google-iam-v3 0.a → 0.1.0

data/proto_docs/google/api/launch_stage.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # The launch stage as defined by [Google Cloud Platform
+    # Launch Stages](https://cloud.google.com/terms/launch-stages).
+    module LaunchStage
+      # Do not use this default value.
+      LAUNCH_STAGE_UNSPECIFIED = 0
+
+      # The feature is not yet implemented. Users can not use it.
+      UNIMPLEMENTED = 6
+
+      # Prelaunch features are hidden from users and are only visible internally.
+      PRELAUNCH = 7
+
+      # Early Access features are limited to a closed group of testers. To use
+      # these features, you must sign up in advance and sign a Trusted Tester
+      # agreement (which includes confidentiality provisions). These features may
+      # be unstable, changed in backward-incompatible ways, and are not
+      # guaranteed to be released.
+      EARLY_ACCESS = 1
+
+      # Alpha is a limited availability test for releases before they are cleared
+      # for widespread use. By Alpha, all significant design issues are resolved
+      # and we are in the process of verifying functionality. Alpha customers
+      # need to apply for access, agree to applicable terms, and have their
+      # projects allowlisted. Alpha releases don't have to be feature complete,
+      # no SLAs are provided, and there are no technical support obligations, but
+      # they will be far enough along that customers can actually use them in
+      # test environments or for limited-use tests -- just like they would in
+      # normal production cases.
+      ALPHA = 2
+
+      # Beta is the point at which we are ready to open a release for any
+      # customer to use. There are no SLA or technical support obligations in a
+      # Beta release. Products will be complete from a feature perspective, but
+      # may have some open outstanding issues. Beta releases are suitable for
+      # limited production use cases.
+      BETA = 3
+
+      # GA features are open to all developers and are considered stable and
+      # fully qualified for production use.
+      GA = 4
+
+      # Deprecated features are scheduled to be shut down and removed. For more
+      # information, see the "Deprecation Policy" section of our [Terms of
+      # Service](https://cloud.google.com/terms/)
+      # and the [Google Cloud Platform Subject to the Deprecation
+      # Policy](https://cloud.google.com/terms/deprecation) documentation.
+      DEPRECATED = 5
+    end
+  end
+end

data/proto_docs/google/api/resource.rb

@@ -0,0 +1,227 @@
+# frozen_string_literal: true
+
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # A simple descriptor of a resource type.
+    #
+    # ResourceDescriptor annotates a resource message (either by means of a
+    # protobuf annotation or use in the service config), and associates the
+    # resource's schema, the resource type, and the pattern of the resource name.
+    #
+    # Example:
+    #
+    #     message Topic {
+    #       // Indicates this message defines a resource schema.
+    #       // Declares the resource type in the format of {service}/{kind}.
+    #       // For Kubernetes resources, the format is {api group}/{kind}.
+    #       option (google.api.resource) = {
+    #         type: "pubsub.googleapis.com/Topic"
+    #         pattern: "projects/{project}/topics/{topic}"
+    #       };
+    #     }
+    #
+    # The ResourceDescriptor Yaml config will look like:
+    #
+    #     resources:
+    #     - type: "pubsub.googleapis.com/Topic"
+    #       pattern: "projects/{project}/topics/{topic}"
+    #
+    # Sometimes, resources have multiple patterns, typically because they can
+    # live under multiple parents.
+    #
+    # Example:
+    #
+    #     message LogEntry {
+    #       option (google.api.resource) = {
+    #         type: "logging.googleapis.com/LogEntry"
+    #         pattern: "projects/{project}/logs/{log}"
+    #         pattern: "folders/{folder}/logs/{log}"
+    #         pattern: "organizations/{organization}/logs/{log}"
+    #         pattern: "billingAccounts/{billing_account}/logs/{log}"
+    #       };
+    #     }
+    #
+    # The ResourceDescriptor Yaml config will look like:
+    #
+    #     resources:
+    #     - type: 'logging.googleapis.com/LogEntry'
+    #       pattern: "projects/{project}/logs/{log}"
+    #       pattern: "folders/{folder}/logs/{log}"
+    #       pattern: "organizations/{organization}/logs/{log}"
+    #       pattern: "billingAccounts/{billing_account}/logs/{log}"
+    # @!attribute [rw] type
+    #   @return [::String]
+    #     The resource type. It must be in the format of
+    #     \\{service_name}/\\{resource_type_kind}. The `resource_type_kind` must be
+    #     singular and must not include version numbers.
