google-apis-secretmanager_v1beta2 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.yardopts +13 -0
- data/CHANGELOG.md +7 -0
- data/LICENSE.md +202 -0
- data/OVERVIEW.md +96 -0
- data/lib/google/apis/secretmanager_v1beta2/classes.rb +1225 -0
- data/lib/google/apis/secretmanager_v1beta2/gem_version.rb +28 -0
- data/lib/google/apis/secretmanager_v1beta2/representations.rb +527 -0
- data/lib/google/apis/secretmanager_v1beta2/service.rb +1269 -0
- data/lib/google/apis/secretmanager_v1beta2.rb +37 -0
- data/lib/google-apis-secretmanager_v1beta2.rb +15 -0
- metadata +82 -0
@@ -0,0 +1,1225 @@
|
|
1
|
+
# Copyright 2020 Google LLC
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'date'
|
16
|
+
require 'google/apis/core/base_service'
|
17
|
+
require 'google/apis/core/json_representation'
|
18
|
+
require 'google/apis/core/hashable'
|
19
|
+
require 'google/apis/errors'
|
20
|
+
|
21
|
+
module Google
|
22
|
+
module Apis
|
23
|
+
module SecretmanagerV1beta2
|
24
|
+
|
25
|
+
# Response message for SecretManagerService.AccessSecretVersion.
|
26
|
+
class AccessSecretVersionResponse
|
27
|
+
include Google::Apis::Core::Hashable
|
28
|
+
|
29
|
+
# The resource name of the SecretVersion in the format `projects/*/secrets/*/
|
30
|
+
# versions/*` or `projects/*/locations/*/secrets/*/versions/*`.
|
31
|
+
# Corresponds to the JSON property `name`
|
32
|
+
# @return [String]
|
33
|
+
attr_accessor :name
|
34
|
+
|
35
|
+
# A secret payload resource in the Secret Manager API. This contains the
|
36
|
+
# sensitive secret payload that is associated with a SecretVersion.
|
37
|
+
# Corresponds to the JSON property `payload`
|
38
|
+
# @return [Google::Apis::SecretmanagerV1beta2::SecretPayload]
|
39
|
+
attr_accessor :payload
|
40
|
+
|
41
|
+
def initialize(**args)
|
42
|
+
update!(**args)
|
43
|
+
end
|
44
|
+
|
45
|
+
# Update properties of this object
|
46
|
+
def update!(**args)
|
47
|
+
@name = args[:name] if args.key?(:name)
|
48
|
+
@payload = args[:payload] if args.key?(:payload)
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
# Request message for SecretManagerService.AddSecretVersion.
|
53
|
+
class AddSecretVersionRequest
|
54
|
+
include Google::Apis::Core::Hashable
|
55
|
+
|
56
|
+
# A secret payload resource in the Secret Manager API. This contains the
|
57
|
+
# sensitive secret payload that is associated with a SecretVersion.
|
58
|
+
# Corresponds to the JSON property `payload`
|
59
|
+
# @return [Google::Apis::SecretmanagerV1beta2::SecretPayload]
|
60
|
+
attr_accessor :payload
|
61
|
+
|
62
|
+
def initialize(**args)
|
63
|
+
update!(**args)
|
64
|
+
end
|
65
|
+
|
66
|
+
# Update properties of this object
|
67
|
+
def update!(**args)
|
68
|
+
@payload = args[:payload] if args.key?(:payload)
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
# Specifies the audit configuration for a service. The configuration determines
|
73
|
+
# which permission types are logged, and what identities, if any, are exempted
|
74
|
+
# from logging. An AuditConfig must have one or more AuditLogConfigs. If there
|
75
|
+
# are AuditConfigs for both `allServices` and a specific service, the union of
|
76
|
+
# the two AuditConfigs is used for that service: the log_types specified in each
|
77
|
+
# AuditConfig are enabled, and the exempted_members in each AuditLogConfig are
|
78
|
+
# exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` "
|
79
|
+
# service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", "
|
80
|
+
# exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `,
|
81
|
+
# ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com",
|
82
|
+
# "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE"
|
83
|
+
# , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice,
|
84
|
+
# this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also
|
85
|
+
# exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com`
|
86
|
+
# from DATA_WRITE logging.
|
87
|
+
class AuditConfig
|
88
|
+
include Google::Apis::Core::Hashable
|
89
|
+
|
90
|
+
# The configuration for logging of each type of permission.
|
91
|
+
# Corresponds to the JSON property `auditLogConfigs`
|
92
|
+
# @return [Array<Google::Apis::SecretmanagerV1beta2::AuditLogConfig>]
|
93
|
+
attr_accessor :audit_log_configs
|
94
|
+
|
95
|
+
# Specifies a service that will be enabled for audit logging. For example, `
|
96
|
+
# storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special
|
97
|
+
# value that covers all services.
|
98
|
+
# Corresponds to the JSON property `service`
|
99
|
+
# @return [String]
|
100
|
+
attr_accessor :service
|
101
|
+
|
102
|
+
def initialize(**args)
|
103
|
+
update!(**args)
|
104
|
+
end
|
105
|
+
|
106
|
+
# Update properties of this object
|
107
|
+
def update!(**args)
|
108
|
+
@audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
|
109
|
+
@service = args[:service] if args.key?(:service)
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
# Provides the configuration for logging a type of permissions. Example: ` "
|
114
|
+
# audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user:
|
115
|
+
# jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables '
|
116
|
+
# DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from
|
117
|
+
# DATA_READ logging.
|
118
|
+
class AuditLogConfig
|
119
|
+
include Google::Apis::Core::Hashable
|
120
|
+
|
121
|
+
# Specifies the identities that do not cause logging for this type of permission.
|
122
|
+
# Follows the same format of Binding.members.
|
123
|
+
# Corresponds to the JSON property `exemptedMembers`
|
124
|
+
# @return [Array<String>]
|
125
|
+
attr_accessor :exempted_members
|
126
|
+
|
127
|
+
# The log type that this config enables.
|
128
|
+
# Corresponds to the JSON property `logType`
|
129
|
+
# @return [String]
|
130
|
+
attr_accessor :log_type
|
131
|
+
|
132
|
+
def initialize(**args)
|
133
|
+
update!(**args)
|
134
|
+
end
|
135
|
+
|
136
|
+
# Update properties of this object
|
137
|
+
def update!(**args)
|
138
|
+
@exempted_members = args[:exempted_members] if args.key?(:exempted_members)
|
139
|
+
@log_type = args[:log_type] if args.key?(:log_type)
|
140
|
+
end
|
141
|
+
end
|
142
|
+
|
143
|
+
# A replication policy that replicates the Secret payload without any
|
144
|
+
# restrictions.
|
145
|
+
class Automatic
|
146
|
+
include Google::Apis::Core::Hashable
|
147
|
+
|
148
|
+
# Configuration for encrypting secret payloads using customer-managed encryption
|
149
|
+
# keys (CMEK).
|
150
|
+
# Corresponds to the JSON property `customerManagedEncryption`
|
151
|
+
# @return [Google::Apis::SecretmanagerV1beta2::CustomerManagedEncryption]
|
152
|
+
attr_accessor :customer_managed_encryption
|
153
|
+
|
154
|
+
def initialize(**args)
|
155
|
+
update!(**args)
|
156
|
+
end
|
157
|
+
|
158
|
+
# Update properties of this object
|
159
|
+
def update!(**args)
|
160
|
+
@customer_managed_encryption = args[:customer_managed_encryption] if args.key?(:customer_managed_encryption)
