google-cloud-asset-v1 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. checksums.yaml +7 -0
  2. data/.yardopts +12 -0
  3. data/AUTHENTICATION.md +169 -0
  4. data/LICENSE.md +203 -0
  5. data/README.md +24 -0
  6. data/lib/google-cloud-asset-v1.rb +1 -0
  7. data/lib/google/cloud/asset/v1.rb +19 -0
  8. data/lib/google/cloud/asset/v1/asset_service.rb +21 -0
  9. data/lib/google/cloud/asset/v1/asset_service/client.rb +878 -0
  10. data/lib/google/cloud/asset/v1/asset_service/credentials.rb +51 -0
  11. data/lib/google/cloud/asset/v1/asset_service/helpers.rb +43 -0
  12. data/lib/google/cloud/asset/v1/asset_service/operations.rb +558 -0
  13. data/lib/google/cloud/asset/v1/asset_service/paths.rb +85 -0
  14. data/lib/google/cloud/asset/v1/asset_service_pb.rb +124 -0
  15. data/lib/google/cloud/asset/v1/asset_service_services_pb.rb +68 -0
  16. data/lib/google/cloud/asset/v1/assets_pb.rb +52 -0
  17. data/lib/google/cloud/asset/v1/version.rb +28 -0
  18. data/lib/google/cloud/common_resources_pb.rb +15 -0
  19. data/lib/google/cloud/orgpolicy/v1/orgpolicy_pb.rb +54 -0
  20. data/proto_docs/README.md +4 -0
  21. data/proto_docs/google/api/field_behavior.rb +59 -0
  22. data/proto_docs/google/api/resource.rb +247 -0
  23. data/proto_docs/google/cloud/asset/v1/asset_service.rb +347 -0
  24. data/proto_docs/google/cloud/asset/v1/assets.rb +132 -0
  25. data/proto_docs/google/cloud/orgpolicy/v1/orgpolicy.rb +307 -0
  26. data/proto_docs/google/iam/v1/policy.rb +156 -0
  27. data/proto_docs/google/longrunning/operations.rb +150 -0
  28. data/proto_docs/google/protobuf/any.rb +137 -0
  29. data/proto_docs/google/protobuf/empty.rb +36 -0
  30. data/proto_docs/google/protobuf/field_mask.rb +237 -0
  31. data/proto_docs/google/protobuf/struct.rb +96 -0
  32. data/proto_docs/google/protobuf/timestamp.rb +116 -0
  33. data/proto_docs/google/rpc/status.rb +46 -0
  34. metadata +201 -0
@@ -0,0 +1,132 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module Asset
23
+ module V1
24
+ # Temporal asset. In addition to the asset, the temporal asset includes the
25
+ # status of the asset and valid from and to time of it.
26
+ # @!attribute [rw] window
27
+ # @return [Google::Cloud::Asset::V1::TimeWindow]
28
+ # The time window when the asset data and state was observed.
29
+ # @!attribute [rw] deleted
30
+ # @return [Boolean]
31
+ # If the asset is deleted or not.
32
+ # @!attribute [rw] asset
33
+ # @return [Google::Cloud::Asset::V1::Asset]
34
+ # Asset.
35
+ class TemporalAsset
36
+ include Google::Protobuf::MessageExts
37
+ extend Google::Protobuf::MessageExts::ClassMethods
38
+ end
39
+
40
+ # A time window of (start_time, end_time].
41
+ # @!attribute [rw] start_time
42
+ # @return [Google::Protobuf::Timestamp]
43
+ # Start time of the time window (exclusive).
44
+ # @!attribute [rw] end_time
45
+ # @return [Google::Protobuf::Timestamp]
46
+ # End time of the time window (inclusive).
47
+ # Current timestamp if not specified.
48
+ class TimeWindow
49
+ include Google::Protobuf::MessageExts
50
+ extend Google::Protobuf::MessageExts::ClassMethods
51
+ end
52
+
53
+ # Cloud asset. This includes all Google Cloud Platform resources,
54
+ # Cloud IAM policies, and other non-GCP assets.
