google-cloud-iap-v1 0.1.2 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.yardopts +1 -1
- data/AUTHENTICATION.md +7 -25
- data/README.md +6 -1
- data/lib/google/cloud/iap/v1/identity_aware_proxy_admin_service/client.rb +512 -2
- data/lib/google/cloud/iap/v1/identity_aware_proxy_admin_service/paths.rb +69 -0
- data/lib/google/cloud/iap/v1/identity_aware_proxy_admin_service.rb +1 -0
- data/lib/google/cloud/iap/v1/identity_aware_proxy_o_auth_service/client.rb +6 -5
- data/lib/google/cloud/iap/v1/service_pb.rb +61 -2
- data/lib/google/cloud/iap/v1/service_services_pb.rb +18 -5
- data/lib/google/cloud/iap/v1/version.rb +1 -1
- data/lib/google/cloud/iap/v1.rb +2 -0
- data/proto_docs/google/api/resource.rb +10 -71
- data/proto_docs/google/cloud/iap/v1/service.rb +164 -0
- data/proto_docs/google/iam/v1/iam_policy.rb +8 -1
- data/proto_docs/google/iam/v1/options.rb +14 -4
- data/proto_docs/google/iam/v1/policy.rb +208 -38
- data/proto_docs/google/protobuf/duration.rb +98 -0
- metadata +9 -13
@@ -0,0 +1,69 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# Copyright 2022 Google LLC
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# https://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
|
18
|
+
|
19
|
+
|
20
|
+
module Google
|
21
|
+
module Cloud
|
22
|
+
module Iap
|
23
|
+
module V1
|
24
|
+
module IdentityAwareProxyAdminService
|
25
|
+
# Path helper methods for the IdentityAwareProxyAdminService API.
|
26
|
+
module Paths
|
27
|
+
##
|
28
|
+
# Create a fully-qualified TunnelDestGroup resource string.
|
29
|
+
#
|
30
|
+
# The resource will be in the following format:
|
31
|
+
#
|
32
|
+
# `projects/{project}/iap_tunnel/locations/{location}/destGroups/{dest_group}`
|
33
|
+
#
|
34
|
+
# @param project [String]
|
35
|
+
# @param location [String]
|
36
|
+
# @param dest_group [String]
|
37
|
+
#
|
38
|
+
# @return [::String]
|
39
|
+
def tunnel_dest_group_path project:, location:, dest_group:
|
40
|
+
raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
|
41
|
+
raise ::ArgumentError, "location cannot contain /" if location.to_s.include? "/"
|
42
|
+
|
43
|
+
"projects/#{project}/iap_tunnel/locations/#{location}/destGroups/#{dest_group}"
|
44
|
+
end
|
45
|
+
|
46
|
+
##
|
47
|
+
# Create a fully-qualified TunnelLocation resource string.
|
48
|
+
#
|
49
|
+
# The resource will be in the following format:
|
50
|
+
#
|
51
|
+
# `projects/{project}/iap_tunnel/locations/{location}`
|
52
|
+
#
|
53
|
+
# @param project [String]
|
54
|
+
# @param location [String]
|
55
|
+
#
|
56
|
+
# @return [::String]
|
57
|
+
def tunnel_location_path project:, location:
|
58
|
+
raise ::ArgumentError, "project cannot contain /" if project.to_s.include? "/"
|
59
|
+
|
60
|
+
"projects/#{project}/iap_tunnel/locations/#{location}"
|
61
|
+
end
|
62
|
+
|
63
|
+
extend self
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
@@ -23,6 +23,7 @@ require "gapic/config/method"
|
|
23
23
|
require "google/cloud/iap/v1/version"
|
24
24
|
|
25
25
|
require "google/cloud/iap/v1/identity_aware_proxy_admin_service/credentials"
|
26
|
+
require "google/cloud/iap/v1/identity_aware_proxy_admin_service/paths"
|
26
27
|
require "google/cloud/iap/v1/identity_aware_proxy_admin_service/client"
