google-apis-accesscontextmanager_v1 0.9.0 → 0.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/OVERVIEW.md +1 -1
- data/lib/google/apis/accesscontextmanager_v1/classes.rb +394 -2
- data/lib/google/apis/accesscontextmanager_v1/gem_version.rb +3 -3
- data/lib/google/apis/accesscontextmanager_v1/representations.rb +132 -0
- data/lib/google/apis/accesscontextmanager_v1/service.rb +241 -63
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e410632ac829b733ad9eb9fab354e9255eb9604aeaf55a8bb7365ac140d48179
|
4
|
+
data.tar.gz: 7099363c5578e579620bd0bac60bf12b7c86bd20f8eb641a2ad729758fbeb548
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a5da0742e4d3a7267c04b2b9029113c47dd41952d77401a3fc5d6fca57c7322284e79af726fc62e6711efb25a76dec89f4de5244d56d1340efb2eb5601fe7a3f
|
7
|
+
data.tar.gz: 53834768eedef13b63ad75e19e2e225a730d06b4ac0871716d21d4dd4b9fe33a10050a690e074b59a8f462a66d1378197d06567208d8e1e6c54ea3bd0b5f5efe
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,18 @@
|
|
1
1
|
# Release history for google-apis-accesscontextmanager_v1
|
2
2
|
|
3
|
+
### v0.12.0 (2022-03-24)
|
4
|
+
|
5
|
+
* Regenerated from discovery document revision 20220318
|
6
|
+
* Regenerated using generator version 0.4.1
|
7
|
+
|
8
|
+
### v0.11.0 (2021-12-14)
|
9
|
+
|
10
|
+
* Unspecified changes
|
11
|
+
|
12
|
+
### v0.10.0 (2021-12-10)
|
13
|
+
|
14
|
+
* Regenerated from discovery document revision 20211203
|
15
|
+
|
3
16
|
### v0.9.0 (2021-10-20)
|
4
17
|
|
5
18
|
* Unspecified changes
|
data/OVERVIEW.md
CHANGED
@@ -51,7 +51,7 @@ require "google/apis/accesscontextmanager_v1"
|
|
51
51
|
client = Google::Apis::AccesscontextmanagerV1::AccessContextManagerService.new
|
52
52
|
|
53
53
|
# Authenticate calls
|
54
|
-
client.
|
54
|
+
client.authorization = # ... use the googleauth gem to create credentials
|
55
55
|
```
|
56
56
|
|
57
57
|
See the class reference docs for information on the methods you can call from a client.
|
@@ -113,6 +113,21 @@ module Google
|
|
113
113
|
# @return [String]
|
114
114
|
attr_accessor :parent
|
115
115
|
|
116
|
+
# The scopes of a policy define which resources an ACM policy can restrict, and
|
117
|
+
# where ACM resources can be referenced. For example, a policy with scopes=["
|
118
|
+
# folders/123"] has the following behavior: - vpcsc perimeters can only restrict
|
119
|
+
# projects within folders/123 - access levels can only be referenced by
|
120
|
+
# resources within folders/123. If empty, there are no limitations on which
|
121
|
+
# resources can be restricted by an ACM policy, and there are no limitations on
|
122
|
+
# where ACM resources can be referenced. Only one policy can include a given
|
123
|
+
# scope (attempting to create a second policy which includes "folders/123" will
|
124
|
+
# result in an error). Currently, scopes cannot be modified after a policy is
|
125
|
+
# created. Currently, policies can only have a single scope. Format: list of `
|
126
|
+
# folders/`folder_number`` or `projects/`project_number``
|
127
|
+
# Corresponds to the JSON property `scopes`
|
128
|
+
# @return [Array<String>]
|
129
|
+
attr_accessor :scopes
|
130
|
+
|
116
131
|
# Required. Human readable title. Does not affect behavior.
|
117
132
|
# Corresponds to the JSON property `title`
|
118
133
|
# @return [String]
|
@@ -127,6 +142,7 @@ module Google
|
|
127
142
|
@etag = args[:etag] if args.key?(:etag)
|
128
143
|
@name = args[:name] if args.key?(:name)
|
129
144
|
@parent = args[:parent] if args.key?(:parent)
|
145
|
+
@scopes = args[:scopes] if args.key?(:scopes)
|
130
146
|
@title = args[:title] if args.key?(:title)
|
131
147
|
end
|
132
148
|
end
|
@@ -161,6 +177,77 @@ module Google
|
|
161
177
|
end
|
162
178
|
end
|
163
179
|
|
180
|
+
# Specifies the audit configuration for a service. The configuration determines
|
181
|
+
# which permission types are logged, and what identities, if any, are exempted
|
182
|
+
# from logging. An AuditConfig must have one or more AuditLogConfigs. If there
|
183
|
+
# are AuditConfigs for both `allServices` and a specific service, the union of
|
184
|
+
# the two AuditConfigs is used for that service: the log_types specified in each
|
185
|
+
# AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
|
186
|
+
# exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
|
187
|
+
# service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
|
188
|
+
# exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
|
189
|
+
# ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
|
190
|
+
# "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
|
191
|
+
# , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
|
192
|
+
# this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
|
193
|
+
# exempts jose@example.com from DATA_READ logging, and aliya@example.com from
|
194
|
+
# DATA_WRITE logging.
|
195
|
+
class AuditConfig
|
196
|
+
include Google::Apis::Core::Hashable
|
197
|
+
|
198
|
+
# The configuration for logging of each type of permission.
|
199
|
+
# Corresponds to the JSON property `auditLogConfigs`
|
200
|
+
# @return [Array<Google::Apis::AccesscontextmanagerV1::AuditLogConfig>]
|
201
|
+
attr_accessor :audit_log_configs
|
202
|
+
|
203
|
+
# Specifies a service that will be enabled for audit logging. For example, `
|
204
|
+
# storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
|
205
|
+
# value that covers all services.
|
206
|
+
# Corresponds to the JSON property `service`
|
207
|
+
# @return [String]
|
208
|
+
attr_accessor :service
|
209
|
+
|
210
|
+
def initialize(**args)
|
211
|
+
update!(**args)
|
212
|
+
end
|
213
|
+
|
214
|
+
# Update properties of this object
|
215
|
+
def update!(**args)
|
216
|
+
@audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
|
217
|
+
@service = args[:service] if args.key?(:service)
|
218
|
+
end
|
219
|
+
end
|
220
|
+
|
221
|
+
# Provides the configuration for logging a type of permissions. Example: ` "
|
222
|
+
# audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
|
223
|
+
# jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
|
224
|
+
# DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
|
225
|
+
# DATA_READ logging.
|
226
|
+
class AuditLogConfig
|
227
|
+
include Google::Apis::Core::Hashable
|
228
|
+
|
229
|
+
# Specifies the identities that do not cause logging for this type of permission.
|
230
|
+
# Follows the same format of Binding.members.
|
231
|
+
# Corresponds to the JSON property `exemptedMembers`
|
232
|
+
# @return [Array<String>]
|
233
|
+
attr_accessor :exempted_members
|
234
|
+
|
235
|
+
# The log type that this config enables.
|
236
|
+
# Corresponds to the JSON property `logType`
|
237
|
+
# @return [String]
|
238
|
+
attr_accessor :log_type
|
239
|
+
|
240
|
+
def initialize(**args)
|
241
|
+
update!(**args)
|
242
|
+
end
|
243
|
+
|
244
|
+
# Update properties of this object
|
245
|
+
def update!(**args)
|
246
|
+
@exempted_members = args[:exempted_members] if args.key?(:exempted_members)
|
247
|
+
@log_type = args[:log_type] if args.key?(:log_type)