55
+ # @!attribute [rw] name
56
+ # @return [String]
57
+ # The full name of the asset. For example:
58
+ # `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
59
+ # See [Resource
60
+ # Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
61
+ # for more information.
62
+ # @!attribute [rw] asset_type
63
+ # @return [String]
64
+ # Type of the asset. Example: "compute.googleapis.com/Disk".
65
+ # @!attribute [rw] resource
66
+ # @return [Google::Cloud::Asset::V1::Resource]
67
+ # Representation of the resource.
68
+ # @!attribute [rw] iam_policy
69
+ # @return [Google::Iam::V1::Policy]
70
+ # Representation of the actual Cloud IAM policy set on a cloud resource. For
71
+ # each resource, there must be at most one Cloud IAM policy set on it.
72
+ # @!attribute [rw] ancestors
73
+ # @return [Array<String>]
74
+ # Asset's ancestry path in Cloud Resource Manager (CRM) hierarchy,
75
+ # represented as a list of relative resource names. Ancestry path starts with
76
+ # the closest CRM ancestor and ends at root. If the asset is a CRM
77
+ # project/folder/organization, this starts from the asset itself.
78
+ #
79
+ # Example: ["projects/123456789", "folders/5432", "organizations/1234"]
80
+ class Asset
81
+ include Google::Protobuf::MessageExts
82
+ extend Google::Protobuf::MessageExts::ClassMethods
83
+ end
84
+
85
+ # Representation of a cloud resource.
86
+ # @!attribute [rw] version
87
+ # @return [String]
88
+ # The API version. Example: "v1".
89
+ # @!attribute [rw] discovery_document_uri
90
+ # @return [String]
91
+ # The URL of the discovery document containing the resource's JSON schema.
92
+ # For example:
93
+ # `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`.
94
+ # It will be left unspecified for resources without a discovery-based API,
95
+ # such as Cloud Bigtable.
96
+ # @!attribute [rw] discovery_name
97
+ # @return [String]
98
+ # The JSON schema name listed in the discovery document.
99
+ # Example: "Project". It will be left unspecified for resources (such as
100
+ # Cloud Bigtable) without a discovery-based API.
101
+ # @!attribute [rw] resource_url
102
+ # @return [String]
103
+ # The REST URL for accessing the resource. An HTTP GET operation using this
104
+ # URL returns the resource itself.
105
+ # Example:
106
+ # `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`.
107
+ # It will be left unspecified for resources without a REST API.
108
+ # @!attribute [rw] parent
109
+ # @return [String]
110
+ # The full name of the immediate parent of this resource. See
111
+ # [Resource
112
+ # Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
113
+ # for more information.
114
+ #
115
+ # For GCP assets, it is the parent resource defined in the [Cloud IAM policy
116
+ # hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
117
+ # For example:
118
+ # `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`.
119
+ #
120
+ # For third-party assets, it is up to the users to define.
121
+ # @!attribute [rw] data
122
+ # @return [Google::Protobuf::Struct]
123
+ # The content of the resource, in which some sensitive fields are scrubbed
124
+ # away and may not be present.
125
+ class Resource
126
+ include Google::Protobuf::MessageExts
127
+ extend Google::Protobuf::MessageExts::ClassMethods
128
+ end
129
+ end
130
+ end
131
+ end
132
+ end
@@ -0,0 +1,307 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module OrgPolicy
23
+ module V1
24
+ # Defines a Cloud Organization `Policy` which is used to specify `Constraints`
25
+ # for configurations of Cloud Platform resources.
26
+ # @!attribute [rw] version
27
+ # @return [Integer]
28
+ # Version of the `Policy`. Default version is 0;
29
+ # @!attribute [rw] constraint
30
+ # @return [String]
31
+ # The name of the `Constraint` the `Policy` is configuring, for example,
32
+ # `constraints/serviceuser.services`.
33
+ #
34
+ # Immutable after creation.
