google-apis-cloudasset_v1beta1 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: d643e3e5110b4fba69a5182e0b3673f341b139dfe47783050221652898e33e57
4
+ data.tar.gz: 8ecc921328ba4000ef0e369894e064015e2b200004f0b01ce964ce586e66e62d
5
+ SHA512:
6
+ metadata.gz: 713954f1afe746078de80d1d0d76014df517b530389d78546cf4bb9d7bf939246357fd97ea2d2cf62dbbf06b4335e67de1ebaf786340abda6cd7c8d9124ecf0e
7
+ data.tar.gz: f71f54198d03d750e0dd084f75f3d6f29f9c060ad2a226b273428434667f33e080a683b9ca6636e64548f62eeba12ec73c6479751ab2592fd060c09db4de8fb0
@@ -0,0 +1,13 @@
1
+ --hide-void-return
2
+ --no-private
3
+ --verbose
4
+ --title=google-apis-cloudasset_v1beta1
5
+ --markup-provider=redcarpet
6
+ --markup=markdown
7
+ --main OVERVIEW.md
8
+ lib/google/apis/cloudasset_v1beta1/*.rb
9
+ lib/google/apis/cloudasset_v1beta1.rb
10
+ -
11
+ OVERVIEW.md
12
+ CHANGELOG.md
13
+ LICENSE.md
@@ -0,0 +1,7 @@
1
+ # Release history for google-apis-cloudasset_v1beta1
2
+
3
+ ### v0.1.0 (2021-01-07)
4
+
5
+ * Regenerated using generator version 0.1.1
6
+ * Regenerated from discovery document revision 20201211
7
+
@@ -0,0 +1,202 @@
1
+
2
+ Apache License
3
+ Version 2.0, January 2004
4
+ http://www.apache.org/licenses/
5
+
6
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
7
+
8
+ 1. Definitions.
9
+
10
+ "License" shall mean the terms and conditions for use, reproduction,
11
+ and distribution as defined by Sections 1 through 9 of this document.
12
+
13
+ "Licensor" shall mean the copyright owner or entity authorized by
14
+ the copyright owner that is granting the License.
15
+
16
+ "Legal Entity" shall mean the union of the acting entity and all
17
+ other entities that control, are controlled by, or are under common
18
+ control with that entity. For the purposes of this definition,
19
+ "control" means (i) the power, direct or indirect, to cause the
20
+ direction or management of such entity, whether by contract or
21
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
22
+ outstanding shares, or (iii) beneficial ownership of such entity.
23
+
24
+ "You" (or "Your") shall mean an individual or Legal Entity
25
+ exercising permissions granted by this License.
26
+
27
+ "Source" form shall mean the preferred form for making modifications,
28
+ including but not limited to software source code, documentation
29
+ source, and configuration files.
30
+
31
+ "Object" form shall mean any form resulting from mechanical
32
+ transformation or translation of a Source form, including but
33
+ not limited to compiled object code, generated documentation,
34
+ and conversions to other media types.
35
+
36
+ "Work" shall mean the work of authorship, whether in Source or
37
+ Object form, made available under the License, as indicated by a
38
+ copyright notice that is included in or attached to the work
39
+ (an example is provided in the Appendix below).
40
+
41
+ "Derivative Works" shall mean any work, whether in Source or Object
42
+ form, that is based on (or derived from) the Work and for which the
43
+ editorial revisions, annotations, elaborations, or other modifications
44
+ represent, as a whole, an original work of authorship. For the purposes
45
+ of this License, Derivative Works shall not include works that remain
46
+ separable from, or merely link (or bind by name) to the interfaces of,
47
+ the Work and Derivative Works thereof.
48
+
49
+ "Contribution" shall mean any work of authorship, including
50
+ the original version of the Work and any modifications or additions
51
+ to that Work or Derivative Works thereof, that is intentionally
52
+ submitted to Licensor for inclusion in the Work by the copyright owner
53
+ or by an individual or Legal Entity authorized to submit on behalf of
54
+ the copyright owner. For the purposes of this definition, "submitted"
55
+ means any form of electronic, verbal, or written communication sent
56
+ to the Licensor or its representatives, including but not limited to
57
+ communication on electronic mailing lists, source code control systems,
58
+ and issue tracking systems that are managed by, or on behalf of, the
59
+ Licensor for the purpose of discussing and improving the Work, but
60
+ excluding communication that is conspicuously marked or otherwise
61
+ designated in writing by the copyright owner as "Not a Contribution."
62
+
63
+ "Contributor" shall mean Licensor and any individual or Legal Entity
64
+ on behalf of whom a Contribution has been received by Licensor and
65
+ subsequently incorporated within the Work.
66
+
67
+ 2. Grant of Copyright License. Subject to the terms and conditions of
68
+ this License, each Contributor hereby grants to You a perpetual,
69
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
70
+ copyright license to reproduce, prepare Derivative Works of,
71
+ publicly display, publicly perform, sublicense, and distribute the
72
+ Work and such Derivative Works in Source or Object form.
73
+
74
+ 3. Grant of Patent License. Subject to the terms and conditions of
75
+ this License, each Contributor hereby grants to You a perpetual,
76
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
77
+ (except as stated in this section) patent license to make, have made,
78
+ use, offer to sell, sell, import, and otherwise transfer the Work,
79
+ where such license applies only to those patent claims licensable
80
+ by such Contributor that are necessarily infringed by their
81
+ Contribution(s) alone or by combination of their Contribution(s)
82
+ with the Work to which such Contribution(s) was submitted. If You
83
+ institute patent litigation against any entity (including a
84
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
85
+ or a Contribution incorporated within the Work constitutes direct
86
+ or contributory patent infringement, then any patent licenses
87
+ granted to You under this License for that Work shall terminate
88
+ as of the date such litigation is filed.
89
+
90
+ 4. Redistribution. You may reproduce and distribute copies of the
91
+ Work or Derivative Works thereof in any medium, with or without
92
+ modifications, and in Source or Object form, provided that You
93
+ meet the following conditions:
94
+
95
+ (a) You must give any other recipients of the Work or
96
+ Derivative Works a copy of this License; and
97
+
98
+ (b) You must cause any modified files to carry prominent notices
99
+ stating that You changed the files; and
100
+
101
+ (c) You must retain, in the Source form of any Derivative Works
102
+ that You distribute, all copyright, patent, trademark, and
103
+ attribution notices from the Source form of the Work,
104
+ excluding those notices that do not pertain to any part of
105
+ the Derivative Works; and
106
+
107
+ (d) If the Work includes a "NOTICE" text file as part of its
108
+ distribution, then any Derivative Works that You distribute must
109
+ include a readable copy of the attribution notices contained
110
+ within such NOTICE file, excluding those notices that do not
111
+ pertain to any part of the Derivative Works, in at least one
112
+ of the following places: within a NOTICE text file distributed
113
+ as part of the Derivative Works; within the Source form or
114
+ documentation, if provided along with the Derivative Works; or,
115
+ within a display generated by the Derivative Works, if and
116
+ wherever such third-party notices normally appear. The contents
117
+ of the NOTICE file are for informational purposes only and
118
+ do not modify the License. You may add Your own attribution
119
+ notices within Derivative Works that You distribute, alongside
120
+ or as an addendum to the NOTICE text from the Work, provided
121
+ that such additional attribution notices cannot be construed
122
+ as modifying the License.
123
+
124
+ You may add Your own copyright statement to Your modifications and
125
+ may provide additional or different license terms and conditions
126
+ for use, reproduction, or distribution of Your modifications, or
127
+ for any such Derivative Works as a whole, provided Your use,
128
+ reproduction, and distribution of the Work otherwise complies with
129
+ the conditions stated in this License.
130
+
131
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
132
+ any Contribution intentionally submitted for inclusion in the Work
133
+ by You to the Licensor shall be under the terms and conditions of
134
+ this License, without any additional terms or conditions.
135
+ Notwithstanding the above, nothing herein shall supersede or modify
136
+ the terms of any separate license agreement you may have executed
137
+ with Licensor regarding such Contributions.
138
+
139
+ 6. Trademarks. This License does not grant permission to use the trade
140
+ names, trademarks, service marks, or product names of the Licensor,
141
+ except as required for reasonable and customary use in describing the
142
+ origin of the Work and reproducing the content of the NOTICE file.
143
+
144
+ 7. Disclaimer of Warranty. Unless required by applicable law or
145
+ agreed to in writing, Licensor provides the Work (and each
146
+ Contributor provides its Contributions) on an "AS IS" BASIS,
147
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
148
+ implied, including, without limitation, any warranties or conditions
149
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
150
+ PARTICULAR PURPOSE. You are solely responsible for determining the
151
+ appropriateness of using or redistributing the Work and assume any
152
+ risks associated with Your exercise of permissions under this License.
153
+
154
+ 8. Limitation of Liability. In no event and under no legal theory,
155
+ whether in tort (including negligence), contract, or otherwise,
156
+ unless required by applicable law (such as deliberate and grossly
157
+ negligent acts) or agreed to in writing, shall any Contributor be
158
+ liable to You for damages, including any direct, indirect, special,
159
+ incidental, or consequential damages of any character arising as a
160
+ result of this License or out of the use or inability to use the
161
+ Work (including but not limited to damages for loss of goodwill,
162
+ work stoppage, computer failure or malfunction, or any and all
163
+ other commercial damages or losses), even if such Contributor
164
+ has been advised of the possibility of such damages.
165
+
166
+ 9. Accepting Warranty or Additional Liability. While redistributing
167
+ the Work or Derivative Works thereof, You may choose to offer,
168
+ and charge a fee for, acceptance of support, warranty, indemnity,
169
+ or other liability obligations and/or rights consistent with this
170
+ License. However, in accepting such obligations, You may act only
171
+ on Your own behalf and on Your sole responsibility, not on behalf
172
+ of any other Contributor, and only if You agree to indemnify,
173
+ defend, and hold each Contributor harmless for any liability
174
+ incurred by, or claims asserted against, such Contributor by reason
175
+ of your accepting any such warranty or additional liability.
176
+
177
+ END OF TERMS AND CONDITIONS
178
+
179
+ APPENDIX: How to apply the Apache License to your work.
180
+
181
+ To apply the Apache License to your work, attach the following
182
+ boilerplate notice, with the fields enclosed by brackets "[]"
183
+ replaced with your own identifying information. (Don't include
184
+ the brackets!) The text should be enclosed in the appropriate
185
+ comment syntax for the file format. We also recommend that a
186
+ file or class name and description of purpose be included on the
187
+ same "printed page" as the copyright notice for easier
188
+ identification within third-party archives.
189
+
190
+ Copyright [yyyy] [name of copyright owner]
191
+
192
+ Licensed under the Apache License, Version 2.0 (the "License");
193
+ you may not use this file except in compliance with the License.
194
+ You may obtain a copy of the License at
195
+
196
+ http://www.apache.org/licenses/LICENSE-2.0
197
+
198
+ Unless required by applicable law or agreed to in writing, software
199
+ distributed under the License is distributed on an "AS IS" BASIS,
200
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
201
+ See the License for the specific language governing permissions and
202
+ limitations under the License.
@@ -0,0 +1,96 @@
1
+ # Simple REST client for version V1beta1 of the Cloud Asset API
2
+
3
+ This is a simple client library for version V1beta1 of the Cloud Asset API. It provides:
4
+
5
+ * A client object that connects to the HTTP/JSON REST endpoint for the service.
6
+ * Ruby objects for data structures related to the service.
7
+ * Integration with the googleauth gem for authentication using OAuth, API keys, and service accounts.
8
+ * Control of retry, pagination, and timeouts.
9
+
10
+ Note that although this client library is supported and will continue to be updated to track changes to the service, it is otherwise considered complete and not under active development. Many Google services, especially Google Cloud Platform services, may provide a more modern client that is under more active development and improvement. See the section below titled *Which client should I use?* for more information.
11
+
12
+ ## Getting started
13
+
14
+ ### Before you begin
15
+
16
+ There are a few setup steps you need to complete before you can use this library:
17
+
18
+ 1. If you don't already have a Google account, [sign up](https://www.google.com/accounts).
19
+ 2. If you have never created a Google APIs Console project, read about [Managing Projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects) and create a project in the [Google API Console](https://console.cloud.google.com/).
20
+ 3. Most APIs need to be enabled for your project. [Enable it](https://console.cloud.google.com/apis/library/cloudasset.googleapis.com) in the console.
21
+
22
+ ### Installation
23
+
24
+ Add this line to your application's Gemfile:
25
+
26
+ ```ruby
27
+ gem 'google-apis-cloudasset_v1beta1', '~> 0.1'
28
+ ```
29
+
30
+ And then execute:
31
+
32
+ ```
33
+ $ bundle
34
+ ```
35
+
36
+ Or install it yourself as:
37
+
38
+ ```
39
+ $ gem install google-apis-cloudasset_v1beta1
40
+ ```
41
+
42
+ ### Creating a client object
43
+
44
+ Once the gem is installed, you can load the client code and instantiate a client.
45
+
46
+ ```ruby
47
+ # Load the client
48
+ require "google/apis/cloudasset_v1beta1"
49
+
50
+ # Create a client object
51
+ client = Google::Apis::CloudassetV1beta1::CloudAssetService.new
52
+
53
+ # Authenticate calls
54
+ client.authentication = # ... use the googleauth gem to create credentials
55
+ ```
56
+
57
+ See the class reference docs for information on the methods you can call from a client.
