google-apis-logging_v2 0.65.0 → 0.67.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 03c6f5bcec9ea96c543e9b23adb19f49c1654412ce2b54b68a73ed34fcbbfde6
4
- data.tar.gz: 22f3f7d051f491cdacaa4be7ab8db22814fa6ce488ad57cc17a0d896f03b4a7c
3
+ metadata.gz: 154b5f66e8e18806f7504f0e643ef131160668a93c40f1d843d514b16cb4ee69
4
+ data.tar.gz: 2ca95e013921f3664f9e2468f3e1664508df092d88fd474570ea9ddd912374ec
5
5
  SHA512:
6
- metadata.gz: 154a1c59c3be2e58c969b13ca12bba280e0b1953b422d7ca3d1ec3de24217ebab71cd7ab4b520341fe559ae8fd2123db07a56675aa27e38a04d17d8e0db69b54
7
- data.tar.gz: 02766bb76a58b43fc4431d1d77be12e576d5015b8c5901d4b761595c3eeb006af5ba17de817e2d4c1995a36a55fd4e3ef383808f1a617fe2022a02e5621797d1
6
+ metadata.gz: 6f75c83dee07c7ff6db7bdc55206977887df9dd9769b3fe34bfe3a1973f28c555848167ef6c1f835efc9f921c95ff39c1c8e1ea6f8bb92423af1e1eb1fc733e1
7
+ data.tar.gz: 1bf9219c2bcebfe88e26960c7558e7fcbf40b2d00cbde6d80cc8488b4b04c875ff335f7416bee7383db0c870b221e29127fc8ee3f1cf4945d80aef249ea9bfcc
data/CHANGELOG.md CHANGED
@@ -1,5 +1,13 @@
1
1
  # Release history for google-apis-logging_v2
2
2
 
3
+ ### v0.67.0 (2024-04-28)
4
+
5
+ * Regenerated from discovery document revision 20240419
6
+
7
+ ### v0.66.0 (2024-03-17)
8
+
9
+ * Regenerated from discovery document revision 20240311
10
+
3
11
  ### v0.65.0 (2024-03-10)
4
12
 
5
13
  * Regenerated from discovery document revision 20240301
@@ -22,6 +22,77 @@ module Google
22
22
  module Apis
23
23
  module LoggingV2
24
24
 
25
+ # Specifies the audit configuration for a service. The configuration determines
26
+ # which permission types are logged, and what identities, if any, are exempted
27
+ # from logging. An AuditConfig must have one or more AuditLogConfigs.If there
28
+ # are AuditConfigs for both allServices and a specific service, the union of the
29
+ # two AuditConfigs is used for that service: the log_types specified in each
30
+ # AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
31
+ # exempted.Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
32
+ # service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
33
+ # exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
34
+ # ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
35
+ # "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
36
+ # , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
37
+ # this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
38
+ # exempts jose@example.com from DATA_READ logging, and aliya@example.com from
39
+ # DATA_WRITE logging.
40
+ class AuditConfig
41
+ include Google::Apis::Core::Hashable
42
+
43
+ # The configuration for logging of each type of permission.
44
+ # Corresponds to the JSON property `auditLogConfigs`
45
+ # @return [Array<Google::Apis::LoggingV2::AuditLogConfig>]
46
+ attr_accessor :audit_log_configs
47
+
48
+ # Specifies a service that will be enabled for audit logging. For example,
49
+ # storage.googleapis.com, cloudsql.googleapis.com. allServices is a special
50
+ # value that covers all services.
51
+ # Corresponds to the JSON property `service`
52
+ # @return [String]
53
+ attr_accessor :service
54
+
55
+ def initialize(**args)
56
+ update!(**args)
57
+ end
58
+
59
+ # Update properties of this object
60
+ def update!(**args)
61
+ @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
62
+ @service = args[:service] if args.key?(:service)
63
+ end
64
+ end
65
+
66
+ # Provides the configuration for logging a type of permissions. Example: ` "
67
+ # audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
68
+ # jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
69
+ # DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
70
+ # DATA_READ logging.
71
+ class AuditLogConfig
72
+ include Google::Apis::Core::Hashable
73
+
74
+ # Specifies the identities that do not cause logging for this type of permission.
