google-apis-accesscontextmanager_v1 0.6.0 → 0.10.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -0
- data/OVERVIEW.md +2 -2
- data/lib/google/apis/accesscontextmanager_v1/classes.rb +425 -4
- data/lib/google/apis/accesscontextmanager_v1/gem_version.rb +3 -3
- data/lib/google/apis/accesscontextmanager_v1/representations.rb +156 -0
- data/lib/google/apis/accesscontextmanager_v1/service.rb +245 -67
- data/lib/google/apis/accesscontextmanager_v1.rb +1 -1
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 631ef7942d887b6299cbae7761da5baf36a17156344d8e6819e16a366c6280d8
|
4
|
+
data.tar.gz: 2978eb2d8a20850a8f18a690062c8670121f5a41b28e303639ae6bab44ae1118
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dafe1abbf4cb6ef1e63d71e7f97d3d5bdb0e8f2af72682ae3ba6759fdc5569759b3b000c646ed417b1652b9081fb9ffe3a4a142dfdfed1057f1c73c0782e1fe9
|
7
|
+
data.tar.gz: b2911d1efe423c8dab7c7a850d783a34efb593c47163b5e409ad24a6866f09cb9f0e0aa29093128e8b97d808c09b1c0a7954e6fc5cf9d3d6c77771ce88160b2b
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,21 @@
|
|
1
1
|
# Release history for google-apis-accesscontextmanager_v1
|
2
2
|
|
3
|
+
### v0.10.0 (2021-12-10)
|
4
|
+
|
5
|
+
* Regenerated from discovery document revision 20211203
|
6
|
+
|
7
|
+
### v0.9.0 (2021-10-20)
|
8
|
+
|
9
|
+
* Unspecified changes
|
10
|
+
|
11
|
+
### v0.8.0 (2021-09-01)
|
12
|
+
|
13
|
+
* Regenerated from discovery document revision 20210814
|
14
|
+
|
15
|
+
### v0.7.0 (2021-06-29)
|
16
|
+
|
17
|
+
* Regenerated using generator version 0.4.0
|
18
|
+
|
3
19
|
### v0.6.0 (2021-06-24)
|
4
20
|
|
5
21
|
* Regenerated using generator version 0.3.0
|
data/OVERVIEW.md
CHANGED
@@ -60,8 +60,8 @@ See the class reference docs for information on the methods you can call from a
|
|
60
60
|
|
61
61
|
More detailed descriptions of the Google simple REST clients are available in two documents.
|
62
62
|
|
63
|
-
* The [Usage Guide](https://github.com/googleapis/google-api-ruby-client/blob/
|
64
|
-
* The [Auth Guide](https://github.com/googleapis/google-api-ruby-client/blob/
|
63
|
+
* The [Usage Guide](https://github.com/googleapis/google-api-ruby-client/blob/main/docs/usage-guide.md) discusses how to make API calls, how to use the provided data structures, and how to work the various features of the client library, including media upload and download, error handling, retries, pagination, and logging.
|
64
|
+
* The [Auth Guide](https://github.com/googleapis/google-api-ruby-client/blob/main/docs/auth-guide.md) discusses authentication in the client libraries, including API keys, OAuth 2.0, service accounts, and environment variables.
|
65
65
|
|
66
66
|
(Note: the above documents are written for the simple REST clients in general, and their examples may not reflect the Accesscontextmanager service in particular.)
|
67
67
|
|
@@ -22,6 +22,19 @@ module Google
|
|
22
22
|
module Apis
|
23
23
|
module AccesscontextmanagerV1
|
24
24
|
|
25
|
+
# Metadata of Access Context Manager's Long Running Operations.
|
26
|
+
class AccessContextManagerOperationMetadata
|
27
|
+
include Google::Apis::Core::Hashable
|
28
|
+
|
29
|
+
def initialize(**args)
|
30
|
+
update!(**args)