58
+
59
+ ## Documentation
60
+
61
+ More detailed descriptions of the Google simple REST clients are available in two documents.
62
+
63
+ * The [Usage Guide](https://github.com/googleapis/google-api-ruby-client/blob/master/docs/usage-guide.md) discusses how to make API calls, how to use the provided data structures, and how to work the various features of the client library, including media upload and download, error handling, retries, pagination, and logging.
64
+ * The [Auth Guide](https://github.com/googleapis/google-api-ruby-client/blob/master/docs/auth-guide.md) discusses authentication in the client libraries, including API keys, OAuth 2.0, service accounts, and environment variables.
65
+
66
+ (Note: the above documents are written for the simple REST clients in general, and their examples may not reflect the Cloudasset service in particular.)
67
+
68
+ For reference information on specific calls in the Cloud Asset API, see the {Google::Apis::CloudassetV1beta1::CloudAssetService class reference docs}.
69
+
70
+ ## Which client should I use?
71
+
72
+ Google provides two types of Ruby API client libraries: **simple REST clients** and **modern clients**.
73
+
74
+ This library, `google-apis-cloudasset_v1beta1`, is a simple REST client. You can identify these clients by their gem names, which are always in the form `google-apis-<servicename>_<serviceversion>`. The simple REST clients connect to HTTP/JSON REST endpoints and are automatically generated from service discovery documents. They support most API functionality, but their class interfaces are sometimes awkward.
75
+
76
+ Modern clients are produced by a modern code generator, sometimes combined with hand-crafted functionality. Most modern clients connect to high-performance gRPC endpoints, although a few are backed by REST services. Modern clients are available for many Google services, especially Google Cloud Platform services, but do not yet support all the services covered by the simple clients.
77
+
78
+ Gem names for modern clients are often of the form `google-cloud-<service_name>`. (For example, [google-cloud-pubsub](https://rubygems.org/gems/google-cloud-pubsub).) Note that most modern clients also have corresponding "versioned" gems with names like `google-cloud-<service_name>-<version>`. (For example, [google-cloud-pubsub-v1](https://rubygems.org/gems/google-cloud-pubsub-v1).) The "versioned" gems can be used directly, but often provide lower-level interfaces. In most cases, the main gem is recommended.
79
+
80
+ **For most users, we recommend the modern client, if one is available.** Compared with simple clients, modern clients are generally much easier to use and more Ruby-like, support more advanced features such as streaming and long-running operations, and often provide much better performance. You may consider using a simple client instead, if a modern client is not yet available for the service you want to use, or if you are not able to use gRPC on your infrastructure.
81
+
82
+ The [product documentation](https://cloud.google.com/asset-inventory/docs/quickstart) may provide guidance regarding the preferred client library to use.
83
+
84
+ ## Supported Ruby versions
85
+
86
+ This library is supported on Ruby 2.5+.
87
+
88
+ Google provides official support for Ruby versions that are actively supported by Ruby Core -- that is, Ruby versions that are either in normal maintenance or in security maintenance, and not end of life. Currently, this means Ruby 2.5 and later. Older versions of Ruby _may_ still work, but are unsupported and not recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby support schedule.
89
+
90
+ ## License
91
+
92
+ This library is licensed under Apache 2.0. Full license text is available in the {file:LICENSE.md LICENSE}.
93
+
94
+ ## Support
95
+
96
+ Please [report bugs at the project on Github](https://github.com/google/google-api-ruby-client/issues). Don't hesitate to [ask questions](http://stackoverflow.com/questions/tagged/google-api-ruby-client) about the client or APIs on [StackOverflow](http://stackoverflow.com).
@@ -0,0 +1,15 @@
1
+ # Copyright 2020 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require "google/apis/cloudasset_v1beta1"
@@ -0,0 +1,36 @@
1
+ # Copyright 2020 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require 'google/apis/cloudasset_v1beta1/service.rb'
16
+ require 'google/apis/cloudasset_v1beta1/classes.rb'
17
+ require 'google/apis/cloudasset_v1beta1/representations.rb'
18
+ require 'google/apis/cloudasset_v1beta1/gem_version.rb'
19
+
20
+ module Google
21
+ module Apis
22
+ # Cloud Asset API
23
+ #
24
+ # The cloud asset API manages the history and inventory of cloud resources.
25
+ #
26
+ # @see https://cloud.google.com/asset-inventory/docs/quickstart
27
+ module CloudassetV1beta1
28
+ # Version of the Cloud Asset API this client connects to.
29
+ # This is NOT the gem version.
30
+ VERSION = 'V1beta1'
31
+
32
+ # View and manage your data across Google Cloud Platform services
33
+ AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform'
34
+ end
35
+ end
36
+ end
@@ -0,0 +1,1865 @@
1
+ # Copyright 2020 Google LLC
2
+ #
3
+ # Licensed under the Apache License, Version 2.0 (the "License");
4
+ # you may not use this file except in compliance with the License.
5
+ # You may obtain a copy of the License at
6
+ #
7
+ # http://www.apache.org/licenses/LICENSE-2.0
8
+ #
9
+ # Unless required by applicable law or agreed to in writing, software
10
+ # distributed under the License is distributed on an "AS IS" BASIS,
11
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ # See the License for the specific language governing permissions and
13
+ # limitations under the License.
14
+
15
+ require 'date'
16
+ require 'google/apis/core/base_service'
17
+ require 'google/apis/core/json_representation'
18
+ require 'google/apis/core/hashable'
19
+ require 'google/apis/errors'
20
+
21
+ module Google
22
+ module Apis
23
+ module CloudassetV1beta1
24
+
25
+ # An asset in Google Cloud. An asset can be any resource in the Google Cloud [
26
+ # resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
27
+ # platform-resource-hierarchy), a resource outside the Google Cloud resource
28
+ # hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
29
+ # (e.g. Cloud IAM policy). See [Supported asset types](https://cloud.google.com/
30
+ # asset-inventory/docs/supported-asset-types) for more information.
31
+ class Asset
32
+ include Google::Apis::Core::Hashable
33
+
34
+ # An `AccessLevel` is a label that can be applied to requests to Google Cloud
35
+ # services, along with a list of requirements necessary for the label to be
36
+ # applied.
37
+ # Corresponds to the JSON property `accessLevel`
38
+ # @return [Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1AccessLevel]
39
+ attr_accessor :access_level
40
+
41
+ # `AccessPolicy` is a container for `AccessLevels` (which define the necessary
42
+ # attributes to use Google Cloud services) and `ServicePerimeters` (which define
43
+ # regions of services able to freely pass data within a perimeter). An access
44
+ # policy is globally visible within an organization, and the restrictions it
45
+ # specifies apply to all projects within an organization.
46
+ # Corresponds to the JSON property `accessPolicy`
47
+ # @return [Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1AccessPolicy]
48
+ attr_accessor :access_policy
49
+
50
+ # The type of the asset. Example: `compute.googleapis.com/Disk` See [Supported
51
+ # asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-
52
+ # types) for more information.
53
+ # Corresponds to the JSON property `assetType`
54
+ # @return [String]
55
+ attr_accessor :asset_type
56
+
57
+ # An Identity and Access Management (IAM) policy, which specifies access
58
+ # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
59
+ # A `binding` binds one or more `members` to a single `role`. Members can be
60
+ # user accounts, service accounts, Google groups, and domains (such as G Suite).
61
+ # A `role` is a named list of permissions; each `role` can be an IAM predefined
62
+ # role or a user-created custom role. For some types of Google Cloud resources,
63
+ # a `binding` can also specify a `condition`, which is a logical expression that
64
+ # allows access to a resource only if the expression evaluates to `true`. A
65
+ # condition can add constraints based on attributes of the request, the resource,
66
+ # or both. To learn which resources support conditions in their IAM policies,
67
+ # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
68
+ # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
69
+ # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
70
+ # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
71
+ # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
72
+ # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
73
+ # title": "expirable access", "description": "Does not grant access after Sep
74
+ # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
75
+ # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
76
+ # members: - user:mike@example.com - group:admins@example.com - domain:google.
77
+ # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
78
+ # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
79
+ # roles/resourcemanager.organizationViewer condition: title: expirable access
80
+ # description: Does not grant access after Sep 2020 expression: request.time <
81
+ # timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a
82
+ # description of IAM and its features, see the [IAM documentation](https://cloud.
83
+ # google.com/iam/docs/).
84
+ # Corresponds to the JSON property `iamPolicy`
85
+ # @return [Google::Apis::CloudassetV1beta1::Policy]
86
+ attr_accessor :iam_policy
87
+
88
+ # The full name of the asset. Example: `//compute.googleapis.com/projects/
89
+ # my_project_123/zones/zone1/instances/instance1` See [Resource names](https://
90
+ # cloud.google.com/apis/design/resource_names#full_resource_name) for more
91
+ # information.
92
+ # Corresponds to the JSON property `name`
93
+ # @return [String]
94
+ attr_accessor :name
95
+
96
+ # A representation of an [organization policy](https://cloud.google.com/resource-
97
+ # manager/docs/organization-policy/overview#organization_policy). There can be
98
+ # more than one organization policy with different constraints set on a given
99
+ # resource.
100
+ # Corresponds to the JSON property `orgPolicy`
101
+ # @return [Array<Google::Apis::CloudassetV1beta1::GoogleCloudOrgpolicyV1Policy>]
102
+ attr_accessor :org_policy
103
+
104
+ # A representation of a Google Cloud resource.
105
+ # Corresponds to the JSON property `resource`
106
+ # @return [Google::Apis::CloudassetV1beta1::Resource]
107
+ attr_accessor :resource
108
+
109
+ # `ServicePerimeter` describes a set of Google Cloud resources which can freely
110
+ # import and export data amongst themselves, but not export outside of the `
111
+ # ServicePerimeter`. If a request with a source within this `ServicePerimeter`
112
+ # has a target outside of the `ServicePerimeter`, the request will be blocked.
113
+ # Otherwise the request is allowed. There are two types of Service Perimeter -
114
+ # Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google
115
+ # Cloud project can only belong to a single regular Service Perimeter. Service
116
+ # Perimeter Bridges can contain only Google Cloud projects as members, a single
117
+ # Google Cloud project may belong to multiple Service Perimeter Bridges.
118
+ # Corresponds to the JSON property `servicePerimeter`
119
+ # @return [Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1ServicePerimeter]
120
+ attr_accessor :service_perimeter
121
+
122
+ def initialize(**args)
123
+ update!(**args)
124
+ end
125
+
126
+ # Update properties of this object
127
+ def update!(**args)
128
+ @access_level = args[:access_level] if args.key?(:access_level)
129
+ @access_policy = args[:access_policy] if args.key?(:access_policy)
130
+ @asset_type = args[:asset_type] if args.key?(:asset_type)
131
+ @iam_policy = args[:iam_policy] if args.key?(:iam_policy)
132
+ @name = args[:name] if args.key?(:name)
133
+ @org_policy = args[:org_policy] if args.key?(:org_policy)
134
+ @resource = args[:resource] if args.key?(:resource)
135
+ @service_perimeter = args[:service_perimeter] if args.key?(:service_perimeter)
136
+ end
137
+ end
138
+
139
+ # Specifies the audit configuration for a service. The configuration determines
140
+ # which permission types are logged, and what identities, if any, are exempted
141
+ # from logging. An AuditConfig must have one or more AuditLogConfigs. If there
142
+ # are AuditConfigs for both `allServices` and a specific service, the union of
143
+ # the two AuditConfigs is used for that service: the log_types specified in each
144
+ # AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
145
+ # exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
146
+ # service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
147
+ # exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
148
+ # ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
149
+ # "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
150
+ # , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
151
+ # this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
152
+ # exempts jose@example.com from DATA_READ logging, and aliya@example.com from
153
+ # DATA_WRITE logging.
154
+ class AuditConfig
155
+ include Google::Apis::Core::Hashable
156
+
157
+ # The configuration for logging of each type of permission.
158
+ # Corresponds to the JSON property `auditLogConfigs`
159
+ # @return [Array<Google::Apis::CloudassetV1beta1::AuditLogConfig>]
160
+ attr_accessor :audit_log_configs
161
+
162
+ # Specifies a service that will be enabled for audit logging. For example, `
163
+ # storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
164
+ # value that covers all services.
165
+ # Corresponds to the JSON property `service`
166
+ # @return [String]
167
+ attr_accessor :service
168
+
169
+ def initialize(**args)
170
+ update!(**args)
171
+ end
172
+
173
+ # Update properties of this object
174
+ def update!(**args)
175
+ @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
176
+ @service = args[:service] if args.key?(:service)
177
+ end
178
+ end
179
+
180
+ # Provides the configuration for logging a type of permissions. Example: ` "
181
+ # audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
182
+ # jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
183
+ # DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
184
+ # DATA_READ logging.
185
+ class AuditLogConfig
186
+ include Google::Apis::Core::Hashable
187
+
188
+ # Specifies the identities that do not cause logging for this type of permission.
189
+ # Follows the same format of Binding.members.
190
+ # Corresponds to the JSON property `exemptedMembers`
191
+ # @return [Array<String>]
192
+ attr_accessor :exempted_members
193
+
194
+ # The log type that this config enables.