|
27
28
|
|
28
29
|
module Google
|
@@ -235,11 +235,12 @@ module Google
|
|
235
235
|
##
|
236
236
|
# Constructs a new OAuth brand for the project if one does not exist.
|
237
237
|
# The created brand is "internal only", meaning that OAuth clients created
|
238
|
-
# under it only accept requests from users who belong to the same
|
239
|
-
# organization as the project. The brand is created in an
|
240
|
-
# NOTE: The "internal only" status can be manually
|
241
|
-
# Cloud
|
242
|
-
# project, and that the specified support email is owned by the
|
238
|
+
# under it only accept requests from users who belong to the same Google
|
239
|
+
# Workspace organization as the project. The brand is created in an
|
240
|
+
# un-reviewed status. NOTE: The "internal only" status can be manually
|
241
|
+
# changed in the Google Cloud Console. Requires that a brand does not already
|
242
|
+
# exist for the project, and that the specified support email is owned by the
|
243
|
+
# caller.
|
243
244
|
#
|
244
245
|
# @overload create_brand(request, options = nil)
|
245
246
|
# Pass arguments to `create_brand` via a request object, either of type
|
@@ -1,18 +1,50 @@
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
2
|
# source: google/cloud/iap/v1/service.proto
|
3
3
|
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
4
6
|
require 'google/api/annotations_pb'
|
7
|
+
require 'google/api/client_pb'
|
5
8
|
require 'google/api/field_behavior_pb'
|
9
|
+
require 'google/api/resource_pb'
|
6
10
|
require 'google/iam/v1/iam_policy_pb'
|
7
11
|
require 'google/iam/v1/policy_pb'
|
12
|
+
require 'google/protobuf/duration_pb'
|
8
13
|
require 'google/protobuf/empty_pb'
|
9
14
|
require 'google/protobuf/field_mask_pb'
|
10
15
|
require 'google/protobuf/wrappers_pb'
|
11
|
-
require 'google/api/client_pb'
|
12
|
-
require 'google/protobuf'
|
13
16
|
|
14
17
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
15
18
|
add_file("google/cloud/iap/v1/service.proto", :syntax => :proto3) do
|
19
|
+
add_message "google.cloud.iap.v1.ListTunnelDestGroupsRequest" do
|
20
|
+
optional :parent, :string, 1
|
21
|
+
optional :page_size, :int32, 2
|
22
|
+
optional :page_token, :string, 3
|
23
|
+
end
|
24
|
+
add_message "google.cloud.iap.v1.ListTunnelDestGroupsResponse" do
|
25
|
+
repeated :tunnel_dest_groups, :message, 1, "google.cloud.iap.v1.TunnelDestGroup"
|
26
|
+
optional :next_page_token, :string, 2
|
27
|
+
end
|
28
|
+
add_message "google.cloud.iap.v1.CreateTunnelDestGroupRequest" do
|
29
|
+
optional :parent, :string, 1
|
30
|
+
optional :tunnel_dest_group, :message, 2, "google.cloud.iap.v1.TunnelDestGroup"
|
31
|
+
optional :tunnel_dest_group_id, :string, 3
|
32
|
+
end
|
33
|
+
add_message "google.cloud.iap.v1.GetTunnelDestGroupRequest" do
|
34
|
+
optional :name, :string, 1
|
35
|
+
end
|
36
|
+
add_message "google.cloud.iap.v1.DeleteTunnelDestGroupRequest" do
|
37
|
+
optional :name, :string, 1
|
38
|
+
end
|
39
|
+
add_message "google.cloud.iap.v1.UpdateTunnelDestGroupRequest" do
|
40
|
+
optional :tunnel_dest_group, :message, 1, "google.cloud.iap.v1.TunnelDestGroup"
|
41
|
+
optional :update_mask, :message, 2, "google.protobuf.FieldMask"
|
42
|
+
end
|
43
|
+
add_message "google.cloud.iap.v1.TunnelDestGroup" do
|
44
|
+
optional :name, :string, 1
|
45
|
+
repeated :cidrs, :string, 2
|
46
|
+
repeated :fqdns, :string, 3
|
47
|
+
end
|
16
48
|
add_message "google.cloud.iap.v1.GetIapSettingsRequest" do
|
17
49
|
optional :name, :string, 1
|
18
50
|
end
|
@@ -29,6 +61,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
29
61
|
optional :gcip_settings, :message, 1, "google.cloud.iap.v1.GcipSettings"
|
30
62
|
optional :cors_settings, :message, 2, "google.cloud.iap.v1.CorsSettings"
