google-apis-logging_v2 0.65.0 → 0.67.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 03c6f5bcec9ea96c543e9b23adb19f49c1654412ce2b54b68a73ed34fcbbfde6
-  data.tar.gz: 22f3f7d051f491cdacaa4be7ab8db22814fa6ce488ad57cc17a0d896f03b4a7c
+  metadata.gz: 154b5f66e8e18806f7504f0e643ef131160668a93c40f1d843d514b16cb4ee69
+  data.tar.gz: 2ca95e013921f3664f9e2468f3e1664508df092d88fd474570ea9ddd912374ec
 SHA512:
-  metadata.gz: 154a1c59c3be2e58c969b13ca12bba280e0b1953b422d7ca3d1ec3de24217ebab71cd7ab4b520341fe559ae8fd2123db07a56675aa27e38a04d17d8e0db69b54
-  data.tar.gz: 02766bb76a58b43fc4431d1d77be12e576d5015b8c5901d4b761595c3eeb006af5ba17de817e2d4c1995a36a55fd4e3ef383808f1a617fe2022a02e5621797d1
+  metadata.gz: 6f75c83dee07c7ff6db7bdc55206977887df9dd9769b3fe34bfe3a1973f28c555848167ef6c1f835efc9f921c95ff39c1c8e1ea6f8bb92423af1e1eb1fc733e1
+  data.tar.gz: 1bf9219c2bcebfe88e26960c7558e7fcbf40b2d00cbde6d80cc8488b4b04c875ff335f7416bee7383db0c870b221e29127fc8ee3f1cf4945d80aef249ea9bfcc

data/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Release history for google-apis-logging_v2
 
+### v0.67.0 (2024-04-28)
+
+* Regenerated from discovery document revision 20240419
+
+### v0.66.0 (2024-03-17)
+
+* Regenerated from discovery document revision 20240311
+
 ### v0.65.0 (2024-03-10)
 
 * Regenerated from discovery document revision 20240301

data/lib/google/apis/logging_v2/classes.rb

@@ -22,6 +22,77 @@ module Google
   module Apis
     module LoggingV2
       
+      # Specifies the audit configuration for a service. The configuration determines
+      # which permission types are logged, and what identities, if any, are exempted
+      # from logging. An AuditConfig must have one or more AuditLogConfigs.If there
+      # are AuditConfigs for both allServices and a specific service, the union of the
+      # two AuditConfigs is used for that service: the log_types specified in each
+      # AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
+      # exempted.Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
+      # service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
+      # exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
+      # ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
+      # "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
+      # , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
+      # this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
+      # exempts jose@example.com from DATA_READ logging, and aliya@example.com from
+      # DATA_WRITE logging.
+      class AuditConfig
+        include Google::Apis::Core::Hashable
+      
+        # The configuration for logging of each type of permission.
+        # Corresponds to the JSON property `auditLogConfigs`
+        # @return [Array<Google::Apis::LoggingV2::AuditLogConfig>]
+        attr_accessor :audit_log_configs
+      
+        # Specifies a service that will be enabled for audit logging. For example,
+        # storage.googleapis.com, cloudsql.googleapis.com. allServices is a special
+        # value that covers all services.
+        # Corresponds to the JSON property `service`
+        # @return [String]
+        attr_accessor :service
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
+          @service = args[:service] if args.key?(:service)
+        end
+      end
+      
+      # Provides the configuration for logging a type of permissions. Example: ` "
+      # audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
+      # jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
+      # DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
+      # DATA_READ logging.
+      class AuditLogConfig
+        include Google::Apis::Core::Hashable
+      
+        # Specifies the identities that do not cause logging for this type of permission.
+        # Follows the same format of Binding.members.
+        # Corresponds to the JSON property `exemptedMembers`
+        # @return [Array<String>]
+        attr_accessor :exempted_members
+      
+        # The log type that this config enables.
+        # Corresponds to the JSON property `logType`
+        # @return [String]
+        attr_accessor :log_type
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @exempted_members = args[:exempted_members] if args.key?(:exempted_members)
+          @log_type = args[:log_type] if args.key?(:log_type)
+        end
+      end
+      
       # Describes a BigQuery dataset that was created by a link.
       class BigQueryDataset
         include Google::Apis::Core::Hashable
@@ -82,6 +153,106 @@ module Google
         end
       end
       
