google-api-client 0.10.1 → 0.10.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (176) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/api_names.yaml +395 -0
  4. data/generated/google/apis/adexchangebuyer2_v2beta1.rb +1 -1
  5. data/generated/google/apis/adexchangebuyer2_v2beta1/classes.rb +254 -254
  6. data/generated/google/apis/adexchangebuyer2_v2beta1/representations.rb +65 -65
  7. data/generated/google/apis/adexchangebuyer2_v2beta1/service.rb +220 -220
  8. data/generated/google/apis/admin_directory_v1.rb +1 -1
  9. data/generated/google/apis/admin_directory_v1/classes.rb +106 -0
  10. data/generated/google/apis/admin_directory_v1/representations.rb +37 -0
  11. data/generated/google/apis/admin_reports_v1.rb +3 -3
  12. data/generated/google/apis/admin_reports_v1/service.rb +6 -6
  13. data/generated/google/apis/adsense_v1_4.rb +1 -1
  14. data/generated/google/apis/adsensehost_v4_1.rb +1 -1
  15. data/generated/google/apis/analytics_v3.rb +1 -1
  16. data/generated/google/apis/analytics_v3/service.rb +39 -0
  17. data/generated/google/apis/analyticsreporting_v4/classes.rb +920 -920
  18. data/generated/google/apis/analyticsreporting_v4/representations.rb +197 -197
  19. data/generated/google/apis/analyticsreporting_v4/service.rb +4 -4
  20. data/generated/google/apis/androidenterprise_v1.rb +1 -1
  21. data/generated/google/apis/androidenterprise_v1/classes.rb +8 -13
  22. data/generated/google/apis/androidenterprise_v1/service.rb +3 -3
  23. data/generated/google/apis/appengine_v1beta5.rb +1 -1
  24. data/generated/google/apis/appengine_v1beta5/classes.rb +115 -5
  25. data/generated/google/apis/appengine_v1beta5/representations.rb +37 -0
  26. data/generated/google/apis/appengine_v1beta5/service.rb +12 -9
  27. data/generated/google/apis/appstate_v1.rb +1 -1
  28. data/generated/google/apis/bigquery_v2.rb +1 -1
  29. data/generated/google/apis/bigquery_v2/classes.rb +32 -37
  30. data/generated/google/apis/bigquery_v2/service.rb +10 -2
  31. data/generated/google/apis/calendar_v3.rb +1 -1
  32. data/generated/google/apis/calendar_v3/classes.rb +205 -0
  33. data/generated/google/apis/calendar_v3/representations.rb +97 -0
  34. data/generated/google/apis/classroom_v1.rb +22 -25
  35. data/generated/google/apis/classroom_v1/classes.rb +998 -907
  36. data/generated/google/apis/classroom_v1/representations.rb +240 -240
  37. data/generated/google/apis/classroom_v1/service.rb +1269 -1061
  38. data/generated/google/apis/cloudbuild_v1.rb +1 -1
  39. data/generated/google/apis/cloudbuild_v1/classes.rb +164 -163
  40. data/generated/google/apis/cloudbuild_v1/representations.rb +31 -31
  41. data/generated/google/apis/cloudbuild_v1/service.rb +114 -114
  42. data/generated/google/apis/clouddebugger_v2.rb +1 -1
  43. data/generated/google/apis/clouddebugger_v2/classes.rb +687 -687
  44. data/generated/google/apis/clouddebugger_v2/representations.rb +147 -147
  45. data/generated/google/apis/clouddebugger_v2/service.rb +132 -132
  46. data/generated/google/apis/cloudkms_v1.rb +1 -1
  47. data/generated/google/apis/cloudkms_v1/classes.rb +231 -248
  48. data/generated/google/apis/cloudkms_v1/representations.rb +74 -74
  49. data/generated/google/apis/cloudkms_v1/service.rb +228 -228
  50. data/generated/google/apis/cloudmonitoring_v2beta2.rb +1 -1
  51. data/generated/google/apis/cloudresourcemanager_v1.rb +1 -1
  52. data/generated/google/apis/cloudresourcemanager_v1/classes.rb +738 -128
  53. data/generated/google/apis/cloudresourcemanager_v1/representations.rb +245 -23
  54. data/generated/google/apis/cloudresourcemanager_v1/service.rb +1293 -249
  55. data/generated/google/apis/cloudresourcemanager_v1beta1.rb +4 -4
  56. data/generated/google/apis/cloudresourcemanager_v1beta1/classes.rb +982 -372
  57. data/generated/google/apis/cloudresourcemanager_v1beta1/representations.rb +293 -71
  58. data/generated/google/apis/cloudresourcemanager_v1beta1/service.rb +626 -277
  59. data/generated/google/apis/cloudtrace_v1.rb +1 -1
  60. data/generated/google/apis/cloudtrace_v1/classes.rb +19 -19
  61. data/generated/google/apis/cloudtrace_v1/representations.rb +2 -2
  62. data/generated/google/apis/cloudtrace_v1/service.rb +30 -30
  63. data/generated/google/apis/compute_beta.rb +1 -1
  64. data/generated/google/apis/compute_beta/classes.rb +116 -0
  65. data/generated/google/apis/compute_beta/representations.rb +48 -0
  66. data/generated/google/apis/compute_beta/service.rb +46 -1
  67. data/generated/google/apis/compute_v1.rb +1 -1
  68. data/generated/google/apis/dataflow_v1b3.rb +1 -1
  69. data/generated/google/apis/dataflow_v1b3/classes.rb +3276 -3320
  70. data/generated/google/apis/dataflow_v1b3/representations.rb +779 -781
  71. data/generated/google/apis/dataflow_v1b3/service.rb +225 -225
  72. data/generated/google/apis/dataproc_v1.rb +1 -1
  73. data/generated/google/apis/dataproc_v1/classes.rb +1221 -1207
  74. data/generated/google/apis/dataproc_v1/representations.rb +255 -253
  75. data/generated/google/apis/dataproc_v1/service.rb +100 -100
  76. data/generated/google/apis/deploymentmanager_v2.rb +1 -1
  77. data/generated/google/apis/deploymentmanager_v2/classes.rb +5 -5
  78. data/generated/google/apis/dns_v1.rb +1 -1
  79. data/generated/google/apis/dns_v2beta1.rb +1 -1
  80. data/generated/google/apis/doubleclicksearch_v2.rb +1 -1
  81. data/generated/google/apis/drive_v2.rb +1 -1
  82. data/generated/google/apis/drive_v2/classes.rb +3 -1
  83. data/generated/google/apis/drive_v3.rb +1 -1
  84. data/generated/google/apis/drive_v3/classes.rb +3 -1
  85. data/generated/google/apis/fusiontables_v2.rb +1 -1
  86. data/generated/google/apis/games_configuration_v1configuration.rb +1 -1
  87. data/generated/google/apis/games_management_v1management.rb +1 -1
  88. data/generated/google/apis/games_v1.rb +1 -1
  89. data/generated/google/apis/genomics_v1.rb +7 -7
  90. data/generated/google/apis/genomics_v1/classes.rb +959 -959
  91. data/generated/google/apis/genomics_v1/representations.rb +238 -238
  92. data/generated/google/apis/genomics_v1/service.rb +996 -996
  93. data/generated/google/apis/iam_v1.rb +1 -1
  94. data/generated/google/apis/iam_v1/classes.rb +440 -440
  95. data/generated/google/apis/iam_v1/representations.rb +94 -94
  96. data/generated/google/apis/iam_v1/service.rb +170 -173
  97. data/generated/google/apis/identitytoolkit_v3.rb +1 -1
  98. data/generated/google/apis/identitytoolkit_v3/classes.rb +55 -0
  99. data/generated/google/apis/identitytoolkit_v3/representations.rb +8 -0
  100. data/generated/google/apis/kgsearch_v1/service.rb +4 -4
  101. data/generated/google/apis/language_v1beta1.rb +1 -1
  102. data/generated/google/apis/language_v1beta1/classes.rb +427 -427
  103. data/generated/google/apis/language_v1beta1/representations.rb +113 -113
  104. data/generated/google/apis/language_v1beta1/service.rb +25 -24
  105. data/generated/google/apis/licensing_v1.rb +2 -2
  106. data/generated/google/apis/licensing_v1/classes.rb +14 -2
  107. data/generated/google/apis/licensing_v1/representations.rb +2 -0
  108. data/generated/google/apis/licensing_v1/service.rb +1 -1
  109. data/generated/google/apis/logging_v2beta1.rb +1 -1
  110. data/generated/google/apis/logging_v2beta1/classes.rb +864 -864
  111. data/generated/google/apis/logging_v2beta1/representations.rb +168 -168
  112. data/generated/google/apis/logging_v2beta1/service.rb +261 -261
  113. data/generated/google/apis/manufacturers_v1.rb +1 -1
  114. data/generated/google/apis/manufacturers_v1/classes.rb +452 -105
  115. data/generated/google/apis/manufacturers_v1/representations.rb +138 -18
  116. data/generated/google/apis/manufacturers_v1/service.rb +11 -11
  117. data/generated/google/apis/mirror_v1.rb +1 -1
  118. data/generated/google/apis/monitoring_v3.rb +7 -7
  119. data/generated/google/apis/monitoring_v3/classes.rb +668 -670
  120. data/generated/google/apis/monitoring_v3/representations.rb +140 -140
  121. data/generated/google/apis/monitoring_v3/service.rb +208 -208
  122. data/generated/google/apis/partners_v2.rb +1 -1
  123. data/generated/google/apis/partners_v2/classes.rb +505 -505
  124. data/generated/google/apis/partners_v2/representations.rb +118 -118
  125. data/generated/google/apis/partners_v2/service.rb +275 -275
  126. data/generated/google/apis/people_v1.rb +1 -1
  127. data/generated/google/apis/people_v1/classes.rb +1037 -1031
  128. data/generated/google/apis/people_v1/representations.rb +247 -246
  129. data/generated/google/apis/people_v1/service.rb +20 -20
  130. data/generated/google/apis/plus_domains_v1.rb +1 -1
  131. data/generated/google/apis/plus_v1.rb +1 -1
  132. data/generated/google/apis/proximitybeacon_v1beta1.rb +1 -1
  133. data/generated/google/apis/proximitybeacon_v1beta1/classes.rb +392 -392
  134. data/generated/google/apis/proximitybeacon_v1beta1/representations.rb +93 -93
  135. data/generated/google/apis/proximitybeacon_v1beta1/service.rb +381 -381
  136. data/generated/google/apis/pubsub_v1.rb +4 -4
  137. data/generated/google/apis/pubsub_v1/classes.rb +131 -132
  138. data/generated/google/apis/pubsub_v1/representations.rb +35 -35
  139. data/generated/google/apis/pubsub_v1/service.rb +399 -408
  140. data/generated/google/apis/reseller_v1.rb +1 -1
  141. data/generated/google/apis/reseller_v1/classes.rb +9 -0
  142. data/generated/google/apis/reseller_v1/representations.rb +1 -0
  143. data/generated/google/apis/script_v1.rb +9 -9
  144. data/generated/google/apis/script_v1/classes.rb +110 -110
  145. data/generated/google/apis/script_v1/representations.rb +26 -26
  146. data/generated/google/apis/sheets_v4.rb +4 -4
  147. data/generated/google/apis/sheets_v4/classes.rb +4329 -4329
  148. data/generated/google/apis/sheets_v4/representations.rb +856 -856
  149. data/generated/google/apis/sheets_v4/service.rb +106 -106
  150. data/generated/google/apis/slides_v1.rb +4 -4
  151. data/generated/google/apis/slides_v1/classes.rb +2923 -2841
  152. data/generated/google/apis/slides_v1/representations.rb +722 -691
  153. data/generated/google/apis/slides_v1/service.rb +58 -15
  154. data/generated/google/apis/speech_v1beta1.rb +1 -1
  155. data/generated/google/apis/speech_v1beta1/classes.rb +191 -191
  156. data/generated/google/apis/speech_v1beta1/representations.rb +57 -57
  157. data/generated/google/apis/speech_v1beta1/service.rb +70 -70
  158. data/generated/google/apis/storage_v1.rb +1 -1
  159. data/generated/google/apis/storage_v1/classes.rb +151 -0
  160. data/generated/google/apis/storage_v1/representations.rb +45 -0
  161. data/generated/google/apis/storage_v1/service.rb +248 -0
  162. data/generated/google/apis/vision_v1.rb +1 -1
  163. data/generated/google/apis/vision_v1/classes.rb +1227 -1221
  164. data/generated/google/apis/vision_v1/representations.rb +217 -215
  165. data/generated/google/apis/webmasters_v3.rb +1 -1
  166. data/generated/google/apis/youtube_analytics_v1.rb +1 -1
  167. data/generated/google/apis/youtube_partner_v1.rb +1 -1
  168. data/generated/google/apis/youtube_partner_v1/classes.rb +78 -0
  169. data/generated/google/apis/youtube_partner_v1/representations.rb +34 -0
  170. data/generated/google/apis/youtube_partner_v1/service.rb +40 -0
  171. data/generated/google/apis/youtubereporting_v1.rb +4 -4
  172. data/generated/google/apis/youtubereporting_v1/classes.rb +65 -65
  173. data/generated/google/apis/youtubereporting_v1/representations.rb +18 -18
  174. data/generated/google/apis/youtubereporting_v1/service.rb +111 -111
  175. data/lib/google/apis/version.rb +1 -1
  176. metadata +2 -2
@@ -27,7 +27,7 @@ module Google
27
27
  # @see https://cloud.google.com/iam/
28
28
  module IamV1
29
29
  VERSION = 'V1'
30
- REVISION = '20170217'
30
+ REVISION = '20170317'
31
31
 
