google-apis-iam_v1 0.60.0 → 0.62.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/google/apis/iam_v1/classes.rb +122 -176
- data/lib/google/apis/iam_v1/gem_version.rb +3 -3
- data/lib/google/apis/iam_v1/representations.rb +0 -18
- data/lib/google/apis/iam_v1/service.rb +25 -53
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 483c848def6aa7b9d449918df38a05b46c2be902675df35291b57da6404224b6
|
4
|
+
data.tar.gz: 00211f6630169d8dc64c828b186990bee4b6edbf526d35a80c30cd3dbd73a825
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ad8e7a4afab6c5cc4ca502dfc45d0f171d52afceca989320fc0ac82c01ec20ce91221be72e3be6d47fe8f4e6c647d1dda5072599c7301b7fd64e89d52f44d7f1
|
7
|
+
data.tar.gz: 97baa8e19bce026809fd8947cfe71e0fc4ec4c09d5bef75ad5571e900fadbbc33375eec99d1a8bb1e9bd4339438366ec3728a2bf95f8ae741910791a97028907
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,14 @@
|
|
1
1
|
# Release history for google-apis-iam_v1
|
2
2
|
|
3
|
+
### v0.62.0 (2024-12-02)
|
4
|
+
|
5
|
+
* Regenerated from discovery document revision 20241114
|
6
|
+
* Regenerated using generator version 0.15.1
|
7
|
+
|
8
|
+
### v0.61.0 (2024-07-25)
|
9
|
+
|
10
|
+
* Regenerated from discovery document revision 20240722
|
11
|
+
|
3
12
|
### v0.60.0 (2024-06-23)
|
4
13
|
|
5
14
|
* Regenerated from discovery document revision 20240617
|
@@ -752,13 +752,13 @@ module Google
|
|
752
752
|
# @return [String]
|
753
753
|
attr_accessor :issuer_uri
|
754
754
|
|
755
|
-
# OIDC JWKs in JSON String format. For details on the definition of a
|
756
|
-
# https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from
|
757
|
-
# discovery document(fetched from the .well-known path of the `issuer_uri`)
|
758
|
-
# be used. Currently, RSA and EC asymmetric keys are supported. The JWK
|
759
|
-
# following format and include only the following fields: ` "keys": [ `
|
760
|
-
# RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "",
|
761
|
-
# , "crv": "" ` ] `
|
755
|
+
# Optional. OIDC JWKs in JSON String format. For details on the definition of a
|
756
|
+
# JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from
|
757
|
+
# the discovery document(fetched from the .well-known path of the `issuer_uri`)
|
758
|
+
# will be used. Currently, RSA and EC asymmetric keys are supported. The JWK
|
759
|
+
# must use following format and include only the following fields: ` "keys": [ `
|
760
|
+
# "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "",
|
761
|
+
# "y": "", "crv": "" ` ] `
|
762
762
|
# Corresponds to the JSON property `jwksJson`
|
763
763
|
# @return [String]
|
764
764
|
attr_accessor :jwks_json
|
@@ -805,8 +805,9 @@ module Google
|
|
805
805
|
class GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue
|
806
806
|
include Google::Apis::Core::Hashable
|
807
807
|
|
808
|
-
# Input only. The plain text of the client secret value. For security
|
809
|
-
# this field is only used for input and will never be populated in any
|
808
|
+
# Optional. Input only. The plain text of the client secret value. For security
|
809
|
+
# reasons, this field is only used for input and will never be populated in any
|
810
|
+
# response.
|
810
811
|
# Corresponds to the JSON property `plainText`
|
811
812
|
# @return [String]
|
812
813
|
attr_accessor :plain_text
|
@@ -831,9 +832,9 @@ module Google
|
|
831
832
|
class GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig
|
832
833
|
include Google::Apis::Core::Hashable
|
833
834
|
|
834
|
-
# Additional scopes to request for in the OIDC authentication request
|
835
|
-
# scopes requested by default. By default, the `openid`, `profile` and
|
836
|
-
# scopes that are supported by the identity provider are requested. Each
|
835
|
+
# Optional. Additional scopes to request for in the OIDC authentication request
|
836
|
+
# on top of scopes requested by default. By default, the `openid`, `profile` and
|
837
|
+
# `email` scopes that are supported by the identity provider are requested. Each
|
837
838
|
# additional scope may be at most 256 characters. A maximum of 10 additional
|
838
839
|
# scopes may be configured.
|
839
840
|
# Corresponds to the JSON property `additionalScopes`
|
@@ -1396,8 +1397,8 @@ module Google
|
|
1396
1397
|
# @return [String]
|
1397
1398
|
attr_accessor :expire_time
|
1398
1399
|
|
1399
|
-
# Immutable. The resource name of the OauthClient. Format:`projects/`
|
1400
|
-
# locations/`location`/oauthClients/`oauth_client``.
|
1400
|
+
# Immutable. Identifier. The resource name of the OauthClient. Format:`projects/`
|
1401
|
+
# project`/locations/`location`/oauthClients/`oauth_client``.
|
1401
1402
|
# Corresponds to the JSON property `name`
|
1402
1403
|
# @return [String]
|
1403
1404
|
attr_accessor :name
|
@@ -1455,9 +1456,9 @@ module Google
|
|
1455
1456
|
# @return [String]
|
1456
1457
|
