google-cloud-asset-v1 0.2.2 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +6 -6
- data/README.md +1 -1
- data/lib/google/cloud/asset/v1.rb +1 -1
- data/lib/google/cloud/asset/v1/asset_service.rb +1 -1
- data/lib/google/cloud/asset/v1/asset_service/client.rb +449 -170
- data/lib/google/cloud/asset/v1/asset_service/credentials.rb +1 -1
- data/lib/google/cloud/asset/v1/asset_service/operations.rb +108 -102
- data/lib/google/cloud/asset/v1/asset_service/paths.rb +5 -5
- data/lib/google/cloud/asset/v1/asset_service_pb.rb +26 -0
- data/lib/google/cloud/asset/v1/asset_service_services_pb.rb +13 -2
- data/lib/google/cloud/asset/v1/assets_pb.rb +29 -1
- data/lib/google/cloud/asset/v1/version.rb +1 -1
- data/proto_docs/google/api/resource.rb +12 -12
- data/proto_docs/google/cloud/asset/v1/asset_service.rb +235 -74
- data/proto_docs/google/cloud/asset/v1/assets.rb +225 -36
- data/proto_docs/google/cloud/orgpolicy/v1/orgpolicy.rb +21 -21
- data/proto_docs/google/iam/v1/policy.rb +26 -26
- data/proto_docs/google/identity/accesscontextmanager/v1/access_level.rb +37 -37
- data/proto_docs/google/identity/accesscontextmanager/v1/access_policy.rb +8 -8
- data/proto_docs/google/identity/accesscontextmanager/v1/service_perimeter.rb +21 -21
