google-cloud-iap-v1 0.1.2 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,69 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module Iap
23
+ module V1
24
+ module IdentityAwareProxyAdminService
25
+ # Path helper methods for the IdentityAwareProxyAdminService API.
26
+ module Paths
27
+ ##
28
+ # Create a fully-qualified TunnelDestGroup resource string.
29
+ #
30
+ # The resource will be in the following format:
31
+ #
32
+ # `projects/{project}/iap_tunnel/locations/{location}/destGroups/{dest_group}`
33
+ #
34
+ # @param project [String]
35
+ # @param location [String]
36
+ # @param dest_group [String]
37
+ #
38
+ # @return [::String]
39
+ def tunnel_dest_group_path project:, location:, dest_group:
40
+ raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
41
+ raise ::ArgumentError, "location cannot contain /" if location.to_s.include? "/"
42
+
43
+ "projects/#{project}/iap_tunnel/locations/#{location}/destGroups/#{dest_group}"
44
+ end
45
+
46
+ ##
47
+ # Create a fully-qualified TunnelLocation resource string.
48
+ #
49
+ # The resource will be in the following format:
50
+ #
51
+ # `projects/{project}/iap_tunnel/locations/{location}`
52
+ #
53
+ # @param project [String]
54
+ # @param location [String]
55
+ #
56
+ # @return [::String]
57
+ def tunnel_location_path project:, location:
58
+ raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
59
+
60
+ "projects/#{project}/iap_tunnel/locations/#{location}"
61
+ end
62
+
63
+ extend self
64
+ end
65
+ end
66
+ end
67
+ end
68
+ end
69
+ end
@@ -23,6 +23,7 @@ require "gapic/config/method"
23
23
  require "google/cloud/iap/v1/version"
24
24
 
25
25
  require "google/cloud/iap/v1/identity_aware_proxy_admin_service/credentials"
26
+ require "google/cloud/iap/v1/identity_aware_proxy_admin_service/paths"
26
27
  require "google/cloud/iap/v1/identity_aware_proxy_admin_service/client"
27
28
 
28
29
  module Google
@@ -235,11 +235,12 @@ module Google
235
235
  ##
236
236
  # Constructs a new OAuth brand for the project if one does not exist.
237
237
  # The created brand is "internal only", meaning that OAuth clients created
238
- # under it only accept requests from users who belong to the same G Suite
239
- # organization as the project. The brand is created in an un-reviewed status.
240
- # NOTE: The "internal only" status can be manually changed in the Google
241
- # Cloud console. Requires that a brand does not already exist for the
242
- # project, and that the specified support email is owned by the caller.
238
+ # under it only accept requests from users who belong to the same Google
239
+ # Workspace organization as the project. The brand is created in an
240
+ # un-reviewed status. NOTE: The "internal only" status can be manually
241
+ # changed in the Google Cloud Console. Requires that a brand does not already
242
+ # exist for the project, and that the specified support email is owned by the
243
+ # caller.