32
32
  # View and manage your data across Google Cloud Platform services
33
33
  AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
@@ -22,15 +22,35 @@ module Google
22
22
  module Apis
23
23
  module IamV1
24
24
 
25
- # Response message for `TestIamPermissions` method.
26
- class TestIamPermissionsResponse
25
+ # The service account create request.
26
+ class CreateServiceAccountRequest
27
27
  include Google::Apis::Core::Hashable
28
28
 
29
- # A subset of `TestPermissionsRequest.permissions` that the caller is
30
- # allowed.
31
- # Corresponds to the JSON property `permissions`
32
- # @return [Array<String>]
33
- attr_accessor :permissions
29
+ # A service account in the Identity and Access Management API.
30
+ # To create a service account, specify the `project_id` and the `account_id`
31
+ # for the account. The `account_id` is unique within the project, and is used
32
+ # to generate the service account email address and a stable
33
+ # `unique_id`.
34
+ # If the account already exists, the account's resource name is returned
35
+ # in util::Status's ResourceInfo.resource_name in the format of
36
+ # projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL`. The caller can
37
+ # use the name in other methods to access the account.
38
+ # All other methods can identify the service account using the format
39
+ # `projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL``.
40
+ # Using `-` as a wildcard for the project will infer the project from
41
+ # the account. The `account` value can be the `email` address or the
42
+ # `unique_id` of the service account.
43
+ # Corresponds to the JSON property `serviceAccount`
44
+ # @return [Google::Apis::IamV1::ServiceAccount]
45
+ attr_accessor :service_account
46
+
47
+ # Required. The account id that is used to generate the service account
48
+ # email address and a stable unique id. It is unique within a project,
49
+ # must be 6-30 characters long, and match the regular expression
50
+ # `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
51
+ # Corresponds to the JSON property `accountId`
52
+ # @return [String]
53
+ attr_accessor :account_id
34
54
 
