| <html><body> |
| <style> |
| |
| body, h1, h2, h3, div, span, p, pre, a { |
| margin: 0; |
| padding: 0; |
| border: 0; |
| font-weight: inherit; |
| font-style: inherit; |
| font-size: 100%; |
| font-family: inherit; |
| vertical-align: baseline; |
| } |
| |
| body { |
| font-size: 13px; |
| padding: 1em; |
| } |
| |
| h1 { |
| font-size: 26px; |
| margin-bottom: 1em; |
| } |
| |
| h2 { |
| font-size: 24px; |
| margin-bottom: 1em; |
| } |
| |
| h3 { |
| font-size: 20px; |
| margin-bottom: 1em; |
| margin-top: 1em; |
| } |
| |
| pre, code { |
| line-height: 1.5; |
| font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| } |
| |
| pre { |
| margin-top: 0.5em; |
| } |
| |
| h1, h2, h3, p { |
| font-family: Arial, sans serif; |
| } |
| |
| h1, h2, h3 { |
| border-bottom: solid #CCC 1px; |
| } |
| |
| .toc_element { |
| margin-top: 0.5em; |
| } |
| |
| .firstline { |
| margin-left: 2 em; |
| } |
| |
| .method { |
| margin-top: 1em; |
| border: solid 1px #CCC; |
| padding: 1em; |
| background: #EEE; |
| } |
| |
| .details { |
| font-weight: bold; |
| font-size: 14px; |
| } |
| |
| </style> |
| |
| <h1><a href="compute_alpha.html">Compute Engine API</a> . <a href="compute_alpha.images.html">images</a></h1> |
| <h2>Instance Methods</h2> |
| <p class="toc_element"> |
| <code><a href="#close">close()</a></code></p> |
| <p class="firstline">Close httplib2 connections.</p> |
| <p class="toc_element"> |
| <code><a href="#delete">delete(project, image, requestId=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Deletes the specified image.</p> |
| <p class="toc_element"> |
| <code><a href="#deprecate">deprecate(project, image, body=None, requestId=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Sets the deprecation status of an image.</p> |
| <p class="toc_element"> |
| <code><a href="#get">get(project, image, x__xgafv=None)</a></code></p> |
| <p class="firstline">Returns the specified image.</p> |
| <p class="toc_element"> |
| <code><a href="#getFromFamily">getFromFamily(project, family, x__xgafv=None)</a></code></p> |
| <p class="firstline">Returns the latest image that is part of an image family and is not</p> |
| <p class="toc_element"> |
| <code><a href="#getIamPolicy">getIamPolicy(project, resource, optionsRequestedPolicyVersion=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Gets the access control policy for a resource. May be empty if no such</p> |
| <p class="toc_element"> |
| <code><a href="#insert">insert(project, body=None, forceCreate=None, requestId=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Creates an image in the specified project using the data included</p> |
| <p class="toc_element"> |
| <code><a href="#list">list(project, filter=None, maxResults=None, orderBy=None, pageToken=None, returnPartialSuccess=None, x__xgafv=None, zone=None)</a></code></p> |
| <p class="firstline">Retrieves the list of custom images</p> |
| <p class="toc_element"> |
| <code><a href="#list_next">list_next()</a></code></p> |
| <p class="firstline">Retrieves the next page of results.</p> |
| <p class="toc_element"> |
| <code><a href="#patch">patch(project, image, body=None, requestId=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Patches the specified image with the data included in the request.</p> |
| <p class="toc_element"> |
| <code><a href="#setIamPolicy">setIamPolicy(project, resource, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Sets the access control policy on the specified resource.</p> |
| <p class="toc_element"> |
| <code><a href="#setLabels">setLabels(project, resource, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Sets the labels on an image. To learn more about labels, read theLabeling</p> |
| <p class="toc_element"> |
| <code><a href="#testIamPermissions">testIamPermissions(project, resource, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Returns permissions that a caller has on the specified resource.</p> |
| <h3>Method Details</h3> |
| <div class="method"> |
| <code class="details" id="close">close()</code> |
| <pre>Close httplib2 connections.</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="delete">delete(project, image, requestId=None, x__xgafv=None)</code> |
| <pre>Deletes the specified image. |
| |
| Args: |
| project: string, Project ID for this request. (required) |
| image: string, Name of the image resource to delete. (required) |
| requestId: string, An optional request ID to identify requests. Specify a unique request ID so |
| that if you must retry your request, the server will know to ignore the |
| request if it has already been completed. |
| |
| For example, consider a situation where you make an initial request and |
| the request times out. If you make the request again with the same |
| request ID, the server can check if original operation with the same |
| request ID was received, and if so, will ignore the second request. This |
| prevents clients from accidentally creating duplicate commitments. |
| |
| The request ID must be |
| a valid UUID with the exception that zero UUID is not supported |
| (00000000-0000-0000-0000-000000000000). |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Represents an Operation resource. |
| # |
| # Google Compute Engine has three Operation resources: |
| # |
| # * [Global](/compute/docs/reference/rest/alpha/globalOperations) |
| # * [Regional](/compute/docs/reference/rest/alpha/regionOperations) |
| # * [Zonal](/compute/docs/reference/rest/alpha/zoneOperations) |
| # |
| # You can use an operation resource to manage asynchronous API requests. |
| # For more information, readHandling |
| # API responses. |
| # |
| # Operations can be global, regional or zonal. |
| # |
| # - For global operations, use the `globalOperations` |
| # resource. |
| # - For regional operations, use the |
| # `regionOperations` resource. |
| # - For zonal operations, use |
| # the `zoneOperations` resource. |
| # |
| # |
| # |
| # For more information, read |
| # Global, Regional, and Zonal Resources. |
| # |
| # Note that completed Operation resources have a limited |
| # retention period. |
| "clientOperationId": "A String", # [Output Only] The value of `requestId` if you provided it in the request. |
| # Not present otherwise. |
| "creationTimestamp": "A String", # [Deprecated] This field is deprecated. |
| "description": "A String", # [Output Only] A textual description of the operation, which is |
| # set when the operation is created. |
| "endTime": "A String", # [Output Only] The time that this operation was completed. This value is inRFC3339 |
| # text format. |
| "error": { # [Output Only] If errors are generated during processing of the operation, |
| # this field will be populated. |
| "errors": [ # [Output Only] The array of errors encountered while processing this |
| # operation. |
| { |
| "code": "A String", # [Output Only] The error type identifier for this error. |
| "errorDetails": [ # [Output Only] An optional list of messages that contain the error |
| # details. There is a set of defined message types to use for providing |
| # details.The syntax depends on the error code. For example, |
| # QuotaExceededInfo will have details when the error code is |
| # QUOTA_EXCEEDED. |
| { |
| "errorInfo": { # Describes the cause of the error with structured details. |
| # |
| # Example of an error when contacting the "pubsub.googleapis.com" API when it |
| # is not enabled: |
| # |
| # { "reason": "API_DISABLED" |
| # "domain": "googleapis.com" |
| # "metadata": { |
| # "resource": "projects/123", |
| # "service": "pubsub.googleapis.com" |
| # } |
| # } |
| # |
| # This response indicates that the pubsub.googleapis.com API is not enabled. |
| # |
| # Example of an error that is returned when attempting to create a Spanner |
| # instance in a region that is out of stock: |
| # |
| # { "reason": "STOCKOUT" |
| # "domain": "spanner.googleapis.com", |
| # "metadata": { |
| # "availableRegions": "us-central1,us-east2" |
| # } |
| # } |
| "domain": "A String", # The logical grouping to which the "reason" belongs. The error domain |
| # is typically the registered service name of the tool or product that |
| # generates the error. Example: "pubsub.googleapis.com". If the error is |
| # generated by some common infrastructure, the error domain must be a |
| # globally unique value that identifies the infrastructure. For Google API |
| # infrastructure, the error domain is "googleapis.com". |
| "metadatas": { # Additional structured details about this error. |
| # |
| # Keys must match a regular expression of `a-z+` but should |
| # ideally be lowerCamelCase. Also, they must be limited to 64 characters in |
| # length. When identifying the current value of an exceeded limit, the units |
| # should be contained in the key, not the value. For example, rather than |
| # `{"instanceLimit": "100/request"}`, should be returned as, |
| # `{"instanceLimitPerRequest": "100"}`, if the client exceeds the number of |
| # instances that can be created in a single (batch) request. |
| "a_key": "A String", |
| }, |
| "reason": "A String", # The reason of the error. This is a constant value that identifies the |
| # proximate cause of the error. Error reasons are unique within a particular |
| # domain of errors. This should be at most 63 characters and match a |
| # regular expression of `A-Z+[A-Z0-9]`, which represents |
| # UPPER_SNAKE_CASE. |
| }, |
| "help": { # Provides links to documentation or for performing an out of band action. |
| # |
| # For example, if a quota check failed with an error indicating the calling |
| # project hasn't enabled the accessed service, this can contain a URL pointing |
| # directly to the right place in the developer console to flip the bit. |
| "links": [ # URL(s) pointing to additional information on handling the current error. |
| { # Describes a URL link. |
| "description": "A String", # Describes what the link offers. |
| "url": "A String", # The URL of the link. |
| }, |
| ], |
| }, |
| "localizedMessage": { # Provides a localized error message that is safe to return to the user |
| # which can be attached to an RPC error. |
| "locale": "A String", # The locale used following the specification defined at |
| # https://www.rfc-editor.org/rfc/bcp/bcp47.txt. |
| # Examples are: "en-US", "fr-CH", "es-MX" |
| "message": "A String", # The localized error message in the above locale. |
| }, |
| "quotaInfo": { # Additional details for quota exceeded error for resource quota. |
| "dimensions": { # The map holding related quota dimensions. |
| "a_key": "A String", |
| }, |
| "futureLimit": 3.14, # Future quota limit being rolled out. The limit's unit depends on the quota |
| # type or metric. |
| "limit": 3.14, # Current effective quota limit. The limit's unit depends on the quota type |
| # or metric. |
| "limitName": "A String", # The name of the quota limit. |
| "metricName": "A String", # The Compute Engine quota metric name. |
| "rolloutStatus": "A String", # Rollout status of the future quota limit. |
| }, |
| }, |
| ], |
| "location": "A String", # [Output Only] Indicates the field in the request that caused the error. |
| # This property is optional. |
| "message": "A String", # [Output Only] An optional, human-readable error message. |
| }, |
| ], |
| }, |
| "httpErrorMessage": "A String", # [Output Only] If the operation fails, this field contains the HTTP error |
| # message that was returned, such as `NOT FOUND`. |
| "httpErrorStatusCode": 42, # [Output Only] If the operation fails, this field contains the HTTP error |
| # status code that was returned. For example, a `404` means the |
| # resource was not found. |
| "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is |
| # defined by the server. |
| "insertTime": "A String", # [Output Only] The time that this operation was requested. |
| # This value is inRFC3339 |
| # text format. |
| "instancesBulkInsertOperationMetadata": { |
| "perLocationStatus": { # Status information per location (location name is key). |
| # Example key: zones/us-central1-a |
| "a_key": { |
| "createdVmCount": 42, # [Output Only] Count of VMs successfully created so far. |
| "deletedVmCount": 42, # [Output Only] Count of VMs that got deleted during rollback. |
| "failedToCreateVmCount": 42, # [Output Only] Count of VMs that started creating but encountered an |
| # error. |
| "status": "A String", # [Output Only] Creation status of BulkInsert operation - information |
| # if the flow is rolling forward or rolling back. |
| "targetVmCount": 42, # [Output Only] Count of VMs originally planned to be created. |
| }, |
| }, |
| }, |
| "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for |
| # Operation resources. |
| "name": "A String", # [Output Only] Name of the operation. |
| "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a |
| # group of operations results from a `bulkInsert` API request. |
| "operationType": "A String", # [Output Only] The type of operation, such as `insert`, |
| # `update`, or `delete`, and so on. |
| "progress": 42, # [Output Only] An optional progress indicator that ranges from 0 to 100. |
| # There is no requirement that this be linear or support any granularity of |
| # operations. This should not be used to guess when the operation will be |
| # complete. This number should monotonically increase as the operation |
| # progresses. |
| "region": "A String", # [Output Only] The URL of the region where the operation resides. Only |
| # applicable when performing regional operations. |
| "selfLink": "A String", # [Output Only] Server-defined URL for the resource. |
| "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource with the resource id. |
| "setCommonInstanceMetadataOperationMetadata": { # [Output Only] If the operation is for projects.setCommonInstanceMetadata, |
| # this field will contain information on all underlying zonal actions and |
| # their state. |
| "clientOperationId": "A String", # [Output Only] The client operation id. |
| "perLocationOperations": { # [Output Only] Status information per location (location name is key). |
| # Example key: zones/us-central1-a |
| "a_key": { |
| "error": { # The `Status` type defines a logical error model that is suitable for # [Output Only] If state is `ABANDONED` or `FAILED`, this field is |
| # populated. |
| # different programming environments, including REST APIs and RPC APIs. It is |
| # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| # three pieces of data: error code, error message, and error details. |
| # |
| # You can find out more about this error model and how to work with it in the |
| # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| "details": [ # A list of messages that carry the error details. There is a common set of |
| # message types for APIs to use. |
| { |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| ], |
| "message": "A String", # A developer-facing error message, which should be in English. Any |
| # user-facing error message should be localized and sent in the |
| # google.rpc.Status.details field, or localized by the client. |
| }, |
| "state": "A String", # [Output Only] Status of the action, which can be one of the following: |
| # `PROPAGATING`, `PROPAGATED`, `ABANDONED`, `FAILED`, or `DONE`. |
| }, |
| }, |
| }, |
| "startTime": "A String", # [Output Only] The time that this operation was started by the server. |
| # This value is inRFC3339 |
| # text format. |
| "status": "A String", # [Output Only] The status of the operation, which can be one of the |
| # following: |
| # `PENDING`, `RUNNING`, or `DONE`. |
| "statusMessage": "A String", # [Output Only] An optional textual description of the current status of the |
| # operation. |
| "targetId": "A String", # [Output Only] The unique target ID, which identifies a specific incarnation |
| # of the target resource. |
| "targetLink": "A String", # [Output Only] The URL of the resource that the operation modifies. For |
| # operations related to creating a snapshot, this points to the disk |
| # that the snapshot was created from. |
| "user": "A String", # [Output Only] User who requested the operation, for example: |
| # `[email protected]` or |
| # `alice_smith_identifier (global/workforcePools/example-com-us-employees)`. |
| "warnings": [ # [Output Only] If warning messages are generated during processing of the |
| # operation, this field will be populated. |
| { |
| "code": "A String", # [Output Only] A warning code, if applicable. For example, Compute |
| # Engine returns NO_RESULTS_ON_PAGE if there |
| # are no results in the response. |
| "data": [ # [Output Only] Metadata about this warning in key: |
| # value format. For example: |
| # |
| # "data": [ |
| # { |
| # "key": "scope", |
| # "value": "zones/us-east1-d" |
| # } |
| { |
| "key": "A String", # [Output Only] A key that provides more detail on the warning being |
| # returned. For example, for warnings where there are no results in a list |
| # request for a particular zone, this key might be scope and |
| # the key value might be the zone name. Other examples might be a key |
| # indicating a deprecated resource and a suggested replacement, or a |
| # warning about invalid network settings (for example, if an instance |
| # attempts to perform IP forwarding but is not enabled for IP forwarding). |
| "value": "A String", # [Output Only] A warning data value corresponding to the key. |
| }, |
| ], |
| "message": "A String", # [Output Only] A human-readable description of the warning code. |
| }, |
| ], |
| "zone": "A String", # [Output Only] The URL of the zone where the operation resides. Only |
| # applicable when performing per-zone operations. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="deprecate">deprecate(project, image, body=None, requestId=None, x__xgafv=None)</code> |
| <pre>Sets the deprecation status of an image. |
| |
| If an empty request body is given, clears the deprecation status instead. |
| |
| Args: |
| project: string, Project ID for this request. (required) |
| image: string, Image name. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Deprecation status for a public resource. |
| "deleted": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to DELETED. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "deprecated": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to DEPRECATED. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "obsolete": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to OBSOLETE. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "replacement": "A String", # The URL of the suggested replacement for a deprecated resource. |
| # The suggested replacement resource must be the same kind of resource as the |
| # deprecated resource. |
| "state": "A String", # The deprecation state of this resource. This can be ACTIVE,DEPRECATED, OBSOLETE, or DELETED. |
| # Operations which communicate the end of life date for an image, can useACTIVE. Operations which create a new resource using aDEPRECATED resource will return successfully, but with a |
| # warning indicating the deprecated resource and recommending its |
| # replacement. Operations which use OBSOLETE orDELETED resources will be rejected and result in an error. |
| "stateOverride": { # A rollout policy configuration. # The rollout policy for this deprecation. This policy is only enforced by |
| # image family views. The rollout policy restricts the zones where the |
| # associated resource is considered in a deprecated state. When the rollout |
| # policy does not include the user specified zone, or if the zone is rolled |
| # out, the associated resource is considered in a deprecated state. |
| # |
| # The rollout policy for this deprecation is read-only, except for |
| # allowlisted users. This field might not be configured. To view the latest |
| # non-deprecated image in a specific zone, use theimageFamilyViews.get method. |
| "defaultRolloutTime": "A String", # An optional RFC3339 timestamp on or after which the update is |
| # considered rolled out to any zone that is not explicitly stated. |
| "locationRolloutPolicies": { # Location based rollout policies to apply to the resource. |
| # |
| # Currently only zone names are supported and must be represented |
| # as valid URLs, like: zones/us-central1-a. |
| # |
| # The value expects an RFC3339 timestamp on or after which the update is |
| # considered rolled out to the specified location. |
| "a_key": "A String", |
| }, |
| }, |
| } |
| |
| requestId: string, An optional request ID to identify requests. Specify a unique request ID so |
| that if you must retry your request, the server will know to ignore the |
| request if it has already been completed. |
| |
| For example, consider a situation where you make an initial request and |
| the request times out. If you make the request again with the same |
| request ID, the server can check if original operation with the same |
| request ID was received, and if so, will ignore the second request. This |
| prevents clients from accidentally creating duplicate commitments. |
| |
| The request ID must be |
| a valid UUID with the exception that zero UUID is not supported |
| (00000000-0000-0000-0000-000000000000). |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Represents an Operation resource. |
| # |
| # Google Compute Engine has three Operation resources: |
| # |
| # * [Global](/compute/docs/reference/rest/alpha/globalOperations) |
| # * [Regional](/compute/docs/reference/rest/alpha/regionOperations) |
| # * [Zonal](/compute/docs/reference/rest/alpha/zoneOperations) |
| # |
| # You can use an operation resource to manage asynchronous API requests. |
| # For more information, readHandling |
| # API responses. |
| # |
| # Operations can be global, regional or zonal. |
| # |
| # - For global operations, use the `globalOperations` |
| # resource. |
| # - For regional operations, use the |
| # `regionOperations` resource. |
| # - For zonal operations, use |
| # the `zoneOperations` resource. |
| # |
| # |
| # |
| # For more information, read |
| # Global, Regional, and Zonal Resources. |
| # |
| # Note that completed Operation resources have a limited |
| # retention period. |
| "clientOperationId": "A String", # [Output Only] The value of `requestId` if you provided it in the request. |
| # Not present otherwise. |
| "creationTimestamp": "A String", # [Deprecated] This field is deprecated. |
| "description": "A String", # [Output Only] A textual description of the operation, which is |
| # set when the operation is created. |
| "endTime": "A String", # [Output Only] The time that this operation was completed. This value is inRFC3339 |
| # text format. |
| "error": { # [Output Only] If errors are generated during processing of the operation, |
| # this field will be populated. |
| "errors": [ # [Output Only] The array of errors encountered while processing this |
| # operation. |
| { |
| "code": "A String", # [Output Only] The error type identifier for this error. |
| "errorDetails": [ # [Output Only] An optional list of messages that contain the error |
| # details. There is a set of defined message types to use for providing |
| # details.The syntax depends on the error code. For example, |
| # QuotaExceededInfo will have details when the error code is |
| # QUOTA_EXCEEDED. |
| { |
| "errorInfo": { # Describes the cause of the error with structured details. |
| # |
| # Example of an error when contacting the "pubsub.googleapis.com" API when it |
| # is not enabled: |
| # |
| # { "reason": "API_DISABLED" |
| # "domain": "googleapis.com" |
| # "metadata": { |
| # "resource": "projects/123", |
| # "service": "pubsub.googleapis.com" |
| # } |
| # } |
| # |
| # This response indicates that the pubsub.googleapis.com API is not enabled. |
| # |
| # Example of an error that is returned when attempting to create a Spanner |
| # instance in a region that is out of stock: |
| # |
| # { "reason": "STOCKOUT" |
| # "domain": "spanner.googleapis.com", |
| # "metadata": { |
| # "availableRegions": "us-central1,us-east2" |
| # } |
| # } |
| "domain": "A String", # The logical grouping to which the "reason" belongs. The error domain |
| # is typically the registered service name of the tool or product that |
| # generates the error. Example: "pubsub.googleapis.com". If the error is |
| # generated by some common infrastructure, the error domain must be a |
| # globally unique value that identifies the infrastructure. For Google API |
| # infrastructure, the error domain is "googleapis.com". |
| "metadatas": { # Additional structured details about this error. |
| # |
| # Keys must match a regular expression of `a-z+` but should |
| # ideally be lowerCamelCase. Also, they must be limited to 64 characters in |
| # length. When identifying the current value of an exceeded limit, the units |
| # should be contained in the key, not the value. For example, rather than |
| # `{"instanceLimit": "100/request"}`, should be returned as, |
| # `{"instanceLimitPerRequest": "100"}`, if the client exceeds the number of |
| # instances that can be created in a single (batch) request. |
| "a_key": "A String", |
| }, |
| "reason": "A String", # The reason of the error. This is a constant value that identifies the |
| # proximate cause of the error. Error reasons are unique within a particular |
| # domain of errors. This should be at most 63 characters and match a |
| # regular expression of `A-Z+[A-Z0-9]`, which represents |
| # UPPER_SNAKE_CASE. |
| }, |
| "help": { # Provides links to documentation or for performing an out of band action. |
| # |
| # For example, if a quota check failed with an error indicating the calling |
| # project hasn't enabled the accessed service, this can contain a URL pointing |
| # directly to the right place in the developer console to flip the bit. |
| "links": [ # URL(s) pointing to additional information on handling the current error. |
| { # Describes a URL link. |
| "description": "A String", # Describes what the link offers. |
| "url": "A String", # The URL of the link. |
| }, |
| ], |
| }, |
| "localizedMessage": { # Provides a localized error message that is safe to return to the user |
| # which can be attached to an RPC error. |
| "locale": "A String", # The locale used following the specification defined at |