243
244
  #
244
245
  # @overload create_brand(request, options = nil)
245
246
  # Pass arguments to `create_brand` via a request object, either of type
@@ -1,18 +1,50 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: google/cloud/iap/v1/service.proto
3
3
 
4
+ require 'google/protobuf'
5
+
4
6
  require 'google/api/annotations_pb'
7
+ require 'google/api/client_pb'
5
8
  require 'google/api/field_behavior_pb'
9
+ require 'google/api/resource_pb'
6
10
  require 'google/iam/v1/iam_policy_pb'
7
11
  require 'google/iam/v1/policy_pb'
12
+ require 'google/protobuf/duration_pb'
8
13
  require 'google/protobuf/empty_pb'
9
14
  require 'google/protobuf/field_mask_pb'
10
15
  require 'google/protobuf/wrappers_pb'
11
- require 'google/api/client_pb'
12
- require 'google/protobuf'
13
16
 
14
17
  Google::Protobuf::DescriptorPool.generated_pool.build do
15
18
  add_file("google/cloud/iap/v1/service.proto", :syntax => :proto3) do
19
+ add_message "google.cloud.iap.v1.ListTunnelDestGroupsRequest" do
20
+ optional :parent, :string, 1
21
+ optional :page_size, :int32, 2
22
+ optional :page_token, :string, 3
23
+ end
24
+ add_message "google.cloud.iap.v1.ListTunnelDestGroupsResponse" do
25
+ repeated :tunnel_dest_groups, :message, 1, "google.cloud.iap.v1.TunnelDestGroup"
26
+ optional :next_page_token, :string, 2
27
+ end
28
+ add_message "google.cloud.iap.v1.CreateTunnelDestGroupRequest" do
29
+ optional :parent, :string, 1
30
+ optional :tunnel_dest_group, :message, 2, "google.cloud.iap.v1.TunnelDestGroup"
31
+ optional :tunnel_dest_group_id, :string, 3
32
+ end
33
+ add_message "google.cloud.iap.v1.GetTunnelDestGroupRequest" do
34
+ optional :name, :string, 1
35
+ end
36
+ add_message "google.cloud.iap.v1.DeleteTunnelDestGroupRequest" do
37
+ optional :name, :string, 1
38
+ end
39
+ add_message "google.cloud.iap.v1.UpdateTunnelDestGroupRequest" do
40
+ optional :tunnel_dest_group, :message, 1, "google.cloud.iap.v1.TunnelDestGroup"
41
+ optional :update_mask, :message, 2, "google.protobuf.FieldMask"
42
+ end
43
+ add_message "google.cloud.iap.v1.TunnelDestGroup" do
44
+ optional :name, :string, 1
45
+ repeated :cidrs, :string, 2
46
+ repeated :fqdns, :string, 3
47
+ end
16
48
  add_message "google.cloud.iap.v1.GetIapSettingsRequest" do
17
49
  optional :name, :string, 1
18
50
  end
@@ -29,6 +61,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
29
61
  optional :gcip_settings, :message, 1, "google.cloud.iap.v1.GcipSettings"
30
62
  optional :cors_settings, :message, 2, "google.cloud.iap.v1.CorsSettings"
31
63
  optional :oauth_settings, :message, 3, "google.cloud.iap.v1.OAuthSettings"
64
+ optional :reauth_settings, :message, 6, "google.cloud.iap.v1.ReauthSettings"
32
65
  end
33
66
  add_message "google.cloud.iap.v1.GcipSettings" do
34
67
  repeated :tenant_ids, :string, 1
@@ -40,6 +73,22 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
40
73
  add_message "google.cloud.iap.v1.OAuthSettings" do
41
74
  optional :login_hint, :message, 2, "google.protobuf.StringValue"
42
75
  end
76
+ add_message "google.cloud.iap.v1.ReauthSettings" do
77
+ optional :method, :enum, 1, "google.cloud.iap.v1.ReauthSettings.Method"
78
+ optional :max_age, :message, 2, "google.protobuf.Duration"
79
+ optional :policy_type, :enum, 3, "google.cloud.iap.v1.ReauthSettings.PolicyType"
80
+ end
81
+ add_enum "google.cloud.iap.v1.ReauthSettings.Method" do
82
+ value :METHOD_UNSPECIFIED, 0
83
+ value :LOGIN, 1
84
+ value :PASSWORD, 2
85
+ value :SECURE_KEY, 3
86
+ end
87
+ add_enum "google.cloud.iap.v1.ReauthSettings.PolicyType" do
88
+ value :POLICY_TYPE_UNSPECIFIED, 0
89
+ value :MINIMUM, 1
90
+ value :DEFAULT, 2
91
+ end
43
92
  add_message "google.cloud.iap.v1.ApplicationSettings" do
44
93
  optional :csm_settings, :message, 1, "google.cloud.iap.v1.CsmSettings"
45
94
  optional :access_denied_page_settings, :message, 2, "google.cloud.iap.v1.AccessDeniedPageSettings"
@@ -105,6 +154,13 @@ module Google
105
154
  module Cloud
106
155
  module Iap
107
156
  module V1
157
+ ListTunnelDestGroupsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ListTunnelDestGroupsRequest").msgclass
158
+ ListTunnelDestGroupsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ListTunnelDestGroupsResponse").msgclass
