Google Cloud Resource Manager (version v1.*.*)

create_folder

Creates a Folder in the resource hierarchy. Returns an Operation which can be used to track the progress of the folder creation workflow. Upon success the Operation.response field will be populated with the created Folder. In order to succeed, the addition of this new Folder must not violate the Folder naming, height or fanout constraints. + The Folder's display_name must be distinct from all other Folders that share its parent. + The addition of the Folder must not cause the active Folder hierarchy to exceed a height of 10. Note, the full active + deleted Folder hierarchy is allowed to reach a height of 20; this provides additional headroom when moving folders that contain deleted folders. + The addition of the Folder must not cause the total number of Folders under its parent to exceed 300. If the operation fails due to a folder constraint violation, some errors may be returned by the CreateFolder request, with status code FAILED_PRECONDITION and an error description. Other folder constraint violations will be communicated in the Operation, with the specific PreconditionFailure returned via the details list in the Operation.error field. The caller must have resourcemanager.folders.create permission on the identified parent.

Parameters

$body

A Folder in an Organization's resource hierarchy, used to organize that Organization's resources.

Type: object

{
  "parent" : "Required. The Folder's parent's resource name. Updates to the folder's parent must be performed via MoveFolder.",
  "deleteTime" : "Output only. Timestamp when the Folder was requested to be deleted.",
  "createTime" : "Output only. Timestamp when the Folder was created.",
  "displayName" : "The folder's display name. A folder's display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. This is captured by the regular expression: `[\\p{L}\\p{N}]([\\p{L}\\p{N}_- ]{0,28}[\\p{L}\\p{N}])?`.",
  "name" : "Output only. The resource name of the Folder. Its format is `folders/{folder_id}`, for example: \"folders/1234\".",
  "updateTime" : "Output only. Timestamp when the Folder was last modified.",
  "etag" : "Output only. A checksum computed by the server based on the current value of the Folder resource. This may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.",
  "state" : "Output only. The lifecycle state of the folder. Updates to the state must be performed via DeleteFolder and UndeleteFolder."
}

fields

Selector specifying which fields to include in a partial response.

Type: string

create_lien

Create a Lien which applies to the resource denoted by the parent field. Callers of this method will require permission on the parent resource. For example, applying to projects/1234 requires permission resourcemanager.projects.updateLiens. NOTE: Some resources may limit the number of Liens which may be applied.

Parameters

$body

A Lien represents an encumbrance on the actions that can be performed on a resource.

Type: object

{
  "parent" : "A reference to the resource this Lien is attached to. The server will validate the parent against those for which Liens are supported. Example: `projects/1234`",
  "reason" : "Concise user-visible strings indicating why an action cannot be performed on a resource. Maximum length of 200 characters. Example: 'Holds production API key'",
  "createTime" : "The creation time of this Lien.",
  "origin" : "A stable, user-visible/meaningful string identifying the origin of the Lien, intended to be inspected programmatically. Maximum length of 200 characters. Example: 'compute.googleapis.com'",
  "name" : "A system-generated unique identifier for this Lien. Example: `liens/1234abcd`",
  "restrictions" : [ "string" ]
}

fields

Selector specifying which fields to include in a partial response.

Type: string

create_project

Request that a new Project be created. The result is an Operation which can be used to track the creation process. This process usually takes a few seconds, but can sometimes take much longer. The tracking Operation is automatically deleted after a few hours, so there is no need to call DeleteOperation.

Parameters

$body

A Project is a high-level Google Cloud Platform entity. It is a container for ACLs, APIs, App Engine Apps, VMs, and other Google Cloud Platform resources.

Type: object

{
  "parent" : "Optional. A reference to a parent Resource. eg., `organizations/123` or `folders/876`.",
  "createTime" : "Output only. Creation time.",
  "deleteTime" : "Output only. The time at which this resource was requested for deletion.",
  "displayName" : "Optional. A user-assigned display name of the Project. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point. Example: `My Project`",
  "name" : "Output only. The unique resource name of the Project. It is an int64 generated number prefixed by \"projects/\". Example: `projects/415104041262`",
  "updateTime" : "Output only. The most recent time this resource was modified.",
  "etag" : "Output only. A checksum computed by the server based on the current value of the Project resource. This may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.",
  "state" : "Output only. The Project lifecycle state.",
  "projectId" : "Immutable. The unique, user-assigned id of the Project. It must be 6 to 30 lowercase ASCII letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited. Example: `tokyo-rain-123`",
  "labels" : "Optional. The labels associated with this Project. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: \\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?. Label values must be between 0 and 63 characters long and must conform to the regular expression (\\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?)?. No more than 256 labels can be associated with a given resource. Clients should store labels in a representation such as JSON that does not depend on specific characters being disallowed. Example: `\"myBusinessDimension\" : \"businessValue\"`"
}

fields

Selector specifying which fields to include in a partial response.

