google-apis-iam_v1 0.54.0 → 0.56.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/google/apis/iam_v1/classes.rb +440 -17
- data/lib/google/apis/iam_v1/gem_version.rb +3 -3
- data/lib/google/apis/iam_v1/representations.rb +165 -0
- data/lib/google/apis/iam_v1/service.rb +453 -15
- data/lib/google/apis/iam_v1.rb +5 -3
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7ce2857fcc6183ac0cc0f3df5d3689482ba3a5c138a80850054bb0092cfabb27
|
4
|
+
data.tar.gz: 7cca170f022b112d87c0304e2a5098bcda6a87e266325e4883ce2531abef9ad8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d30d34a88eff6f68f596ec5b332aab0cac58166fa335d39b8cc1f942418c148f5e8d48193e45dba8c41d64b844d51e5b2031eb2f415ab2f0c7c491cf7bfdfc1b
|
7
|
+
data.tar.gz: 49e0a1fd6e9c52c03f08202f817bca0a2137a519b961b32cb3d7b034fd5da9fbb74768bc522f17a041cfcd4835fa20ac1b4a839e70721d0b9f8b951cb79ab43c
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,14 @@
|
|
1
1
|
# Release history for google-apis-iam_v1
|
2
2
|
|
3
|
+
### v0.56.0 (2024-04-21)
|
4
|
+
|
5
|
+
* Regenerated from discovery document revision 20240415
|
6
|
+
|
7
|
+
### v0.55.0 (2024-03-24)
|
8
|
+
|
9
|
+
* Regenerated from discovery document revision 20240314
|
10
|
+
* Regenerated using generator version 0.14.0
|
11
|
+
|
3
12
|
### v0.54.0 (2024-02-23)
|
4
13
|
|
5
14
|
* Unspecified changes
|
@@ -450,12 +450,28 @@ module Google
|
|
450
450
|
class DisableServiceAccountKeyRequest
|
451
451
|
include Google::Apis::Core::Hashable
|
452
452
|
|
453
|
+
# Optional. Usable by internal google services only. An extended_status_message
|
454
|
+
# can be used to include additional information about the key, such as its
|
455
|
+
# private key data being exposed on a public repository like GitHub.
|
456
|
+
# Corresponds to the JSON property `extendedStatusMessage`
|
457
|
+
# @return [String]
|
458
|
+
attr_accessor :extended_status_message
|
459
|
+
|
460
|
+
# Optional. Describes the reason this key is being disabled. If unspecified, the
|
461
|
+
# default value of SERVICE_ACCOUNT_KEY_DISABLE_REASON_USER_INITIATED will be
|
462
|
+
# used.
|
463
|
+
# Corresponds to the JSON property `serviceAccountKeyDisableReason`
|
464
|
+
# @return [String]
|
465
|
+
attr_accessor :service_account_key_disable_reason
|
466
|
+
|
453
467
|
def initialize(**args)
|
454
468
|
update!(**args)
|
455
469
|
end
|
456
470
|
|
457
471
|
# Update properties of this object
|
458
472
|
def update!(**args)
|
473
|
+
@extended_status_message = args[:extended_status_message] if args.key?(:extended_status_message)
|
474
|
+
@service_account_key_disable_reason = args[:service_account_key_disable_reason] if args.key?(:service_account_key_disable_reason)
|
459
475
|
end
|
460
476
|
end
|
461
477
|
|
@@ -568,6 +584,33 @@ module Google
|
|
568
584
|
end
|
569
585
|
end
|
570
586
|
|
587
|
+
# Extended status can store additional metadata. For example, for keys disabled
|
588
|
+
# due to their private key data being expoesed we may include a message with
|
589
|
+
# more information about the exposure.
|
590
|
+
class ExtendedStatus
|
591
|
+
include Google::Apis::Core::Hashable
|
592
|
+
|
593
|
+
# The key for this extended status.
|
594
|
+
# Corresponds to the JSON property `key`
|
595
|
+
# @return [String]
|
596
|
+
attr_accessor :key
|
597
|
+
|
598
|
+
# The value for the extended status.
|
599
|
+
# Corresponds to the JSON property `value`
|
600
|
+
# @return [String]
|
601
|
+
attr_accessor :value
|
602
|
+
|
603
|
+
def initialize(**args)
|
604
|
+
update!(**args)
|
605
|
+
end
|
606
|
+
|
607
|
+
# Update properties of this object
|
608
|
+
def update!(**args)
|
609
|
+
@key = args[:key] if args.key?(:key)
|
610
|
+
@value = args[:value] if args.key?(:value)