159
+ CreateTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CreateTunnelDestGroupRequest").msgclass
160
+ GetTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.GetTunnelDestGroupRequest").msgclass
161
+ DeleteTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.DeleteTunnelDestGroupRequest").msgclass
162
+ UpdateTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.UpdateTunnelDestGroupRequest").msgclass
163
+ TunnelDestGroup = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.TunnelDestGroup").msgclass
108
164
  GetIapSettingsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.GetIapSettingsRequest").msgclass
109
165
  UpdateIapSettingsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.UpdateIapSettingsRequest").msgclass
110
166
  IapSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.IapSettings").msgclass
@@ -112,6 +168,9 @@ module Google
112
168
  GcipSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.GcipSettings").msgclass
113
169
  CorsSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CorsSettings").msgclass
114
170
  OAuthSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.OAuthSettings").msgclass
171
+ ReauthSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings").msgclass
172
+ ReauthSettings::Method = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings.Method").enummodule
173
+ ReauthSettings::PolicyType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings.PolicyType").enummodule
115
174
  ApplicationSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ApplicationSettings").msgclass
116
175
  CsmSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CsmSettings").msgclass
117
176
  AccessDeniedPageSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.AccessDeniedPageSettings").msgclass
@@ -53,6 +53,18 @@ module Google
53
53
  # Updates the IAP settings on a particular IAP protected resource. It
54
54
  # replaces all fields unless the `update_mask` is set.
55
55
  rpc :UpdateIapSettings, ::Google::Cloud::Iap::V1::UpdateIapSettingsRequest, ::Google::Cloud::Iap::V1::IapSettings
56
+ # Lists the existing TunnelDestGroups. To group across all locations, use a
57
+ # `-` as the location ID. For example:
58
+ # `/v1/projects/123/iap_tunnel/locations/-/destGroups`
59
+ rpc :ListTunnelDestGroups, ::Google::Cloud::Iap::V1::ListTunnelDestGroupsRequest, ::Google::Cloud::Iap::V1::ListTunnelDestGroupsResponse
60
+ # Creates a new TunnelDestGroup.
61
+ rpc :CreateTunnelDestGroup, ::Google::Cloud::Iap::V1::CreateTunnelDestGroupRequest, ::Google::Cloud::Iap::V1::TunnelDestGroup
62
+ # Retrieves an existing TunnelDestGroup.
63
+ rpc :GetTunnelDestGroup, ::Google::Cloud::Iap::V1::GetTunnelDestGroupRequest, ::Google::Cloud::Iap::V1::TunnelDestGroup
64
+ # Deletes a TunnelDestGroup.
65
+ rpc :DeleteTunnelDestGroup, ::Google::Cloud::Iap::V1::DeleteTunnelDestGroupRequest, ::Google::Protobuf::Empty
66
+ # Updates a TunnelDestGroup.
67
+ rpc :UpdateTunnelDestGroup, ::Google::Cloud::Iap::V1::UpdateTunnelDestGroupRequest, ::Google::Cloud::Iap::V1::TunnelDestGroup
56
68
  end
57
69
 
58
70
  Stub = Service.rpc_stub_class
@@ -73,11 +85,12 @@ module Google
73
85
  rpc :ListBrands, ::Google::Cloud::Iap::V1::ListBrandsRequest, ::Google::Cloud::Iap::V1::ListBrandsResponse
74
86
  # Constructs a new OAuth brand for the project if one does not exist.
75
87
  # The created brand is "internal only", meaning that OAuth clients created
76
- # under it only accept requests from users who belong to the same G Suite
77
- # organization as the project. The brand is created in an un-reviewed status.
78
- # NOTE: The "internal only" status can be manually changed in the Google
79
- # Cloud console. Requires that a brand does not already exist for the
80
- # project, and that the specified support email is owned by the caller.
88
+ # under it only accept requests from users who belong to the same Google
89
+ # Workspace organization as the project. The brand is created in an
90
+ # un-reviewed status. NOTE: The "internal only" status can be manually
91
+ # changed in the Google Cloud Console. Requires that a brand does not already
92
+ # exist for the project, and that the specified support email is owned by the
93
+ # caller.