Type: string

create_tag_binding

Creates a TagBinding between a TagValue and a cloud resource (currently project, folder, or organization).

Parameters

$body

A TagBinding represents a connection between a TagValue and a cloud resource (currently project, folder, or organization). Once a TagBinding is created, the TagValue is applied to all the descendants of the cloud resource.

Type: object

{
  "parent" : "The full resource name of the resource the TagValue is bound to. E.g. `//cloudresourcemanager.googleapis.com/projects/123`",
  "tagValue" : "The TagValue of the TagBinding. Must be of the form `tagValues/456`.",
  "name" : "Output only. The name of the TagBinding. This is a String of the form: `tagBindings/{full-resource-name}/{tag-value-name}` (e.g. `tagBindings/%2F%2Fcloudresourcemanager.googleapis.com%2Fprojects%2F123/tagValues/456`)."
}

fields

Selector specifying which fields to include in a partial response.

Type: string

validateOnly

Optional. Set to true to perform the validations necessary for creating the resource, but not actually perform the action.

Type: boolean

create_tag_key

Creates a new TagKey. If another request with the same parameters is sent while the original request is in process, the second request will receive an error. A maximum of 300 TagKeys can exist under a parent at any given time.

Parameters

$body

A TagKey, used to group a set of TagValues.

Type: object

{
  "parent" : "Immutable. The resource name of the new TagKey's parent. Must be of the form `organizations/{org_id}`.",
  "createTime" : "Output only. Creation time.",
  "name" : "Immutable. The resource name for a TagKey. Must be in the format `tagKeys/{tag_key_id}`, where `tag_key_id` is the generated numeric id for the TagKey.",
  "description" : "Optional. User-assigned description of the TagKey. Must not exceed 256 characters. Read-write.",
  "updateTime" : "Output only. Update time.",
  "etag" : "Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagKeyRequest for details.",
  "namespacedName" : "Output only. Immutable. Namespaced name of the TagKey.",
  "shortName" : "Required. Immutable. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between."
}

fields

Selector specifying which fields to include in a partial response.

Type: string

validateOnly

Optional. Set to true to perform validations necessary for creating the resource, but not actually perform the action.

Type: boolean

create_tag_value

Creates a TagValue as a child of the specified TagKey. If a another request with the same parameters is sent while the original request is in process the second request will receive an error. A maximum of 300 TagValues can exist under a TagKey at any given time.

Parameters

$body

A TagValue is a child of a particular TagKey. This is used to group cloud resources for the purpose of controlling them using policies.

Type: object

{
  "parent" : "Immutable. The resource name of the new TagValue's parent TagKey. Must be of the form `tagKeys/{tag_key_id}`.",
  "createTime" : "Output only. Creation time.",
  "name" : "Immutable. Resource name for TagValue in the format `tagValues/456`.",
  "description" : "Optional. User-assigned description of the TagValue. Must not exceed 256 characters. Read-write.",
  "etag" : "Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagValueRequest for details.",
  "updateTime" : "Output only. Update time.",
  "shortName" : "Required. Immutable. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.",
  "namespacedName" : "Output only. Namespaced name of the TagValue. Must be in the format `{organization_id}/{tag_key_short_name}/{short_name}`."
}

fields

Selector specifying which fields to include in a partial response.

Type: string

validateOnly

Optional. Set as true to perform the validations necessary for creating the resource, but not actually perform the action.

Type: boolean

delete_folder

Requests deletion of a Folder. The Folder is moved into the DELETE_REQUESTED state immediately, and is deleted approximately 30 days later. This method may only be called on an empty Folder, where a Folder is empty if it doesn't contain any Folders or Projects in the ACTIVE state. If called on a folder in DELETE_REQUESTED state the result will be a no-op success. The caller must have resourcemanager.folders.delete permission on the identified folder.

Parameters

foldersId (required)

Type: string

fields

Selector specifying which fields to include in a partial response.

Type: string

delete_lien

Delete a Lien by name. Callers of this method will require permission on the parent resource. For example, a Lien with a parent of projects/1234 requires permission resourcemanager.projects.updateLiens.

Parameters

liensId (required)

Type: string

fields

Selector specifying which fields to include in a partial response.

