google-cloud-asset 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.yardopts +9 -0
- data/LICENSE +201 -0
- data/README.md +68 -0
- data/lib/google/cloud/asset.rb +140 -0
- data/lib/google/cloud/asset/v1beta1.rb +137 -0
- data/lib/google/cloud/asset/v1beta1/asset_service_client.rb +370 -0
- data/lib/google/cloud/asset/v1beta1/asset_service_client_config.json +36 -0
- data/lib/google/cloud/asset/v1beta1/asset_service_pb.rb +61 -0
- data/lib/google/cloud/asset/v1beta1/asset_service_services_pb.rb +56 -0
- data/lib/google/cloud/asset/v1beta1/assets_pb.rb +49 -0
- data/lib/google/cloud/asset/v1beta1/credentials.rb +41 -0
- data/lib/google/cloud/asset/v1beta1/doc/google/cloud/asset/v1beta1/asset_service.rb +118 -0
- data/lib/google/cloud/asset/v1beta1/doc/google/cloud/asset/v1beta1/assets.rb +104 -0
- data/lib/google/cloud/asset/v1beta1/doc/google/iam/v1/policy.rb +128 -0
- data/lib/google/cloud/asset/v1beta1/doc/google/longrunning/operations.rb +93 -0
- data/lib/google/cloud/asset/v1beta1/doc/google/protobuf/any.rb +130 -0
- data/lib/google/cloud/asset/v1beta1/doc/google/protobuf/struct.rb +74 -0
- data/lib/google/cloud/asset/v1beta1/doc/google/protobuf/timestamp.rb +109 -0
- data/lib/google/cloud/asset/v1beta1/doc/google/rpc/status.rb +84 -0
- metadata +160 -0
@@ -0,0 +1,56 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# Source: google/cloud/asset/v1beta1/asset_service.proto for package 'google.cloud.asset.v1beta1'
|
3
|
+
# Original file comments:
|
4
|
+
# Copyright 2018 Google LLC.
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
#
|
19
|
+
|
20
|
+
|
21
|
+
require 'grpc'
|
22
|
+
require 'google/cloud/asset/v1beta1/asset_service_pb'
|
23
|
+
|
24
|
+
module Google
|
25
|
+
module Cloud
|
26
|
+
module Asset
|
27
|
+
module V1beta1
|
28
|
+
module AssetService
|
29
|
+
# Asset service definition.
|
30
|
+
class Service
|
31
|
+
|
32
|
+
include GRPC::GenericService
|
33
|
+
|
34
|
+
self.marshal_class_method = :encode
|
35
|
+
self.unmarshal_class_method = :decode
|
36
|
+
self.service_name = 'google.cloud.asset.v1beta1.AssetService'
