google-apis-iam_v1 0.66.0 → 0.68.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1993298341bb094b00127e29068c2b8eaf56993c7848579c1ef74b7fa61a91d4
-  data.tar.gz: 1bc9a0ff156bd2199585ab98be630961607be4646841ab0d3d3cac647a8a461e
+  metadata.gz: 0f2ddf16efa341e2568c15e77c8a3afa6231de7e4390ede547c16b1b9bb66310
+  data.tar.gz: e171c1c2ed4d70e03a56a4e4386af50ca8537affb84587091d1987a7bb5b9c9b
 SHA512:
-  metadata.gz: f1372c529cdc6399999b5931dc71f251aae0c0ffff87156232f82440e0b7c545763926dfc97a2f79d049532f546adc1910cef58ecf764729b3e1ef1af578ba90
-  data.tar.gz: 03f2d35333e04c3d247e69b770baac96931380770329703a56ec225d5cc1108de7c28d3c18a3aa12f06e271f44ec75b928bacea96bc8329c33e42d9467eb586f
+  metadata.gz: 5d99db3f7afcb4c9e8deaa62461ec7925f0a82504bc8e128897f231d74e78f12267d24578742ee35f963b0b9868ac4a648b513ff2d41d348b6ee551fdad65f71
+  data.tar.gz: 11f921f2155d20a98cf96d3bd75d3ea1a6e1bd91e288bfa9719474b7900f5bc2a76f36d2010961b905c27c81786d385bc453c6aa94e4fedce2c16b472c41ce63

data/CHANGELOG.md

@@ -1,5 +1,14 @@
 # Release history for google-apis-iam_v1
 
+### v0.68.0 (2025-05-18)
+
+* Regenerated from discovery document revision 20250509
+* Regenerated using generator version 0.17.0
+
+### v0.67.0 (2025-04-20)
+
+* Regenerated from discovery document revision 20250411
+
 ### v0.66.0 (2025-03-30)
 
 * Regenerated from discovery document revision 20250320

data/OVERVIEW.md

@@ -83,7 +83,7 @@ The [product documentation](https://cloud.google.com/iam/) may provide guidance
 
 ## Supported Ruby versions
 
-This library is supported on Ruby 2.7+.
+This library is supported on Ruby 3.1+.
 
 Google provides official support for Ruby versions that are actively supported by Ruby Core -- that is, Ruby versions that are either in normal maintenance or in security maintenance, and not end of life. Older versions of Ruby _may_ still work, but are unsupported and not recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby support schedule.
 

data/lib/google/apis/iam_v1/classes.rb

@@ -755,12 +755,20 @@ module Google
       class GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters
         include Google::Apis::Core::Hashable
       
-        # Optional. The filter used to request specific records from IdP. In case of
-        # attributes type as AZURE_AD_GROUPS_MAIL, it represents the filter used to
-        # request specific groups for users from IdP. By default, all of the groups
-        # associated with the user are fetched. The groups should be mail enabled and
-        # security enabled. See https://learn.microsoft.com/en-us/graph/search-query-
-        # parameter for more details.
+        # Optional. The filter used to request specific records from the IdP. By default,
+        # all of the groups that are associated with a user are fetched. For Microsoft
+        # Entra ID, you can add `$search` query parameters using [Keyword Query Language]
+        # (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-
+        # query-language-kql-syntax-reference). To learn more about `$search` querying
+        # in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.
+        # microsoft.com/en-us/graph/search-query-parameter). Additionally, Workforce
+        # Identity Federation automatically adds the following [`$filter` query
+        # parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter),
+        # based on the value of `attributes_type`. Values passed to `filter` are
+        # converted to `$search` query parameters. Additional `$filter` query parameters
+        # cannot be added using this field. * `AZURE_AD_GROUPS_MAIL`: `mailEnabled` and `
+        # securityEnabled` filters are applied. * `AZURE_AD_GROUPS_ID`: `securityEnabled`
+        # filter is applied.
         # Corresponds to the JSON property `filter`
         # @return [String]
         attr_accessor :filter
@@ -944,34 +952,35 @@ module Google
       class InlineCertificateIssuanceConfig
         include Google::Apis::Core::Hashable
       