attr_accessor :display_name
|
1457
1458
|
|
1458
|
-
# Immutable. The resource name of the OauthClientCredential. Format:
|
1459
|
-
# project`/locations/`location`/oauthClients/`oauth_client`/
|
1460
|
-
# credential``
|
1459
|
+
# Immutable. Identifier. The resource name of the OauthClientCredential. Format:
|
1460
|
+
# `projects/`project`/locations/`location`/oauthClients/`oauth_client`/
|
1461
|
+
# credentials/`credential``
|
1461
1462
|
# Corresponds to the JSON property `name`
|
1462
1463
|
# @return [String]
|
1463
1464
|
attr_accessor :name
|
@@ -1479,11 +1480,11 @@ module Google
|
|
1479
1480
|
class Oidc
|
1480
1481
|
include Google::Apis::Core::Hashable
|
1481
1482
|
|
1482
|
-
# Acceptable values for the `aud` field (audience) in the OIDC token.
|
1483
|
-
# exchange requests are rejected if the token audience does not match one
|
1484
|
-
# configured values. Each audience may be at most 256 characters. A
|
1485
|
-
# 10 audiences may be configured. If this list is empty, the OIDC
|
1486
|
-
# must be equal to the full canonical resource name of the
|
1483
|
+
# Optional. Acceptable values for the `aud` field (audience) in the OIDC token.
|
1484
|
+
# Token exchange requests are rejected if the token audience does not match one
|
1485
|
+
# of the configured values. Each audience may be at most 256 characters. A
|
1486
|
+
# maximum of 10 audiences may be configured. If this list is empty, the OIDC
|
1487
|
+
# token audience must be equal to the full canonical resource name of the
|
1487
1488
|
# WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ``
|
1488
1489
|
# ` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/
|
1489
1490
|
# https://iam.googleapis.com/projects//locations//workloadIdentityPools//
|
@@ -1592,9 +1593,9 @@ module Google
|
|
1592
1593
|
attr_accessor :api_version
|
1593
1594
|
|
1594
1595
|
# Output only. Identifies whether the user has requested cancellation of the
|
1595
|
-
# operation. Operations that have been cancelled successfully have
|
1596
|
-
# error value with a google.rpc.Status.code of 1
|
1597
|
-
# CANCELLED`.
|
1596
|
+
# operation. Operations that have been cancelled successfully have google.
|
1597
|
+
# longrunning.Operation.error value with a google.rpc.Status.code of `1`,
|
1598
|
+
# corresponding to `Code.CANCELLED`.
|
1598
1599
|
# Corresponds to the JSON property `cancelRequested`
|
1599
1600
|
# @return [Boolean]
|
1600
1601
|
attr_accessor :cancel_requested
|
@@ -1641,46 +1642,6 @@ module Google
|
|
1641
1642
|
end
|
1642
1643
|
end
|
1643
1644
|
|
1644
|
-
# The service account key patch request.
|
1645
|
-
class PatchServiceAccountKeyRequest
|
1646
|
-
include Google::Apis::Core::Hashable
|
1647
|
-
|
1648
|
-
# Represents a service account key. A service account has two sets of key-pairs:
|
1649
|
-
# user-managed, and system-managed. User-managed key-pairs can be created and
|
1650
|
-
# deleted by users. Users are responsible for rotating these keys periodically
|
1651
|
-
# to ensure security of their service accounts. Users retain the private key of
|
1652
|
-
# these key-pairs, and Google retains ONLY the public key. System-managed keys
|
1653
|
-
# are automatically rotated by Google, and are used for signing for a maximum of
|
1654
|
-
# two weeks. The rotation process is probabilistic, and usage of the new key
|
1655
|
-
# will gradually ramp up and down over the key's lifetime. If you cache the
|
1656
|
-
# public key set for a service account, we recommend that you update the cache
|
1657
|
-
# every 15 minutes. User-managed keys can be added and removed at any time, so
|
1658
|
-
# it is important to update the cache frequently. For Google-managed keys,
|
1659
|
-
# Google will publish a key at least 6 hours before it is first used for signing
|
1660
|
-
# and will keep publishing it for at least 6 hours after it was last used for
|
1661
|
-
# signing. Public keys for all service accounts are also published at the OAuth2
|
1662
|
-
# Service Account API.
|
1663
|
-
# Corresponds to the JSON property `serviceAccountKey`
|
1664
|
-
# @return [Google::Apis::IamV1::ServiceAccountKey]
|
1665
|
-
attr_accessor :service_account_key
|
1666
|
-
|
1667
|
-
# Required. The update mask to apply to the service account key. Only the
|
1668
|
-
# following fields are eligible for patching: - contact - description
|
1669
|
-
# Corresponds to the JSON property `updateMask`
|
1670
|
-
# @return [String]
|
1671
|
-
attr_accessor :update_mask
|
1672
|
-
|
1673
|
-
def initialize(**args)
|
1674
|
-
update!(**args)
|
1675
|
-
end
|
1676
|
-
|
1677
|
-
# Update properties of this object
|
1678
|
-
def update!(**args)
|
1679
|
-
@service_account_key = args[:service_account_key] if args.key?(:service_account_key)
|
1680
|
-
@update_mask = args[:update_mask] if args.key?(:update_mask)