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
# The replication status of a SecretVersion using automatic replication. Only
|
165
|
+
# populated if the parent Secret has an automatic replication policy.
|
166
|
+
class AutomaticStatus
|
167
|
+
include Google::Apis::Core::Hashable
|
168
|
+
|
169
|
+
# Describes the status of customer-managed encryption.
|
170
|
+
# Corresponds to the JSON property `customerManagedEncryption`
|
171
|
+
# @return [Google::Apis::SecretmanagerV1beta2::CustomerManagedEncryptionStatus]
|
172
|
+
attr_accessor :customer_managed_encryption
|
173
|
+
|
174
|
+
def initialize(**args)
|
175
|
+
update!(**args)
|
176
|
+
end
|
177
|
+
|
178
|
+
# Update properties of this object
|
179
|
+
def update!(**args)
|
180
|
+
@customer_managed_encryption = args[:customer_managed_encryption] if args.key?(:customer_managed_encryption)
|
181
|
+
end
|
182
|
+
end
|
183
|
+
|
184
|
+
# Associates `members`, or principals, with a `role`.
|
185
|
+
class Binding
|
186
|
+
include Google::Apis::Core::Hashable
|
187
|
+
|
188
|
+
# Represents a textual expression in the Common Expression Language (CEL) syntax.
|
189
|
+
# CEL is a C-like expression language. The syntax and semantics of CEL are
|
190
|
+
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
|
191
|
+
# "Summary size limit" description: "Determines if a summary is less than 100
|
192
|
+
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
|
193
|
+
# Requestor is owner" description: "Determines if requestor is the document
|
194
|
+
# owner" expression: "document.owner == request.auth.claims.email" Example (
|
195
|
+
# Logic): title: "Public documents" description: "Determine whether the document
|
196
|
+
# should be publicly visible" expression: "document.type != 'private' &&
|
197
|
+
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
|
198
|
+
# string" description: "Create a notification string with a timestamp."
|
199
|
+
# expression: "'New message received at ' + string(document.create_time)" The
|
200
|
+
# exact variables and functions that may be referenced within an expression are
|
201
|
+
# determined by the service that evaluates it. See the service documentation for
|
202
|
+
# additional information.
|
203
|
+
# Corresponds to the JSON property `condition`
|
204
|
+
# @return [Google::Apis::SecretmanagerV1beta2::Expr]
|
205
|
+
attr_accessor :condition
|
206
|
+
|
207
|
+
# Specifies the principals requesting access for a Google Cloud resource. `
|
208
|
+
# members` can have the following values: * `allUsers`: A special identifier
|
209
|
+
# that represents anyone who is on the internet; with or without a Google
|
210
|
+
# account. * `allAuthenticatedUsers`: A special identifier that represents
|
211
|
+
# anyone who is authenticated with a Google account or a service account. Does
|
212
|
+
# not include identities that come from external identity providers (IdPs)
|
213
|
+
# through identity federation. * `user:`emailid``: An email address that
|
214
|
+
# represents a specific Google account. For example, `alice@example.com` . * `
|
215
|
+
# serviceAccount:`emailid``: An email address that represents a Google service
|
216
|
+
# account. For example, `my-other-app@appspot.gserviceaccount.com`. * `
|
217
|
+
# serviceAccount:`projectid`.svc.id.goog[`namespace`/`kubernetes-sa`]`: An
|
218
|
+
# identifier for a [Kubernetes service account](https://cloud.google.com/
|
219
|
+
# kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-
|
220
|
+
# project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:`emailid``: An
|
221
|
+
# email address that represents a Google group. For example, `admins@example.com`
|
222
|
+
# . * `domain:`domain``: The G Suite domain (primary) that represents all the
|
223
|
+
# users of that domain. For example, `google.com` or `example.com`. * `principal:
|
224
|
+
# //iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/`
|
225
|
+
# subject_attribute_value``: A single identity in a workforce identity pool. * `
|
226
|
+
# principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/
|
227
|
+
# group/`group_id``: All workforce identities in a group. * `principalSet://iam.
|
228
|
+
# googleapis.com/locations/global/workforcePools/`pool_id`/attribute.`
|
229
|
+
# attribute_name`/`attribute_value``: All workforce identities with a specific
|
230
|
+
# attribute value. * `principalSet://iam.googleapis.com/locations/global/
|
231
|
+
# workforcePools/`pool_id`/*`: All identities in a workforce identity pool. * `
|
232
|
+
# principal://iam.googleapis.com/projects/`project_number`/locations/global/
|
233
|
+
# workloadIdentityPools/`pool_id`/subject/`subject_attribute_value``: A single
|
234
|
+
# identity in a workload identity pool. * `principalSet://iam.googleapis.com/
|
235
|
+
# projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/
|
236
|
+
# group/`group_id``: A workload identity pool group. * `principalSet://iam.
|
237
|
+
# googleapis.com/projects/`project_number`/locations/global/
|
238
|
+
# workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value``:
|
239
|
+
# All identities in a workload identity pool with a certain attribute. * `
|
240
|
+
# principalSet://iam.googleapis.com/projects/`project_number`/locations/global/
|
241
|
+
# workloadIdentityPools/`pool_id`/*`: All identities in a workload identity pool.
|
242
|
+
# * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
|
243
|
+
# identifier) representing a user that has been recently deleted. For example, `
|
244
|
+
# alice@example.com?uid=123456789012345678901`. If the user is recovered, this
|
245
|
+
# value reverts to `user:`emailid`` and the recovered user retains the role in
|
246
|
+
# the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email
|
247
|
+
# address (plus unique identifier) representing a service account that has been
|
248
|
+
# recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=
|
249
|
+
# 123456789012345678901`. If the service account is undeleted, this value
|
250
|
+
# reverts to `serviceAccount:`emailid`` and the undeleted service account
|
251
|
+
# retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``:
|
252
|
+
# An email address (plus unique identifier) representing a Google group that has
|
253
|
+
# been recently deleted. For example, `admins@example.com?uid=
|
254
|
+
# 123456789012345678901`. If the group is recovered, this value reverts to `
|
255
|
+
# group:`emailid`` and the recovered group retains the role in the binding. * `
|
256
|
+
# deleted:principal://iam.googleapis.com/locations/global/workforcePools/`
|
257
|
+
# pool_id`/subject/`subject_attribute_value``: Deleted single identity in a
|
258
|
+
# workforce identity pool. For example, `deleted:principal://iam.googleapis.com/
|
259
|
+
# locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
|
260
|
+
# Corresponds to the JSON property `members`
|
261
|
+
# @return [Array<String>]
|
262
|
+
attr_accessor :members
|
263
|
+
|
264
|
+
# Role that is assigned to the list of `members`, or principals. For example, `
|
265
|
+
# roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM
|
266
|
+
# roles and permissions, see the [IAM documentation](https://cloud.google.com/
|
267
|
+
# iam/docs/roles-overview). For a list of the available pre-defined roles, see [
|
268
|
+
# here](https://cloud.google.com/iam/docs/understanding-roles).
|
269
|
+
# Corresponds to the JSON property `role`
|
270
|
+
# @return [String]
|
271
|
+
attr_accessor :role
|
272
|
+
|
273
|
+
def initialize(**args)
|
274
|
+
update!(**args)
|
275
|
+
end
|
276
|
+
|
277
|
+
# Update properties of this object
|
278
|
+
def update!(**args)
|
279
|
+
@condition = args[:condition] if args.key?(:condition)
|
280
|
+
@members = args[:members] if args.key?(:members)
|
281
|
+
@role = args[:role] if args.key?(:role)
|
282
|
+
end
|
283
|
+
end
|
284
|
+
|
285
|
+
# Configuration for encrypting secret payloads using customer-managed encryption
|
286
|
+
# keys (CMEK).
|
287
|
+
class CustomerManagedEncryption
|
288
|
+
include Google::Apis::Core::Hashable
|
289
|
+
|
290
|
+
# Required. The resource name of the Cloud KMS CryptoKey used to encrypt secret
|
291
|
+
# payloads. For secrets using the UserManaged replication policy type, Cloud KMS
|
292
|
+
# CryptoKeys must reside in the same location as the replica location. For
|
293
|
+
# secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must
|
294
|
+
# reside in `global`. The expected format is `projects/*/locations/*/keyRings/*/
|
295
|
+
# cryptoKeys/*`.
|
296
|
+
# Corresponds to the JSON property `kmsKeyName`
|
297
|
+
# @return [String]
|
298
|
+
attr_accessor :kms_key_name
|
299
|
+
|
300
|
+
def initialize(**args)
|
301
|
+
update!(**args)
|
302
|
+
end
|
303
|
+
|
304
|
+
# Update properties of this object
|
305
|
+
def update!(**args)
|
306
|
+
@kms_key_name = args[:kms_key_name] if args.key?(:kms_key_name)