35
55
  def initialize(**args)
36
56
  update!(**args)
@@ -38,18 +58,26 @@ module Google
38
58
 
39
59
  # Update properties of this object
40
60
  def update!(**args)
41
- @permissions = args[:permissions] if args.key?(:permissions)
61
+ @service_account = args[:service_account] if args.key?(:service_account)
62
+ @account_id = args[:account_id] if args.key?(:account_id)
42
63
  end
43
64
  end
44
65
 
45
- # The service account keys list response.
46
- class ListServiceAccountKeysResponse
66
+ # The service account list response.
67
+ class ListServiceAccountsResponse
47
68
  include Google::Apis::Core::Hashable
48
69
 
49
- # The public keys for the service account.
50
- # Corresponds to the JSON property `keys`
51
- # @return [Array<Google::Apis::IamV1::ServiceAccountKey>]
52
- attr_accessor :keys
70
+ # To retrieve the next page of results, set
71
+ # ListServiceAccountsRequest.page_token
72
+ # to this value.
73
+ # Corresponds to the JSON property `nextPageToken`
74
+ # @return [String]
75
+ attr_accessor :next_page_token
76
+
77
+ # The list of matching service accounts.
78
+ # Corresponds to the JSON property `accounts`
79
+ # @return [Array<Google::Apis::IamV1::ServiceAccount>]
80
+ attr_accessor :accounts
53
81
 
54
82
  def initialize(**args)
55
83
  update!(**args)
@@ -57,65 +85,38 @@ module Google
57
85
 
58
86
  # Update properties of this object
59
87
  def update!(**args)
60
- @keys = args[:keys] if args.key?(:keys)
88
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
89
+ @accounts = args[:accounts] if args.key?(:accounts)
61
90
  end
62
91
  end
63
92
 
64
- # Represents a service account key.
65
- # A service account has two sets of key-pairs: user-managed, and
66
- # system-managed.
67
- # User-managed key-pairs can be created and deleted by users. Users are
68
- # responsible for rotating these keys periodically to ensure security of
69
- # their service accounts. Users retain the private key of these key-pairs,
70
- # and Google retains ONLY the public key.
71
- # System-managed key-pairs are managed automatically by Google, and rotated
72
- # daily without user intervention. The private key never leaves Google's
73
- # servers to maximize security.
74
- # Public keys for all service accounts are also published at the OAuth2
75
- # Service Account API.
76
- class ServiceAccountKey
93
+ # The grantable role query response.
94
+ class QueryGrantableRolesResponse
77
95
  include Google::Apis::Core::Hashable
78
96
 
79
- # The private key data. Only provided in `CreateServiceAccountKey`
80
- # responses.
81
- # Corresponds to the JSON property `privateKeyData`
82
- # @return [String]
83
- attr_accessor :private_key_data
84
-
85
- # The public key data. Only provided in `GetServiceAccountKey` responses.
86
- # Corresponds to the JSON property `publicKeyData`
87
- # @return [String]
88
- attr_accessor :public_key_data
89
-
90
- # The resource name of the service account key in the following format
91
- # `projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL`/keys/`key``.
92
- # Corresponds to the JSON property `name`
93
- # @return [String]
94
- attr_accessor :name
97
+ # The list of matching roles.
98
+ # Corresponds to the JSON property `roles`
99
+ # @return [Array<Google::Apis::IamV1::Role>]
100
+ attr_accessor :roles
95
101
 
96
- # The key can be used before this timestamp.
97
- # Corresponds to the JSON property `validBeforeTime`
98
- # @return [String]
99
- attr_accessor :valid_before_time
102
+ def initialize(**args)
103
+ update!(**args)
104
+ end
100
105
 
101
- # Specifies the algorithm (and possibly key size) for the key.
102
- # Corresponds to the JSON property `keyAlgorithm`
103
- # @return [String]
104
- attr_accessor :key_algorithm
106
+ # Update properties of this object
107
+ def update!(**args)
108
+ @roles = args[:roles] if args.key?(:roles)
109
+ end
110
+ end
105
111
 
106
- # The output format for the private key.
107
- # Only provided in `CreateServiceAccountKey` responses, not
108
- # in `GetServiceAccountKey` or `ListServiceAccountKey` responses.
109
- # Google never exposes system-managed private keys, and never retains
110
- # user-managed private keys.
111
- # Corresponds to the JSON property `privateKeyType`
112
- # @return [String]
113
- attr_accessor :private_key_type
112
+ # The service account sign blob request.
113
+ class SignBlobRequest
114
+ include Google::Apis::Core::Hashable
114
115
 
115
- # The key can be used after this timestamp.
116
- # Corresponds to the JSON property `validAfterTime`
116
+ # The bytes to sign.
117
+ # Corresponds to the JSON property `bytesToSign`
117
118
  # @return [String]
118
- attr_accessor :valid_after_time
119
+ attr_accessor :bytes_to_sign
119
120
 
120
121
  def initialize(**args)
121
122
  update!(**args)
@@ -123,32 +124,33 @@ module Google
123
124
 
124
125
  # Update properties of this object
125
126
  def update!(**args)
126
- @private_key_data = args[:private_key_data] if args.key?(:private_key_data)
127
- @public_key_data = args[:public_key_data] if args.key?(:public_key_data)
128
- @name = args[:name] if args.key?(:name)
129
- @valid_before_time = args[:valid_before_time] if args.key?(:valid_before_time)
130
- @key_algorithm = args[:key_algorithm] if args.key?(:key_algorithm)
131
- @private_key_type = args[:private_key_type] if args.key?(:private_key_type)
132
- @valid_after_time = args[:valid_after_time] if args.key?(:valid_after_time)
127
+ @bytes_to_sign = args[:bytes_to_sign] if args.key?(:bytes_to_sign)
133
128
  end
134
129
  end
135
130
 
136
- # The service account key create request.
137
- class CreateServiceAccountKeyRequest
131
+ # A role in the Identity and Access Management API.
132
+ class Role
138
133
  include Google::Apis::Core::Hashable
139
134
 
140
- # Which type of key and algorithm to use for the key.
141
- # The default is currently a 2K RSA key. However this may change in the
142
- # future.
143
- # Corresponds to the JSON property `keyAlgorithm`
135
+ # Optional. A human-readable title for the role. Typically this
136
+ # is limited to 100 UTF-8 bytes.
137
+ # Corresponds to the JSON property `title`
144
138
  # @return [String]
145
- attr_accessor :key_algorithm
139
+ attr_accessor :title
146
140
 
147
- # The output format of the private key. `GOOGLE_CREDENTIALS_FILE` is the
148
- # default output format.
149
- # Corresponds to the JSON property `privateKeyType`
141
+ # The name of the role.
142
+ # When Role is used in CreateRole, the role name must not be set.
143
+ # When Role is used in output and other input such as UpdateRole, the role
144
+ # name is the complete path, e.g., roles/logging.viewer for curated roles
145
+ # and organizations/`ORGANIZATION_ID`/roles/logging.viewer for custom roles.
146
+ # Corresponds to the JSON property `name`
150
147
  # @return [String]
151
- attr_accessor :private_key_type
148
+ attr_accessor :name
149
+
150
+ # Optional. A human-readable description for the role.
151
+ # Corresponds to the JSON property `description`
152
+ # @return [String]
153
+ attr_accessor :description
152
154
 
153
155
  def initialize(**args)
154
156
  update!(**args)
@@ -156,22 +158,45 @@ module Google
156
158
 
