google-apis-bigqueryconnection_v1 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.yardopts +13 -0
- data/CHANGELOG.md +7 -0
- data/LICENSE.md +202 -0
- data/OVERVIEW.md +96 -0
- data/lib/google/apis/bigqueryconnection_v1/classes.rb +1006 -0
- data/lib/google/apis/bigqueryconnection_v1/gem_version.rb +28 -0
- data/lib/google/apis/bigqueryconnection_v1/representations.rb +401 -0
- data/lib/google/apis/bigqueryconnection_v1/service.rb +349 -0
- data/lib/google/apis/bigqueryconnection_v1.rb +39 -0
- data/lib/google-apis-bigqueryconnection_v1.rb +15 -0
- metadata +82 -0
@@ -0,0 +1,1006 @@
|
|
1
|
+
# Copyright 2020 Google LLC
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'date'
|
16
|
+
require 'google/apis/core/base_service'
|
17
|
+
require 'google/apis/core/json_representation'
|
18
|
+
require 'google/apis/core/hashable'
|
19
|
+
require 'google/apis/errors'
|
20
|
+
|
21
|
+
module Google
|
22
|
+
module Apis
|
23
|
+
module BigqueryconnectionV1
|
24
|
+
|
25
|
+
# Specifies the audit configuration for a service. The configuration determines
|
26
|
+
# which permission types are logged, and what identities, if any, are exempted
|
27
|
+
# from logging. An AuditConfig must have one or more AuditLogConfigs. If there
|
28
|
+
# are AuditConfigs for both `allServices` and a specific service, the union of
|
29
|
+
# the two AuditConfigs is used for that service: the log_types specified in each
|
30
|
+
# AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
|
31
|
+
# exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
|
32
|
+
# service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
|
33
|
+
# exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
|
34
|
+
# ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
|
35
|
+
# "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
|
36
|
+
# , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
|
37
|
+
# this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
|
38
|
+
# exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com`
|
39
|
+
# from DATA_WRITE logging.
|
40
|
+
class AuditConfig
|
41
|
+
include Google::Apis::Core::Hashable
|
42
|
+
|
43
|
+
# The configuration for logging of each type of permission.
|
44
|
+
# Corresponds to the JSON property `auditLogConfigs`
|
45
|
+
# @return [Array<Google::Apis::BigqueryconnectionV1::AuditLogConfig>]
|
46
|
+
attr_accessor :audit_log_configs
|
47
|
+
|
48
|
+
# Specifies a service that will be enabled for audit logging. For example, `
|
49
|
+
# storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
|
50
|
+
# value that covers all services.
|
51
|
+
# Corresponds to the JSON property `service`
|
52
|
+
# @return [String]
|
53
|
+
attr_accessor :service
|
54
|
+
|
55
|
+
def initialize(**args)
|
56
|
+
update!(**args)
|
57
|
+
end
|
58
|
+
|
59
|
+
# Update properties of this object
|
60
|
+
def update!(**args)
|
61
|
+
@audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
|
62
|
+
@service = args[:service] if args.key?(:service)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
# Provides the configuration for logging a type of permissions. Example: ` "
|
67
|
+
# audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
|
68
|
+
# jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
|
69
|
+
# DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
|
70
|
+
# DATA_READ logging.
|
71
|
+
class AuditLogConfig
|
72
|
+
include Google::Apis::Core::Hashable
|
73
|
+
|
74
|
+
# Specifies the identities that do not cause logging for this type of permission.
|
75
|
+
# Follows the same format of Binding.members.
|
76
|
+
# Corresponds to the JSON property `exemptedMembers`
|
77
|
+
# @return [Array<String>]
|
78
|
+
attr_accessor :exempted_members
|
79
|
+
|
80
|
+
# The log type that this config enables.
|
81
|
+
# Corresponds to the JSON property `logType`
|
82
|
+
# @return [String]
|
83
|
+
attr_accessor :log_type
|
84
|
+
|
85
|
+
def initialize(**args)
|
86
|
+
update!(**args)
|
87
|
+
end
|
88
|
+
|
89
|
+
# Update properties of this object
|
90
|
+
def update!(**args)
|
91
|
+
@exempted_members = args[:exempted_members] if args.key?(:exempted_members)
|
92
|
+
@log_type = args[:log_type] if args.key?(:log_type)
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
# Authentication method for Amazon Web Services (AWS) that uses Google owned
|
97
|
+
# Google service account to assume into customer's AWS IAM Role.
|
98
|
+
class AwsAccessRole
|
99
|
+
include Google::Apis::Core::Hashable
|
100
|
+
|
101
|
+
# The user’s AWS IAM Role that trusts the Google-owned AWS IAM user Connection.
|
102
|
+
# Corresponds to the JSON property `iamRoleId`
|
103
|
+
# @return [String]
|
104
|
+
attr_accessor :iam_role_id
|
105
|
+
|
106
|
+
# A unique Google-owned and Google-generated identity for the Connection. This
|
107
|
+
# identity will be used to access the user's AWS IAM Role.
|
108
|
+
# Corresponds to the JSON property `identity`
|
109
|
+
# @return [String]
|
110
|
+
attr_accessor :identity
|
111
|
+
|
112
|
+
def initialize(**args)
|
113
|
+
update!(**args)
|
114
|
+
end
|
115
|
+
|
116
|
+
# Update properties of this object
|
117
|
+
def update!(**args)
|
118
|
+
@iam_role_id = args[:iam_role_id] if args.key?(:iam_role_id)
|
119
|
+
@identity = args[:identity] if args.key?(:identity)
|
120
|
+
end
|
121
|
+
end
|
122
|
+
|
123
|
+
# Connection properties specific to Amazon Web Services (AWS).
|
124
|
+
class AwsProperties
|
125
|
+
include Google::Apis::Core::Hashable
|
126
|
+
|
127
|
+
# Authentication method for Amazon Web Services (AWS) that uses Google owned
|
128
|
+
# Google service account to assume into customer's AWS IAM Role.
|
129
|
+
# Corresponds to the JSON property `accessRole`
|
130
|
+
# @return [Google::Apis::BigqueryconnectionV1::AwsAccessRole]
|
131
|
+
attr_accessor :access_role
|
132
|
+
|
133
|
+
def initialize(**args)
|
134
|
+
update!(**args)
|
135
|
+
end
|
136
|
+
|
137
|
+
# Update properties of this object
|
138
|
+
def update!(**args)
|
139
|
+
@access_role = args[:access_role] if args.key?(:access_role)