195
+ # Corresponds to the JSON property `logType`
196
+ # @return [String]
197
+ attr_accessor :log_type
198
+
199
+ def initialize(**args)
200
+ update!(**args)
201
+ end
202
+
203
+ # Update properties of this object
204
+ def update!(**args)
205
+ @exempted_members = args[:exempted_members] if args.key?(:exempted_members)
206
+ @log_type = args[:log_type] if args.key?(:log_type)
207
+ end
208
+ end
209
+
210
+ # Batch get assets history response.
211
+ class BatchGetAssetsHistoryResponse
212
+ include Google::Apis::Core::Hashable
213
+
214
+ # A list of assets with valid time windows.
215
+ # Corresponds to the JSON property `assets`
216
+ # @return [Array<Google::Apis::CloudassetV1beta1::TemporalAsset>]
217
+ attr_accessor :assets
218
+
219
+ def initialize(**args)
220
+ update!(**args)
221
+ end
222
+
223
+ # Update properties of this object
224
+ def update!(**args)
225
+ @assets = args[:assets] if args.key?(:assets)
226
+ end
227
+ end
228
+
229
+ # Associates `members` with a `role`.
230
+ class Binding
231
+ include Google::Apis::Core::Hashable
232
+
233
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
234
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
235
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
236
+ # "Summary size limit" description: "Determines if a summary is less than 100
237
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
238
+ # Requestor is owner" description: "Determines if requestor is the document
239
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
240
+ # Logic): title: "Public documents" description: "Determine whether the document
241
+ # should be publicly visible" expression: "document.type != 'private' &&
242
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
243
+ # string" description: "Create a notification string with a timestamp."
244
+ # expression: "'New message received at ' + string(document.create_time)" The
245
+ # exact variables and functions that may be referenced within an expression are
246
+ # determined by the service that evaluates it. See the service documentation for
247
+ # additional information.
248
+ # Corresponds to the JSON property `condition`
249
+ # @return [Google::Apis::CloudassetV1beta1::Expr]
250
+ attr_accessor :condition
251
+
252
+ # Specifies the identities requesting access for a Cloud Platform resource. `
253
+ # members` can have the following values: * `allUsers`: A special identifier
254
+ # that represents anyone who is on the internet; with or without a Google
255
+ # account. * `allAuthenticatedUsers`: A special identifier that represents
256
+ # anyone who is authenticated with a Google account or a service account. * `
257
+ # user:`emailid``: An email address that represents a specific Google account.
258
+ # For example, `alice@example.com` . * `serviceAccount:`emailid``: An email
259
+ # address that represents a service account. For example, `my-other-app@appspot.
260
+ # gserviceaccount.com`. * `group:`emailid``: An email address that represents a
261
+ # Google group. For example, `admins@example.com`. * `deleted:user:`emailid`?uid=
262
+ # `uniqueid``: An email address (plus unique identifier) representing a user
263
+ # that has been recently deleted. For example, `alice@example.com?uid=
264
+ # 123456789012345678901`. If the user is recovered, this value reverts to `user:`
265
+ # emailid`` and the recovered user retains the role in the binding. * `deleted:
266
+ # serviceAccount:`emailid`?uid=`uniqueid``: An email address (plus unique
267
+ # identifier) representing a service account that has been recently deleted. For
268
+ # example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
269
+ # If the service account is undeleted, this value reverts to `serviceAccount:`
270
+ # emailid`` and the undeleted service account retains the role in the binding. *
271
+ # `deleted:group:`emailid`?uid=`uniqueid``: An email address (plus unique
272
+ # identifier) representing a Google group that has been recently deleted. For
273
+ # example, `admins@example.com?uid=123456789012345678901`. If the group is
274
+ # recovered, this value reverts to `group:`emailid`` and the recovered group
275
+ # retains the role in the binding. * `domain:`domain``: The G Suite domain (
276
+ # primary) that represents all the users of that domain. For example, `google.
277
+ # com` or `example.com`.
278
+ # Corresponds to the JSON property `members`
279
+ # @return [Array<String>]
280
+ attr_accessor :members
281
+
282
+ # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`
283
+ # , or `roles/owner`.
284
+ # Corresponds to the JSON property `role`
285
+ # @return [String]
286
+ attr_accessor :role
287
+
288
+ def initialize(**args)
289
+ update!(**args)
290
+ end
291
+
292
+ # Update properties of this object
293
+ def update!(**args)
294
+ @condition = args[:condition] if args.key?(:condition)
295
+ @members = args[:members] if args.key?(:members)
296
+ @role = args[:role] if args.key?(:role)
297
+ end
298
+ end
299
+
300
+ # Export asset request.
301
+ class ExportAssetsRequest
302
+ include Google::Apis::Core::Hashable
303
+
304
+ # A list of asset types of which to take a snapshot for. For example: "google.
305
+ # compute.Disk". If specified, only matching assets will be returned. See [
306
+ # Introduction to Cloud Asset Inventory](https://cloud.google.com/resource-
307
+ # manager/docs/cloud-asset-inventory/overview) for all supported asset types.
308
+ # Corresponds to the JSON property `assetTypes`
309
+ # @return [Array<String>]
310
+ attr_accessor :asset_types
311
+
312
+ # Asset content type. If not specified, no content but the asset name will be
313
+ # returned.
314
+ # Corresponds to the JSON property `contentType`
315
+ # @return [String]
316
+ attr_accessor :content_type
317
+
318
+ # Output configuration for export assets destination.
319
+ # Corresponds to the JSON property `outputConfig`
320
+ # @return [Google::Apis::CloudassetV1beta1::OutputConfig]
321
+ attr_accessor :output_config
322
+
323
+ # Timestamp to take an asset snapshot. This can only be set to a timestamp
324
+ # between 2018-10-02 UTC (inclusive) and the current time. If not specified, the
325
+ # current time will be used. Due to delays in resource data collection and
326
+ # indexing, there is a volatile window during which running the same query may
327
+ # get different results.
328
+ # Corresponds to the JSON property `readTime`
329
+ # @return [String]
330
+ attr_accessor :read_time
331
+
332
+ def initialize(**args)
333
+ update!(**args)
334
+ end
335
+
336
+ # Update properties of this object
337
+ def update!(**args)
338
+ @asset_types = args[:asset_types] if args.key?(:asset_types)
339
+ @content_type = args[:content_type] if args.key?(:content_type)
340
+ @output_config = args[:output_config] if args.key?(:output_config)
341
+ @read_time = args[:read_time] if args.key?(:read_time)
342
+ end
343
+ end
344
+
345
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
346
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
347
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
348
+ # "Summary size limit" description: "Determines if a summary is less than 100
349
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
350
+ # Requestor is owner" description: "Determines if requestor is the document
351
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
352
+ # Logic): title: "Public documents" description: "Determine whether the document
353
+ # should be publicly visible" expression: "document.type != 'private' &&
354
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
355
+ # string" description: "Create a notification string with a timestamp."
356
+ # expression: "'New message received at ' + string(document.create_time)" The
357
+ # exact variables and functions that may be referenced within an expression are
358
+ # determined by the service that evaluates it. See the service documentation for
359
+ # additional information.
360
+ class Expr
361
+ include Google::Apis::Core::Hashable
362
+
363
+ # Optional. Description of the expression. This is a longer text which describes
364
+ # the expression, e.g. when hovered over it in a UI.
365
+ # Corresponds to the JSON property `description`
366
+ # @return [String]
367
+ attr_accessor :description
368
+
369
+ # Textual representation of an expression in Common Expression Language syntax.
370
+ # Corresponds to the JSON property `expression`
371
+ # @return [String]
372
+ attr_accessor :expression
373
+
374
+ # Optional. String indicating the location of the expression for error reporting,
375
+ # e.g. a file name and a position in the file.
376
+ # Corresponds to the JSON property `location`
377
+ # @return [String]
378
+ attr_accessor :location
379
+
380
+ # Optional. Title for the expression, i.e. a short string describing its purpose.
381
+ # This can be used e.g. in UIs which allow to enter the expression.
382
+ # Corresponds to the JSON property `title`
383
+ # @return [String]
384
+ attr_accessor :title
385
+
386
+ def initialize(**args)
387
+ update!(**args)
388
+ end
389
+
390
+ # Update properties of this object
391
+ def update!(**args)
392
+ @description = args[:description] if args.key?(:description)
393
+ @expression = args[:expression] if args.key?(:expression)
394
+ @location = args[:location] if args.key?(:location)
395
+ @title = args[:title] if args.key?(:title)
396
+ end
397
+ end
398
+
399
+ # A Cloud Storage location.
400
+ class GcsDestination
401
+ include Google::Apis::Core::Hashable
402
+
403
+ # The uri of the Cloud Storage object. It's the same uri that is used by gsutil.
404
+ # For example: "gs://bucket_name/object_name". See [Viewing and Editing Object
405
+ # Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) for
406
+ # more information.
407
+ # Corresponds to the JSON property `uri`
408
+ # @return [String]
409
+ attr_accessor :uri
410
+
411
+ # The uri prefix of all generated Cloud Storage objects. For example: "gs://
412
+ # bucket_name/object_name_prefix". Each object uri is in format: "gs://
413
+ # bucket_name/object_name_prefix// and only contains assets for that type.
414
+ # starts from 0. For example: "gs://bucket_name/object_name_prefix/google.
415
+ # compute.disk/0" is the first shard of output objects containing all google.
416
+ # compute.disk assets. An INVALID_ARGUMENT error will be returned if file with
417
+ # the same name "gs://bucket_name/object_name_prefix" already exists.
418
+ # Corresponds to the JSON property `uriPrefix`
419
+ # @return [String]
420
+ attr_accessor :uri_prefix
421
+
422
+ def initialize(**args)
423
+ update!(**args)
424
+ end
425
+
426
+ # Update properties of this object
427
+ def update!(**args)
428
+ @uri = args[:uri] if args.key?(:uri)
429
+ @uri_prefix = args[:uri_prefix] if args.key?(:uri_prefix)
430
+ end
431
+ end
432
+
433
+ # Used in `policy_type` to specify how `boolean_policy` will behave at this
434
+ # resource.
435
+ class GoogleCloudOrgpolicyV1BooleanPolicy
436
+ include Google::Apis::Core::Hashable
437
+
438
+ # If `true`, then the `Policy` is enforced. If `false`, then any configuration
439
+ # is acceptable. Suppose you have a `Constraint` `constraints/compute.
440
+ # disableSerialPortAccess` with `constraint_default` set to `ALLOW`. A `Policy`
441
+ # for that `Constraint` exhibits the following behavior: - If the `Policy` at
442
+ # this resource has enforced set to `false`, serial port connection attempts
443
+ # will be allowed. - If the `Policy` at this resource has enforced set to `true`,
444
+ # serial port connection attempts will be refused. - If the `Policy` at this
445
+ # resource is `RestoreDefault`, serial port connection attempts will be allowed.
446
+ # - If no `Policy` is set at this resource or anywhere higher in the resource
447
+ # hierarchy, serial port connection attempts will be allowed. - If no `Policy`
448
+ # is set at this resource, but one exists higher in the resource hierarchy, the
449
+ # behavior is as if the`Policy` were set at this resource. The following
450
+ # examples demonstrate the different possible layerings: Example 1 (nearest `
451
+ # Constraint` wins): `organizations/foo` has a `Policy` with: `enforced: false` `
452
+ # projects/bar` has no `Policy` set. The constraint at `projects/bar` and `
453
+ # organizations/foo` will not be enforced. Example 2 (enforcement gets replaced):
454
+ # `organizations/foo` has a `Policy` with: `enforced: false` `projects/bar` has
455
+ # a `Policy` with: `enforced: true` The constraint at `organizations/foo` is not
456
+ # enforced. The constraint at `projects/bar` is enforced. Example 3 (
457
+ # RestoreDefault): `organizations/foo` has a `Policy` with: `enforced: true` `
458
+ # projects/bar` has a `Policy` with: `RestoreDefault: ``` The constraint at `
459
+ # organizations/foo` is enforced. The constraint at `projects/bar` is not
460
+ # enforced, because `constraint_default` for the `Constraint` is `ALLOW`.
461
+ # Corresponds to the JSON property `enforced`
462
+ # @return [Boolean]
463
+ attr_accessor :enforced
464
+ alias_method :enforced?, :enforced
465
+
466
+ def initialize(**args)
467
+ update!(**args)
468
+ end
469
+
470
+ # Update properties of this object
471
+ def update!(**args)
472
+ @enforced = args[:enforced] if args.key?(:enforced)
473
+ end
474
+ end
475
+
476
+ # Used in `policy_type` to specify how `list_policy` behaves at this resource. `
477
+ # ListPolicy` can define specific values and subtrees of Cloud Resource Manager
478
+ # resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed
479
+ # or denied by setting the `allowed_values` and `denied_values` fields. This is
480
+ # achieved by using the `under:` and optional `is:` prefixes. The `under:`
481
+ # prefix is used to denote resource subtree values. The `is:` prefix is used to
482
+ # denote specific values, and is required only if the value contains a ":".
483
+ # Values prefixed with "is:" are treated the same as values with no prefix.
484
+ # Ancestry subtrees must be in one of the following formats: - "projects/", e.g.
485
+ # "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/",
486
+ # e.g. "organizations/1234" The `supports_under` field of the associated `
487
+ # Constraint` defines whether ancestry prefixes can be used. You can set `
488
+ # allowed_values` and `denied_values` in the same `Policy` if `all_values` is `
489
+ # ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
490
+ # values. If `all_values` is set to either `ALLOW` or `DENY`, `allowed_values`
491
+ # and `denied_values` must be unset.
