google-cloud-secret_manager-v1 0.2.0 → 0.4.1

data/proto_docs/google/iam/v1/iam_policy.rb

@@ -22,57 +22,58 @@ module Google
     module V1
       # Request message for `SetIamPolicy` method.
       # @!attribute [rw] resource
-      #   @return [String]
+      #   @return [::String]
       #     REQUIRED: The resource for which the policy is being specified.
-      #     `resource` is usually specified as a path. For example, a Project
-      #     resource is specified as `projects/{project}`.
+      #     See the operation documentation for the appropriate value for this field.
       # @!attribute [rw] policy
-      #   @return [Google::Iam::V1::Policy]
+      #   @return [::Google::Iam::V1::Policy]
       #     REQUIRED: The complete policy to be applied to the `resource`. The size of
       #     the policy is limited to a few 10s of KB. An empty policy is a
       #     valid policy but certain Cloud Platform services (such as Projects)
       #     might reject them.
       class SetIamPolicyRequest
-        include Google::Protobuf::MessageExts
-        extend Google::Protobuf::MessageExts::ClassMethods
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
       end
 
       # Request message for `GetIamPolicy` method.
       # @!attribute [rw] resource
-      #   @return [String]
+      #   @return [::String]
       #     REQUIRED: The resource for which the policy is being requested.
-      #     `resource` is usually specified as a path. For example, a Project
-      #     resource is specified as `projects/{project}`.
+      #     See the operation documentation for the appropriate value for this field.
+      # @!attribute [rw] options
+      #   @return [::Google::Iam::V1::GetPolicyOptions]
+      #     OPTIONAL: A `GetPolicyOptions` object for specifying options to
+      #     `GetIamPolicy`. This field is only used by Cloud IAM.
       class GetIamPolicyRequest
-        include Google::Protobuf::MessageExts
-        extend Google::Protobuf::MessageExts::ClassMethods
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
       end
 
       # Request message for `TestIamPermissions` method.
       # @!attribute [rw] resource
-      #   @return [String]
+      #   @return [::String]
       #     REQUIRED: The resource for which the policy detail is being requested.
-      #     `resource` is usually specified as a path. For example, a Project
-      #     resource is specified as `projects/{project}`.
+      #     See the operation documentation for the appropriate value for this field.
       # @!attribute [rw] permissions
-      #   @return [Array<String>]
+      #   @return [::Array<::String>]
       #     The set of permissions to check for the `resource`. Permissions with
       #     wildcards (such as '*' or 'storage.*') are not allowed. For more
       #     information see
       #     [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
       class TestIamPermissionsRequest
-        include Google::Protobuf::MessageExts
-        extend Google::Protobuf::MessageExts::ClassMethods
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
       end
 
       # Response message for `TestIamPermissions` method.
       # @!attribute [rw] permissions
-      #   @return [Array<String>]
+      #   @return [::Array<::String>]
       #     A subset of `TestPermissionsRequest.permissions` that the caller is
       #     allowed.
       class TestIamPermissionsResponse
-        include Google::Protobuf::MessageExts
-        extend Google::Protobuf::MessageExts::ClassMethods
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
       end
     end
   end

data/proto_docs/google/iam/v1/options.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Iam
+    module V1
+      # Encapsulates settings provided to GetIamPolicy.
+      # @!attribute [rw] requested_policy_version
+      #   @return [::Integer]
+      #     Optional. The policy format version to be returned.
+      #
+      #     Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+      #     rejected.
+      #
+      #     Requests for policies with any conditional bindings must specify version 3.
+      #     Policies without any conditional bindings may specify any valid value or
+      #     leave the field unset.
+      class GetPolicyOptions
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+  end
+end

