google-apis-accesscontextmanager_v1 0.9.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0e55af16efe6ff7845d51a64f2a14d4ff37cd7ab6a1e004dc78188ecc75c8dd5
-  data.tar.gz: 004477f38e26f622cabd1110612d572330864a5b0f7b877f5fc71b3ceeb47124
+  metadata.gz: 631ef7942d887b6299cbae7761da5baf36a17156344d8e6819e16a366c6280d8
+  data.tar.gz: 2978eb2d8a20850a8f18a690062c8670121f5a41b28e303639ae6bab44ae1118
 SHA512:
-  metadata.gz: 95fa140ccdfe960cc997f2b16920ba438289973617610edfbc8664af233c9a28b006e90da2d0e3ad4ca446d885c95b26bc31c7e2850f63b13aee57a2a0781978
-  data.tar.gz: 03010621fb1aa3d314ca7f3c656ecba29bc9dc421b483ccfd05c12369ba04b932fea06a5a872bec19a0d1da1502b1911c536e3c0c458d3f1105c133fe17cc093
+  metadata.gz: dafe1abbf4cb6ef1e63d71e7f97d3d5bdb0e8f2af72682ae3ba6759fdc5569759b3b000c646ed417b1652b9081fb9ffe3a4a142dfdfed1057f1c73c0782e1fe9
+  data.tar.gz: b2911d1efe423c8dab7c7a850d783a34efb593c47163b5e409ad24a6866f09cb9f0e0aa29093128e8b97d808c09b1c0a7954e6fc5cf9d3d6c77771ce88160b2b

data/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Release history for google-apis-accesscontextmanager_v1
 
+### v0.10.0 (2021-12-10)
+
+* Regenerated from discovery document revision 20211203
+
 ### v0.9.0 (2021-10-20)
 
 * Unspecified changes

data/lib/google/apis/accesscontextmanager_v1/classes.rb

@@ -113,6 +113,21 @@ module Google
         # @return [String]
         attr_accessor :parent
       
+        # The scopes of a policy define which resources an ACM policy can restrict, and
+        # where ACM resources can be referenced. For example, a policy with scopes=["
+        # folders/123"] has the following behavior: - vpcsc perimeters can only restrict
+        # projects within folders/123 - access levels can only be referenced by
+        # resources within folders/123. If empty, there are no limitations on which
+        # resources can be restricted by an ACM policy, and there are no limitations on
+        # where ACM resources can be referenced. Only one policy can include a given
+        # scope (attempting to create a second policy which includes "folders/123" will
+        # result in an error). Currently, scopes cannot be modified after a policy is
+        # created. Currently, policies can only have a single scope. Format: list of `
+        # folders/`folder_number`` or `projects/`project_number``
+        # Corresponds to the JSON property `scopes`
+        # @return [Array<String>]
+        attr_accessor :scopes
+      
         # Required. Human readable title. Does not affect behavior.
         # Corresponds to the JSON property `title`
         # @return [String]
@@ -127,6 +142,7 @@ module Google
           @etag = args[:etag] if args.key?(:etag)
           @name = args[:name] if args.key?(:name)
           @parent = args[:parent] if args.key?(:parent)
+          @scopes = args[:scopes] if args.key?(:scopes)
           @title = args[:title] if args.key?(:title)
         end
       end
@@ -161,6 +177,77 @@ module Google
         end
       end
       
+      # Specifies the audit configuration for a service. The configuration determines
+      # which permission types are logged, and what identities, if any, are exempted
+      # from logging. An AuditConfig must have one or more AuditLogConfigs. If there
+      # are AuditConfigs for both `allServices` and a specific service, the union of
+      # the two AuditConfigs is used for that service: the log_types specified in each
+      # AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
+      # exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
+      # service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
+      # exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
+      # ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
+      # "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
+      # , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
+      # this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
+      # exempts jose@example.com from DATA_READ logging, and aliya@example.com from
+      # DATA_WRITE logging.
+      class AuditConfig
+        include Google::Apis::Core::Hashable
+      
+        # The configuration for logging of each type of permission.
+        # Corresponds to the JSON property `auditLogConfigs`
+        # @return [Array<Google::Apis::AccesscontextmanagerV1::AuditLogConfig>]
+        attr_accessor :audit_log_configs
+      
+        # Specifies a service that will be enabled for audit logging. For example, `
+        # storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
+        # value that covers all services.
+        # Corresponds to the JSON property `service`
+        # @return [String]
+        attr_accessor :service
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
+          @service = args[:service] if args.key?(:service)
+        end
+      end
+      
+      # Provides the configuration for logging a type of permissions. Example: ` "
+      # audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
+      # jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
+      # DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
+      # DATA_READ logging.
+      class AuditLogConfig
+        include Google::Apis::Core::Hashable
+      
+        # Specifies the identities that do not cause logging for this type of permission.
+        # Follows the same format of Binding.members.
+        # Corresponds to the JSON property `exemptedMembers`
+        # @return [Array<String>]
+        attr_accessor :exempted_members
+      
+        # The log type that this config enables.
+        # Corresponds to the JSON property `logType`
+        # @return [String]
+        attr_accessor :log_type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @exempted_members = args[:exempted_members] if args.key?(:exempted_members)
+          @log_type = args[:log_type] if args.key?(:log_type)
+        end
+      end
+      
       # `BasicLevel` is an `AccessLevel` using a set of recommended features.
       class BasicLevel
         include Google::Apis::Core::Hashable
@@ -190,6 +277,77 @@ module Google
         end
       end
       
