google-cloud-policy_troubleshooter-v1 0.3.1 → 0.3.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.yardopts +1 -1
- data/AUTHENTICATION.md +15 -33
- data/README.md +1 -1
- data/lib/google/cloud/policy_troubleshooter/v1/iam_checker/client.rb +49 -42
- data/lib/google/cloud/policy_troubleshooter/v1/version.rb +1 -1
- data/lib/google/cloud/policytroubleshooter/v1/checker_pb.rb +2 -2
- data/lib/google/cloud/policytroubleshooter/v1/explanations_pb.rb +2 -2
- data/proto_docs/google/api/field_behavior.rb +7 -1
- data/proto_docs/google/api/resource.rb +10 -71
- data/proto_docs/google/type/expr.rb +35 -12
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 182c5243e6e0b1fd1e2ebcdaf023e30f27f58798cc864ec7d3711a5eab01c52e
|
|
4
|
+
data.tar.gz: c37c044bc73ef011fc95b38c55cd28416930a75733ec41c42dff1822f192466a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f4f71387b5fd587ef55be3538f28ae71431256e5a75d63414328bd5c7e70b0dc5f0197aac4cb000e2d8e9f7280260b9c5d5353008b0ce57f7db2c04b24b68cec
|
|
7
|
+
data.tar.gz: 94086ff1c5583bf3b774907cfc78f314888328d4e64683f8a02d6f8fe6d856a4db08263108586f8d66c431b098af1e4fbace7d6ce05957984b5818ce3e7fbbb6
|
data/.yardopts
CHANGED
data/AUTHENTICATION.md
CHANGED
|
@@ -66,11 +66,11 @@ The environment variables that google-cloud-policy_troubleshooter-v1
|
|
|
66
66
|
checks for credentials are configured on the service Credentials class (such as
|
|
67
67
|
{::Google::Cloud::PolicyTroubleshooter::V1::IamChecker::Credentials}):
|
|
68
68
|
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
69
|
+
* `POLICY_TROUBLESHOOTER_CREDENTIALS` - Path to JSON file, or JSON contents
|
|
70
|
+
* `POLICY_TROUBLESHOOTER_KEYFILE` - Path to JSON file, or JSON contents
|
|
71
|
+
* `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
|
|
72
|
+
* `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents
|
|
73
|
+
* `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
|
|
74
74
|
|
|
75
75
|
```ruby
|
|
76
76
|
require "google/cloud/policy_troubleshooter/v1"
|
|
@@ -82,8 +82,8 @@ client = ::Google::Cloud::PolicyTroubleshooter::V1::IamChecker::Client.new
|
|
|
82
82
|
|
|
83
83
|
### Configuration
|
|
84
84
|
|
|
85
|
-
The **Credentials JSON** can be configured instead of
|
|
86
|
-
environment
|
|
85
|
+
The path to the **Credentials JSON** file can be configured instead of storing
|
|
86
|
+
it in an environment variable. Either on an individual client initialization:
|
|
87
87
|
|
|
88
88
|
```ruby
|
|
89
89
|
require "google/cloud/policy_troubleshooter/v1"
|
|
@@ -93,7 +93,7 @@ client = ::Google::Cloud::PolicyTroubleshooter::V1::IamChecker::Client.new do |c
|
|
|
93
93
|
end
|
|
94
94
|
```
|
|
95
95
|
|
|
96
|
-
Or
|
|
96
|
+
Or globally for all clients:
|
|
97
97
|
|
|
98
98
|
```ruby
|
|
99
99
|
require "google/cloud/policy_troubleshooter/v1"
|
|
@@ -120,15 +120,6 @@ To configure your system for this, simply:
|
|
|
120
120
|
**NOTE:** This is _not_ recommended for running in production. The Cloud SDK
|
|
121
121
|
*should* only be used during development.