|
140
|
+
end
|
141
|
+
end
|
142
|
+
|
143
|
+
# Container for connection properties specific to Azure.
|
144
|
+
class AzureProperties
|
145
|
+
include Google::Apis::Core::Hashable
|
146
|
+
|
147
|
+
# Output only. The name of the Azure Active Directory Application.
|
148
|
+
# Corresponds to the JSON property `application`
|
149
|
+
# @return [String]
|
150
|
+
attr_accessor :application
|
151
|
+
|
152
|
+
# Output only. The client id of the Azure Active Directory Application.
|
153
|
+
# Corresponds to the JSON property `clientId`
|
154
|
+
# @return [String]
|
155
|
+
attr_accessor :client_id
|
156
|
+
|
157
|
+
# The id of customer's directory that host the data.
|
158
|
+
# Corresponds to the JSON property `customerTenantId`
|
159
|
+
# @return [String]
|
160
|
+
attr_accessor :customer_tenant_id
|
161
|
+
|
162
|
+
# The client ID of the user's Azure Active Directory Application used for a
|
163
|
+
# federated connection.
|
164
|
+
# Corresponds to the JSON property `federatedApplicationClientId`
|
165
|
+
# @return [String]
|
166
|
+
attr_accessor :federated_application_client_id
|
167
|
+
|
168
|
+
# Output only. A unique Google-owned and Google-generated identity for the
|
169
|
+
# Connection. This identity will be used to access the user's Azure Active
|
170
|
+
# Directory Application.
|
171
|
+
# Corresponds to the JSON property `identity`
|
172
|
+
# @return [String]
|
173
|
+
attr_accessor :identity
|
174
|
+
|
175
|
+
# Output only. The object id of the Azure Active Directory Application.
|
176
|
+
# Corresponds to the JSON property `objectId`
|
177
|
+
# @return [String]
|
178
|
+
attr_accessor :object_id_prop
|
179
|
+
|
180
|
+
# The URL user will be redirected to after granting consent during connection
|
181
|
+
# setup.
|
182
|
+
# Corresponds to the JSON property `redirectUri`
|
183
|
+
# @return [String]
|
184
|
+
attr_accessor :redirect_uri
|
185
|
+
|
186
|
+
def initialize(**args)
|
187
|
+
update!(**args)
|
188
|
+
end
|
189
|
+
|
190
|
+
# Update properties of this object
|
191
|
+
def update!(**args)
|
192
|
+
@application = args[:application] if args.key?(:application)
|
193
|
+
@client_id = args[:client_id] if args.key?(:client_id)
|
194
|
+
@customer_tenant_id = args[:customer_tenant_id] if args.key?(:customer_tenant_id)
|
195
|
+
@federated_application_client_id = args[:federated_application_client_id] if args.key?(:federated_application_client_id)
|
196
|
+
@identity = args[:identity] if args.key?(:identity)
|
197
|
+
@object_id_prop = args[:object_id_prop] if args.key?(:object_id_prop)
|
198
|
+
@redirect_uri = args[:redirect_uri] if args.key?(:redirect_uri)