|
307
|
+
end
|
308
|
+
end
|
309
|
+
|
310
|
+
# Describes the status of customer-managed encryption.
|
311
|
+
class CustomerManagedEncryptionStatus
|
312
|
+
include Google::Apis::Core::Hashable
|
313
|
+
|
314
|
+
# Required. The resource name of the Cloud KMS CryptoKeyVersion used to encrypt
|
315
|
+
# the secret payload, in the following format: `projects/*/locations/*/keyRings/*
|
316
|
+
# /cryptoKeys/*/versions/*`.
|
317
|
+
# Corresponds to the JSON property `kmsKeyVersionName`
|
318
|
+
# @return [String]
|
319
|
+
attr_accessor :kms_key_version_name
|
320
|
+
|
321
|
+
def initialize(**args)
|
322
|
+
update!(**args)
|
323
|
+
end
|
324
|
+
|
325
|
+
# Update properties of this object
|
326
|
+
def update!(**args)
|
327
|
+
@kms_key_version_name = args[:kms_key_version_name] if args.key?(:kms_key_version_name)
|
328
|
+
end
|
329
|
+
end
|
330
|
+
|
331
|
+
# Request message for SecretManagerService.DestroySecretVersion.
|
332
|
+
class DestroySecretVersionRequest
|
333
|
+
include Google::Apis::Core::Hashable
|
334
|
+
|
335
|
+
# Optional. Etag of the SecretVersion. The request succeeds if it matches the
|
336
|
+
# etag of the currently stored secret version object. If the etag is omitted,
|
337
|
+
# the request succeeds.
|
338
|
+
# Corresponds to the JSON property `etag`
|
339
|
+
# @return [String]
|
340
|
+
attr_accessor :etag
|
341
|
+
|
342
|
+
def initialize(**args)
|
343
|
+
update!(**args)
|
344
|
+
end
|
345
|
+
|
346
|
+
# Update properties of this object
|
347
|
+
def update!(**args)
|
348
|
+
@etag = args[:etag] if args.key?(:etag)
|
349
|
+
end
|
350
|
+
end
|
351
|
+
|
352
|
+
# Request message for SecretManagerService.DisableSecretVersion.
|
353
|
+
class DisableSecretVersionRequest
|
354
|
+
include Google::Apis::Core::Hashable
|
355
|
+
|
356
|
+
# Optional. Etag of the SecretVersion. The request succeeds if it matches the
|
357
|
+
# etag of the currently stored secret version object. If the etag is omitted,
|
358
|
+
# the request succeeds.
|
359
|
+
# Corresponds to the JSON property `etag`
|
360
|
+
# @return [String]
|
361
|
+
attr_accessor :etag
|
362
|
+
|
363
|
+
def initialize(**args)
|
364
|
+
update!(**args)
|
365
|
+
end
|
366
|
+
|
367
|
+
# Update properties of this object
|
368
|
+
def update!(**args)
|
369
|
+
@etag = args[:etag] if args.key?(:etag)
|
370
|
+
end
|
371
|
+
end
|
372
|
+
|
373
|
+
# A generic empty message that you can re-use to avoid defining duplicated empty
|
374
|
+
# messages in your APIs. A typical example is to use it as the request or the
|
375
|
+
# response type of an API method. For instance: service Foo ` rpc Bar(google.
|
376
|
+
# protobuf.Empty) returns (google.protobuf.Empty); `
|
377
|
+
class Empty
|
378
|
+
include Google::Apis::Core::Hashable
|
379
|
+
|
380
|
+
def initialize(**args)
|
381
|
+
update!(**args)
|
382
|
+
end
|
383
|
+
|
384
|
+
# Update properties of this object
|
385
|
+
def update!(**args)
|
386
|
+
end
|
387
|
+
end
|
388
|
+
|
389
|
+
# Request message for SecretManagerService.EnableSecretVersion.
|
390
|
+
class EnableSecretVersionRequest
|
391
|
+
include Google::Apis::Core::Hashable
|
392
|
+
|
393
|
+
# Optional. Etag of the SecretVersion. The request succeeds if it matches the
|
394
|
+
# etag of the currently stored secret version object. If the etag is omitted,
|
395
|
+
# the request succeeds.
|
396
|
+
# Corresponds to the JSON property `etag`
|
397
|
+
# @return [String]
|
398
|
+
attr_accessor :etag
|
399
|
+
|
400
|
+
def initialize(**args)
|
401
|
+
update!(**args)
|
402
|
+
end
|
403
|
+
|
404
|
+
# Update properties of this object
|
405
|
+
def update!(**args)
|
406
|
+
@etag = args[:etag] if args.key?(:etag)
|
407
|
+
end
|
408
|
+
end
|
409
|
+
|
410
|
+
# Represents a textual expression in the Common Expression Language (CEL) syntax.
|
411
|
+
# CEL is a C-like expression language. The syntax and semantics of CEL are
|
412
|
+
# documented at https://github.com/google/cel-spec. Example (Comparison): title:
|
413
|
+
# "Summary size limit" description: "Determines if a summary is less than 100
|
414
|
+
# chars" expression: "document.summary.size() < 100" Example (Equality): title: "
|
415
|
+
# Requestor is owner" description: "Determines if requestor is the document
|
416
|
+
# owner" expression: "document.owner == request.auth.claims.email" Example (
|
417
|
+
# Logic): title: "Public documents" description: "Determine whether the document
|
418
|
+
# should be publicly visible" expression: "document.type != 'private' &&
|
419
|
+
# document.type != 'internal'" Example (Data Manipulation): title: "Notification
|
420
|
+
# string" description: "Create a notification string with a timestamp."
|
421
|
+
# expression: "'New message received at ' + string(document.create_time)" The
|
422
|
+
# exact variables and functions that may be referenced within an expression are
|
423
|
+
# determined by the service that evaluates it. See the service documentation for
|
424
|
+
# additional information.
|
425
|
+
class Expr
|
426
|
+
include Google::Apis::Core::Hashable
|
427
|
+
|
428
|
+
# Optional. Description of the expression. This is a longer text which describes
|
429
|
+
# the expression, e.g. when hovered over it in a UI.
|
430
|
+
# Corresponds to the JSON property `description`
|
431
|
+
# @return [String]
|
432
|
+
attr_accessor :description
|
433
|
+
|
434
|
+
# Textual representation of an expression in Common Expression Language syntax.
|
435
|
+
# Corresponds to the JSON property `expression`
|
436
|
+
# @return [String]
|
437
|
+
attr_accessor :expression
|
438
|
+
|
439
|
+
# Optional. String indicating the location of the expression for error reporting,
|
440
|
+
# e.g. a file name and a position in the file.
|
441
|
+
# Corresponds to the JSON property `location`
|
442
|
+
# @return [String]
|
443
|
+
attr_accessor :location
|
444
|
+
|
445
|
+
# Optional. Title for the expression, i.e. a short string describing its purpose.
|
446
|
+
# This can be used e.g. in UIs which allow to enter the expression.
|
447
|
+
# Corresponds to the JSON property `title`
|
448
|
+
# @return [String]
|
449
|
+
attr_accessor :title
|
450
|
+
|
451
|
+
def initialize(**args)
|
452
|
+
update!(**args)
|
453
|
+
end
|
454
|
+
|
455
|
+
# Update properties of this object
|
456
|
+
def update!(**args)
|
457
|
+
@description = args[:description] if args.key?(:description)
|
458
|
+
@expression = args[:expression] if args.key?(:expression)
|
459
|
+
@location = args[:location] if args.key?(:location)
|
460
|
+
@title = args[:title] if args.key?(:title)
