google-cloud-iap-v1 0.1.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,69 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2022 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Cloud
22
+ module Iap
23
+ module V1
24
+ module IdentityAwareProxyAdminService
25
+ # Path helper methods for the IdentityAwareProxyAdminService API.
26
+ module Paths
27
+ ##
28
+ # Create a fully-qualified TunnelDestGroup resource string.
29
+ #
30
+ # The resource will be in the following format:
31
+ #
32
+ # `projects/{project}/iap_tunnel/locations/{location}/destGroups/{dest_group}`
33
+ #
34
+ # @param project [String]
35
+ # @param location [String]
36
+ # @param dest_group [String]
37
+ #
38
+ # @return [::String]
39
+ def tunnel_dest_group_path project:, location:, dest_group:
40
+ raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
41
+ raise ::ArgumentError, "location cannot contain /" if location.to_s.include? "/"
42
+
43
+ "projects/#{project}/iap_tunnel/locations/#{location}/destGroups/#{dest_group}"
44
+ end
45
+
46
+ ##
47
+ # Create a fully-qualified TunnelLocation resource string.
48
+ #
49
+ # The resource will be in the following format:
50
+ #
51
+ # `projects/{project}/iap_tunnel/locations/{location}`
52
+ #
53
+ # @param project [String]
54
+ # @param location [String]
55
+ #
56
+ # @return [::String]
57
+ def tunnel_location_path project:, location:
58
+ raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
59
+
60
+ "projects/#{project}/iap_tunnel/locations/#{location}"
61
+ end
62
+
63
+ extend self
64
+ end
65
+ end
66
+ end
67
+ end
68
+ end
69
+ end
@@ -23,6 +23,7 @@ require "gapic/config/method"
23
23
  require "google/cloud/iap/v1/version"
24
24
 
25
25
  require "google/cloud/iap/v1/identity_aware_proxy_admin_service/credentials"
26
+ require "google/cloud/iap/v1/identity_aware_proxy_admin_service/paths"
26
27
  require "google/cloud/iap/v1/identity_aware_proxy_admin_service/client"
27
28
 
28
29
  module Google
@@ -235,11 +235,12 @@ module Google
235
235
  ##
236
236
  # Constructs a new OAuth brand for the project if one does not exist.
237
237
  # The created brand is "internal only", meaning that OAuth clients created
238
- # under it only accept requests from users who belong to the same G Suite
239
- # organization as the project. The brand is created in an un-reviewed status.
240
- # NOTE: The "internal only" status can be manually changed in the Google
241
- # Cloud console. Requires that a brand does not already exist for the
242
- # project, and that the specified support email is owned by the caller.
238
+ # under it only accept requests from users who belong to the same Google
239
+ # Workspace organization as the project. The brand is created in an
240
+ # un-reviewed status. NOTE: The "internal only" status can be manually
241
+ # changed in the Google Cloud Console. Requires that a brand does not already
242
+ # exist for the project, and that the specified support email is owned by the
243
+ # caller.