|
611
|
+
end
|
612
|
+
end
|
613
|
+
|
571
614
|
# Request message for `GetIamPolicy` method.
|
572
615
|
class GetIamPolicyRequest
|
573
616
|
include Google::Apis::Core::Hashable
|
@@ -615,6 +658,80 @@ module Google
|
|
615
658
|
end
|
616
659
|
end
|
617
660
|
|
661
|
+
# Represents the OAuth 2.0 client credential configuration for retrieving
|
662
|
+
# additional user attributes that are not present in the initial authentication
|
663
|
+
# credentials from the identity provider, e.g. groups. See https://datatracker.
|
664
|
+
# ietf.org/doc/html/rfc6749#section-4.4 for more details on client credentials
|
665
|
+
# grant flow.
|
666
|
+
class GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client
|
667
|
+
include Google::Apis::Core::Hashable
|
668
|
+
|
669
|
+
# Required. Represents the IdP and type of claims that should be fetched.
|
670
|
+
# Corresponds to the JSON property `attributesType`
|
671
|
+
# @return [String]
|
672
|
+
attr_accessor :attributes_type
|
673
|
+
|
674
|
+
# Required. The OAuth 2.0 client ID for retrieving extra attributes from the
|
675
|
+
# identity provider. Required to get the Access Token using client credentials
|
676
|
+
# grant flow.
|
677
|
+
# Corresponds to the JSON property `clientId`
|
678
|
+
# @return [String]
|
679
|
+
attr_accessor :client_id
|
680
|
+
|
681
|
+
# Representation of a client secret configured for the OIDC provider.
|
682
|
+
# Corresponds to the JSON property `clientSecret`
|
683
|
+
# @return [Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret]
|
684
|
+
attr_accessor :client_secret
|
685
|
+
|
686
|
+
# Required. The OIDC identity provider's issuer URI. Must be a valid URI using
|
687
|
+
# the `https` scheme. Required to get the OIDC discovery document.
|
688
|
+
# Corresponds to the JSON property `issuerUri`
|
689
|
+
# @return [String]
|
690
|
+
attr_accessor :issuer_uri
|
691
|
+
|
692
|
+
# Represents the parameters to control which claims are fetched from an IdP.
|
693
|
+
# Corresponds to the JSON property `queryParameters`
|
694
|
+
# @return [Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters]
|
695
|
+
attr_accessor :query_parameters
|
696
|
+
|
697
|
+
def initialize(**args)
|
698
|
+
update!(**args)
|
699
|
+
end
|
700
|
+
|
701
|
+
# Update properties of this object
|
702
|
+
def update!(**args)
|
703
|
+
@attributes_type = args[:attributes_type] if args.key?(:attributes_type)
|
704
|
+
@client_id = args[:client_id] if args.key?(:client_id)
|
705
|
+
@client_secret = args[:client_secret] if args.key?(:client_secret)
|
706
|
+
@issuer_uri = args[:issuer_uri] if args.key?(:issuer_uri)
|
707
|
+
@query_parameters = args[:query_parameters] if args.key?(:query_parameters)
|
708
|
+
end
|
709
|
+
end
|
710
|
+
|
711
|
+
# Represents the parameters to control which claims are fetched from an IdP.
|
712
|
+
class GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters
|
713
|
+
include Google::Apis::Core::Hashable
|
714
|
+
|
715
|
+
# Optional. The filter used to request specific records from IdP. In case of
|
716
|
+
# attributes type as AZURE_AD_GROUPS_MAIL, it represents the filter used to
|
717
|
+
# request specific groups for users from IdP. By default all the groups
|
718
|
+
# associated with the user are fetched. The groups that are used should be mail
|
719
|
+
# enabled and security enabled. See https://learn.microsoft.com/en-us/graph/
|
720
|
+
# search-query-parameter for more details.
|
721
|
+
# Corresponds to the JSON property `filter`
|
722
|
+
# @return [String]
|
723
|
+
attr_accessor :filter
|
724
|
+
|
725
|
+
def initialize(**args)
|
726
|
+
update!(**args)
|
727
|
+
end
|
728
|
+
|
729
|
+
# Update properties of this object
|
730
|
+
def update!(**args)
|
731
|
+
@filter = args[:filter] if args.key?(:filter)
