level IngressConfig, this field will be populated in lieu of the inlined routing_rules and hostnames fields. Some URL for downloading the full EnvironmentGroupConfig for this group.
      "name": "A String", # Name of the environment group in the following format: `organizations/{org}/envgroups/{envgroup}`.
      "revisionId": "A String", # Revision id that defines the ordering of the EnvironmentGroupConfig resource. The higher the revision, the more recently the configuration was deployed.
      "routingRules": [ # Ordered list of routing rules defining how traffic to this environment group's hostnames should be routed to different environments.
        {
          "basepath": "A String", # URI path prefix used to route to the specified environment. May contain one or more wildcards. For example, path segments consisting of a single `*` character will match any string.
          "deploymentGroup": "A String", # Name of a deployment group in an environment bound to the environment group in the following format: `organizations/{org}/environment/{env}/deploymentGroups/{group}` Only one of environment or deployment_group will be set.
          "envGroupRevision": "A String", # The env group config revision_id when this rule was added or last updated. This value is set when the rule is created and will only update if the the environment_id changes. It is used to determine if the runtime is up to date with respect to this rule. This field is omitted from the IngressConfig unless the GetDeployedIngressConfig API is called with view=FULL.
          "environment": "A String", # Name of an environment bound to the environment group in the following format: `organizations/{org}/environments/{env}`. Only one of environment or deployment_group will be set.
          "otherTargets": [ # Conflicting targets, which will be resource names specifying either deployment groups or environments.
            "A String",
          ],
          "receiver": "A String", # The resource name of the proxy revision that is receiving this basepath in the following format: `organizations/{org}/apis/{api}/revisions/{rev}`. This field is omitted from the IngressConfig unless the GetDeployedIngressConfig API is called with view=FULL.
          "updateTime": "A String", # The unix timestamp when this rule was updated. This is updated whenever env_group_revision is updated. This field is omitted from the IngressConfig unless the GetDeployedIngressConfig API is called with view=FULL.
        },
      ],
      "uid": "A String", # A unique id for the environment group config that will only change if the environment group is deleted and recreated.
    },
  ],
  "name": "A String", # Name of the resource in the following format: `organizations/{org}/deployedIngressConfig`.
  "revisionCreateTime": "A String", # Time at which the IngressConfig revision was created.
  "revisionId": "A String", # Revision id that defines the ordering on IngressConfig resources. The higher the revision, the more recently the configuration was deployed.
  "uid": "A String", # A unique id for the ingress config that will only change if the organization is deleted and recreated.
}
getProjectMapping(name, x__xgafv=None)
Gets the project ID and region for an Apigee organization.

Args:
  name: string, Required. Apigee organization name in the following format: `organizations/{org}` (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    {
  "location": "A String", # Output only. The Google Cloud region where control plane data is located. For more information, see https://cloud.google.com/about/locations/.
  "organization": "A String", # Name of the Apigee organization.
  "projectId": "A String", # Google Cloud project associated with the Apigee organization
  "projectIds": [ # DEPRECATED: Use `project_id`. An Apigee Organization is mapped to a single project.
    "A String",
  ],
}
getRuntimeConfig(name, x__xgafv=None)
Get runtime config for an organization.

Args:
  name: string, Required. Name of the runtime config for the organization in the following format: 'organizations/{org}/runtimeConfig'. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Runtime configuration for the organization. Response for GetRuntimeConfig.
  "analyticsBucket": "A String", # Cloud Storage bucket used for uploading Analytics records.
  "name": "A String", # Name of the resource in the following format: `organizations/{org}/runtimeConfig`.
  "tenantProjectId": "A String", # Output only. Tenant project ID associated with the Apigee organization. The tenant project is used to host Google-managed resources that are dedicated to this Apigee organization. Clients have limited access to resources within the tenant project used to support Apigee runtime instances. Access to the tenant project is managed using SetSyncAuthorization. It can be empty if the tenant project hasn't been created yet.
  "traceBucket": "A String", # Cloud Storage bucket used for uploading Trace records.
}
getSecuritySettings(name, x__xgafv=None)
GetSecuritySettings gets the security settings for API Security.