- data/proto_docs/google/longrunning/operations.rb +30 -30
- data/proto_docs/google/protobuf/any.rb +4 -4
- data/proto_docs/google/protobuf/empty.rb +2 -2
- data/proto_docs/google/protobuf/field_mask.rb +3 -3
- data/proto_docs/google/protobuf/struct.rb +18 -18
- data/proto_docs/google/protobuf/timestamp.rb +4 -4
- data/proto_docs/google/rpc/status.rb +6 -6
- data/proto_docs/google/type/expr.rb +6 -6
- metadata +32 -5
- data/lib/google/cloud/common_resources_pb.rb +0 -15
@@ -78,7 +78,7 @@ module Google
|
|
78
78
|
# For a description of IAM and its features, see the
|
79
79
|
# [IAM developer's guide](https://cloud.google.com/iam/docs).
|
80
80
|
# @!attribute [rw] version
|
81
|
-
# @return [Integer]
|
81
|
+
# @return [::Integer]
|
82
82
|
# Specifies the format of the policy.
|
83
83
|
#
|
84
84
|
# Valid values are 0, 1, and 3. Requests specifying an invalid value will be
|
@@ -94,12 +94,12 @@ module Google
|
|
94
94
|
# If no etag is provided in the call to `setIamPolicy`, version compliance
|
95
95
|
# checks against the stored policy is skipped.
|
96
96
|
# @!attribute [rw] bindings
|
97
|
-
# @return [Array
|
97
|
+
# @return [::Array<::Google::Iam::V1::Binding>]
|
98
98
|
# Associates a list of `members` to a `role`. Optionally may specify a
|
99
99
|
# `condition` that determines when binding is in effect.
|
100
100
|
# `bindings` with no members will result in an error.
|
101
101
|
# @!attribute [rw] etag
|
102
|
-
# @return [String]
|
102
|
+
# @return [::String]
|
103
103
|
# `etag` is used for optimistic concurrency control as a way to help
|
104
104
|
# prevent simultaneous updates of a policy from overwriting each other.
|
105
105
|
# It is strongly suggested that systems make use of the `etag` in the
|
@@ -113,17 +113,17 @@ module Google
|
|
113
113
|
# 'setIamPolicy' will not fail even if the incoming policy version does not
|
114
114
|
# meet the requirements for modifying the stored policy.
|
115
115
|
class Policy
|
116
|
-
include Google::Protobuf::MessageExts
|
117
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
116
|
+
include ::Google::Protobuf::MessageExts
|
117
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
118
118
|
end
|
119
119
|
|
120
120
|
# Associates `members` with a `role`.
|
121
121
|
# @!attribute [rw] role
|
122
|
-
# @return [String]
|
122
|
+
# @return [::String]
|
123
123
|
# Role that is assigned to `members`.
|
124
124
|
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
|
125
125
|
# @!attribute [rw] members
|
126
|
-
# @return [Array
|
126
|
+
# @return [::Array<::String>]
|
127
127
|
# Specifies the identities requesting access for a Cloud Platform resource.
|
128
128
|
# `members` can have the following values:
|
129
129
|
#
|
@@ -147,50 +147,50 @@ module Google
|
|
147
147
|
# * `domain:{domain}`: The G Suite domain (primary) that represents all the
|
148
148
|
# users of that domain. For example, `google.com` or `example.com`.
|
149
149
|
# @!attribute [rw] condition
|
150
|
-
# @return [Google::Type::Expr]
|
150
|
+
# @return [::Google::Type::Expr]
|
151
151
|
# The condition that is associated with this binding.
|
152
152
|
# NOTE: An unsatisfied condition will not allow user access via current
|
153
153
|
# binding. Different bindings, including their conditions, are examined
|
154
154
|
# independently.
|
155
155
|
class Binding
|
156
|
-
include Google::Protobuf::MessageExts
|
157
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
156
|
+
include ::Google::Protobuf::MessageExts
|
157
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
158
158
|
end
|
159
159
|
|
160
160
|
# The difference delta between two policies.
|
161
161
|
# @!attribute [rw] binding_deltas
|
162
|
-
# @return [Array
|
162
|
+
# @return [::Array<::Google::Iam::V1::BindingDelta>]
|
163
163
|
# The delta for Bindings between two policies.
|
164
164
|
# @!attribute [rw] audit_config_deltas
|
165
|
-
# @return [Array
|
165
|
+
# @return [::Array<::Google::Iam::V1::AuditConfigDelta>]
|
166
166
|
# The delta for AuditConfigs between two policies.
|
167
167
|
class PolicyDelta
|
168
|
-
include Google::Protobuf::MessageExts
|
169
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
168
|
+
include ::Google::Protobuf::MessageExts
|
169
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
170
170
|
end
|
171
171
|
|
172
172
|
