google-api-client 0.41.1 → 0.43.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (571) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +352 -0
  3. data/bin/generate-api +1 -3
  4. data/generated/google/apis/abusiveexperiencereport_v1.rb +1 -1
  5. data/generated/google/apis/abusiveexperiencereport_v1/classes.rb +8 -13
  6. data/generated/google/apis/abusiveexperiencereport_v1/service.rb +2 -3
  7. data/generated/google/apis/accessapproval_v1.rb +1 -1
  8. data/generated/google/apis/accessapproval_v1/classes.rb +9 -0
  9. data/generated/google/apis/accessapproval_v1/representations.rb +1 -0
  10. data/generated/google/apis/accessapproval_v1/service.rb +3 -0
  11. data/generated/google/apis/accessapproval_v1beta1.rb +1 -1
  12. data/generated/google/apis/accessapproval_v1beta1/service.rb +3 -0
  13. data/generated/google/apis/adexchangebuyer2_v2beta1.rb +1 -1
  14. data/generated/google/apis/adexchangebuyer2_v2beta1/classes.rb +523 -653
  15. data/generated/google/apis/adexchangebuyer2_v2beta1/service.rb +467 -631
  16. data/generated/google/apis/adexperiencereport_v1.rb +1 -1
  17. data/generated/google/apis/adexperiencereport_v1/classes.rb +11 -18
  18. data/generated/google/apis/adexperiencereport_v1/service.rb +2 -3
  19. data/generated/google/apis/admob_v1.rb +1 -1
  20. data/generated/google/apis/admob_v1/classes.rb +139 -268
  21. data/generated/google/apis/admob_v1/service.rb +11 -13
  22. data/generated/google/apis/alertcenter_v1beta1.rb +1 -1
  23. data/generated/google/apis/alertcenter_v1beta1/classes.rb +107 -138
  24. data/generated/google/apis/alertcenter_v1beta1/service.rb +50 -55
  25. data/generated/google/apis/analyticsreporting_v4.rb +1 -1
  26. data/generated/google/apis/analyticsreporting_v4/classes.rb +315 -399
  27. data/generated/google/apis/androiddeviceprovisioning_v1.rb +1 -1
  28. data/generated/google/apis/androiddeviceprovisioning_v1/classes.rb +199 -220
  29. data/generated/google/apis/androiddeviceprovisioning_v1/service.rb +55 -61
  30. data/generated/google/apis/androidenterprise_v1.rb +1 -1
  31. data/generated/google/apis/androidenterprise_v1/classes.rb +452 -557
  32. data/generated/google/apis/androidenterprise_v1/service.rb +181 -240
  33. data/generated/google/apis/androidmanagement_v1.rb +1 -1
  34. data/generated/google/apis/androidpublisher_v3.rb +1 -1
  35. data/generated/google/apis/androidpublisher_v3/classes.rb +356 -339
  36. data/generated/google/apis/androidpublisher_v3/representations.rb +44 -0
  37. data/generated/google/apis/androidpublisher_v3/service.rb +272 -152
  38. data/generated/google/apis/apigee_v1.rb +6 -7
  39. data/generated/google/apis/apigee_v1/classes.rb +1898 -1067
  40. data/generated/google/apis/apigee_v1/representations.rb +542 -0
  41. data/generated/google/apis/apigee_v1/service.rb +1895 -1090
  42. data/generated/google/apis/appengine_v1.rb +1 -1
  43. data/generated/google/apis/appengine_v1/service.rb +6 -3
  44. data/generated/google/apis/appengine_v1beta.rb +1 -1
  45. data/generated/google/apis/appengine_v1beta/service.rb +6 -2
  46. data/generated/google/apis/appsmarket_v2.rb +1 -1
  47. data/generated/google/apis/artifactregistry_v1beta1.rb +1 -1
  48. data/generated/google/apis/bigquery_v2.rb +1 -1
  49. data/generated/google/apis/bigquery_v2/classes.rb +198 -3
  50. data/generated/google/apis/bigquery_v2/representations.rb +70 -0
  51. data/generated/google/apis/bigqueryreservation_v1.rb +1 -1
  52. data/generated/google/apis/bigqueryreservation_v1/classes.rb +34 -0
  53. data/generated/google/apis/bigqueryreservation_v1/representations.rb +16 -0
  54. data/generated/google/apis/bigqueryreservation_v1/service.rb +60 -0
  55. data/generated/google/apis/bigqueryreservation_v1beta1.rb +1 -1
  56. data/generated/google/apis/bigqueryreservation_v1beta1/classes.rb +8 -0
  57. data/generated/google/apis/bigqueryreservation_v1beta1/representations.rb +1 -0
  58. data/generated/google/apis/bigtableadmin_v1.rb +1 -1
  59. data/generated/google/apis/bigtableadmin_v1/classes.rb +267 -0
  60. data/generated/google/apis/bigtableadmin_v1/representations.rb +100 -0
  61. data/generated/google/apis/bigtableadmin_v2.rb +1 -1
  62. data/generated/google/apis/bigtableadmin_v2/classes.rb +361 -6
  63. data/generated/google/apis/bigtableadmin_v2/representations.rb +146 -0
  64. data/generated/google/apis/bigtableadmin_v2/service.rb +298 -0
  65. data/generated/google/apis/billingbudgets_v1beta1.rb +1 -1
  66. data/generated/google/apis/billingbudgets_v1beta1/classes.rb +103 -109
  67. data/generated/google/apis/billingbudgets_v1beta1/representations.rb +1 -0
  68. data/generated/google/apis/billingbudgets_v1beta1/service.rb +30 -33
  69. data/generated/google/apis/blogger_v2.rb +2 -3
  70. data/generated/google/apis/blogger_v2/classes.rb +1 -2
  71. data/generated/google/apis/blogger_v2/service.rb +1 -2
  72. data/generated/google/apis/blogger_v3.rb +2 -3
  73. data/generated/google/apis/blogger_v3/classes.rb +1 -2
  74. data/generated/google/apis/blogger_v3/service.rb +1 -2
  75. data/generated/google/apis/books_v1.rb +1 -1
  76. data/generated/google/apis/books_v1/classes.rb +140 -159
  77. data/generated/google/apis/books_v1/service.rb +47 -49
  78. data/generated/google/apis/chat_v1.rb +1 -1
  79. data/generated/google/apis/chat_v1/classes.rb +130 -0
  80. data/generated/google/apis/chat_v1/representations.rb +63 -0
  81. data/generated/google/apis/chat_v1/service.rb +71 -0
  82. data/generated/google/apis/chromeuxreport_v1.rb +1 -1
  83. data/generated/google/apis/chromeuxreport_v1/classes.rb +68 -57
  84. data/generated/google/apis/chromeuxreport_v1/representations.rb +2 -0
  85. data/generated/google/apis/civicinfo_v2.rb +1 -1
  86. data/generated/google/apis/civicinfo_v2/classes.rb +9 -1
  87. data/generated/google/apis/civicinfo_v2/representations.rb +1 -0
  88. data/generated/google/apis/civicinfo_v2/service.rb +1 -1
  89. data/generated/google/apis/classroom_v1.rb +1 -1
  90. data/generated/google/apis/classroom_v1/classes.rb +250 -365
  91. data/generated/google/apis/classroom_v1/service.rb +645 -900
  92. data/generated/google/apis/cloudasset_v1.rb +1 -1
  93. data/generated/google/apis/cloudasset_v1/classes.rb +15 -11
  94. data/generated/google/apis/cloudasset_v1/service.rb +62 -45
  95. data/generated/google/apis/cloudasset_v1beta1.rb +1 -1
  96. data/generated/google/apis/cloudasset_v1beta1/classes.rb +3 -1
  97. data/generated/google/apis/cloudasset_v1p4beta1.rb +1 -1
  98. data/generated/google/apis/{androidpublisher_v1_1.rb → cloudasset_v1p5beta1.rb} +11 -11
  99. data/generated/google/apis/cloudasset_v1p5beta1/classes.rb +1539 -0
  100. data/generated/google/apis/cloudasset_v1p5beta1/representations.rb +399 -0
  101. data/generated/google/apis/cloudasset_v1p5beta1/service.rb +129 -0
  102. data/generated/google/apis/cloudbuild_v1.rb +1 -1
  103. data/generated/google/apis/cloudbuild_v1/classes.rb +272 -12
  104. data/generated/google/apis/cloudbuild_v1/representations.rb +130 -4
  105. data/generated/google/apis/cloudbuild_v1/service.rb +0 -94
  106. data/generated/google/apis/cloudbuild_v1alpha1.rb +1 -1
  107. data/generated/google/apis/cloudbuild_v1alpha1/classes.rb +284 -24
  108. data/generated/google/apis/cloudbuild_v1alpha1/representations.rb +135 -9
  109. data/generated/google/apis/cloudbuild_v1alpha1/service.rb +0 -47
  110. data/generated/google/apis/cloudbuild_v1alpha2.rb +1 -1
  111. data/generated/google/apis/cloudbuild_v1alpha2/classes.rb +284 -24
  112. data/generated/google/apis/cloudbuild_v1alpha2/representations.rb +135 -9
  113. data/generated/google/apis/cloudbuild_v1alpha2/service.rb +0 -47
  114. data/generated/google/apis/clouderrorreporting_v1beta1.rb +1 -1
  115. data/generated/google/apis/clouderrorreporting_v1beta1/classes.rb +7 -0
  116. data/generated/google/apis/clouderrorreporting_v1beta1/representations.rb +1 -0
  117. data/generated/google/apis/cloudfunctions_v1.rb +1 -1
  118. data/generated/google/apis/cloudfunctions_v1/classes.rb +12 -43
  119. data/generated/google/apis/cloudfunctions_v1/representations.rb +2 -17
  120. data/generated/google/apis/cloudidentity_v1beta1.rb +1 -1
  121. data/generated/google/apis/cloudidentity_v1beta1/classes.rb +32 -1
  122. data/generated/google/apis/cloudidentity_v1beta1/representations.rb +16 -0
  123. data/generated/google/apis/cloudresourcemanager_v1.rb +1 -1
  124. data/generated/google/apis/cloudresourcemanager_v1/classes.rb +503 -754
  125. data/generated/google/apis/cloudresourcemanager_v1/service.rb +198 -249
  126. data/generated/google/apis/cloudresourcemanager_v1beta1.rb +1 -1
  127. data/generated/google/apis/cloudresourcemanager_v1beta1/classes.rb +258 -429
  128. data/generated/google/apis/cloudresourcemanager_v1beta1/service.rb +136 -178
  129. data/generated/google/apis/cloudresourcemanager_v2.rb +1 -1
  130. data/generated/google/apis/cloudresourcemanager_v2/classes.rb +258 -414
  131. data/generated/google/apis/cloudresourcemanager_v2/service.rb +96 -129
  132. data/generated/google/apis/cloudresourcemanager_v2beta1.rb +1 -1
  133. data/generated/google/apis/cloudresourcemanager_v2beta1/classes.rb +258 -414
  134. data/generated/google/apis/cloudresourcemanager_v2beta1/service.rb +96 -129
  135. data/generated/google/apis/cloudscheduler_v1.rb +1 -1
  136. data/generated/google/apis/cloudscheduler_v1/classes.rb +16 -5
  137. data/generated/google/apis/cloudscheduler_v1/representations.rb +1 -0
  138. data/generated/google/apis/cloudscheduler_v1beta1.rb +1 -1
  139. data/generated/google/apis/cloudscheduler_v1beta1/classes.rb +16 -5
  140. data/generated/google/apis/cloudscheduler_v1beta1/representations.rb +1 -0
  141. data/generated/google/apis/cloudsearch_v1.rb +1 -1
  142. data/generated/google/apis/cloudsearch_v1/classes.rb +1 -2
  143. data/generated/google/apis/cloudshell_v1.rb +1 -1
  144. data/generated/google/apis/cloudshell_v1/classes.rb +2 -2
  145. data/generated/google/apis/cloudshell_v1alpha1.rb +1 -1
  146. data/generated/google/apis/cloudshell_v1alpha1/classes.rb +8 -5
  147. data/generated/google/apis/cloudtrace_v1.rb +1 -1
  148. data/generated/google/apis/cloudtrace_v1/classes.rb +2 -3
  149. data/generated/google/apis/cloudtrace_v1/service.rb +1 -7
  150. data/generated/google/apis/cloudtrace_v2.rb +1 -1
  151. data/generated/google/apis/cloudtrace_v2/classes.rb +6 -5
  152. data/generated/google/apis/cloudtrace_v2/service.rb +3 -6
  153. data/generated/google/apis/compute_alpha.rb +1 -1
  154. data/generated/google/apis/compute_alpha/classes.rb +402 -48
  155. data/generated/google/apis/compute_alpha/representations.rb +103 -0
  156. data/generated/google/apis/compute_alpha/service.rb +38 -36
  157. data/generated/google/apis/compute_beta.rb +1 -1
  158. data/generated/google/apis/compute_beta/classes.rb +371 -41
  159. data/generated/google/apis/compute_beta/representations.rb +94 -0
  160. data/generated/google/apis/compute_beta/service.rb +347 -36
  161. data/generated/google/apis/compute_v1.rb +1 -1
  162. data/generated/google/apis/compute_v1/classes.rb +397 -40
  163. data/generated/google/apis/compute_v1/representations.rb +110 -0
  164. data/generated/google/apis/compute_v1/service.rb +341 -48
  165. data/generated/google/apis/container_v1.rb +1 -1
  166. data/generated/google/apis/container_v1/classes.rb +129 -2
  167. data/generated/google/apis/container_v1/representations.rb +51 -0
  168. data/generated/google/apis/container_v1beta1.rb +1 -1
  169. data/generated/google/apis/container_v1beta1/classes.rb +136 -17
  170. data/generated/google/apis/container_v1beta1/representations.rb +39 -0
  171. data/generated/google/apis/content_v2.rb +1 -1
  172. data/generated/google/apis/content_v2/classes.rb +17 -2
  173. data/generated/google/apis/content_v2/representations.rb +1 -0
  174. data/generated/google/apis/content_v2_1.rb +1 -1
  175. data/generated/google/apis/content_v2_1/classes.rb +19 -4
  176. data/generated/google/apis/content_v2_1/representations.rb +1 -0
  177. data/generated/google/apis/{androidpublisher_v1.rb → customsearch_v1.rb} +8 -8
  178. data/generated/google/apis/customsearch_v1/classes.rb +1421 -0
  179. data/generated/google/apis/customsearch_v1/representations.rb +372 -0
  180. data/generated/google/apis/customsearch_v1/service.rb +461 -0
  181. data/generated/google/apis/datacatalog_v1beta1.rb +1 -1
  182. data/generated/google/apis/datacatalog_v1beta1/classes.rb +6 -3
  183. data/generated/google/apis/dataflow_v1b3.rb +1 -1
  184. data/generated/google/apis/dataflow_v1b3/classes.rb +21 -1
  185. data/generated/google/apis/dataflow_v1b3/representations.rb +3 -0
  186. data/generated/google/apis/dataflow_v1b3/service.rb +2 -2
  187. data/generated/google/apis/datafusion_v1.rb +43 -0
  188. data/generated/google/apis/datafusion_v1/classes.rb +1154 -0
  189. data/generated/google/apis/{cloudfunctions_v1beta2 → datafusion_v1}/representations.rb +138 -93
  190. data/generated/google/apis/datafusion_v1/service.rb +680 -0
  191. data/generated/google/apis/dataproc_v1.rb +1 -1
  192. data/generated/google/apis/dataproc_v1/classes.rb +207 -330
  193. data/generated/google/apis/dataproc_v1/service.rb +134 -168
  194. data/generated/google/apis/dataproc_v1beta2.rb +1 -1
  195. data/generated/google/apis/dataproc_v1beta2/classes.rb +236 -325
  196. data/generated/google/apis/dataproc_v1beta2/representations.rb +4 -0
  197. data/generated/google/apis/dataproc_v1beta2/service.rb +137 -192
  198. data/generated/google/apis/datastore_v1.rb +1 -1
  199. data/generated/google/apis/datastore_v1/classes.rb +1 -1
  200. data/generated/google/apis/deploymentmanager_alpha.rb +1 -1
  201. data/generated/google/apis/deploymentmanager_v2.rb +1 -1
  202. data/generated/google/apis/deploymentmanager_v2beta.rb +1 -1
  203. data/generated/google/apis/dfareporting_v3_4.rb +1 -1
  204. data/generated/google/apis/dfareporting_v3_4/classes.rb +421 -0
  205. data/generated/google/apis/dfareporting_v3_4/representations.rb +182 -0