|
31
63
|
optional :oauth_settings, :message, 3, "google.cloud.iap.v1.OAuthSettings"
|
64
|
+
optional :reauth_settings, :message, 6, "google.cloud.iap.v1.ReauthSettings"
|
32
65
|
end
|
33
66
|
add_message "google.cloud.iap.v1.GcipSettings" do
|
34
67
|
repeated :tenant_ids, :string, 1
|
@@ -40,6 +73,22 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
40
73
|
add_message "google.cloud.iap.v1.OAuthSettings" do
|
41
74
|
optional :login_hint, :message, 2, "google.protobuf.StringValue"
|
42
75
|
end
|
76
|
+
add_message "google.cloud.iap.v1.ReauthSettings" do
|
77
|
+
optional :method, :enum, 1, "google.cloud.iap.v1.ReauthSettings.Method"
|
78
|
+
optional :max_age, :message, 2, "google.protobuf.Duration"
|
79
|
+
optional :policy_type, :enum, 3, "google.cloud.iap.v1.ReauthSettings.PolicyType"
|
80
|
+
end
|
81
|
+
add_enum "google.cloud.iap.v1.ReauthSettings.Method" do
|
82
|
+
value :METHOD_UNSPECIFIED, 0
|
83
|
+
value :LOGIN, 1
|
84
|
+
value :PASSWORD, 2
|
85
|
+
value :SECURE_KEY, 3
|
86
|
+
end
|
87
|
+
add_enum "google.cloud.iap.v1.ReauthSettings.PolicyType" do
|
88
|
+
value :POLICY_TYPE_UNSPECIFIED, 0
|
89
|
+
value :MINIMUM, 1
|
90
|
+
value :DEFAULT, 2
|
91
|
+
end
|
43
92
|
add_message "google.cloud.iap.v1.ApplicationSettings" do
|
44
93
|
optional :csm_settings, :message, 1, "google.cloud.iap.v1.CsmSettings"
|
45
94
|
optional :access_denied_page_settings, :message, 2, "google.cloud.iap.v1.AccessDeniedPageSettings"
|
@@ -105,6 +154,13 @@ module Google
|
|
105
154
|
module Cloud
|
106
155
|
module Iap
|
107
156
|
module V1
|
157
|
+
ListTunnelDestGroupsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ListTunnelDestGroupsRequest").msgclass
|
158
|
+
ListTunnelDestGroupsResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ListTunnelDestGroupsResponse").msgclass
|
159
|
+
CreateTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CreateTunnelDestGroupRequest").msgclass
|
160
|
+
GetTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.GetTunnelDestGroupRequest").msgclass
|
161
|
+
DeleteTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.DeleteTunnelDestGroupRequest").msgclass
|
162
|
+
UpdateTunnelDestGroupRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.UpdateTunnelDestGroupRequest").msgclass
|
163
|
+
TunnelDestGroup = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.TunnelDestGroup").msgclass
|
108
164
|
GetIapSettingsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.GetIapSettingsRequest").msgclass
|
109
165
|
UpdateIapSettingsRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.UpdateIapSettingsRequest").msgclass
|
110
166
|
IapSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.IapSettings").msgclass
|
@@ -112,6 +168,9 @@ module Google
|
|
112
168
|
GcipSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.GcipSettings").msgclass
|
113
169
|
CorsSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CorsSettings").msgclass
|
114
170
|
OAuthSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.OAuthSettings").msgclass
|
171
|
+
ReauthSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings").msgclass
|
172
|
+
ReauthSettings::Method = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings.Method").enummodule
|
173
|
+
ReauthSettings::PolicyType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ReauthSettings.PolicyType").enummodule
|
115
174
|
ApplicationSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.ApplicationSettings").msgclass
|
116
175
|
CsmSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.CsmSettings").msgclass
|
117
176
|
AccessDeniedPageSettings = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.iap.v1.AccessDeniedPageSettings").msgclass