|
732
|
+
end
|
733
|
+
end
|
734
|
+
|
618
735
|
# Represents an OpenId Connect 1.0 identity provider.
|
619
736
|
class GoogleIamAdminV1WorkforcePoolProviderOidc
|
620
737
|
include Google::Apis::Core::Hashable
|
@@ -630,7 +747,7 @@ module Google
|
|
630
747
|
# @return [Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret]
|
631
748
|
attr_accessor :client_secret
|
632
749
|
|
633
|
-
# Required. The OIDC issuer URI. Must be a valid URI using the
|
750
|
+
# Required. The OIDC issuer URI. Must be a valid URI using the `https` scheme.
|
634
751
|
# Corresponds to the JSON property `issuerUri`
|
635
752
|
# @return [String]
|
636
753
|
attr_accessor :issuer_uri
|
@@ -945,6 +1062,51 @@ module Google
|
|
945
1062
|
end
|
946
1063
|
end
|
947
1064
|
|
1065
|
+
# Response message for ListOauthClientCredentials.
|
1066
|
+
class ListOauthClientCredentialsResponse
|
1067
|
+
include Google::Apis::Core::Hashable
|
1068
|
+
|
1069
|
+
# A list of oauth client credentials.
|
1070
|
+
# Corresponds to the JSON property `oauthClientCredentials`
|
1071
|
+
# @return [Array<Google::Apis::IamV1::OauthClientCredential>]
|
1072
|
+
attr_accessor :oauth_client_credentials
|
1073
|
+
|
1074
|
+
def initialize(**args)
|
1075
|
+
update!(**args)
|
1076
|
+
end
|
1077
|
+
|
1078
|
+
# Update properties of this object
|
1079
|
+
def update!(**args)
|
1080
|
+
@oauth_client_credentials = args[:oauth_client_credentials] if args.key?(:oauth_client_credentials)
|
1081
|
+
end
|
1082
|
+
end
|
1083
|
+
|
1084
|
+
# Response message for ListOauthClients.
|
1085
|
+
class ListOauthClientsResponse
|
1086
|
+
include Google::Apis::Core::Hashable
|
1087
|
+
|
1088
|
+
# Optional. A token, which can be sent as `page_token` to retrieve the next page.
|
1089
|
+
# If this field is omitted, there are no subsequent pages.
|
1090
|
+
# Corresponds to the JSON property `nextPageToken`
|
1091
|
+
# @return [String]
|
1092
|
+
attr_accessor :next_page_token
|
1093
|
+
|
1094
|
+
# A list of oauth clients.
|
1095
|
+
# Corresponds to the JSON property `oauthClients`
|
1096
|
+
# @return [Array<Google::Apis::IamV1::OauthClient>]
|
1097
|
+
attr_accessor :oauth_clients
|
1098
|
+
|
1099
|
+
def initialize(**args)
|
1100
|
+
update!(**args)
|
1101
|
+
end
|
1102
|
+
|
1103
|
+
# Update properties of this object
|
1104
|
+
def update!(**args)
|
1105
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
1106
|
+
@oauth_clients = args[:oauth_clients] if args.key?(:oauth_clients)