Args:
  name: string, Required. The name of the SecuritySettings to retrieve. This will always be: 'organizations/{org}/securitySettings'. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # SecuritySettings reflects the current state of the SecuritySettings feature.
  "mlRetrainingFeedbackEnabled": True or False, # Optional. If true the user consents to the use of ML models for Abuse detection.
  "name": "A String", # Identifier. Full resource name is always `organizations/{org}/securitySettings`.
}
getSyncAuthorization(name, body=None, x__xgafv=None)
Lists the service accounts with the permissions required to allow the Synchronizer to download environment data from the control plane. An ETag is returned in the response to `getSyncAuthorization`. Pass that ETag when calling [setSyncAuthorization](setSyncAuthorization) to ensure that you are updating the correct version. If you don't pass the ETag in the call to `setSyncAuthorization`, then the existing authorization is overwritten indiscriminately. For more information, see [Configure the Synchronizer](https://cloud.google.com/apigee/docs/hybrid/latest/synchronizer-access). **Note**: Available to Apigee hybrid only.

Args:
  name: string, Required. Name of the Apigee organization. Use the following structure in your request: `organizations/{org}` (required)
  body: object, The request body.
    The object takes the form of:

{ # Request for GetSyncAuthorization.
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    {
  "etag": "A String", # Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. For example, when you call [getSyncAuthorization](organizations/getSyncAuthorization) an ETag is returned in the response. Pass that ETag when calling the [setSyncAuthorization](organizations/setSyncAuthorization) to ensure that you are updating the correct version. If you don't pass the ETag in the call to `setSyncAuthorization`, then the existing authorization is overwritten indiscriminately. **Note**: We strongly recommend that you use the ETag in the read-modify-write cycle to avoid race conditions.
  "identities": [ # Required. Array of service accounts to grant access to control plane resources, each specified using the following format: `serviceAccount:` service-account-name. The service-account-name is formatted like an email address. For example: `my-synchronizer-manager-service_account@my_project_id.iam.gserviceaccount.com` You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/latest/sa-about#create-the-service-accounts).
    "A String",
  ],
}
list(parent, x__xgafv=None)
Lists the Apigee organizations and associated Google Cloud projects that you have permission to access. See [Understanding organizations](https://cloud.google.com/apigee/docs/api-platform/fundamentals/organization-structure).

Args:
  parent: string, Required. Use the following structure in your request: `organizations` (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    {
  "organizations": [ # List of Apigee organizations and associated Google Cloud projects.
    {
      "location": "A String", # Output only. The Google Cloud region where control plane data is located. For more information, see https://cloud.google.com/about/locations/.
      "organization": "A String", # Name of the Apigee organization.
      "projectId": "A String", # Google Cloud project associated with the Apigee organization
      "projectIds": [ # DEPRECATED: Use `project_id`. An Apigee Organization is mapped to a single project.
        "A String",
      ],
    },
  ],
}
setAddons(org, body=None, x__xgafv=None)
Configures the add-ons for the Apigee organization. The existing add-on configuration will be fully replaced.

Args:
  org: string, Required. Name of the organization. Use the following structure in your request: `organizations/{org}` (required)
  body: object, The request body.
    The object takes the form of:

{ # Request for SetAddons.
  "addonsConfig": { # Add-on configurations for the Apigee organization. # Required. Add-on configurations.
    "advancedApiOpsConfig": { # Configuration for the Advanced API Ops add-on. # Configuration for the Advanced API Ops add-on.
      "enabled": True or False, # Flag that specifies whether the Advanced API Ops add-on is enabled.
    },
    "analyticsConfig": { # Configuration for the Analytics add-on. # Configuration for the Analytics add-on. Only used in organizations.environments.addonsConfig.
      "enabled": True or False, # Whether the Analytics add-on is enabled.
      "expireTimeMillis": "A String", # Output only. Time at which the Analytics add-on expires in milliseconds since epoch. If unspecified, the add-on will never expire.
      "state": "A String", # Output only. The state of the Analytics add-on.
      "updateTime": "A String", # Output only. The latest update time.
    },
    "apiSecurityConfig": { # Configurations of the API Security add-on. # Configuration for the API Security add-on.
      "enabled": True or False, # Flag that specifies whether the API security add-on is enabled.
      "expiresAt": "A String", # Output only. Time at which the API Security add-on expires in in milliseconds since epoch. If unspecified, the add-on will never expire.
    },
    "connectorsPlatformConfig": { # Configuration for the Connectors Platform add-on. # Configuration for the Connectors Platform add-on.
      "enabled": True or False, # Flag that specifies whether the Connectors Platform add-on is enabled.
      "expiresAt": "A String", # Output only. Time at which the Connectors Platform add-on expires in milliseconds since epoch. If unspecified, the add-on will never expire.
    },
    "integrationConfig": { # Configuration for the Integration add-on. # Configuration for the Integration add-on.
      "enabled": True or False, # Flag that specifies whether the Integration add-on is enabled.
    },
    "monetizationConfig": { # Configuration for the Monetization add-on. # Configuration for the Monetization add-on.
      "enabled": True or False, # Flag that specifies whether the Monetization add-on is enabled.
    },
  },
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        "a_key": "", # Properties of the object. Contains field @type with type URL.
      },
    ],
    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  "response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
}
setSyncAuthorization(name, body=None, x__xgafv=None)
Sets the permissions required to allow the Synchronizer to download environment data from the control plane. You must call this API to enable proper functioning of hybrid. Pass the ETag when calling `setSyncAuthorization` to ensure that you are updating the correct version. To get an ETag, call [getSyncAuthorization](getSyncAuthorization). If you don't pass the ETag in the call to `setSyncAuthorization`, then the existing authorization is overwritten indiscriminately. For more information, see [Configure the Synchronizer](https://cloud.google.com/apigee/docs/hybrid/latest/synchronizer-access). **Note**: Available to Apigee hybrid only.

Args:
  name: string, Required. Name of the Apigee organization. Use the following structure in your request: `organizations/{org}` (required)
  body: object, The request body.
    The object takes the form of:

{
  "etag": "A String", # Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. For example, when you call [getSyncAuthorization](organizations/getSyncAuthorization) an ETag is returned in the response. Pass that ETag when calling the [setSyncAuthorization](organizations/setSyncAuthorization) to ensure that you are updating the correct version. If you don't pass the ETag in the call to `setSyncAuthorization`, then the existing authorization is overwritten indiscriminately. **Note**: We strongly recommend that you use the ETag in the read-modify-write cycle to avoid race conditions.
  "identities": [ # Required. Array of service accounts to grant access to control plane resources, each specified using the following format: `serviceAccount:` service-account-name. The service-account-name is formatted like an email address. For example: `my-synchronizer-manager-service_account@my_project_id.iam.gserviceaccount.com` You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/latest/sa-about#create-the-service-accounts).
    "A String",
  ],
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    {
  "etag": "A String", # Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other. For example, when you call [getSyncAuthorization](organizations/getSyncAuthorization) an ETag is returned in the response. Pass that ETag when calling the [setSyncAuthorization](organizations/setSyncAuthorization) to ensure that you are updating the correct version. If you don't pass the ETag in the call to `setSyncAuthorization`, then the existing authorization is overwritten indiscriminately. **Note**: We strongly recommend that you use the ETag in the read-modify-write cycle to avoid race conditions.
  "identities": [ # Required. Array of service accounts to grant access to control plane resources, each specified using the following format: `serviceAccount:` service-account-name. The service-account-name is formatted like an email address. For example: `my-synchronizer-manager-service_account@my_project_id.iam.gserviceaccount.com` You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one. The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/latest/sa-about#create-the-service-accounts).
    "A String",
  ],
}
update(name, body=None, x__xgafv=None)
Updates the properties for an Apigee organization. No other fields in the organization profile will be updated.