|
|
122
122
|
|
|
123
|
-
[gce-how-to]: https://cloud.google.com/compute/docs/authentication#using
|
|
124
|
-
[dev-console]: https://console.cloud.google.com/project
|
|
125
|
-
|
|
126
|
-
[enable-apis]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/enable-apis.png
|
|
127
|
-
|
|
128
|
-
[create-new-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account.png
|
|
129
|
-
[create-new-service-account-existing-keys]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/create-new-service-account-existing-keys.png
|
|
130
|
-
[reuse-service-account]: https://raw.githubusercontent.com/GoogleCloudPlatform/gcloud-common/master/authentication/reuse-service-account.png
|
|
131
|
-
|
|
132
123
|
## Creating a Service Account
|
|
133
124
|
|
|
134
125
|
Google Cloud requires **Service Account Credentials** to
|
|
@@ -139,31 +130,22 @@ If you are not running this client within
|
|
|
139
130
|
[Google Cloud Platform environments](#google-cloud-platform-environments), you
|
|
140
131
|
need a Google Developers service account.
|
|
141
132
|
|
|
142
|
-
1. Visit the [Google
|
|
133
|
+
1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
|
|
143
134
|
2. Create a new project or click on an existing project.
|
|
144
|
-
3. Activate the
|
|
135
|
+
3. Activate the menu in the upper left and select **APIs & Services**. From
|
|
145
136
|
here, you will enable the APIs that your application requires.
|
|
146
137
|
|
|
147
|
-
![Enable the APIs that your application requires][enable-apis]
|
|
148
|
-
|
|
149
138
|
*Note: You may need to enable billing in order to use these services.*
|
|
150
139
|
|
|
151
140
|
4. Select **Credentials** from the side navigation.
|
|
152
141
|
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
![Create a new service account][create-new-service-account]
|
|
156
|
-
|
|
157
|
-
![Create a new service account With Existing Keys][create-new-service-account-existing-keys]
|
|
158
|
-
|
|
159
|
-
Find the "Add credentials" drop down and select "Service account" to be
|
|
160
|
-
guided through downloading a new JSON key file.
|
|
142
|
+
Find the "Create credentials" drop down near the top of the page, and select
|
|
143
|
+
"Service account" to be guided through downloading a new JSON key file.
|
|
161
144
|
|
|
162
145
|
If you want to re-use an existing service account, you can easily generate a
|
|
163
|
-
new key file. Just select the account you wish to re-use,
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
![Re-use an existing service account][reuse-service-account]
|
|
146
|
+
new key file. Just select the account you wish to re-use, click the pencil
|
|
147
|
+
tool on the right side to edit the service account, select the **Keys** tab,
|
|
148
|
+
and then select **Add Key**.
|
|
167
149
|
|
|
168
150
|
The key file you download will be used by this library to authenticate API
|
|
169
151
|
requests and should be stored in a secure location.
|
data/README.md
CHANGED
|
@@ -33,7 +33,7 @@ In order to use this library, you first need to go through the following steps:
|
|
|
33
33
|
require "google/cloud/policy_troubleshooter/v1"
|
|
34
34
|
|
|
35
35
|
client = ::Google::Cloud::PolicyTroubleshooter::V1::IamChecker::Client.new
|
|
36
|
-
request =
|
|
36
|
+
request = ::Google::Cloud::PolicyTroubleshooter::V1::TroubleshootIamPolicyRequest.new # (request fields as keyword arguments...)
