google-identity-access_context_manager-v1 0.1.0

data/lib/google/identity/accesscontextmanager/v1/access_context_manager_services_pb.rb

@@ -0,0 +1,224 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# Source: google/identity/accesscontextmanager/v1/access_context_manager.proto for package 'Google.Identity.AccessContextManager.V1'
+# Original file comments:
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'grpc'
+require 'google/identity/accesscontextmanager/v1/access_context_manager_pb'
+
+module Google
+  module Identity
+    module AccessContextManager
+      module V1
+        module AccessContextManager
+          # API for setting [Access Levels]
+          # [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
+          # Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+          # for Google Cloud Projects. Each organization has one [AccessPolicy]
+          # [google.identity.accesscontextmanager.v1.AccessPolicy] containing the
+          # [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+          # and [Service Perimeters]
+          # [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
+          # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+          # applicable to all resources in the organization.
+          # AccessPolicies
+          class Service
+
+            include ::GRPC::GenericService
+
+            self.marshal_class_method = :encode
+            self.unmarshal_class_method = :decode
+            self.service_name = 'google.identity.accesscontextmanager.v1.AccessContextManager'
+
+            # List all [AccessPolicies]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] under a
+            # container.
+            rpc :ListAccessPolicies, ::Google::Identity::AccessContextManager::V1::ListAccessPoliciesRequest, ::Google::Identity::AccessContextManager::V1::ListAccessPoliciesResponse
+            # Get an [AccessPolicy]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] by name.
+            rpc :GetAccessPolicy, ::Google::Identity::AccessContextManager::V1::GetAccessPolicyRequest, ::Google::Identity::AccessContextManager::V1::AccessPolicy
+            # Create an `AccessPolicy`. Fails if this organization already has a
+            # `AccessPolicy`. The longrunning Operation will have a successful status
+            # once the `AccessPolicy` has propagated to long-lasting storage.
+            # Syntactic and basic semantic errors will be returned in `metadata` as a
+            # BadRequest proto.
+            rpc :CreateAccessPolicy, ::Google::Identity::AccessContextManager::V1::AccessPolicy, ::Google::Longrunning::Operation
+            # Update an [AccessPolicy]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy]. The
+            # longrunning Operation from this RPC will have a successful status once the
+            # changes to the [AccessPolicy]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] have propagated
+            # to long-lasting storage. Syntactic and basic semantic errors will be
+            # returned in `metadata` as a BadRequest proto.
+            rpc :UpdateAccessPolicy, ::Google::Identity::AccessContextManager::V1::UpdateAccessPolicyRequest, ::Google::Longrunning::Operation
+            # Delete an [AccessPolicy]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] by resource
+            # name. The longrunning Operation will have a successful status once the
+            # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy]
+            # has been removed from long-lasting storage.
+            rpc :DeleteAccessPolicy, ::Google::Identity::AccessContextManager::V1::DeleteAccessPolicyRequest, ::Google::Longrunning::Operation
+            # List all [Access Levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] for an access
+            # policy.
+            rpc :ListAccessLevels, ::Google::Identity::AccessContextManager::V1::ListAccessLevelsRequest, ::Google::Identity::AccessContextManager::V1::ListAccessLevelsResponse
+            # Get an [Access Level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] by resource
+            # name.
+            rpc :GetAccessLevel, ::Google::Identity::AccessContextManager::V1::GetAccessLevelRequest, ::Google::Identity::AccessContextManager::V1::AccessLevel
+            # Create an [Access Level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
+            # operation from this RPC will have a successful status once the [Access
+            # Level] [google.identity.accesscontextmanager.v1.AccessLevel] has
+            # propagated to long-lasting storage. [Access Levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] containing
+            # errors will result in an error response for the first error encountered.
+            rpc :CreateAccessLevel, ::Google::Identity::AccessContextManager::V1::CreateAccessLevelRequest, ::Google::Longrunning::Operation
+            # Update an [Access Level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
+            # operation from this RPC will have a successful status once the changes to
+            # the [Access Level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] have propagated
+            # to long-lasting storage. [Access Levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] containing
+            # errors will result in an error response for the first error encountered.
+            rpc :UpdateAccessLevel, ::Google::Identity::AccessContextManager::V1::UpdateAccessLevelRequest, ::Google::Longrunning::Operation
+            # Delete an [Access Level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] by resource
+            # name. The longrunning operation from this RPC will have a successful status
+            # once the [Access Level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
+            # from long-lasting storage.
+            rpc :DeleteAccessLevel, ::Google::Identity::AccessContextManager::V1::DeleteAccessLevelRequest, ::Google::Longrunning::Operation
+            # Replace all existing [Access Levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] in an [Access
+            # Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
+            # the [Access Levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
+            # is done atomically. The longrunning operation from this RPC will have a
+            # successful status once all replacements have propagated to long-lasting
+            # storage. Replacements containing errors will result in an error response
+            # for the first error encountered.  Replacement will be cancelled on error,
+            # existing [Access Levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] will not be
+            # affected. Operation.response field will contain
+            # ReplaceAccessLevelsResponse. Removing [Access Levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
+            # [Service Perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] will result in
+            # error.
+            rpc :ReplaceAccessLevels, ::Google::Identity::AccessContextManager::V1::ReplaceAccessLevelsRequest, ::Google::Longrunning::Operation