data/proto_docs/google/iam/v1/policy.rb

@@ -24,43 +24,82 @@ module Google
       # specify access control policies for Cloud Platform resources.
       #
       #
-      # A `Policy` consists of a list of `bindings`. A `Binding` binds a list of
-      # `members` to a `role`, where the members can be user accounts, Google groups,
-      # Google domains, and service accounts. A `role` is a named list of permissions
-      # defined by IAM.
+      # A `Policy` is a collection of `bindings`. A `binding` binds one or more
+      # `members` to a single `role`. Members can be user accounts, service accounts,
+      # Google groups, and domains (such as G Suite). A `role` is a named list of
+      # permissions (defined by IAM or configured by users). A `binding` can
+      # optionally specify a `condition`, which is a logic expression that further
+      # constrains the role binding based on attributes about the request and/or
+      # target resource.
       #
-      # **Example**
+      # **JSON Example**
       #
       #     {
       #       "bindings": [
       #         {
-      #           "role": "roles/owner",
+      #           "role": "roles/resourcemanager.organizationAdmin",
       #           "members": [
       #             "user:mike@example.com",
       #             "group:admins@example.com",
       #             "domain:google.com",
-      #             "serviceAccount:my-other-app@appspot.gserviceaccount.com",
+      #             "serviceAccount:my-project-id@appspot.gserviceaccount.com"
       #           ]
       #         },
       #         {
-      #           "role": "roles/viewer",
-      #           "members": ["user:sean@example.com"]
+      #           "role": "roles/resourcemanager.organizationViewer",
+      #           "members": ["user:eve@example.com"],
+      #           "condition": {
+      #             "title": "expirable access",
+      #             "description": "Does not grant access after Sep 2020",
+      #             "expression": "request.time <
+      #             timestamp('2020-10-01T00:00:00.000Z')",
+      #           }
       #         }
       #       ]
       #     }
       #
+      # **YAML Example**
+      #
+      #     bindings:
+      #     - members:
+      #       - user:mike@example.com
+      #       - group:admins@example.com
+      #       - domain:google.com
+      #       - serviceAccount:my-project-id@appspot.gserviceaccount.com
+      #       role: roles/resourcemanager.organizationAdmin
+      #     - members:
+      #       - user:eve@example.com
+      #       role: roles/resourcemanager.organizationViewer
+      #       condition:
+      #         title: expirable access
+      #         description: Does not grant access after Sep 2020
+      #         expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
+      #
       # For a description of IAM and its features, see the
-      # [IAM developer's guide](https://cloud.google.com/iam).
+      # [IAM developer's guide](https://cloud.google.com/iam/docs).
       # @!attribute [rw] version
-      #   @return [Integer]
-      #     Version of the `Policy`. The default version is 0.
+      #   @return [::Integer]
+      #     Specifies the format of the policy.
+      #
+      #     Valid values are 0, 1, and 3. Requests specifying an invalid value will be
+      #     rejected.
+      #
+      #     Operations affecting conditional bindings must specify version 3. This can
+      #     be either setting a conditional policy, modifying a conditional binding,
+      #     or removing a binding (conditional or unconditional) from the stored
+      #     conditional policy.
+      #     Operations on non-conditional policies may specify any valid value or
+      #     leave the field unset.
+      #
+      #     If no etag is provided in the call to `setIamPolicy`, version compliance
+      #     checks against the stored policy is skipped.
       # @!attribute [rw] bindings
-      #   @return [Array<Google::Iam::V1::Binding>]
-      #     Associates a list of `members` to a `role`.
-      #     Multiple `bindings` must not be specified for the same `role`.
+      #   @return [::Array<::Google::Iam::V1::Binding>]
+      #     Associates a list of `members` to a `role`. Optionally may specify a
+      #     `condition` that determines when binding is in effect.
       #     `bindings` with no members will result in an error.
       # @!attribute [rw] etag
-      #   @return [String]
+      #   @return [::String]
       #     `etag` is used for optimistic concurrency control as a way to help
       #     prevent simultaneous updates of a policy from overwriting each other.
       #     It is strongly suggested that systems make use of the `etag` in the
@@ -70,20 +109,21 @@ module Google
       #     ensure that their change will be applied to the same version of the policy.
       #
       #     If no `etag` is provided in the call to `setIamPolicy`, then the existing
-      #     policy is overwritten blindly.
+      #     policy is overwritten. Due to blind-set semantics of an etag-less policy,
+      #     'setIamPolicy' will not fail even if the incoming policy version does not
+      #     meet the requirements for modifying the stored policy.
       class Policy
-        include Google::Protobuf::MessageExts
-        extend Google::Protobuf::MessageExts::ClassMethods
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
       end
 