+      # Associates `members`, or principals, with a `role`.
+      class Binding
+        include Google::Apis::Core::Hashable
+      
+        # Represents a textual expression in the Common Expression Language (CEL) syntax.
+        # CEL is a C-like expression language. The syntax and semantics of CEL are
+        # documented at https://github.com/google/cel-spec. Example (Comparison): title:
+        # "Summary size limit" description: "Determines if a summary is less than 100
+        # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
+        # Requestor is owner" description: "Determines if requestor is the document
+        # owner" expression: "document.owner == request.auth.claims.email" Example (
+        # Logic): title: "Public documents" description: "Determine whether the document
+        # should be publicly visible" expression: "document.type != 'private' &&
+        # document.type != 'internal'" Example (Data Manipulation): title: "Notification
+        # string" description: "Create a notification string with a timestamp."
+        # expression: "'New message received at ' + string(document.create_time)" The
+        # exact variables and functions that may be referenced within an expression are
+        # determined by the service that evaluates it. See the service documentation for
+        # additional information.
+        # Corresponds to the JSON property `condition`
+        # @return [Google::Apis::AccesscontextmanagerV1::Expr]
+        attr_accessor :condition
+      
+        # Specifies the principals requesting access for a Cloud Platform resource. `
+        # members` can have the following values: * `allUsers`: A special identifier
+        # that represents anyone who is on the internet; with or without a Google
+        # account. * `allAuthenticatedUsers`: A special identifier that represents
+        # anyone who is authenticated with a Google account or a service account. * `
+        # user:`emailid``: An email address that represents a specific Google account.
+        # For example, `alice@example.com` . * `serviceAccount:`emailid``: An email
+        # address that represents a service account. For example, `my-other-app@appspot.
+        # gserviceaccount.com`. * `group:`emailid``: An email address that represents a
+        # Google group. For example, `admins@example.com`. * `deleted:user:`emailid`?uid=
+        # `uniqueid``: An email address (plus unique identifier) representing a user
+        # that has been recently deleted. For example, `alice@example.com?uid=
+        # 123456789012345678901`. If the user is recovered, this value reverts to `user:`
+        # emailid`` and the recovered user retains the role in the binding. * `deleted:
+        # serviceAccount:`emailid`?uid=`uniqueid``: An email address (plus unique
+        # identifier) representing a service account that has been recently deleted. For
+        # example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
+        # If the service account is undeleted, this value reverts to `serviceAccount:`
+        # emailid`` and the undeleted service account retains the role in the binding. *
+        # `deleted:group:`emailid`?uid=`uniqueid``: An email address (plus unique
+        # identifier) representing a Google group that has been recently deleted. For
+        # example, `admins@example.com?uid=123456789012345678901`. If the group is
+        # recovered, this value reverts to `group:`emailid`` and the recovered group
+        # retains the role in the binding. * `domain:`domain``: The G Suite domain (
+        # primary) that represents all the users of that domain. For example, `google.
+        # com` or `example.com`.
+        # Corresponds to the JSON property `members`
+        # @return [Array<String>]
+        attr_accessor :members
+      
+        # Role that is assigned to the list of `members`, or principals. For example, `
+        # roles/viewer`, `roles/editor`, or `roles/owner`.
+        # Corresponds to the JSON property `role`
+        # @return [String]
+        attr_accessor :role
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @condition = args[:condition] if args.key?(:condition)
+          @members = args[:members] if args.key?(:members)
+          @role = args[:role] if args.key?(:role)
+        end
+      end
+      
       # The request message for Operations.CancelOperation.
       class CancelOperationRequest
         include Google::Apis::Core::Hashable
@@ -663,6 +821,53 @@ module Google
         end
       end
       