  206. data/generated/google/apis/dialogflow_v2.rb +1 -1
  207. data/generated/google/apis/dialogflow_v2/classes.rb +1341 -1513
  208. data/generated/google/apis/dialogflow_v2/representations.rb +31 -0
  209. data/generated/google/apis/dialogflow_v2/service.rb +324 -444
  210. data/generated/google/apis/dialogflow_v2beta1.rb +1 -1
  211. data/generated/google/apis/dialogflow_v2beta1/classes.rb +1419 -1591
  212. data/generated/google/apis/dialogflow_v2beta1/representations.rb +31 -0
  213. data/generated/google/apis/dialogflow_v2beta1/service.rb +780 -1022
  214. data/generated/google/apis/displayvideo_v1.rb +7 -1
  215. data/generated/google/apis/displayvideo_v1/classes.rb +1776 -1728
  216. data/generated/google/apis/displayvideo_v1/representations.rb +300 -0
  217. data/generated/google/apis/displayvideo_v1/service.rb +1277 -929
  218. data/generated/google/apis/dlp_v2.rb +1 -1
  219. data/generated/google/apis/dlp_v2/classes.rb +10 -6
  220. data/generated/google/apis/dns_v1.rb +4 -4
  221. data/generated/google/apis/dns_v1/classes.rb +313 -162
  222. data/generated/google/apis/dns_v1/service.rb +247 -180
  223. data/generated/google/apis/dns_v1beta2.rb +4 -4
  224. data/generated/google/apis/dns_v1beta2/classes.rb +325 -171
  225. data/generated/google/apis/dns_v1beta2/service.rb +247 -180
  226. data/generated/google/apis/dns_v2beta1.rb +4 -4
  227. data/generated/google/apis/dns_v2beta1/classes.rb +313 -162
  228. data/generated/google/apis/dns_v2beta1/service.rb +247 -180
  229. data/generated/google/apis/domainsrdap_v1.rb +1 -1
  230. data/generated/google/apis/domainsrdap_v1/classes.rb +42 -69
  231. data/generated/google/apis/domainsrdap_v1/service.rb +16 -16
  232. data/generated/google/apis/doubleclickbidmanager_v1.rb +1 -1
  233. data/generated/google/apis/doubleclickbidmanager_v1/classes.rb +1 -1
  234. data/generated/google/apis/doubleclickbidmanager_v1/service.rb +4 -2
  235. data/generated/google/apis/doubleclickbidmanager_v1_1.rb +1 -1
  236. data/generated/google/apis/doubleclickbidmanager_v1_1/classes.rb +196 -1
  237. data/generated/google/apis/doubleclickbidmanager_v1_1/representations.rb +107 -0
  238. data/generated/google/apis/doubleclickbidmanager_v1_1/service.rb +4 -2
  239. data/generated/google/apis/doubleclicksearch_v2.rb +1 -1
  240. data/generated/google/apis/doubleclicksearch_v2/classes.rb +109 -126
  241. data/generated/google/apis/doubleclicksearch_v2/service.rb +3 -4
  242. data/generated/google/apis/drive_v2.rb +1 -1
  243. data/generated/google/apis/drive_v2/classes.rb +77 -2
  244. data/generated/google/apis/drive_v2/representations.rb +23 -0
  245. data/generated/google/apis/drive_v2/service.rb +23 -10
  246. data/generated/google/apis/drive_v3.rb +1 -1
  247. data/generated/google/apis/drive_v3/classes.rb +82 -2
  248. data/generated/google/apis/drive_v3/representations.rb +24 -0
  249. data/generated/google/apis/drive_v3/service.rb +8 -5
  250. data/generated/google/apis/driveactivity_v2.rb +1 -1
  251. data/generated/google/apis/driveactivity_v2/classes.rb +55 -68
  252. data/generated/google/apis/factchecktools_v1alpha1.rb +1 -1
  253. data/generated/google/apis/factchecktools_v1alpha1/classes.rb +46 -56
  254. data/generated/google/apis/factchecktools_v1alpha1/service.rb +30 -33
  255. data/generated/google/apis/fcm_v1.rb +1 -1
  256. data/generated/google/apis/fcm_v1/classes.rb +245 -393
  257. data/generated/google/apis/fcm_v1/service.rb +5 -6
  258. data/generated/google/apis/file_v1.rb +1 -1
  259. data/generated/google/apis/file_v1beta1.rb +1 -1
  260. data/generated/google/apis/firebase_v1beta1.rb +1 -1
  261. data/generated/google/apis/firebase_v1beta1/classes.rb +313 -351
  262. data/generated/google/apis/firebase_v1beta1/representations.rb +1 -0
  263. data/generated/google/apis/firebase_v1beta1/service.rb +356 -420
  264. data/generated/google/apis/firebasedynamiclinks_v1.rb +1 -1
  265. data/generated/google/apis/firebasedynamiclinks_v1/classes.rb +89 -112
  266. data/generated/google/apis/firebasedynamiclinks_v1/service.rb +18 -21
  267. data/generated/google/apis/{androidpublisher_v2.rb → firebasehosting_v1.rb} +11 -12
  268. data/generated/google/apis/firebasehosting_v1/classes.rb +182 -0
  269. data/generated/google/apis/{androidpublisher_v2 → firebasehosting_v1}/representations.rb +22 -32
  270. data/generated/google/apis/firebasehosting_v1/service.rb +180 -0
  271. data/generated/google/apis/firebasehosting_v1beta1.rb +1 -1
  272. data/generated/google/apis/firebasehosting_v1beta1/classes.rb +148 -177
  273. data/generated/google/apis/firebasehosting_v1beta1/service.rb +112 -143
  274. data/generated/google/apis/firebaseml_v1.rb +1 -1
  275. data/generated/google/apis/firebaseml_v1/classes.rb +39 -44
  276. data/generated/google/apis/firebaseml_v1/service.rb +19 -22
  277. data/generated/google/apis/firebaseml_v1beta2.rb +1 -1
  278. data/generated/google/apis/firebaseml_v1beta2/classes.rb +67 -68
  279. data/generated/google/apis/firebaseml_v1beta2/representations.rb +1 -0
  280. data/generated/google/apis/firebaseml_v1beta2/service.rb +16 -18
  281. data/generated/google/apis/firestore_v1.rb +1 -1
  282. data/generated/google/apis/firestore_v1/classes.rb +152 -0
  283. data/generated/google/apis/firestore_v1/representations.rb +63 -0
  284. data/generated/google/apis/firestore_v1/service.rb +78 -0
  285. data/generated/google/apis/firestore_v1beta1.rb +1 -1
  286. data/generated/google/apis/firestore_v1beta1/classes.rb +152 -0
  287. data/generated/google/apis/firestore_v1beta1/representations.rb +63 -0
  288. data/generated/google/apis/firestore_v1beta1/service.rb +78 -0
  289. data/generated/google/apis/games_configuration_v1configuration.rb +1 -1
  290. data/generated/google/apis/games_configuration_v1configuration/service.rb +2 -2
  291. data/generated/google/apis/games_management_v1management.rb +1 -1
  292. data/generated/google/apis/games_management_v1management/service.rb +2 -2
  293. data/generated/google/apis/games_v1.rb +6 -4
  294. data/generated/google/apis/games_v1/classes.rb +354 -2112
  295. data/generated/google/apis/games_v1/representations.rb +12 -647
  296. data/generated/google/apis/games_v1/service.rb +213 -1155
  297. data/generated/google/apis/{cloudfunctions_v1beta2.rb → gameservices_v1.rb} +9 -9
  298. data/generated/google/apis/gameservices_v1/classes.rb +2175 -0
  299. data/generated/google/apis/gameservices_v1/representations.rb +971 -0
  300. data/generated/google/apis/gameservices_v1/service.rb +1432 -0
  301. data/generated/google/apis/gameservices_v1beta.rb +1 -1
  302. data/generated/google/apis/gameservices_v1beta/classes.rb +344 -523
  303. data/generated/google/apis/gameservices_v1beta/service.rb +167 -207
  304. data/generated/google/apis/genomics_v1.rb +1 -1
  305. data/generated/google/apis/genomics_v1alpha2.rb +1 -1
  306. data/generated/google/apis/genomics_v2alpha1.rb +1 -1
  307. data/generated/google/apis/genomics_v2alpha1/classes.rb +3 -75
  308. data/generated/google/apis/genomics_v2alpha1/representations.rb +0 -27
  309. data/generated/google/apis/genomics_v2alpha1/service.rb +0 -34
  310. data/generated/google/apis/gmail_v1.rb +3 -3
  311. data/generated/google/apis/gmail_v1/classes.rb +216 -269
  312. data/generated/google/apis/gmail_v1/service.rb +260 -288
  313. data/generated/google/apis/gmailpostmastertools_v1beta1.rb +36 -0
  314. data/generated/google/apis/gmailpostmastertools_v1beta1/classes.rb +301 -0
  315. data/generated/google/apis/gmailpostmastertools_v1beta1/representations.rb +141 -0
  316. data/generated/google/apis/gmailpostmastertools_v1beta1/service.rb +230 -0
  317. data/generated/google/apis/groupssettings_v1.rb +1 -1
  318. data/generated/google/apis/groupssettings_v1/classes.rb +1 -1
  319. data/generated/google/apis/healthcare_v1.rb +1 -1
  320. data/generated/google/apis/healthcare_v1/service.rb +72 -13
  321. data/generated/google/apis/healthcare_v1beta1.rb +1 -1
  322. data/generated/google/apis/healthcare_v1beta1/classes.rb +85 -17
  323. data/generated/google/apis/healthcare_v1beta1/representations.rb +39 -0
  324. data/generated/google/apis/healthcare_v1beta1/service.rb +146 -16
  325. data/generated/google/apis/iam_v1.rb +1 -1
  326. data/generated/google/apis/iam_v1/classes.rb +22 -3
  327. data/generated/google/apis/iam_v1/service.rb +18 -6
  328. data/generated/google/apis/language_v1.rb +1 -1
  329. data/generated/google/apis/language_v1/classes.rb +93 -111
  330. data/generated/google/apis/language_v1/service.rb +4 -4
  331. data/generated/google/apis/language_v1beta1.rb +1 -1
  332. data/generated/google/apis/language_v1beta1/classes.rb +78 -90
  333. data/generated/google/apis/language_v1beta1/service.rb +2 -2
  334. data/generated/google/apis/language_v1beta2.rb +1 -1
  335. data/generated/google/apis/language_v1beta2/classes.rb +95 -112
  336. data/generated/google/apis/language_v1beta2/service.rb +4 -4
  337. data/generated/google/apis/libraryagent_v1.rb +1 -1
  338. data/generated/google/apis/libraryagent_v1/classes.rb +10 -16
  339. data/generated/google/apis/libraryagent_v1/service.rb +13 -16
  340. data/generated/google/apis/logging_v2.rb +1 -1
  341. data/generated/google/apis/logging_v2/classes.rb +6 -6
  342. data/generated/google/apis/managedidentities_v1.rb +1 -1
  343. data/generated/google/apis/managedidentities_v1/classes.rb +355 -437
  344. data/generated/google/apis/managedidentities_v1/representations.rb +15 -0
  345. data/generated/google/apis/managedidentities_v1/service.rb +78 -96
  346. data/generated/google/apis/managedidentities_v1alpha1.rb +1 -1
  347. data/generated/google/apis/managedidentities_v1alpha1/classes.rb +365 -442
  348. data/generated/google/apis/managedidentities_v1alpha1/representations.rb +15 -0
  349. data/generated/google/apis/managedidentities_v1alpha1/service.rb +88 -109
  350. data/generated/google/apis/managedidentities_v1beta1.rb +1 -1
  351. data/generated/google/apis/managedidentities_v1beta1/classes.rb +361 -441
  352. data/generated/google/apis/managedidentities_v1beta1/representations.rb +15 -0
  353. data/generated/google/apis/managedidentities_v1beta1/service.rb +76 -93
  354. data/generated/google/apis/{groupsmigration_v1.rb → memcache_v1.rb} +11 -11
  355. data/generated/google/apis/memcache_v1/classes.rb +1157 -0
  356. data/generated/google/apis/memcache_v1/representations.rb +471 -0
  357. data/generated/google/apis/{cloudfunctions_v1beta2 → memcache_v1}/service.rb +268 -196
  358. data/generated/google/apis/memcache_v1beta2.rb +1 -1
  359. data/generated/google/apis/memcache_v1beta2/classes.rb +42 -503
  360. data/generated/google/apis/memcache_v1beta2/representations.rb +9 -110
  361. data/generated/google/apis/memcache_v1beta2/service.rb +0 -119
  362. data/generated/google/apis/ml_v1.rb +1 -1
  363. data/generated/google/apis/ml_v1/classes.rb +23 -17
  364. data/generated/google/apis/monitoring_v1.rb +1 -1
  365. data/generated/google/apis/monitoring_v1/classes.rb +14 -12
  366. data/generated/google/apis/monitoring_v3.rb +1 -1
  367. data/generated/google/apis/monitoring_v3/classes.rb +97 -47
  368. data/generated/google/apis/monitoring_v3/representations.rb +3 -0
  369. data/generated/google/apis/monitoring_v3/service.rb +13 -9
  370. data/generated/google/apis/networkmanagement_v1.rb +1 -1
  371. data/generated/google/apis/networkmanagement_v1/classes.rb +6 -6
  372. data/generated/google/apis/networkmanagement_v1beta1.rb +1 -1
  373. data/generated/google/apis/networkmanagement_v1beta1/classes.rb +6 -6
  374. data/generated/google/apis/osconfig_v1.rb +1 -1
  375. data/generated/google/apis/osconfig_v1/classes.rb +798 -2
  376. data/generated/google/apis/osconfig_v1/representations.rb +372 -0
  377. data/generated/google/apis/osconfig_v1beta.rb +1 -1
  378. data/generated/google/apis/osconfig_v1beta/classes.rb +77 -2
  379. data/generated/google/apis/osconfig_v1beta/representations.rb +35 -0
  380. data/generated/google/apis/pagespeedonline_v5.rb +1 -1
  381. data/generated/google/apis/people_v1.rb +1 -1
  382. data/generated/google/apis/people_v1/classes.rb +382 -401
  383. data/generated/google/apis/people_v1/representations.rb +57 -0
  384. data/generated/google/apis/people_v1/service.rb +169 -385
  385. data/generated/google/apis/playcustomapp_v1.rb +1 -1
  386. data/generated/google/apis/playcustomapp_v1/classes.rb +2 -2
  387. data/generated/google/apis/policytroubleshooter_v1.rb +1 -1
  388. data/generated/google/apis/policytroubleshooter_v1/classes.rb +232 -394
  389. data/generated/google/apis/policytroubleshooter_v1/service.rb +2 -2
  390. data/generated/google/apis/policytroubleshooter_v1beta.rb +1 -1
  391. data/generated/google/apis/policytroubleshooter_v1beta/classes.rb +232 -393
  392. data/generated/google/apis/policytroubleshooter_v1beta/service.rb +2 -2
  393. data/generated/google/apis/prod_tt_sasportal_v1alpha1.rb +1 -1
  394. data/generated/google/apis/prod_tt_sasportal_v1alpha1/classes.rb +122 -146
  395. data/generated/google/apis/prod_tt_sasportal_v1alpha1/service.rb +38 -49
  396. data/generated/google/apis/pubsub_v1.rb +1 -1
  397. data/generated/google/apis/pubsub_v1/classes.rb +45 -28
  398. data/generated/google/apis/pubsub_v1/representations.rb +2 -0
  399. data/generated/google/apis/pubsub_v1/service.rb +35 -44
  400. data/generated/google/apis/realtimebidding_v1.rb +1 -4
  401. data/generated/google/apis/realtimebidding_v1/classes.rb +198 -291
  402. data/generated/google/apis/realtimebidding_v1/service.rb +98 -135
  403. data/generated/google/apis/recommendationengine_v1beta1.rb +36 -0
  404. data/generated/google/apis/recommendationengine_v1beta1/classes.rb +2017 -0
  405. data/generated/google/apis/recommendationengine_v1beta1/representations.rb +848 -0
  406. data/generated/google/apis/recommendationengine_v1beta1/service.rb +990 -0
  407. data/generated/google/apis/recommender_v1.rb +1 -1
  408. data/generated/google/apis/recommender_v1/classes.rb +271 -84