|
248
|
+
end
|
249
|
+
end
|
250
|
+
|
164
251
|
# `BasicLevel` is an `AccessLevel` using a set of recommended features.
|
165
252
|
class BasicLevel
|
166
253
|
include Google::Apis::Core::Hashable
|
@@ -190,6 +277,77 @@ module Google
|
|
190
277
|
end
|
191
278
|
end
|
192
279
|
|
280
|
+
# Associates `members`, or principals, with a `role`.
|
281
|
+
class Binding
|
282
|
+
include Google::Apis::Core::Hashable
|
283
|
+
|
284
|
+
# Represents a textual expression in the Common Expression Language (CEL) syntax.
|
285
|
+
# CEL is a C-like expression language. The syntax and semantics of CEL are
|
286
|
+
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
|
287
|
+
# "Summary size limit" description: "Determines if a summary is less than 100
|
288
|
+
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
|
289
|
+
# Requestor is owner" description: "Determines if requestor is the document
|
290
|
+
# owner" expression: "document.owner == request.auth.claims.email" Example (
|
291
|
+
# Logic): title: "Public documents" description: "Determine whether the document
|
292
|
+
# should be publicly visible" expression: "document.type != 'private' &&
|
293
|
+
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
|
294
|
+
# string" description: "Create a notification string with a timestamp."
|
295
|
+
# expression: "'New message received at ' + string(document.create_time)" The
|
296
|
+
# exact variables and functions that may be referenced within an expression are
|
297
|
+
# determined by the service that evaluates it. See the service documentation for
|
298
|
+
# additional information.
|
299
|
+
# Corresponds to the JSON property `condition`
|
300
|
+
# @return [Google::Apis::AccesscontextmanagerV1::Expr]
|
301
|
+
attr_accessor :condition
|
302
|
+
|
303
|
+
# Specifies the principals requesting access for a Cloud Platform resource. `
|
304
|
+
# members` can have the following values: * `allUsers`: A special identifier
|
305
|
+
# that represents anyone who is on the internet; with or without a Google
|
306
|
+
# account. * `allAuthenticatedUsers`: A special identifier that represents
|
307
|
+
# anyone who is authenticated with a Google account or a service account. * `
|
308
|
+
# user:`emailid``: An email address that represents a specific Google account.
|
309
|
+
# For example, `alice@example.com` . * `serviceAccount:`emailid``: An email
|
310
|
+
# address that represents a service account. For example, `my-other-app@appspot.
|
311
|
+
# gserviceaccount.com`. * `group:`emailid``: An email address that represents a
|
312
|
+
# Google group. For example, `admins@example.com`. * `deleted:user:`emailid`?uid=
|
313
|
+
# `uniqueid``: An email address (plus unique identifier) representing a user
|
314
|
+
# that has been recently deleted. For example, `alice@example.com?uid=
|
315
|
+
# 123456789012345678901`. If the user is recovered, this value reverts to `user:`
|
316
|
+
# emailid`` and the recovered user retains the role in the binding. * `deleted:
|
317
|
+
# serviceAccount:`emailid`?uid=`uniqueid``: An email address (plus unique
|
318
|
+
# identifier) representing a service account that has been recently deleted. For
|
319
|
+
# example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
|
320
|
+
# If the service account is undeleted, this value reverts to `serviceAccount:`
|
321
|
+
# emailid`` and the undeleted service account retains the role in the binding. *
|
322
|
+
# `deleted:group:`emailid`?uid=`uniqueid``: An email address (plus unique
|
323
|
+
# identifier) representing a Google group that has been recently deleted. For
|
324
|
+
# example, `admins@example.com?uid=123456789012345678901`. If the group is
|
325
|
+
# recovered, this value reverts to `group:`emailid`` and the recovered group
|
326
|
+
# retains the role in the binding. * `domain:`domain``: The G Suite domain (
|
327
|
+
# primary) that represents all the users of that domain. For example, `google.
|
328
|
+
# com` or `example.com`.
|
329
|
+
# Corresponds to the JSON property `members`
|
330
|
+
# @return [Array<String>]
|
331
|
+
attr_accessor :members
|
332
|
+
|
333
|
+
# Role that is assigned to the list of `members`, or principals. For example, `
|
334
|
+
# roles/viewer`, `roles/editor`, or `roles/owner`.
|
335
|
+
# Corresponds to the JSON property `role`
|
336
|
+
# @return [String]
|
337
|
+
attr_accessor :role
|
338
|
+
|
339
|
+
def initialize(**args)
|
340
|
+
update!(**args)
|
341
|
+
end
|
342
|
+
|
343
|
+
# Update properties of this object
|
344
|
+
def update!(**args)
|
345
|
+
@condition = args[:condition] if args.key?(:condition)
|
346
|
+
@members = args[:members] if args.key?(:members)
|
347
|
+
@role = args[:role] if args.key?(:role)
|
348
|
+
end
|
349
|
+
end
|
350
|
+
|
193
351
|
# The request message for Operations.CancelOperation.
|
194
352
|
class CancelOperationRequest
|
195
353
|
include Google::Apis::Core::Hashable
|
@@ -537,8 +695,7 @@ module Google
|
|
537
695
|
# A generic empty message that you can re-use to avoid defining duplicated empty
|
538
696
|
# messages in your APIs. A typical example is to use it as the request or the
|
539
697
|
# response type of an API method. For instance: service Foo ` rpc Bar(google.
|
540
|
-
# protobuf.Empty) returns (google.protobuf.Empty); `
|
541
|
-
# `Empty` is empty JSON object ````.
|
698
|
+
# protobuf.Empty) returns (google.protobuf.Empty); `
|
542
699
|
class Empty
|
543
700
|
include Google::Apis::Core::Hashable
|
544
701
|
|
@@ -663,6 +820,53 @@ module Google
|
|
663
820
|
end
|
664
821
|
end
|
665
822
|
|
823
|
+
# Request message for `GetIamPolicy` method.
|
824
|
+
class GetIamPolicyRequest
|
825
|
+
include Google::Apis::Core::Hashable
|
826
|
+
|
827
|
+
# Encapsulates settings provided to GetIamPolicy.
|
828
|
+
# Corresponds to the JSON property `options`
|
829
|
+
# @return [Google::Apis::AccesscontextmanagerV1::GetPolicyOptions]
|
830
|
+
attr_accessor :options
|
831
|
+
|
832
|
+
def initialize(**args)
|
833
|
+
update!(**args)
|
834
|
+
end
|
835
|
+
|
836
|
+
# Update properties of this object
|
837
|
+
def update!(**args)
|
838
|
+
@options = args[:options] if args.key?(:options)