|
31
|
+
end
|
32
|
+
|
33
|
+
# Update properties of this object
|
34
|
+
def update!(**args)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
25
38
|
# An `AccessLevel` is a label that can be applied to requests to Google Cloud
|
26
39
|
# services, along with a list of requirements necessary for the label to be
|
27
40
|
# applied.
|
@@ -47,8 +60,8 @@ module Google
|
|
47
60
|
|
48
61
|
# Required. Resource name for the Access Level. The `short_name` component must
|
49
62
|
# begin with a letter and only include alphanumeric and '_'. Format: `
|
50
|
-
# accessPolicies/`
|
51
|
-
# the `
|
63
|
+
# accessPolicies/`access_policy`/accessLevels/`access_level``. The maximum
|
64
|
+
# length of the `access_level` component is 50 characters.
|
52
65
|
# Corresponds to the JSON property `name`
|
53
66
|
# @return [String]
|
54
67
|
attr_accessor :name
|
@@ -89,7 +102,7 @@ module Google
|
|
89
102
|
attr_accessor :etag
|
90
103
|
|
91
104
|
# Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/`
|
92
|
-
#
|
105
|
+
# access_policy``
|
93
106
|
# Corresponds to the JSON property `name`
|
94
107
|
# @return [String]
|
95
108
|
attr_accessor :name
|
@@ -100,6 +113,21 @@ module Google
|
|
100
113
|
# @return [String]
|
101
114
|
attr_accessor :parent
|
102
115
|
|
116
|
+
# The scopes of a policy define which resources an ACM policy can restrict, and
|
117
|
+
# where ACM resources can be referenced. For example, a policy with scopes=["
|
118
|
+
# folders/123"] has the following behavior: - vpcsc perimeters can only restrict
|
119
|
+
# projects within folders/123 - access levels can only be referenced by
|
120
|
+
# resources within folders/123. If empty, there are no limitations on which
|
121
|
+
# resources can be restricted by an ACM policy, and there are no limitations on
|
122
|
+
# where ACM resources can be referenced. Only one policy can include a given
|
123
|
+
# scope (attempting to create a second policy which includes "folders/123" will
|
124
|
+
# result in an error). Currently, scopes cannot be modified after a policy is
|
125
|
+
# created. Currently, policies can only have a single scope. Format: list of `
|
126
|
+
# folders/`folder_number`` or `projects/`project_number``
|
127
|
+
# Corresponds to the JSON property `scopes`
|
128
|
+
# @return [Array<String>]
|
129
|
+
attr_accessor :scopes
|
130
|
+
|
103
131
|
# Required. Human readable title. Does not affect behavior.
|
104
132
|
# Corresponds to the JSON property `title`
|
105
133
|
# @return [String]
|
@@ -114,6 +142,7 @@ module Google
|
|
114
142
|
@etag = args[:etag] if args.key?(:etag)
|
115
143
|
@name = args[:name] if args.key?(:name)
|
116
144
|
@parent = args[:parent] if args.key?(:parent)
|
145
|
+
@scopes = args[:scopes] if args.key?(:scopes)
|
117
146
|
@title = args[:title] if args.key?(:title)
