google-cloud-secret_manager-v1 0.2.0 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -22,57 +22,58 @@ module Google
22
22
  module V1
23
23
  # Request message for `SetIamPolicy` method.
24
24
  # @!attribute [rw] resource
25
- # @return [String]
25
+ # @return [::String]
26
26
  # REQUIRED: The resource for which the policy is being specified.
27
- # `resource` is usually specified as a path. For example, a Project
28
- # resource is specified as `projects/{project}`.
27
+ # See the operation documentation for the appropriate value for this field.
29
28
  # @!attribute [rw] policy
30
- # @return [Google::Iam::V1::Policy]
29
+ # @return [::Google::Iam::V1::Policy]
31
30
  # REQUIRED: The complete policy to be applied to the `resource`. The size of
32
31
  # the policy is limited to a few 10s of KB. An empty policy is a
33
32
  # valid policy but certain Cloud Platform services (such as Projects)
34
33
  # might reject them.
35
34
  class SetIamPolicyRequest
36
- include Google::Protobuf::MessageExts
37
- extend Google::Protobuf::MessageExts::ClassMethods
35
+ include ::Google::Protobuf::MessageExts
36
+ extend ::Google::Protobuf::MessageExts::ClassMethods
38
37
  end
39
38
 
40
39
  # Request message for `GetIamPolicy` method.
41
40
  # @!attribute [rw] resource
42
- # @return [String]
41
+ # @return [::String]
43
42
  # REQUIRED: The resource for which the policy is being requested.
44
- # `resource` is usually specified as a path. For example, a Project
45
- # resource is specified as `projects/{project}`.
43
+ # See the operation documentation for the appropriate value for this field.
44
+ # @!attribute [rw] options
45
+ # @return [::Google::Iam::V1::GetPolicyOptions]
46
+ # OPTIONAL: A `GetPolicyOptions` object for specifying options to
47
+ # `GetIamPolicy`. This field is only used by Cloud IAM.
46
48
  class GetIamPolicyRequest
47
- include Google::Protobuf::MessageExts
48
- extend Google::Protobuf::MessageExts::ClassMethods
49
+ include ::Google::Protobuf::MessageExts
50
+ extend ::Google::Protobuf::MessageExts::ClassMethods
49
51
  end
50
52
 
51
53
  # Request message for `TestIamPermissions` method.
52
54
  # @!attribute [rw] resource
53
- # @return [String]
55
+ # @return [::String]
54
56
  # REQUIRED: The resource for which the policy detail is being requested.
55
- # `resource` is usually specified as a path. For example, a Project
56
- # resource is specified as `projects/{project}`.
57
+ # See the operation documentation for the appropriate value for this field.
57
58
  # @!attribute [rw] permissions
58
- # @return [Array<String>]
59
+ # @return [::Array<::String>]
59
60
  # The set of permissions to check for the `resource`. Permissions with
60
61
  # wildcards (such as '*' or 'storage.*') are not allowed. For more
61
62
  # information see
62
63
  # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
63
64
  class TestIamPermissionsRequest
64
- include Google::Protobuf::MessageExts
65
- extend Google::Protobuf::MessageExts::ClassMethods
65
+ include ::Google::Protobuf::MessageExts
66
+ extend ::Google::Protobuf::MessageExts::ClassMethods
66
67
  end
67
68
 
68
69
  # Response message for `TestIamPermissions` method.
69
70
  # @!attribute [rw] permissions
70
- # @return [Array<String>]
71
+ # @return [::Array<::String>]
71
72
  # A subset of `TestPermissionsRequest.permissions` that the caller is
72
73
  # allowed.
73
74
  class TestIamPermissionsResponse
74
- include Google::Protobuf::MessageExts
75
- extend Google::Protobuf::MessageExts::ClassMethods
75
+ include ::Google::Protobuf::MessageExts
76
+ extend ::Google::Protobuf::MessageExts::ClassMethods
76
77
  end
77
78
  end
78
79
  end
@@ -0,0 +1,40 @@
1
+ # frozen_string_literal: true
2
+
3
+ # Copyright 2020 Google LLC
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # https://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+ # Auto-generated by gapic-generator-ruby. DO NOT EDIT!