| # https://www.rfc-editor.org/rfc/bcp/bcp47.txt. |
| # Examples are: "en-US", "fr-CH", "es-MX" |
| "message": "A String", # The localized error message in the above locale. |
| }, |
| "quotaInfo": { # Additional details for quota exceeded error for resource quota. |
| "dimensions": { # The map holding related quota dimensions. |
| "a_key": "A String", |
| }, |
| "futureLimit": 3.14, # Future quota limit being rolled out. The limit's unit depends on the quota |
| # type or metric. |
| "limit": 3.14, # Current effective quota limit. The limit's unit depends on the quota type |
| # or metric. |
| "limitName": "A String", # The name of the quota limit. |
| "metricName": "A String", # The Compute Engine quota metric name. |
| "rolloutStatus": "A String", # Rollout status of the future quota limit. |
| }, |
| }, |
| ], |
| "location": "A String", # [Output Only] Indicates the field in the request that caused the error. |
| # This property is optional. |
| "message": "A String", # [Output Only] An optional, human-readable error message. |
| }, |
| ], |
| }, |
| "httpErrorMessage": "A String", # [Output Only] If the operation fails, this field contains the HTTP error |
| # message that was returned, such as `NOT FOUND`. |
| "httpErrorStatusCode": 42, # [Output Only] If the operation fails, this field contains the HTTP error |
| # status code that was returned. For example, a `404` means the |
| # resource was not found. |
| "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is |
| # defined by the server. |
| "insertTime": "A String", # [Output Only] The time that this operation was requested. |
| # This value is inRFC3339 |
| # text format. |
| "instancesBulkInsertOperationMetadata": { |
| "perLocationStatus": { # Status information per location (location name is key). |
| # Example key: zones/us-central1-a |
| "a_key": { |
| "createdVmCount": 42, # [Output Only] Count of VMs successfully created so far. |
| "deletedVmCount": 42, # [Output Only] Count of VMs that got deleted during rollback. |
| "failedToCreateVmCount": 42, # [Output Only] Count of VMs that started creating but encountered an |
| # error. |
| "status": "A String", # [Output Only] Creation status of BulkInsert operation - information |
| # if the flow is rolling forward or rolling back. |
| "targetVmCount": 42, # [Output Only] Count of VMs originally planned to be created. |
| }, |
| }, |
| }, |
| "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for |
| # Operation resources. |
| "name": "A String", # [Output Only] Name of the operation. |
| "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a |
| # group of operations results from a `bulkInsert` API request. |
| "operationType": "A String", # [Output Only] The type of operation, such as `insert`, |
| # `update`, or `delete`, and so on. |
| "progress": 42, # [Output Only] An optional progress indicator that ranges from 0 to 100. |
| # There is no requirement that this be linear or support any granularity of |
| # operations. This should not be used to guess when the operation will be |
| # complete. This number should monotonically increase as the operation |
| # progresses. |
| "region": "A String", # [Output Only] The URL of the region where the operation resides. Only |
| # applicable when performing regional operations. |
| "selfLink": "A String", # [Output Only] Server-defined URL for the resource. |
| "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource with the resource id. |
| "setCommonInstanceMetadataOperationMetadata": { # [Output Only] If the operation is for projects.setCommonInstanceMetadata, |
| # this field will contain information on all underlying zonal actions and |
| # their state. |
| "clientOperationId": "A String", # [Output Only] The client operation id. |
| "perLocationOperations": { # [Output Only] Status information per location (location name is key). |
| # Example key: zones/us-central1-a |
| "a_key": { |
| "error": { # The `Status` type defines a logical error model that is suitable for # [Output Only] If state is `ABANDONED` or `FAILED`, this field is |
| # populated. |
| # different programming environments, including REST APIs and RPC APIs. It is |
| # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| # three pieces of data: error code, error message, and error details. |
| # |
| # You can find out more about this error model and how to work with it in the |
| # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| "details": [ # A list of messages that carry the error details. There is a common set of |
| # message types for APIs to use. |
| { |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| ], |
| "message": "A String", # A developer-facing error message, which should be in English. Any |
| # user-facing error message should be localized and sent in the |
| # google.rpc.Status.details field, or localized by the client. |
| }, |
| "state": "A String", # [Output Only] Status of the action, which can be one of the following: |
| # `PROPAGATING`, `PROPAGATED`, `ABANDONED`, `FAILED`, or `DONE`. |
| }, |
| }, |
| }, |
| "startTime": "A String", # [Output Only] The time that this operation was started by the server. |
| # This value is inRFC3339 |
| # text format. |
| "status": "A String", # [Output Only] The status of the operation, which can be one of the |
| # following: |
| # `PENDING`, `RUNNING`, or `DONE`. |
| "statusMessage": "A String", # [Output Only] An optional textual description of the current status of the |
| # operation. |
| "targetId": "A String", # [Output Only] The unique target ID, which identifies a specific incarnation |
| # of the target resource. |
| "targetLink": "A String", # [Output Only] The URL of the resource that the operation modifies. For |
| # operations related to creating a snapshot, this points to the disk |
| # that the snapshot was created from. |
| "user": "A String", # [Output Only] User who requested the operation, for example: |
| # `[email protected]` or |
| # `alice_smith_identifier (global/workforcePools/example-com-us-employees)`. |
| "warnings": [ # [Output Only] If warning messages are generated during processing of the |
| # operation, this field will be populated. |
| { |
| "code": "A String", # [Output Only] A warning code, if applicable. For example, Compute |
| # Engine returns NO_RESULTS_ON_PAGE if there |
| # are no results in the response. |
| "data": [ # [Output Only] Metadata about this warning in key: |
| # value format. For example: |
| # |
| # "data": [ |
| # { |
| # "key": "scope", |
| # "value": "zones/us-east1-d" |
| # } |
| { |
| "key": "A String", # [Output Only] A key that provides more detail on the warning being |
| # returned. For example, for warnings where there are no results in a list |
| # request for a particular zone, this key might be scope and |
| # the key value might be the zone name. Other examples might be a key |
| # indicating a deprecated resource and a suggested replacement, or a |
| # warning about invalid network settings (for example, if an instance |
| # attempts to perform IP forwarding but is not enabled for IP forwarding). |
| "value": "A String", # [Output Only] A warning data value corresponding to the key. |
| }, |
| ], |
| "message": "A String", # [Output Only] A human-readable description of the warning code. |
| }, |
| ], |
| "zone": "A String", # [Output Only] The URL of the zone where the operation resides. Only |
| # applicable when performing per-zone operations. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="get">get(project, image, x__xgafv=None)</code> |
| <pre>Returns the specified image. |
| |
| Args: |
| project: string, Project ID for this request. (required) |
| image: string, Name of the image resource to return. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Represents an Image resource. |
| # |
| # You can use images to create boot disks for your VM instances. |
| # For more information, read Images. |
| "architecture": "A String", # The architecture of the image. Valid values are |
| # ARM64 or X86_64. |
| "archiveSizeBytes": "A String", # Size of the image tar.gz archive stored in Google Cloud |
| # Storage (in bytes). |
| "creationTimestamp": "A String", # [Output Only] Creation timestamp inRFC3339 |
| # text format. |
| "deprecated": { # Deprecation status for a public resource. # The deprecation status associated with this image. |
| "deleted": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to DELETED. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "deprecated": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to DEPRECATED. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "obsolete": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to OBSOLETE. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "replacement": "A String", # The URL of the suggested replacement for a deprecated resource. |
| # The suggested replacement resource must be the same kind of resource as the |
| # deprecated resource. |
| "state": "A String", # The deprecation state of this resource. This can be ACTIVE,DEPRECATED, OBSOLETE, or DELETED. |
| # Operations which communicate the end of life date for an image, can useACTIVE. Operations which create a new resource using aDEPRECATED resource will return successfully, but with a |
| # warning indicating the deprecated resource and recommending its |
| # replacement. Operations which use OBSOLETE orDELETED resources will be rejected and result in an error. |
| "stateOverride": { # A rollout policy configuration. # The rollout policy for this deprecation. This policy is only enforced by |
| # image family views. The rollout policy restricts the zones where the |
| # associated resource is considered in a deprecated state. When the rollout |
| # policy does not include the user specified zone, or if the zone is rolled |
| # out, the associated resource is considered in a deprecated state. |
| # |
| # The rollout policy for this deprecation is read-only, except for |
| # allowlisted users. This field might not be configured. To view the latest |
| # non-deprecated image in a specific zone, use theimageFamilyViews.get method. |
| "defaultRolloutTime": "A String", # An optional RFC3339 timestamp on or after which the update is |
| # considered rolled out to any zone that is not explicitly stated. |
| "locationRolloutPolicies": { # Location based rollout policies to apply to the resource. |
| # |
| # Currently only zone names are supported and must be represented |
| # as valid URLs, like: zones/us-central1-a. |
| # |
| # The value expects an RFC3339 timestamp on or after which the update is |
| # considered rolled out to the specified location. |
| "a_key": "A String", |
| }, |
| }, |
| }, |
| "description": "A String", # An optional description of this resource. Provide this property when you |
| # create the resource. |
| "diskSizeGb": "A String", # Size of the image when restored onto a persistent disk (in GB). |
| "enableConfidentialCompute": True or False, # Whether this image is created from a confidential compute mode disk. |
| # [Output Only]: This field is not set by user, but from source disk. |
| "family": "A String", # The name of the image family to which this image belongs. The image |
| # family name can be from a publicly managed image family provided by |
| # Compute Engine, or from a custom image family you create. For example,centos-stream-9 is a publicly available image family. |
| # For more information, see Image |
| # family best practices. |
| # |
| # When creating disks, you can specify an image family instead of a specific |
| # image name. The image family always returns its latest image that is not |
| # deprecated. The name of the image family must comply with RFC1035. |
| "guestOsFeatures": [ # A list of features to enable on the guest operating system. Applicable |
| # only for bootable images. To see a list of available options, see theguestOSfeatures[].type parameter. |
| { # Guest OS features. |
| "type": "A String", # The ID of a supported feature. To add multiple values, use commas to |
| # separate values. Set to one or more of the following values: |
| # |
| # - VIRTIO_SCSI_MULTIQUEUE |
| # - WINDOWS |
| # - MULTI_IP_SUBNET |
| # - UEFI_COMPATIBLE |
| # - GVNIC |
| # - SEV_CAPABLE |
| # - SUSPEND_RESUME_COMPATIBLE |
| # - SEV_LIVE_MIGRATABLE_V2 |
| # - SEV_SNP_CAPABLE |
| # - TDX_CAPABLE |
| # - IDPF |
| # - SNP_SVSM_CAPABLE |
| # |
| # |
| # For more information, see |
| # Enabling guest operating system features. |
| }, |
| ], |
| "id": "A String", # [Output Only] The unique identifier for the resource. This identifier is |
| # defined by the server. |
| "imageEncryptionKey": { # Encrypts the image using acustomer-supplied |
| # encryption key. |
| # |
| # After you encrypt an image with a customer-supplied key, you must provide |
| # the same key if you use the image later (e.g. to create a disk from |
| # the image). |
| # |
| # Customer-supplied encryption keys do not protect access to metadata |
| # of the disk. |
| # |
| # If you do not provide an encryption key when creating the image, then the |
| # disk will be encrypted using an automatically generated key and you do not |
| # need to provide a key to use the image later. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "kind": "compute#image", # [Output Only] Type of the resource. Always compute#image for |
| # images. |
| "labelFingerprint": "A String", # A fingerprint for the labels being applied to this image, which is |
| # essentially a hash of the labels used for optimistic locking. The |
| # fingerprint is initially generated by Compute Engine and changes after |
| # every request to modify or update labels. You must always provide an |
| # up-to-date fingerprint hash in order to update or change labels, |
| # otherwise the request will fail with error412 conditionNotMet. |
| # |
| # To see the latest fingerprint, make a get() request to |
| # retrieve an image. |
| "labels": { # Labels to apply to this image. These can be later modified by |
| # the setLabels method. |
| "a_key": "A String", |
| }, |
| "licenseCodes": [ # Integer license codes indicating which licenses are attached to this image. |
| "A String", |
| ], |
| "licenses": [ # Any applicable license URI. |
| "A String", |
| ], |
| "locked": True or False, # A flag for marketplace VM disk created from the image, which is designed |
| # for marketplace VM disk to prevent the proprietary data on the disk from |
| # being accessed unwantedly. The flag will be inherited by the disk created |
| # from the image. |
| # |
| # The disk with locked flag set to true will be prohibited from performing |
| # the operations below: |
| # |
| # - R/W or R/O disk attach |
| # - Disk detach, if disk is created via create-on-create |
| # - Create images |
| # - Create snapshots |
| # - Create disk clone (create disk from the current disk) |
| # |
| # |
| # |
| # The image with the locked field set to true will be prohibited from |
| # performing the operations below: |
| # |
| # - Create images from the current image |
| # - Update the locked field for the current image |
| # |
| # |
| # |
| # The instance with at least one disk with locked flag set to true will be |
| # prohibited from performing the operations below: |
| # |
| # - Secondary disk attach |
| # - Create instant snapshot |
| # - Create machine images |
| # - Create instance template |
| # - Delete the instance with --keep-disk parameter set to true |
| "name": "A String", # Name of the resource; provided by the client when the resource is created. |
| # The name must be 1-63 characters long, and comply withRFC1035. |
| # Specifically, the name must be 1-63 characters long and match the regular |
| # expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first |
| # character must be a lowercase letter, and all following characters must be |
| # a dash, lowercase letter, or digit, except the last character, which cannot |
| # be a dash. |
| "params": { # Additional image params. # Input only. [Input Only] Additional params passed with the request, but not persisted |
| # as part of resource payload. |
| "resourceManagerTags": { # Resource manager tags to be bound to the image. Tag keys and values have |
| # the same definition as resource |
| # manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and |
| # values are in the format `tagValues/456`. The field is ignored (both PUT & |
| # PATCH) when empty. |
| "a_key": "A String", |
| }, |
| }, |
| "rawDisk": { # The parameters of the raw disk image. |
| "containerType": "A String", # The format used to encode and transmit the block device, which should beTAR. This is just a container and transmission format and not |
| # a runtime format. Provided by the client when the disk image is created. |
| "sha1Checksum": "A String", # [Deprecated] This field is deprecated. |
| # An optional SHA1 checksum of the disk image before unpackaging provided |
| # by the client when the disk image is created. |
| "source": "A String", # The full Google Cloud Storage URL where the raw disk image archive is |
| # stored. |
| # The following are valid formats for the URL: |
| # |
| # - https://storage.googleapis.com/bucket_name/image_archive_name |
| # - https://storage.googleapis.com/bucket_name/folder_name/image_archive_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| }, |
| "rolloutOverride": { # A rollout policy configuration. # A rollout policy to apply to this image. When specified, the rollout policy |
| # overrides per-zone references to the image via the associated image family. |
| # The rollout policy restricts the zones where this image is accessible when |
| # using a zonal image family reference. When the rollout policy does not |
| # include the user specified zone, or if the zone is rolled out, this image |
| # is accessible. |
| # |
| # The rollout policy for this image is read-only, except for allowlisted |
| # users. This field might not be configured. To view the latest |
| # non-deprecated image in a specific zone, use theimageFamilyViews.get method. |
| "defaultRolloutTime": "A String", # An optional RFC3339 timestamp on or after which the update is |
| # considered rolled out to any zone that is not explicitly stated. |
| "locationRolloutPolicies": { # Location based rollout policies to apply to the resource. |
| # |
| # Currently only zone names are supported and must be represented |
| # as valid URLs, like: zones/us-central1-a. |
| # |
| # The value expects an RFC3339 timestamp on or after which the update is |
| # considered rolled out to the specified location. |
| "a_key": "A String", |
| }, |
| }, |
| "satisfiesPzi": True or False, # Output only. Reserved for future use. |
| "satisfiesPzs": True or False, # [Output Only] Reserved for future use. |
| "selfLink": "A String", # [Output Only] Server-defined URL for the resource. |
| "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource's resource id. |
| "shieldedInstanceInitialState": { # Initial State for shielded instance, # Set the secure boot keys of shielded instance. |
| # these are public keys which are safe to store in public |
| "dbs": [ # The Key Database (db). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "dbxs": [ # The forbidden key database (dbx). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "keks": [ # The Key Exchange Key (KEK). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "pk": { # The Platform Key (PK). |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| }, |
| "sourceDisk": "A String", # URL of the source disk used to create this image. |
| # For example, the following are valid values: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project/zones/zone/disks/disk |
| # - projects/project/zones/zone/disks/disk |
| # - zones/zone/disks/disk |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceDiskEncryptionKey": { # Thecustomer-supplied |
| # encryption key of the source disk. Required if the source disk is |
| # protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceDiskId": "A String", # [Output Only] |
| # The ID value of the disk used to create this image. This value may be used |
| # to determine whether the image was taken from the current or a previous |
| # instance of a given disk name. |
| "sourceImage": "A String", # URL of the source image used to create this image. |
| # The following are valid formats for the URL: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project_id/global/ |
| # images/image_name |
| # - projects/project_id/global/images/image_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceImageEncryptionKey": { # The customer-supplied encryption key of the source image. Required if the |
| # source image is protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceImageId": "A String", # [Output Only] |
| # The ID value of the image used to create this image. This value may be used |
| # to determine whether the image was taken from the current or a previous |
| # instance of a given image name. |
| "sourceSnapshot": "A String", # URL of the source snapshot used to create this image. |
| # The following are valid formats for the URL: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project_id/global/ |
| # snapshots/snapshot_name |
| # - projects/project_id/global/snapshots/snapshot_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceSnapshotEncryptionKey": { # The customer-supplied encryption key of the source snapshot. Required if |
| # the source snapshot is protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceSnapshotId": "A String", # [Output Only] |
| # The ID value of the snapshot used to create this image. This value may be |
| # used to determine whether the snapshot was taken from the current or a |
| # previous instance of a given snapshot name. |
| "sourceType": "RAW", # The type of the image used to create this disk. The |
| # default and only valid value is RAW. |
| "status": "A String", # [Output Only] The status of the image. An image can be used to create other |
| # resources, such as instances, only after the image has been successfully |
| # created and the status is set to READY. Possible |
| # values are FAILED, PENDING, orREADY. |
| "storageLocations": [ # Cloud Storage bucket storage location of the image (regional or |
| # multi-regional). |
| "A String", |
| ], |
| "userLicenses": [ # A list of publicly visible user-licenses. Unlike regular licenses, user |
| # provided licenses can be modified after the disk is created. This includes |
| # a list of URLs to the license resource. For example, to provide a debian |
| # license: |
| # |
| # https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-9-stretch |
| "A String", |
| ], |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="getFromFamily">getFromFamily(project, family, x__xgafv=None)</code> |
| <pre>Returns the latest image that is part of an image family and is not |
| deprecated. For more information on image families, seePublic |
| image families documentation. |
| |
| Args: |
| project: string, The image project that the image belongs to. For example, to get a CentOS |
| image, specify centos-cloud as the image project. (required) |
| family: string, Name of the image family to search for. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Represents an Image resource. |
| # |
| # You can use images to create boot disks for your VM instances. |
| # For more information, read Images. |
| "architecture": "A String", # The architecture of the image. Valid values are |
| # ARM64 or X86_64. |
| "archiveSizeBytes": "A String", # Size of the image tar.gz archive stored in Google Cloud |
| # Storage (in bytes). |
| "creationTimestamp": "A String", # [Output Only] Creation timestamp inRFC3339 |
| # text format. |
| "deprecated": { # Deprecation status for a public resource. # The deprecation status associated with this image. |
| "deleted": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to DELETED. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "deprecated": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to DEPRECATED. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "obsolete": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to OBSOLETE. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "replacement": "A String", # The URL of the suggested replacement for a deprecated resource. |
| # The suggested replacement resource must be the same kind of resource as the |
| # deprecated resource. |
| "state": "A String", # The deprecation state of this resource. This can be ACTIVE,DEPRECATED, OBSOLETE, or DELETED. |
| # Operations which communicate the end of life date for an image, can useACTIVE. Operations which create a new resource using aDEPRECATED resource will return successfully, but with a |
| # warning indicating the deprecated resource and recommending its |
| # replacement. Operations which use OBSOLETE orDELETED resources will be rejected and result in an error. |
| "stateOverride": { # A rollout policy configuration. # The rollout policy for this deprecation. This policy is only enforced by |
| # image family views. The rollout policy restricts the zones where the |
| # associated resource is considered in a deprecated state. When the rollout |
| # policy does not include the user specified zone, or if the zone is rolled |
| # out, the associated resource is considered in a deprecated state. |
| # |
| # The rollout policy for this deprecation is read-only, except for |
| # allowlisted users. This field might not be configured. To view the latest |
| # non-deprecated image in a specific zone, use theimageFamilyViews.get method. |
| "defaultRolloutTime": "A String", # An optional RFC3339 timestamp on or after which the update is |
| # considered rolled out to any zone that is not explicitly stated. |
| "locationRolloutPolicies": { # Location based rollout policies to apply to the resource. |
| # |
| # Currently only zone names are supported and must be represented |
| # as valid URLs, like: zones/us-central1-a. |
| # |
| # The value expects an RFC3339 timestamp on or after which the update is |
| # considered rolled out to the specified location. |
| "a_key": "A String", |
| }, |
| }, |
| }, |
| "description": "A String", # An optional description of this resource. Provide this property when you |