|
1107
|
+
end
|
1108
|
+
end
|
1109
|
+
|
948
1110
|
# The response containing the roles defined under a resource.
|
949
1111
|
class ListRolesResponse
|
950
1112
|
include Google::Apis::Core::Hashable
|
@@ -1172,6 +1334,143 @@ module Google
|
|
1172
1334
|
end
|
1173
1335
|
end
|
1174
1336
|
|
1337
|
+
# Represents an oauth client. Used to access Google Cloud resources on behave of
|
1338
|
+
# a user by using OAuth2 Protocol to obtain an access token from Google Cloud
|
1339
|
+
# Platform.
|
1340
|
+
class OauthClient
|
1341
|
+
include Google::Apis::Core::Hashable
|
1342
|
+
|
1343
|
+
# Required. The list of OAuth grant type is allowed for the oauth client.
|
1344
|
+
# Corresponds to the JSON property `allowedGrantTypes`
|
1345
|
+
# @return [Array<String>]
|
1346
|
+
attr_accessor :allowed_grant_types
|
1347
|
+
|
1348
|
+
# Required. The list of redirect uris that is allowed to redirect back when
|
1349
|
+
# authorization process is completed.
|
1350
|
+
# Corresponds to the JSON property `allowedRedirectUris`
|
1351
|
+
# @return [Array<String>]
|
1352
|
+
attr_accessor :allowed_redirect_uris
|
1353
|
+
|
1354
|
+
# Required. The list of scopes that the oauth client is allowed to request
|
1355
|
+
# during OAuth flows. The following scopes are supported: * `https://www.
|
1356
|
+
# googleapis.com/auth/cloud-platform`: See, edit, configure, and delete your
|
1357
|
+
# Google Cloud data and see the email address for your Google Account. * `openid`
|
1358
|
+
# : Associate you with your personal info on Google Cloud. * `email`: See your
|
1359
|
+
# Google Cloud Account email address.
|
1360
|
+
# Corresponds to the JSON property `allowedScopes`
|
1361
|
+
# @return [Array<String>]
|
1362
|
+
attr_accessor :allowed_scopes
|
1363
|
+
|
1364
|
+
# Output only. The system-generated oauth client id.
|
1365
|
+
# Corresponds to the JSON property `clientId`
|
1366
|
+
# @return [String]
|
1367
|
+
attr_accessor :client_id
|
1368
|
+
|
1369
|
+
# Immutable. The type of oauth client. either public or private.
|
1370
|
+
# Corresponds to the JSON property `clientType`
|
1371
|
+
# @return [String]
|
1372
|
+
attr_accessor :client_type
|
1373
|
+
|
1374
|
+
# Optional. A user-specified description of the oauth client. Cannot exceed 256
|
1375
|
+
# characters.
|
1376
|
+
# Corresponds to the JSON property `description`
|
1377
|
+
# @return [String]
|
1378
|
+
attr_accessor :description
|
1379
|
+
|
1380
|
+
# Optional. Whether the oauth client is disabled. You cannot use a disabled
|
1381
|
+
# oauth client for login.
|
1382
|
+
# Corresponds to the JSON property `disabled`
|
1383
|
+
# @return [Boolean]
|
1384
|
+
attr_accessor :disabled
|
1385
|
+
alias_method :disabled?, :disabled
|
1386
|
+
|
1387
|
+
# Optional. A user-specified display name of the oauth client. Cannot exceed 32
|
1388
|
+
# characters.
|
1389
|
+
# Corresponds to the JSON property `displayName`
|
1390
|
+
# @return [String]
|
1391
|
+
attr_accessor :display_name
|
1392
|
+
|
1393
|
+
# Output only. Time after which the oauth client will be permanently purged and
|
1394
|
+
# cannot be recovered.
|
1395
|
+
# Corresponds to the JSON property `expireTime`
|
1396
|
+
# @return [String]
|
1397
|
+
attr_accessor :expire_time
|
1398
|
+
|
1399
|
+
# Immutable. The resource name of the oauth client. Format:`projects/`project`/
|
1400
|
+
# locations/`location`/oauthClients/`oauth_client``.
|
1401
|
+
# Corresponds to the JSON property `name`
|
1402
|
+
# @return [String]
|
1403
|
+
attr_accessor :name
|
1404
|
+
|
1405
|
+
# Output only. The state of the oauth client.
|
1406
|
+
# Corresponds to the JSON property `state`
|
1407
|
+
# @return [String]
|
1408
|
+
attr_accessor :state
|
1409
|
+
|
1410
|
+
def initialize(**args)
|
1411
|
+
update!(**args)
|
1412
|
+
end
|
1413
|
+
|
1414
|
+
# Update properties of this object
|
1415
|
+
def update!(**args)
|
1416
|
+
@allowed_grant_types = args[:allowed_grant_types] if args.key?(:allowed_grant_types)
|
1417
|
+
@allowed_redirect_uris = args[:allowed_redirect_uris] if args.key?(:allowed_redirect_uris)
|
1418
|
+
@allowed_scopes = args[:allowed_scopes] if args.key?(:allowed_scopes)
|
1419
|
+
@client_id = args[:client_id] if args.key?(:client_id)
|
1420
|
+
@client_type = args[:client_type] if args.key?(:client_type)
|
1421
|
+
@description = args[:description] if args.key?(:description)
|
1422
|
+
@disabled = args[:disabled] if args.key?(:disabled)
|
1423
|
+
@display_name = args[:display_name] if args.key?(:display_name)
|
1424
|
+
@expire_time = args[:expire_time] if args.key?(:expire_time)
|
1425
|
+
@name = args[:name] if args.key?(:name)
|
1426
|
+
@state = args[:state] if args.key?(:state)