  409. data/generated/google/apis/recommender_v1/representations.rb +96 -0
  410. data/generated/google/apis/recommender_v1/service.rb +143 -35
  411. data/generated/google/apis/recommender_v1beta1.rb +1 -1
  412. data/generated/google/apis/recommender_v1beta1/classes.rb +75 -99
  413. data/generated/google/apis/recommender_v1beta1/service.rb +43 -58
  414. data/generated/google/apis/redis_v1.rb +1 -1
  415. data/generated/google/apis/redis_v1/classes.rb +397 -0
  416. data/generated/google/apis/redis_v1/representations.rb +139 -0
  417. data/generated/google/apis/redis_v1beta1.rb +1 -1
  418. data/generated/google/apis/redis_v1beta1/classes.rb +397 -0
  419. data/generated/google/apis/redis_v1beta1/representations.rb +139 -0
  420. data/generated/google/apis/remotebuildexecution_v1.rb +1 -1
  421. data/generated/google/apis/remotebuildexecution_v1alpha.rb +1 -1
  422. data/generated/google/apis/remotebuildexecution_v2.rb +1 -1
  423. data/generated/google/apis/reseller_v1.rb +4 -3
  424. data/generated/google/apis/reseller_v1/classes.rb +219 -160
  425. data/generated/google/apis/reseller_v1/service.rb +247 -252
  426. data/generated/google/apis/run_v1.rb +1 -1
  427. data/generated/google/apis/run_v1/classes.rb +835 -1248
  428. data/generated/google/apis/run_v1/service.rb +233 -247
  429. data/generated/google/apis/run_v1alpha1.rb +1 -1
  430. data/generated/google/apis/run_v1alpha1/classes.rb +934 -1331
  431. data/generated/google/apis/run_v1alpha1/service.rb +321 -377
  432. data/generated/google/apis/run_v1beta1.rb +1 -1
  433. data/generated/google/apis/run_v1beta1/classes.rb +209 -276
  434. data/generated/google/apis/run_v1beta1/service.rb +16 -18
  435. data/generated/google/apis/runtimeconfig_v1.rb +1 -1
  436. data/generated/google/apis/runtimeconfig_v1/classes.rb +36 -40
  437. data/generated/google/apis/runtimeconfig_v1/service.rb +19 -22
  438. data/generated/google/apis/sasportal_v1alpha1.rb +1 -1
  439. data/generated/google/apis/sasportal_v1alpha1/classes.rb +122 -146
  440. data/generated/google/apis/sasportal_v1alpha1/service.rb +38 -49
  441. data/generated/google/apis/searchconsole_v1.rb +4 -3
  442. data/generated/google/apis/searchconsole_v1/classes.rb +2 -2
  443. data/generated/google/apis/searchconsole_v1/service.rb +3 -2
  444. data/generated/google/apis/securitycenter_v1.rb +1 -1
  445. data/generated/google/apis/securitycenter_v1/classes.rb +574 -826
  446. data/generated/google/apis/securitycenter_v1/service.rb +250 -332
  447. data/generated/google/apis/securitycenter_v1beta1.rb +1 -1
  448. data/generated/google/apis/securitycenter_v1beta1/classes.rb +521 -746
  449. data/generated/google/apis/securitycenter_v1beta1/service.rb +160 -202
  450. data/generated/google/apis/securitycenter_v1p1alpha1.rb +1 -1
  451. data/generated/google/apis/securitycenter_v1p1alpha1/classes.rb +176 -208
  452. data/generated/google/apis/securitycenter_v1p1alpha1/service.rb +21 -25
  453. data/generated/google/apis/securitycenter_v1p1beta1.rb +1 -1
  454. data/generated/google/apis/securitycenter_v1p1beta1/classes.rb +545 -791
  455. data/generated/google/apis/securitycenter_v1p1beta1/service.rb +247 -330
  456. data/generated/google/apis/serviceconsumermanagement_v1.rb +1 -1
  457. data/generated/google/apis/serviceconsumermanagement_v1/classes.rb +1150 -1784
  458. data/generated/google/apis/serviceconsumermanagement_v1/service.rb +114 -141
  459. data/generated/google/apis/serviceconsumermanagement_v1beta1.rb +1 -1
  460. data/generated/google/apis/serviceconsumermanagement_v1beta1/classes.rb +1137 -1774
  461. data/generated/google/apis/serviceconsumermanagement_v1beta1/service.rb +52 -66
  462. data/generated/google/apis/servicecontrol_v1.rb +1 -1
  463. data/generated/google/apis/servicecontrol_v1/classes.rb +6 -6
  464. data/generated/google/apis/servicecontrol_v2.rb +38 -0
  465. data/generated/google/apis/servicecontrol_v2/classes.rb +1121 -0
  466. data/generated/google/apis/servicecontrol_v2/representations.rb +405 -0
  467. data/generated/google/apis/servicecontrol_v2/service.rb +165 -0
  468. data/generated/google/apis/servicemanagement_v1.rb +1 -1
  469. data/generated/google/apis/servicemanagement_v1/classes.rb +50 -2
  470. data/generated/google/apis/servicemanagement_v1/representations.rb +14 -0
  471. data/generated/google/apis/servicenetworking_v1.rb +1 -1
  472. data/generated/google/apis/servicenetworking_v1/classes.rb +1119 -1758
  473. data/generated/google/apis/servicenetworking_v1/service.rb +94 -114
  474. data/generated/google/apis/servicenetworking_v1beta.rb +1 -1
  475. data/generated/google/apis/servicenetworking_v1beta/classes.rb +1065 -1684
  476. data/generated/google/apis/servicenetworking_v1beta/service.rb +52 -63
  477. data/generated/google/apis/serviceusage_v1.rb +1 -1
  478. data/generated/google/apis/serviceusage_v1/classes.rb +1140 -1823
  479. data/generated/google/apis/serviceusage_v1/service.rb +63 -80
  480. data/generated/google/apis/serviceusage_v1beta1.rb +1 -1
  481. data/generated/google/apis/serviceusage_v1beta1/classes.rb +1235 -1986
  482. data/generated/google/apis/serviceusage_v1beta1/service.rb +130 -162
  483. data/generated/google/apis/sheets_v4.rb +1 -1
  484. data/generated/google/apis/sheets_v4/classes.rb +28 -28
  485. data/generated/google/apis/spanner_v1.rb +1 -1
  486. data/generated/google/apis/spanner_v1/classes.rb +3 -2
  487. data/generated/google/apis/spanner_v1/service.rb +5 -0
  488. data/generated/google/apis/sql_v1beta4.rb +1 -1
  489. data/generated/google/apis/sql_v1beta4/classes.rb +207 -200
  490. data/generated/google/apis/sql_v1beta4/representations.rb +2 -1
  491. data/generated/google/apis/sql_v1beta4/service.rb +2 -2
  492. data/generated/google/apis/storagetransfer_v1.rb +1 -1
  493. data/generated/google/apis/storagetransfer_v1/classes.rb +8 -10
  494. data/generated/google/apis/storagetransfer_v1/service.rb +26 -2
  495. data/generated/google/apis/tagmanager_v1.rb +2 -3
  496. data/generated/google/apis/tagmanager_v1/classes.rb +225 -288
  497. data/generated/google/apis/tagmanager_v1/service.rb +20 -21
  498. data/generated/google/apis/tagmanager_v2.rb +2 -3
  499. data/generated/google/apis/tagmanager_v2/classes.rb +240 -280
  500. data/generated/google/apis/tagmanager_v2/representations.rb +1 -0
  501. data/generated/google/apis/tagmanager_v2/service.rb +187 -283
  502. data/generated/google/apis/testing_v1.rb +1 -1
  503. data/generated/google/apis/testing_v1/classes.rb +80 -6
  504. data/generated/google/apis/testing_v1/representations.rb +33 -0
  505. data/generated/google/apis/toolresults_v1beta3.rb +1 -1
  506. data/generated/google/apis/toolresults_v1beta3/classes.rb +671 -928
  507. data/generated/google/apis/toolresults_v1beta3/representations.rb +1 -0
  508. data/generated/google/apis/toolresults_v1beta3/service.rb +522 -640
  509. data/generated/google/apis/tpu_v1.rb +1 -1
  510. data/generated/google/apis/tpu_v1/classes.rb +68 -78
  511. data/generated/google/apis/tpu_v1/service.rb +21 -25
  512. data/generated/google/apis/tpu_v1alpha1.rb +1 -1
  513. data/generated/google/apis/tpu_v1alpha1/classes.rb +68 -78
  514. data/generated/google/apis/tpu_v1alpha1/service.rb +21 -25
  515. data/generated/google/apis/translate_v3.rb +1 -1
  516. data/generated/google/apis/translate_v3/service.rb +14 -1
  517. data/generated/google/apis/translate_v3beta1.rb +1 -1
  518. data/generated/google/apis/translate_v3beta1/service.rb +14 -1
  519. data/generated/google/apis/vision_v1.rb +1 -1
  520. data/generated/google/apis/vision_v1/classes.rb +1304 -1868
  521. data/generated/google/apis/vision_v1/service.rb +254 -340
  522. data/generated/google/apis/vision_v1p1beta1.rb +1 -1
  523. data/generated/google/apis/vision_v1p1beta1/classes.rb +1246 -1788
  524. data/generated/google/apis/vision_v1p1beta1/service.rb +91 -121
  525. data/generated/google/apis/vision_v1p2beta1.rb +1 -1
  526. data/generated/google/apis/vision_v1p2beta1/classes.rb +1246 -1788
  527. data/generated/google/apis/vision_v1p2beta1/service.rb +91 -121
  528. data/generated/google/apis/webfonts_v1.rb +1 -1
  529. data/generated/google/apis/webfonts_v1/service.rb +2 -2
  530. data/generated/google/apis/websecurityscanner_v1.rb +1 -1
  531. data/generated/google/apis/websecurityscanner_v1/classes.rb +71 -95
  532. data/generated/google/apis/websecurityscanner_v1/service.rb +46 -65
  533. data/generated/google/apis/websecurityscanner_v1alpha.rb +1 -1
  534. data/generated/google/apis/websecurityscanner_v1alpha/classes.rb +55 -63
  535. data/generated/google/apis/websecurityscanner_v1alpha/service.rb +46 -65
  536. data/generated/google/apis/websecurityscanner_v1beta.rb +1 -1
  537. data/generated/google/apis/websecurityscanner_v1beta/classes.rb +77 -92
  538. data/generated/google/apis/websecurityscanner_v1beta/service.rb +46 -65
  539. data/generated/google/apis/youtube_analytics_v2.rb +1 -1
  540. data/generated/google/apis/youtube_analytics_v2/classes.rb +77 -104
  541. data/generated/google/apis/youtube_analytics_v2/service.rb +106 -126
  542. data/generated/google/apis/youtube_partner_v1.rb +4 -3
  543. data/generated/google/apis/youtube_partner_v1/classes.rb +1106 -690
  544. data/generated/google/apis/youtube_partner_v1/representations.rb +357 -256
  545. data/generated/google/apis/youtube_partner_v1/service.rb +519 -1079
  546. data/generated/google/apis/youtube_v3.rb +1 -1
  547. data/generated/google/apis/youtube_v3/classes.rb +1456 -1134
  548. data/generated/google/apis/youtube_v3/representations.rb +282 -0
  549. data/generated/google/apis/youtube_v3/service.rb +1225 -1274
  550. data/generated/google/apis/youtubereporting_v1.rb +1 -1
  551. data/generated/google/apis/youtubereporting_v1/classes.rb +20 -29
  552. data/generated/google/apis/youtubereporting_v1/service.rb +40 -43
  553. data/lib/google/apis/core/base_service.rb +7 -1
  554. data/lib/google/apis/version.rb +1 -1
  555. metadata +39 -27
  556. data/generated/google/apis/androidpublisher_v1/classes.rb +0 -26
  557. data/generated/google/apis/androidpublisher_v1/representations.rb +0 -26
  558. data/generated/google/apis/androidpublisher_v1/service.rb +0 -64
  559. data/generated/google/apis/androidpublisher_v1_1/classes.rb +0 -94
  560. data/generated/google/apis/androidpublisher_v1_1/representations.rb +0 -45
  561. data/generated/google/apis/androidpublisher_v1_1/service.rb +0 -104
  562. data/generated/google/apis/androidpublisher_v2/classes.rb +0 -223
  563. data/generated/google/apis/androidpublisher_v2/service.rb +0 -160
  564. data/generated/google/apis/cloudfunctions_v1beta2/classes.rb +0 -841
  565. data/generated/google/apis/fitness_v1.rb +0 -85
  566. data/generated/google/apis/fitness_v1/classes.rb +0 -1020
  567. data/generated/google/apis/fitness_v1/representations.rb +0 -398
  568. data/generated/google/apis/fitness_v1/service.rb +0 -647
  569. data/generated/google/apis/groupsmigration_v1/classes.rb +0 -51
  570. data/generated/google/apis/groupsmigration_v1/representations.rb +0 -40
  571. data/generated/google/apis/groupsmigration_v1/service.rb +0 -100
@@ -25,7 +25,7 @@ module Google
25
25
  # @see https://cloud.google.com/asset-inventory/docs/quickstart
26
26
  module CloudassetV1
27
27
  VERSION = 'V1'
28
- REVISION = '20200619'
28
+ REVISION = '20200731'
29
29
 
30
30
  # View and manage your data across Google Cloud Platform services
31
31
  AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
@@ -1626,7 +1626,9 @@ module Google
1626
1626
  include Google::Apis::Core::Hashable
1627
1627
 
1628
1628
  # The list of APIs usable within the Service Perimeter. Must be empty
1629
- # unless 'enable_restriction' is True.
1629
+ # unless 'enable_restriction' is True. You can specify a list of individual
1630
+ # services, as well as include the 'RESTRICTED-SERVICES' value, which
1631
+ # automatically includes all of the services protected by the perimeter.
1630
1632
  # Corresponds to the JSON property `allowedServices`
1631
1633
  # @return [Array<String>]
1632
1634
  attr_accessor :allowed_services
@@ -2111,21 +2113,23 @@ module Google
2111
2113
  end
2112
2114
  end
2113
2115
 
2114
- # A result of Resource Search, containing information of a cloud resoure.
2116
+ # A result of Resource Search, containing information of a cloud resource.
2115
2117
  class ResourceSearchResult
2116
2118
  include Google::Apis::Core::Hashable
2117
2119
 
2118
- # The additional attributes of this resource. The attributes may vary from
2119
- # one resource type to another. Examples: `projectId` for Project,
2120
+ # The additional searchable attributes of this resource. The attributes may
2121
+ # vary from one resource type to another. Examples: `projectId` for Project,
2120
2122
  # `dnsName` for DNS ManagedZone. This field contains a subset of the resource
2121
2123
  # metadata fields that are returned by the List or Get APIs provided by the
2122
- # corresponding GCP service (e.g., Compute Engine). see [API
2123
- # references](https://cloud.google.com/asset-inventory/docs/supported-asset-
2124
- # types#supported_resource_types)
2125
- # of CAIS supported resource types. You can search values of these fields
2126
- # through free text search. However, you should not consume the field
2127
- # programically as the field names and values may change as the GCP service
2128
- # (e.g., Compute Engine) updates to a new incompatible API version.
2124
+ # corresponding GCP service (e.g., Compute Engine). see [API references and
2125
+ # supported searchable
2126
+ # attributes](https://cloud.google.com/asset-inventory/docs/supported-asset-
2127
+ # types#searchable_asset_types)
2128
+ # for more information.
2129
+ # You can search values of these fields through free text search. However,
2130
+ # you should not consume the field programically as the field names and
2131
+ # values may change as the GCP service updates to a new incompatible API
2132
+ # version.