|
37
|
+
|
38
|
+
# Exports assets with time and resource types to a given Cloud Storage
|
39
|
+
# location. The output format is newline-delimited JSON.
|
40
|
+
# This API implements the [google.longrunning.Operation][google.longrunning.Operation] API allowing you
|
41
|
+
# to keep track of the export.
|
42
|
+
rpc :ExportAssets, ExportAssetsRequest, Google::Longrunning::Operation
|
43
|
+
# Batch gets the update history of assets that overlap a time window.
|
44
|
+
# For RESOURCE content, this API outputs history with asset in both
|
45
|
+
# non-delete or deleted status.
|
46
|
+
# For IAM_POLICY content, this API outputs history when the asset and its
|
47
|
+
# attached IAM POLICY both exist. This can create gaps in the output history.
|
48
|
+
rpc :BatchGetAssetsHistory, BatchGetAssetsHistoryRequest, BatchGetAssetsHistoryResponse
|
49
|
+
end
|
50
|
+
|
51
|
+
Stub = Service.rpc_stub_class
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: google/cloud/asset/v1beta1/assets.proto
|
3
|
+
|
4
|
+
|
5
|
+
require 'google/protobuf'
|
6
|
+
|
7
|
+
require 'google/api/annotations_pb'
|
8
|
+
require 'google/iam/v1/policy_pb'
|
9
|
+
require 'google/protobuf/any_pb'
|
10
|
+
require 'google/protobuf/struct_pb'
|
11
|
+
require 'google/protobuf/timestamp_pb'
|
12
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
13
|
+
add_message "google.cloud.asset.v1beta1.TemporalAsset" do
|
14
|
+
optional :window, :message, 1, "google.cloud.asset.v1beta1.TimeWindow"
|
15
|
+
optional :deleted, :bool, 2
|
16
|
+
optional :asset, :message, 3, "google.cloud.asset.v1beta1.Asset"
|
17
|
+
end
|
18
|
+
add_message "google.cloud.asset.v1beta1.TimeWindow" do
|
19
|
+
optional :start_time, :message, 1, "google.protobuf.Timestamp"
|
20
|
+
optional :end_time, :message, 2, "google.protobuf.Timestamp"
|
21
|
+
end
|
22
|
+
add_message "google.cloud.asset.v1beta1.Asset" do
|
23
|
+
optional :name, :string, 1
|
24
|
+
optional :asset_type, :string, 2
|
25
|
+
optional :resource, :message, 3, "google.cloud.asset.v1beta1.Resource"
|
26
|
+
optional :iam_policy, :message, 4, "google.iam.v1.Policy"
|
27
|
+
end
|
28
|
+
add_message "google.cloud.asset.v1beta1.Resource" do
|
29
|
+
optional :version, :string, 1
|
30
|
+
optional :discovery_document_uri, :string, 2
|
31
|
+
optional :discovery_name, :string, 3
|
32
|
+
optional :resource_url, :string, 4
|
33
|
+
optional :parent, :string, 5
|
34
|
+
optional :data, :message, 6, "google.protobuf.Struct"
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
module Google
|
39
|
+
module Cloud
|
40
|
+
module Asset
|
41
|
+
module V1beta1
|
42
|
+
TemporalAsset = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1beta1.TemporalAsset").msgclass
|
43
|
+
TimeWindow = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1beta1.TimeWindow").msgclass
|
44
|
+
Asset = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1beta1.Asset").msgclass
|
45
|
+
Resource = Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.asset.v1beta1.Resource").msgclass
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
# Copyright 2018 Google LLC
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
|
16
|
+
require "googleauth"
|
17
|
+
|
18
|
+
module Google
|
19
|
+
module Cloud
|
20
|
+
module Asset
|
21
|
+
module V1beta1
|
22
|
+
class Credentials < Google::Auth::Credentials
|
23
|
+
SCOPE = [
|
24
|
+
"https://www.googleapis.com/auth/cloud-platform"
|
25
|
+
].freeze
|
26
|
+
PATH_ENV_VARS = %w(ASSET_CREDENTIALS
|
27
|
+
ASSET_KEYFILE
|
28
|
+
GOOGLE_CLOUD_CREDENTIALS
|
29
|
+
GOOGLE_CLOUD_KEYFILE
|
30
|
+
GCLOUD_KEYFILE)
|
31
|
+
JSON_ENV_VARS = %w(ASSET_CREDENTIALS_JSON
|
32
|
+
ASSET_KEYFILE_JSON
|
33
|
+
GOOGLE_CLOUD_CREDENTIALS_JSON
|
34
|
+
GOOGLE_CLOUD_KEYFILE_JSON
|
35
|
+
GCLOUD_KEYFILE_JSON)
|
36
|
+
DEFAULT_PATHS = ["~/.config/gcloud/application_default_credentials.json"]