+      # Associates members, or principals, with a role.
+      class Binding
+        include Google::Apis::Core::Hashable
+      
+        # Represents a textual expression in the Common Expression Language (CEL) syntax.
+        # CEL is a C-like expression language. The syntax and semantics of CEL are
+        # documented at https://github.com/google/cel-spec.Example (Comparison): title: "
+        # Summary size limit" description: "Determines if a summary is less than 100
+        # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
+        # Requestor is owner" description: "Determines if requestor is the document
+        # owner" expression: "document.owner == request.auth.claims.email" Example (
+        # Logic): title: "Public documents" description: "Determine whether the document
+        # should be publicly visible" expression: "document.type != 'private' &&
+        # document.type != 'internal'" Example (Data Manipulation): title: "Notification
+        # string" description: "Create a notification string with a timestamp."
+        # expression: "'New message received at ' + string(document.create_time)" The
+        # exact variables and functions that may be referenced within an expression are
+        # determined by the service that evaluates it. See the service documentation for
+        # additional information.
+        # Corresponds to the JSON property `condition`
+        # @return [Google::Apis::LoggingV2::Expr]
+        attr_accessor :condition
+      
+        # Specifies the principals requesting access for a Google Cloud resource.
+        # members can have the following values: allUsers: A special identifier that
+        # represents anyone who is on the internet; with or without a Google account.
+        # allAuthenticatedUsers: A special identifier that represents anyone who is
+        # authenticated with a Google account or a service account. Does not include
+        # identities that come from external identity providers (IdPs) through identity
+        # federation. user:`emailid`: An email address that represents a specific Google
+        # account. For example, alice@example.com . serviceAccount:`emailid`: An email
+        # address that represents a Google service account. For example, my-other-app@
+        # appspot.gserviceaccount.com. serviceAccount:`projectid`.svc.id.goog[`namespace`
+        # /`kubernetes-sa`]: An identifier for a Kubernetes service account (https://
+        # cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
+        # For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. group:`
+        # emailid`: An email address that represents a Google group. For example, admins@
+        # example.com. domain:`domain`: The G Suite domain (primary) that represents all
+        # the users of that domain. For example, google.com or example.com. principal://
+        # iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/`
+        # subject_attribute_value`: A single identity in a workforce identity pool.
+        # principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/
+        # group/`group_id`: All workforce identities in a group. principalSet://iam.
+        # googleapis.com/locations/global/workforcePools/`pool_id`/attribute.`
+        # attribute_name`/`attribute_value`: All workforce identities with a specific
+        # attribute value. principalSet://iam.googleapis.com/locations/global/
+        # workforcePools/`pool_id`/*: All identities in a workforce identity pool.
+        # principal://iam.googleapis.com/projects/`project_number`/locations/global/
+        # workloadIdentityPools/`pool_id`/subject/`subject_attribute_value`: A single
+        # identity in a workload identity pool. principalSet://iam.googleapis.com/
+        # projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/
+        # group/`group_id`: A workload identity pool group. principalSet://iam.
+        # googleapis.com/projects/`project_number`/locations/global/
+        # workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value`:
+        # All identities in a workload identity pool with a certain attribute.
+        # principalSet://iam.googleapis.com/projects/`project_number`/locations/global/
+        # workloadIdentityPools/`pool_id`/*: All identities in a workload identity pool.
+        # deleted:user:`emailid`?uid=`uniqueid`: An email address (plus unique
+        # identifier) representing a user that has been recently deleted. For example,
+        # alice@example.com?uid=123456789012345678901. If the user is recovered, this
+        # value reverts to user:`emailid` and the recovered user retains the role in the
+        # binding. deleted:serviceAccount:`emailid`?uid=`uniqueid`: An email address (
+        # plus unique identifier) representing a service account that has been recently
+        # deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=
+        # 123456789012345678901. If the service account is undeleted, this value reverts
+        # to serviceAccount:`emailid` and the undeleted service account retains the role
+        # in the binding. deleted:group:`emailid`?uid=`uniqueid`: An email address (plus
+        # unique identifier) representing a Google group that has been recently deleted.
+        # For example, admins@example.com?uid=123456789012345678901. If the group is
+        # recovered, this value reverts to group:`emailid` and the recovered group
+        # retains the role in the binding. deleted:principal://iam.googleapis.com/
+        # locations/global/workforcePools/`pool_id`/subject/`subject_attribute_value`:
+        # Deleted single identity in a workforce identity pool. For example, deleted:
+        # principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/
+        # subject/my-subject-attribute-value.
+        # Corresponds to the JSON property `members`
+        # @return [Array<String>]
+        attr_accessor :members
+      
+        # Role that is assigned to the list of members, or principals. For example,
+        # roles/viewer, roles/editor, or roles/owner.For an overview of the IAM roles
+        # and permissions, see the IAM documentation (https://cloud.google.com/iam/docs/
+        # roles-overview). For a list of the available pre-defined roles, see here (
+        # https://cloud.google.com/iam/docs/understanding-roles).
+        # Corresponds to the JSON property `role`
+        # @return [String]
+        attr_accessor :role
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @condition = args[:condition] if args.key?(:condition)
+          @members = args[:members] if args.key?(:members)
+          @role = args[:role] if args.key?(:role)
+        end
+      end
+      
       # Metadata for LongRunningUpdateBucket Operations.
       class BucketMetadata
         include Google::Apis::Core::Hashable
@@ -607,6 +778,107 @@ module Google
         end
       end
       
