google-apis-iam_v1 0.60.0 → 0.62.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7ce7696f487b577d098a11b1ee58da736f7509aaa76cf1230a4e5afb6e254033
4
- data.tar.gz: 1f1bf447e54e47f0fc48b3d5e2b4e551621e40699b9abf3e8a2bf3ac73ad5a74
3
+ metadata.gz: 483c848def6aa7b9d449918df38a05b46c2be902675df35291b57da6404224b6
4
+ data.tar.gz: 00211f6630169d8dc64c828b186990bee4b6edbf526d35a80c30cd3dbd73a825
5
5
  SHA512:
6
- metadata.gz: 0be6783c3b148a2d425fef6e358bde1b41c3c59b17c392c978fa677d16cd2c8aa6def8e25b903d33ca7d4697ebe2029a2cfe6f3f00e413cc5fae3fc58d73b811
7
- data.tar.gz: dbf8390439c27a89e83e434585ff37c4aa62c007702a113cd64f0dac52a5585ed6724ddd9122fb7a5020ae2cc8ad964e6a3685c28e30ccca02d9f5b80aa909c2
6
+ metadata.gz: ad8e7a4afab6c5cc4ca502dfc45d0f171d52afceca989320fc0ac82c01ec20ce91221be72e3be6d47fe8f4e6c647d1dda5072599c7301b7fd64e89d52f44d7f1
7
+ data.tar.gz: 97baa8e19bce026809fd8947cfe71e0fc4ec4c09d5bef75ad5571e900fadbbc33375eec99d1a8bb1e9bd4339438366ec3728a2bf95f8ae741910791a97028907
data/CHANGELOG.md CHANGED
@@ -1,5 +1,14 @@
1
1
  # Release history for google-apis-iam_v1
2
2
 
3
+ ### v0.62.0 (2024-12-02)
4
+
5
+ * Regenerated from discovery document revision 20241114
6
+ * Regenerated using generator version 0.15.1
7
+
8
+ ### v0.61.0 (2024-07-25)
9
+
10
+ * Regenerated from discovery document revision 20240722
11
+
3
12
  ### v0.60.0 (2024-06-23)
4
13
 
5
14
  * Regenerated from discovery document revision 20240617
@@ -752,13 +752,13 @@ module Google
752
752
  # @return [String]
753
753
  attr_accessor :issuer_uri
754
754
 
755
- # OIDC JWKs in JSON String format. For details on the definition of a JWK, see
756
- # https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the
757
- # discovery document(fetched from the .well-known path of the `issuer_uri`) will
758
- # be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use
759
- # following format and include only the following fields: ` "keys": [ ` "kty": "
760
- # RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": ""
761
- # , "crv": "" ` ] `
755
+ # Optional. OIDC JWKs in JSON String format. For details on the definition of a
756
+ # JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from
757
+ # the discovery document(fetched from the .well-known path of the `issuer_uri`)
758
+ # will be used. Currently, RSA and EC asymmetric keys are supported. The JWK
759
+ # must use following format and include only the following fields: ` "keys": [ `
760
+ # "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "",
761
+ # "y": "", "crv": "" ` ] `
762
762
  # Corresponds to the JSON property `jwksJson`
763
763
  # @return [String]
764
764
  attr_accessor :jwks_json
@@ -805,8 +805,9 @@ module Google
805
805
  class GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue
806
806
  include Google::Apis::Core::Hashable
807
807
 
808
- # Input only. The plain text of the client secret value. For security reasons,
809
- # this field is only used for input and will never be populated in any response.
808
+ # Optional. Input only. The plain text of the client secret value. For security
809
+ # reasons, this field is only used for input and will never be populated in any
810
+ # response.
810
811
  # Corresponds to the JSON property `plainText`
811
812
  # @return [String]
812
813
  attr_accessor :plain_text
@@ -831,9 +832,9 @@ module Google
831
832
  class GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig
832
833
  include Google::Apis::Core::Hashable
833
834
 
834
- # Additional scopes to request for in the OIDC authentication request on top of
835
- # scopes requested by default. By default, the `openid`, `profile` and `email`
836
- # scopes that are supported by the identity provider are requested. Each
835
+ # Optional. Additional scopes to request for in the OIDC authentication request
836
+ # on top of scopes requested by default. By default, the `openid`, `profile` and
837
+ # `email` scopes that are supported by the identity provider are requested. Each
837
838
  # additional scope may be at most 256 characters. A maximum of 10 additional
838
839
  # scopes may be configured.
839
840
  # Corresponds to the JSON property `additionalScopes`
@@ -1396,8 +1397,8 @@ module Google
1396
1397
  # @return [String]
1397
1398
  attr_accessor :expire_time
1398
1399
 
1399
- # Immutable. The resource name of the OauthClient. Format:`projects/`project`/
1400
- # locations/`location`/oauthClients/`oauth_client``.
1400
+ # Immutable. Identifier. The resource name of the OauthClient. Format:`projects/`
1401
+ # project`/locations/`location`/oauthClients/`oauth_client``.
1401
1402
  # Corresponds to the JSON property `name`
1402
1403
  # @return [String]
1403
1404
  attr_accessor :name
@@ -1455,9 +1456,9 @@ module Google
1455
1456
  # @return [String]
1456
1457
  attr_accessor :display_name
1457
1458
 