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,118 @@
|
|
1
|
+
# Copyright 2018 Google LLC
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
|
16
|
+
module Google
|
17
|
+
module Cloud
|
18
|
+
module Asset
|
19
|
+
module V1beta1
|
20
|
+
# Export asset request.
|
21
|
+
# @!attribute [rw] parent
|
22
|
+
# @return [String]
|
23
|
+
# Required. The relative name of the root asset. This can only be an organization
|
24
|
+
# number (such as "organizations/123"), a project ID (such as
|
25
|
+
# "projects/my-project-id"), or a project number (such as "projects/12345").
|
26
|
+
# @!attribute [rw] read_time
|
27
|
+
# @return [Google::Protobuf::Timestamp]
|
28
|
+
# Timestamp to take an asset snapshot. This can only be set to a timestamp in
|
29
|
+
# the past or of the current time. If not specified, the current time will be
|
30
|
+
# used. Due to delays in resource data collection and indexing, there is a
|
31
|
+
# volatile window during which running the same query may get different
|
32
|
+
# results.
|
33
|
+
# @!attribute [rw] asset_types
|
34
|
+
# @return [Array<String>]
|
35
|
+
# A list of asset types of which to take a snapshot for. For example:
|
36
|
+
# "google.compute.disk". If specified, only matching assets will be returned.
|
37
|
+
# @!attribute [rw] content_type
|
38
|
+
# @return [Google::Cloud::Asset::V1beta1::ContentType]
|
39
|
+
# Asset content type. If not specified, no content but the asset name will be
|
40
|
+
# returned.
|
41
|
+
# @!attribute [rw] output_config
|
42
|
+
# @return [Google::Cloud::Asset::V1beta1::OutputConfig]
|
43
|
+
# Required. Output configuration indicating where the results will be output
|
44
|
+
# to. All results will be in newline delimited JSON format.
|
45
|
+
class ExportAssetsRequest; end
|
46
|
+
|
47
|
+
# The export asset response. This message is returned by the
|
48
|
+
# {Google::Longrunning::Operations::GetOperation} method in the returned
|
49
|
+
# {Google::Longrunning::Operation#response} field.
|
50
|
+
# @!attribute [rw] read_time
|
51
|
+
# @return [Google::Protobuf::Timestamp]
|
52
|
+
# Time the snapshot was taken.
|
53
|
+
# @!attribute [rw] output_config
|
54
|
+
# @return [Google::Cloud::Asset::V1beta1::OutputConfig]
|
55
|
+
# Output configuration indicating where the results were output to.
|
56
|
+
# All results are in JSON format.
|
57
|
+
class ExportAssetsResponse; end
|
58
|
+
|
59
|
+
# Batch get assets history request.
|
60
|
+
# @!attribute [rw] parent
|
61
|
+
# @return [String]
|
62
|
+
# Required. The relative name of the root asset. It can only be an
|
63
|
+
# organization number (such as "organizations/123"), a project ID (such as
|
64
|
+
# "projects/my-project-id")", or a project number (such as "projects/12345").
|
65
|
+
# @!attribute [rw] asset_names
|
66
|
+
# @return [Array<String>]
|
67
|
+
# A list of the full names of the assets. For example:
|
68
|
+
# `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
|
69
|
+
# See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
|
70
|
+
# for more info.
|
71
|
+
#
|
72
|
+
# The request becomes a no-op if the asset name list is empty, and the max
|
73
|
+
# size of the asset name list is 100 in one request.
|
74
|
+
# @!attribute [rw] content_type
|
75
|
+
# @return [Google::Cloud::Asset::V1beta1::ContentType]
|
76
|
+
# Required. The content type.
|
77
|
+
# @!attribute [rw] read_time_window
|
78
|
+
# @return [Google::Cloud::Asset::V1beta1::TimeWindow]
|
79
|
+
# Required. The time window for the asset history. The start time is
|
80
|
+
# required. The returned results contain all temporal assets whose time
|
81
|
+
# window overlap with read_time_window.
|
82
|
+
class BatchGetAssetsHistoryRequest; end
|
83
|
+
|
84
|
+
# Batch get assets history response.
|
85
|
+
# @!attribute [rw] assets
|
86
|
+
# @return [Array<Google::Cloud::Asset::V1beta1::TemporalAsset>]
|
87
|
+
# A list of assets with valid time windows.
|
88
|
+
class BatchGetAssetsHistoryResponse; end
|
89
|
+
|
90
|
+
# Output configuration for export assets destination.
|
91
|
+
# @!attribute [rw] gcs_destination
|
92
|
+
# @return [Google::Cloud::Asset::V1beta1::GcsDestination]
|
93
|
+
# Destination on Cloud Storage.
|
94
|
+
class OutputConfig; end
|
95
|
+
|
96
|
+
# A Cloud Storage location.
|
97
|
+
# @!attribute [rw] uri
|
98
|
+
# @return [String]
|
99
|
+
# The path of the Cloud Storage objects. It's the same path that is used by
|
100
|
+
# gsutil. For example: "gs://bucket_name/object_path". See [Viewing and Editing Object Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