|
118
147
|
end
|
119
148
|
end
|
@@ -148,6 +177,77 @@ module Google
|
|
148
177
|
end
|
149
178
|
end
|
150
179
|
|
180
|
+
# Specifies the audit configuration for a service. The configuration determines
|
181
|
+
# which permission types are logged, and what identities, if any, are exempted
|
182
|
+
# from logging. An AuditConfig must have one or more AuditLogConfigs. If there
|
183
|
+
# are AuditConfigs for both `allServices` and a specific service, the union of
|
184
|
+
# the two AuditConfigs is used for that service: the log_types specified in each
|
185
|
+
# AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
|
186
|
+
# exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
|
187
|
+
# service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
|
188
|
+
# exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
|
189
|
+
# ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
|
190
|
+
# "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
|
191
|
+
# , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
|
192
|
+
# this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
|
193
|
+
# exempts jose@example.com from DATA_READ logging, and aliya@example.com from
|
194
|
+
# DATA_WRITE logging.
|
195
|
+
class AuditConfig
|
196
|
+
include Google::Apis::Core::Hashable
|
197
|
+
|
198
|
+
# The configuration for logging of each type of permission.
|
199
|
+
# Corresponds to the JSON property `auditLogConfigs`
|
200
|
+
# @return [Array<Google::Apis::AccesscontextmanagerV1::AuditLogConfig>]
|
201
|
+
attr_accessor :audit_log_configs
|
202
|
+
|
203
|
+
# Specifies a service that will be enabled for audit logging. For example, `
|
204
|
+
# storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
|
205
|
+
# value that covers all services.
|
206
|
+
# Corresponds to the JSON property `service`
|
207
|
+
# @return [String]
|
208
|
+
attr_accessor :service
|
209
|
+
|
210
|
+
def initialize(**args)
|
211
|
+
update!(**args)
|
212
|
+
end
|
213
|
+
|
214
|
+
# Update properties of this object
|
215
|
+
def update!(**args)
|
216
|
+
@audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
|
217
|
+
@service = args[:service] if args.key?(:service)
|
218
|
+
end
|
219
|
+
end
|
220
|
+
|
221
|
+
# Provides the configuration for logging a type of permissions. Example: ` "
|
222
|
+
# audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
|
223
|
+
# jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
|
224
|
+
# DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
|
225
|
+
# DATA_READ logging.
|
226
|
+
class AuditLogConfig
|
227
|
+
include Google::Apis::Core::Hashable
|
228
|
+
|
229
|
+
# Specifies the identities that do not cause logging for this type of permission.
|
230
|
+
# Follows the same format of Binding.members.
|
231
|
+
# Corresponds to the JSON property `exemptedMembers`
|
232
|
+
# @return [Array<String>]
|
233
|
+
attr_accessor :exempted_members
|
234
|
+
|
235
|
+
# The log type that this config enables.
|
236
|
+
# Corresponds to the JSON property `logType`
|
237
|
+
# @return [String]
|
238
|
+
attr_accessor :log_type
|
239
|
+
|
240
|
+
def initialize(**args)
|
241
|
+
update!(**args)
|
242
|
+
end
|
243
|
+
|
244
|
+
# Update properties of this object
|
245
|
+
def update!(**args)
|
246
|
+
@exempted_members = args[:exempted_members] if args.key?(:exempted_members)
|
247
|
+
@log_type = args[:log_type] if args.key?(:log_type)
