def set_iam_policy( self, resource, policy, retry=google.api_core.gapic_v1.method.DEFAULT, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None, ): """ Sets the access control policy on the specified resource. Replaces any existing policy. Example: >>> from google.cloud import pubsub_v1 >>> >>> client = pubsub_v1.PublisherClient() >>> >>> resource = client.topic_path('[PROJECT]', '[TOPIC]') >>> >>> # TODO: Initialize `policy`: >>> policy = {} >>> >>> response = client.set_iam_policy(resource, policy) Args: resource (str): REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. policy (Union[dict, ~google.cloud.pubsub_v1.types.Policy]): REQUIRED: The complete policy to be applied to the ``resource``. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.pubsub_v1.types.Policy` retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will not be retried. timeout (Optional[float]): The amount of time, in seconds, to wait for the request to complete. Note that if ``retry`` is specified, the timeout applies to each individual attempt. metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata that is provided to the method. Returns: A :class:`~google.cloud.pubsub_v1.types.Policy` instance. Raises: google.api_core.exceptions.GoogleAPICallError: If the request failed for any reason. google.api_core.exceptions.RetryError: If the request failed due to a retryable error and retry attempts failed. ValueError: If the parameters are invalid. """ # Wrap the transport method to add retry and timeout logic. if "set_iam_policy" not in self._inner_api_calls: self._inner_api_calls[ "set_iam_policy"] = google.api_core.gapic_v1.method.wrap_method( self.transport.set_iam_policy, default_retry=self._method_configs["SetIamPolicy"].retry, default_timeout=self._method_configs["SetIamPolicy"]. timeout, client_info=self._client_info, ) request = iam_policy_pb2.SetIamPolicyRequest(resource=resource, policy=policy) if metadata is None: metadata = [] metadata = list(metadata) try: routing_header = [("resource", resource)] except AttributeError: pass else: routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( routing_header) metadata.append(routing_metadata) return self._inner_api_calls["set_iam_policy"](request, retry=retry, timeout=timeout, metadata=metadata)
async def set_iam_policy( self, request: iam_policy.SetIamPolicyRequest = None, *, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> policy.Policy: r"""Sets the IAM policy for a taxonomy or a policy tag. Args: request (:class:`~.iam_policy.SetIamPolicyRequest`): The request object. Request message for `SetIamPolicy` method. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: ~.policy.Policy: Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A ``Policy`` is a collection of ``bindings``. A ``binding`` binds one or more ``members`` to a single ``role``. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A ``role`` is a named list of permissions (defined by IAM or configured by users). A ``binding`` can optionally specify a ``condition``, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** :: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:[email protected]", "group:[email protected]", "domain:google.com", "serviceAccount:[email protected]" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:[email protected]"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ] } **YAML Example** :: bindings: - members: - user:[email protected] - group:[email protected] - domain:google.com - serviceAccount:[email protected] role: roles/resourcemanager.organizationAdmin - members: - user:[email protected] role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') For a description of IAM and its features, see the `IAM developer's guide <https://cloud.google.com/iam/docs>`__. """ # Create or coerce a protobuf request object. # The request isn't a proto-plus wrapped type, # so it must be constructed via keyword expansion. if isinstance(request, dict): request = iam_policy.SetIamPolicyRequest(**request) # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = gapic_v1.method_async.wrap_method( self._client._transport.set_iam_policy, default_timeout=None, client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + (gapic_v1.routing_header.to_grpc_metadata( (("resource", request.resource), )), ) # Send the request. response = await rpc( request, retry=retry, timeout=timeout, metadata=metadata, ) # Done; return the response. return response
