Access Context Manager API MCP Server

# generated by fastapi-codegen: # filename: openapi.yaml # timestamp: 2025-06-29T00:36:38+00:00 from __future__ import annotations from enum import Enum from typing import Any, Dict, List, Optional from pydantic import BaseModel, Field class AccessContextManagerOperationMetadata(BaseModel): pass class AccessPolicy(BaseModel): name: Optional[str] = Field( None, description='Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`', ) parent: Optional[str] = Field( None, description='Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}`', ) title: Optional[str] = Field( None, description='Required. Human readable title. Does not affect behavior.' ) class CombiningFunction(Enum): AND = 'AND' OR = 'OR' class AllowedDeviceManagementLevel(Enum): MANAGEMENT_UNSPECIFIED = 'MANAGEMENT_UNSPECIFIED' NONE = 'NONE' BASIC = 'BASIC' COMPLETE = 'COMPLETE' class AllowedEncryptionStatus(Enum): ENCRYPTION_UNSPECIFIED = 'ENCRYPTION_UNSPECIFIED' ENCRYPTION_UNSUPPORTED = 'ENCRYPTION_UNSUPPORTED' UNENCRYPTED = 'UNENCRYPTED' ENCRYPTED = 'ENCRYPTED' class Expr(BaseModel): description: Optional[str] = Field( None, description='Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.', ) expression: Optional[str] = Field( None, description='Textual representation of an expression in Common Expression Language syntax.', ) location: Optional[str] = Field( None, description='Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.', ) title: Optional[str] = Field( None, description='Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.', ) class ListAccessPoliciesResponse(BaseModel): accessPolicies: Optional[List[AccessPolicy]] = Field( None, description='List of the AccessPolicy instances.' ) nextPageToken: Optional[str] = Field( None, description='The pagination token to retrieve the next page of results. If the value is empty, no further results remain.', ) class OsType(Enum): OS_UNSPECIFIED = 'OS_UNSPECIFIED' DESKTOP_MAC = 'DESKTOP_MAC' DESKTOP_WINDOWS = 'DESKTOP_WINDOWS' DESKTOP_LINUX = 'DESKTOP_LINUX' DESKTOP_CHROME_OS = 'DESKTOP_CHROME_OS' ANDROID = 'ANDROID' IOS = 'IOS' class OsConstraint(BaseModel): minimumVersion: Optional[str] = Field( None, description='The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`.', ) osType: Optional[OsType] = Field(None, description='Required. The allowed OS type.') requireVerifiedChromeOs: Optional[bool] = Field( None, description='Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller has permission to call the API targeted by the request.', ) class PerimeterType(Enum): PERIMETER_TYPE_REGULAR = 'PERIMETER_TYPE_REGULAR' PERIMETER_TYPE_BRIDGE = 'PERIMETER_TYPE_BRIDGE' class Status(BaseModel): code: Optional[int] = Field( None, description='The status code, which should be an enum value of google.rpc.Code.', ) details: Optional[List[Dict[str, Any]]] = Field( None, description='A list of messages that carry the error details. There is a common set of message types for APIs to use.', ) message: Optional[str] = Field( None, description='A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.', ) class VpcAccessibleServices(BaseModel): allowedServices: Optional[List[str]] = Field( None, description="The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.", ) enableRestriction: Optional[bool] = Field( None, description="Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'.", ) class FieldXgafv(Enum): field_1 = '1' field_2 = '2' class Alt(Enum): json = 'json' media = 'media' proto = 'proto' class AccessLevelFormat(Enum): LEVEL_FORMAT_UNSPECIFIED = 'LEVEL_FORMAT_UNSPECIFIED' AS_DEFINED = 'AS_DEFINED' CEL = 'CEL' class CustomLevel(BaseModel): expr: Optional[Expr] = Field( None, description='Required. A Cloud CEL expression evaluating to a boolean.' ) class DevicePolicy(BaseModel): allowedDeviceManagementLevels: Optional[List[AllowedDeviceManagementLevel]] = Field( None, description='Allowed device management levels, an empty list allows all management levels.', ) allowedEncryptionStatuses: Optional[List[AllowedEncryptionStatus]] = Field( None, description='Allowed encryptions statuses, an empty list allows all statuses.', ) osConstraints: Optional[List[OsConstraint]] = Field( None, description='Allowed OS versions, an empty list allows all types and all versions.', ) requireAdminApproval: Optional[bool] = Field( None, description='Whether the device needs to be approved by the customer admin.', ) requireCorpOwned: Optional[bool] = Field( None, description='Whether the device needs to be corp owned.' ) requireScreenlock: Optional[bool] = Field( None, description='Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.', ) class Operation(BaseModel): done: Optional[bool] = Field( None, description='If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.', ) error: Optional[Status] = Field( None, description='The error result of the operation in case of failure or cancellation.', ) metadata: Optional[Dict[str, Any]] = Field( None, description='Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.', ) name: Optional[str] = Field( None, description='The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.', ) response: Optional[Dict[str, Any]] = Field( None, description='The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.', ) class ServicePerimeterConfig(BaseModel): accessLevels: Optional[List[str]] = Field( None, description='A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed must be in the same policy as this `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be empty.', ) resources: Optional[List[str]] = Field( None, description='A list of Google Cloud resources that are inside of the service perimeter. Currently only projects are allowed. Format: `projects/{project_number}`', ) restrictedServices: Optional[List[str]] = Field( None, description="Google Cloud services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions.", ) unrestrictedServices: Optional[List[str]] = Field( None, description='Google Cloud services that are not subject to the Service Perimeter restrictions. Deprecated. Must be set to a single wildcard "*". The wildcard means that unless explicitly specified by "restricted_services" list, any service is treated as unrestricted.', ) vpcAccessibleServices: Optional[VpcAccessibleServices] = Field( None, description='Beta. Configuration for APIs allowed within Perimeter.' ) class Condition(BaseModel): devicePolicy: Optional[DevicePolicy] = Field( None, description='Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed.', ) ipSubnetworks: Optional[List[str]] = Field( None, description='CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.', ) members: Optional[List[str]] = Field( None, description='The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request may come from any user.', ) negate: Optional[bool] = Field( None, description='Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.', ) regions: Optional[List[str]] = Field( None, description='The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes.', ) requiredAccessLevels: Optional[List[str]] = Field( None, description='A list of other access levels defined in the same `Policy`, referenced by resource name. Referencing an `AccessLevel` which does not exist is an error. All access levels listed must be granted for the Condition to be true. Example: "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`', ) class ServicePerimeter(BaseModel): description: Optional[str] = Field( None, description='Description of the `ServicePerimeter` and its use. Does not affect behavior.', ) name: Optional[str] = Field( None, description='Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.', ) perimeterType: Optional[PerimeterType] = Field( None, description='Perimeter type indicator. A single project is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, restricted/unrestricted service lists as well as access lists must be empty.', ) status: Optional[ServicePerimeterConfig] = Field( None, description='Current ServicePerimeter configuration. Specifies sets of resources, restricted/unrestricted services and access levels that determine perimeter content and boundaries.', ) title: Optional[str] = Field( None, description='Human readable title. Must be unique within the Policy.' ) class BasicLevel(BaseModel): combiningFunction: Optional[CombiningFunction] = Field( None, description='How the `conditions` list should be combined to determine if a request is granted this `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be satisfied for the `AccessLevel` to be applied. Default behavior is AND.', ) conditions: Optional[List[Condition]] = Field( None, description='Required. A list of requirements for the `AccessLevel` to be granted.', ) class ListServicePerimetersResponse(BaseModel): nextPageToken: Optional[str] = Field( None, description='The pagination token to retrieve the next page of results. If the value is empty, no further results remain.', ) servicePerimeters: Optional[List[ServicePerimeter]] = Field( None, description='List of the Service Perimeter instances.' ) class AccessLevel(BaseModel): basic: Optional[BasicLevel] = Field( None, description='A `BasicLevel` composed of `Conditions`.' ) custom: Optional[CustomLevel] = Field( None, description='A `CustomLevel` written in the Common Expression Language.' ) description: Optional[str] = Field( None, description='Description of the `AccessLevel` and its use. Does not affect behavior.', ) name: Optional[str] = Field( None, description='Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.', ) title: Optional[str] = Field( None, description='Human readable title. Must be unique within the Policy.' ) class ListAccessLevelsResponse(BaseModel): accessLevels: Optional[List[AccessLevel]] = Field( None, description='List of the Access Level instances.' ) nextPageToken: Optional[str] = Field( None, description='The pagination token to retrieve the next page of results. If the value is empty, no further results remain.', )