| # create the resource. |
| "diskSizeGb": "A String", # Size of the image when restored onto a persistent disk (in GB). |
| "enableConfidentialCompute": True or False, # Whether this image is created from a confidential compute mode disk. |
| # [Output Only]: This field is not set by user, but from source disk. |
| "family": "A String", # The name of the image family to which this image belongs. The image |
| # family name can be from a publicly managed image family provided by |
| # Compute Engine, or from a custom image family you create. For example,centos-stream-9 is a publicly available image family. |
| # For more information, see Image |
| # family best practices. |
| # |
| # When creating disks, you can specify an image family instead of a specific |
| # image name. The image family always returns its latest image that is not |
| # deprecated. The name of the image family must comply with RFC1035. |
| "guestOsFeatures": [ # A list of features to enable on the guest operating system. Applicable |
| # only for bootable images. To see a list of available options, see theguestOSfeatures[].type parameter. |
| { # Guest OS features. |
| "type": "A String", # The ID of a supported feature. To add multiple values, use commas to |
| # separate values. Set to one or more of the following values: |
| # |
| # - VIRTIO_SCSI_MULTIQUEUE |
| # - WINDOWS |
| # - MULTI_IP_SUBNET |
| # - UEFI_COMPATIBLE |
| # - GVNIC |
| # - SEV_CAPABLE |
| # - SUSPEND_RESUME_COMPATIBLE |
| # - SEV_LIVE_MIGRATABLE_V2 |
| # - SEV_SNP_CAPABLE |
| # - TDX_CAPABLE |
| # - IDPF |
| # - SNP_SVSM_CAPABLE |
| # |
| # |
| # For more information, see |
| # Enabling guest operating system features. |
| }, |
| ], |
| "id": "A String", # [Output Only] The unique identifier for the resource. This identifier is |
| # defined by the server. |
| "imageEncryptionKey": { # Encrypts the image using acustomer-supplied |
| # encryption key. |
| # |
| # After you encrypt an image with a customer-supplied key, you must provide |
| # the same key if you use the image later (e.g. to create a disk from |
| # the image). |
| # |
| # Customer-supplied encryption keys do not protect access to metadata |
| # of the disk. |
| # |
| # If you do not provide an encryption key when creating the image, then the |
| # disk will be encrypted using an automatically generated key and you do not |
| # need to provide a key to use the image later. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "kind": "compute#image", # [Output Only] Type of the resource. Always compute#image for |
| # images. |
| "labelFingerprint": "A String", # A fingerprint for the labels being applied to this image, which is |
| # essentially a hash of the labels used for optimistic locking. The |
| # fingerprint is initially generated by Compute Engine and changes after |
| # every request to modify or update labels. You must always provide an |
| # up-to-date fingerprint hash in order to update or change labels, |
| # otherwise the request will fail with error412 conditionNotMet. |
| # |
| # To see the latest fingerprint, make a get() request to |
| # retrieve an image. |
| "labels": { # Labels to apply to this image. These can be later modified by |
| # the setLabels method. |
| "a_key": "A String", |
| }, |
| "licenseCodes": [ # Integer license codes indicating which licenses are attached to this image. |
| "A String", |
| ], |
| "licenses": [ # Any applicable license URI. |
| "A String", |
| ], |
| "locked": True or False, # A flag for marketplace VM disk created from the image, which is designed |
| # for marketplace VM disk to prevent the proprietary data on the disk from |
| # being accessed unwantedly. The flag will be inherited by the disk created |
| # from the image. |
| # |
| # The disk with locked flag set to true will be prohibited from performing |
| # the operations below: |
| # |
| # - R/W or R/O disk attach |
| # - Disk detach, if disk is created via create-on-create |
| # - Create images |
| # - Create snapshots |
| # - Create disk clone (create disk from the current disk) |
| # |
| # |
| # |
| # The image with the locked field set to true will be prohibited from |
| # performing the operations below: |
| # |
| # - Create images from the current image |
| # - Update the locked field for the current image |
| # |
| # |
| # |
| # The instance with at least one disk with locked flag set to true will be |
| # prohibited from performing the operations below: |
| # |
| # - Secondary disk attach |
| # - Create instant snapshot |
| # - Create machine images |
| # - Create instance template |
| # - Delete the instance with --keep-disk parameter set to true |
| "name": "A String", # Name of the resource; provided by the client when the resource is created. |
| # The name must be 1-63 characters long, and comply withRFC1035. |
| # Specifically, the name must be 1-63 characters long and match the regular |
| # expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first |
| # character must be a lowercase letter, and all following characters must be |
| # a dash, lowercase letter, or digit, except the last character, which cannot |
| # be a dash. |
| "params": { # Additional image params. # Input only. [Input Only] Additional params passed with the request, but not persisted |
| # as part of resource payload. |
| "resourceManagerTags": { # Resource manager tags to be bound to the image. Tag keys and values have |
| # the same definition as resource |
| # manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and |
| # values are in the format `tagValues/456`. The field is ignored (both PUT & |
| # PATCH) when empty. |
| "a_key": "A String", |
| }, |
| }, |
| "rawDisk": { # The parameters of the raw disk image. |
| "containerType": "A String", # The format used to encode and transmit the block device, which should beTAR. This is just a container and transmission format and not |
| # a runtime format. Provided by the client when the disk image is created. |
| "sha1Checksum": "A String", # [Deprecated] This field is deprecated. |
| # An optional SHA1 checksum of the disk image before unpackaging provided |
| # by the client when the disk image is created. |
| "source": "A String", # The full Google Cloud Storage URL where the raw disk image archive is |
| # stored. |
| # The following are valid formats for the URL: |
| # |
| # - https://storage.googleapis.com/bucket_name/image_archive_name |
| # - https://storage.googleapis.com/bucket_name/folder_name/image_archive_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| }, |
| "rolloutOverride": { # A rollout policy configuration. # A rollout policy to apply to this image. When specified, the rollout policy |
| # overrides per-zone references to the image via the associated image family. |
| # The rollout policy restricts the zones where this image is accessible when |
| # using a zonal image family reference. When the rollout policy does not |
| # include the user specified zone, or if the zone is rolled out, this image |
| # is accessible. |
| # |
| # The rollout policy for this image is read-only, except for allowlisted |
| # users. This field might not be configured. To view the latest |
| # non-deprecated image in a specific zone, use theimageFamilyViews.get method. |
| "defaultRolloutTime": "A String", # An optional RFC3339 timestamp on or after which the update is |
| # considered rolled out to any zone that is not explicitly stated. |
| "locationRolloutPolicies": { # Location based rollout policies to apply to the resource. |
| # |
| # Currently only zone names are supported and must be represented |
| # as valid URLs, like: zones/us-central1-a. |
| # |
| # The value expects an RFC3339 timestamp on or after which the update is |
| # considered rolled out to the specified location. |
| "a_key": "A String", |
| }, |
| }, |
| "satisfiesPzi": True or False, # Output only. Reserved for future use. |
| "satisfiesPzs": True or False, # [Output Only] Reserved for future use. |
| "selfLink": "A String", # [Output Only] Server-defined URL for the resource. |
| "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource's resource id. |
| "shieldedInstanceInitialState": { # Initial State for shielded instance, # Set the secure boot keys of shielded instance. |
| # these are public keys which are safe to store in public |
| "dbs": [ # The Key Database (db). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "dbxs": [ # The forbidden key database (dbx). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "keks": [ # The Key Exchange Key (KEK). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "pk": { # The Platform Key (PK). |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| }, |
| "sourceDisk": "A String", # URL of the source disk used to create this image. |
| # For example, the following are valid values: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project/zones/zone/disks/disk |
| # - projects/project/zones/zone/disks/disk |
| # - zones/zone/disks/disk |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceDiskEncryptionKey": { # Thecustomer-supplied |
| # encryption key of the source disk. Required if the source disk is |
| # protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceDiskId": "A String", # [Output Only] |
| # The ID value of the disk used to create this image. This value may be used |
| # to determine whether the image was taken from the current or a previous |
| # instance of a given disk name. |
| "sourceImage": "A String", # URL of the source image used to create this image. |
| # The following are valid formats for the URL: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project_id/global/ |
| # images/image_name |
| # - projects/project_id/global/images/image_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceImageEncryptionKey": { # The customer-supplied encryption key of the source image. Required if the |
| # source image is protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceImageId": "A String", # [Output Only] |
| # The ID value of the image used to create this image. This value may be used |
| # to determine whether the image was taken from the current or a previous |
| # instance of a given image name. |
| "sourceSnapshot": "A String", # URL of the source snapshot used to create this image. |
| # The following are valid formats for the URL: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project_id/global/ |
| # snapshots/snapshot_name |
| # - projects/project_id/global/snapshots/snapshot_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceSnapshotEncryptionKey": { # The customer-supplied encryption key of the source snapshot. Required if |
| # the source snapshot is protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceSnapshotId": "A String", # [Output Only] |
| # The ID value of the snapshot used to create this image. This value may be |
| # used to determine whether the snapshot was taken from the current or a |
| # previous instance of a given snapshot name. |
| "sourceType": "RAW", # The type of the image used to create this disk. The |
| # default and only valid value is RAW. |
| "status": "A String", # [Output Only] The status of the image. An image can be used to create other |
| # resources, such as instances, only after the image has been successfully |
| # created and the status is set to READY. Possible |
| # values are FAILED, PENDING, orREADY. |
| "storageLocations": [ # Cloud Storage bucket storage location of the image (regional or |
| # multi-regional). |
| "A String", |
| ], |
| "userLicenses": [ # A list of publicly visible user-licenses. Unlike regular licenses, user |
| # provided licenses can be modified after the disk is created. This includes |
| # a list of URLs to the license resource. For example, to provide a debian |
| # license: |
| # |
| # https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-9-stretch |
| "A String", |
| ], |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="getIamPolicy">getIamPolicy(project, resource, optionsRequestedPolicyVersion=None, x__xgafv=None)</code> |
| <pre>Gets the access control policy for a resource. May be empty if no such |
| policy or resource exists. |
| |
| Args: |
| project: string, Project ID for this request. (required) |
| resource: string, Name or id of the resource for this request. (required) |
| optionsRequestedPolicyVersion: integer, Requested IAM Policy version. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # An Identity and Access Management (IAM) policy, which specifies access |
| # controls for Google Cloud resources. |
| # |
| # |
| # A `Policy` is a collection of `bindings`. A `binding` binds one or more |
| # `members`, or principals, to a single `role`. Principals can be user |
| # accounts, service accounts, Google groups, and domains (such as G Suite). A |
| # `role` is a named list of permissions; each `role` can be an IAM predefined |
| # role or a user-created custom role. |
| # |
| # For some types of Google Cloud resources, a `binding` can also specify a |
| # `condition`, which is a logical expression that allows access to a resource |
| # only if the expression evaluates to `true`. A condition can add constraints |
| # based on attributes of the request, the resource, or both. To learn which |
| # resources support conditions in their IAM policies, see the |
| # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| # |
| # **JSON example:** |
| # |
| # ``` |
| # { |
| # "bindings": [ |
| # { |
| # "role": "roles/resourcemanager.organizationAdmin", |
| # "members": [ |
| # "user:[email protected]", |
| # "group:[email protected]", |
| # "domain:google.com", |
| # "serviceAccount:[email protected]" |
| # ] |
| # }, |
| # { |
| # "role": "roles/resourcemanager.organizationViewer", |
| # "members": [ |
| # "user:[email protected]" |
| # ], |
| # "condition": { |
| # "title": "expirable access", |
| # "description": "Does not grant access after Sep 2020", |
| # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", |
| # } |
| # } |
| # ], |
| # "etag": "BwWWja0YfJA=", |
| # "version": 3 |
| # } |
| # ``` |
| # |
| # **YAML example:** |
| # |
| # ``` |
| # bindings: |
| # - members: |
| # - user:[email protected] |
| # - group:[email protected] |
| # - domain:google.com |
| # - serviceAccount:[email protected] |
| # role: roles/resourcemanager.organizationAdmin |
| # - members: |
| # - user:[email protected] |
| # role: roles/resourcemanager.organizationViewer |
| # condition: |
| # title: expirable access |
| # description: Does not grant access after Sep 2020 |
| # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') |
| # etag: BwWWja0YfJA= |
| # version: 3 |
| # ``` |
| # |
| # For a description of IAM and its features, see the |
| # [IAM documentation](https://cloud.google.com/iam/docs/). |
| "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. |
| { # Specifies the audit configuration for a service. |
| # The configuration determines which permission types are logged, and what |
| # identities, if any, are exempted from logging. |
| # An AuditConfig must have one or more AuditLogConfigs. |
| # |
| # If there are AuditConfigs for both `allServices` and a specific service, |
| # the union of the two AuditConfigs is used for that service: the log_types |
| # specified in each AuditConfig are enabled, and the exempted_members in each |
| # AuditLogConfig are exempted. |
| # |
| # Example Policy with multiple AuditConfigs: |
| # |
| # { |
| # "audit_configs": [ |
| # { |
| # "service": "allServices", |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ", |
| # "exempted_members": [ |
| # "user:[email protected]" |
| # ] |
| # }, |
| # { |
| # "log_type": "DATA_WRITE" |
| # }, |
| # { |
| # "log_type": "ADMIN_READ" |
| # } |
| # ] |
| # }, |
| # { |
| # "service": "sampleservice.googleapis.com", |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ" |
| # }, |
| # { |
| # "log_type": "DATA_WRITE", |
| # "exempted_members": [ |
| # "user:[email protected]" |
| # ] |
| # } |
| # ] |
| # } |
| # ] |
| # } |
| # |
| # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ |
| # logging. It also exempts `[email protected]` from DATA_READ logging, and |
| # `[email protected]` from DATA_WRITE logging. |
| "auditLogConfigs": [ # The configuration for logging of each type of permission. |
| { # Provides the configuration for logging a type of permissions. |
| # Example: |
| # |
| # { |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ", |
| # "exempted_members": [ |
| # "user:[email protected]" |
| # ] |
| # }, |
| # { |
| # "log_type": "DATA_WRITE" |
| # } |
| # ] |
| # } |
| # |
| # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting |
| # [email protected] from DATA_READ logging. |
| "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of |
| # permission. |
| # Follows the same format of Binding.members. |
| "A String", |
| ], |
| "logType": "A String", # The log type that this config enables. |
| }, |
| ], |
| "service": "A String", # Specifies a service that will be enabled for audit logging. |
| # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. |
| # `allServices` is a special value that covers all services. |
| }, |
| ], |
| "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, |
| # may specify a `condition` that determines how and when the `bindings` are |
| # applied. Each of the `bindings` must contain at least one principal. |
| # |
| # The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 |
| # of these principals can be Google groups. Each occurrence of a principal |
| # counts towards these limits. For example, if the `bindings` grant 50 |
| # different roles to `user:[email protected]`, and not to any other |
| # principal, then you can add another 1,450 principals to the `bindings` in |
| # the `Policy`. |
| { # Associates `members`, or principals, with a `role`. |
| "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding. |
| # |
| # If the condition evaluates to `true`, then this binding applies to the |
| # current request. |
| # |
| # If the condition evaluates to `false`, then this binding does not apply to |
| # the current request. However, a different role binding might grant the same |
| # role to one or more of the principals in this binding. |
| # |
| # To learn which resources support conditions in their IAM policies, see the |
| # [IAM |
| # documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| # are documented at https://github.com/google/cel-spec. |
| # |
| # Example (Comparison): |
| # |
| # title: "Summary size limit" |
| # description: "Determines if a summary is less than 100 chars" |
| # expression: "document.summary.size() < 100" |
| # |
| # Example (Equality): |
| # |
| # title: "Requestor is owner" |
| # description: "Determines if requestor is the document owner" |
| # expression: "document.owner == request.auth.claims.email" |
| # |
| # Example (Logic): |
| # |
| # title: "Public documents" |
| # description: "Determine whether the document should be publicly visible" |
| # expression: "document.type != 'private' && document.type != 'internal'" |
| # |
| # Example (Data Manipulation): |
| # |
| # title: "Notification string" |
| # description: "Create a notification string with a timestamp." |
| # expression: "'New message received at ' + string(document.create_time)" |
| # |
| # The exact variables and functions that may be referenced within an expression |
| # are determined by the service that evaluates it. See the service |
| # documentation for additional information. |
| "description": "A String", # Optional. Description of the expression. This is a longer text which |
| # describes the expression, e.g. when hovered over it in a UI. |
| "expression": "A String", # Textual representation of an expression in Common Expression Language |
| # syntax. |
| "location": "A String", # Optional. String indicating the location of the expression for error |
| # reporting, e.g. a file name and a position in the file. |
| "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| # its purpose. This can be used e.g. in UIs which allow to enter the |
| # expression. |
| }, |
| "members": [ # Specifies the principals requesting access for a Google Cloud resource. |
| # `members` can have the following values: |
| # |
| # * `allUsers`: A special identifier that represents anyone who is |
| # on the internet; with or without a Google account. |
| # |
| # * `allAuthenticatedUsers`: A special identifier that represents anyone |
| # who is authenticated with a Google account or a service account. |
| # Does not include identities that come from external identity providers |
| # (IdPs) through identity federation. |
| # |
| # * `user:{emailid}`: An email address that represents a specific Google |
| # account. For example, `[email protected]` . |
| # |
| # |
| # * `serviceAccount:{emailid}`: An email address that represents a Google |
| # service account. For example, |
| # `[email protected]`. |
| # |
| # * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An |
| # identifier for a |
| # [Kubernetes service |
| # account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). |
| # For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. |
| # |
| # * `group:{emailid}`: An email address that represents a Google group. |
| # For example, `[email protected]`. |
| # |
| # |
| # * `domain:{domain}`: The G Suite domain (primary) that represents all the |
| # users of that domain. For example, `google.com` or `example.com`. |
| # |
| # |
| # |
| # |
| # * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: |
| # A single identity in a workforce identity pool. |
| # |
| # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: |
| # All workforce identities in a group. |
| # |
| # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: |
| # All workforce identities with a specific attribute value. |
| # |
| # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: |
| # All identities in a workforce identity pool. |
| # |
| # * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: |
| # A single identity in a workload identity pool. |
| # |
| # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: |
| # A workload identity pool group. |
| # |
| # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: |
| # All identities in a workload identity pool with a certain attribute. |
| # |
| # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: |
| # All identities in a workload identity pool. |
| # |
| # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a user that has been recently deleted. For |
| # example, `[email protected]?uid=123456789012345678901`. If the user is |
| # recovered, this value reverts to `user:{emailid}` and the recovered user |
| # retains the role in the binding. |
| # |
| # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus |
| # unique identifier) representing a service account that has been recently |
| # deleted. For example, |
| # `[email protected]?uid=123456789012345678901`. |
| # If the service account is undeleted, this value reverts to |
| # `serviceAccount:{emailid}` and the undeleted service account retains the |
| # role in the binding. |
| # |
| # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a Google group that has been recently |
| # deleted. For example, `[email protected]?uid=123456789012345678901`. If |
| # the group is recovered, this value reverts to `group:{emailid}` and the |
| # recovered group retains the role in the binding. |
| # |
| # * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: |
| # Deleted single identity in a workforce identity pool. For example, |
| # `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. |
| "A String", |
| ], |
| "role": "A String", # Role that is assigned to the list of `members`, or principals. |
| # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. |
| # |
| # For an overview of the IAM roles and permissions, see the |
| # [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For |
| # a list of the available pre-defined roles, see |
| # [here](https://cloud.google.com/iam/docs/understanding-roles). |
| }, |
| ], |
| "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help |
| # prevent simultaneous updates of a policy from overwriting each other. |
| # It is strongly suggested that systems make use of the `etag` in the |
| # read-modify-write cycle to perform policy updates in order to avoid race |
| # conditions: An `etag` is returned in the response to `getIamPolicy`, and |
| # systems are expected to put that etag in the request to `setIamPolicy` to |
| # ensure that their change will be applied to the same version of the policy. |
| # |
| # **Important:** If you use IAM Conditions, you must include the `etag` field |
| # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| # you to overwrite a version `3` policy with a version `1` policy, and all of |
| # the conditions in the version `3` policy are lost. |
| "version": 42, # Specifies the format of the policy. |
| # |
| # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value |
| # are rejected. |
| # |
| # Any operation that affects conditional role bindings must specify version |
| # `3`. This requirement applies to the following operations: |
| # |
| # * Getting a policy that includes a conditional role binding |
| # * Adding a conditional role binding to a policy |
| # * Changing a conditional role binding in a policy |
| # * Removing any role binding, with or without a condition, from a policy |
| # that includes conditions |
| # |
| # **Important:** If you use IAM Conditions, you must include the `etag` field |
| # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| # you to overwrite a version `3` policy with a version `1` policy, and all of |
| # the conditions in the version `3` policy are lost. |
| # |
| # If a policy does not include any conditions, operations on that policy may |
| # specify any valid version or leave the field unset. |
| # |
| # To learn which resources support conditions in their IAM policies, see the |
| # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="insert">insert(project, body=None, forceCreate=None, requestId=None, x__xgafv=None)</code> |
| <pre>Creates an image in the specified project using the data included |
| in the request. |