492
+ class GoogleCloudOrgpolicyV1ListPolicy
493
+ include Google::Apis::Core::Hashable
494
+
495
+ # The policy all_values state.
496
+ # Corresponds to the JSON property `allValues`
497
+ # @return [String]
498
+ attr_accessor :all_values
499
+
500
+ # List of values allowed at this resource. Can only be set if `all_values` is
501
+ # set to `ALL_VALUES_UNSPECIFIED`.
502
+ # Corresponds to the JSON property `allowedValues`
503
+ # @return [Array<String>]
504
+ attr_accessor :allowed_values
505
+
506
+ # List of values denied at this resource. Can only be set if `all_values` is set
507
+ # to `ALL_VALUES_UNSPECIFIED`.
508
+ # Corresponds to the JSON property `deniedValues`
509
+ # @return [Array<String>]
510
+ attr_accessor :denied_values
511
+
512
+ # Determines the inheritance behavior for this `Policy`. By default, a `
513
+ # ListPolicy` set at a resource supersedes any `Policy` set anywhere up the
514
+ # resource hierarchy. However, if `inherit_from_parent` is set to `true`, then
515
+ # the values from the effective `Policy` of the parent resource are inherited,
516
+ # meaning the values set in this `Policy` are added to the values inherited up
517
+ # the hierarchy. Setting `Policy` hierarchies that inherit both allowed values
518
+ # and denied values isn't recommended in most circumstances to keep the
519
+ # configuration simple and understandable. However, it is possible to set a `
520
+ # Policy` with `allowed_values` set that inherits a `Policy` with `denied_values`
521
+ # set. In this case, the values that are allowed must be in `allowed_values`
522
+ # and not present in `denied_values`. For example, suppose you have a `
523
+ # Constraint` `constraints/serviceuser.services`, which has a `constraint_type`
524
+ # of `list_constraint`, and with `constraint_default` set to `ALLOW`. Suppose
525
+ # that at the Organization level, a `Policy` is applied that restricts the
526
+ # allowed API activations to ``E1`, `E2``. Then, if a `Policy` is applied to a
527
+ # project below the Organization that has `inherit_from_parent` set to `false`
528
+ # and field all_values set to DENY, then an attempt to activate any API will be
529
+ # denied. The following examples demonstrate different possible layerings for `
530
+ # projects/bar` parented by `organizations/foo`: Example 1 (no inherited values):
531
+ # `organizations/foo` has a `Policy` with values: `allowed_values: "E1"
532
+ # allowed_values:"E2"` `projects/bar` has `inherit_from_parent` `false` and
533
+ # values: `allowed_values: "E3" allowed_values: "E4"` The accepted values at `
534
+ # organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `
535
+ # E3`, and `E4`. Example 2 (inherited values): `organizations/foo` has a `Policy`
536
+ # with values: `allowed_values: "E1" allowed_values:"E2"` `projects/bar` has a `
537
+ # Policy` with values: `value: "E3" value: "E4" inherit_from_parent: true` The
538
+ # accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `
539
+ # projects/bar` are `E1`, `E2`, `E3`, and `E4`. Example 3 (inheriting both
540
+ # allowed and denied values): `organizations/foo` has a `Policy` with values: `
541
+ # allowed_values: "E1" allowed_values: "E2"` `projects/bar` has a `Policy` with:
542
+ # `denied_values: "E1"` The accepted values at `organizations/foo` are `E1`, `E2`
543
+ # . The value accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): `
544
+ # organizations/foo` has a `Policy` with values: `allowed_values: "E1"
545
+ # allowed_values:"E2"` `projects/bar` has a `Policy` with values: `
546
+ # RestoreDefault: ``` The accepted values at `organizations/foo` are `E1`, `E2`.
547
+ # The accepted values at `projects/bar` are either all or none depending on the
548
+ # value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 5 (
549
+ # no policy inherits parent policy): `organizations/foo` has no `Policy` set. `
550
+ # projects/bar` has no `Policy` set. The accepted values at both levels are
551
+ # either all or none depending on the value of `constraint_default` (if `ALLOW`,
552
+ # all; if `DENY`, none). Example 6 (ListConstraint allowing all): `organizations/
553
+ # foo` has a `Policy` with values: `allowed_values: "E1" allowed_values: "E2"` `
554
+ # projects/bar` has a `Policy` with: `all: ALLOW` The accepted values at `
555
+ # organizations/foo` are `E1`, E2`. Any value is accepted at `projects/bar`.
556
+ # Example 7 (ListConstraint allowing none): `organizations/foo` has a `Policy`
557
+ # with values: `allowed_values: "E1" allowed_values: "E2"` `projects/bar` has a `
558
+ # Policy` with: `all: DENY` The accepted values at `organizations/foo` are `E1`,
559
+ # E2`. No value is accepted at `projects/bar`. Example 10 (allowed and denied
560
+ # subtrees of Resource Manager hierarchy): Given the following resource
561
+ # hierarchy O1->`F1, F2`; F1->`P1`; F2->`P2, P3`, `organizations/foo` has a `
562
+ # Policy` with values: `allowed_values: "under:organizations/O1"` `projects/bar`
563
+ # has a `Policy` with: `allowed_values: "under:projects/P3"` `denied_values: "
564
+ # under:folders/F2"` The accepted values at `organizations/foo` are `
565
+ # organizations/O1`, `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`, `
566
+ # projects/P3`. The accepted values at `projects/bar` are `organizations/O1`, `
567
+ # folders/F1`, `projects/P1`.
568
+ # Corresponds to the JSON property `inheritFromParent`
569
+ # @return [Boolean]
570
+ attr_accessor :inherit_from_parent
571
+ alias_method :inherit_from_parent?, :inherit_from_parent
572
+
573
+ # Optional. The Google Cloud Console will try to default to a configuration that
574
+ # matches the value specified in this `Policy`. If `suggested_value` is not set,
575
+ # it will inherit the value specified higher in the hierarchy, unless `
576
+ # inherit_from_parent` is `false`.
577
+ # Corresponds to the JSON property `suggestedValue`
578
+ # @return [String]
579
+ attr_accessor :suggested_value
580
+
581
+ def initialize(**args)
582
+ update!(**args)
583
+ end
584
+
585
+ # Update properties of this object
586
+ def update!(**args)
587
+ @all_values = args[:all_values] if args.key?(:all_values)
588
+ @allowed_values = args[:allowed_values] if args.key?(:allowed_values)
589
+ @denied_values = args[:denied_values] if args.key?(:denied_values)
590
+ @inherit_from_parent = args[:inherit_from_parent] if args.key?(:inherit_from_parent)
591
+ @suggested_value = args[:suggested_value] if args.key?(:suggested_value)
592
+ end
593
+ end
594
+
595
+ # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
596
+ # for configurations of Cloud Platform resources.
597
+ class GoogleCloudOrgpolicyV1Policy
598
+ include Google::Apis::Core::Hashable
599
+
600
+ # Used in `policy_type` to specify how `boolean_policy` will behave at this
601
+ # resource.
602
+ # Corresponds to the JSON property `booleanPolicy`
603
+ # @return [Google::Apis::CloudassetV1beta1::GoogleCloudOrgpolicyV1BooleanPolicy]
604
+ attr_accessor :boolean_policy
605
+
606
+ # The name of the `Constraint` the `Policy` is configuring, for example, `
607
+ # constraints/serviceuser.services`. A [list of available constraints](/resource-
608
+ # manager/docs/organization-policy/org-policy-constraints) is available.
609
+ # Immutable after creation.
610
+ # Corresponds to the JSON property `constraint`
611
+ # @return [String]
612
+ attr_accessor :constraint
613
+
614
+ # An opaque tag indicating the current version of the `Policy`, used for
615
+ # concurrency control. When the `Policy` is returned from either a `GetPolicy`
616
+ # or a `ListOrgPolicy` request, this `etag` indicates the version of the current
617
+ # `Policy` to use when executing a read-modify-write loop. When the `Policy` is
618
+ # returned from a `GetEffectivePolicy` request, the `etag` will be unset. When
619
+ # the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value that was
620
+ # returned from a `GetOrgPolicy` request as part of a read-modify-write loop for
621
+ # concurrency control. Not setting the `etag`in a `SetOrgPolicy` request will
622
+ # result in an unconditional write of the `Policy`.
623
+ # Corresponds to the JSON property `etag`
624
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
625
+ # @return [String]
626
+ attr_accessor :etag
627
+
628
+ # Used in `policy_type` to specify how `list_policy` behaves at this resource. `
629
+ # ListPolicy` can define specific values and subtrees of Cloud Resource Manager
630
+ # resource hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed
631
+ # or denied by setting the `allowed_values` and `denied_values` fields. This is
632
+ # achieved by using the `under:` and optional `is:` prefixes. The `under:`
633
+ # prefix is used to denote resource subtree values. The `is:` prefix is used to
634
+ # denote specific values, and is required only if the value contains a ":".
635
+ # Values prefixed with "is:" are treated the same as values with no prefix.
636
+ # Ancestry subtrees must be in one of the following formats: - "projects/", e.g.
637
+ # "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - "organizations/",
638
+ # e.g. "organizations/1234" The `supports_under` field of the associated `
639
+ # Constraint` defines whether ancestry prefixes can be used. You can set `
640
+ # allowed_values` and `denied_values` in the same `Policy` if `all_values` is `
641
+ # ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
642
+ # values. If `all_values` is set to either `ALLOW` or `DENY`, `allowed_values`
643
+ # and `denied_values` must be unset.
644
+ # Corresponds to the JSON property `listPolicy`
645
+ # @return [Google::Apis::CloudassetV1beta1::GoogleCloudOrgpolicyV1ListPolicy]
646
+ attr_accessor :list_policy
647
+
648
+ # Ignores policies set above this resource and restores the `constraint_default`
649
+ # enforcement behavior of the specific `Constraint` at this resource. Suppose
650
+ # that `constraint_default` is set to `ALLOW` for the `Constraint` `constraints/
651
+ # serviceuser.services`. Suppose that organization foo.com sets a `Policy` at
652
+ # their Organization resource node that restricts the allowed service
653
+ # activations to deny all service activations. They could then set a `Policy`
654
+ # with the `policy_type` `restore_default` on several experimental projects,
655
+ # restoring the `constraint_default` enforcement of the `Constraint` for only
656
+ # those projects, allowing those projects to have all services activated.
657
+ # Corresponds to the JSON property `restoreDefault`
658
+ # @return [Google::Apis::CloudassetV1beta1::GoogleCloudOrgpolicyV1RestoreDefault]
659
+ attr_accessor :restore_default
660
+
661
+ # The time stamp the `Policy` was previously updated. This is set by the server,
662
+ # not specified by the caller, and represents the last time a call to `
663
+ # SetOrgPolicy` was made for that `Policy`. Any value set by the client will be
664
+ # ignored.
665
+ # Corresponds to the JSON property `updateTime`
666
+ # @return [String]
667
+ attr_accessor :update_time
668
+
669
+ # Version of the `Policy`. Default version is 0;
670
+ # Corresponds to the JSON property `version`
671
+ # @return [Fixnum]
672
+ attr_accessor :version
673
+
674
+ def initialize(**args)
675
+ update!(**args)
676
+ end
677
+
678
+ # Update properties of this object
679
+ def update!(**args)
680
+ @boolean_policy = args[:boolean_policy] if args.key?(:boolean_policy)
681
+ @constraint = args[:constraint] if args.key?(:constraint)
682
+ @etag = args[:etag] if args.key?(:etag)
683
+ @list_policy = args[:list_policy] if args.key?(:list_policy)
684
+ @restore_default = args[:restore_default] if args.key?(:restore_default)
685
+ @update_time = args[:update_time] if args.key?(:update_time)
686
+ @version = args[:version] if args.key?(:version)
687
+ end
688
+ end
689
+
690
+ # Ignores policies set above this resource and restores the `constraint_default`
691
+ # enforcement behavior of the specific `Constraint` at this resource. Suppose
692
+ # that `constraint_default` is set to `ALLOW` for the `Constraint` `constraints/
693
+ # serviceuser.services`. Suppose that organization foo.com sets a `Policy` at
694
+ # their Organization resource node that restricts the allowed service
695
+ # activations to deny all service activations. They could then set a `Policy`
696
+ # with the `policy_type` `restore_default` on several experimental projects,
697
+ # restoring the `constraint_default` enforcement of the `Constraint` for only
698
+ # those projects, allowing those projects to have all services activated.
699
+ class GoogleCloudOrgpolicyV1RestoreDefault
700
+ include Google::Apis::Core::Hashable
701
+
702
+ def initialize(**args)
703
+ update!(**args)
704
+ end
705
+
706
+ # Update properties of this object
707
+ def update!(**args)
708
+ end
709
+ end
710
+
711
+ # An `AccessLevel` is a label that can be applied to requests to Google Cloud
712
+ # services, along with a list of requirements necessary for the label to be
713
+ # applied.
714
+ class GoogleIdentityAccesscontextmanagerV1AccessLevel
715
+ include Google::Apis::Core::Hashable
716
+
717
+ # `BasicLevel` is an `AccessLevel` using a set of recommended features.