|
248
|
+
end
|
249
|
+
end
|
250
|
+
|
151
251
|
# `BasicLevel` is an `AccessLevel` using a set of recommended features.
|
152
252
|
class BasicLevel
|
153
253
|
include Google::Apis::Core::Hashable
|
@@ -177,6 +277,77 @@ module Google
|
|
177
277
|
end
|
178
278
|
end
|
179
279
|
|
280
|
+
# Associates `members`, or principals, with a `role`.
|
281
|
+
class Binding
|
282
|
+
include Google::Apis::Core::Hashable
|
283
|
+
|
284
|
+
# Represents a textual expression in the Common Expression Language (CEL) syntax.
|
285
|
+
# CEL is a C-like expression language. The syntax and semantics of CEL are
|
286
|
+
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
|
287
|
+
# "Summary size limit" description: "Determines if a summary is less than 100
|
288
|
+
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
|
289
|
+
# Requestor is owner" description: "Determines if requestor is the document
|
290
|
+
# owner" expression: "document.owner == request.auth.claims.email" Example (
|
291
|
+
# Logic): title: "Public documents" description: "Determine whether the document
|
292
|
+
# should be publicly visible" expression: "document.type != 'private' &&
|
293
|
+
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
|
294
|
+
# string" description: "Create a notification string with a timestamp."
|
295
|
+
# expression: "'New message received at ' + string(document.create_time)" The
|
296
|
+
# exact variables and functions that may be referenced within an expression are
|
297
|
+
# determined by the service that evaluates it. See the service documentation for
|
298
|
+
# additional information.
|
299
|
+
# Corresponds to the JSON property `condition`
|
300
|
+
# @return [Google::Apis::AccesscontextmanagerV1::Expr]
|
301
|
+
attr_accessor :condition
|
302
|
+
|
303
|
+
# Specifies the principals requesting access for a Cloud Platform resource. `
|
304
|
+
# members` can have the following values: * `allUsers`: A special identifier
|
305
|
+
# that represents anyone who is on the internet; with or without a Google
|
306
|
+
# account. * `allAuthenticatedUsers`: A special identifier that represents
|
307
|
+
# anyone who is authenticated with a Google account or a service account. * `
|
308
|
+
# user:`emailid``: An email address that represents a specific Google account.
|
309
|
+
# For example, `alice@example.com` . * `serviceAccount:`emailid``: An email
|
310
|
+
# address that represents a service account. For example, `my-other-app@appspot.
|
311
|
+
# gserviceaccount.com`. * `group:`emailid``: An email address that represents a
|
312
|
+
# Google group. For example, `admins@example.com`. * `deleted:user:`emailid`?uid=
|
313
|
+
# `uniqueid``: An email address (plus unique identifier) representing a user
|
314
|
+
# that has been recently deleted. For example, `alice@example.com?uid=
|
315
|
+
# 123456789012345678901`. If the user is recovered, this value reverts to `user:`
|
316
|
+
# emailid`` and the recovered user retains the role in the binding. * `deleted:
|
317
|
+
# serviceAccount:`emailid`?uid=`uniqueid``: An email address (plus unique
|
318
|
+
# identifier) representing a service account that has been recently deleted. For
|
319
|
+
# example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
|
320
|
+
# If the service account is undeleted, this value reverts to `serviceAccount:`
|
321
|
+
# emailid`` and the undeleted service account retains the role in the binding. *
|
322
|
+
# `deleted:group:`emailid`?uid=`uniqueid``: An email address (plus unique
|
323
|
+
# identifier) representing a Google group that has been recently deleted. For
|
324
|
+
# example, `admins@example.com?uid=123456789012345678901`. If the group is
|
325
|
+
# recovered, this value reverts to `group:`emailid`` and the recovered group
|
326
|
+
# retains the role in the binding. * `domain:`domain``: The G Suite domain (
|
327
|
+
# primary) that represents all the users of that domain. For example, `google.
|
328
|
+
# com` or `example.com`.
|
329
|
+
# Corresponds to the JSON property `members`
|
330
|
+
# @return [Array<String>]
|
331
|
+
attr_accessor :members
|
332
|
+
|
333
|
+
# Role that is assigned to the list of `members`, or principals. For example, `
|
334
|
+
# roles/viewer`, `roles/editor`, or `roles/owner`.
|
335
|
+
# Corresponds to the JSON property `role`
|
336
|
+
# @return [String]
|
337
|
+
attr_accessor :role
|
338
|
+
|
339
|
+
def initialize(**args)
|
340
|
+
update!(**args)
|
341
|
+
end
|
342
|
+
|
343
|
+
# Update properties of this object
|
344
|
+
def update!(**args)
|
345
|
+
@condition = args[:condition] if args.key?(:condition)
|
346
|
+
@members = args[:members] if args.key?(:members)
|
347
|
+
@role = args[:role] if args.key?(:role)
|
348
|
+
end
|
349
|
+
end
|
350
|
+
|
180
351
|
# The request message for Operations.CancelOperation.
|
181
352
|
class CancelOperationRequest
|
182
353
|
include Google::Apis::Core::Hashable
|
@@ -635,6 +806,68 @@ module Google
|
|
635
806
|
end
|
636
807
|
end
|
637
808
|
|
809
|
+
# Currently, a completed operation means nothing. In the future, this metadata
|
810
|
+
# and a completed operation may indicate that the binding has taken effect and
|
811
|
+
# is affecting access decisions for all users.
|
812
|
+
class GcpUserAccessBindingOperationMetadata
|
813
|
+
include Google::Apis::Core::Hashable
|
814
|
+
|
815
|
+
def initialize(**args)
|
816
|
+
update!(**args)
|
817
|
+
end
|
818
|
+
|
819
|
+
# Update properties of this object
|
820
|
+
def update!(**args)
|
821
|
+
end
|
822
|
+
end
|
823
|
+
|
824
|
+
# Request message for `GetIamPolicy` method.
|
825
|
+
class GetIamPolicyRequest
|
826
|
+
include Google::Apis::Core::Hashable
|
827
|
+
|
828
|
+
# Encapsulates settings provided to GetIamPolicy.
|
829
|
+
# Corresponds to the JSON property `options`
|
830
|
+
# @return [Google::Apis::AccesscontextmanagerV1::GetPolicyOptions]
|
831
|
+
attr_accessor :options
|
832
|
+
|
833
|
+
def initialize(**args)
|
834
|
+
update!(**args)
|
835
|
+
end
|
836
|
+
|
837
|
+
# Update properties of this object
|
838
|
+
def update!(**args)
|
839
|
+
@options = args[:options] if args.key?(:options)