2129
2133
  # To search against the `additional_attributes`:
2130
2134
  # * use a free text query to match the attributes values. Example: to search
2131
2135
  # `additional_attributes = ` dnsName: "foobar" ``, you can issue a query
@@ -355,18 +355,23 @@ module Google
355
355
  execute_or_queue_command(command, &block)
356
356
  end
357
357
 
358
- # Searches all the IAM policies within the given accessible scope (e.g., a
359
- # project, a folder or an organization). Callers should have
360
- # `cloud.assets.SearchAllIamPolicies` permission upon the requested scope,
358
+ # Searches all IAM policies within the specified scope, such as a project,
359
+ # folder, or organization. The caller must be granted the
360
+ # `cloudasset.assets.searchAllIamPolicies` permission on the desired scope,
361
361
  # otherwise the request will be rejected.
362
362
  # @param [String] scope
363
- # Required. A scope can be a project, a folder or an organization. The search is
364
- # limited to the IAM policies within the `scope`.
363
+ # Required. A scope can be a project, a folder, or an organization. The search
364
+ # is
365
+ # limited to the IAM policies within the `scope`. The caller must be granted
366
+ # the
367
+ # [`cloudasset.assets.searchAllIamPolicies`](http://cloud.google.com/asset-
368
+ # inventory/docs/access-control#required_permissions)
369
+ # permission on the desired scope.
365
370
  # The allowed values are:
366
- # * projects/`PROJECT_ID`
367
- # * projects/`PROJECT_NUMBER`
368
- # * folders/`FOLDER_NUMBER`
369
- # * organizations/`ORGANIZATION_NUMBER`
371
+ # * projects/`PROJECT_ID` (e.g., "projects/foo-bar")
372
+ # * projects/`PROJECT_NUMBER` (e.g., "projects/12345678")
373
+ # * folders/`FOLDER_NUMBER` (e.g., "folders/1234567")
374
+ # * organizations/`ORGANIZATION_NUMBER` (e.g., "organizations/123456")
370
375
  # @param [Fixnum] page_size
371
376
  # Optional. The page size for search result pagination. Page size is capped at
372
377
  # 500 even
@@ -380,26 +385,31 @@ module Google
380
385
  # previous response. The values of all other method parameters must be
381
386
  # identical to those in the previous call.
382
387
  # @param [String] query
383
- # Optional. The query statement. An empty query can be specified to search all
384
- # the IAM
385
- # policies within the given `scope`.
386
- # Examples:
387
- # * `policy : "amy@gmail.com"` to find Cloud IAM policy bindings that
388
- # specify user "amy@gmail.com".
389
- # * `policy : "roles/compute.admin"` to find Cloud IAM policy bindings that
390
- # specify the Compute Admin role.
391
- # * `policy.role.permissions : "storage.buckets.update"` to find Cloud IAM
392
- # policy bindings that specify a role containing "storage.buckets.update"
393
- # permission.
394
- # * `resource : "organizations/123"` to find Cloud IAM policy bindings that
395
- # are set on "organizations/123".
396
- # * `(resource : ("organizations/123" OR "folders/1234") AND policy : "amy")`
397
- # to find Cloud IAM policy bindings that are set on "organizations/123" or
398
- # "folders/1234", and also specify user "amy".
399
- # See [how to construct a
388
+ # Optional. The query statement. See [how to construct a
400
389
  # query](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#
401
390
  # how_to_construct_a_query)
402
- # for more details.
391
+ # for more information. If not specified or empty, it will search all the
392
+ # IAM policies within the specified `scope`.
393
+ # Examples:
394
+ # * `policy : "amy@gmail.com"` to find IAM policy bindings that specify user
395
+ # "amy@gmail.com".
396
+ # * `policy : "roles/compute.admin"` to find IAM policy bindings that specify
397
+ # the Compute Admin role.
398
+ # * `policy.role.permissions : "storage.buckets.update"` to find IAM policy
399
+ # bindings that specify a role containing "storage.buckets.update"
400
+ # permission. Note that if callers don't have `iam.roles.get` access to a
401
+ # role's included permissions, policy bindings that specify this role will
402
+ # be dropped from the search results.
403
+ # * `resource : "organizations/123456"` to find IAM policy bindings
404
+ # that are set on "organizations/123456".
405
+ # * `"Important"` to find IAM policy bindings that contain "Important" as a
406
+ # word in any of the searchable fields (except for the included
407
+ # permissions).
408
+ # * `"*por*"` to find IAM policy bindings which contain "por" as a substring
409
+ # in any of the searchable fields (except for the included permissions).
410
+ # * `(resource : ("instance1" OR "instance2") AND policy : "amy")` to find
411
+ # IAM policy bindings that are set on resources "instance1" or
412
+ # "instance2" and also specify user "amy".
403
413
  # @param [String] fields
404
414
  # Selector specifying which fields to include in a partial response.
405
415
  # @param [String] quota_user
@@ -430,18 +440,22 @@ module Google
430
440
  execute_or_queue_command(command, &block)
431
441
  end
432
442
 
433
- # Searches all the resources within the given accessible scope (e.g., a
434
- # project, a folder or an organization). Callers should have
435
- # `cloud.assets.SearchAllResources` permission upon the requested scope,
443
+ # Searches all Cloud resources within the specified scope, such as a project,
444
+ # folder, or organization. The caller must be granted the
445
+ # `cloudasset.assets.searchAllResources` permission on the desired scope,
436
446
  # otherwise the request will be rejected.
437
447
  # @param [String] scope
438
- # Required. A scope can be a project, a folder or an organization. The search is
439
- # limited to the resources within the `scope`.
448
+ # Required. A scope can be a project, a folder, or an organization. The search
449
+ # is
450
+ # limited to the resources within the `scope`. The caller must be granted the
451
+ # [`cloudasset.assets.searchAllResources`](http://cloud.google.com/asset-
452
+ # inventory/docs/access-control#required_permissions)
453
+ # permission on the desired scope.
440
454
  # The allowed values are:
441
- # * projects/`PROJECT_ID`
442
- # * projects/`PROJECT_NUMBER`
443
- # * folders/`FOLDER_NUMBER`
444
- # * organizations/`ORGANIZATION_NUMBER`
455
+ # * projects/`PROJECT_ID` (e.g., "projects/foo-bar")
456
+ # * projects/`PROJECT_NUMBER` (e.g., "projects/12345678")
457
+ # * folders/`FOLDER_NUMBER` (e.g., "folders/1234567")
458
+ # * organizations/`ORGANIZATION_NUMBER` (e.g., "organizations/123456")
445
459
  # @param [Array<String>, String] asset_types
446
460
  # Optional. A list of asset types that this request searches for. If empty, it
447
461
  # will
@@ -470,14 +484,21 @@ module Google
470
484
  # the previous response. The values of all other method parameters, must be
471
485
  # identical to those in the previous call.
472
486
  # @param [String] query
473
- # Optional. The query statement. An empty query can be specified to search all
474
- # the
475
- # resources of certain `asset_types` within the given `scope`.
487
+ # Optional. The query statement. See [how to construct a
488
+ # query](http://cloud.google.com/asset-inventory/docs/searching-resources#
489
+ # how_to_construct_a_query)
490
+ # for more information. If not specified or empty, it will search all the
491
+ # resources within the specified `scope`. Note that the query string is
492
+ # compared against each Cloud IAM policy binding, including its members,
493
+ # roles, and Cloud IAM conditions. The returned Cloud IAM policies will only
494
+ # contain the bindings that match your query. To learn more about the IAM
495
+ # policy structure, see [IAM policy
496
+ # doc](https://cloud.google.com/iam/docs/policies#structure).
476
497
  # Examples:
477
498
  # * `name : "Important"` to find Cloud resources whose name contains
478
499
  # "Important" as a word.
479
500
  # * `displayName : "Impor*"` to find Cloud resources whose display name
480
- # contains "Impor" as a word prefix.
501
+ # contains "Impor" as a prefix.
481
502
  # * `description : "*por*"` to find Cloud resources whose description
482
503
  # contains "por" as a substring.
483
504
  # * `location : "us-west*"` to find Cloud resources whose location is
@@ -489,7 +510,7 @@ module Google
489
510
  # * `labels.env : *` to find Cloud resources which have a label "env".
490
511
  # * `"Important"` to find Cloud resources which contain "Important" as a word
491
512
  # in any of the searchable fields.
492
- # * `"Impor*"` to find Cloud resources which contain "Impor" as a word prefix
513
+ # * `"Impor*"` to find Cloud resources which contain "Impor" as a prefix
493
514
  # in any of the searchable fields.
494
515
  # * `"*por*"` to find Cloud resources which contain "por" as a substring in
495
516
  # any of the searchable fields.
@@ -497,10 +518,6 @@ module Google
497
518
  # resources which contain "Important" as a word in any of the searchable
498
519
  # fields and are also located in the "us-west1" region or the "global"
499
520
  # location.
500
- # See [how to construct a
501
- # query](https://cloud.google.com/asset-inventory/docs/searching-resources#
502
- # how_to_construct_a_query)
503
- # for more details.
504
521
  # @param [String] fields
505
522
  # Selector specifying which fields to include in a partial response.
506
523
  # @param [String] quota_user
@@ -25,7 +25,7 @@ module Google
25
25
  # @see https://cloud.google.com/asset-inventory/docs/quickstart
26
26
  module CloudassetV1beta1
27
27
  VERSION = 'V1beta1'
28
- REVISION = '20200613'
28
+ REVISION = '20200731'
29
29
 
30
30
  # View and manage your data across Google Cloud Platform services
31
31
  AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
@@ -1370,7 +1370,9 @@ module Google
1370
1370
  include Google::Apis::Core::Hashable
1371
1371
 
1372
1372
  # The list of APIs usable within the Service Perimeter. Must be empty
1373
- # unless 'enable_restriction' is True.
1373
+ # unless 'enable_restriction' is True. You can specify a list of individual
1374
+ # services, as well as include the 'RESTRICTED-SERVICES' value, which
1375
+ # automatically includes all of the services protected by the perimeter.
1374
1376
  # Corresponds to the JSON property `allowedServices`
1375
1377
  # @return [Array<String>]
1376
1378
  attr_accessor :allowed_services
@@ -25,7 +25,7 @@ module Google
25
25
  # @see https://cloud.google.com/asset-inventory/docs/quickstart
26
26
  module CloudassetV1p4beta1
27
27
  VERSION = 'V1p4beta1'
28
- REVISION = '20200613'
28
+ REVISION = '20200731'
29
29
 
30
30
  # View and manage your data across Google Cloud Platform services
31
31
  AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
@@ -12,23 +12,23 @@
12
12
  # See the License for the specific language governing permissions and
13
13
  # limitations under the License.
14
14
 
15
- require 'google/apis/androidpublisher_v1_1/service.rb'
16
- require 'google/apis/androidpublisher_v1_1/classes.rb'
17
- require 'google/apis/androidpublisher_v1_1/representations.rb'
15
+ require 'google/apis/cloudasset_v1p5beta1/service.rb'
16
+ require 'google/apis/cloudasset_v1p5beta1/classes.rb'
17
+ require 'google/apis/cloudasset_v1p5beta1/representations.rb'
18
18
 
19
19
  module Google
20
20
  module Apis
21
- # Google Play Developer API
21
+ # Cloud Asset API
22
22
  #
23
- # Accesses Android application developers' Google Play accounts.
23
+ # The cloud asset API manages the history and inventory of cloud resources.
24
24
  #
25
- # @see https://developers.google.com/android-publisher
26
- module AndroidpublisherV1_1
27
- VERSION = 'V1_1'
28
- REVISION = '20200428'
25
+ # @see https://cloud.google.com/asset-inventory/docs/quickstart
26
+ module CloudassetV1p5beta1
27
+ VERSION = 'V1p5beta1'
28
+ REVISION = '20200731'
29
29
 
30
- # View and manage your Google Play Developer account
31
- AUTH_ANDROIDPUBLISHER = 'https://www.googleapis.com/auth/androidpublisher'
30
+ # View and manage your data across Google Cloud Platform services
31
+ AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
32
32
  end
33
33
  end
34
34
  end
@@ -0,0 +1,1539 @@
1
+ # Copyright 2015 Google Inc.
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require 'date'
16
+ require 'google/apis/core/base_service'
17
+ require 'google/apis/core/json_representation'
18
+ require 'google/apis/core/hashable'
19
+ require 'google/apis/errors'
20
+
21
+ module Google
22
+ module Apis
23
+ module CloudassetV1p5beta1
24
+
25
+ # An asset in Google Cloud. An asset can be any resource in the Google Cloud
26
+ # [resource
27
+ # hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-
28
+ # resource-hierarchy),
29
+ # a resource outside the Google Cloud resource hierarchy (such as Google
30
+ # Kubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy).
31
+ # See [Supported asset
32
+ # types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
33
+ # for more information.
34
+ class Asset
35
+ include Google::Apis::Core::Hashable
36
+
37
+ # An `AccessLevel` is a label that can be applied to requests to Google Cloud
38
+ # services, along with a list of requirements necessary for the label to be
39
+ # applied.
40
+ # Corresponds to the JSON property `accessLevel`
41
+ # @return [Google::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1AccessLevel]
42
+ attr_accessor :access_level
43
+
44
+ # `AccessPolicy` is a container for `AccessLevels` (which define the necessary
45
+ # attributes to use Google Cloud services) and `ServicePerimeters` (which
46
+ # define regions of services able to freely pass data within a perimeter). An
47
+ # access policy is globally visible within an organization, and the
48
+ # restrictions it specifies apply to all projects within an organization.
49
+ # Corresponds to the JSON property `accessPolicy`
50
+ # @return [Google::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1AccessPolicy]
51
+ attr_accessor :access_policy
52
+
53
+ # The ancestry path of an asset in Google Cloud [resource
54
+ # hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-
55
+ # resource-hierarchy),
56
+ # represented as a list of relative resource names. An ancestry path starts
57
+ # with the closest ancestor in the hierarchy and ends at root. If the asset
58
+ # is a project, folder, or organization, the ancestry path starts from the
59
+ # asset itself.
60
+ # Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
61
+ # Corresponds to the JSON property `ancestors`
62
+ # @return [Array<String>]
63
+ attr_accessor :ancestors
64
+
65
+ # The type of the asset. Example: `compute.googleapis.com/Disk`
66
+ # See [Supported asset
67
+ # types](https://cloud.google.com/asset-inventory/docs/supported-asset-types)
68
+ # for more information.
69
+ # Corresponds to the JSON property `assetType`
70
+ # @return [String]
71
+ attr_accessor :asset_type
72
+
73
+ # An Identity and Access Management (IAM) policy, which specifies access
74
+ # controls for Google Cloud resources.
75
+ # A `Policy` is a collection of `bindings`. A `binding` binds one or more
76
+ # `members` to a single `role`. Members can be user accounts, service accounts,
77
+ # Google groups, and domains (such as G Suite). A `role` is a named list of
78
+ # permissions; each `role` can be an IAM predefined role or a user-created
79
+ # custom role.
80
+ # For some types of Google Cloud resources, a `binding` can also specify a
81
+ # `condition`, which is a logical expression that allows access to a resource
82
+ # only if the expression evaluates to `true`. A condition can add constraints
83
+ # based on attributes of the request, the resource, or both. To learn which
84
+ # resources support conditions in their IAM policies, see the
85
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-
86
+ # policies).
87
+ # **JSON example:**
88
+ # `
89
+ # "bindings": [
90
+ # `
91
+ # "role": "roles/resourcemanager.organizationAdmin",
92
+ # "members": [
93
+ # "user:mike@example.com",
94
+ # "group:admins@example.com",
95
+ # "domain:google.com",
96
+ # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
97
+ # ]
98
+ # `,
99
+ # `
100
+ # "role": "roles/resourcemanager.organizationViewer",
101
+ # "members": [
102
+ # "user:eve@example.com"
103
+ # ],
104
+ # "condition": `
105
+ # "title": "expirable access",
106
+ # "description": "Does not grant access after Sep 2020",
107
+ # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')
108
+ # ",
109
+ # `
110
+ # `
111
+ # ],
112
+ # "etag": "BwWWja0YfJA=",
113
+ # "version": 3
114
+ # `
115
+ # **YAML example:**
116
+ # bindings:
117
+ # - members:
118
+ # - user:mike@example.com
119
+ # - group:admins@example.com
120
+ # - domain:google.com
121
+ # - serviceAccount:my-project-id@appspot.gserviceaccount.com
122
+ # role: roles/resourcemanager.organizationAdmin
123
+ # - members:
124
+ # - user:eve@example.com
125
+ # role: roles/resourcemanager.organizationViewer
126
+ # condition:
127
+ # title: expirable access
128
+ # description: Does not grant access after Sep 2020
129
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
130
+ # - etag: BwWWja0YfJA=
131
+ # - version: 3
132
+ # For a description of IAM and its features, see the
133
+ # [IAM documentation](https://cloud.google.com/iam/docs/).