18
+
19
+
20
+ module Google
21
+ module Iam
22
+ module V1
23
+ # Encapsulates settings provided to GetIamPolicy.
24
+ # @!attribute [rw] requested_policy_version
25
+ # @return [::Integer]
26
+ # Optional. The policy format version to be returned.
27
+ #
28
+ # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
29
+ # rejected.
30
+ #
31
+ # Requests for policies with any conditional bindings must specify version 3.
32
+ # Policies without any conditional bindings may specify any valid value or
33
+ # leave the field unset.
34
+ class GetPolicyOptions
35
+ include ::Google::Protobuf::MessageExts
36
+ extend ::Google::Protobuf::MessageExts::ClassMethods
37
+ end
38
+ end
39
+ end
40
+ end
@@ -24,43 +24,82 @@ module Google
24
24
  # specify access control policies for Cloud Platform resources.
25
25
  #
26
26
  #
27
- # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
28
- # `members` to a `role`, where the members can be user accounts, Google groups,
29
- # Google domains, and service accounts. A `role` is a named list of permissions
30
- # defined by IAM.
27
+ # A `Policy` is a collection of `bindings`. A `binding` binds one or more
28
+ # `members` to a single `role`. Members can be user accounts, service accounts,
29
+ # Google groups, and domains (such as G Suite). A `role` is a named list of
30
+ # permissions (defined by IAM or configured by users). A `binding` can
31
+ # optionally specify a `condition`, which is a logic expression that further
32
+ # constrains the role binding based on attributes about the request and/or
33
+ # target resource.
31
34
  #
32
- # **Example**
35
+ # **JSON Example**
33
36
  #
34
37
  # {
35
38
  # "bindings": [
36
39
  # {
37
- # "role": "roles/owner",
40
+ # "role": "roles/resourcemanager.organizationAdmin",
38
41
  # "members": [
39
42
  # "user:mike@example.com",
40
43
  # "group:admins@example.com",
41
44
  # "domain:google.com",
42
- # "serviceAccount:my-other-app@appspot.gserviceaccount.com",
45
+ # "serviceAccount:my-project-id@appspot.gserviceaccount.com"
43
46
  # ]
44
47
  # },
45
48
  # {
46
- # "role": "roles/viewer",
47
- # "members": ["user:sean@example.com"]
49
+ # "role": "roles/resourcemanager.organizationViewer",
50
+ # "members": ["user:eve@example.com"],
51
+ # "condition": {
52
+ # "title": "expirable access",
53
+ # "description": "Does not grant access after Sep 2020",
54
+ # "expression": "request.time <
55
+ # timestamp('2020-10-01T00:00:00.000Z')",
56
+ # }
48
57
  # }
49
58
  # ]
50
59
  # }
51
60
  #
61
+ # **YAML Example**
62
+ #
63
+ # bindings:
64
+ # - members:
65
+ # - user:mike@example.com
66
+ # - group:admins@example.com
67
+ # - domain:google.com
68
+ # - serviceAccount:my-project-id@appspot.gserviceaccount.com
69
+ # role: roles/resourcemanager.organizationAdmin
70
+ # - members:
71
+ # - user:eve@example.com
72
+ # role: roles/resourcemanager.organizationViewer
73
+ # condition:
74
+ # title: expirable access
75
+ # description: Does not grant access after Sep 2020
76
+ # expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
77
+ #
52
78
  # For a description of IAM and its features, see the
53
- # [IAM developer's guide](https://cloud.google.com/iam).
79
+ # [IAM developer's guide](https://cloud.google.com/iam/docs).
54
80
  # @!attribute [rw] version
55
- # @return [Integer]
56
- # Version of the `Policy`. The default version is 0.
