google-cloud-iap-v1 0.1.2 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.yardopts +1 -1
- data/AUTHENTICATION.md +7 -25
- data/README.md +6 -1
- data/lib/google/cloud/iap/v1/identity_aware_proxy_admin_service/client.rb +512 -2
- data/lib/google/cloud/iap/v1/identity_aware_proxy_admin_service/paths.rb +69 -0
- data/lib/google/cloud/iap/v1/identity_aware_proxy_admin_service.rb +1 -0
- data/lib/google/cloud/iap/v1/identity_aware_proxy_o_auth_service/client.rb +6 -5
- data/lib/google/cloud/iap/v1/service_pb.rb +61 -2
- data/lib/google/cloud/iap/v1/service_services_pb.rb +18 -5
- data/lib/google/cloud/iap/v1/version.rb +1 -1
- data/lib/google/cloud/iap/v1.rb +2 -0
- data/proto_docs/google/api/resource.rb +10 -71
- data/proto_docs/google/cloud/iap/v1/service.rb +164 -0
- data/proto_docs/google/iam/v1/iam_policy.rb +8 -1
- data/proto_docs/google/iam/v1/options.rb +14 -4
- data/proto_docs/google/iam/v1/policy.rb +208 -38
- data/proto_docs/google/protobuf/duration.rb +98 -0
- metadata +9 -13
@@ -0,0 +1,69 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2022 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Cloud
|
22
|
+
module Iap
|
23
|
+
module V1
|
24
|
+
module IdentityAwareProxyAdminService
|
25
|
+
# Path helper methods for the IdentityAwareProxyAdminService API.
|
26
|
+
module Paths
|
27
|
+
##
|
28
|
+
# Create a fully-qualified TunnelDestGroup resource string.
|
29
|
+
#
|
30
|
+
# The resource will be in the following format:
|
31
|
+
#
|
32
|
+
# `projects/{project}/iap_tunnel/locations/{location}/destGroups/{dest_group}`
|
33
|
+
#
|
34
|
+
# @param project [String]
|
35
|
+
# @param location [String]
|
36
|
+
# @param dest_group [String]
|
37
|
+
#
|
38
|
+
# @return [::String]
|
39
|
+
def tunnel_dest_group_path project:, location:, dest_group:
|
40
|
+
raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
|
41
|
+
raise ::ArgumentError, "location cannot contain /" if location.to_s.include? "/"
|
42
|
+
|
43
|
+
"projects/#{project}/iap_tunnel/locations/#{location}/destGroups/#{dest_group}"
|
44
|
+
end
|
45
|
+
|
46
|
+
##
|
47
|
+
# Create a fully-qualified TunnelLocation resource string.
|
48
|
+
#
|
49
|
+
# The resource will be in the following format:
|
50
|
+
#
|
51
|
+
# `projects/{project}/iap_tunnel/locations/{location}`
|
52
|
+
#
|
53
|
+
# @param project [String]
|
54
|
+
# @param location [String]
|
55
|
+
#
|
56
|
+
# @return [::String]
|
57
|
+
def tunnel_location_path project:, location:
|
58
|
+
raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
|
59
|
+
|
60
|
+
"projects/#{project}/iap_tunnel/locations/#{location}"
|
61
|
+
end
|
62
|
+
|
63
|
+
extend self
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
@@ -23,6 +23,7 @@ require "gapic/config/method"
|
|
23
23
|
require "google/cloud/iap/v1/version"
|
24
24
|
|
25
25
|
require "google/cloud/iap/v1/identity_aware_proxy_admin_service/credentials"
|
26
|
+
require "google/cloud/iap/v1/identity_aware_proxy_admin_service/paths"
|
26
27
|
require "google/cloud/iap/v1/identity_aware_proxy_admin_service/client"