+      # Request message for `GetIamPolicy` method.
+      class GetIamPolicyRequest
+        include Google::Apis::Core::Hashable
+      
+        # Encapsulates settings provided to GetIamPolicy.
+        # Corresponds to the JSON property `options`
+        # @return [Google::Apis::AccesscontextmanagerV1::GetPolicyOptions]
+        attr_accessor :options
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @options = args[:options] if args.key?(:options)
+        end
+      end
+      
+      # Encapsulates settings provided to GetIamPolicy.
+      class GetPolicyOptions
+        include Google::Apis::Core::Hashable
+      
+        # Optional. The maximum policy version that will be used to format the policy.
+        # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+        # rejected. Requests for policies with any conditional role bindings must
+        # specify version 3. Policies with no conditional role bindings may specify any
+        # valid value or leave the field unset. The policy in the response might use the
+        # policy version that you specified, or it might use a lower policy version. For
+        # example, if you specify version 3, but the policy has no conditional role
+        # bindings, the response uses version 1. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies).
+        # Corresponds to the JSON property `requestedPolicyVersion`
+        # @return [Fixnum]
+        attr_accessor :requested_policy_version
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @requested_policy_version = args[:requested_policy_version] if args.key?(:requested_policy_version)
+        end
+      end
+      
       # Defines the conditions under which an IngressPolicy matches a request.
       # Conditions are based on information about the source of the request. The
       # request must satisfy what is defined in `sources` AND identity related fields
@@ -1065,6 +1270,101 @@ module Google
         end
       end
       
+      # An Identity and Access Management (IAM) policy, which specifies access
+      # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
+      # A `binding` binds one or more `members`, or principals, to a single `role`.
+      # Principals can be user accounts, service accounts, Google groups, and domains (
+      # such as G Suite). A `role` is a named list of permissions; each `role` can be
+      # an IAM predefined role or a user-created custom role. For some types of Google
+      # Cloud resources, a `binding` can also specify a `condition`, which is a
+      # logical expression that allows access to a resource only if the expression
+      # evaluates to `true`. A condition can add constraints based on attributes of
+      # the request, the resource, or both. To learn which resources support
+      # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+      # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+      # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+      # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+      # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+      # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+      # ], "condition": ` "title": "expirable access", "description": "Does not grant
+      # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+      # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+      # bindings: - members: - user:mike@example.com - group:admins@example.com -
+      # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+      # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+      # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+      # access description: Does not grant access after Sep 2020 expression: request.
+      # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+      # a description of IAM and its features, see the [IAM documentation](https://
+      # cloud.google.com/iam/docs/).
+      class Policy
+        include Google::Apis::Core::Hashable
+      
+        # Specifies cloud audit logging configuration for this policy.
+        # Corresponds to the JSON property `auditConfigs`
+        # @return [Array<Google::Apis::AccesscontextmanagerV1::AuditConfig>]
+        attr_accessor :audit_configs
+      
+        # Associates a list of `members`, or principals, with a `role`. Optionally, may
+        # specify a `condition` that determines how and when the `bindings` are applied.
+        # Each of the `bindings` must contain at least one principal. The `bindings` in
+        # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
+        # can be Google groups. Each occurrence of a principal counts towards these
+        # limits. For example, if the `bindings` grant 50 different roles to `user:alice@
+        # example.com`, and not to any other principal, then you can add another 1,450
+        # principals to the `bindings` in the `Policy`.
+        # Corresponds to the JSON property `bindings`
+        # @return [Array<Google::Apis::AccesscontextmanagerV1::Binding>]
+        attr_accessor :bindings
+      
+        # `etag` is used for optimistic concurrency control as a way to help prevent
+        # simultaneous updates of a policy from overwriting each other. It is strongly
+        # suggested that systems make use of the `etag` in the read-modify-write cycle
+        # to perform policy updates in order to avoid race conditions: An `etag` is
+        # returned in the response to `getIamPolicy`, and systems are expected to put
+        # that etag in the request to `setIamPolicy` to ensure that their change will be
+        # applied to the same version of the policy. **Important:** If you use IAM
+        # Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
+        # If you omit this field, then IAM allows you to overwrite a version `3` policy
+        # with a version `1` policy, and all of the conditions in the version `3` policy
+        # are lost.
+        # Corresponds to the JSON property `etag`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :etag
+      
+        # Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
+        # Requests that specify an invalid value are rejected. Any operation that
+        # affects conditional role bindings must specify version `3`. This requirement
+        # applies to the following operations: * Getting a policy that includes a
+        # conditional role binding * Adding a conditional role binding to a policy *
+        # Changing a conditional role binding in a policy * Removing any role binding,
+        # with or without a condition, from a policy that includes conditions **
+        # Important:** If you use IAM Conditions, you must include the `etag` field
+        # whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
+        # to overwrite a version `3` policy with a version `1` policy, and all of the
+        # conditions in the version `3` policy are lost. If a policy does not include
+        # any conditions, operations on that policy may specify any valid version or
+        # leave the field unset. To learn which resources support conditions in their
+        # IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
+        # conditions/resource-policies).
+        # Corresponds to the JSON property `version`
+        # @return [Fixnum]
+        attr_accessor :version
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @audit_configs = args[:audit_configs] if args.key?(:audit_configs)
+          @bindings = args[:bindings] if args.key?(:bindings)
+          @etag = args[:etag] if args.key?(:etag)
+          @version = args[:version] if args.key?(:version)
+        end
+      end
+      
       # A request to replace all existing Access Levels in an Access Policy with the
       # Access Levels provided. This is done atomically.
       class ReplaceAccessLevelsRequest
@@ -1312,6 +1612,59 @@ module Google
         end
       end
       