+      # Represents a textual expression in the Common Expression Language (CEL) syntax.
+      # CEL is a C-like expression language. The syntax and semantics of CEL are
+      # documented at https://github.com/google/cel-spec.Example (Comparison): title: "
+      # Summary size limit" description: "Determines if a summary is less than 100
+      # chars" expression: "document.summary.size() < 100" Example (Equality): title: "
+      # Requestor is owner" description: "Determines if requestor is the document
+      # owner" expression: "document.owner == request.auth.claims.email" Example (
+      # Logic): title: "Public documents" description: "Determine whether the document
+      # should be publicly visible" expression: "document.type != 'private' &&
+      # document.type != 'internal'" Example (Data Manipulation): title: "Notification
+      # string" description: "Create a notification string with a timestamp."
+      # expression: "'New message received at ' + string(document.create_time)" The
+      # exact variables and functions that may be referenced within an expression are
+      # determined by the service that evaluates it. See the service documentation for
+      # additional information.
+      class Expr
+        include Google::Apis::Core::Hashable
+      
+        # Optional. Description of the expression. This is a longer text which describes
+        # the expression, e.g. when hovered over it in a UI.
+        # Corresponds to the JSON property `description`
+        # @return [String]
+        attr_accessor :description
+      
+        # Textual representation of an expression in Common Expression Language syntax.
+        # Corresponds to the JSON property `expression`
+        # @return [String]
+        attr_accessor :expression
+      
+        # Optional. String indicating the location of the expression for error reporting,
+        # e.g. a file name and a position in the file.
+        # Corresponds to the JSON property `location`
+        # @return [String]
+        attr_accessor :location
+      
+        # Optional. Title for the expression, i.e. a short string describing its purpose.
+        # This can be used e.g. in UIs which allow to enter the expression.
+        # Corresponds to the JSON property `title`
+        # @return [String]
+        attr_accessor :title
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @description = args[:description] if args.key?(:description)
+          @expression = args[:expression] if args.key?(:expression)
+          @location = args[:location] if args.key?(:location)
+          @title = args[:title] if args.key?(:title)
+        end
+      end
+      
+      # Request message for GetIamPolicy method.
+      class GetIamPolicyRequest
+        include Google::Apis::Core::Hashable
+      
+        # Encapsulates settings provided to GetIamPolicy.
+        # Corresponds to the JSON property `options`
+        # @return [Google::Apis::LoggingV2::GetPolicyOptions]
+        attr_accessor :options
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @options = args[:options] if args.key?(:options)
+        end
+      end
+      
+      # Encapsulates settings provided to GetIamPolicy.
+      class GetPolicyOptions
+        include Google::Apis::Core::Hashable
+      
+        # Optional. The maximum policy version that will be used to format the policy.
+        # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+        # rejected.Requests for policies with any conditional role bindings must specify
+        # version 3. Policies with no conditional role bindings may specify any valid
+        # value or leave the field unset.The policy in the response might use the policy
+        # version that you specified, or it might use a lower policy version. For
+        # example, if you specify version 3, but the policy has no conditional role
+        # bindings, the response uses version 1.To learn which resources support
+        # conditions in their IAM policies, see the IAM documentation (https://cloud.
+        # google.com/iam/help/conditions/resource-policies).
+        # Corresponds to the JSON property `requestedPolicyVersion`
+        # @return [Fixnum]
+        attr_accessor :requested_policy_version
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @requested_policy_version = args[:requested_policy_version] if args.key?(:requested_policy_version)
+        end
+      end
+      
       # A common proto for logging HTTP requests. Only contains semantics defined by
       # the HTTP specification. Product-specific logging information MUST be defined
       # in a separate message.
@@ -2198,6 +2470,19 @@ module Google
         attr_accessor :include_children
         alias_method :include_children?, :include_children
       