|
1681
|
-
end
|
1682
|
-
end
|
1683
|
-
|
1684
1645
|
# The service account patch request. You can patch only the `display_name` and `
|
1685
1646
|
# description` fields. You must use the `update_mask` field to specify which of
|
1686
1647
|
# these fields you want to patch. Only the fields specified in the request are
|
@@ -1731,8 +1692,7 @@ module Google
|
|
1731
1692
|
# @return [String]
|
1732
1693
|
attr_accessor :custom_roles_support_level
|
1733
1694
|
|
1734
|
-
# A brief description of what this Permission is used for.
|
1735
|
-
# ONLY be used in predefined roles.
|
1695
|
+
# A brief description of what this Permission is used for.
|
1736
1696
|
# Corresponds to the JSON property `description`
|
1737
1697
|
# @return [String]
|
1738
1698
|
attr_accessor :description
|
@@ -1975,7 +1935,7 @@ module Google
|
|
1975
1935
|
attr_accessor :full_resource_name
|
1976
1936
|
|
1977
1937
|
# Optional limit on the number of roles to include in the response. The default
|
1978
|
-
# is 300, and the maximum is
|
1938
|
+
# is 300, and the maximum is 2,000.
|
1979
1939
|
# Corresponds to the JSON property `pageSize`
|
1980
1940
|
# @return [Fixnum]
|
1981
1941
|
attr_accessor :page_size
|
@@ -2321,23 +2281,6 @@ module Google
|
|
2321
2281
|
class ServiceAccountKey
|
2322
2282
|
include Google::Apis::Core::Hashable
|
2323
2283
|
|
2324
|
-
# Optional. A user provided email address as the point of contact for this
|
2325
|
-
# service account key. Must be an email address. Limit 64 characters.
|
2326
|
-
# Corresponds to the JSON property `contact`
|
2327
|
-
# @return [String]
|
2328
|
-
attr_accessor :contact
|
2329
|
-
|
2330
|
-
# Output only. The cloud identity that created this service account key.
|
2331
|
-
# Populated automatically when the key is created and not editable by the user.
|
2332
|
-
# Corresponds to the JSON property `creator`
|
2333
|
-
# @return [String]
|
2334
|
-
attr_accessor :creator
|
2335
|
-
|
2336
|
-
# Optional. A user provided description of this service account key.
|
2337
|
-
# Corresponds to the JSON property `description`
|
2338
|
-
# @return [String]
|
2339
|
-
attr_accessor :description
|
2340
|
-
|
2341
2284
|
# Output only. optional. If the key is disabled, it may have a DisableReason
|
2342
2285
|
# describing why it was disabled.
|
2343
2286
|
# Corresponds to the JSON property `disableReason`
|
@@ -2421,9 +2364,6 @@ module Google
|
|
2421
2364
|
|
2422
2365
|
# Update properties of this object
|
2423
2366
|
def update!(**args)
|
2424
|
-
@contact = args[:contact] if args.key?(:contact)
|
2425
|
-
@creator = args[:creator] if args.key?(:creator)
|
2426
|
-
@description = args[:description] if args.key?(:description)
|
2427
2367
|
@disable_reason = args[:disable_reason] if args.key?(:disable_reason)
|
2428
2368
|
@disabled = args[:disabled] if args.key?(:disabled)
|
2429
2369
|
@extended_status = args[:extended_status] if args.key?(:extended_status)