|
1427
|
+
end
|
1428
|
+
end
|
1429
|
+
|
1430
|
+
# Represents an oauth client credential. Used to authenticate an oauth client
|
1431
|
+
# while accessing Google Cloud resources on behalf of a user by using OAuth2
|
1432
|
+
# Protocol.
|
1433
|
+
class OauthClientCredential
|
1434
|
+
include Google::Apis::Core::Hashable
|
1435
|
+
|
1436
|
+
# Output only. The system-generated oauth client secret.
|
1437
|
+
# Corresponds to the JSON property `clientSecret`
|
1438
|
+
# @return [String]
|
1439
|
+
attr_accessor :client_secret
|
1440
|
+
|
1441
|
+
# Optional. Whether the oauth client credential is disabled. You cannot use a
|
1442
|
+
# disabled oauth client credential for OAuth.
|
1443
|
+
# Corresponds to the JSON property `disabled`
|
1444
|
+
# @return [Boolean]
|
1445
|
+
attr_accessor :disabled
|
1446
|
+
alias_method :disabled?, :disabled
|
1447
|
+
|
1448
|
+
# Optional. A user-specified display name of the oauth client credential Cannot
|
1449
|
+
# exceed 32 characters.
|
1450
|
+
# Corresponds to the JSON property `displayName`
|
1451
|
+
# @return [String]
|
1452
|
+
attr_accessor :display_name
|
1453
|
+
|
1454
|
+
# Immutable. The resource name of the oauth client credential. Format: `projects/
|
1455
|
+
# `project`/locations/`location`/oauthClients/`oauth_client`/credentials/`
|
1456
|
+
# credential``
|
1457
|
+
# Corresponds to the JSON property `name`
|
1458
|
+
# @return [String]
|
1459
|
+
attr_accessor :name
|
1460
|
+
|
1461
|
+
def initialize(**args)
|
1462
|
+
update!(**args)
|
1463
|
+
end
|
1464
|
+
|
1465
|
+
# Update properties of this object
|
1466
|
+
def update!(**args)
|
1467
|
+
@client_secret = args[:client_secret] if args.key?(:client_secret)
|
1468
|
+
@disabled = args[:disabled] if args.key?(:disabled)
|
1469
|
+
@display_name = args[:display_name] if args.key?(:display_name)
|
1470
|
+
@name = args[:name] if args.key?(:name)