|
199
|
+
end
|
200
|
+
end
|
201
|
+
|
202
|
+
# Associates `members`, or principals, with a `role`.
|
203
|
+
class Binding
|
204
|
+
include Google::Apis::Core::Hashable
|
205
|
+
|
206
|
+
# Represents a textual expression in the Common Expression Language (CEL) syntax.
|
207
|
+
# CEL is a C-like expression language. The syntax and semantics of CEL are
|
208
|
+
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
|
209
|
+
# "Summary size limit" description: "Determines if a summary is less than 100
|
210
|
+
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
|
211
|
+
# Requestor is owner" description: "Determines if requestor is the document
|
212
|
+
# owner" expression: "document.owner == request.auth.claims.email" Example (
|
213
|
+
# Logic): title: "Public documents" description: "Determine whether the document
|
214
|
+
# should be publicly visible" expression: "document.type != 'private' &&
|
215
|
+
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
|
216
|
+
# string" description: "Create a notification string with a timestamp."
|
217
|
+
# expression: "'New message received at ' + string(document.create_time)" The
|
218
|
+
# exact variables and functions that may be referenced within an expression are
|
219
|
+
# determined by the service that evaluates it. See the service documentation for
|
220
|
+
# additional information.
|
221
|
+
# Corresponds to the JSON property `condition`
|
222
|
+
# @return [Google::Apis::BigqueryconnectionV1::Expr]
|
223
|
+
attr_accessor :condition
|
224
|
+
|
225
|
+
# Specifies the principals requesting access for a Google Cloud resource. `
|
226
|
+
# members` can have the following values: * `allUsers`: A special identifier
|
227
|
+
# that represents anyone who is on the internet; with or without a Google
|
228
|
+
# account. * `allAuthenticatedUsers`: A special identifier that represents
|
229
|
+
# anyone who is authenticated with a Google account or a service account. Does
|
230
|
+
# not include identities that come from external identity providers (IdPs)
|
231
|
+
# through identity federation. * `user:`emailid``: An email address that
|
232
|
+
# represents a specific Google account. For example, `alice@example.com` . * `
|
233
|
+
# serviceAccount:`emailid``: An email address that represents a Google service
|
234
|
+
# account. For example, `my-other-app@appspot.gserviceaccount.com`. * `
|
235
|
+
# serviceAccount:`projectid`.svc.id.goog[`namespace`/`kubernetes-sa`]`: An
|
236
|
+
# identifier for a [Kubernetes service account](https://cloud.google.com/
|
237
|
+
# kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-
|
238
|
+
# project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:`emailid``: An
|
239
|
+
# email address that represents a Google group. For example, `admins@example.com`
|
240
|
+
# . * `domain:`domain``: The G Suite domain (primary) that represents all the
|
241
|
+
# users of that domain. For example, `google.com` or `example.com`. * `principal:
|
242
|
+
# //iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/`
|
243
|
+
# subject_attribute_value``: A single identity in a workforce identity pool. * `
|
244
|
+
# principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/
|
245
|
+
# group/`group_id``: All workforce identities in a group. * `principalSet://iam.
|
246
|
+
# googleapis.com/locations/global/workforcePools/`pool_id`/attribute.`
|
247
|
+
# attribute_name`/`attribute_value``: All workforce identities with a specific
|
248
|
+
# attribute value. * `principalSet://iam.googleapis.com/locations/global/
|
249
|
+
# workforcePools/`pool_id`/*`: All identities in a workforce identity pool. * `
|
250
|
+
# principal://iam.googleapis.com/projects/`project_number`/locations/global/
|
251
|
+
# workloadIdentityPools/`pool_id`/subject/`subject_attribute_value``: A single
|
252
|
+
# identity in a workload identity pool. * `principalSet://iam.googleapis.com/
|
253
|
+
# projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/
|
254
|
+
# group/`group_id``: A workload identity pool group. * `principalSet://iam.
|
255
|
+
# googleapis.com/projects/`project_number`/locations/global/
|
256
|
+
# workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value``:
|
257
|
+
# All identities in a workload identity pool with a certain attribute. * `
|
258
|
+
# principalSet://iam.googleapis.com/projects/`project_number`/locations/global/
|
259
|
+
# workloadIdentityPools/`pool_id`/*`: All identities in a workload identity pool.
|
260
|
+
# * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
|
261
|
+
# identifier) representing a user that has been recently deleted. For example, `
|
262
|
+
# alice@example.com?uid=123456789012345678901`. If the user is recovered, this
|
263
|
+
# value reverts to `user:`emailid`` and the recovered user retains the role in
|
264
|
+
# the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email
|
265
|
+
# address (plus unique identifier) representing a service account that has been
|
266
|
+
# recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
|
267
|
+
# 123456789012345678901`. If the service account is undeleted, this value
|
268
|
+
# reverts to `serviceAccount:`emailid`` and the undeleted service account
|
269
|
+
# retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``:
|
270
|
+
# An email address (plus unique identifier) representing a Google group that has
|
271
|
+
# been recently deleted. For example, `admins@example.com?uid=
|
272
|
+
# 123456789012345678901`. If the group is recovered, this value reverts to `
|
273
|
+
# group:`emailid`` and the recovered group retains the role in the binding. * `
|
274
|
+
# deleted:principal://iam.googleapis.com/locations/global/workforcePools/`
|
275
|
+
# pool_id`/subject/`subject_attribute_value``: Deleted single identity in a
|
276
|
+
# workforce identity pool. For example, `deleted:principal://iam.googleapis.com/
|
277
|
+
# locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
|
278
|
+
# Corresponds to the JSON property `members`
|
279
|
+
# @return [Array<String>]
|
280
|
+
attr_accessor :members
|
281
|
+
|
282
|
+
# Role that is assigned to the list of `members`, or principals. For example, `
|
283
|
+
# roles/viewer`, `roles/editor`, or `roles/owner`.
|
284
|
+
# Corresponds to the JSON property `role`
|
285
|
+
# @return [String]
|
286
|
+
attr_accessor :role
|
287
|
+
|
288
|
+
def initialize(**args)
|
289
|
+
update!(**args)
|
290
|
+
end
|
291
|
+
|
292
|
+
# Update properties of this object
|
293
|
+
def update!(**args)
|
294
|
+
@condition = args[:condition] if args.key?(:condition)
|
295
|
+
@members = args[:members] if args.key?(:members)
|
296
|
+
@role = args[:role] if args.key?(:role)
|
297
|
+
end
|
298
|
+
end
|
299
|
+
|
300
|
+
# Container for connection properties for delegation of access to GCP resources.
|
301
|
+
class CloudResourceProperties
|
302
|
+
include Google::Apis::Core::Hashable
|
303
|
+
|
304
|
+
# Output only. The account ID of the service created for the purpose of this
|
305
|
+
# connection. The service account does not have any permissions associated with
|
306
|
+
# it when it is created. After creation, customers delegate permissions to the
|
307
|
+
# service account. When the connection is used in the context of an operation in
|
308
|
+
# BigQuery, the service account will be used to connect to the desired resources
|
309
|
+
# in GCP. The account ID is in the form of: @gcp-sa-bigquery-cloudresource.iam.
|
310
|
+
# gserviceaccount.com
|
311
|
+
# Corresponds to the JSON property `serviceAccountId`
|
312
|
+
# @return [String]
|
313
|
+
attr_accessor :service_account_id
|
314
|
+
|
315
|
+
def initialize(**args)
|
316
|
+
update!(**args)
|
317
|
+
end
|
318
|
+
|
319
|
+
# Update properties of this object
|
320
|
+
def update!(**args)
|
321
|
+
@service_account_id = args[:service_account_id] if args.key?(:service_account_id)