|
|
37
37
|
response = client.troubleshoot_iam_policy request
|
|
38
38
|
```
|
|
39
39
|
|
|
@@ -41,13 +41,12 @@ module Google
|
|
|
41
41
|
# See {::Google::Cloud::PolicyTroubleshooter::V1::IamChecker::Client::Configuration}
|
|
42
42
|
# for a description of the configuration fields.
|
|
43
43
|
#
|
|
44
|
-
#
|
|
44
|
+
# @example
|
|
45
45
|
#
|
|
46
|
-
#
|
|
47
|
-
#
|
|
48
|
-
#
|
|
49
|
-
#
|
|
50
|
-
# end
|
|
46
|
+
# # Modify the configuration for all IamChecker clients
|
|
47
|
+
# ::Google::Cloud::PolicyTroubleshooter::V1::IamChecker::Client.configure do |config|
|
|
48
|
+
# config.timeout = 10.0
|
|
49
|
+
# end
|
|
51
50
|
#
|
|
52
51
|
# @yield [config] Configure the Client client.
|
|
53
52
|
# @yieldparam config [Client::Configuration]
|
|
@@ -67,10 +66,7 @@ module Google
|
|
|
67
66
|
|
|
68
67
|
default_config.timeout = 60.0
|
|
69
68
|
default_config.retry_policy = {
|
|
70
|
-
initial_delay: 1.0,
|
|
71
|
-
max_delay: 60.0,
|
|
72
|
-
multiplier: 1.3,
|
|
73
|
-
retry_codes: [14, 2]
|
|
69
|
+
initial_delay: 1.0, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 2]
|
|
74
70
|
}
|
|
75
71
|
|
|
76
72
|
default_config.rpcs.troubleshoot_iam_policy.timeout = 60.0
|
|
@@ -104,19 +100,15 @@ module Google
|
|
|
104
100
|
##
|
|
105
101
|
# Create a new IamChecker client object.
|
|
106
102
|
#
|
|
107
|
-
#
|
|
108
|
-
#
|
|
109
|
-
# To create a new IamChecker client with the default
|
|
110
|
-
# configuration:
|
|
103
|
+
# @example
|
|
111
104
|
#
|
|
112
|
-
#
|
|
105
|
+
# # Create a client using the default configuration
|
|
106
|
+
# client = ::Google::Cloud::PolicyTroubleshooter::V1::IamChecker::Client.new
|
|
113
107
|
#
|
|
114
|
-
#
|
|
115
|
-
#
|
|
116
|
-
#
|
|
117
|
-
#
|
|
118
|
-
# config.timeout = 10.0
|
|
119
|
-
# end
|
|
108
|
+
# # Create a client using a custom configuration
|
|
109
|
+
# client = ::Google::Cloud::PolicyTroubleshooter::V1::IamChecker::Client.new do |config|
|
|
110
|
+
# config.timeout = 10.0
|
|
111
|
+
# end
|
|
120
112
|
#
|
|
121
113
|
# @yield [config] Configure the IamChecker client.
|
|
122
114
|
# @yieldparam config [Client::Configuration]
|
|
@@ -136,14 +128,13 @@ module Google
|
|
|
136
128
|
|
|
137
129
|
# Create credentials
|
|
138
130
|
credentials = @config.credentials
|
|
139
|
-
# Use self-signed JWT if the
|
|
131
|
+
# Use self-signed JWT if the endpoint is unchanged from default,
|
|
140
132
|
# but only if the default endpoint does not have a region prefix.
|
|
141
|
-
enable_self_signed_jwt = @config.
|
|
142
|
-
@config.endpoint == Client.configure.endpoint &&
|
|
133
|
+
enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
|
|
143
134
|
!@config.endpoint.split(".").first.include?("-")
|
|
144
135
|
credentials ||= Credentials.default scope: @config.scope,
|
|
145
136
|
enable_self_signed_jwt: enable_self_signed_jwt
|
|
146
|
-
if credentials.is_a?(String) || credentials.is_a?(Hash)
|
|
137
|
+
if credentials.is_a?(::String) || credentials.is_a?(::Hash)