718
+ # Corresponds to the JSON property `basic`
719
+ # @return [Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1BasicLevel]
720
+ attr_accessor :basic
721
+
722
+ # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language
723
+ # to represent the necessary conditions for the level to apply to a request. See
724
+ # CEL spec at: https://github.com/google/cel-spec
725
+ # Corresponds to the JSON property `custom`
726
+ # @return [Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1CustomLevel]
727
+ attr_accessor :custom
728
+
729
+ # Description of the `AccessLevel` and its use. Does not affect behavior.
730
+ # Corresponds to the JSON property `description`
731
+ # @return [String]
732
+ attr_accessor :description
733
+
734
+ # Required. Resource name for the Access Level. The `short_name` component must
735
+ # begin with a letter and only include alphanumeric and '_'. Format: `
736
+ # accessPolicies/`policy_id`/accessLevels/`short_name``. The maximum length of
737
+ # the `short_name` component is 50 characters.
738
+ # Corresponds to the JSON property `name`
739
+ # @return [String]
740
+ attr_accessor :name
741
+
742
+ # Human readable title. Must be unique within the Policy.
743
+ # Corresponds to the JSON property `title`
744
+ # @return [String]
745
+ attr_accessor :title
746
+
747
+ def initialize(**args)
748
+ update!(**args)
749
+ end
750
+
751
+ # Update properties of this object
752
+ def update!(**args)
753
+ @basic = args[:basic] if args.key?(:basic)
754
+ @custom = args[:custom] if args.key?(:custom)
755
+ @description = args[:description] if args.key?(:description)
756
+ @name = args[:name] if args.key?(:name)
757
+ @title = args[:title] if args.key?(:title)
758
+ end
759
+ end
760
+
761
+ # `AccessPolicy` is a container for `AccessLevels` (which define the necessary
762
+ # attributes to use Google Cloud services) and `ServicePerimeters` (which define
763
+ # regions of services able to freely pass data within a perimeter). An access
764
+ # policy is globally visible within an organization, and the restrictions it
765
+ # specifies apply to all projects within an organization.
766
+ class GoogleIdentityAccesscontextmanagerV1AccessPolicy
767
+ include Google::Apis::Core::Hashable
768
+
769
+ # Output only. An opaque identifier for the current version of the `AccessPolicy`
770
+ # . This will always be a strongly validated etag, meaning that two Access
771
+ # Polices will be identical if and only if their etags are identical. Clients
772
+ # should not expect this to be in any specific format.
773
+ # Corresponds to the JSON property `etag`
774
+ # @return [String]
775
+ attr_accessor :etag
776
+
777
+ # Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/`
778
+ # policy_id``
779
+ # Corresponds to the JSON property `name`
780
+ # @return [String]
781
+ attr_accessor :name
782
+
783
+ # Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy.
784
+ # Currently immutable once created. Format: `organizations/`organization_id``
785
+ # Corresponds to the JSON property `parent`
786
+ # @return [String]
787
+ attr_accessor :parent
788
+
789
+ # Required. Human readable title. Does not affect behavior.
790
+ # Corresponds to the JSON property `title`
791
+ # @return [String]
792
+ attr_accessor :title
793
+
794
+ def initialize(**args)
795
+ update!(**args)
796
+ end
797
+
798
+ # Update properties of this object
799
+ def update!(**args)
800
+ @etag = args[:etag] if args.key?(:etag)
801
+ @name = args[:name] if args.key?(:name)
802
+ @parent = args[:parent] if args.key?(:parent)
803
+ @title = args[:title] if args.key?(:title)
804
+ end
805
+ end
806
+
807
+ # Identification for an API Operation.
808
+ class GoogleIdentityAccesscontextmanagerV1ApiOperation
809
+ include Google::Apis::Core::Hashable
810
+
811
+ # API methods or permissions to allow. Method or permission must belong to the
812
+ # service specified by `service_name` field. A single MethodSelector entry with `
813
+ # *` specified for the `method` field will allow all methods AND permissions for
814
+ # the service specified in `service_name`.
815
+ # Corresponds to the JSON property `methodSelectors`
816
+ # @return [Array<Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1MethodSelector>]
817
+ attr_accessor :method_selectors
818
+
819
+ # The name of the API whose methods or permissions the IngressPolicy or
820
+ # EgressPolicy want to allow. A single ApiOperation with `service_name` field
821
+ # set to `*` will allow all methods AND permissions for all services.
822
+ # Corresponds to the JSON property `serviceName`
823
+ # @return [String]
824
+ attr_accessor :service_name
825
+
826
+ def initialize(**args)
827
+ update!(**args)
828
+ end
829
+
830
+ # Update properties of this object
831
+ def update!(**args)
832
+ @method_selectors = args[:method_selectors] if args.key?(:method_selectors)
833
+ @service_name = args[:service_name] if args.key?(:service_name)
834
+ end
835
+ end
836
+
837
+ # `BasicLevel` is an `AccessLevel` using a set of recommended features.
838
+ class GoogleIdentityAccesscontextmanagerV1BasicLevel
839
+ include Google::Apis::Core::Hashable
840
+
841
+ # How the `conditions` list should be combined to determine if a request is
842
+ # granted this `AccessLevel`. If AND is used, each `Condition` in `conditions`
843
+ # must be satisfied for the `AccessLevel` to be applied. If OR is used, at least
844
+ # one `Condition` in `conditions` must be satisfied for the `AccessLevel` to be
845
+ # applied. Default behavior is AND.
846
+ # Corresponds to the JSON property `combiningFunction`
847
+ # @return [String]
848
+ attr_accessor :combining_function
849
+
850
+ # Required. A list of requirements for the `AccessLevel` to be granted.
851
+ # Corresponds to the JSON property `conditions`
852
+ # @return [Array<Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1Condition>]
853
+ attr_accessor :conditions
854
+
855
+ def initialize(**args)
856
+ update!(**args)
857
+ end
858
+
859
+ # Update properties of this object
860
+ def update!(**args)
861
+ @combining_function = args[:combining_function] if args.key?(:combining_function)
862
+ @conditions = args[:conditions] if args.key?(:conditions)
863
+ end
864
+ end
865
+
866
+ # A condition necessary for an `AccessLevel` to be granted. The Condition is an
867
+ # AND over its fields. So a Condition is true if: 1) the request IP is from one
868
+ # of the listed subnetworks AND 2) the originating device complies with the
869
+ # listed device policy AND 3) all listed access levels are granted AND 4) the
870
+ # request was sent at a time allowed by the DateTimeRestriction.
871
+ class GoogleIdentityAccesscontextmanagerV1Condition
872
+ include Google::Apis::Core::Hashable
873
+
874
+ # `DevicePolicy` specifies device specific restrictions necessary to acquire a
875
+ # given access level. A `DevicePolicy` specifies requirements for requests from
876
+ # devices to be granted access levels, it does not do any enforcement on the
877
+ # device. `DevicePolicy` acts as an AND over all specified fields, and each
878
+ # repeated field is an OR over its elements. Any unset fields are ignored. For
879
+ # example, if the proto is ` os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX,
880
+ # encryption_status: ENCRYPTED`, then the DevicePolicy will be true for requests
881
+ # originating from encrypted Linux desktops and encrypted Windows desktops.
882
+ # Corresponds to the JSON property `devicePolicy`
883
+ # @return [Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1DevicePolicy]
884
+ attr_accessor :device_policy
885
+
886
+ # CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a
887
+ # CIDR IP address block, the specified IP address portion must be properly
888
+ # truncated (i.e. all the host bits must be zero) or the input is considered
889
+ # malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not.
890
+ # Similarly, for IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is
891
+ # not. The originating IP of a request must be in one of the listed subnets in
892
+ # order for this Condition to be true. If empty, all IP addresses are allowed.
893
+ # Corresponds to the JSON property `ipSubnetworks`
894
+ # @return [Array<String>]
895
+ attr_accessor :ip_subnetworks
896
+
897
+ # The request must be made by one of the provided user or service accounts.
898
+ # Groups are not supported. Syntax: `user:`emailid`` `serviceAccount:`emailid``
899
+ # If not specified, a request may come from any user.
900
+ # Corresponds to the JSON property `members`
901
+ # @return [Array<String>]
902
+ attr_accessor :members
903
+
904
+ # Whether to negate the Condition. If true, the Condition becomes a NAND over
905
+ # its non-empty fields, each field must be false for the Condition overall to be
906
+ # satisfied. Defaults to false.
907
+ # Corresponds to the JSON property `negate`
908
+ # @return [Boolean]
909
+ attr_accessor :negate
910
+ alias_method :negate?, :negate
911
+
912
+ # The request must originate from one of the provided countries/regions. Must be
913
+ # valid ISO 3166-1 alpha-2 codes.
914
+ # Corresponds to the JSON property `regions`
915
+ # @return [Array<String>]
916
+ attr_accessor :regions
917
+
918
+ # A list of other access levels defined in the same `Policy`, referenced by
919
+ # resource name. Referencing an `AccessLevel` which does not exist is an error.
920
+ # All access levels listed must be granted for the Condition to be true. Example:
921
+ # "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
922
+ # Corresponds to the JSON property `requiredAccessLevels`
923
+ # @return [Array<String>]
924
+ attr_accessor :required_access_levels
925
+
926
+ def initialize(**args)
927
+ update!(**args)
928
+ end
929
+
930
+ # Update properties of this object
931
+ def update!(**args)
932
+ @device_policy = args[:device_policy] if args.key?(:device_policy)
933
+ @ip_subnetworks = args[:ip_subnetworks] if args.key?(:ip_subnetworks)
934
+ @members = args[:members] if args.key?(:members)
935
+ @negate = args[:negate] if args.key?(:negate)
936
+ @regions = args[:regions] if args.key?(:regions)
937
+ @required_access_levels = args[:required_access_levels] if args.key?(:required_access_levels)
938
+ end
939
+ end
940
+
941
+ # `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language
942
+ # to represent the necessary conditions for the level to apply to a request. See
943
+ # CEL spec at: https://github.com/google/cel-spec
944
+ class GoogleIdentityAccesscontextmanagerV1CustomLevel
945
+ include Google::Apis::Core::Hashable
946
+
947
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
948
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
949
+ # documented at https://github.com/google/cel-spec. Example (Comparison): title:
950
+ # "Summary size limit" description: "Determines if a summary is less than 100
951
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
952
+ # Requestor is owner" description: "Determines if requestor is the document
953
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
954
+ # Logic): title: "Public documents" description: "Determine whether the document
955
+ # should be publicly visible" expression: "document.type != 'private' &&
956
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
957
+ # string" description: "Create a notification string with a timestamp."
958
+ # expression: "'New message received at ' + string(document.create_time)" The
959
+ # exact variables and functions that may be referenced within an expression are
960
+ # determined by the service that evaluates it. See the service documentation for
961
+ # additional information.
962
+ # Corresponds to the JSON property `expr`
963
+ # @return [Google::Apis::CloudassetV1beta1::Expr]
964
+ attr_accessor :expr
965
+
966
+ def initialize(**args)
967
+ update!(**args)
968
+ end
969
+
970
+ # Update properties of this object
971
+ def update!(**args)
972
+ @expr = args[:expr] if args.key?(:expr)
973
+ end
974
+ end
975
+
976
+ # `DevicePolicy` specifies device specific restrictions necessary to acquire a
977
+ # given access level. A `DevicePolicy` specifies requirements for requests from
978
+ # devices to be granted access levels, it does not do any enforcement on the
979
+ # device. `DevicePolicy` acts as an AND over all specified fields, and each
980
+ # repeated field is an OR over its elements. Any unset fields are ignored. For
981
+ # example, if the proto is ` os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX,
982
+ # encryption_status: ENCRYPTED`, then the DevicePolicy will be true for requests
983
+ # originating from encrypted Linux desktops and encrypted Windows desktops.
984
+ class GoogleIdentityAccesscontextmanagerV1DevicePolicy
985
+ include Google::Apis::Core::Hashable
986
+
987
+ # Allowed device management levels, an empty list allows all management levels.
988
+ # Corresponds to the JSON property `allowedDeviceManagementLevels`
989
+ # @return [Array<String>]
990
+ attr_accessor :allowed_device_management_levels
991
+
992
+ # Allowed encryptions statuses, an empty list allows all statuses.
993
+ # Corresponds to the JSON property `allowedEncryptionStatuses`
994
+ # @return [Array<String>]
995
+ attr_accessor :allowed_encryption_statuses
996
+
997
+ # Allowed OS versions, an empty list allows all types and all versions.
998
+ # Corresponds to the JSON property `osConstraints`
999
+ # @return [Array<Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1OsConstraint>]
1000
+ attr_accessor :os_constraints
1001
+
1002
+ # Whether the device needs to be approved by the customer admin.
1003
+ # Corresponds to the JSON property `requireAdminApproval`
1004
+ # @return [Boolean]
1005
+ attr_accessor :require_admin_approval
1006
+ alias_method :require_admin_approval?, :require_admin_approval
1007
+
1008
+ # Whether the device needs to be corp owned.
1009
+ # Corresponds to the JSON property `requireCorpOwned`
1010
+ # @return [Boolean]
1011
+ attr_accessor :require_corp_owned
1012
+ alias_method :require_corp_owned?, :require_corp_owned
1013
+
1014
+ # Whether or not screenlock is required for the DevicePolicy to be true.
1015
+ # Defaults to `false`.