|
461
|
+
end
|
462
|
+
end
|
463
|
+
|
464
|
+
# The response message for Locations.ListLocations.
|
465
|
+
class ListLocationsResponse
|
466
|
+
include Google::Apis::Core::Hashable
|
467
|
+
|
468
|
+
# A list of locations that matches the specified filter in the request.
|
469
|
+
# Corresponds to the JSON property `locations`
|
470
|
+
# @return [Array<Google::Apis::SecretmanagerV1beta2::Location>]
|
471
|
+
attr_accessor :locations
|
472
|
+
|
473
|
+
# The standard List next-page token.
|
474
|
+
# Corresponds to the JSON property `nextPageToken`
|
475
|
+
# @return [String]
|
476
|
+
attr_accessor :next_page_token
|
477
|
+
|
478
|
+
def initialize(**args)
|
479
|
+
update!(**args)
|
480
|
+
end
|
481
|
+
|
482
|
+
# Update properties of this object
|
483
|
+
def update!(**args)
|
484
|
+
@locations = args[:locations] if args.key?(:locations)
|
485
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
486
|
+
end
|
487
|
+
end
|
488
|
+
|
489
|
+
# Response message for SecretManagerService.ListSecretVersions.
|
490
|
+
class ListSecretVersionsResponse
|
491
|
+
include Google::Apis::Core::Hashable
|
492
|
+
|
493
|
+
# A token to retrieve the next page of results. Pass this value in
|
494
|
+
# ListSecretVersionsRequest.page_token to retrieve the next page.
|
495
|
+
# Corresponds to the JSON property `nextPageToken`
|
496
|
+
# @return [String]
|
497
|
+
attr_accessor :next_page_token
|
498
|
+
|
499
|
+
# The total number of SecretVersions but 0 when the ListSecretsRequest.filter
|
500
|
+
# field is set.
|
501
|
+
# Corresponds to the JSON property `totalSize`
|
502
|
+
# @return [Fixnum]
|
503
|
+
attr_accessor :total_size
|
504
|
+
|
505
|
+
# The list of SecretVersions sorted in reverse by create_time (newest first).
|
506
|
+
# Corresponds to the JSON property `versions`
|
507
|
+
# @return [Array<Google::Apis::SecretmanagerV1beta2::SecretVersion>]
|
508
|
+
attr_accessor :versions
|
509
|
+
|
510
|
+
def initialize(**args)
|
511
|
+
update!(**args)
|
512
|
+
end
|
513
|
+
|
514
|
+
# Update properties of this object
|
515
|
+
def update!(**args)
|
516
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
517
|
+
@total_size = args[:total_size] if args.key?(:total_size)
|
518
|
+
@versions = args[:versions] if args.key?(:versions)
|
519
|
+
end
|
520
|
+
end
|
521
|
+
|
522
|
+
# Response message for SecretManagerService.ListSecrets.
|
523
|
+
class ListSecretsResponse
|
524
|
+
include Google::Apis::Core::Hashable
|
525
|
+
|
526
|
+
# A token to retrieve the next page of results. Pass this value in
|
527
|
+
# ListSecretsRequest.page_token to retrieve the next page.
|
528
|
+
# Corresponds to the JSON property `nextPageToken`
|
529
|
+
# @return [String]
|
530
|
+
attr_accessor :next_page_token
|
531
|
+
|
532
|
+
# The list of Secrets sorted in reverse by create_time (newest first).
|
533
|
+
# Corresponds to the JSON property `secrets`
|
534
|
+
# @return [Array<Google::Apis::SecretmanagerV1beta2::Secret>]
|
535
|
+
attr_accessor :secrets
|
536
|
+
|
537
|
+
# The total number of Secrets but 0 when the ListSecretsRequest.filter field is
|
538
|
+
# set.
|
539
|
+
# Corresponds to the JSON property `totalSize`
|
540
|
+
# @return [Fixnum]
|
541
|
+
attr_accessor :total_size
|
542
|
+
|
543
|
+
def initialize(**args)
|
544
|
+
update!(**args)
|
545
|
+
end
|
546
|
+
|
547
|
+
# Update properties of this object
|
548
|
+
def update!(**args)
|
549
|
+
@next_page_token = args[:next_page_token] if args.key?(:next_page_token)
|
550
|
+
@secrets = args[:secrets] if args.key?(:secrets)
|
551
|
+
@total_size = args[:total_size] if args.key?(:total_size)
|
552
|
+
end
|
553
|
+
end
|
554
|
+
|
555
|
+
# A resource that represents a Google Cloud location.
|
556
|
+
class Location
|
557
|
+
include Google::Apis::Core::Hashable
|
558
|
+
|
559
|
+
# The friendly name for this location, typically a nearby city name. For example,
|
560
|
+
# "Tokyo".
|
561
|
+
# Corresponds to the JSON property `displayName`
|
562
|
+
# @return [String]
|
563
|
+
attr_accessor :display_name
|
564
|
+
|
565
|
+
# Cross-service attributes for the location. For example `"cloud.googleapis.com/
|
566
|
+
# region": "us-east1"`
|
567
|
+
# Corresponds to the JSON property `labels`
|
568
|
+
# @return [Hash<String,String>]
|
569
|
+
attr_accessor :labels
|
570
|
+
|
571
|
+
# The canonical id for this location. For example: `"us-east1"`.
|
572
|
+
# Corresponds to the JSON property `locationId`
|
573
|
+
# @return [String]
|
574
|
+
attr_accessor :location_id
|
575
|
+
|
576
|
+
# Service-specific metadata. For example the available capacity at the given
|
577
|
+
# location.
|
578
|
+
# Corresponds to the JSON property `metadata`
|
579
|
+
# @return [Hash<String,Object>]
|
580
|
+
attr_accessor :metadata
|
581
|
+
|
582
|
+
# Resource name for the location, which may vary between implementations. For
|
583
|
+
# example: `"projects/example-project/locations/us-east1"`
|
584
|
+
# Corresponds to the JSON property `name`
|
585
|
+
# @return [String]
|
586
|
+
attr_accessor :name
|
587
|
+
|
588
|
+
def initialize(**args)
|
589
|
+
update!(**args)
|
590
|
+
end
|
591
|
+
|
592
|
+
# Update properties of this object
|
593
|
+
def update!(**args)
|
594
|
+
@display_name = args[:display_name] if args.key?(:display_name)
|
595
|
+
@labels = args[:labels] if args.key?(:labels)
|
596
|
+
@location_id = args[:location_id] if args.key?(:location_id)
|
597
|
+
@metadata = args[:metadata] if args.key?(:metadata)
|
598
|
+
@name = args[:name] if args.key?(:name)