+    #
+    #     Example: `storage.googleapis.com/Bucket`
+    #
+    #     The value of the resource_type_kind must follow the regular expression
+    #     /[A-Za-z][a-zA-Z0-9]+/. It should start with an upper case character and
+    #     should use PascalCase (UpperCamelCase). The maximum number of
+    #     characters allowed for the `resource_type_kind` is 100.
+    # @!attribute [rw] pattern
+    #   @return [::Array<::String>]
+    #     Optional. The relative resource name pattern associated with this resource
+    #     type. The DNS prefix of the full resource name shouldn't be specified here.
+    #
+    #     The path pattern must follow the syntax, which aligns with HTTP binding
+    #     syntax:
+    #
+    #         Template = Segment { "/" Segment } ;
+    #         Segment = LITERAL | Variable ;
+    #         Variable = "{" LITERAL "}" ;
+    #
+    #     Examples:
+    #
+    #         - "projects/\\{project}/topics/\\{topic}"
+    #         - "projects/\\{project}/knowledgeBases/\\{knowledge_base}"
+    #
+    #     The components in braces correspond to the IDs for each resource in the
+    #     hierarchy. It is expected that, if multiple patterns are provided,
+    #     the same component name (e.g. "project") refers to IDs of the same
+    #     type of resource.
+    # @!attribute [rw] name_field
+    #   @return [::String]
+    #     Optional. The field on the resource that designates the resource name
+    #     field. If omitted, this is assumed to be "name".
+    # @!attribute [rw] history
+    #   @return [::Google::Api::ResourceDescriptor::History]
+    #     Optional. The historical or future-looking state of the resource pattern.
+    #
+    #     Example:
+    #
+    #         // The InspectTemplate message originally only supported resource
+    #         // names with organization, and project was added later.
+    #         message InspectTemplate {
+    #           option (google.api.resource) = {
+    #             type: "dlp.googleapis.com/InspectTemplate"
+    #             pattern:
+    #             "organizations/{organization}/inspectTemplates/{inspect_template}"
+    #             pattern: "projects/{project}/inspectTemplates/{inspect_template}"
+    #             history: ORIGINALLY_SINGLE_PATTERN
+    #           };
+    #         }
+    # @!attribute [rw] plural
+    #   @return [::String]
+    #     The plural name used in the resource name and permission names, such as
+    #     'projects' for the resource name of 'projects/\\{project}' and the permission
+    #     name of 'cloudresourcemanager.googleapis.com/projects.get'. One exception
+    #     to this is for Nested Collections that have stuttering names, as defined
+    #     in [AIP-122](https://google.aip.dev/122#nested-collections), where the
+    #     collection ID in the resource name pattern does not necessarily directly
+    #     match the `plural` value.
+    #
+    #     It is the same concept of the `plural` field in k8s CRD spec
+    #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
+    #
+    #     Note: The plural form is required even for singleton resources. See
+    #     https://aip.dev/156
+    # @!attribute [rw] singular
+    #   @return [::String]
+    #     The same concept of the `singular` field in k8s CRD spec
+    #     https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/
+    #     Such as "project" for the `resourcemanager.googleapis.com/Project` type.
+    # @!attribute [rw] style
+    #   @return [::Array<::Google::Api::ResourceDescriptor::Style>]
+    #     Style flag(s) for this resource.
+    #     These indicate that a resource is expected to conform to a given
+    #     style. See the specific style flags for additional information.
+    class ResourceDescriptor
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+
+      # A description of the historical or future-looking state of the
+      # resource pattern.
+      module History
+        # The "unset" value.
+        HISTORY_UNSPECIFIED = 0
+
+        # The resource originally had one pattern and launched as such, and
+        # additional patterns were added later.
+        ORIGINALLY_SINGLE_PATTERN = 1
+
+        # The resource has one pattern, but the API owner expects to add more
+        # later. (This is the inverse of ORIGINALLY_SINGLE_PATTERN, and prevents
+        # that from being necessary once there are multiple patterns.)
+        FUTURE_MULTI_PATTERN = 2
+      end
+
+      # A flag representing a specific style that a resource claims to conform to.
+      module Style
+        # The unspecified value. Do not use.
+        STYLE_UNSPECIFIED = 0
+
+        # This resource is intended to be "declarative-friendly".
+        #
+        # Declarative-friendly resources must be more strictly consistent, and
+        # setting this to true communicates to tools that this resource should
+        # adhere to declarative-friendly expectations.
+        #
+        # Note: This is used by the API linter (linter.aip.dev) to enable
+        # additional checks.