+            # List all [Service Perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
+            # access policy.
+            rpc :ListServicePerimeters, ::Google::Identity::AccessContextManager::V1::ListServicePerimetersRequest, ::Google::Identity::AccessContextManager::V1::ListServicePerimetersResponse
+            # Get a [Service Perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
+            # name.
+            rpc :GetServicePerimeter, ::Google::Identity::AccessContextManager::V1::GetServicePerimeterRequest, ::Google::Identity::AccessContextManager::V1::ServicePerimeter
+            # Create a [Service Perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+            # longrunning operation from this RPC will have a successful status once the
+            # [Service Perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] has
+            # propagated to long-lasting storage. [Service Perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
+            # errors will result in an error response for the first error encountered.
+            rpc :CreateServicePerimeter, ::Google::Identity::AccessContextManager::V1::CreateServicePerimeterRequest, ::Google::Longrunning::Operation
+            # Update a [Service Perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+            # longrunning operation from this RPC will have a successful status once the
+            # changes to the [Service Perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] have
+            # propagated to long-lasting storage. [Service Perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
+            # errors will result in an error response for the first error encountered.
+            rpc :UpdateServicePerimeter, ::Google::Identity::AccessContextManager::V1::UpdateServicePerimeterRequest, ::Google::Longrunning::Operation
+            # Delete a [Service Perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
+            # name. The longrunning operation from this RPC will have a successful status
+            # once the [Service Perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] has been
+            # removed from long-lasting storage.
+            rpc :DeleteServicePerimeter, ::Google::Identity::AccessContextManager::V1::DeleteServicePerimeterRequest, ::Google::Longrunning::Operation
+            # Replace all existing [Service Perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
+            # [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
+            # with the [Service Perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] provided.
+            # This is done atomically. The longrunning operation from this
+            # RPC will have a successful status once all replacements have propagated to
+            # long-lasting storage. Replacements containing errors will result in an
+            # error response for the first error encountered. Replacement will be
+            # cancelled on error, existing [Service Perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] will not be
+            # affected. Operation.response field will contain
+            # ReplaceServicePerimetersResponse.
+            rpc :ReplaceServicePerimeters, ::Google::Identity::AccessContextManager::V1::ReplaceServicePerimetersRequest, ::Google::Longrunning::Operation
+            # Commit the dry-run spec for all the [Service Perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
+            # [Access Policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+            # A commit operation on a Service Perimeter involves copying its `spec` field
+            # to that Service Perimeter's `status` field. Only [Service Perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] with
+            # `use_explicit_dry_run_spec` field set to true are affected by a commit
+            # operation. The longrunning operation from this RPC will have a successful
+            # status once the dry-run specs for all the [Service Perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
+            # committed. If a commit fails, it will cause the longrunning operation to
+            # return an error response and the entire commit operation will be cancelled.
+            # When successful, Operation.response field will contain
+            # CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will
+            # be cleared after a successful commit operation.
+            rpc :CommitServicePerimeters, ::Google::Identity::AccessContextManager::V1::CommitServicePerimetersRequest, ::Google::Longrunning::Operation
+            # Lists all [GcpUserAccessBindings]
+            # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] for a
+            # Google Cloud organization.
+            rpc :ListGcpUserAccessBindings, ::Google::Identity::AccessContextManager::V1::ListGcpUserAccessBindingsRequest, ::Google::Identity::AccessContextManager::V1::ListGcpUserAccessBindingsResponse
+            # Gets the [GcpUserAccessBinding]
+            # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] with
+            # the given name.
+            rpc :GetGcpUserAccessBinding, ::Google::Identity::AccessContextManager::V1::GetGcpUserAccessBindingRequest, ::Google::Identity::AccessContextManager::V1::GcpUserAccessBinding
+            # Creates a [GcpUserAccessBinding]
+            # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
+            # client specifies a [name]
+            # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
+            # the server will ignore it. Fails if a resource already exists with the same
+            # [group_key]
+            # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
+            # Completion of this long-running operation does not necessarily signify that
+            # the new binding is deployed onto all affected users, which may take more
+            # time.
+            rpc :CreateGcpUserAccessBinding, ::Google::Identity::AccessContextManager::V1::CreateGcpUserAccessBindingRequest, ::Google::Longrunning::Operation
+            # Updates a [GcpUserAccessBinding]
+            # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].
+            # Completion of this long-running operation does not necessarily signify that
+            # the changed binding is deployed onto all affected users, which may take
+            # more time.
+            rpc :UpdateGcpUserAccessBinding, ::Google::Identity::AccessContextManager::V1::UpdateGcpUserAccessBindingRequest, ::Google::Longrunning::Operation
+            # Deletes a [GcpUserAccessBinding]
+            # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].
+            # Completion of this long-running operation does not necessarily signify that
+            # the binding deletion is deployed onto all affected users, which may take
+            # more time.
+            rpc :DeleteGcpUserAccessBinding, ::Google::Identity::AccessContextManager::V1::DeleteGcpUserAccessBindingRequest, ::Google::Longrunning::Operation
+          end
+
+          Stub = Service.rpc_stub_class
+        end
+      end
+    end
+  end
+end