|
322
|
+
end
|
323
|
+
end
|
324
|
+
|
325
|
+
# Connection properties specific to Cloud Spanner.
|
326
|
+
class CloudSpannerProperties
|
327
|
+
include Google::Apis::Core::Hashable
|
328
|
+
|
329
|
+
# Cloud Spanner database in the form `project/instance/database'
|
330
|
+
# Corresponds to the JSON property `database`
|
331
|
+
# @return [String]
|
332
|
+
attr_accessor :database
|
333
|
+
|
334
|
+
# Optional. Cloud Spanner database role for fine-grained access control. The
|
335
|
+
# Cloud Spanner admin should have provisioned the database role with appropriate
|
336
|
+
# permissions, such as `SELECT` and `INSERT`. Other users should only use roles
|
337
|
+
# provided by their Cloud Spanner admins. For more details, see [About fine-
|
338
|
+
# grained access control] (https://cloud.google.com/spanner/docs/fgac-about).
|
339
|
+
# REQUIRES: The database role name must start with a letter, and can only
|
340
|
+
# contain letters, numbers, and underscores.
|
341
|
+
# Corresponds to the JSON property `databaseRole`
|
342
|
+
# @return [String]
|
343
|
+
attr_accessor :database_role
|
344
|
+
|
345
|
+
# Allows setting max parallelism per query when executing on Spanner independent
|
346
|
+
# compute resources. If unspecified, default values of parallelism are chosen
|
347
|
+
# that are dependent on the Cloud Spanner instance configuration. REQUIRES: `
|
348
|
+
# use_parallelism` must be set. REQUIRES: `use_data_boost` must be set.
|
349
|
+
# Corresponds to the JSON property `maxParallelism`
|
350
|
+
# @return [Fixnum]
|
351
|
+
attr_accessor :max_parallelism
|
352
|
+
|
353
|
+
# If set, the request will be executed via Spanner independent compute resources.
|
354
|
+
# REQUIRES: `use_parallelism` must be set.
|
355
|
+
# Corresponds to the JSON property `useDataBoost`
|
356
|
+
# @return [Boolean]
|
357
|
+
attr_accessor :use_data_boost
|
358
|
+
alias_method :use_data_boost?, :use_data_boost
|
359
|
+
|
360
|
+
# If parallelism should be used when reading from Cloud Spanner
|
361
|
+
# Corresponds to the JSON property `useParallelism`
|
362
|
+
# @return [Boolean]
|
363
|
+
attr_accessor :use_parallelism
|
364
|
+
alias_method :use_parallelism?, :use_parallelism
|
365
|
+
|
366
|
+
# Deprecated: prefer use_data_boost instead. If the serverless analytics service
|
367
|
+
# should be used to read data from Cloud Spanner. Note: `use_parallelism` must
|
368
|
+
# be set when using serverless analytics.
|
369
|
+
# Corresponds to the JSON property `useServerlessAnalytics`
|
370
|
+
# @return [Boolean]
|
371
|
+
attr_accessor :use_serverless_analytics
|
372
|
+
alias_method :use_serverless_analytics?, :use_serverless_analytics
|
373
|
+
|
374
|
+
def initialize(**args)
|
375
|
+
update!(**args)
|
376
|
+
end
|
377
|
+
|
378
|
+
# Update properties of this object
|
379
|
+
def update!(**args)
|
380
|
+
@database = args[:database] if args.key?(:database)
|
381
|
+
@database_role = args[:database_role] if args.key?(:database_role)
|
382
|
+
@max_parallelism = args[:max_parallelism] if args.key?(:max_parallelism)
|
383
|
+
@use_data_boost = args[:use_data_boost] if args.key?(:use_data_boost)
|
384
|
+
@use_parallelism = args[:use_parallelism] if args.key?(:use_parallelism)
|
385
|
+
@use_serverless_analytics = args[:use_serverless_analytics] if args.key?(:use_serverless_analytics)
|
386
|
+
end
|
387
|
+
end
|
388
|
+
|
389
|
+
# Credential info for the Cloud SQL.
|
390
|
+
class CloudSqlCredential
|
391
|
+
include Google::Apis::Core::Hashable
|
392
|
+
|
393
|
+
# The password for the credential.
|
394
|
+
# Corresponds to the JSON property `password`
|
395
|
+
# @return [String]
|
396
|
+
attr_accessor :password
|
397
|
+
|
398
|
+
# The username for the credential.
|
399
|
+
# Corresponds to the JSON property `username`
|
400
|
+
# @return [String]
|
401
|
+
attr_accessor :username
|
402
|
+
|
403
|
+
def initialize(**args)
|
404
|
+
update!(**args)
|
405
|
+
end
|
406
|
+
|
407
|
+
# Update properties of this object
|
408
|
+
def update!(**args)
|
409
|
+
@password = args[:password] if args.key?(:password)
|
410
|
+
@username = args[:username] if args.key?(:username)
|
411
|
+
end
|
412
|
+
end
|
413
|
+
|
414
|
+
# Connection properties specific to the Cloud SQL.
|
415
|
+
class CloudSqlProperties
|
416
|
+
include Google::Apis::Core::Hashable
|
417
|
+
|
418
|
+
# Credential info for the Cloud SQL.
|
419
|
+
# Corresponds to the JSON property `credential`
|
420
|
+
# @return [Google::Apis::BigqueryconnectionV1::CloudSqlCredential]
|
421
|
+
attr_accessor :credential
|
422
|
+
|
423
|
+
# Database name.
|
424
|
+
# Corresponds to the JSON property `database`
|
425
|
+
# @return [String]
|
426
|
+
attr_accessor :database
|
427
|
+
|
428
|
+
# Cloud SQL instance ID in the form `project:location:instance`.
|
429
|
+
# Corresponds to the JSON property `instanceId`
|
430
|
+
# @return [String]
|
431
|
+
attr_accessor :instance_id
|
432
|
+
|
433
|
+
# Output only. The account ID of the service used for the purpose of this
|
434
|
+
# connection. When the connection is used in the context of an operation in
|
435
|
+
# BigQuery, this service account will serve as the identity being used for
|
436
|
+
# connecting to the CloudSQL instance specified in this connection.
|
437
|
+
# Corresponds to the JSON property `serviceAccountId`
|
438
|
+
# @return [String]
|
439
|
+
attr_accessor :service_account_id
|
440
|
+
|
441
|
+
# Type of the Cloud SQL database.
|
442
|
+
# Corresponds to the JSON property `type`
|
443
|
+
# @return [String]
|
444
|
+
attr_accessor :type
|
445
|
+
|
446
|
+
def initialize(**args)
|
447
|
+
update!(**args)
|
448
|
+
end
|
449
|
+
|
450
|
+
# Update properties of this object
|
451
|
+
def update!(**args)
|
452
|
+
@credential = args[:credential] if args.key?(:credential)
|
453
|
+
@database = args[:database] if args.key?(:database)
|
454
|
+
@instance_id = args[:instance_id] if args.key?(:instance_id)
|
455
|
+
@service_account_id = args[:service_account_id] if args.key?(:service_account_id)
|
456
|
+
@type = args[:type] if args.key?(:type)