+      # Request message for `SetIamPolicy` method.
+      class SetIamPolicyRequest
+        include Google::Apis::Core::Hashable
+      
+        # An Identity and Access Management (IAM) policy, which specifies access
+        # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
+        # A `binding` binds one or more `members`, or principals, to a single `role`.
+        # Principals can be user accounts, service accounts, Google groups, and domains (
+        # such as G Suite). A `role` is a named list of permissions; each `role` can be
+        # an IAM predefined role or a user-created custom role. For some types of Google
+        # Cloud resources, a `binding` can also specify a `condition`, which is a
+        # logical expression that allows access to a resource only if the expression
+        # evaluates to `true`. A condition can add constraints based on attributes of
+        # the request, the resource, or both. To learn which resources support
+        # conditions in their IAM policies, see the [IAM documentation](https://cloud.
+        # google.com/iam/help/conditions/resource-policies). **JSON example:** ` "
+        # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
+        # "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
+        # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
+        # ], "condition": ` "title": "expirable access", "description": "Does not grant
+        # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
+        # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:**
+        # bindings: - members: - user:mike@example.com - group:admins@example.com -
+        # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
+        # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.
+        # com role: roles/resourcemanager.organizationViewer condition: title: expirable
+        # access description: Does not grant access after Sep 2020 expression: request.
+        # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For
+        # a description of IAM and its features, see the [IAM documentation](https://
+        # cloud.google.com/iam/docs/).
+        # Corresponds to the JSON property `policy`
+        # @return [Google::Apis::AccesscontextmanagerV1::Policy]
+        attr_accessor :policy
+      
+        # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+        # the fields in the mask will be modified. If no mask is provided, the following
+        # default mask is used: `paths: "bindings, etag"`
+        # Corresponds to the JSON property `updateMask`
+        # @return [String]
+        attr_accessor :update_mask
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @policy = args[:policy] if args.key?(:policy)
+          @update_mask = args[:update_mask] if args.key?(:update_mask)
+        end
+      end
+      
       # The `Status` type defines a logical error model that is suitable for different
       # programming environments, including REST APIs and RPC APIs. It is used by [
       # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
@@ -1351,6 +1704,46 @@ module Google
         end
       end
       
+      # Request message for `TestIamPermissions` method.
+      class TestIamPermissionsRequest
+        include Google::Apis::Core::Hashable
+      
+        # The set of permissions to check for the `resource`. Permissions with wildcards
+        # (such as '*' or 'storage.*') are not allowed. For more information see [IAM
+        # Overview](https://cloud.google.com/iam/docs/overview#permissions).
+        # Corresponds to the JSON property `permissions`
+        # @return [Array<String>]
+        attr_accessor :permissions
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @permissions = args[:permissions] if args.key?(:permissions)
+        end
+      end
+      
+      # Response message for `TestIamPermissions` method.
+      class TestIamPermissionsResponse
+        include Google::Apis::Core::Hashable
+      
+        # A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
+        # Corresponds to the JSON property `permissions`
+        # @return [Array<String>]
+        attr_accessor :permissions
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @permissions = args[:permissions] if args.key?(:permissions)
+        end
+      end
+      
       # Specifies how APIs are allowed to communicate within the Service Perimeter.
       class VpcAccessibleServices
         include Google::Apis::Core::Hashable

data/lib/google/apis/accesscontextmanager_v1/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module AccesscontextmanagerV1
       # Version of the google-apis-accesscontextmanager_v1 gem
-      GEM_VERSION = "0.9.0"
+      GEM_VERSION = "0.10.0"
 