134
+ # Corresponds to the JSON property `iamPolicy`
135
+ # @return [Google::Apis::CloudassetV1p5beta1::Policy]
136
+ attr_accessor :iam_policy
137
+
138
+ # The full name of the asset. Example:
139
+ # `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/
140
+ # instance1`
141
+ # See [Resource
142
+ # names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
143
+ # for more information.
144
+ # Corresponds to the JSON property `name`
145
+ # @return [String]
146
+ attr_accessor :name
147
+
148
+ # A representation of an [organization
149
+ # policy](https://cloud.google.com/resource-manager/docs/organization-policy/
150
+ # overview#organization_policy).
151
+ # There can be more than one organization policy with different constraints
152
+ # set on a given resource.
153
+ # Corresponds to the JSON property `orgPolicy`
154
+ # @return [Array<Google::Apis::CloudassetV1p5beta1::GoogleCloudOrgpolicyV1Policy>]
155
+ attr_accessor :org_policy
156
+
157
+ # A representation of a Google Cloud resource.
158
+ # Corresponds to the JSON property `resource`
159
+ # @return [Google::Apis::CloudassetV1p5beta1::Resource]
160
+ attr_accessor :resource
161
+
162
+ # `ServicePerimeter` describes a set of Google Cloud resources which can freely
163
+ # import and export data amongst themselves, but not export outside of the
164
+ # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
165
+ # has a target outside of the `ServicePerimeter`, the request will be blocked.
166
+ # Otherwise the request is allowed. There are two types of Service Perimeter -
167
+ # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
168
+ # Google Cloud project can only belong to a single regular Service Perimeter.
169
+ # Service Perimeter Bridges can contain only Google Cloud projects as members,
170
+ # a single Google Cloud project may belong to multiple Service Perimeter
171
+ # Bridges.
172
+ # Corresponds to the JSON property `servicePerimeter`
173
+ # @return [Google::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1ServicePerimeter]
174
+ attr_accessor :service_perimeter
175
+
176
+ def initialize(**args)
177
+ update!(**args)
178
+ end
179
+
180
+ # Update properties of this object
181
+ def update!(**args)
182
+ @access_level = args[:access_level] if args.key?(:access_level)
183
+ @access_policy = args[:access_policy] if args.key?(:access_policy)
184
+ @ancestors = args[:ancestors] if args.key?(:ancestors)
185
+ @asset_type = args[:asset_type] if args.key?(:asset_type)
186
+ @iam_policy = args[:iam_policy] if args.key?(:iam_policy)
187
+ @name = args[:name] if args.key?(:name)
188
+ @org_policy = args[:org_policy] if args.key?(:org_policy)
189
+ @resource = args[:resource] if args.key?(:resource)
190
+ @service_perimeter = args[:service_perimeter] if args.key?(:service_perimeter)
191
+ end
192
+ end
193
+
194
+ # Specifies the audit configuration for a service.
195
+ # The configuration determines which permission types are logged, and what
196
+ # identities, if any, are exempted from logging.
197
+ # An AuditConfig must have one or more AuditLogConfigs.
198
+ # If there are AuditConfigs for both `allServices` and a specific service,
199
+ # the union of the two AuditConfigs is used for that service: the log_types
200
+ # specified in each AuditConfig are enabled, and the exempted_members in each
201
+ # AuditLogConfig are exempted.
202
+ # Example Policy with multiple AuditConfigs:
203
+ # `
204
+ # "audit_configs": [
205
+ # `
206
+ # "service": "allServices",
207
+ # "audit_log_configs": [
208
+ # `
209
+ # "log_type": "DATA_READ",
210
+ # "exempted_members": [
211
+ # "user:jose@example.com"
212
+ # ]
213
+ # `,
214
+ # `
215
+ # "log_type": "DATA_WRITE"
216
+ # `,
217
+ # `
218
+ # "log_type": "ADMIN_READ"
219
+ # `
220
+ # ]
221
+ # `,
222
+ # `
223
+ # "service": "sampleservice.googleapis.com",
224
+ # "audit_log_configs": [
225
+ # `
226
+ # "log_type": "DATA_READ"
227
+ # `,
228
+ # `
229
+ # "log_type": "DATA_WRITE",
230
+ # "exempted_members": [
231
+ # "user:aliya@example.com"
232
+ # ]
233
+ # `
234
+ # ]
235
+ # `
236
+ # ]
237
+ # `
238
+ # For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
239
+ # logging. It also exempts jose@example.com from DATA_READ logging, and
240
+ # aliya@example.com from DATA_WRITE logging.
241
+ class AuditConfig
242
+ include Google::Apis::Core::Hashable
243
+
244
+ # The configuration for logging of each type of permission.
245
+ # Corresponds to the JSON property `auditLogConfigs`
246
+ # @return [Array<Google::Apis::CloudassetV1p5beta1::AuditLogConfig>]
247
+ attr_accessor :audit_log_configs
248
+
249
+ # Specifies a service that will be enabled for audit logging.
250
+ # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
251
+ # `allServices` is a special value that covers all services.
252
+ # Corresponds to the JSON property `service`
253
+ # @return [String]
254
+ attr_accessor :service
255
+
256
+ def initialize(**args)
257
+ update!(**args)
258
+ end
259
+
260
+ # Update properties of this object
261
+ def update!(**args)
262
+ @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
263
+ @service = args[:service] if args.key?(:service)
264
+ end
265
+ end
266
+
267
+ # Provides the configuration for logging a type of permissions.
268
+ # Example:
269
+ # `
270
+ # "audit_log_configs": [
271
+ # `
272
+ # "log_type": "DATA_READ",
273
+ # "exempted_members": [
274
+ # "user:jose@example.com"
275
+ # ]
276
+ # `,
277
+ # `
278
+ # "log_type": "DATA_WRITE"
279
+ # `
280
+ # ]
281
+ # `
282
+ # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
283
+ # jose@example.com from DATA_READ logging.
284
+ class AuditLogConfig
285
+ include Google::Apis::Core::Hashable
286
+
287
+ # Specifies the identities that do not cause logging for this type of
288
+ # permission.
289
+ # Follows the same format of Binding.members.
290
+ # Corresponds to the JSON property `exemptedMembers`
291
+ # @return [Array<String>]
292
+ attr_accessor :exempted_members
293
+
294
+ # The log type that this config enables.
295
+ # Corresponds to the JSON property `logType`
296
+ # @return [String]
297
+ attr_accessor :log_type
298
+
299
+ def initialize(**args)
300
+ update!(**args)
301
+ end
302
+
303
+ # Update properties of this object
304
+ def update!(**args)
305
+ @exempted_members = args[:exempted_members] if args.key?(:exempted_members)
306
+ @log_type = args[:log_type] if args.key?(:log_type)
307
+ end
308
+ end
309
+
310
+ # Associates `members` with a `role`.
311
+ class Binding
312
+ include Google::Apis::Core::Hashable
313
+
314
+ # Represents a textual expression in the Common Expression Language (CEL)
315
+ # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
316
+ # are documented at https://github.com/google/cel-spec.
317
+ # Example (Comparison):
318
+ # title: "Summary size limit"
319
+ # description: "Determines if a summary is less than 100 chars"
320
+ # expression: "document.summary.size() < 100"
321
+ # Example (Equality):
322
+ # title: "Requestor is owner"
323
+ # description: "Determines if requestor is the document owner"
324
+ # expression: "document.owner == request.auth.claims.email"
325
+ # Example (Logic):
326
+ # title: "Public documents"
327
+ # description: "Determine whether the document should be publicly visible"
328
+ # expression: "document.type != 'private' && document.type != 'internal'"
329
+ # Example (Data Manipulation):
330
+ # title: "Notification string"
331
+ # description: "Create a notification string with a timestamp."
332
+ # expression: "'New message received at ' + string(document.create_time)"
333
+ # The exact variables and functions that may be referenced within an expression
334
+ # are determined by the service that evaluates it. See the service
335
+ # documentation for additional information.
336
+ # Corresponds to the JSON property `condition`
337
+ # @return [Google::Apis::CloudassetV1p5beta1::Expr]
338
+ attr_accessor :condition
339
+
340
+ # Specifies the identities requesting access for a Cloud Platform resource.
341
+ # `members` can have the following values:
342
+ # * `allUsers`: A special identifier that represents anyone who is
343
+ # on the internet; with or without a Google account.
344
+ # * `allAuthenticatedUsers`: A special identifier that represents anyone
345
+ # who is authenticated with a Google account or a service account.
346
+ # * `user:`emailid``: An email address that represents a specific Google
347
+ # account. For example, `alice@example.com` .
348
+ # * `serviceAccount:`emailid``: An email address that represents a service
349
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`.
350
+ # * `group:`emailid``: An email address that represents a Google group.
351
+ # For example, `admins@example.com`.
352
+ # * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
353
+ # identifier) representing a user that has been recently deleted. For
354
+ # example, `alice@example.com?uid=123456789012345678901`. If the user is
355
+ # recovered, this value reverts to `user:`emailid`` and the recovered user
356
+ # retains the role in the binding.
357
+ # * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email address (plus
358
+ # unique identifier) representing a service account that has been recently
359
+ # deleted. For example,
360
+ # `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
361
+ # If the service account is undeleted, this value reverts to
362
+ # `serviceAccount:`emailid`` and the undeleted service account retains the
363
+ # role in the binding.
364
+ # * `deleted:group:`emailid`?uid=`uniqueid``: An email address (plus unique
365
+ # identifier) representing a Google group that has been recently
366
+ # deleted. For example, `admins@example.com?uid=123456789012345678901`. If
367
+ # the group is recovered, this value reverts to `group:`emailid`` and the
368
+ # recovered group retains the role in the binding.
369
+ # * `domain:`domain``: The G Suite domain (primary) that represents all the
370
+ # users of that domain. For example, `google.com` or `example.com`.
371
+ # Corresponds to the JSON property `members`
372
+ # @return [Array<String>]
373
+ attr_accessor :members
374
+
375
+ # Role that is assigned to `members`.
376
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
377
+ # Corresponds to the JSON property `role`
378
+ # @return [String]
379
+ attr_accessor :role
380
+
381
+ def initialize(**args)
382
+ update!(**args)
383
+ end
384
+
385
+ # Update properties of this object
386
+ def update!(**args)
387
+ @condition = args[:condition] if args.key?(:condition)
388
+ @members = args[:members] if args.key?(:members)
389
+ @role = args[:role] if args.key?(:role)
390
+ end
391
+ end
392
+
393
+ # Represents a textual expression in the Common Expression Language (CEL)
394
+ # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
395
+ # are documented at https://github.com/google/cel-spec.
396
+ # Example (Comparison):
397
+ # title: "Summary size limit"
398
+ # description: "Determines if a summary is less than 100 chars"
399
+ # expression: "document.summary.size() < 100"
400
+ # Example (Equality):
401
+ # title: "Requestor is owner"
402
+ # description: "Determines if requestor is the document owner"
403
+ # expression: "document.owner == request.auth.claims.email"
404
+ # Example (Logic):
405
+ # title: "Public documents"
406
+ # description: "Determine whether the document should be publicly visible"
407
+ # expression: "document.type != 'private' && document.type != 'internal'"
408
+ # Example (Data Manipulation):
409
+ # title: "Notification string"
410
+ # description: "Create a notification string with a timestamp."
411
+ # expression: "'New message received at ' + string(document.create_time)"
412
+ # The exact variables and functions that may be referenced within an expression
413
+ # are determined by the service that evaluates it. See the service
414
+ # documentation for additional information.
415
+ class Expr
416
+ include Google::Apis::Core::Hashable
417
+
418
+ # Optional. Description of the expression. This is a longer text which
419
+ # describes the expression, e.g. when hovered over it in a UI.
420
+ # Corresponds to the JSON property `description`
421
+ # @return [String]
422
+ attr_accessor :description
423
+
424
+ # Textual representation of an expression in Common Expression Language
425
+ # syntax.
426
+ # Corresponds to the JSON property `expression`
427
+ # @return [String]
428
+ attr_accessor :expression
429
+
430
+ # Optional. String indicating the location of the expression for error
431
+ # reporting, e.g. a file name and a position in the file.
432
+ # Corresponds to the JSON property `location`
433
+ # @return [String]
434
+ attr_accessor :location
435
+
436
+ # Optional. Title for the expression, i.e. a short string describing
437
+ # its purpose. This can be used e.g. in UIs which allow to enter the
438
+ # expression.
439
+ # Corresponds to the JSON property `title`
440
+ # @return [String]
441
+ attr_accessor :title
442
+
443
+ def initialize(**args)
444
+ update!(**args)
445
+ end
446
+
447
+ # Update properties of this object
448
+ def update!(**args)
449
+ @description = args[:description] if args.key?(:description)
450
+ @expression = args[:expression] if args.key?(:expression)
451
+ @location = args[:location] if args.key?(:location)
452
+ @title = args[:title] if args.key?(:title)
453
+ end
454
+ end
455
+
456
+ # Used in `policy_type` to specify how `boolean_policy` will behave at this
457
+ # resource.
458
+ class GoogleCloudOrgpolicyV1BooleanPolicy
459
+ include Google::Apis::Core::Hashable
460
+
461
+ # If `true`, then the `Policy` is enforced. If `false`, then any
462
+ # configuration is acceptable.
463
+ # Suppose you have a `Constraint`
464
+ # `constraints/compute.disableSerialPortAccess` with `constraint_default`
465
+ # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
466
+ # behavior:
467
+ # - If the `Policy` at this resource has enforced set to `false`, serial
468
+ # port connection attempts will be allowed.
469
+ # - If the `Policy` at this resource has enforced set to `true`, serial
470
+ # port connection attempts will be refused.
471
+ # - If the `Policy` at this resource is `RestoreDefault`, serial port
472
+ # connection attempts will be allowed.
473
+ # - If no `Policy` is set at this resource or anywhere higher in the
474
+ # resource hierarchy, serial port connection attempts will be allowed.
475
+ # - If no `Policy` is set at this resource, but one exists higher in the
476
+ # resource hierarchy, the behavior is as if the`Policy` were set at
477
+ # this resource.
478
+ # The following examples demonstrate the different possible layerings:
479
+ # Example 1 (nearest `Constraint` wins):
480
+ # `organizations/foo` has a `Policy` with:
481
+ # `enforced: false`
482
+ # `projects/bar` has no `Policy` set.
483
+ # The constraint at `projects/bar` and `organizations/foo` will not be
484
+ # enforced.
485
+ # Example 2 (enforcement gets replaced):
486
+ # `organizations/foo` has a `Policy` with:
487
+ # `enforced: false`
488
+ # `projects/bar` has a `Policy` with:
489
+ # `enforced: true`
490
+ # The constraint at `organizations/foo` is not enforced.
491
+ # The constraint at `projects/bar` is enforced.
492
+ # Example 3 (RestoreDefault):
493
+ # `organizations/foo` has a `Policy` with:
494
+ # `enforced: true`
495
+ # `projects/bar` has a `Policy` with:
496
+ # `RestoreDefault: ```
497
+ # The constraint at `organizations/foo` is enforced.
498
+ # The constraint at `projects/bar` is not enforced, because
499
+ # `constraint_default` for the `Constraint` is `ALLOW`.
500
+ # Corresponds to the JSON property `enforced`
501
+ # @return [Boolean]
502
+ attr_accessor :enforced
503
+ alias_method :enforced?, :enforced
504
+
505
+ def initialize(**args)
506
+ update!(**args)
507
+ end
508
+
509
+ # Update properties of this object
510
+ def update!(**args)
511
+ @enforced = args[:enforced] if args.key?(:enforced)
512
+ end
513
+ end
514
+
515
+ # Used in `policy_type` to specify how `list_policy` behaves at this
516
+ # resource.