|
@@ -2890,21 +2830,22 @@ module Google
|
|
2890
2830
|
# @return [Google::Apis::IamV1::AccessRestrictions]
|
2891
2831
|
attr_accessor :access_restrictions
|
2892
2832
|
|
2893
|
-
# A user-specified description of the pool. Cannot exceed 256
|
2833
|
+
# Optional. A user-specified description of the pool. Cannot exceed 256
|
2834
|
+
# characters.
|
2894
2835
|
# Corresponds to the JSON property `description`
|
2895
2836
|
# @return [String]
|
2896
2837
|
attr_accessor :description
|
2897
2838
|
|
2898
|
-
# Disables the workforce pool. You cannot use a disabled pool to
|
2899
|
-
# or use existing tokens to access resources. If the pool is re-
|
2900
|
-
# existing tokens grant access again.
|
2839
|
+
# Optional. Disables the workforce pool. You cannot use a disabled pool to
|
2840
|
+
# exchange tokens, or use existing tokens to access resources. If the pool is re-
|
2841
|
+
# enabled, existing tokens grant access again.
|
2901
2842
|
# Corresponds to the JSON property `disabled`
|
2902
2843
|
# @return [Boolean]
|
2903
2844
|
attr_accessor :disabled
|
2904
2845
|
alias_method :disabled?, :disabled
|
2905
2846
|
|
2906
|
-
# A user-specified display name of the pool in Google Cloud Console.
|
2907
|
-
# exceed 32 characters.
|
2847
|
+
# Optional. A user-specified display name of the pool in Google Cloud Console.
|
2848
|
+
# Cannot exceed 32 characters.
|
2908
2849
|
# Corresponds to the JSON property `displayName`
|
2909
2850
|
# @return [String]
|
2910
2851
|
attr_accessor :display_name
|
@@ -2926,12 +2867,13 @@ module Google
|
|
2926
2867
|
# @return [String]
|
2927
2868
|
attr_accessor :parent
|
2928
2869
|
|
2929
|
-
# Duration that the Google Cloud access tokens, console sign-in
|
2930
|
-
# gcloud` sign-in sessions from this pool are valid. Must be
|
2931
|
-
# minutes (900s) and less than 12 hours (43200s). If `
|
2932
|
-
# configured, minted credentials have a default
|
2933
|
-
# For SAML providers, the lifetime of the token is
|
2934
|
-
# session_duration` and the `SessionNotOnOrAfter` claim in
|
2870
|
+
# Optional. Duration that the Google Cloud access tokens, console sign-in
|
2871
|
+
# sessions, and `gcloud` sign-in sessions from this pool are valid. Must be
|
2872
|
+
# greater than 15 minutes (900s) and less than 12 hours (43200s). If `
|
2873
|
+
# session_duration` is not configured, minted credentials have a default
|
2874
|
+
# duration of one hour (3600s). For SAML providers, the lifetime of the token is
|
2875
|
+
# the minimum of the `session_duration` and the `SessionNotOnOrAfter` claim in
|
2876
|
+
# the SAML assertion.
|
2935
2877
|
# Corresponds to the JSON property `sessionDuration`
|
2936
2878
|
# @return [String]
|
2937
2879
|
attr_accessor :session_duration
|
@@ -2963,20 +2905,20 @@ module Google
|
|
2963
2905
|
class WorkforcePoolProvider
|
2964
2906
|
include Google::Apis::Core::Hashable
|
2965
2907
|
|
2966
|
-
# A [Common Expression Language](https://opensource.google/projects/
|
2967
|
-
# expression, in plain text, to restrict what otherwise valid
|
2968
|
-
# credentials issued by the provider should not be accepted. The
|
2969
|
-
# output a boolean representing whether to allow the federation.
|
2970
|
-
# keywords may be referenced in the expressions: * `assertion`:
|
2971
|
-
# representing the authentication credential issued by the provider. * `
|
2972
|
-
# The Google attributes mapped from the assertion in the `
|
2973
|
-
# google.profile_photo`, `google.display_name` and `google.
|
2974
|
-
# not supported. * `attribute`: The custom attributes mapped
|
2975
|
-
# in the `attribute_mappings`. The maximum length of the
|
2976
|
-
# expression is 4096 characters. If unspecified, all valid
|
2977
|
-
# credentials will be accepted. The following example shows how
|
2978
|
-
# credentials with a mapped `google.groups` value of `admins`: ```
|
2979
|
-
# google.groups" ```
|
2908
|
+
# Optional. A [Common Expression Language](https://opensource.google/projects/
|
2909
|
+
# cel) expression, in plain text, to restrict what otherwise valid
|
2910
|
+
# authentication credentials issued by the provider should not be accepted. The
|
2911
|
+
# expression must output a boolean representing whether to allow the federation.
|
2912
|
+
# The following keywords may be referenced in the expressions: * `assertion`:
|
2913
|
+
# JSON representing the authentication credential issued by the provider. * `
|
2914
|
+
# google`: The Google attributes mapped from the assertion in the `
|
2915
|
+
# attribute_mappings`. `google.profile_photo`, `google.display_name` and `google.
|
2916
|
+
# posix_username` are not supported. * `attribute`: The custom attributes mapped
|
2917
|
+
# from the assertion in the `attribute_mappings`. The maximum length of the
|
2918
|
+
# attribute condition expression is 4096 characters. If unspecified, all valid
|
2919
|
+
# authentication credentials will be accepted. The following example shows how
|
2920
|
+
# to only allow credentials with a mapped `google.groups` value of `admins`: ```
|
2921
|
+
# "'admins' in google.groups" ```
|
2980
2922
|
# Corresponds to the JSON property `attributeCondition`
|
2981
2923
|
# @return [String]
|
2982
2924
|
attr_accessor :attribute_condition
|
@@ -3026,19 +2968,21 @@ module Google
|
|
3026
2968
|
# @return [Hash<String,String>]
|
3027
2969
|
attr_accessor :attribute_mapping
|
3028
2970
|
|
3029
|
-
# A user-specified description of the provider. Cannot exceed 256
|
2971
|
+
# Optional. A user-specified description of the provider. Cannot exceed 256
|
2972
|
+
# characters.
|
3030
2973
|
# Corresponds to the JSON property `description`
|
3031
2974
|
# @return [String]
|
3032
2975
|
attr_accessor :description