243
244
  #
244
245
  # @overload create_brand(request, options = nil)
245
246
  # Pass arguments to `create_brand` via a request object, either of type
@@ -1,18 +1,50 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: google/cloud/iap/v1/service.proto
3
3
 
4
+ require 'google/protobuf'
5
+
4
6
  require 'google/api/annotations_pb'
7
+ require 'google/api/client_pb'
5
8
  require 'google/api/field_behavior_pb'
9
+ require 'google/api/resource_pb'
6
10
  require 'google/iam/v1/iam_policy_pb'
7
11
  require 'google/iam/v1/policy_pb'
12
+ require 'google/protobuf/duration_pb'
8
13
  require 'google/protobuf/empty_pb'
9
14
  require 'google/protobuf/field_mask_pb'
10
15
  require 'google/protobuf/wrappers_pb'
11
- require 'google/api/client_pb'
12
- require 'google/protobuf'
13
16
 
14
17
  Google::Protobuf::DescriptorPool.generated_pool.build do
15
18
  add_file("google/cloud/iap/v1/service.proto", :syntax => :proto3) do
19
+ add_message "google.cloud.iap.v1.ListTunnelDestGroupsRequest" do
20
+ optional :parent, :string, 1
21
+ optional :page_size, :int32, 2
22
+ optional :page_token, :string, 3
23
+ end
24
+ add_message "google.cloud.iap.v1.ListTunnelDestGroupsResponse" do
25
+ repeated :tunnel_dest_groups, :message, 1, "google.cloud.iap.v1.TunnelDestGroup"
26
+ optional :next_page_token, :string, 2
27
+ end
28
+ add_message "google.cloud.iap.v1.CreateTunnelDestGroupRequest" do
29
+ optional :parent, :string, 1
30
+ optional :tunnel_dest_group, :message, 2, "google.cloud.iap.v1.TunnelDestGroup"
31
+ optional :tunnel_dest_group_id, :string, 3
32
+ end
33
+ add_message "google.cloud.iap.v1.GetTunnelDestGroupRequest" do
34
+ optional :name, :string, 1
35
+ end
36
+ add_message "google.cloud.iap.v1.DeleteTunnelDestGroupRequest" do
37
+ optional :name, :string, 1
38
+ end
39
+ add_message "google.cloud.iap.v1.UpdateTunnelDestGroupRequest" do
40
+ optional :tunnel_dest_group, :message, 1, "google.cloud.iap.v1.TunnelDestGroup"
41
+ optional :update_mask, :message, 2, "google.protobuf.FieldMask"
42
+ end
43
+ add_message "google.cloud.iap.v1.TunnelDestGroup" do
44
+ optional :name, :string, 1
45
+ repeated :cidrs, :string, 2
46
+ repeated :fqdns, :string, 3
47
+ end
16
48
  add_message "google.cloud.iap.v1.GetIapSettingsRequest" do
17
49
  optional :name, :string, 1
18
50
  end
@@ -29,6 +61,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
29
61
  optional :gcip_settings, :message, 1, "google.cloud.iap.v1.GcipSettings"
30
62
  optional :cors_settings, :message, 2, "google.cloud.iap.v1.CorsSettings"
31
63
  optional :oauth_settings, :message, 3, "google.cloud.iap.v1.OAuthSettings"
64
+ optional :reauth_settings, :message, 6, "google.cloud.iap.v1.ReauthSettings"
32
65
  end
33
66
  add_message "google.cloud.iap.v1.GcipSettings" do
34
67
  repeated :tenant_ids, :string, 1
@@ -40,6 +73,22 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
40
73
  add_message "google.cloud.iap.v1.OAuthSettings" do
41
74
  optional :login_hint, :message, 2, "google.protobuf.StringValue"
42
75
  end
76
+ add_message "google.cloud.iap.v1.ReauthSettings" do
77
+ optional :method, :enum, 1, "google.cloud.iap.v1.ReauthSettings.Method"
78
+ optional :max_age, :message, 2, "google.protobuf.Duration"
79
+ optional :policy_type, :enum, 3, "google.cloud.iap.v1.ReauthSettings.PolicyType"
80
+ end
81
+ add_enum "google.cloud.iap.v1.ReauthSettings.Method" do
82
+ value :METHOD_UNSPECIFIED, 0
83
+ value :LOGIN, 1
84
+ value :PASSWORD, 2
85
+ value :SECURE_KEY, 3
86
+ end
87
+ add_enum "google.cloud.iap.v1.ReauthSettings.PolicyType" do
88
+ value :POLICY_TYPE_UNSPECIFIED, 0
89
+ value :MINIMUM, 1
90
+ value :DEFAULT, 2
91
+ end
43
92
  add_message "google.cloud.iap.v1.ApplicationSettings" do
44
93
  optional :csm_settings, :message, 1, "google.cloud.iap.v1.CsmSettings"
45
94
  optional :access_denied_page_settings, :message, 2, "google.cloud.iap.v1.AccessDeniedPageSettings"
@@ -105,6 +154,13 @@ module Google
105
154
  module Cloud
106
155
  module Iap
107
156
  module V1
157
+ ListTunnelDestGroupsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ListTunnelDestGroupsRequest").msgclass
158
+ ListTunnelDestGroupsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ListTunnelDestGroupsResponse").msgclass