-        # Optional. A required mapping of a cloud region to the CA pool resource located
-        # in that region used for certificate issuance, adhering to these constraints: *
-        # Key format: A supported cloud region name equivalent to the location
-        # identifier in the corresponding map entry's value. * Value format: A valid CA
-        # pool resource path format like: "projects/`project`/locations/`location`/
-        # caPools/`ca_pool`" * Region Matching: Workloads are ONLY issued certificates
-        # from CA pools within the same region. Also the CA pool region (in value) must
-        # match the workload's region (key).
+        # Optional. A required mapping of a Google Cloud region to the CA pool resource
+        # located in that region. The CA pool is used for certificate issuance, adhering
+        # to the following constraints: * Key format: A supported cloud region name
+        # equivalent to the location identifier in the corresponding map entry's value. *
+        # Value format: A valid CA pool resource path format like: "projects/`project`/
+        # locations/`location`/caPools/`ca_pool`" * Region Matching: Workloads are ONLY
+        # issued certificates from CA pools within the same region. Also the CA pool
+        # region (in value) must match the workload's region (key).
         # Corresponds to the JSON property `caPools`
         # @return [Hash<String,String>]
         attr_accessor :ca_pools
       
         # Optional. Key algorithm to use when generating the key pair. This key pair
-        # will be used to create the certificate. If unspecified, this will default to
+        # will be used to create the certificate. If not specified, this will default to
         # ECDSA_P256.
         # Corresponds to the JSON property `keyAlgorithm`
         # @return [String]
         attr_accessor :key_algorithm
       
         # Optional. Lifetime of the workload certificates issued by the CA pool. Must be
-        # between 10 hours - 30 days. If unspecified, this will be defaulted to 24 hours.
+        # between 10 hours and 30 days. If not specified, this will be defaulted to 24
+        # hours.
         # Corresponds to the JSON property `lifetime`
         # @return [String]
         attr_accessor :lifetime
       
         # Optional. Rotation window percentage indicating when certificate rotation
-        # should be initiated based on remaining lifetime. Must be between 10 - 80. If
-        # unspecified, this will be defaulted to 50.
+        # should be initiated based on remaining lifetime. Must be between 10 and 80. If
+        # not specified, this will be defaulted to 50.
         # Corresponds to the JSON property `rotationWindowPercentage`
         # @return [Fixnum]
         attr_accessor :rotation_window_percentage
@@ -998,12 +1007,12 @@ module Google
         include Google::Apis::Core::Hashable
       
         # Optional. Maps specific trust domains (e.g., "example.com") to their
-        # corresponding TrustStore objects, which contain the trusted root certificates
-        # for that domain. There can be a maximum of 10 trust domain entries in this map.
-        # Note that a trust domain automatically trusts itself and don't need to be
-        # specified here. If however, this WorkloadIdentityPool's trust domain contains
-        # any trust anchors in the additional_trust_bundles map, those trust anchors
-        # will be *appended to* the Trust Bundle automatically derived from your
+        # corresponding TrustStore, which contain the trusted root certificates for that
+        # domain. There can be a maximum of 10 trust domain entries in this map. Note
+        # that a trust domain automatically trusts itself and don't need to be specified
+        # here. If however, this WorkloadIdentityPool's trust domain contains any trust
+        # anchors in the additional_trust_bundles map, those trust anchors will be *
+        # appended to* the trust bundle automatically derived from your
         # InlineCertificateIssuanceConfig's ca_pools.
         # Corresponds to the JSON property `additionalTrustBundles`
         # @return [Hash<String,Google::Apis::IamV1::TrustStore>]
@@ -1717,7 +1726,10 @@ module Google
         # @return [Array<String>]
         attr_accessor :allowed_audiences
       
-        # Required. The OIDC issuer URL. Must be an HTTPS endpoint.
+        # Required. The OIDC issuer URL. Must be an HTTPS endpoint. Per OpenID Connect
+        # Discovery 1.0 spec, the OIDC issuer URL is used to locate the provider's
+        # public keys (via `jwks_uri`) for verifying tokens like the OIDC ID token.
+        # These public key types must be 'EC' or 'RSA'.
         # Corresponds to the JSON property `issuerUri`
         # @return [String]
         attr_accessor :issuer_uri
@@ -2170,9 +2182,9 @@ module Google
       class QueryGrantableRolesRequest
         include Google::Apis::Core::Hashable
       