81
94
  rpc :CreateBrand, ::Google::Cloud::Iap::V1::CreateBrandRequest, ::Google::Cloud::Iap::V1::Brand
82
95
  # Retrieves the OAuth brand of the project.
83
96
  rpc :GetBrand, ::Google::Cloud::Iap::V1::GetBrandRequest, ::Google::Cloud::Iap::V1::Brand
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module Iap
23
23
  module V1
24
- VERSION = "0.1.2"
24
+ VERSION = "0.3.0"
25
25
  end
26
26
  end
27
27
  end
@@ -26,6 +26,8 @@ module Google
26
26
  ##
27
27
  # To load this package, including all its services, and instantiate a client:
28
28
  #
29
+ # @example
30
+ #
29
31
  # require "google/cloud/iap/v1"
30
32
  # client = ::Google::Cloud::Iap::V1::IdentityAwareProxyAdminService::Client.new
31
33
  #
@@ -33,11 +33,7 @@ module Google
33
33
  # // For Kubernetes resources, the format is {api group}/{kind}.
34
34
  # option (google.api.resource) = {
35
35
  # type: "pubsub.googleapis.com/Topic"
36
- # name_descriptor: {
37
- # pattern: "projects/{project}/topics/{topic}"
38
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
39
- # parent_name_extractor: "projects/{project}"
40
- # }
36
+ # pattern: "projects/{project}/topics/{topic}"
41
37
  # };
42
38
  # }
43
39
  #
@@ -45,10 +41,7 @@ module Google
45
41
  #
46
42
  # resources:
47
43
  # - type: "pubsub.googleapis.com/Topic"
48
- # name_descriptor:
49
- # - pattern: "projects/{project}/topics/{topic}"
50
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
51
- # parent_name_extractor: "projects/{project}"
44
+ # pattern: "projects/{project}/topics/{topic}"
52
45
  #
53
46
  # Sometimes, resources have multiple patterns, typically because they can
54
47
  # live under multiple parents.
@@ -58,26 +51,10 @@ module Google
58
51
  # message LogEntry {
59
52
  # option (google.api.resource) = {
60
53
  # type: "logging.googleapis.com/LogEntry"
61
- # name_descriptor: {
62
- # pattern: "projects/{project}/logs/{log}"
63
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
64
- # parent_name_extractor: "projects/{project}"
65
- # }
66
- # name_descriptor: {
67
- # pattern: "folders/{folder}/logs/{log}"
68
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
69
- # parent_name_extractor: "folders/{folder}"
70
- # }
71
- # name_descriptor: {
72
- # pattern: "organizations/{organization}/logs/{log}"
73
- # parent_type: "cloudresourcemanager.googleapis.com/Organization"
74
- # parent_name_extractor: "organizations/{organization}"
75
- # }
76
- # name_descriptor: {
77
- # pattern: "billingAccounts/{billing_account}/logs/{log}"
78
- # parent_type: "billing.googleapis.com/BillingAccount"
79
- # parent_name_extractor: "billingAccounts/{billing_account}"
80
- # }
54
+ # pattern: "projects/{project}/logs/{log}"
55
+ # pattern: "folders/{folder}/logs/{log}"
56
+ # pattern: "organizations/{organization}/logs/{log}"
57
+ # pattern: "billingAccounts/{billing_account}/logs/{log}"
81
58
  # };
82
59
  # }
83
60
  #
@@ -85,48 +62,10 @@ module Google
85
62
  #
86
63
  # resources:
87
64
  # - type: 'logging.googleapis.com/LogEntry'
88
- # name_descriptor:
89
- # - pattern: "projects/{project}/logs/{log}"
90
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
91
- # parent_name_extractor: "projects/{project}"
92
- # - pattern: "folders/{folder}/logs/{log}"
93
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
94
- # parent_name_extractor: "folders/{folder}"
95
- # - pattern: "organizations/{organization}/logs/{log}"
96
- # parent_type: "cloudresourcemanager.googleapis.com/Organization"
97
- # parent_name_extractor: "organizations/{organization}"
98
- # - pattern: "billingAccounts/{billing_account}/logs/{log}"
99
- # parent_type: "billing.googleapis.com/BillingAccount"
100
- # parent_name_extractor: "billingAccounts/{billing_account}"
101
- #
102
- # For flexible resources, the resource name doesn't contain parent names, but
103
- # the resource itself has parents for policy evaluation.