       # Associates `members` with a `role`.
       # @!attribute [rw] role
-      #   @return [String]
+      #   @return [::String]
       #     Role that is assigned to `members`.
       #     For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
-      #     Required
       # @!attribute [rw] members
-      #   @return [Array<String>]
+      #   @return [::Array<::String>]
       #     Specifies the identities requesting access for a Cloud Platform resource.
       #     `members` can have the following values:
       #
@@ -94,7 +134,7 @@ module Google
       #        who is authenticated with a Google account or a service account.
       #
       #     * `user:{emailid}`: An email address that represents a specific Google
-      #        account. For example, `alice@gmail.com` or `joe@example.com`.
+      #        account. For example, `alice@example.com` .
       #
       #
       #     * `serviceAccount:{emailid}`: An email address that represents a service
@@ -103,41 +143,54 @@ module Google
       #     * `group:{emailid}`: An email address that represents a Google group.
       #        For example, `admins@example.com`.
       #
-      #     * `domain:{domain}`: A Google Apps domain name that represents all the
+      #
+      #     * `domain:{domain}`: The G Suite domain (primary) that represents all the
       #        users of that domain. For example, `google.com` or `example.com`.
+      # @!attribute [rw] condition
+      #   @return [::Google::Type::Expr]
+      #     The condition that is associated with this binding.
+      #     NOTE: An unsatisfied condition will not allow user access via current
+      #     binding. Different bindings, including their conditions, are examined
+      #     independently.
       class Binding
-        include Google::Protobuf::MessageExts
-        extend Google::Protobuf::MessageExts::ClassMethods
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
       end
 
       # The difference delta between two policies.
       # @!attribute [rw] binding_deltas
-      #   @return [Array<Google::Iam::V1::BindingDelta>]
+      #   @return [::Array<::Google::Iam::V1::BindingDelta>]
       #     The delta for Bindings between two policies.
+      # @!attribute [rw] audit_config_deltas
+      #   @return [::Array<::Google::Iam::V1::AuditConfigDelta>]
+      #     The delta for AuditConfigs between two policies.
       class PolicyDelta
-        include Google::Protobuf::MessageExts
-        extend Google::Protobuf::MessageExts::ClassMethods
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
       end
 
       # One delta entry for Binding. Each individual change (only one member in each
       # entry) to a binding will be a separate entry.
       # @!attribute [rw] action
-      #   @return [Google::Iam::V1::BindingDelta::Action]
+      #   @return [::Google::Iam::V1::BindingDelta::Action]
       #     The action that was performed on a Binding.
       #     Required
       # @!attribute [rw] role
-      #   @return [String]
+      #   @return [::String]
       #     Role that is assigned to `members`.
       #     For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
       #     Required
       # @!attribute [rw] member
-      #   @return [String]
+      #   @return [::String]
       #     A single identity requesting access for a Cloud Platform resource.
       #     Follows the same format of Binding.members.
       #     Required
+      # @!attribute [rw] condition
+      #   @return [::Google::Type::Expr]
+      #     The condition that is associated with this binding.
       class BindingDelta
-        include Google::Protobuf::MessageExts
-        extend Google::Protobuf::MessageExts::ClassMethods
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
 