|
@@ -53,6 +53,18 @@ module Google
|
|
53
53
|
# Updates the IAP settings on a particular IAP protected resource. It
|
54
54
|
# replaces all fields unless the `update_mask` is set.
|
55
55
|
rpc :UpdateIapSettings, ::Google::Cloud::Iap::V1::UpdateIapSettingsRequest, ::Google::Cloud::Iap::V1::IapSettings
|
56
|
+
# Lists the existing TunnelDestGroups. To group across all locations, use a
|
57
|
+
# `-` as the location ID. For example:
|
58
|
+
# `/v1/projects/123/iap_tunnel/locations/-/destGroups`
|
59
|
+
rpc :ListTunnelDestGroups, ::Google::Cloud::Iap::V1::ListTunnelDestGroupsRequest, ::Google::Cloud::Iap::V1::ListTunnelDestGroupsResponse
|
60
|
+
# Creates a new TunnelDestGroup.
|
61
|
+
rpc :CreateTunnelDestGroup, ::Google::Cloud::Iap::V1::CreateTunnelDestGroupRequest, ::Google::Cloud::Iap::V1::TunnelDestGroup
|
62
|
+
# Retrieves an existing TunnelDestGroup.
|
63
|
+
rpc :GetTunnelDestGroup, ::Google::Cloud::Iap::V1::GetTunnelDestGroupRequest, ::Google::Cloud::Iap::V1::TunnelDestGroup
|
64
|
+
# Deletes a TunnelDestGroup.
|
65
|
+
rpc :DeleteTunnelDestGroup, ::Google::Cloud::Iap::V1::DeleteTunnelDestGroupRequest, ::Google::Protobuf::Empty
|
66
|
+
# Updates a TunnelDestGroup.
|
67
|
+
rpc :UpdateTunnelDestGroup, ::Google::Cloud::Iap::V1::UpdateTunnelDestGroupRequest, ::Google::Cloud::Iap::V1::TunnelDestGroup
|
56
68
|
end
|
57
69
|
|
58
70
|
Stub = Service.rpc_stub_class
|
@@ -73,11 +85,12 @@ module Google
|
|
73
85
|
rpc :ListBrands, ::Google::Cloud::Iap::V1::ListBrandsRequest, ::Google::Cloud::Iap::V1::ListBrandsResponse
|
74
86
|
# Constructs a new OAuth brand for the project if one does not exist.
|
75
87
|
# The created brand is "internal only", meaning that OAuth clients created
|
76
|
-
# under it only accept requests from users who belong to the same
|
77
|
-
# organization as the project. The brand is created in an
|
78
|
-
# NOTE: The "internal only" status can be manually
|
79
|
-
# Cloud
|
80
|
-
# project, and that the specified support email is owned by the
|
88
|
+
# under it only accept requests from users who belong to the same Google
|
89
|
+
# Workspace organization as the project. The brand is created in an
|
90
|
+
# un-reviewed status. NOTE: The "internal only" status can be manually
|
91
|
+
# changed in the Google Cloud Console. Requires that a brand does not already
|
92
|
+
# exist for the project, and that the specified support email is owned by the
|
93
|
+
# caller.
|
81
94
|
rpc :CreateBrand, ::Google::Cloud::Iap::V1::CreateBrandRequest, ::Google::Cloud::Iap::V1::Brand
|
82
95
|
# Retrieves the OAuth brand of the project.
|
83
96
|
rpc :GetBrand, ::Google::Cloud::Iap::V1::GetBrandRequest, ::Google::Cloud::Iap::V1::Brand