|
101
|
+
# for more information.
|
102
|
+
class GcsDestination; end
|
103
|
+
|
104
|
+
# Asset content type.
|
105
|
+
module ContentType
|
106
|
+
# Unspecified content type.
|
107
|
+
CONTENT_TYPE_UNSPECIFIED = 0
|
108
|
+
|
109
|
+
# Resource metadata.
|
110
|
+
RESOURCE = 1
|
111
|
+
|
112
|
+
# The actual IAM policy set on a resource.
|
113
|
+
IAM_POLICY = 2
|
114
|
+
end
|
115
|
+
end
|
116
|
+
end
|
117
|
+
end
|
118
|
+
end
|
@@ -0,0 +1,104 @@
|
|
1
|
+
# Copyright 2018 Google LLC
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
|
16
|
+
module Google
|
17
|
+
module Cloud
|
18
|
+
module Asset
|
19
|
+
module V1beta1
|
20
|
+
# Temporal asset. In addition to the asset, the temporal asset includes the
|
21
|
+
# status of the asset and valid from and to time of it.
|
22
|
+
# @!attribute [rw] window
|
23
|
+
# @return [Google::Cloud::Asset::V1beta1::TimeWindow]
|
24
|
+
# The time window when the asset data and state was observed.
|
25
|
+
# @!attribute [rw] deleted
|
26
|
+
# @return [true, false]
|
27
|
+
# If the asset is deleted or not.
|
28
|
+
# @!attribute [rw] asset
|
29
|
+
# @return [Google::Cloud::Asset::V1beta1::Asset]
|
30
|
+
# Asset.
|
31
|
+
class TemporalAsset; end
|
32
|
+
|
33
|
+
# A time window of [start_time, end_time).
|
34
|
+
# @!attribute [rw] start_time
|
35
|
+
# @return [Google::Protobuf::Timestamp]
|
36
|
+
# Start time of the time window (inclusive).
|
37
|
+
# @!attribute [rw] end_time
|
38
|
+
# @return [Google::Protobuf::Timestamp]
|
39
|
+
# End time of the time window (exclusive).
|
40
|
+
# Current timestamp if not specified.
|
41
|
+
class TimeWindow; end
|
42
|
+
|
43
|
+
# Cloud asset. This includes all Google Cloud Platform resources,
|
44
|
+
# Cloud IAM policies, and other non-GCP assets.
|
45
|
+
# @!attribute [rw] name
|
46
|
+
# @return [String]
|
47
|
+
# The full name of the asset. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.
|
48
|
+
# See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
|
49
|
+
# for more information.
|
50
|
+
# @!attribute [rw] asset_type
|
51
|
+
# @return [String]
|
52
|
+
# Type of the asset. Example: "google.compute.disk".
|
53
|
+
# @!attribute [rw] resource
|
54
|
+
# @return [Google::Cloud::Asset::V1beta1::Resource]
|
55
|
+
# Representation of the resource.
|
56
|
+
# @!attribute [rw] iam_policy
|
57
|
+
# @return [Google::Iam::V1::Policy]
|
58
|
+
# Representation of the actual Cloud IAM policy set on a cloud resource. For each
|
59
|
+
# resource, there must be at most one Cloud IAM policy set on it.
|
60
|
+
class Asset; end
|
61
|
+
|
62
|
+
# Representation of a cloud resource.
|
63
|
+
# @!attribute [rw] version
|
64
|
+
# @return [String]
|
65
|
+
# The API version. Example: "v1".
|
66
|
+
# @!attribute [rw] discovery_document_uri
|
67
|
+
# @return [String]
|
68
|
+
# The URL of the discovery document containing the resource's JSON schema.
|
69
|
+
# For example:
|
70
|
+
# `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`.
|
71
|
+
# It will be left unspecified for resources without a discovery-based API,
|
72
|
+
# such as Cloud Bigtable.
|
73
|
+
# @!attribute [rw] discovery_name
|
74
|
+
# @return [String]
|
75
|
+