| |
| Args: |
| project: string, Project ID for this request. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Represents an Image resource. |
| # |
| # You can use images to create boot disks for your VM instances. |
| # For more information, read Images. |
| "architecture": "A String", # The architecture of the image. Valid values are |
| # ARM64 or X86_64. |
| "archiveSizeBytes": "A String", # Size of the image tar.gz archive stored in Google Cloud |
| # Storage (in bytes). |
| "creationTimestamp": "A String", # [Output Only] Creation timestamp inRFC3339 |
| # text format. |
| "deprecated": { # Deprecation status for a public resource. # The deprecation status associated with this image. |
| "deleted": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to DELETED. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "deprecated": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to DEPRECATED. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "obsolete": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to OBSOLETE. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "replacement": "A String", # The URL of the suggested replacement for a deprecated resource. |
| # The suggested replacement resource must be the same kind of resource as the |
| # deprecated resource. |
| "state": "A String", # The deprecation state of this resource. This can be ACTIVE,DEPRECATED, OBSOLETE, or DELETED. |
| # Operations which communicate the end of life date for an image, can useACTIVE. Operations which create a new resource using aDEPRECATED resource will return successfully, but with a |
| # warning indicating the deprecated resource and recommending its |
| # replacement. Operations which use OBSOLETE orDELETED resources will be rejected and result in an error. |
| "stateOverride": { # A rollout policy configuration. # The rollout policy for this deprecation. This policy is only enforced by |
| # image family views. The rollout policy restricts the zones where the |
| # associated resource is considered in a deprecated state. When the rollout |
| # policy does not include the user specified zone, or if the zone is rolled |
| # out, the associated resource is considered in a deprecated state. |
| # |
| # The rollout policy for this deprecation is read-only, except for |
| # allowlisted users. This field might not be configured. To view the latest |
| # non-deprecated image in a specific zone, use theimageFamilyViews.get method. |
| "defaultRolloutTime": "A String", # An optional RFC3339 timestamp on or after which the update is |
| # considered rolled out to any zone that is not explicitly stated. |
| "locationRolloutPolicies": { # Location based rollout policies to apply to the resource. |
| # |
| # Currently only zone names are supported and must be represented |
| # as valid URLs, like: zones/us-central1-a. |
| # |
| # The value expects an RFC3339 timestamp on or after which the update is |
| # considered rolled out to the specified location. |
| "a_key": "A String", |
| }, |
| }, |
| }, |
| "description": "A String", # An optional description of this resource. Provide this property when you |
| # create the resource. |
| "diskSizeGb": "A String", # Size of the image when restored onto a persistent disk (in GB). |
| "enableConfidentialCompute": True or False, # Whether this image is created from a confidential compute mode disk. |
| # [Output Only]: This field is not set by user, but from source disk. |
| "family": "A String", # The name of the image family to which this image belongs. The image |
| # family name can be from a publicly managed image family provided by |
| # Compute Engine, or from a custom image family you create. For example,centos-stream-9 is a publicly available image family. |
| # For more information, see Image |
| # family best practices. |
| # |
| # When creating disks, you can specify an image family instead of a specific |
| # image name. The image family always returns its latest image that is not |
| # deprecated. The name of the image family must comply with RFC1035. |
| "guestOsFeatures": [ # A list of features to enable on the guest operating system. Applicable |
| # only for bootable images. To see a list of available options, see theguestOSfeatures[].type parameter. |
| { # Guest OS features. |
| "type": "A String", # The ID of a supported feature. To add multiple values, use commas to |
| # separate values. Set to one or more of the following values: |
| # |
| # - VIRTIO_SCSI_MULTIQUEUE |
| # - WINDOWS |
| # - MULTI_IP_SUBNET |
| # - UEFI_COMPATIBLE |
| # - GVNIC |
| # - SEV_CAPABLE |
| # - SUSPEND_RESUME_COMPATIBLE |
| # - SEV_LIVE_MIGRATABLE_V2 |
| # - SEV_SNP_CAPABLE |
| # - TDX_CAPABLE |
| # - IDPF |
| # - SNP_SVSM_CAPABLE |
| # |
| # |
| # For more information, see |
| # Enabling guest operating system features. |
| }, |
| ], |
| "id": "A String", # [Output Only] The unique identifier for the resource. This identifier is |
| # defined by the server. |
| "imageEncryptionKey": { # Encrypts the image using acustomer-supplied |
| # encryption key. |
| # |
| # After you encrypt an image with a customer-supplied key, you must provide |
| # the same key if you use the image later (e.g. to create a disk from |
| # the image). |
| # |
| # Customer-supplied encryption keys do not protect access to metadata |
| # of the disk. |
| # |
| # If you do not provide an encryption key when creating the image, then the |
| # disk will be encrypted using an automatically generated key and you do not |
| # need to provide a key to use the image later. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "kind": "compute#image", # [Output Only] Type of the resource. Always compute#image for |
| # images. |
| "labelFingerprint": "A String", # A fingerprint for the labels being applied to this image, which is |
| # essentially a hash of the labels used for optimistic locking. The |
| # fingerprint is initially generated by Compute Engine and changes after |
| # every request to modify or update labels. You must always provide an |
| # up-to-date fingerprint hash in order to update or change labels, |
| # otherwise the request will fail with error412 conditionNotMet. |
| # |
| # To see the latest fingerprint, make a get() request to |
| # retrieve an image. |
| "labels": { # Labels to apply to this image. These can be later modified by |
| # the setLabels method. |
| "a_key": "A String", |
| }, |
| "licenseCodes": [ # Integer license codes indicating which licenses are attached to this image. |
| "A String", |
| ], |
| "licenses": [ # Any applicable license URI. |
| "A String", |
| ], |
| "locked": True or False, # A flag for marketplace VM disk created from the image, which is designed |
| # for marketplace VM disk to prevent the proprietary data on the disk from |
| # being accessed unwantedly. The flag will be inherited by the disk created |
| # from the image. |
| # |
| # The disk with locked flag set to true will be prohibited from performing |
| # the operations below: |
| # |
| # - R/W or R/O disk attach |
| # - Disk detach, if disk is created via create-on-create |
| # - Create images |
| # - Create snapshots |
| # - Create disk clone (create disk from the current disk) |
| # |
| # |
| # |
| # The image with the locked field set to true will be prohibited from |
| # performing the operations below: |
| # |
| # - Create images from the current image |
| # - Update the locked field for the current image |
| # |
| # |
| # |
| # The instance with at least one disk with locked flag set to true will be |
| # prohibited from performing the operations below: |
| # |
| # - Secondary disk attach |
| # - Create instant snapshot |
| # - Create machine images |
| # - Create instance template |
| # - Delete the instance with --keep-disk parameter set to true |
| "name": "A String", # Name of the resource; provided by the client when the resource is created. |
| # The name must be 1-63 characters long, and comply withRFC1035. |
| # Specifically, the name must be 1-63 characters long and match the regular |
| # expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first |
| # character must be a lowercase letter, and all following characters must be |
| # a dash, lowercase letter, or digit, except the last character, which cannot |
| # be a dash. |
| "params": { # Additional image params. # Input only. [Input Only] Additional params passed with the request, but not persisted |
| # as part of resource payload. |
| "resourceManagerTags": { # Resource manager tags to be bound to the image. Tag keys and values have |
| # the same definition as resource |
| # manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and |
| # values are in the format `tagValues/456`. The field is ignored (both PUT & |
| # PATCH) when empty. |
| "a_key": "A String", |
| }, |
| }, |
| "rawDisk": { # The parameters of the raw disk image. |
| "containerType": "A String", # The format used to encode and transmit the block device, which should beTAR. This is just a container and transmission format and not |
| # a runtime format. Provided by the client when the disk image is created. |
| "sha1Checksum": "A String", # [Deprecated] This field is deprecated. |
| # An optional SHA1 checksum of the disk image before unpackaging provided |
| # by the client when the disk image is created. |
| "source": "A String", # The full Google Cloud Storage URL where the raw disk image archive is |
| # stored. |
| # The following are valid formats for the URL: |
| # |
| # - https://storage.googleapis.com/bucket_name/image_archive_name |
| # - https://storage.googleapis.com/bucket_name/folder_name/image_archive_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| }, |
| "rolloutOverride": { # A rollout policy configuration. # A rollout policy to apply to this image. When specified, the rollout policy |
| # overrides per-zone references to the image via the associated image family. |
| # The rollout policy restricts the zones where this image is accessible when |
| # using a zonal image family reference. When the rollout policy does not |
| # include the user specified zone, or if the zone is rolled out, this image |
| # is accessible. |
| # |
| # The rollout policy for this image is read-only, except for allowlisted |
| # users. This field might not be configured. To view the latest |
| # non-deprecated image in a specific zone, use theimageFamilyViews.get method. |
| "defaultRolloutTime": "A String", # An optional RFC3339 timestamp on or after which the update is |
| # considered rolled out to any zone that is not explicitly stated. |
| "locationRolloutPolicies": { # Location based rollout policies to apply to the resource. |
| # |
| # Currently only zone names are supported and must be represented |
| # as valid URLs, like: zones/us-central1-a. |
| # |
| # The value expects an RFC3339 timestamp on or after which the update is |
| # considered rolled out to the specified location. |
| "a_key": "A String", |
| }, |
| }, |
| "satisfiesPzi": True or False, # Output only. Reserved for future use. |
| "satisfiesPzs": True or False, # [Output Only] Reserved for future use. |
| "selfLink": "A String", # [Output Only] Server-defined URL for the resource. |
| "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource's resource id. |
| "shieldedInstanceInitialState": { # Initial State for shielded instance, # Set the secure boot keys of shielded instance. |
| # these are public keys which are safe to store in public |
| "dbs": [ # The Key Database (db). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "dbxs": [ # The forbidden key database (dbx). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "keks": [ # The Key Exchange Key (KEK). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "pk": { # The Platform Key (PK). |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| }, |
| "sourceDisk": "A String", # URL of the source disk used to create this image. |
| # For example, the following are valid values: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project/zones/zone/disks/disk |
| # - projects/project/zones/zone/disks/disk |
| # - zones/zone/disks/disk |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceDiskEncryptionKey": { # Thecustomer-supplied |
| # encryption key of the source disk. Required if the source disk is |
| # protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceDiskId": "A String", # [Output Only] |
| # The ID value of the disk used to create this image. This value may be used |
| # to determine whether the image was taken from the current or a previous |
| # instance of a given disk name. |
| "sourceImage": "A String", # URL of the source image used to create this image. |
| # The following are valid formats for the URL: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project_id/global/ |
| # images/image_name |
| # - projects/project_id/global/images/image_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceImageEncryptionKey": { # The customer-supplied encryption key of the source image. Required if the |
| # source image is protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceImageId": "A String", # [Output Only] |
| # The ID value of the image used to create this image. This value may be used |
| # to determine whether the image was taken from the current or a previous |
| # instance of a given image name. |
| "sourceSnapshot": "A String", # URL of the source snapshot used to create this image. |
| # The following are valid formats for the URL: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project_id/global/ |
| # snapshots/snapshot_name |
| # - projects/project_id/global/snapshots/snapshot_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceSnapshotEncryptionKey": { # The customer-supplied encryption key of the source snapshot. Required if |
| # the source snapshot is protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceSnapshotId": "A String", # [Output Only] |
| # The ID value of the snapshot used to create this image. This value may be |
| # used to determine whether the snapshot was taken from the current or a |
| # previous instance of a given snapshot name. |
| "sourceType": "RAW", # The type of the image used to create this disk. The |
| # default and only valid value is RAW. |
| "status": "A String", # [Output Only] The status of the image. An image can be used to create other |
| # resources, such as instances, only after the image has been successfully |
| # created and the status is set to READY. Possible |
| # values are FAILED, PENDING, orREADY. |
| "storageLocations": [ # Cloud Storage bucket storage location of the image (regional or |
| # multi-regional). |
| "A String", |
| ], |
| "userLicenses": [ # A list of publicly visible user-licenses. Unlike regular licenses, user |
| # provided licenses can be modified after the disk is created. This includes |
| # a list of URLs to the license resource. For example, to provide a debian |
| # license: |
| # |
| # https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-9-stretch |
| "A String", |
| ], |
| } |
| |
| forceCreate: boolean, Force image creation if true. |
| requestId: string, An optional request ID to identify requests. Specify a unique request ID so |
| that if you must retry your request, the server will know to ignore the |
| request if it has already been completed. |
| |
| For example, consider a situation where you make an initial request and |
| the request times out. If you make the request again with the same |
| request ID, the server can check if original operation with the same |
| request ID was received, and if so, will ignore the second request. This |
| prevents clients from accidentally creating duplicate commitments. |
| |
| The request ID must be |
| a valid UUID with the exception that zero UUID is not supported |
| (00000000-0000-0000-0000-000000000000). |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Represents an Operation resource. |
| # |
| # Google Compute Engine has three Operation resources: |
| # |
| # * [Global](/compute/docs/reference/rest/alpha/globalOperations) |
| # * [Regional](/compute/docs/reference/rest/alpha/regionOperations) |
| # * [Zonal](/compute/docs/reference/rest/alpha/zoneOperations) |
| # |
| # You can use an operation resource to manage asynchronous API requests. |
| # For more information, readHandling |
| # API responses. |
| # |
| # Operations can be global, regional or zonal. |
| # |
| # - For global operations, use the `globalOperations` |
| # resource. |
| # - For regional operations, use the |
| # `regionOperations` resource. |
| # - For zonal operations, use |
| # the `zoneOperations` resource. |
| # |
| # |
| # |
| # For more information, read |
| # Global, Regional, and Zonal Resources. |
| # |
| # Note that completed Operation resources have a limited |
| # retention period. |
| "clientOperationId": "A String", # [Output Only] The value of `requestId` if you provided it in the request. |
| # Not present otherwise. |
| "creationTimestamp": "A String", # [Deprecated] This field is deprecated. |
| "description": "A String", # [Output Only] A textual description of the operation, which is |
| # set when the operation is created. |
| "endTime": "A String", # [Output Only] The time that this operation was completed. This value is inRFC3339 |
| # text format. |
| "error": { # [Output Only] If errors are generated during processing of the operation, |
| # this field will be populated. |
| "errors": [ # [Output Only] The array of errors encountered while processing this |
| # operation. |
| { |
| "code": "A String", # [Output Only] The error type identifier for this error. |
| "errorDetails": [ # [Output Only] An optional list of messages that contain the error |
| # details. There is a set of defined message types to use for providing |
| # details.The syntax depends on the error code. For example, |
| # QuotaExceededInfo will have details when the error code is |
| # QUOTA_EXCEEDED. |
| { |
| "errorInfo": { # Describes the cause of the error with structured details. |
| # |
| # Example of an error when contacting the "pubsub.googleapis.com" API when it |
| # is not enabled: |
| # |
| # { "reason": "API_DISABLED" |
| # "domain": "googleapis.com" |
| # "metadata": { |
| # "resource": "projects/123", |
| # "service": "pubsub.googleapis.com" |
| # } |
| # } |
| # |
| # This response indicates that the pubsub.googleapis.com API is not enabled. |
| # |
| # Example of an error that is returned when attempting to create a Spanner |
| # instance in a region that is out of stock: |
| # |
| # { "reason": "STOCKOUT" |
| # "domain": "spanner.googleapis.com", |
| # "metadata": { |
| # "availableRegions": "us-central1,us-east2" |
| # } |
| # } |
| "domain": "A String", # The logical grouping to which the "reason" belongs. The error domain |
| # is typically the registered service name of the tool or product that |
| # generates the error. Example: "pubsub.googleapis.com". If the error is |
| # generated by some common infrastructure, the error domain must be a |
| # globally unique value that identifies the infrastructure. For Google API |
| # infrastructure, the error domain is "googleapis.com". |
| "metadatas": { # Additional structured details about this error. |
| # |
| # Keys must match a regular expression of `a-z+` but should |
| # ideally be lowerCamelCase. Also, they must be limited to 64 characters in |
| # length. When identifying the current value of an exceeded limit, the units |
| # should be contained in the key, not the value. For example, rather than |
| # `{"instanceLimit": "100/request"}`, should be returned as, |
| # `{"instanceLimitPerRequest": "100"}`, if the client exceeds the number of |
| # instances that can be created in a single (batch) request. |
| "a_key": "A String", |
| }, |
| "reason": "A String", # The reason of the error. This is a constant value that identifies the |
| # proximate cause of the error. Error reasons are unique within a particular |
| # domain of errors. This should be at most 63 characters and match a |
| # regular expression of `A-Z+[A-Z0-9]`, which represents |
| # UPPER_SNAKE_CASE. |
| }, |
| "help": { # Provides links to documentation or for performing an out of band action. |
| # |
| # For example, if a quota check failed with an error indicating the calling |
| # project hasn't enabled the accessed service, this can contain a URL pointing |
| # directly to the right place in the developer console to flip the bit. |
| "links": [ # URL(s) pointing to additional information on handling the current error. |
| { # Describes a URL link. |
| "description": "A String", # Describes what the link offers. |
| "url": "A String", # The URL of the link. |
| }, |
| ], |
| }, |
| "localizedMessage": { # Provides a localized error message that is safe to return to the user |
| # which can be attached to an RPC error. |
| "locale": "A String", # The locale used following the specification defined at |
| # https://www.rfc-editor.org/rfc/bcp/bcp47.txt. |
| # Examples are: "en-US", "fr-CH", "es-MX" |
| "message": "A String", # The localized error message in the above locale. |
| }, |
| "quotaInfo": { # Additional details for quota exceeded error for resource quota. |
| "dimensions": { # The map holding related quota dimensions. |
| "a_key": "A String", |
| }, |
| "futureLimit": 3.14, # Future quota limit being rolled out. The limit's unit depends on the quota |
| # type or metric. |
| "limit": 3.14, # Current effective quota limit. The limit's unit depends on the quota type |
| # or metric. |
| "limitName": "A String", # The name of the quota limit. |
| "metricName": "A String", # The Compute Engine quota metric name. |
| "rolloutStatus": "A String", # Rollout status of the future quota limit. |
| }, |
| }, |
| ], |
| "location": "A String", # [Output Only] Indicates the field in the request that caused the error. |
| # This property is optional. |
| "message": "A String", # [Output Only] An optional, human-readable error message. |
| }, |
| ], |
| }, |
| "httpErrorMessage": "A String", # [Output Only] If the operation fails, this field contains the HTTP error |
| # message that was returned, such as `NOT FOUND`. |
| "httpErrorStatusCode": 42, # [Output Only] If the operation fails, this field contains the HTTP error |
| # status code that was returned. For example, a `404` means the |
| # resource was not found. |
| "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is |
| # defined by the server. |
| "insertTime": "A String", # [Output Only] The time that this operation was requested. |
| # This value is inRFC3339 |
| # text format. |
| "instancesBulkInsertOperationMetadata": { |
| "perLocationStatus": { # Status information per location (location name is key). |
| # Example key: zones/us-central1-a |
| "a_key": { |
| "createdVmCount": 42, # [Output Only] Count of VMs successfully created so far. |
| "deletedVmCount": 42, # [Output Only] Count of VMs that got deleted during rollback. |
| "failedToCreateVmCount": 42, # [Output Only] Count of VMs that started creating but encountered an |
| # error. |
| "status": "A String", # [Output Only] Creation status of BulkInsert operation - information |
| # if the flow is rolling forward or rolling back. |
| "targetVmCount": 42, # [Output Only] Count of VMs originally planned to be created. |
| }, |
| }, |
| }, |
| "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for |
| # Operation resources. |
| "name": "A String", # [Output Only] Name of the operation. |
| "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a |
| # group of operations results from a `bulkInsert` API request. |
| "operationType": "A String", # [Output Only] The type of operation, such as `insert`, |
| # `update`, or `delete`, and so on. |
| "progress": 42, # [Output Only] An optional progress indicator that ranges from 0 to 100. |
| # There is no requirement that this be linear or support any granularity of |
| # operations. This should not be used to guess when the operation will be |
| # complete. This number should monotonically increase as the operation |
| # progresses. |
| "region": "A String", # [Output Only] The URL of the region where the operation resides. Only |
| # applicable when performing regional operations. |
| "selfLink": "A String", # [Output Only] Server-defined URL for the resource. |
| "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource with the resource id. |
| "setCommonInstanceMetadataOperationMetadata": { # [Output Only] If the operation is for projects.setCommonInstanceMetadata, |
| # this field will contain information on all underlying zonal actions and |
| # their state. |
| "clientOperationId": "A String", # [Output Only] The client operation id. |
| "perLocationOperations": { # [Output Only] Status information per location (location name is key). |
| # Example key: zones/us-central1-a |
| "a_key": { |
| "error": { # The `Status` type defines a logical error model that is suitable for # [Output Only] If state is `ABANDONED` or `FAILED`, this field is |
| # populated. |
| # different programming environments, including REST APIs and RPC APIs. It is |
| # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| # three pieces of data: error code, error message, and error details. |
| # |
| # You can find out more about this error model and how to work with it in the |
| # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| "details": [ # A list of messages that carry the error details. There is a common set of |
| # message types for APIs to use. |
| { |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| ], |
| "message": "A String", # A developer-facing error message, which should be in English. Any |
| # user-facing error message should be localized and sent in the |
| # google.rpc.Status.details field, or localized by the client. |
| }, |
| "state": "A String", # [Output Only] Status of the action, which can be one of the following: |
| # `PROPAGATING`, `PROPAGATED`, `ABANDONED`, `FAILED`, or `DONE`. |
| }, |
| }, |
| }, |
| "startTime": "A String", # [Output Only] The time that this operation was started by the server. |
| # This value is inRFC3339 |
| # text format. |
| "status": "A String", # [Output Only] The status of the operation, which can be one of the |
| # following: |
| # `PENDING`, `RUNNING`, or `DONE`. |