517
+ # `ListPolicy` can define specific values and subtrees of Cloud Resource
518
+ # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
519
+ # are allowed or denied by setting the `allowed_values` and `denied_values`
520
+ # fields. This is achieved by using the `under:` and optional `is:` prefixes.
521
+ # The `under:` prefix is used to denote resource subtree values.
522
+ # The `is:` prefix is used to denote specific values, and is required only
523
+ # if the value contains a ":". Values prefixed with "is:" are treated the
524
+ # same as values with no prefix.
525
+ # Ancestry subtrees must be in one of the following formats:
526
+ # - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
527
+ # - "folders/<folder-id>", e.g. "folders/1234"
528
+ # - "organizations/<organization-id>", e.g. "organizations/1234"
529
+ # The `supports_under` field of the associated `Constraint` defines whether
530
+ # ancestry prefixes can be used. You can set `allowed_values` and
531
+ # `denied_values` in the same `Policy` if `all_values` is
532
+ # `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
533
+ # values. If `all_values` is set to either `ALLOW` or `DENY`,
534
+ # `allowed_values` and `denied_values` must be unset.
535
+ class GoogleCloudOrgpolicyV1ListPolicy
536
+ include Google::Apis::Core::Hashable
537
+
538
+ # The policy all_values state.
539
+ # Corresponds to the JSON property `allValues`
540
+ # @return [String]
541
+ attr_accessor :all_values
542
+
543
+ # List of values allowed at this resource. Can only be set if `all_values`
544
+ # is set to `ALL_VALUES_UNSPECIFIED`.
545
+ # Corresponds to the JSON property `allowedValues`
546
+ # @return [Array<String>]
547
+ attr_accessor :allowed_values
548
+
549
+ # List of values denied at this resource. Can only be set if `all_values`
550
+ # is set to `ALL_VALUES_UNSPECIFIED`.
551
+ # Corresponds to the JSON property `deniedValues`
552
+ # @return [Array<String>]
553
+ attr_accessor :denied_values
554
+
555
+ # Determines the inheritance behavior for this `Policy`.
556
+ # By default, a `ListPolicy` set at a resource supersedes any `Policy` set
557
+ # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
558
+ # set to `true`, then the values from the effective `Policy` of the parent
559
+ # resource are inherited, meaning the values set in this `Policy` are
560
+ # added to the values inherited up the hierarchy.
561
+ # Setting `Policy` hierarchies that inherit both allowed values and denied
562
+ # values isn't recommended in most circumstances to keep the configuration
563
+ # simple and understandable. However, it is possible to set a `Policy` with
564
+ # `allowed_values` set that inherits a `Policy` with `denied_values` set.
565
+ # In this case, the values that are allowed must be in `allowed_values` and
566
+ # not present in `denied_values`.
567
+ # For example, suppose you have a `Constraint`
568
+ # `constraints/serviceuser.services`, which has a `constraint_type` of
569
+ # `list_constraint`, and with `constraint_default` set to `ALLOW`.
570
+ # Suppose that at the Organization level, a `Policy` is applied that
571
+ # restricts the allowed API activations to ``E1`, `E2``. Then, if a
572
+ # `Policy` is applied to a project below the Organization that has
573
+ # `inherit_from_parent` set to `false` and field all_values set to DENY,
574
+ # then an attempt to activate any API will be denied.
575
+ # The following examples demonstrate different possible layerings for
576
+ # `projects/bar` parented by `organizations/foo`:
577
+ # Example 1 (no inherited values):
578
+ # `organizations/foo` has a `Policy` with values:
579
+ # `allowed_values: "E1" allowed_values:"E2"`
580
+ # `projects/bar` has `inherit_from_parent` `false` and values:
581
+ # `allowed_values: "E3" allowed_values: "E4"`
582
+ # The accepted values at `organizations/foo` are `E1`, `E2`.
583
+ # The accepted values at `projects/bar` are `E3`, and `E4`.
584
+ # Example 2 (inherited values):
585
+ # `organizations/foo` has a `Policy` with values:
586
+ # `allowed_values: "E1" allowed_values:"E2"`
587
+ # `projects/bar` has a `Policy` with values:
588
+ # `value: "E3" value: "E4" inherit_from_parent: true`
589
+ # The accepted values at `organizations/foo` are `E1`, `E2`.
590
+ # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
591
+ # Example 3 (inheriting both allowed and denied values):
592
+ # `organizations/foo` has a `Policy` with values:
593
+ # `allowed_values: "E1" allowed_values: "E2"`
594
+ # `projects/bar` has a `Policy` with:
595
+ # `denied_values: "E1"`
596
+ # The accepted values at `organizations/foo` are `E1`, `E2`.
597
+ # The value accepted at `projects/bar` is `E2`.
598
+ # Example 4 (RestoreDefault):
599
+ # `organizations/foo` has a `Policy` with values:
600
+ # `allowed_values: "E1" allowed_values:"E2"`
601
+ # `projects/bar` has a `Policy` with values:
602
+ # `RestoreDefault: ```
603
+ # The accepted values at `organizations/foo` are `E1`, `E2`.
604
+ # The accepted values at `projects/bar` are either all or none depending on
605
+ # the value of `constraint_default` (if `ALLOW`, all; if
606
+ # `DENY`, none).
607
+ # Example 5 (no policy inherits parent policy):
608
+ # `organizations/foo` has no `Policy` set.
609
+ # `projects/bar` has no `Policy` set.
610
+ # The accepted values at both levels are either all or none depending on
611
+ # the value of `constraint_default` (if `ALLOW`, all; if
612
+ # `DENY`, none).
613
+ # Example 6 (ListConstraint allowing all):
614
+ # `organizations/foo` has a `Policy` with values:
615
+ # `allowed_values: "E1" allowed_values: "E2"`
616
+ # `projects/bar` has a `Policy` with:
617
+ # `all: ALLOW`
618
+ # The accepted values at `organizations/foo` are `E1`, E2`.
619
+ # Any value is accepted at `projects/bar`.
620
+ # Example 7 (ListConstraint allowing none):
621
+ # `organizations/foo` has a `Policy` with values:
622
+ # `allowed_values: "E1" allowed_values: "E2"`
623
+ # `projects/bar` has a `Policy` with:
624
+ # `all: DENY`
625
+ # The accepted values at `organizations/foo` are `E1`, E2`.
626
+ # No value is accepted at `projects/bar`.
627
+ # Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
628
+ # Given the following resource hierarchy
629
+ # O1->`F1, F2`; F1->`P1`; F2->`P2, P3`,
630
+ # `organizations/foo` has a `Policy` with values:
631
+ # `allowed_values: "under:organizations/O1"`
632
+ # `projects/bar` has a `Policy` with:
633
+ # `allowed_values: "under:projects/P3"`
634
+ # `denied_values: "under:folders/F2"`
635
+ # The accepted values at `organizations/foo` are `organizations/O1`,
636
+ # `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
637
+ # `projects/P3`.
638
+ # The accepted values at `projects/bar` are `organizations/O1`,
639
+ # `folders/F1`, `projects/P1`.
640
+ # Corresponds to the JSON property `inheritFromParent`
641
+ # @return [Boolean]
642
+ attr_accessor :inherit_from_parent
643
+ alias_method :inherit_from_parent?, :inherit_from_parent
644
+
645
+ # Optional. The Google Cloud Console will try to default to a configuration
646
+ # that matches the value specified in this `Policy`. If `suggested_value`
647
+ # is not set, it will inherit the value specified higher in the hierarchy,
648
+ # unless `inherit_from_parent` is `false`.
649
+ # Corresponds to the JSON property `suggestedValue`
650
+ # @return [String]
651
+ attr_accessor :suggested_value
652
+
653
+ def initialize(**args)
654
+ update!(**args)
655
+ end
656
+
657
+ # Update properties of this object
658
+ def update!(**args)
659
+ @all_values = args[:all_values] if args.key?(:all_values)
660
+ @allowed_values = args[:allowed_values] if args.key?(:allowed_values)
661
+ @denied_values = args[:denied_values] if args.key?(:denied_values)
662
+ @inherit_from_parent = args[:inherit_from_parent] if args.key?(:inherit_from_parent)
663
+ @suggested_value = args[:suggested_value] if args.key?(:suggested_value)
664
+ end
665
+ end
666
+
667
+ # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
668
+ # for configurations of Cloud Platform resources.
669
+ class GoogleCloudOrgpolicyV1Policy
670
+ include Google::Apis::Core::Hashable
671
+
672
+ # Used in `policy_type` to specify how `boolean_policy` will behave at this
673
+ # resource.
674
+ # Corresponds to the JSON property `booleanPolicy`
675
+ # @return [Google::Apis::CloudassetV1p5beta1::GoogleCloudOrgpolicyV1BooleanPolicy]
676
+ attr_accessor :boolean_policy
677
+
678
+ # The name of the `Constraint` the `Policy` is configuring, for example,
679
+ # `constraints/serviceuser.services`.
680
+ # A [list of available
681
+ # constraints](/resource-manager/docs/organization-policy/org-policy-constraints)
682
+ # is available.
683
+ # Immutable after creation.
684
+ # Corresponds to the JSON property `constraint`
685
+ # @return [String]
686
+ attr_accessor :constraint
687
+
688
+ # An opaque tag indicating the current version of the `Policy`, used for
689
+ # concurrency control.
690
+ # When the `Policy` is returned from either a `GetPolicy` or a
691
+ # `ListOrgPolicy` request, this `etag` indicates the version of the current
692
+ # `Policy` to use when executing a read-modify-write loop.
693
+ # When the `Policy` is returned from a `GetEffectivePolicy` request, the
694
+ # `etag` will be unset.
695
+ # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
696
+ # that was returned from a `GetOrgPolicy` request as part of a
697
+ # read-modify-write loop for concurrency control. Not setting the `etag`in a
698
+ # `SetOrgPolicy` request will result in an unconditional write of the
699
+ # `Policy`.
700
+ # Corresponds to the JSON property `etag`
701
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
702
+ # @return [String]
703
+ attr_accessor :etag
704
+
705
+ # Used in `policy_type` to specify how `list_policy` behaves at this
706
+ # resource.
707
+ # `ListPolicy` can define specific values and subtrees of Cloud Resource
708
+ # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
709
+ # are allowed or denied by setting the `allowed_values` and `denied_values`
710
+ # fields. This is achieved by using the `under:` and optional `is:` prefixes.
711
+ # The `under:` prefix is used to denote resource subtree values.
712
+ # The `is:` prefix is used to denote specific values, and is required only
713
+ # if the value contains a ":". Values prefixed with "is:" are treated the
714
+ # same as values with no prefix.
715
+ # Ancestry subtrees must be in one of the following formats:
716
+ # - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
717
+ # - "folders/<folder-id>", e.g. "folders/1234"
718
+ # - "organizations/<organization-id>", e.g. "organizations/1234"
719
+ # The `supports_under` field of the associated `Constraint` defines whether
720
+ # ancestry prefixes can be used. You can set `allowed_values` and
721
+ # `denied_values` in the same `Policy` if `all_values` is
722
+ # `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
723
+ # values. If `all_values` is set to either `ALLOW` or `DENY`,
724
+ # `allowed_values` and `denied_values` must be unset.
725
+ # Corresponds to the JSON property `listPolicy`
726
+ # @return [Google::Apis::CloudassetV1p5beta1::GoogleCloudOrgpolicyV1ListPolicy]
727
+ attr_accessor :list_policy
728
+
729
+ # Ignores policies set above this resource and restores the
730
+ # `constraint_default` enforcement behavior of the specific `Constraint` at
731
+ # this resource.
732
+ # Suppose that `constraint_default` is set to `ALLOW` for the
733
+ # `Constraint` `constraints/serviceuser.services`. Suppose that organization
734
+ # foo.com sets a `Policy` at their Organization resource node that restricts
735
+ # the allowed service activations to deny all service activations. They
736
+ # could then set a `Policy` with the `policy_type` `restore_default` on
737
+ # several experimental projects, restoring the `constraint_default`
738
+ # enforcement of the `Constraint` for only those projects, allowing those
739
+ # projects to have all services activated.
740
+ # Corresponds to the JSON property `restoreDefault`
741
+ # @return [Google::Apis::CloudassetV1p5beta1::GoogleCloudOrgpolicyV1RestoreDefault]
742
+ attr_accessor :restore_default
743
+
744
+ # The time stamp the `Policy` was previously updated. This is set by the
745
+ # server, not specified by the caller, and represents the last time a call to
746
+ # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
747
+ # be ignored.
748
+ # Corresponds to the JSON property `updateTime`
749
+ # @return [String]
750
+ attr_accessor :update_time
751
+
752
+ # Version of the `Policy`. Default version is 0;
753
+ # Corresponds to the JSON property `version`
754
+ # @return [Fixnum]
755
+ attr_accessor :version
756
+
757
+ def initialize(**args)
758
+ update!(**args)
759
+ end
760
+
761
+ # Update properties of this object
762
+ def update!(**args)
763
+ @boolean_policy = args[:boolean_policy] if args.key?(:boolean_policy)
764
+ @constraint = args[:constraint] if args.key?(:constraint)
765
+ @etag = args[:etag] if args.key?(:etag)
766
+ @list_policy = args[:list_policy] if args.key?(:list_policy)
767
+ @restore_default = args[:restore_default] if args.key?(:restore_default)
768
+ @update_time = args[:update_time] if args.key?(:update_time)
769
+ @version = args[:version] if args.key?(:version)
770
+ end
771
+ end
772
+
773
+ # Ignores policies set above this resource and restores the
774
+ # `constraint_default` enforcement behavior of the specific `Constraint` at
775
+ # this resource.
776
+ # Suppose that `constraint_default` is set to `ALLOW` for the
777
+ # `Constraint` `constraints/serviceuser.services`. Suppose that organization
778
+ # foo.com sets a `Policy` at their Organization resource node that restricts
779
+ # the allowed service activations to deny all service activations. They
780
+ # could then set a `Policy` with the `policy_type` `restore_default` on
781
+ # several experimental projects, restoring the `constraint_default`
782
+ # enforcement of the `Constraint` for only those projects, allowing those
783
+ # projects to have all services activated.
784
+ class GoogleCloudOrgpolicyV1RestoreDefault
785
+ include Google::Apis::Core::Hashable
786
+
787
+ def initialize(**args)
788
+ update!(**args)
789
+ end
790
+
791
+ # Update properties of this object
792
+ def update!(**args)
793
+ end
794
+ end
795
+
796
+ # An `AccessLevel` is a label that can be applied to requests to Google Cloud
797
+ # services, along with a list of requirements necessary for the label to be
798
+ # applied.
799
+ class GoogleIdentityAccesscontextmanagerV1AccessLevel
800
+ include Google::Apis::Core::Hashable
801
+
802
+ # `BasicLevel` is an `AccessLevel` using a set of recommended features.
803
+ # Corresponds to the JSON property `basic`
804
+ # @return [Google::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1BasicLevel]
805
+ attr_accessor :basic
806
+
807
+ # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language
808
+ # to represent the necessary conditions for the level to apply to a request.
809
+ # See CEL spec at: https://github.com/google/cel-spec
810
+ # Corresponds to the JSON property `custom`
811
+ # @return [Google::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1CustomLevel]
812
+ attr_accessor :custom
813
+
814
+ # Description of the `AccessLevel` and its use. Does not affect behavior.
815
+ # Corresponds to the JSON property `description`
816
+ # @return [String]
817
+ attr_accessor :description
818
+
819
+ # Required. Resource name for the Access Level. The `short_name` component
820
+ # must begin with a letter and only include alphanumeric and '_'. Format:
821
+ # `accessPolicies/`policy_id`/accessLevels/`short_name``. The maximum length
822
+ # of the `short_name` component is 50 characters.
823
+ # Corresponds to the JSON property `name`
824
+ # @return [String]
825
+ attr_accessor :name
826
+
827
+ # Human readable title. Must be unique within the Policy.