|
457
|
+
end
|
458
|
+
end
|
459
|
+
|
460
|
+
# Configuration parameters to establish connection with an external data source,
|
461
|
+
# except the credential attributes.
|
462
|
+
class Connection
|
463
|
+
include Google::Apis::Core::Hashable
|
464
|
+
|
465
|
+
# Connection properties specific to Amazon Web Services (AWS).
|
466
|
+
# Corresponds to the JSON property `aws`
|
467
|
+
# @return [Google::Apis::BigqueryconnectionV1::AwsProperties]
|
468
|
+
attr_accessor :aws
|
469
|
+
|
470
|
+
# Container for connection properties specific to Azure.
|
471
|
+
# Corresponds to the JSON property `azure`
|
472
|
+
# @return [Google::Apis::BigqueryconnectionV1::AzureProperties]
|
473
|
+
attr_accessor :azure
|
474
|
+
|
475
|
+
# Container for connection properties for delegation of access to GCP resources.
|
476
|
+
# Corresponds to the JSON property `cloudResource`
|
477
|
+
# @return [Google::Apis::BigqueryconnectionV1::CloudResourceProperties]
|
478
|
+
attr_accessor :cloud_resource
|
479
|
+
|
480
|
+
# Connection properties specific to Cloud Spanner.
|
481
|
+
# Corresponds to the JSON property `cloudSpanner`
|
482
|
+
# @return [Google::Apis::BigqueryconnectionV1::CloudSpannerProperties]
|
483
|
+
attr_accessor :cloud_spanner
|
484
|
+
|
485
|
+
# Connection properties specific to the Cloud SQL.
|
486
|
+
# Corresponds to the JSON property `cloudSql`
|
487
|
+
# @return [Google::Apis::BigqueryconnectionV1::CloudSqlProperties]
|
488
|
+
attr_accessor :cloud_sql
|
489
|
+
|
490
|
+
# Output only. The creation timestamp of the connection.
|
491
|
+
# Corresponds to the JSON property `creationTime`
|
492
|
+
# @return [Fixnum]
|
493
|
+
attr_accessor :creation_time
|
494
|
+
|
495
|
+
# User provided description.
|
496
|
+
# Corresponds to the JSON property `description`
|
497
|
+
# @return [String]
|
498
|
+
attr_accessor :description
|
499
|
+
|
500
|
+
# User provided display name for the connection.
|
501
|
+
# Corresponds to the JSON property `friendlyName`
|
502
|
+
# @return [String]
|
503
|
+
attr_accessor :friendly_name
|
504
|
+
|
505
|
+
# Output only. True, if credential is configured for this connection.
|
506
|
+
# Corresponds to the JSON property `hasCredential`
|
507
|
+
# @return [Boolean]
|
508
|
+
attr_accessor :has_credential
|
509
|
+
alias_method :has_credential?, :has_credential
|
510
|
+
|
511
|
+
# Optional. The Cloud KMS key that is used for encryption. Example: `projects/[
|
512
|
+
# kms_project_id]/locations/[region]/keyRings/[key_region]/cryptoKeys/[key]`
|
513
|
+
# Corresponds to the JSON property `kmsKeyName`
|
514
|
+
# @return [String]
|
515
|
+
attr_accessor :kms_key_name
|
516
|
+
|
517
|
+
# Output only. The last update timestamp of the connection.
|
518
|
+
# Corresponds to the JSON property `lastModifiedTime`
|
519
|
+
# @return [Fixnum]
|
520
|
+
attr_accessor :last_modified_time
|
521
|
+
|
522
|
+
# Output only. The resource name of the connection in the form of: `projects/`
|
523
|
+
# project_id`/locations/`location_id`/connections/`connection_id``
|
524
|
+
# Corresponds to the JSON property `name`
|
525
|
+
# @return [String]
|
526
|
+
attr_accessor :name
|
527
|
+
|
528
|
+
# Connection properties specific to Salesforce DataCloud. This is intended for
|
529
|
+
# use only by Salesforce partner projects.
|
530
|
+
# Corresponds to the JSON property `salesforceDataCloud`
|
531
|
+
# @return [Google::Apis::BigqueryconnectionV1::SalesforceDataCloudProperties]
|
532
|
+
attr_accessor :salesforce_data_cloud
|
533
|
+
|
534
|
+
# Container for connection properties to execute stored procedures for Apache
|
535
|
+
# Spark.
|
536
|
+
# Corresponds to the JSON property `spark`
|
537
|
+
# @return [Google::Apis::BigqueryconnectionV1::SparkProperties]
|
538
|
+
attr_accessor :spark
|
539
|
+
|
540
|
+
def initialize(**args)
|
541
|
+
update!(**args)
|
542
|
+
end
|
543
|
+
|
544
|
+
# Update properties of this object
|
545
|
+
def update!(**args)
|
546
|
+
@aws = args[:aws] if args.key?(:aws)
|
547
|
+
@azure = args[:azure] if args.key?(:azure)
|
548
|
+
@cloud_resource = args[:cloud_resource] if args.key?(:cloud_resource)
|
549
|
+
@cloud_spanner = args[:cloud_spanner] if args.key?(:cloud_spanner)
|
550
|
+
@cloud_sql = args[:cloud_sql] if args.key?(:cloud_sql)
|
551
|
+
@creation_time = args[:creation_time] if args.key?(:creation_time)
|
552
|
+
@description = args[:description] if args.key?(:description)
|
553
|
+
@friendly_name = args[:friendly_name] if args.key?(:friendly_name)
|
554
|
+
@has_credential = args[:has_credential] if args.key?(:has_credential)
|
555
|
+
@kms_key_name = args[:kms_key_name] if args.key?(:kms_key_name)
|
556
|
+
@last_modified_time = args[:last_modified_time] if args.key?(:last_modified_time)
|
557
|
+
@name = args[:name] if args.key?(:name)
|
558
|
+
@salesforce_data_cloud = args[:salesforce_data_cloud] if args.key?(:salesforce_data_cloud)
|
559
|
+
@spark = args[:spark] if args.key?(:spark)
|
560
|
+
end
|
561
|
+
end
|
562
|
+
|
563
|
+
# A generic empty message that you can re-use to avoid defining duplicated empty
|
564
|
+
# messages in your APIs. A typical example is to use it as the request or the
|
565
|
+
# response type of an API method. For instance: service Foo ` rpc Bar(google.
|
566
|
+
# protobuf.Empty) returns (google.protobuf.Empty); `
|
567
|
+
class Empty
|
568
|
+
include Google::Apis::Core::Hashable
|
569
|
+
|
570
|
+
def initialize(**args)
|
571
|
+
update!(**args)
|
572
|
+
end
|
573
|
+
|
574
|
+
# Update properties of this object
|
575
|
+
def update!(**args)
