google-identity-access_context_manager-v1 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +1 -1
- data/lib/google/identity/access_context_manager/v1/access_context_manager/client.rb +437 -114
- data/lib/google/identity/access_context_manager/v1/access_context_manager.rb +8 -8
- data/lib/google/identity/access_context_manager/v1/version.rb +1 -1
- data/lib/google/identity/accesscontextmanager/v1/access_context_manager_pb.rb +2 -0
- data/lib/google/identity/accesscontextmanager/v1/access_context_manager_services_pb.rb +128 -112
- data/lib/google/identity/accesscontextmanager/v1/access_policy_pb.rb +1 -0
- data/lib/google/identity/accesscontextmanager/v1/service_perimeter_pb.rb +11 -10
- data/proto_docs/google/iam/v1/iam_policy.rb +87 -0
- data/proto_docs/google/iam/v1/options.rb +50 -0
- data/proto_docs/google/iam/v1/policy.rb +418 -0
- data/proto_docs/google/identity/accesscontextmanager/v1/access_context_manager.rb +1 -1
- data/proto_docs/google/identity/accesscontextmanager/v1/access_policy.rb +16 -0
- data/proto_docs/google/identity/accesscontextmanager/v1/service_perimeter.rb +72 -64
- data/proto_docs/google/protobuf/empty.rb +0 -2
- metadata +21 -4
@@ -27,15 +27,15 @@ module Google
|
|
27
27
|
##
|
28
28
|
# Client for the AccessContextManager service.
|
29
29
|
#
|
30
|
-
# API for setting [
|
31
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel] and [
|
32
|
-
#
|
33
|
-
# for Google Cloud
|
34
|
-
# [google.identity.accesscontextmanager.v1.AccessPolicy]
|
35
|
-
# [
|
36
|
-
# and [
|
30
|
+
# API for setting [access levels]
|
31
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] and [service
|
32
|
+
# perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
33
|
+
# for Google Cloud projects. Each organization has one [access policy]
|
34
|
+
# [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
|
35
|
+
# [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
|
36
|
+
# and [service perimeters]
|
37
37
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
|
38
|
-
# [
|
38
|
+
# [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
|
39
39
|
# applicable to all resources in the organization.
|
40
40
|
# AccessPolicies
|
41
41
|
#
|
@@ -170,9 +170,9 @@ module Google
|
|
170
170
|
# Service calls
|
171
171
|
|
172
172
|
##
|
173
|
-
#
|
174
|
-
# [google.identity.accesscontextmanager.v1.AccessPolicy]
|
175
|
-
#
|
173
|
+
# Lists all [access policies]
|
174
|
+
# [google.identity.accesscontextmanager.v1.AccessPolicy] in an
|
175
|
+
# organization.
|
176
176
|
#
|
177
177
|
# @overload list_access_policies(request, options = nil)
|
178
178
|
# Pass arguments to `list_access_policies` via a request object, either of type
|
@@ -265,8 +265,8 @@ module Google
|
|
265
265
|
end
|
266
266
|
|
267
267
|
##
|
268
|
-
#
|
269
|
-
# [google.identity.accesscontextmanager.v1.AccessPolicy]
|
268
|
+
# Returns an [access policy]
|
269
|
+
# [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
|
270
270
|
#
|
271
271
|
# @overload get_access_policy(request, options = nil)
|
272
272
|
# Pass arguments to `get_access_policy` via a request object, either of type
|
@@ -353,10 +353,10 @@ module Google
|
|
353
353
|
end
|
354
354
|
|
355
355
|
##
|
356
|
-
#
|
357
|
-
#
|
358
|
-
#
|
359
|
-
# Syntactic and basic semantic errors
|
356
|
+
# Creates an access policy. This method fails if the organization already has
|
357
|
+
# an access policy. The long-running operation has a successful status
|
358
|
+
# after the access policy propagates to long-lasting storage.
|
359
|
+
# Syntactic and basic semantic errors are returned in `metadata` as a
|
360
360
|
# BadRequest proto.
|
361
361
|
#
|
362
362
|
# @overload create_access_policy(request, options = nil)
|
@@ -369,7 +369,7 @@ module Google
|
|
369
369
|
# @param options [::Gapic::CallOptions, ::Hash]
|
370
370
|
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