|
599
|
+
end
|
600
|
+
end
|
601
|
+
|
602
|
+
# An Identity and Access Management (IAM) policy, which specifies access
|
603
|
+
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
604
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
605
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
606
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
607
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
608
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
609
|
+
# logical expression that allows access to a resource only if the expression
|
610
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
611
|
+
# the request, the resource, or both. To learn which resources support
|
612
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
613
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
|
614
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
615
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
616
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
617
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
618
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
619
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
620
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
|
621
|
+
# example:** ``` bindings: - members: - user:mike@example.com - group:admins@
|
622
|
+
# example.com - domain:google.com - serviceAccount:my-project-id@appspot.
|
623
|
+
# gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
|
624
|
+
# user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
|
625
|
+
# title: expirable access description: Does not grant access after Sep 2020
|
626
|
+
# expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
|
627
|
+
# BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
|
628
|
+
# [IAM documentation](https://cloud.google.com/iam/docs/).
|
629
|
+
class Policy
|
630
|
+
include Google::Apis::Core::Hashable
|
631
|
+
|
632
|
+
# Specifies cloud audit logging configuration for this policy.
|
633
|
+
# Corresponds to the JSON property `auditConfigs`
|
634
|
+
# @return [Array<Google::Apis::SecretmanagerV1beta2::AuditConfig>]
|
635
|
+
attr_accessor :audit_configs
|
636
|
+
|
637
|
+
# Associates a list of `members`, or principals, with a `role`. Optionally, may
|
638
|
+
# specify a `condition` that determines how and when the `bindings` are applied.
|
639
|
+
# Each of the `bindings` must contain at least one principal. The `bindings` in
|
640
|
+
# a `Policy` can refer to up to 1,500 principals; up to 250 of these principals
|
641
|
+
# can be Google groups. Each occurrence of a principal counts towards these
|
642
|
+
# limits. For example, if the `bindings` grant 50 different roles to `user:alice@
|
643
|
+
# example.com`, and not to any other principal, then you can add another 1,450
|
644
|
+
# principals to the `bindings` in the `Policy`.
|
645
|
+
# Corresponds to the JSON property `bindings`
|
646
|
+
# @return [Array<Google::Apis::SecretmanagerV1beta2::Binding>]
|
647
|
+
attr_accessor :bindings
|
648
|
+
|
649
|
+
# `etag` is used for optimistic concurrency control as a way to help prevent
|
650
|
+
# simultaneous updates of a policy from overwriting each other. It is strongly
|
651
|
+
# suggested that systems make use of the `etag` in the read-modify-write cycle
|
652
|
+
# to perform policy updates in order to avoid race conditions: An `etag` is
|
653
|
+
# returned in the response to `getIamPolicy`, and systems are expected to put
|
654
|
+
# that etag in the request to `setIamPolicy` to ensure that their change will be
|
655
|
+
# applied to the same version of the policy. **Important:** If you use IAM
|
656
|
+
# Conditions, you must include the `etag` field whenever you call `setIamPolicy`.
|
657
|
+
# If you omit this field, then IAM allows you to overwrite a version `3` policy
|
658
|
+
# with a version `1` policy, and all of the conditions in the version `3` policy
|
659
|
+
# are lost.
|
660
|
+
# Corresponds to the JSON property `etag`
|
661
|
+
# NOTE: Values are automatically base64 encoded/decoded in the client library.
|
662
|
+
# @return [String]
|
663
|
+
attr_accessor :etag
|
664
|
+
|
665
|
+
# Specifies the format of the policy. Valid values are `0`, `1`, and `3`.
|
666
|
+
# Requests that specify an invalid value are rejected. Any operation that
|
667
|
+
# affects conditional role bindings must specify version `3`. This requirement
|
668
|
+
# applies to the following operations: * Getting a policy that includes a
|
669
|
+
# conditional role binding * Adding a conditional role binding to a policy *
|
670
|
+
# Changing a conditional role binding in a policy * Removing any role binding,
|
671
|
+
# with or without a condition, from a policy that includes conditions **
|
672
|
+
# Important:** If you use IAM Conditions, you must include the `etag` field
|
673
|
+
# whenever you call `setIamPolicy`. If you omit this field, then IAM allows you
|
674
|
+
# to overwrite a version `3` policy with a version `1` policy, and all of the
|
675
|
+
# conditions in the version `3` policy are lost. If a policy does not include
|
676
|
+
# any conditions, operations on that policy may specify any valid version or
|
677
|
+
# leave the field unset. To learn which resources support conditions in their
|
678
|
+
# IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/
|
679
|
+
# conditions/resource-policies).
|
680
|
+
# Corresponds to the JSON property `version`
|
681
|
+
# @return [Fixnum]
|
682
|
+
attr_accessor :version
|
683
|
+
|
684
|
+
def initialize(**args)
|
685
|
+
update!(**args)
|
686
|
+
end
|
687
|
+
|
688
|
+
# Update properties of this object
|
689
|
+
def update!(**args)
|
690
|
+
@audit_configs = args[:audit_configs] if args.key?(:audit_configs)
|
691
|
+
@bindings = args[:bindings] if args.key?(:bindings)
|
692
|
+
@etag = args[:etag] if args.key?(:etag)
|
693
|
+
@version = args[:version] if args.key?(:version)
|
694
|
+
end
|
695
|
+
end
|
696
|
+
|
697
|
+
# Represents a Replica for this Secret.
|
698
|
+
class Replica
|
699
|
+
include Google::Apis::Core::Hashable
|
700
|
+
|
701
|
+
# Configuration for encrypting secret payloads using customer-managed encryption
|
702
|
+
# keys (CMEK).
|
703
|
+
# Corresponds to the JSON property `customerManagedEncryption`
|
704
|
+
# @return [Google::Apis::SecretmanagerV1beta2::CustomerManagedEncryption]
|
705
|
+
attr_accessor :customer_managed_encryption
|
706
|
+
|
707
|
+
# The canonical IDs of the location to replicate data. For example: `"us-east1"`.
|
708
|
+
# Corresponds to the JSON property `location`
|
709
|
+
# @return [String]
|
710
|
+
attr_accessor :location
|
711
|
+
|
712
|
+
def initialize(**args)
|
713
|
+
update!(**args)
|
714
|
+
end
|
715
|
+
|
716
|
+
# Update properties of this object
|
717
|
+
def update!(**args)
|
718
|
+
@customer_managed_encryption = args[:customer_managed_encryption] if args.key?(:customer_managed_encryption)
|
719
|
+
@location = args[:location] if args.key?(:location)
|
720
|
+
end
|
721
|
+
end
|
722
|
+
|
723
|
+
# Describes the status of a user-managed replica for the SecretVersion.
|
724
|
+
class ReplicaStatus
|
725
|
+
include Google::Apis::Core::Hashable
|
726
|
+
|
727
|
+
# Describes the status of customer-managed encryption.
|
728
|
+
# Corresponds to the JSON property `customerManagedEncryption`
|
729
|
+
# @return [Google::Apis::SecretmanagerV1beta2::CustomerManagedEncryptionStatus]
|
730
|
+
attr_accessor :customer_managed_encryption
|
731
|
+
|
732
|
+
# Output only. The canonical ID of the replica location. For example: `"us-east1"
|
733
|
+
# `.
|
734
|
+
# Corresponds to the JSON property `location`
|
735
|
+
# @return [String]
|
736
|
+
attr_accessor :location
|
737
|
+
|
738
|
+
def initialize(**args)
|
739
|
+
update!(**args)
|
740
|
+
end
|
741
|
+
|
742
|
+
# Update properties of this object
|
743
|
+
def update!(**args)
|
744
|
+
@customer_managed_encryption = args[:customer_managed_encryption] if args.key?(:customer_managed_encryption)
|
745
|
+
@location = args[:location] if args.key?(:location)
|
746
|
+
end
|
747
|
+
end
|
748
|
+
|
749
|
+
# A policy that defines the replication and encryption configuration of data.
|
750
|
+
class Replication
|
751
|
+
include Google::Apis::Core::Hashable
|
752
|
+
|
753
|
+
# A replication policy that replicates the Secret payload without any
|
754
|
+
# restrictions.
|
755
|
+
# Corresponds to the JSON property `automatic`
|
756
|
+
# @return [Google::Apis::SecretmanagerV1beta2::Automatic]
|
757
|
+
attr_accessor :automatic
|
758
|
+
|
759
|
+
# A replication policy that replicates the Secret payload into the locations
|
760
|
+
# specified in Secret.replication.user_managed.replicas
|
761
|
+
# Corresponds to the JSON property `userManaged`
|
762
|
+
# @return [Google::Apis::SecretmanagerV1beta2::UserManaged]
|
763
|
+
attr_accessor :user_managed
|
764
|
+
|
765
|
+
def initialize(**args)
|
766
|
+
update!(**args)
|
767
|
+
end
|
768
|
+
|
769
|
+
# Update properties of this object
|
770
|
+
def update!(**args)
|
771
|
+
@automatic = args[:automatic] if args.key?(:automatic)
|
772
|
+
@user_managed = args[:user_managed] if args.key?(:user_managed)