157
159
  # Update properties of this object
158
160
  def update!(**args)
159
- @key_algorithm = args[:key_algorithm] if args.key?(:key_algorithm)
160
- @private_key_type = args[:private_key_type] if args.key?(:private_key_type)
161
+ @title = args[:title] if args.key?(:title)
162
+ @name = args[:name] if args.key?(:name)
163
+ @description = args[:description] if args.key?(:description)
161
164
  end
162
165
  end
163
166
 
164
- # Request message for `TestIamPermissions` method.
165
- class TestIamPermissionsRequest
167
+ # Request message for `SetIamPolicy` method.
168
+ class SetIamPolicyRequest
166
169
  include Google::Apis::Core::Hashable
167
170
 
168
- # The set of permissions to check for the `resource`. Permissions with
169
- # wildcards (such as '*' or 'storage.*') are not allowed. For more
170
- # information see
171
- # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
172
- # Corresponds to the JSON property `permissions`
173
- # @return [Array<String>]
174
- attr_accessor :permissions
171
+ # Defines an Identity and Access Management (IAM) policy. It is used to
172
+ # specify access control policies for Cloud Platform resources.
173
+ # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
174
+ # `members` to a `role`, where the members can be user accounts, Google groups,
175
+ # Google domains, and service accounts. A `role` is a named list of permissions
176
+ # defined by IAM.
177
+ # **Example**
178
+ # `
179
+ # "bindings": [
180
+ # `
181
+ # "role": "roles/owner",
182
+ # "members": [
183
+ # "user:mike@example.com",
184
+ # "group:admins@example.com",
185
+ # "domain:google.com",
186
+ # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
187
+ # ]
188
+ # `,
189
+ # `
190
+ # "role": "roles/viewer",
191
+ # "members": ["user:sean@example.com"]
192
+ # `
193
+ # ]
194
+ # `
195
+ # For a description of IAM and its features, see the
196
+ # [IAM developer's guide](https://cloud.google.com/iam).
197
+ # Corresponds to the JSON property `policy`
198
+ # @return [Google::Apis::IamV1::Policy]
199
+ attr_accessor :policy
175
200
 
176
201
  def initialize(**args)
177
202
  update!(**args)
@@ -179,23 +204,38 @@ module Google
179
204
 
180
205
  # Update properties of this object
181
206
  def update!(**args)
182
- @permissions = args[:permissions] if args.key?(:permissions)
207
+ @policy = args[:policy] if args.key?(:policy)
183
208
  end
184
209
  end
185
210
 
186
- # The service account sign blob response.
187
- class SignBlobResponse
211
+ # Associates `members` with a `role`.
212
+ class Binding
188
213
  include Google::Apis::Core::Hashable
189
214
 
190
- # The id of the key used to sign the blob.
191
- # Corresponds to the JSON property `keyId`
192
- # @return [String]
193
- attr_accessor :key_id
215
+ # Specifies the identities requesting access for a Cloud Platform resource.
216
+ # `members` can have the following values:
217
+ # * `allUsers`: A special identifier that represents anyone who is
218
+ # on the internet; with or without a Google account.
219
+ # * `allAuthenticatedUsers`: A special identifier that represents anyone
220
+ # who is authenticated with a Google account or a service account.
221
+ # * `user:`emailid``: An email address that represents a specific Google
222
+ # account. For example, `alice@gmail.com` or `joe@example.com`.
223
+ # * `serviceAccount:`emailid``: An email address that represents a service
224
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`.
225
+ # * `group:`emailid``: An email address that represents a Google group.
226
+ # For example, `admins@example.com`.
227
+ # * `domain:`domain``: A Google Apps domain name that represents all the
228
+ # users of that domain. For example, `google.com` or `example.com`.
229
+ # Corresponds to the JSON property `members`
230
+ # @return [Array<String>]
231
+ attr_accessor :members
194
232
 
195
- # The signed blob.
196
- # Corresponds to the JSON property `signature`
233
+ # Role that is assigned to `members`.
234
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
235
+ # Required
236
+ # Corresponds to the JSON property `role`
197
237
  # @return [String]
198
- attr_accessor :signature
238
+ attr_accessor :role
199
239
 
200
240
  def initialize(**args)
201
241
  update!(**args)
@@ -203,24 +243,22 @@ module Google
203
243
 
204
244
  # Update properties of this object
205
245
  def update!(**args)
206
- @key_id = args[:key_id] if args.key?(:key_id)
207
- @signature = args[:signature] if args.key?(:signature)
246
+ @members = args[:members] if args.key?(:members)
247
+ @role = args[:role] if args.key?(:role)
208
248
  end
209
249
  end
210
250
 
211
- # The service account sign JWT response.
212
- class SignJwtResponse
251
+ # The grantable role query request.
252
+ class QueryGrantableRolesRequest
213
253
  include Google::Apis::Core::Hashable
214
254
 
215
- # The id of the key used to sign the JWT.
216
- # Corresponds to the JSON property `keyId`
217
- # @return [String]
218
- attr_accessor :key_id
219
-
220
- # The signed JWT.
221
- # Corresponds to the JSON property `signedJwt`
255
+ # Required. The full resource name to query from the list of grantable roles.
256
+ # The name follows the Google Cloud Platform resource format.
257
+ # For example, a Cloud Platform project with id `my-project` will be named
258
+ # `//cloudresourcemanager.googleapis.com/projects/my-project`.
259
+ # Corresponds to the JSON property `fullResourceName`
222
260
  # @return [String]
223
- attr_accessor :signed_jwt
261
+ attr_accessor :full_resource_name
224
262
 
225
263
  def initialize(**args)
226
264
  update!(**args)
@@ -228,83 +266,89 @@ module Google
228
266
 
229
267
  # Update properties of this object
230
268
  def update!(**args)
231
- @key_id = args[:key_id] if args.key?(:key_id)
232
- @signed_jwt = args[:signed_jwt] if args.key?(:signed_jwt)
269
+ @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name)
233
270
  end
234
271
  end
235
272
 
236
- # The service account sign JWT request.
237
- class SignJwtRequest
273
+ # A generic empty message that you can re-use to avoid defining duplicated
274
+ # empty messages in your APIs. A typical example is to use it as the request
275
+ # or the response type of an API method. For instance:
276
+ # service Foo `
277
+ # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
278
+ # `
279
+ # The JSON representation for `Empty` is empty JSON object ````.
280
+ class Empty
238
281
  include Google::Apis::Core::Hashable
239
282
 
240
- # The JWT payload to sign, a JSON JWT Claim set.
241
- # Corresponds to the JSON property `payload`
242
- # @return [String]
243
- attr_accessor :payload
244
-
245
283
  def initialize(**args)
246
284
  update!(**args)
247
285
  end
248
286
 
249
287
  # Update properties of this object
250
288
  def update!(**args)
251
- @payload = args[:payload] if args.key?(:payload)
252
289
  end
253
290
  end
254
291
 