Type: string

delete_project

Marks the Project identified by the specified name (for example, projects/415104041262) for deletion. This method will only affect the Project if it has a lifecycle state of ACTIVE. This method changes the Project's lifecycle state from ACTIVE to DELETE_REQUESTED. The deletion starts at an unspecified time, at which point the Project is no longer accessible. Until the deletion completes, you can check the lifecycle state checked by retrieving the Project with GetProject, and the Project remains visible to ListProjects. However, you cannot update the project. After the deletion completes, the Project is not retrievable by the GetProject, ListProjects, and SearchProjects methods. This method behaves idempotently (eg., deleting a DELETE_REQUESTED project will not be an error, but also won't do anything). The caller must have delete permissions for this Project.

Parameters

projectsId (required)

Type: string

fields

Selector specifying which fields to include in a partial response.

Type: string

delete_tag_binding

Deletes a TagBinding.

Parameters

tagBindingsId (required)

Type: string

fields

Selector specifying which fields to include in a partial response.

Type: string

delete_tag_key

Deletes a TagKey. The TagKey cannot be deleted if it has any child TagValues.

Parameters

tagKeysId (required)

Type: string

etag

Optional. The etag known to the client for the expected state of the TagKey. This is to be used for optimistic concurrency.

Type: string

fields

Selector specifying which fields to include in a partial response.

Type: string

validateOnly

Optional. Set as true to perform validations necessary for deletion, but not actually perform the action.

Type: boolean

delete_tag_value

Deletes a TagValue. The TagValue cannot have any bindings when it is deleted.

Parameters

tagValuesId (required)

Type: string

etag

Optional. The etag known to the client for the expected state of the TagValue. This is to be used for optimistic concurrency.

Type: string

fields

Selector specifying which fields to include in a partial response.

Type: string

validateOnly

Optional. Set as true to perform the validations necessary for deletion, but not actually perform the action.

Type: boolean

get_folder

Retrieves a Folder identified by the supplied resource name. Valid Folder resource names have the format folders/{folder_id} (for example, folders/1234). The caller must have resourcemanager.folders.get permission on the identified folder.

Parameters

foldersId (required)

Type: string

fields

Selector specifying which fields to include in a partial response.

Type: string

get_folder_iam_policy

Gets the access control policy for a Folder. The returned policy may be empty if no such policy or resource exists. The resource field should be the Folder's resource name, e.g. "folders/1234". The caller must have resourcemanager.folders.getIamPolicy permission on the identified folder.

Parameters

foldersId (required)

Type: string

$body

Request message for GetIamPolicy method.

Type: object

{
  "options" : {
    "requestedPolicyVersion" : "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
  }
}

fields

Selector specifying which fields to include in a partial response.

Type: string

get_lien

Retrieve a Lien by name. Callers of this method will require permission on the parent resource. For example, a Lien with a parent of projects/1234 requires permission resourcemanager.projects.get

Parameters

liensId (required)

Type: string

fields

Selector specifying which fields to include in a partial response.

Type: string

get_operation_state

Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.

Parameters

operationsId (required)

Type: string

fields

Selector specifying which fields to include in a partial response.

Type: string

get_org

Fetches an Organization resource identified by the specified resource name.

Parameters

organizationsId (required)

Type: string

fields

Selector specifying which fields to include in a partial response.

Type: string

get_org_iam_policy

Gets the access control policy for an Organization resource. May be empty if no such policy or resource exists. The resource field should be the organization's resource name, e.g. "organizations/123". Authorization requires the Google IAM permission resourcemanager.organizations.getIamPolicy on the specified organization

Parameters

organizationsId (required)

Type: string

$body

Request message for GetIamPolicy method.

Type: object

{
  "options" : {
    "requestedPolicyVersion" : "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
  }
}

fields

Selector specifying which fields to include in a partial response.

Type: string

get_project

Retrieves the Project identified by the specified name (for example, projects/415104041262). The caller must have read permissions for this Project.

Parameters

projectsId (required)

Type: string

fields

Selector specifying which fields to include in a partial response.

Type: string

get_project_iam_policy

Returns the IAM access control policy for the specified Project. Permission is denied if the policy or the resource does not exist.

Parameters

projectsId (required)

Type: string

$body

Request message for GetIamPolicy method.

Type: object

{
  "options" : {
    "requestedPolicyVersion" : "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
  }
}

fields

Selector specifying which fields to include in a partial response.

Type: string

get_tag_key

Retrieves a TagKey. This method will return PERMISSION_DENIED if the key does not exist or the user does not have permission to view it.

Parameters

tagKeysId (required)

Type: string

fields

Selector specifying which fields to include in a partial response.

Type: string

get_tag_key_iam_policy

Gets the access control policy for a TagKey. The returned policy may be empty if no such policy or resource exists. The resource field should be the TagKey's resource name. For example, "tagKeys/1234". The caller must have cloudresourcemanager.googleapis.com/tagKeys.getIamPolicy permission on the specified TagKey.

Parameters

tagKeysId (required)

Type: string

$body

Request message for GetIamPolicy method.