-        # Required. The full resource name to query from the list of grantable roles.
-        # The name follows the Google Cloud Platform resource format. For example, a
-        # Cloud Platform project with id `my-project` will be named `//
+        # Required. Required. The full resource name to query from the list of grantable
+        # roles. The name follows the Google Cloud Platform resource format. For example,
+        # a Cloud Platform project with id `my-project` will be named `//
         # cloudresourcemanager.googleapis.com/projects/my-project`.
         # Corresponds to the JSON property `fullResourceName`
         # @return [String]
@@ -2942,20 +2954,20 @@ module Google
       end
       
       # Trust store that contains trust anchors and optional intermediate CAs used in
-      # PKI to build trust chain and verify client's identity.
+      # PKI to build trust chain and verify a client's identity.
       class TrustStore
         include Google::Apis::Core::Hashable
       
         # Optional. Set of intermediate CA certificates used for building the trust
-        # chain to trust anchor. IMPORTANT: * Intermediate CAs are only supported when
-        # configuring x509 federation.
+        # chain to the trust anchor. Important: Intermediate CAs are only supported for
+        # X.509 federation.
         # Corresponds to the JSON property `intermediateCas`
         # @return [Array<Google::Apis::IamV1::IntermediateCa>]
         attr_accessor :intermediate_cas
       
-        # Required. List of Trust Anchors to be used while performing validation against
-        # a given TrustStore. The incoming end entity's certificate must be chained up
-        # to one of the trust anchors here.
+        # Required. List of trust anchors to be used while performing validation against
+        # a given TrustStore. The incoming end entity's certificate must be in the trust
+        # chain of one of the trust anchors here.
         # Corresponds to the JSON property `trustAnchors`
         # @return [Array<Google::Apis::IamV1::TrustAnchor>]
         attr_accessor :trust_anchors
@@ -3335,6 +3347,14 @@ module Google
         # @return [String]
         attr_accessor :description
       
+        # Optional. If true, populates additional debug information in Cloud Audit Logs
+        # for this provider. Logged attribute mappings and values can be found in `sts.
+        # googleapis.com` data access logs. Default value is false.
+        # Corresponds to the JSON property `detailedAuditLogging`
+        # @return [Boolean]
+        attr_accessor :detailed_audit_logging
+        alias_method :detailed_audit_logging?, :detailed_audit_logging
+      
         # Optional. Disables the workforce pool provider. You cannot use a disabled
         # provider to exchange tokens. However, existing tokens still grant access.
         # Corresponds to the JSON property `disabled`
@@ -3393,6 +3413,7 @@ module Google
           @attribute_condition = args[:attribute_condition] if args.key?(:attribute_condition)
           @attribute_mapping = args[:attribute_mapping] if args.key?(:attribute_mapping)
           @description = args[:description] if args.key?(:description)
+          @detailed_audit_logging = args[:detailed_audit_logging] if args.key?(:detailed_audit_logging)
           @disabled = args[:disabled] if args.key?(:disabled)
           @display_name = args[:display_name] if args.key?(:display_name)
           @expire_time = args[:expire_time] if args.key?(:expire_time)
@@ -3754,6 +3775,12 @@ module Google
         # @return [String]
         attr_accessor :state
       
+        # An X.509-type identity provider represents a CA. It is trusted to assert a
+        # client identity if the client has a certificate that chains up to this CA.
+        # Corresponds to the JSON property `x509`
+        # @return [Google::Apis::IamV1::X509]
+        attr_accessor :x509
+      
         def initialize(**args)
            update!(**args)
         end
@@ -3771,6 +3798,7 @@ module Google
           @oidc = args[:oidc] if args.key?(:oidc)
           @saml = args[:saml] if args.key?(:saml)
           @state = args[:state] if args.key?(:state)
+          @x509 = args[:x509] if args.key?(:x509)
         end
       end
       
@@ -3821,6 +3849,27 @@ module Google
           @use = args[:use] if args.key?(:use)
         end
       end
+      
+      # An X.509-type identity provider represents a CA. It is trusted to assert a
+      # client identity if the client has a certificate that chains up to this CA.
+      class X509
+        include Google::Apis::Core::Hashable
+      
+        # Trust store that contains trust anchors and optional intermediate CAs used in
+        # PKI to build trust chain and verify a client's identity.
+        # Corresponds to the JSON property `trustStore`
+        # @return [Google::Apis::IamV1::TrustStore]
+        attr_accessor :trust_store
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @trust_store = args[:trust_store] if args.key?(:trust_store)
+        end
+      end
     end
   end
 end

data/lib/google/apis/iam_v1/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module IamV1
       # Version of the google-apis-iam_v1 gem
-      GEM_VERSION = "0.66.0"
+      GEM_VERSION = "0.68.0"
 