81
+ # @return [::Integer]
82
+ # Specifies the format of the policy.
83
+ #
84
+ # Valid values are 0, 1, and 3. Requests specifying an invalid value will be
85
+ # rejected.
86
+ #
87
+ # Operations affecting conditional bindings must specify version 3. This can
88
+ # be either setting a conditional policy, modifying a conditional binding,
89
+ # or removing a binding (conditional or unconditional) from the stored
90
+ # conditional policy.
91
+ # Operations on non-conditional policies may specify any valid value or
92
+ # leave the field unset.
93
+ #
94
+ # If no etag is provided in the call to `setIamPolicy`, version compliance
95
+ # checks against the stored policy is skipped.
57
96
  # @!attribute [rw] bindings
58
- # @return [Array<Google::Iam::V1::Binding>]
59
- # Associates a list of `members` to a `role`.
60
- # Multiple `bindings` must not be specified for the same `role`.
97
+ # @return [::Array<::Google::Iam::V1::Binding>]
98
+ # Associates a list of `members` to a `role`. Optionally may specify a
99
+ # `condition` that determines when binding is in effect.
61
100
  # `bindings` with no members will result in an error.
62
101
  # @!attribute [rw] etag
63
- # @return [String]
102
+ # @return [::String]
64
103
  # `etag` is used for optimistic concurrency control as a way to help
65
104
  # prevent simultaneous updates of a policy from overwriting each other.
66
105
  # It is strongly suggested that systems make use of the `etag` in the
@@ -70,20 +109,21 @@ module Google
70
109
  # ensure that their change will be applied to the same version of the policy.
71
110
  #
72
111
  # If no `etag` is provided in the call to `setIamPolicy`, then the existing
73
- # policy is overwritten blindly.
112
+ # policy is overwritten. Due to blind-set semantics of an etag-less policy,
113
+ # 'setIamPolicy' will not fail even if the incoming policy version does not
114
+ # meet the requirements for modifying the stored policy.
74
115
  class Policy
75
- include Google::Protobuf::MessageExts
76
- extend Google::Protobuf::MessageExts::ClassMethods
116
+ include ::Google::Protobuf::MessageExts
117
+ extend ::Google::Protobuf::MessageExts::ClassMethods
77
118
  end
78
119
 
79
120
  # Associates `members` with a `role`.
80
121
  # @!attribute [rw] role
81
- # @return [String]
122
+ # @return [::String]
82
123
  # Role that is assigned to `members`.
83
124
  # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
84
- # Required
85
125
  # @!attribute [rw] members
86
- # @return [Array<String>]
126
+ # @return [::Array<::String>]
87
127
  # Specifies the identities requesting access for a Cloud Platform resource.
88
128
  # `members` can have the following values:
89
129
  #
@@ -94,7 +134,7 @@ module Google
94
134
  # who is authenticated with a Google account or a service account.
95
135
  #
96
136
  # * `user:{emailid}`: An email address that represents a specific Google
97
- # account. For example, `alice@gmail.com` or `joe@example.com`.
137
+ # account. For example, `alice@example.com` .
98
138
  #
99
139
  #
100
140
  # * `serviceAccount:{emailid}`: An email address that represents a service
@@ -103,41 +143,54 @@ module Google
103
143
  # * `group:{emailid}`: An email address that represents a Google group.
104
144
  # For example, `admins@example.com`.
105
145
  #
106
- # * `domain:{domain}`: A Google Apps domain name that represents all the
146
+ #
147
+ # * `domain:{domain}`: The G Suite domain (primary) that represents all the
107
148
  # users of that domain. For example, `google.com` or `example.com`.
149
+ # @!attribute [rw] condition
150
+ # @return [::Google::Type::Expr]
151
+ # The condition that is associated with this binding.
152
+ # NOTE: An unsatisfied condition will not allow user access via current
153
+ # binding. Different bindings, including their conditions, are examined
154
+ # independently.