Args:
  name: string, Required. Apigee organization name in the following format: `organizations/{org}` (required)
  body: object, The request body.
    The object takes the form of:

{
  "addonsConfig": { # Add-on configurations for the Apigee organization. # Addon configurations of the Apigee organization.
    "advancedApiOpsConfig": { # Configuration for the Advanced API Ops add-on. # Configuration for the Advanced API Ops add-on.
      "enabled": True or False, # Flag that specifies whether the Advanced API Ops add-on is enabled.
    },
    "analyticsConfig": { # Configuration for the Analytics add-on. # Configuration for the Analytics add-on. Only used in organizations.environments.addonsConfig.
      "enabled": True or False, # Whether the Analytics add-on is enabled.
      "expireTimeMillis": "A String", # Output only. Time at which the Analytics add-on expires in milliseconds since epoch. If unspecified, the add-on will never expire.
      "state": "A String", # Output only. The state of the Analytics add-on.
      "updateTime": "A String", # Output only. The latest update time.
    },
    "apiSecurityConfig": { # Configurations of the API Security add-on. # Configuration for the API Security add-on.
      "enabled": True or False, # Flag that specifies whether the API security add-on is enabled.
      "expiresAt": "A String", # Output only. Time at which the API Security add-on expires in in milliseconds since epoch. If unspecified, the add-on will never expire.
    },
    "connectorsPlatformConfig": { # Configuration for the Connectors Platform add-on. # Configuration for the Connectors Platform add-on.
      "enabled": True or False, # Flag that specifies whether the Connectors Platform add-on is enabled.
      "expiresAt": "A String", # Output only. Time at which the Connectors Platform add-on expires in milliseconds since epoch. If unspecified, the add-on will never expire.
    },
    "integrationConfig": { # Configuration for the Integration add-on. # Configuration for the Integration add-on.
      "enabled": True or False, # Flag that specifies whether the Integration add-on is enabled.
    },
    "monetizationConfig": { # Configuration for the Monetization add-on. # Configuration for the Monetization add-on.
      "enabled": True or False, # Flag that specifies whether the Monetization add-on is enabled.
    },
  },
  "analyticsRegion": "A String", # Required. DEPRECATED: This field will eventually be deprecated and replaced with a differently-named field. Primary Google Cloud region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).
  "apiConsumerDataEncryptionKeyName": "A String", # Cloud KMS key name used for encrypting API consumer data. If not specified or [BillingType](#BillingType) is `EVALUATION`, a Google-Managed encryption key will be used. Format: `projects/*/locations/*/keyRings/*/cryptoKeys/*`
  "apiConsumerDataLocation": "A String", # This field is needed only for customers using non-default data residency regions. Apigee stores some control plane data only in single region. This field determines which single region Apigee should use. For example: "us-west1" when control plane is in US or "europe-west2" when control plane is in EU.
  "apigeeProjectId": "A String", # Output only. Apigee Project ID associated with the organization. Use this project to allowlist Apigee in the Service Attachment when using private service connect with Apigee.
  "attributes": [ # Not used by Apigee.
    "A String",
  ],
  "authorizedNetwork": "A String", # Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started). Valid only when [RuntimeType](#RuntimeType) is set to `CLOUD`. The value must be set before the creation of a runtime instance and can be updated only when there are no runtime instances. For example: `default`. When changing authorizedNetwork, you must reconfigure VPC peering. After VPC peering with previous network is deleted, [run the following command](https://cloud.google.com/sdk/gcloud/reference/services/vpc-peerings/delete): `gcloud services vpc-peerings delete --network=NETWORK`, where `NETWORK` is the name of the previous network. This will delete the previous Service Networking. Otherwise, you will get the following error: `The resource 'projects/...-tp' is already linked to another shared VPC host 'projects/...-tp`. Apigee also supports shared VPC (that is, the host network project is not the same as the one that is peering with Apigee). See [Shared VPC overview](https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid.
  "billingType": "A String", # Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing).
  "caCertificate": "A String", # Output only. Base64-encoded public certificate for the root CA of the Apigee organization. Valid only when [RuntimeType](#RuntimeType) is `CLOUD`.
  "controlPlaneEncryptionKeyName": "A String", # Cloud KMS key name used for encrypting control plane data that is stored in a multi region. Only used for the data residency region "US" or "EU". If not specified or [BillingType](#BillingType) is `EVALUATION`, a Google-Managed encryption key will be used. Format: `projects/*/locations/*/keyRings/*/cryptoKeys/*`
  "createdAt": "A String", # Output only. Time that the Apigee organization was created in milliseconds since epoch.
  "customerName": "A String", # Not used by Apigee.
  "description": "A String", # Description of the Apigee organization.
