Discovery Engine API . projects . locations . identityMappingStores

Instance Methods

operations()

Returns the operations Resource.

close()

Close httplib2 connections.

create(parent, body=None, cmekConfigName=None, disableCmek=None, identityMappingStoreId=None, x__xgafv=None)

Creates a new Identity Mapping Store.

delete(name, x__xgafv=None)

Deletes the Identity Mapping Store.

get(name, x__xgafv=None)

Gets the Identity Mapping Store.

importIdentityMappings(identityMappingStore, body=None, x__xgafv=None)

Imports a list of Identity Mapping Entries to an Identity Mapping Store.

list(parent, pageSize=None, pageToken=None, x__xgafv=None)

Lists all Identity Mapping Stores.

listIdentityMappings(identityMappingStore, pageSize=None, pageToken=None, x__xgafv=None)

Lists Identity Mappings in an Identity Mapping Store.

listIdentityMappings_next()

Retrieves the next page of results.

list_next()

Retrieves the next page of results.

purgeIdentityMappings(identityMappingStore, body=None, x__xgafv=None)

Purges specified or all Identity Mapping Entries from an Identity Mapping Store.

Method Details

close() 
Close httplib2 connections.
create(parent, body=None, cmekConfigName=None, disableCmek=None, identityMappingStoreId=None, x__xgafv=None) 
Creates a new Identity Mapping Store.

Args:
  parent: string, Required. The parent collection resource name, such as `projects/{project}/locations/{location}`. (required)
  body: object, The request body.
    The object takes the form of:

{ # Identity Mapping Store which contains Identity Mapping Entries.
  "cmekConfig": { # Configurations used to enable CMEK data encryption with Cloud KMS keys. # Output only. CMEK-related information for the Identity Mapping Store.
    "isDefault": True or False, # Output only. The default CmekConfig for the Customer.
    "kmsKey": "A String", # KMS key resource name which will be used to encrypt resources `projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{keyId}`.
    "kmsKeyVersion": "A String", # KMS key version resource name which will be used to encrypt resources `/cryptoKeyVersions/{keyVersion}`.
    "lastRotationTimestampMicros": "A String", # Output only. The timestamp of the last key rotation.
    "name": "A String", # Required. The name of the CmekConfig of the form `projects/{project}/locations/{location}/cmekConfig` or `projects/{project}/locations/{location}/cmekConfigs/{cmekConfig}`.
    "singleRegionKeys": [ # Optional. Single-regional CMEKs that are required for some VAIS features.
      { # Metadata for single-regional CMEKs.
        "kmsKey": "A String", # Required. Single-regional kms key resource name which will be used to encrypt resources `projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{keyId}`.
      },
    ],
    "state": "A String", # Output only. The states of the CmekConfig.
  },
  "kmsKeyName": "A String", # Input only. The KMS key to be used to protect this Identity Mapping Store at creation time. Must be set for requests that need to comply with CMEK Org Policy protections. If this field is set and processed successfully, the Identity Mapping Store will be protected by the KMS key, as indicated in the cmek_config field.
  "name": "A String", # Immutable. The full resource name of the identity mapping store. Format: `projects/{project}/locations/{location}/identityMappingStores/{identity_mapping_store}`. This field must be a UTF-8 encoded string with a length limit of 1024 characters.
}