108
155
  class Binding
109
- include Google::Protobuf::MessageExts
110
- extend Google::Protobuf::MessageExts::ClassMethods
156
+ include ::Google::Protobuf::MessageExts
157
+ extend ::Google::Protobuf::MessageExts::ClassMethods
111
158
  end
112
159
 
113
160
  # The difference delta between two policies.
114
161
  # @!attribute [rw] binding_deltas
115
- # @return [Array<Google::Iam::V1::BindingDelta>]
162
+ # @return [::Array<::Google::Iam::V1::BindingDelta>]
116
163
  # The delta for Bindings between two policies.
164
+ # @!attribute [rw] audit_config_deltas
165
+ # @return [::Array<::Google::Iam::V1::AuditConfigDelta>]
166
+ # The delta for AuditConfigs between two policies.
117
167
  class PolicyDelta
118
- include Google::Protobuf::MessageExts
119
- extend Google::Protobuf::MessageExts::ClassMethods
168
+ include ::Google::Protobuf::MessageExts
169
+ extend ::Google::Protobuf::MessageExts::ClassMethods
120
170
  end
121
171
 
122
172
  # One delta entry for Binding. Each individual change (only one member in each
123
173
  # entry) to a binding will be a separate entry.
124
174
  # @!attribute [rw] action
125
- # @return [Google::Iam::V1::BindingDelta::Action]
175
+ # @return [::Google::Iam::V1::BindingDelta::Action]
126
176
  # The action that was performed on a Binding.
127
177
  # Required
128
178
  # @!attribute [rw] role
129
- # @return [String]
179
+ # @return [::String]
130
180
  # Role that is assigned to `members`.
131
181
  # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
132
182
  # Required
133
183
  # @!attribute [rw] member
134
- # @return [String]
184
+ # @return [::String]
135
185
  # A single identity requesting access for a Cloud Platform resource.
136
186
  # Follows the same format of Binding.members.
137
187
  # Required
188
+ # @!attribute [rw] condition
189
+ # @return [::Google::Type::Expr]
190
+ # The condition that is associated with this binding.
138
191
  class BindingDelta
139
- include Google::Protobuf::MessageExts
140
- extend Google::Protobuf::MessageExts::ClassMethods
192
+ include ::Google::Protobuf::MessageExts
193
+ extend ::Google::Protobuf::MessageExts::ClassMethods
141
194
 
142
195
  # The type of action performed on a Binding in a policy.
143
196
  module Action
@@ -151,6 +204,45 @@ module Google
151
204
  REMOVE = 2
152
205
  end
153
206
  end
207
+
208
+ # One delta entry for AuditConfig. Each individual change (only one
209
+ # exempted_member in each entry) to a AuditConfig will be a separate entry.
210
+ # @!attribute [rw] action
211
+ # @return [::Google::Iam::V1::AuditConfigDelta::Action]
212
+ # The action that was performed on an audit configuration in a policy.
213
+ # Required
214
+ # @!attribute [rw] service
215
+ # @return [::String]
216
+ # Specifies a service that was configured for Cloud Audit Logging.
217
+ # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
218
+ # `allServices` is a special value that covers all services.
219
+ # Required
220
+ # @!attribute [rw] exempted_member
221
+ # @return [::String]
222
+ # A single identity that is exempted from "data access" audit
223
+ # logging for the `service` specified above.
224
+ # Follows the same format of Binding.members.
225
+ # @!attribute [rw] log_type
226
+ # @return [::String]
227
+ # Specifies the log_type that was be enabled. ADMIN_ACTIVITY is always
228
+ # enabled, and cannot be configured.
229
+ # Required
230
+ class AuditConfigDelta
231
+ include ::Google::Protobuf::MessageExts
232
+ extend ::Google::Protobuf::MessageExts::ClassMethods
233
+
234
+ # The type of action performed on an audit configuration in a policy.
235
+ module Action
236
+ # Unspecified.