|
27
28
|
|
28
29
|
module Google
|
@@ -235,11 +235,12 @@ module Google
|
|
235
235
|
##
|
236
236
|
# Constructs a new OAuth brand for the project if one does not exist.
|
237
237
|
# The created brand is "internal only", meaning that OAuth clients created
|
238
|
-
# under it only accept requests from users who belong to the same
|
239
|
-
# organization as the project. The brand is created in an
|
240
|
-
# NOTE: The "internal only" status can be manually
|
241
|
-
# Cloud
|
242
|
-
# project, and that the specified support email is owned by the
|
238
|
+
# under it only accept requests from users who belong to the same Google
|
239
|
+
# Workspace organization as the project. The brand is created in an
|
240
|
+
# un-reviewed status. NOTE: The "internal only" status can be manually
|
241
|
+
# changed in the Google Cloud Console. Requires that a brand does not already
|
242
|
+
# exist for the project, and that the specified support email is owned by the
|
243
|
+
# caller.
|
243
244
|
#
|
244
245
|
# @overload create_brand(request, options = nil)
|
245
246
|
# Pass arguments to `create_brand` via a request object, either of type
|
@@ -1,18 +1,50 @@
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
2
|
# source: google/cloud/iap/v1/service.proto
|
3
3
|
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
4
6
|
require 'google/api/annotations_pb'
|
7
|
+
require 'google/api/client_pb'
|
5
8
|
require 'google/api/field_behavior_pb'
|
9
|
+
require 'google/api/resource_pb'
|
6
10
|
require 'google/iam/v1/iam_policy_pb'
|
7
11
|
require 'google/iam/v1/policy_pb'
|
12
|
+
require 'google/protobuf/duration_pb'
|
8
13
|
require 'google/protobuf/empty_pb'
|
9
14
|
require 'google/protobuf/field_mask_pb'
|
10
15
|
require 'google/protobuf/wrappers_pb'
|
11
|
-
require 'google/api/client_pb'
|
12
|
-
require 'google/protobuf'
|
13
16
|
|
14
17
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
15
18
|
add_file("google/cloud/iap/v1/service.proto", :syntax => :proto3) do
|
19
|
+
add_message "google.cloud.iap.v1.ListTunnelDestGroupsRequest" do
|
20
|
+
optional :parent, :string, 1
|
21
|
+
optional :page_size, :int32, 2
|
22
|
+
optional :page_token, :string, 3
|
23
|
+
end
|
24
|
+
add_message "google.cloud.iap.v1.ListTunnelDestGroupsResponse" do
|
25
|
+
repeated :tunnel_dest_groups, :message, 1, "google.cloud.iap.v1.TunnelDestGroup"
|
26
|
+
optional :next_page_token, :string, 2
|
27
|
+
end
|
28
|
+
add_message "google.cloud.iap.v1.CreateTunnelDestGroupRequest" do
|
29
|
+
optional :parent, :string, 1
|
30
|
+
optional :tunnel_dest_group, :message, 2, "google.cloud.iap.v1.TunnelDestGroup"
|
31
|
+
optional :tunnel_dest_group_id, :string, 3
|
32
|
+
end
|
33
|
+
add_message "google.cloud.iap.v1.GetTunnelDestGroupRequest" do
|
34
|
+
optional :name, :string, 1
|
35
|
+
end
|
36
|
+
add_message "google.cloud.iap.v1.DeleteTunnelDestGroupRequest" do
|
37
|
+
optional :name, :string, 1
|
38
|
+
end
|
39
|
+
add_message "google.cloud.iap.v1.UpdateTunnelDestGroupRequest" do
|
40
|
+
optional :tunnel_dest_group, :message, 1, "google.cloud.iap.v1.TunnelDestGroup"
|
41
|
+
optional :update_mask, :message, 2, "google.protobuf.FieldMask"
|
42
|
+
end
|
43
|
+
add_message "google.cloud.iap.v1.TunnelDestGroup" do
|
44
|
+
optional :name, :string, 1
|
45
|
+
repeated :cidrs, :string, 2
|
46
|
+
repeated :fqdns, :string, 3
|
47
|
+
end
|
16
48
|
add_message "google.cloud.iap.v1.GetIapSettingsRequest" do
|
17
49
|
optional :name, :string, 1
|
18
50
|
end
|
@@ -29,6 +61,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
29
61
|
optional :gcip_settings, :message, 1, "google.cloud.iap.v1.GcipSettings"
|
30
62
|