75
+ # Follows the same format of Binding.members.
76
+ # Corresponds to the JSON property `exemptedMembers`
77
+ # @return [Array<String>]
78
+ attr_accessor :exempted_members
79
+
80
+ # The log type that this config enables.
81
+ # Corresponds to the JSON property `logType`
82
+ # @return [String]
83
+ attr_accessor :log_type
84
+
85
+ def initialize(**args)
86
+ update!(**args)
87
+ end
88
+
89
+ # Update properties of this object
90
+ def update!(**args)
91
+ @exempted_members = args[:exempted_members] if args.key?(:exempted_members)
92
+ @log_type = args[:log_type] if args.key?(:log_type)
93
+ end
94
+ end
95
+
25
96
  # Describes a BigQuery dataset that was created by a link.
26
97
  class BigQueryDataset
27
98
  include Google::Apis::Core::Hashable
@@ -82,6 +153,106 @@ module Google
82
153
  end
83
154
  end
84
155
 
156
+ # Associates members, or principals, with a role.
157
+ class Binding
158
+ include Google::Apis::Core::Hashable
159
+
160
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
161
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
162
+ # documented at https://github.com/google/cel-spec.Example (Comparison): title: "
163
+ # Summary size limit" description: "Determines if a summary is less than 100
164
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
165
+ # Requestor is owner" description: "Determines if requestor is the document
166
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
167
+ # Logic): title: "Public documents" description: "Determine whether the document
168
+ # should be publicly visible" expression: "document.type != 'private' &&
169
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
170
+ # string" description: "Create a notification string with a timestamp."
171
+ # expression: "'New message received at ' + string(document.create_time)" The
172
+ # exact variables and functions that may be referenced within an expression are
173
+ # determined by the service that evaluates it. See the service documentation for
174
+ # additional information.
175
+ # Corresponds to the JSON property `condition`
176
+ # @return [Google::Apis::LoggingV2::Expr]
177
+ attr_accessor :condition
178
+
179
+ # Specifies the principals requesting access for a Google Cloud resource.
180
+ # members can have the following values: allUsers: A special identifier that
181
+ # represents anyone who is on the internet; with or without a Google account.
182
+ # allAuthenticatedUsers: A special identifier that represents anyone who is
183
+ # authenticated with a Google account or a service account. Does not include
184
+ # identities that come from external identity providers (IdPs) through identity
185
+ # federation. user:`emailid`: An email address that represents a specific Google
186
+ # account. For example, alice@example.com . serviceAccount:`emailid`: An email
187
+ # address that represents a Google service account. For example, my-other-app@
188
+ # appspot.gserviceaccount.com. serviceAccount:`projectid`.svc.id.goog[`namespace`
189
+ # /`kubernetes-sa`]: An identifier for a Kubernetes service account (https://
190
+ # cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
191
+ # For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. group:`
192
+ # emailid`: An email address that represents a Google group. For example, admins@
193
+ # example.com. domain:`domain`: The G Suite domain (primary) that represents all
194
+ # the users of that domain. For example, google.com or example.com. principal://
195
+ # iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/`
196
+ # subject_attribute_value`: A single identity in a workforce identity pool.
197
+ # principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/
198
+ # group/`group_id`: All workforce identities in a group. principalSet://iam.
199
+ # googleapis.com/locations/global/workforcePools/`pool_id`/attribute.`
200
+ # attribute_name`/`attribute_value`: All workforce identities with a specific
201
+ # attribute value. principalSet://iam.googleapis.com/locations/global/
202
+ # workforcePools/`pool_id`/*: All identities in a workforce identity pool.
203
+ # principal://iam.googleapis.com/projects/`project_number`/locations/global/
204
+ # workloadIdentityPools/`pool_id`/subject/`subject_attribute_value`: A single
205
+ # identity in a workload identity pool. principalSet://iam.googleapis.com/
206
+ # projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/
207
+ # group/`group_id`: A workload identity pool group. principalSet://iam.
208
+ # googleapis.com/projects/`project_number`/locations/global/
209
+ # workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value`:
210
+ # All identities in a workload identity pool with a certain attribute.