  cmekConfigName: string, Resource name of the CmekConfig to use for protecting this Identity Mapping Store.
  disableCmek: boolean, Identity Mapping Store without CMEK protections. If a default CmekConfig is set for the project, setting this field will override the default CmekConfig as well.
  identityMappingStoreId: string, Required. The ID of the Identity Mapping Store to create. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). The maximum length is 63 characters.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Identity Mapping Store which contains Identity Mapping Entries.
  "cmekConfig": { # Configurations used to enable CMEK data encryption with Cloud KMS keys. # Output only. CMEK-related information for the Identity Mapping Store.
    "isDefault": True or False, # Output only. The default CmekConfig for the Customer.
    "kmsKey": "A String", # KMS key resource name which will be used to encrypt resources `projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{keyId}`.
    "kmsKeyVersion": "A String", # KMS key version resource name which will be used to encrypt resources `/cryptoKeyVersions/{keyVersion}`.
    "lastRotationTimestampMicros": "A String", # Output only. The timestamp of the last key rotation.
    "name": "A String", # Required. The name of the CmekConfig of the form `projects/{project}/locations/{location}/cmekConfig` or `projects/{project}/locations/{location}/cmekConfigs/{cmekConfig}`.
    "singleRegionKeys": [ # Optional. Single-regional CMEKs that are required for some VAIS features.
      { # Metadata for single-regional CMEKs.
        "kmsKey": "A String", # Required. Single-regional kms key resource name which will be used to encrypt resources `projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{keyId}`.
      },
    ],
    "state": "A String", # Output only. The states of the CmekConfig.
  },
  "kmsKeyName": "A String", # Input only. The KMS key to be used to protect this Identity Mapping Store at creation time. Must be set for requests that need to comply with CMEK Org Policy protections. If this field is set and processed successfully, the Identity Mapping Store will be protected by the KMS key, as indicated in the cmek_config field.
  "name": "A String", # Immutable. The full resource name of the identity mapping store. Format: `projects/{project}/locations/{location}/identityMappingStores/{identity_mapping_store}`. This field must be a UTF-8 encoded string with a length limit of 1024 characters.
}
delete(name, x__xgafv=None) 
Deletes the Identity Mapping Store.

Args:
  name: string, Required. The name of the Identity Mapping Store to delete. Format: `projects/{project}/locations/{location}/identityMappingStores/{identityMappingStore}` (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        "a_key": "", # Properties of the object. Contains field @type with type URL.
      },
    ],
    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  "response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
}
get(name, x__xgafv=None) 
Gets the Identity Mapping Store.

Args:
  name: string, Required. The name of the Identity Mapping Store to get. Format: `projects/{project}/locations/{location}/identityMappingStores/{identityMappingStore}` (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Identity Mapping Store which contains Identity Mapping Entries.
  "cmekConfig": { # Configurations used to enable CMEK data encryption with Cloud KMS keys. # Output only. CMEK-related information for the Identity Mapping Store.
    "isDefault": True or False, # Output only. The default CmekConfig for the Customer.
    "kmsKey": "A String", # KMS key resource name which will be used to encrypt resources `projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{keyId}`.
    "kmsKeyVersion": "A String", # KMS key version resource name which will be used to encrypt resources `/cryptoKeyVersions/{keyVersion}`.
    "lastRotationTimestampMicros": "A String", # Output only. The timestamp of the last key rotation.
    "name": "A String", # Required. The name of the CmekConfig of the form `projects/{project}/locations/{location}/cmekConfig` or `projects/{project}/locations/{location}/cmekConfigs/{cmekConfig}`.
    "singleRegionKeys": [ # Optional. Single-regional CMEKs that are required for some VAIS features.
      { # Metadata for single-regional CMEKs.
        "kmsKey": "A String", # Required. Single-regional kms key resource name which will be used to encrypt resources `projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{keyId}`.
      },
    ],
    "state": "A String", # Output only. The states of the CmekConfig.
  },
  "kmsKeyName": "A String", # Input only. The KMS key to be used to protect this Identity Mapping Store at creation time. Must be set for requests that need to comply with CMEK Org Policy protections. If this field is set and processed successfully, the Identity Mapping Store will be protected by the KMS key, as indicated in the cmek_config field.
  "name": "A String", # Immutable. The full resource name of the identity mapping store. Format: `projects/{project}/locations/{location}/identityMappingStores/{identity_mapping_store}`. This field must be a UTF-8 encoded string with a length limit of 1024 characters.
}
importIdentityMappings(identityMappingStore, body=None, x__xgafv=None) 
Imports a list of Identity Mapping Entries to an Identity Mapping Store.