data/lib/google/identity/accesscontextmanager/v1/access_level_pb.rb

@@ -0,0 +1,73 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/identity/accesscontextmanager/v1/access_level.proto
+
+require 'google/protobuf'
+
+require 'google/api/resource_pb'
+require 'google/identity/accesscontextmanager/type/device_resources_pb'
+require 'google/protobuf/timestamp_pb'
+require 'google/type/expr_pb'
+require 'google/api/annotations_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/identity/accesscontextmanager/v1/access_level.proto", :syntax => :proto3) do
+    add_message "google.identity.accesscontextmanager.v1.AccessLevel" do
+      optional :name, :string, 1
+      optional :title, :string, 2
+      optional :description, :string, 3
+      optional :create_time, :message, 6, "google.protobuf.Timestamp"
+      optional :update_time, :message, 7, "google.protobuf.Timestamp"
+      oneof :level do
+        optional :basic, :message, 4, "google.identity.accesscontextmanager.v1.BasicLevel"
+        optional :custom, :message, 5, "google.identity.accesscontextmanager.v1.CustomLevel"
+      end
+    end
+    add_message "google.identity.accesscontextmanager.v1.BasicLevel" do
+      repeated :conditions, :message, 1, "google.identity.accesscontextmanager.v1.Condition"
+      optional :combining_function, :enum, 2, "google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction"
+    end
+    add_enum "google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction" do
+      value :AND, 0
+      value :OR, 1
+    end
+    add_message "google.identity.accesscontextmanager.v1.Condition" do
+      repeated :ip_subnetworks, :string, 1
+      optional :device_policy, :message, 2, "google.identity.accesscontextmanager.v1.DevicePolicy"
+      repeated :required_access_levels, :string, 3
+      optional :negate, :bool, 5
+      repeated :members, :string, 6
+      repeated :regions, :string, 7
+    end
+    add_message "google.identity.accesscontextmanager.v1.CustomLevel" do
+      optional :expr, :message, 1, "google.type.Expr"
+    end
+    add_message "google.identity.accesscontextmanager.v1.DevicePolicy" do
+      optional :require_screenlock, :bool, 1
+      repeated :allowed_encryption_statuses, :enum, 2, "google.identity.accesscontextmanager.type.DeviceEncryptionStatus"
+      repeated :os_constraints, :message, 3, "google.identity.accesscontextmanager.v1.OsConstraint"
+      repeated :allowed_device_management_levels, :enum, 6, "google.identity.accesscontextmanager.type.DeviceManagementLevel"
+      optional :require_admin_approval, :bool, 7
+      optional :require_corp_owned, :bool, 8
+    end
+    add_message "google.identity.accesscontextmanager.v1.OsConstraint" do
+      optional :os_type, :enum, 1, "google.identity.accesscontextmanager.type.OsType"
+      optional :minimum_version, :string, 2
+      optional :require_verified_chrome_os, :bool, 3
+    end
+  end
+end
+
+module Google
+  module Identity
+    module AccessContextManager
+      module V1
+        AccessLevel = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.AccessLevel").msgclass
+        BasicLevel = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.BasicLevel").msgclass
+        BasicLevel::ConditionCombiningFunction = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction").enummodule
+        Condition = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.Condition").msgclass
+        CustomLevel = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.CustomLevel").msgclass
+        DevicePolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.DevicePolicy").msgclass
+        OsConstraint = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.OsConstraint").msgclass
+      end
+    end
+  end
+end