211
+ # principalSet://iam.googleapis.com/projects/`project_number`/locations/global/
212
+ # workloadIdentityPools/`pool_id`/*: All identities in a workload identity pool.
213
+ # deleted:user:`emailid`?uid=`uniqueid`: An email address (plus unique
214
+ # identifier) representing a user that has been recently deleted. For example,
215
+ # alice@example.com?uid=123456789012345678901. If the user is recovered, this
216
+ # value reverts to user:`emailid` and the recovered user retains the role in the
217
+ # binding. deleted:serviceAccount:`emailid`?uid=`uniqueid`: An email address (
218
+ # plus unique identifier) representing a service account that has been recently
219
+ # deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=
220
+ # 123456789012345678901. If the service account is undeleted, this value reverts
221
+ # to serviceAccount:`emailid` and the undeleted service account retains the role
222
+ # in the binding. deleted:group:`emailid`?uid=`uniqueid`: An email address (plus
223
+ # unique identifier) representing a Google group that has been recently deleted.
224
+ # For example, admins@example.com?uid=123456789012345678901. If the group is
225
+ # recovered, this value reverts to group:`emailid` and the recovered group
226
+ # retains the role in the binding. deleted:principal://iam.googleapis.com/
227
+ # locations/global/workforcePools/`pool_id`/subject/`subject_attribute_value`:
228
+ # Deleted single identity in a workforce identity pool. For example, deleted:
229
+ # principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/
230
+ # subject/my-subject-attribute-value.
231
+ # Corresponds to the JSON property `members`
232
+ # @return [Array<String>]
233
+ attr_accessor :members
234
+
235
+ # Role that is assigned to the list of members, or principals. For example,
236
+ # roles/viewer, roles/editor, or roles/owner.For an overview of the IAM roles
237
+ # and permissions, see the IAM documentation (https://cloud.google.com/iam/docs/
238
+ # roles-overview). For a list of the available pre-defined roles, see here (
239
+ # https://cloud.google.com/iam/docs/understanding-roles).
240
+ # Corresponds to the JSON property `role`
241
+ # @return [String]
242
+ attr_accessor :role
243
+
244
+ def initialize(**args)
245
+ update!(**args)
246
+ end
247
+
248
+ # Update properties of this object
249
+ def update!(**args)
250
+ @condition = args[:condition] if args.key?(:condition)
251
+ @members = args[:members] if args.key?(:members)
252
+ @role = args[:role] if args.key?(:role)
253
+ end
254
+ end
255
+
85
256
  # Metadata for LongRunningUpdateBucket Operations.
86
257
  class BucketMetadata
87
258
  include Google::Apis::Core::Hashable
@@ -607,6 +778,107 @@ module Google
607
778
  end
608
779
  end
609
780
 
781
+ # Represents a textual expression in the Common Expression Language (CEL) syntax.
782
+ # CEL is a C-like expression language. The syntax and semantics of CEL are
783
+ # documented at https://github.com/google/cel-spec.Example (Comparison): title: "
784
+ # Summary size limit" description: "Determines if a summary is less than 100
785
+ # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
786
+ # Requestor is owner" description: "Determines if requestor is the document
787
+ # owner" expression: "document.owner == request.auth.claims.email" Example (
788
+ # Logic): title: "Public documents" description: "Determine whether the document
789
+ # should be publicly visible" expression: "document.type != 'private' &&
790
+ # document.type != 'internal'" Example (Data Manipulation): title: "Notification
791
+ # string" description: "Create a notification string with a timestamp."
792
+ # expression: "'New message received at ' + string(document.create_time)" The
793
+ # exact variables and functions that may be referenced within an expression are
794
+ # determined by the service that evaluates it. See the service documentation for
795
+ # additional information.
796
+ class Expr
797
+ include Google::Apis::Core::Hashable
798
+
799
+ # Optional. Description of the expression. This is a longer text which describes
800
+ # the expression, e.g. when hovered over it in a UI.
801
+ # Corresponds to the JSON property `description`
802
+ # @return [String]
803
+ attr_accessor :description
804
+
805
+ # Textual representation of an expression in Common Expression Language syntax.