optional :cors_settings, :message, 2, "google.cloud.iap.v1.CorsSettings"
|
31
63
|
optional :oauth_settings, :message, 3, "google.cloud.iap.v1.OAuthSettings"
|
64
|
+
optional :reauth_settings, :message, 6, "google.cloud.iap.v1.ReauthSettings"
|
32
65
|
end
|
33
66
|
add_message "google.cloud.iap.v1.GcipSettings" do
|
34
67
|
repeated :tenant_ids, :string, 1
|
@@ -40,6 +73,22 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
40
73
|
add_message "google.cloud.iap.v1.OAuthSettings" do
|
41
74
|
optional :login_hint, :message, 2, "google.protobuf.StringValue"
|
42
75
|
end
|
76
|
+
add_message "google.cloud.iap.v1.ReauthSettings" do
|
77
|
+
optional :method, :enum, 1, "google.cloud.iap.v1.ReauthSettings.Method"
|
78
|
+
optional :max_age, :message, 2, "google.protobuf.Duration"
|
79
|
+
optional :policy_type, :enum, 3, "google.cloud.iap.v1.ReauthSettings.PolicyType"
|
80
|
+
end
|
81
|
+
add_enum "google.cloud.iap.v1.ReauthSettings.Method" do
|
82
|
+
value :METHOD_UNSPECIFIED, 0
|
83
|
+
value :LOGIN, 1
|
84
|
+
value :PASSWORD, 2
|
85
|
+
value :SECURE_KEY, 3
|
86
|
+
end
|
87
|
+
add_enum "google.cloud.iap.v1.ReauthSettings.PolicyType" do
|
88
|
+
value :POLICY_TYPE_UNSPECIFIED, 0
|
89
|
+
value :MINIMUM, 1
|
90
|
+
value :DEFAULT, 2
|
91
|
+
end
|
43
92
|
add_message "google.cloud.iap.v1.ApplicationSettings" do
|
44
93
|
optional :csm_settings, :message, 1, "google.cloud.iap.v1.CsmSettings"
|
45
94
|
optional :access_denied_page_settings, :message, 2, "google.cloud.iap.v1.AccessDeniedPageSettings"
|
@@ -105,6 +154,13 @@ module Google
|
|
105
154
|
module Cloud
|
106
155
|
module Iap
|
107
156
|
module V1
|
157
|
+
ListTunnelDestGroupsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ListTunnelDestGroupsRequest").msgclass
|
158
|
+
ListTunnelDestGroupsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ListTunnelDestGroupsResponse").msgclass
|
159
|
+
CreateTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CreateTunnelDestGroupRequest").msgclass
|
160
|
+
GetTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.GetTunnelDestGroupRequest").msgclass
|
161
|
+
DeleteTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.DeleteTunnelDestGroupRequest").msgclass
|
162
|
+
UpdateTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.UpdateTunnelDestGroupRequest").msgclass
|
163
|
+
TunnelDestGroup = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.TunnelDestGroup").msgclass
|
108
164
|
GetIapSettingsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.GetIapSettingsRequest").msgclass
|
109
165
|
UpdateIapSettingsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.UpdateIapSettingsRequest").msgclass
|
110
166
|
IapSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.IapSettings").msgclass
|
@@ -112,6 +168,9 @@ module Google
|
|
112
168
|
GcipSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.GcipSettings").msgclass
|
113
169
|
CorsSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CorsSettings").msgclass
|
114
170
|
OAuthSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.OAuthSettings").msgclass
|
171
|
+
ReauthSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings").msgclass
|
172
|
+
ReauthSettings::Method = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings.Method").enummodule
|
173
|
+
ReauthSettings::PolicyType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings.PolicyType").enummodule
|
115
174
|
ApplicationSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ApplicationSettings").msgclass
|
116
175
|
CsmSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CsmSettings").msgclass
|
117
176
|
AccessDeniedPageSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.AccessDeniedPageSettings").msgclass