|
773
|
+
end
|
774
|
+
end
|
775
|
+
|
776
|
+
# The replication status of a SecretVersion.
|
777
|
+
class ReplicationStatus
|
778
|
+
include Google::Apis::Core::Hashable
|
779
|
+
|
780
|
+
# The replication status of a SecretVersion using automatic replication. Only
|
781
|
+
# populated if the parent Secret has an automatic replication policy.
|
782
|
+
# Corresponds to the JSON property `automatic`
|
783
|
+
# @return [Google::Apis::SecretmanagerV1beta2::AutomaticStatus]
|
784
|
+
attr_accessor :automatic
|
785
|
+
|
786
|
+
# The replication status of a SecretVersion using user-managed replication. Only
|
787
|
+
# populated if the parent Secret has a user-managed replication policy.
|
788
|
+
# Corresponds to the JSON property `userManaged`
|
789
|
+
# @return [Google::Apis::SecretmanagerV1beta2::UserManagedStatus]
|
790
|
+
attr_accessor :user_managed
|
791
|
+
|
792
|
+
def initialize(**args)
|
793
|
+
update!(**args)
|
794
|
+
end
|
795
|
+
|
796
|
+
# Update properties of this object
|
797
|
+
def update!(**args)
|
798
|
+
@automatic = args[:automatic] if args.key?(:automatic)
|
799
|
+
@user_managed = args[:user_managed] if args.key?(:user_managed)
|
800
|
+
end
|
801
|
+
end
|
802
|
+
|
803
|
+
# The rotation time and period for a Secret. At next_rotation_time, Secret
|
804
|
+
# Manager will send a Pub/Sub notification to the topics configured on the
|
805
|
+
# Secret. Secret.topics must be set to configure rotation.
|
806
|
+
class Rotation
|
807
|
+
include Google::Apis::Core::Hashable
|
808
|
+
|
809
|
+
# Optional. Timestamp in UTC at which the Secret is scheduled to rotate. Cannot
|
810
|
+
# be set to less than 300s (5 min) in the future and at most 3153600000s (100
|
811
|
+
# years). next_rotation_time MUST be set if rotation_period is set.
|
812
|
+
# Corresponds to the JSON property `nextRotationTime`
|
813
|
+
# @return [String]
|
814
|
+
attr_accessor :next_rotation_time
|
815
|
+
|
816
|
+
# Input only. The Duration between rotation notifications. Must be in seconds
|
817
|
+
# and at least 3600s (1h) and at most 3153600000s (100 years). If
|
818
|
+
# rotation_period is set, next_rotation_time must be set. next_rotation_time
|
819
|
+
# will be advanced by this period when the service automatically sends rotation
|
820
|
+
# notifications.
|
821
|
+
# Corresponds to the JSON property `rotationPeriod`
|
822
|
+
# @return [String]
|
823
|
+
attr_accessor :rotation_period
|
824
|
+
|
825
|
+
def initialize(**args)
|
826
|
+
update!(**args)
|
827
|
+
end
|
828
|
+
|
829
|
+
# Update properties of this object
|
830
|
+
def update!(**args)
|
831
|
+
@next_rotation_time = args[:next_rotation_time] if args.key?(:next_rotation_time)
|
832
|
+
@rotation_period = args[:rotation_period] if args.key?(:rotation_period)