806
+ # Corresponds to the JSON property `expression`
807
+ # @return [String]
808
+ attr_accessor :expression
809
+
810
+ # Optional. String indicating the location of the expression for error reporting,
811
+ # e.g. a file name and a position in the file.
812
+ # Corresponds to the JSON property `location`
813
+ # @return [String]
814
+ attr_accessor :location
815
+
816
+ # Optional. Title for the expression, i.e. a short string describing its purpose.
817
+ # This can be used e.g. in UIs which allow to enter the expression.
818
+ # Corresponds to the JSON property `title`
819
+ # @return [String]
820
+ attr_accessor :title
821
+
822
+ def initialize(**args)
823
+ update!(**args)
824
+ end
825
+
826
+ # Update properties of this object
827
+ def update!(**args)
828
+ @description = args[:description] if args.key?(:description)
829
+ @expression = args[:expression] if args.key?(:expression)
830
+ @location = args[:location] if args.key?(:location)
831
+ @title = args[:title] if args.key?(:title)
832
+ end
833
+ end
834
+
835
+ # Request message for GetIamPolicy method.
836
+ class GetIamPolicyRequest
837
+ include Google::Apis::Core::Hashable
838
+
839
+ # Encapsulates settings provided to GetIamPolicy.
840
+ # Corresponds to the JSON property `options`
841
+ # @return [Google::Apis::LoggingV2::GetPolicyOptions]
842
+ attr_accessor :options
843
+
844
+ def initialize(**args)
845
+ update!(**args)
846
+ end
847
+
848
+ # Update properties of this object
849
+ def update!(**args)
850
+ @options = args[:options] if args.key?(:options)
851
+ end
852
+ end
853
+
854
+ # Encapsulates settings provided to GetIamPolicy.
855
+ class GetPolicyOptions
856
+ include Google::Apis::Core::Hashable
857
+
858
+ # Optional. The maximum policy version that will be used to format the policy.
859
+ # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
860
+ # rejected.Requests for policies with any conditional role bindings must specify
861
+ # version 3. Policies with no conditional role bindings may specify any valid
862
+ # value or leave the field unset.The policy in the response might use the policy
863
+ # version that you specified, or it might use a lower policy version. For
864
+ # example, if you specify version 3, but the policy has no conditional role
865
+ # bindings, the response uses version 1.To learn which resources support
866
+ # conditions in their IAM policies, see the IAM documentation (https://cloud.
867
+ # google.com/iam/help/conditions/resource-policies).
868
+ # Corresponds to the JSON property `requestedPolicyVersion`
869
+ # @return [Fixnum]
870
+ attr_accessor :requested_policy_version
871
+
872
+ def initialize(**args)
873
+ update!(**args)
874
+ end
875
+
876
+ # Update properties of this object
877
+ def update!(**args)
878
+ @requested_policy_version = args[:requested_policy_version] if args.key?(:requested_policy_version)
879
+ end
880
+ end
881
+
610
882
  # A common proto for logging HTTP requests. Only contains semantics defined by
611
883
  # the HTTP specification. Product-specific logging information MUST be defined
612
884
  # in a separate message.
@@ -2198,6 +2470,19 @@ module Google
2198
2470
  attr_accessor :include_children
2199
2471
  alias_method :include_children?, :include_children
2200
2472
 
2473
+ # Optional. This field applies only to sinks owned by organizations and folders.
2474
+ # When the value of 'intercept_children' is true, the following restrictions
2475
+ # apply: The sink must have the include_children flag set to true. The sink
2476
+ # destination must be a Cloud project.Also, the following behaviors apply: Any
2477
+ # logs matched by the sink won't be included by non-_Required sinks owned by
2478
+ # child resources. The sink appears in the results of a ListSinks call from a
2479
+ # child resource if the value of the filter field in its request is either '
2480
+ # in_scope("ALL")' or 'in_scope("ANCESTOR")'.