1458
- # Immutable. The resource name of the OauthClientCredential. Format: `projects/`
1459
- # project`/locations/`location`/oauthClients/`oauth_client`/credentials/`
1460
- # credential``
1459
+ # Immutable. Identifier. The resource name of the OauthClientCredential. Format:
1460
+ # `projects/`project`/locations/`location`/oauthClients/`oauth_client`/
1461
+ # credentials/`credential``
1461
1462
  # Corresponds to the JSON property `name`
1462
1463
  # @return [String]
1463
1464
  attr_accessor :name
@@ -1479,11 +1480,11 @@ module Google
1479
1480
  class Oidc
1480
1481
  include Google::Apis::Core::Hashable
1481
1482
 
1482
- # Acceptable values for the `aud` field (audience) in the OIDC token. Token
1483
- # exchange requests are rejected if the token audience does not match one of the
1484
- # configured values. Each audience may be at most 256 characters. A maximum of
1485
- # 10 audiences may be configured. If this list is empty, the OIDC token audience
1486
- # must be equal to the full canonical resource name of the
1483
+ # Optional. Acceptable values for the `aud` field (audience) in the OIDC token.
1484
+ # Token exchange requests are rejected if the token audience does not match one
1485
+ # of the configured values. Each audience may be at most 256 characters. A
1486
+ # maximum of 10 audiences may be configured. If this list is empty, the OIDC
1487
+ # token audience must be equal to the full canonical resource name of the
1487
1488
  # WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ``
1488
1489
  # ` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/
1489
1490
  # https://iam.googleapis.com/projects//locations//workloadIdentityPools//
@@ -1592,9 +1593,9 @@ module Google
1592
1593
  attr_accessor :api_version
1593
1594
 
1594
1595
  # Output only. Identifies whether the user has requested cancellation of the
1595
- # operation. Operations that have been cancelled successfully have Operation.
1596
- # error value with a google.rpc.Status.code of 1, corresponding to `Code.
1597
- # CANCELLED`.
1596
+ # operation. Operations that have been cancelled successfully have google.
1597
+ # longrunning.Operation.error value with a google.rpc.Status.code of `1`,
1598
+ # corresponding to `Code.CANCELLED`.
1598
1599
  # Corresponds to the JSON property `cancelRequested`
1599
1600
  # @return [Boolean]
1600
1601
  attr_accessor :cancel_requested
@@ -1641,46 +1642,6 @@ module Google
1641
1642
  end
1642
1643
  end
1643
1644
 
1644
- # The service account key patch request.
1645
- class PatchServiceAccountKeyRequest
1646
- include Google::Apis::Core::Hashable
1647
-
1648
- # Represents a service account key. A service account has two sets of key-pairs:
1649
- # user-managed, and system-managed. User-managed key-pairs can be created and
1650
- # deleted by users. Users are responsible for rotating these keys periodically
1651
- # to ensure security of their service accounts. Users retain the private key of
1652
- # these key-pairs, and Google retains ONLY the public key. System-managed keys
1653
- # are automatically rotated by Google, and are used for signing for a maximum of
1654
- # two weeks. The rotation process is probabilistic, and usage of the new key
1655
- # will gradually ramp up and down over the key's lifetime. If you cache the
1656
- # public key set for a service account, we recommend that you update the cache
1657
- # every 15 minutes. User-managed keys can be added and removed at any time, so
1658
- # it is important to update the cache frequently. For Google-managed keys,
1659
- # Google will publish a key at least 6 hours before it is first used for signing
1660
- # and will keep publishing it for at least 6 hours after it was last used for
1661
- # signing. Public keys for all service accounts are also published at the OAuth2
1662
- # Service Account API.
1663
- # Corresponds to the JSON property `serviceAccountKey`
1664
- # @return [Google::Apis::IamV1::ServiceAccountKey]
1665
- attr_accessor :service_account_key
1666
-
1667
- # Required. The update mask to apply to the service account key. Only the
1668
- # following fields are eligible for patching: - contact - description
1669
- # Corresponds to the JSON property `updateMask`
1670
- # @return [String]
1671
- attr_accessor :update_mask
1672
-
1673
- def initialize(**args)
1674
- update!(**args)
1675
- end
1676
-
1677
- # Update properties of this object
1678
- def update!(**args)
1679
- @service_account_key = args[:service_account_key] if args.key?(:service_account_key)
1680
- @update_mask = args[:update_mask] if args.key?(:update_mask)
1681
- end
1682
- end
1683
-
1684
1645
  # The service account patch request. You can patch only the `display_name` and `
1685
1646
  # description` fields. You must use the `update_mask` field to specify which of
1686
1647
  # these fields you want to patch. Only the fields specified in the request are
@@ -1731,8 +1692,7 @@ module Google
1731
1692
  # @return [String]
1732
1693
  attr_accessor :custom_roles_support_level
1733
1694
 