|
840
|
+
end
|
841
|
+
end
|
842
|
+
|
843
|
+
# Encapsulates settings provided to GetIamPolicy.
|
844
|
+
class GetPolicyOptions
|
845
|
+
include Google::Apis::Core::Hashable
|
846
|
+
|
847
|
+
# Optional. The maximum policy version that will be used to format the policy.
|
848
|
+
# Valid values are 0, 1, and 3. Requests specifying an invalid value will be
|
849
|
+
# rejected. Requests for policies with any conditional role bindings must
|
850
|
+
# specify version 3. Policies with no conditional role bindings may specify any
|
851
|
+
# valid value or leave the field unset. The policy in the response might use the
|
852
|
+
# policy version that you specified, or it might use a lower policy version. For
|
853
|
+
# example, if you specify version 3, but the policy has no conditional role
|
854
|
+
# bindings, the response uses version 1. To learn which resources support
|
855
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
856
|
+
# google.com/iam/help/conditions/resource-policies).
|
857
|
+
# Corresponds to the JSON property `requestedPolicyVersion`
|
858
|
+
# @return [Fixnum]
|
859
|
+
attr_accessor :requested_policy_version
|
860
|
+
|
861
|
+
def initialize(**args)
|
862
|
+
update!(**args)
|
863
|
+
end
|
864
|
+
|
865
|
+
# Update properties of this object
|
866
|
+
def update!(**args)
|
867
|
+
@requested_policy_version = args[:requested_policy_version] if args.key?(:requested_policy_version)