|
839
|
+
end
|
840
|
+
end
|
841
|
+
|
842
|
+
# Encapsulates settings provided to GetIamPolicy.
|
843
|
+
class GetPolicyOptions
|
844
|
+
include Google::Apis::Core::Hashable
|
845
|
+
|
846
|
+
# Optional. The maximum policy version that will be used to format the policy.
|
847
|
+
# Valid values are 0, 1, and 3. Requests specifying an invalid value will be
|
848
|
+
# rejected. Requests for policies with any conditional role bindings must
|
849
|
+
# specify version 3. Policies with no conditional role bindings may specify any
|
850
|
+
# valid value or leave the field unset. The policy in the response might use the
|
851
|
+
# policy version that you specified, or it might use a lower policy version. For
|
852
|
+
# example, if you specify version 3, but the policy has no conditional role
|
853
|
+
# bindings, the response uses version 1. To learn which resources support
|
854
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
855
|
+
# google.com/iam/help/conditions/resource-policies).
|
856
|
+
# Corresponds to the JSON property `requestedPolicyVersion`
|
857
|
+
# @return [Fixnum]
|
858
|
+
attr_accessor :requested_policy_version
|
859
|
+
|
860
|
+
def initialize(**args)
|
861
|
+
update!(**args)
|
862
|
+
end
|
863
|
+
|
864
|
+
# Update properties of this object
|
865
|
+
def update!(**args)
|
866
|
+
@requested_policy_version = args[:requested_policy_version] if args.key?(:requested_policy_version)
|
867
|
+
end
|
868
|
+
end
|
869
|
+
|
666
870
|
# Defines the conditions under which an IngressPolicy matches a request.
|
667
871
|
# Conditions are based on information about the source of the request. The
|
668
872
|
# request must satisfy what is defined in `sources` AND identity related fields
|
@@ -1065,6 +1269,101 @@ module Google
|
|
1065
1269
|
end
|
1066
1270
|
end
|
1067
1271
|
|
1272
|
+
# An Identity and Access Management (IAM) policy, which specifies access
|
1273
|
+
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
1274
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
1275
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
1276
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
1277
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
1278
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
1279
|
+
# logical expression that allows access to a resource only if the expression
|
1280
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
1281
|
+
# the request, the resource, or both. To learn which resources support
|
1282
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
1283
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
|
1284
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
1285
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
1286
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
1287
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
1288
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
1289
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
1290
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
1291
|
+
# bindings: - members: - user:mike@example.com - group:admins@example.com -
|
1292
|
+
# domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
1293
|
+
# role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
|
1294
|
+
# com role: roles/resourcemanager.organizationViewer condition: title: expirable
|
1295
|
+
# access description: Does not grant access after Sep 2020 expression: request.
|
1296
|
+
# time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
|
1297
|
+
# a description of IAM and its features, see the [IAM documentation](https://
|
1298
|
+
# cloud.google.com/iam/docs/).
|
1299
|
+
class Policy
|
1300
|
+
include Google::Apis::Core::Hashable
|
1301
|
+
|
1302
|
+
# Specifies cloud audit logging configuration for this policy.
|
1303
|
+
# Corresponds to the JSON property `auditConfigs`
|
1304
|
+
# @return [Array<Google::Apis::AccesscontextmanagerV1::AuditConfig>]
|
1305
|
+
attr_accessor :audit_configs
|
1306
|
+
|
1307
|
+
# Associates a list of `members`, or principals, with a `role`. Optionally, may
|
1308
|
+
# specify a `condition` that determines how and when the `bindings` are applied.
|
1309
|
+
# Each of the `bindings` must contain at least one principal. The `bindings` in
|
1310
|
+
# a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
|
1311
|
+
# can be Google groups. Each occurrence of a principal counts towards these
|
1312
|
+
# limits. For example, if the `bindings` grant 50 different roles to `user:alice@
|
1313
|
+
# example.com`, and not to any other principal, then you can add another 1,450
|
1314
|
+
# principals to the `bindings` in the `Policy`.
|
1315
|
+
# Corresponds to the JSON property `bindings`
|
1316
|
+
# @return [Array<Google::Apis::AccesscontextmanagerV1::Binding>]
|
1317
|
+
attr_accessor :bindings
|
1318
|
+
|
1319
|
+
# `etag` is used for optimistic concurrency control as a way to help prevent
|
1320
|
+
# simultaneous updates of a policy from overwriting each other. It is strongly
|
1321
|
+
# suggested that systems make use of the `etag` in the read-modify-write cycle
|
1322
|
+
# to perform policy updates in order to avoid race conditions: An `etag` is
|
1323
|
+
# returned in the response to `getIamPolicy`, and systems are expected to put
|
1324
|
+
# that etag in the request to `setIamPolicy` to ensure that their change will be
|
1325
|
+
# applied to the same version of the policy. **Important:** If you use IAM
|
1326
|
+
# Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
|
1327
|
+
# If you omit this field, then IAM allows you to overwrite a version `3` policy
|
1328
|
+
# with a version `1` policy, and all of the conditions in the version `3` policy
|
1329
|
+
# are lost.
|
1330
|
+
# Corresponds to the JSON property `etag`
|
1331
|
+
# NOTE: Values are automatically base64 encoded/decoded in the client library.
|
1332
|
+
# @return [String]
|
1333
|
+
attr_accessor :etag
|
1334
|
+
|
1335
|
+
# Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
|
1336
|
+
# Requests that specify an invalid value are rejected. Any operation that
|
1337
|
+
# affects conditional role bindings must specify version `3`. This requirement
|
1338
|
+
# applies to the following operations: * Getting a policy that includes a
|
1339
|
+
# conditional role binding * Adding a conditional role binding to a policy *
|
1340
|
+
# Changing a conditional role binding in a policy * Removing any role binding,
|
1341
|
+
# with or without a condition, from a policy that includes conditions **
|
1342
|
+
# Important:** If you use IAM Conditions, you must include the `etag` field
|
1343
|
+
# whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
|
1344
|
+
# to overwrite a version `3` policy with a version `1` policy, and all of the
|
1345
|
+
# conditions in the version `3` policy are lost. If a policy does not include
|
1346
|
+
# any conditions, operations on that policy may specify any valid version or
|
1347
|
+
# leave the field unset. To learn which resources support conditions in their
|
1348
|
+
# IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
|
1349
|
+
# conditions/resource-policies).
|
1350
|
+
# Corresponds to the JSON property `version`
|
1351
|
+
# @return [Fixnum]
|
1352
|
+
attr_accessor :version
|
1353
|
+
|
1354
|
+
def initialize(**args)
|
1355
|
+
update!(**args)
|
1356
|
+
end
|
1357
|
+
|
1358
|
+
# Update properties of this object
|
1359
|
+
def update!(**args)
|
1360
|
+
@audit_configs = args[:audit_configs] if args.key?(:audit_configs)
|
1361
|
+
@bindings = args[:bindings] if args.key?(:bindings)
|
1362
|
+
@etag = args[:etag] if args.key?(:etag)
|
1363
|
+
@version = args[:version] if args.key?(:version)