# One delta entry for Binding. Each individual change (only one member in each
|
173
173
|
# entry) to a binding will be a separate entry.
|
174
174
|
# @!attribute [rw] action
|
175
|
-
# @return [Google::Iam::V1::BindingDelta::Action]
|
175
|
+
# @return [::Google::Iam::V1::BindingDelta::Action]
|
176
176
|
# The action that was performed on a Binding.
|
177
177
|
# Required
|
178
178
|
# @!attribute [rw] role
|
179
|
-
# @return [String]
|
179
|
+
# @return [::String]
|
180
180
|
# Role that is assigned to `members`.
|
181
181
|
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
|
182
182
|
# Required
|
183
183
|
# @!attribute [rw] member
|
184
|
-
# @return [String]
|
184
|
+
# @return [::String]
|
185
185
|
# A single identity requesting access for a Cloud Platform resource.
|
186
186
|
# Follows the same format of Binding.members.
|
187
187
|
# Required
|
188
188
|
# @!attribute [rw] condition
|
189
|
-
# @return [Google::Type::Expr]
|
189
|
+
# @return [::Google::Type::Expr]
|
190
190
|
# The condition that is associated with this binding.
|
191
191
|
class BindingDelta
|
192
|
-
include Google::Protobuf::MessageExts
|
193
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
192
|
+
include ::Google::Protobuf::MessageExts
|
193
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
194
194
|
|
195
195
|
# The type of action performed on a Binding in a policy.
|
196
196
|
module Action
|
@@ -208,28 +208,28 @@ module Google
|
|
208
208
|
# One delta entry for AuditConfig. Each individual change (only one
|
209
209
|
# exempted_member in each entry) to a AuditConfig will be a separate entry.
|
210
210
|
# @!attribute [rw] action
|
211
|
-
# @return [Google::Iam::V1::AuditConfigDelta::Action]
|
211
|
+
# @return [::Google::Iam::V1::AuditConfigDelta::Action]
|
212
212
|
# The action that was performed on an audit configuration in a policy.
|
213
213
|
# Required
|
214
214
|
# @!attribute [rw] service
|
215
|
-
# @return [String]
|
215
|
+
# @return [::String]
|
216
216
|
# Specifies a service that was configured for Cloud Audit Logging.
|
217
217
|
# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
|
218
218
|
# `allServices` is a special value that covers all services.
|
219
219
|
# Required
|
220
220
|
# @!attribute [rw] exempted_member
|
221
|
-
# @return [String]
|
221
|
+
# @return [::String]
|
222
222
|
# A single identity that is exempted from "data access" audit
|
223
223
|
# logging for the `service` specified above.
|
224
224
|
# Follows the same format of Binding.members.
|
225
225
|
# @!attribute [rw] log_type
|
226
|
-
# @return [String]
|
226
|
+
# @return [::String]
|
227
227
|
# Specifies the log_type that was be enabled. ADMIN_ACTIVITY is always
|
228
228
|
# enabled, and cannot be configured.
|
229
229
|
# Required
|
230
230
|
class AuditConfigDelta
|
231
|
-
include Google::Protobuf::MessageExts
|
232
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
231
|
+
include ::Google::Protobuf::MessageExts
|
232
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
233
233
|
|
234
234
|
# The type of action performed on an audit configuration in a policy.
|
235
235
|
module Action
|
@@ -25,48 +25,48 @@ module Google
|
|
25
25
|
# services, along with a list of requirements necessary for the label to be
|
26
26
|
# applied.
|
27
27
|
# @!attribute [rw] name
|
28
|
-
# @return [String]
|
28
|
+
# @return [::String]
|
29
29
|
# Required. Resource name for the Access Level. The `short_name` component
|
30
30
|
# must begin with a letter and only include alphanumeric and '_'. Format:
|
31
31
|
# `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
|
32
32
|
# of the `short_name` component is 50 characters.
|
33
33
|
# @!attribute [rw] title
|
34
|
-
# @return [String]
|
34
|
+
# @return [::String]
|
35
35
|
# Human readable title. Must be unique within the Policy.
|
36
36
|
# @!attribute [rw] description
|
37
|
-
# @return [String]
|
37
|
+
# @return [::String]
|
38
38
|
# Description of the `AccessLevel` and its use. Does not affect behavior.
|
39
39
|
# @!attribute [rw] basic
|
40
|
-
# @return [Google::Identity::AccessContextManager::V1::BasicLevel]
|
40
|
+
# @return [::Google::Identity::AccessContextManager::V1::BasicLevel]
|
41
41
|
# A `BasicLevel` composed of `Conditions`.
|
42
42
|
# @!attribute [rw] custom
|
43
|
-
# @return [Google::Identity::AccessContextManager::V1::CustomLevel]
|
43
|
+