159
+ CreateTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CreateTunnelDestGroupRequest").msgclass
160
+ GetTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.GetTunnelDestGroupRequest").msgclass
161
+ DeleteTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.DeleteTunnelDestGroupRequest").msgclass
162
+ UpdateTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.UpdateTunnelDestGroupRequest").msgclass
163
+ TunnelDestGroup = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.TunnelDestGroup").msgclass
108
164
  GetIapSettingsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.GetIapSettingsRequest").msgclass
109
165
  UpdateIapSettingsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.UpdateIapSettingsRequest").msgclass
110
166
  IapSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.IapSettings").msgclass
@@ -112,6 +168,9 @@ module Google
112
168
  GcipSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.GcipSettings").msgclass
113
169
  CorsSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CorsSettings").msgclass
114
170
  OAuthSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.OAuthSettings").msgclass
171
+ ReauthSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings").msgclass
172
+ ReauthSettings::Method = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings.Method").enummodule
173
+ ReauthSettings::PolicyType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings.PolicyType").enummodule
115
174
  ApplicationSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ApplicationSettings").msgclass
116
175
  CsmSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CsmSettings").msgclass
117
176
  AccessDeniedPageSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.AccessDeniedPageSettings").msgclass
@@ -53,6 +53,18 @@ module Google
53
53
  # Updates the IAP settings on a particular IAP protected resource. It
54
54
  # replaces all fields unless the `update_mask` is set.
55
55
  rpc :UpdateIapSettings, ::Google::Cloud::Iap::V1::UpdateIapSettingsRequest, ::Google::Cloud::Iap::V1::IapSettings
56
+ # Lists the existing TunnelDestGroups. To group across all locations, use a
57
+ # `-` as the location ID. For example:
58
+ # `/v1/projects/123/iap_tunnel/locations/-/destGroups`
59
+ rpc :ListTunnelDestGroups, ::Google::Cloud::Iap::V1::ListTunnelDestGroupsRequest, ::Google::Cloud::Iap::V1::ListTunnelDestGroupsResponse
60
+ # Creates a new TunnelDestGroup.
61
+ rpc :CreateTunnelDestGroup, ::Google::Cloud::Iap::V1::CreateTunnelDestGroupRequest, ::Google::Cloud::Iap::V1::TunnelDestGroup
62
+ # Retrieves an existing TunnelDestGroup.
63
+ rpc :GetTunnelDestGroup, ::Google::Cloud::Iap::V1::GetTunnelDestGroupRequest, ::Google::Cloud::Iap::V1::TunnelDestGroup
64
+ # Deletes a TunnelDestGroup.
65
+ rpc :DeleteTunnelDestGroup, ::Google::Cloud::Iap::V1::DeleteTunnelDestGroupRequest, ::Google::Protobuf::Empty
66
+ # Updates a TunnelDestGroup.
67
+ rpc :UpdateTunnelDestGroup, ::Google::Cloud::Iap::V1::UpdateTunnelDestGroupRequest, ::Google::Cloud::Iap::V1::TunnelDestGroup
56
68
  end
57
69
 
58
70
  Stub = Service.rpc_stub_class
@@ -73,11 +85,12 @@ module Google
73
85
  rpc :ListBrands, ::Google::Cloud::Iap::V1::ListBrandsRequest, ::Google::Cloud::Iap::V1::ListBrandsResponse
74
86
  # Constructs a new OAuth brand for the project if one does not exist.
75
87
  # The created brand is "internal only", meaning that OAuth clients created
76
- # under it only accept requests from users who belong to the same G Suite
77
- # organization as the project. The brand is created in an un-reviewed status.
78
- # NOTE: The "internal only" status can be manually changed in the Google
79
- # Cloud console. Requires that a brand does not already exist for the
80
- # project, and that the specified support email is owned by the caller.
88
+ # under it only accept requests from users who belong to the same Google
89
+ # Workspace organization as the project. The brand is created in an
90
+ # un-reviewed status. NOTE: The "internal only" status can be manually
91
+ # changed in the Google Cloud Console. Requires that a brand does not already
92
+ # exist for the project, and that the specified support email is owned by the
93
+ # caller.