|
1364
|
+
end
|
1365
|
+
end
|
1366
|
+
|
1068
1367
|
# A request to replace all existing Access Levels in an Access Policy with the
|
1069
1368
|
# Access Levels provided. This is done atomically.
|
1070
1369
|
class ReplaceAccessLevelsRequest
|
@@ -1312,6 +1611,59 @@ module Google
|
|
1312
1611
|
end
|
1313
1612
|
end
|
1314
1613
|
|
1614
|
+
# Request message for `SetIamPolicy` method.
|
1615
|
+
class SetIamPolicyRequest
|
1616
|
+
include Google::Apis::Core::Hashable
|
1617
|
+
|
1618
|
+
# An Identity and Access Management (IAM) policy, which specifies access
|
1619
|
+
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
1620
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
1621
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
1622
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
1623
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
1624
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
1625
|
+
# logical expression that allows access to a resource only if the expression
|
1626
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
1627
|
+
# the request, the resource, or both. To learn which resources support
|
1628
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
1629
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
|
1630
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
1631
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
1632
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
1633
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
1634
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
1635
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
1636
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
|
1637
|
+
# bindings: - members: - user:mike@example.com - group:admins@example.com -
|
1638
|
+
# domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
|
1639
|
+
# role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
|
1640
|
+
# com role: roles/resourcemanager.organizationViewer condition: title: expirable
|
1641
|
+
# access description: Does not grant access after Sep 2020 expression: request.
|
1642
|
+
# time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
|
1643
|
+
# a description of IAM and its features, see the [IAM documentation](https://
|
1644
|
+
# cloud.google.com/iam/docs/).
|
1645
|
+
# Corresponds to the JSON property `policy`
|
1646
|
+
# @return [Google::Apis::AccesscontextmanagerV1::Policy]
|
1647
|
+
attr_accessor :policy
|
1648
|
+
|
1649
|
+
# OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
|
1650
|
+
# the fields in the mask will be modified. If no mask is provided, the following
|
1651
|
+
# default mask is used: `paths: "bindings, etag"`
|
1652
|
+
# Corresponds to the JSON property `updateMask`
|
1653
|
+
# @return [String]
|
1654
|
+
attr_accessor :update_mask
|
1655
|
+
|
1656
|
+
def initialize(**args)
|
1657
|
+
update!(**args)
|
1658
|
+
end
|
1659
|
+
|
1660
|
+
# Update properties of this object
|
1661
|
+
def update!(**args)
|
1662
|
+
@policy = args[:policy] if args.key?(:policy)
|
1663
|
+
@update_mask = args[:update_mask] if args.key?(:update_mask)
|
1664
|
+
end
|
1665
|
+
end
|
1666
|
+
|
1315
1667
|
# The `Status` type defines a logical error model that is suitable for different
|
1316
1668
|
# programming environments, including REST APIs and RPC APIs. It is used by [
|
1317
1669
|
# gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
|
@@ -1351,6 +1703,46 @@ module Google
|
|
1351
1703
|
end
|
1352
1704
|
end
|
1353
1705
|
|
1706
|
+
# Request message for `TestIamPermissions` method.
|
1707
|
+
class TestIamPermissionsRequest
|
1708
|
+
include Google::Apis::Core::Hashable
|
1709
|
+
|
1710
|
+
# The set of permissions to check for the `resource`. Permissions with wildcards
|
1711
|
+
# (such as '*' or 'storage.*') are not allowed. For more information see [IAM
|
1712
|
+
# Overview](https://cloud.google.com/iam/docs/overview#permissions).
|
1713
|
+
# Corresponds to the JSON property `permissions`
|
1714
|
+
# @return [Array<String>]
|
1715
|
+
attr_accessor :permissions
|
1716
|
+
|
1717
|
+
def initialize(**args)
|
1718
|
+
update!(**args)
|
1719
|
+
end
|
1720
|
+
|
1721
|
+
# Update properties of this object
|
1722
|
+
def update!(**args)
|
1723
|
+
@permissions = args[:permissions] if args.key?(:permissions)
|
1724
|
+
end
|
1725
|
+
end
|
1726
|
+
|
1727
|
+
# Response message for `TestIamPermissions` method.
|
1728
|
+
class TestIamPermissionsResponse
|
1729
|
+
include Google::Apis::Core::Hashable
|
1730
|
+
|
1731
|
+
# A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
|
1732
|
+
# Corresponds to the JSON property `permissions`
|
1733
|
+
# @return [Array<String>]
|
1734
|
+
attr_accessor :permissions
|
1735
|
+
|
1736
|
+
def initialize(**args)
|
1737
|
+
update!(**args)
|
1738
|
+
end
|
1739
|
+
|
1740
|
+
# Update properties of this object
|
1741
|
+
def update!(**args)
|
1742
|
+
@permissions = args[:permissions] if args.key?(:permissions)
|
1743
|
+
end
|
1744
|
+
end
|
1745
|
+
|
1354
1746
|
# Specifies how APIs are allowed to communicate within the Service Perimeter.
|
1355
1747
|
class VpcAccessibleServices
|
1356
1748
|
include Google::Apis::Core::Hashable
|
@@ -16,13 +16,13 @@ module Google
|
|
16
16
|
module Apis
|
17
17
|
module AccesscontextmanagerV1
|
18
18
|
# Version of the google-apis-accesscontextmanager_v1 gem
|
19
|
-
GEM_VERSION = "0.
|
19
|
+
GEM_VERSION = "0.12.0"
|
20
20
|
|
21
21
|
# Version of the code generator used to generate this client
|
22
|
-
GENERATOR_VERSION = "0.4.
|
22
|
+
GENERATOR_VERSION = "0.4.1"
|
23
23
|
|
24
24
|
# Revision of the discovery document this client was generated from
|
25
|
-
REVISION = "
|
25
|
+
REVISION = "20220318"
|
26
26
|
end
|
27
27
|
end
|
28
28
|
end
|
@@ -46,12 +46,30 @@ module Google
|
|
46
46
|
include Google::Apis::Core::JsonObjectSupport
|
47
47
|
end
|
48
48
|
|
49
|
+
class AuditConfig
|
50
|
+
class Representation < Google::Apis::Core::JsonRepresentation; end
|
51
|
+
|
52
|
+
include Google::Apis::Core::JsonObjectSupport
|
53
|
+
end
|
54
|
+
|
55
|
+
class AuditLogConfig
|
56
|
+
class Representation < Google::Apis::Core::JsonRepresentation; end
|
57
|
+
|
58
|
+
include Google::Apis::Core::JsonObjectSupport
|
59
|
+
end
|
60
|
+
|
49
61
|
class BasicLevel
|
50
62
|
class Representation < Google::Apis::Core::JsonRepresentation; end
|
51
63
|
|
52
64
|
include Google::Apis::Core::JsonObjectSupport
|
53
65
|
end
|
54
66
|
|
67
|
+
class Binding
|
68
|
+
class Representation < Google::Apis::Core::JsonRepresentation; end
|
69
|
+
|
70
|
+
include Google::Apis::Core::JsonObjectSupport
|
71
|
+
end
|
72
|
+
|
55
73
|
class CancelOperationRequest
|
56
74
|
class Representation < Google::Apis::Core::JsonRepresentation; end
|
57
75
|
|
@@ -130,6 +148,18 @@ module Google
|
|
130
148
|
include Google::Apis::Core::JsonObjectSupport
|
131
149
|
end
|