# @return [::Google::Identity::AccessContextManager::V1::CustomLevel]
|
44
44
|
# A `CustomLevel` written in the Common Expression Language.
|
45
45
|
# @!attribute [rw] create_time
|
46
|
-
# @return [Google::Protobuf::Timestamp]
|
46
|
+
# @return [::Google::Protobuf::Timestamp]
|
47
47
|
# Output only. Time the `AccessLevel` was created in UTC.
|
48
48
|
# @!attribute [rw] update_time
|
49
|
-
# @return [Google::Protobuf::Timestamp]
|
49
|
+
# @return [::Google::Protobuf::Timestamp]
|
50
50
|
# Output only. Time the `AccessLevel` was updated in UTC.
|
51
51
|
class AccessLevel
|
52
|
-
include Google::Protobuf::MessageExts
|
53
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
52
|
+
include ::Google::Protobuf::MessageExts
|
53
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
54
54
|
end
|
55
55
|
|
56
56
|
# `BasicLevel` is an `AccessLevel` using a set of recommended features.
|
57
57
|
# @!attribute [rw] conditions
|
58
|
-
# @return [Array
|
58
|
+
# @return [::Array<::Google::Identity::AccessContextManager::V1::Condition>]
|
59
59
|
# Required. A list of requirements for the `AccessLevel` to be granted.
|
60
60
|
# @!attribute [rw] combining_function
|
61
|
-
# @return [Google::Identity::AccessContextManager::V1::BasicLevel::ConditionCombiningFunction]
|
61
|
+
# @return [::Google::Identity::AccessContextManager::V1::BasicLevel::ConditionCombiningFunction]
|
62
62
|
# How the `conditions` list should be combined to determine if a request is
|
63
63
|
# granted this `AccessLevel`. If AND is used, each `Condition` in
|
64
64
|
# `conditions` must be satisfied for the `AccessLevel` to be applied. If OR
|
65
65
|
# is used, at least one `Condition` in `conditions` must be satisfied for the
|
66
66
|
# `AccessLevel` to be applied. Default behavior is AND.
|
67
67
|
class BasicLevel
|
68
|
-
include Google::Protobuf::MessageExts
|
69
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
68
|
+
include ::Google::Protobuf::MessageExts
|
69
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
70
70
|
|
71
71
|
# Options for how the `conditions` list should be combined to determine if
|
72
72
|
# this `AccessLevel` is applied. Default is AND.
|
@@ -85,7 +85,7 @@ module Google
|
|
85
85
|
# listed device policy AND 3) all listed access levels are granted AND 4) the
|
86
86
|
# request was sent at a time allowed by the DateTimeRestriction.
|
87
87
|
# @!attribute [rw] ip_subnetworks
|
88
|
-
# @return [Array
|
88
|
+
# @return [::Array<::String>]
|
89
89
|
# CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for
|
90
90
|
# a CIDR IP address block, the specified IP address portion must be properly
|
91
91
|
# truncated (i.e. all the host bits must be zero) or the input is considered
|
@@ -95,23 +95,23 @@ module Google
|
|
95
95
|
# the listed subnets in order for this Condition to be true. If empty, all IP
|
96
96
|
# addresses are allowed.
|
97
97
|
# @!attribute [rw] device_policy
|
98
|
-
# @return [Google::Identity::AccessContextManager::V1::DevicePolicy]
|
98
|
+
# @return [::Google::Identity::AccessContextManager::V1::DevicePolicy]
|
99
99
|
# Device specific restrictions, all restrictions must hold for the
|
100
100
|
# Condition to be true. If not specified, all devices are allowed.
|
101
101
|
# @!attribute [rw] required_access_levels
|
102
|
-
# @return [Array
|
102
|
+
# @return [::Array<::String>]
|
103
103
|
# A list of other access levels defined in the same `Policy`, referenced by
|
104
104
|
# resource name. Referencing an `AccessLevel` which does not exist is an
|
105
105
|
# error. All access levels listed must be granted for the Condition
|
106
106
|
# to be true. Example:
|
107
107
|
# "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
|
108
108
|
# @!attribute [rw] negate
|
109
|
-
# @return [Boolean]
|
109
|
+
# @return [::Boolean]
|
110
110
|
# Whether to negate the Condition. If true, the Condition becomes a NAND over
|
111
111
|
# its non-empty fields, each field must be false for the Condition overall to
|
112
112
|
# be satisfied. Defaults to false.
|
113
113
|
# @!attribute [rw] members
|
114
|
-
# @return [Array
|
114
|
+
# @return [::Array<::String>]
|
115
115
|
# The request must be made by one of the provided user or service
|
116
116
|
# accounts. Groups are not supported.
|
117
117
|
# Syntax:
|
@@ -119,23 +119,23 @@ module Google
|
|
119
119
|