35
+ # @!attribute [rw] etag
36
+ # @return [String]
37
+ # An opaque tag indicating the current version of the `Policy`, used for
38
+ # concurrency control.
39
+ #
40
+ # When the `Policy` is returned from either a `GetPolicy` or a
41
+ # `ListOrgPolicy` request, this `etag` indicates the version of the current
42
+ # `Policy` to use when executing a read-modify-write loop.
43
+ #
44
+ # When the `Policy` is returned from a `GetEffectivePolicy` request, the
45
+ # `etag` will be unset.
46
+ #
47
+ # When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value
48
+ # that was returned from a `GetOrgPolicy` request as part of a
49
+ # read-modify-write loop for concurrency control. Not setting the `etag`in a
50
+ # `SetOrgPolicy` request will result in an unconditional write of the
51
+ # `Policy`.
52
+ # @!attribute [rw] update_time
53
+ # @return [Google::Protobuf::Timestamp]
54
+ # The time stamp the `Policy` was previously updated. This is set by the
55
+ # server, not specified by the caller, and represents the last time a call to
56
+ # `SetOrgPolicy` was made for that `Policy`. Any value set by the client will
57
+ # be ignored.
58
+ # @!attribute [rw] list_policy
59
+ # @return [Google::Cloud::OrgPolicy::V1::Policy::ListPolicy]
60
+ # List of values either allowed or disallowed.
61
+ # @!attribute [rw] boolean_policy
62
+ # @return [Google::Cloud::OrgPolicy::V1::Policy::BooleanPolicy]
63
+ # For boolean `Constraints`, whether to enforce the `Constraint` or not.
64
+ # @!attribute [rw] restore_default
65
+ # @return [Google::Cloud::OrgPolicy::V1::Policy::RestoreDefault]
66
+ # Restores the default behavior of the constraint; independent of
67
+ # `Constraint` type.
68
+ class Policy
69
+ include Google::Protobuf::MessageExts
70
+ extend Google::Protobuf::MessageExts::ClassMethods
71
+
72
+ # Used in `policy_type` to specify how `list_policy` behaves at this
73
+ # resource.
74
+ #
75
+ # `ListPolicy` can define specific values and subtrees of Cloud Resource
76
+ # Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that
77
+ # are allowed or denied by setting the `allowed_values` and `denied_values`
78
+ # fields. This is achieved by using the `under:` and optional `is:` prefixes.
79
+ # The `under:` prefix is used to denote resource subtree values.
80
+ # The `is:` prefix is used to denote specific values, and is required only
81
+ # if the value contains a ":". Values prefixed with "is:" are treated the
82
+ # same as values with no prefix.
83
+ # Ancestry subtrees must be in one of the following formats:
84
+ # - "projects/<project-id>", e.g. "projects/tokyo-rain-123"
85
+ # - "folders/<folder-id>", e.g. "folders/1234"
86
+ # - "organizations/<organization-id>", e.g. "organizations/1234"
87
+ # The `supports_under` field of the associated `Constraint` defines whether
88
+ # ancestry prefixes can be used. You can set `allowed_values` and
89
+ # `denied_values` in the same `Policy` if `all_values` is
90
+ # `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all
91
+ # values. If `all_values` is set to either `ALLOW` or `DENY`,
92
+ # `allowed_values` and `denied_values` must be unset.
93
+ # @!attribute [rw] allowed_values
94
+ # @return [Array<String>]
95
+ # List of values allowed at this resource. Can only be set if `all_values`
96
+ # is set to `ALL_VALUES_UNSPECIFIED`.
97
+ # @!attribute [rw] denied_values
98
+ # @return [Array<String>]
99
+ # List of values denied at this resource. Can only be set if `all_values`
100
+ # is set to `ALL_VALUES_UNSPECIFIED`.
101
+ # @!attribute [rw] all_values
102
+ # @return [Google::Cloud::OrgPolicy::V1::Policy::ListPolicy::AllValues]
103
+ # The policy all_values state.