|
868
|
+
end
|
869
|
+
end
|
870
|
+
|
638
871
|
# Defines the conditions under which an IngressPolicy matches a request.
|
639
872
|
# Conditions are based on information about the source of the request. The
|
640
873
|
# request must satisfy what is defined in `sources` AND identity related fields
|
@@ -1037,6 +1270,101 @@ module Google
|
|
1037
1270
|
end
|
1038
1271
|
end
|
1039
1272
|
|
1273
|
+
# An Identity and Access Management (IAM) policy, which specifies access
|
1274
|
+
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
1275
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
1276
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
1277
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
1278
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
1279
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
1280
|
+
# logical expression that allows access to a resource only if the expression
|
1281
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
1282
|
+
# the request, the resource, or both. To learn which resources support
|
1283
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
1284
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
|
1285
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
1286
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
1287
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
1288
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
1289
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
1290
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
1291
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
1292
|
+
# bindings: - members: - user:mike@example.com - group:admins@example.com -
|
1293
|
+
# domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
1294
|
+
# role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
|
1295
|
+
# com role: roles/resourcemanager.organizationViewer condition: title: expirable
|
1296
|
+
# access description: Does not grant access after Sep 2020 expression: request.
|
1297
|
+
# time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
|
1298
|
+
# a description of IAM and its features, see the [IAM documentation](https://
|
1299
|
+
# cloud.google.com/iam/docs/).
|
1300
|
+
class Policy
|
1301
|
+
include Google::Apis::Core::Hashable
|
1302
|
+
|
1303
|
+
# Specifies cloud audit logging configuration for this policy.
|
1304
|
+
# Corresponds to the JSON property `auditConfigs`
|
1305
|
+
# @return [Array<Google::Apis::AccesscontextmanagerV1::AuditConfig>]
|
1306
|
+
attr_accessor :audit_configs
|
1307
|
+
|
1308
|
+
# Associates a list of `members`, or principals, with a `role`. Optionally, may
|
1309
|
+
# specify a `condition` that determines how and when the `bindings` are applied.
|
1310
|
+
# Each of the `bindings` must contain at least one principal. The `bindings` in
|
1311
|
+
# a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
|
1312
|
+
# can be Google groups. Each occurrence of a principal counts towards these
|
1313
|
+
# limits. For example, if the `bindings` grant 50 different roles to `user:alice@
|
1314
|
+
# example.com`, and not to any other principal, then you can add another 1,450
|
1315
|
+
# principals to the `bindings` in the `Policy`.
|
1316
|
+
# Corresponds to the JSON property `bindings`
|
1317
|
+
# @return [Array<Google::Apis::AccesscontextmanagerV1::Binding>]
|
1318
|
+
attr_accessor :bindings
|
1319
|
+
|
1320
|
+
# `etag` is used for optimistic concurrency control as a way to help prevent
|
1321
|
+
# simultaneous updates of a policy from overwriting each other. It is strongly
|
1322
|
+
# suggested that systems make use of the `etag` in the read-modify-write cycle
|
1323
|
+
# to perform policy updates in order to avoid race conditions: An `etag` is
|
1324
|
+
# returned in the response to `getIamPolicy`, and systems are expected to put
|
1325
|
+
# that etag in the request to `setIamPolicy` to ensure that their change will be
|
1326
|
+
# applied to the same version of the policy. **Important:** If you use IAM
|
1327
|
+
# Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
|
1328
|
+
# If you omit this field, then IAM allows you to overwrite a version `3` policy
|
1329
|
+
# with a version `1` policy, and all of the conditions in the version `3` policy
|
1330
|
+
# are lost.
|
1331
|
+
# Corresponds to the JSON property `etag`
|
1332
|
+
# NOTE: Values are automatically base64 encoded/decoded in the client library.
|
1333
|
+
# @return [String]
|
1334
|
+
attr_accessor :etag
|
1335
|
+
|
1336
|
+
# Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
|
1337
|
+
# Requests that specify an invalid value are rejected. Any operation that
|
1338
|
+
# affects conditional role bindings must specify version `3`. This requirement
|
1339
|
+
# applies to the following operations: * Getting a policy that includes a
|
1340
|
+
# conditional role binding * Adding a conditional role binding to a policy *
|
1341
|
+
# Changing a conditional role binding in a policy * Removing any role binding,
|
1342
|
+
# with or without a condition, from a policy that includes conditions **
|
1343
|
+
# Important:** If you use IAM Conditions, you must include the `etag` field
|
1344
|
+
# whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
|
1345
|
+
# to overwrite a version `3` policy with a version `1` policy, and all of the
|
1346
|
+
# conditions in the version `3` policy are lost. If a policy does not include
|
1347
|
+
# any conditions, operations on that policy may specify any valid version or
|
1348
|
+
# leave the field unset. To learn which resources support conditions in their
|
1349
|
+
# IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
|
1350
|
+
# conditions/resource-policies).
|
1351
|
+
# Corresponds to the JSON property `version`
|
1352
|
+
# @return [Fixnum]
|
1353
|
+
attr_accessor :version
|
1354
|
+
|
1355
|
+
def initialize(**args)
|
1356
|
+
update!(**args)
|
1357
|
+
end
|
1358
|
+
|
1359
|
+
# Update properties of this object
|
1360
|
+
def update!(**args)
|
1361
|
+
@audit_configs = args[:audit_configs] if args.key?(:audit_configs)
|
1362
|
+
@bindings = args[:bindings] if args.key?(:bindings)
|
1363
|
+
@etag = args[:etag] if args.key?(:etag)
|
1364
|
+
@version = args[:version] if args.key?(:version)