# The JSON schema name listed in the discovery document.
|
76
|
+
# Example: "Project". It will be left unspecified for resources (such as
|
77
|
+
# Cloud Bigtable) without a discovery-based API.
|
78
|
+
# @!attribute [rw] resource_url
|
79
|
+
# @return [String]
|
80
|
+
# The REST URL for accessing the resource. An HTTP GET operation using this
|
81
|
+
# URL returns the resource itself.
|
82
|
+
# Example:
|
83
|
+
# `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`.
|
84
|
+
# It will be left unspecified for resources without a REST API.
|
85
|
+
# @!attribute [rw] parent
|
86
|
+
# @return [String]
|
87
|
+
# The full name of the immediate parent of this resource. See
|
88
|
+
# [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
|
89
|
+
# for more information.
|
90
|
+
#
|
91
|
+
# For GCP assets, it is the parent resource defined in the [Cloud IAM policy
|
92
|
+
# hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
|
93
|
+
# For example: `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`.
|
94
|
+
#
|
95
|
+
# For third-party assets, it is up to the users to define.
|
96
|
+
# @!attribute [rw] data
|
97
|
+
# @return [Google::Protobuf::Struct]
|
98
|
+
# The content of the resource, in which some sensitive fields are scrubbed
|
99
|
+
# away and may not be present.
|
100
|
+
class Resource; end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
@@ -0,0 +1,128 @@
|
|
1
|
+
# Copyright 2018 Google LLC
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
|
16
|
+
module Google
|
17
|
+
module Iam
|
18
|
+
module V1
|
19
|
+
# Defines an Identity and Access Management (IAM) policy. It is used to
|
20
|
+
# specify access control policies for Cloud Platform resources.
|
21
|
+
#
|
22
|
+
#
|
23
|
+
# A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
|
24
|
+
# `members` to a `role`, where the members can be user accounts, Google groups,
|
25
|
+
# Google domains, and service accounts. A `role` is a named list of permissions
|
26
|
+
# defined by IAM.
|
27
|
+
#
|
28
|
+
# **Example**
|
29
|
+
#
|
30
|
+
# {
|
31
|
+
# "bindings": [
|
32
|
+
# {
|
33
|
+
# "role": "roles/owner",
|
34
|
+
# "members": [
|
35
|
+
# "user:mike@example.com",
|
36
|
+
# "group:admins@example.com",
|
37
|
+
# "domain:google.com",
|
38
|
+
# "serviceAccount:my-other-app@appspot.gserviceaccount.com",
|
39
|
+
# ]
|
40
|
+
# },
|
41
|
+
# {
|
42
|
+
# "role": "roles/viewer",
|
43
|
+
# "members": ["user:sean@example.com"]
|
44
|
+
# }
|
45
|
+
# ]
|
46
|
+
# }
|
47
|
+
#
|
48
|
+
# For a description of IAM and its features, see the
|
49
|
+
# [IAM developer's guide](https://cloud.google.com/iam).
|
50
|
+
# @!attribute [rw] version
|
51
|
+
# @return [Integer]
|
52
|
+
# Version of the `Policy`. The default version is 0.
|
53
|
+
# @!attribute [rw] bindings
|
54
|
+
# @return [Array<Google::Iam::V1::Binding>]
|
55
|
+
# Associates a list of `members` to a `role`.
|
56
|
+
# Multiple `bindings` must not be specified for the same `role`.
|
57
|
+
# `bindings` with no members will result in an error.
|
58
|
+
# @!attribute [rw] etag
|
59
|
+
# @return [String]
|
60
|
+
# `etag` is used for optimistic concurrency control as a way to help
|
61
|