def set_iam_policy(self, resource, policy, retry=google.api_core.gapic_v1.method.DEFAULT, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None): """ Sets the access control policy on a database resource. Replaces any existing policy. Authorization requires ``spanner.databases.setIamPolicy`` permission on ``resource``. Example: >>> from google.cloud import spanner_admin_database_v1 >>> >>> client = spanner_admin_database_v1.DatabaseAdminClient() >>> >>> resource = client.database_path('[PROJECT]', '[INSTANCE]', '[DATABASE]') >>> >>> # TODO: Initialize `policy`: >>> policy = {} >>> >>> response = client.set_iam_policy(resource, policy) Args: resource (str): REQUIRED: The resource for which the policy is being specified. ``resource`` is usually specified as a path. For example, a Project resource is specified as ``projects/{project}``. policy (Union[dict, ~google.cloud.spanner_admin_database_v1.types.Policy]): REQUIRED: The complete policy to be applied to the ``resource``. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.spanner_admin_database_v1.types.Policy` retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will not be retried. timeout (Optional[float]): The amount of time, in seconds, to wait for the request to complete. Note that if ``retry`` is specified, the timeout applies to each individual attempt. metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata that is provided to the method. Returns: A :class:`~google.cloud.spanner_admin_database_v1.types.Policy` instance. Raises: google.api_core.exceptions.GoogleAPICallError: If the request failed for any reason. google.api_core.exceptions.RetryError: If the request failed due to a retryable error and retry attempts failed. ValueError: If the parameters are invalid. """ # Wrap the transport method to add retry and timeout logic. if 'set_iam_policy' not in self._inner_api_calls: self._inner_api_calls[ 'set_iam_policy'] = google.api_core.gapic_v1.method.wrap_method( self.transport.set_iam_policy, default_retry=self._method_configs['SetIamPolicy'].retry, default_timeout=self._method_configs['SetIamPolicy']. timeout, client_info=self._client_info, ) request = iam_policy_pb2.SetIamPolicyRequest( resource=resource, policy=policy, ) return self._inner_api_calls['set_iam_policy'](request, retry=retry, timeout=timeout, metadata=metadata)
def set_iam_policy( self, request: iam_policy.SetIamPolicyRequest = None, *, resource: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> policy.Policy: r"""Sets the access control policy on the specified resource. Replaces any existing policy. Can return ``NOT_FOUND``, ``INVALID_ARGUMENT``, and ``PERMISSION_DENIED`` errors. Args: request (google.iam.v1.iam_policy_pb2.SetIamPolicyRequest): The request object. Request message for `SetIamPolicy` method. resource (str): REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: google.iam.v1.policy_pb2.Policy: Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:[email protected]", "group:[email protected]", "domain:google.com", "serviceAccount:[email protected]" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:[email protected]"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ] } **YAML Example** bindings: - members: - user:\ [email protected] - group:\ [email protected] - domain:google.com - serviceAccount:\ [email protected] role: roles/resourcemanager.organizationAdmin - members: - user:\ [email protected] role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') For a description of IAM and its features, see the [IAM developer's guide](\ https://cloud.google.com/iam/docs). """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. has_flattened_params = any([resource]) if request is not None and has_flattened_params: raise ValueError("If the `request` argument is set, then none of " "the individual field arguments should be set.") if isinstance(request, dict): # The request isn't a proto-plus wrapped type, # so it must be constructed via keyword expansion. request = iam_policy.SetIamPolicyRequest(**request) elif not request: # Null request, just make one. request = iam_policy.SetIamPolicyRequest() if resource is not None: request.resource = resource # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = self._transport._wrapped_methods[self._transport.set_iam_policy] # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + (gapic_v1.routing_header.to_grpc_metadata( (("resource", request.resource), )), ) # Send the request. response = rpc( request, retry=retry, timeout=timeout, metadata=metadata, ) # Done; return the response. return response
async def set_iam_policy( self, request: iam_policy.SetIamPolicyRequest = None, *, resource: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> policy.Policy: r"""Sets the access control policy on the specified note or occurrence. Requires ``containeranalysis.notes.setIamPolicy`` or ``containeranalysis.occurrences.setIamPolicy`` permission if the resource is a note or an occurrence, respectively. The resource takes the format ``projects/[PROJECT_ID]/notes/[NOTE_ID]`` for notes and ``projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]`` for occurrences. Args: request (:class:`~.iam_policy.SetIamPolicyRequest`): The request object. Request message for `SetIamPolicy` method. resource (:class:`str`): REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: ~.policy.Policy: Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A ``Policy`` is a collection of ``bindings``. A ``binding`` binds one or more ``members`` to a single ``role``. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A ``role`` is a named list of permissions (defined by IAM or configured by users). A ``binding`` can optionally specify a ``condition``, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** :: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:[email protected]", "group:[email protected]", "domain:google.com", "serviceAccount:[email protected]" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:[email protected]"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ] } **YAML Example** :: bindings: - members: - user:[email protected] - group:[email protected] - domain:google.com - serviceAccount:[email protected] role: roles/resourcemanager.organizationAdmin - members: - user:[email protected] role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') For a description of IAM and its features, see the `IAM developer's guide <https://cloud.google.com/iam/docs>`__. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. if request is not None and any([resource]): raise ValueError("If the `request` argument is set, then none of " "the individual field arguments should be set.") # The request isn't a proto-plus wrapped type, # so it must be constructed via keyword expansion. if isinstance(request, dict): request = iam_policy.SetIamPolicyRequest(**request) elif not request: request = iam_policy.SetIamPolicyRequest() # If we have keyword arguments corresponding to fields on the # request, apply these. if resource is not None: request.resource = resource # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = gapic_v1.method_async.wrap_method( self._client._transport.set_iam_policy, default_timeout=30.0, client_info=_client_info, ) # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + (gapic_v1.routing_header.to_grpc_metadata( (("resource", request.resource), )), ) # Send the request. response = await rpc( request, retry=retry, timeout=timeout, metadata=metadata, ) # Done; return the response. return response
async def set_iam_policy( self, request: Union[iam_policy_pb2.SetIamPolicyRequest, dict] = None, *, resource: str = None, retry: OptionalRetry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> policy_pb2.Policy: r"""Sets the access control policy on the specified resource. Replaces any existing policy. Can return ``NOT_FOUND``, ``INVALID_ARGUMENT``, and ``PERMISSION_DENIED`` errors. .. code-block:: python from google.cloud import bigquery_connection_v1 from google.iam.v1 import iam_policy_pb2 # type: ignore async def sample_set_iam_policy(): # Create a client client = bigquery_connection_v1.ConnectionServiceAsyncClient() # Initialize request argument(s) request = iam_policy_pb2.SetIamPolicyRequest( resource="resource_value", ) # Make the request response = await client.set_iam_policy(request=request) # Handle the response print(response) Args: request (Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]): The request object. Request message for `SetIamPolicy` method. resource (:class:`str`): REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: google.iam.v1.policy_pb2.Policy: An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:[email protected]", "group:[email protected]", "domain:google.com", "serviceAccount:[email protected]" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:[email protected]" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:\ [email protected] - group:\ [email protected] - domain:google.com - serviceAccount:\ [email protected] role: roles/resourcemanager.organizationAdmin - members: - user:\ [email protected] role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](\ https://cloud.google.com/iam/docs/). """ # Create or coerce a protobuf request object. # Quick check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. has_flattened_params = any([resource]) if request is not None and has_flattened_params: raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) # The request isn't a proto-plus wrapped type, # so it must be constructed via keyword expansion. if isinstance(request, dict): request = iam_policy_pb2.SetIamPolicyRequest(**request) elif not request: request = iam_policy_pb2.SetIamPolicyRequest( resource=resource, ) # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = gapic_v1.method_async.wrap_method( self._client._transport.set_iam_policy, default_timeout=60.0, client_info=DEFAULT_CLIENT_INFO, ) # Certain fields should be provided within the metadata header; # add these here. metadata = tuple(metadata) + ( gapic_v1.routing_header.to_grpc_metadata((("resource", request.resource),)), ) # Send the request. response = await rpc( request, retry=retry, timeout=timeout, metadata=metadata, ) # Done; return the response. return response