104
- #
105
- # Example:
106
- #
107
- # message Shelf {
108
- # option (google.api.resource) = {
109
- # type: "library.googleapis.com/Shelf"
110
- # name_descriptor: {
111
- # pattern: "shelves/{shelf}"
112
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
113
- # }
114
- # name_descriptor: {
115
- # pattern: "shelves/{shelf}"
116
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
117
- # }
118
- # };
119
- # }
120
- #
121
- # The ResourceDescriptor Yaml config will look like:
122
- #
123
- # resources:
124
- # - type: 'library.googleapis.com/Shelf'
125
- # name_descriptor:
126
- # - pattern: "shelves/{shelf}"
127
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
128
- # - pattern: "shelves/{shelf}"
129
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
65
+ # pattern: "projects/{project}/logs/{log}"
66
+ # pattern: "folders/{folder}/logs/{log}"
67
+ # pattern: "organizations/{organization}/logs/{log}"
68
+ # pattern: "billingAccounts/{billing_account}/logs/{log}"
130
69
  # @!attribute [rw] type
131
70
  # @return [::String]
132
71
  # The resource type. It must be in the format of
@@ -21,6 +21,118 @@ module Google
21
21
  module Cloud
22
22
  module Iap
23
23
  module V1
24
+ # The request to ListTunnelDestGroups.
25
+ # @!attribute [rw] parent
26
+ # @return [::String]
27
+ # Required. Google Cloud Project ID and location.
28
+ # In the following format:
29
+ # `projects/{project_number/id}/iap_tunnel/locations/{location}`.
30
+ # A `-` can be used for the location to group across all locations.
31
+ # @!attribute [rw] page_size
32
+ # @return [::Integer]
33
+ # The maximum number of groups to return. The service might return fewer than
34
+ # this value.
35
+ # If unspecified, at most 100 groups are returned.
36
+ # The maximum value is 1000; values above 1000 are coerced to 1000.
37
+ # @!attribute [rw] page_token
38
+ # @return [::String]
39
+ # A page token, received from a previous `ListTunnelDestGroups`
40
+ # call. Provide this to retrieve the subsequent page.
41
+ #
42
+ # When paginating, all other parameters provided to
43
+ # `ListTunnelDestGroups` must match the call that provided the page
44
+ # token.
45
+ class ListTunnelDestGroupsRequest
46
+ include ::Google::Protobuf::MessageExts
47
+ extend ::Google::Protobuf::MessageExts::ClassMethods
48
+ end
49
+
50
+ # The response from ListTunnelDestGroups.
51
+ # @!attribute [rw] tunnel_dest_groups
52
+ # @return [::Array<::Google::Cloud::Iap::V1::TunnelDestGroup>]
53
+ # TunnelDestGroup existing in the project.
54
+ # @!attribute [rw] next_page_token
55
+ # @return [::String]
56
+ # A token that you can send as `page_token` to retrieve the next page.
57
+ # If this field is omitted, there are no subsequent pages.
58
+ class ListTunnelDestGroupsResponse
59
+ include ::Google::Protobuf::MessageExts
60
+ extend ::Google::Protobuf::MessageExts::ClassMethods
61
+ end
62
+
63
+ # The request to CreateTunnelDestGroup.
64
+ # @!attribute [rw] parent
65
+ # @return [::String]
66
+ # Required. Google Cloud Project ID and location.
67
+ # In the following format:
68
+ # `projects/{project_number/id}/iap_tunnel/locations/{location}`.
69
+ # @!attribute [rw] tunnel_dest_group
70
+ # @return [::Google::Cloud::Iap::V1::TunnelDestGroup]
71
+ # Required. The TunnelDestGroup to create.
72
+ # @!attribute [rw] tunnel_dest_group_id
73
+ # @return [::String]
74
+ # Required. The ID to use for the TunnelDestGroup, which becomes the final component of
75
+ # the resource name.
76
+ #
77
+ # This value must be 4-63 characters, and valid characters
78
+ # are `[a-z][0-9]-`.