132
150
|
|
151
|
+
class GetIamPolicyRequest
|
152
|
+
class Representation < Google::Apis::Core::JsonRepresentation; end
|
153
|
+
|
154
|
+
include Google::Apis::Core::JsonObjectSupport
|
155
|
+
end
|
156
|
+
|
157
|
+
class GetPolicyOptions
|
158
|
+
class Representation < Google::Apis::Core::JsonRepresentation; end
|
159
|
+
|
160
|
+
include Google::Apis::Core::JsonObjectSupport
|
161
|
+
end
|
162
|
+
|
133
163
|
class IngressFrom
|
134
164
|
class Representation < Google::Apis::Core::JsonRepresentation; end
|
135
165
|
|
@@ -202,6 +232,12 @@ module Google
|
|
202
232
|
include Google::Apis::Core::JsonObjectSupport
|
203
233
|
end
|
204
234
|
|
235
|
+
class Policy
|
236
|
+
class Representation < Google::Apis::Core::JsonRepresentation; end
|
237
|
+
|
238
|
+
include Google::Apis::Core::JsonObjectSupport
|
239
|
+
end
|
240
|
+
|
205
241
|
class ReplaceAccessLevelsRequest
|
206
242
|
class Representation < Google::Apis::Core::JsonRepresentation; end
|
207
243
|
|
@@ -238,12 +274,30 @@ module Google
|
|
238
274
|
include Google::Apis::Core::JsonObjectSupport
|
239
275
|
end
|
240
276
|
|
277
|
+
class SetIamPolicyRequest
|
278
|
+
class Representation < Google::Apis::Core::JsonRepresentation; end
|
279
|
+
|
280
|
+
include Google::Apis::Core::JsonObjectSupport
|
281
|
+
end
|
282
|
+
|
241
283
|
class Status
|
242
284
|
class Representation < Google::Apis::Core::JsonRepresentation; end
|
243
285
|
|
244
286
|
include Google::Apis::Core::JsonObjectSupport
|
245
287
|
end
|
246
288
|
|
289
|
+
class TestIamPermissionsRequest
|
290
|
+
class Representation < Google::Apis::Core::JsonRepresentation; end
|
291
|
+
|
292
|
+
include Google::Apis::Core::JsonObjectSupport
|
293
|
+
end
|
294
|
+
|
295
|
+
class TestIamPermissionsResponse
|
296
|
+
class Representation < Google::Apis::Core::JsonRepresentation; end
|
297
|
+
|
298
|
+
include Google::Apis::Core::JsonObjectSupport
|
299
|
+
end
|
300
|
+
|
247
301
|
class VpcAccessibleServices
|
248
302
|
class Representation < Google::Apis::Core::JsonRepresentation; end
|
249
303
|
|
@@ -275,6 +329,7 @@ module Google
|
|
275
329
|
property :etag, as: 'etag'
|
276
330
|
property :name, as: 'name'
|
277
331
|
property :parent, as: 'parent'
|
332
|
+
collection :scopes, as: 'scopes'
|
278
333
|
property :title, as: 'title'
|
279
334
|
end
|
280
335
|
end
|
@@ -288,6 +343,23 @@ module Google
|
|
288
343
|
end
|
289
344
|
end
|
290
345
|
|
346
|
+
class AuditConfig
|
347
|
+
# @private
|
348
|
+
class Representation < Google::Apis::Core::JsonRepresentation
|
349
|
+
collection :audit_log_configs, as: 'auditLogConfigs', class: Google::Apis::AccesscontextmanagerV1::AuditLogConfig, decorator: Google::Apis::AccesscontextmanagerV1::AuditLogConfig::Representation
|
350
|
+
|
351
|
+
property :service, as: 'service'
|
352
|
+
end
|
353
|
+
end
|
354
|
+
|
355
|
+
class AuditLogConfig
|
356
|
+
# @private
|
357
|
+
class Representation < Google::Apis::Core::JsonRepresentation
|
358
|
+
collection :exempted_members, as: 'exemptedMembers'
|
359
|
+
property :log_type, as: 'logType'
|
360
|
+
end
|
361
|
+
end
|
362
|
+
|
291
363
|
class BasicLevel
|
292
364
|
# @private
|
293
365
|
class Representation < Google::Apis::Core::JsonRepresentation
|
@@ -297,6 +369,16 @@ module Google
|
|
297
369
|
end
|
298
370
|
end
|
299
371
|
|
372
|
+
class Binding
|
373
|
+
# @private
|
374
|
+
class Representation < Google::Apis::Core::JsonRepresentation
|
375
|
+
property :condition, as: 'condition', class: Google::Apis::AccesscontextmanagerV1::Expr, decorator: Google::Apis::AccesscontextmanagerV1::Expr::Representation
|
376
|
+
|
377
|
+
collection :members, as: 'members'
|
378
|
+
property :role, as: 'role'
|
379
|
+
end
|
380
|
+
end
|
381
|
+
|
300
382
|
class CancelOperationRequest
|
301
383
|
# @private
|
302
384
|
class Representation < Google::Apis::Core::JsonRepresentation
|
@@ -410,6 +492,21 @@ module Google
|
|
410
492
|
end
|
411
493
|
end
|
412
494
|
|
495
|
+
class GetIamPolicyRequest
|
496
|
+
# @private
|
497
|
+
class Representation < Google::Apis::Core::JsonRepresentation
|
498
|
+
property :options, as: 'options', class: Google::Apis::AccesscontextmanagerV1::GetPolicyOptions, decorator: Google::Apis::AccesscontextmanagerV1::GetPolicyOptions::Representation
|
499
|
+
|
500
|
+
end
|
501
|
+
end
|
502
|
+
|
503
|
+
class GetPolicyOptions
|
504
|
+
# @private
|
505
|
+
class Representation < Google::Apis::Core::JsonRepresentation
|
506
|
+
property :requested_policy_version, as: 'requestedPolicyVersion'
|
507
|
+
end
|
508
|
+
end
|
509
|
+
|
413
510
|
class IngressFrom
|
414
511
|
# @private
|
415
512
|
class Representation < Google::Apis::Core::JsonRepresentation
|
@@ -521,6 +618,18 @@ module Google
|
|
521
618
|
end
|
522
619
|
end
|
523
620
|
|
621
|
+
class Policy
|
622
|
+
# @private
|
623
|
+
class Representation < Google::Apis::Core::JsonRepresentation
|
624
|
+
collection :audit_configs, as: 'auditConfigs', class: Google::Apis::AccesscontextmanagerV1::AuditConfig, decorator: Google::Apis::AccesscontextmanagerV1::AuditConfig::Representation
|
625
|
+
|
626
|
+
collection :bindings, as: 'bindings', class: Google::Apis::AccesscontextmanagerV1::Binding, decorator: Google::Apis::AccesscontextmanagerV1::Binding::Representation
|
627
|
+
|
628
|
+
property :etag, :base64 => true, as: 'etag'
|
629
|
+
property :version, as: 'version'
|
630
|
+
end
|
631
|
+
end
|
632
|
+
|
524
633
|
class ReplaceAccessLevelsRequest
|
525
634
|
# @private
|
526
635
|
class Representation < Google::Apis::Core::JsonRepresentation
|
@@ -585,6 +694,15 @@ module Google
|
|
585
694
|
end
|
586
695
|
end
|
587
696
|
|
697
|
+
class SetIamPolicyRequest
|
698
|
+
# @private
|
699
|
+
class Representation < Google::Apis::Core::JsonRepresentation
|
700
|
+
property :policy, as: 'policy', class: Google::Apis::AccesscontextmanagerV1::Policy, decorator: Google::Apis::AccesscontextmanagerV1::Policy::Representation
|
701
|
+
|
702
|
+
property :update_mask, as: 'updateMask'
|
703
|
+
end
|
704
|
+
end
|
705
|
+
|
588
706
|
class Status
|
589
707
|
# @private
|
590
708
|
class Representation < Google::Apis::Core::JsonRepresentation
|
@@ -594,6 +712,20 @@ module Google
|
|
594
712
|
end
|
595
713
|
end
|
596
714
|
|
715
|
+
class TestIamPermissionsRequest
|
716
|
+
# @private
|
717
|
+
class Representation < Google::Apis::Core::JsonRepresentation
|
718
|
+
collection :permissions, as: 'permissions'
|
719
|
+
end
|
720
|
+
end
|
721
|
+
|
722
|
+
class TestIamPermissionsResponse
|
723
|
+
# @private
|
724
|
+
class Representation < Google::Apis::Core::JsonRepresentation
|
725
|
+
collection :permissions, as: 'permissions'
|
726
|
+
end
|
727
|
+
end
|
728
|
+
|
597
729
|
class VpcAccessibleServices
|
598
730
|
# @private
|
599
731
|
class Representation < Google::Apis::Core::JsonRepresentation
|
@@ -49,10 +49,10 @@ module Google
|
|
49
49
|
@batch_path = 'batch'