| "statusMessage": "A String", # [Output Only] An optional textual description of the current status of the |
| # operation. |
| "targetId": "A String", # [Output Only] The unique target ID, which identifies a specific incarnation |
| # of the target resource. |
| "targetLink": "A String", # [Output Only] The URL of the resource that the operation modifies. For |
| # operations related to creating a snapshot, this points to the disk |
| # that the snapshot was created from. |
| "user": "A String", # [Output Only] User who requested the operation, for example: |
| # `[email protected]` or |
| # `alice_smith_identifier (global/workforcePools/example-com-us-employees)`. |
| "warnings": [ # [Output Only] If warning messages are generated during processing of the |
| # operation, this field will be populated. |
| { |
| "code": "A String", # [Output Only] A warning code, if applicable. For example, Compute |
| # Engine returns NO_RESULTS_ON_PAGE if there |
| # are no results in the response. |
| "data": [ # [Output Only] Metadata about this warning in key: |
| # value format. For example: |
| # |
| # "data": [ |
| # { |
| # "key": "scope", |
| # "value": "zones/us-east1-d" |
| # } |
| { |
| "key": "A String", # [Output Only] A key that provides more detail on the warning being |
| # returned. For example, for warnings where there are no results in a list |
| # request for a particular zone, this key might be scope and |
| # the key value might be the zone name. Other examples might be a key |
| # indicating a deprecated resource and a suggested replacement, or a |
| # warning about invalid network settings (for example, if an instance |
| # attempts to perform IP forwarding but is not enabled for IP forwarding). |
| "value": "A String", # [Output Only] A warning data value corresponding to the key. |
| }, |
| ], |
| "message": "A String", # [Output Only] A human-readable description of the warning code. |
| }, |
| ], |
| "zone": "A String", # [Output Only] The URL of the zone where the operation resides. Only |
| # applicable when performing per-zone operations. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list">list(project, filter=None, maxResults=None, orderBy=None, pageToken=None, returnPartialSuccess=None, x__xgafv=None, zone=None)</code> |
| <pre>Retrieves the list of custom images |
| available to the specified project. Custom images are images you |
| create that belong to your project. This method does not |
| get any images that belong to other projects, including publicly-available |
| images, like Debian 8. If you want to get a list of publicly-available |
| images, use this method to make a request to the respective image project, |
| such as debian-cloud or windows-cloud. |
| |
| Args: |
| project: string, Project ID for this request. (required) |
| filter: string, A filter expression that filters resources listed in the response. Most |
| Compute resources support two types of filter expressions: |
| expressions that support regular expressions and expressions that follow |
| API improvement proposal AIP-160. |
| These two types of filter expressions cannot be mixed in one request. |
| |
| If you want to use AIP-160, your expression must specify the field name, an |
| operator, and the value that you want to use for filtering. The value |
| must be a string, a number, or a boolean. The operator |
| must be either `=`, `!=`, `>`, `<`, `<=`, `>=` or `:`. |
| |
| For example, if you are filtering Compute Engine instances, you can |
| exclude instances named `example-instance` by specifying |
| `name != example-instance`. |
| |
| The `:*` comparison can be used to test whether a key has been defined. |
| For example, to find all objects with `owner` label use: |
| ``` |
| labels.owner:* |
| ``` |
| |
| You can also filter nested fields. For example, you could specify |
| `scheduling.automaticRestart = false` to include instances only |
| if they are not scheduled for automatic restarts. You can use filtering |
| on nested fields to filter based onresource labels. |
| |
| To filter on multiple expressions, provide each separate expression within |
| parentheses. For example: |
| ``` |
| (scheduling.automaticRestart = true) |
| (cpuPlatform = "Intel Skylake") |
| ``` |
| By default, each expression is an `AND` expression. However, you |
| can include `AND` and `OR` expressions explicitly. |
| For example: |
| ``` |
| (cpuPlatform = "Intel Skylake") OR |
| (cpuPlatform = "Intel Broadwell") AND |
| (scheduling.automaticRestart = true) |
| ``` |
| |
| If you want to use a regular expression, use the `eq` (equal) or `ne` |
| (not equal) operator against a single un-parenthesized expression with or |
| without quotes or against multiple parenthesized expressions. Examples: |
| |
| `fieldname eq unquoted literal` |
| `fieldname eq 'single quoted literal'` |
| `fieldname eq "double quoted literal"` |
| `(fieldname1 eq literal) (fieldname2 ne "literal")` |
| |
| The literal value is interpreted as a regular expression using GoogleRE2 library syntax. |
| The literal value must match the entire field. |
| |
| For example, to filter for instances that do not end with name "instance", |
| you would use `name ne .*instance`. |
| |
| You cannot combine constraints on multiple fields using regular |
| expressions. |
| maxResults: integer, The maximum number of results per page that should be returned. |
| If the number of available results is larger than `maxResults`, |
| Compute Engine returns a `nextPageToken` that can be used to get |
| the next page of results in subsequent list requests. Acceptable values are |
| `0` to `500`, inclusive. (Default: `500`) |
| orderBy: string, Sorts list results by a certain order. By default, results |
| are returned in alphanumerical order based on the resource name. |
| |
| You can also sort results in descending order based on the creation |
| timestamp using `orderBy="creationTimestamp desc"`. This sorts |
| results based on the `creationTimestamp` field in |
| reverse chronological order (newest result first). Use this to sort |
| resources like operations so that the newest operation is returned first. |
| |
| Currently, only sorting by `name` or |
| `creationTimestamp desc` is supported. |
| pageToken: string, Specifies a page token to use. Set `pageToken` to the |
| `nextPageToken` returned by a previous list request to get |
| the next page of results. |
| returnPartialSuccess: boolean, Opt-in for partial success behavior which provides partial results in case |
| of failure. The default value is false. |
| |
| For example, when partial success behavior is enabled, aggregatedList for a |
| single zone scope either returns all resources in the zone or no resources, |
| with an error code. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| zone: string, The zone query parameter. |
| |
| Returns: |
| An object of the form: |
| |
| { # Contains a list of images. |
| "id": "A String", # [Output Only] Unique identifier for the resource; defined by the server. |
| "items": [ # A list of Image resources. |
| { # Represents an Image resource. |
| # |
| # You can use images to create boot disks for your VM instances. |
| # For more information, read Images. |
| "architecture": "A String", # The architecture of the image. Valid values are |
| # ARM64 or X86_64. |
| "archiveSizeBytes": "A String", # Size of the image tar.gz archive stored in Google Cloud |
| # Storage (in bytes). |
| "creationTimestamp": "A String", # [Output Only] Creation timestamp inRFC3339 |
| # text format. |
| "deprecated": { # Deprecation status for a public resource. # The deprecation status associated with this image. |
| "deleted": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to DELETED. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "deprecated": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to DEPRECATED. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "obsolete": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to OBSOLETE. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "replacement": "A String", # The URL of the suggested replacement for a deprecated resource. |
| # The suggested replacement resource must be the same kind of resource as the |
| # deprecated resource. |
| "state": "A String", # The deprecation state of this resource. This can be ACTIVE,DEPRECATED, OBSOLETE, or DELETED. |
| # Operations which communicate the end of life date for an image, can useACTIVE. Operations which create a new resource using aDEPRECATED resource will return successfully, but with a |
| # warning indicating the deprecated resource and recommending its |
| # replacement. Operations which use OBSOLETE orDELETED resources will be rejected and result in an error. |
| "stateOverride": { # A rollout policy configuration. # The rollout policy for this deprecation. This policy is only enforced by |
| # image family views. The rollout policy restricts the zones where the |
| # associated resource is considered in a deprecated state. When the rollout |
| # policy does not include the user specified zone, or if the zone is rolled |
| # out, the associated resource is considered in a deprecated state. |
| # |
| # The rollout policy for this deprecation is read-only, except for |
| # allowlisted users. This field might not be configured. To view the latest |
| # non-deprecated image in a specific zone, use theimageFamilyViews.get method. |
| "defaultRolloutTime": "A String", # An optional RFC3339 timestamp on or after which the update is |
| # considered rolled out to any zone that is not explicitly stated. |
| "locationRolloutPolicies": { # Location based rollout policies to apply to the resource. |
| # |
| # Currently only zone names are supported and must be represented |
| # as valid URLs, like: zones/us-central1-a. |
| # |
| # The value expects an RFC3339 timestamp on or after which the update is |
| # considered rolled out to the specified location. |
| "a_key": "A String", |
| }, |
| }, |
| }, |
| "description": "A String", # An optional description of this resource. Provide this property when you |
| # create the resource. |
| "diskSizeGb": "A String", # Size of the image when restored onto a persistent disk (in GB). |
| "enableConfidentialCompute": True or False, # Whether this image is created from a confidential compute mode disk. |
| # [Output Only]: This field is not set by user, but from source disk. |
| "family": "A String", # The name of the image family to which this image belongs. The image |
| # family name can be from a publicly managed image family provided by |
| # Compute Engine, or from a custom image family you create. For example,centos-stream-9 is a publicly available image family. |
| # For more information, see Image |
| # family best practices. |
| # |
| # When creating disks, you can specify an image family instead of a specific |
| # image name. The image family always returns its latest image that is not |
| # deprecated. The name of the image family must comply with RFC1035. |
| "guestOsFeatures": [ # A list of features to enable on the guest operating system. Applicable |
| # only for bootable images. To see a list of available options, see theguestOSfeatures[].type parameter. |
| { # Guest OS features. |
| "type": "A String", # The ID of a supported feature. To add multiple values, use commas to |
| # separate values. Set to one or more of the following values: |
| # |
| # - VIRTIO_SCSI_MULTIQUEUE |
| # - WINDOWS |
| # - MULTI_IP_SUBNET |
| # - UEFI_COMPATIBLE |
| # - GVNIC |
| # - SEV_CAPABLE |
| # - SUSPEND_RESUME_COMPATIBLE |
| # - SEV_LIVE_MIGRATABLE_V2 |
| # - SEV_SNP_CAPABLE |
| # - TDX_CAPABLE |
| # - IDPF |
| # - SNP_SVSM_CAPABLE |
| # |
| # |
| # For more information, see |
| # Enabling guest operating system features. |
| }, |
| ], |
| "id": "A String", # [Output Only] The unique identifier for the resource. This identifier is |
| # defined by the server. |
| "imageEncryptionKey": { # Encrypts the image using acustomer-supplied |
| # encryption key. |
| # |
| # After you encrypt an image with a customer-supplied key, you must provide |
| # the same key if you use the image later (e.g. to create a disk from |
| # the image). |
| # |
| # Customer-supplied encryption keys do not protect access to metadata |
| # of the disk. |
| # |
| # If you do not provide an encryption key when creating the image, then the |
| # disk will be encrypted using an automatically generated key and you do not |
| # need to provide a key to use the image later. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "kind": "compute#image", # [Output Only] Type of the resource. Always compute#image for |
| # images. |
| "labelFingerprint": "A String", # A fingerprint for the labels being applied to this image, which is |
| # essentially a hash of the labels used for optimistic locking. The |
| # fingerprint is initially generated by Compute Engine and changes after |
| # every request to modify or update labels. You must always provide an |
| # up-to-date fingerprint hash in order to update or change labels, |
| # otherwise the request will fail with error412 conditionNotMet. |
| # |
| # To see the latest fingerprint, make a get() request to |
| # retrieve an image. |
| "labels": { # Labels to apply to this image. These can be later modified by |
| # the setLabels method. |
| "a_key": "A String", |
| }, |
| "licenseCodes": [ # Integer license codes indicating which licenses are attached to this image. |
| "A String", |
| ], |
| "licenses": [ # Any applicable license URI. |
| "A String", |
| ], |
| "locked": True or False, # A flag for marketplace VM disk created from the image, which is designed |
| # for marketplace VM disk to prevent the proprietary data on the disk from |
| # being accessed unwantedly. The flag will be inherited by the disk created |
| # from the image. |
| # |
| # The disk with locked flag set to true will be prohibited from performing |
| # the operations below: |
| # |
| # - R/W or R/O disk attach |
| # - Disk detach, if disk is created via create-on-create |
| # - Create images |
| # - Create snapshots |
| # - Create disk clone (create disk from the current disk) |
| # |
| # |
| # |
| # The image with the locked field set to true will be prohibited from |
| # performing the operations below: |
| # |
| # - Create images from the current image |
| # - Update the locked field for the current image |
| # |
| # |
| # |
| # The instance with at least one disk with locked flag set to true will be |
| # prohibited from performing the operations below: |
| # |
| # - Secondary disk attach |
| # - Create instant snapshot |
| # - Create machine images |
| # - Create instance template |
| # - Delete the instance with --keep-disk parameter set to true |
| "name": "A String", # Name of the resource; provided by the client when the resource is created. |
| # The name must be 1-63 characters long, and comply withRFC1035. |
| # Specifically, the name must be 1-63 characters long and match the regular |
| # expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first |
| # character must be a lowercase letter, and all following characters must be |
| # a dash, lowercase letter, or digit, except the last character, which cannot |
| # be a dash. |
| "params": { # Additional image params. # Input only. [Input Only] Additional params passed with the request, but not persisted |
| # as part of resource payload. |
| "resourceManagerTags": { # Resource manager tags to be bound to the image. Tag keys and values have |
| # the same definition as resource |
| # manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and |
| # values are in the format `tagValues/456`. The field is ignored (both PUT & |
| # PATCH) when empty. |
| "a_key": "A String", |
| }, |
| }, |
| "rawDisk": { # The parameters of the raw disk image. |
| "containerType": "A String", # The format used to encode and transmit the block device, which should beTAR. This is just a container and transmission format and not |
| # a runtime format. Provided by the client when the disk image is created. |
| "sha1Checksum": "A String", # [Deprecated] This field is deprecated. |
| # An optional SHA1 checksum of the disk image before unpackaging provided |
| # by the client when the disk image is created. |
| "source": "A String", # The full Google Cloud Storage URL where the raw disk image archive is |
| # stored. |
| # The following are valid formats for the URL: |
| # |
| # - https://storage.googleapis.com/bucket_name/image_archive_name |
| # - https://storage.googleapis.com/bucket_name/folder_name/image_archive_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| }, |
| "rolloutOverride": { # A rollout policy configuration. # A rollout policy to apply to this image. When specified, the rollout policy |
| # overrides per-zone references to the image via the associated image family. |
| # The rollout policy restricts the zones where this image is accessible when |
| # using a zonal image family reference. When the rollout policy does not |
| # include the user specified zone, or if the zone is rolled out, this image |
| # is accessible. |
| # |
| # The rollout policy for this image is read-only, except for allowlisted |
| # users. This field might not be configured. To view the latest |
| # non-deprecated image in a specific zone, use theimageFamilyViews.get method. |
| "defaultRolloutTime": "A String", # An optional RFC3339 timestamp on or after which the update is |
| # considered rolled out to any zone that is not explicitly stated. |
| "locationRolloutPolicies": { # Location based rollout policies to apply to the resource. |
| # |
| # Currently only zone names are supported and must be represented |
| # as valid URLs, like: zones/us-central1-a. |
| # |
| # The value expects an RFC3339 timestamp on or after which the update is |
| # considered rolled out to the specified location. |
| "a_key": "A String", |
| }, |
| }, |
| "satisfiesPzi": True or False, # Output only. Reserved for future use. |
| "satisfiesPzs": True or False, # [Output Only] Reserved for future use. |
| "selfLink": "A String", # [Output Only] Server-defined URL for the resource. |
| "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource's resource id. |
| "shieldedInstanceInitialState": { # Initial State for shielded instance, # Set the secure boot keys of shielded instance. |
| # these are public keys which are safe to store in public |
| "dbs": [ # The Key Database (db). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "dbxs": [ # The forbidden key database (dbx). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "keks": [ # The Key Exchange Key (KEK). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "pk": { # The Platform Key (PK). |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| }, |
| "sourceDisk": "A String", # URL of the source disk used to create this image. |
| # For example, the following are valid values: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project/zones/zone/disks/disk |
| # - projects/project/zones/zone/disks/disk |
| # - zones/zone/disks/disk |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceDiskEncryptionKey": { # Thecustomer-supplied |
| # encryption key of the source disk. Required if the source disk is |
| # protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceDiskId": "A String", # [Output Only] |
| # The ID value of the disk used to create this image. This value may be used |
| # to determine whether the image was taken from the current or a previous |
| # instance of a given disk name. |
| "sourceImage": "A String", # URL of the source image used to create this image. |
| # The following are valid formats for the URL: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project_id/global/ |
| # images/image_name |
| # - projects/project_id/global/images/image_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceImageEncryptionKey": { # The customer-supplied encryption key of the source image. Required if the |
| # source image is protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceImageId": "A String", # [Output Only] |
| # The ID value of the image used to create this image. This value may be used |
| # to determine whether the image was taken from the current or a previous |
| # instance of a given image name. |
| "sourceSnapshot": "A String", # URL of the source snapshot used to create this image. |
| # The following are valid formats for the URL: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project_id/global/ |
| # snapshots/snapshot_name |
| # - projects/project_id/global/snapshots/snapshot_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceSnapshotEncryptionKey": { # The customer-supplied encryption key of the source snapshot. Required if |
| # the source snapshot is protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceSnapshotId": "A String", # [Output Only] |
| # The ID value of the snapshot used to create this image. This value may be |
| # used to determine whether the snapshot was taken from the current or a |
| # previous instance of a given snapshot name. |
| "sourceType": "RAW", # The type of the image used to create this disk. The |
| # default and only valid value is RAW. |
| "status": "A String", # [Output Only] The status of the image. An image can be used to create other |
| # resources, such as instances, only after the image has been successfully |
| # created and the status is set to READY. Possible |
| # values are FAILED, PENDING, orREADY. |
| "storageLocations": [ # Cloud Storage bucket storage location of the image (regional or |
| # multi-regional). |
| "A String", |
| ], |
| "userLicenses": [ # A list of publicly visible user-licenses. Unlike regular licenses, user |
| # provided licenses can be modified after the disk is created. This includes |
| # a list of URLs to the license resource. For example, to provide a debian |
| # license: |
| # |
| # https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-9-stretch |
| "A String", |
| ], |
| }, |
| ], |
| "kind": "compute#imageList", # Type of resource. |
| "nextPageToken": "A String", # [Output Only] This token allows you to get the next page of results for |
| # list requests. If the number of results is larger thanmaxResults, use the nextPageToken as a value for |
| # the query parameter pageToken in the next list request. |
| # Subsequent list requests will have their own nextPageToken to |
| # continue paging through the results. |
| "selfLink": "A String", # [Output Only] Server-defined URL for this resource. |
| "warning": { # [Output Only] Informational warning message. |
| "code": "A String", # [Output Only] A warning code, if applicable. For example, Compute |
| # Engine returns NO_RESULTS_ON_PAGE if there |
| # are no results in the response. |
| "data": [ # [Output Only] Metadata about this warning in key: |
| # value format. For example: |
| # |
| # "data": [ |
| # { |
| # "key": "scope", |
| # "value": "zones/us-east1-d" |
| # } |
| { |
| "key": "A String", # [Output Only] A key that provides more detail on the warning being |
| # returned. For example, for warnings where there are no results in a list |
| # request for a particular zone, this key might be scope and |
| # the key value might be the zone name. Other examples might be a key |
| # indicating a deprecated resource and a suggested replacement, or a |
| # warning about invalid network settings (for example, if an instance |
| # attempts to perform IP forwarding but is not enabled for IP forwarding). |
| "value": "A String", # [Output Only] A warning data value corresponding to the key. |
| }, |
| ], |
| "message": "A String", # [Output Only] A human-readable description of the warning code. |
| }, |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list_next">list_next()</code> |
| <pre>Retrieves the next page of results. |
| |
| Args: |
| previous_request: The request for the previous page. (required) |
| previous_response: The response from the request for the previous page. (required) |
| |
| Returns: |
| A request object that you can call 'execute()' on to request the next |
| page. Returns None if there are no more items in the collection. |
| </pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="patch">patch(project, image, body=None, requestId=None, x__xgafv=None)</code> |
| <pre>Patches the specified image with the data included in the request. |
| Only the following fields can be modified: family, description, |
| deprecation status. |
| |
| Args: |
| project: string, Project ID for this request. (required) |
| image: string, Name of the image resource to patch. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Represents an Image resource. |
| # |
| # You can use images to create boot disks for your VM instances. |
| # For more information, read Images. |
| "architecture": "A String", # The architecture of the image. Valid values are |
| # ARM64 or X86_64. |
| "archiveSizeBytes": "A String", # Size of the image tar.gz archive stored in Google Cloud |
| # Storage (in bytes). |
| "creationTimestamp": "A String", # [Output Only] Creation timestamp inRFC3339 |
| # text format. |
| "deprecated": { # Deprecation status for a public resource. # The deprecation status associated with this image. |
| "deleted": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to DELETED. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "deprecated": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to DEPRECATED. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "obsolete": "A String", # An optional RFC3339 timestamp on or after which the state of this |
| # resource is intended to change to OBSOLETE. This is only |
| # informational and the status will not change unless the client explicitly |
| # changes it. |
| "replacement": "A String", # The URL of the suggested replacement for a deprecated resource. |
| # The suggested replacement resource must be the same kind of resource as the |
| # deprecated resource. |
| "state": "A String", # The deprecation state of this resource. This can be ACTIVE,DEPRECATED, OBSOLETE, or DELETED. |
| # Operations which communicate the end of life date for an image, can useACTIVE. Operations which create a new resource using aDEPRECATED resource will return successfully, but with a |