  "disableVpcPeering": True or False, # Optional. Flag that specifies whether the VPC Peering through Private Google Access should be disabled between the consumer network and Apigee. Valid only when RuntimeType is set to CLOUD. Required if an authorizedNetwork on the consumer project is not provided, in which case the flag should be set to true. The value must be set before the creation of any Apigee runtime instance and can be updated only when there are no runtime instances. **Note:** Apigee will be deprecating the vpc peering model that requires you to provide 'authorizedNetwork', by making the non-peering model as the default way of provisioning Apigee organization in future. So, this will be a temporary flag to enable the transition. Not supported for Apigee hybrid.
  "displayName": "A String", # Display name for the Apigee organization. Unused, but reserved for future use.
  "environments": [ # Output only. List of environments in the Apigee organization.
    "A String",
  ],
  "expiresAt": "A String", # Output only. Time that the Apigee organization is scheduled for deletion.
  "lastModifiedAt": "A String", # Output only. Time that the Apigee organization was last modified in milliseconds since epoch.
  "name": "A String", # Output only. Name of the Apigee organization.
  "portalDisabled": True or False, # Configuration for the Portals settings.
  "projectId": "A String", # Output only. Project ID associated with the Apigee organization.
  "properties": { # Message for compatibility with legacy Edge specification for Java Properties object in JSON. # Properties defined in the Apigee organization profile.
    "property": [ # List of all properties in the object
      { # A single property entry in the Properties message.
        "name": "A String", # The property key
        "value": "A String", # The property value
      },
    ],
  },
  "runtimeDatabaseEncryptionKeyName": "A String", # Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. If not specified or [RuntimeType](#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid.
  "runtimeType": "A String", # Required. Runtime type of the Apigee organization based on the Apigee subscription purchased.
  "state": "A String", # Output only. State of the organization. Values other than ACTIVE means the resource is not ready to use.
  "subscriptionPlan": "A String", # Output only. Subscription plan that the customer has purchased. Output only.
  "subscriptionType": "A String", # Output only. DEPRECATED: This will eventually be replaced by BillingType. Subscription type of the Apigee organization. Valid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased). See [Apigee pricing](https://cloud.google.com/apigee/pricing/).
  "type": "A String", # Not used by Apigee.
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    {
  "addonsConfig": { # Add-on configurations for the Apigee organization. # Addon configurations of the Apigee organization.
    "advancedApiOpsConfig": { # Configuration for the Advanced API Ops add-on. # Configuration for the Advanced API Ops add-on.
      "enabled": True or False, # Flag that specifies whether the Advanced API Ops add-on is enabled.
    },
    "analyticsConfig": { # Configuration for the Analytics add-on. # Configuration for the Analytics add-on. Only used in organizations.environments.addonsConfig.
      "enabled": True or False, # Whether the Analytics add-on is enabled.
      "expireTimeMillis": "A String", # Output only. Time at which the Analytics add-on expires in milliseconds since epoch. If unspecified, the add-on will never expire.
      "state": "A String", # Output only. The state of the Analytics add-on.
      "updateTime": "A String", # Output only. The latest update time.
    },
    "apiSecurityConfig": { # Configurations of the API Security add-on. # Configuration for the API Security add-on.
      "enabled": True or False, # Flag that specifies whether the API security add-on is enabled.
      "expiresAt": "A String", # Output only. Time at which the API Security add-on expires in in milliseconds since epoch. If unspecified, the add-on will never expire.
    },
    "connectorsPlatformConfig": { # Configuration for the Connectors Platform add-on. # Configuration for the Connectors Platform add-on.
      "enabled": True or False, # Flag that specifies whether the Connectors Platform add-on is enabled.
      "expiresAt": "A String", # Output only. Time at which the Connectors Platform add-on expires in milliseconds since epoch. If unspecified, the add-on will never expire.
    },
    "integrationConfig": { # Configuration for the Integration add-on. # Configuration for the Integration add-on.
      "enabled": True or False, # Flag that specifies whether the Integration add-on is enabled.
    },
    "monetizationConfig": { # Configuration for the Monetization add-on. # Configuration for the Monetization add-on.
      "enabled": True or False, # Flag that specifies whether the Monetization add-on is enabled.
    },
  },
  "analyticsRegion": "A String", # Required. DEPRECATED: This field will eventually be deprecated and replaced with a differently-named field. Primary Google Cloud region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).
  "apiConsumerDataEncryptionKeyName": "A String", # Cloud KMS key name used for encrypting API consumer data. If not specified or [BillingType](#BillingType) is `EVALUATION`, a Google-Managed encryption key will be used. Format: `projects/*/locations/*/keyRings/*/cryptoKeys/*`
  "apiConsumerDataLocation": "A String", # This field is needed only for customers using non-default data residency regions. Apigee stores some control plane data only in single region. This field determines which single region Apigee should use. For example: "us-west1" when control plane is in US or "europe-west2" when control plane is in EU.
  "apigeeProjectId": "A String", # Output only. Apigee Project ID associated with the organization. Use this project to allowlist Apigee in the Service Attachment when using private service connect with Apigee.
