google-cloud-iap-v1 0.1.0

data/proto_docs/google/cloud/iap/v1/service.rb

@@ -0,0 +1,336 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Cloud
+    module Iap
+      module V1
+        # The request sent to GetIapSettings.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The resource name for which to retrieve the settings.
+        #     Authorization: Requires the `getSettings` permission for the associated
+        #     resource.
+        class GetIapSettingsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The request sent to UpdateIapSettings.
+        # @!attribute [rw] iap_settings
+        #   @return [::Google::Cloud::Iap::V1::IapSettings]
+        #     Required. The new values for the IAP settings to be updated.
+        #     Authorization: Requires the `updateSettings` permission for the associated
+        #     resource.
+        # @!attribute [rw] update_mask
+        #   @return [::Google::Protobuf::FieldMask]
+        #     The field mask specifying which IAP settings should be updated.
+        #     If omitted, the all of the settings are updated. See
+        #     https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask
+        class UpdateIapSettingsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The IAP configurable settings.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. The resource name of the IAP protected resource.
+        # @!attribute [rw] access_settings
+        #   @return [::Google::Cloud::Iap::V1::AccessSettings]
+        #     Top level wrapper for all access related setting in IAP
+        # @!attribute [rw] application_settings
+        #   @return [::Google::Cloud::Iap::V1::ApplicationSettings]
+        #     Top level wrapper for all application related settings in IAP
+        class IapSettings
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Access related settings for IAP protected apps.
+        # @!attribute [rw] gcip_settings
+        #   @return [::Google::Cloud::Iap::V1::GcipSettings]
+        #     GCIP claims and endpoint configurations for 3p identity providers.
+        # @!attribute [rw] cors_settings
+        #   @return [::Google::Cloud::Iap::V1::CorsSettings]
+        #     Configuration to allow cross-origin requests via IAP.
+        # @!attribute [rw] oauth_settings
+        #   @return [::Google::Cloud::Iap::V1::OAuthSettings]
+        #     Settings to configure IAP's OAuth behavior.
+        class AccessSettings
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Allows customers to configure tenant_id for GCIP instance per-app.
+        # @!attribute [rw] tenant_ids
+        #   @return [::Array<::String>]
+        #     GCIP tenant ids that are linked to the IAP resource.
+        #     tenant_ids could be a string beginning with a number character to indicate
+        #     authenticating with GCIP tenant flow, or in the format of _<ProjectNumber>
+        #     to indicate authenticating with GCIP agent flow.
+        #     If agent flow is used, tenant_ids should only contain one single element,
+        #     while for tenant flow, tenant_ids can contain multiple elements.
+        # @!attribute [rw] login_page_uri
+        #   @return [::Google::Protobuf::StringValue]
+        #     Login page URI associated with the GCIP tenants.
+        #     Typically, all resources within the same project share the same login page,
+        #     though it could be overridden at the sub resource level.
+        class GcipSettings
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Allows customers to configure HTTP request paths that'll allow HTTP OPTIONS
+        # call to bypass authentication and authorization.
+        # @!attribute [rw] allow_http_options
+        #   @return [::Google::Protobuf::BoolValue]
+        #     Configuration to allow HTTP OPTIONS calls to skip authorization. If
+        #     undefined, IAP will not apply any special logic to OPTIONS requests.
+        class CorsSettings
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Configuration for OAuth login&consent flow behavior as well as for OAuth
+        # Credentials.
+        # @!attribute [rw] login_hint
+        #   @return [::Google::Protobuf::StringValue]
+        #     Domain hint to send as hd=? parameter in OAuth request flow. Enables
+        #     redirect to primary IDP by skipping Google's login screen.
+        #     https://developers.google.com/identity/protocols/OpenIDConnect#hd-param
+        #     Note: IAP does not verify that the id token's hd claim matches this value
+        #     since access behavior is managed by IAM policies.
+        class OAuthSettings
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Wrapper over application specific settings for IAP.
+        # @!attribute [rw] csm_settings
+        #   @return [::Google::Cloud::Iap::V1::CsmSettings]
+        #     Settings to configure IAP's behavior for a CSM mesh.
+        # @!attribute [rw] access_denied_page_settings
+        #   @return [::Google::Cloud::Iap::V1::AccessDeniedPageSettings]
+        #     Customization for Access Denied page.
+        # @!attribute [rw] cookie_domain
+        #   @return [::Google::Protobuf::StringValue]
+        #     The Domain value to set for cookies generated by IAP. This value is not
+        #     validated by the API, but will be ignored at runtime if invalid.