255
- # Defines an Identity and Access Management (IAM) policy. It is used to
256
- # specify access control policies for Cloud Platform resources.
257
- # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
258
- # `members` to a `role`, where the members can be user accounts, Google groups,
259
- # Google domains, and service accounts. A `role` is a named list of permissions
260
- # defined by IAM.
261
- # **Example**
262
- # `
263
- # "bindings": [
264
- # `
265
- # "role": "roles/owner",
266
- # "members": [
267
- # "user:mike@example.com",
268
- # "group:admins@example.com",
269
- # "domain:google.com",
270
- # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
271
- # ]
272
- # `,
273
- # `
274
- # "role": "roles/viewer",
275
- # "members": ["user:sean@example.com"]
276
- # `
277
- # ]
278
- # `
279
- # For a description of IAM and its features, see the
280
- # [IAM developer's guide](https://cloud.google.com/iam).
281
- class Policy
292
+ # A service account in the Identity and Access Management API.
293
+ # To create a service account, specify the `project_id` and the `account_id`
294
+ # for the account. The `account_id` is unique within the project, and is used
295
+ # to generate the service account email address and a stable
296
+ # `unique_id`.
297
+ # If the account already exists, the account's resource name is returned
298
+ # in util::Status's ResourceInfo.resource_name in the format of
299
+ # projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL`. The caller can
300
+ # use the name in other methods to access the account.
301
+ # All other methods can identify the service account using the format
302
+ # `projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL``.
303
+ # Using `-` as a wildcard for the project will infer the project from
304
+ # the account. The `account` value can be the `email` address or the
305
+ # `unique_id` of the service account.
306
+ class ServiceAccount
282
307
  include Google::Apis::Core::Hashable
283
308
 
284
- # `etag` is used for optimistic concurrency control as a way to help
285
- # prevent simultaneous updates of a policy from overwriting each other.
286
- # It is strongly suggested that systems make use of the `etag` in the
287
- # read-modify-write cycle to perform policy updates in order to avoid race
288
- # conditions: An `etag` is returned in the response to `getIamPolicy`, and
289
- # systems are expected to put that etag in the request to `setIamPolicy` to
290
- # ensure that their change will be applied to the same version of the policy.
291
- # If no `etag` is provided in the call to `setIamPolicy`, then the existing
292
- # policy is overwritten blindly.
293
- # Corresponds to the JSON property `etag`
309
+ # @OutputOnly The email address of the service account.
310
+ # Corresponds to the JSON property `email`
294
311
  # @return [String]
295
- attr_accessor :etag
312
+ attr_accessor :email
296
313
 
297
- # Version of the `Policy`. The default version is 0.
298
- # Corresponds to the JSON property `version`
299
- # @return [Fixnum]
300
- attr_accessor :version
314
+ # The resource name of the service account in the following format:
315
+ # `projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL``.
316
+ # Requests using `-` as a wildcard for the project will infer the project
317
+ # from the `account` and the `account` value can be the `email` address or
318
+ # the `unique_id` of the service account.
319
+ # In responses the resource name will always be in the format
320
+ # `projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL``.
321
+ # Corresponds to the JSON property `name`
322
+ # @return [String]
323
+ attr_accessor :name
301
324
 
302
- # Associates a list of `members` to a `role`.
303
- # Multiple `bindings` must not be specified for the same `role`.
304
- # `bindings` with no members will result in an error.
305
- # Corresponds to the JSON property `bindings`
306
- # @return [Array<Google::Apis::IamV1::Binding>]
307
- attr_accessor :bindings
325
+ # @OutputOnly The id of the project that owns the service account.
326
+ # Corresponds to the JSON property `projectId`
327
+ # @return [String]
328
+ attr_accessor :project_id
329
+
330
+ # @OutputOnly. The OAuth2 client id for the service account.
331
+ # This is used in conjunction with the OAuth2 clientconfig API to make
332
+ # three legged OAuth2 (3LO) flows to access the data of Google users.
333
+ # Corresponds to the JSON property `oauth2ClientId`
334
+ # @return [String]
335
+ attr_accessor :oauth2_client_id
336
+
337
+ # @OutputOnly The unique and stable id of the service account.
338
+ # Corresponds to the JSON property `uniqueId`
339
+ # @return [String]
340
+ attr_accessor :unique_id
341
+
342
+ # Optional. A user-specified description of the service account. Must be
343
+ # fewer than 100 UTF-8 bytes.
344
+ # Corresponds to the JSON property `displayName`
345
+ # @return [String]
346
+ attr_accessor :display_name
347
+
348
+ # Used to perform a consistent read-modify-write.
349
+ # Corresponds to the JSON property `etag`
350
+ # @return [String]
351
+ attr_accessor :etag
308
352
 
309
353
  def initialize(**args)
310
354
  update!(**args)
@@ -312,22 +356,25 @@ module Google
312
356
 
313
357
  # Update properties of this object
314
358
  def update!(**args)
359
+ @email = args[:email] if args.key?(:email)
360
+ @name = args[:name] if args.key?(:name)
361
+ @project_id = args[:project_id] if args.key?(:project_id)
362
+ @oauth2_client_id = args[:oauth2_client_id] if args.key?(:oauth2_client_id)
363
+ @unique_id = args[:unique_id] if args.key?(:unique_id)
364
+ @display_name = args[:display_name] if args.key?(:display_name)
315
365
  @etag = args[:etag] if args.key?(:etag)
316
- @version = args[:version] if args.key?(:version)
317
- @bindings = args[:bindings] if args.key?(:bindings)
318
366
  end
319
367
  end
320
368
 
321
- # Audit log information specific to Cloud IAM. This message is serialized
322
- # as an `Any` type in the `ServiceData` message of an
323
- # `AuditLog` message.
324
- class AuditData
369
+ # Response message for `TestIamPermissions` method.
370
+ class TestIamPermissionsResponse
325
371
  include Google::Apis::Core::Hashable
326
372
 
327
- # The difference delta between two policies.
328
- # Corresponds to the JSON property `policyDelta`
329
- # @return [Google::Apis::IamV1::PolicyDelta]
330
- attr_accessor :policy_delta
373
+ # A subset of `TestPermissionsRequest.permissions` that the caller is
374
+ # allowed.
375
+ # Corresponds to the JSON property `permissions`
376
+ # @return [Array<String>]
377
+ attr_accessor :permissions
331
378
 
332
379
  def initialize(**args)
333
380
  update!(**args)
@@ -335,34 +382,18 @@ module Google
335
382
 
336
383
  # Update properties of this object
337
384
  def update!(**args)
338
- @policy_delta = args[:policy_delta] if args.key?(:policy_delta)
385
+ @permissions = args[:permissions] if args.key?(:permissions)
339
386
  end
340
387
  end
341
388
 
342
- # One delta entry for Binding. Each individual change (only one member in each
343
- # entry) to a binding will be a separate entry.
344
- class BindingDelta
389
+ # The service account keys list response.
390
+ class ListServiceAccountKeysResponse
345
391
  include Google::Apis::Core::Hashable
346
392
 
347
- # Role that is assigned to `members`.
348
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
349
- # Required
350
- # Corresponds to the JSON property `role`
351
- # @return [String]
352
- attr_accessor :role
353
-
354
- # The action that was performed on a Binding.
355
- # Required
356
- # Corresponds to the JSON property `action`
357
- # @return [String]
358
- attr_accessor :action
359
-
360
- # A single identity requesting access for a Cloud Platform resource.
361
- # Follows the same format of Binding.members.
362
- # Required
363
- # Corresponds to the JSON property `member`
364
- # @return [String]
365
- attr_accessor :member
393
+ # The public keys for the service account.
394
+ # Corresponds to the JSON property `keys`
395
+ # @return [Array<Google::Apis::IamV1::ServiceAccountKey>]
396
+ attr_accessor :keys
366
397
 
367
398
  def initialize(**args)
368
399
  update!(**args)
@@ -370,20 +401,65 @@ module Google
370
401
 
371
402
  # Update properties of this object
372
403
  def update!(**args)
373
- @role = args[:role] if args.key?(:role)
374
- @action = args[:action] if args.key?(:action)
375
- @member = args[:member] if args.key?(:member)
404
+ @keys = args[:keys] if args.key?(:keys)
376
405
  end
377
406
  end
378
407
 