81
94
  rpc :CreateBrand, ::Google::Cloud::Iap::V1::CreateBrandRequest, ::Google::Cloud::Iap::V1::Brand
82
95
  # Retrieves the OAuth brand of the project.
83
96
  rpc :GetBrand, ::Google::Cloud::Iap::V1::GetBrandRequest, ::Google::Cloud::Iap::V1::Brand
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module Iap
23
23
  module V1
24
- VERSION = "0.1.2"
24
+ VERSION = "0.3.0"
25
25
  end
26
26
  end
27
27
  end
@@ -26,6 +26,8 @@ module Google
26
26
  ##
27
27
  # To load this package, including all its services, and instantiate a client:
28
28
  #
29
+ # @example
30
+ #
29
31
  # require "google/cloud/iap/v1"
30
32
  # client = ::Google::Cloud::Iap::V1::IdentityAwareProxyAdminService::Client.new
31
33
  #
@@ -33,11 +33,7 @@ module Google
33
33
  # // For Kubernetes resources, the format is {api group}/{kind}.
34
34
  # option (google.api.resource) = {
35
35
  # type: "pubsub.googleapis.com/Topic"
36
- # name_descriptor: {
37
- # pattern: "projects/{project}/topics/{topic}"
38
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
39
- # parent_name_extractor: "projects/{project}"
40
- # }
36
+ # pattern: "projects/{project}/topics/{topic}"
41
37
  # };
42
38
  # }
43
39
  #
@@ -45,10 +41,7 @@ module Google
45
41
  #
46
42
  # resources:
47
43
  # - type: "pubsub.googleapis.com/Topic"
48
- # name_descriptor:
49
- # - pattern: "projects/{project}/topics/{topic}"
50
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
51
- # parent_name_extractor: "projects/{project}"
44
+ # pattern: "projects/{project}/topics/{topic}"
52
45
  #
53
46
  # Sometimes, resources have multiple patterns, typically because they can
54
47
  # live under multiple parents.
@@ -58,26 +51,10 @@ module Google
58
51
  # message LogEntry {
59
52
  # option (google.api.resource) = {
60
53
  # type: "logging.googleapis.com/LogEntry"
61
- # name_descriptor: {
62
- # pattern: "projects/{project}/logs/{log}"
63
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
64
- # parent_name_extractor: "projects/{project}"
65
- # }
66
- # name_descriptor: {
67
- # pattern: "folders/{folder}/logs/{log}"
68
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
69
- # parent_name_extractor: "folders/{folder}"
70
- # }
71
- # name_descriptor: {
72
- # pattern: "organizations/{organization}/logs/{log}"
73
- # parent_type: "cloudresourcemanager.googleapis.com/Organization"
74
- # parent_name_extractor: "organizations/{organization}"
75
- # }
76
- # name_descriptor: {
77
- # pattern: "billingAccounts/{billing_account}/logs/{log}"
78
- # parent_type: "billing.googleapis.com/BillingAccount"
79
- # parent_name_extractor: "billingAccounts/{billing_account}"
80
- # }
54
+ # pattern: "projects/{project}/logs/{log}"
55
+ # pattern: "folders/{folder}/logs/{log}"
56
+ # pattern: "organizations/{organization}/logs/{log}"
57
+ # pattern: "billingAccounts/{billing_account}/logs/{log}"
81
58
  # };
82
59
  # }
83
60
  #
@@ -85,48 +62,10 @@ module Google
85
62
  #
86
63
  # resources:
87
64
  # - type: 'logging.googleapis.com/LogEntry'
88
- # name_descriptor:
89
- # - pattern: "projects/{project}/logs/{log}"
90
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
91
- # parent_name_extractor: "projects/{project}"
92
- # - pattern: "folders/{folder}/logs/{log}"
93
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
94
- # parent_name_extractor: "folders/{folder}"
95
- # - pattern: "organizations/{organization}/logs/{log}"
96
- # parent_type: "cloudresourcemanager.googleapis.com/Organization"
97
- # parent_name_extractor: "organizations/{organization}"
98
- # - pattern: "billingAccounts/{billing_account}/logs/{log}"
99
- # parent_type: "billing.googleapis.com/BillingAccount"
100
- # parent_name_extractor: "billingAccounts/{billing_account}"
101
- #
102
- # For flexible resources, the resource name doesn't contain parent names, but
103
- # the resource itself has parents for policy evaluation.