|
833
|
+
end
|
834
|
+
end
|
835
|
+
|
836
|
+
# A Secret is a logical secret whose value and versions can be accessed. A
|
837
|
+
# Secret is made up of zero or more SecretVersions that represent the secret
|
838
|
+
# data.
|
839
|
+
class Secret
|
840
|
+
include Google::Apis::Core::Hashable
|
841
|
+
|
842
|
+
# Optional. Custom metadata about the secret. Annotations are distinct from
|
843
|
+
# various forms of labels. Annotations exist to allow client tools to store
|
844
|
+
# their own state information without requiring a database. Annotation keys must
|
845
|
+
# be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128
|
846
|
+
# bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and may
|
847
|
+
# have dashes (-), underscores (_), dots (.), and alphanumerics in between these
|
848
|
+
# symbols. The total size of annotation keys and values must be less than 16KiB.
|
849
|
+
# Corresponds to the JSON property `annotations`
|
850
|
+
# @return [Hash<String,String>]
|
851
|
+
attr_accessor :annotations
|
852
|
+
|
853
|
+
# Output only. The time at which the Secret was created.
|
854
|
+
# Corresponds to the JSON property `createTime`
|
855
|
+
# @return [String]
|
856
|
+
attr_accessor :create_time
|
857
|
+
|
858
|
+
# Configuration for encrypting secret payloads using customer-managed encryption
|
859
|
+
# keys (CMEK).
|
860
|
+
# Corresponds to the JSON property `customerManagedEncryption`
|
861
|
+
# @return [Google::Apis::SecretmanagerV1beta2::CustomerManagedEncryption]
|
862
|
+
attr_accessor :customer_managed_encryption
|
863
|
+
|
864
|
+
# Optional. Etag of the currently stored Secret.
|
865
|
+
# Corresponds to the JSON property `etag`
|
866
|
+
# @return [String]
|
867
|
+
attr_accessor :etag
|
868
|
+
|
869
|
+
# Optional. Timestamp in UTC when the Secret is scheduled to expire. This is
|
870
|
+
# always provided on output, regardless of what was sent on input.
|
871
|
+
# Corresponds to the JSON property `expireTime`
|
872
|
+
# @return [String]
|
873
|
+
attr_accessor :expire_time
|
874
|
+
|
875
|
+
# The labels assigned to this Secret. Label keys must be between 1 and 63
|
876
|
+
# characters long, have a UTF-8 encoding of maximum 128 bytes, and must conform
|
877
|
+
# to the following PCRE regular expression: `\p`Ll`\p`Lo``0,62`` Label values
|
878
|
+
# must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128
|
879
|
+
# bytes, and must conform to the following PCRE regular expression: `[\p`Ll`\p`
|
880
|
+
# Lo`\p`N`_-]`0,63`` No more than 64 labels can be assigned to a given resource.
|
881
|
+
# Corresponds to the JSON property `labels`
|
882
|
+
# @return [Hash<String,String>]
|
883
|
+
attr_accessor :labels
|
884
|
+
|
885
|
+
# Output only. The resource name of the Secret in the format `projects/*/secrets/
|
886
|
+
# *`.
|
887
|
+
# Corresponds to the JSON property `name`
|
888
|
+
# @return [String]
|
889
|
+
attr_accessor :name
|
890
|
+
|
891
|
+
# A policy that defines the replication and encryption configuration of data.
|
892
|
+
# Corresponds to the JSON property `replication`
|
893
|
+
# @return [Google::Apis::SecretmanagerV1beta2::Replication]
|
894
|
+
attr_accessor :replication
|
895
|
+
|
896
|
+
# The rotation time and period for a Secret. At next_rotation_time, Secret
|
897
|
+
# Manager will send a Pub/Sub notification to the topics configured on the
|
898
|
+
# Secret. Secret.topics must be set to configure rotation.
|
899
|
+
# Corresponds to the JSON property `rotation`
|
900
|
+
# @return [Google::Apis::SecretmanagerV1beta2::Rotation]
|
901
|
+
attr_accessor :rotation
|
902
|
+
|
903
|
+
# Optional. A list of up to 10 Pub/Sub topics to which messages are published
|
904
|
+
# when control plane operations are called on the secret or its versions.
|
905
|
+
# Corresponds to the JSON property `topics`
|
906
|
+
# @return [Array<Google::Apis::SecretmanagerV1beta2::Topic>]
|
907
|
+
attr_accessor :topics
|
908
|
+
|
909
|
+
# Input only. The TTL for the Secret.
|
910
|
+
# Corresponds to the JSON property `ttl`
|
911
|
+
# @return [String]
|
912
|
+
attr_accessor :ttl
|
913
|
+
|
914
|
+
# Optional. Mapping from version alias to version name. A version alias is a
|
915
|
+
# string with a maximum length of 63 characters and can contain uppercase and
|
916
|
+
# lowercase letters, numerals, and the hyphen (`-`) and underscore ('_')
|
917
|
+
# characters. An alias string must start with a letter and cannot be the string '
|
918
|
+
# latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.
|
919
|
+
# Version-Alias pairs will be viewable via GetSecret and modifiable via
|
920
|
+
# UpdateSecret. Access by alias is only supported for GetSecretVersion and
|
921
|
+
# AccessSecretVersion.
|
922
|
+
# Corresponds to the JSON property `versionAliases`
|
923
|
+
# @return [Hash<String,Fixnum>]
|
924
|
+
attr_accessor :version_aliases
|
925
|
+
|
926
|
+
# Optional. Secret Version TTL after destruction request This is a part of the
|
927
|
+
# Delayed secret version destroy feature. For secret with TTL>0, version
|
928
|
+
# destruction doesn't happen immediately on calling destroy instead the version
|
929
|
+
# goes to a disabled state and destruction happens after the TTL expires.
|
930
|
+
# Corresponds to the JSON property `versionDestroyTtl`
|
931
|
+
# @return [String]
|
932
|
+
attr_accessor :version_destroy_ttl
|
933
|
+
|
934
|
+
def initialize(**args)
|
935
|
+
update!(**args)
|
936
|
+
end
|
937
|
+
|
938
|
+
# Update properties of this object
|
939
|
+
def update!(**args)
|
940
|
+
@annotations = args[:annotations] if args.key?(:annotations)
|
941
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
942
|
+
@customer_managed_encryption = args[:customer_managed_encryption] if args.key?(:customer_managed_encryption)
|
943
|
+
@etag = args[:etag] if args.key?(:etag)
|
944
|
+
@expire_time = args[:expire_time] if args.key?(:expire_time)
|
945
|
+
@labels = args[:labels] if args.key?(:labels)
|
946
|
+
@name = args[:name] if args.key?(:name)
|
947
|
+
@replication = args[:replication] if args.key?(:replication)
|
948
|
+
@rotation = args[:rotation] if args.key?(:rotation)
|
949
|
+
@topics = args[:topics] if args.key?(:topics)
|
950
|
+
@ttl = args[:ttl] if args.key?(:ttl)
|
951
|
+
@version_aliases = args[:version_aliases] if args.key?(:version_aliases)
|
952
|
+
@version_destroy_ttl = args[:version_destroy_ttl] if args.key?(:version_destroy_ttl)
|
953
|
+
end
|
954
|
+
end
|
955
|
+
|
956
|
+
# A secret payload resource in the Secret Manager API. This contains the
|
957
|
+
# sensitive secret payload that is associated with a SecretVersion.
|
958
|
+
class SecretPayload
|
959
|
+
include Google::Apis::Core::Hashable
|
960
|
+
|
961
|
+
# The secret data. Must be no larger than 64KiB.
|
962
|
+
# Corresponds to the JSON property `data`
|
963
|
+
# NOTE: Values are automatically base64 encoded/decoded in the client library.
|
964
|
+
# @return [String]
|
965
|
+
attr_accessor :data
|
966
|
+
|
967
|
+
# Optional. If specified, SecretManagerService will verify the integrity of the
|
968
|
+
# received data on SecretManagerService.AddSecretVersion calls using the crc32c
|
969
|
+
# checksum and store it to include in future SecretManagerService.
|
970
|
+
# AccessSecretVersion responses. If a checksum is not provided in the
|
971
|
+
# SecretManagerService.AddSecretVersion request, the SecretManagerService will
|
972
|
+
# generate and store one for you. The CRC32C value is encoded as a Int64 for
|
973
|
+
# compatibility, and can be safely downconverted to uint32 in languages that
|
974
|
+
# support this type. https://cloud.google.com/apis/design/design_patterns#
|
975
|
+
# integer_types
|
976
|
+
# Corresponds to the JSON property `dataCrc32c`
|
977
|
+
# @return [Fixnum]
|
978
|
+
attr_accessor :data_crc32c
|
979
|
+
|
980
|
+
def initialize(**args)
|
981
|
+
update!(**args)
|
982
|
+
end
|
983
|
+
|
984
|
+
# Update properties of this object
|
985
|
+
def update!(**args)
|
986
|
+
@data = args[:data] if args.key?(:data)
|
987
|
+
@data_crc32c = args[:data_crc32c] if args.key?(:data_crc32c)
|
988
|
+
end
|
989
|
+
end
|
990
|
+
|
991
|
+
# A secret version resource in the Secret Manager API.
|
992
|
+
class SecretVersion
|
993
|
+
include Google::Apis::Core::Hashable
|
994
|
+
|
995
|
+
# Output only. True if payload checksum specified in SecretPayload object has
|
996
|
+
# been received by SecretManagerService on SecretManagerService.AddSecretVersion.
|
997
|
+
# Corresponds to the JSON property `clientSpecifiedPayloadChecksum`
|
998
|
+
# @return [Boolean]
|
999
|
+
attr_accessor :client_specified_payload_checksum
|
1000
|
+
alias_method :client_specified_payload_checksum?, :client_specified_payload_checksum
|
1001
|
+
|
1002
|
+
# Output only. The time at which the SecretVersion was created.
|
1003
|
+
# Corresponds to the JSON property `createTime`
|
1004
|
+
# @return [String]
|
1005
|
+
attr_accessor :create_time
|
1006
|
+
|
1007
|
+
# Describes the status of customer-managed encryption.
|
1008
|
+
# Corresponds to the JSON property `customerManagedEncryption`
|
1009
|
+
# @return [Google::Apis::SecretmanagerV1beta2::CustomerManagedEncryptionStatus]
|
1010
|
+
attr_accessor :customer_managed_encryption
|
1011
|
+
|
1012
|
+
# Output only. The time this SecretVersion was destroyed. Only present if state
|
1013
|
+
# is DESTROYED.
|
1014
|
+
# Corresponds to the JSON property `destroyTime`
|
1015
|
+
# @return [String]
|
1016
|
+
attr_accessor :destroy_time
|
1017
|
+
|
1018
|
+
# Output only. Etag of the currently stored SecretVersion.
|
1019
|
+
# Corresponds to the JSON property `etag`
|
1020
|
+
# @return [String]
|
1021
|
+
attr_accessor :etag
|
1022
|
+
|
1023
|
+
# Output only. The resource name of the SecretVersion in the format `projects/*/
|
1024
|
+
# secrets/*/versions/*`. SecretVersion IDs in a Secret start at 1 and are
|
1025
|
+
# incremented for each subsequent version of the secret.
|
1026
|
+
# Corresponds to the JSON property `name`
|
1027
|
+
# @return [String]
|
1028
|
+
attr_accessor :name
|
1029
|
+
|
1030
|
+
# The replication status of a SecretVersion.
|
1031
|
+
# Corresponds to the JSON property `replicationStatus`
|
1032
|
+
# @return [Google::Apis::SecretmanagerV1beta2::ReplicationStatus]
|
1033
|
+
attr_accessor :replication_status
|
1034
|
+
|
1035
|
+
# Optional. Output only. Scheduled destroy time for secret version. This is a
|
1036
|
+
# part of the Delayed secret version destroy feature. For a Secret with a valid
|
1037
|
+
# version destroy TTL, when a secert version is destroyed, version is moved to
|
1038
|
+
# disabled state and it is scheduled for destruction Version is destroyed only
|
1039
|
+
# after the scheduled_destroy_time.
|
1040
|
+
# Corresponds to the JSON property `scheduledDestroyTime`
|
1041
|
+
# @return [String]
|
1042
|
+
attr_accessor :scheduled_destroy_time
|
1043
|
+
|
1044
|
+
# Output only. The current state of the SecretVersion.
|
1045
|
+
# Corresponds to the JSON property `state`
|
1046
|
+
# @return [String]
|
1047
|
+
attr_accessor :state
|
1048
|
+
|
1049
|
+
def initialize(**args)
|
1050
|
+
update!(**args)
|
1051
|
+
end
|
1052
|
+
|
1053
|
+
# Update properties of this object
|
1054
|
+
def update!(**args)
|
1055
|
+
@client_specified_payload_checksum = args[:client_specified_payload_checksum] if args.key?(:client_specified_payload_checksum)
|
1056
|
+
@create_time = args[:create_time] if args.key?(:create_time)
|
1057
|
+
@customer_managed_encryption = args[:customer_managed_encryption] if args.key?(:customer_managed_encryption)
|
1058
|
+
@destroy_time = args[:destroy_time] if args.key?(:destroy_time)
|
1059
|
+
@etag = args[:etag] if args.key?(:etag)
|
1060
|
+
@name = args[:name] if args.key?(:name)
|
1061
|
+
@replication_status = args[:replication_status] if args.key?(:replication_status)
|
1062
|
+
@scheduled_destroy_time = args[:scheduled_destroy_time] if args.key?(:scheduled_destroy_time)
|
1063
|
+
@state = args[:state] if args.key?(:state)