|
576
|
+
end
|
577
|
+
end
|
578
|
+
|
579
|
+
# Represents a textual expression in the Common Expression Language (CEL) syntax.
|
580
|
+
# CEL is a C-like expression language. The syntax and semantics of CEL are
|
581
|
+
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
|
582
|
+
# "Summary size limit" description: "Determines if a summary is less than 100
|
583
|
+
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
|
584
|
+
# Requestor is owner" description: "Determines if requestor is the document
|
585
|
+
# owner" expression: "document.owner == request.auth.claims.email" Example (
|
586
|
+
# Logic): title: "Public documents" description: "Determine whether the document
|
587
|
+
# should be publicly visible" expression: "document.type != 'private' &&
|
588
|
+
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
|
589
|
+
# string" description: "Create a notification string with a timestamp."
|
590
|
+
# expression: "'New message received at ' + string(document.create_time)" The
|
591
|
+
# exact variables and functions that may be referenced within an expression are
|
592
|
+
# determined by the service that evaluates it. See the service documentation for
|
593
|
+
# additional information.
|
594
|
+
class Expr
|
595
|
+
include Google::Apis::Core::Hashable
|
596
|
+
|
597
|
+
# Optional. Description of the expression. This is a longer text which describes
|
598
|
+
# the expression, e.g. when hovered over it in a UI.
|
599
|
+
# Corresponds to the JSON property `description`
|
600
|
+
# @return [String]
|
601
|
+
attr_accessor :description
|
602
|
+
|
603
|
+
# Textual representation of an expression in Common Expression Language syntax.
|
604
|
+
# Corresponds to the JSON property `expression`
|
605
|
+
# @return [String]
|
606
|
+
attr_accessor :expression
|
607
|
+
|
608
|
+
# Optional. String indicating the location of the expression for error reporting,
|
609
|
+
# e.g. a file name and a position in the file.
|
610
|
+
# Corresponds to the JSON property `location`
|
611
|
+
# @return [String]
|
612
|
+
attr_accessor :location
|
613
|
+
|
614
|
+
# Optional. Title for the expression, i.e. a short string describing its purpose.
|
615
|
+
# This can be used e.g. in UIs which allow to enter the expression.
|
616
|
+
# Corresponds to the JSON property `title`
|
617
|
+
# @return [String]
|
618
|
+
attr_accessor :title
|
619
|
+
|
620
|
+
def initialize(**args)
|
621
|
+
update!(**args)
|
622
|
+
end
|
623
|
+
|
624
|
+
# Update properties of this object
|
625
|
+
def update!(**args)
|
626
|
+
@description = args[:description] if args.key?(:description)
|
627
|
+
@expression = args[:expression] if args.key?(:expression)
|
628
|
+
@location = args[:location] if args.key?(:location)
|
629
|
+
@title = args[:title] if args.key?(:title)
|
630
|
+
end
|
631
|
+
end
|
632
|
+
|
633
|
+
# Request message for `GetIamPolicy` method.
|
634
|
+
class GetIamPolicyRequest
|
635
|
+
include Google::Apis::Core::Hashable
|
636
|
+
|
637
|
+
# Encapsulates settings provided to GetIamPolicy.
|
638
|
+
# Corresponds to the JSON property `options`
|
639
|
+
# @return [Google::Apis::BigqueryconnectionV1::GetPolicyOptions]
|
640
|
+
attr_accessor :options
|
641
|
+
|
642
|
+
def initialize(**args)
|
643
|
+
update!(**args)
|
644
|
+
end
|
645
|
+
|
646
|
+
# Update properties of this object
|
647
|
+
def update!(**args)
|
648
|
+
@options = args[:options] if args.key?(:options)
|
649
|
+
end
|
650
|
+
end
|
651
|
+
|
652
|
+
# Encapsulates settings provided to GetIamPolicy.
|
653
|
+
class GetPolicyOptions
|
654
|
+
include Google::Apis::Core::Hashable
|
655
|
+
|
656
|
+
# Optional. The maximum policy version that will be used to format the policy.
|
657
|
+
# Valid values are 0, 1, and 3. Requests specifying an invalid value will be
|
658
|
+
# rejected. Requests for policies with any conditional role bindings must
|
659
|
+
# specify version 3. Policies with no conditional role bindings may specify any
|
660
|
+
# valid value or leave the field unset. The policy in the response might use the
|
661
|
+
# policy version that you specified, or it might use a lower policy version. For
|
662
|
+
# example, if you specify version 3, but the policy has no conditional role
|
663
|
+
# bindings, the response uses version 1. To learn which resources support
|
664
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
665
|
+
# google.com/iam/help/conditions/resource-policies).
|
666
|
+
# Corresponds to the JSON property `requestedPolicyVersion`
|
667
|
+
# @return [Fixnum]
|
668
|
+
attr_accessor :requested_policy_version
|
669
|
+
|
670
|
+
def initialize(**args)
|
671
|
+
update!(**args)
|
672
|
+
end
|
673
|
+
|
674
|
+
# Update properties of this object
|
675
|
+
def update!(**args)
|
676
|
+
@requested_policy_version = args[:requested_policy_version] if args.key?(:requested_policy_version)
|
677
|
+
end
|
678
|
+
end
|
679
|
+
|
680
|
+
# The response for ConnectionService.ListConnections.
|
681
|
+
class ListConnectionsResponse
|
682
|
+
include Google::Apis::Core::Hashable
|
683
|
+
|
684
|
+
# List of connections.
|
685
|
+
# Corresponds to the JSON property `connections`
|
686
|
+
# @return [Array<Google::Apis::BigqueryconnectionV1::Connection>]
|
687
|
+
attr_accessor :connections
|
688
|
+
|
689
|
+
# Next page token.
|
690
|
+
# Corresponds to the JSON property `nextPageToken`
|
691
|
+
# @return [String]
|
692
|
+
attr_accessor :next_page_token
|
693
|
+
|
694
|
+
def initialize(**args)
|
695
|
+
update!(**args)
|
696
|
+
end
|
697
|
+
|
698
|
+
# Update properties of this object
|
699
|
+
def update!(**args)
|
700
|
+
@connections = args[:connections] if args.key?(:connections)
|
701
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
702
|
+
end
|
703
|
+
end
|
704
|
+
|
705
|
+
# Configuration of the Dataproc Metastore Service.
|
706
|
+
class MetastoreServiceConfig
|
707
|
+
include Google::Apis::Core::Hashable
|
708
|
+
|
709
|
+
# Optional. Resource name of an existing Dataproc Metastore service. Example: * `
|
710
|
+
# projects/[project_id]/locations/[region]/services/[service_id]`
|
711
|
+
# Corresponds to the JSON property `metastoreService`
|
712
|
+
# @return [String]
|
713
|
+
attr_accessor :metastore_service
|
714
|
+
|
715
|
+
def initialize(**args)
|
716
|
+
update!(**args)
|
717
|
+
end
|
718
|
+
|
719
|
+
# Update properties of this object
|
720
|
+
def update!(**args)
|
721
|
+
@metastore_service = args[:metastore_service] if args.key?(:metastore_service)