1016
+ # Corresponds to the JSON property `requireScreenlock`
1017
+ # @return [Boolean]
1018
+ attr_accessor :require_screenlock
1019
+ alias_method :require_screenlock?, :require_screenlock
1020
+
1021
+ def initialize(**args)
1022
+ update!(**args)
1023
+ end
1024
+
1025
+ # Update properties of this object
1026
+ def update!(**args)
1027
+ @allowed_device_management_levels = args[:allowed_device_management_levels] if args.key?(:allowed_device_management_levels)
1028
+ @allowed_encryption_statuses = args[:allowed_encryption_statuses] if args.key?(:allowed_encryption_statuses)
1029
+ @os_constraints = args[:os_constraints] if args.key?(:os_constraints)
1030
+ @require_admin_approval = args[:require_admin_approval] if args.key?(:require_admin_approval)
1031
+ @require_corp_owned = args[:require_corp_owned] if args.key?(:require_corp_owned)
1032
+ @require_screenlock = args[:require_screenlock] if args.key?(:require_screenlock)
1033
+ end
1034
+ end
1035
+
1036
+ # Defines the conditions under which an EgressPolicy matches a request.
1037
+ # Conditions based on information about the source of the request. Note that if
1038
+ # the destination of the request is protected by a ServicePerimeter, then that
1039
+ # ServicePerimeter must have an IngressPolicy which allows access in order for
1040
+ # this request to succeed.
1041
+ class GoogleIdentityAccesscontextmanagerV1EgressFrom
1042
+ include Google::Apis::Core::Hashable
1043
+
1044
+ # A list of identities that are allowed access through this [EgressPolicy].
1045
+ # Should be in the format of email address. The email address should represent
1046
+ # individual user or service account only.
1047
+ # Corresponds to the JSON property `identities`
1048
+ # @return [Array<String>]
1049
+ attr_accessor :identities
1050
+
1051
+ # Specifies the type of identities that are allowed access to outside the
1052
+ # perimeter. If left unspecified, then members of `identities` field will be
1053
+ # allowed access.
1054
+ # Corresponds to the JSON property `identityType`
1055
+ # @return [String]
1056
+ attr_accessor :identity_type
1057
+
1058
+ def initialize(**args)
1059
+ update!(**args)
1060
+ end
1061
+
1062
+ # Update properties of this object
1063
+ def update!(**args)
1064
+ @identities = args[:identities] if args.key?(:identities)
1065
+ @identity_type = args[:identity_type] if args.key?(:identity_type)
1066
+ end
1067
+ end
1068
+
1069
+ # Policy for egress from perimeter. EgressPolicies match requests based on `
1070
+ # egress_from` and `egress_to` stanzas. For an EgressPolicy to match, both `
1071
+ # egress_from` and `egress_to` stanzas must be matched. If an EgressPolicy
1072
+ # matches a request, the request is allowed to span the ServicePerimeter
1073
+ # boundary. For example, an EgressPolicy can be used to allow VMs on networks
1074
+ # within the ServicePerimeter to access a defined set of projects outside the
1075
+ # perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket
1076
+ # or query against a BigQuery dataset). EgressPolicies are concerned with the *
1077
+ # resources* that a request relates as well as the API services and API actions
1078
+ # being used. They do not related to the direction of data movement. More
1079
+ # detailed documentation for this concept can be found in the descriptions of
1080
+ # EgressFrom and EgressTo.
1081
+ class GoogleIdentityAccesscontextmanagerV1EgressPolicy
1082
+ include Google::Apis::Core::Hashable
1083
+
1084
+ # Defines the conditions under which an EgressPolicy matches a request.
1085
+ # Conditions based on information about the source of the request. Note that if
1086
+ # the destination of the request is protected by a ServicePerimeter, then that
1087
+ # ServicePerimeter must have an IngressPolicy which allows access in order for
1088
+ # this request to succeed.
1089
+ # Corresponds to the JSON property `egressFrom`
1090
+ # @return [Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1EgressFrom]
1091
+ attr_accessor :egress_from
1092
+
1093
+ # Defines the conditions under which an EgressPolicy matches a request.
1094
+ # Conditions are based on information about the ApiOperation intended to be
1095
+ # performed on the `resources` specified. Note that if the destination of the
1096
+ # request is protected by a ServicePerimeter, then that ServicePerimeter must
1097
+ # have an IngressPolicy which allows access in order for this request to succeed.
1098
+ # Corresponds to the JSON property `egressTo`
1099
+ # @return [Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1EgressTo]
1100
+ attr_accessor :egress_to
1101
+
1102
+ def initialize(**args)
1103
+ update!(**args)
1104
+ end
1105
+
1106
+ # Update properties of this object
1107
+ def update!(**args)
1108
+ @egress_from = args[:egress_from] if args.key?(:egress_from)
1109
+ @egress_to = args[:egress_to] if args.key?(:egress_to)
1110
+ end
1111
+ end
1112
+
1113
+ # Defines the conditions under which an EgressPolicy matches a request.
1114
+ # Conditions are based on information about the ApiOperation intended to be
1115
+ # performed on the `resources` specified. Note that if the destination of the
1116
+ # request is protected by a ServicePerimeter, then that ServicePerimeter must
1117
+ # have an IngressPolicy which allows access in order for this request to succeed.
1118
+ class GoogleIdentityAccesscontextmanagerV1EgressTo
1119
+ include Google::Apis::Core::Hashable
1120
+
1121
+ # A list of ApiOperations that this egress rule applies to. A request matches if
1122
+ # it contains an operation/service in this list.
1123
+ # Corresponds to the JSON property `operations`
1124
+ # @return [Array<Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1ApiOperation>]
1125
+ attr_accessor :operations
1126
+
1127
+ # A list of resources, currently only projects in the form `projects/`, that
1128
+ # match this to stanza. A request matches if it contains a resource in this list.
1129
+ # If `*` is specified for resources, then this EgressTo rule will authorize
1130
+ # access to all resources outside the perimeter.
1131
+ # Corresponds to the JSON property `resources`
1132
+ # @return [Array<String>]
1133
+ attr_accessor :resources
1134
+
1135
+ def initialize(**args)
1136
+ update!(**args)
1137
+ end
1138
+
1139
+ # Update properties of this object
1140
+ def update!(**args)
1141
+ @operations = args[:operations] if args.key?(:operations)
1142
+ @resources = args[:resources] if args.key?(:resources)
1143
+ end
1144
+ end
1145
+
1146
+ # Defines the conditions under which an IngressPolicy matches a request.
1147
+ # Conditions are based on information about the source of the request.
1148
+ class GoogleIdentityAccesscontextmanagerV1IngressFrom
1149
+ include Google::Apis::Core::Hashable
1150
+
1151
+ # A list of identities that are allowed access through this ingress policy.
1152
+ # Should be in the format of email address. The email address should represent
1153
+ # individual user or service account only.
1154
+ # Corresponds to the JSON property `identities`
1155
+ # @return [Array<String>]
1156
+ attr_accessor :identities
1157
+
1158
+ # Specifies the type of identities that are allowed access from outside the
1159
+ # perimeter. If left unspecified, then members of `identities` field will be
1160
+ # allowed access.
1161
+ # Corresponds to the JSON property `identityType`
1162
+ # @return [String]
1163
+ attr_accessor :identity_type
1164
+
1165
+ # Sources that this IngressPolicy authorizes access from.
1166
+ # Corresponds to the JSON property `sources`
1167
+ # @return [Array<Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1IngressSource>]
1168
+ attr_accessor :sources
1169
+
1170
+ def initialize(**args)
1171
+ update!(**args)
1172
+ end
1173
+
1174
+ # Update properties of this object
1175
+ def update!(**args)
1176
+ @identities = args[:identities] if args.key?(:identities)
1177
+ @identity_type = args[:identity_type] if args.key?(:identity_type)
1178
+ @sources = args[:sources] if args.key?(:sources)
1179
+ end
1180
+ end
1181
+
1182
+ # Policy for ingress into ServicePerimeter. IngressPolicies match requests based
1183
+ # on `ingress_from` and `ingress_to` stanzas. For an ingress policy to match,
1184
+ # both the `ingress_from` and `ingress_to` stanzas must be matched. If an
1185
+ # IngressPolicy matches a request, the request is allowed through the perimeter
1186
+ # boundary from outside the perimeter. For example, access from the internet can
1187
+ # be allowed either based on an AccessLevel or, for traffic hosted on Google
1188
+ # Cloud, the project of the source network. For access from private networks,
1189
+ # using the project of the hosting network is required. Individual ingress
1190
+ # policies can be limited by restricting which services and/or actions they
1191
+ # match using the `ingress_to` field.
1192
+ class GoogleIdentityAccesscontextmanagerV1IngressPolicy
1193
+ include Google::Apis::Core::Hashable
1194
+
1195
+ # Defines the conditions under which an IngressPolicy matches a request.
1196
+ # Conditions are based on information about the source of the request.
1197
+ # Corresponds to the JSON property `ingressFrom`
1198
+ # @return [Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1IngressFrom]
1199
+ attr_accessor :ingress_from
1200
+
1201
+ # Defines the conditions under which an IngressPolicy matches a request.
1202
+ # Conditions are based on information about the ApiOperation intended to be
1203
+ # performed on the destination of the request.
1204
+ # Corresponds to the JSON property `ingressTo`
1205
+ # @return [Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1IngressTo]
1206
+ attr_accessor :ingress_to
1207
+
1208
+ def initialize(**args)
1209
+ update!(**args)
1210
+ end
1211
+
1212
+ # Update properties of this object
1213
+ def update!(**args)
1214
+ @ingress_from = args[:ingress_from] if args.key?(:ingress_from)
1215
+ @ingress_to = args[:ingress_to] if args.key?(:ingress_to)
1216
+ end
1217
+ end
1218
+
1219
+ # The source that IngressPolicy authorizes access from.
1220
+ class GoogleIdentityAccesscontextmanagerV1IngressSource
1221
+ include Google::Apis::Core::Hashable
1222
+
1223
+ # An AccessLevel resource name that allow resources within the ServicePerimeters
1224
+ # to be accessed from the internet. AccessLevels listed must be in the same
1225
+ # policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will
1226
+ # cause an error. If no AccessLevel names are listed, resources within the
1227
+ # perimeter can only be accessed via Google Cloud calls with request origins
1228
+ # within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`
1229
+ # . If `*` is specified, then all IngressSources will be allowed.
1230
+ # Corresponds to the JSON property `accessLevel`
1231
+ # @return [String]
1232
+ attr_accessor :access_level
1233
+
1234
+ # A Google Cloud resource that is allowed to ingress the perimeter. Requests
1235
+ # from these resources will be allowed to access perimeter data. Currently only
1236
+ # projects are allowed. Format: `projects/`project_number`` The project may be
1237
+ # in any Google Cloud organization, not just the organization that the perimeter
1238
+ # is defined in. `*` is not allowed, the case of allowing all Google Cloud
1239
+ # resources only is not supported.
1240
+ # Corresponds to the JSON property `resource`
1241
+ # @return [String]
1242
+ attr_accessor :resource
1243
+
1244
+ def initialize(**args)
1245
+ update!(**args)
1246
+ end
1247
+
1248
+ # Update properties of this object
1249
+ def update!(**args)
1250
+ @access_level = args[:access_level] if args.key?(:access_level)
1251
+ @resource = args[:resource] if args.key?(:resource)
1252
+ end
1253
+ end
1254
+
1255
+ # Defines the conditions under which an IngressPolicy matches a request.
1256
+ # Conditions are based on information about the ApiOperation intended to be
1257
+ # performed on the destination of the request.
1258
+ class GoogleIdentityAccesscontextmanagerV1IngressTo
1259
+ include Google::Apis::Core::Hashable
1260
+
1261
+ # A list of ApiOperations the sources specified in corresponding IngressFrom are
1262
+ # allowed to perform in this ServicePerimeter.
1263
+ # Corresponds to the JSON property `operations`
1264
+ # @return [Array<Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1ApiOperation>]
1265
+ attr_accessor :operations
1266
+
1267
+ # A list of resources, currently only projects in the form `projects/`,
1268
+ # protected by this ServicePerimeter that are allowed to be accessed by sources
1269
+ # defined in the corresponding IngressFrom. A request matches if it contains a
1270
+ # resource in this list. If `*` is specified for resources, then this IngressTo
1271
+ # rule will authorize access to all resources inside the perimeter, provided
1272
+ # that the request also matches the `operations` field.
1273
+ # Corresponds to the JSON property `resources`
1274
+ # @return [Array<String>]
1275
+ attr_accessor :resources
1276
+
1277
+ def initialize(**args)
1278
+ update!(**args)
1279
+ end
1280
+
1281
+ # Update properties of this object
1282
+ def update!(**args)
1283
+ @operations = args[:operations] if args.key?(:operations)
1284
+ @resources = args[:resources] if args.key?(:resources)
1285
+ end
1286
+ end
1287
+
1288
+ # An allowed method or permission of a service specified in ApiOperation.
1289
+ class GoogleIdentityAccesscontextmanagerV1MethodSelector
1290
+ include Google::Apis::Core::Hashable
1291
+
1292
+ # Value for `method` should be a valid method name for the corresponding `
1293
+ # service_name` in ApiOperation. If `*` used as value for `method`, then ALL
1294
+ # methods and permissions are allowed.