1734
- # A brief description of what this Permission is used for. This permission can
1735
- # ONLY be used in predefined roles.
1695
+ # A brief description of what this Permission is used for.
1736
1696
  # Corresponds to the JSON property `description`
1737
1697
  # @return [String]
1738
1698
  attr_accessor :description
@@ -1975,7 +1935,7 @@ module Google
1975
1935
  attr_accessor :full_resource_name
1976
1936
 
1977
1937
  # Optional limit on the number of roles to include in the response. The default
1978
- # is 300, and the maximum is 1,000.
1938
+ # is 300, and the maximum is 2,000.
1979
1939
  # Corresponds to the JSON property `pageSize`
1980
1940
  # @return [Fixnum]
1981
1941
  attr_accessor :page_size
@@ -2321,23 +2281,6 @@ module Google
2321
2281
  class ServiceAccountKey
2322
2282
  include Google::Apis::Core::Hashable
2323
2283
 
2324
- # Optional. A user provided email address as the point of contact for this
2325
- # service account key. Must be an email address. Limit 64 characters.
2326
- # Corresponds to the JSON property `contact`
2327
- # @return [String]
2328
- attr_accessor :contact
2329
-
2330
- # Output only. The cloud identity that created this service account key.
2331
- # Populated automatically when the key is created and not editable by the user.
2332
- # Corresponds to the JSON property `creator`
2333
- # @return [String]
2334
- attr_accessor :creator
2335
-
2336
- # Optional. A user provided description of this service account key.
2337
- # Corresponds to the JSON property `description`
2338
- # @return [String]
2339
- attr_accessor :description
2340
-
2341
2284
  # Output only. optional. If the key is disabled, it may have a DisableReason
2342
2285
  # describing why it was disabled.
2343
2286
  # Corresponds to the JSON property `disableReason`
@@ -2421,9 +2364,6 @@ module Google
2421
2364
 
2422
2365
  # Update properties of this object
2423
2366
  def update!(**args)
2424
- @contact = args[:contact] if args.key?(:contact)
2425
- @creator = args[:creator] if args.key?(:creator)
2426
- @description = args[:description] if args.key?(:description)
2427
2367
  @disable_reason = args[:disable_reason] if args.key?(:disable_reason)
2428
2368
  @disabled = args[:disabled] if args.key?(:disabled)
2429
2369
  @extended_status = args[:extended_status] if args.key?(:extended_status)
@@ -2890,21 +2830,22 @@ module Google
2890
2830
  # @return [Google::Apis::IamV1::AccessRestrictions]
2891
2831
  attr_accessor :access_restrictions
2892
2832
 
2893
- # A user-specified description of the pool. Cannot exceed 256 characters.
2833
+ # Optional. A user-specified description of the pool. Cannot exceed 256
2834
+ # characters.
2894
2835
  # Corresponds to the JSON property `description`
2895
2836
  # @return [String]
2896
2837
  attr_accessor :description
2897
2838
 
2898
- # Disables the workforce pool. You cannot use a disabled pool to exchange tokens,
2899
- # or use existing tokens to access resources. If the pool is re-enabled,
2900
- # existing tokens grant access again.
2839
+ # Optional. Disables the workforce pool. You cannot use a disabled pool to
2840
+ # exchange tokens, or use existing tokens to access resources. If the pool is re-
2841
+ # enabled, existing tokens grant access again.
2901
2842
  # Corresponds to the JSON property `disabled`
2902
2843
  # @return [Boolean]
2903
2844
  attr_accessor :disabled
2904
2845
  alias_method :disabled?, :disabled
2905
2846
 
2906
- # A user-specified display name of the pool in Google Cloud Console. Cannot
2907
- # exceed 32 characters.
2847
+ # Optional. A user-specified display name of the pool in Google Cloud Console.
2848
+ # Cannot exceed 32 characters.
2908
2849
  # Corresponds to the JSON property `displayName`
2909
2850
  # @return [String]
2910
2851
  attr_accessor :display_name
@@ -2926,12 +2867,13 @@ module Google
2926
2867
  # @return [String]
2927
2868
  attr_accessor :parent
2928
2869
 
2929
- # Duration that the Google Cloud access tokens, console sign-in sessions, and `
2930
- # gcloud` sign-in sessions from this pool are valid. Must be greater than 15
2931
- # minutes (900s) and less than 12 hours (43200s). If `session_duration` is not
2932
- # configured, minted credentials have a default duration of one hour (3600s).
2933
- # For SAML providers, the lifetime of the token is the minimum of the `
2934
- # session_duration` and the `SessionNotOnOrAfter` claim in the SAML assertion.
2870
+ # Optional. Duration that the Google Cloud access tokens, console sign-in
2871
+ # sessions, and `gcloud` sign-in sessions from this pool are valid. Must be
2872
+ # greater than 15 minutes (900s) and less than 12 hours (43200s). If `
2873
+ # session_duration` is not configured, minted credentials have a default
2874
+ # duration of one hour (3600s). For SAML providers, the lifetime of the token is
2875
+ # the minimum of the `session_duration` and the `SessionNotOnOrAfter` claim in
2876
+ # the SAML assertion.
2935
2877
  # Corresponds to the JSON property `sessionDuration`
2936
2878
  # @return [String]
2937
2879
  attr_accessor :session_duration
@@ -2963,20 +2905,20 @@ module Google
2963
2905
  class WorkforcePoolProvider
2964
2906
  include Google::Apis::Core::Hashable
2965
2907
 