|
3033
2976
|
|
3034
|
-
# Disables the workforce pool provider. You cannot use a disabled
|
3035
|
-
# exchange tokens. However, existing tokens still grant access.
|
2977
|
+
# Optional. Disables the workforce pool provider. You cannot use a disabled
|
2978
|
+
# provider to exchange tokens. However, existing tokens still grant access.
|
3036
2979
|
# Corresponds to the JSON property `disabled`
|
3037
2980
|
# @return [Boolean]
|
3038
2981
|
attr_accessor :disabled
|
3039
2982
|
alias_method :disabled?, :disabled
|
3040
2983
|
|
3041
|
-
# A user-specified display name for the provider. Cannot exceed 32
|
2984
|
+
# Optional. A user-specified display name for the provider. Cannot exceed 32
|
2985
|
+
# characters.
|
3042
2986
|
# Corresponds to the JSON property `displayName`
|
3043
2987
|
# @return [String]
|
3044
2988
|
attr_accessor :display_name
|
@@ -3151,20 +3095,20 @@ module Google
|
|
3151
3095
|
class WorkloadIdentityPool
|
3152
3096
|
include Google::Apis::Core::Hashable
|
3153
3097
|
|
3154
|
-
# A description of the pool. Cannot exceed 256 characters.
|
3098
|
+
# Optional. A description of the pool. Cannot exceed 256 characters.
|
3155
3099
|
# Corresponds to the JSON property `description`
|
3156
3100
|
# @return [String]
|
3157
3101
|
attr_accessor :description
|
3158
3102
|
|
3159
|
-
# Whether the pool is disabled. You cannot use a disabled pool to
|
3160
|
-
# tokens, or use existing tokens to access resources. If the pool is re-
|
3161
|
-
# existing tokens grant access again.
|
3103
|
+
# Optional. Whether the pool is disabled. You cannot use a disabled pool to
|
3104
|
+
# exchange tokens, or use existing tokens to access resources. If the pool is re-
|
3105
|
+
# enabled, existing tokens grant access again.
|
3162
3106
|
# Corresponds to the JSON property `disabled`
|
3163
3107
|
# @return [Boolean]
|
3164
3108
|
attr_accessor :disabled
|
3165
3109
|
alias_method :disabled?, :disabled
|
3166
3110
|
|
3167
|
-
# A display name for the pool. Cannot exceed 32 characters.
|
3111
|
+
# Optional. A display name for the pool. Cannot exceed 32 characters.
|
3168
3112
|
# Corresponds to the JSON property `displayName`
|
3169
3113
|
# @return [String]
|
3170
3114
|
attr_accessor :display_name
|
@@ -3217,59 +3161,61 @@ module Google
|
|
3217
3161
|
class WorkloadIdentityPoolProvider
|
3218
3162
|
include Google::Apis::Core::Hashable
|
3219
3163
|
|
3220
|
-
# [A Common Expression Language](https://opensource.google/projects/
|
3221
|
-
# expression, in plain text, to restrict what otherwise valid
|
3222
|
-
# credentials issued by the provider should not be accepted. The
|
3223
|
-
# output a boolean representing whether to allow the federation.
|
3224
|
-
# keywords may be referenced in the expressions: * `assertion`:
|
3225
|
-
# representing the authentication credential issued by the provider. * `
|
3226
|
-
# The Google attributes mapped from the assertion in the `
|
3227
|
-
# `attribute`: The custom attributes mapped from the
|
3228
|
-
# attribute_mappings`. The maximum length of the attribute
|
3229
|
-
# is 4096 characters. If unspecified, all valid
|
3230
|
-
# accepted. The following example shows how to
|
3231
|
-
# mapped `google.groups` value of `admins`: ``` "'
|
3164
|
+
# Optional. [A Common Expression Language](https://opensource.google/projects/
|
3165
|
+
# cel) expression, in plain text, to restrict what otherwise valid
|
3166
|
+
# authentication credentials issued by the provider should not be accepted. The
|
3167
|
+
# expression must output a boolean representing whether to allow the federation.
|
3168
|
+
# The following keywords may be referenced in the expressions: * `assertion`:
|
3169
|
+
# JSON representing the authentication credential issued by the provider. * `
|
3170
|
+
# google`: The Google attributes mapped from the assertion in the `
|
3171
|
+
# attribute_mappings`. * `attribute`: The custom attributes mapped from the
|
3172
|
+
# assertion in the `attribute_mappings`. The maximum length of the attribute
|
3173
|
+
# condition expression is 4096 characters. If unspecified, all valid
|
3174
|
+
# authentication credential are accepted. The following example shows how to
|
3175
|
+
# only allow credentials with a mapped `google.groups` value of `admins`: ``` "'
|
3176
|
+
# admins' in google.groups" ```
|
3232
3177
|
# Corresponds to the JSON property `attributeCondition`
|
3233
3178
|
# @return [String]
|
3234
3179
|
attr_accessor :attribute_condition
|
3235
3180
|
|
3236
|
-
# Maps attributes from authentication credentials issued by an
|
3237
|
-
# identity provider to Google Cloud attributes, such as `subject` and `
|
3238
|
-
# Each key must be a string specifying the Google Cloud IAM attribute
|
3239
|
-
# The following keys are supported: * `google.subject`: The principal
|
3240
|
-
# authenticating. You can reference this value in IAM bindings. This is
|
3241
|
-
# subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. *
|
3242
|
-
# groups`: Groups the external identity belongs to. You can grant
|
3243
|
-
# to resources using an IAM `principalSet` binding; access applies
|
3244
|
-
# members of the group. You can also provide custom attributes by
|
3245
|
-
# attribute.`custom_attribute``, where ``custom_attribute`` is the
|
3246
|
-
# custom attribute to be mapped. You can define a maximum of 50
|
3247
|
-
# attributes. The maximum length of a mapped attribute key is 100
|
3248
|
-
# and the key may only contain the characters [a-z0-9_]. You can
|
3249
|
-
# attributes in IAM policies to define fine-grained access for a
|
3250
|
-
# Google Cloud resources. For example: * `google.subject`: `
|
3251
|
-
# googleapis.com/projects/`project`/locations/`location`/
|
