google-cloud-secret_manager-v1 0.2.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -22,57 +22,58 @@ module Google
22
22
  module V1
23
23
  # Request message for `SetIamPolicy` method.
24
24
  # @!attribute [rw] resource
25
- # @return [String]
25
+ # @return [::String]
26
26
  # REQUIRED: The resource for which the policy is being specified.
27
- # `resource` is usually specified as a path. For example, a Project
28
- # resource is specified as `projects/{project}`.
27
+ # See the operation documentation for the appropriate value for this field.
29
28
  # @!attribute [rw] policy
30
- # @return [Google::Iam::V1::Policy]
29
+ # @return [::Google::Iam::V1::Policy]
31
30
  # REQUIRED: The complete policy to be applied to the `resource`. The size of
32
31
  # the policy is limited to a few 10s of KB. An empty policy is a
33
32
  # valid policy but certain Cloud Platform services (such as Projects)
34
33
  # might reject them.
35
34
  class SetIamPolicyRequest
36
- include Google::Protobuf::MessageExts
37
- extend Google::Protobuf::MessageExts::ClassMethods
35
+ include ::Google::Protobuf::MessageExts
36
+ extend ::Google::Protobuf::MessageExts::ClassMethods
38
37
  end
39
38
 
40
39
  # Request message for `GetIamPolicy` method.
41
40
  # @!attribute [rw] resource
42
- # @return [String]
41
+ # @return [::String]
43
42
  # REQUIRED: The resource for which the policy is being requested.
44
- # `resource` is usually specified as a path. For example, a Project
45
- # resource is specified as `projects/{project}`.
43
+ # See the operation documentation for the appropriate value for this field.
44
+ # @!attribute [rw] options
45
+ # @return [::Google::Iam::V1::GetPolicyOptions]
46
+ # OPTIONAL: A `GetPolicyOptions` object for specifying options to
47
+ # `GetIamPolicy`. This field is only used by Cloud IAM.
46
48
  class GetIamPolicyRequest
47
- include Google::Protobuf::MessageExts
48
- extend Google::Protobuf::MessageExts::ClassMethods
49
+ include ::Google::Protobuf::MessageExts
50
+ extend ::Google::Protobuf::MessageExts::ClassMethods
49
51
  end
50
52
 
51
53
  # Request message for `TestIamPermissions` method.
52
54
  # @!attribute [rw] resource
53
- # @return [String]
55
+ # @return [::String]
54
56
  # REQUIRED: The resource for which the policy detail is being requested.
55
- # `resource` is usually specified as a path. For example, a Project
56
- # resource is specified as `projects/{project}`.
57
+ # See the operation documentation for the appropriate value for this field.
57
58
  # @!attribute [rw] permissions
58
- # @return [Array<String>]
59
+ # @return [::Array<::String>]
59
60
  # The set of permissions to check for the `resource`. Permissions with
60
61
  # wildcards (such as '*' or 'storage.*') are not allowed. For more
61
62
  # information see
62
63
  # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
63
64
  class TestIamPermissionsRequest
64
- include Google::Protobuf::MessageExts
65
- extend Google::Protobuf::MessageExts::ClassMethods
65
+ include ::Google::Protobuf::MessageExts
66
+ extend ::Google::Protobuf::MessageExts::ClassMethods
66
67
  end
67
68
 