+        DECLARATIVE_FRIENDLY = 1
+      end
+    end
+
+    # Defines a proto annotation that describes a string field that refers to
+    # an API resource.
+    # @!attribute [rw] type
+    #   @return [::String]
+    #     The resource type that the annotated field references.
+    #
+    #     Example:
+    #
+    #         message Subscription {
+    #           string topic = 2 [(google.api.resource_reference) = {
+    #             type: "pubsub.googleapis.com/Topic"
+    #           }];
+    #         }
+    #
+    #     Occasionally, a field may reference an arbitrary resource. In this case,
+    #     APIs use the special value * in their resource reference.
+    #
+    #     Example:
+    #
+    #         message GetIamPolicyRequest {
+    #           string resource = 2 [(google.api.resource_reference) = {
+    #             type: "*"
+    #           }];
+    #         }
+    # @!attribute [rw] child_type
+    #   @return [::String]
+    #     The resource type of a child collection that the annotated field
+    #     references. This is useful for annotating the `parent` field that
+    #     doesn't have a fixed resource type.
+    #
+    #     Example:
+    #
+    #         message ListLogEntriesRequest {
+    #           string parent = 1 [(google.api.resource_reference) = {
+    #             child_type: "logging.googleapis.com/LogEntry"
+    #           };
+    #         }
+    class ResourceReference
+      include ::Google::Protobuf::MessageExts
+      extend ::Google::Protobuf::MessageExts::ClassMethods
+    end
+  end
+end

data/proto_docs/google/iam/v3/operation_metadata.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Iam
+    module V3
+      # Represents the metadata of the long-running operation.
+      # @!attribute [r] create_time
+      #   @return [::Google::Protobuf::Timestamp]
+      #     Output only. The time the operation was created.
+      # @!attribute [r] end_time
+      #   @return [::Google::Protobuf::Timestamp]
+      #     Output only. The time the operation finished running.
+      # @!attribute [r] target
+      #   @return [::String]
+      #     Output only. Server-defined resource path for the target of the
+      # @!attribute [r] verb
+      #   @return [::String]
+      #     Output only. Name of the verb executed by the operation.
+      # @!attribute [r] status_message
+      #   @return [::String]
+      #     Output only. Human-readable status of the operation, if any.
+      # @!attribute [r] requested_cancellation
+      #   @return [::Boolean]
+      #     Output only. Identifies whether the user has requested cancellation
+      #     of the operation. Operations that have successfully been cancelled
+      #     have [Operation.error][] value with a
+      #     {::Google::Rpc::Status#code google.rpc.Status.code} of 1, corresponding to
+      #     `Code.CANCELLED`.
+      # @!attribute [r] api_version
+      #   @return [::String]
+      #     Output only. API version used to start the operation.
+      class OperationMetadata
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+      end
+    end
+  end
+end

data/proto_docs/google/iam/v3/policy_binding_resources.rb

@@ -0,0 +1,171 @@
+# frozen_string_literal: true
+
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Iam
+    module V3
+      # IAM policy binding resource.
+      # @!attribute [rw] name
+      #   @return [::String]
+      #     Identifier. The name of the policy binding, in the format
+      #     `{binding_parent/locations/{location}/policyBindings/{policy_binding_id}`.
+      #     The binding parent is the closest Resource Manager resource (project,
+      #     folder, or organization) to the binding target.
+      #
+      #     Format:
+      #
+      #     * `projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}`
+      #     * `projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}`
+      #     * `folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}`
+      #     * `organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}`
+      # @!attribute [r] uid
+      #   @return [::String]
+      #     Output only. The globally unique ID of the policy binding. Assigned when
+      #     the policy binding is created.
+      # @!attribute [rw] etag
+      #   @return [::String]
+      #     Optional. The etag for the policy binding.
+      #     If this is provided on update, it must match the server's etag.
+      # @!attribute [rw] display_name
+      #   @return [::String]
+      #     Optional. The description of the policy binding. Must be less than or equal
+      #     to 63 characters.
+      # @!attribute [rw] annotations
+      #   @return [::Google::Protobuf::Map{::String => ::String}]
+      #     Optional. User-defined annotations. See
+      #     https://google.aip.dev/148#annotations for more details such as format and
+      #     size limitations
+      # @!attribute [rw] target
+      #   @return [::Google::Iam::V3::PolicyBinding::Target]
+      #     Required. Immutable. Target is the full resource name of the resource to
+      #     which the policy will be bound. Immutable once set.