|
|
147
138
|
credentials = Credentials.new credentials, scope: @config.scope
|
|
148
139
|
end
|
|
149
140
|
@quota_project_id = @config.quota_project
|
|
@@ -191,6 +182,21 @@ module Google
|
|
|
191
182
|
#
|
|
192
183
|
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
|
193
184
|
#
|
|
185
|
+
# @example Basic example
|
|
186
|
+
# require "google/cloud/policy_troubleshooter/v1"
|
|
187
|
+
#
|
|
188
|
+
# # Create a client object. The client can be reused for multiple calls.
|
|
189
|
+
# client = Google::Cloud::PolicyTroubleshooter::V1::IamChecker::Client.new
|
|
190
|
+
#
|
|
191
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
|
192
|
+
# request = Google::Cloud::PolicyTroubleshooter::V1::TroubleshootIamPolicyRequest.new
|
|
193
|
+
#
|
|
194
|
+
# # Call the troubleshoot_iam_policy method.
|
|
195
|
+
# result = client.troubleshoot_iam_policy request
|
|
196
|
+
#
|
|
197
|
+
# # The returned object is of type Google::Cloud::PolicyTroubleshooter::V1::TroubleshootIamPolicyResponse.
|
|
198
|
+
# p result
|
|
199
|
+
#
|
|
194
200
|
def troubleshoot_iam_policy request, options = nil
|
|
195
201
|
raise ::ArgumentError, "request must be provided" if request.nil?
|
|
196
202
|
|
|
@@ -211,7 +217,9 @@ module Google
|
|
|
211
217
|
options.apply_defaults timeout: @config.rpcs.troubleshoot_iam_policy.timeout,
|
|
212
218
|
metadata: metadata,
|
|
213
219
|
retry_policy: @config.rpcs.troubleshoot_iam_policy.retry_policy
|
|
214
|
-
|
|
220
|
+
|
|
221
|
+
options.apply_defaults timeout: @config.timeout,
|
|
222
|
+
metadata: @config.metadata,
|
|
215
223
|
retry_policy: @config.retry_policy
|
|
216
224
|
|
|
217
225
|
@iam_checker_stub.call_rpc :troubleshoot_iam_policy, request, options: options do |response, operation|