2966
- # A [Common Expression Language](https://opensource.google/projects/cel)
2967
- # expression, in plain text, to restrict what otherwise valid authentication
2968
- # credentials issued by the provider should not be accepted. The expression must
2969
- # output a boolean representing whether to allow the federation. The following
2970
- # keywords may be referenced in the expressions: * `assertion`: JSON
2971
- # representing the authentication credential issued by the provider. * `google`:
2972
- # The Google attributes mapped from the assertion in the `attribute_mappings`. `
2973
- # google.profile_photo`, `google.display_name` and `google.posix_username` are
2974
- # not supported. * `attribute`: The custom attributes mapped from the assertion
2975
- # in the `attribute_mappings`. The maximum length of the attribute condition
2976
- # expression is 4096 characters. If unspecified, all valid authentication
2977
- # credentials will be accepted. The following example shows how to only allow
2978
- # credentials with a mapped `google.groups` value of `admins`: ``` "'admins' in
2979
- # google.groups" ```
2908
+ # Optional. A [Common Expression Language](https://opensource.google/projects/
2909
+ # cel) expression, in plain text, to restrict what otherwise valid
2910
+ # authentication credentials issued by the provider should not be accepted. The
2911
+ # expression must output a boolean representing whether to allow the federation.
2912
+ # The following keywords may be referenced in the expressions: * `assertion`:
2913
+ # JSON representing the authentication credential issued by the provider. * `
2914
+ # google`: The Google attributes mapped from the assertion in the `
2915
+ # attribute_mappings`. `google.profile_photo`, `google.display_name` and `google.
2916
+ # posix_username` are not supported. * `attribute`: The custom attributes mapped
2917
+ # from the assertion in the `attribute_mappings`. The maximum length of the
2918
+ # attribute condition expression is 4096 characters. If unspecified, all valid
2919
+ # authentication credentials will be accepted. The following example shows how
2920
+ # to only allow credentials with a mapped `google.groups` value of `admins`: ```
2921
+ # "'admins' in google.groups" ```
2980
2922
  # Corresponds to the JSON property `attributeCondition`
2981
2923
  # @return [String]
2982
2924
  attr_accessor :attribute_condition
@@ -3026,19 +2968,21 @@ module Google
3026
2968
  # @return [Hash<String,String>]
3027
2969
  attr_accessor :attribute_mapping
3028
2970
 
3029
- # A user-specified description of the provider. Cannot exceed 256 characters.
2971
+ # Optional. A user-specified description of the provider. Cannot exceed 256
2972
+ # characters.
3030
2973
  # Corresponds to the JSON property `description`
3031
2974
  # @return [String]
3032
2975
  attr_accessor :description
3033
2976
 
3034
- # Disables the workforce pool provider. You cannot use a disabled provider to
3035
- # exchange tokens. However, existing tokens still grant access.
2977
+ # Optional. Disables the workforce pool provider. You cannot use a disabled
2978
+ # provider to exchange tokens. However, existing tokens still grant access.
3036
2979
  # Corresponds to the JSON property `disabled`
3037
2980
  # @return [Boolean]
3038
2981
  attr_accessor :disabled
3039
2982
  alias_method :disabled?, :disabled
3040
2983
 
3041
- # A user-specified display name for the provider. Cannot exceed 32 characters.
2984
+ # Optional. A user-specified display name for the provider. Cannot exceed 32
2985
+ # characters.
3042
2986
  # Corresponds to the JSON property `displayName`
3043
2987
  # @return [String]
3044
2988
  attr_accessor :display_name
@@ -3151,20 +3095,20 @@ module Google
3151
3095
  class WorkloadIdentityPool
3152
3096
  include Google::Apis::Core::Hashable
3153
3097
 
3154
- # A description of the pool. Cannot exceed 256 characters.
3098
+ # Optional. A description of the pool. Cannot exceed 256 characters.
3155
3099
  # Corresponds to the JSON property `description`
3156
3100
  # @return [String]
3157
3101
  attr_accessor :description
3158
3102
 
3159
- # Whether the pool is disabled. You cannot use a disabled pool to exchange
3160
- # tokens, or use existing tokens to access resources. If the pool is re-enabled,
3161
- # existing tokens grant access again.
3103
+ # Optional. Whether the pool is disabled. You cannot use a disabled pool to
3104
+ # exchange tokens, or use existing tokens to access resources. If the pool is re-
3105
+ # enabled, existing tokens grant access again.
3162
3106
  # Corresponds to the JSON property `disabled`
3163
3107
  # @return [Boolean]
3164
3108
  attr_accessor :disabled
3165
3109
  alias_method :disabled?, :disabled
3166
3110
 