def set_iam_policy( self, request: iam_policy.SetIamPolicyRequest = None, *, resource: str = None, retry: retries.Retry = gapic_v1.method.DEFAULT, timeout: float = None, metadata: Sequence[Tuple[str, str]] = (), ) -> policy.Policy: r"""Sets the access control policy for a billing account. Replaces any existing policy. The caller must have the ``billing.accounts.setIamPolicy`` permission on the account, which is often given to billing account `administrators <https://cloud.google.com/billing/docs/how-to/billing-access>`__. Args: request (:class:`~.iam_policy.SetIamPolicyRequest`): The request object. Request message for `SetIamPolicy` method. resource (:class:`str`): REQUIRED: The resource for which the policy is being specified. ``resource`` is usually specified as a path. For example, a Project resource is specified as ``projects/{project}``. This corresponds to the ``resource`` field on the ``request`` instance; if ``request`` is provided, this should not be set. retry (google.api_core.retry.Retry): Designation of what errors, if any, should be retried. timeout (float): The timeout for this request. metadata (Sequence[Tuple[str, str]]): Strings which should be sent along with the request as metadata. Returns: ~.policy.Policy: Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A ``Policy`` consists of a list of ``bindings``. A ``Binding`` binds a list of ``members`` to a ``role``, where the members can be user accounts, Google groups, Google domains, and service accounts. A ``role`` is a named list of permissions defined by IAM. **Example** :: { "bindings": [ { "role": "roles/owner", "members": [ "user:[email protected]", "group:[email protected]", "domain:google.com", "serviceAccount:[email protected]", ] }, { "role": "roles/viewer", "members": ["user:[email protected]"] } ] } For a description of IAM and its features, see the `IAM developer's guide <https://cloud.google.com/iam>`__. """ # Create or coerce a protobuf request object. # Sanity check: If we got a request object, we should *not* have # gotten any keyword arguments that map to the request. if request is not None and any([resource]): raise ValueError( "If the `request` argument is set, then none of " "the individual field arguments should be set." ) # The request isn't a proto-plus wrapped type, # so it must be constructed via keyword expansion. if isinstance(request, dict): request = iam_policy.SetIamPolicyRequest(**request) elif not request: request = iam_policy.SetIamPolicyRequest() # If we have keyword arguments corresponding to fields on the # request, apply these. if resource is not None: request.resource = resource # Wrap the RPC method; this adds retry and timeout information, # and friendly error handling. rpc = gapic_v1.method.wrap_method( self._transport.set_iam_policy, default_timeout=None, client_info=_client_info, ) # Send the request. response = rpc(request, retry=retry, timeout=timeout, metadata=metadata) # Done; return the response. return response
def set_iam_policy( self, resource=None, policy=None, retry=google.api_core.gapic_v1.method.DEFAULT, timeout=google.api_core.gapic_v1.method.DEFAULT, metadata=None, ): """ Sets the IAM policy for a taxonomy or a policy tag. Example: >>> from google.cloud import datacatalog_v1beta1 >>> >>> client = datacatalog_v1beta1.PolicyTagManagerClient() >>> >>> response = client.set_iam_policy() Args: resource (str): REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. policy (Union[dict, ~google.cloud.datacatalog_v1beta1.types.Policy]): Required. The name of the entry group. For example, ``projects/{project_id}/locations/{location}/entryGroups/{entry_group_id}``. If a dict is provided, it must be of the same form as the protobuf message :class:`~google.cloud.datacatalog_v1beta1.types.Policy` retry (Optional[google.api_core.retry.Retry]): A retry object used to retry requests. If ``None`` is specified, requests will be retried using a default configuration. timeout (Optional[float]): The amount of time, in seconds, to wait for the request to complete. Note that if ``retry`` is specified, the timeout applies to each individual attempt. metadata (Optional[Sequence[Tuple[str, str]]]): Additional metadata that is provided to the method. Returns: A :class:`~google.cloud.datacatalog_v1beta1.types.Policy` instance. Raises: google.api_core.exceptions.GoogleAPICallError: If the request failed for any reason. google.api_core.exceptions.RetryError: If the request failed due to a retryable error and retry attempts failed. ValueError: If the parameters are invalid. """ # Wrap the transport method to add retry and timeout logic. if "set_iam_policy" not in self._inner_api_calls: self._inner_api_calls[ "set_iam_policy" ] = google.api_core.gapic_v1.method.wrap_method( self.transport.set_iam_policy, default_retry=self._method_configs["SetIamPolicy"].retry, default_timeout=self._method_configs["SetIamPolicy"].timeout, client_info=self._client_info, ) request = iam_policy_pb2.SetIamPolicyRequest(resource=resource, policy=policy) if metadata is None: metadata = [] metadata = list(metadata) try: routing_header = [("resource", resource)] except AttributeError: pass else: routing_metadata = google.api_core.gapic_v1.routing_header.to_grpc_metadata( routing_header ) metadata.append(routing_metadata) return self._inner_api_calls["set_iam_policy"]( request, retry=retry, timeout=timeout, metadata=metadata )