2481
+ # Corresponds to the JSON property `interceptChildren`
2482
+ # @return [Boolean]
2483
+ attr_accessor :intercept_children
2484
+ alias_method :intercept_children?, :intercept_children
2485
+
2201
2486
  # Output only. The client-assigned sink identifier, unique within the project.
2202
2487
  # For example: "my-syslog-errors-to-pubsub".Sink identifiers are limited to 100
2203
2488
  # characters and can include only the following characters: upper and lower-case
@@ -2212,6 +2497,14 @@ module Google
2212
2497
  # @return [String]
2213
2498
  attr_accessor :output_version_format
2214
2499
 
2500
+ # Output only. The resource name of the sink. "projects/[PROJECT_ID]/sinks/[
2501
+ # SINK_NAME] "organizations/[ORGANIZATION_ID]/sinks/[SINK_NAME] "billingAccounts/
2502
+ # [BILLING_ACCOUNT_ID]/sinks/[SINK_NAME] "folders/[FOLDER_ID]/sinks/[SINK_NAME]
2503
+ # For example: projects/my_project/sinks/SINK_NAME
2504
+ # Corresponds to the JSON property `resourceName`
2505
+ # @return [String]
2506
+ attr_accessor :resource_name
2507
+
2215
2508
  # Output only. The last update timestamp of the sink.This field may not be
2216
2509
  # present for older sinks.
2217
2510
  # Corresponds to the JSON property `updateTime`
@@ -2248,8 +2541,10 @@ module Google
2248
2541
  @exclusions = args[:exclusions] if args.key?(:exclusions)
2249
2542
  @filter = args[:filter] if args.key?(:filter)
2250
2543
  @include_children = args[:include_children] if args.key?(:include_children)
2544
+ @intercept_children = args[:intercept_children] if args.key?(:intercept_children)
2251
2545
  @name = args[:name] if args.key?(:name)
2252
2546
  @output_version_format = args[:output_version_format] if args.key?(:output_version_format)
2547
+ @resource_name = args[:resource_name] if args.key?(:resource_name)
2253
2548
  @update_time = args[:update_time] if args.key?(:update_time)
2254
2549
  @writer_identity = args[:writer_identity] if args.key?(:writer_identity)
2255
2550
  end
@@ -2786,6 +3081,99 @@ module Google
2786
3081
  end
2787
3082
  end
2788
3083
 
3084
+ # An Identity and Access Management (IAM) policy, which specifies access
3085
+ # controls for Google Cloud resources.A Policy is a collection of bindings. A
3086
+ # binding binds one or more members, or principals, to a single role. Principals
3087
+ # can be user accounts, service accounts, Google groups, and domains (such as G
3088
+ # Suite). A role is a named list of permissions; each role can be an IAM
3089
+ # predefined role or a user-created custom role.For some types of Google Cloud
3090
+ # resources, a binding can also specify a condition, which is a logical
3091
+ # expression that allows access to a resource only if the expression evaluates
3092
+ # to true. A condition can add constraints based on attributes of the request,
3093
+ # the resource, or both. To learn which resources support conditions in their
3094
+ # IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/
3095
+ # conditions/resource-policies).JSON example: ` "bindings": [ ` "role": "roles/
3096
+ # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
3097
+ # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
3098
+ # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
3099
+ # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
3100
+ # title": "expirable access", "description": "Does not grant access after Sep
3101
+ # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
3102
+ # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` YAML example: bindings: - members:
3103
+ # - user:mike@example.com - group:admins@example.com - domain:google.com -
3104
+ # serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
3105
+ # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
3106
+ # roles/resourcemanager.organizationViewer condition: title: expirable access
3107
+ # description: Does not grant access after Sep 2020 expression: request.time <
3108
+ # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
3109
+ # description of IAM and its features, see the IAM documentation (https://cloud.
3110
+ # google.com/iam/docs/).
3111
+ class Policy
3112
+ include Google::Apis::Core::Hashable
3113
+
3114
+ # Specifies cloud audit logging configuration for this policy.
3115
+ # Corresponds to the JSON property `auditConfigs`
3116
+ # @return [Array<Google::Apis::LoggingV2::AuditConfig>]
3117
+ attr_accessor :audit_configs
3118
+
3119
+ # Associates a list of members, or principals, with a role. Optionally, may
3120
+ # specify a condition that determines how and when the bindings are applied.
3121
+ # Each of the bindings must contain at least one principal.The bindings in a
3122
+ # Policy can refer to up to 1,500 principals; up to 250 of these principals can
3123
+ # be Google groups. Each occurrence of a principal counts towards these limits.