|
1471
|
+
end
|
1472
|
+
end
|
1473
|
+
|
1175
1474
|
# Represents an OpenId Connect 1.0 identity provider.
|
1176
1475
|
class Oidc
|
1177
1476
|
include Google::Apis::Core::Hashable
|
@@ -1338,6 +1637,46 @@ module Google
|
|
1338
1637
|
end
|
1339
1638
|
end
|
1340
1639
|
|
1640
|
+
# The service account key patch request.
|
1641
|
+
class PatchServiceAccountKeyRequest
|
1642
|
+
include Google::Apis::Core::Hashable
|
1643
|
+
|
1644
|
+
# Represents a service account key. A service account has two sets of key-pairs:
|
1645
|
+
# user-managed, and system-managed. User-managed key-pairs can be created and
|
1646
|
+
# deleted by users. Users are responsible for rotating these keys periodically
|
1647
|
+
# to ensure security of their service accounts. Users retain the private key of
|
1648
|
+
# these key-pairs, and Google retains ONLY the public key. System-managed keys
|
1649
|
+
# are automatically rotated by Google, and are used for signing for a maximum of
|
1650
|
+
# two weeks. The rotation process is probabilistic, and usage of the new key
|
1651
|
+
# will gradually ramp up and down over the key's lifetime. If you cache the
|
1652
|
+
# public key set for a service account, we recommend that you update the cache
|
1653
|
+
# every 15 minutes. User-managed keys can be added and removed at any time, so
|
1654
|
+
# it is important to update the cache frequently. For Google-managed keys,
|
1655
|
+
# Google will publish a key at least 6 hours before it is first used for signing
|
1656
|
+
# and will keep publishing it for at least 6 hours after it was last used for
|
1657
|
+
# signing. Public keys for all service accounts are also published at the OAuth2
|
1658
|
+
# Service Account API.
|
1659
|
+
# Corresponds to the JSON property `serviceAccountKey`
|
1660
|
+
# @return [Google::Apis::IamV1::ServiceAccountKey]
|
1661
|
+
attr_accessor :service_account_key
|
1662
|
+
|
1663
|
+
# Required. The update mask to apply to the service account key. Only the
|
1664
|
+
# following fields are eligible for patching: - contact - description
|
1665
|
+
# Corresponds to the JSON property `updateMask`
|
1666
|
+
# @return [String]
|
1667
|
+
attr_accessor :update_mask
|
1668
|
+
|
1669
|
+
def initialize(**args)
|
1670
|
+
update!(**args)
|
1671
|
+
end
|
1672
|
+
|
1673
|
+
# Update properties of this object
|
1674
|
+
def update!(**args)
|
1675
|
+
@service_account_key = args[:service_account_key] if args.key?(:service_account_key)
|
1676
|
+
@update_mask = args[:update_mask] if args.key?(:update_mask)
|
1677
|
+
end
|
1678
|
+
end
|
1679
|
+
|
1341
1680
|
# The service account patch request. You can patch only the `display_name` and `
|
1342
1681
|
# description` fields. You must use the `update_mask` field to specify which of
|
1343
1682
|
# these fields you want to patch. Only the fields specified in the request are
|
@@ -1748,6 +2087,32 @@ module Google
|
|
1748
2087
|
end
|
1749
2088
|
end
|
1750
2089
|
|
2090
|
+
# Operation metadata returned by the CLH during resource state reconciliation.
|
2091
|
+
class ReconciliationOperationMetadata
|
2092
|
+
include Google::Apis::Core::Hashable
|
2093
|
+
|
2094
|
+
# DEPRECATED. Use exclusive_action instead.
|
2095
|
+
# Corresponds to the JSON property `deleteResource`
|
2096
|
+
# @return [Boolean]
|
2097
|
+
attr_accessor :delete_resource
|
2098
|
+
alias_method :delete_resource?, :delete_resource
|
2099
|
+
|
2100
|
+
# Excluisive action returned by the CLH.
|
2101
|
+
# Corresponds to the JSON property `exclusiveAction`
|
2102
|
+
# @return [String]
|
2103
|
+
attr_accessor :exclusive_action
|
2104
|
+
|
2105
|
+
def initialize(**args)
|
2106
|
+
update!(**args)
|
2107
|
+
end
|
2108
|
+
|
2109
|
+
# Update properties of this object
|
2110
|
+
def update!(**args)
|
2111
|
+
@delete_resource = args[:delete_resource] if args.key?(:delete_resource)
|
2112
|
+
@exclusive_action = args[:exclusive_action] if args.key?(:exclusive_action)