| # warning indicating the deprecated resource and recommending its |
| # replacement. Operations which use OBSOLETE orDELETED resources will be rejected and result in an error. |
| "stateOverride": { # A rollout policy configuration. # The rollout policy for this deprecation. This policy is only enforced by |
| # image family views. The rollout policy restricts the zones where the |
| # associated resource is considered in a deprecated state. When the rollout |
| # policy does not include the user specified zone, or if the zone is rolled |
| # out, the associated resource is considered in a deprecated state. |
| # |
| # The rollout policy for this deprecation is read-only, except for |
| # allowlisted users. This field might not be configured. To view the latest |
| # non-deprecated image in a specific zone, use theimageFamilyViews.get method. |
| "defaultRolloutTime": "A String", # An optional RFC3339 timestamp on or after which the update is |
| # considered rolled out to any zone that is not explicitly stated. |
| "locationRolloutPolicies": { # Location based rollout policies to apply to the resource. |
| # |
| # Currently only zone names are supported and must be represented |
| # as valid URLs, like: zones/us-central1-a. |
| # |
| # The value expects an RFC3339 timestamp on or after which the update is |
| # considered rolled out to the specified location. |
| "a_key": "A String", |
| }, |
| }, |
| }, |
| "description": "A String", # An optional description of this resource. Provide this property when you |
| # create the resource. |
| "diskSizeGb": "A String", # Size of the image when restored onto a persistent disk (in GB). |
| "enableConfidentialCompute": True or False, # Whether this image is created from a confidential compute mode disk. |
| # [Output Only]: This field is not set by user, but from source disk. |
| "family": "A String", # The name of the image family to which this image belongs. The image |
| # family name can be from a publicly managed image family provided by |
| # Compute Engine, or from a custom image family you create. For example,centos-stream-9 is a publicly available image family. |
| # For more information, see Image |
| # family best practices. |
| # |
| # When creating disks, you can specify an image family instead of a specific |
| # image name. The image family always returns its latest image that is not |
| # deprecated. The name of the image family must comply with RFC1035. |
| "guestOsFeatures": [ # A list of features to enable on the guest operating system. Applicable |
| # only for bootable images. To see a list of available options, see theguestOSfeatures[].type parameter. |
| { # Guest OS features. |
| "type": "A String", # The ID of a supported feature. To add multiple values, use commas to |
| # separate values. Set to one or more of the following values: |
| # |
| # - VIRTIO_SCSI_MULTIQUEUE |
| # - WINDOWS |
| # - MULTI_IP_SUBNET |
| # - UEFI_COMPATIBLE |
| # - GVNIC |
| # - SEV_CAPABLE |
| # - SUSPEND_RESUME_COMPATIBLE |
| # - SEV_LIVE_MIGRATABLE_V2 |
| # - SEV_SNP_CAPABLE |
| # - TDX_CAPABLE |
| # - IDPF |
| # - SNP_SVSM_CAPABLE |
| # |
| # |
| # For more information, see |
| # Enabling guest operating system features. |
| }, |
| ], |
| "id": "A String", # [Output Only] The unique identifier for the resource. This identifier is |
| # defined by the server. |
| "imageEncryptionKey": { # Encrypts the image using acustomer-supplied |
| # encryption key. |
| # |
| # After you encrypt an image with a customer-supplied key, you must provide |
| # the same key if you use the image later (e.g. to create a disk from |
| # the image). |
| # |
| # Customer-supplied encryption keys do not protect access to metadata |
| # of the disk. |
| # |
| # If you do not provide an encryption key when creating the image, then the |
| # disk will be encrypted using an automatically generated key and you do not |
| # need to provide a key to use the image later. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "kind": "compute#image", # [Output Only] Type of the resource. Always compute#image for |
| # images. |
| "labelFingerprint": "A String", # A fingerprint for the labels being applied to this image, which is |
| # essentially a hash of the labels used for optimistic locking. The |
| # fingerprint is initially generated by Compute Engine and changes after |
| # every request to modify or update labels. You must always provide an |
| # up-to-date fingerprint hash in order to update or change labels, |
| # otherwise the request will fail with error412 conditionNotMet. |
| # |
| # To see the latest fingerprint, make a get() request to |
| # retrieve an image. |
| "labels": { # Labels to apply to this image. These can be later modified by |
| # the setLabels method. |
| "a_key": "A String", |
| }, |
| "licenseCodes": [ # Integer license codes indicating which licenses are attached to this image. |
| "A String", |
| ], |
| "licenses": [ # Any applicable license URI. |
| "A String", |
| ], |
| "locked": True or False, # A flag for marketplace VM disk created from the image, which is designed |
| # for marketplace VM disk to prevent the proprietary data on the disk from |
| # being accessed unwantedly. The flag will be inherited by the disk created |
| # from the image. |
| # |
| # The disk with locked flag set to true will be prohibited from performing |
| # the operations below: |
| # |
| # - R/W or R/O disk attach |
| # - Disk detach, if disk is created via create-on-create |
| # - Create images |
| # - Create snapshots |
| # - Create disk clone (create disk from the current disk) |
| # |
| # |
| # |
| # The image with the locked field set to true will be prohibited from |
| # performing the operations below: |
| # |
| # - Create images from the current image |
| # - Update the locked field for the current image |
| # |
| # |
| # |
| # The instance with at least one disk with locked flag set to true will be |
| # prohibited from performing the operations below: |
| # |
| # - Secondary disk attach |
| # - Create instant snapshot |
| # - Create machine images |
| # - Create instance template |
| # - Delete the instance with --keep-disk parameter set to true |
| "name": "A String", # Name of the resource; provided by the client when the resource is created. |
| # The name must be 1-63 characters long, and comply withRFC1035. |
| # Specifically, the name must be 1-63 characters long and match the regular |
| # expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first |
| # character must be a lowercase letter, and all following characters must be |
| # a dash, lowercase letter, or digit, except the last character, which cannot |
| # be a dash. |
| "params": { # Additional image params. # Input only. [Input Only] Additional params passed with the request, but not persisted |
| # as part of resource payload. |
| "resourceManagerTags": { # Resource manager tags to be bound to the image. Tag keys and values have |
| # the same definition as resource |
| # manager tags. Keys must be in the format `tagKeys/{tag_key_id}`, and |
| # values are in the format `tagValues/456`. The field is ignored (both PUT & |
| # PATCH) when empty. |
| "a_key": "A String", |
| }, |
| }, |
| "rawDisk": { # The parameters of the raw disk image. |
| "containerType": "A String", # The format used to encode and transmit the block device, which should beTAR. This is just a container and transmission format and not |
| # a runtime format. Provided by the client when the disk image is created. |
| "sha1Checksum": "A String", # [Deprecated] This field is deprecated. |
| # An optional SHA1 checksum of the disk image before unpackaging provided |
| # by the client when the disk image is created. |
| "source": "A String", # The full Google Cloud Storage URL where the raw disk image archive is |
| # stored. |
| # The following are valid formats for the URL: |
| # |
| # - https://storage.googleapis.com/bucket_name/image_archive_name |
| # - https://storage.googleapis.com/bucket_name/folder_name/image_archive_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| }, |
| "rolloutOverride": { # A rollout policy configuration. # A rollout policy to apply to this image. When specified, the rollout policy |
| # overrides per-zone references to the image via the associated image family. |
| # The rollout policy restricts the zones where this image is accessible when |
| # using a zonal image family reference. When the rollout policy does not |
| # include the user specified zone, or if the zone is rolled out, this image |
| # is accessible. |
| # |
| # The rollout policy for this image is read-only, except for allowlisted |
| # users. This field might not be configured. To view the latest |
| # non-deprecated image in a specific zone, use theimageFamilyViews.get method. |
| "defaultRolloutTime": "A String", # An optional RFC3339 timestamp on or after which the update is |
| # considered rolled out to any zone that is not explicitly stated. |
| "locationRolloutPolicies": { # Location based rollout policies to apply to the resource. |
| # |
| # Currently only zone names are supported and must be represented |
| # as valid URLs, like: zones/us-central1-a. |
| # |
| # The value expects an RFC3339 timestamp on or after which the update is |
| # considered rolled out to the specified location. |
| "a_key": "A String", |
| }, |
| }, |
| "satisfiesPzi": True or False, # Output only. Reserved for future use. |
| "satisfiesPzs": True or False, # [Output Only] Reserved for future use. |
| "selfLink": "A String", # [Output Only] Server-defined URL for the resource. |
| "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource's resource id. |
| "shieldedInstanceInitialState": { # Initial State for shielded instance, # Set the secure boot keys of shielded instance. |
| # these are public keys which are safe to store in public |
| "dbs": [ # The Key Database (db). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "dbxs": [ # The forbidden key database (dbx). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "keks": [ # The Key Exchange Key (KEK). |
| { |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| ], |
| "pk": { # The Platform Key (PK). |
| "content": "A String", # The raw content in the secure keys file. |
| "fileType": "A String", # The file type of source file. |
| }, |
| }, |
| "sourceDisk": "A String", # URL of the source disk used to create this image. |
| # For example, the following are valid values: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project/zones/zone/disks/disk |
| # - projects/project/zones/zone/disks/disk |
| # - zones/zone/disks/disk |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceDiskEncryptionKey": { # Thecustomer-supplied |
| # encryption key of the source disk. Required if the source disk is |
| # protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceDiskId": "A String", # [Output Only] |
| # The ID value of the disk used to create this image. This value may be used |
| # to determine whether the image was taken from the current or a previous |
| # instance of a given disk name. |
| "sourceImage": "A String", # URL of the source image used to create this image. |
| # The following are valid formats for the URL: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project_id/global/ |
| # images/image_name |
| # - projects/project_id/global/images/image_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceImageEncryptionKey": { # The customer-supplied encryption key of the source image. Required if the |
| # source image is protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceImageId": "A String", # [Output Only] |
| # The ID value of the image used to create this image. This value may be used |
| # to determine whether the image was taken from the current or a previous |
| # instance of a given image name. |
| "sourceSnapshot": "A String", # URL of the source snapshot used to create this image. |
| # The following are valid formats for the URL: |
| # |
| # - https://www.googleapis.com/compute/v1/projects/project_id/global/ |
| # snapshots/snapshot_name |
| # - projects/project_id/global/snapshots/snapshot_name |
| # |
| # |
| # |
| # In order to create an image, you must provide the full or partial URL of |
| # one of the following: |
| # |
| # - The rawDisk.source URL |
| # - The sourceDisk URL |
| # - The sourceImage URL |
| # - The sourceSnapshot URL |
| "sourceSnapshotEncryptionKey": { # The customer-supplied encryption key of the source snapshot. Required if |
| # the source snapshot is protected by a customer-supplied encryption key. |
| "kmsKeyName": "A String", # The name of the encryption key that is stored in Google Cloud KMS. |
| # For example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # |
| # The fully-qualifed key name may be returned for resource GET requests. For |
| # example: |
| # |
| # "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/ |
| # key_region/cryptoKeys/key |
| # /cryptoKeyVersions/1 |
| "kmsKeyServiceAccount": "A String", # The service account being used for the encryption request for the given KMS |
| # key. If absent, the Compute Engine default service account is used. |
| # For example: |
| # |
| # "kmsKeyServiceAccount": "name@project_id.iam.gserviceaccount.com/ |
| "rawKey": "A String", # Specifies a 256-bit customer-supplied |
| # encryption key, encoded in RFC |
| # 4648 base64 to either encrypt or decrypt this resource. You can |
| # provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rawKey": |
| # "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" |
| "rsaEncryptedKey": "A String", # Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit |
| # customer-supplied encryption key to either encrypt or decrypt this |
| # resource. You can provide either the rawKey or thersaEncryptedKey. |
| # For example: |
| # |
| # "rsaEncryptedKey": |
| # "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH |
| # z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD |
| # D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" |
| # |
| # The key must meet the following requirements before you can provide it to |
| # Compute Engine: |
| # |
| # 1. The key is wrapped using a RSA public key certificate provided by |
| # Google. |
| # 2. After being wrapped, the key must be encoded in RFC 4648 base64 |
| # encoding. |
| # |
| # Gets the RSA public key certificate provided by Google at: |
| # |
| # |
| # https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem |
| "sha256": "A String", # [Output only] TheRFC |
| # 4648 base64 encoded SHA-256 hash of the customer-supplied |
| # encryption key that protects this resource. |
| }, |
| "sourceSnapshotId": "A String", # [Output Only] |
| # The ID value of the snapshot used to create this image. This value may be |
| # used to determine whether the snapshot was taken from the current or a |
| # previous instance of a given snapshot name. |
| "sourceType": "RAW", # The type of the image used to create this disk. The |
| # default and only valid value is RAW. |
| "status": "A String", # [Output Only] The status of the image. An image can be used to create other |
| # resources, such as instances, only after the image has been successfully |
| # created and the status is set to READY. Possible |
| # values are FAILED, PENDING, orREADY. |
| "storageLocations": [ # Cloud Storage bucket storage location of the image (regional or |
| # multi-regional). |
| "A String", |
| ], |
| "userLicenses": [ # A list of publicly visible user-licenses. Unlike regular licenses, user |
| # provided licenses can be modified after the disk is created. This includes |
| # a list of URLs to the license resource. For example, to provide a debian |
| # license: |
| # |
| # https://www.googleapis.com/compute/v1/projects/debian-cloud/global/licenses/debian-9-stretch |
| "A String", |
| ], |
| } |
| |
| requestId: string, An optional request ID to identify requests. Specify a unique request ID so |
| that if you must retry your request, the server will know to ignore the |
| request if it has already been completed. |
| |
| For example, consider a situation where you make an initial request and |
| the request times out. If you make the request again with the same |
| request ID, the server can check if original operation with the same |
| request ID was received, and if so, will ignore the second request. This |
| prevents clients from accidentally creating duplicate commitments. |
| |
| The request ID must be |
| a valid UUID with the exception that zero UUID is not supported |
| (00000000-0000-0000-0000-000000000000). |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Represents an Operation resource. |
| # |
| # Google Compute Engine has three Operation resources: |
| # |
| # * [Global](/compute/docs/reference/rest/alpha/globalOperations) |
| # * [Regional](/compute/docs/reference/rest/alpha/regionOperations) |
| # * [Zonal](/compute/docs/reference/rest/alpha/zoneOperations) |
| # |
| # You can use an operation resource to manage asynchronous API requests. |
| # For more information, readHandling |
| # API responses. |
| # |
| # Operations can be global, regional or zonal. |
| # |
| # - For global operations, use the `globalOperations` |
| # resource. |
| # - For regional operations, use the |
| # `regionOperations` resource. |
| # - For zonal operations, use |
| # the `zoneOperations` resource. |
| # |
| # |
| # |
| # For more information, read |
| # Global, Regional, and Zonal Resources. |
| # |
| # Note that completed Operation resources have a limited |
| # retention period. |
| "clientOperationId": "A String", # [Output Only] The value of `requestId` if you provided it in the request. |
| # Not present otherwise. |
| "creationTimestamp": "A String", # [Deprecated] This field is deprecated. |
| "description": "A String", # [Output Only] A textual description of the operation, which is |
| # set when the operation is created. |
| "endTime": "A String", # [Output Only] The time that this operation was completed. This value is inRFC3339 |
| # text format. |
| "error": { # [Output Only] If errors are generated during processing of the operation, |
| # this field will be populated. |
| "errors": [ # [Output Only] The array of errors encountered while processing this |
| # operation. |
| { |
| "code": "A String", # [Output Only] The error type identifier for this error. |
| "errorDetails": [ # [Output Only] An optional list of messages that contain the error |
| # details. There is a set of defined message types to use for providing |
| # details.The syntax depends on the error code. For example, |
| # QuotaExceededInfo will have details when the error code is |
| # QUOTA_EXCEEDED. |
| { |
| "errorInfo": { # Describes the cause of the error with structured details. |
| # |
| # Example of an error when contacting the "pubsub.googleapis.com" API when it |
| # is not enabled: |
| # |
| # { "reason": "API_DISABLED" |
| # "domain": "googleapis.com" |
| # "metadata": { |
| # "resource": "projects/123", |
| # "service": "pubsub.googleapis.com" |
| # } |
| # } |
| # |
| # This response indicates that the pubsub.googleapis.com API is not enabled. |
| # |
| # Example of an error that is returned when attempting to create a Spanner |
| # instance in a region that is out of stock: |
| # |
| # { "reason": "STOCKOUT" |
| # "domain": "spanner.googleapis.com", |
| # "metadata": { |
| # "availableRegions": "us-central1,us-east2" |
| # } |
| # } |
| "domain": "A String", # The logical grouping to which the "reason" belongs. The error domain |
| # is typically the registered service name of the tool or product that |
| # generates the error. Example: "pubsub.googleapis.com". If the error is |
| # generated by some common infrastructure, the error domain must be a |
| # globally unique value that identifies the infrastructure. For Google API |
| # infrastructure, the error domain is "googleapis.com". |
| "metadatas": { # Additional structured details about this error. |
| # |
| # Keys must match a regular expression of `a-z+` but should |
| # ideally be lowerCamelCase. Also, they must be limited to 64 characters in |
| # length. When identifying the current value of an exceeded limit, the units |
| # should be contained in the key, not the value. For example, rather than |
| # `{"instanceLimit": "100/request"}`, should be returned as, |
| # `{"instanceLimitPerRequest": "100"}`, if the client exceeds the number of |
| # instances that can be created in a single (batch) request. |
| "a_key": "A String", |
| }, |
| "reason": "A String", # The reason of the error. This is a constant value that identifies the |
| # proximate cause of the error. Error reasons are unique within a particular |
| # domain of errors. This should be at most 63 characters and match a |
| # regular expression of `A-Z+[A-Z0-9]`, which represents |
| # UPPER_SNAKE_CASE. |
| }, |
| "help": { # Provides links to documentation or for performing an out of band action. |
| # |
| # For example, if a quota check failed with an error indicating the calling |
| # project hasn't enabled the accessed service, this can contain a URL pointing |
| # directly to the right place in the developer console to flip the bit. |
| "links": [ # URL(s) pointing to additional information on handling the current error. |
| { # Describes a URL link. |
| "description": "A String", # Describes what the link offers. |
| "url": "A String", # The URL of the link. |
| }, |
| ], |
| }, |
| "localizedMessage": { # Provides a localized error message that is safe to return to the user |
| # which can be attached to an RPC error. |
| "locale": "A String", # The locale used following the specification defined at |
| # https://www.rfc-editor.org/rfc/bcp/bcp47.txt. |
| # Examples are: "en-US", "fr-CH", "es-MX" |
| "message": "A String", # The localized error message in the above locale. |
| }, |
| "quotaInfo": { # Additional details for quota exceeded error for resource quota. |
| "dimensions": { # The map holding related quota dimensions. |
| "a_key": "A String", |
| }, |
| "futureLimit": 3.14, # Future quota limit being rolled out. The limit's unit depends on the quota |
| # type or metric. |
| "limit": 3.14, # Current effective quota limit. The limit's unit depends on the quota type |
| # or metric. |
| "limitName": "A String", # The name of the quota limit. |
| "metricName": "A String", # The Compute Engine quota metric name. |
| "rolloutStatus": "A String", # Rollout status of the future quota limit. |
| }, |
| }, |
| ], |
| "location": "A String", # [Output Only] Indicates the field in the request that caused the error. |
| # This property is optional. |
| "message": "A String", # [Output Only] An optional, human-readable error message. |
| }, |
| ], |
| }, |
| "httpErrorMessage": "A String", # [Output Only] If the operation fails, this field contains the HTTP error |
| # message that was returned, such as `NOT FOUND`. |
| "httpErrorStatusCode": 42, # [Output Only] If the operation fails, this field contains the HTTP error |
| # status code that was returned. For example, a `404` means the |
| # resource was not found. |
| "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is |
| # defined by the server. |
| "insertTime": "A String", # [Output Only] The time that this operation was requested. |
| # This value is inRFC3339 |
| # text format. |
| "instancesBulkInsertOperationMetadata": { |
| "perLocationStatus": { # Status information per location (location name is key). |
| # Example key: zones/us-central1-a |
| "a_key": { |
| "createdVmCount": 42, # [Output Only] Count of VMs successfully created so far. |
| "deletedVmCount": 42, # [Output Only] Count of VMs that got deleted during rollback. |
| "failedToCreateVmCount": 42, # [Output Only] Count of VMs that started creating but encountered an |
| # error. |
| "status": "A String", # [Output Only] Creation status of BulkInsert operation - information |
| # if the flow is rolling forward or rolling back. |
| "targetVmCount": 42, # [Output Only] Count of VMs originally planned to be created. |
| }, |
| }, |
| }, |
| "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for |
| # Operation resources. |
| "name": "A String", # [Output Only] Name of the operation. |
| "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a |
| # group of operations results from a `bulkInsert` API request. |
| "operationType": "A String", # [Output Only] The type of operation, such as `insert`, |
| # `update`, or `delete`, and so on. |
| "progress": 42, # [Output Only] An optional progress indicator that ranges from 0 to 100. |
| # There is no requirement that this be linear or support any granularity of |
| # operations. This should not be used to guess when the operation will be |
| # complete. This number should monotonically increase as the operation |
| # progresses. |
| "region": "A String", # [Output Only] The URL of the region where the operation resides. Only |
| # applicable when performing regional operations. |
| "selfLink": "A String", # [Output Only] Server-defined URL for the resource. |
| "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource with the resource id. |
| "setCommonInstanceMetadataOperationMetadata": { # [Output Only] If the operation is for projects.setCommonInstanceMetadata, |
| # this field will contain information on all underlying zonal actions and |
| # their state. |
| "clientOperationId": "A String", # [Output Only] The client operation id. |
| "perLocationOperations": { # [Output Only] Status information per location (location name is key). |
| # Example key: zones/us-central1-a |
| "a_key": { |
| "error": { # The `Status` type defines a logical error model that is suitable for # [Output Only] If state is `ABANDONED` or `FAILED`, this field is |
| # populated. |
| # different programming environments, including REST APIs and RPC APIs. It is |
| # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| # three pieces of data: error code, error message, and error details. |
| # |
| # You can find out more about this error model and how to work with it in the |
| # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| "details": [ # A list of messages that carry the error details. There is a common set of |
| # message types for APIs to use. |