|
data/lib/google/cloud/iap/v1.rb
CHANGED
@@ -33,11 +33,7 @@ module Google
|
|
33
33
|
# // For Kubernetes resources, the format is {api group}/{kind}.
|
34
34
|
# option (google.api.resource) = {
|
35
35
|
# type: "pubsub.googleapis.com/Topic"
|
36
|
-
#
|
37
|
-
# pattern: "projects/{project}/topics/{topic}"
|
38
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
39
|
-
# parent_name_extractor: "projects/{project}"
|
40
|
-
# }
|
36
|
+
# pattern: "projects/{project}/topics/{topic}"
|
41
37
|
# };
|
42
38
|
# }
|
43
39
|
#
|
@@ -45,10 +41,7 @@ module Google
|
|
45
41
|
#
|
46
42
|
# resources:
|
47
43
|
# - type: "pubsub.googleapis.com/Topic"
|
48
|
-
#
|
49
|
-
# - pattern: "projects/{project}/topics/{topic}"
|
50
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
51
|
-
# parent_name_extractor: "projects/{project}"
|
44
|
+
# pattern: "projects/{project}/topics/{topic}"
|
52
45
|
#
|
53
46
|
# Sometimes, resources have multiple patterns, typically because they can
|
54
47
|
# live under multiple parents.
|
@@ -58,26 +51,10 @@ module Google
|
|
58
51
|
# message LogEntry {
|
59
52
|
# option (google.api.resource) = {
|
60
53
|
# type: "logging.googleapis.com/LogEntry"
|
61
|
-
#
|
62
|
-
#
|
63
|
-
#
|
64
|
-
#
|
65
|
-
# }
|
66
|
-
# name_descriptor: {
|
67
|
-
# pattern: "folders/{folder}/logs/{log}"
|
68
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
69
|
-
# parent_name_extractor: "folders/{folder}"
|
70
|
-
# }
|
71
|
-
# name_descriptor: {
|
72
|
-
# pattern: "organizations/{organization}/logs/{log}"
|
73
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
74
|
-
# parent_name_extractor: "organizations/{organization}"
|
75
|
-
# }
|
76
|
-
# name_descriptor: {
|
77
|
-
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
78
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
79
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
80
|
-
# }
|
54
|
+
# pattern: "projects/{project}/logs/{log}"
|
55
|
+
# pattern: "folders/{folder}/logs/{log}"
|
56
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
57
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
81
58
|
# };
|
82
59
|
# }
|
83
60
|
#
|
@@ -85,48 +62,10 @@ module Google
|
|
85
62
|
#
|
86
63
|
# resources:
|
87
64
|
# - type: 'logging.googleapis.com/LogEntry'
|
88
|
-
#
|
89
|
-
#
|
90
|
-
#
|
91
|
-
#
|
92
|
-
# - pattern: "folders/{folder}/logs/{log}"
|
93
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
94
|
-
# parent_name_extractor: "folders/{folder}"
|
95
|
-
# - pattern: "organizations/{organization}/logs/{log}"
|
96
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
97
|
-
# parent_name_extractor: "organizations/{organization}"
|
98
|
-
# - pattern: "billingAccounts/{billing_account}/logs/{log}"
|
99
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
100
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
101
|
-
#
|
102
|
-
# For flexible resources, the resource name doesn't contain parent names, but
|
103
|
-
# the resource itself has parents for policy evaluation.
|
104
|
-
#
|
105
|
-
# Example:
|
106
|
-
#
|
107
|
-
# message Shelf {
|
108
|
-
# option (google.api.resource) = {
|
109
|
-
# type: "library.googleapis.com/Shelf"
|
110
|
-
# name_descriptor: {
|
111
|
-
# pattern: "shelves/{shelf}"
|
112
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
113
|
-
# }
|
114
|
-
# name_descriptor: {
|