828
+ # Corresponds to the JSON property `title`
829
+ # @return [String]
830
+ attr_accessor :title
831
+
832
+ def initialize(**args)
833
+ update!(**args)
834
+ end
835
+
836
+ # Update properties of this object
837
+ def update!(**args)
838
+ @basic = args[:basic] if args.key?(:basic)
839
+ @custom = args[:custom] if args.key?(:custom)
840
+ @description = args[:description] if args.key?(:description)
841
+ @name = args[:name] if args.key?(:name)
842
+ @title = args[:title] if args.key?(:title)
843
+ end
844
+ end
845
+
846
+ # `AccessPolicy` is a container for `AccessLevels` (which define the necessary
847
+ # attributes to use Google Cloud services) and `ServicePerimeters` (which
848
+ # define regions of services able to freely pass data within a perimeter). An
849
+ # access policy is globally visible within an organization, and the
850
+ # restrictions it specifies apply to all projects within an organization.
851
+ class GoogleIdentityAccesscontextmanagerV1AccessPolicy
852
+ include Google::Apis::Core::Hashable
853
+
854
+ # Output only. An opaque identifier for the current version of the
855
+ # `AccessPolicy`. This will always be a strongly validated etag, meaning that
856
+ # two Access Polices will be identical if and only if their etags are
857
+ # identical. Clients should not expect this to be in any specific format.
858
+ # Corresponds to the JSON property `etag`
859
+ # @return [String]
860
+ attr_accessor :etag
861
+
862
+ # Output only. Resource name of the `AccessPolicy`. Format:
863
+ # `accessPolicies/`policy_id``
864
+ # Corresponds to the JSON property `name`
865
+ # @return [String]
866
+ attr_accessor :name
867
+
868
+ # Required. The parent of this `AccessPolicy` in the Cloud Resource
869
+ # Hierarchy. Currently immutable once created. Format:
870
+ # `organizations/`organization_id``
871
+ # Corresponds to the JSON property `parent`
872
+ # @return [String]
873
+ attr_accessor :parent
874
+
875
+ # Required. Human readable title. Does not affect behavior.
876
+ # Corresponds to the JSON property `title`
877
+ # @return [String]
878
+ attr_accessor :title
879
+
880
+ def initialize(**args)
881
+ update!(**args)
882
+ end
883
+
884
+ # Update properties of this object
885
+ def update!(**args)
886
+ @etag = args[:etag] if args.key?(:etag)
887
+ @name = args[:name] if args.key?(:name)
888
+ @parent = args[:parent] if args.key?(:parent)
889
+ @title = args[:title] if args.key?(:title)
890
+ end
891
+ end
892
+
893
+ # `BasicLevel` is an `AccessLevel` using a set of recommended features.
894
+ class GoogleIdentityAccesscontextmanagerV1BasicLevel
895
+ include Google::Apis::Core::Hashable
896
+
897
+ # How the `conditions` list should be combined to determine if a request is
898
+ # granted this `AccessLevel`. If AND is used, each `Condition` in
899
+ # `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
900
+ # is used, at least one `Condition` in `conditions` must be satisfied for the
901
+ # `AccessLevel` to be applied. Default behavior is AND.
902
+ # Corresponds to the JSON property `combiningFunction`
903
+ # @return [String]
904
+ attr_accessor :combining_function
905
+
906
+ # Required. A list of requirements for the `AccessLevel` to be granted.
907
+ # Corresponds to the JSON property `conditions`
908
+ # @return [Array<Google::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1Condition>]
909
+ attr_accessor :conditions
910
+
911
+ def initialize(**args)
912
+ update!(**args)
913
+ end
914
+
915
+ # Update properties of this object
916
+ def update!(**args)
917
+ @combining_function = args[:combining_function] if args.key?(:combining_function)
918
+ @conditions = args[:conditions] if args.key?(:conditions)
919
+ end
920
+ end
921
+
922
+ # A condition necessary for an `AccessLevel` to be granted. The Condition is an
923
+ # AND over its fields. So a Condition is true if: 1) the request IP is from one
924
+ # of the listed subnetworks AND 2) the originating device complies with the
925
+ # listed device policy AND 3) all listed access levels are granted AND 4) the
926
+ # request was sent at a time allowed by the DateTimeRestriction.
927
+ class GoogleIdentityAccesscontextmanagerV1Condition
928
+ include Google::Apis::Core::Hashable
929
+
930
+ # `DevicePolicy` specifies device specific restrictions necessary to acquire a
931
+ # given access level. A `DevicePolicy` specifies requirements for requests from
932
+ # devices to be granted access levels, it does not do any enforcement on the
933
+ # device. `DevicePolicy` acts as an AND over all specified fields, and each
934
+ # repeated field is an OR over its elements. Any unset fields are ignored. For
935
+ # example, if the proto is ` os_type : DESKTOP_WINDOWS, os_type :
936
+ # DESKTOP_LINUX, encryption_status: ENCRYPTED`, then the DevicePolicy will be
937
+ # true for requests originating from encrypted Linux desktops and encrypted
938
+ # Windows desktops.
939
+ # Corresponds to the JSON property `devicePolicy`
940
+ # @return [Google::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1DevicePolicy]
941
+ attr_accessor :device_policy
942
+
943
+ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
944
+ # a CIDR IP address block, the specified IP address portion must be properly
945
+ # truncated (i.e. all the host bits must be zero) or the input is considered
946
+ # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is
947
+ # not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
948
+ # "2001:db8::1/32" is not. The originating IP of a request must be in one of
949
+ # the listed subnets in order for this Condition to be true. If empty, all IP
950
+ # addresses are allowed.
951
+ # Corresponds to the JSON property `ipSubnetworks`
952
+ # @return [Array<String>]
953
+ attr_accessor :ip_subnetworks
954
+
955
+ # The request must be made by one of the provided user or service
956
+ # accounts. Groups are not supported.
957
+ # Syntax:
958
+ # `user:`emailid``
959
+ # `serviceAccount:`emailid``
960
+ # If not specified, a request may come from any user.
961
+ # Corresponds to the JSON property `members`
962
+ # @return [Array<String>]
963
+ attr_accessor :members
964
+
965
+ # Whether to negate the Condition. If true, the Condition becomes a NAND over
966
+ # its non-empty fields, each field must be false for the Condition overall to
967
+ # be satisfied. Defaults to false.
968
+ # Corresponds to the JSON property `negate`
969
+ # @return [Boolean]
970
+ attr_accessor :negate
971
+ alias_method :negate?, :negate
972
+
973
+ # The request must originate from one of the provided countries/regions.
974
+ # Must be valid ISO 3166-1 alpha-2 codes.
975
+ # Corresponds to the JSON property `regions`
976
+ # @return [Array<String>]
977
+ attr_accessor :regions
978
+
979
+ # A list of other access levels defined in the same `Policy`, referenced by
980
+ # resource name. Referencing an `AccessLevel` which does not exist is an
981
+ # error. All access levels listed must be granted for the Condition
982
+ # to be true. Example:
983
+ # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
984
+ # Corresponds to the JSON property `requiredAccessLevels`
985
+ # @return [Array<String>]
986
+ attr_accessor :required_access_levels
987
+
988
+ def initialize(**args)
989
+ update!(**args)
990
+ end
991
+
992
+ # Update properties of this object
993
+ def update!(**args)
994
+ @device_policy = args[:device_policy] if args.key?(:device_policy)
995
+ @ip_subnetworks = args[:ip_subnetworks] if args.key?(:ip_subnetworks)
996
+ @members = args[:members] if args.key?(:members)
997
+ @negate = args[:negate] if args.key?(:negate)
998
+ @regions = args[:regions] if args.key?(:regions)
999
+ @required_access_levels = args[:required_access_levels] if args.key?(:required_access_levels)
1000
+ end
1001
+ end
1002
+
1003
+ # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language
1004
+ # to represent the necessary conditions for the level to apply to a request.
1005
+ # See CEL spec at: https://github.com/google/cel-spec
1006
+ class GoogleIdentityAccesscontextmanagerV1CustomLevel
1007
+ include Google::Apis::Core::Hashable
1008
+
1009
+ # Represents a textual expression in the Common Expression Language (CEL)
1010
+ # syntax. CEL is a C-like expression language. The syntax and semantics of CEL
1011
+ # are documented at https://github.com/google/cel-spec.
1012
+ # Example (Comparison):
1013
+ # title: "Summary size limit"
1014
+ # description: "Determines if a summary is less than 100 chars"
1015
+ # expression: "document.summary.size() < 100"
1016
+ # Example (Equality):
1017
+ # title: "Requestor is owner"
1018
+ # description: "Determines if requestor is the document owner"
1019
+ # expression: "document.owner == request.auth.claims.email"
1020
+ # Example (Logic):
1021
+ # title: "Public documents"
1022
+ # description: "Determine whether the document should be publicly visible"
1023
+ # expression: "document.type != 'private' && document.type != 'internal'"
1024
+ # Example (Data Manipulation):
1025
+ # title: "Notification string"
1026
+ # description: "Create a notification string with a timestamp."
1027
+ # expression: "'New message received at ' + string(document.create_time)"
1028
+ # The exact variables and functions that may be referenced within an expression
1029
+ # are determined by the service that evaluates it. See the service
1030
+ # documentation for additional information.
1031
+ # Corresponds to the JSON property `expr`
1032
+ # @return [Google::Apis::CloudassetV1p5beta1::Expr]
1033
+ attr_accessor :expr
1034
+
1035
+ def initialize(**args)
1036
+ update!(**args)
1037
+ end
1038
+
1039
+ # Update properties of this object
1040
+ def update!(**args)
1041
+ @expr = args[:expr] if args.key?(:expr)
1042
+ end
1043
+ end
1044
+
1045
+ # `DevicePolicy` specifies device specific restrictions necessary to acquire a
1046
+ # given access level. A `DevicePolicy` specifies requirements for requests from
1047
+ # devices to be granted access levels, it does not do any enforcement on the
1048
+ # device. `DevicePolicy` acts as an AND over all specified fields, and each
1049
+ # repeated field is an OR over its elements. Any unset fields are ignored. For
1050
+ # example, if the proto is ` os_type : DESKTOP_WINDOWS, os_type :
1051
+ # DESKTOP_LINUX, encryption_status: ENCRYPTED`, then the DevicePolicy will be
1052
+ # true for requests originating from encrypted Linux desktops and encrypted
1053
+ # Windows desktops.
1054
+ class GoogleIdentityAccesscontextmanagerV1DevicePolicy
1055
+ include Google::Apis::Core::Hashable
1056
+
1057
+ # Allowed device management levels, an empty list allows all management
1058
+ # levels.
1059
+ # Corresponds to the JSON property `allowedDeviceManagementLevels`
1060
+ # @return [Array<String>]
1061
+ attr_accessor :allowed_device_management_levels
1062
+
1063
+ # Allowed encryptions statuses, an empty list allows all statuses.
1064
+ # Corresponds to the JSON property `allowedEncryptionStatuses`
1065
+ # @return [Array<String>]
1066
+ attr_accessor :allowed_encryption_statuses
1067
+
1068
+ # Allowed OS versions, an empty list allows all types and all versions.
1069
+ # Corresponds to the JSON property `osConstraints`
1070
+ # @return [Array<Google::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1OsConstraint>]
1071
+ attr_accessor :os_constraints
1072
+
1073
+ # Whether the device needs to be approved by the customer admin.
1074
+ # Corresponds to the JSON property `requireAdminApproval`
1075
+ # @return [Boolean]
1076
+ attr_accessor :require_admin_approval
1077
+ alias_method :require_admin_approval?, :require_admin_approval
1078
+
1079
+ # Whether the device needs to be corp owned.
1080
+ # Corresponds to the JSON property `requireCorpOwned`
1081
+ # @return [Boolean]
1082
+ attr_accessor :require_corp_owned
1083
+ alias_method :require_corp_owned?, :require_corp_owned
1084
+
1085
+ # Whether or not screenlock is required for the DevicePolicy to be true.
1086
+ # Defaults to `false`.
1087
+ # Corresponds to the JSON property `requireScreenlock`
1088
+ # @return [Boolean]
1089
+ attr_accessor :require_screenlock
1090
+ alias_method :require_screenlock?, :require_screenlock
1091
+
1092
+ def initialize(**args)
1093
+ update!(**args)
1094
+ end
1095
+
1096
+ # Update properties of this object
1097
+ def update!(**args)
1098
+ @allowed_device_management_levels = args[:allowed_device_management_levels] if args.key?(:allowed_device_management_levels)
1099
+ @allowed_encryption_statuses = args[:allowed_encryption_statuses] if args.key?(:allowed_encryption_statuses)
1100
+ @os_constraints = args[:os_constraints] if args.key?(:os_constraints)
1101
+ @require_admin_approval = args[:require_admin_approval] if args.key?(:require_admin_approval)
1102
+ @require_corp_owned = args[:require_corp_owned] if args.key?(:require_corp_owned)
1103
+ @require_screenlock = args[:require_screenlock] if args.key?(:require_screenlock)
1104
+ end
1105
+ end
1106
+
1107
+ # A restriction on the OS type and version of devices making requests.
1108
+ class GoogleIdentityAccesscontextmanagerV1OsConstraint
1109
+ include Google::Apis::Core::Hashable
1110
+
1111
+ # The minimum allowed OS version. If not set, any version of this OS
1112
+ # satisfies the constraint. Format: `"major.minor.patch"`.
1113
+ # Examples: `"10.5.301"`, `"9.2.1"`.
1114
+ # Corresponds to the JSON property `minimumVersion`
1115
+ # @return [String]
1116
+ attr_accessor :minimum_version
1117
+
1118
+ # Required. The allowed OS type.
1119
+ # Corresponds to the JSON property `osType`
1120
+ # @return [String]
1121
+ attr_accessor :os_type
1122
+
1123
+ # Only allows requests from devices with a verified Chrome OS.
1124
+ # Verifications includes requirements that the device is enterprise-managed,
1125
+ # conformant to domain policies, and the caller has permission to call
1126
+ # the API targeted by the request.
1127
+ # Corresponds to the JSON property `requireVerifiedChromeOs`
1128
+ # @return [Boolean]
1129
+ attr_accessor :require_verified_chrome_os
1130
+ alias_method :require_verified_chrome_os?, :require_verified_chrome_os
1131
+
1132
+ def initialize(**args)
1133
+ update!(**args)
1134
+ end
1135
+
1136
+ # Update properties of this object
1137
+ def update!(**args)
1138
+ @minimum_version = args[:minimum_version] if args.key?(:minimum_version)
1139
+ @os_type = args[:os_type] if args.key?(:os_type)
1140
+ @require_verified_chrome_os = args[:require_verified_chrome_os] if args.key?(:require_verified_chrome_os)
1141
+ end
1142
+ end
1143
+
1144
+ # `ServicePerimeter` describes a set of Google Cloud resources which can freely
1145
+ # import and export data amongst themselves, but not export outside of the
1146
+ # `ServicePerimeter`. If a request with a source within this `ServicePerimeter`
1147
+ # has a target outside of the `ServicePerimeter`, the request will be blocked.
1148
+ # Otherwise the request is allowed. There are two types of Service Perimeter -
1149
+ # Regular and Bridge. Regular Service Perimeters cannot overlap, a single
1150
+ # Google Cloud project can only belong to a single regular Service Perimeter.
1151
+ # Service Perimeter Bridges can contain only Google Cloud projects as members,
1152
+ # a single Google Cloud project may belong to multiple Service Perimeter
1153
+ # Bridges.
1154
+ class GoogleIdentityAccesscontextmanagerV1ServicePerimeter
1155
+ include Google::Apis::Core::Hashable
1156
+
1157
+ # Description of the `ServicePerimeter` and its use. Does not affect
1158
+ # behavior.
1159
+ # Corresponds to the JSON property `description`
1160
+ # @return [String]
1161
+ attr_accessor :description
1162
+
1163
+ # Required. Resource name for the ServicePerimeter. The `short_name`
1164
+ # component must begin with a letter and only include alphanumeric and '_'.
1165
+ # Format: `accessPolicies/`policy_id`/servicePerimeters/`short_name``
1166
+ # Corresponds to the JSON property `name`
1167
+ # @return [String]
1168
+ attr_accessor :name
1169
+
1170
+ # Perimeter type indicator. A single project is
1171
+ # allowed to be a member of single regular perimeter, but multiple service
1172
+ # perimeter bridges. A project cannot be a included in a perimeter bridge
1173
+ # without being included in regular perimeter. For perimeter bridges,
1174
+ # the restricted service list as well as access level lists must be
1175
+ # empty.