|
50
50
|
end
|
51
51
|
|
52
|
-
#
|
53
|
-
#
|
54
|
-
#
|
55
|
-
#
|
52
|
+
# Creates an access policy. This method fails if the organization already has an
|
53
|
+
# access policy. The long-running operation has a successful status after the
|
54
|
+
# access policy propagates to long-lasting storage. Syntactic and basic semantic
|
55
|
+
# errors are returned in `metadata` as a BadRequest proto.
|
56
56
|
# @param [Google::Apis::AccesscontextmanagerV1::AccessPolicy] access_policy_object
|
57
57
|
# @param [String] fields
|
58
58
|
# Selector specifying which fields to include in a partial response.
|
@@ -82,9 +82,9 @@ module Google
|
|
82
82
|
execute_or_queue_command(command, &block)
|
83
83
|
end
|
84
84
|
|
85
|
-
#
|
86
|
-
# successful status
|
87
|
-
# storage.
|
85
|
+
# Deletes an access policy based on the resource name. The long-running
|
86
|
+
# operation has a successful status after the access policy is removed from long-
|
87
|
+
# lasting storage.
|
88
88
|
# @param [String] name
|
89
89
|
# Required. Resource name for the access policy to delete. Format `
|
90
90
|
# accessPolicies/`policy_id``
|
@@ -115,7 +115,7 @@ module Google
|
|
115
115
|
execute_or_queue_command(command, &block)
|
116
116
|
end
|
117
117
|
|
118
|
-
#
|
118
|
+
# Returns an access policy based on the name.
|
119
119
|
# @param [String] name
|
120
120
|
# Required. Resource name for the access policy to get. Format `accessPolicies/`
|
121
121
|
# policy_id``
|
@@ -146,7 +146,41 @@ module Google
|
|
146
146
|
execute_or_queue_command(command, &block)
|
147
147
|
end
|
148
148
|
|
149
|
-
#
|
149
|
+
# Gets the IAM policy for the specified Access Context Manager access policy.
|
150
|
+
# @param [String] resource
|
151
|
+
# REQUIRED: The resource for which the policy is being requested. See the
|
152
|
+
# operation documentation for the appropriate value for this field.
|
153
|
+
# @param [Google::Apis::AccesscontextmanagerV1::GetIamPolicyRequest] get_iam_policy_request_object
|
154
|
+
# @param [String] fields
|
155
|
+
# Selector specifying which fields to include in a partial response.
|
156
|
+
# @param [String] quota_user
|
157
|
+
# Available to use for quota purposes for server-side applications. Can be any
|
158
|
+
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
159
|
+
# @param [Google::Apis::RequestOptions] options
|
160
|
+
# Request-specific options
|
161
|
+
#
|
162
|
+
# @yield [result, err] Result & error if block supplied
|
163
|
+
# @yieldparam result [Google::Apis::AccesscontextmanagerV1::Policy] parsed result object
|
164
|
+
# @yieldparam err [StandardError] error object if request failed
|
165
|
+
#
|
166
|
+
# @return [Google::Apis::AccesscontextmanagerV1::Policy]
|
167
|
+
#
|
168
|
+
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
169
|
+
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
170
|
+
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
171
|
+
def get_access_policy_iam_policy(resource, get_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
172
|
+
command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options)
|
173
|
+
command.request_representation = Google::Apis::AccesscontextmanagerV1::GetIamPolicyRequest::Representation
|
174
|
+
command.request_object = get_iam_policy_request_object
|
175
|
+
command.response_representation = Google::Apis::AccesscontextmanagerV1::Policy::Representation
|
176
|
+
command.response_class = Google::Apis::AccesscontextmanagerV1::Policy
|
177
|
+
command.params['resource'] = resource unless resource.nil?
|
178
|
+
command.query['fields'] = fields unless fields.nil?
|
179
|
+
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
180
|
+
execute_or_queue_command(command, &block)
|
181
|
+
end
|
182
|
+
|
183
|
+
# Lists all access policies in an organization.
|
150
184
|
# @param [Fixnum] page_size
|
151
185
|
# Number of AccessPolicy instances to include in the list. Default 100.
|
152
186
|
# @param [String] page_token
|
@@ -184,10 +218,9 @@ module Google
|
|
184
218
|
execute_or_queue_command(command, &block)
|
185
219
|
end
|
186
220
|
|
187
|
-
#
|
188
|
-
# successful status
|
189
|
-
# lasting storage.
|
190
|
-
# metadata` as a BadRequest proto.
|
221
|
+
# Updates an access policy. The long-running operation from this RPC has a
|
222
|
+
# successful status after the changes to the access policy propagate to long-
|
223
|
+
# lasting storage.
|
191
224
|
# @param [String] name
|
192
225
|
# Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/`
|
193
226
|
# access_policy``
|
@@ -224,10 +257,83 @@ module Google
|
|
224
257
|
execute_or_queue_command(command, &block)
|
225
258
|
end
|
226
259
|
|
227
|
-
#
|
228
|
-
#
|
229
|
-
#
|
230
|
-
#
|
260
|
+
# Sets the IAM policy for the specified Access Context Manager access policy.
|
261
|
+
# This method replaces the existing IAM policy on the access policy. The IAM
|
262
|
+
# policy controls the set of users who can perform specific operations on the
|
263
|
+
# Access Context Manager access policy.
|
264
|
+
# @param [String] resource
|
265
|
+
# REQUIRED: The resource for which the policy is being specified. See the
|
266
|
+
# operation documentation for the appropriate value for this field.
|
267
|
+
# @param [Google::Apis::AccesscontextmanagerV1::SetIamPolicyRequest] set_iam_policy_request_object
|
268
|
+
# @param [String] fields
|
269
|
+
# Selector specifying which fields to include in a partial response.
|
270
|
+
# @param [String] quota_user
|
271
|
+
# Available to use for quota purposes for server-side applications. Can be any
|
272
|
+
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
273
|
+
# @param [Google::Apis::RequestOptions] options
|
274
|
+
# Request-specific options
|
275
|
+
#
|
276
|
+
# @yield [result, err] Result & error if block supplied
|
277
|
+
# @yieldparam result [Google::Apis::AccesscontextmanagerV1::Policy] parsed result object
|
278
|
+
# @yieldparam err [StandardError] error object if request failed
|
279
|
+
#
|
280
|
+
# @return [Google::Apis::AccesscontextmanagerV1::Policy]
|
281
|
+
#
|
282
|
+
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
283
|
+
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
284
|
+
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
285
|
+
def set_access_policy_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
286
|
+
command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options)
|
287
|
+
command.request_representation = Google::Apis::AccesscontextmanagerV1::SetIamPolicyRequest::Representation
|
288
|
+
command.request_object = set_iam_policy_request_object
|
289
|
+
command.response_representation = Google::Apis::AccesscontextmanagerV1::Policy::Representation
|
290
|
+
command.response_class = Google::Apis::AccesscontextmanagerV1::Policy
|
291
|
+
command.params['resource'] = resource unless resource.nil?
|
292
|
+
command.query['fields'] = fields unless fields.nil?
|
293
|
+
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
294
|
+
execute_or_queue_command(command, &block)
|
295
|
+
end
|
296
|
+
|
297
|
+
# Returns the IAM permissions that the caller has on the specified Access
|
298
|
+
# Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or
|
299
|
+
# ServicePerimeter. This method does not support other resources.
|
300
|
+
# @param [String] resource
|
301
|
+
# REQUIRED: The resource for which the policy detail is being requested. See the
|
302
|
+
# operation documentation for the appropriate value for this field.
|
303
|
+
# @param [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsRequest] test_iam_permissions_request_object
|
304
|
+
# @param [String] fields
|
305
|
+
# Selector specifying which fields to include in a partial response.
|
306
|
+
# @param [String] quota_user
|
307
|
+
# Available to use for quota purposes for server-side applications. Can be any
|
308
|
+
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
309
|
+
# @param [Google::Apis::RequestOptions] options
|
310
|
+
# Request-specific options
|
311
|
+
#
|
312
|
+
# @yield [result, err] Result & error if block supplied
|
313
|
+
# @yieldparam result [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse] parsed result object
|
314
|
+
# @yieldparam err [StandardError] error object if request failed
|
315
|
+
#
|
316
|
+
# @return [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse]
|
317
|
+
#
|
318
|
+
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
319
|
+
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
320
|
+
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
321
|
+
def test_access_policy_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
322
|
+
command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
|
323
|
+
command.request_representation = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsRequest::Representation
|
324
|
+
command.request_object = test_iam_permissions_request_object
|
325
|
+
command.response_representation = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse::Representation
|
326
|
+
command.response_class = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse
|
327
|
+
command.params['resource'] = resource unless resource.nil?