|
1365
|
+
end
|
1366
|
+
end
|
1367
|
+
|
1040
1368
|
# A request to replace all existing Access Levels in an Access Policy with the
|
1041
1369
|
# Access Levels provided. This is done atomically.
|
1042
1370
|
class ReplaceAccessLevelsRequest
|
@@ -1160,7 +1488,7 @@ module Google
|
|
1160
1488
|
|
1161
1489
|
# Required. Resource name for the ServicePerimeter. The `short_name` component
|
1162
1490
|
# must begin with a letter and only include alphanumeric and '_'. Format: `
|
1163
|
-
# accessPolicies/`
|
1491
|
+
# accessPolicies/`access_policy`/servicePerimeters/`service_perimeter``
|
1164
1492
|
# Corresponds to the JSON property `name`
|
1165
1493
|
# @return [String]
|
1166
1494
|
attr_accessor :name
|
@@ -1284,6 +1612,59 @@ module Google
|
|
1284
1612
|
end
|
1285
1613
|
end
|
1286
1614
|
|
1615
|
+
# Request message for `SetIamPolicy` method.
|
1616
|
+
class SetIamPolicyRequest
|
1617
|
+
include Google::Apis::Core::Hashable
|
1618
|
+
|
1619
|
+
# An Identity and Access Management (IAM) policy, which specifies access
|
1620
|
+
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
1621
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
1622
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
1623
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
1624
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
1625
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
1626
|
+
# logical expression that allows access to a resource only if the expression
|
1627
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
1628
|
+
# the request, the resource, or both. To learn which resources support
|
1629
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
1630
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
|
1631
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
1632
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
1633
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
1634
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
1635
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
1636
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
1637
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
1638
|
+
# bindings: - members: - user:mike@example.com - group:admins@example.com -
|
1639
|
+
# domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
1640
|
+
# role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
|
1641
|
+
# com role: roles/resourcemanager.organizationViewer condition: title: expirable
|
1642
|
+
# access description: Does not grant access after Sep 2020 expression: request.
|
1643
|
+
# time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
|
1644
|
+
# a description of IAM and its features, see the [IAM documentation](https://
|
1645
|
+
# cloud.google.com/iam/docs/).
|
1646
|
+
# Corresponds to the JSON property `policy`
|
1647
|
+
# @return [Google::Apis::AccesscontextmanagerV1::Policy]
|
1648
|
+
attr_accessor :policy
|
1649
|
+
|
1650
|
+
# OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
|
1651
|
+
# the fields in the mask will be modified. If no mask is provided, the following
|
1652
|
+
# default mask is used: `paths: "bindings, etag"`
|
1653
|
+
# Corresponds to the JSON property `updateMask`
|
1654
|
+
# @return [String]
|
1655
|
+
attr_accessor :update_mask
|
1656
|
+
|
1657
|
+
def initialize(**args)
|
1658
|
+
update!(**args)
|
1659
|
+
end
|
1660
|
+
|
1661
|
+
# Update properties of this object
|
1662
|
+
def update!(**args)
|
1663
|
+
@policy = args[:policy] if args.key?(:policy)
|
1664
|
+
@update_mask = args[:update_mask] if args.key?(:update_mask)
|
1665
|
+
end
|
1666
|
+
end
|
1667
|
+
|
1287
1668
|
# The `Status` type defines a logical error model that is suitable for different
|
1288
1669
|
# programming environments, including REST APIs and RPC APIs. It is used by [
|
1289
1670
|
# gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
|
@@ -1323,6 +1704,46 @@ module Google
|
|
1323
1704
|
end
|
1324
1705
|
end
|
1325
1706
|
|
1707
|
+
# Request message for `TestIamPermissions` method.
|
1708
|
+
class TestIamPermissionsRequest
|
1709
|
+
include Google::Apis::Core::Hashable
|
1710
|
+
|
1711
|
+
# The set of permissions to check for the `resource`. Permissions with wildcards
|
1712
|
+
# (such as '*' or 'storage.*') are not allowed. For more information see [IAM
|
1713
|
+
# Overview](https://cloud.google.com/iam/docs/overview#permissions).
|
1714
|
+
# Corresponds to the JSON property `permissions`
|
1715
|
+
# @return [Array<String>]
|
1716
|
+
attr_accessor :permissions
|
1717
|
+
|
1718
|
+
def initialize(**args)
|
1719
|
+
update!(**args)
|
1720
|
+
end
|
1721
|
+
|
1722
|
+
# Update properties of this object
|
1723
|
+
def update!(**args)
|
1724
|
+
@permissions = args[:permissions] if args.key?(:permissions)
|
1725
|
+
end
|
1726
|
+
end
|
1727
|
+
|
1728
|
+
# Response message for `TestIamPermissions` method.
|
1729
|
+
class TestIamPermissionsResponse
|
1730
|
+
include Google::Apis::Core::Hashable
|
1731
|
+
|
1732
|
+
# A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
|
1733
|
+
# Corresponds to the JSON property `permissions`
|
1734
|
+
# @return [Array<String>]
|
1735
|
+
attr_accessor :permissions
|
1736
|
+
|
1737
|
+
def initialize(**args)
|
1738
|
+
update!(**args)
|
1739
|
+
end
|
1740
|
+
|
1741
|
+
# Update properties of this object
|
1742
|
+
def update!(**args)
|
1743
|
+
@permissions = args[:permissions] if args.key?(:permissions)
|
1744
|
+
end
|
1745
|
+
end
|
1746
|
+
|
1326
1747
|
# Specifies how APIs are allowed to communicate within the Service Perimeter.
|
1327
1748
|
class VpcAccessibleServices
|
1328
1749
|
include Google::Apis::Core::Hashable
|
@@ -16,13 +16,13 @@ module Google
|
|
16
16
|
module Apis
|
17
17
|
module AccesscontextmanagerV1
|
18
18
|
# Version of the google-apis-accesscontextmanager_v1 gem
|
19
|
-
GEM_VERSION = "0.
|
19
|
+
GEM_VERSION = "0.10.0"
|
20
20
|
|
21
21
|
# Version of the code generator used to generate this client
|
22
|
-
GENERATOR_VERSION = "0.
|
22
|
+
GENERATOR_VERSION = "0.4.0"
|
23
23
|
|
24
24
|
# Revision of the discovery document this client was generated from
|
25
|
-
REVISION = "
|
25
|
+
REVISION = "20211203"
|
26
26
|
end
|
27
27
|
end
|
28
28
|
end
|