68
69
  # Response message for `TestIamPermissions` method.
69
70
  # @!attribute [rw] permissions
70
- # @return [Array<String>]
71
+ # @return [::Array<::String>]
71
72
  # A subset of `TestPermissionsRequest.permissions` that the caller is
72
73
  # allowed.
73
74
  class TestIamPermissionsResponse
74
- include Google::Protobuf::MessageExts
75
- extend Google::Protobuf::MessageExts::ClassMethods
75
+ include ::Google::Protobuf::MessageExts
76
+ extend ::Google::Protobuf::MessageExts::ClassMethods
76
77
  end
77
78
  end
78
79
  end
@@ -0,0 +1,40 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Iam
22
+ module V1
23
+ # Encapsulates settings provided to GetIamPolicy.
24
+ # @!attribute [rw] requested_policy_version
25
+ # @return [::Integer]
26
+ # Optional. The policy format version to be returned.
27
+ #
28
+ # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
29
+ # rejected.
30
+ #
31
+ # Requests for policies with any conditional bindings must specify version 3.
32
+ # Policies without any conditional bindings may specify any valid value or
33
+ # leave the field unset.
34
+ class GetPolicyOptions
35
+ include ::Google::Protobuf::MessageExts
36
+ extend ::Google::Protobuf::MessageExts::ClassMethods
37
+ end
38
+ end
39
+ end
40
+ end
@@ -24,43 +24,82 @@ module Google
24
24
  # specify access control policies for Cloud Platform resources.
25
25
  #
26
26
  #
27
- # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
28
- # `members` to a `role`, where the members can be user accounts, Google groups,
29
- # Google domains, and service accounts. A `role` is a named list of permissions
30
- # defined by IAM.
27
+ # A `Policy` is a collection of `bindings`. A `binding` binds one or more
28
+ # `members` to a single `role`. Members can be user accounts, service accounts,
29
+ # Google groups, and domains (such as G Suite). A `role` is a named list of
30
+ # permissions (defined by IAM or configured by users). A `binding` can
31
+ # optionally specify a `condition`, which is a logic expression that further
32
+ # constrains the role binding based on attributes about the request and/or
33
+ # target resource.
31
34
  #
32
- # **Example**
35
+ # **JSON Example**
33
36
  #
34
37
  # {
35
38
  # "bindings": [
36
39
  # {
37
- # "role": "roles/owner",
40
+ # "role": "roles/resourcemanager.organizationAdmin",
38
41
  # "members": [
39
42
  # "user:mike@example.com",
40
43
  # "group:admins@example.com",
41
44
  # "domain:google.com",
42
- # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
45
+ # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
43
46
  # ]
44
47
  # },
45
48
  # {
46
- # "role": "roles/viewer",
47
- # "members": ["user:sean@example.com"]
49
+ # "role": "roles/resourcemanager.organizationViewer",
50
+ # "members": ["user:eve@example.com"],
51
+ # "condition": {
52
+ # "title": "expirable access",
53
+ # "description": "Does not grant access after Sep 2020",
54
+ # "expression": "request.time <
55
+ # timestamp('2020-10-01T00:00:00.000Z')",
56
+ # }
48
57
  # }
49
58
  # ]
50
59
  # }
51
60
  #
61
+ # **YAML Example**
62
+ #
63
+ # bindings:
64
+ # - members:
65
+ # - user:mike@example.com
66
+ # - group:admins@example.com
67
+ # - domain:google.com
68
+ # - serviceAccount:my-project-id@appspot.gserviceaccount.com
69
+ # role: roles/resourcemanager.organizationAdmin
70
+ # - members:
71
+ # - user:eve@example.com
72
+ # role: roles/resourcemanager.organizationViewer
73
+ # condition:
74
+ # title: expirable access
75
+ # description: Does not grant access after Sep 2020
76
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
77
+ #
52
78
  # For a description of IAM and its features, see the
53
- # [IAM developer's guide](https://cloud.google.com/iam).
79
+ # [IAM developer's guide](https://cloud.google.com/iam/docs).
54
80
  # @!attribute [rw] version
55
- # @return [Integer]
56
- # Version of the `Policy`. The default version is 0.
81
+ # @return [::Integer]
82
+ # Specifies the format of the policy.
83
+ #
84
+ # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
85
+ # rejected.
86
+ #
87
+ # Operations affecting conditional bindings must specify version 3. This can
88
+ # be either setting a conditional policy, modifying a conditional binding,
89
+ # or removing a binding (conditional or unconditional) from the stored
90
+ # conditional policy.
91
+ # Operations on non-conditional policies may specify any valid value or
92
+ # leave the field unset.
93
+ #
94
+ # If no etag is provided in the call to `setIamPolicy`, version compliance
95
+ # checks against the stored policy is skipped.
57
96
  # @!attribute [rw] bindings
58
- # @return [Array<Google::Iam::V1::Binding>]
59
- # Associates a list of `members` to a `role`.
60
- # Multiple `bindings` must not be specified for the same `role`.
97
+ # @return [::Array<::Google::Iam::V1::Binding>]
98
+ # Associates a list of `members` to a `role`. Optionally may specify a
99
+ # `condition` that determines when binding is in effect.
61
100
  # `bindings` with no members will result in an error.
62
101
  # @!attribute [rw] etag
63
- # @return [String]
102
+ # @return [::String]
64
103
  # `etag` is used for optimistic concurrency control as a way to help
65
104
  # prevent simultaneous updates of a policy from overwriting each other.
66
105
  # It is strongly suggested that systems make use of the `etag` in the
@@ -70,20 +109,21 @@ module Google
70
109
  # ensure that their change will be applied to the same version of the policy.
71
110
  #
72
111
  # If no `etag` is provided in the call to `setIamPolicy`, then the existing
73
- # policy is overwritten blindly.
112
+ # policy is overwritten. Due to blind-set semantics of an etag-less policy,
113
+ # 'setIamPolicy' will not fail even if the incoming policy version does not
114
+ # meet the requirements for modifying the stored policy.
74
115
  class Policy
75
- include Google::Protobuf::MessageExts
76
- extend Google::Protobuf::MessageExts::ClassMethods
116
+ include ::Google::Protobuf::MessageExts
117
+ extend ::Google::Protobuf::MessageExts::ClassMethods
77
118
  end
78
119
 