|
|
@@ -235,22 +243,21 @@ module Google
|
|
|
235
243
|
# Configuration can be applied globally to all clients, or to a single client
|
|
236
244
|
# on construction.
|
|
237
245
|
#
|
|
238
|
-
#
|
|
239
|
-
#
|
|
240
|
-
#
|
|
241
|
-
# to 20 seconds,
|
|
242
|
-
#
|
|
243
|
-
#
|
|
244
|
-
#
|
|
245
|
-
#
|
|
246
|
-
#
|
|
247
|
-
#
|
|
248
|
-
#
|
|
249
|
-
#
|
|
250
|
-
#
|
|
251
|
-
#
|
|
252
|
-
#
|
|
253
|
-
# end
|
|
246
|
+
# @example
|
|
247
|
+
#
|
|
248
|
+
# # Modify the global config, setting the timeout for
|
|
249
|
+
# # troubleshoot_iam_policy to 20 seconds,
|
|
250
|
+
# # and all remaining timeouts to 10 seconds.
|
|
251
|
+
# ::Google::Cloud::PolicyTroubleshooter::V1::IamChecker::Client.configure do |config|
|
|
252
|
+
# config.timeout = 10.0
|
|
253
|
+
# config.rpcs.troubleshoot_iam_policy.timeout = 20.0
|
|
254
|
+
# end
|
|
255
|
+
#
|
|
256
|
+
# # Apply the above configuration only to a new client.
|
|
257
|
+
# client = ::Google::Cloud::PolicyTroubleshooter::V1::IamChecker::Client.new do |config|
|
|
258
|
+
# config.timeout = 10.0
|
|
259
|
+
# config.rpcs.troubleshoot_iam_policy.timeout = 20.0
|
|
260
|
+
# end
|
|
254
261
|
#
|
|
255
262
|
# @!attribute [rw] endpoint
|
|
256
263
|
# The hostname or hostname:port of the service endpoint.
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
2
|
# source: google/cloud/policytroubleshooter/v1/checker.proto
|
|
3
3
|
|
|
4
|
-
require 'google/protobuf'
|
|
5
|
-
|
|
6
4
|
require 'google/cloud/policytroubleshooter/v1/explanations_pb'
|
|
7
5
|
require 'google/api/annotations_pb'
|
|
8
6
|
require 'google/api/client_pb'
|
|
7
|
+
require 'google/protobuf'
|
|
8
|
+
|
|
9
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
10
10
|
add_file("google/cloud/policytroubleshooter/v1/checker.proto", :syntax => :proto3) do
|
|
11
11
|
add_message "google.cloud.policytroubleshooter.v1.TroubleshootIamPolicyRequest" do
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
2
|
# source: google/cloud/policytroubleshooter/v1/explanations.proto
|
|
3
3
|
|
|
4
|
-
require 'google/protobuf'
|
|
5
|
-
|
|
6
4
|
require 'google/api/field_behavior_pb'
|
|
7
5
|
require 'google/iam/v1/policy_pb'
|
|
8
6
|
require 'google/type/expr_pb'
|
|
7
|
+
require 'google/protobuf'
|
|
8
|
+
|
|
9
9
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
10
10
|
add_file("google/cloud/policytroubleshooter/v1/explanations.proto", :syntax => :proto3) do