3252
|
-
# pool`/subject/`value`` * `google.groups`: `principalSet
|
3253
|
-
# projects/`project`/locations/`location`/
|
3254
|
-
# value`` * `attribute.`custom_attribute``: `
|
3255
|
-
# projects/`project`/locations/`location`/
|
3256
|
-
#
|
3257
|
-
# https://opensource.google/projects/cel)
|
3258
|
-
#
|
3259
|
-
# map key. You can use the `assertion`
|
3260
|
-
#
|
3261
|
-
#
|
3262
|
-
#
|
3263
|
-
#
|
3264
|
-
# mapping applies: ``` ` "
|
3265
|
-
# "assertion.arn.
|
3266
|
-
#
|
3267
|
-
# assumed-role
|
3268
|
-
# mappings are defined, they must
|
3269
|
-
# attribute. For OIDC providers, you
|
3270
|
-
#
|
3271
|
-
#
|
3272
|
-
# token: ``` `"google.subject":
|
3181
|
+
# Optional. Maps attributes from authentication credentials issued by an
|
3182
|
+
# external identity provider to Google Cloud attributes, such as `subject` and `
|
3183
|
+
# segment`. Each key must be a string specifying the Google Cloud IAM attribute
|
3184
|
+
# to map to. The following keys are supported: * `google.subject`: The principal
|
3185
|
+
# IAM is authenticating. You can reference this value in IAM bindings. This is
|
3186
|
+
# also the subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. *
|
3187
|
+
# `google.groups`: Groups the external identity belongs to. You can grant
|
3188
|
+
# groups access to resources using an IAM `principalSet` binding; access applies
|
3189
|
+
# to all members of the group. You can also provide custom attributes by
|
3190
|
+
# specifying `attribute.`custom_attribute``, where ``custom_attribute`` is the
|
3191
|
+
# name of the custom attribute to be mapped. You can define a maximum of 50
|
3192
|
+
# custom attributes. The maximum length of a mapped attribute key is 100
|
3193
|
+
# characters, and the key may only contain the characters [a-z0-9_]. You can
|
3194
|
+
# reference these attributes in IAM policies to define fine-grained access for a
|
3195
|
+
# workload to Google Cloud resources. For example: * `google.subject`: `
|
3196
|
+
# principal://iam.googleapis.com/projects/`project`/locations/`location`/
|
3197
|
+
# workloadIdentityPools/`pool`/subject/`value`` * `google.groups`: `principalSet:
|
3198
|
+
# //iam.googleapis.com/projects/`project`/locations/`location`/
|
3199
|
+
# workloadIdentityPools/`pool`/group/`value`` * `attribute.`custom_attribute``: `
|
3200
|
+
# principalSet://iam.googleapis.com/projects/`project`/locations/`location`/
|
3201
|
+
# workloadIdentityPools/`pool`/attribute.`custom_attribute`/`value`` Each value
|
3202
|
+
# must be a [Common Expression Language] (https://opensource.google/projects/cel)
|
3203
|
+
# function that maps an identity provider credential to the normalized
|
3204
|
+
# attribute specified by the corresponding map key. You can use the `assertion`
|
3205
|
+
# keyword in the expression to access a JSON representation of the
|
3206
|
+
# authentication credential issued by the provider. The maximum length of an
|
3207
|
+
# attribute mapping expression is 2048 characters. When evaluated, the total
|
3208
|
+
# size of all mapped attributes must not exceed 8KB. For AWS providers, if no
|
3209
|
+
# attribute mapping is defined, the following default mapping applies: ``` ` "
|
3210
|
+
# google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains(
|
3211
|
+
# 'assumed-role')" " ? assertion.arn.extract('`account_arn`assumed-role/')" " + '
|
3212
|
+
# assumed-role/'" " + assertion.arn.extract('assumed-role/`role_name`/')" " :
|
3213
|
+
# assertion.arn", ` ``` If any custom attribute mappings are defined, they must
|
3214
|
+
# include a mapping to the `google.subject` attribute. For OIDC providers, you
|
3215
|
+
# must supply a custom mapping, which must include the `google.subject`
|
3216
|
+
# attribute. For example, the following maps the `sub` claim of the incoming
|
3217
|
+
# credential to the `subject` attribute on a Google token: ``` `"google.subject":
|
3218
|
+
# "assertion.sub"` ```
|
3273
3219
|
# Corresponds to the JSON property `attributeMapping`
|
3274
3220
|
# @return [Hash<String,String>]
|
3275
3221
|
attr_accessor :attribute_mapping
|
@@ -3279,19 +3225,19 @@ module Google
|
|
3279
3225
|
# @return [Google::Apis::IamV1::Aws]
|
3280
3226
|
attr_accessor :aws
|
3281
3227
|
|
3282
|
-
# A description for the provider. Cannot exceed 256 characters.
|
3228
|
+
# Optional. A description for the provider. Cannot exceed 256 characters.
|
3283
3229
|
# Corresponds to the JSON property `description`
|
3284
3230
|
# @return [String]
|
3285
3231
|
attr_accessor :description
|
3286
3232
|
|
3287
|
-
# Whether the provider is disabled. You cannot use a disabled provider
|
3288
|
-
# exchange tokens. However, existing tokens still grant access.
|
3233
|
+
# Optional. Whether the provider is disabled. You cannot use a disabled provider
|
3234
|
+
# to exchange tokens. However, existing tokens still grant access.
|
3289
3235
|
# Corresponds to the JSON property `disabled`
|
3290
3236
|
# @return [Boolean]
|
3291
3237
|
attr_accessor :disabled
|
3292
3238
|
alias_method :disabled?, :disabled
|
3293
3239
|
|
3294
|
-
# A display name for the provider. Cannot exceed 32 characters.
|
3240
|
+
# Optional. A display name for the provider. Cannot exceed 32 characters.
|
3295
3241
|
# Corresponds to the JSON property `displayName`
|
3296
3242
|
# @return [String]
|
3297
3243
|
attr_accessor :display_name
|
@@ -16,13 +16,13 @@ module Google
|
|
16
16
|
module Apis
|
17
17
|
module IamV1
|
18
18
|
# Version of the google-apis-iam_v1 gem
|
19
|
-
GEM_VERSION = "0.
|
19
|
+
GEM_VERSION = "0.62.0"
|
20
20
|
|
21
21
|
# Version of the code generator used to generate this client
|
22
|
-
GENERATOR_VERSION = "0.15.