|
2113
|
+
end
|
2114
|
+
end
|
2115
|
+
|
1751
2116
|
# A role in the Identity and Access Management API.
|
1752
2117
|
class Role
|
1753
2118
|
include Google::Apis::Core::Hashable
|
@@ -1778,8 +2143,8 @@ module Google
|
|
1778
2143
|
# The name of the role. When `Role` is used in `CreateRole`, the role name must
|
1779
2144
|
# not be set. When `Role` is used in output and other input such as `UpdateRole`,
|
1780
2145
|
# the role name is the complete path. For example, `roles/logging.viewer` for
|
1781
|
-
# predefined roles, `organizations/`ORGANIZATION_ID`/roles/
|
1782
|
-
# organization-level custom roles, and `projects/`PROJECT_ID`/roles/
|
2146
|
+
# predefined roles, `organizations/`ORGANIZATION_ID`/roles/myRole` for
|
2147
|
+
# organization-level custom roles, and `projects/`PROJECT_ID`/roles/myRole` for
|
1783
2148
|
# project-level custom roles.
|
1784
2149
|
# Corresponds to the JSON property `name`
|
1785
2150
|
# @return [String]
|
@@ -1818,18 +2183,18 @@ module Google
|
|
1818
2183
|
class Saml
|
1819
2184
|
include Google::Apis::Core::Hashable
|
1820
2185
|
|
1821
|
-
# Required. SAML
|
1822
|
-
# document
|
1823
|
-
# org/
|
1824
|
-
#
|
1825
|
-
#
|
1826
|
-
#
|
1827
|
-
#
|
1828
|
-
#
|
1829
|
-
#
|
1830
|
-
#
|
1831
|
-
#
|
1832
|
-
#
|
2186
|
+
# Required. SAML identity provider (IdP) configuration metadata XML doc. The XML
|
2187
|
+
# document must comply with the [SAML 2.0 specification](https://docs.oasis-open.
|
2188
|
+
# org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The maximum size of an
|
2189
|
+
# acceptable XML document is 128K characters. The SAML metadata XML document
|
2190
|
+
# must satisfy the following constraints: * Must contain an IdP Entity ID. *
|
2191
|
+
# Must contain at least one non-expired signing certificate. * For each signing
|
2192
|
+
# certificate, the expiration must be: * From no more than 7 days in the future.
|
2193
|
+
# * To no more than 15 years in the future. * Up to three IdP signing keys are
|
2194
|
+
# allowed. When updating the provider's metadata XML, at least one non-expired
|
2195
|
+
# signing key must overlap with the existing metadata. This requirement is
|
2196
|
+
# skipped if there are no non-expired signing keys present in the existing
|
2197
|
+
# metadata.
|
1833
2198
|
# Corresponds to the JSON property `idpMetadataXml`
|
1834
2199
|
# @return [String]
|
1835
2200
|
attr_accessor :idp_metadata_xml
|
@@ -1952,12 +2317,42 @@ module Google
|
|
1952
2317
|
class ServiceAccountKey
|
1953
2318
|
include Google::Apis::Core::Hashable
|
1954
2319
|
|
2320
|
+
# Optional. A user provided email address as the point of contact for this
|
2321
|
+
# service account key. Must be an email address. Limit 64 characters.
|
2322
|
+
# Corresponds to the JSON property `contact`
|
2323
|
+
# @return [String]
|
2324
|
+
attr_accessor :contact
|
2325
|
+
|
2326
|
+
# Output only. The cloud identity that created this service account key.
|
2327
|
+
# Populated automatically when the key is created and not editable by the user.
|
2328
|
+
# Corresponds to the JSON property `creator`
|
2329
|
+
# @return [String]
|
2330
|
+
attr_accessor :creator
|
2331
|
+
|
2332
|
+
# Optional. A user provided description of this service account key.
|
2333
|
+
# Corresponds to the JSON property `description`
|
2334
|
+
# @return [String]
|
2335
|
+
attr_accessor :description
|
2336
|
+
|
2337
|
+
# optional. If the key is disabled, it may have a DisableReason describing why
|
2338
|
+
# it was disabled.
|
2339
|
+
# Corresponds to the JSON property `disableReason`
|
2340
|
+
# @return [String]
|
2341
|
+
attr_accessor :disable_reason
|
2342
|
+
|
1955
2343
|
# The key status.
|
1956
2344
|
# Corresponds to the JSON property `disabled`
|
1957
2345
|
# @return [Boolean]
|
1958
2346
|
attr_accessor :disabled
|
1959
2347
|
alias_method :disabled?, :disabled
|
1960
2348
|
|
2349
|
+
# Extended Status provides permanent information about a service account key.
|
2350
|
+
# For example, if this key was detected as exposed or compromised, that
|
2351
|
+
# information will remain for the lifetime of the key in the extended_status.
|
2352
|
+
# Corresponds to the JSON property `extendedStatus`
|
2353
|
+
# @return [Array<Google::Apis::IamV1::ExtendedStatus>]
|
2354
|
+
attr_accessor :extended_status
|
2355
|
+
|
1961
2356
|
# Specifies the algorithm (and possibly key size) for the key.
|
1962
2357
|
# Corresponds to the JSON property `keyAlgorithm`
|
1963
2358
|
# @return [String]
|
@@ -2021,7 +2416,12 @@ module Google
|
|
2021
2416
|
|
2022
2417
|
# Update properties of this object
|
2023
2418
|
def update!(**args)
|
2419
|
+
@contact = args[:contact] if args.key?(:contact)
|
2420
|
+
@creator = args[:creator] if args.key?(:creator)
|
2421
|
+
@description = args[:description] if args.key?(:description)
|
2422
|
+
@disable_reason = args[:disable_reason] if args.key?(:disable_reason)
|
2024
2423
|
@disabled = args[:disabled] if args.key?(:disabled)
|
2424
|
+
@extended_status = args[:extended_status] if args.key?(:extended_status)
|
2025
2425
|
@key_algorithm = args[:key_algorithm] if args.key?(:key_algorithm)
|
2026
2426
|
@key_origin = args[:key_origin] if args.key?(:key_origin)
|
2027
2427
|
@key_type = args[:key_type] if args.key?(:key_type)