379
- # The difference delta between two policies.
380
- class PolicyDelta
408
+ # Represents a service account key.
409
+ # A service account has two sets of key-pairs: user-managed, and
410
+ # system-managed.
411
+ # User-managed key-pairs can be created and deleted by users. Users are
412
+ # responsible for rotating these keys periodically to ensure security of
413
+ # their service accounts. Users retain the private key of these key-pairs,
414
+ # and Google retains ONLY the public key.
415
+ # System-managed key-pairs are managed automatically by Google, and rotated
416
+ # daily without user intervention. The private key never leaves Google's
417
+ # servers to maximize security.
418
+ # Public keys for all service accounts are also published at the OAuth2
419
+ # Service Account API.
420
+ class ServiceAccountKey
381
421
  include Google::Apis::Core::Hashable
382
422
 
383
- # The delta for Bindings between two policies.
384
- # Corresponds to the JSON property `bindingDeltas`
385
- # @return [Array<Google::Apis::IamV1::BindingDelta>]
386
- attr_accessor :binding_deltas
423
+ # The key can be used after this timestamp.
424
+ # Corresponds to the JSON property `validAfterTime`
425
+ # @return [String]
426
+ attr_accessor :valid_after_time
427
+
428
+ # The output format for the private key.
429
+ # Only provided in `CreateServiceAccountKey` responses, not
430
+ # in `GetServiceAccountKey` or `ListServiceAccountKey` responses.
431
+ # Google never exposes system-managed private keys, and never retains
432
+ # user-managed private keys.
433
+ # Corresponds to the JSON property `privateKeyType`
434
+ # @return [String]
435
+ attr_accessor :private_key_type
436
+
437
+ # The private key data. Only provided in `CreateServiceAccountKey`
438
+ # responses.
439
+ # Corresponds to the JSON property `privateKeyData`
440
+ # @return [String]
441
+ attr_accessor :private_key_data
442
+
443
+ # The public key data. Only provided in `GetServiceAccountKey` responses.
444
+ # Corresponds to the JSON property `publicKeyData`
445
+ # @return [String]
446
+ attr_accessor :public_key_data
447
+
448
+ # The resource name of the service account key in the following format
449
+ # `projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL`/keys/`key``.
450
+ # Corresponds to the JSON property `name`
451
+ # @return [String]
452
+ attr_accessor :name
453
+
454
+ # The key can be used before this timestamp.
455
+ # Corresponds to the JSON property `validBeforeTime`
456
+ # @return [String]
457
+ attr_accessor :valid_before_time
458
+
459
+ # Specifies the algorithm (and possibly key size) for the key.
460
+ # Corresponds to the JSON property `keyAlgorithm`
461
+ # @return [String]
462
+ attr_accessor :key_algorithm
387
463
 
388
464
  def initialize(**args)
389
465
  update!(**args)
@@ -391,25 +467,32 @@ module Google
391
467
 
392
468
  # Update properties of this object
393
469
  def update!(**args)
394
- @binding_deltas = args[:binding_deltas] if args.key?(:binding_deltas)
470
+ @valid_after_time = args[:valid_after_time] if args.key?(:valid_after_time)
471
+ @private_key_type = args[:private_key_type] if args.key?(:private_key_type)
472
+ @private_key_data = args[:private_key_data] if args.key?(:private_key_data)
473
+ @public_key_data = args[:public_key_data] if args.key?(:public_key_data)
474
+ @name = args[:name] if args.key?(:name)
475
+ @valid_before_time = args[:valid_before_time] if args.key?(:valid_before_time)
476
+ @key_algorithm = args[:key_algorithm] if args.key?(:key_algorithm)
395
477
  end
396
478
  end
397
479
 
398
- # The service account list response.
399
- class ListServiceAccountsResponse
480
+ # The service account key create request.
481
+ class CreateServiceAccountKeyRequest
400
482
  include Google::Apis::Core::Hashable
401
483
 
402
- # To retrieve the next page of results, set
403
- # ListServiceAccountsRequest.page_token
404
- # to this value.
405
- # Corresponds to the JSON property `nextPageToken`
484
+ # Which type of key and algorithm to use for the key.
485
+ # The default is currently a 2K RSA key. However this may change in the
486
+ # future.
487
+ # Corresponds to the JSON property `keyAlgorithm`
406
488
  # @return [String]
407
- attr_accessor :next_page_token
489
+ attr_accessor :key_algorithm
408
490
 
409
- # The list of matching service accounts.
410
- # Corresponds to the JSON property `accounts`
411
- # @return [Array<Google::Apis::IamV1::ServiceAccount>]
412
- attr_accessor :accounts
491
+ # The output format of the private key. `GOOGLE_CREDENTIALS_FILE` is the
492
+ # default output format.
493
+ # Corresponds to the JSON property `privateKeyType`
494
+ # @return [String]
495
+ attr_accessor :private_key_type
413
496
 
414
497
  def initialize(**args)
415
498
  update!(**args)
@@ -417,40 +500,22 @@ module Google
417
500
 
418
501
  # Update properties of this object
419
502
  def update!(**args)
420
- @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
421
- @accounts = args[:accounts] if args.key?(:accounts)
503
+ @key_algorithm = args[:key_algorithm] if args.key?(:key_algorithm)
504
+ @private_key_type = args[:private_key_type] if args.key?(:private_key_type)
422
505
  end
423
506
  end
424
507
 
425
- # The service account create request.
426
- class CreateServiceAccountRequest
508
+ # Request message for `TestIamPermissions` method.
509
+ class TestIamPermissionsRequest
427
510
  include Google::Apis::Core::Hashable
428
511
 
429
- # A service account in the Identity and Access Management API.
430
- # To create a service account, specify the `project_id` and the `account_id`
431
- # for the account. The `account_id` is unique within the project, and is used
432
- # to generate the service account email address and a stable
433
- # `unique_id`.
434
- # If the account already exists, the account's resource name is returned
435
- # in util::Status's ResourceInfo.resource_name in the format of
436
- # projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL`. The caller can
437
- # use the name in other methods to access the account.
438
- # All other methods can identify the service account using the format
439
- # `projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL``.
440
- # Using `-` as a wildcard for the project will infer the project from
441
- # the account. The `account` value can be the `email` address or the
442
- # `unique_id` of the service account.
443
- # Corresponds to the JSON property `serviceAccount`
444
- # @return [Google::Apis::IamV1::ServiceAccount]
445
- attr_accessor :service_account
446
-
447
- # Required. The account id that is used to generate the service account
448
- # email address and a stable unique id. It is unique within a project,
449
- # must be 6-30 characters long, and match the regular expression
450
- # `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
451
- # Corresponds to the JSON property `accountId`
452
- # @return [String]
453
- attr_accessor :account_id
512
+ # The set of permissions to check for the `resource`. Permissions with
513
+ # wildcards (such as '*' or 'storage.*') are not allowed. For more
514
+ # information see
515
+ # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
516
+ # Corresponds to the JSON property `permissions`
517
+ # @return [Array<String>]
518
+ attr_accessor :permissions
454
519
 
455
520
  def initialize(**args)
456
521
  update!(**args)
@@ -458,19 +523,23 @@ module Google
458
523
 
459
524
  # Update properties of this object
460
525
  def update!(**args)
461
- @service_account = args[:service_account] if args.key?(:service_account)
462
- @account_id = args[:account_id] if args.key?(:account_id)
526
+ @permissions = args[:permissions] if args.key?(:permissions)
463
527
  end
464
528
  end
465
529
 
466
- # The grantable role query response.
467
- class QueryGrantableRolesResponse
530
+ # The service account sign blob response.
531
+ class SignBlobResponse
468
532
  include Google::Apis::Core::Hashable
469
533
 
470
- # The list of matching roles.
471
- # Corresponds to the JSON property `roles`
472
- # @return [Array<Google::Apis::IamV1::Role>]
473
- attr_accessor :roles
534
+ # The signed blob.
535
+ # Corresponds to the JSON property `signature`
536
+ # @return [String]
537
+ attr_accessor :signature
538
+
539
+ # The id of the key used to sign the blob.
540
+ # Corresponds to the JSON property `keyId`
541
+ # @return [String]
542
+ attr_accessor :key_id
474
543
 