79
+ class CreateTunnelDestGroupRequest
80
+ include ::Google::Protobuf::MessageExts
81
+ extend ::Google::Protobuf::MessageExts::ClassMethods
82
+ end
83
+
84
+ # The request to GetTunnelDestGroup.
85
+ # @!attribute [rw] name
86
+ # @return [::String]
87
+ # Required. Name of the TunnelDestGroup to be fetched.
88
+ # In the following format:
89
+ # `projects/{project_number/id}/iap_tunnel/locations/{location}/destGroups/{dest_group}`.
90
+ class GetTunnelDestGroupRequest
91
+ include ::Google::Protobuf::MessageExts
92
+ extend ::Google::Protobuf::MessageExts::ClassMethods
93
+ end
94
+
95
+ # The request to DeleteTunnelDestGroup.
96
+ # @!attribute [rw] name
97
+ # @return [::String]
98
+ # Required. Name of the TunnelDestGroup to delete.
99
+ # In the following format:
100
+ # `projects/{project_number/id}/iap_tunnel/locations/{location}/destGroups/{dest_group}`.
101
+ class DeleteTunnelDestGroupRequest
102
+ include ::Google::Protobuf::MessageExts
103
+ extend ::Google::Protobuf::MessageExts::ClassMethods
104
+ end
105
+
106
+ # The request to UpdateTunnelDestGroup.
107
+ # @!attribute [rw] tunnel_dest_group
108
+ # @return [::Google::Cloud::Iap::V1::TunnelDestGroup]
109
+ # Required. The new values for the TunnelDestGroup.
110
+ # @!attribute [rw] update_mask
111
+ # @return [::Google::Protobuf::FieldMask]
112
+ # A field mask that specifies which IAP settings to update.
113
+ # If omitted, then all of the settings are updated. See
114
+ # https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask
115
+ class UpdateTunnelDestGroupRequest
116
+ include ::Google::Protobuf::MessageExts
117
+ extend ::Google::Protobuf::MessageExts::ClassMethods
118
+ end
119
+
120
+ # A TunnelDestGroup.
121
+ # @!attribute [rw] name
122
+ # @return [::String]
123
+ # Required. Immutable. Identifier for the TunnelDestGroup. Must be unique within the
124
+ # project.
125
+ # @!attribute [rw] cidrs
126
+ # @return [::Array<::String>]
127
+ # null List of CIDRs that this group applies to.
128
+ # @!attribute [rw] fqdns
129
+ # @return [::Array<::String>]
130
+ # null List of FQDNs that this group applies to.
131
+ class TunnelDestGroup
132
+ include ::Google::Protobuf::MessageExts
133
+ extend ::Google::Protobuf::MessageExts::ClassMethods
134
+ end
135
+
24
136
  # The request sent to GetIapSettings.
25
137
  # @!attribute [rw] name
26
138
  # @return [::String]
@@ -73,6 +185,9 @@ module Google
73
185
  # @!attribute [rw] oauth_settings
74
186
  # @return [::Google::Cloud::Iap::V1::OAuthSettings]
75
187
  # Settings to configure IAP's OAuth behavior.
188
+ # @!attribute [rw] reauth_settings
189
+ # @return [::Google::Cloud::Iap::V1::ReauthSettings]
190
+ # Settings to configure reauthentication policies in IAP.
76
191
  class AccessSettings
77
192
  include ::Google::Protobuf::MessageExts
78
193
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -122,6 +237,55 @@ module Google
122
237
  extend ::Google::Protobuf::MessageExts::ClassMethods
123
238
  end
124
239
 
240
+ # Configuration for IAP reauthentication policies.
241
+ # @!attribute [rw] method
242
+ # @return [::Google::Cloud::Iap::V1::ReauthSettings::Method]
243
+ # Reauth method required by the policy.
244
+ # @!attribute [rw] max_age
245
+ # @return [::Google::Protobuf::Duration]
246
+ # Reauth session lifetime, how long before a user has to reauthenticate
247
+ # again.
248
+ # @!attribute [rw] policy_type
249
+ # @return [::Google::Cloud::Iap::V1::ReauthSettings::PolicyType]
250
+ # How IAP determines the effective policy in cases of hierarchial policies.