1176
+ # Corresponds to the JSON property `perimeterType`
1177
+ # @return [String]
1178
+ attr_accessor :perimeter_type
1179
+
1180
+ # `ServicePerimeterConfig` specifies a set of Google Cloud resources that
1181
+ # describe specific Service Perimeter configuration.
1182
+ # Corresponds to the JSON property `spec`
1183
+ # @return [Google::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig]
1184
+ attr_accessor :spec
1185
+
1186
+ # `ServicePerimeterConfig` specifies a set of Google Cloud resources that
1187
+ # describe specific Service Perimeter configuration.
1188
+ # Corresponds to the JSON property `status`
1189
+ # @return [Google::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig]
1190
+ attr_accessor :status
1191
+
1192
+ # Human readable title. Must be unique within the Policy.
1193
+ # Corresponds to the JSON property `title`
1194
+ # @return [String]
1195
+ attr_accessor :title
1196
+
1197
+ # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly
1198
+ # exists for all Service Perimeters, and that spec is identical to the
1199
+ # status for those Service Perimeters. When this flag is set, it inhibits the
1200
+ # generation of the implicit spec, thereby allowing the user to explicitly
1201
+ # provide a configuration ("spec") to use in a dry-run version of the Service
1202
+ # Perimeter. This allows the user to test changes to the enforced config
1203
+ # ("status") without actually enforcing them. This testing is done through
1204
+ # analyzing the differences between currently enforced and suggested
1205
+ # restrictions. use_explicit_dry_run_spec must bet set to True if any of the
1206
+ # fields in the spec are set to non-default values.
1207
+ # Corresponds to the JSON property `useExplicitDryRunSpec`
1208
+ # @return [Boolean]
1209
+ attr_accessor :use_explicit_dry_run_spec
1210
+ alias_method :use_explicit_dry_run_spec?, :use_explicit_dry_run_spec
1211
+
1212
+ def initialize(**args)
1213
+ update!(**args)
1214
+ end
1215
+
1216
+ # Update properties of this object
1217
+ def update!(**args)
1218
+ @description = args[:description] if args.key?(:description)
1219
+ @name = args[:name] if args.key?(:name)
1220
+ @perimeter_type = args[:perimeter_type] if args.key?(:perimeter_type)
1221
+ @spec = args[:spec] if args.key?(:spec)
1222
+ @status = args[:status] if args.key?(:status)
1223
+ @title = args[:title] if args.key?(:title)
1224
+ @use_explicit_dry_run_spec = args[:use_explicit_dry_run_spec] if args.key?(:use_explicit_dry_run_spec)
1225
+ end
1226
+ end
1227
+
1228
+ # `ServicePerimeterConfig` specifies a set of Google Cloud resources that
1229
+ # describe specific Service Perimeter configuration.
1230
+ class GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
1231
+ include Google::Apis::Core::Hashable
1232
+
1233
+ # A list of `AccessLevel` resource names that allow resources within the
1234
+ # `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
1235
+ # must be in the same policy as this `ServicePerimeter`. Referencing a
1236
+ # nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are
1237
+ # listed, resources within the perimeter can only be accessed via Google
1238
+ # Cloud calls with request origins within the perimeter. Example:
1239
+ # `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
1240
+ # For Service Perimeter Bridge, must be empty.
1241
+ # Corresponds to the JSON property `accessLevels`
1242
+ # @return [Array<String>]
1243
+ attr_accessor :access_levels
1244
+
1245
+ # A list of Google Cloud resources that are inside of the service perimeter.
1246
+ # Currently only projects are allowed. Format: `projects/`project_number``
1247
+ # Corresponds to the JSON property `resources`
1248
+ # @return [Array<String>]
1249
+ attr_accessor :resources
1250
+
1251
+ # Google Cloud services that are subject to the Service Perimeter
1252
+ # restrictions. For example, if `storage.googleapis.com` is specified, access
1253
+ # to the storage buckets inside the perimeter must meet the perimeter's
1254
+ # access restrictions.
1255
+ # Corresponds to the JSON property `restrictedServices`
1256
+ # @return [Array<String>]
1257
+ attr_accessor :restricted_services
1258
+
1259
+ # Specifies how APIs are allowed to communicate within the Service
1260
+ # Perimeter.
1261
+ # Corresponds to the JSON property `vpcAccessibleServices`
1262
+ # @return [Google::Apis::CloudassetV1p5beta1::GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices]
1263
+ attr_accessor :vpc_accessible_services
1264
+
1265
+ def initialize(**args)
1266
+ update!(**args)
1267
+ end
1268
+
1269
+ # Update properties of this object
1270
+ def update!(**args)
1271
+ @access_levels = args[:access_levels] if args.key?(:access_levels)
1272
+ @resources = args[:resources] if args.key?(:resources)
1273
+ @restricted_services = args[:restricted_services] if args.key?(:restricted_services)
1274
+ @vpc_accessible_services = args[:vpc_accessible_services] if args.key?(:vpc_accessible_services)
1275
+ end
1276
+ end
1277
+
1278
+ # Specifies how APIs are allowed to communicate within the Service
1279
+ # Perimeter.
1280
+ class GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
1281
+ include Google::Apis::Core::Hashable
1282
+
1283
+ # The list of APIs usable within the Service Perimeter. Must be empty
1284
+ # unless 'enable_restriction' is True. You can specify a list of individual
1285
+ # services, as well as include the 'RESTRICTED-SERVICES' value, which
1286
+ # automatically includes all of the services protected by the perimeter.
1287
+ # Corresponds to the JSON property `allowedServices`
1288
+ # @return [Array<String>]
1289
+ attr_accessor :allowed_services
1290
+
1291
+ # Whether to restrict API calls within the Service Perimeter to the list of
1292
+ # APIs specified in 'allowed_services'.
1293
+ # Corresponds to the JSON property `enableRestriction`
1294
+ # @return [Boolean]
1295
+ attr_accessor :enable_restriction
1296
+ alias_method :enable_restriction?, :enable_restriction
1297
+
1298
+ def initialize(**args)
1299
+ update!(**args)
1300
+ end
1301
+
1302
+ # Update properties of this object
1303
+ def update!(**args)
1304
+ @allowed_services = args[:allowed_services] if args.key?(:allowed_services)
1305
+ @enable_restriction = args[:enable_restriction] if args.key?(:enable_restriction)
1306
+ end
1307
+ end
1308
+
1309
+ # ListAssets response.
1310
+ class ListAssetsResponse
1311
+ include Google::Apis::Core::Hashable
1312
+
1313
+ # Assets.
1314
+ # Corresponds to the JSON property `assets`
1315
+ # @return [Array<Google::Apis::CloudassetV1p5beta1::Asset>]
1316
+ attr_accessor :assets
1317
+
1318
+ # Token to retrieve the next page of results. Set to empty if there are no
1319
+ # remaining results.
1320
+ # Corresponds to the JSON property `nextPageToken`
1321
+ # @return [String]
1322
+ attr_accessor :next_page_token
1323
+
1324
+ # Time the snapshot was taken.
1325
+ # Corresponds to the JSON property `readTime`
1326
+ # @return [String]
1327
+ attr_accessor :read_time
1328
+
1329
+ def initialize(**args)
1330
+ update!(**args)
1331
+ end
1332
+
1333
+ # Update properties of this object
1334
+ def update!(**args)
1335
+ @assets = args[:assets] if args.key?(:assets)
1336
+ @next_page_token = args[:next_page_token] if args.key?(:next_page_token)
1337
+ @read_time = args[:read_time] if args.key?(:read_time)
1338
+ end
1339
+ end
1340
+
1341
+ # An Identity and Access Management (IAM) policy, which specifies access
1342
+ # controls for Google Cloud resources.
1343
+ # A `Policy` is a collection of `bindings`. A `binding` binds one or more
1344
+ # `members` to a single `role`. Members can be user accounts, service accounts,
1345
+ # Google groups, and domains (such as G Suite). A `role` is a named list of
1346
+ # permissions; each `role` can be an IAM predefined role or a user-created
1347
+ # custom role.
1348
+ # For some types of Google Cloud resources, a `binding` can also specify a
1349
+ # `condition`, which is a logical expression that allows access to a resource
1350
+ # only if the expression evaluates to `true`. A condition can add constraints
1351
+ # based on attributes of the request, the resource, or both. To learn which
1352
+ # resources support conditions in their IAM policies, see the
1353
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-
1354
+ # policies).
1355
+ # **JSON example:**
1356
+ # `
1357
+ # "bindings": [
1358
+ # `
1359
+ # "role": "roles/resourcemanager.organizationAdmin",
1360
+ # "members": [
1361
+ # "user:mike@example.com",
1362
+ # "group:admins@example.com",
1363
+ # "domain:google.com",
1364
+ # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
1365
+ # ]
1366
+ # `,
1367
+ # `
1368
+ # "role": "roles/resourcemanager.organizationViewer",
1369
+ # "members": [
1370
+ # "user:eve@example.com"
1371
+ # ],
1372
+ # "condition": `
1373
+ # "title": "expirable access",
1374
+ # "description": "Does not grant access after Sep 2020",
1375
+ # "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')
1376
+ # ",
1377
+ # `
1378
+ # `
1379
+ # ],
1380
+ # "etag": "BwWWja0YfJA=",
1381
+ # "version": 3
1382
+ # `
1383
+ # **YAML example:**
1384
+ # bindings:
1385
+ # - members:
1386
+ # - user:mike@example.com
1387
+ # - group:admins@example.com
1388
+ # - domain:google.com
1389
+ # - serviceAccount:my-project-id@appspot.gserviceaccount.com
1390
+ # role: roles/resourcemanager.organizationAdmin
1391
+ # - members:
1392
+ # - user:eve@example.com
1393
+ # role: roles/resourcemanager.organizationViewer
1394
+ # condition:
1395
+ # title: expirable access
1396
+ # description: Does not grant access after Sep 2020
1397
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
1398
+ # - etag: BwWWja0YfJA=
1399
+ # - version: 3
1400
+ # For a description of IAM and its features, see the
1401
+ # [IAM documentation](https://cloud.google.com/iam/docs/).
1402
+ class Policy
1403
+ include Google::Apis::Core::Hashable
1404
+
1405
+ # Specifies cloud audit logging configuration for this policy.
1406
+ # Corresponds to the JSON property `auditConfigs`
1407
+ # @return [Array<Google::Apis::CloudassetV1p5beta1::AuditConfig>]
1408
+ attr_accessor :audit_configs
1409
+
1410
+ # Associates a list of `members` to a `role`. Optionally, may specify a
1411
+ # `condition` that determines how and when the `bindings` are applied. Each
1412
+ # of the `bindings` must contain at least one member.
1413
+ # Corresponds to the JSON property `bindings`
1414
+ # @return [Array<Google::Apis::CloudassetV1p5beta1::Binding>]
1415
+ attr_accessor :bindings
1416
+
1417
+ # `etag` is used for optimistic concurrency control as a way to help
1418
+ # prevent simultaneous updates of a policy from overwriting each other.
1419
+ # It is strongly suggested that systems make use of the `etag` in the
1420
+ # read-modify-write cycle to perform policy updates in order to avoid race
1421
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1422
+ # systems are expected to put that etag in the request to `setIamPolicy` to
1423
+ # ensure that their change will be applied to the same version of the policy.
1424
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
1425
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1426
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
1427
+ # the conditions in the version `3` policy are lost.
1428
+ # Corresponds to the JSON property `etag`
1429
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
1430
+ # @return [String]
1431
+ attr_accessor :etag
1432
+
1433
+ # Specifies the format of the policy.
1434
+ # Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
1435
+ # are rejected.
1436
+ # Any operation that affects conditional role bindings must specify version
1437
+ # `3`. This requirement applies to the following operations:
1438
+ # * Getting a policy that includes a conditional role binding
1439
+ # * Adding a conditional role binding to a policy
1440
+ # * Changing a conditional role binding in a policy
1441
+ # * Removing any role binding, with or without a condition, from a policy
1442
+ # that includes conditions
1443
+ # **Important:** If you use IAM Conditions, you must include the `etag` field
1444
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows
1445
+ # you to overwrite a version `3` policy with a version `1` policy, and all of
1446
+ # the conditions in the version `3` policy are lost.
1447
+ # If a policy does not include any conditions, operations on that policy may
1448
+ # specify any valid version or leave the field unset.
1449
+ # To learn which resources support conditions in their IAM policies, see the
1450
+ # [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-
1451
+ # policies).
1452
+ # Corresponds to the JSON property `version`
1453
+ # @return [Fixnum]
1454
+ attr_accessor :version
1455
+
1456
+ def initialize(**args)
1457
+ update!(**args)
1458
+ end
1459
+
1460
+ # Update properties of this object
1461
+ def update!(**args)
1462
+ @audit_configs = args[:audit_configs] if args.key?(:audit_configs)
1463
+ @bindings = args[:bindings] if args.key?(:bindings)
1464
+ @etag = args[:etag] if args.key?(:etag)
1465
+ @version = args[:version] if args.key?(:version)
1466
+ end
1467
+ end
1468
+
1469
+ # A representation of a Google Cloud resource.
1470
+ class Resource
1471
+ include Google::Apis::Core::Hashable
1472
+
1473
+ # The content of the resource, in which some sensitive fields are removed
1474
+ # and may not be present.
1475
+ # Corresponds to the JSON property `data`
1476
+ # @return [Hash<String,Object>]
1477
+ attr_accessor :data
1478
+
1479
+ # The URL of the discovery document containing the resource's JSON schema.
1480
+ # Example:
1481
+ # `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest`
1482
+ # This value is unspecified for resources that do not have an API based on a
1483
+ # discovery document, such as Cloud Bigtable.
1484
+ # Corresponds to the JSON property `discoveryDocumentUri`
1485
+ # @return [String]
1486
+ attr_accessor :discovery_document_uri
1487
+
1488
+ # The JSON schema name listed in the discovery document. Example:
1489
+ # `Project`
1490
+ # This value is unspecified for resources that do not have an API based on a
1491
+ # discovery document, such as Cloud Bigtable.
1492
+ # Corresponds to the JSON property `discoveryName`
1493
+ # @return [String]
1494
+ attr_accessor :discovery_name
1495
+
1496
+ # The full name of the immediate parent of this resource. See
1497
+ # [Resource
1498
+ # Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
1499
+ # for more information.
1500
+ # For Google Cloud assets, this value is the parent resource defined in the
1501
+ # [Cloud IAM policy
1502
+ # hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
1503
+ # Example:
1504
+ # `//cloudresourcemanager.googleapis.com/projects/my_project_123`
1505
+ # For third-party assets, this field may be set differently.
1506
+ # Corresponds to the JSON property `parent`
1507
+ # @return [String]
1508
+ attr_accessor :parent
1509
+
1510
+ # The REST URL for accessing the resource. An HTTP `GET` request using this
1511
+ # URL returns the resource itself. Example:
1512
+ # `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`
1513
+ # This value is unspecified for resources without a REST API.
1514
+ # Corresponds to the JSON property `resourceUrl`
1515
+ # @return [String]
1516
+ attr_accessor :resource_url
1517
+
1518
+ # The API version. Example: "v1".
1519
+ # Corresponds to the JSON property `version`
1520
+ # @return [String]
1521
+ attr_accessor :version
1522
+
1523
+ def initialize(**args)
1524
+ update!(**args)
1525
+ end
1526
+
1527
+ # Update properties of this object
1528
+ def update!(**args)
1529
+ @data = args[:data] if args.key?(:data)
1530
+ @discovery_document_uri = args[:discovery_document_uri] if args.key?(:discovery_document_uri)
1531
+ @discovery_name = args[:discovery_name] if args.key?(:discovery_name)
1532
+ @parent = args[:parent] if args.key?(:parent)
1533
+ @resource_url = args[:resource_url] if args.key?(:resource_url)
1534
+ @version = args[:version] if args.key?(:version)
1535
+ end
1536
+ end
1537
+ end
1538
+ end
1539
+ end