Type: object

{
  "options" : {
    "requestedPolicyVersion" : "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
  }
}

fields

Selector specifying which fields to include in a partial response.

Type: string

get_tag_value

Retrieves TagValue. If the TagValue or namespaced name does not exist, or if the user does not have permission to view it, this method will return PERMISSION_DENIED.

Parameters

tagValuesId (required)

Type: string

fields

Selector specifying which fields to include in a partial response.

Type: string

get_tag_value_iam_policy

Gets the access control policy for a TagValue. The returned policy may be empty if no such policy or resource exists. The resource field should be the TagValue's resource name. For example: tagValues/1234. The caller must have the cloudresourcemanager.googleapis.com/tagValues.getIamPolicy permission on the identified TagValue to get the access control policy.

Parameters

tagValuesId (required)

Type: string

$body

Request message for GetIamPolicy method.

Type: object

{
  "options" : {
    "requestedPolicyVersion" : "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
  }
}

fields

Selector specifying which fields to include in a partial response.

Type: string

list_folders

Lists the Folders that are direct descendants of supplied parent resource. List provides a strongly consistent view of the Folders underneath the specified parent resource. List returns Folders sorted based upon the (ascending) lexical ordering of their display_name. The caller must have resourcemanager.folders.list permission on the identified parent.

Parameters

fields

Selector specifying which fields to include in a partial response.

Type: string

parent

Required. The resource name of the Organization or Folder whose Folders are being listed. Must be of the form folders/{folder_id} or organizations/{org_id}. Access to this method is controlled by checking the resourcemanager.folders.list permission on the parent.

Type: string

showDeleted

Optional. Controls whether Folders in the DELETE_REQUESTED state should be returned. Defaults to false.

Type: boolean

list_liens

List all Liens applied to the parent resource. Callers of this method will require permission on the parent resource. For example, a Lien with a parent of projects/1234 requires permission resourcemanager.projects.get.

Parameters

fields

Selector specifying which fields to include in a partial response.

Type: string

parent

Required. The name of the resource to list all attached Liens. For example, projects/1234. (google.api.field_policy).resource_type annotation is not set since the parent depends on the meta api implementation. This field could be a project or other sub project resources.

Type: string

list_projects

Lists Projects that are direct children of the specified folder or organization resource. List provides a strongly consistent view of the Projects underneath the specified parent resource. List returns Projects sorted based upon the (ascending) lexical ordering of their display_name. The caller must have resourcemanager.projects.list permission on the identified parent.

Parameters

fields

Selector specifying which fields to include in a partial response.

Type: string

parent

Required. The name of the parent resource to list projects under. For example, setting this field to 'folders/1234' would list all projects directly under that folder.

Type: string

showDeleted

Optional. Indicate that Projects in the DELETE_REQUESTED state should also be returned. Normally only ACTIVE projects are returned.

Type: boolean

list_tag_bindings

Lists the TagBindings for the given cloud resource, as specified with parent. NOTE: The parent field is expected to be a full resource name: https://cloud.google.com/apis/design/resource_names#full_resource_name

Parameters

fields

Selector specifying which fields to include in a partial response.

Type: string

parent

Required. The full resource name of a resource for which you want to list existing TagBindings. E.g. "//cloudresourcemanager.googleapis.com/projects/123"

Type: string

list_tag_keys

Lists all TagKeys for a parent resource.

Parameters

fields

Selector specifying which fields to include in a partial response.

Type: string

parent

Required. The resource name of the new TagKey's parent. Must be of the form folders/{folder_id} or organizations/{org_id}.

Type: string

list_tag_values

Lists all TagValues for a specific TagKey.

Parameters

fields

Selector specifying which fields to include in a partial response.

Type: string

parent

Required. Resource name for TagKey, parent of the TagValues to be listed, in the format tagKeys/123.

Type: string

move_folder

Moves a Folder under a new resource parent. Returns an Operation which can be used to track the progress of the folder move workflow. Upon success the Operation.response field will be populated with the moved Folder. Upon failure, a FolderOperationError categorizing the failure cause will be returned - if the failure occurs synchronously then the FolderOperationError will be returned via the Status.details field and if it occurs asynchronously then the FolderOperation will be returned via the Operation.error field. In addition, the Operation.metadata field will be populated with a FolderOperation message as an aid to stateless clients. Folder moves will be rejected if they violate either the naming, height or fanout constraints described in the CreateFolder documentation. The caller must have resourcemanager.folders.move permission on the folder's current and proposed new parent.

Parameters

foldersId (required)

Type: string

$body

The MoveFolder request message.