       # Version of the code generator used to generate this client
       GENERATOR_VERSION = "0.4.0"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20210814"
+      REVISION = "20211203"
     end
   end
 end

data/lib/google/apis/accesscontextmanager_v1/representations.rb

@@ -46,12 +46,30 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class AuditConfig
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class AuditLogConfig
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class BasicLevel
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class Binding
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class CancelOperationRequest
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -130,6 +148,18 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class GetIamPolicyRequest
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class GetPolicyOptions
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class IngressFrom
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -202,6 +232,12 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class Policy
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class ReplaceAccessLevelsRequest
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -238,12 +274,30 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class SetIamPolicyRequest
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class Status
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class TestIamPermissionsRequest
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class TestIamPermissionsResponse
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class VpcAccessibleServices
         class Representation < Google::Apis::Core::JsonRepresentation; end
       
@@ -275,6 +329,7 @@ module Google
           property :etag, as: 'etag'
           property :name, as: 'name'
           property :parent, as: 'parent'
+          collection :scopes, as: 'scopes'
           property :title, as: 'title'
         end
       end
@@ -288,6 +343,23 @@ module Google
         end
       end
       
+      class AuditConfig
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :audit_log_configs, as: 'auditLogConfigs', class: Google::Apis::AccesscontextmanagerV1::AuditLogConfig, decorator: Google::Apis::AccesscontextmanagerV1::AuditLogConfig::Representation
+      
+          property :service, as: 'service'
+        end
+      end
+      
+      class AuditLogConfig
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :exempted_members, as: 'exemptedMembers'
+          property :log_type, as: 'logType'
+        end
+      end
+      
       class BasicLevel
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -297,6 +369,16 @@ module Google
         end
       end
       
+      class Binding
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :condition, as: 'condition', class: Google::Apis::AccesscontextmanagerV1::Expr, decorator: Google::Apis::AccesscontextmanagerV1::Expr::Representation
+      
+          collection :members, as: 'members'
+          property :role, as: 'role'
+        end
+      end
+      
       class CancelOperationRequest
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -410,6 +492,21 @@ module Google
         end
       end
       
+      class GetIamPolicyRequest
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :options, as: 'options', class: Google::Apis::AccesscontextmanagerV1::GetPolicyOptions, decorator: Google::Apis::AccesscontextmanagerV1::GetPolicyOptions::Representation
+      
+        end
+      end
+      
+      class GetPolicyOptions
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :requested_policy_version, as: 'requestedPolicyVersion'
+        end
+      end
+      
       class IngressFrom
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -521,6 +618,18 @@ module Google
         end
       end
       
+      class Policy
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :audit_configs, as: 'auditConfigs', class: Google::Apis::AccesscontextmanagerV1::AuditConfig, decorator: Google::Apis::AccesscontextmanagerV1::AuditConfig::Representation
+      
+          collection :bindings, as: 'bindings', class: Google::Apis::AccesscontextmanagerV1::Binding, decorator: Google::Apis::AccesscontextmanagerV1::Binding::Representation
+      
+          property :etag, :base64 => true, as: 'etag'
+          property :version, as: 'version'
+        end
+      end
+      
       class ReplaceAccessLevelsRequest
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -585,6 +694,15 @@ module Google
         end
       end
       
+      class SetIamPolicyRequest
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :policy, as: 'policy', class: Google::Apis::AccesscontextmanagerV1::Policy, decorator: Google::Apis::AccesscontextmanagerV1::Policy::Representation
+      
+          property :update_mask, as: 'updateMask'
+        end
+      end
+      
       class Status
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -594,6 +712,20 @@ module Google
         end
       end
       
+      class TestIamPermissionsRequest
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :permissions, as: 'permissions'
+        end
+      end
+      
+      class TestIamPermissionsResponse
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          collection :permissions, as: 'permissions'
+        end
+      end
+      
       class VpcAccessibleServices
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation

data/lib/google/apis/accesscontextmanager_v1/service.rb

@@ -49,10 +49,10 @@ module Google
           @batch_path = 'batch'
         end
         
-        # Create an `AccessPolicy`. Fails if this organization already has a `
-        # AccessPolicy`. The longrunning Operation will have a successful status once
-        # the `AccessPolicy` has propagated to long-lasting storage. Syntactic and basic
-        # semantic errors will be returned in `metadata` as a BadRequest proto.
+        # Creates an access policy. This method fails if the organization already has an
+        # access policy. The long-running operation has a successful status after the
+        # access policy propagates to long-lasting storage. Syntactic and basic semantic
+        # errors are returned in `metadata` as a BadRequest proto.
         # @param [Google::Apis::AccesscontextmanagerV1::AccessPolicy] access_policy_object
         # @param [String] fields
         #   Selector specifying which fields to include in a partial response.
@@ -82,9 +82,9 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Delete an AccessPolicy by resource name. The longrunning Operation will have a
-        # successful status once the AccessPolicy has been removed from long-lasting
-        # storage.
+        # Deletes an access policy based on the resource name. The long-running
+        # operation has a successful status after the access policy is removed from long-
+        # lasting storage.
         # @param [String] name
         #   Required. Resource name for the access policy to delete. Format `
         #   accessPolicies/`policy_id``
@@ -115,7 +115,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Get an AccessPolicy by name.
+        # Returns an access policy based on the name.
         # @param [String] name
         #   Required. Resource name for the access policy to get. Format `accessPolicies/`
         #   policy_id``
@@ -146,7 +146,41 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # List all AccessPolicies under a container.
+        # Gets the IAM policy for the specified Access Context Manager access policy.
+        # @param [String] resource
+        #   REQUIRED: The resource for which the policy is being requested. See the
+        #   operation documentation for the appropriate value for this field.
+        # @param [Google::Apis::AccesscontextmanagerV1::GetIamPolicyRequest] get_iam_policy_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::AccesscontextmanagerV1::Policy] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::AccesscontextmanagerV1::Policy]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def get_access_policy_iam_policy(resource, get_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options)
+          command.request_representation = Google::Apis::AccesscontextmanagerV1::GetIamPolicyRequest::Representation
+          command.request_object = get_iam_policy_request_object
+          command.response_representation = Google::Apis::AccesscontextmanagerV1::Policy::Representation
+          command.response_class = Google::Apis::AccesscontextmanagerV1::Policy
+          command.params['resource'] = resource unless resource.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Lists all access policies in an organization.
         # @param [Fixnum] page_size
         #   Number of AccessPolicy instances to include in the list. Default 100.
         # @param [String] page_token
@@ -184,10 +218,9 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Update an AccessPolicy. The longrunning Operation from this RPC will have a
-        # successful status once the changes to the AccessPolicy have propagated to long-
-        # lasting storage. Syntactic and basic semantic errors will be returned in `
-        # metadata` as a BadRequest proto.
+        # Updates an access policy. The long-running operation from this RPC has a
+        # successful status after the changes to the access policy propagate to long-
+        # lasting storage.
         # @param [String] name
         #   Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/`
         #   access_policy``
@@ -224,10 +257,83 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Create an Access Level. The longrunning operation from this RPC will have a
-        # successful status once the Access Level has propagated to long-lasting storage.
-        # Access Levels containing errors will result in an error response for the
-        # first error encountered.
+        # Sets the IAM policy for the specified Access Context Manager access policy.
+        # This method replaces the existing IAM policy on the access policy. The IAM
+        # policy controls the set of users who can perform specific operations on the
+        # Access Context Manager access policy.
+        # @param [String] resource
+        #   REQUIRED: The resource for which the policy is being specified. See the
+        #   operation documentation for the appropriate value for this field.
+        # @param [Google::Apis::AccesscontextmanagerV1::SetIamPolicyRequest] set_iam_policy_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::AccesscontextmanagerV1::Policy] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::AccesscontextmanagerV1::Policy]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def set_access_policy_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options)
+          command.request_representation = Google::Apis::AccesscontextmanagerV1::SetIamPolicyRequest::Representation
+          command.request_object = set_iam_policy_request_object
+          command.response_representation = Google::Apis::AccesscontextmanagerV1::Policy::Representation
+          command.response_class = Google::Apis::AccesscontextmanagerV1::Policy
+          command.params['resource'] = resource unless resource.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Returns the IAM permissions that the caller has on the specified Access
+        # Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or
+        # ServicePerimeter. This method does not support other resources.
+        # @param [String] resource
+        #   REQUIRED: The resource for which the policy detail is being requested. See the
+        #   operation documentation for the appropriate value for this field.
+        # @param [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsRequest] test_iam_permissions_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def test_access_policy_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
+          command.request_representation = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsRequest::Representation
+          command.request_object = test_iam_permissions_request_object
+          command.response_representation = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse::Representation
+          command.response_class = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse
+          command.params['resource'] = resource unless resource.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Creates an access level. The long-running operation from this RPC has a
+        # successful status after the access level propagates to long-lasting storage.