3167
- # A display name for the pool. Cannot exceed 32 characters.
3111
+ # Optional. A display name for the pool. Cannot exceed 32 characters.
3168
3112
  # Corresponds to the JSON property `displayName`
3169
3113
  # @return [String]
3170
3114
  attr_accessor :display_name
@@ -3217,59 +3161,61 @@ module Google
3217
3161
  class WorkloadIdentityPoolProvider
3218
3162
  include Google::Apis::Core::Hashable
3219
3163
 
3220
- # [A Common Expression Language](https://opensource.google/projects/cel)
3221
- # expression, in plain text, to restrict what otherwise valid authentication
3222
- # credentials issued by the provider should not be accepted. The expression must
3223
- # output a boolean representing whether to allow the federation. The following
3224
- # keywords may be referenced in the expressions: * `assertion`: JSON
3225
- # representing the authentication credential issued by the provider. * `google`:
3226
- # The Google attributes mapped from the assertion in the `attribute_mappings`. *
3227
- # `attribute`: The custom attributes mapped from the assertion in the `
3228
- # attribute_mappings`. The maximum length of the attribute condition expression
3229
- # is 4096 characters. If unspecified, all valid authentication credential are
3230
- # accepted. The following example shows how to only allow credentials with a
3231
- # mapped `google.groups` value of `admins`: ``` "'admins' in google.groups" ```
3164
+ # Optional. [A Common Expression Language](https://opensource.google/projects/
3165
+ # cel) expression, in plain text, to restrict what otherwise valid
3166
+ # authentication credentials issued by the provider should not be accepted. The
3167
+ # expression must output a boolean representing whether to allow the federation.
3168
+ # The following keywords may be referenced in the expressions: * `assertion`:
3169
+ # JSON representing the authentication credential issued by the provider. * `
3170
+ # google`: The Google attributes mapped from the assertion in the `
3171
+ # attribute_mappings`. * `attribute`: The custom attributes mapped from the
3172
+ # assertion in the `attribute_mappings`. The maximum length of the attribute
3173
+ # condition expression is 4096 characters. If unspecified, all valid
3174
+ # authentication credential are accepted. The following example shows how to
3175
+ # only allow credentials with a mapped `google.groups` value of `admins`: ``` "'
3176
+ # admins' in google.groups" ```
3232
3177
  # Corresponds to the JSON property `attributeCondition`
3233
3178
  # @return [String]
3234
3179
  attr_accessor :attribute_condition
3235
3180
 