104
- #
105
- # Example:
106
- #
107
- # message Shelf {
108
- # option (google.api.resource) = {
109
- # type: "library.googleapis.com/Shelf"
110
- # name_descriptor: {
111
- # pattern: "shelves/{shelf}"
112
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
113
- # }
114
- # name_descriptor: {
115
- # pattern: "shelves/{shelf}"
116
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
117
- # }
118
- # };
119
- # }
120
- #
121
- # The ResourceDescriptor Yaml config will look like:
122
- #
123
- # resources:
124
- # - type: 'library.googleapis.com/Shelf'
125
- # name_descriptor:
126
- # - pattern: "shelves/{shelf}"
127
- # parent_type: "cloudresourcemanager.googleapis.com/Project"
128
- # - pattern: "shelves/{shelf}"
129
- # parent_type: "cloudresourcemanager.googleapis.com/Folder"
65
+ # pattern: "projects/{project}/logs/{log}"
66
+ # pattern: "folders/{folder}/logs/{log}"
67
+ # pattern: "organizations/{organization}/logs/{log}"
68
+ # pattern: "billingAccounts/{billing_account}/logs/{log}"
130
69
  # @!attribute [rw] type
131
70
  # @return [::String]
132
71
  # The resource type. It must be in the format of
@@ -21,6 +21,118 @@ module Google
21
21
  module Cloud
22
22
  module Iap
23
23
  module V1
24
+ # The request to ListTunnelDestGroups.
25
+ # @!attribute [rw] parent
26
+ # @return [::String]
27
+ # Required. Google Cloud Project ID and location.
28
+ # In the following format:
29
+ # `projects/{project_number/id}/iap_tunnel/locations/{location}`.
30
+ # A `-` can be used for the location to group across all locations.
31
+ # @!attribute [rw] page_size
32
+ # @return [::Integer]
33
+ # The maximum number of groups to return. The service might return fewer than
34
+ # this value.
35
+ # If unspecified, at most 100 groups are returned.
36
+ # The maximum value is 1000; values above 1000 are coerced to 1000.
37
+ # @!attribute [rw] page_token
38
+ # @return [::String]
39
+ # A page token, received from a previous `ListTunnelDestGroups`
40
+ # call. Provide this to retrieve the subsequent page.
41
+ #
42
+ # When paginating, all other parameters provided to
43
+ # `ListTunnelDestGroups` must match the call that provided the page
44
+ # token.
45
+ class ListTunnelDestGroupsRequest
46
+ include ::Google::Protobuf::MessageExts
47
+ extend ::Google::Protobuf::MessageExts::ClassMethods
48
+ end
49
+
50
+ # The response from ListTunnelDestGroups.
51
+ # @!attribute [rw] tunnel_dest_groups
52
+ # @return [::Array<::Google::Cloud::Iap::V1::TunnelDestGroup>]
53
+ # TunnelDestGroup existing in the project.
54
+ # @!attribute [rw] next_page_token
55
+ # @return [::String]
56
+ # A token that you can send as `page_token` to retrieve the next page.
57
+ # If this field is omitted, there are no subsequent pages.
58
+ class ListTunnelDestGroupsResponse
59
+ include ::Google::Protobuf::MessageExts
60
+ extend ::Google::Protobuf::MessageExts::ClassMethods
61
+ end
62
+
63
+ # The request to CreateTunnelDestGroup.
64
+ # @!attribute [rw] parent
65
+ # @return [::String]
66
+ # Required. Google Cloud Project ID and location.
67
+ # In the following format:
68
+ # `projects/{project_number/id}/iap_tunnel/locations/{location}`.
69
+ # @!attribute [rw] tunnel_dest_group
70
+ # @return [::Google::Cloud::Iap::V1::TunnelDestGroup]
71
+ # Required. The TunnelDestGroup to create.
72
+ # @!attribute [rw] tunnel_dest_group_id
73
+ # @return [::String]
74
+ # Required. The ID to use for the TunnelDestGroup, which becomes the final component of
75
+ # the resource name.
76
+ #
77
+ # This value must be 4-63 characters, and valid characters
78
+ # are `[a-z][0-9]-`.