Args:
  identityMappingStore: string, Required. The name of the Identity Mapping Store to import Identity Mapping Entries to. Format: `projects/{project}/locations/{location}/identityMappingStores/{identityMappingStore}` (required)
  body: object, The request body.
    The object takes the form of:

{ # Request message for IdentityMappingStoreService.ImportIdentityMappings
  "inlineSource": { # The inline source to import identity mapping entries from. # The inline source to import identity mapping entries from.
    "identityMappingEntries": [ # A maximum of 10000 entries can be imported at one time
      { # Identity Mapping Entry that maps an external identity to an internal identity.
        "externalIdentity": "A String", # Required. Identity outside the customer identity provider. The length limit of external identity will be of 100 characters.
        "groupId": "A String", # Group identifier. For Google Workspace user account, group_id should be the google workspace group email. For non-google identity provider, group_id is the mapped group identifier configured during the workforcepool config.
        "userId": "A String", # User identifier. For Google Workspace user account, user_id should be the google workspace user email. For non-google identity provider, user_id is the mapped user identifier configured during the workforcepool config.
      },
    ],
  },
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        "a_key": "", # Properties of the object. Contains field @type with type URL.
      },
    ],
    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  "response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
}
list(parent, pageSize=None, pageToken=None, x__xgafv=None) 
Lists all Identity Mapping Stores.

Args:
  parent: string, Required. The parent of the Identity Mapping Stores to list. Format: `projects/{project}/locations/{location}`. (required)
  pageSize: integer, Maximum number of IdentityMappingStores to return. If unspecified, defaults to 100. The maximum allowed value is 1000. Values above 1000 will be coerced to 1000.
  pageToken: string, A page token, received from a previous `ListIdentityMappingStores` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListIdentityMappingStores` must match the call that provided the page token.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Response message for IdentityMappingStoreService.ListIdentityMappingStores
  "identityMappingStores": [ # The Identity Mapping Stores.
    { # Identity Mapping Store which contains Identity Mapping Entries.
      "cmekConfig": { # Configurations used to enable CMEK data encryption with Cloud KMS keys. # Output only. CMEK-related information for the Identity Mapping Store.
        "isDefault": True or False, # Output only. The default CmekConfig for the Customer.
        "kmsKey": "A String", # KMS key resource name which will be used to encrypt resources `projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{keyId}`.
        "kmsKeyVersion": "A String", # KMS key version resource name which will be used to encrypt resources `/cryptoKeyVersions/{keyVersion}`.
        "lastRotationTimestampMicros": "A String", # Output only. The timestamp of the last key rotation.
        "name": "A String", # Required. The name of the CmekConfig of the form `projects/{project}/locations/{location}/cmekConfig` or `projects/{project}/locations/{location}/cmekConfigs/{cmekConfig}`.
        "singleRegionKeys": [ # Optional. Single-regional CMEKs that are required for some VAIS features.
          { # Metadata for single-regional CMEKs.
            "kmsKey": "A String", # Required. Single-regional kms key resource name which will be used to encrypt resources `projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{keyId}`.
          },
        ],
        "state": "A String", # Output only. The states of the CmekConfig.
      },
      "kmsKeyName": "A String", # Input only. The KMS key to be used to protect this Identity Mapping Store at creation time. Must be set for requests that need to comply with CMEK Org Policy protections. If this field is set and processed successfully, the Identity Mapping Store will be protected by the KMS key, as indicated in the cmek_config field.
      "name": "A String", # Immutable. The full resource name of the identity mapping store. Format: `projects/{project}/locations/{location}/identityMappingStores/{identity_mapping_store}`. This field must be a UTF-8 encoded string with a length limit of 1024 characters.
    },
  ],
  "nextPageToken": "A String", # A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
}
listIdentityMappings(identityMappingStore, pageSize=None, pageToken=None, x__xgafv=None) 
Lists Identity Mappings in an Identity Mapping Store.