3236
- # Maps attributes from authentication credentials issued by an external
3237
- # identity provider to Google Cloud attributes, such as `subject` and `segment`.
3238
- # Each key must be a string specifying the Google Cloud IAM attribute to map to.
3239
- # The following keys are supported: * `google.subject`: The principal IAM is
3240
- # authenticating. You can reference this value in IAM bindings. This is also the
3241
- # subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. * `google.
3242
- # groups`: Groups the external identity belongs to. You can grant groups access
3243
- # to resources using an IAM `principalSet` binding; access applies to all
3244
- # members of the group. You can also provide custom attributes by specifying `
3245
- # attribute.`custom_attribute``, where ``custom_attribute`` is the name of the
3246
- # custom attribute to be mapped. You can define a maximum of 50 custom
3247
- # attributes. The maximum length of a mapped attribute key is 100 characters,
3248
- # and the key may only contain the characters [a-z0-9_]. You can reference these
3249
- # attributes in IAM policies to define fine-grained access for a workload to
3250
- # Google Cloud resources. For example: * `google.subject`: `principal://iam.
3251
- # googleapis.com/projects/`project`/locations/`location`/workloadIdentityPools/`
3252
- # pool`/subject/`value`` * `google.groups`: `principalSet://iam.googleapis.com/
3253
- # projects/`project`/locations/`location`/workloadIdentityPools/`pool`/group/`
3254
- # value`` * `attribute.`custom_attribute``: `principalSet://iam.googleapis.com/
3255
- # projects/`project`/locations/`location`/workloadIdentityPools/`pool`/attribute.
3256
- # `custom_attribute`/`value`` Each value must be a [Common Expression Language] (
3257
- # https://opensource.google/projects/cel) function that maps an identity
3258
- # provider credential to the normalized attribute specified by the corresponding
3259
- # map key. You can use the `assertion` keyword in the expression to access a
3260
- # JSON representation of the authentication credential issued by the provider.
3261
- # The maximum length of an attribute mapping expression is 2048 characters. When
3262
- # evaluated, the total size of all mapped attributes must not exceed 8KB. For
3263
- # AWS providers, if no attribute mapping is defined, the following default
3264
- # mapping applies: ``` ` "google.subject":"assertion.arn", "attribute.aws_role":
3265
- # "assertion.arn.contains('assumed-role')" " ? assertion.arn.extract('`
3266
- # account_arn`assumed-role/')" " + 'assumed-role/'" " + assertion.arn.extract('
3267
- # assumed-role/`role_name`/')" " : assertion.arn", ` ``` If any custom attribute
3268
- # mappings are defined, they must include a mapping to the `google.subject`
3269
- # attribute. For OIDC providers, you must supply a custom mapping, which must
3270
- # include the `google.subject` attribute. For example, the following maps the `
3271
- # sub` claim of the incoming credential to the `subject` attribute on a Google
3272
- # token: ``` `"google.subject": "assertion.sub"` ```
3181
+ # Optional. Maps attributes from authentication credentials issued by an
3182
+ # external identity provider to Google Cloud attributes, such as `subject` and `
3183
+ # segment`. Each key must be a string specifying the Google Cloud IAM attribute
3184
+ # to map to. The following keys are supported: * `google.subject`: The principal
3185
+ # IAM is authenticating. You can reference this value in IAM bindings. This is
3186
+ # also the subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. *
3187
+ # `google.groups`: Groups the external identity belongs to. You can grant
3188
+ # groups access to resources using an IAM `principalSet` binding; access applies
3189
+ # to all members of the group. You can also provide custom attributes by
3190
+ # specifying `attribute.`custom_attribute``, where ``custom_attribute`` is the
3191
+ # name of the custom attribute to be mapped. You can define a maximum of 50
3192
+ # custom attributes. The maximum length of a mapped attribute key is 100
3193
+ # characters, and the key may only contain the characters [a-z0-9_]. You can
3194
+ # reference these attributes in IAM policies to define fine-grained access for a
3195
+ # workload to Google Cloud resources. For example: * `google.subject`: `
3196
+ # principal://iam.googleapis.com/projects/`project`/locations/`location`/
3197
+ # workloadIdentityPools/`pool`/subject/`value`` * `google.groups`: `principalSet:
3198
+ # //iam.googleapis.com/projects/`project`/locations/`location`/
3199
+ # workloadIdentityPools/`pool`/group/`value`` * `attribute.`custom_attribute``: `
3200
+ # principalSet://iam.googleapis.com/projects/`project`/locations/`location`/
3201
+ # workloadIdentityPools/`pool`/attribute.`custom_attribute`/`value`` Each value
3202
+ # must be a [Common Expression Language] (https://opensource.google/projects/cel)
3203
+ # function that maps an identity provider credential to the normalized
3204
+ # attribute specified by the corresponding map key. You can use the `assertion`
3205
+ # keyword in the expression to access a JSON representation of the
3206
+ # authentication credential issued by the provider. The maximum length of an
3207
+ # attribute mapping expression is 2048 characters. When evaluated, the total
3208
+ # size of all mapped attributes must not exceed 8KB. For AWS providers, if no
3209
+ # attribute mapping is defined, the following default mapping applies: ``` ` "
3210
+ # google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains(
3211
+ # 'assumed-role')" " ? assertion.arn.extract('`account_arn`assumed-role/')" " + '
3212
+ # assumed-role/'" " + assertion.arn.extract('assumed-role/`role_name`/')" " :
3213
+ # assertion.arn", ` ``` If any custom attribute mappings are defined, they must
3214
+ # include a mapping to the `google.subject` attribute. For OIDC providers, you
3215
+ # must supply a custom mapping, which must include the `google.subject`
3216
+ # attribute. For example, the following maps the `sub` claim of the incoming
3217
+ # credential to the `subject` attribute on a Google token: ``` `"google.subject":
3218
+ # "assertion.sub"` ```
3273
3219
  # Corresponds to the JSON property `attributeMapping`
3274
3220
  # @return [Hash<String,String>]
3275
3221
  attr_accessor :attribute_mapping
@@ -3279,19 +3225,19 @@ module Google
3279
3225
  # @return [Google::Apis::IamV1::Aws]
3280
3226
  attr_accessor :aws
3281
3227
 
3282
- # A description for the provider. Cannot exceed 256 characters.
3228
+ # Optional. A description for the provider. Cannot exceed 256 characters.
3283
3229
  # Corresponds to the JSON property `description`
3284
3230
  # @return [String]
3285
3231
  attr_accessor :description
3286
3232
 
3287
- # Whether the provider is disabled. You cannot use a disabled provider to
3288
- # exchange tokens. However, existing tokens still grant access.
3233
+ # Optional. Whether the provider is disabled. You cannot use a disabled provider
3234
+ # to exchange tokens. However, existing tokens still grant access.
3289
3235
  # Corresponds to the JSON property `disabled`
3290
3236
  # @return [Boolean]
3291
3237
  attr_accessor :disabled
3292
3238
  alias_method :disabled?, :disabled
3293
3239
 
3294
- # A display name for the provider. Cannot exceed 32 characters.
3240
+ # Optional. A display name for the provider. Cannot exceed 32 characters.
3295
3241
  # Corresponds to the JSON property `displayName`
3296
3242
  # @return [String]
3297
3243
  attr_accessor :display_name
@@ -16,13 +16,13 @@ module Google
16
16
  module Apis
17
17
  module IamV1
18
18
  # Version of the google-apis-iam_v1 gem
19
- GEM_VERSION = "0.60.0"
19
+ GEM_VERSION = "0.62.0"
20
20
 
21
21
  # Version of the code generator used to generate this client
22
- GENERATOR_VERSION = "0.15.0"
22
+ GENERATOR_VERSION = "0.15.1"
23
23
 