|
722
|
+
end
|
723
|
+
end
|
724
|
+
|
725
|
+
# An Identity and Access Management (IAM) policy, which specifies access
|
726
|
+
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
727
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
728
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
729
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
730
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
731
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
732
|
+
# logical expression that allows access to a resource only if the expression
|
733
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
734
|
+
# the request, the resource, or both. To learn which resources support
|
735
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
736
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
|
737
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
738
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
739
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
740
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
741
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
742
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
743
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
|
744
|
+
# example:** ``` bindings: - members: - user:mike@example.com - group:admins@
|
745
|
+
# example.com - domain:google.com - serviceAccount:my-project-id@appspot.
|
746
|
+
# gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
|
747
|
+
# user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
|
748
|
+
# title: expirable access description: Does not grant access after Sep 2020
|
749
|
+
# expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
|
750
|
+
# BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
|
751
|
+
# [IAM documentation](https://cloud.google.com/iam/docs/).
|
752
|
+
class Policy
|
753
|
+
include Google::Apis::Core::Hashable
|
754
|
+
|
755
|
+
# Specifies cloud audit logging configuration for this policy.
|
756
|
+
# Corresponds to the JSON property `auditConfigs`
|
757
|
+
# @return [Array<Google::Apis::BigqueryconnectionV1::AuditConfig>]
|
758
|
+
attr_accessor :audit_configs
|
759
|
+
|
760
|
+
# Associates a list of `members`, or principals, with a `role`. Optionally, may
|
761
|
+
# specify a `condition` that determines how and when the `bindings` are applied.
|
762
|
+
# Each of the `bindings` must contain at least one principal. The `bindings` in
|
763
|
+
# a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
|
764
|
+
# can be Google groups. Each occurrence of a principal counts towards these
|
765
|
+
# limits. For example, if the `bindings` grant 50 different roles to `user:alice@
|
766
|
+
# example.com`, and not to any other principal, then you can add another 1,450
|
767
|
+
# principals to the `bindings` in the `Policy`.
|
768
|
+
# Corresponds to the JSON property `bindings`
|
769
|
+
# @return [Array<Google::Apis::BigqueryconnectionV1::Binding>]
|
770
|
+
attr_accessor :bindings
|
771
|
+
|
772
|
+
# `etag` is used for optimistic concurrency control as a way to help prevent
|
773
|
+
# simultaneous updates of a policy from overwriting each other. It is strongly
|
774
|
+
# suggested that systems make use of the `etag` in the read-modify-write cycle
|
775
|
+
# to perform policy updates in order to avoid race conditions: An `etag` is
|
776
|
+
# returned in the response to `getIamPolicy`, and systems are expected to put
|
777
|
+
# that etag in the request to `setIamPolicy` to ensure that their change will be
|
778
|
+
# applied to the same version of the policy. **Important:** If you use IAM
|
779
|
+
# Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
|
780
|
+
# If you omit this field, then IAM allows you to overwrite a version `3` policy
|
781
|
+
# with a version `1` policy, and all of the conditions in the version `3` policy
|
782
|
+
# are lost.
|
783
|
+
# Corresponds to the JSON property `etag`
|
784
|
+
# NOTE: Values are automatically base64 encoded/decoded in the client library.
|
785
|
+
# @return [String]
|
786
|
+
attr_accessor :etag
|
787
|
+
|
788
|
+
# Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
|
789
|
+
# Requests that specify an invalid value are rejected. Any operation that
|
790
|
+
# affects conditional role bindings must specify version `3`. This requirement
|
791
|
+
# applies to the following operations: * Getting a policy that includes a
|
792
|
+
# conditional role binding * Adding a conditional role binding to a policy *
|
793
|
+
# Changing a conditional role binding in a policy * Removing any role binding,
|
794
|
+
# with or without a condition, from a policy that includes conditions **
|
795
|
+
# Important:** If you use IAM Conditions, you must include the `etag` field
|
796
|
+
# whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
|
797
|
+
# to overwrite a version `3` policy with a version `1` policy, and all of the
|
798
|
+
# conditions in the version `3` policy are lost. If a policy does not include
|
799
|
+
# any conditions, operations on that policy may specify any valid version or
|
800
|
+
# leave the field unset. To learn which resources support conditions in their
|
801
|
+
# IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
|
802
|
+
# conditions/resource-policies).
|
803
|
+
# Corresponds to the JSON property `version`
|
804
|
+
# @return [Fixnum]
|
805
|
+
attr_accessor :version
|
806
|
+
|
807
|
+
def initialize(**args)
|
808
|
+
update!(**args)
|
809
|
+
end
|
810
|
+
|
811
|
+
# Update properties of this object
|
812
|
+
def update!(**args)
|
813
|
+
@audit_configs = args[:audit_configs] if args.key?(:audit_configs)
|
814
|
+
@bindings = args[:bindings] if args.key?(:bindings)
|
815
|
+
@etag = args[:etag] if args.key?(:etag)
|
816
|
+
@version = args[:version] if args.key?(:version)
|
817
|
+
end
|
818
|
+
end
|
819
|
+
|
820
|
+
# Connection properties specific to Salesforce DataCloud. This is intended for
|
821
|
+
# use only by Salesforce partner projects.
|
822
|
+
class SalesforceDataCloudProperties
|
823
|
+
include Google::Apis::Core::Hashable
|
824
|
+
|
825
|
+
# Output only. A unique Google-owned and Google-generated service account
|
826
|
+
# identity for the connection.
|
827
|
+
# Corresponds to the JSON property `identity`
|
828
|
+
# @return [String]
|
829
|
+
attr_accessor :identity
|
830
|
+
|
831
|
+
# The URL to the user's Salesforce DataCloud instance.
|
832
|
+
# Corresponds to the JSON property `instanceUri`
|
833
|
+
# @return [String]
|
834
|
+
attr_accessor :instance_uri
|
835
|
+
|
836
|
+
# The ID of the user's Salesforce tenant.
|
837
|
+
# Corresponds to the JSON property `tenantId`
|
838
|
+
# @return [String]
|
839
|
+
attr_accessor :tenant_id
|
840
|
+
|
841
|
+
def initialize(**args)
|
842
|
+
update!(**args)
|
843
|
+
end
|
844
|
+
|
845
|
+
# Update properties of this object
|
846
|
+
def update!(**args)
|
847
|
+
@identity = args[:identity] if args.key?(:identity)
|
848
|
+
@instance_uri = args[:instance_uri] if args.key?(:instance_uri)
|
849
|
+
@tenant_id = args[:tenant_id] if args.key?(:tenant_id)