371
371
|
#
|
372
|
-
# @overload create_access_policy(name: nil, parent: nil, title: nil, create_time: nil, update_time: nil, etag: nil)
|
372
|
+
# @overload create_access_policy(name: nil, parent: nil, title: nil, scopes: nil, create_time: nil, update_time: nil, etag: nil)
|
373
373
|
# Pass arguments to `create_access_policy` via keyword arguments. Note that at
|
374
374
|
# least one keyword argument is required. To specify no parameters, or to keep all
|
375
375
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
@@ -383,6 +383,21 @@ module Google
|
|
383
383
|
# `organizations/{organization_id}`
|
384
384
|
# @param title [::String]
|
385
385
|
# Required. Human readable title. Does not affect behavior.
|
386
|
+
# @param scopes [::Array<::String>]
|
387
|
+
# The scopes of a policy define which resources an ACM policy can restrict,
|
388
|
+
# and where ACM resources can be referenced.
|
389
|
+
# For example, a policy with scopes=["folders/123"] has the following
|
390
|
+
# behavior:
|
391
|
+
# - vpcsc perimeters can only restrict projects within folders/123
|
392
|
+
# - access levels can only be referenced by resources within folders/123.
|
393
|
+
# If empty, there are no limitations on which resources can be restricted by
|
394
|
+
# an ACM policy, and there are no limitations on where ACM resources can be
|
395
|
+
# referenced.
|
396
|
+
# Only one policy can include a given scope (attempting to create a second
|
397
|
+
# policy which includes "folders/123" will result in an error).
|
398
|
+
# Currently, scopes cannot be modified after a policy is created.
|
399
|
+
# Currently, policies can only have a single scope.
|
400
|
+
# Format: list of `folders/{folder_number}` or `projects/{project_number}`
|
386
401
|
# @param create_time [::Google::Protobuf::Timestamp, ::Hash]
|
387
402
|
# Output only. Time the `AccessPolicy` was created in UTC.
|
388
403
|
# @param update_time [::Google::Protobuf::Timestamp, ::Hash]
|
@@ -458,13 +473,12 @@ module Google
|
|
458
473
|
end
|
459
474
|
|
460
475
|
##
|
461
|
-
#
|
476
|
+
# Updates an [access policy]
|
462
477
|
# [google.identity.accesscontextmanager.v1.AccessPolicy]. The
|
463
|
-
#
|
464
|
-
# changes to the [
|
465
|
-
# [google.identity.accesscontextmanager.v1.AccessPolicy]
|
466
|
-
# to long-lasting storage.
|
467
|
-
# returned in `metadata` as a BadRequest proto.
|
478
|
+
# long-running operation from this RPC has a successful status after the
|
479
|
+
# changes to the [access policy]
|
480
|
+
# [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
|
481
|
+
# to long-lasting storage.
|
468
482
|
#
|
469
483
|
# @overload update_access_policy(request, options = nil)
|
470
484
|
# Pass arguments to `update_access_policy` via a request object, either of type
|
@@ -559,11 +573,11 @@ module Google
|
|
559
573
|
end
|
560
574
|
|
561
575
|
##
|
562
|
-
#
|
563
|
-
# [google.identity.accesscontextmanager.v1.AccessPolicy]
|
564
|
-
# name. The
|
565
|
-
# [
|
566
|
-
#
|
576
|
+
# Deletes an [access policy]
|
577
|
+
# [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
|
578
|
+
# resource name. The long-running operation has a successful status after the
|
579
|
+
# [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
|
580
|
+
# is removed from long-lasting storage.
|
567
581
|
#
|
568
582
|
# @overload delete_access_policy(request, options = nil)
|
569
583
|
# Pass arguments to `delete_access_policy` via a request object, either of type
|
@@ -658,7 +672,7 @@ module Google
|
|
658
672
|
end
|
659
673
|
|
660
674
|
##
|
661
|
-
#
|
675
|
+
# Lists all [access levels]
|
662
676
|
# [google.identity.accesscontextmanager.v1.AccessLevel] for an access
|
663
677
|
# policy.
|
664
678
|
#
|
@@ -768,8 +782,8 @@ module Google
|
|
768
782
|
end
|
769
783
|
|
770
784
|
##
|
771
|
-
#
|
772
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]