+        # Optional. This field applies only to sinks owned by organizations and folders.
+        # When the value of 'intercept_children' is true, the following restrictions
+        # apply: The sink must have the include_children flag set to true. The sink
+        # destination must be a Cloud project.Also, the following behaviors apply: Any
+        # logs matched by the sink won't be included by non-_Required sinks owned by
+        # child resources. The sink appears in the results of a ListSinks call from a
+        # child resource if the value of the filter field in its request is either '
+        # in_scope("ALL")' or 'in_scope("ANCESTOR")'.
+        # Corresponds to the JSON property `interceptChildren`
+        # @return [Boolean]
+        attr_accessor :intercept_children
+        alias_method :intercept_children?, :intercept_children
+      
         # Output only. The client-assigned sink identifier, unique within the project.
         # For example: "my-syslog-errors-to-pubsub".Sink identifiers are limited to 100
         # characters and can include only the following characters: upper and lower-case
@@ -2212,6 +2497,14 @@ module Google
         # @return [String]
         attr_accessor :output_version_format
       
+        # Output only. The resource name of the sink. "projects/[PROJECT_ID]/sinks/[
+        # SINK_NAME] "organizations/[ORGANIZATION_ID]/sinks/[SINK_NAME] "billingAccounts/
+        # [BILLING_ACCOUNT_ID]/sinks/[SINK_NAME] "folders/[FOLDER_ID]/sinks/[SINK_NAME]
+        # For example: projects/my_project/sinks/SINK_NAME
+        # Corresponds to the JSON property `resourceName`
+        # @return [String]
+        attr_accessor :resource_name
+      
         # Output only. The last update timestamp of the sink.This field may not be
         # present for older sinks.
         # Corresponds to the JSON property `updateTime`
@@ -2248,8 +2541,10 @@ module Google
           @exclusions = args[:exclusions] if args.key?(:exclusions)
           @filter = args[:filter] if args.key?(:filter)
           @include_children = args[:include_children] if args.key?(:include_children)
+          @intercept_children = args[:intercept_children] if args.key?(:intercept_children)
           @name = args[:name] if args.key?(:name)
           @output_version_format = args[:output_version_format] if args.key?(:output_version_format)
+          @resource_name = args[:resource_name] if args.key?(:resource_name)
           @update_time = args[:update_time] if args.key?(:update_time)
           @writer_identity = args[:writer_identity] if args.key?(:writer_identity)
         end
@@ -2786,6 +3081,99 @@ module Google
         end
       end
       