|
@@ -53,6 +53,18 @@ module Google
|
|
53
53
|
# Updates the IAP settings on a particular IAP protected resource. It
|
54
54
|
# replaces all fields unless the `update_mask` is set.
|
55
55
|
rpc :UpdateIapSettings, ::Google::Cloud::Iap::V1::UpdateIapSettingsRequest, ::Google::Cloud::Iap::V1::IapSettings
|
56
|
+
# Lists the existing TunnelDestGroups. To group across all locations, use a
|
57
|
+
# `-` as the location ID. For example:
|
58
|
+
# `/v1/projects/123/iap_tunnel/locations/-/destGroups`
|
59
|
+
rpc :ListTunnelDestGroups, ::Google::Cloud::Iap::V1::ListTunnelDestGroupsRequest, ::Google::Cloud::Iap::V1::ListTunnelDestGroupsResponse
|
60
|
+
# Creates a new TunnelDestGroup.
|
61
|
+
rpc :CreateTunnelDestGroup, ::Google::Cloud::Iap::V1::CreateTunnelDestGroupRequest, ::Google::Cloud::Iap::V1::TunnelDestGroup
|
62
|
+
# Retrieves an existing TunnelDestGroup.
|
63
|
+
rpc :GetTunnelDestGroup, ::Google::Cloud::Iap::V1::GetTunnelDestGroupRequest, ::Google::Cloud::Iap::V1::TunnelDestGroup
|
64
|
+
# Deletes a TunnelDestGroup.
|
65
|
+
rpc :DeleteTunnelDestGroup, ::Google::Cloud::Iap::V1::DeleteTunnelDestGroupRequest, ::Google::Protobuf::Empty
|
66
|
+
# Updates a TunnelDestGroup.
|
67
|
+
rpc :UpdateTunnelDestGroup, ::Google::Cloud::Iap::V1::UpdateTunnelDestGroupRequest, ::Google::Cloud::Iap::V1::TunnelDestGroup
|
56
68
|
end
|
57
69
|
|
58
70
|
Stub = Service.rpc_stub_class
|
@@ -73,11 +85,12 @@ module Google
|
|
73
85
|
rpc :ListBrands, ::Google::Cloud::Iap::V1::ListBrandsRequest, ::Google::Cloud::Iap::V1::ListBrandsResponse
|
74
86
|
# Constructs a new OAuth brand for the project if one does not exist.
|
75
87
|
# The created brand is "internal only", meaning that OAuth clients created
|
76
|
-
# under it only accept requests from users who belong to the same
|
77
|
-
# organization as the project. The brand is created in an
|
78
|
-
# NOTE: The "internal only" status can be manually
|
79
|
-
# Cloud
|
80
|
-
# project, and that the specified support email is owned by the
|
88
|
+
# under it only accept requests from users who belong to the same Google
|
89
|
+
# Workspace organization as the project. The brand is created in an
|
90
|
+
# un-reviewed status. NOTE: The "internal only" status can be manually
|
91
|
+
# changed in the Google Cloud Console. Requires that a brand does not already
|
92
|
+
# exist for the project, and that the specified support email is owned by the
|
93
|
+
# caller.
|
81
94
|
rpc :CreateBrand, ::Google::Cloud::Iap::V1::CreateBrandRequest, ::Google::Cloud::Iap::V1::Brand
|
82
95
|
# Retrieves the OAuth brand of the project.
|
83
96
|
rpc :GetBrand, ::Google::Cloud::Iap::V1::GetBrandRequest, ::Google::Cloud::Iap::V1::Brand