  "attributes": [ # Not used by Apigee.
    "A String",
  ],
  "authorizedNetwork": "A String", # Compute Engine network used for Service Networking to be peered with Apigee runtime instances. See [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started). Valid only when [RuntimeType](#RuntimeType) is set to `CLOUD`. The value must be set before the creation of a runtime instance and can be updated only when there are no runtime instances. For example: `default`. When changing authorizedNetwork, you must reconfigure VPC peering. After VPC peering with previous network is deleted, [run the following command](https://cloud.google.com/sdk/gcloud/reference/services/vpc-peerings/delete): `gcloud services vpc-peerings delete --network=NETWORK`, where `NETWORK` is the name of the previous network. This will delete the previous Service Networking. Otherwise, you will get the following error: `The resource 'projects/...-tp' is already linked to another shared VPC host 'projects/...-tp`. Apigee also supports shared VPC (that is, the host network project is not the same as the one that is peering with Apigee). See [Shared VPC overview](https://cloud.google.com/vpc/docs/shared-vpc). To use a shared VPC network, use the following format: `projects/{host-project-id}/{region}/networks/{network-name}`. For example: `projects/my-sharedvpc-host/global/networks/mynetwork` **Note:** Not supported for Apigee hybrid.
  "billingType": "A String", # Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing).
  "caCertificate": "A String", # Output only. Base64-encoded public certificate for the root CA of the Apigee organization. Valid only when [RuntimeType](#RuntimeType) is `CLOUD`.
  "controlPlaneEncryptionKeyName": "A String", # Cloud KMS key name used for encrypting control plane data that is stored in a multi region. Only used for the data residency region "US" or "EU". If not specified or [BillingType](#BillingType) is `EVALUATION`, a Google-Managed encryption key will be used. Format: `projects/*/locations/*/keyRings/*/cryptoKeys/*`
  "createdAt": "A String", # Output only. Time that the Apigee organization was created in milliseconds since epoch.
  "customerName": "A String", # Not used by Apigee.
  "description": "A String", # Description of the Apigee organization.
  "disableVpcPeering": True or False, # Optional. Flag that specifies whether the VPC Peering through Private Google Access should be disabled between the consumer network and Apigee. Valid only when RuntimeType is set to CLOUD. Required if an authorizedNetwork on the consumer project is not provided, in which case the flag should be set to true. The value must be set before the creation of any Apigee runtime instance and can be updated only when there are no runtime instances. **Note:** Apigee will be deprecating the vpc peering model that requires you to provide 'authorizedNetwork', by making the non-peering model as the default way of provisioning Apigee organization in future. So, this will be a temporary flag to enable the transition. Not supported for Apigee hybrid.
  "displayName": "A String", # Display name for the Apigee organization. Unused, but reserved for future use.
  "environments": [ # Output only. List of environments in the Apigee organization.
    "A String",
  ],
  "expiresAt": "A String", # Output only. Time that the Apigee organization is scheduled for deletion.
  "lastModifiedAt": "A String", # Output only. Time that the Apigee organization was last modified in milliseconds since epoch.
  "name": "A String", # Output only. Name of the Apigee organization.
  "portalDisabled": True or False, # Configuration for the Portals settings.
  "projectId": "A String", # Output only. Project ID associated with the Apigee organization.
  "properties": { # Message for compatibility with legacy Edge specification for Java Properties object in JSON. # Properties defined in the Apigee organization profile.
    "property": [ # List of all properties in the object
      { # A single property entry in the Properties message.
        "name": "A String", # The property key
        "value": "A String", # The property value
      },
    ],
  },
  "runtimeDatabaseEncryptionKeyName": "A String", # Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances. Update is not allowed after the organization is created. If not specified or [RuntimeType](#RuntimeType) is `TRIAL`, a Google-Managed encryption key will be used. For example: "projects/foo/locations/us/keyRings/bar/cryptoKeys/baz". **Note:** Not supported for Apigee hybrid.
  "runtimeType": "A String", # Required. Runtime type of the Apigee organization based on the Apigee subscription purchased.
  "state": "A String", # Output only. State of the organization. Values other than ACTIVE means the resource is not ready to use.
  "subscriptionPlan": "A String", # Output only. Subscription plan that the customer has purchased. Output only.
  "subscriptionType": "A String", # Output only. DEPRECATED: This will eventually be replaced by BillingType. Subscription type of the Apigee organization. Valid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased). See [Apigee pricing](https://cloud.google.com/apigee/pricing/).
  "type": "A String", # Not used by Apigee.
}
updateControlPlaneAccess(name, body=None, updateMask=None, x__xgafv=None)
Updates the permissions required to allow Apigee runtime-plane components access to the control plane. Currently, the permissions required are to: 1. Allow runtime components to publish analytics data to the control plane. **Note**: Available to Apigee hybrid only.