|
785
|
+
# Gets an [access level]
|
786
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
|
773
787
|
# name.
|
774
788
|
#
|
775
789
|
# @overload get_access_level(request, options = nil)
|
@@ -868,13 +882,13 @@ module Google
|
|
868
882
|
end
|
869
883
|
|
870
884
|
##
|
871
|
-
#
|
872
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]. The
|
873
|
-
# operation from this RPC
|
874
|
-
#
|
875
|
-
#
|
876
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]
|
877
|
-
# errors
|
885
|
+
# Creates an [access level]
|
886
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
|
887
|
+
# operation from this RPC has a successful status after the [access
|
888
|
+
# level] [google.identity.accesscontextmanager.v1.AccessLevel]
|
889
|
+
# propagates to long-lasting storage. If [access levels]
|
890
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] contain
|
891
|
+
# errors, an error response is returned for the first error encountered.
|
878
892
|
#
|
879
893
|
# @overload create_access_level(request, options = nil)
|
880
894
|
# Pass arguments to `create_access_level` via a request object, either of type
|
@@ -976,14 +990,14 @@ module Google
|
|
976
990
|
end
|
977
991
|
|
978
992
|
##
|
979
|
-
#
|
980
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]. The
|
981
|
-
# operation from this RPC
|
982
|
-
# the [
|
983
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]
|
984
|
-
# to long-lasting storage. [
|
985
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]
|
986
|
-
# errors
|
993
|
+
# Updates an [access level]
|
994
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
|
995
|
+
# operation from this RPC has a successful status after the changes to
|
996
|
+
# the [access level]
|
997
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] propagate
|
998
|
+
# to long-lasting storage. If [access levels]
|
999
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] contain
|
1000
|
+
# errors, an error response is returned for the first error encountered.
|
987
1001
|
#
|
988
1002
|
# @overload update_access_level(request, options = nil)
|
989
1003
|
# Pass arguments to `update_access_level` via a request object, either of type
|
@@ -1082,10 +1096,10 @@ module Google
|
|
1082
1096
|
end
|
1083
1097
|
|
1084
1098
|
##
|
1085
|
-
#
|
1086
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]
|
1087
|
-
# name. The
|
1088
|
-
#
|
1099
|
+
# Deletes an [access level]
|
1100
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
|
1101
|
+
# name. The long-running operation from this RPC has a successful status
|
1102
|
+
# after the [access level]
|
1089
1103
|
# [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
|
1090
1104
|
# from long-lasting storage.
|
1091
1105
|
#
|
@@ -1184,22 +1198,22 @@ module Google
|
|
1184
1198
|
end
|
1185
1199
|
|
1186
1200
|
##
|
1187
|
-
#
|
1188
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel] in an [
|
1189
|
-
#
|
1190
|
-
# the [
|
1201
|
+
# Replaces all existing [access levels]
|
1202
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
|
1203
|
+
# policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
|
1204
|
+
# the [access levels]
|
1191
1205
|
# [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
|
1192
|
-
# is done atomically. The
|
1193
|
-
# successful status
|
1194
|
-
# storage.
|
1195
|
-
# for the first error encountered.
|
1196
|
-
# existing [
|
1197
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]