|
328
|
+
command.query['fields'] = fields unless fields.nil?
|
329
|
+
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
330
|
+
execute_or_queue_command(command, &block)
|
331
|
+
end
|
332
|
+
|
333
|
+
# Creates an access level. The long-running operation from this RPC has a
|
334
|
+
# successful status after the access level propagates to long-lasting storage.
|
335
|
+
# If access levels contain errors, an error response is returned for the first
|
336
|
+
# error encountered.
|
231
337
|
# @param [String] parent
|
232
338
|
# Required. Resource name for the access policy which owns this Access Level.
|
233
339
|
# Format: `accessPolicies/`policy_id``
|
@@ -261,9 +367,9 @@ module Google
|
|
261
367
|
execute_or_queue_command(command, &block)
|
262
368
|
end
|
263
369
|
|
264
|
-
#
|
265
|
-
# RPC
|
266
|
-
# long-lasting storage.
|
370
|
+
# Deletes an access level based on the resource name. The long-running operation
|
371
|
+
# from this RPC has a successful status after the access level has been removed
|
372
|
+
# from long-lasting storage.
|
267
373
|
# @param [String] name
|
268
374
|
# Required. Resource name for the Access Level. Format: `accessPolicies/`
|
269
375
|
# policy_id`/accessLevels/`access_level_id``
|
@@ -294,7 +400,7 @@ module Google
|
|
294
400
|
execute_or_queue_command(command, &block)
|
295
401
|
end
|
296
402
|
|
297
|
-
#
|
403
|
+
# Gets an access level based on the resource name.
|
298
404
|
# @param [String] name
|
299
405
|
# Required. Resource name for the Access Level. Format: `accessPolicies/`
|
300
406
|
# policy_id`/accessLevels/`access_level_id``
|
@@ -332,7 +438,7 @@ module Google
|
|
332
438
|
execute_or_queue_command(command, &block)
|
333
439
|
end
|
334
440
|
|
335
|
-
#
|
441
|
+
# Lists all access levels for an access policy.
|
336
442
|
# @param [String] parent
|
337
443
|
# Required. Resource name for the access policy to list Access Levels from.
|
338
444
|
# Format: `accessPolicies/`policy_id``
|
@@ -375,10 +481,10 @@ module Google
|
|
375
481
|
execute_or_queue_command(command, &block)
|
376
482
|
end
|
377
483
|
|
378
|
-
#
|
379
|
-
# successful status
|
380
|
-
# lasting storage.
|
381
|
-
#
|
484
|
+
# Updates an access level. The long-running operation from this RPC has a
|
485
|
+
# successful status after the changes to the access level propagate to long-
|
486
|
+
# lasting storage. If access levels contain errors, an error response is
|
487
|
+
# returned for the first error encountered.
|
382
488
|
# @param [String] name
|
383
489
|
# Required. Resource name for the Access Level. The `short_name` component must
|
384
490
|
# begin with a letter and only include alphanumeric and '_'. Format: `
|
@@ -417,14 +523,14 @@ module Google
|
|
417
523
|
execute_or_queue_command(command, &block)
|
418
524
|
end
|
419
525
|
|
420
|
-
#
|
421
|
-
# provided. This is done atomically. The
|
422
|
-
#
|
423
|
-
#
|
424
|
-
#
|
425
|
-
#
|
426
|
-
#
|
427
|
-
#
|
526
|
+
# Replaces all existing access levels in an access policy with the access levels
|
527
|
+
# provided. This is done atomically. The long-running operation from this RPC
|
528
|
+
# has a successful status after all replacements propagate to long-lasting
|
529
|
+
# storage. If the replacement contains errors, an error response is returned for
|
530
|
+
# the first error encountered. Upon error, the replacement is cancelled, and
|
531
|
+
# existing access levels are not affected. The Operation.response field contains
|
532
|
+
# ReplaceAccessLevelsResponse. Removing access levels contained in existing
|
533
|
+
# service perimeters result in an error.
|
428
534
|
# @param [String] parent
|
429
535
|
# Required. Resource name for the access policy which owns these Access Levels.
|
430
536
|
# Format: `accessPolicies/`policy_id``
|
@@ -458,16 +564,52 @@ module Google
|
|
458
564
|
execute_or_queue_command(command, &block)
|
459
565
|
end
|
460
566
|
|
461
|
-
#
|
462
|
-
#
|
463
|
-
#
|
464
|
-
#
|
465
|
-
#
|
466
|
-
#
|
467
|
-
#
|
468
|
-
#
|
469
|
-
#
|
470
|
-
#
|
567
|
+
# Returns the IAM permissions that the caller has on the specified Access
|
568
|
+
# Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or
|
569
|
+
# ServicePerimeter. This method does not support other resources.
|
570
|
+
# @param [String] resource
|
571
|
+
# REQUIRED: The resource for which the policy detail is being requested. See the
|
572
|
+
# operation documentation for the appropriate value for this field.
|
573
|
+
# @param [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsRequest] test_iam_permissions_request_object
|
574
|
+
# @param [String] fields
|
575
|
+
# Selector specifying which fields to include in a partial response.
|
576
|
+
# @param [String] quota_user
|
577
|
+
# Available to use for quota purposes for server-side applications. Can be any
|
578
|
+
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
579
|
+
# @param [Google::Apis::RequestOptions] options
|
580
|
+
# Request-specific options
|
581
|
+
#
|
582
|
+
# @yield [result, err] Result & error if block supplied
|
583
|
+
# @yieldparam result [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse] parsed result object
|
584
|
+
# @yieldparam err [StandardError] error object if request failed
|
585
|
+
#
|
586
|
+
# @return [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse]
|
587
|
+
#
|
588
|
+
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
589
|
+
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
590
|
+
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
591
|
+
def test_access_level_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
592
|
+
command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
|
593
|
+
command.request_representation = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsRequest::Representation
|
594
|
+
command.request_object = test_iam_permissions_request_object
|
595
|
+
command.response_representation = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse::Representation
|
596
|
+
command.response_class = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse
|
597
|
+
command.params['resource'] = resource unless resource.nil?
|
598
|
+
command.query['fields'] = fields unless fields.nil?