+        # If access levels contain errors, an error response is returned for the first
+        # error encountered.
         # @param [String] parent
         #   Required. Resource name for the access policy which owns this Access Level.
         #   Format: `accessPolicies/`policy_id``
@@ -261,9 +367,9 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Delete an Access Level by resource name. The longrunning operation from this
-        # RPC will have a successful status once the Access Level has been removed from
-        # long-lasting storage.
+        # Deletes an access level based on the resource name. The long-running operation
+        # from this RPC has a successful status after the access level has been removed
+        # from long-lasting storage.
         # @param [String] name
         #   Required. Resource name for the Access Level. Format: `accessPolicies/`
         #   policy_id`/accessLevels/`access_level_id``
@@ -294,7 +400,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Get an Access Level by resource name.
+        # Gets an access level based on the resource name.
         # @param [String] name
         #   Required. Resource name for the Access Level. Format: `accessPolicies/`
         #   policy_id`/accessLevels/`access_level_id``
@@ -332,7 +438,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # List all Access Levels for an access policy.
+        # Lists all access levels for an access policy.
         # @param [String] parent
         #   Required. Resource name for the access policy to list Access Levels from.
         #   Format: `accessPolicies/`policy_id``
@@ -375,10 +481,10 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Update an Access Level. The longrunning operation from this RPC will have a
-        # successful status once the changes to the Access Level have propagated to long-
-        # lasting storage. Access Levels containing errors will result in an error
-        # response for the first error encountered.
+        # Updates an access level. The long-running operation from this RPC has a
+        # successful status after the changes to the access level propagate to long-
+        # lasting storage. If access levels contain errors, an error response is
+        # returned for the first error encountered.
         # @param [String] name
         #   Required. Resource name for the Access Level. The `short_name` component must
         #   begin with a letter and only include alphanumeric and '_'. Format: `
@@ -417,14 +523,14 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Replace all existing Access Levels in an Access Policy with the Access Levels
-        # provided. This is done atomically. The longrunning operation from this RPC
-        # will have a successful status once all replacements have propagated to long-
-        # lasting storage. Replacements containing errors will result in an error
-        # response for the first error encountered. Replacement will be cancelled on
-        # error, existing Access Levels will not be affected. Operation.response field
-        # will contain ReplaceAccessLevelsResponse. Removing Access Levels contained in
-        # existing Service Perimeters will result in error.
+        # Replaces all existing access levels in an access policy with the access levels
+        # provided. This is done atomically. The long-running operation from this RPC
+        # has a successful status after all replacements propagate to long-lasting
+        # storage. If the replacement contains errors, an error response is returned for
+        # the first error encountered. Upon error, the replacement is cancelled, and
+        # existing access levels are not affected. The Operation.response field contains
+        # ReplaceAccessLevelsResponse. Removing access levels contained in existing
+        # service perimeters result in an error.
         # @param [String] parent
         #   Required. Resource name for the access policy which owns these Access Levels.
         #   Format: `accessPolicies/`policy_id``
@@ -458,16 +564,52 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Commit the dry-run spec for all the Service Perimeters in an Access Policy. A
-        # commit operation on a Service Perimeter involves copying its `spec` field to
-        # that Service Perimeter's `status` field. Only Service Perimeters with `
-        # use_explicit_dry_run_spec` field set to true are affected by a commit
-        # operation. The longrunning operation from this RPC will have a successful
-        # status once the dry-run specs for all the Service Perimeters have been
-        # committed. If a commit fails, it will cause the longrunning operation to
-        # return an error response and the entire commit operation will be cancelled.
-        # When successful, Operation.response field will contain
-        # CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will be
+        # Returns the IAM permissions that the caller has on the specified Access
+        # Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or
+        # ServicePerimeter. This method does not support other resources.
+        # @param [String] resource
+        #   REQUIRED: The resource for which the policy detail is being requested. See the
+        #   operation documentation for the appropriate value for this field.
+        # @param [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsRequest] test_iam_permissions_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def test_access_level_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
+          command.request_representation = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsRequest::Representation
+          command.request_object = test_iam_permissions_request_object
+          command.response_representation = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse::Representation
+          command.response_class = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse
+          command.params['resource'] = resource unless resource.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
+        # Commits the dry-run specification for all the service perimeters in an access
+        # policy. A commit operation on a service perimeter involves copying its `spec`
+        # field to the `status` field of the service perimeter. Only service perimeters
+        # with `use_explicit_dry_run_spec` field set to true are affected by a commit
+        # operation. The long-running operation from this RPC has a successful status
+        # after the dry-run specifications for all the service perimeters have been
+        # committed. If a commit fails, it causes the long-running operation to return
+        # an error response and the entire commit operation is cancelled. When
+        # successful, the Operation.response field contains
+        # CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
         # cleared after a successful commit operation.
         # @param [String] parent
         #   Required. Resource name for the parent Access Policy which owns all Service