79
+ class CreateTunnelDestGroupRequest
80
+ include ::Google::Protobuf::MessageExts
81
+ extend ::Google::Protobuf::MessageExts::ClassMethods
82
+ end
83
+
84
+ # The request to GetTunnelDestGroup.
85
+ # @!attribute [rw] name
86
+ # @return [::String]
87
+ # Required. Name of the TunnelDestGroup to be fetched.
88
+ # In the following format:
89
+ # `projects/{project_number/id}/iap_tunnel/locations/{location}/destGroups/{dest_group}`.
90
+ class GetTunnelDestGroupRequest
91
+ include ::Google::Protobuf::MessageExts
92
+ extend ::Google::Protobuf::MessageExts::ClassMethods
93
+ end
94
+
95
+ # The request to DeleteTunnelDestGroup.
96
+ # @!attribute [rw] name
97
+ # @return [::String]
98
+ # Required. Name of the TunnelDestGroup to delete.
99
+ # In the following format:
100
+ # `projects/{project_number/id}/iap_tunnel/locations/{location}/destGroups/{dest_group}`.
101
+ class DeleteTunnelDestGroupRequest
102
+ include ::Google::Protobuf::MessageExts
103
+ extend ::Google::Protobuf::MessageExts::ClassMethods
104
+ end
105
+
106
+ # The request to UpdateTunnelDestGroup.
107
+ # @!attribute [rw] tunnel_dest_group
108
+ # @return [::Google::Cloud::Iap::V1::TunnelDestGroup]
109
+ # Required. The new values for the TunnelDestGroup.
110
+ # @!attribute [rw] update_mask
111
+ # @return [::Google::Protobuf::FieldMask]
112
+ # A field mask that specifies which IAP settings to update.
113
+ # If omitted, then all of the settings are updated. See
114
+ # https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask
115
+ class UpdateTunnelDestGroupRequest
116
+ include ::Google::Protobuf::MessageExts
117
+ extend ::Google::Protobuf::MessageExts::ClassMethods
118
+ end
119
+
120
+ # A TunnelDestGroup.
121
+ # @!attribute [rw] name
122
+ # @return [::String]
123
+ # Required. Immutable. Identifier for the TunnelDestGroup. Must be unique within the
124
+ # project.
125
+ # @!attribute [rw] cidrs
126
+ # @return [::Array<::String>]
127
+ # null List of CIDRs that this group applies to.
128
+ # @!attribute [rw] fqdns
129
+ # @return [::Array<::String>]
130
+ # null List of FQDNs that this group applies to.
131
+ class TunnelDestGroup
132
+ include ::Google::Protobuf::MessageExts
133
+ extend ::Google::Protobuf::MessageExts::ClassMethods
134
+ end
135
+
24
136
  # The request sent to GetIapSettings.
25
137
  # @!attribute [rw] name
26
138
  # @return [::String]
@@ -73,6 +185,9 @@ module Google
73
185
  # @!attribute [rw] oauth_settings
74
186
  # @return [::Google::Cloud::Iap::V1::OAuthSettings]
75
187
  # Settings to configure IAP's OAuth behavior.
188
+ # @!attribute [rw] reauth_settings
189
+ # @return [::Google::Cloud::Iap::V1::ReauthSettings]
190
+ # Settings to configure reauthentication policies in IAP.
76
191
  class AccessSettings
77
192
  include ::Google::Protobuf::MessageExts
78
193
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -122,6 +237,55 @@ module Google
122
237
  extend ::Google::Protobuf::MessageExts::ClassMethods
123
238
  end
124
239
 
240
+ # Configuration for IAP reauthentication policies.
241
+ # @!attribute [rw] method
242
+ # @return [::Google::Cloud::Iap::V1::ReauthSettings::Method]
243
+ # Reauth method required by the policy.
244
+ # @!attribute [rw] max_age
245
+ # @return [::Google::Protobuf::Duration]
246
+ # Reauth session lifetime, how long before a user has to reauthenticate
247
+ # again.
248
+ # @!attribute [rw] policy_type
249
+ # @return [::Google::Cloud::Iap::V1::ReauthSettings::PolicyType]
250
+ # How IAP determines the effective policy in cases of hierarchial policies.