data/lib/google/identity/accesscontextmanager/v1/access_policy_pb.rb

@@ -0,0 +1,30 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/identity/accesscontextmanager/v1/access_policy.proto
+
+require 'google/protobuf'
+
+require 'google/api/resource_pb'
+require 'google/protobuf/timestamp_pb'
+require 'google/api/annotations_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/identity/accesscontextmanager/v1/access_policy.proto", :syntax => :proto3) do
+    add_message "google.identity.accesscontextmanager.v1.AccessPolicy" do
+      optional :name, :string, 1
+      optional :parent, :string, 2
+      optional :title, :string, 3
+      optional :create_time, :message, 4, "google.protobuf.Timestamp"
+      optional :update_time, :message, 5, "google.protobuf.Timestamp"
+      optional :etag, :string, 6
+    end
+  end
+end
+
+module Google
+  module Identity
+    module AccessContextManager
+      module V1
+        AccessPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.AccessPolicy").msgclass
+      end
+    end
+  end
+end

data/lib/google/identity/accesscontextmanager/v1/gcp_user_access_binding_pb.rb

@@ -0,0 +1,27 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto
+
+require 'google/protobuf'
+
+require 'google/api/field_behavior_pb'
+require 'google/api/resource_pb'
+require 'google/api/annotations_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto", :syntax => :proto3) do
+    add_message "google.identity.accesscontextmanager.v1.GcpUserAccessBinding" do
+      optional :name, :string, 1
+      optional :group_key, :string, 2
+      repeated :access_levels, :string, 3
+    end
+  end
+end
+
+module Google
+  module Identity
+    module AccessContextManager
+      module V1
+        GcpUserAccessBinding = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.GcpUserAccessBinding").msgclass
+      end
+    end
+  end
+end

data/lib/google/identity/accesscontextmanager/v1/service_perimeter_pb.rb

@@ -0,0 +1,109 @@
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# source: google/identity/accesscontextmanager/v1/service_perimeter.proto
+
+require 'google/protobuf'
+
+require 'google/api/resource_pb'
+require 'google/protobuf/timestamp_pb'
+require 'google/api/annotations_pb'
+Google::Protobuf::DescriptorPool.generated_pool.build do
+  add_file("google/identity/accesscontextmanager/v1/service_perimeter.proto", :syntax => :proto3) do
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeter" do
+      optional :name, :string, 1
+      optional :title, :string, 2
+      optional :description, :string, 3
+      optional :create_time, :message, 4, "google.protobuf.Timestamp"
+      optional :update_time, :message, 5, "google.protobuf.Timestamp"
+      optional :perimeter_type, :enum, 6, "google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType"
+      optional :status, :message, 7, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig"
+      optional :spec, :message, 8, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig"
+      optional :use_explicit_dry_run_spec, :bool, 9
+    end
+    add_enum "google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType" do
+      value :PERIMETER_TYPE_REGULAR, 0
+      value :PERIMETER_TYPE_BRIDGE, 1
+    end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig" do
+      repeated :resources, :string, 1
+      repeated :access_levels, :string, 2
+      repeated :restricted_services, :string, 4
+      optional :vpc_accessible_services, :message, 10, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices"
+      repeated :ingress_policies, :message, 8, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy"
+      repeated :egress_policies, :message, 9, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy"
+    end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices" do
+      optional :enable_restriction, :bool, 1
+      repeated :allowed_services, :string, 2
+    end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector" do
+      oneof :kind do
+        optional :method, :string, 1
+        optional :permission, :string, 2
+      end
+    end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation" do
+      optional :service_name, :string, 1
+      repeated :method_selectors, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector"
+    end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource" do
+      oneof :source do
+        optional :access_level, :string, 1
+        optional :resource, :string, 2
+      end
+    end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo" do
+      repeated :resources, :string, 1
+      repeated :operations, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation"
+    end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom" do
+      repeated :sources, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource"
+      repeated :identities, :string, 2
+      optional :identity_type, :enum, 3, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType"
+    end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo" do
+      repeated :operations, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation"
+      repeated :resources, :string, 2
+    end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy" do
+      optional :ingress_from, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom"
+      optional :ingress_to, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo"
+    end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy" do
+      optional :egress_from, :message, 1, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom"
+      optional :egress_to, :message, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo"
+    end
+    add_message "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom" do
+      repeated :identities, :string, 1
+      optional :identity_type, :enum, 2, "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType"
+    end
+    add_enum "google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType" do
+      value :IDENTITY_TYPE_UNSPECIFIED, 0
+      value :ANY_IDENTITY, 1
+      value :ANY_USER_ACCOUNT, 2
+      value :ANY_SERVICE_ACCOUNT, 3
+    end
+  end
+end
+
+module Google
+  module Identity
+    module AccessContextManager
+      module V1
+        ServicePerimeter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeter").msgclass
+        ServicePerimeter::PerimeterType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType").enummodule
+        ServicePerimeterConfig = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig").msgclass
+        ServicePerimeterConfig::VpcAccessibleServices = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices").msgclass
+        ServicePerimeterConfig::MethodSelector = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector").msgclass
+        ServicePerimeterConfig::ApiOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation").msgclass
+        ServicePerimeterConfig::IngressSource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource").msgclass
+        ServicePerimeterConfig::EgressTo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo").msgclass
+        ServicePerimeterConfig::IngressFrom = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom").msgclass
+        ServicePerimeterConfig::IngressTo = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo").msgclass
+        ServicePerimeterConfig::IngressPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy").msgclass
+        ServicePerimeterConfig::EgressPolicy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy").msgclass
+        ServicePerimeterConfig::EgressFrom = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom").msgclass
+        ServicePerimeterConfig::IdentityType = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType").enummodule
+      end
+    end
+  end
+end