115
|
-
# pattern: "shelves/{shelf}"
|
116
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
117
|
-
# }
|
118
|
-
# };
|
119
|
-
# }
|
120
|
-
#
|
121
|
-
# The ResourceDescriptor Yaml config will look like:
|
122
|
-
#
|
123
|
-
# resources:
|
124
|
-
# - type: 'library.googleapis.com/Shelf'
|
125
|
-
# name_descriptor:
|
126
|
-
# - pattern: "shelves/{shelf}"
|
127
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
128
|
-
# - pattern: "shelves/{shelf}"
|
129
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
65
|
+
# pattern: "projects/{project}/logs/{log}"
|
66
|
+
# pattern: "folders/{folder}/logs/{log}"
|
67
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
68
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
130
69
|
# @!attribute [rw] type
|
131
70
|
# @return [::String]
|
132
71
|
# The resource type. It must be in the format of
|
@@ -21,6 +21,118 @@ module Google
|
|
21
21
|
module Cloud
|
22
22
|
module Iap
|
23
23
|
module V1
|
24
|
+
# The request to ListTunnelDestGroups.
|
25
|
+
# @!attribute [rw] parent
|
26
|
+
# @return [::String]
|
27
|
+
# Required. Google Cloud Project ID and location.
|
28
|
+
# In the following format:
|
29
|
+
# `projects/{project_number/id}/iap_tunnel/locations/{location}`.
|
30
|
+
# A `-` can be used for the location to group across all locations.
|
31
|
+
# @!attribute [rw] page_size
|
32
|
+
# @return [::Integer]
|
33
|
+
# The maximum number of groups to return. The service might return fewer than
|
34
|
+
# this value.
|
35
|
+
# If unspecified, at most 100 groups are returned.
|
36
|
+
# The maximum value is 1000; values above 1000 are coerced to 1000.
|
37
|
+
# @!attribute [rw] page_token
|
38
|
+
# @return [::String]
|
39
|
+
# A page token, received from a previous `ListTunnelDestGroups`
|
40
|
+
# call. Provide this to retrieve the subsequent page.
|
41
|
+
#
|
42
|
+
# When paginating, all other parameters provided to
|
43
|
+
# `ListTunnelDestGroups` must match the call that provided the page
|
44
|
+
# token.
|
45
|
+
class ListTunnelDestGroupsRequest
|
46
|
+
include ::Google::Protobuf::MessageExts
|
47
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
48
|
+
end
|
49
|
+
|
50
|
+
# The response from ListTunnelDestGroups.
|
51
|
+
# @!attribute [rw] tunnel_dest_groups
|
52
|
+
# @return [::Array<::Google::Cloud::Iap::V1::TunnelDestGroup>]
|
53
|
+
# TunnelDestGroup existing in the project.
|
54
|
+
# @!attribute [rw] next_page_token
|
55
|
+
# @return [::String]
|
56
|
+
# A token that you can send as `page_token` to retrieve the next page.
|
57
|
+
# If this field is omitted, there are no subsequent pages.
|
58
|
+
class ListTunnelDestGroupsResponse
|
59
|
+
include ::Google::Protobuf::MessageExts
|
60
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
61
|
+
end
|
62
|
+
|
63
|
+
# The request to CreateTunnelDestGroup.
|
64
|
+
# @!attribute [rw] parent
|
65
|
+
# @return [::String]
|
66
|
+
# Required. Google Cloud Project ID and location.
|
67
|
+
# In the following format:
|
68
|
+
# `projects/{project_number/id}/iap_tunnel/locations/{location}`.
|
69
|
+
# @!attribute [rw] tunnel_dest_group
|
70
|
+
# @return [::Google::Cloud::Iap::V1::TunnelDestGroup]
|
71
|
+
# Required. The TunnelDestGroup to create.
|
72
|
+
# @!attribute [rw] tunnel_dest_group_id
|
73
|
+
# @return [::String]
|
74
|
+