3124
+ # For example, if the bindings grant 50 different roles to user:alice@example.
3125
+ # com, and not to any other principal, then you can add another 1,450 principals
3126
+ # to the bindings in the Policy.
3127
+ # Corresponds to the JSON property `bindings`
3128
+ # @return [Array<Google::Apis::LoggingV2::Binding>]
3129
+ attr_accessor :bindings
3130
+
3131
+ # etag is used for optimistic concurrency control as a way to help prevent
3132
+ # simultaneous updates of a policy from overwriting each other. It is strongly
3133
+ # suggested that systems make use of the etag in the read-modify-write cycle to
3134
+ # perform policy updates in order to avoid race conditions: An etag is returned
3135
+ # in the response to getIamPolicy, and systems are expected to put that etag in
3136
+ # the request to setIamPolicy to ensure that their change will be applied to the
3137
+ # same version of the policy.Important: If you use IAM Conditions, you must
3138
+ # include the etag field whenever you call setIamPolicy. If you omit this field,
3139
+ # then IAM allows you to overwrite a version 3 policy with a version 1 policy,
3140
+ # and all of the conditions in the version 3 policy are lost.
3141
+ # Corresponds to the JSON property `etag`
3142
+ # NOTE: Values are automatically base64 encoded/decoded in the client library.
3143
+ # @return [String]
3144
+ attr_accessor :etag
3145
+
3146
+ # Specifies the format of the policy.Valid values are 0, 1, and 3. Requests that
3147
+ # specify an invalid value are rejected.Any operation that affects conditional
3148
+ # role bindings must specify version 3. This requirement applies to the
3149
+ # following operations: Getting a policy that includes a conditional role
3150
+ # binding Adding a conditional role binding to a policy Changing a conditional
3151
+ # role binding in a policy Removing any role binding, with or without a
3152
+ # condition, from a policy that includes conditionsImportant: If you use IAM
3153
+ # Conditions, you must include the etag field whenever you call setIamPolicy. If
3154
+ # you omit this field, then IAM allows you to overwrite a version 3 policy with
3155
+ # a version 1 policy, and all of the conditions in the version 3 policy are lost.
3156
+ # If a policy does not include any conditions, operations on that policy may
3157
+ # specify any valid version or leave the field unset.To learn which resources
3158
+ # support conditions in their IAM policies, see the IAM documentation (https://
3159
+ # cloud.google.com/iam/help/conditions/resource-policies).
3160
+ # Corresponds to the JSON property `version`
3161
+ # @return [Fixnum]
3162
+ attr_accessor :version
3163
+
3164
+ def initialize(**args)
3165
+ update!(**args)
3166
+ end
3167
+
3168
+ # Update properties of this object
3169
+ def update!(**args)
3170
+ @audit_configs = args[:audit_configs] if args.key?(:audit_configs)
3171
+ @bindings = args[:bindings] if args.key?(:bindings)
3172
+ @etag = args[:etag] if args.key?(:etag)
3173
+ @version = args[:version] if args.key?(:version)
3174
+ end
3175
+ end
3176
+
2789
3177
  # Describes a recent query executed on the Logs Explorer or Log Analytics page
2790
3178
  # within the last ~ 30 days.
2791
3179
  class RecentQuery
@@ -3140,6 +3528,59 @@ module Google
3140
3528
  end
3141
3529
  end
3142
3530
 
3531
+ # Request message for SetIamPolicy method.
3532
+ class SetIamPolicyRequest
3533
+ include Google::Apis::Core::Hashable
3534
+
3535
+ # An Identity and Access Management (IAM) policy, which specifies access
3536
+ # controls for Google Cloud resources.A Policy is a collection of bindings. A
3537
+ # binding binds one or more members, or principals, to a single role. Principals
3538
+ # can be user accounts, service accounts, Google groups, and domains (such as G
3539
+ # Suite). A role is a named list of permissions; each role can be an IAM
3540
+ # predefined role or a user-created custom role.For some types of Google Cloud
3541
+ # resources, a binding can also specify a condition, which is a logical
3542
+ # expression that allows access to a resource only if the expression evaluates
3543
+ # to true. A condition can add constraints based on attributes of the request,
3544
+ # the resource, or both. To learn which resources support conditions in their
3545
+ # IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/
3546
+ # conditions/resource-policies).JSON example: ` "bindings": [ ` "role": "roles/
3547
+ # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
3548
+ # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
3549
+ # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
3550
+ # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
3551
+ # title": "expirable access", "description": "Does not grant access after Sep
3552
+ # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
3553
+ # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` YAML example: bindings: - members:
3554
+ # - user:mike@example.com - group:admins@example.com - domain:google.com -
3555
+ # serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
3556
+ # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
3557
+ # roles/resourcemanager.organizationViewer condition: title: expirable access
3558
+ # description: Does not grant access after Sep 2020 expression: request.time <
3559
+ # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
3560
+ # description of IAM and its features, see the IAM documentation (https://cloud.