|
1064
|
+
end
|
1065
|
+
end
|
1066
|
+
|
1067
|
+
# Request message for `SetIamPolicy` method.
|
1068
|
+
class SetIamPolicyRequest
|
1069
|
+
include Google::Apis::Core::Hashable
|
1070
|
+
|
1071
|
+
# An Identity and Access Management (IAM) policy, which specifies access
|
1072
|
+
# controls for Google Cloud resources. A `Policy` is a collection of `bindings`.
|
1073
|
+
# A `binding` binds one or more `members`, or principals, to a single `role`.
|
1074
|
+
# Principals can be user accounts, service accounts, Google groups, and domains (
|
1075
|
+
# such as G Suite). A `role` is a named list of permissions; each `role` can be
|
1076
|
+
# an IAM predefined role or a user-created custom role. For some types of Google
|
1077
|
+
# Cloud resources, a `binding` can also specify a `condition`, which is a
|
1078
|
+
# logical expression that allows access to a resource only if the expression
|
1079
|
+
# evaluates to `true`. A condition can add constraints based on attributes of
|
1080
|
+
# the request, the resource, or both. To learn which resources support
|
1081
|
+
# conditions in their IAM policies, see the [IAM documentation](https://cloud.
|
1082
|
+
# google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` "
|
1083
|
+
# bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [
|
1084
|
+
# "user:mike@example.com", "group:admins@example.com", "domain:google.com", "
|
1085
|
+
# serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": "
|
1086
|
+
# roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com"
|
1087
|
+
# ], "condition": ` "title": "expirable access", "description": "Does not grant
|
1088
|
+
# access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:
|
1089
|
+
# 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML
|
1090
|
+
# example:** ``` bindings: - members: - user:mike@example.com - group:admins@
|
1091
|
+
# example.com - domain:google.com - serviceAccount:my-project-id@appspot.
|
1092
|
+
# gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: -
|
1093
|
+
# user:eve@example.com role: roles/resourcemanager.organizationViewer condition:
|
1094
|
+
# title: expirable access description: Does not grant access after Sep 2020
|
1095
|
+
# expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag:
|
1096
|
+
# BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the
|
1097
|
+
# [IAM documentation](https://cloud.google.com/iam/docs/).
|
1098
|
+
# Corresponds to the JSON property `policy`
|
1099
|
+
# @return [Google::Apis::SecretmanagerV1beta2::Policy]
|
1100
|
+
attr_accessor :policy
|
1101
|
+
|
1102
|
+
# OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
|
1103
|
+
# the fields in the mask will be modified. If no mask is provided, the following
|
1104
|
+
# default mask is used: `paths: "bindings, etag"`
|
1105
|
+
# Corresponds to the JSON property `updateMask`
|
1106
|
+
# @return [String]
|
1107
|
+
attr_accessor :update_mask
|
1108
|
+
|
1109
|
+
def initialize(**args)
|
1110
|
+
update!(**args)
|
1111
|
+
end
|
1112
|
+
|
1113
|
+
# Update properties of this object
|
1114
|
+
def update!(**args)
|
1115
|
+
@policy = args[:policy] if args.key?(:policy)
|
1116
|
+
@update_mask = args[:update_mask] if args.key?(:update_mask)
|
1117
|
+
end
|
1118
|
+
end
|
1119
|
+
|
1120
|
+
# Request message for `TestIamPermissions` method.
|
1121
|
+
class TestIamPermissionsRequest
|
1122
|
+
include Google::Apis::Core::Hashable
|
1123
|
+
|
1124
|
+
# The set of permissions to check for the `resource`. Permissions with wildcards
|
1125
|
+
# (such as `*` or `storage.*`) are not allowed. For more information see [IAM
|
1126
|
+
# Overview](https://cloud.google.com/iam/docs/overview#permissions).
|
1127
|
+
# Corresponds to the JSON property `permissions`
|
1128
|
+
# @return [Array<String>]
|
1129
|
+
attr_accessor :permissions
|
1130
|
+
|
1131
|
+
def initialize(**args)
|
1132
|
+
update!(**args)
|
1133
|
+
end
|
1134
|
+
|
1135
|
+
# Update properties of this object
|
1136
|
+
def update!(**args)
|
1137
|
+
@permissions = args[:permissions] if args.key?(:permissions)
|
1138
|
+
end
|
1139
|
+
end
|
1140
|
+
|
1141
|
+
# Response message for `TestIamPermissions` method.
|
1142
|
+
class TestIamPermissionsResponse
|
1143
|
+
include Google::Apis::Core::Hashable
|
1144
|
+
|
1145
|
+
# A subset of `TestPermissionsRequest.permissions` that the caller is allowed.
|
1146
|
+
# Corresponds to the JSON property `permissions`
|
1147
|
+
# @return [Array<String>]
|
1148
|
+
attr_accessor :permissions
|
1149
|
+
|
1150
|
+
def initialize(**args)
|
1151
|
+
update!(**args)
|
1152
|
+
end
|
1153
|
+
|
1154
|
+
# Update properties of this object
|
1155
|
+
def update!(**args)
|
1156
|
+
@permissions = args[:permissions] if args.key?(:permissions)
|
1157
|
+
end
|
1158
|
+
end
|
1159
|
+
|
1160
|
+
# A Pub/Sub topic which Secret Manager will publish to when control plane events
|
1161
|
+
# occur on this secret.
|
1162
|
+
class Topic
|
1163
|
+
include Google::Apis::Core::Hashable
|
1164
|
+
|
1165
|
+
# Required. The resource name of the Pub/Sub topic that will be published to, in
|
1166
|
+
# the following format: `projects/*/topics/*`. For publication to succeed, the
|
1167
|
+
# Secret Manager service agent must have the `pubsub.topic.publish` permission
|
1168
|
+
# on the topic. The Pub/Sub Publisher role (`roles/pubsub.publisher`) includes
|
1169
|
+
# this permission.
|
1170
|
+
# Corresponds to the JSON property `name`
|
1171
|
+
# @return [String]
|
1172
|
+
attr_accessor :name
|
1173
|
+
|
1174
|
+
def initialize(**args)
|
1175
|
+
update!(**args)
|
1176
|
+
end
|
1177
|
+
|
1178
|
+
# Update properties of this object
|
1179
|
+
def update!(**args)
|
1180
|
+
@name = args[:name] if args.key?(:name)
|
1181
|
+
end
|
1182
|
+
end
|
1183
|
+
|
1184
|
+
# A replication policy that replicates the Secret payload into the locations
|
1185
|
+
# specified in Secret.replication.user_managed.replicas
|
1186
|
+
class UserManaged
|
1187
|
+
include Google::Apis::Core::Hashable
|
1188
|
+
|
1189
|
+
# Required. The list of Replicas for this Secret. Cannot be empty.
|
1190
|
+
# Corresponds to the JSON property `replicas`
|
1191
|
+
# @return [Array<Google::Apis::SecretmanagerV1beta2::Replica>]
|
1192
|
+
attr_accessor :replicas
|
1193
|
+
|
1194
|
+
def initialize(**args)
|
1195
|
+
update!(**args)
|
1196
|
+
end
|
1197
|
+
|
1198
|
+
# Update properties of this object
|
1199
|
+
def update!(**args)
|
1200
|
+
@replicas = args[:replicas] if args.key?(:replicas)
|
1201
|
+
end
|
1202
|
+
end
|
1203
|
+
|
1204
|
+
# The replication status of a SecretVersion using user-managed replication. Only
|
1205
|
+
# populated if the parent Secret has a user-managed replication policy.
|
1206
|
+
class UserManagedStatus
|
1207
|
+
include Google::Apis::Core::Hashable
|
1208
|
+
|
1209
|
+
# Output only. The list of replica statuses for the SecretVersion.
|
1210
|
+
# Corresponds to the JSON property `replicas`
|
1211
|
+
# @return [Array<Google::Apis::SecretmanagerV1beta2::ReplicaStatus>]
|
1212
|
+
attr_accessor :replicas
|
1213
|
+
|
1214
|
+
def initialize(**args)
|
1215
|
+
update!(**args)
|
1216
|
+
end
|
1217
|
+
|
1218
|
+
# Update properties of this object
|
1219
|
+
def update!(**args)
|
1220
|
+
@replicas = args[:replicas] if args.key?(:replicas)
|
1221
|
+
end
|
1222
|
+
end
|
1223
|
+
end
|
1224
|
+
end
|
1225
|
+
end
|