Args:
  identityMappingStore: string, Required. The name of the Identity Mapping Store to list Identity Mapping Entries in. Format: `projects/{project}/locations/{location}/identityMappingStores/{identityMappingStore}` (required)
  pageSize: integer, Maximum number of IdentityMappings to return. If unspecified, defaults to 2000. The maximum allowed value is 10000. Values above 10000 will be coerced to 10000.
  pageToken: string, A page token, received from a previous `ListIdentityMappings` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListIdentityMappings` must match the call that provided the page token.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Response message for IdentityMappingStoreService.ListIdentityMappings
  "identityMappingEntries": [ # The Identity Mapping Entries.
    { # Identity Mapping Entry that maps an external identity to an internal identity.
      "externalIdentity": "A String", # Required. Identity outside the customer identity provider. The length limit of external identity will be of 100 characters.
      "groupId": "A String", # Group identifier. For Google Workspace user account, group_id should be the google workspace group email. For non-google identity provider, group_id is the mapped group identifier configured during the workforcepool config.
      "userId": "A String", # User identifier. For Google Workspace user account, user_id should be the google workspace user email. For non-google identity provider, user_id is the mapped user identifier configured during the workforcepool config.
    },
  ],
  "nextPageToken": "A String", # A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.
}
listIdentityMappings_next() 
Retrieves the next page of results.

        Args:
          previous_request: The request for the previous page. (required)
          previous_response: The response from the request for the previous page. (required)

        Returns:
          A request object that you can call 'execute()' on to request the next
          page. Returns None if there are no more items in the collection.
list_next() 
Retrieves the next page of results.

        Args:
          previous_request: The request for the previous page. (required)
          previous_response: The response from the request for the previous page. (required)

        Returns:
          A request object that you can call 'execute()' on to request the next
          page. Returns None if there are no more items in the collection.
purgeIdentityMappings(identityMappingStore, body=None, x__xgafv=None) 
Purges specified or all Identity Mapping Entries from an Identity Mapping Store.

Args:
  identityMappingStore: string, Required. The name of the Identity Mapping Store to purge Identity Mapping Entries from. Format: `projects/{project}/locations/{location}/identityMappingStores/{identityMappingStore}` (required)
  body: object, The request body.
    The object takes the form of:

{ # Request message for IdentityMappingStoreService.PurgeIdentityMappings
  "filter": "A String", # Filter matching identity mappings to purge. The eligible field for filtering is: * `update_time`: in ISO 8601 "zulu" format. * `external_id` Examples: * Deleting all identity mappings updated in a time range: `update_time > "2012-04-23T18:25:43.511Z" AND update_time < "2012-04-23T18:30:43.511Z"` * Deleting all identity mappings for a given external_id: `external_id = "id1"` * Deleting all identity mappings inside an identity mapping store: `*` The filtering fields are assumed to have an implicit AND. Should not be used with source. An error will be thrown, if both are provided.
  "force": True or False, # Actually performs the purge. If `force` is set to false, return the expected purge count without deleting any identity mappings. This field is only supported for purge with filter. For input source this field is ignored and data will be purged regardless of the value of this field.
  "inlineSource": { # The inline source to purge identity mapping entries from. # The inline source to purge identity mapping entries from.
    "identityMappingEntries": [ # A maximum of 10000 entries can be purged at one time
      { # Identity Mapping Entry that maps an external identity to an internal identity.
        "externalIdentity": "A String", # Required. Identity outside the customer identity provider. The length limit of external identity will be of 100 characters.
        "groupId": "A String", # Group identifier. For Google Workspace user account, group_id should be the google workspace group email. For non-google identity provider, group_id is the mapped group identifier configured during the workforcepool config.
        "userId": "A String", # User identifier. For Google Workspace user account, user_id should be the google workspace user email. For non-google identity provider, user_id is the mapped user identifier configured during the workforcepool config.
      },
    ],
  },
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # This resource represents a long-running operation that is the result of a network API call.
  "done": True or False, # If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
  "error": { # The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors). # The error result of the operation in case of failure or cancellation.
    "code": 42, # The status code, which should be an enum value of google.rpc.Code.
    "details": [ # A list of messages that carry the error details. There is a common set of message types for APIs to use.
      {
        "a_key": "", # Properties of the object. Contains field @type with type URL.
      },
    ],
    "message": "A String", # A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.
  },
  "metadata": { # Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
  "name": "A String", # The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
  "response": { # The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
    "a_key": "", # Properties of the object. Contains field @type with type URL.
  },
}