251
+ # Policies are merged from higher in the hierarchy to lower in the hierarchy.
252
+ class ReauthSettings
253
+ include ::Google::Protobuf::MessageExts
254
+ extend ::Google::Protobuf::MessageExts::ClassMethods
255
+
256
+ # Types of reauthentication methods supported by IAP.
257
+ module Method
258
+ # Reauthentication disabled.
259
+ METHOD_UNSPECIFIED = 0
260
+
261
+ # Mimics the behavior as if the user had logged out and tried to log in
262
+ # again. Users with 2SV (2-step verification) enabled see their 2SV
263
+ # challenges if they did not opt to have their second factor responses
264
+ # saved. Apps Core (GSuites) admins can configure settings to disable 2SV
265
+ # cookies and require 2SV for all Apps Core users in their domains.
266
+ LOGIN = 1
267
+
268
+ # User must type their password.
269
+ PASSWORD = 2
270
+
271
+ # User must use their secure key 2nd factor device.
272
+ SECURE_KEY = 3
273
+ end
274
+
275
+ # Type of policy in the case of hierarchial policies.
276
+ module PolicyType
277
+ # Default value. This value is unused.
278
+ POLICY_TYPE_UNSPECIFIED = 0
279
+
280
+ # This policy acts as a minimum to other policies, lower in the hierarchy.
281
+ # Effective policy may only be the same or stricter.
282
+ MINIMUM = 1
283
+
284
+ # This policy acts as a default if no other reauth policy is set.
285
+ DEFAULT = 2
286
+ end
287
+ end
288
+
125
289
  # Wrapper over application specific settings for IAP.
126
290
  # @!attribute [rw] csm_settings
127
291
  # @return [::Google::Cloud::Iap::V1::CsmSettings]
@@ -31,6 +31,13 @@ module Google
31
31
  # the policy is limited to a few 10s of KB. An empty policy is a
32
32
  # valid policy but certain Cloud Platform services (such as Projects)
33
33
  # might reject them.
34
+ # @!attribute [rw] update_mask
35
+ # @return [::Google::Protobuf::FieldMask]
36
+ # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
37
+ # the fields in the mask will be modified. If no mask is provided, the
38
+ # following default mask is used:
39
+ #
40
+ # `paths: "bindings, etag"`
34
41
  class SetIamPolicyRequest
35
42
  include ::Google::Protobuf::MessageExts
36
43
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -44,7 +51,7 @@ module Google
44
51
  # @!attribute [rw] options
45
52
  # @return [::Google::Iam::V1::GetPolicyOptions]
46
53
  # OPTIONAL: A `GetPolicyOptions` object for specifying options to
47
- # `GetIamPolicy`. This field is only used by Cloud IAM.
54
+ # `GetIamPolicy`.
48
55
  class GetIamPolicyRequest
49
56
  include ::Google::Protobuf::MessageExts
50
57
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -23,14 +23,24 @@ module Google
23
23
  # Encapsulates settings provided to GetIamPolicy.
24
24
  # @!attribute [rw] requested_policy_version
25
25
  # @return [::Integer]
26
- # Optional. The policy format version to be returned.
26
+ # Optional. The maximum policy version that will be used to format the
27
+ # policy.
27
28
  #
28
29
  # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
29
30
  # rejected.
30
31
  #
31
- # Requests for policies with any conditional bindings must specify version 3.
32
- # Policies without any conditional bindings may specify any valid value or
33
- # leave the field unset.
32
+ # Requests for policies with any conditional role bindings must specify
33
+ # version 3. Policies with no conditional role bindings may specify any valid
34
+ # value or leave the field unset.
35
+ #
36
+ # The policy in the response might use the policy version that you specified,
37
+ # or it might use a lower policy version. For example, if you specify version
38
+ # 3, but the policy has no conditional role bindings, the response uses
39
+ # version 1.
40
+ #
41
+ # To learn which resources support conditions in their IAM policies, see the
42
+ # [IAM
43
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
34
44
  class GetPolicyOptions
35
45
  include ::Google::Protobuf::MessageExts
36
46
  extend ::Google::Protobuf::MessageExts::ClassMethods