|
599
|
+
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
600
|
+
execute_or_queue_command(command, &block)
|
601
|
+
end
|
602
|
+
|
603
|
+
# Commits the dry-run specification for all the service perimeters in an access
|
604
|
+
# policy. A commit operation on a service perimeter involves copying its `spec`
|
605
|
+
# field to the `status` field of the service perimeter. Only service perimeters
|
606
|
+
# with `use_explicit_dry_run_spec` field set to true are affected by a commit
|
607
|
+
# operation. The long-running operation from this RPC has a successful status
|
608
|
+
# after the dry-run specifications for all the service perimeters have been
|
609
|
+
# committed. If a commit fails, it causes the long-running operation to return
|
610
|
+
# an error response and the entire commit operation is cancelled. When
|
611
|
+
# successful, the Operation.response field contains
|
612
|
+
# CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
|
471
613
|
# cleared after a successful commit operation.
|
472
614
|
# @param [String] parent
|
473
615
|
# Required. Resource name for the parent Access Policy which owns all Service
|
@@ -503,9 +645,9 @@ module Google
|
|
503
645
|
execute_or_queue_command(command, &block)
|
504
646
|
end
|
505
647
|
|
506
|
-
#
|
507
|
-
#
|
508
|
-
# storage.
|
648
|
+
# Creates a service perimeter. The long-running operation from this RPC has a
|
649
|
+
# successful status after the service perimeter propagates to long-lasting
|
650
|
+
# storage. If a service perimeter contains errors, an error response is returned
|
509
651
|
# for the first error encountered.
|
510
652
|
# @param [String] parent
|
511
653
|
# Required. Resource name for the access policy which owns this Service
|
@@ -540,8 +682,8 @@ module Google
|
|
540
682
|
execute_or_queue_command(command, &block)
|
541
683
|
end
|
542
684
|
|
543
|
-
#
|
544
|
-
# this RPC
|
685
|
+
# Deletes a service perimeter based on the resource name. The long-running
|
686
|
+
# operation from this RPC has a successful status after the service perimeter is
|
545
687
|
# removed from long-lasting storage.
|
546
688
|
# @param [String] name
|
547
689
|
# Required. Resource name for the Service Perimeter. Format: `accessPolicies/`
|
@@ -573,7 +715,7 @@ module Google
|
|
573
715
|
execute_or_queue_command(command, &block)
|
574
716
|
end
|
575
717
|
|
576
|
-
#
|
718
|
+
# Gets a service perimeter based on the resource name.
|
577
719
|
# @param [String] name
|
578
720
|
# Required. Resource name for the Service Perimeter. Format: `accessPolicies/`
|
579
721
|
# policy_id`/servicePerimeters/`service_perimeters_id``
|
@@ -604,7 +746,7 @@ module Google
|
|
604
746
|
execute_or_queue_command(command, &block)
|
605
747
|
end
|
606
748
|
|
607
|
-
#
|
749
|
+
# Lists all service perimeters for an access policy.
|
608
750
|
# @param [String] parent
|
609
751
|
# Required. Resource name for the access policy to list Service Perimeters from.
|
610
752
|
# Format: `accessPolicies/`policy_id``
|
@@ -642,10 +784,10 @@ module Google
|
|
642
784
|
execute_or_queue_command(command, &block)
|
643
785
|
end
|
644
786
|
|
645
|
-
#
|
646
|
-
#
|
647
|
-
#
|
648
|
-
#
|
787
|
+
# Updates a service perimeter. The long-running operation from this RPC has a
|
788
|
+
# successful status after the service perimeter propagates to long-lasting
|
789
|
+
# storage. If a service perimeter contains errors, an error response is returned
|
790
|
+
# for the first error encountered.
|
649
791
|
# @param [String] name
|
650
792
|
# Required. Resource name for the ServicePerimeter. The `short_name` component
|
651
793
|
# must begin with a letter and only include alphanumeric and '_'. Format: `
|
@@ -683,13 +825,13 @@ module Google
|
|
683
825
|
execute_or_queue_command(command, &block)
|
684
826
|
end
|
685
827
|
|
686
|
-
# Replace all existing
|
687
|
-
#
|
688
|
-
# this RPC
|
689
|
-
#
|
690
|
-
#
|
691
|
-
#
|
692
|
-
#
|
828
|
+
# Replace all existing service perimeters in an access policy with the service
|
829
|
+
# perimeters provided. This is done atomically. The long-running operation from
|
830
|
+
# this RPC has a successful status after all replacements propagate to long-
|
831
|
+
# lasting storage. Replacements containing errors result in an error response
|
832
|
+
# for the first error encountered. Upon an error, replacement are cancelled and
|
833
|
+
# existing service perimeters are not affected. The Operation.response field
|
834
|
+
# contains ReplaceServicePerimetersResponse.
|
693
835
|
# @param [String] parent
|
694
836
|
# Required. Resource name for the access policy which owns these Service
|
695
837
|
# Perimeters. Format: `accessPolicies/`policy_id``
|
@@ -723,6 +865,42 @@ module Google
|
|
723
865
|
execute_or_queue_command(command, &block)
|
724
866
|
end
|
725
867
|
|
868
|
+
# Returns the IAM permissions that the caller has on the specified Access
|
869
|
+
# Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or
|
870
|
+
# ServicePerimeter. This method does not support other resources.
|
871
|
+
# @param [String] resource
|
872
|
+
# REQUIRED: The resource for which the policy detail is being requested. See the
|
873
|
+
# operation documentation for the appropriate value for this field.
|
874
|
+
# @param [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsRequest] test_iam_permissions_request_object
|
875
|
+
# @param [String] fields
|
876
|
+
# Selector specifying which fields to include in a partial response.
|
877
|
+
# @param [String] quota_user
|
878
|
+
# Available to use for quota purposes for server-side applications. Can be any
|
879
|
+
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
880
|
+
# @param [Google::Apis::RequestOptions] options
|
881
|
+
# Request-specific options
|
882
|
+
#
|
883
|
+
# @yield [result, err] Result & error if block supplied
|
884
|
+
# @yieldparam result [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse] parsed result object
|
885
|
+
# @yieldparam err [StandardError] error object if request failed
|
886
|
+
#
|
887
|
+
# @return [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse]
|
888
|
+
#
|
889
|
+
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
890
|
+
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
891
|
+
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
892
|
+
def test_service_perimeter_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
893
|
+
command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
|
894
|
+
command.request_representation = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsRequest::Representation
|
895
|
+
command.request_object = test_iam_permissions_request_object
|
896
|
+
command.response_representation = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse::Representation
|
897
|
+
command.response_class = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse
|
898
|
+
command.params['resource'] = resource unless resource.nil?
|
899
|
+
command.query['fields'] = fields unless fields.nil?
|
900
|
+
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
901
|
+
execute_or_queue_command(command, &block)
|
902
|
+
end
|
903
|
+
|
726
904
|
# Starts asynchronous cancellation on a long-running operation. The server makes
|
727
905
|
# a best effort to cancel the operation, but success is not guaranteed. If the
|
728
906
|
# server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.
|
@@ -874,7 +1052,7 @@ module Google
|
|
874
1052
|
end
|
875
1053
|
|
876
1054
|
# Creates a GcpUserAccessBinding. If the client specifies a name, the server
|
877
|
-
#
|
1055
|
+
# ignores it. Fails if a resource already exists with the same group_key.
|
878
1056
|
# Completion of this long-running operation does not necessarily signify that
|
879
1057
|
# the new binding is deployed onto all affected users, which may take more time.
|
880
1058
|
# @param [String] parent
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-apis-accesscontextmanager_v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.12.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-03-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: google-apis-core
|
@@ -58,7 +58,7 @@ licenses:
|
|
58
58
|
metadata:
|
59
59
|
bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
|
60
60
|
changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-accesscontextmanager_v1/CHANGELOG.md
|
61
|
-
documentation_uri: https://googleapis.dev/ruby/google-apis-accesscontextmanager_v1/v0.
|
61
|
+
documentation_uri: https://googleapis.dev/ruby/google-apis-accesscontextmanager_v1/v0.12.0
|
62
62
|
source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-accesscontextmanager_v1
|
63
63
|
post_install_message:
|
64
64
|
rdoc_options: []
|
@@ -75,7 +75,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
75
75
|
- !ruby/object:Gem::Version
|
76
76
|
version: '0'
|
77
77
|
requirements: []
|
78
|
-
rubygems_version: 3.
|
78
|
+
rubygems_version: 3.3.5
|
79
79
|
signing_key:
|
80
80
|
specification_version: 4
|
81
81
|
summary: Simple REST client for Access Context Manager API V1
|