|
data/lib/google/cloud/iap/v1.rb
CHANGED
@@ -33,11 +33,7 @@ module Google
|
|
33
33
|
# // For Kubernetes resources, the format is {api group}/{kind}.
|
34
34
|
# option (google.api.resource) = {
|
35
35
|
# type: "pubsub.googleapis.com/Topic"
|
36
|
-
#
|
37
|
-
# pattern: "projects/{project}/topics/{topic}"
|
38
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
39
|
-
# parent_name_extractor: "projects/{project}"
|
40
|
-
# }
|
36
|
+
# pattern: "projects/{project}/topics/{topic}"
|
41
37
|
# };
|
42
38
|
# }
|
43
39
|
#
|
@@ -45,10 +41,7 @@ module Google
|
|
45
41
|
#
|
46
42
|
# resources:
|
47
43
|
# - type: "pubsub.googleapis.com/Topic"
|
48
|
-
#
|
49
|
-
# - pattern: "projects/{project}/topics/{topic}"
|
50
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
51
|
-
# parent_name_extractor: "projects/{project}"
|
44
|
+
# pattern: "projects/{project}/topics/{topic}"
|
52
45
|
#
|
53
46
|
# Sometimes, resources have multiple patterns, typically because they can
|
54
47
|
# live under multiple parents.
|
@@ -58,26 +51,10 @@ module Google
|
|
58
51
|
# message LogEntry {
|
59
52
|
# option (google.api.resource) = {
|
60
53
|
# type: "logging.googleapis.com/LogEntry"
|
61
|
-
#
|
62
|
-
#
|
63
|
-
#
|
64
|
-
#
|
65
|
-
# }
|
66
|
-
# name_descriptor: {
|
67
|
-
# pattern: "folders/{folder}/logs/{log}"
|
68
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
69
|
-
# parent_name_extractor: "folders/{folder}"
|
70
|
-
# }
|
71
|
-
# name_descriptor: {
|
72
|
-
# pattern: "organizations/{organization}/logs/{log}"
|
73
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
74
|
-
# parent_name_extractor: "organizations/{organization}"
|
75
|
-
# }
|
76
|
-
# name_descriptor: {
|
77
|
-
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
78
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
79
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
80
|
-
# }
|
54
|
+
# pattern: "projects/{project}/logs/{log}"
|
55
|
+
# pattern: "folders/{folder}/logs/{log}"
|
56
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
57
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
81
58
|
# };
|
82
59
|
# }
|
83
60
|
#
|
@@ -85,48 +62,10 @@ module Google
|
|
85
62
|
#
|
86
63
|
# resources:
|
87
64
|
# - type: 'logging.googleapis.com/LogEntry'
|
88
|
-
#
|
89
|
-
#
|
90
|
-
#
|
91
|
-
#
|
92
|
-
# - pattern: "folders/{folder}/logs/{log}"
|
93
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
94
|
-
# parent_name_extractor: "folders/{folder}"
|
95
|
-
# - pattern: "organizations/{organization}/logs/{log}"
|
96
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
97
|
-
# parent_name_extractor: "organizations/{organization}"
|
98
|
-
# - pattern: "billingAccounts/{billing_account}/logs/{log}"
|
99
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
100
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
101
|
-
#
|
102
|
-
# For flexible resources, the resource name doesn't contain parent names, but
|
103
|
-
# the resource itself has parents for policy evaluation.
|
104
|
-
#
|
105
|
-
# Example:
|
106
|
-
#
|
107
|
-
# message Shelf {
|
108
|
-
# option (google.api.resource) = {
|
109
|
-
# type: "library.googleapis.com/Shelf"
|
110
|
-
# name_descriptor: {
|
111
|
-
# pattern: "shelves/{shelf}"
|
112
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
113
|
-
# }
|
114
|
-
# name_descriptor: {
|