+
# prevent simultaneous updates of a policy from overwriting each other.
|
62
|
+
# It is strongly suggested that systems make use of the `etag` in the
|
63
|
+
# read-modify-write cycle to perform policy updates in order to avoid race
|
64
|
+
# conditions: An `etag` is returned in the response to `getIamPolicy`, and
|
65
|
+
# systems are expected to put that etag in the request to `setIamPolicy` to
|
66
|
+
# ensure that their change will be applied to the same version of the policy.
|
67
|
+
#
|
68
|
+
# If no `etag` is provided in the call to `setIamPolicy`, then the existing
|
69
|
+
# policy is overwritten blindly.
|
70
|
+
class Policy; end
|
71
|
+
|
72
|
+
# Associates `members` with a `role`.
|
73
|
+
# @!attribute [rw] role
|
74
|
+
# @return [String]
|
75
|
+
# Role that is assigned to `members`.
|
76
|
+
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
|
77
|
+
# Required
|
78
|
+
# @!attribute [rw] members
|
79
|
+
# @return [Array<String>]
|
80
|
+
# Specifies the identities requesting access for a Cloud Platform resource.
|
81
|
+
# `members` can have the following values:
|
82
|
+
#
|
83
|
+
# * `allUsers`: A special identifier that represents anyone who is
|
84
|
+
# on the internet; with or without a Google account.
|
85
|
+
#
|
86
|
+
# * `allAuthenticatedUsers`: A special identifier that represents anyone
|
87
|
+
# who is authenticated with a Google account or a service account.
|
88
|
+
#
|
89
|
+
# * `user:{emailid}`: An email address that represents a specific Google
|
90
|
+
# account. For example, `alice@gmail.com` or `joe@example.com`.
|
91
|
+
#
|
92
|
+
#
|
93
|
+
# * `serviceAccount:{emailid}`: An email address that represents a service
|
94
|
+
# account. For example, `my-other-app@appspot.gserviceaccount.com`.
|
95
|
+
#
|
96
|
+
# * `group:{emailid}`: An email address that represents a Google group.
|
97
|
+
# For example, `admins@example.com`.
|
98
|
+
#
|
99
|
+
# * `domain:{domain}`: A Google Apps domain name that represents all the
|
100
|
+
# users of that domain. For example, `google.com` or `example.com`.
|
101
|
+
class Binding; end
|
102
|
+
|
103
|
+
# The difference delta between two policies.
|
104
|
+
# @!attribute [rw] binding_deltas
|
105
|
+
# @return [Array<Google::Iam::V1::BindingDelta>]
|
106
|
+
# The delta for Bindings between two policies.
|
107
|
+
class PolicyDelta; end
|
108
|
+
|
109
|
+
# One delta entry for Binding. Each individual change (only one member in each
|
110
|
+
# entry) to a binding will be a separate entry.
|
111
|
+
# @!attribute [rw] action
|
112
|
+
# @return [Google::Iam::V1::BindingDelta::Action]
|
113
|
+
# The action that was performed on a Binding.
|
114
|
+
# Required
|
115
|
+
# @!attribute [rw] role
|
116
|
+
# @return [String]
|
117
|
+
# Role that is assigned to `members`.
|
118
|
+
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
|
119
|
+
# Required
|
120
|
+
# @!attribute [rw] member
|
121
|
+
# @return [String]
|
122
|
+
# A single identity requesting access for a Cloud Platform resource.
|
123
|
+
# Follows the same format of Binding.members.
|
124
|
+
# Required
|
125
|
+
class BindingDelta; end
|
126
|
+
end
|
127
|
+
end
|
128
|
+
end
|