24
24
  # Revision of the discovery document this client was generated from
25
- REVISION = "20240617"
25
+ REVISION = "20241114"
26
26
  end
27
27
  end
28
28
  end
@@ -310,12 +310,6 @@ module Google
310
310
  include Google::Apis::Core::JsonObjectSupport
311
311
  end
312
312
 
313
- class PatchServiceAccountKeyRequest
314
- class Representation < Google::Apis::Core::JsonRepresentation; end
315
-
316
- include Google::Apis::Core::JsonObjectSupport
317
- end
318
-
319
313
  class PatchServiceAccountRequest
320
314
  class Representation < Google::Apis::Core::JsonRepresentation; end
321
315
 
@@ -1011,15 +1005,6 @@ module Google
1011
1005
  end
1012
1006
  end
1013
1007
 
1014
- class PatchServiceAccountKeyRequest
1015
- # @private
1016
- class Representation < Google::Apis::Core::JsonRepresentation
1017
- property :service_account_key, as: 'serviceAccountKey', class: Google::Apis::IamV1::ServiceAccountKey, decorator: Google::Apis::IamV1::ServiceAccountKey::Representation
1018
-
1019
- property :update_mask, as: 'updateMask'
1020
- end
1021
- end
1022
-
1023
1008
  class PatchServiceAccountRequest
1024
1009
  # @private
1025
1010
  class Representation < Google::Apis::Core::JsonRepresentation
@@ -1169,9 +1154,6 @@ module Google
1169
1154
  class ServiceAccountKey
1170
1155
  # @private
1171
1156
  class Representation < Google::Apis::Core::JsonRepresentation
1172
- property :contact, as: 'contact'
1173
- property :creator, as: 'creator'
1174
- property :description, as: 'description'
1175
1157
  property :disable_reason, as: 'disableReason'
1176
1158
  property :disabled, as: 'disabled'
1177
1159
  collection :extended_status, as: 'extendedStatus', class: Google::Apis::IamV1::ExtendedStatus, decorator: Google::Apis::IamV1::ExtendedStatus::Representation
@@ -123,14 +123,14 @@ module Google
123
123
  # Creates a new WorkforcePool. You cannot reuse the name of a deleted pool until
124
124
  # 30 days after deletion.
125
125
  # @param [String] location
126
- # The location of the pool to create. Format: `locations/`location``.
126
+ # Optional. The location of the pool to create. Format: `locations/`location``.
127
127
  # @param [Google::Apis::IamV1::WorkforcePool] workforce_pool_object
128
128
  # @param [String] workforce_pool_id
129
- # The ID to use for the pool, which becomes the final component of the resource
130
- # name. The IDs must be a globally unique string of 6 to 63 lowercase letters,
131
- # digits, or hyphens. It must start with a letter, and cannot have a trailing
132
- # hyphen. The prefix `gcp-` is reserved for use by Google, and may not be
133
- # specified.
129
+ # Optional. The ID to use for the pool, which becomes the final component of the
130
+ # resource name. The IDs must be a globally unique string of 6 to 63 lowercase
131
+ # letters, digits, or hyphens. It must start with a letter, and cannot have a
132
+ # trailing hyphen. The prefix `gcp-` is reserved for use by Google, and may not
133
+ # be specified.
134
134
  # @param [String] fields
135
135
  # Selector specifying which fields to include in a partial response.
136
136
  # @param [String] quota_user
@@ -1112,10 +1112,13 @@ module Google
1112
1112
  # occur immediately: * You cannot bind a principal to the custom role in an IAM
1113
1113
  # Policy. * Existing bindings to the custom role are not changed, but they have
1114
1114
  # no effect. * By default, the response from ListRoles does not include the
1115
- # custom role. You have 7 days to undelete the custom role. After 7 days, the
1116
- # following changes occur: * The custom role is permanently deleted and cannot
1117
- # be recovered. * If an IAM policy contains a binding to the custom role, the
1118
- # binding is permanently removed.
1115
+ # custom role. A deleted custom role still counts toward the [custom role limit](
1116
+ # https://cloud.google.com/iam/help/limits) until it is permanently deleted. You
1117
+ # have 7 days to undelete the custom role. After 7 days, the following changes
1118
+ # occur: * The custom role is permanently deleted and cannot be recovered. * If
1119
+ # an IAM policy contains a binding to the custom role, the binding is
1120
+ # permanently removed. * The custom role no longer counts toward your custom
1121
+ # role limit.
1119
1122
  # @param [String] name
1120
1123
  # The `name` parameter's value depends on the target resource for the request,
1121
1124
  # namely [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects.
@@ -1570,8 +1573,8 @@ module Google
1570
1573
 
1571
1574
  # Updates an existing OauthClient.
1572
1575
  # @param [String] name
1573
- # Immutable. The resource name of the OauthClient. Format:`projects/`project`/
1574
- # locations/`location`/oauthClients/`oauth_client``.
1576
+ # Immutable. Identifier. The resource name of the OauthClient. Format:`projects/`
1577
+ # project`/locations/`location`/oauthClients/`oauth_client``.
1575
1578
  # @param [Google::Apis::IamV1::OauthClient] oauth_client_object
1576
1579
  # @param [String] update_mask
1577
1580
  # Required. The list of fields to update.
@@ -1775,9 +1778,9 @@ module Google
1775
1778
 