Type: object

{
  "destinationParent" : "Required. The resource name of the Folder or Organization to reparent the folder under. Must be of the form `folders/{folder_id}` or `organizations/{org_id}`."
}

fields

Selector specifying which fields to include in a partial response.

Type: string

move_project

Move a Project under a new resource parent. Returns an operation which can be used to track the process of the Project move workflow. Upon success, the Operation.response field will be populated with the moved Project. The caller must have resourcemanager.projects.update permission on the Project and have resourcemanager.projects.move permission on the Project's current and proposed new parent.

Parameters

projectsId (required)

Type: string

$body

The request sent to MoveProject method.

Type: object

{
  "destinationParent" : "Required. The new parent to move the Project under."
}

fields

Selector specifying which fields to include in a partial response.

Type: string

patch_folder

Updates a Folder, changing its display_name. Changes to the folder display_name will be rejected if they violate either the display_name formatting rules or naming constraints described in the CreateFolder documentation. The Folder's display_name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be between 3 and 30 characters. This is captured by the regular expression: \p{L}\p{N}{1,28}[\p{L}\p{N}]. The caller must have resourcemanager.folders.update permission on the identified folder. If the update fails due to the unique name constraint then a PreconditionFailure explaining this violation will be returned in the Status.details field.

Parameters

foldersId (required)

Type: string

$body

A Folder in an Organization's resource hierarchy, used to organize that Organization's resources.

Type: object

{
  "parent" : "Required. The Folder's parent's resource name. Updates to the folder's parent must be performed via MoveFolder.",
  "deleteTime" : "Output only. Timestamp when the Folder was requested to be deleted.",
  "createTime" : "Output only. Timestamp when the Folder was created.",
  "displayName" : "The folder's display name. A folder's display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters. This is captured by the regular expression: `[\\p{L}\\p{N}]([\\p{L}\\p{N}_- ]{0,28}[\\p{L}\\p{N}])?`.",
  "name" : "Output only. The resource name of the Folder. Its format is `folders/{folder_id}`, for example: \"folders/1234\".",
  "updateTime" : "Output only. Timestamp when the Folder was last modified.",
  "etag" : "Output only. A checksum computed by the server based on the current value of the Folder resource. This may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.",
  "state" : "Output only. The lifecycle state of the folder. Updates to the state must be performed via DeleteFolder and UndeleteFolder."
}

fields

Selector specifying which fields to include in a partial response.

Type: string

updateMask

Required. Fields to be updated. Only the display_name can be updated.

Type: string

patch_project

Updates the attributes of the Project identified by the specified name (for example, projects/415104041262). At present this is only useful for updating the display_name and labels. Deleting all labels requires an update mask for labels field. The caller must have modify permissions for this Project.

Parameters

projectsId (required)

Type: string

$body

A Project is a high-level Google Cloud Platform entity. It is a container for ACLs, APIs, App Engine Apps, VMs, and other Google Cloud Platform resources.

Type: object

{
  "parent" : "Optional. A reference to a parent Resource. eg., `organizations/123` or `folders/876`.",
  "createTime" : "Output only. Creation time.",
  "deleteTime" : "Output only. The time at which this resource was requested for deletion.",
  "displayName" : "Optional. A user-assigned display name of the Project. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point. Example: `My Project`",
  "name" : "Output only. The unique resource name of the Project. It is an int64 generated number prefixed by \"projects/\". Example: `projects/415104041262`",
  "updateTime" : "Output only. The most recent time this resource was modified.",
  "etag" : "Output only. A checksum computed by the server based on the current value of the Project resource. This may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.",
  "state" : "Output only. The Project lifecycle state.",
  "projectId" : "Immutable. The unique, user-assigned id of the Project. It must be 6 to 30 lowercase ASCII letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited. Example: `tokyo-rain-123`",
  "labels" : "Optional. The labels associated with this Project. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: \\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?. Label values must be between 0 and 63 characters long and must conform to the regular expression (\\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?)?. No more than 256 labels can be associated with a given resource. Clients should store labels in a representation such as JSON that does not depend on specific characters being disallowed. Example: `\"myBusinessDimension\" : \"businessValue\"`"
}

fields

Selector specifying which fields to include in a partial response.

Type: string

updateMask

Optional. An update mask to selectively update fields.

Type: string

patch_tag_key

Updates the attributes of the TagKey resource.

Parameters

tagKeysId (required)

Type: string

$body

A TagKey, used to group a set of TagValues.