|
1198
|
-
# affected. Operation.response field
|
1199
|
-
# ReplaceAccessLevelsResponse. Removing [
|
1206
|
+
# is done atomically. The long-running operation from this RPC has a
|
1207
|
+
# successful status after all replacements propagate to long-lasting
|
1208
|
+
# storage. If the replacement contains errors, an error response is returned
|
1209
|
+
# for the first error encountered. Upon error, the replacement is cancelled,
|
1210
|
+
# and existing [access levels]
|
1211
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] are not
|
1212
|
+
# affected. The Operation.response field contains
|
1213
|
+
# ReplaceAccessLevelsResponse. Removing [access levels]
|
1200
1214
|
# [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
|
1201
|
-
# [
|
1202
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1215
|
+
# [service perimeters]
|
1216
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
|
1203
1217
|
# error.
|
1204
1218
|
#
|
1205
1219
|
# @overload replace_access_levels(request, options = nil)
|
@@ -1312,7 +1326,7 @@ module Google
|
|
1312
1326
|
end
|
1313
1327
|
|
1314
1328
|
##
|
1315
|
-
#
|
1329
|
+
# Lists all [service perimeters]
|
1316
1330
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
|
1317
1331
|
# access policy.
|
1318
1332
|
#
|
@@ -1418,9 +1432,9 @@ module Google
|
|
1418
1432
|
end
|
1419
1433
|
|
1420
1434
|
##
|
1421
|
-
#
|
1422
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1423
|
-
# name.
|
1435
|
+
# Gets a [service perimeter]
|
1436
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
|
1437
|
+
# resource name.
|
1424
1438
|
#
|
1425
1439
|
# @overload get_service_perimeter(request, options = nil)
|
1426
1440
|
# Pass arguments to `get_service_perimeter` via a request object, either of type
|
@@ -1509,14 +1523,14 @@ module Google
|
|
1509
1523
|
end
|
1510
1524
|
|
1511
1525
|
##
|
1512
|
-
#
|
1526
|
+
# Creates a [service perimeter]
|
1513
1527
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
|
1514
|
-
#
|
1515
|
-
# [
|
1516
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1517
|
-
#
|
1518
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1519
|
-
# errors
|
1528
|
+
# long-running operation from this RPC has a successful status after the
|
1529
|
+
# [service perimeter]
|
1530
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1531
|
+
# propagates to long-lasting storage. If a [service perimeter]
|
1532
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
|
1533
|
+
# errors, an error response is returned for the first error encountered.
|
1520
1534
|
#
|
1521
1535
|
# @overload create_service_perimeter(request, options = nil)
|
1522
1536
|
# Pass arguments to `create_service_perimeter` via a request object, either of type
|
@@ -1618,14 +1632,14 @@ module Google
|
|
1618
1632
|
end
|
1619
1633
|
|
1620
1634
|
##
|
1621
|
-
#
|
1635
|
+
# Updates a [service perimeter]
|
1622
1636
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
|
1623
|
-
#
|
1624
|
-
#
|
1625
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1626
|
-
#
|
1627
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1628
|
-
# errors
|
1637
|
+
# long-running operation from this RPC has a successful status after the
|
1638
|
+
# [service perimeter]
|
1639
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1640
|
+
# propagates to long-lasting storage. If a [service perimeter]
|
1641
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
|
1642
|
+
# errors, an error response is returned for the first error encountered.
|
1629
1643
|
#
|
1630
1644
|
# @overload update_service_perimeter(request, options = nil)
|
1631
1645
|
# Pass arguments to `update_service_perimeter` via a request object, either of type
|
@@ -1721,12 +1735,12 @@ module Google
|
|
1721
1735
|
end
|
1722
1736
|
|
1723
1737
|
##
|
1724
|
-
#
|
1725
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1726
|
-
# name. The
|
1727
|
-
#
|
1728
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1729
|
-
#
|
1738
|
+
# Deletes a [service perimeter]
|
1739
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
|
1740
|
+
# resource name. The long-running operation from this RPC has a successful
|
1741
|
+
# status after the [service perimeter]
|
1742
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
|
1743
|
+
# long-lasting storage.
|
1730
1744
|
#
|
1731
1745
|
# @overload delete_service_perimeter(request, options = nil)
|
1732
1746
|
# Pass arguments to `delete_service_perimeter` via a request object, either of type
|
@@ -1823,18 +1837,18 @@ module Google
|
|
1823
1837
|
end
|
1824
1838
|
|
1825
1839
|
##
|
1826
|
-
# Replace all existing [
|
1827
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
|
1828
|
-
#
|
1829
|
-
#
|
1830
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter] provided.