251
+ # Policies are merged from higher in the hierarchy to lower in the hierarchy.
252
+ class ReauthSettings
253
+ include ::Google::Protobuf::MessageExts
254
+ extend ::Google::Protobuf::MessageExts::ClassMethods
255
+
256
+ # Types of reauthentication methods supported by IAP.
257
+ module Method
258
+ # Reauthentication disabled.
259
+ METHOD_UNSPECIFIED = 0
260
+
261
+ # Mimics the behavior as if the user had logged out and tried to log in
262
+ # again. Users with 2SV (2-step verification) enabled see their 2SV
263
+ # challenges if they did not opt to have their second factor responses
264
+ # saved. Apps Core (GSuites) admins can configure settings to disable 2SV
265
+ # cookies and require 2SV for all Apps Core users in their domains.
266
+ LOGIN = 1
267
+
268
+ # User must type their password.
269
+ PASSWORD = 2
270
+
271
+ # User must use their secure key 2nd factor device.
272
+ SECURE_KEY = 3
273
+ end
274
+
275
+ # Type of policy in the case of hierarchial policies.
276
+ module PolicyType
277
+ # Default value. This value is unused.
278
+ POLICY_TYPE_UNSPECIFIED = 0
279
+
280
+ # This policy acts as a minimum to other policies, lower in the hierarchy.
281
+ # Effective policy may only be the same or stricter.
282
+ MINIMUM = 1
283
+
284
+ # This policy acts as a default if no other reauth policy is set.
285
+ DEFAULT = 2
286
+ end
287
+ end
288
+
125
289
  # Wrapper over application specific settings for IAP.
126
290
  # @!attribute [rw] csm_settings
127
291
  # @return [::Google::Cloud::Iap::V1::CsmSettings]
@@ -31,6 +31,13 @@ module Google
31
31
  # the policy is limited to a few 10s of KB. An empty policy is a
32
32
  # valid policy but certain Cloud Platform services (such as Projects)
33
33
  # might reject them.
34
+ # @!attribute [rw] update_mask
35
+ # @return [::Google::Protobuf::FieldMask]
36
+ # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
37
+ # the fields in the mask will be modified. If no mask is provided, the
38
+ # following default mask is used:
39
+ #
40
+ # `paths: "bindings, etag"`
34
41
  class SetIamPolicyRequest
35
42
  include ::Google::Protobuf::MessageExts
36
43
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -44,7 +51,7 @@ module Google
44
51
  # @!attribute [rw] options
45
52
  # @return [::Google::Iam::V1::GetPolicyOptions]
46
53
  # OPTIONAL: A `GetPolicyOptions` object for specifying options to
47
- # `GetIamPolicy`. This field is only used by Cloud IAM.
54
+ # `GetIamPolicy`.
48
55
  class GetIamPolicyRequest
49
56
  include ::Google::Protobuf::MessageExts
50
57
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -23,14 +23,24 @@ module Google
23
23
  # Encapsulates settings provided to GetIamPolicy.
24
24
  # @!attribute [rw] requested_policy_version
25
25
  # @return [::Integer]
26
- # Optional. The policy format version to be returned.
26
+ # Optional. The maximum policy version that will be used to format the
27
+ # policy.
27
28
  #
28
29
  # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
29
30
  # rejected.
30
31
  #
31
- # Requests for policies with any conditional bindings must specify version 3.
32
- # Policies without any conditional bindings may specify any valid value or
33
- # leave the field unset.
32
+ # Requests for policies with any conditional role bindings must specify
33
+ # version 3. Policies with no conditional role bindings may specify any valid
34
+ # value or leave the field unset.
35
+ #
36
+ # The policy in the response might use the policy version that you specified,
37
+ # or it might use a lower policy version. For example, if you specify version
38
+ # 3, but the policy has no conditional role bindings, the response uses
39
+ # version 1.
40
+ #
41
+ # To learn which resources support conditions in their IAM policies, see the
42
+ # [IAM
43
+ # documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
34
44
  class GetPolicyOptions
35
45
  include ::Google::Protobuf::MessageExts
36
46
  extend ::Google::Protobuf::MessageExts::ClassMethods