104
+ # @!attribute [rw] suggested_value
105
+ # @return [String]
106
+ # Optional. The Google Cloud Console will try to default to a configuration
107
+ # that matches the value specified in this `Policy`. If `suggested_value`
108
+ # is not set, it will inherit the value specified higher in the hierarchy,
109
+ # unless `inherit_from_parent` is `false`.
110
+ # @!attribute [rw] inherit_from_parent
111
+ # @return [Boolean]
112
+ # Determines the inheritance behavior for this `Policy`.
113
+ #
114
+ # By default, a `ListPolicy` set at a resource supercedes any `Policy` set
115
+ # anywhere up the resource hierarchy. However, if `inherit_from_parent` is
116
+ # set to `true`, then the values from the effective `Policy` of the parent
117
+ # resource are inherited, meaning the values set in this `Policy` are
118
+ # added to the values inherited up the hierarchy.
119
+ #
120
+ # Setting `Policy` hierarchies that inherit both allowed values and denied
121
+ # values isn't recommended in most circumstances to keep the configuration
122
+ # simple and understandable. However, it is possible to set a `Policy` with
123
+ # `allowed_values` set that inherits a `Policy` with `denied_values` set.
124
+ # In this case, the values that are allowed must be in `allowed_values` and
125
+ # not present in `denied_values`.
126
+ #
127
+ # For example, suppose you have a `Constraint`
128
+ # `constraints/serviceuser.services`, which has a `constraint_type` of
129
+ # `list_constraint`, and with `constraint_default` set to `ALLOW`.
130
+ # Suppose that at the Organization level, a `Policy` is applied that
131
+ # restricts the allowed API activations to \\{`E1`, `E2`}. Then, if a
132
+ # `Policy` is applied to a project below the Organization that has
133
+ # `inherit_from_parent` set to `false` and field all_values set to DENY,
134
+ # then an attempt to activate any API will be denied.
135
+ #
136
+ # The following examples demonstrate different possible layerings for
137
+ # `projects/bar` parented by `organizations/foo`:
138
+ #
139
+ # Example 1 (no inherited values):
140
+ # `organizations/foo` has a `Policy` with values:
141
+ # \\{allowed_values: "E1" allowed_values:"E2"}
142
+ # `projects/bar` has `inherit_from_parent` `false` and values:
143
+ # \\{allowed_values: "E3" allowed_values: "E4"}
144
+ # The accepted values at `organizations/foo` are `E1`, `E2`.
145
+ # The accepted values at `projects/bar` are `E3`, and `E4`.
146
+ #
147
+ # Example 2 (inherited values):
148
+ # `organizations/foo` has a `Policy` with values:
149
+ # \\{allowed_values: "E1" allowed_values:"E2"}
150
+ # `projects/bar` has a `Policy` with values:
151
+ # \\{value: "E3" value: "E4" inherit_from_parent: true}
152
+ # The accepted values at `organizations/foo` are `E1`, `E2`.
153
+ # The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.
154
+ #
155
+ # Example 3 (inheriting both allowed and denied values):
156
+ # `organizations/foo` has a `Policy` with values:
157
+ # \\{allowed_values: "E1" allowed_values: "E2"}
158
+ # `projects/bar` has a `Policy` with:
159
+ # \\{denied_values: "E1"}
160
+ # The accepted values at `organizations/foo` are `E1`, `E2`.
161
+ # The value accepted at `projects/bar` is `E2`.
162
+ #
163
+ # Example 4 (RestoreDefault):
164
+ # `organizations/foo` has a `Policy` with values:
165
+ # \\{allowed_values: "E1" allowed_values:"E2"}
166
+ # `projects/bar` has a `Policy` with values:
167
+ # \\{RestoreDefault: \\{}}
168
+ # The accepted values at `organizations/foo` are `E1`, `E2`.
169
+ # The accepted values at `projects/bar` are either all or none depending on
170
+ # the value of `constraint_default` (if `ALLOW`, all; if
171
+ # `DENY`, none).
172
+ #
173
+ # Example 5 (no policy inherits parent policy):
174
+ # `organizations/foo` has no `Policy` set.