# Required. The ID to use for the TunnelDestGroup, which becomes the final component of
|
75
|
+
# the resource name.
|
76
|
+
#
|
77
|
+
# This value must be 4-63 characters, and valid characters
|
78
|
+
# are `[a-z][0-9]-`.
|
79
|
+
class CreateTunnelDestGroupRequest
|
80
|
+
include ::Google::Protobuf::MessageExts
|
81
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
82
|
+
end
|
83
|
+
|
84
|
+
# The request to GetTunnelDestGroup.
|
85
|
+
# @!attribute [rw] name
|
86
|
+
# @return [::String]
|
87
|
+
# Required. Name of the TunnelDestGroup to be fetched.
|
88
|
+
# In the following format:
|
89
|
+
# `projects/{project_number/id}/iap_tunnel/locations/{location}/destGroups/{dest_group}`.
|
90
|
+
class GetTunnelDestGroupRequest
|
91
|
+
include ::Google::Protobuf::MessageExts
|
92
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
93
|
+
end
|
94
|
+
|
95
|
+
# The request to DeleteTunnelDestGroup.
|
96
|
+
# @!attribute [rw] name
|
97
|
+
# @return [::String]
|
98
|
+
# Required. Name of the TunnelDestGroup to delete.
|
99
|
+
# In the following format:
|
100
|
+
# `projects/{project_number/id}/iap_tunnel/locations/{location}/destGroups/{dest_group}`.
|
101
|
+
class DeleteTunnelDestGroupRequest
|
102
|
+
include ::Google::Protobuf::MessageExts
|
103
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
104
|
+
end
|
105
|
+
|
106
|
+
# The request to UpdateTunnelDestGroup.
|
107
|
+
# @!attribute [rw] tunnel_dest_group
|
108
|
+
# @return [::Google::Cloud::Iap::V1::TunnelDestGroup]
|
109
|
+
# Required. The new values for the TunnelDestGroup.
|
110
|
+
# @!attribute [rw] update_mask
|
111
|
+
# @return [::Google::Protobuf::FieldMask]
|
112
|
+
# A field mask that specifies which IAP settings to update.
|
113
|
+
# If omitted, then all of the settings are updated. See
|
114
|
+
# https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask
|
115
|
+
class UpdateTunnelDestGroupRequest
|
116
|
+
include ::Google::Protobuf::MessageExts
|
117
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
118
|
+
end
|
119
|
+
|
120
|
+
# A TunnelDestGroup.
|
121
|
+
# @!attribute [rw] name
|
122
|
+
# @return [::String]
|
123
|
+
# Required. Immutable. Identifier for the TunnelDestGroup. Must be unique within the
|
124
|
+
# project.
|
125
|
+
# @!attribute [rw] cidrs
|
126
|
+
# @return [::Array<::String>]
|
127
|
+
# null List of CIDRs that this group applies to.
|
128
|
+
# @!attribute [rw] fqdns
|
129
|
+
# @return [::Array<::String>]
|
130
|
+
# null List of FQDNs that this group applies to.
|
131
|
+
class TunnelDestGroup
|
132
|
+
include ::Google::Protobuf::MessageExts
|
133
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
134
|
+
end
|
135
|
+
|
24
136
|
# The request sent to GetIapSettings.
|
25
137
|
# @!attribute [rw] name
|
26
138
|
# @return [::String]
|
@@ -73,6 +185,9 @@ module Google
|
|
73
185
|
# @!attribute [rw] oauth_settings
|
74
186
|
# @return [::Google::Cloud::Iap::V1::OAuthSettings]
|
75
187
|
# Settings to configure IAP's OAuth behavior.
|
188
|
+
# @!attribute [rw] reauth_settings
|
189
|
+
# @return [::Google::Cloud::Iap::V1::ReauthSettings]
|
190
|
+
# Settings to configure reauthentication policies in IAP.
|
76
191
|
class AccessSettings
|
77
192
|
include ::Google::Protobuf::MessageExts
|
78
193
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -122,6 +237,55 @@ module Google