1776
1779
  # Updates an existing OauthClientCredential.
1777
1780
  # @param [String] name
1778
- # Immutable. The resource name of the OauthClientCredential. Format: `projects/`
1779
- # project`/locations/`location`/oauthClients/`oauth_client`/credentials/`
1780
- # credential``
1781
+ # Immutable. Identifier. The resource name of the OauthClientCredential. Format:
1782
+ # `projects/`project`/locations/`location`/oauthClients/`oauth_client`/
1783
+ # credentials/`credential``
1781
1784
  # @param [Google::Apis::IamV1::OauthClientCredential] oauth_client_credential_object
1782
1785
  # @param [String] update_mask
1783
1786
  # Required. The list of fields to update.
@@ -2658,10 +2661,13 @@ module Google
2658
2661
  # occur immediately: * You cannot bind a principal to the custom role in an IAM
2659
2662
  # Policy. * Existing bindings to the custom role are not changed, but they have
2660
2663
  # no effect. * By default, the response from ListRoles does not include the
2661
- # custom role. You have 7 days to undelete the custom role. After 7 days, the
2662
- # following changes occur: * The custom role is permanently deleted and cannot
2663
- # be recovered. * If an IAM policy contains a binding to the custom role, the
2664
- # binding is permanently removed.
2664
+ # custom role. A deleted custom role still counts toward the [custom role limit](
2665
+ # https://cloud.google.com/iam/help/limits) until it is permanently deleted. You
2666
+ # have 7 days to undelete the custom role. After 7 days, the following changes
2667
+ # occur: * The custom role is permanently deleted and cannot be recovered. * If
2668
+ # an IAM policy contains a binding to the custom role, the binding is
2669
+ # permanently removed. * The custom role no longer counts toward your custom
2670
+ # role limit.
2665
2671
  # @param [String] name
2666
2672
  # The `name` parameter's value depends on the target resource for the request,
2667
2673
  # namely [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects.
@@ -3806,40 +3812,6 @@ module Google
3806
3812
  execute_or_queue_command(command, &block)
3807
3813
  end
3808
3814
 
3809
- # Patches a ServiceAccountKey.
3810
- # @param [String] name
3811
- # The resource name of the service account key in the following format `projects/
3812
- # `PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``.
3813
- # @param [Google::Apis::IamV1::PatchServiceAccountKeyRequest] patch_service_account_key_request_object
3814
- # @param [String] fields
3815
- # Selector specifying which fields to include in a partial response.
3816
- # @param [String] quota_user
3817
- # Available to use for quota purposes for server-side applications. Can be any
3818
- # arbitrary string assigned to a user, but should not exceed 40 characters.
3819
- # @param [Google::Apis::RequestOptions] options
3820
- # Request-specific options
3821
- #
3822
- # @yield [result, err] Result & error if block supplied
3823
- # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object
3824
- # @yieldparam err [StandardError] error object if request failed
3825
- #
3826
- # @return [Google::Apis::IamV1::ServiceAccountKey]
3827
- #
3828
- # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
3829
- # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
3830
- # @raise [Google::Apis::AuthorizationError] Authorization is required
3831
- def patch_service_account_key(name, patch_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
3832
- command = make_simple_command(:post, 'v1/{+name}:patch', options)
3833
- command.request_representation = Google::Apis::IamV1::PatchServiceAccountKeyRequest::Representation
3834
- command.request_object = patch_service_account_key_request_object
3835
- command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation
3836
- command.response_class = Google::Apis::IamV1::ServiceAccountKey
3837
- command.params['name'] = name unless name.nil?
3838
- command.query['fields'] = fields unless fields.nil?
3839
- command.query['quotaUser'] = quota_user unless quota_user.nil?
3840
- execute_or_queue_command(command, &block)
3841
- end
3842
-
3843
3815
  # Uploads the public key portion of a key pair that you manage, and associates
3844
3816
  # the public key with a ServiceAccount. After you upload the public key, you can
3845
3817
  # use the private key from the key pair as a service account key.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-apis-iam_v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.60.0
4
+ version: 0.62.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-06-23 00:00:00.000000000 Z
11
+ date: 2024-12-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: google-apis-core
@@ -59,7 +59,7 @@ licenses:
59
59
  metadata:
60
60
  bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
61
61
  changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-iam_v1/CHANGELOG.md
62
- documentation_uri: https://googleapis.dev/ruby/google-apis-iam_v1/v0.60.0
62
+ documentation_uri: https://googleapis.dev/ruby/google-apis-iam_v1/v0.62.0
63
63
  source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-iam_v1
64
64
  post_install_message:
65
65
  rdoc_options: []
@@ -76,7 +76,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
76
76
  - !ruby/object:Gem::Version
77
77
  version: '0'
78
78
  requirements: []
79
- rubygems_version: 3.5.6
79
+ rubygems_version: 3.5.22
80
80
  signing_key:
81
81
  specification_version: 4
82
82
  summary: Simple REST client for Identity and Access Management (IAM) API V1