115
|
-
# pattern: "shelves/{shelf}"
|
116
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
117
|
-
# }
|
118
|
-
# };
|
119
|
-
# }
|
120
|
-
#
|
121
|
-
# The ResourceDescriptor Yaml config will look like:
|
122
|
-
#
|
123
|
-
# resources:
|
124
|
-
# - type: 'library.googleapis.com/Shelf'
|
125
|
-
# name_descriptor:
|
126
|
-
# - pattern: "shelves/{shelf}"
|
127
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
128
|
-
# - pattern: "shelves/{shelf}"
|
129
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
65
|
+
# pattern: "projects/{project}/logs/{log}"
|
66
|
+
# pattern: "folders/{folder}/logs/{log}"
|
67
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
68
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
130
69
|
# @!attribute [rw] type
|
131
70
|
# @return [::String]
|
132
71
|
# The resource type. It must be in the format of
|
@@ -21,6 +21,118 @@ module Google
|
|
21
21
|
module Cloud
|
22
22
|
module Iap
|
23
23
|
module V1
|
24
|
+
# The request to ListTunnelDestGroups.
|
25
|
+
# @!attribute [rw] parent
|
26
|
+
# @return [::String]
|
27
|
+
# Required. Google Cloud Project ID and location.
|
28
|
+
# In the following format:
|
29
|
+
# `projects/{project_number/id}/iap_tunnel/locations/{location}`.
|
30
|
+
# A `-` can be used for the location to group across all locations.
|
31
|
+
# @!attribute [rw] page_size
|
32
|
+
# @return [::Integer]
|
33
|
+
# The maximum number of groups to return. The service might return fewer than
|
34
|
+
# this value.
|
35
|
+
# If unspecified, at most 100 groups are returned.
|
36
|
+
# The maximum value is 1000; values above 1000 are coerced to 1000.
|
37
|
+
# @!attribute [rw] page_token
|
38
|
+
# @return [::String]
|
39
|
+
# A page token, received from a previous `ListTunnelDestGroups`
|
40
|
+
# call. Provide this to retrieve the subsequent page.
|
41
|
+
#
|
42
|
+
# When paginating, all other parameters provided to
|
43
|
+
# `ListTunnelDestGroups` must match the call that provided the page
|
44
|
+
# token.
|
45
|
+
class ListTunnelDestGroupsRequest
|
46
|
+
include ::Google::Protobuf::MessageExts
|
47
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
48
|
+
end
|
49
|
+
|
50
|
+
# The response from ListTunnelDestGroups.
|
51
|
+
# @!attribute [rw] tunnel_dest_groups
|
52
|
+
# @return [::Array<::Google::Cloud::Iap::V1::TunnelDestGroup>]
|
53
|
+
# TunnelDestGroup existing in the project.
|
54
|
+
# @!attribute [rw] next_page_token
|
55
|
+
# @return [::String]
|
56
|
+
# A token that you can send as `page_token` to retrieve the next page.
|
57
|
+
# If this field is omitted, there are no subsequent pages.
|
58
|
+
class ListTunnelDestGroupsResponse
|
59
|
+
include ::Google::Protobuf::MessageExts
|
60
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
61
|
+
end
|
62
|
+
|
63
|
+
# The request to CreateTunnelDestGroup.
|
64
|
+
# @!attribute [rw] parent
|
65
|
+
# @return [::String]
|
66
|
+
# Required. Google Cloud Project ID and location.
|
67
|
+
# In the following format:
|
68
|
+
# `projects/{project_number/id}/iap_tunnel/locations/{location}`.
|
69
|
+
# @!attribute [rw] tunnel_dest_group
|
70
|
+
# @return [::Google::Cloud::Iap::V1::TunnelDestGroup]
|
71
|
+
# Required. The TunnelDestGroup to create.
|
72
|
+
# @!attribute [rw] tunnel_dest_group_id
|
73
|
+
# @return [::String]
|
74
|
+