# `serviceAccount:{emailid}`
|
120
120
|
# If not specified, a request may come from any user.
|
121
121
|
# @!attribute [rw] regions
|
122
|
-
# @return [Array
|
122
|
+
# @return [::Array<::String>]
|
123
123
|
# The request must originate from one of the provided countries/regions.
|
124
124
|
# Must be valid ISO 3166-1 alpha-2 codes.
|
125
125
|
class Condition
|
126
|
-
include Google::Protobuf::MessageExts
|
127
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
126
|
+
include ::Google::Protobuf::MessageExts
|
127
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
128
128
|
end
|
129
129
|
|
130
130
|
# `CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language
|
131
131
|
# to represent the necessary conditions for the level to apply to a request.
|
132
132
|
# See CEL spec at: https://github.com/google/cel-spec
|
133
133
|
# @!attribute [rw] expr
|
134
|
-
# @return [Google::Type::Expr]
|
134
|
+
# @return [::Google::Type::Expr]
|
135
135
|
# Required. A Cloud CEL expression evaluating to a boolean.
|
136
136
|
class CustomLevel
|
137
|
-
include Google::Protobuf::MessageExts
|
138
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
137
|
+
include ::Google::Protobuf::MessageExts
|
138
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
139
139
|
end
|
140
140
|
|
141
141
|
# `DevicePolicy` specifies device specific restrictions necessary to acquire a
|
@@ -148,48 +148,48 @@ module Google
|
|
148
148
|
# true for requests originating from encrypted Linux desktops and encrypted
|
149
149
|
# Windows desktops.
|
150
150
|
# @!attribute [rw] require_screenlock
|
151
|
-
# @return [Boolean]
|
151
|
+
# @return [::Boolean]
|
152
152
|
# Whether or not screenlock is required for the DevicePolicy to be true.
|
153
153
|
# Defaults to `false`.
|
154
154
|
# @!attribute [rw] allowed_encryption_statuses
|
155
|
-
# @return [Array
|
155
|
+
# @return [::Array<::Google::Identity::AccessContextManager::Type::DeviceEncryptionStatus>]
|
156
156
|
# Allowed encryptions statuses, an empty list allows all statuses.
|
157
157
|
# @!attribute [rw] os_constraints
|
158
|
-
# @return [Array
|
158
|
+
# @return [::Array<::Google::Identity::AccessContextManager::V1::OsConstraint>]
|
159
159
|
# Allowed OS versions, an empty list allows all types and all versions.
|
160
160
|
# @!attribute [rw] allowed_device_management_levels
|
161
|
-
# @return [Array
|
161
|
+
# @return [::Array<::Google::Identity::AccessContextManager::Type::DeviceManagementLevel>]
|
162
162
|
# Allowed device management levels, an empty list allows all management
|
163
163
|
# levels.
|
164
164
|
# @!attribute [rw] require_admin_approval
|
165
|
-
# @return [Boolean]
|
165
|
+
# @return [::Boolean]
|
166
166
|
# Whether the device needs to be approved by the customer admin.
|
167
167
|
# @!attribute [rw] require_corp_owned
|
168
|
-
# @return [Boolean]
|
168
|
+
# @return [::Boolean]
|
169
169
|
# Whether the device needs to be corp owned.
|
170
170
|
class DevicePolicy
|
171
|
-
include Google::Protobuf::MessageExts
|
172
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
171
|
+
include ::Google::Protobuf::MessageExts
|
172
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
173
173
|
end
|
174
174
|
|
175
175
|
# A restriction on the OS type and version of devices making requests.
|
176
176
|
# @!attribute [rw] os_type
|
177
|
-
# @return [Google::Identity::AccessContextManager::Type::OsType]
|
177
|
+
# @return [::Google::Identity::AccessContextManager::Type::OsType]
|
178
178
|
# Required. The allowed OS type.
|
179
179
|
# @!attribute [rw] minimum_version
|
180
|
-
# @return [String]
|
180
|
+
# @return [::String]
|
181
181
|
# The minimum allowed OS version. If not set, any version of this OS
|
182
182
|
# satisfies the constraint. Format: `"major.minor.patch"`.
|
183
183
|
# Examples: `"10.5.301"`, `"9.2.1"`.
|
184
184
|
# @!attribute [rw] require_verified_chrome_os
|
185
|
-
# @return [Boolean]
|
185
|
+
# @return [::Boolean]
|
186
186
|
# Only allows requests from devices with a verified Chrome OS.
|
187
187
|
# Verifications includes requirements that the device is enterprise-managed,
|
188
188
|
# conformant to domain policies, and the caller has permission to call
|
189
189
|
# the API targeted by the request.
|
190
190
|
class OsConstraint
|
191
|
-
include Google::Protobuf::MessageExts
|
192