+      # @!attribute [rw] policy_kind
+      #   @return [::Google::Iam::V3::PolicyBinding::PolicyKind]
+      #     Immutable. The kind of the policy to attach in this binding. This field
+      #     must be one of the following:
+      #
+      #     - Left empty (will be automatically set to the policy kind)
+      #     - The input policy kind
+      # @!attribute [rw] policy
+      #   @return [::String]
+      #     Required. Immutable. The resource name of the policy to be bound. The
+      #     binding parent and policy must belong to the same organization.
+      # @!attribute [r] policy_uid
+      #   @return [::String]
+      #     Output only. The globally unique ID of the policy to be bound.
+      # @!attribute [rw] condition
+      #   @return [::Google::Type::Expr]
+      #     Optional. The condition to apply to the policy binding. When set, the
+      #     `expression` field in the `Expr` must include from 1 to 10 subexpressions,
+      #     joined by the
+      #     "||"(Logical OR), "&&"(Logical AND) or "!"(Logical NOT) operators and
+      #     cannot contain more than 250 characters.
+      #
+      #     The condition is currently only supported when bound to policies of kind
+      #     principal access boundary.
+      #
+      #     When the bound policy is a principal access boundary policy, the only
+      #     supported attributes in any subexpression are `principal.type` and
+      #     `principal.subject`. An example expression is: "principal.type ==
+      #     'iam.googleapis.com/ServiceAccount'" or "principal.subject ==
+      #     'bob@example.com'".
+      #
+      #     Allowed operations for `principal.subject`:
+      #
+      #     - `principal.subject == <principal subject string>`
+      #     - `principal.subject != <principal subject string>`
+      #     - `principal.subject in [<list of principal subjects>]`
+      #     - `principal.subject.startsWith(<string>)`
+      #     - `principal.subject.endsWith(<string>)`
+      #
+      #     Allowed operations for `principal.type`:
+      #
+      #     - `principal.type == <principal type string>`
+      #     - `principal.type != <principal type string>`
+      #     - `principal.type in [<list of principal types>]`
+      #
+      #     Supported principal types are Workspace, Workforce Pool, Workload Pool and
+      #     Service Account. Allowed string must be one of:
+      #
+      #     - iam.googleapis.com/WorkspaceIdentity
+      #     - iam.googleapis.com/WorkforcePoolIdentity
+      #     - iam.googleapis.com/WorkloadPoolIdentity
+      #     - iam.googleapis.com/ServiceAccount
+      # @!attribute [r] create_time
+      #   @return [::Google::Protobuf::Timestamp]
+      #     Output only. The time when the policy binding was created.
+      # @!attribute [r] update_time
+      #   @return [::Google::Protobuf::Timestamp]
+      #     Output only. The time when the policy binding was most recently updated.
+      class PolicyBinding
+        include ::Google::Protobuf::MessageExts
+        extend ::Google::Protobuf::MessageExts::ClassMethods
+
+        # Target is the full resource name of the resource to which the policy will
+        # be bound. Immutable once set.
+        # @!attribute [rw] principal_set
+        #   @return [::String]
+        #     Immutable. Full Resource Name used for principal access boundary policy
+        #     bindings. The principal set must be directly parented by the policy
+        #     binding's parent or same as the parent if the target is a
+        #     project/folder/organization.
+        #
+        #     Examples:
+        #     * For binding's parented by an organization:
+        #       * Organization:
+        #       `//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID`
+        #       * Workforce Identity:
+        #       `//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID`
+        #       * Workspace Identity:
+        #       `//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID`
+        #     * For binding's parented by a folder:
+        #       * Folder:
+        #       `//cloudresourcemanager.googleapis.com/folders/FOLDER_ID`
+        #     * For binding's parented by a project:
+        #       * Project:
+        #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER`
+        #         * `//cloudresourcemanager.googleapis.com/projects/PROJECT_ID`
+        #       * Workload Identity Pool:
+        #       `//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID`
+        class Target
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # @!attribute [rw] key
+        #   @return [::String]
+        # @!attribute [rw] value
+        #   @return [::String]
+        class AnnotationsEntry
+          include ::Google::Protobuf::MessageExts
+          extend ::Google::Protobuf::MessageExts::ClassMethods
+        end
+
+        # Different policy kinds supported in this binding.
+        module PolicyKind
+          # Unspecified policy kind; Not a valid state
+          POLICY_KIND_UNSPECIFIED = 0
+
+          # Principal access boundary policy kind
+          PRINCIPAL_ACCESS_BOUNDARY = 1
+        end
+      end
+    end
+  end
+end