Type: object

{
  "parent" : "Immutable. The resource name of the new TagKey's parent. Must be of the form `organizations/{org_id}`.",
  "createTime" : "Output only. Creation time.",
  "name" : "Immutable. The resource name for a TagKey. Must be in the format `tagKeys/{tag_key_id}`, where `tag_key_id` is the generated numeric id for the TagKey.",
  "description" : "Optional. User-assigned description of the TagKey. Must not exceed 256 characters. Read-write.",
  "updateTime" : "Output only. Update time.",
  "etag" : "Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagKeyRequest for details.",
  "namespacedName" : "Output only. Immutable. Namespaced name of the TagKey.",
  "shortName" : "Required. Immutable. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between."
}

fields

Selector specifying which fields to include in a partial response.

Type: string

updateMask

Fields to be updated. The mask may only contain description or etag. If omitted entirely, both description and etag are assumed to be significant.

Type: string

validateOnly

Set as true to perform validations necessary for updating the resource, but not actually perform the action.

Type: boolean

patch_tag_value

Updates the attributes of the TagValue resource.

Parameters

tagValuesId (required)

Type: string

$body

A TagValue is a child of a particular TagKey. This is used to group cloud resources for the purpose of controlling them using policies.

Type: object

{
  "parent" : "Immutable. The resource name of the new TagValue's parent TagKey. Must be of the form `tagKeys/{tag_key_id}`.",
  "createTime" : "Output only. Creation time.",
  "name" : "Immutable. Resource name for TagValue in the format `tagValues/456`.",
  "description" : "Optional. User-assigned description of the TagValue. Must not exceed 256 characters. Read-write.",
  "etag" : "Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagValueRequest for details.",
  "updateTime" : "Output only. Update time.",
  "shortName" : "Required. Immutable. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.",
  "namespacedName" : "Output only. Namespaced name of the TagValue. Must be in the format `{organization_id}/{tag_key_short_name}/{short_name}`."
}

fields

Selector specifying which fields to include in a partial response.

Type: string

updateMask

Optional. Fields to be updated.

Type: string

validateOnly

Optional. True to perform validations necessary for updating the resource, but not actually perform the action.

Type: boolean

search_folder

Search for folders that match specific filter criteria. Search provides an eventually consistent view of the folders a user has access to which meet the specified filter criteria. This will only return folders on which the caller has the permission resourcemanager.folders.get.

Parameters

fields

Selector specifying which fields to include in a partial response.

Type: string

query

Optional. Search criteria used to select the Folders to return. If no search criteria is specified then all accessible folders will be returned. Query expressions can be used to restrict results based upon displayName, state and parent, where the operators = (:) NOT, AND and OR can be used along with the suffix wildcard symbol *. The displayName field in a query expression should use escaped quotes for values that include whitespace to prevent unexpected behavior. | Field | Description | |-------------------------|----------------------------------------| | displayName | Filters by displayName. | | parent | Filters by parent (e.g. folders/123). | | state, lifecycleState | Filters by state. | Some example queries are: * Query displayName=Test* returns Folder resources whose display name starts with "Test". * Query state=ACTIVE returns Folder resources with state set to ACTIVE. * Query parent=folders/123 returns Folder resources that have folders/123 as a parent resource. * Query parent=folders/123 AND state=ACTIVE returns active Folder resources that have folders/123 as a parent resource. * Query displayName=\\"Test String\\" returns Folder resources with display names that include both "Test" and "String".

Type: string

search_orgs

Searches Organization resources that are visible to the user and satisfy the specified filter. This method returns Organizations in an unspecified order. New Organizations do not necessarily appear at the end of the results, and may take a small amount of time to appear. Search will only return organizations on which the user has the permission resourcemanager.organizations.get

Parameters

fields

Selector specifying which fields to include in a partial response.

Type: string

query

Optional. An optional query string used to filter the Organizations to return in the response. Query rules are case-insensitive. | Field | Description | |------------------|--------------------------------------------| | directoryCustomerId, owner.directoryCustomerId | Filters by directory customer id. | | domain | Filters by domain. | Organizations may be queried by directoryCustomerId or by domain, where the domain is a G Suite domain, for example: * Query directorycustomerid:123456789 returns Organization resources with owner.directory_customer_id equal to 123456789. * Query domain:google.com returns Organization resources corresponding to the domain google.com.

Type: string

search_projects

Search for Projects that the caller has the resourcemanager.projects.get permission on and satisfy the specified query. This method returns Projects in an unspecified order. This method is eventually consistent with project mutations; this means that a newly created project may not appear in the results or recent updates to an existing project may not be reflected in the results. To retrieve the latest state of a project, use the GetProject method.

Parameters

fields

Selector specifying which fields to include in a partial response.