+      # An Identity and Access Management (IAM) policy, which specifies access
+      # controls for Google Cloud resources.A Policy is a collection of bindings. A
+      # binding binds one or more members, or principals, to a single role. Principals
+      # can be user accounts, service accounts, Google groups, and domains (such as G
+      # Suite). A role is a named list of permissions; each role can be an IAM
+      # predefined role or a user-created custom role.For some types of Google Cloud
+      # resources, a binding can also specify a condition, which is a logical
+      # expression that allows access to a resource only if the expression evaluates
+      # to true. A condition can add constraints based on attributes of the request,
+      # the resource, or both. To learn which resources support conditions in their
+      # IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/
+      # conditions/resource-policies).JSON example: ` "bindings": [ ` "role": "roles/
+      # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
+      # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
+      # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
+      # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
+      # title": "expirable access", "description": "Does not grant access after Sep
+      # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
+      # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` YAML example: bindings: - members:
+      # - user:mike@example.com - group:admins@example.com - domain:google.com -
+      # serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
+      # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
+      # roles/resourcemanager.organizationViewer condition: title: expirable access
+      # description: Does not grant access after Sep 2020 expression: request.time <
+      # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
+      # description of IAM and its features, see the IAM documentation (https://cloud.
+      # google.com/iam/docs/).
+      class Policy
+        include Google::Apis::Core::Hashable
+      
+        # Specifies cloud audit logging configuration for this policy.
+        # Corresponds to the JSON property `auditConfigs`
+        # @return [Array<Google::Apis::LoggingV2::AuditConfig>]
+        attr_accessor :audit_configs
+      
+        # Associates a list of members, or principals, with a role. Optionally, may
+        # specify a condition that determines how and when the bindings are applied.
+        # Each of the bindings must contain at least one principal.The bindings in a
+        # Policy can refer to up to 1,500 principals; up to 250 of these principals can
+        # be Google groups. Each occurrence of a principal counts towards these limits.
+        # For example, if the bindings grant 50 different roles to user:alice@example.
+        # com, and not to any other principal, then you can add another 1,450 principals
+        # to the bindings in the Policy.
+        # Corresponds to the JSON property `bindings`
+        # @return [Array<Google::Apis::LoggingV2::Binding>]
+        attr_accessor :bindings
+      
+        # etag is used for optimistic concurrency control as a way to help prevent
+        # simultaneous updates of a policy from overwriting each other. It is strongly
+        # suggested that systems make use of the etag in the read-modify-write cycle to
+        # perform policy updates in order to avoid race conditions: An etag is returned
+        # in the response to getIamPolicy, and systems are expected to put that etag in
+        # the request to setIamPolicy to ensure that their change will be applied to the
+        # same version of the policy.Important: If you use IAM Conditions, you must
+        # include the etag field whenever you call setIamPolicy. If you omit this field,
+        # then IAM allows you to overwrite a version 3 policy with a version 1 policy,
+        # and all of the conditions in the version 3 policy are lost.
+        # Corresponds to the JSON property `etag`
+        # NOTE: Values are automatically base64 encoded/decoded in the client library.
+        # @return [String]
+        attr_accessor :etag
+      
+        # Specifies the format of the policy.Valid values are 0, 1, and 3. Requests that
+        # specify an invalid value are rejected.Any operation that affects conditional
+        # role bindings must specify version 3. This requirement applies to the
+        # following operations: Getting a policy that includes a conditional role
+        # binding Adding a conditional role binding to a policy Changing a conditional
+        # role binding in a policy Removing any role binding, with or without a
+        # condition, from a policy that includes conditionsImportant: If you use IAM
+        # Conditions, you must include the etag field whenever you call setIamPolicy. If
+        # you omit this field, then IAM allows you to overwrite a version 3 policy with
+        # a version 1 policy, and all of the conditions in the version 3 policy are lost.
+        # If a policy does not include any conditions, operations on that policy may
+        # specify any valid version or leave the field unset.To learn which resources
+        # support conditions in their IAM policies, see the IAM documentation (https://
+        # cloud.google.com/iam/help/conditions/resource-policies).
+        # Corresponds to the JSON property `version`
+        # @return [Fixnum]
+        attr_accessor :version
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @audit_configs = args[:audit_configs] if args.key?(:audit_configs)
+          @bindings = args[:bindings] if args.key?(:bindings)
+          @etag = args[:etag] if args.key?(:etag)
+          @version = args[:version] if args.key?(:version)
+        end
+      end
+      
       # Describes a recent query executed on the Logs Explorer or Log Analytics page
       # within the last ~ 30 days.
       class RecentQuery
@@ -3140,6 +3528,59 @@ module Google
         end
       end
       