         # The type of action performed on a Binding in a policy.
         module Action
@@ -151,6 +204,45 @@ module Google
           REMOVE = 2
         end
       end
+
+      # One delta entry for AuditConfig. Each individual change (only one
+      # exempted_member in each entry) to a AuditConfig will be a separate entry.
+      # @!attribute [rw] action
+      #   @return [::Google::Iam::V1::AuditConfigDelta::Action]
+      #     The action that was performed on an audit configuration in a policy.
+      #     Required
+      # @!attribute [rw] service
+      #   @return [::String]
+      #     Specifies a service that was configured for Cloud Audit Logging.
+      #     For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
+      #     `allServices` is a special value that covers all services.
+      #     Required
+      # @!attribute [rw] exempted_member
+      #   @return [::String]
+      #     A single identity that is exempted from "data access" audit
+      #     logging for the `service` specified above.
+      #     Follows the same format of Binding.members.
+      # @!attribute [rw] log_type
+      #   @return [::String]
+      #     Specifies the log_type that was be enabled. ADMIN_ACTIVITY is always
+      #     enabled, and cannot be configured.
+      #     Required
+      class AuditConfigDelta
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+
+        # The type of action performed on an audit configuration in a policy.
+        module Action
+          # Unspecified.
+          ACTION_UNSPECIFIED = 0
+
+          # Addition of an audit configuration.
+          ADD = 1
+
+          # Removal of an audit configuration.
+          REMOVE = 2
+        end
+      end
     end
   end
 end

data/proto_docs/google/protobuf/empty.rb

@@ -29,8 +29,8 @@ module Google
     #
     # The JSON representation for `Empty` is empty JSON object `{}`.
     class Empty
-      include Google::Protobuf::MessageExts
-      extend Google::Protobuf::MessageExts::ClassMethods
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
     end
   end
 end

data/proto_docs/google/protobuf/field_mask.rb

@@ -87,57 +87,49 @@ module Google
     # describe the updated values, the API ignores the values of all
     # fields not covered by the mask.
     #
-    # If a repeated field is specified for an update operation, the existing
-    # repeated values in the target resource will be overwritten by the new values.
-    # Note that a repeated field is only allowed in the last position of a `paths`
-    # string.
+    # If a repeated field is specified for an update operation, new values will
+    # be appended to the existing repeated field in the target resource. Note that
+    # a repeated field is only allowed in the last position of a `paths` string.
     #
     # If a sub-message is specified in the last position of the field mask for an
-    # update operation, then the existing sub-message in the target resource is
-    # overwritten. Given the target message:
+    # update operation, then new value will be merged into the existing sub-message
+    # in the target resource.
+    #
+    # For example, given the target message:
     #
     #     f {
     #       b {
-    #         d : 1
-    #         x : 2
+    #         d: 1
+    #         x: 2
     #       }
-    #       c : 1
+    #       c: [1]
     #     }
     #
     # And an update message:
     #
     #     f {
     #       b {
-    #         d : 10
+    #         d: 10
     #       }
+    #       c: [2]
     #     }
     #
     # then if the field mask is:
     #
-    #  paths: "f.b"
+    #  paths: ["f.b", "f.c"]
     #
     # then the result will be:
     #
     #     f {
     #       b {
-    #         d : 10
+    #         d: 10
+    #         x: 2
     #       }
-    #       c : 1
+    #       c: [1, 2]
     #     }
     #
-    # However, if the update mask was:
-    #
-    #  paths: "f.b.d"
-    #
-    # then the result would be:
-    #
-    #     f {
-    #       b {
-    #         d : 10
-    #         x : 2
-    #       }
-    #       c : 1
-    #     }
+    # An implementation may provide options to override this default behavior for
+    # repeated and message fields.
     #
     # In order to reset a field's value to the default, the field must
     # be in the mask and set to the default value in the provided resource.
@@ -225,13 +217,13 @@ module Google
     #
     # The implementation of any API method which has a FieldMask type field in the
     # request should verify the included field paths, and return an
-    # `INVALID_ARGUMENT` error if any path is duplicated or unmappable.
+    # `INVALID_ARGUMENT` error if any path is unmappable.
     # @!attribute [rw] paths
-    #   @return [Array<String>]
+    #   @return [::Array<::String>]
     #     The set of field mask paths.
     class FieldMask
-      include Google::Protobuf::MessageExts
-      extend Google::Protobuf::MessageExts::ClassMethods
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
     end
   end
 end