79
120
  # Associates `members` with a `role`.
80
121
  # @!attribute [rw] role
81
- # @return [String]
122
+ # @return [::String]
82
123
  # Role that is assigned to `members`.
83
124
  # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
84
- # Required
85
125
  # @!attribute [rw] members
86
- # @return [Array<String>]
126
+ # @return [::Array<::String>]
87
127
  # Specifies the identities requesting access for a Cloud Platform resource.
88
128
  # `members` can have the following values:
89
129
  #
@@ -94,7 +134,7 @@ module Google
94
134
  # who is authenticated with a Google account or a service account.
95
135
  #
96
136
  # * `user:{emailid}`: An email address that represents a specific Google
97
- # account. For example, `alice@gmail.com` or `joe@example.com`.
137
+ # account. For example, `alice@example.com` .
98
138
  #
99
139
  #
100
140
  # * `serviceAccount:{emailid}`: An email address that represents a service
@@ -103,41 +143,54 @@ module Google
103
143
  # * `group:{emailid}`: An email address that represents a Google group.
104
144
  # For example, `admins@example.com`.
105
145
  #
106
- # * `domain:{domain}`: A Google Apps domain name that represents all the
146
+ #
147
+ # * `domain:{domain}`: The G Suite domain (primary) that represents all the
107
148
  # users of that domain. For example, `google.com` or `example.com`.
149
+ # @!attribute [rw] condition
150
+ # @return [::Google::Type::Expr]
151
+ # The condition that is associated with this binding.
152
+ # NOTE: An unsatisfied condition will not allow user access via current
153
+ # binding. Different bindings, including their conditions, are examined
154
+ # independently.
108
155
  class Binding
109
- include Google::Protobuf::MessageExts
110
- extend Google::Protobuf::MessageExts::ClassMethods
156
+ include ::Google::Protobuf::MessageExts
157
+ extend ::Google::Protobuf::MessageExts::ClassMethods
111
158
  end
112
159
 
113
160
  # The difference delta between two policies.
114
161
  # @!attribute [rw] binding_deltas
115
- # @return [Array<Google::Iam::V1::BindingDelta>]
162
+ # @return [::Array<::Google::Iam::V1::BindingDelta>]
116
163
  # The delta for Bindings between two policies.
164
+ # @!attribute [rw] audit_config_deltas
165
+ # @return [::Array<::Google::Iam::V1::AuditConfigDelta>]
166
+ # The delta for AuditConfigs between two policies.
117
167
  class PolicyDelta
118
- include Google::Protobuf::MessageExts
119
- extend Google::Protobuf::MessageExts::ClassMethods
168
+ include ::Google::Protobuf::MessageExts
169
+ extend ::Google::Protobuf::MessageExts::ClassMethods
120
170
  end
121
171
 
122
172
  # One delta entry for Binding. Each individual change (only one member in each
123
173
  # entry) to a binding will be a separate entry.
124
174
  # @!attribute [rw] action
125
- # @return [Google::Iam::V1::BindingDelta::Action]
175
+ # @return [::Google::Iam::V1::BindingDelta::Action]
126
176
  # The action that was performed on a Binding.
127
177
  # Required
128
178
  # @!attribute [rw] role
129
- # @return [String]
179
+ # @return [::String]
130
180
  # Role that is assigned to `members`.
131
181
  # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
132
182
  # Required
133
183
  # @!attribute [rw] member
134
- # @return [String]
184
+ # @return [::String]
135
185
  # A single identity requesting access for a Cloud Platform resource.
136
186
  # Follows the same format of Binding.members.
137
187
  # Required
188
+ # @!attribute [rw] condition
189
+ # @return [::Google::Type::Expr]
190
+ # The condition that is associated with this binding.
138
191
  class BindingDelta
139
- include Google::Protobuf::MessageExts
140
- extend Google::Protobuf::MessageExts::ClassMethods
192
+ include ::Google::Protobuf::MessageExts
193
+ extend ::Google::Protobuf::MessageExts::ClassMethods
141
194
 