# Required. The ID to use for the TunnelDestGroup, which becomes the final component of
|
75
|
+
# the resource name.
|
76
|
+
#
|
77
|
+
# This value must be 4-63 characters, and valid characters
|
78
|
+
# are `[a-z][0-9]-`.
|
79
|
+
class CreateTunnelDestGroupRequest
|
80
|
+
include ::Google::Protobuf::MessageExts
|
81
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
82
|
+
end
|
83
|
+
|
84
|
+
# The request to GetTunnelDestGroup.
|
85
|
+
# @!attribute [rw] name
|
86
|
+
# @return [::String]
|
87
|
+
# Required. Name of the TunnelDestGroup to be fetched.
|
88
|
+
# In the following format:
|
89
|
+
# `projects/{project_number/id}/iap_tunnel/locations/{location}/destGroups/{dest_group}`.
|
90
|
+
class GetTunnelDestGroupRequest
|
91
|
+
include ::Google::Protobuf::MessageExts
|
92
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
93
|
+
end
|
94
|
+
|
95
|
+
# The request to DeleteTunnelDestGroup.
|
96
|
+
# @!attribute [rw] name
|
97
|
+
# @return [::String]
|
98
|
+
# Required. Name of the TunnelDestGroup to delete.
|
99
|
+
# In the following format:
|
100
|
+
# `projects/{project_number/id}/iap_tunnel/locations/{location}/destGroups/{dest_group}`.
|
101
|
+
class DeleteTunnelDestGroupRequest
|
102
|
+
include ::Google::Protobuf::MessageExts
|
103
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
104
|
+
end
|
105
|
+
|
106
|
+
# The request to UpdateTunnelDestGroup.
|
107
|
+
# @!attribute [rw] tunnel_dest_group
|
108
|
+
# @return [::Google::Cloud::Iap::V1::TunnelDestGroup]
|
109
|
+
# Required. The new values for the TunnelDestGroup.
|
110
|
+
# @!attribute [rw] update_mask
|
111
|
+
# @return [::Google::Protobuf::FieldMask]
|
112
|
+
# A field mask that specifies which IAP settings to update.
|
113
|
+
# If omitted, then all of the settings are updated. See
|
114
|
+
# https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask
|
115
|
+
class UpdateTunnelDestGroupRequest
|
116
|
+
include ::Google::Protobuf::MessageExts
|
117
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
118
|
+
end
|
119
|
+
|
120
|
+
# A TunnelDestGroup.
|
121
|
+
# @!attribute [rw] name
|
122
|
+
# @return [::String]
|
123
|
+
# Required. Immutable. Identifier for the TunnelDestGroup. Must be unique within the
|
124
|
+
# project.
|
125
|
+
# @!attribute [rw] cidrs
|
126
|
+
# @return [::Array<::String>]
|
127
|
+
# null List of CIDRs that this group applies to.
|
128
|
+
# @!attribute [rw] fqdns
|
129
|
+
# @return [::Array<::String>]
|
130
|
+
# null List of FQDNs that this group applies to.
|
131
|
+
class TunnelDestGroup
|
132
|
+
include ::Google::Protobuf::MessageExts
|
133
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
134
|
+
end
|
135
|
+
|
24
136
|
# The request sent to GetIapSettings.
|
25
137
|
# @!attribute [rw] name
|
26
138
|
# @return [::String]
|
@@ -73,6 +185,9 @@ module Google
|
|
73
185
|
# @!attribute [rw] oauth_settings
|
74
186
|
# @return [::Google::Cloud::Iap::V1::OAuthSettings]
|
75
187
|
# Settings to configure IAP's OAuth behavior.
|
188
|
+
# @!attribute [rw] reauth_settings
|
189
|
+
# @return [::Google::Cloud::Iap::V1::ReauthSettings]
|
190
|
+
# Settings to configure reauthentication policies in IAP.
|
76
191
|
class AccessSettings
|
77
192
|
include ::Google::Protobuf::MessageExts
|
78
193
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -122,6 +237,55 @@ module Google