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
191
|
+
include ::Google::Protobuf::MessageExts
|
192
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
193
193
|
end
|
194
194
|
end
|
195
195
|
end
|
@@ -27,32 +27,32 @@ module Google
|
|
27
27
|
# access policy is globally visible within an organization, and the
|
28
28
|
# restrictions it specifies apply to all projects within an organization.
|
29
29
|
# @!attribute [rw] name
|
30
|
-
# @return [String]
|
30
|
+
# @return [::String]
|
31
31
|
# Output only. Resource name of the `AccessPolicy`. Format:
|
32
32
|
# `accessPolicies/{policy_id}`
|
33
33
|
# @!attribute [rw] parent
|
34
|
-
# @return [String]
|
34
|
+
# @return [::String]
|
35
35
|
# Required. The parent of this `AccessPolicy` in the Cloud Resource
|
36
36
|
# Hierarchy. Currently immutable once created. Format:
|
37
37
|
# `organizations/{organization_id}`
|
38
38
|
# @!attribute [rw] title
|
39
|
-
# @return [String]
|
39
|
+
# @return [::String]
|
40
40
|
# Required. Human readable title. Does not affect behavior.
|
41
41
|
# @!attribute [rw] create_time
|
42
|
-
# @return [Google::Protobuf::Timestamp]
|
42
|
+
# @return [::Google::Protobuf::Timestamp]
|
43
43
|
# Output only. Time the `AccessPolicy` was created in UTC.
|
44
44
|
# @!attribute [rw] update_time
|
45
|
-
# @return [Google::Protobuf::Timestamp]
|
45
|
+
# @return [::Google::Protobuf::Timestamp]
|
46
46
|
# Output only. Time the `AccessPolicy` was updated in UTC.
|
47
47
|
# @!attribute [rw] etag
|
48
|
-
# @return [String]
|
48
|
+
# @return [::String]
|
49
49
|
# Output only. An opaque identifier for the current version of the
|
50
50
|
# `AccessPolicy`. This will always be a strongly validated etag, meaning that
|
51
51
|
# two Access Polices will be identical if and only if their etags are
|
52
52
|
# identical. Clients should not expect this to be in any specific format.
|
53
53
|
class AccessPolicy
|
54
|
-
include Google::Protobuf::MessageExts
|
55
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
54
|
+
include ::Google::Protobuf::MessageExts
|
55
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
56
56
|
end
|
57
57
|
end
|
58
58
|
end
|
@@ -32,25 +32,25 @@ module Google
|
|
32
32
|
# a single Google Cloud project may belong to multiple Service Perimeter
|
33
33
|
# Bridges.
|
34
34
|
# @!attribute [rw] name
|
35
|
-
# @return [String]
|
35
|
+
# @return [::String]
|
36
36
|
# Required. Resource name for the ServicePerimeter. The `short_name`
|
37
37
|
# component must begin with a letter and only include alphanumeric and '_'.
|
38
38
|
# Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
|
39
39
|
# @!attribute [rw] title
|
40
|
-
# @return [String]
|
40
|
+
# @return [::String]
|
41
41
|
# Human readable title. Must be unique within the Policy.
|
42
42
|
# @!attribute [rw] description
|
43
|
-
# @return [String]
|
43
|
+
# @return [::String]
|
44
44
|
# Description of the `ServicePerimeter` and its use. Does not affect
|
45
45
|
# behavior.
|
46
46
|
# @!attribute [rw] create_time
|
47
|
-
# @return [Google::Protobuf::Timestamp]
|
47
|
+
# @return [::Google::Protobuf::Timestamp]
|
48
48
|
# Output only. Time the `ServicePerimeter` was created in UTC.
|
49
49
|
# @!attribute [rw] update_time
|
50
|
-
# @return [Google::Protobuf::Timestamp]
|
50
|
+
# @return [::Google::Protobuf::Timestamp]
|
51
51
|
# Output only. Time the `ServicePerimeter` was updated in UTC.
|
52
52
|
# @!attribute [rw] perimeter_type
|
53
|
-
# @return [Google::Identity::AccessContextManager::V1::ServicePerimeter::PerimeterType]
|
53
|
+
# @return [::Google::Identity::AccessContextManager::V1::ServicePerimeter::PerimeterType]
|
54
54
|
# Perimeter type indicator. A single project is
|
55
55
|
# allowed to be a member of single regular perimeter, but multiple service
|
56
56
|
# perimeter bridges. A project cannot be a included in a perimeter bridge
|
@@ -58,18 +58,18 @@ module Google
|
|
58
58
|
# the restricted service list as well as access level lists must be
|
59
59
|
# empty.
|
60
60
|
# @!attribute [rw] status
|
61
|
-
# @return [Google::Identity::AccessContextManager::V1::ServicePerimeterConfig]
|
61
|
+
# @return [::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig]
|
62
62
|
# Current ServicePerimeter configuration. Specifies sets of resources,
|
63
63
|
# restricted services and access levels that determine perimeter
|
64
64
|