Args:
  name: string, Identifier. The resource name of the ControlPlaneAccess. Format: "organizations/{org}/controlPlaneAccess" (required)
  body: object, The request body.
    The object takes the form of:

{ # ControlPlaneAccess is the request body and response body of UpdateControlPlaneAccess. and the response body of GetControlPlaneAccess. The input identities contains an array of service accounts to grant access to the respective control plane resource, with each service account specified using the following format: `serviceAccount:`***service-account-name***. The ***service-account-name*** is formatted like an email address. For example: `my-control-plane-service_account@my_project_id.iam.gserviceaccount.com` You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one.
  "analyticsPublisherIdentities": [ # Optional. Array of service accounts authorized to publish analytics data to the control plane (for the Message Processor component).
    "A String",
  ],
  "name": "A String", # Identifier. The resource name of the ControlPlaneAccess. Format: "organizations/{org}/controlPlaneAccess"
  "synchronizerIdentities": [ # Optional. Array of service accounts to grant access to control plane resources (for the Synchronizer component). The service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/latest/sa-about#create-the-service-accounts).
    "A String",
  ],
}

  updateMask: string, List of fields to be updated. Fields that can be updated: synchronizer_identities, publisher_identities.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        "a_key": "", # Properties of the object. Contains field @type with type URL.
      },
    ],
    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  "response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
}
updateSecuritySettings(name, body=None, updateMask=None, x__xgafv=None)
UpdateSecuritySettings updates the current security settings for API Security.

Args:
  name: string, Identifier. Full resource name is always `organizations/{org}/securitySettings`. (required)
  body: object, The request body.
    The object takes the form of:

{ # SecuritySettings reflects the current state of the SecuritySettings feature.
  "mlRetrainingFeedbackEnabled": True or False, # Optional. If true the user consents to the use of ML models for Abuse detection.
  "name": "A String", # Identifier. Full resource name is always `organizations/{org}/securitySettings`.
}

  updateMask: string, Optional. The list of fields to update. Allowed fields are: - ml_retraining_feedback_enabled
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # SecuritySettings reflects the current state of the SecuritySettings feature.
  "mlRetrainingFeedbackEnabled": True or False, # Optional. If true the user consents to the use of ML models for Abuse detection.
  "name": "A String", # Identifier. Full resource name is always `organizations/{org}/securitySettings`.
}