|
|
122
237
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
123
238
|
end
|
124
239
|
|
240
|
+
# Configuration for IAP reauthentication policies.
|
241
|
+
# @!attribute [rw] method
|
242
|
+
# @return [::Google::Cloud::Iap::V1::ReauthSettings::Method]
|
243
|
+
# Reauth method required by the policy.
|
244
|
+
# @!attribute [rw] max_age
|
245
|
+
# @return [::Google::Protobuf::Duration]
|
246
|
+
# Reauth session lifetime, how long before a user has to reauthenticate
|
247
|
+
# again.
|
248
|
+
# @!attribute [rw] policy_type
|
249
|
+
# @return [::Google::Cloud::Iap::V1::ReauthSettings::PolicyType]
|
250
|
+
# How IAP determines the effective policy in cases of hierarchial policies.
|
251
|
+
# Policies are merged from higher in the hierarchy to lower in the hierarchy.
|
252
|
+
class ReauthSettings
|
253
|
+
include ::Google::Protobuf::MessageExts
|
254
|
+
extend ::Google::Protobuf::MessageExts::ClassMethods
|
255
|
+
|
256
|
+
# Types of reauthentication methods supported by IAP.
|
257
|
+
module Method
|
258
|
+
# Reauthentication disabled.
|
259
|
+
METHOD_UNSPECIFIED = 0
|
260
|
+
|
261
|
+
# Mimics the behavior as if the user had logged out and tried to log in
|
262
|
+
# again. Users with 2SV (2-step verification) enabled see their 2SV
|
263
|
+
# challenges if they did not opt to have their second factor responses
|
264
|
+
# saved. Apps Core (GSuites) admins can configure settings to disable 2SV
|
265
|
+
# cookies and require 2SV for all Apps Core users in their domains.
|
266
|
+
LOGIN = 1
|
267
|
+
|
268
|
+
# User must type their password.
|
269
|
+
PASSWORD = 2
|
270
|
+
|
271
|
+
# User must use their secure key 2nd factor device.
|
272
|
+
SECURE_KEY = 3
|
273
|
+
end
|
274
|
+
|
275
|
+
# Type of policy in the case of hierarchial policies.
|
276
|
+
module PolicyType
|
277
|
+
# Default value. This value is unused.
|
278
|
+
POLICY_TYPE_UNSPECIFIED = 0
|
279
|
+
|
280
|
+
# This policy acts as a minimum to other policies, lower in the hierarchy.
|
281
|
+
# Effective policy may only be the same or stricter.
|
282
|
+
MINIMUM = 1
|
283
|
+
|
284
|
+
# This policy acts as a default if no other reauth policy is set.
|
285
|
+
DEFAULT = 2
|
286
|
+
end
|
287
|
+
end
|
288
|
+
|
125
289
|
# Wrapper over application specific settings for IAP.
|
126
290
|
# @!attribute [rw] csm_settings
|
127
291
|
# @return [::Google::Cloud::Iap::V1::CsmSettings]
|
@@ -31,6 +31,13 @@ module Google
|
|
31
31
|
# the policy is limited to a few 10s of KB. An empty policy is a
|
32
32
|
# valid policy but certain Cloud Platform services (such as Projects)
|
33
33
|
# might reject them.
|
34
|
+
# @!attribute [rw] update_mask
|
35
|
+
# @return [::Google::Protobuf::FieldMask]
|
36
|
+
# OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
|
37
|
+
# the fields in the mask will be modified. If no mask is provided, the
|
38
|
+
# following default mask is used:
|
39
|
+
#
|
40
|
+
# `paths: "bindings, etag"`
|
34
41
|
class SetIamPolicyRequest
|
35
42
|
include ::Google::Protobuf::MessageExts
|
36
43
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -44,7 +51,7 @@ module Google
|
|
44
51
|
# @!attribute [rw] options
|
45
52
|
# @return [::Google::Iam::V1::GetPolicyOptions]
|
46
53
|
# OPTIONAL: A `GetPolicyOptions` object for specifying options to
|
47
|
-
# `GetIamPolicy`.
|
54
|
+
# `GetIamPolicy`.
|
48
55
|
class GetIamPolicyRequest
|
49
56
|
include ::Google::Protobuf::MessageExts
|
50
57
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -23,14 +23,24 @@ module Google
|
|
23
23
|
# Encapsulates settings provided to GetIamPolicy.
|
24
24
|
# @!attribute [rw] requested_policy_version
|
25
25
|
# @return [::Integer]
|
26
|
-
# Optional. The policy
|
26
|
+
# Optional. The maximum policy version that will be used to format the
|
27
|
+
# policy.
|
27
28
|
#
|
28
29
|
# Valid values are 0, 1, and 3. Requests specifying an invalid value will be
|
29
30
|
# rejected.
|
30
31
|
#
|
31
|
-
# Requests for policies with any conditional bindings must specify
|
32
|
-
# Policies
|
33
|
-
# leave the field unset.
|
32
|
+
# Requests for policies with any conditional role bindings must specify
|
33
|
+
# version 3. Policies with no conditional role bindings may specify any valid
|
34
|
+
# value or leave the field unset.
|
35
|
+
#
|
36
|
+
# The policy in the response might use the policy version that you specified,
|
37
|
+
# or it might use a lower policy version. For example, if you specify version
|
38
|
+
# 3, but the policy has no conditional role bindings, the response uses
|
39
|
+
# version 1.
|
40
|
+
#
|
41
|
+
# To learn which resources support conditions in their IAM policies, see the
|
42
|
+
# [IAM
|
43
|
+
# documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
|
34
44
|
class GetPolicyOptions
|
35
45
|
include ::Google::Protobuf::MessageExts
|
36
46
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|