|
|
122
237
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
123
238
|
end
|
124
239
|
|
240
|
+
# Configuration for IAP reauthentication policies.
|
241
|
+
# @!attribute [rw] method
|
242
|
+
# @return [::Google::Cloud::Iap::V1::ReauthSettings::Method]
|
243
|
+
# Reauth method required by the policy.
|
244
|
+
# @!attribute [rw] max_age
|
245
|
+
# @return [::Google::Protobuf::Duration]
|
246
|
+
# Reauth session lifetime, how long before a user has to reauthenticate
|
247
|
+
# again.
|
248
|
+
# @!attribute [rw] policy_type
|
249
|
+
# @return [::Google::Cloud::Iap::V1::ReauthSettings::PolicyType]
|
250
|
+
# How IAP determines the effective policy in cases of hierarchial policies.
|
251
|
+
# Policies are merged from higher in the hierarchy to lower in the hierarchy.
|
252
|
+
class ReauthSettings
|
253
|
+
include ::Google::Protobuf::MessageExts
|
254
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
255
|
+
|
256
|
+
# Types of reauthentication methods supported by IAP.
|
257
|
+
module Method
|
258
|
+
# Reauthentication disabled.
|
259
|
+
METHOD_UNSPECIFIED = 0
|
260
|
+
|
261
|
+
# Mimics the behavior as if the user had logged out and tried to log in
|
262
|
+
# again. Users with 2SV (2-step verification) enabled see their 2SV
|
263
|
+
# challenges if they did not opt to have their second factor responses
|
264
|
+
# saved. Apps Core (GSuites) admins can configure settings to disable 2SV
|
265
|
+
# cookies and require 2SV for all Apps Core users in their domains.
|
266
|
+
LOGIN = 1
|
267
|
+
|
268
|
+
# User must type their password.
|
269
|
+
PASSWORD = 2
|
270
|
+
|
271
|
+
# User must use their secure key 2nd factor device.
|
272
|
+
SECURE_KEY = 3
|
273
|
+
end
|
274
|
+
|
275
|
+
# Type of policy in the case of hierarchial policies.
|
276
|
+
module PolicyType
|
277
|
+
# Default value. This value is unused.
|
278
|
+
POLICY_TYPE_UNSPECIFIED = 0
|
279
|
+
|
280
|
+
# This policy acts as a minimum to other policies, lower in the hierarchy.
|
281
|
+
# Effective policy may only be the same or stricter.
|
282
|
+
MINIMUM = 1
|
283
|
+
|
284
|
+
# This policy acts as a default if no other reauth policy is set.
|
285
|
+
DEFAULT = 2
|
286
|
+
end
|
287
|
+
end
|
288
|
+
|
125
289
|
# Wrapper over application specific settings for IAP.
|
126
290
|
# @!attribute [rw] csm_settings
|
127
291
|
# @return [::Google::Cloud::Iap::V1::CsmSettings]
|
@@ -31,6 +31,13 @@ module Google
|
|
31
31
|
# the policy is limited to a few 10s of KB. An empty policy is a
|
32
32
|
# valid policy but certain Cloud Platform services (such as Projects)
|
33
33
|
# might reject them.
|
34
|
+
# @!attribute [rw] update_mask
|
35
|
+
# @return [::Google::Protobuf::FieldMask]
|
36
|
+
# OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
|
37
|
+
# the fields in the mask will be modified. If no mask is provided, the
|
38
|
+
# following default mask is used:
|
39
|
+
#
|
40
|
+
# `paths: "bindings, etag"`
|
34
41
|
class SetIamPolicyRequest
|
35
42
|
include ::Google::Protobuf::MessageExts
|
36
43
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -44,7 +51,7 @@ module Google
|
|
44
51
|
# @!attribute [rw] options
|
45
52
|
# @return [::Google::Iam::V1::GetPolicyOptions]
|
46
53
|
# OPTIONAL: A `GetPolicyOptions` object for specifying options to
|
47
|
-
# `GetIamPolicy`.
|
54
|
+
# `GetIamPolicy`.
|
48
55
|
class GetIamPolicyRequest
|
49
56
|
include ::Google::Protobuf::MessageExts
|
50
57
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -23,14 +23,24 @@ module Google
|
|
23
23
|
# Encapsulates settings provided to GetIamPolicy.
|
24
24
|
# @!attribute [rw] requested_policy_version
|
25
25
|
# @return [::Integer]
|
26
|
-
# Optional. The policy
|
26
|
+
# Optional. The maximum policy version that will be used to format the
|
27
|
+
# policy.
|
27
28
|
#
|
28
29
|
# Valid values are 0, 1, and 3. Requests specifying an invalid value will be
|
29
30
|
# rejected.
|
30
31
|
#
|
31
|
-
# Requests for policies with any conditional bindings must specify
|
32
|
-
# Policies
|
33
|
-
# leave the field unset.
|
32
|
+
# Requests for policies with any conditional role bindings must specify
|
33
|
+
# version 3. Policies with no conditional role bindings may specify any valid
|
34
|
+
# value or leave the field unset.
|
35
|
+
#
|
36
|
+
# The policy in the response might use the policy version that you specified,
|
37
|
+
# or it might use a lower policy version. For example, if you specify version
|
38
|
+
# 3, but the policy has no conditional role bindings, the response uses
|
39
|
+
# version 1.
|
40
|
+
#
|
41
|
+
# To learn which resources support conditions in their IAM policies, see the
|
42
|
+
# [IAM
|
43
|
+
# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
|
34
44
|
class GetPolicyOptions
|
35
45
|
include ::Google::Protobuf::MessageExts
|
36
46
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|