237
+ ACTION_UNSPECIFIED = 0
238
+
239
+ # Addition of an audit configuration.
240
+ ADD = 1
241
+
242
+ # Removal of an audit configuration.
243
+ REMOVE = 2
244
+ end
245
+ end
154
246
  end
155
247
  end
156
248
  end
@@ -29,8 +29,8 @@ module Google
29
29
  #
30
30
  # The JSON representation for `Empty` is empty JSON object `{}`.
31
31
  class Empty
32
- include Google::Protobuf::MessageExts
33
- extend Google::Protobuf::MessageExts::ClassMethods
32
+ include ::Google::Protobuf::MessageExts
33
+ extend ::Google::Protobuf::MessageExts::ClassMethods
34
34
  end
35
35
  end
36
36
  end
@@ -87,57 +87,49 @@ module Google
87
87
  # describe the updated values, the API ignores the values of all
88
88
  # fields not covered by the mask.
89
89
  #
90
- # If a repeated field is specified for an update operation, the existing
91
- # repeated values in the target resource will be overwritten by the new values.
92
- # Note that a repeated field is only allowed in the last position of a `paths`
93
- # string.
90
+ # If a repeated field is specified for an update operation, new values will
91
+ # be appended to the existing repeated field in the target resource. Note that
92
+ # a repeated field is only allowed in the last position of a `paths` string.
94
93
  #
95
94
  # If a sub-message is specified in the last position of the field mask for an
96
- # update operation, then the existing sub-message in the target resource is
97
- # overwritten. Given the target message:
95
+ # update operation, then new value will be merged into the existing sub-message
96
+ # in the target resource.
97
+ #
98
+ # For example, given the target message:
98
99
  #
99
100
  # f {
100
101
  # b {
101
- # d : 1
102
- # x : 2
102
+ # d: 1
103
+ # x: 2
103
104
  # }
104
- # c : 1
105
+ # c: [1]
105
106
  # }
106
107
  #
107
108
  # And an update message:
108
109
  #
109
110
  # f {
110
111
  # b {
111
- # d : 10
112
+ # d: 10
112
113
  # }
114
+ # c: [2]
113
115
  # }
114
116
  #
115
117
  # then if the field mask is:
116
118
  #
117
- # paths: "f.b"
119
+ # paths: ["f.b", "f.c"]
118
120
  #
119
121
  # then the result will be:
120
122
  #
121
123
  # f {
122
124
  # b {
123
- # d : 10
125
+ # d: 10
126
+ # x: 2
124
127
  # }
125
- # c : 1
128
+ # c: [1, 2]
126
129
  # }
127
130
  #
128
- # However, if the update mask was:
129
- #
130
- # paths: "f.b.d"
131
- #
132
- # then the result would be:
133
- #
134
- # f {
135
- # b {
136
- # d : 10
137
- # x : 2
138
- # }
139
- # c : 1
140
- # }
131
+ # An implementation may provide options to override this default behavior for
132
+ # repeated and message fields.
141
133
  #
142
134
  # In order to reset a field's value to the default, the field must
143
135
  # be in the mask and set to the default value in the provided resource.
@@ -225,13 +217,13 @@ module Google
225
217
  #
226
218
  # The implementation of any API method which has a FieldMask type field in the
227
219
  # request should verify the included field paths, and return an
228
- # `INVALID_ARGUMENT` error if any path is duplicated or unmappable.
220
+ # `INVALID_ARGUMENT` error if any path is unmappable.
229
221
  # @!attribute [rw] paths
230
- # @return [Array<String>]
222
+ # @return [::Array<::String>]
231
223
  # The set of field mask paths.
232
224
  class FieldMask
233
- include Google::Protobuf::MessageExts
234
- extend Google::Protobuf::MessageExts::ClassMethods
225
+ include ::Google::Protobuf::MessageExts
226
+ extend ::Google::Protobuf::MessageExts::ClassMethods
235
227
  end
236
228
  end
237
229
  end