3561
+ # google.com/iam/docs/).
3562
+ # Corresponds to the JSON property `policy`
3563
+ # @return [Google::Apis::LoggingV2::Policy]
3564
+ attr_accessor :policy
3565
+
3566
+ # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
3567
+ # the fields in the mask will be modified. If no mask is provided, the following
3568
+ # default mask is used:paths: "bindings, etag"
3569
+ # Corresponds to the JSON property `updateMask`
3570
+ # @return [String]
3571
+ attr_accessor :update_mask
3572
+
3573
+ def initialize(**args)
3574
+ update!(**args)
3575
+ end
3576
+
3577
+ # Update properties of this object
3578
+ def update!(**args)
3579
+ @policy = args[:policy] if args.key?(:policy)
3580
+ @update_mask = args[:update_mask] if args.key?(:update_mask)
3581
+ end
3582
+ end
3583
+
3143
3584
  # Describes the settings associated with a project, folder, organization, or
3144
3585
  # billing account.
3145
3586
  class Settings
@@ -3447,6 +3888,46 @@ module Google
3447
3888
  end
3448
3889
  end
3449
3890
 
3891
+ # Request message for TestIamPermissions method.
3892
+ class TestIamPermissionsRequest
3893
+ include Google::Apis::Core::Hashable
3894
+
3895
+ # The set of permissions to check for the resource. Permissions with wildcards (
3896
+ # such as * or storage.*) are not allowed. For more information see IAM Overview
3897
+ # (https://cloud.google.com/iam/docs/overview#permissions).
3898
+ # Corresponds to the JSON property `permissions`
3899
+ # @return [Array<String>]
3900
+ attr_accessor :permissions
3901
+
3902
+ def initialize(**args)
3903
+ update!(**args)
3904
+ end
3905
+
3906
+ # Update properties of this object
3907
+ def update!(**args)
3908
+ @permissions = args[:permissions] if args.key?(:permissions)
3909
+ end
3910
+ end
3911
+
3912
+ # Response message for TestIamPermissions method.
3913
+ class TestIamPermissionsResponse
3914
+ include Google::Apis::Core::Hashable
3915
+
3916
+ # A subset of TestPermissionsRequest.permissions that the caller is allowed.
3917
+ # Corresponds to the JSON property `permissions`
3918
+ # @return [Array<String>]
3919
+ attr_accessor :permissions
3920
+
3921
+ def initialize(**args)
3922
+ update!(**args)
3923
+ end
3924
+
3925
+ # Update properties of this object
3926
+ def update!(**args)
3927
+ @permissions = args[:permissions] if args.key?(:permissions)
3928
+ end
3929
+ end
3930
+
3450
3931
  # The parameters to UndeleteBucket.
3451
3932
  class UndeleteBucketRequest
3452
3933
  include Google::Apis::Core::Hashable
@@ -16,13 +16,13 @@ module Google
16
16
  module Apis
17
17
  module LoggingV2
18
18
  # Version of the google-apis-logging_v2 gem
19
- GEM_VERSION = "0.65.0"
19
+ GEM_VERSION = "0.67.0"
20
20
 
21
21
  # Version of the code generator used to generate this client
22
22
  GENERATOR_VERSION = "0.14.0"
23
23
 
24
24
  # Revision of the discovery document this client was generated from
25
- REVISION = "20240301"
25
+ REVISION = "20240419"
26
26
  end
27
27
  end
28
28
  end