1295
+ # Corresponds to the JSON property `method`
1296
+ # @return [String]
1297
+ attr_accessor :method_prop
1298
+
1299
+ # Value for `permission` should be a valid Cloud IAM permission for the
1300
+ # corresponding `service_name` in ApiOperation.
1301
+ # Corresponds to the JSON property `permission`
1302
+ # @return [String]
1303
+ attr_accessor :permission
1304
+
1305
+ def initialize(**args)
1306
+ update!(**args)
1307
+ end
1308
+
1309
+ # Update properties of this object
1310
+ def update!(**args)
1311
+ @method_prop = args[:method_prop] if args.key?(:method_prop)
1312
+ @permission = args[:permission] if args.key?(:permission)
1313
+ end
1314
+ end
1315
+
1316
+ # A restriction on the OS type and version of devices making requests.
1317
+ class GoogleIdentityAccesscontextmanagerV1OsConstraint
1318
+ include Google::Apis::Core::Hashable
1319
+
1320
+ # The minimum allowed OS version. If not set, any version of this OS satisfies
1321
+ # the constraint. Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"
1322
+ # `.
1323
+ # Corresponds to the JSON property `minimumVersion`
1324
+ # @return [String]
1325
+ attr_accessor :minimum_version
1326
+
1327
+ # Required. The allowed OS type.
1328
+ # Corresponds to the JSON property `osType`
1329
+ # @return [String]
1330
+ attr_accessor :os_type
1331
+
1332
+ # Only allows requests from devices with a verified Chrome OS. Verifications
1333
+ # includes requirements that the device is enterprise-managed, conformant to
1334
+ # domain policies, and the caller has permission to call the API targeted by the
1335
+ # request.
1336
+ # Corresponds to the JSON property `requireVerifiedChromeOs`
1337
+ # @return [Boolean]
1338
+ attr_accessor :require_verified_chrome_os
1339
+ alias_method :require_verified_chrome_os?, :require_verified_chrome_os
1340
+
1341
+ def initialize(**args)
1342
+ update!(**args)
1343
+ end
1344
+
1345
+ # Update properties of this object
1346
+ def update!(**args)
1347
+ @minimum_version = args[:minimum_version] if args.key?(:minimum_version)
1348
+ @os_type = args[:os_type] if args.key?(:os_type)
1349
+ @require_verified_chrome_os = args[:require_verified_chrome_os] if args.key?(:require_verified_chrome_os)
1350
+ end
1351
+ end
1352
+
1353
+ # `ServicePerimeter` describes a set of Google Cloud resources which can freely
1354
+ # import and export data amongst themselves, but not export outside of the `
1355
+ # ServicePerimeter`. If a request with a source within this `ServicePerimeter`
1356
+ # has a target outside of the `ServicePerimeter`, the request will be blocked.
1357
+ # Otherwise the request is allowed. There are two types of Service Perimeter -
1358
+ # Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google
1359
+ # Cloud project can only belong to a single regular Service Perimeter. Service
1360
+ # Perimeter Bridges can contain only Google Cloud projects as members, a single
1361
+ # Google Cloud project may belong to multiple Service Perimeter Bridges.
1362
+ class GoogleIdentityAccesscontextmanagerV1ServicePerimeter
1363
+ include Google::Apis::Core::Hashable
1364
+
1365
+ # Description of the `ServicePerimeter` and its use. Does not affect behavior.
1366
+ # Corresponds to the JSON property `description`
1367
+ # @return [String]
1368
+ attr_accessor :description
1369
+
1370
+ # Required. Resource name for the ServicePerimeter. The `short_name` component
1371
+ # must begin with a letter and only include alphanumeric and '_'. Format: `
1372
+ # accessPolicies/`policy_id`/servicePerimeters/`short_name``
1373
+ # Corresponds to the JSON property `name`
1374
+ # @return [String]
1375
+ attr_accessor :name
1376
+
1377
+ # Perimeter type indicator. A single project is allowed to be a member of single
1378
+ # regular perimeter, but multiple service perimeter bridges. A project cannot be
1379
+ # a included in a perimeter bridge without being included in regular perimeter.
1380
+ # For perimeter bridges, the restricted service list as well as access level
1381
+ # lists must be empty.
1382
+ # Corresponds to the JSON property `perimeterType`
1383
+ # @return [String]
1384
+ attr_accessor :perimeter_type
1385
+
1386
+ # `ServicePerimeterConfig` specifies a set of Google Cloud resources that
1387
+ # describe specific Service Perimeter configuration.
1388
+ # Corresponds to the JSON property `spec`
1389
+ # @return [Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig]
1390
+ attr_accessor :spec
1391
+
1392
+ # `ServicePerimeterConfig` specifies a set of Google Cloud resources that
1393
+ # describe specific Service Perimeter configuration.
1394
+ # Corresponds to the JSON property `status`
1395
+ # @return [Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig]
1396
+ attr_accessor :status
1397
+
1398
+ # Human readable title. Must be unique within the Policy.
1399
+ # Corresponds to the JSON property `title`
1400
+ # @return [String]
1401
+ attr_accessor :title
1402
+
1403
+ # Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists
1404
+ # for all Service Perimeters, and that spec is identical to the status for those
1405
+ # Service Perimeters. When this flag is set, it inhibits the generation of the
1406
+ # implicit spec, thereby allowing the user to explicitly provide a configuration
1407
+ # ("spec") to use in a dry-run version of the Service Perimeter. This allows the
1408
+ # user to test changes to the enforced config ("status") without actually
1409
+ # enforcing them. This testing is done through analyzing the differences between
1410
+ # currently enforced and suggested restrictions. use_explicit_dry_run_spec must
1411
+ # bet set to True if any of the fields in the spec are set to non-default values.
1412
+ # Corresponds to the JSON property `useExplicitDryRunSpec`
1413
+ # @return [Boolean]
1414
+ attr_accessor :use_explicit_dry_run_spec
1415
+ alias_method :use_explicit_dry_run_spec?, :use_explicit_dry_run_spec
1416
+
1417
+ def initialize(**args)
1418
+ update!(**args)
1419
+ end
1420
+
1421
+ # Update properties of this object
1422
+ def update!(**args)
1423
+ @description = args[:description] if args.key?(:description)
1424
+ @name = args[:name] if args.key?(:name)
1425
+ @perimeter_type = args[:perimeter_type] if args.key?(:perimeter_type)
1426
+ @spec = args[:spec] if args.key?(:spec)
1427
+ @status = args[:status] if args.key?(:status)
1428
+ @title = args[:title] if args.key?(:title)
1429
+ @use_explicit_dry_run_spec = args[:use_explicit_dry_run_spec] if args.key?(:use_explicit_dry_run_spec)
1430
+ end
1431
+ end
1432
+
1433
+ # `ServicePerimeterConfig` specifies a set of Google Cloud resources that
1434
+ # describe specific Service Perimeter configuration.
1435
+ class GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
1436
+ include Google::Apis::Core::Hashable
1437
+
1438
+ # A list of `AccessLevel` resource names that allow resources within the `
1439
+ # ServicePerimeter` to be accessed from the internet. `AccessLevels` listed must
1440
+ # be in the same policy as this `ServicePerimeter`. Referencing a nonexistent `
1441
+ # AccessLevel` is a syntax error. If no `AccessLevel` names are listed,
1442
+ # resources within the perimeter can only be accessed via Google Cloud calls
1443
+ # with request origins within the perimeter. Example: `"accessPolicies/MY_POLICY/
1444
+ # accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be empty.
1445
+ # Corresponds to the JSON property `accessLevels`
1446
+ # @return [Array<String>]
1447
+ attr_accessor :access_levels
1448
+
1449
+ # List of EgressPolicies to apply to the perimeter. A perimeter may have
1450
+ # multiple EgressPolicies, each of which is evaluated separately. Access is
1451
+ # granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
1452
+ # Corresponds to the JSON property `egressPolicies`
1453
+ # @return [Array<Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1EgressPolicy>]
1454
+ attr_accessor :egress_policies
1455
+
1456
+ # List of IngressPolicies to apply to the perimeter. A perimeter may have
1457
+ # multiple IngressPolicies, each of which is evaluated separately. Access is
1458
+ # granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
1459
+ # Corresponds to the JSON property `ingressPolicies`
1460
+ # @return [Array<Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1IngressPolicy>]
1461
+ attr_accessor :ingress_policies
1462
+
1463
+ # A list of Google Cloud resources that are inside of the service perimeter.
1464
+ # Currently only projects are allowed. Format: `projects/`project_number``
1465
+ # Corresponds to the JSON property `resources`
1466
+ # @return [Array<String>]
1467
+ attr_accessor :resources
1468
+
1469
+ # Google Cloud services that are subject to the Service Perimeter restrictions.
1470
+ # For example, if `storage.googleapis.com` is specified, access to the storage
1471
+ # buckets inside the perimeter must meet the perimeter's access restrictions.
1472
+ # Corresponds to the JSON property `restrictedServices`
1473
+ # @return [Array<String>]
1474
+ attr_accessor :restricted_services
1475
+
1476
+ # Specifies how APIs are allowed to communicate within the Service Perimeter.
1477
+ # Corresponds to the JSON property `vpcAccessibleServices`
1478
+ # @return [Google::Apis::CloudassetV1beta1::GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices]
1479
+ attr_accessor :vpc_accessible_services
1480
+
1481
+ def initialize(**args)
1482
+ update!(**args)
1483
+ end
1484
+
1485
+ # Update properties of this object
1486
+ def update!(**args)
1487
+ @access_levels = args[:access_levels] if args.key?(:access_levels)
1488
+ @egress_policies = args[:egress_policies] if args.key?(:egress_policies)
1489
+ @ingress_policies = args[:ingress_policies] if args.key?(:ingress_policies)
1490
+ @resources = args[:resources] if args.key?(:resources)
1491
+ @restricted_services = args[:restricted_services] if args.key?(:restricted_services)
1492
+ @vpc_accessible_services = args[:vpc_accessible_services] if args.key?(:vpc_accessible_services)
1493
+ end
1494
+ end
1495
+
1496
+ # Specifies how APIs are allowed to communicate within the Service Perimeter.
1497
+ class GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices
1498
+ include Google::Apis::Core::Hashable
1499
+
1500
+ # The list of APIs usable within the Service Perimeter. Must be empty unless '
1501
+ # enable_restriction' is True. You can specify a list of individual services, as
1502
+ # well as include the 'RESTRICTED-SERVICES' value, which automatically includes
1503
+ # all of the services protected by the perimeter.
1504
+ # Corresponds to the JSON property `allowedServices`
1505
+ # @return [Array<String>]
1506
+ attr_accessor :allowed_services
1507
+
1508
+ # Whether to restrict API calls within the Service Perimeter to the list of APIs
1509
+ # specified in 'allowed_services'.
1510
+ # Corresponds to the JSON property `enableRestriction`
1511
+ # @return [Boolean]
1512
+ attr_accessor :enable_restriction
1513
+ alias_method :enable_restriction?, :enable_restriction
1514
+
1515
+ def initialize(**args)
1516
+ update!(**args)
1517
+ end
1518
+
1519
+ # Update properties of this object
1520
+ def update!(**args)
1521
+ @allowed_services = args[:allowed_services] if args.key?(:allowed_services)
1522
+ @enable_restriction = args[:enable_restriction] if args.key?(:enable_restriction)
1523
+ end
1524
+ end
1525
+
1526
+ # This resource represents a long-running operation that is the result of a
1527
+ # network API call.
1528
+ class Operation
1529
+ include Google::Apis::Core::Hashable
1530
+
1531
+ # If the value is `false`, it means the operation is still in progress. If `true`
1532
+ # , the operation is completed, and either `error` or `response` is available.
1533
+ # Corresponds to the JSON property `done`
1534
+ # @return [Boolean]
1535
+ attr_accessor :done
1536
+ alias_method :done?, :done
1537
+
1538
+ # The `Status` type defines a logical error model that is suitable for different
1539
+ # programming environments, including REST APIs and RPC APIs. It is used by [
1540
+ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
1541
+ # data: error code, error message, and error details. You can find out more
1542
+ # about this error model and how to work with it in the [API Design Guide](https:
1543
+ # //cloud.google.com/apis/design/errors).
1544
+ # Corresponds to the JSON property `error`
1545
+ # @return [Google::Apis::CloudassetV1beta1::Status]
1546
+ attr_accessor :error
1547
+
1548
+ # Service-specific metadata associated with the operation. It typically contains
1549
+ # progress information and common metadata such as create time. Some services
1550
+ # might not provide such metadata. Any method that returns a long-running
1551
+ # operation should document the metadata type, if any.
1552
+ # Corresponds to the JSON property `metadata`
1553
+ # @return [Hash<String,Object>]
1554
+ attr_accessor :metadata
1555
+
1556
+ # The server-assigned name, which is only unique within the same service that
1557
+ # originally returns it. If you use the default HTTP mapping, the `name` should
1558
+ # be a resource name ending with `operations/`unique_id``.
1559
+ # Corresponds to the JSON property `name`
1560
+ # @return [String]
1561
+ attr_accessor :name
1562
+
1563
+ # The normal response of the operation in case of success. If the original
1564
+ # method returns no data on success, such as `Delete`, the response is `google.
1565
+ # protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`,
1566
+ # the response should be the resource. For other methods, the response should
1567
+ # have the type `XxxResponse`, where `Xxx` is the original method name. For
1568
+ # example, if the original method name is `TakeSnapshot()`, the inferred
1569
+ # response type is `TakeSnapshotResponse`.