|
22
|
+
GENERATOR_VERSION = "0.15.1"
|
23
23
|
|
24
24
|
# Revision of the discovery document this client was generated from
|
25
|
-
REVISION = "
|
25
|
+
REVISION = "20241114"
|
26
26
|
end
|
27
27
|
end
|
28
28
|
end
|
@@ -310,12 +310,6 @@ module Google
|
|
310
310
|
include Google::Apis::Core::JsonObjectSupport
|
311
311
|
end
|
312
312
|
|
313
|
-
class PatchServiceAccountKeyRequest
|
314
|
-
class Representation < Google::Apis::Core::JsonRepresentation; end
|
315
|
-
|
316
|
-
include Google::Apis::Core::JsonObjectSupport
|
317
|
-
end
|
318
|
-
|
319
313
|
class PatchServiceAccountRequest
|
320
314
|
class Representation < Google::Apis::Core::JsonRepresentation; end
|
321
315
|
|
@@ -1011,15 +1005,6 @@ module Google
|
|
1011
1005
|
end
|
1012
1006
|
end
|
1013
1007
|
|
1014
|
-
class PatchServiceAccountKeyRequest
|
1015
|
-
# @private
|
1016
|
-
class Representation < Google::Apis::Core::JsonRepresentation
|
1017
|
-
property :service_account_key, as: 'serviceAccountKey', class: Google::Apis::IamV1::ServiceAccountKey, decorator: Google::Apis::IamV1::ServiceAccountKey::Representation
|
1018
|
-
|
1019
|
-
property :update_mask, as: 'updateMask'
|
1020
|
-
end
|
1021
|
-
end
|
1022
|
-
|
1023
1008
|
class PatchServiceAccountRequest
|
1024
1009
|
# @private
|
1025
1010
|
class Representation < Google::Apis::Core::JsonRepresentation
|
@@ -1169,9 +1154,6 @@ module Google
|
|
1169
1154
|
class ServiceAccountKey
|
1170
1155
|
# @private
|
1171
1156
|
class Representation < Google::Apis::Core::JsonRepresentation
|
1172
|
-
property :contact, as: 'contact'
|
1173
|
-
property :creator, as: 'creator'
|
1174
|
-
property :description, as: 'description'
|
1175
1157
|
property :disable_reason, as: 'disableReason'
|
1176
1158
|
property :disabled, as: 'disabled'
|
1177
1159
|
collection :extended_status, as: 'extendedStatus', class: Google::Apis::IamV1::ExtendedStatus, decorator: Google::Apis::IamV1::ExtendedStatus::Representation