Type: string

query

Optional. A query string for searching for projects that the caller has resourcemanager.projects.get permission to. If multiple fields are included in the query, the it will return results that match any of the fields. Some eligible fields are: | Field | Description | |-------------------------|----------------------------------------------| | displayName, name | Filters by displayName. | | parent.type | Parent's type: folder or organization. | | parent.id | Parent's id number (e.g. 123) | | parent | Project's parent. (e.g. folders/123, organizations/) Prefer parent field over parent.id and parent.type. | | id, projectId | Filters by projectId. | | state, lifecycleState | Filters by state. | | labels | Filters by label name or value. | | labels. (where key is the name of a label) | Filters by label name. | Search expressions are case insensitive. Some examples queries: | Query | Description | |------------------|-----------------------------------------------------| | name:how | The project's name starts with "how". | | name:Howl | The project's name is Howl or howl. | | name:HOWL | Equivalent to above. | | NAME:howl | Equivalent to above. | | labels.color:* | The project has the label color. | | labels.color:red | The project's label color has the value red. | | labels.color:red labels.size:big | The project's label color has the value red and its label size has the value big. | If no query is specified, the call will return projects for which the user has the resourcemanager.projects.get permission.

Type: string

set_folder_iam_policy

Sets the access control policy on a Folder, replacing any existing policy. The resource field should be the Folder's resource name, e.g. "folders/1234". The caller must have resourcemanager.folders.setIamPolicy permission on the identified folder.

Parameters

foldersId (required)

Type: string

$body

Request message for SetIamPolicy method.

Type: object

{
  "updateMask" : "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: \"bindings, etag\"`",
  "policy" : {
    "bindings" : [ {
      "condition" : {
        "expression" : "Textual representation of an expression in Common Expression Language syntax.",
        "description" : "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.",
        "location" : "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.",
        "title" : "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression."
      },
      "role" : "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
      "members" : [ "string" ]
    } ],
    "etag" : "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.",
    "version" : "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
    "auditConfigs" : [ {
      "auditLogConfigs" : [ {
        "logType" : "The log type that this config enables.",
        "exemptedMembers" : [ "string" ]
      } ],
      "service" : "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services."
    } ]
  }
}

fields

Selector specifying which fields to include in a partial response.

Type: string

set_org_iam_policy

Sets the access control policy on an Organization resource. Replaces any existing policy. The resource field should be the organization's resource name, e.g. "organizations/123". Authorization requires the Google IAM permission resourcemanager.organizations.setIamPolicy on the specified organization

Parameters

organizationsId (required)

Type: string

$body

Request message for SetIamPolicy method.

Type: object

{
  "updateMask" : "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: \"bindings, etag\"`",
  "policy" : {
    "bindings" : [ {
      "condition" : {
        "expression" : "Textual representation of an expression in Common Expression Language syntax.",
        "description" : "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.",
        "location" : "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.",
        "title" : "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression."
      },
      "role" : "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
      "members" : [ "string" ]
    } ],
    "etag" : "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.",
    "version" : "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
    "auditConfigs" : [ {
      "auditLogConfigs" : [ {
        "logType" : "The log type that this config enables.",
        "exemptedMembers" : [ "string" ]
      } ],
      "service" : "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services."
    } ]
  }
}

fields

Selector specifying which fields to include in a partial response.

Type: string

set_project_iam_policy

Sets the IAM access control policy for the specified Project. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. NOTE: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. The following constraints apply when using setIamPolicy(): + Project does not support allUsers and allAuthenticatedUsers as members in a Binding of a Policy. + The owner role can be granted to a user, serviceAccount, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited via Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using setIamPolicy(). The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using setIamPolicy(); they must be sent only using the Cloud Platform Console. + Membership changes that leave the project without any owners that have accepted the Terms of Service (ToS) will be rejected. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling setIamPolicy() to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. + Calling this method requires enabling the App Engine Admin API.

Parameters

projectsId (required)

Type: string

$body

Request message for SetIamPolicy method.

Type: object

{
  "updateMask" : "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: \"bindings, etag\"`",
  "policy" : {
    "bindings" : [ {
      "condition" : {
        "expression" : "Textual representation of an expression in Common Expression Language syntax.",
        "description" : "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.",
        "location" : "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.",
        "title" : "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression."
      },
      "role" : "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
      "members" : [ "string" ]
    } ],
    "etag" : "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.",
    "version" : "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
    "auditConfigs" : [ {
      "auditLogConfigs" : [ {
        "logType" : "The log type that this config enables.",
        "exemptedMembers" : [ "string" ]
      } ],
      "service" : "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services."
    } ]
  }
}

fields

Selector specifying which fields to include in a partial response.

Type: string

set_tag_key_iam_policy

Sets the access control policy on a TagKey, replacing any existing policy. The resource field should be the TagKey's resource name. For example, "tagKeys/1234". The caller must have resourcemanager.tagKeys.setIamPolicy permission on the identified tagValue.

Parameters

tagKeysId (required)

Type: string

$body

Request message for SetIamPolicy method.