       # Version of the code generator used to generate this client
-      GENERATOR_VERSION = "0.16.0"
+      GENERATOR_VERSION = "0.17.0"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20250320"
+      REVISION = "20250509"
     end
   end
 end

data/lib/google/apis/iam_v1/representations.rb

@@ -676,6 +676,12 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class X509
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class AccessRestrictions
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -1558,6 +1564,7 @@ module Google
           property :attribute_condition, as: 'attributeCondition'
           hash :attribute_mapping, as: 'attributeMapping'
           property :description, as: 'description'
+          property :detailed_audit_logging, as: 'detailedAuditLogging'
           property :disabled, as: 'disabled'
           property :display_name, as: 'displayName'
           property :expire_time, as: 'expireTime'
@@ -1648,6 +1655,8 @@ module Google
           property :saml, as: 'saml', class: Google::Apis::IamV1::Saml, decorator: Google::Apis::IamV1::Saml::Representation
       
           property :state, as: 'state'
+          property :x509, as: 'x509', class: Google::Apis::IamV1::X509, decorator: Google::Apis::IamV1::X509::Representation
+      
         end
       end
       
@@ -1662,6 +1671,14 @@ module Google
           property :use, as: 'use'
         end
       end
+      
+      class X509
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :trust_store, as: 'trustStore', class: Google::Apis::IamV1::TrustStore, decorator: Google::Apis::IamV1::TrustStore::Representation
+      
+        end
+      end
     end
   end
 end

data/lib/google/apis/iam_v1/service.rb

@@ -1921,8 +1921,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Gets IAM policies for one of WorkloadIdentityPool
-        # WorkloadIdentityPoolNamespace WorkloadIdentityPoolManagedIdentity
+        # Gets the IAM policy of a WorkloadIdentityPool.
         # @param [String] resource
         #   REQUIRED: The resource for which the policy is being requested. See [Resource
         #   names](https://cloud.google.com/apis/design/resource_names) for the
@@ -2035,8 +2034,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Sets IAM policies on one of WorkloadIdentityPool WorkloadIdentityPoolNamespace
-        # WorkloadIdentityPoolManagedIdentity
+        # Sets the IAM policies on a WorkloadIdentityPool
         # @param [String] resource
         #   REQUIRED: The resource for which the policy is being specified. See [Resource
         #   names](https://cloud.google.com/apis/design/resource_names) for the
@@ -2071,8 +2069,7 @@ module Google
           execute_or_queue_command(command, &block)
         end
         
-        # Returns the caller's permissions on one of WorkloadIdentityPool
-        # WorkloadIdentityPoolNamespace WorkloadIdentityPoolManagedIdentity
+        # Returns the caller's permissions on a WorkloadIdentityPool
         # @param [String] resource
         #   REQUIRED: The resource for which the policy detail is being requested. See [
         #   Resource names](https://cloud.google.com/apis/design/resource_names) for the
@@ -2494,7 +2491,8 @@ module Google
         end
         
         # Lists all non-deleted WorkloadIdentityPoolManagedIdentitys in a namespace. If `
-        # show_deleted` is set to `true`, then deleted managed identites are also listed.
+        # show_deleted` is set to `true`, then deleted managed identities are also
+        # listed.
         # @param [String] parent
         #   Required. The parent resource to list managed identities for.
         # @param [Fixnum] page_size

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: google-apis-iam_v1
 version: !ruby/object:Gem::Version
-  version: 0.66.0
+  version: 0.68.0
 platform: ruby
 authors:
 - Google LLC
 bindir: bin
 cert_chain: []
-date: 2025-03-30 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-core
@@ -58,7 +58,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
   changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-iam_v1/CHANGELOG.md
-  documentation_uri: https://googleapis.dev/ruby/google-apis-iam_v1/v0.66.0
+  documentation_uri: https://googleapis.dev/ruby/google-apis-iam_v1/v0.68.0
   source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-iam_v1
 rdoc_options: []
 require_paths:
@@ -67,14 +67,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.7'
+      version: '3.1'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.5
+rubygems_version: 3.6.8
 specification_version: 4
 summary: Simple REST client for Identity and Access Management (IAM) API V1
 test_files: []