@@ -503,9 +645,9 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Create a Service Perimeter. The longrunning operation from this RPC will have
-        # a successful status once the Service Perimeter has propagated to long-lasting
-        # storage. Service Perimeters containing errors will result in an error response
+        # Creates a service perimeter. The long-running operation from this RPC has a
+        # successful status after the service perimeter propagates to long-lasting
+        # storage. If a service perimeter contains errors, an error response is returned
         # for the first error encountered.
         # @param [String] parent
         #   Required. Resource name for the access policy which owns this Service
@@ -540,8 +682,8 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Delete a Service Perimeter by resource name. The longrunning operation from
-        # this RPC will have a successful status once the Service Perimeter has been
+        # Deletes a service perimeter based on the resource name. The long-running
+        # operation from this RPC has a successful status after the service perimeter is
         # removed from long-lasting storage.
         # @param [String] name
         #   Required. Resource name for the Service Perimeter. Format: `accessPolicies/`
@@ -573,7 +715,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Get a Service Perimeter by resource name.
+        # Gets a service perimeter based on the resource name.
         # @param [String] name
         #   Required. Resource name for the Service Perimeter. Format: `accessPolicies/`
         #   policy_id`/servicePerimeters/`service_perimeters_id``
@@ -604,7 +746,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # List all Service Perimeters for an access policy.
+        # Lists all service perimeters for an access policy.
         # @param [String] parent
         #   Required. Resource name for the access policy to list Service Perimeters from.
         #   Format: `accessPolicies/`policy_id``
@@ -642,10 +784,10 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Update a Service Perimeter. The longrunning operation from this RPC will have
-        # a successful status once the changes to the Service Perimeter have propagated
-        # to long-lasting storage. Service Perimeter containing errors will result in an
-        # error response for the first error encountered.
+        # Updates a service perimeter. The long-running operation from this RPC has a
+        # successful status after the service perimeter propagates to long-lasting
+        # storage. If a service perimeter contains errors, an error response is returned
+        # for the first error encountered.
         # @param [String] name
         #   Required. Resource name for the ServicePerimeter. The `short_name` component
         #   must begin with a letter and only include alphanumeric and '_'. Format: `
@@ -683,13 +825,13 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Replace all existing Service Perimeters in an Access Policy with the Service
-        # Perimeters provided. This is done atomically. The longrunning operation from
-        # this RPC will have a successful status once all replacements have propagated
-        # to long-lasting storage. Replacements containing errors will result in an
-        # error response for the first error encountered. Replacement will be cancelled
-        # on error, existing Service Perimeters will not be affected. Operation.response
-        # field will contain ReplaceServicePerimetersResponse.
+        # Replace all existing service perimeters in an access policy with the service
+        # perimeters provided. This is done atomically. The long-running operation from
+        # this RPC has a successful status after all replacements propagate to long-
+        # lasting storage. Replacements containing errors result in an error response
+        # for the first error encountered. Upon an error, replacement are cancelled and
+        # existing service perimeters are not affected. The Operation.response field
+        # contains ReplaceServicePerimetersResponse.
         # @param [String] parent
         #   Required. Resource name for the access policy which owns these Service
         #   Perimeters. Format: `accessPolicies/`policy_id``
@@ -723,6 +865,42 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
+        # Returns the IAM permissions that the caller has on the specified Access
+        # Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or
+        # ServicePerimeter. This method does not support other resources.
+        # @param [String] resource
+        #   REQUIRED: The resource for which the policy detail is being requested. See the
+        #   operation documentation for the appropriate value for this field.
+        # @param [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsRequest] test_iam_permissions_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def test_service_perimeter_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options)
+          command.request_representation = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsRequest::Representation
+          command.request_object = test_iam_permissions_request_object
+          command.response_representation = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse::Representation
+          command.response_class = Google::Apis::AccesscontextmanagerV1::TestIamPermissionsResponse
+          command.params['resource'] = resource unless resource.nil?
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
         # Starts asynchronous cancellation on a long-running operation. The server makes
         # a best effort to cancel the operation, but success is not guaranteed. If the
         # server doesn't support this method, it returns `google.rpc.Code.UNIMPLEMENTED`.
@@ -874,7 +1052,7 @@ module Google
         end
         
         # Creates a GcpUserAccessBinding. If the client specifies a name, the server
-        # will ignore it. Fails if a resource already exists with the same group_key.
+        # ignores it. Fails if a resource already exists with the same group_key.
         # Completion of this long-running operation does not necessarily signify that
         # the new binding is deployed onto all affected users, which may take more time.
         # @param [String] parent

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-apis-accesscontextmanager_v1
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.10.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-10-27 00:00:00.000000000 Z
+date: 2021-12-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-core
@@ -58,7 +58,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
   changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-accesscontextmanager_v1/CHANGELOG.md
-  documentation_uri: https://googleapis.dev/ruby/google-apis-accesscontextmanager_v1/v0.9.0
+  documentation_uri: https://googleapis.dev/ruby/google-apis-accesscontextmanager_v1/v0.10.0
   source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-accesscontextmanager_v1
 post_install_message: 
 rdoc_options: []