475
544
  def initialize(**args)
476
545
  update!(**args)
@@ -478,18 +547,24 @@ module Google
478
547
 
479
548
  # Update properties of this object
480
549
  def update!(**args)
481
- @roles = args[:roles] if args.key?(:roles)
550
+ @signature = args[:signature] if args.key?(:signature)
551
+ @key_id = args[:key_id] if args.key?(:key_id)
482
552
  end
483
553
  end
484
554
 
485
- # The service account sign blob request.
486
- class SignBlobRequest
555
+ # The service account sign JWT response.
556
+ class SignJwtResponse
487
557
  include Google::Apis::Core::Hashable
488
558
 
489
- # The bytes to sign.
490
- # Corresponds to the JSON property `bytesToSign`
559
+ # The id of the key used to sign the JWT.
560
+ # Corresponds to the JSON property `keyId`
491
561
  # @return [String]
492
- attr_accessor :bytes_to_sign
562
+ attr_accessor :key_id
563
+
564
+ # The signed JWT.
565
+ # Corresponds to the JSON property `signedJwt`
566
+ # @return [String]
567
+ attr_accessor :signed_jwt
493
568
 
494
569
  def initialize(**args)
495
570
  update!(**args)
@@ -497,33 +572,64 @@ module Google
497
572
 
498
573
  # Update properties of this object
499
574
  def update!(**args)
500
- @bytes_to_sign = args[:bytes_to_sign] if args.key?(:bytes_to_sign)
575
+ @key_id = args[:key_id] if args.key?(:key_id)
576
+ @signed_jwt = args[:signed_jwt] if args.key?(:signed_jwt)
501
577
  end
502
578
  end
503
579
 
504
- # A role in the Identity and Access Management API.
505
- class Role
580
+ # Defines an Identity and Access Management (IAM) policy. It is used to
581
+ # specify access control policies for Cloud Platform resources.
582
+ # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
583
+ # `members` to a `role`, where the members can be user accounts, Google groups,
584
+ # Google domains, and service accounts. A `role` is a named list of permissions
585
+ # defined by IAM.
586
+ # **Example**
587
+ # `
588
+ # "bindings": [
589
+ # `
590
+ # "role": "roles/owner",
591
+ # "members": [
592
+ # "user:mike@example.com",
593
+ # "group:admins@example.com",
594
+ # "domain:google.com",
595
+ # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
596
+ # ]
597
+ # `,
598
+ # `
599
+ # "role": "roles/viewer",
600
+ # "members": ["user:sean@example.com"]
601
+ # `
602
+ # ]
603
+ # `
604
+ # For a description of IAM and its features, see the
605
+ # [IAM developer's guide](https://cloud.google.com/iam).
606
+ class Policy
506
607
  include Google::Apis::Core::Hashable
507
608
 
508
- # Optional. A human-readable title for the role. Typically this
509
- # is limited to 100 UTF-8 bytes.
510
- # Corresponds to the JSON property `title`
511
- # @return [String]
512
- attr_accessor :title
609
+ # Associates a list of `members` to a `role`.
610
+ # Multiple `bindings` must not be specified for the same `role`.
611
+ # `bindings` with no members will result in an error.
612
+ # Corresponds to the JSON property `bindings`
613
+ # @return [Array<Google::Apis::IamV1::Binding>]
614
+ attr_accessor :bindings
513
615
 
514
- # The name of the role.
515
- # When Role is used in CreateRole, the role name must not be set.
516
- # When Role is used in output and other input such as UpdateRole, the role
517
- # name is the complete path, e.g., roles/logging.viewer for curated roles
518
- # and organizations/`ORGANIZATION_ID`/roles/logging.viewer for custom roles.
519
- # Corresponds to the JSON property `name`
616
+ # `etag` is used for optimistic concurrency control as a way to help
617
+ # prevent simultaneous updates of a policy from overwriting each other.
618
+ # It is strongly suggested that systems make use of the `etag` in the
619
+ # read-modify-write cycle to perform policy updates in order to avoid race
620
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
621
+ # systems are expected to put that etag in the request to `setIamPolicy` to
622
+ # ensure that their change will be applied to the same version of the policy.
623
+ # If no `etag` is provided in the call to `setIamPolicy`, then the existing
624
+ # policy is overwritten blindly.
625
+ # Corresponds to the JSON property `etag`
520
626
  # @return [String]
521
- attr_accessor :name
627
+ attr_accessor :etag
522
628
 
523
- # Optional. A human-readable description for the role.
524
- # Corresponds to the JSON property `description`
525
- # @return [String]
526
- attr_accessor :description
629
+ # Version of the `Policy`. The default version is 0.
630
+ # Corresponds to the JSON property `version`
631
+ # @return [Fixnum]
632
+ attr_accessor :version
527
633
 
528
634
  def initialize(**args)
529
635
  update!(**args)
@@ -531,45 +637,20 @@ module Google
531
637
 
532
638
  # Update properties of this object
533
639
  def update!(**args)
534
- @title = args[:title] if args.key?(:title)
535
- @name = args[:name] if args.key?(:name)
536
- @description = args[:description] if args.key?(:description)
640
+ @bindings = args[:bindings] if args.key?(:bindings)
641
+ @etag = args[:etag] if args.key?(:etag)
642
+ @version = args[:version] if args.key?(:version)
537
643
  end
538
644
  end
539
645
 
540
- # Request message for `SetIamPolicy` method.
541
- class SetIamPolicyRequest
646
+ # The service account sign JWT request.
647
+ class SignJwtRequest
542
648
  include Google::Apis::Core::Hashable
543
649
 
544
- # Defines an Identity and Access Management (IAM) policy. It is used to
545
- # specify access control policies for Cloud Platform resources.
546
- # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
547
- # `members` to a `role`, where the members can be user accounts, Google groups,
548
- # Google domains, and service accounts. A `role` is a named list of permissions
549
- # defined by IAM.
550
- # **Example**
551
- # `
552
- # "bindings": [
553
- # `
554
- # "role": "roles/owner",
555
- # "members": [
556
- # "user:mike@example.com",
557
- # "group:admins@example.com",
558
- # "domain:google.com",
559
- # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
560
- # ]
561
- # `,
562
- # `
563
- # "role": "roles/viewer",
564
- # "members": ["user:sean@example.com"]
565
- # `
566
- # ]
567
- # `
568
- # For a description of IAM and its features, see the
569
- # [IAM developer's guide](https://cloud.google.com/iam).
570
- # Corresponds to the JSON property `policy`
571
- # @return [Google::Apis::IamV1::Policy]
572
- attr_accessor :policy
650
+ # The JWT payload to sign, a JSON JWT Claim set.
651
+ # Corresponds to the JSON property `payload`
652
+ # @return [String]
653
+ attr_accessor :payload
573
654
 
574
655
  def initialize(**args)
575
656
  update!(**args)
@@ -577,38 +658,20 @@ module Google
577
658
 
578
659
  # Update properties of this object
579
660
  def update!(**args)
580
- @policy = args[:policy] if args.key?(:policy)
661
+ @payload = args[:payload] if args.key?(:payload)
581
662
  end
582
663
  end
583
664
 
584
- # Associates `members` with a `role`.
585
- class Binding
665
+ # Audit log information specific to Cloud IAM. This message is serialized
666
+ # as an `Any` type in the `ServiceData` message of an
667
+ # `AuditLog` message.
668
+ class AuditData
586
669
  include Google::Apis::Core::Hashable
587
670
 