Type: object

{
  "updateMask" : "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: \"bindings, etag\"`",
  "policy" : {
    "bindings" : [ {
      "condition" : {
        "expression" : "Textual representation of an expression in Common Expression Language syntax.",
        "description" : "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.",
        "location" : "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.",
        "title" : "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression."
      },
      "role" : "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
      "members" : [ "string" ]
    } ],
    "etag" : "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.",
    "version" : "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
    "auditConfigs" : [ {
      "auditLogConfigs" : [ {
        "logType" : "The log type that this config enables.",
        "exemptedMembers" : [ "string" ]
      } ],
      "service" : "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services."
    } ]
  }
}

fields

Selector specifying which fields to include in a partial response.

Type: string

set_tag_values_iam_policy

Sets the access control policy on a TagValue, replacing any existing policy. The resource field should be the TagValue's resource name. For example: tagValues/1234. The caller must have resourcemanager.tagValues.setIamPolicy permission on the identified tagValue.

Parameters

tagValuesId (required)

Type: string

$body

Request message for SetIamPolicy method.

Type: object

{
  "updateMask" : "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: \"bindings, etag\"`",
  "policy" : {
    "bindings" : [ {
      "condition" : {
        "expression" : "Textual representation of an expression in Common Expression Language syntax.",
        "description" : "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.",
        "location" : "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.",
        "title" : "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression."
      },
      "role" : "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
      "members" : [ "string" ]
    } ],
    "etag" : "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.",
    "version" : "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
    "auditConfigs" : [ {
      "auditLogConfigs" : [ {
        "logType" : "The log type that this config enables.",
        "exemptedMembers" : [ "string" ]
      } ],
      "service" : "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services."
    } ]
  }
}

fields

Selector specifying which fields to include in a partial response.

Type: string

test_folder_iam_permissions

Returns permissions that a caller has on the specified Folder. The resource field should be the Folder's resource name, e.g. "folders/1234". There are no permissions required for making this API call.

Parameters

foldersId (required)

Type: string

$body

Request message for TestIamPermissions method.

Type: object

{
  "permissions" : [ "string" ]
}

fields

Selector specifying which fields to include in a partial response.

Type: string

test_org_iam_permissions

Returns permissions that a caller has on the specified Organization. The resource field should be the organization's resource name, e.g. "organizations/123". There are no permissions required for making this API call.

Parameters

organizationsId (required)

Type: string

$body

Request message for TestIamPermissions method.

Type: object

{
  "permissions" : [ "string" ]
}

fields

Selector specifying which fields to include in a partial response.

Type: string

test_project_iam_permissions

Returns permissions that a caller has on the specified Project.

Parameters

projectsId (required)

Type: string

$body

Request message for TestIamPermissions method.

Type: object

{
  "permissions" : [ "string" ]
}

fields

Selector specifying which fields to include in a partial response.

Type: string

test_tag_key_iam_permissions

Returns permissions that a caller has on the specified TagKey. The resource field should be the TagKey's resource name. For example, "tagKeys/1234". There are no permissions required for making this API call.

Parameters

tagKeysId (required)

Type: string

$body

Request message for TestIamPermissions method.

Type: object

{
  "permissions" : [ "string" ]
}

fields

Selector specifying which fields to include in a partial response.

Type: string

test_tag_value_iam_permissions

Returns permissions that a caller has on the specified TagValue. The resource field should be the TagValue's resource name. For example: tagValues/1234. There are no permissions required for making this API call.

Parameters

tagValuesId (required)

Type: string

$body

Request message for TestIamPermissions method.

Type: object

{
  "permissions" : [ "string" ]
}

fields

Selector specifying which fields to include in a partial response.

Type: string

undelete_folder

Cancels the deletion request for a Folder. This method may be called on a Folder in any state. If Folder is in ACTIVE state the result will be a no-op success. In order to succeed, the Folder's parent must be in the ACTIVE state. In addition, reintroducing the folder into the tree must not violate folder naming, height and fanout constraints described in the CreateFolder documentation. The caller must have resourcemanager.folders.undelete permission on the identified folder.

Parameters

foldersId (required)

Type: string

$body

The UndeleteFolder request message.

Type: object

{ }

fields

Selector specifying which fields to include in a partial response.

Type: string

undelete_project

Restores the Project identified by the specified name (for example, projects/415104041262). You can only use this method for a Project that has a lifecycle state of DELETE_REQUESTED. After deletion starts, the Project cannot be restored. The caller must have undelete permissions for this Project.

Parameters

projectsId (required)

Type: string

$body

The request sent to the UndeleteProject method.

Type: object

{ }

fields

Selector specifying which fields to include in a partial response.

Type: string