| { |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| ], |
| "message": "A String", # A developer-facing error message, which should be in English. Any |
| # user-facing error message should be localized and sent in the |
| # google.rpc.Status.details field, or localized by the client. |
| }, |
| "state": "A String", # [Output Only] Status of the action, which can be one of the following: |
| # `PROPAGATING`, `PROPAGATED`, `ABANDONED`, `FAILED`, or `DONE`. |
| }, |
| }, |
| }, |
| "startTime": "A String", # [Output Only] The time that this operation was started by the server. |
| # This value is inRFC3339 |
| # text format. |
| "status": "A String", # [Output Only] The status of the operation, which can be one of the |
| # following: |
| # `PENDING`, `RUNNING`, or `DONE`. |
| "statusMessage": "A String", # [Output Only] An optional textual description of the current status of the |
| # operation. |
| "targetId": "A String", # [Output Only] The unique target ID, which identifies a specific incarnation |
| # of the target resource. |
| "targetLink": "A String", # [Output Only] The URL of the resource that the operation modifies. For |
| # operations related to creating a snapshot, this points to the disk |
| # that the snapshot was created from. |
| "user": "A String", # [Output Only] User who requested the operation, for example: |
| # `[email protected]` or |
| # `alice_smith_identifier (global/workforcePools/example-com-us-employees)`. |
| "warnings": [ # [Output Only] If warning messages are generated during processing of the |
| # operation, this field will be populated. |
| { |
| "code": "A String", # [Output Only] A warning code, if applicable. For example, Compute |
| # Engine returns NO_RESULTS_ON_PAGE if there |
| # are no results in the response. |
| "data": [ # [Output Only] Metadata about this warning in key: |
| # value format. For example: |
| # |
| # "data": [ |
| # { |
| # "key": "scope", |
| # "value": "zones/us-east1-d" |
| # } |
| { |
| "key": "A String", # [Output Only] A key that provides more detail on the warning being |
| # returned. For example, for warnings where there are no results in a list |
| # request for a particular zone, this key might be scope and |
| # the key value might be the zone name. Other examples might be a key |
| # indicating a deprecated resource and a suggested replacement, or a |
| # warning about invalid network settings (for example, if an instance |
| # attempts to perform IP forwarding but is not enabled for IP forwarding). |
| "value": "A String", # [Output Only] A warning data value corresponding to the key. |
| }, |
| ], |
| "message": "A String", # [Output Only] A human-readable description of the warning code. |
| }, |
| ], |
| "zone": "A String", # [Output Only] The URL of the zone where the operation resides. Only |
| # applicable when performing per-zone operations. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="setIamPolicy">setIamPolicy(project, resource, body=None, x__xgafv=None)</code> |
| <pre>Sets the access control policy on the specified resource. |
| Replaces any existing policy. |
| |
| Args: |
| project: string, Project ID for this request. (required) |
| resource: string, Name or id of the resource for this request. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { |
| "bindings": [ # Flatten Policy to create a backward compatible wire-format. |
| # Deprecated. Use 'policy' to specify bindings. |
| { # Associates `members`, or principals, with a `role`. |
| "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding. |
| # |
| # If the condition evaluates to `true`, then this binding applies to the |
| # current request. |
| # |
| # If the condition evaluates to `false`, then this binding does not apply to |
| # the current request. However, a different role binding might grant the same |
| # role to one or more of the principals in this binding. |
| # |
| # To learn which resources support conditions in their IAM policies, see the |
| # [IAM |
| # documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| # are documented at https://github.com/google/cel-spec. |
| # |
| # Example (Comparison): |
| # |
| # title: "Summary size limit" |
| # description: "Determines if a summary is less than 100 chars" |
| # expression: "document.summary.size() < 100" |
| # |
| # Example (Equality): |
| # |
| # title: "Requestor is owner" |
| # description: "Determines if requestor is the document owner" |
| # expression: "document.owner == request.auth.claims.email" |
| # |
| # Example (Logic): |
| # |
| # title: "Public documents" |
| # description: "Determine whether the document should be publicly visible" |
| # expression: "document.type != 'private' && document.type != 'internal'" |
| # |
| # Example (Data Manipulation): |
| # |
| # title: "Notification string" |
| # description: "Create a notification string with a timestamp." |
| # expression: "'New message received at ' + string(document.create_time)" |
| # |
| # The exact variables and functions that may be referenced within an expression |
| # are determined by the service that evaluates it. See the service |
| # documentation for additional information. |
| "description": "A String", # Optional. Description of the expression. This is a longer text which |
| # describes the expression, e.g. when hovered over it in a UI. |
| "expression": "A String", # Textual representation of an expression in Common Expression Language |
| # syntax. |
| "location": "A String", # Optional. String indicating the location of the expression for error |
| # reporting, e.g. a file name and a position in the file. |
| "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| # its purpose. This can be used e.g. in UIs which allow to enter the |
| # expression. |
| }, |
| "members": [ # Specifies the principals requesting access for a Google Cloud resource. |
| # `members` can have the following values: |
| # |
| # * `allUsers`: A special identifier that represents anyone who is |
| # on the internet; with or without a Google account. |
| # |
| # * `allAuthenticatedUsers`: A special identifier that represents anyone |
| # who is authenticated with a Google account or a service account. |
| # Does not include identities that come from external identity providers |
| # (IdPs) through identity federation. |
| # |
| # * `user:{emailid}`: An email address that represents a specific Google |
| # account. For example, `[email protected]` . |
| # |
| # |
| # * `serviceAccount:{emailid}`: An email address that represents a Google |
| # service account. For example, |
| # `[email protected]`. |
| # |
| # * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An |
| # identifier for a |
| # [Kubernetes service |
| # account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). |
| # For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. |
| # |
| # * `group:{emailid}`: An email address that represents a Google group. |
| # For example, `[email protected]`. |
| # |
| # |
| # * `domain:{domain}`: The G Suite domain (primary) that represents all the |
| # users of that domain. For example, `google.com` or `example.com`. |
| # |
| # |
| # |
| # |
| # * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: |
| # A single identity in a workforce identity pool. |
| # |
| # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: |
| # All workforce identities in a group. |
| # |
| # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: |
| # All workforce identities with a specific attribute value. |
| # |
| # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: |
| # All identities in a workforce identity pool. |
| # |
| # * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: |
| # A single identity in a workload identity pool. |
| # |
| # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: |
| # A workload identity pool group. |
| # |
| # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: |
| # All identities in a workload identity pool with a certain attribute. |
| # |
| # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: |
| # All identities in a workload identity pool. |
| # |
| # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a user that has been recently deleted. For |
| # example, `[email protected]?uid=123456789012345678901`. If the user is |
| # recovered, this value reverts to `user:{emailid}` and the recovered user |
| # retains the role in the binding. |
| # |
| # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus |
| # unique identifier) representing a service account that has been recently |
| # deleted. For example, |
| # `[email protected]?uid=123456789012345678901`. |
| # If the service account is undeleted, this value reverts to |
| # `serviceAccount:{emailid}` and the undeleted service account retains the |
| # role in the binding. |
| # |
| # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a Google group that has been recently |
| # deleted. For example, `[email protected]?uid=123456789012345678901`. If |
| # the group is recovered, this value reverts to `group:{emailid}` and the |
| # recovered group retains the role in the binding. |
| # |
| # * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: |
| # Deleted single identity in a workforce identity pool. For example, |
| # `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. |
| "A String", |
| ], |
| "role": "A String", # Role that is assigned to the list of `members`, or principals. |
| # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. |
| # |
| # For an overview of the IAM roles and permissions, see the |
| # [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For |
| # a list of the available pre-defined roles, see |
| # [here](https://cloud.google.com/iam/docs/understanding-roles). |
| }, |
| ], |
| "etag": "A String", # Flatten Policy to create a backward compatible wire-format. |
| # Deprecated. Use 'policy' to specify the etag. |
| "policy": { # An Identity and Access Management (IAM) policy, which specifies access # REQUIRED: The complete policy to be applied to the 'resource'. The size of |
| # the policy is limited to a few 10s of KB. An empty policy is in general a |
| # valid policy but certain services (like Projects) might reject them. |
| # controls for Google Cloud resources. |
| # |
| # |
| # A `Policy` is a collection of `bindings`. A `binding` binds one or more |
| # `members`, or principals, to a single `role`. Principals can be user |
| # accounts, service accounts, Google groups, and domains (such as G Suite). A |
| # `role` is a named list of permissions; each `role` can be an IAM predefined |
| # role or a user-created custom role. |
| # |
| # For some types of Google Cloud resources, a `binding` can also specify a |
| # `condition`, which is a logical expression that allows access to a resource |
| # only if the expression evaluates to `true`. A condition can add constraints |
| # based on attributes of the request, the resource, or both. To learn which |
| # resources support conditions in their IAM policies, see the |
| # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| # |
| # **JSON example:** |
| # |
| # ``` |
| # { |
| # "bindings": [ |
| # { |
| # "role": "roles/resourcemanager.organizationAdmin", |
| # "members": [ |
| # "user:[email protected]", |
| # "group:[email protected]", |
| # "domain:google.com", |
| # "serviceAccount:[email protected]" |
| # ] |
| # }, |
| # { |
| # "role": "roles/resourcemanager.organizationViewer", |
| # "members": [ |
| # "user:[email protected]" |
| # ], |
| # "condition": { |
| # "title": "expirable access", |
| # "description": "Does not grant access after Sep 2020", |
| # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", |
| # } |
| # } |
| # ], |
| # "etag": "BwWWja0YfJA=", |
| # "version": 3 |
| # } |
| # ``` |
| # |
| # **YAML example:** |
| # |
| # ``` |
| # bindings: |
| # - members: |
| # - user:[email protected] |
| # - group:[email protected] |
| # - domain:google.com |
| # - serviceAccount:[email protected] |
| # role: roles/resourcemanager.organizationAdmin |
| # - members: |
| # - user:[email protected] |
| # role: roles/resourcemanager.organizationViewer |
| # condition: |
| # title: expirable access |
| # description: Does not grant access after Sep 2020 |
| # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') |
| # etag: BwWWja0YfJA= |
| # version: 3 |
| # ``` |
| # |
| # For a description of IAM and its features, see the |
| # [IAM documentation](https://cloud.google.com/iam/docs/). |
| "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. |
| { # Specifies the audit configuration for a service. |
| # The configuration determines which permission types are logged, and what |
| # identities, if any, are exempted from logging. |
| # An AuditConfig must have one or more AuditLogConfigs. |
| # |
| # If there are AuditConfigs for both `allServices` and a specific service, |
| # the union of the two AuditConfigs is used for that service: the log_types |
| # specified in each AuditConfig are enabled, and the exempted_members in each |
| # AuditLogConfig are exempted. |
| # |
| # Example Policy with multiple AuditConfigs: |
| # |
| # { |
| # "audit_configs": [ |
| # { |
| # "service": "allServices", |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ", |
| # "exempted_members": [ |
| # "user:[email protected]" |
| # ] |
| # }, |
| # { |
| # "log_type": "DATA_WRITE" |
| # }, |
| # { |
| # "log_type": "ADMIN_READ" |
| # } |
| # ] |
| # }, |
| # { |
| # "service": "sampleservice.googleapis.com", |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ" |
| # }, |
| # { |
| # "log_type": "DATA_WRITE", |
| # "exempted_members": [ |
| # "user:[email protected]" |
| # ] |
| # } |
| # ] |
| # } |
| # ] |
| # } |
| # |
| # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ |
| # logging. It also exempts `[email protected]` from DATA_READ logging, and |
| # `[email protected]` from DATA_WRITE logging. |
| "auditLogConfigs": [ # The configuration for logging of each type of permission. |
| { # Provides the configuration for logging a type of permissions. |
| # Example: |
| # |
| # { |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ", |
| # "exempted_members": [ |
| # "user:[email protected]" |
| # ] |
| # }, |
| # { |
| # "log_type": "DATA_WRITE" |
| # } |
| # ] |
| # } |
| # |
| # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting |
| # [email protected] from DATA_READ logging. |
| "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of |
| # permission. |
| # Follows the same format of Binding.members. |
| "A String", |
| ], |
| "logType": "A String", # The log type that this config enables. |
| }, |
| ], |
| "service": "A String", # Specifies a service that will be enabled for audit logging. |
| # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. |
| # `allServices` is a special value that covers all services. |
| }, |
| ], |
| "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, |
| # may specify a `condition` that determines how and when the `bindings` are |
| # applied. Each of the `bindings` must contain at least one principal. |
| # |
| # The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 |
| # of these principals can be Google groups. Each occurrence of a principal |
| # counts towards these limits. For example, if the `bindings` grant 50 |
| # different roles to `user:[email protected]`, and not to any other |
| # principal, then you can add another 1,450 principals to the `bindings` in |
| # the `Policy`. |
| { # Associates `members`, or principals, with a `role`. |
| "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding. |
| # |
| # If the condition evaluates to `true`, then this binding applies to the |
| # current request. |
| # |
| # If the condition evaluates to `false`, then this binding does not apply to |
| # the current request. However, a different role binding might grant the same |
| # role to one or more of the principals in this binding. |
| # |
| # To learn which resources support conditions in their IAM policies, see the |
| # [IAM |
| # documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| # are documented at https://github.com/google/cel-spec. |
| # |
| # Example (Comparison): |
| # |
| # title: "Summary size limit" |
| # description: "Determines if a summary is less than 100 chars" |
| # expression: "document.summary.size() < 100" |
| # |
| # Example (Equality): |
| # |
| # title: "Requestor is owner" |
| # description: "Determines if requestor is the document owner" |
| # expression: "document.owner == request.auth.claims.email" |
| # |
| # Example (Logic): |
| # |
| # title: "Public documents" |
| # description: "Determine whether the document should be publicly visible" |
| # expression: "document.type != 'private' && document.type != 'internal'" |
| # |
| # Example (Data Manipulation): |
| # |
| # title: "Notification string" |
| # description: "Create a notification string with a timestamp." |
| # expression: "'New message received at ' + string(document.create_time)" |
| # |
| # The exact variables and functions that may be referenced within an expression |
| # are determined by the service that evaluates it. See the service |
| # documentation for additional information. |
| "description": "A String", # Optional. Description of the expression. This is a longer text which |
| # describes the expression, e.g. when hovered over it in a UI. |
| "expression": "A String", # Textual representation of an expression in Common Expression Language |
| # syntax. |
| "location": "A String", # Optional. String indicating the location of the expression for error |
| # reporting, e.g. a file name and a position in the file. |
| "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| # its purpose. This can be used e.g. in UIs which allow to enter the |
| # expression. |
| }, |
| "members": [ # Specifies the principals requesting access for a Google Cloud resource. |
| # `members` can have the following values: |
| # |
| # * `allUsers`: A special identifier that represents anyone who is |
| # on the internet; with or without a Google account. |
| # |
| # * `allAuthenticatedUsers`: A special identifier that represents anyone |
| # who is authenticated with a Google account or a service account. |
| # Does not include identities that come from external identity providers |
| # (IdPs) through identity federation. |
| # |
| # * `user:{emailid}`: An email address that represents a specific Google |
| # account. For example, `[email protected]` . |
| # |
| # |
| # * `serviceAccount:{emailid}`: An email address that represents a Google |
| # service account. For example, |
| # `[email protected]`. |
| # |
| # * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An |
| # identifier for a |
| # [Kubernetes service |
| # account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). |
| # For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. |
| # |
| # * `group:{emailid}`: An email address that represents a Google group. |
| # For example, `[email protected]`. |
| # |
| # |
| # * `domain:{domain}`: The G Suite domain (primary) that represents all the |
| # users of that domain. For example, `google.com` or `example.com`. |
| # |
| # |
| # |
| # |
| # * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: |
| # A single identity in a workforce identity pool. |
| # |
| # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: |
| # All workforce identities in a group. |
| # |
| # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: |
| # All workforce identities with a specific attribute value. |
| # |
| # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: |
| # All identities in a workforce identity pool. |
| # |
| # * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: |
| # A single identity in a workload identity pool. |
| # |
| # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: |
| # A workload identity pool group. |
| # |
| # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: |
| # All identities in a workload identity pool with a certain attribute. |
| # |
| # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: |
| # All identities in a workload identity pool. |
| # |
| # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a user that has been recently deleted. For |
| # example, `[email protected]?uid=123456789012345678901`. If the user is |
| # recovered, this value reverts to `user:{emailid}` and the recovered user |
| # retains the role in the binding. |
| # |
| # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus |
| # unique identifier) representing a service account that has been recently |
| # deleted. For example, |
| # `[email protected]?uid=123456789012345678901`. |
| # If the service account is undeleted, this value reverts to |
| # `serviceAccount:{emailid}` and the undeleted service account retains the |
| # role in the binding. |
| # |
| # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a Google group that has been recently |
| # deleted. For example, `[email protected]?uid=123456789012345678901`. If |
| # the group is recovered, this value reverts to `group:{emailid}` and the |
| # recovered group retains the role in the binding. |
| # |
| # * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: |
| # Deleted single identity in a workforce identity pool. For example, |
| # `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. |
| "A String", |
| ], |
| "role": "A String", # Role that is assigned to the list of `members`, or principals. |
| # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. |
| # |
| # For an overview of the IAM roles and permissions, see the |
| # [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For |
| # a list of the available pre-defined roles, see |
| # [here](https://cloud.google.com/iam/docs/understanding-roles). |
| }, |
| ], |
| "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help |
| # prevent simultaneous updates of a policy from overwriting each other. |
| # It is strongly suggested that systems make use of the `etag` in the |
| # read-modify-write cycle to perform policy updates in order to avoid race |
| # conditions: An `etag` is returned in the response to `getIamPolicy`, and |
| # systems are expected to put that etag in the request to `setIamPolicy` to |
| # ensure that their change will be applied to the same version of the policy. |
| # |
| # **Important:** If you use IAM Conditions, you must include the `etag` field |
| # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| # you to overwrite a version `3` policy with a version `1` policy, and all of |
| # the conditions in the version `3` policy are lost. |
| "version": 42, # Specifies the format of the policy. |
| # |
| # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value |
| # are rejected. |
| # |
| # Any operation that affects conditional role bindings must specify version |
| # `3`. This requirement applies to the following operations: |
| # |
| # * Getting a policy that includes a conditional role binding |
| # * Adding a conditional role binding to a policy |
| # * Changing a conditional role binding in a policy |
| # * Removing any role binding, with or without a condition, from a policy |
| # that includes conditions |
| # |
| # **Important:** If you use IAM Conditions, you must include the `etag` field |
| # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| # you to overwrite a version `3` policy with a version `1` policy, and all of |
| # the conditions in the version `3` policy are lost. |
| # |
| # If a policy does not include any conditions, operations on that policy may |
| # specify any valid version or leave the field unset. |
| # |
| # To learn which resources support conditions in their IAM policies, see the |
| # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| }, |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # An Identity and Access Management (IAM) policy, which specifies access |
| # controls for Google Cloud resources. |
| # |
| # |
| # A `Policy` is a collection of `bindings`. A `binding` binds one or more |
| # `members`, or principals, to a single `role`. Principals can be user |
| # accounts, service accounts, Google groups, and domains (such as G Suite). A |
| # `role` is a named list of permissions; each `role` can be an IAM predefined |
| # role or a user-created custom role. |
| # |
| # For some types of Google Cloud resources, a `binding` can also specify a |
| # `condition`, which is a logical expression that allows access to a resource |
| # only if the expression evaluates to `true`. A condition can add constraints |
| # based on attributes of the request, the resource, or both. To learn which |
| # resources support conditions in their IAM policies, see the |
| # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| # |
| # **JSON example:** |
| # |
| # ``` |
| # { |
| # "bindings": [ |
| # { |
| # "role": "roles/resourcemanager.organizationAdmin", |
| # "members": [ |
| # "user:[email protected]", |
| # "group:[email protected]", |
| # "domain:google.com", |
| # "serviceAccount:[email protected]" |
| # ] |
| # }, |
| # { |
| # "role": "roles/resourcemanager.organizationViewer", |
| # "members": [ |
| # "user:[email protected]" |
| # ], |
| # "condition": { |
| # "title": "expirable access", |
| # "description": "Does not grant access after Sep 2020", |
| # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", |
| # } |
| # } |
| # ], |
| # "etag": "BwWWja0YfJA=", |
| # "version": 3 |
| # } |
| # ``` |
| # |
| # **YAML example:** |
| # |
| # ``` |
| # bindings: |
| # - members: |
| # - user:[email protected] |
| # - group:[email protected] |
| # - domain:google.com |
| # - serviceAccount:[email protected] |
| # role: roles/resourcemanager.organizationAdmin |
| # - members: |
| # - user:[email protected] |
| # role: roles/resourcemanager.organizationViewer |
| # condition: |
| # title: expirable access |
| # description: Does not grant access after Sep 2020 |
| # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') |
| # etag: BwWWja0YfJA= |
| # version: 3 |
| # ``` |
| # |
| # For a description of IAM and its features, see the |
| # [IAM documentation](https://cloud.google.com/iam/docs/). |
| "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. |
| { # Specifies the audit configuration for a service. |