|
|
11
11
|
add_message "google.cloud.policytroubleshooter.v1.AccessTuple" do
|
|
@@ -57,9 +57,15 @@ module Google
|
|
|
57
57
|
|
|
58
58
|
# Denotes that a (repeated) field is an unordered list.
|
|
59
59
|
# This indicates that the service may provide the elements of the list
|
|
60
|
-
# in any arbitrary
|
|
60
|
+
# in any arbitrary order, rather than the order the user originally
|
|
61
61
|
# provided. Additionally, the list's order may or may not be stable.
|
|
62
62
|
UNORDERED_LIST = 6
|
|
63
|
+
|
|
64
|
+
# Denotes that this field returns a non-empty default value if not set.
|
|
65
|
+
# This indicates that if the user provides the empty value in a request,
|
|
66
|
+
# a non-empty value will be returned. The user will not be aware of what
|
|
67
|
+
# non-empty value to expect.
|
|
68
|
+
NON_EMPTY_DEFAULT = 7
|
|
63
69
|
end
|
|
64
70
|
end
|
|
65
71
|
end
|
|
@@ -33,11 +33,7 @@ module Google
|
|
|
33
33
|
# // For Kubernetes resources, the format is {api group}/{kind}.
|
|
34
34
|
# option (google.api.resource) = {
|
|
35
35
|
# type: "pubsub.googleapis.com/Topic"
|
|
36
|
-
#
|
|
37
|
-
# pattern: "projects/{project}/topics/{topic}"
|
|
38
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
|
39
|
-
# parent_name_extractor: "projects/{project}"
|
|
40
|
-
# }
|
|
36
|
+
# pattern: "projects/{project}/topics/{topic}"
|
|
41
37
|
# };
|
|
42
38
|
# }
|
|
43
39
|
#
|
|
@@ -45,10 +41,7 @@ module Google
|
|
|
45
41
|
#
|
|
46
42
|
# resources:
|
|
47
43
|
# - type: "pubsub.googleapis.com/Topic"
|
|
48
|
-
#
|
|
49
|
-
# - pattern: "projects/{project}/topics/{topic}"
|
|
50
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
|
51
|
-
# parent_name_extractor: "projects/{project}"
|
|
44
|
+
# pattern: "projects/{project}/topics/{topic}"
|
|
52
45
|
#
|
|
53
46
|
# Sometimes, resources have multiple patterns, typically because they can
|
|
54
47
|
# live under multiple parents.
|
|
@@ -58,26 +51,10 @@ module Google
|
|
|
58
51
|
# message LogEntry {
|
|
59
52
|
# option (google.api.resource) = {
|
|
60
53
|
# type: "logging.googleapis.com/LogEntry"
|
|
61
|
-
#
|
|
62
|
-
#
|
|
63
|
-
#
|
|
64
|
-
#
|
|
65
|
-
# }
|
|
66
|
-
# name_descriptor: {
|
|
67
|
-
# pattern: "folders/{folder}/logs/{log}"
|
|
68
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
|
69
|
-
# parent_name_extractor: "folders/{folder}"
|
|
70
|
-
# }
|
|
71
|
-
# name_descriptor: {
|
|
72
|
-
# pattern: "organizations/{organization}/logs/{log}"
|
|
73
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
|
74
|
-
# parent_name_extractor: "organizations/{organization}"
|
|
75
|
-
# }
|
|
76
|
-
# name_descriptor: {
|
|
77
|
-
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
|
78
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
|
79
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
|
80
|
-
# }
|
|
54
|
+
# pattern: "projects/{project}/logs/{log}"
|
|
55
|
+
# pattern: "folders/{folder}/logs/{log}"
|
|
56
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
|
57
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
|
81
58
|
# };
|
|
82
59
|
# }
|
|
83
60
|
#
|
|
@@ -85,48 +62,10 @@ module Google
|
|
|
85
62
|
#
|
|
86
63
|
# resources:
|
|
87
64
|
# - type: 'logging.googleapis.com/LogEntry'
|
|
88
|
-
#
|
|
89
|
-
#
|
|
90
|
-
#
|
|
91
|
-
#
|
|
92
|
-
# - pattern: "folders/{folder}/logs/{log}"
|
|
93
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
|
94
|
-
# parent_name_extractor: "folders/{folder}"
|
|
95
|
-
# - pattern: "organizations/{organization}/logs/{log}"
|
|
96
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Organization"
|
|
97
|
-
# parent_name_extractor: "organizations/{organization}"
|
|
98
|
-
# - pattern: "billingAccounts/{billing_account}/logs/{log}"
|
|
99
|
-
# parent_type: "billing.googleapis.com/BillingAccount"
|
|
100
|
-
# parent_name_extractor: "billingAccounts/{billing_account}"
|
|
101
|
-
#
|
|
102
|
-
# For flexible resources, the resource name doesn't contain parent names, but
|
|
103
|
-
# the resource itself has parents for policy evaluation.
|
|
104
|
-
#
|
|
105
|
-
# Example:
|
|
106
|
-
#
|
|
107
|
-
# message Shelf {
|
|
108
|
-
# option (google.api.resource) = {
|
|
109
|
-
# type: "library.googleapis.com/Shelf"
|
|
110
|
-
# name_descriptor: {
|
|
111
|
-
# pattern: "shelves/{shelf}"
|
|
112
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
|
113
|
-
# }
|
|
114
|
-
# name_descriptor: {
|
|
115
|
-
# pattern: "shelves/{shelf}"
|
|
116
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
|
117
|
-
# }
|
|
118
|
-
# };
|
|
119
|
-
# }
|
|
120
|
-
#
|
|
121
|
-
# The ResourceDescriptor Yaml config will look like:
|
|
122
|
-
#
|
|
123
|
-
# resources:
|
|
124
|
-
# - type: 'library.googleapis.com/Shelf'
|
|
125
|
-
# name_descriptor:
|
|
126
|
-
# - pattern: "shelves/{shelf}"
|
|
127
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Project"