|
@@ -123,14 +123,14 @@ module Google
|
|
123
123
|
# Creates a new WorkforcePool. You cannot reuse the name of a deleted pool until
|
124
124
|
# 30 days after deletion.
|
125
125
|
# @param [String] location
|
126
|
-
# The location of the pool to create. Format: `locations/`location``.
|
126
|
+
# Optional. The location of the pool to create. Format: `locations/`location``.
|
127
127
|
# @param [Google::Apis::IamV1::WorkforcePool] workforce_pool_object
|
128
128
|
# @param [String] workforce_pool_id
|
129
|
-
# The ID to use for the pool, which becomes the final component of the
|
130
|
-
# name. The IDs must be a globally unique string of 6 to 63 lowercase
|
131
|
-
# digits, or hyphens. It must start with a letter, and cannot have a
|
132
|
-
# hyphen. The prefix `gcp-` is reserved for use by Google, and may not
|
133
|
-
# specified.
|
129
|
+
# Optional. The ID to use for the pool, which becomes the final component of the
|
130
|
+
# resource name. The IDs must be a globally unique string of 6 to 63 lowercase
|
131
|
+
# letters, digits, or hyphens. It must start with a letter, and cannot have a
|
132
|
+
# trailing hyphen. The prefix `gcp-` is reserved for use by Google, and may not
|
133
|
+
# be specified.
|
134
134
|
# @param [String] fields
|
135
135
|
# Selector specifying which fields to include in a partial response.
|
136
136
|
# @param [String] quota_user
|
@@ -1112,10 +1112,13 @@ module Google
|
|
1112
1112
|
# occur immediately: * You cannot bind a principal to the custom role in an IAM
|
1113
1113
|
# Policy. * Existing bindings to the custom role are not changed, but they have
|
1114
1114
|
# no effect. * By default, the response from ListRoles does not include the
|
1115
|
-
# custom role.
|
1116
|
-
#
|
1117
|
-
#
|
1118
|
-
#
|
1115
|
+
# custom role. A deleted custom role still counts toward the [custom role limit](
|
1116
|
+
# https://cloud.google.com/iam/help/limits) until it is permanently deleted. You
|
1117
|
+
# have 7 days to undelete the custom role. After 7 days, the following changes
|
1118
|
+
# occur: * The custom role is permanently deleted and cannot be recovered. * If
|
1119
|
+
# an IAM policy contains a binding to the custom role, the binding is
|
1120
|
+
# permanently removed. * The custom role no longer counts toward your custom
|
1121
|
+
# role limit.
|
1119
1122
|
# @param [String] name
|
1120
1123
|
# The `name` parameter's value depends on the target resource for the request,
|
1121
1124
|
# namely [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects.
|
@@ -1570,8 +1573,8 @@ module Google
|
|
1570
1573
|
|
1571
1574
|
# Updates an existing OauthClient.
|
1572
1575
|
# @param [String] name
|
1573
|
-
# Immutable. The resource name of the OauthClient. Format:`projects/`
|
1574
|
-
# locations/`location`/oauthClients/`oauth_client``.
|
1576
|
+
# Immutable. Identifier. The resource name of the OauthClient. Format:`projects/`
|
1577
|
+
# project`/locations/`location`/oauthClients/`oauth_client``.
|
1575
1578
|
# @param [Google::Apis::IamV1::OauthClient] oauth_client_object
|
1576
1579
|
# @param [String] update_mask
|
1577
1580
|
# Required. The list of fields to update.
|
@@ -1775,9 +1778,9 @@ module Google
|
|
1775
1778
|
|
1776
1779
|
# Updates an existing OauthClientCredential.
|
1777
1780
|
# @param [String] name
|
1778
|
-
# Immutable. The resource name of the OauthClientCredential. Format:
|
1779
|
-
# project`/locations/`location`/oauthClients/`oauth_client`/
|
1780
|
-
# credential``
|
1781
|
+
# Immutable. Identifier. The resource name of the OauthClientCredential. Format:
|
1782
|
+
# `projects/`project`/locations/`location`/oauthClients/`oauth_client`/
|
1783
|
+
# credentials/`credential``
|
1781
1784
|
# @param [Google::Apis::IamV1::OauthClientCredential] oauth_client_credential_object
|
1782
1785
|
# @param [String] update_mask
|
1783
1786
|
# Required. The list of fields to update.
|
@@ -2658,10 +2661,13 @@ module Google
|
|
2658
2661
|
# occur immediately: * You cannot bind a principal to the custom role in an IAM
|
2659
2662
|
# Policy. * Existing bindings to the custom role are not changed, but they have
|
2660
2663
|
# no effect. * By default, the response from ListRoles does not include the
|
2661
|
-
# custom role.
|
2662
|
-
#
|
2663
|
-
#
|
2664
|
-
#
|
2664
|
+
# custom role. A deleted custom role still counts toward the [custom role limit](
|
2665
|
+
# https://cloud.google.com/iam/help/limits) until it is permanently deleted. You
|
2666
|
+
# have 7 days to undelete the custom role. After 7 days, the following changes
|
2667
|
+
# occur: * The custom role is permanently deleted and cannot be recovered. * If
|
2668
|
+
# an IAM policy contains a binding to the custom role, the binding is
|
2669
|
+
# permanently removed. * The custom role no longer counts toward your custom
|
2670
|
+
# role limit.
|
2665
2671
|
# @param [String] name
|
2666
2672
|
# The `name` parameter's value depends on the target resource for the request,
|
2667
2673
|
# namely [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects.
|
@@ -3806,40 +3812,6 @@ module Google
|
|
3806
3812
|
execute_or_queue_command(command, &block)
|
3807
3813
|
end
|
3808
3814
|
|
3809
|
-
# Patches a ServiceAccountKey.
|
3810
|
-
# @param [String] name
|
3811
|
-
# The resource name of the service account key in the following format `projects/
|
3812
|
-
# `PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``.
|
3813
|
-
# @param [Google::Apis::IamV1::PatchServiceAccountKeyRequest] patch_service_account_key_request_object
|
3814
|
-
# @param [String] fields
|
3815
|
-
# Selector specifying which fields to include in a partial response.
|
3816
|
-
# @param [String] quota_user
|
3817
|
-
# Available to use for quota purposes for server-side applications. Can be any
|
3818
|
-
# arbitrary string assigned to a user, but should not exceed 40 characters.
|
3819
|
-
# @param [Google::Apis::RequestOptions] options
|
3820
|
-
# Request-specific options
|
3821
|
-
#
|
3822
|
-
# @yield [result, err] Result & error if block supplied
|
3823
|
-
# @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object
|
3824
|
-
# @yieldparam err [StandardError] error object if request failed
|
3825
|
-
#
|
3826
|
-
# @return [Google::Apis::IamV1::ServiceAccountKey]
|
3827
|
-
#
|
3828
|
-
# @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
|
3829
|
-
# @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
|
3830
|
-
# @raise [Google::Apis::AuthorizationError] Authorization is required
|
3831
|
-
def patch_service_account_key(name, patch_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
|
3832
|
-
command = make_simple_command(:post, 'v1/{+name}:patch', options)
|
3833
|
-
command.request_representation = Google::Apis::IamV1::PatchServiceAccountKeyRequest::Representation
|
3834
|
-
command.request_object = patch_service_account_key_request_object
|
3835
|
-
command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
|
3836
|
-
command.response_class = Google::Apis::IamV1::ServiceAccountKey
|
3837
|
-
command.params['name'] = name unless name.nil?
|
3838
|
-
command.query['fields'] = fields unless fields.nil?
|
3839
|
-
command.query['quotaUser'] = quota_user unless quota_user.nil?
|
3840
|
-
execute_or_queue_command(command, &block)
|
3841
|
-
end
|
3842
|
-
|
3843
3815
|
# Uploads the public key portion of a key pair that you manage, and associates
|
3844
3816
|
# the public key with a ServiceAccount. After you upload the public key, you can
|
3845
3817
|
# use the private key from the key pair as a service account key.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: google-apis-iam_v1
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.62.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Google LLC
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-12-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: google-apis-core
|
@@ -59,7 +59,7 @@ licenses:
|
|
59
59
|
metadata:
|
60
60
|
bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
|
61
61
|
changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-iam_v1/CHANGELOG.md
|
62
|
-
documentation_uri: https://googleapis.dev/ruby/google-apis-iam_v1/v0.
|
62
|
+
documentation_uri: https://googleapis.dev/ruby/google-apis-iam_v1/v0.62.0
|
63
63
|
source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-iam_v1
|
64
64
|
post_install_message:
|
65
65
|
rdoc_options: []
|
@@ -76,7 +76,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
76
76
|
- !ruby/object:Gem::Version
|
77
77
|
version: '0'
|
78
78
|
requirements: []
|
79
|
-
rubygems_version: 3.5.
|
79
|
+
rubygems_version: 3.5.22
|
80
80
|
signing_key:
|
81
81
|
specification_version: 4
|
82
82
|
summary: Simple REST client for Identity and Access Management (IAM) API V1
|