lintPolicy(body=None, x__xgafv=None)
Lints a Cloud IAM policy object or its sub fields. Currently supports
queryAuditableServices(body=None, x__xgafv=None)
Returns a list of services that support service level audit logging
lintPolicy(body=None, x__xgafv=None)
Lints a Cloud IAM policy object or its sub fields. Currently supports
google.iam.v1.Binding.condition.
Each lint operation consists of multiple lint validation units.
Each unit inspects the input object in regard to a particular linting
aspect and issues a google.iam.admin.v1.LintResult disclosing the
result.
The set of applicable validation units is determined by the Cloud IAM
server and is not configurable.
Regardless of any lint issues or their severities, successful calls to
`lintPolicy` return an HTTP 200 OK status code.
Args:
body: object, The request body.
The object takes the form of:
{ # The request to lint a Cloud IAM policy object.
"fullResourceName": "A String", # The full resource name of the policy this lint request is about.
#
# The name follows the Google Cloud Platform (GCP) resource format.
# For example, a GCP project with ID `my-project` will be named
# `//cloudresourcemanager.googleapis.com/projects/my-project`.
#
# The resource name is not used to read the policy instance from the Cloud
# IAM database. The candidate policy for lint has to be provided in the same
# request object.
"condition": { # Represents a textual expression in the Common Expression Language (CEL) # google.iam.v1.Binding.condition object to be linted.
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
# are documented at https://github.com/google/cel-spec.
#
# Example (Comparison):
#
# title: "Summary size limit"
# description: "Determines if a summary is less than 100 chars"
# expression: "document.summary.size() < 100"
#
# Example (Equality):
#
# title: "Requestor is owner"
# description: "Determines if requestor is the document owner"
# expression: "document.owner == request.auth.claims.email"
#
# Example (Logic):
#
# title: "Public documents"
# description: "Determine whether the document should be publicly visible"
# expression: "document.type != 'private' && document.type != 'internal'"
#
# Example (Data Manipulation):
#
# title: "Notification string"
# description: "Create a notification string with a timestamp."
# expression: "'New message received at ' + string(document.create_time)"
#
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
"description": "A String", # Optional. Description of the expression. This is a longer text which
# describes the expression, e.g. when hovered over it in a UI.
"expression": "A String", # Textual representation of an expression in Common Expression Language
# syntax.
"location": "A String", # Optional. String indicating the location of the expression for error
# reporting, e.g. a file name and a position in the file.
"title": "A String", # Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
},
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # The response of a lint operation. An empty response indicates
# the operation was able to fully execute and no lint issue was found.
"lintResults": [ # List of lint results sorted by `severity` in descending order.
{ # Structured response of a single validation unit.
"validationUnitName": "A String", # The validation unit name, for instance
# "lintValidationUnits/ConditionComplexityCheck".
"severity": "A String", # The validation unit severity.
"level": "A String", # The validation unit level.
"debugMessage": "A String", # Human readable debug message associated with the issue.
"fieldName": "A String", # The name of the field for which this lint result is about.
#
# For nested messages `field_name` consists of names of the embedded fields
# separated by period character. The top-level qualifier is the input object
# to lint in the request. For example, the `field_name` value
# `condition.expression` identifies a lint result for the `expression` field
# of the provided condition.
"locationOffset": 42, # 0-based character position of problematic construct within the object
# identified by `field_name`. Currently, this is populated only for condition
# expression.
},
],
}
queryAuditableServices(body=None, x__xgafv=None)
Returns a list of services that support service level audit logging
configuration for the given resource.
Args:
body: object, The request body.
The object takes the form of:
{ # A request to get the list of auditable services for a resource.
"fullResourceName": "A String", # Required. The full resource name to query from the list of auditable
# services.
#
# The name follows the Google Cloud Platform resource format.
# For example, a Cloud Platform project with id `my-project` will be named
# `//cloudresourcemanager.googleapis.com/projects/my-project`.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A response containing a list of auditable services for a resource.
"services": [ # The auditable services for a resource.
{ # Contains information about an auditable service.
"name": "A String", # Public name of the service.
# For example, the service name for Cloud IAM is 'iam.googleapis.com'.
},
],
}