|
@@ -2291,6 +2691,19 @@ module Google
|
|
2291
2691
|
end
|
2292
2692
|
end
|
2293
2693
|
|
2694
|
+
# Request message for UndeleteOauthClient.
|
2695
|
+
class UndeleteOauthClientRequest
|
2696
|
+
include Google::Apis::Core::Hashable
|
2697
|
+
|
2698
|
+
def initialize(**args)
|
2699
|
+
update!(**args)
|
2700
|
+
end
|
2701
|
+
|
2702
|
+
# Update properties of this object
|
2703
|
+
def update!(**args)
|
2704
|
+
end
|
2705
|
+
end
|
2706
|
+
|
2294
2707
|
# The request to undelete an existing role.
|
2295
2708
|
class UndeleteRoleRequest
|
2296
2709
|
include Google::Apis::Core::Hashable
|
@@ -2579,8 +2992,8 @@ module Google
|
|
2579
2992
|
# user's thumbnail photo. This is an optional field. When set, the image will be
|
2580
2993
|
# visible as the user's profile picture. If not set, a generic user icon will be
|
2581
2994
|
# displayed instead. This attribute cannot be referenced in IAM bindings. * `
|
2582
|
-
# google.posix_username`: The
|
2583
|
-
# optional field and the mapped
|
2995
|
+
# google.posix_username`: The Linux username used by OS Login. This is an
|
2996
|
+
# optional field and the mapped POSIX username cannot exceed 32 characters, The
|
2584
2997
|
# key must match the regex "^a-zA-Z0-9._`0,31`$". This attribute cannot be
|
2585
2998
|
# referenced in IAM bindings. You can also provide custom attributes by
|
2586
2999
|
# specifying `attribute.`custom_attribute``, where `custom_attribute` is the
|
@@ -2631,6 +3044,15 @@ module Google
|
|
2631
3044
|
# @return [String]
|
2632
3045
|
attr_accessor :expire_time
|
2633
3046
|
|
3047
|
+
# Represents the OAuth 2.0 client credential configuration for retrieving
|
3048
|
+
# additional user attributes that are not present in the initial authentication
|
3049
|
+
# credentials from the identity provider, e.g. groups. See https://datatracker.
|
3050
|
+
# ietf.org/doc/html/rfc6749#section-4.4 for more details on client credentials
|
3051
|
+
# grant flow.
|
3052
|
+
# Corresponds to the JSON property `extraAttributesOauth2Client`
|
3053
|
+
# @return [Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client]
|
3054
|
+
attr_accessor :extra_attributes_oauth2_client
|
3055
|
+
|
2634
3056
|
# Output only. The resource name of the provider. Format: `locations/`location`/
|
2635
3057
|
# workforcePools/`workforce_pool_id`/providers/`provider_id``
|
2636
3058
|
# Corresponds to the JSON property `name`
|
@@ -2664,6 +3086,7 @@ module Google
|
|
2664
3086
|
@disabled = args[:disabled] if args.key?(:disabled)
|
2665
3087
|
@display_name = args[:display_name] if args.key?(:display_name)
|
2666
3088
|
@expire_time = args[:expire_time] if args.key?(:expire_time)
|
3089
|
+
@extra_attributes_oauth2_client = args[:extra_attributes_oauth2_client] if args.key?(:extra_attributes_oauth2_client)
|
2667
3090
|
@name = args[:name] if args.key?(:name)
|
2668
3091
|
@oidc = args[:oidc] if args.key?(:oidc)
|
2669
3092
|
@saml = args[:saml] if args.key?(:saml)
|
@@ -16,13 +16,13 @@ module Google
|
|
16
16
|
module Apis
|
17
17
|
module IamV1
|
18
18
|
# Version of the google-apis-iam_v1 gem
|
19
|
-
GEM_VERSION = "0.
|
19
|
+
GEM_VERSION = "0.56.0"
|
20
20
|
|
21
21
|
# Version of the code generator used to generate this client
|
22
|
-
GENERATOR_VERSION = "0.
|
22
|
+
GENERATOR_VERSION = "0.14.0"
|
23
23
|
|
24
24
|
# Revision of the discovery document this client was generated from
|
25
|
-
REVISION = "
|
25
|
+
REVISION = "20240415"
|
26
26
|
end
|
27
27
|
end
|
28
28
|
end
|