+      # Request message for SetIamPolicy method.
+      class SetIamPolicyRequest
+        include Google::Apis::Core::Hashable
+      
+        # An Identity and Access Management (IAM) policy, which specifies access
+        # controls for Google Cloud resources.A Policy is a collection of bindings. A
+        # binding binds one or more members, or principals, to a single role. Principals
+        # can be user accounts, service accounts, Google groups, and domains (such as G
+        # Suite). A role is a named list of permissions; each role can be an IAM
+        # predefined role or a user-created custom role.For some types of Google Cloud
+        # resources, a binding can also specify a condition, which is a logical
+        # expression that allows access to a resource only if the expression evaluates
+        # to true. A condition can add constraints based on attributes of the request,
+        # the resource, or both. To learn which resources support conditions in their
+        # IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/
+        # conditions/resource-policies).JSON example: ` "bindings": [ ` "role": "roles/
+        # resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "
+        # group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@
+        # appspot.gserviceaccount.com" ] `, ` "role": "roles/resourcemanager.
+        # organizationViewer", "members": [ "user:eve@example.com" ], "condition": ` "
+        # title": "expirable access", "description": "Does not grant access after Sep
+        # 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", `
+        # ` ], "etag": "BwWWja0YfJA=", "version": 3 ` YAML example: bindings: - members:
+        # - user:mike@example.com - group:admins@example.com - domain:google.com -
+        # serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/
+        # resourcemanager.organizationAdmin - members: - user:eve@example.com role:
+        # roles/resourcemanager.organizationViewer condition: title: expirable access
+        # description: Does not grant access after Sep 2020 expression: request.time <
+        # timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a
+        # description of IAM and its features, see the IAM documentation (https://cloud.
+        # google.com/iam/docs/).
+        # Corresponds to the JSON property `policy`
+        # @return [Google::Apis::LoggingV2::Policy]
+        attr_accessor :policy
+      
+        # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+        # the fields in the mask will be modified. If no mask is provided, the following
+        # default mask is used:paths: "bindings, etag"
+        # Corresponds to the JSON property `updateMask`
+        # @return [String]
+        attr_accessor :update_mask
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @policy = args[:policy] if args.key?(:policy)
+          @update_mask = args[:update_mask] if args.key?(:update_mask)
+        end
+      end
+      
       # Describes the settings associated with a project, folder, organization, or
       # billing account.
       class Settings
@@ -3447,6 +3888,46 @@ module Google
         end
       end
       
+      # Request message for TestIamPermissions method.
+      class TestIamPermissionsRequest
+        include Google::Apis::Core::Hashable
+      
+        # The set of permissions to check for the resource. Permissions with wildcards (
+        # such as * or storage.*) are not allowed. For more information see IAM Overview
+        # (https://cloud.google.com/iam/docs/overview#permissions).
+        # Corresponds to the JSON property `permissions`
+        # @return [Array<String>]
+        attr_accessor :permissions
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @permissions = args[:permissions] if args.key?(:permissions)
+        end
+      end
+      
+      # Response message for TestIamPermissions method.
+      class TestIamPermissionsResponse
+        include Google::Apis::Core::Hashable
+      
+        # A subset of TestPermissionsRequest.permissions that the caller is allowed.
+        # Corresponds to the JSON property `permissions`
+        # @return [Array<String>]
+        attr_accessor :permissions
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @permissions = args[:permissions] if args.key?(:permissions)
+        end
+      end
+      
       # The parameters to UndeleteBucket.
       class UndeleteBucketRequest
         include Google::Apis::Core::Hashable

data/lib/google/apis/logging_v2/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module LoggingV2
       # Version of the google-apis-logging_v2 gem
-      GEM_VERSION = "0.65.0"
+      GEM_VERSION = "0.67.0"
 
       # Version of the code generator used to generate this client
       GENERATOR_VERSION = "0.14.0"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20240301"
+      REVISION = "20240419"
     end
   end
 end