| # The configuration determines which permission types are logged, and what |
| # identities, if any, are exempted from logging. |
| # An AuditConfig must have one or more AuditLogConfigs. |
| # |
| # If there are AuditConfigs for both `allServices` and a specific service, |
| # the union of the two AuditConfigs is used for that service: the log_types |
| # specified in each AuditConfig are enabled, and the exempted_members in each |
| # AuditLogConfig are exempted. |
| # |
| # Example Policy with multiple AuditConfigs: |
| # |
| # { |
| # "audit_configs": [ |
| # { |
| # "service": "allServices", |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ", |
| # "exempted_members": [ |
| # "user:[email protected]" |
| # ] |
| # }, |
| # { |
| # "log_type": "DATA_WRITE" |
| # }, |
| # { |
| # "log_type": "ADMIN_READ" |
| # } |
| # ] |
| # }, |
| # { |
| # "service": "sampleservice.googleapis.com", |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ" |
| # }, |
| # { |
| # "log_type": "DATA_WRITE", |
| # "exempted_members": [ |
| # "user:[email protected]" |
| # ] |
| # } |
| # ] |
| # } |
| # ] |
| # } |
| # |
| # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ |
| # logging. It also exempts `[email protected]` from DATA_READ logging, and |
| # `[email protected]` from DATA_WRITE logging. |
| "auditLogConfigs": [ # The configuration for logging of each type of permission. |
| { # Provides the configuration for logging a type of permissions. |
| # Example: |
| # |
| # { |
| # "audit_log_configs": [ |
| # { |
| # "log_type": "DATA_READ", |
| # "exempted_members": [ |
| # "user:[email protected]" |
| # ] |
| # }, |
| # { |
| # "log_type": "DATA_WRITE" |
| # } |
| # ] |
| # } |
| # |
| # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting |
| # [email protected] from DATA_READ logging. |
| "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of |
| # permission. |
| # Follows the same format of Binding.members. |
| "A String", |
| ], |
| "logType": "A String", # The log type that this config enables. |
| }, |
| ], |
| "service": "A String", # Specifies a service that will be enabled for audit logging. |
| # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. |
| # `allServices` is a special value that covers all services. |
| }, |
| ], |
| "bindings": [ # Associates a list of `members`, or principals, with a `role`. Optionally, |
| # may specify a `condition` that determines how and when the `bindings` are |
| # applied. Each of the `bindings` must contain at least one principal. |
| # |
| # The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 |
| # of these principals can be Google groups. Each occurrence of a principal |
| # counts towards these limits. For example, if the `bindings` grant 50 |
| # different roles to `user:[email protected]`, and not to any other |
| # principal, then you can add another 1,450 principals to the `bindings` in |
| # the `Policy`. |
| { # Associates `members`, or principals, with a `role`. |
| "condition": { # Represents a textual expression in the Common Expression Language (CEL) # The condition that is associated with this binding. |
| # |
| # If the condition evaluates to `true`, then this binding applies to the |
| # current request. |
| # |
| # If the condition evaluates to `false`, then this binding does not apply to |
| # the current request. However, a different role binding might grant the same |
| # role to one or more of the principals in this binding. |
| # |
| # To learn which resources support conditions in their IAM policies, see the |
| # [IAM |
| # documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| # syntax. CEL is a C-like expression language. The syntax and semantics of CEL |
| # are documented at https://github.com/google/cel-spec. |
| # |
| # Example (Comparison): |
| # |
| # title: "Summary size limit" |
| # description: "Determines if a summary is less than 100 chars" |
| # expression: "document.summary.size() < 100" |
| # |
| # Example (Equality): |
| # |
| # title: "Requestor is owner" |
| # description: "Determines if requestor is the document owner" |
| # expression: "document.owner == request.auth.claims.email" |
| # |
| # Example (Logic): |
| # |
| # title: "Public documents" |
| # description: "Determine whether the document should be publicly visible" |
| # expression: "document.type != 'private' && document.type != 'internal'" |
| # |
| # Example (Data Manipulation): |
| # |
| # title: "Notification string" |
| # description: "Create a notification string with a timestamp." |
| # expression: "'New message received at ' + string(document.create_time)" |
| # |
| # The exact variables and functions that may be referenced within an expression |
| # are determined by the service that evaluates it. See the service |
| # documentation for additional information. |
| "description": "A String", # Optional. Description of the expression. This is a longer text which |
| # describes the expression, e.g. when hovered over it in a UI. |
| "expression": "A String", # Textual representation of an expression in Common Expression Language |
| # syntax. |
| "location": "A String", # Optional. String indicating the location of the expression for error |
| # reporting, e.g. a file name and a position in the file. |
| "title": "A String", # Optional. Title for the expression, i.e. a short string describing |
| # its purpose. This can be used e.g. in UIs which allow to enter the |
| # expression. |
| }, |
| "members": [ # Specifies the principals requesting access for a Google Cloud resource. |
| # `members` can have the following values: |
| # |
| # * `allUsers`: A special identifier that represents anyone who is |
| # on the internet; with or without a Google account. |
| # |
| # * `allAuthenticatedUsers`: A special identifier that represents anyone |
| # who is authenticated with a Google account or a service account. |
| # Does not include identities that come from external identity providers |
| # (IdPs) through identity federation. |
| # |
| # * `user:{emailid}`: An email address that represents a specific Google |
| # account. For example, `[email protected]` . |
| # |
| # |
| # * `serviceAccount:{emailid}`: An email address that represents a Google |
| # service account. For example, |
| # `[email protected]`. |
| # |
| # * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An |
| # identifier for a |
| # [Kubernetes service |
| # account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). |
| # For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. |
| # |
| # * `group:{emailid}`: An email address that represents a Google group. |
| # For example, `[email protected]`. |
| # |
| # |
| # * `domain:{domain}`: The G Suite domain (primary) that represents all the |
| # users of that domain. For example, `google.com` or `example.com`. |
| # |
| # |
| # |
| # |
| # * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: |
| # A single identity in a workforce identity pool. |
| # |
| # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: |
| # All workforce identities in a group. |
| # |
| # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: |
| # All workforce identities with a specific attribute value. |
| # |
| # * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: |
| # All identities in a workforce identity pool. |
| # |
| # * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: |
| # A single identity in a workload identity pool. |
| # |
| # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: |
| # A workload identity pool group. |
| # |
| # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: |
| # All identities in a workload identity pool with a certain attribute. |
| # |
| # * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: |
| # All identities in a workload identity pool. |
| # |
| # * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a user that has been recently deleted. For |
| # example, `[email protected]?uid=123456789012345678901`. If the user is |
| # recovered, this value reverts to `user:{emailid}` and the recovered user |
| # retains the role in the binding. |
| # |
| # * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus |
| # unique identifier) representing a service account that has been recently |
| # deleted. For example, |
| # `[email protected]?uid=123456789012345678901`. |
| # If the service account is undeleted, this value reverts to |
| # `serviceAccount:{emailid}` and the undeleted service account retains the |
| # role in the binding. |
| # |
| # * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique |
| # identifier) representing a Google group that has been recently |
| # deleted. For example, `[email protected]?uid=123456789012345678901`. If |
| # the group is recovered, this value reverts to `group:{emailid}` and the |
| # recovered group retains the role in the binding. |
| # |
| # * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: |
| # Deleted single identity in a workforce identity pool. For example, |
| # `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. |
| "A String", |
| ], |
| "role": "A String", # Role that is assigned to the list of `members`, or principals. |
| # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. |
| # |
| # For an overview of the IAM roles and permissions, see the |
| # [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For |
| # a list of the available pre-defined roles, see |
| # [here](https://cloud.google.com/iam/docs/understanding-roles). |
| }, |
| ], |
| "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help |
| # prevent simultaneous updates of a policy from overwriting each other. |
| # It is strongly suggested that systems make use of the `etag` in the |
| # read-modify-write cycle to perform policy updates in order to avoid race |
| # conditions: An `etag` is returned in the response to `getIamPolicy`, and |
| # systems are expected to put that etag in the request to `setIamPolicy` to |
| # ensure that their change will be applied to the same version of the policy. |
| # |
| # **Important:** If you use IAM Conditions, you must include the `etag` field |
| # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| # you to overwrite a version `3` policy with a version `1` policy, and all of |
| # the conditions in the version `3` policy are lost. |
| "version": 42, # Specifies the format of the policy. |
| # |
| # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value |
| # are rejected. |
| # |
| # Any operation that affects conditional role bindings must specify version |
| # `3`. This requirement applies to the following operations: |
| # |
| # * Getting a policy that includes a conditional role binding |
| # * Adding a conditional role binding to a policy |
| # * Changing a conditional role binding in a policy |
| # * Removing any role binding, with or without a condition, from a policy |
| # that includes conditions |
| # |
| # **Important:** If you use IAM Conditions, you must include the `etag` field |
| # whenever you call `setIamPolicy`. If you omit this field, then IAM allows |
| # you to overwrite a version `3` policy with a version `1` policy, and all of |
| # the conditions in the version `3` policy are lost. |
| # |
| # If a policy does not include any conditions, operations on that policy may |
| # specify any valid version or leave the field unset. |
| # |
| # To learn which resources support conditions in their IAM policies, see the |
| # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="setLabels">setLabels(project, resource, body=None, x__xgafv=None)</code> |
| <pre>Sets the labels on an image. To learn more about labels, read theLabeling |
| Resources documentation. |
| |
| Args: |
| project: string, Project ID for this request. (required) |
| resource: string, Name or id of the resource for this request. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { |
| "labelFingerprint": "A String", # The fingerprint of the previous set of labels for this resource, |
| # used to detect conflicts. The fingerprint is initially generated by Compute |
| # Engine and changes after every request to modify or update labels. You must |
| # always provide an up-to-date fingerprint hash when updating or changing |
| # labels, otherwise the request will fail with error412 conditionNotMet. Make a get() request to the |
| # resource to get the latest fingerprint. |
| "labels": { # A list of labels to apply for this resource. Each label must comply with |
| # the |
| # requirements for labels. For example,"webserver-frontend": "images". A label value can also be |
| # empty (e.g. "my-label": ""). |
| "a_key": "A String", |
| }, |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Represents an Operation resource. |
| # |
| # Google Compute Engine has three Operation resources: |
| # |
| # * [Global](/compute/docs/reference/rest/alpha/globalOperations) |
| # * [Regional](/compute/docs/reference/rest/alpha/regionOperations) |
| # * [Zonal](/compute/docs/reference/rest/alpha/zoneOperations) |
| # |
| # You can use an operation resource to manage asynchronous API requests. |
| # For more information, readHandling |
| # API responses. |
| # |
| # Operations can be global, regional or zonal. |
| # |
| # - For global operations, use the `globalOperations` |
| # resource. |
| # - For regional operations, use the |
| # `regionOperations` resource. |
| # - For zonal operations, use |
| # the `zoneOperations` resource. |
| # |
| # |
| # |
| # For more information, read |
| # Global, Regional, and Zonal Resources. |
| # |
| # Note that completed Operation resources have a limited |
| # retention period. |
| "clientOperationId": "A String", # [Output Only] The value of `requestId` if you provided it in the request. |
| # Not present otherwise. |
| "creationTimestamp": "A String", # [Deprecated] This field is deprecated. |
| "description": "A String", # [Output Only] A textual description of the operation, which is |
| # set when the operation is created. |
| "endTime": "A String", # [Output Only] The time that this operation was completed. This value is inRFC3339 |
| # text format. |
| "error": { # [Output Only] If errors are generated during processing of the operation, |
| # this field will be populated. |
| "errors": [ # [Output Only] The array of errors encountered while processing this |
| # operation. |
| { |
| "code": "A String", # [Output Only] The error type identifier for this error. |
| "errorDetails": [ # [Output Only] An optional list of messages that contain the error |
| # details. There is a set of defined message types to use for providing |
| # details.The syntax depends on the error code. For example, |
| # QuotaExceededInfo will have details when the error code is |
| # QUOTA_EXCEEDED. |
| { |
| "errorInfo": { # Describes the cause of the error with structured details. |
| # |
| # Example of an error when contacting the "pubsub.googleapis.com" API when it |
| # is not enabled: |
| # |
| # { "reason": "API_DISABLED" |
| # "domain": "googleapis.com" |
| # "metadata": { |
| # "resource": "projects/123", |
| # "service": "pubsub.googleapis.com" |
| # } |
| # } |
| # |
| # This response indicates that the pubsub.googleapis.com API is not enabled. |
| # |
| # Example of an error that is returned when attempting to create a Spanner |
| # instance in a region that is out of stock: |
| # |
| # { "reason": "STOCKOUT" |
| # "domain": "spanner.googleapis.com", |
| # "metadata": { |
| # "availableRegions": "us-central1,us-east2" |
| # } |
| # } |
| "domain": "A String", # The logical grouping to which the "reason" belongs. The error domain |
| # is typically the registered service name of the tool or product that |
| # generates the error. Example: "pubsub.googleapis.com". If the error is |
| # generated by some common infrastructure, the error domain must be a |
| # globally unique value that identifies the infrastructure. For Google API |
| # infrastructure, the error domain is "googleapis.com". |
| "metadatas": { # Additional structured details about this error. |
| # |
| # Keys must match a regular expression of `a-z+` but should |
| # ideally be lowerCamelCase. Also, they must be limited to 64 characters in |
| # length. When identifying the current value of an exceeded limit, the units |
| # should be contained in the key, not the value. For example, rather than |
| # `{"instanceLimit": "100/request"}`, should be returned as, |
| # `{"instanceLimitPerRequest": "100"}`, if the client exceeds the number of |
| # instances that can be created in a single (batch) request. |
| "a_key": "A String", |
| }, |
| "reason": "A String", # The reason of the error. This is a constant value that identifies the |
| # proximate cause of the error. Error reasons are unique within a particular |
| # domain of errors. This should be at most 63 characters and match a |
| # regular expression of `A-Z+[A-Z0-9]`, which represents |
| # UPPER_SNAKE_CASE. |
| }, |
| "help": { # Provides links to documentation or for performing an out of band action. |
| # |
| # For example, if a quota check failed with an error indicating the calling |
| # project hasn't enabled the accessed service, this can contain a URL pointing |
| # directly to the right place in the developer console to flip the bit. |
| "links": [ # URL(s) pointing to additional information on handling the current error. |
| { # Describes a URL link. |
| "description": "A String", # Describes what the link offers. |
| "url": "A String", # The URL of the link. |
| }, |
| ], |
| }, |
| "localizedMessage": { # Provides a localized error message that is safe to return to the user |
| # which can be attached to an RPC error. |
| "locale": "A String", # The locale used following the specification defined at |
| # https://www.rfc-editor.org/rfc/bcp/bcp47.txt. |
| # Examples are: "en-US", "fr-CH", "es-MX" |
| "message": "A String", # The localized error message in the above locale. |
| }, |
| "quotaInfo": { # Additional details for quota exceeded error for resource quota. |
| "dimensions": { # The map holding related quota dimensions. |
| "a_key": "A String", |
| }, |
| "futureLimit": 3.14, # Future quota limit being rolled out. The limit's unit depends on the quota |
| # type or metric. |
| "limit": 3.14, # Current effective quota limit. The limit's unit depends on the quota type |
| # or metric. |
| "limitName": "A String", # The name of the quota limit. |
| "metricName": "A String", # The Compute Engine quota metric name. |
| "rolloutStatus": "A String", # Rollout status of the future quota limit. |
| }, |
| }, |
| ], |
| "location": "A String", # [Output Only] Indicates the field in the request that caused the error. |
| # This property is optional. |
| "message": "A String", # [Output Only] An optional, human-readable error message. |
| }, |
| ], |
| }, |
| "httpErrorMessage": "A String", # [Output Only] If the operation fails, this field contains the HTTP error |
| # message that was returned, such as `NOT FOUND`. |
| "httpErrorStatusCode": 42, # [Output Only] If the operation fails, this field contains the HTTP error |
| # status code that was returned. For example, a `404` means the |
| # resource was not found. |
| "id": "A String", # [Output Only] The unique identifier for the operation. This identifier is |
| # defined by the server. |
| "insertTime": "A String", # [Output Only] The time that this operation was requested. |
| # This value is inRFC3339 |
| # text format. |
| "instancesBulkInsertOperationMetadata": { |
| "perLocationStatus": { # Status information per location (location name is key). |
| # Example key: zones/us-central1-a |
| "a_key": { |
| "createdVmCount": 42, # [Output Only] Count of VMs successfully created so far. |
| "deletedVmCount": 42, # [Output Only] Count of VMs that got deleted during rollback. |
| "failedToCreateVmCount": 42, # [Output Only] Count of VMs that started creating but encountered an |
| # error. |
| "status": "A String", # [Output Only] Creation status of BulkInsert operation - information |
| # if the flow is rolling forward or rolling back. |
| "targetVmCount": 42, # [Output Only] Count of VMs originally planned to be created. |
| }, |
| }, |
| }, |
| "kind": "compute#operation", # [Output Only] Type of the resource. Always `compute#operation` for |
| # Operation resources. |
| "name": "A String", # [Output Only] Name of the operation. |
| "operationGroupId": "A String", # [Output Only] An ID that represents a group of operations, such as when a |
| # group of operations results from a `bulkInsert` API request. |
| "operationType": "A String", # [Output Only] The type of operation, such as `insert`, |
| # `update`, or `delete`, and so on. |
| "progress": 42, # [Output Only] An optional progress indicator that ranges from 0 to 100. |
| # There is no requirement that this be linear or support any granularity of |
| # operations. This should not be used to guess when the operation will be |
| # complete. This number should monotonically increase as the operation |
| # progresses. |
| "region": "A String", # [Output Only] The URL of the region where the operation resides. Only |
| # applicable when performing regional operations. |
| "selfLink": "A String", # [Output Only] Server-defined URL for the resource. |
| "selfLinkWithId": "A String", # [Output Only] Server-defined URL for this resource with the resource id. |
| "setCommonInstanceMetadataOperationMetadata": { # [Output Only] If the operation is for projects.setCommonInstanceMetadata, |
| # this field will contain information on all underlying zonal actions and |
| # their state. |
| "clientOperationId": "A String", # [Output Only] The client operation id. |
| "perLocationOperations": { # [Output Only] Status information per location (location name is key). |
| # Example key: zones/us-central1-a |
| "a_key": { |
| "error": { # The `Status` type defines a logical error model that is suitable for # [Output Only] If state is `ABANDONED` or `FAILED`, this field is |
| # populated. |
| # different programming environments, including REST APIs and RPC APIs. It is |
| # used by [gRPC](https://github.com/grpc). Each `Status` message contains |
| # three pieces of data: error code, error message, and error details. |
| # |
| # You can find out more about this error model and how to work with it in the |
| # [API Design Guide](https://cloud.google.com/apis/design/errors). |
| "code": 42, # The status code, which should be an enum value of google.rpc.Code. |
| "details": [ # A list of messages that carry the error details. There is a common set of |
| # message types for APIs to use. |
| { |
| "a_key": "", # Properties of the object. Contains field @type with type URL. |
| }, |
| ], |
| "message": "A String", # A developer-facing error message, which should be in English. Any |
| # user-facing error message should be localized and sent in the |
| # google.rpc.Status.details field, or localized by the client. |
| }, |
| "state": "A String", # [Output Only] Status of the action, which can be one of the following: |
| # `PROPAGATING`, `PROPAGATED`, `ABANDONED`, `FAILED`, or `DONE`. |
| }, |
| }, |
| }, |
| "startTime": "A String", # [Output Only] The time that this operation was started by the server. |
| # This value is inRFC3339 |
| # text format. |
| "status": "A String", # [Output Only] The status of the operation, which can be one of the |
| # following: |
| # `PENDING`, `RUNNING`, or `DONE`. |
| "statusMessage": "A String", # [Output Only] An optional textual description of the current status of the |
| # operation. |
| "targetId": "A String", # [Output Only] The unique target ID, which identifies a specific incarnation |
| # of the target resource. |
| "targetLink": "A String", # [Output Only] The URL of the resource that the operation modifies. For |
| # operations related to creating a snapshot, this points to the disk |
| # that the snapshot was created from. |
| "user": "A String", # [Output Only] User who requested the operation, for example: |
| # `[email protected]` or |
| # `alice_smith_identifier (global/workforcePools/example-com-us-employees)`. |
| "warnings": [ # [Output Only] If warning messages are generated during processing of the |
| # operation, this field will be populated. |
| { |
| "code": "A String", # [Output Only] A warning code, if applicable. For example, Compute |
| # Engine returns NO_RESULTS_ON_PAGE if there |
| # are no results in the response. |
| "data": [ # [Output Only] Metadata about this warning in key: |
| # value format. For example: |
| # |
| # "data": [ |
| # { |
| # "key": "scope", |
| # "value": "zones/us-east1-d" |
| # } |
| { |
| "key": "A String", # [Output Only] A key that provides more detail on the warning being |
| # returned. For example, for warnings where there are no results in a list |
| # request for a particular zone, this key might be scope and |
| # the key value might be the zone name. Other examples might be a key |
| # indicating a deprecated resource and a suggested replacement, or a |
| # warning about invalid network settings (for example, if an instance |
| # attempts to perform IP forwarding but is not enabled for IP forwarding). |
| "value": "A String", # [Output Only] A warning data value corresponding to the key. |
| }, |
| ], |
| "message": "A String", # [Output Only] A human-readable description of the warning code. |
| }, |
| ], |
| "zone": "A String", # [Output Only] The URL of the zone where the operation resides. Only |
| # applicable when performing per-zone operations. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="testIamPermissions">testIamPermissions(project, resource, body=None, x__xgafv=None)</code> |
| <pre>Returns permissions that a caller has on the specified resource. |
| |
| Args: |
| project: string, Project ID for this request. (required) |
| resource: string, Name or id of the resource for this request. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { |
| "permissions": [ # The set of permissions to check for the 'resource'. Permissions with |
| # wildcards (such as '*' or 'storage.*') are not allowed. |
| "A String", |
| ], |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { |
| "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is |
| # allowed. |
| "A String", |
| ], |
| }</pre> |
| </div> |
| |
| </body></html> |