588
- # Role that is assigned to `members`.
589
- # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
590
- # Required
591
- # Corresponds to the JSON property `role`
592
- # @return [String]
593
- attr_accessor :role
594
-
595
- # Specifies the identities requesting access for a Cloud Platform resource.
596
- # `members` can have the following values:
597
- # * `allUsers`: A special identifier that represents anyone who is
598
- # on the internet; with or without a Google account.
599
- # * `allAuthenticatedUsers`: A special identifier that represents anyone
600
- # who is authenticated with a Google account or a service account.
601
- # * `user:`emailid``: An email address that represents a specific Google
602
- # account. For example, `alice@gmail.com` or `joe@example.com`.
603
- # * `serviceAccount:`emailid``: An email address that represents a service
604
- # account. For example, `my-other-app@appspot.gserviceaccount.com`.
605
- # * `group:`emailid``: An email address that represents a Google group.
606
- # For example, `admins@example.com`.
607
- # * `domain:`domain``: A Google Apps domain name that represents all the
608
- # users of that domain. For example, `google.com` or `example.com`.
609
- # Corresponds to the JSON property `members`
610
- # @return [Array<String>]
611
- attr_accessor :members
671
+ # The difference delta between two policies.
672
+ # Corresponds to the JSON property `policyDelta`
673
+ # @return [Google::Apis::IamV1::PolicyDelta]
674
+ attr_accessor :policy_delta
612
675
 
613
676
  def initialize(**args)
614
677
  update!(**args)
@@ -616,97 +679,34 @@ module Google
616
679
 
617
680
  # Update properties of this object
618
681
  def update!(**args)
619
- @role = args[:role] if args.key?(:role)
620
- @members = args[:members] if args.key?(:members)
682
+ @policy_delta = args[:policy_delta] if args.key?(:policy_delta)
621
683
  end
622
684
  end
623
685
 
624
- # A service account in the Identity and Access Management API.
625
- # To create a service account, specify the `project_id` and the `account_id`
626
- # for the account. The `account_id` is unique within the project, and is used
627
- # to generate the service account email address and a stable
628
- # `unique_id`.
629
- # If the account already exists, the account's resource name is returned
630
- # in util::Status's ResourceInfo.resource_name in the format of
631
- # projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL`. The caller can
632
- # use the name in other methods to access the account.
633
- # All other methods can identify the service account using the format
634
- # `projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL``.
635
- # Using `-` as a wildcard for the project will infer the project from
636
- # the account. The `account` value can be the `email` address or the
637
- # `unique_id` of the service account.
638
- class ServiceAccount
686
+ # One delta entry for Binding. Each individual change (only one member in each
687
+ # entry) to a binding will be a separate entry.
688
+ class BindingDelta
639
689
  include Google::Apis::Core::Hashable
640
690
 
641
- # @OutputOnly The id of the project that owns the service account.
642
- # Corresponds to the JSON property `projectId`
643
- # @return [String]
644
- attr_accessor :project_id
645
-
646
- # @OutputOnly The unique and stable id of the service account.
647
- # Corresponds to the JSON property `uniqueId`
648
- # @return [String]
649
- attr_accessor :unique_id
650
-
651
- # @OutputOnly. The OAuth2 client id for the service account.
652
- # This is used in conjunction with the OAuth2 clientconfig API to make
653
- # three legged OAuth2 (3LO) flows to access the data of Google users.
654
- # Corresponds to the JSON property `oauth2ClientId`
655
- # @return [String]
656
- attr_accessor :oauth2_client_id
657
-
658
- # Optional. A user-specified description of the service account. Must be
659
- # fewer than 100 UTF-8 bytes.
660
- # Corresponds to the JSON property `displayName`
661
- # @return [String]
662
- attr_accessor :display_name
663
-
664
- # Used to perform a consistent read-modify-write.
665
- # Corresponds to the JSON property `etag`
691
+ # Role that is assigned to `members`.
692
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
693
+ # Required
694
+ # Corresponds to the JSON property `role`
666
695
  # @return [String]
667
- attr_accessor :etag
696
+ attr_accessor :role
668
697
 
669
- # @OutputOnly The email address of the service account.
670
- # Corresponds to the JSON property `email`
698
+ # The action that was performed on a Binding.
699
+ # Required
700
+ # Corresponds to the JSON property `action`
671
701
  # @return [String]
672
- attr_accessor :email
702
+ attr_accessor :action
673
703
 
674
- # The resource name of the service account in the following format:
675
- # `projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL``.
676
- # Requests using `-` as a wildcard for the project will infer the project
677
- # from the `account` and the `account` value can be the `email` address or
678
- # the `unique_id` of the service account.
679
- # In responses the resource name will always be in the format
680
- # `projects/`PROJECT_ID`/serviceAccounts/`SERVICE_ACCOUNT_EMAIL``.
681
- # Corresponds to the JSON property `name`
704
+ # A single identity requesting access for a Cloud Platform resource.
705
+ # Follows the same format of Binding.members.
706
+ # Required
707
+ # Corresponds to the JSON property `member`
682
708
  # @return [String]
683
- attr_accessor :name
684
-
685
- def initialize(**args)
686
- update!(**args)
687
- end
688
-
689
- # Update properties of this object
690
- def update!(**args)
691
- @project_id = args[:project_id] if args.key?(:project_id)
692
- @unique_id = args[:unique_id] if args.key?(:unique_id)
693
- @oauth2_client_id = args[:oauth2_client_id] if args.key?(:oauth2_client_id)
694
- @display_name = args[:display_name] if args.key?(:display_name)
695
- @etag = args[:etag] if args.key?(:etag)
696
- @email = args[:email] if args.key?(:email)
697
- @name = args[:name] if args.key?(:name)
698
- end
699
- end
700
-
701
- # A generic empty message that you can re-use to avoid defining duplicated
702
- # empty messages in your APIs. A typical example is to use it as the request
703
- # or the response type of an API method. For instance:
704
- # service Foo `
705
- # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
706
- # `
707
- # The JSON representation for `Empty` is empty JSON object ````.
708
- class Empty
709
- include Google::Apis::Core::Hashable
709
+ attr_accessor :member
710
710
 
711
711
  def initialize(**args)
712
712
  update!(**args)
@@ -714,20 +714,20 @@ module Google
714
714
 
715
715
  # Update properties of this object
716
716
  def update!(**args)
717
+ @role = args[:role] if args.key?(:role)
718
+ @action = args[:action] if args.key?(:action)
719
+ @member = args[:member] if args.key?(:member)
717
720
  end
718
721
  end
719
722
 
720
- # The grantable role query request.
721
- class QueryGrantableRolesRequest
723
+ # The difference delta between two policies.
724
+ class PolicyDelta
722
725
  include Google::Apis::Core::Hashable
723
726
 
724
- # Required. The full resource name to query from the list of grantable roles.
725
- # The name follows the Google Cloud Platform resource format.
726
- # For example, a Cloud Platform project with id `my-project` will be named
727
- # `//cloudresourcemanager.googleapis.com/projects/my-project`.
728
- # Corresponds to the JSON property `fullResourceName`
729
- # @return [String]
730
- attr_accessor :full_resource_name
727
+ # The delta for Bindings between two policies.
728
+ # Corresponds to the JSON property `bindingDeltas`
729
+ # @return [Array<Google::Apis::IamV1::BindingDelta>]
730
+ attr_accessor :binding_deltas
731
731
 
732
732
  def initialize(**args)
733
733
  update!(**args)
@@ -735,7 +735,7 @@ module Google
735
735
 
736
736
  # Update properties of this object
737
737
  def update!(**args)
738
- @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name)
738
+ @binding_deltas = args[:binding_deltas] if args.key?(:binding_deltas)
739
739
  end
740
740
  end
741
741
  end