+        class ApplicationSettings
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Configuration for RCTokens generated for CSM workloads protected by IAP.
+        # RCTokens are IAP generated JWTs that can be verified at the application. The
+        # RCToken is primarily used for ISTIO deployments, and can be scoped to a
+        # single mesh by configuring the audience field accordingly
+        # @!attribute [rw] rctoken_aud
+        #   @return [::Google::Protobuf::StringValue]
+        #     Audience claim set in the generated RCToken. This value is not validated by
+        #     IAP.
+        class CsmSettings
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Custom content configuration for access denied page.
+        # IAP allows customers to define a custom URI to use as the error page when
+        # access is denied to users. If IAP prevents access to this page, the default
+        # IAP error page will be displayed instead.
+        # @!attribute [rw] access_denied_page_uri
+        #   @return [::Google::Protobuf::StringValue]
+        #     The URI to be redirected to when access is denied.
+        # @!attribute [rw] generate_troubleshooting_uri
+        #   @return [::Google::Protobuf::BoolValue]
+        #     Whether to generate a troubleshooting URL on access denied events to this
+        #     application.
+        class AccessDeniedPageSettings
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The request sent to ListBrands.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. GCP Project number/id.
+        #     In the following format: projects/\\{project_number/id}.
+        class ListBrandsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Response message for ListBrands.
+        # @!attribute [rw] brands
+        #   @return [::Array<::Google::Cloud::Iap::V1::Brand>]
+        #     Brands existing in the project.
+        class ListBrandsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The request sent to CreateBrand.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. GCP Project number/id under which the brand is to be created.
+        #     In the following format: projects/\\{project_number/id}.
+        # @!attribute [rw] brand
+        #   @return [::Google::Cloud::Iap::V1::Brand]
+        #     Required. The brand to be created.
+        class CreateBrandRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The request sent to GetBrand.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. Name of the brand to be fetched.
+        #     In the following format: projects/\\{project_number/id}/brands/\\{brand}.
+        class GetBrandRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The request sent to ListIdentityAwareProxyClients.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. Full brand path.
+        #     In the following format: projects/\\{project_number/id}/brands/\\{brand}.
+        # @!attribute [rw] page_size
+        #   @return [::Integer]
+        #     The maximum number of clients to return. The service may return fewer than
+        #     this value.
+        #     If unspecified, at most 100 clients will be returned.
+        #     The maximum value is 1000; values above 1000 will be coerced to 1000.
+        # @!attribute [rw] page_token
+        #   @return [::String]
+        #     A page token, received from a previous `ListIdentityAwareProxyClients`
+        #     call. Provide this to retrieve the subsequent page.
+        #
+        #     When paginating, all other parameters provided to
+        #     `ListIdentityAwareProxyClients` must match the call that provided the page
+        #     token.
+        class ListIdentityAwareProxyClientsRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Response message for ListIdentityAwareProxyClients.
+        # @!attribute [rw] identity_aware_proxy_clients
+        #   @return [::Array<::Google::Cloud::Iap::V1::IdentityAwareProxyClient>]
+        #     Clients existing in the brand.
+        # @!attribute [rw] next_page_token
+        #   @return [::String]
+        #     A token, which can be send as `page_token` to retrieve the next page.
+        #     If this field is omitted, there are no subsequent pages.
+        class ListIdentityAwareProxyClientsResponse
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The request sent to CreateIdentityAwareProxyClient.
+        # @!attribute [rw] parent
+        #   @return [::String]
+        #     Required. Path to create the client in.
+        #     In the following format:
+        #     projects/\\{project_number/id}/brands/\\{brand}.
+        #     The project must belong to a G Suite account.
+        # @!attribute [rw] identity_aware_proxy_client
+        #   @return [::Google::Cloud::Iap::V1::IdentityAwareProxyClient]
+        #     Required. Identity Aware Proxy Client to be created.
+        class CreateIdentityAwareProxyClientRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The request sent to GetIdentityAwareProxyClient.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. Name of the Identity Aware Proxy client to be fetched.
+        #     In the following format:
+        #     projects/\\{project_number/id}/brands/\\{brand}/identityAwareProxyClients/\\{client_id}.
+        class GetIdentityAwareProxyClientRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The request sent to ResetIdentityAwareProxyClientSecret.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. Name of the Identity Aware Proxy client to that will have its
+        #     secret reset. In the following format:
+        #     projects/\\{project_number/id}/brands/\\{brand}/identityAwareProxyClients/\\{client_id}.