data/lib/google-identity-access_context_manager-v1.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+# This gem does not autoload during Bundler.require. To load this gem,
+# issue explicit require statements for the packages desired, e.g.:
+# require "google/identity/access_context_manager/v1"

data/proto_docs/README.md

@@ -0,0 +1,4 @@
+# Access Context Manager V1 Protocol Buffer Documentation
+
+These files are for the YARD documentation of the generated protobuf files.
+They are not intended to be required or loaded at runtime.

data/proto_docs/google/api/field_behavior.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
+
+
+module Google
+  module Api
+    # An indicator of the behavior of a given field (for example, that a field
+    # is required in requests, or given as output but ignored as input).
+    # This **does not** change the behavior in protocol buffers itself; it only
+    # denotes the behavior and may affect how API tooling handles the field.
+    #
+    # Note: This enum **may** receive new values in the future.
+    module FieldBehavior
+      # Conventional default for enums. Do not use this.
+      FIELD_BEHAVIOR_UNSPECIFIED = 0
+
+      # Specifically denotes a field as optional.
+      # While all fields in protocol buffers are optional, this may be specified
+      # for emphasis if appropriate.
+      OPTIONAL = 1
+
+      # Denotes a field as required.
+      # This indicates that the field **must** be provided as part of the request,
+      # and failure to do so will cause an error (usually `INVALID_ARGUMENT`).
+      REQUIRED = 2
+
+      # Denotes a field as output only.
+      # This indicates that the field is provided in responses, but including the
+      # field in a request does nothing (the server *must* ignore it and
+      # *must not* throw an error as a result of the field's presence).
+      OUTPUT_ONLY = 3
+
+      # Denotes a field as input only.
+      # This indicates that the field is provided in requests, and the
+      # corresponding field is not included in output.
+      INPUT_ONLY = 4
+
+      # Denotes a field as immutable.
+      # This indicates that the field may be set once in a request to create a
+      # resource, but may not be changed thereafter.
+      IMMUTABLE = 5
+
+      # Denotes that a (repeated) field is an unordered list.
+      # This indicates that the service may provide the elements of the list
+      # in any arbitrary  order, rather than the order the user originally
+      # provided. Additionally, the list's order may or may not be stable.
+      UNORDERED_LIST = 6
+
+      # Denotes that this field returns a non-empty default value if not set.
+      # This indicates that if the user provides the empty value in a request,
+      # a non-empty value will be returned. The user will not be aware of what
+      # non-empty value to expect.
+      NON_EMPTY_DEFAULT = 7
+    end
+  end
+end