|
1831
|
-
#
|
1832
|
-
#
|
1833
|
-
#
|
1834
|
-
# error
|
1835
|
-
#
|
1836
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1837
|
-
# affected. Operation.response field
|
1840
|
+
# Replace all existing [service perimeters]
|
1841
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
|
1842
|
+
# policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
|
1843
|
+
# [service perimeters]
|
1844
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
|
1845
|
+
# is done atomically. The long-running operation from this RPC has a
|
1846
|
+
# successful status after all replacements propagate to long-lasting storage.
|
1847
|
+
# Replacements containing errors result in an error response for the first
|
1848
|
+
# error encountered. Upon an error, replacement are cancelled and existing
|
1849
|
+
# [service perimeters]
|
1850
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
|
1851
|
+
# affected. The Operation.response field contains
|
1838
1852
|
# ReplaceServicePerimetersResponse.
|
1839
1853
|
#
|
1840
1854
|
# @overload replace_service_perimeters(request, options = nil)
|
@@ -1947,21 +1961,21 @@ module Google
|
|
1947
1961
|
end
|
1948
1962
|
|
1949
1963
|
##
|
1950
|
-
#
|
1964
|
+
# Commits the dry-run specification for all the [service perimeters]
|
1951
1965
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
|
1952
|
-
# {::Google::Identity::AccessContextManager::V1::AccessPolicy
|
1953
|
-
# A commit operation on a
|
1954
|
-
# to
|
1966
|
+
# {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
|
1967
|
+
# A commit operation on a service perimeter involves copying its `spec` field
|
1968
|
+
# to the `status` field of the service perimeter. Only [service perimeters]
|
1955
1969
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter] with
|
1956
1970
|
# `use_explicit_dry_run_spec` field set to true are affected by a commit
|
1957
|
-
# operation. The
|
1958
|
-
# status
|
1971
|
+
# operation. The long-running operation from this RPC has a successful
|
1972
|
+
# status after the dry-run specifications for all the [service perimeters]
|
1959
1973
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
|
1960
|
-
# committed. If a commit fails, it
|
1961
|
-
# return an error response and the entire commit operation
|
1962
|
-
# When successful, Operation.response field
|
1963
|
-
# CommitServicePerimetersResponse. The `dry_run` and the `spec` fields
|
1964
|
-
#
|
1974
|
+
# committed. If a commit fails, it causes the long-running operation to
|
1975
|
+
# return an error response and the entire commit operation is cancelled.
|
1976
|
+
# When successful, the Operation.response field contains
|
1977
|
+
# CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
|
1978
|
+
# cleared after a successful commit operation.
|
1965
1979
|
#
|
1966
1980
|
# @overload commit_service_perimeters(request, options = nil)
|
1967
1981
|
# Pass arguments to `commit_service_perimeters` via a request object, either of type
|
@@ -1988,7 +2002,7 @@ module Google
|
|
1988
2002
|
# Format: `accessPolicies/{policy_id}`
|
1989
2003
|
# @param etag [::String]
|
1990
2004
|
# Optional. The etag for the version of the [Access Policy]
|
1991
|
-
# [google.identity.accesscontextmanager.
|
2005
|
+
# [google.identity.accesscontextmanager.v1.AccessPolicy] that this
|
1992
2006
|
# commit operation is to be performed on. If, at the time of commit, the
|
1993
2007
|
# etag for the Access Policy stored in Access Context Manager is different
|
1994
2008
|
# from the specified etag, then the commit operation will not be performed
|
@@ -2261,7 +2275,7 @@ module Google
|
|
2261
2275
|
# [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
|
2262
2276
|
# client specifies a [name]
|
2263
2277
|
# [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
|
2264
|
-
# the server
|
2278
|
+
# the server ignores it. Fails if a resource already exists with the same
|
2265
2279
|
# [group_key]
|
2266
2280
|
# [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
|
2267
2281
|
# Completion of this long-running operation does not necessarily signify that
|
@@ -2563,6 +2577,294 @@ module Google
|
|
2563
2577
|
raise ::Google::Cloud::Error.from_error(e)