175
+ # `projects/bar` has no `Policy` set.
176
+ # The accepted values at both levels are either all or none depending on
177
+ # the value of `constraint_default` (if `ALLOW`, all; if
178
+ # `DENY`, none).
179
+ #
180
+ # Example 6 (ListConstraint allowing all):
181
+ # `organizations/foo` has a `Policy` with values:
182
+ # \\{allowed_values: "E1" allowed_values: "E2"}
183
+ # `projects/bar` has a `Policy` with:
184
+ # \\{all: ALLOW}
185
+ # The accepted values at `organizations/foo` are `E1`, E2`.
186
+ # Any value is accepted at `projects/bar`.
187
+ #
188
+ # Example 7 (ListConstraint allowing none):
189
+ # `organizations/foo` has a `Policy` with values:
190
+ # \\{allowed_values: "E1" allowed_values: "E2"}
191
+ # `projects/bar` has a `Policy` with:
192
+ # \\{all: DENY}
193
+ # The accepted values at `organizations/foo` are `E1`, E2`.
194
+ # No value is accepted at `projects/bar`.
195
+ #
196
+ # Example 10 (allowed and denied subtrees of Resource Manager hierarchy):
197
+ # Given the following resource hierarchy
198
+ # O1->\\{F1, F2}; F1->\\{P1}; F2->\\{P2, P3},
199
+ # `organizations/foo` has a `Policy` with values:
200
+ # \\{allowed_values: "under:organizations/O1"}
201
+ # `projects/bar` has a `Policy` with:
202
+ # \\{allowed_values: "under:projects/P3"}
203
+ # \\{denied_values: "under:folders/F2"}
204
+ # The accepted values at `organizations/foo` are `organizations/O1`,
205
+ # `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,
206
+ # `projects/P3`.
207
+ # The accepted values at `projects/bar` are `organizations/O1`,
208
+ # `folders/F1`, `projects/P1`.
209
+ class ListPolicy
210
+ include Google::Protobuf::MessageExts
211
+ extend Google::Protobuf::MessageExts::ClassMethods
212
+
213
+ # This enum can be used to set `Policies` that apply to all possible
214
+ # configuration values rather than specific values in `allowed_values` or
215
+ # `denied_values`.
216
+ #
217
+ # Settting this to `ALLOW` will mean this `Policy` allows all values.
218
+ # Similarly, setting it to `DENY` will mean no values are allowed. If
219
+ # set to either `ALLOW` or `DENY, `allowed_values` and `denied_values`
220
+ # must be unset. Setting this to `ALL_VALUES_UNSPECIFIED` allows for
221
+ # setting `allowed_values` and `denied_values`.
222
+ module AllValues
223
+ # Indicates that allowed_values or denied_values must be set.
224
+ ALL_VALUES_UNSPECIFIED = 0
225
+
226
+ # A policy with this set allows all values.
227
+ ALLOW = 1
228
+
229
+ # A policy with this set denies all values.
230
+ DENY = 2
231
+ end
232
+ end
233
+
234
+ # Used in `policy_type` to specify how `boolean_policy` will behave at this
235
+ # resource.
236
+ # @!attribute [rw] enforced
237
+ # @return [Boolean]
238
+ # If `true`, then the `Policy` is enforced. If `false`, then any
239
+ # configuration is acceptable.
240
+ #
241
+ # Suppose you have a `Constraint`
242
+ # `constraints/compute.disableSerialPortAccess` with `constraint_default`
243
+ # set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following
244
+ # behavior:
245
+ # - If the `Policy` at this resource has enforced set to `false`, serial
246
+ # port connection attempts will be allowed.
247
+ # - If the `Policy` at this resource has enforced set to `true`, serial
248
+ # port connection attempts will be refused.
249
+ # - If the `Policy` at this resource is `RestoreDefault`, serial port
250
+ # connection attempts will be allowed.
251
+ # - If no `Policy` is set at this resource or anywhere higher in the
252
+ # resource hierarchy, serial port connection attempts will be allowed.