+        class ResetIdentityAwareProxyClientSecretRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # The request sent to DeleteIdentityAwareProxyClient.
+        # @!attribute [rw] name
+        #   @return [::String]
+        #     Required. Name of the Identity Aware Proxy client to be deleted.
+        #     In the following format:
+        #     projects/\\{project_number/id}/brands/\\{brand}/identityAwareProxyClients/\\{client_id}.
+        class DeleteIdentityAwareProxyClientRequest
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # OAuth brand data.
+        # NOTE: Only contains a portion of the data that describes a brand.
+        # @!attribute [r] name
+        #   @return [::String]
+        #     Output only. Identifier of the brand.
+        #     NOTE: GCP project number achieves the same brand identification purpose as
+        #     only one brand per project can be created.
+        # @!attribute [rw] support_email
+        #   @return [::String]
+        #     Support email displayed on the OAuth consent screen.
+        # @!attribute [rw] application_title
+        #   @return [::String]
+        #     Application name displayed on OAuth consent screen.
+        # @!attribute [r] org_internal_only
+        #   @return [::Boolean]
+        #     Output only. Whether the brand is only intended for usage inside the
+        #     G Suite organization only.
+        class Brand
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Contains the data that describes an Identity Aware Proxy owned client.
+        # @!attribute [r] name
+        #   @return [::String]
+        #     Output only. Unique identifier of the OAuth client.
+        # @!attribute [r] secret
+        #   @return [::String]
+        #     Output only. Client secret of the OAuth client.
+        # @!attribute [rw] display_name
+        #   @return [::String]
+        #     Human-friendly name given to the OAuth client.
+        class IdentityAwareProxyClient
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+      end
+    end
+  end
+end

data/proto_docs/google/iam/v1/iam_policy.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Iam
+    module V1
+      # Request message for `SetIamPolicy` method.
+      # @!attribute [rw] resource
+      #   @return [::String]
+      #     REQUIRED: The resource for which the policy is being specified.
+      #     See the operation documentation for the appropriate value for this field.
+      # @!attribute [rw] policy
+      #   @return [::Google::Iam::V1::Policy]
+      #     REQUIRED: The complete policy to be applied to the `resource`. The size of
+      #     the policy is limited to a few 10s of KB. An empty policy is a
+      #     valid policy but certain Cloud Platform services (such as Projects)
+      #     might reject them.
+      class SetIamPolicyRequest
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Request message for `GetIamPolicy` method.
+      # @!attribute [rw] resource
+      #   @return [::String]
+      #     REQUIRED: The resource for which the policy is being requested.
+      #     See the operation documentation for the appropriate value for this field.
+      # @!attribute [rw] options
+      #   @return [::Google::Iam::V1::GetPolicyOptions]
+      #     OPTIONAL: A `GetPolicyOptions` object for specifying options to
+      #     `GetIamPolicy`. This field is only used by Cloud IAM.
+      class GetIamPolicyRequest
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Request message for `TestIamPermissions` method.
+      # @!attribute [rw] resource
+      #   @return [::String]
+      #     REQUIRED: The resource for which the policy detail is being requested.
+      #     See the operation documentation for the appropriate value for this field.
+      # @!attribute [rw] permissions
+      #   @return [::Array<::String>]
+      #     The set of permissions to check for the `resource`. Permissions with
+      #     wildcards (such as '*' or 'storage.*') are not allowed. For more
+      #     information see
+      #     [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
+      class TestIamPermissionsRequest
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+
+      # Response message for `TestIamPermissions` method.
+      # @!attribute [rw] permissions
+      #   @return [::Array<::String>]
+      #     A subset of `TestPermissionsRequest.permissions` that the caller is
+      #     allowed.
+      class TestIamPermissionsResponse
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+  end
+end

data/proto_docs/google/iam/v1/options.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Iam
+    module V1
+      # Encapsulates settings provided to GetIamPolicy.
+      # @!attribute [rw] requested_policy_version
+      #   @return [::Integer]
+      #     Optional. The policy format version to be returned.
+      #
+      #     Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+      #     rejected.
+      #
+      #     Requests for policies with any conditional bindings must specify version 3.
+      #     Policies without any conditional bindings may specify any valid value or
+      #     leave the field unset.
+      class GetPolicyOptions
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+  end
+end