|
850
|
+
end
|
851
|
+
end
|
852
|
+
|
853
|
+
# Request message for `SetIamPolicy` method.
|
854
|
+
class SetIamPolicyRequest
|
855
|
+
include Google::Apis::Core::Hashable
|
856
|
+
|
857
|
+
# An Identity and Access Management (IAM) policy, which specifies access
|
858
|
+
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
859
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
860
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
861
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
862
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
863
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
864
|
+
# logical expression that allows access to a resource only if the expression
|
865
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
866
|
+
# the request, the resource, or both. To learn which resources support
|
867
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
868
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
|
869
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
870
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
871
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
872
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
873
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
874
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
875
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
|
876
|
+
# example:** ``` bindings: - members: - user:mike@example.com - group:admins@
|
877
|
+
# example.com - domain:google.com - serviceAccount:my-project-id@appspot.
|
878
|
+
# gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
|
879
|
+
# user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
|
880
|
+
# title: expirable access description: Does not grant access after Sep 2020
|
881
|
+
# expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
|
882
|
+
# BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
|
883
|
+
# [IAM documentation](https://cloud.google.com/iam/docs/).
|
884
|
+
# Corresponds to the JSON property `policy`
|
885
|
+
# @return [Google::Apis::BigqueryconnectionV1::Policy]
|
886
|
+
attr_accessor :policy
|
887
|
+
|
888
|
+
# OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
|
889
|
+
# the fields in the mask will be modified. If no mask is provided, the following
|
890
|
+
# default mask is used: `paths: "bindings, etag"`
|
891
|
+
# Corresponds to the JSON property `updateMask`
|
892
|
+
# @return [String]
|
893
|
+
attr_accessor :update_mask
|
894
|
+
|
895
|
+
def initialize(**args)
|
896
|
+
update!(**args)
|
897
|
+
end
|
898
|
+
|
899
|
+
# Update properties of this object
|
900
|
+
def update!(**args)
|
901
|
+
@policy = args[:policy] if args.key?(:policy)
|
902
|
+
@update_mask = args[:update_mask] if args.key?(:update_mask)
|
903
|
+
end
|
904
|
+
end
|
905
|
+
|
906
|
+
# Configuration of the Spark History Server.
|
907
|
+
class SparkHistoryServerConfig
|
908
|
+
include Google::Apis::Core::Hashable
|
909
|
+
|
910
|
+
# Optional. Resource name of an existing Dataproc Cluster to act as a Spark
|
911
|
+
# History Server for the connection. Example: * `projects/[project_id]/regions/[
|
912
|
+
# region]/clusters/[cluster_name]`
|
913
|
+
# Corresponds to the JSON property `dataprocCluster`
|
914
|
+
# @return [String]
|
915
|
+
attr_accessor :dataproc_cluster
|
916
|
+
|
917
|
+
def initialize(**args)
|
918
|
+
update!(**args)
|
919
|
+
end
|
920
|
+
|
921
|
+
# Update properties of this object
|
922
|
+
def update!(**args)
|
923
|
+
@dataproc_cluster = args[:dataproc_cluster] if args.key?(:dataproc_cluster)
|
924
|
+
end
|
925
|
+
end
|
926
|
+
|
927
|
+
# Container for connection properties to execute stored procedures for Apache
|
928
|
+
# Spark.
|
929
|
+
class SparkProperties
|
930
|
+
include Google::Apis::Core::Hashable
|
931
|
+
|
932
|
+
# Configuration of the Dataproc Metastore Service.
|
933
|
+
# Corresponds to the JSON property `metastoreServiceConfig`
|
934
|
+
# @return [Google::Apis::BigqueryconnectionV1::MetastoreServiceConfig]
|
935
|
+
attr_accessor :metastore_service_config
|
936
|
+
|
937
|
+
# Output only. The account ID of the service created for the purpose of this
|
938
|
+
# connection. The service account does not have any permissions associated with
|
939
|
+
# it when it is created. After creation, customers delegate permissions to the
|
940
|
+
# service account. When the connection is used in the context of a stored
|
941
|
+
# procedure for Apache Spark in BigQuery, the service account is used to connect
|
942
|
+
# to the desired resources in Google Cloud. The account ID is in the form of:
|
943
|
+
# bqcx--@gcp-sa-bigquery-consp.iam.gserviceaccount.com
|
944
|
+
# Corresponds to the JSON property `serviceAccountId`
|
945
|
+
# @return [String]
|
946
|
+
attr_accessor :service_account_id
|
947
|
+
|
948
|
+
# Configuration of the Spark History Server.
|
949
|
+
# Corresponds to the JSON property `sparkHistoryServerConfig`
|
950
|
+
# @return [Google::Apis::BigqueryconnectionV1::SparkHistoryServerConfig]
|
951
|
+
attr_accessor :spark_history_server_config
|
952
|
+
|
953
|
+
def initialize(**args)
|
954
|
+
update!(**args)
|
955
|
+
end
|
956
|
+
|
957
|
+
# Update properties of this object
|
958
|
+
def update!(**args)
|
959
|
+
@metastore_service_config = args[:metastore_service_config] if args.key?(:metastore_service_config)
|
960
|
+
@service_account_id = args[:service_account_id] if args.key?(:service_account_id)
|
961
|
+
@spark_history_server_config = args[:spark_history_server_config] if args.key?(:spark_history_server_config)
|
962
|
+
end
|
963
|
+
end
|
964
|
+
|
965
|
+
# Request message for `TestIamPermissions` method.
|
966
|
+
class TestIamPermissionsRequest
|
967
|
+
include Google::Apis::Core::Hashable
|
968
|
+
|
969
|
+
# The set of permissions to check for the `resource`. Permissions with wildcards
|
970
|
+
# (such as `*` or `storage.*`) are not allowed. For more information see [IAM
|
971
|
+
# Overview](https://cloud.google.com/iam/docs/overview#permissions).
|
972
|
+
# Corresponds to the JSON property `permissions`
|
973
|
+
# @return [Array<String>]
|
974
|
+
attr_accessor :permissions
|
975
|
+
|
976
|
+
def initialize(**args)
|
977
|
+
update!(**args)
|
978
|
+
end
|
979
|
+
|
980
|
+
# Update properties of this object
|
981
|
+
def update!(**args)
|
982
|
+
@permissions = args[:permissions] if args.key?(:permissions)
|
983
|
+
end
|
984
|
+
end
|
985
|
+
|
986
|
+
# Response message for `TestIamPermissions` method.
|
987
|
+
class TestIamPermissionsResponse
|
988
|
+
include Google::Apis::Core::Hashable
|
989
|
+
|
990
|
+
# A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
|
991
|
+
# Corresponds to the JSON property `permissions`
|
992
|
+
# @return [Array<String>]
|
993
|
+
attr_accessor :permissions
|
994
|
+
|
995
|
+
def initialize(**args)
|
996
|
+
update!(**args)
|
997
|
+
end
|
998
|
+
|
999
|
+
# Update properties of this object
|
1000
|
+
def update!(**args)
|
1001
|
+
@permissions = args[:permissions] if args.key?(:permissions)
|
1002
|
+
end
|
1003
|
+
end
|
1004
|
+
end
|
1005
|
+
end
|
1006
|
+
end
|