142
195
  # The type of action performed on a Binding in a policy.
143
196
  module Action
@@ -151,6 +204,45 @@ module Google
151
204
  REMOVE = 2
152
205
  end
153
206
  end
207
+
208
+ # One delta entry for AuditConfig. Each individual change (only one
209
+ # exempted_member in each entry) to a AuditConfig will be a separate entry.
210
+ # @!attribute [rw] action
211
+ # @return [::Google::Iam::V1::AuditConfigDelta::Action]
212
+ # The action that was performed on an audit configuration in a policy.
213
+ # Required
214
+ # @!attribute [rw] service
215
+ # @return [::String]
216
+ # Specifies a service that was configured for Cloud Audit Logging.
217
+ # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
218
+ # `allServices` is a special value that covers all services.
219
+ # Required
220
+ # @!attribute [rw] exempted_member
221
+ # @return [::String]
222
+ # A single identity that is exempted from "data access" audit
223
+ # logging for the `service` specified above.
224
+ # Follows the same format of Binding.members.
225
+ # @!attribute [rw] log_type
226
+ # @return [::String]
227
+ # Specifies the log_type that was be enabled. ADMIN_ACTIVITY is always
228
+ # enabled, and cannot be configured.
229
+ # Required
230
+ class AuditConfigDelta
231
+ include ::Google::Protobuf::MessageExts
232
+ extend ::Google::Protobuf::MessageExts::ClassMethods
233
+
234
+ # The type of action performed on an audit configuration in a policy.
235
+ module Action
236
+ # Unspecified.
237
+ ACTION_UNSPECIFIED = 0
238
+
239
+ # Addition of an audit configuration.
240
+ ADD = 1
241
+
242
+ # Removal of an audit configuration.
243
+ REMOVE = 2
244
+ end
245
+ end
154
246
  end
155
247
  end
156
248
  end
@@ -29,8 +29,8 @@ module Google
29
29
  #
30
30
  # The JSON representation for `Empty` is empty JSON object `{}`.
31
31
  class Empty
32
- include Google::Protobuf::MessageExts
33
- extend Google::Protobuf::MessageExts::ClassMethods
32
+ include ::Google::Protobuf::MessageExts
33
+ extend ::Google::Protobuf::MessageExts::ClassMethods
34
34
  end
35
35
  end
36
36
  end
@@ -87,57 +87,49 @@ module Google
87
87
  # describe the updated values, the API ignores the values of all
88
88
  # fields not covered by the mask.
89
89
  #
90
- # If a repeated field is specified for an update operation, the existing
91
- # repeated values in the target resource will be overwritten by the new values.
92
- # Note that a repeated field is only allowed in the last position of a `paths`
93
- # string.
90
+ # If a repeated field is specified for an update operation, new values will
91
+ # be appended to the existing repeated field in the target resource. Note that
92
+ # a repeated field is only allowed in the last position of a `paths` string.
94
93
  #
95
94
  # If a sub-message is specified in the last position of the field mask for an
96
- # update operation, then the existing sub-message in the target resource is
97
- # overwritten. Given the target message:
95
+ # update operation, then new value will be merged into the existing sub-message
96
+ # in the target resource.
97
+ #
98
+ # For example, given the target message:
98
99
  #
99
100
  # f {
100
101
  # b {
101
- # d : 1
102
- # x : 2
102
+ # d: 1
103
+ # x: 2
103
104
  # }
104
- # c : 1
105
+ # c: [1]
105
106
  # }
106
107
  #
107
108
  # And an update message:
108
109
  #
109
110
  # f {
110
111
  # b {
111
- # d : 10
112
+ # d: 10
112
113
  # }
114
+ # c: [2]
113
115
  # }
114
116
  #
115
117
  # then if the field mask is:
116
118
  #
117
- # paths: "f.b"
119
+ # paths: ["f.b", "f.c"]
118
120
  #
119
121
  # then the result will be:
120
122
  #
121
123
  # f {
122
124
  # b {
123
- # d : 10
125
+ # d: 10
126
+ # x: 2
124
127
  # }
125
- # c : 1
128
+ # c: [1, 2]
126
129
  # }
127
130
  #
128
- # However, if the update mask was:
129
- #
130
- # paths: "f.b.d"
131
- #
132
- # then the result would be:
133
- #
134
- # f {
135
- # b {
136
- # d : 10
137
- # x : 2
138
- # }
139
- # c : 1
140
- # }
131
+ # An implementation may provide options to override this default behavior for
132
+ # repeated and message fields.
141
133
  #
142
134
  # In order to reset a field's value to the default, the field must
143
135
  # be in the mask and set to the default value in the provided resource.
@@ -225,13 +217,13 @@ module Google
225
217
  #
226
218
  # The implementation of any API method which has a FieldMask type field in the
227
219
  # request should verify the included field paths, and return an
228
- # `INVALID_ARGUMENT` error if any path is duplicated or unmappable.
220
+ # `INVALID_ARGUMENT` error if any path is unmappable.
229
221
  # @!attribute [rw] paths
230
- # @return [Array<String>]
222
+ # @return [::Array<::String>]
231
223
  # The set of field mask paths.
232
224
  class FieldMask
233
- include Google::Protobuf::MessageExts
234
- extend Google::Protobuf::MessageExts::ClassMethods
225
+ include ::Google::Protobuf::MessageExts
226
+ extend ::Google::Protobuf::MessageExts::ClassMethods
235
227
  end
236
228
  end
237
229
  end