1570
+ # Corresponds to the JSON property `response`
1571
+ # @return [Hash<String,Object>]
1572
+ attr_accessor :response
1573
+
1574
+ def initialize(**args)
1575
+ update!(**args)
1576
+ end
1577
+
1578
+ # Update properties of this object
1579
+ def update!(**args)
1580
+ @done = args[:done] if args.key?(:done)
1581
+ @error = args[:error] if args.key?(:error)
1582
+ @metadata = args[:metadata] if args.key?(:metadata)
1583
+ @name = args[:name] if args.key?(:name)
1584
+ @response = args[:response] if args.key?(:response)
1585
+ end
1586
+ end
1587
+
1588
+ # Output configuration for export assets destination.
1589
+ class OutputConfig
1590
+ include Google::Apis::Core::Hashable
1591
+
1592
+ # A Cloud Storage location.
1593
+ # Corresponds to the JSON property `gcsDestination`
1594
+ # @return [Google::Apis::CloudassetV1beta1::GcsDestination]
1595
+ attr_accessor :gcs_destination
1596
+
1597
+ def initialize(**args)
1598
+ update!(**args)
1599
+ end
1600
+
1601
+ # Update properties of this object
1602
+ def update!(**args)
1603
+ @gcs_destination = args[:gcs_destination] if args.key?(:gcs_destination)
1604
+ end
1605
+ end
1606
+
1607
+ # An Identity and Access Management (IAM) policy, which specifies access
1608
+ # controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
1609
+ # A `binding` binds one or more `members` to a single `role`. Members can be
1610
+ # user accounts, service accounts, Google groups, and domains (such as G Suite).
1611
+ # A `role` is a named list of permissions; each `role` can be an IAM predefined
1612
+ # role or a user-created custom role. For some types of Google Cloud resources,
1613
+ # a `binding` can also specify a `condition`, which is a logical expression that
1614
+ # allows access to a resource only if the expression evaluates to `true`. A
1615
+ # condition can add constraints based on attributes of the request, the resource,
1616
+ # or both. To learn which resources support conditions in their IAM policies,
1617
+ # see the [IAM documentation](https://cloud.google.com/iam/help/conditions/
1618
+ # resource-policies). **JSON example:** ` "bindings": [ ` "role": "roles/
1619
+ # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
1620
+ # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
1621
+ # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
1622
+ # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
1623
+ # title": "expirable access", "description": "Does not grant access after Sep
1624
+ # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
1625
+ # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** bindings: -
1626
+ # members: - user:mike@example.com - group:admins@example.com - domain:google.
1627
+ # com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
1628
+ # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
1629
+ # roles/resourcemanager.organizationViewer condition: title: expirable access
1630
+ # description: Does not grant access after Sep 2020 expression: request.time <
1631
+ # timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 3 For a
1632
+ # description of IAM and its features, see the [IAM documentation](https://cloud.
1633
+ # google.com/iam/docs/).
1634
+ class Policy
1635
+ include Google::Apis::Core::Hashable
1636
+
1637
+ # Specifies cloud audit logging configuration for this policy.
1638
+ # Corresponds to the JSON property `auditConfigs`
1639
+ # @return [Array<Google::Apis::CloudassetV1beta1::AuditConfig>]
1640
+ attr_accessor :audit_configs
1641
+
1642
+ # Associates a list of `members` to a `role`. Optionally, may specify a `
1643
+ # condition` that determines how and when the `bindings` are applied. Each of
1644
+ # the `bindings` must contain at least one member.
1645
+ # Corresponds to the JSON property `bindings`
1646
+ # @return [Array<Google::Apis::CloudassetV1beta1::Binding>]
1647
+ attr_accessor :bindings
1648
+
1649
+ # `etag` is used for optimistic concurrency control as a way to help prevent
1650
+ # simultaneous updates of a policy from overwriting each other. It is strongly
1651
+ # suggested that systems make use of the `etag` in the read-modify-write cycle
1652
+ # to perform policy updates in order to avoid race conditions: An `etag` is
1653
+ # returned in the response to `getIamPolicy`, and systems are expected to put
1654
+ # that etag in the request to `setIamPolicy` to ensure that their change will be
1655
+ # applied to the same version of the policy. **Important:** If you use IAM
1656
+ # Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
1657
+ # If you omit this field, then IAM allows you to overwrite a version `3` policy
1658
+ # with a version `1` policy, and all of the conditions in the version `3` policy
1659
+ # are lost.
1660
+ # Corresponds to the JSON property `etag`
1661
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
1662
+ # @return [String]
1663
+ attr_accessor :etag
1664
+
1665
+ # Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
1666
+ # Requests that specify an invalid value are rejected. Any operation that
1667
+ # affects conditional role bindings must specify version `3`. This requirement
1668
+ # applies to the following operations: * Getting a policy that includes a
1669
+ # conditional role binding * Adding a conditional role binding to a policy *
1670
+ # Changing a conditional role binding in a policy * Removing any role binding,
1671
+ # with or without a condition, from a policy that includes conditions **
1672
+ # Important:** If you use IAM Conditions, you must include the `etag` field
1673
+ # whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
1674
+ # to overwrite a version `3` policy with a version `1` policy, and all of the
1675
+ # conditions in the version `3` policy are lost. If a policy does not include
1676
+ # any conditions, operations on that policy may specify any valid version or
1677
+ # leave the field unset. To learn which resources support conditions in their
1678
+ # IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
1679
+ # conditions/resource-policies).
1680
+ # Corresponds to the JSON property `version`
1681
+ # @return [Fixnum]
1682
+ attr_accessor :version
1683
+
1684
+ def initialize(**args)
1685
+ update!(**args)
1686
+ end
1687
+
1688
+ # Update properties of this object
1689
+ def update!(**args)
1690
+ @audit_configs = args[:audit_configs] if args.key?(:audit_configs)
1691
+ @bindings = args[:bindings] if args.key?(:bindings)
1692
+ @etag = args[:etag] if args.key?(:etag)
1693
+ @version = args[:version] if args.key?(:version)
1694
+ end
1695
+ end
1696
+
1697
+ # A representation of a Google Cloud resource.
1698
+ class Resource
1699
+ include Google::Apis::Core::Hashable
1700
+
1701
+ # The content of the resource, in which some sensitive fields are removed and
1702
+ # may not be present.
1703
+ # Corresponds to the JSON property `data`
1704
+ # @return [Hash<String,Object>]
1705
+ attr_accessor :data
1706
+
1707
+ # The URL of the discovery document containing the resource's JSON schema.
1708
+ # Example: `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This
1709
+ # value is unspecified for resources that do not have an API based on a
1710
+ # discovery document, such as Cloud Bigtable.
1711
+ # Corresponds to the JSON property `discoveryDocumentUri`
1712
+ # @return [String]
1713
+ attr_accessor :discovery_document_uri
1714
+
1715
+ # The JSON schema name listed in the discovery document. Example: `Project` This
1716
+ # value is unspecified for resources that do not have an API based on a
1717
+ # discovery document, such as Cloud Bigtable.
1718
+ # Corresponds to the JSON property `discoveryName`
1719
+ # @return [String]
1720
+ attr_accessor :discovery_name
1721
+
1722
+ # The full name of the immediate parent of this resource. See [Resource Names](
1723
+ # https://cloud.google.com/apis/design/resource_names#full_resource_name) for
1724
+ # more information. For Google Cloud assets, this value is the parent resource
1725
+ # defined in the [Cloud IAM policy hierarchy](https://cloud.google.com/iam/docs/
1726
+ # overview#policy_hierarchy). Example: `//cloudresourcemanager.googleapis.com/
1727
+ # projects/my_project_123` For third-party assets, this field may be set
1728
+ # differently.
1729
+ # Corresponds to the JSON property `parent`
1730
+ # @return [String]
1731
+ attr_accessor :parent
1732
+
1733
+ # The REST URL for accessing the resource. An HTTP `GET` request using this URL
1734
+ # returns the resource itself. Example: `https://cloudresourcemanager.googleapis.
1735
+ # com/v1/projects/my-project-123` This value is unspecified for resources
1736
+ # without a REST API.
1737
+ # Corresponds to the JSON property `resourceUrl`
1738
+ # @return [String]
1739
+ attr_accessor :resource_url
1740
+
1741
+ # The API version. Example: `v1`
1742
+ # Corresponds to the JSON property `version`
1743
+ # @return [String]
1744
+ attr_accessor :version
1745
+
1746
+ def initialize(**args)
1747
+ update!(**args)
1748
+ end
1749
+
1750
+ # Update properties of this object
1751
+ def update!(**args)
1752
+ @data = args[:data] if args.key?(:data)
1753
+ @discovery_document_uri = args[:discovery_document_uri] if args.key?(:discovery_document_uri)
1754
+ @discovery_name = args[:discovery_name] if args.key?(:discovery_name)
1755
+ @parent = args[:parent] if args.key?(:parent)
1756
+ @resource_url = args[:resource_url] if args.key?(:resource_url)
1757
+ @version = args[:version] if args.key?(:version)
1758
+ end
1759
+ end
1760
+
1761
+ # The `Status` type defines a logical error model that is suitable for different
1762
+ # programming environments, including REST APIs and RPC APIs. It is used by [
1763
+ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of
1764
+ # data: error code, error message, and error details. You can find out more
1765
+ # about this error model and how to work with it in the [API Design Guide](https:
1766
+ # //cloud.google.com/apis/design/errors).
1767
+ class Status
1768
+ include Google::Apis::Core::Hashable
1769
+
1770
+ # The status code, which should be an enum value of google.rpc.Code.
1771
+ # Corresponds to the JSON property `code`
1772
+ # @return [Fixnum]
1773
+ attr_accessor :code
1774
+
1775
+ # A list of messages that carry the error details. There is a common set of
1776
+ # message types for APIs to use.
1777
+ # Corresponds to the JSON property `details`
1778
+ # @return [Array<Hash<String,Object>>]
1779
+ attr_accessor :details
1780
+
1781
+ # A developer-facing error message, which should be in English. Any user-facing
1782
+ # error message should be localized and sent in the google.rpc.Status.details
1783
+ # field, or localized by the client.
1784
+ # Corresponds to the JSON property `message`
1785
+ # @return [String]
1786
+ attr_accessor :message
1787
+
1788
+ def initialize(**args)
1789
+ update!(**args)
1790
+ end
1791
+
1792
+ # Update properties of this object
1793
+ def update!(**args)
1794
+ @code = args[:code] if args.key?(:code)
1795
+ @details = args[:details] if args.key?(:details)
1796
+ @message = args[:message] if args.key?(:message)
1797
+ end
1798
+ end
1799
+
1800
+ # An asset in Google Cloud and its temporal metadata, including the time window
1801
+ # when it was observed and its status during that window.
1802
+ class TemporalAsset
1803
+ include Google::Apis::Core::Hashable
1804
+
1805
+ # An asset in Google Cloud. An asset can be any resource in the Google Cloud [
1806
+ # resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-
1807
+ # platform-resource-hierarchy), a resource outside the Google Cloud resource
1808
+ # hierarchy (such as Google Kubernetes Engine clusters and objects), or a policy
1809
+ # (e.g. Cloud IAM policy). See [Supported asset types](https://cloud.google.com/
1810
+ # asset-inventory/docs/supported-asset-types) for more information.
1811
+ # Corresponds to the JSON property `asset`
1812
+ # @return [Google::Apis::CloudassetV1beta1::Asset]
1813
+ attr_accessor :asset
1814
+
1815
+ # Whether the asset has been deleted or not.
1816
+ # Corresponds to the JSON property `deleted`
1817
+ # @return [Boolean]
1818
+ attr_accessor :deleted
1819
+ alias_method :deleted?, :deleted
1820
+
1821
+ # A time window specified by its `start_time` and `end_time`.
1822
+ # Corresponds to the JSON property `window`
1823
+ # @return [Google::Apis::CloudassetV1beta1::TimeWindow]
1824
+ attr_accessor :window
1825
+
1826
+ def initialize(**args)
1827
+ update!(**args)
1828
+ end
1829
+
1830
+ # Update properties of this object
1831
+ def update!(**args)
1832
+ @asset = args[:asset] if args.key?(:asset)
1833
+ @deleted = args[:deleted] if args.key?(:deleted)
1834
+ @window = args[:window] if args.key?(:window)
1835
+ end
1836
+ end
1837
+
1838
+ # A time window specified by its `start_time` and `end_time`.
1839
+ class TimeWindow
1840
+ include Google::Apis::Core::Hashable
1841
+
1842
+ # End time of the time window (inclusive). If not specified, the current
1843
+ # timestamp is used instead.
1844
+ # Corresponds to the JSON property `endTime`
1845
+ # @return [String]
1846
+ attr_accessor :end_time
1847
+
1848
+ # Start time of the time window (exclusive).
1849
+ # Corresponds to the JSON property `startTime`
1850
+ # @return [String]
1851
+ attr_accessor :start_time
1852
+
1853
+ def initialize(**args)
1854
+ update!(**args)
1855
+ end
1856
+
1857
+ # Update properties of this object
1858
+ def update!(**args)
1859
+ @end_time = args[:end_time] if args.key?(:end_time)
1860
+ @start_time = args[:start_time] if args.key?(:start_time)
1861
+ end
1862
+ end
1863
+ end
1864
+ end
1865
+ end