253
+ # - If no `Policy` is set at this resource, but one exists higher in the
254
+ # resource hierarchy, the behavior is as if the`Policy` were set at
255
+ # this resource.
256
+ #
257
+ # The following examples demonstrate the different possible layerings:
258
+ #
259
+ # Example 1 (nearest `Constraint` wins):
260
+ # `organizations/foo` has a `Policy` with:
261
+ # \\{enforced: false}
262
+ # `projects/bar` has no `Policy` set.
263
+ # The constraint at `projects/bar` and `organizations/foo` will not be
264
+ # enforced.
265
+ #
266
+ # Example 2 (enforcement gets replaced):
267
+ # `organizations/foo` has a `Policy` with:
268
+ # \\{enforced: false}
269
+ # `projects/bar` has a `Policy` with:
270
+ # \\{enforced: true}
271
+ # The constraint at `organizations/foo` is not enforced.
272
+ # The constraint at `projects/bar` is enforced.
273
+ #
274
+ # Example 3 (RestoreDefault):
275
+ # `organizations/foo` has a `Policy` with:
276
+ # \\{enforced: true}
277
+ # `projects/bar` has a `Policy` with:
278
+ # \\{RestoreDefault: \\{}}
279
+ # The constraint at `organizations/foo` is enforced.
280
+ # The constraint at `projects/bar` is not enforced, because
281
+ # `constraint_default` for the `Constraint` is `ALLOW`.
282
+ class BooleanPolicy
283
+ include Google::Protobuf::MessageExts
284
+ extend Google::Protobuf::MessageExts::ClassMethods
285
+ end
286
+
287
+ # Ignores policies set above this resource and restores the
288
+ # `constraint_default` enforcement behavior of the specific `Constraint` at
289
+ # this resource.
290
+ #
291
+ # Suppose that `constraint_default` is set to `ALLOW` for the
292
+ # `Constraint` `constraints/serviceuser.services`. Suppose that organization
293
+ # foo.com sets a `Policy` at their Organization resource node that restricts
294
+ # the allowed service activations to deny all service activations. They
295
+ # could then set a `Policy` with the `policy_type` `restore_default` on
296
+ # several experimental projects, restoring the `constraint_default`
297
+ # enforcement of the `Constraint` for only those projects, allowing those
298
+ # projects to have all services activated.
299
+ class RestoreDefault
300
+ include Google::Protobuf::MessageExts
301
+ extend Google::Protobuf::MessageExts::ClassMethods
302
+ end
303
+ end
304
+ end
305
+ end
306
+ end
307
+ end
@@ -0,0 +1,156 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Iam
22
+ module V1
23
+ # Defines an Identity and Access Management (IAM) policy. It is used to
24
+ # specify access control policies for Cloud Platform resources.
25
+ #
26
+ #
27
+ # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
28
+ # `members` to a `role`, where the members can be user accounts, Google groups,
29
+ # Google domains, and service accounts. A `role` is a named list of permissions
30
+ # defined by IAM.
31
+ #
32
+ # **Example**
33
+ #
34
+ # {
35
+ # "bindings": [
36
+ # {
37
+ # "role": "roles/owner",
38
+ # "members": [
39
+ # "user:mike@example.com",
40
+ # "group:admins@example.com",
41
+ # "domain:google.com",
42
+ # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
43
+ # ]
44
+ # },
45
+ # {
46
+ # "role": "roles/viewer",
47
+ # "members": ["user:sean@example.com"]
48
+ # }
49
+ # ]
50
+ # }
51
+ #
52
+ # For a description of IAM and its features, see the
53
+ # [IAM developer's guide](https://cloud.google.com/iam).
54
+ # @!attribute [rw] version
55
+ # @return [Integer]
56
+ # Version of the `Policy`. The default version is 0.
57
+ # @!attribute [rw] bindings
58
+ # @return [Array<Google::Iam::V1::Binding>]
59
+ # Associates a list of `members` to a `role`.
60
+ # Multiple `bindings` must not be specified for the same `role`.