# content and boundaries.
|
65
65
|
# @!attribute [rw] spec
|
66
|
-
# @return [Google::Identity::AccessContextManager::V1::ServicePerimeterConfig]
|
66
|
+
# @return [::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig]
|
67
67
|
# Proposed (or dry run) ServicePerimeter configuration. This configuration
|
68
68
|
# allows to specify and test ServicePerimeter configuration without enforcing
|
69
69
|
# actual access restrictions. Only allowed to be set when the
|
70
70
|
# "use_explicit_dry_run_spec" flag is set.
|
71
71
|
# @!attribute [rw] use_explicit_dry_run_spec
|
72
|
-
# @return [Boolean]
|
72
|
+
# @return [::Boolean]
|
73
73
|
# Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly
|
74
74
|
# exists for all Service Perimeters, and that spec is identical to the
|
75
75
|
# status for those Service Perimeters. When this flag is set, it inhibits the
|
@@ -81,8 +81,8 @@ module Google
|
|
81
81
|
# restrictions. use_explicit_dry_run_spec must bet set to True if any of the
|
82
82
|
# fields in the spec are set to non-default values.
|
83
83
|
class ServicePerimeter
|
84
|
-
include Google::Protobuf::MessageExts
|
85
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
84
|
+
include ::Google::Protobuf::MessageExts
|
85
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
86
86
|
|
87
87
|
# Specifies the type of the Perimeter. There are two types: regular and
|
88
88
|
# bridge. Regular Service Perimeter contains resources, access levels, and
|
@@ -111,11 +111,11 @@ module Google
|
|
111
111
|
# `ServicePerimeterConfig` specifies a set of Google Cloud resources that
|
112
112
|
# describe specific Service Perimeter configuration.
|
113
113
|
# @!attribute [rw] resources
|
114
|
-
# @return [Array
|
114
|
+
# @return [::Array<::String>]
|
115
115
|
# A list of Google Cloud resources that are inside of the service perimeter.
|
116
116
|
# Currently only projects are allowed. Format: `projects/{project_number}`
|
117
117
|
# @!attribute [rw] access_levels
|
118
|
-
# @return [Array
|
118
|
+
# @return [::Array<::String>]
|
119
119
|
# A list of `AccessLevel` resource names that allow resources within the
|
120
120
|
# `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed
|
121
121
|
# must be in the same policy as this `ServicePerimeter`. Referencing a
|
@@ -125,31 +125,31 @@ module Google
|
|
125
125
|
# `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`.
|
126
126
|
# For Service Perimeter Bridge, must be empty.
|
127
127
|
# @!attribute [rw] restricted_services
|
128
|
-
# @return [Array
|
128
|
+
# @return [::Array<::String>]
|
129
129
|
# Google Cloud services that are subject to the Service Perimeter
|
130
130
|
# restrictions. For example, if `storage.googleapis.com` is specified, access
|
131
131
|
# to the storage buckets inside the perimeter must meet the perimeter's
|
132
132
|
# access restrictions.
|
133
133
|
# @!attribute [rw] vpc_accessible_services
|
134
|
-
# @return [Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::VpcAccessibleServices]
|
134
|
+
# @return [::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::VpcAccessibleServices]
|
135
135
|
# Configuration for APIs allowed within Perimeter.
|
136
136
|
class ServicePerimeterConfig
|
137
|
-
include Google::Protobuf::MessageExts
|
138
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
137
|
+
include ::Google::Protobuf::MessageExts
|
138
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
139
139
|
|
140
140
|
# Specifies how APIs are allowed to communicate within the Service
|
141
141
|
# Perimeter.
|
142
142
|
# @!attribute [rw] enable_restriction
|
143
|
-
# @return [Boolean]
|
143
|
+
# @return [::Boolean]
|
144
144
|
# Whether to restrict API calls within the Service Perimeter to the list of
|
145
145
|
# APIs specified in 'allowed_services'.
|
146
146
|
# @!attribute [rw] allowed_services
|
147
|
-
# @return [Array
|
147
|
+
# @return [::Array<::String>]
|
148
148
|
# The list of APIs usable within the Service Perimeter. Must be empty
|
149
149
|
# unless 'enable_restriction' is True.
|
150
150
|
class VpcAccessibleServices
|
151
|
-
include Google::Protobuf::MessageExts
|
152
|
-
extend Google::Protobuf::MessageExts::ClassMethods
|
151
|
+
include ::Google::Protobuf::MessageExts
|
152
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
153
153
|
end
|
154
154
|
end
|
155
155
|
end
|