|
|
128
|
-
# - pattern: "shelves/{shelf}"
|
|
129
|
-
# parent_type: "cloudresourcemanager.googleapis.com/Folder"
|
|
65
|
+
# pattern: "projects/{project}/logs/{log}"
|
|
66
|
+
# pattern: "folders/{folder}/logs/{log}"
|
|
67
|
+
# pattern: "organizations/{organization}/logs/{log}"
|
|
68
|
+
# pattern: "billingAccounts/{billing_account}/logs/{log}"
|
|
130
69
|
# @!attribute [rw] type
|
|
131
70
|
# @return [::String]
|
|
132
71
|
# The resource type. It must be in the format of
|
|
@@ -19,30 +19,53 @@
|
|
|
19
19
|
|
|
20
20
|
module Google
|
|
21
21
|
module Type
|
|
22
|
-
# Represents
|
|
22
|
+
# Represents a textual expression in the Common Expression Language (CEL)
|
|
23
|
+
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
|
|
24
|
+
# are documented at https://github.com/google/cel-spec.
|
|
23
25
|
#
|
|
24
|
-
#
|
|
25
|
-
#
|
|
26
|
-
#
|
|
26
|
+
# Example (Comparison):
|
|
27
|
+
#
|
|
28
|
+
# title: "Summary size limit"
|
|
29
|
+
# description: "Determines if a summary is less than 100 chars"
|
|
30
|
+
# expression: "document.summary.size() < 100"
|
|
31
|
+
#
|
|
32
|
+
# Example (Equality):
|
|
33
|
+
#
|
|
34
|
+
# title: "Requestor is owner"
|
|
35
|
+
# description: "Determines if requestor is the document owner"
|
|
36
|
+
# expression: "document.owner == request.auth.claims.email"
|
|
37
|
+
#
|
|
38
|
+
# Example (Logic):
|
|
39
|
+
#
|
|
40
|
+
# title: "Public documents"
|
|
41
|
+
# description: "Determine whether the document should be publicly visible"
|
|
42
|
+
# expression: "document.type != 'private' && document.type != 'internal'"
|
|
43
|
+
#
|
|
44
|
+
# Example (Data Manipulation):
|
|
45
|
+
#
|
|
46
|
+
# title: "Notification string"
|
|
47
|
+
# description: "Create a notification string with a timestamp."
|
|
48
|
+
# expression: "'New message received at ' + string(document.create_time)"
|
|
49
|
+
#
|
|
50
|
+
# The exact variables and functions that may be referenced within an expression
|
|
51
|
+
# are determined by the service that evaluates it. See the service
|
|
52
|
+
# documentation for additional information.
|
|
27
53
|
# @!attribute [rw] expression
|
|
28
54
|
# @return [::String]
|
|
29
|
-
# Textual representation of an expression in
|
|
30
|
-
#
|
|
31
|
-
#
|
|
32
|
-
# The application context of the containing message determines which
|
|
33
|
-
# well-known feature set of CEL is supported.
|
|
55
|
+
# Textual representation of an expression in Common Expression Language
|
|
56
|
+
# syntax.
|
|
34
57
|
# @!attribute [rw] title
|
|
35
58
|
# @return [::String]
|
|
36
|
-
#
|
|
59
|
+
# Optional. Title for the expression, i.e. a short string describing
|
|
37
60
|
# its purpose. This can be used e.g. in UIs which allow to enter the
|
|
38
61
|
# expression.
|
|
39
62
|
# @!attribute [rw] description
|
|
40
63
|
# @return [::String]
|
|
41
|
-
#
|
|
64
|
+
# Optional. Description of the expression. This is a longer text which
|
|
42
65
|
# describes the expression, e.g. when hovered over it in a UI.
|
|
43
66
|
# @!attribute [rw] location
|
|
44
67
|
# @return [::String]
|
|
45
|
-
#
|
|
68
|
+
# Optional. String indicating the location of the expression for error
|
|
46
69
|
# reporting, e.g. a file name and a position in the file.
|
|
47
70
|
class Expr
|
|
48
71
|
include ::Google::Protobuf::MessageExts
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-cloud-policy_troubleshooter-v1
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Google LLC
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-01-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: gapic-common
|
|
@@ -16,7 +16,7 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '0.
|
|
19
|
+
version: '0.7'
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
22
|
version: 2.a
|
|
@@ -26,7 +26,7 @@ dependencies:
|
|
|
26
26
|
requirements:
|
|
27
27
|
- - ">="
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version: '0.
|
|
29
|
+
version: '0.7'
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: 2.a
|
|
@@ -228,7 +228,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
228
228
|
- !ruby/object:Gem::Version
|
|
229
229
|
version: '0'
|
|
230
230
|
requirements: []
|
|
231
|
-
rubygems_version: 3.
|
|
231
|
+
rubygems_version: 3.3.4
|
|
232
232
|
signing_key:
|
|
233
233
|
specification_version: 4
|
|
234
234
|
summary: API Client library for the IAM Policy Troubleshooter V1 API
|