61
+ # `bindings` with no members will result in an error.
62
+ # @!attribute [rw] etag
63
+ # @return [String]
64
+ # `etag` is used for optimistic concurrency control as a way to help
65
+ # prevent simultaneous updates of a policy from overwriting each other.
66
+ # It is strongly suggested that systems make use of the `etag` in the
67
+ # read-modify-write cycle to perform policy updates in order to avoid race
68
+ # conditions: An `etag` is returned in the response to `getIamPolicy`, and
69
+ # systems are expected to put that etag in the request to `setIamPolicy` to
70
+ # ensure that their change will be applied to the same version of the policy.
71
+ #
72
+ # If no `etag` is provided in the call to `setIamPolicy`, then the existing
73
+ # policy is overwritten blindly.
74
+ class Policy
75
+ include Google::Protobuf::MessageExts
76
+ extend Google::Protobuf::MessageExts::ClassMethods
77
+ end
78
+
79
+ # Associates `members` with a `role`.
80
+ # @!attribute [rw] role
81
+ # @return [String]
82
+ # Role that is assigned to `members`.
83
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
84
+ # Required
85
+ # @!attribute [rw] members
86
+ # @return [Array<String>]
87
+ # Specifies the identities requesting access for a Cloud Platform resource.
88
+ # `members` can have the following values:
89
+ #
90
+ # * `allUsers`: A special identifier that represents anyone who is
91
+ # on the internet; with or without a Google account.
92
+ #
93
+ # * `allAuthenticatedUsers`: A special identifier that represents anyone
94
+ # who is authenticated with a Google account or a service account.
95
+ #
96
+ # * `user:{emailid}`: An email address that represents a specific Google
97
+ # account. For example, `alice@gmail.com` or `joe@example.com`.
98
+ #
99
+ #
100
+ # * `serviceAccount:{emailid}`: An email address that represents a service
101
+ # account. For example, `my-other-app@appspot.gserviceaccount.com`.
102
+ #
103
+ # * `group:{emailid}`: An email address that represents a Google group.
104
+ # For example, `admins@example.com`.
105
+ #
106
+ # * `domain:{domain}`: A Google Apps domain name that represents all the
107
+ # users of that domain. For example, `google.com` or `example.com`.
108
+ class Binding
109
+ include Google::Protobuf::MessageExts
110
+ extend Google::Protobuf::MessageExts::ClassMethods
111
+ end
112
+
113
+ # The difference delta between two policies.
114
+ # @!attribute [rw] binding_deltas
115
+ # @return [Array<Google::Iam::V1::BindingDelta>]
116
+ # The delta for Bindings between two policies.
117
+ class PolicyDelta
118
+ include Google::Protobuf::MessageExts
119
+ extend Google::Protobuf::MessageExts::ClassMethods
120
+ end
121
+
122
+ # One delta entry for Binding. Each individual change (only one member in each
123
+ # entry) to a binding will be a separate entry.
124
+ # @!attribute [rw] action
125
+ # @return [Google::Iam::V1::BindingDelta::Action]
126
+ # The action that was performed on a Binding.
127
+ # Required
128
+ # @!attribute [rw] role
129
+ # @return [String]
130
+ # Role that is assigned to `members`.
131
+ # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
132
+ # Required
133
+ # @!attribute [rw] member
134
+ # @return [String]
135
+ # A single identity requesting access for a Cloud Platform resource.
136
+ # Follows the same format of Binding.members.
137
+ # Required
138
+ class BindingDelta
139
+ include Google::Protobuf::MessageExts
140
+ extend Google::Protobuf::MessageExts::ClassMethods
141
+
142
+ # The type of action performed on a Binding in a policy.
143
+ module Action
144
+ # Unspecified.
145
+ ACTION_UNSPECIFIED = 0
146
+
147
+ # Addition of a Binding.
148
+ ADD = 1
149
+
150
+ # Removal of a Binding.
151
+ REMOVE = 2
152
+ end
153
+ end
154
+ end
155
+ end
156
+ end