|
2564
2578
|
end
|
2565
2579
|
|
2580
|
+
##
|
2581
|
+
# Sets the IAM policy for the specified Access Context Manager
|
2582
|
+
# {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
|
2583
|
+
# This method replaces the existing IAM policy on the access policy. The IAM
|
2584
|
+
# policy controls the set of users who can perform specific operations on the
|
2585
|
+
# Access Context Manager [access
|
2586
|
+
# policy][google.identity.accesscontextmanager.v1.AccessPolicy].
|
2587
|
+
#
|
2588
|
+
# @overload set_iam_policy(request, options = nil)
|
2589
|
+
# Pass arguments to `set_iam_policy` via a request object, either of type
|
2590
|
+
# {::Google::Iam::V1::SetIamPolicyRequest} or an equivalent Hash.
|
2591
|
+
#
|
2592
|
+
# @param request [::Google::Iam::V1::SetIamPolicyRequest, ::Hash]
|
2593
|
+
# A request object representing the call parameters. Required. To specify no
|
2594
|
+
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
2595
|
+
# @param options [::Gapic::CallOptions, ::Hash]
|
2596
|
+
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
2597
|
+
#
|
2598
|
+
# @overload set_iam_policy(resource: nil, policy: nil, update_mask: nil)
|
2599
|
+
# Pass arguments to `set_iam_policy` via keyword arguments. Note that at
|
2600
|
+
# least one keyword argument is required. To specify no parameters, or to keep all
|
2601
|
+
# the default parameter values, pass an empty Hash as a request object (see above).
|
2602
|
+
#
|
2603
|
+
# @param resource [::String]
|
2604
|
+
# REQUIRED: The resource for which the policy is being specified.
|
2605
|
+
# See the operation documentation for the appropriate value for this field.
|
2606
|
+
# @param policy [::Google::Iam::V1::Policy, ::Hash]
|
2607
|
+
# REQUIRED: The complete policy to be applied to the `resource`. The size of
|
2608
|
+
# the policy is limited to a few 10s of KB. An empty policy is a
|
2609
|
+
# valid policy but certain Cloud Platform services (such as Projects)
|
2610
|
+
# might reject them.
|
2611
|
+
# @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
|
2612
|
+
# OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
|
2613
|
+
# the fields in the mask will be modified. If no mask is provided, the
|
2614
|
+
# following default mask is used:
|
2615
|
+
#
|
2616
|
+
# `paths: "bindings, etag"`
|
2617
|
+
#
|
2618
|
+
# @yield [response, operation] Access the result along with the RPC operation
|
2619
|
+
# @yieldparam response [::Google::Iam::V1::Policy]
|
2620
|
+
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
2621
|
+
#
|
2622
|
+
# @return [::Google::Iam::V1::Policy]
|
2623
|
+
#
|
2624
|
+
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
2625
|
+
#
|
2626
|
+
# @example Basic example
|
2627
|
+
# require "google/identity/access_context_manager/v1"
|
2628
|
+
#
|
2629
|
+
# # Create a client object. The client can be reused for multiple calls.
|
2630
|
+
# client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
|
2631
|
+
#
|
2632
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
2633
|
+
# request = Google::Iam::V1::SetIamPolicyRequest.new
|
2634
|
+
#
|
2635
|
+
# # Call the set_iam_policy method.
|
2636
|
+
# result = client.set_iam_policy request
|
2637
|
+
#
|
2638
|
+
# # The returned object is of type Google::Iam::V1::Policy.
|
2639
|
+
# p result
|
2640
|
+
#
|
2641
|
+
def set_iam_policy request, options = nil
|
2642
|
+
raise ::ArgumentError, "request must be provided" if request.nil?
|
2643
|
+
|
2644
|
+
request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::SetIamPolicyRequest
|
2645
|
+
|
2646
|
+
# Converts hash and nil to an options object
|
2647
|
+
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
2648
|
+
|
2649
|
+
# Customize the options with defaults
|
2650
|
+
metadata = @config.rpcs.set_iam_policy.metadata.to_h
|
2651
|
+
|
2652
|
+
# Set x-goog-api-client and x-goog-user-project headers
|
2653
|
+
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
2654
|
+
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
2655
|
+
gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
|
2656
|
+
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
2657
|
+
|
2658
|
+
header_params = {}
|
2659
|
+
if request.resource
|
2660
|
+
header_params["resource"] = request.resource
|
2661
|
+
end
|
2662
|
+
|
2663
|
+
request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
|
2664
|
+
metadata[:"x-goog-request-params"] ||= request_params_header
|
2665
|
+
|
2666
|
+
options.apply_defaults timeout: @config.rpcs.set_iam_policy.timeout,
|
2667
|
+
metadata: metadata,
|
2668
|
+
retry_policy: @config.rpcs.set_iam_policy.retry_policy
|
2669
|
+
|
2670
|
+
options.apply_defaults timeout: @config.timeout,
|
2671
|
+
metadata: @config.metadata,
|
2672
|
+
retry_policy: @config.retry_policy
|
2673
|
+
|
2674
|
+
@access_context_manager_stub.call_rpc :set_iam_policy, request, options: options do |response, operation|
|
2675
|
+
yield response, operation if block_given?
|
2676
|
+
return response
|
2677
|
+
end
|
2678
|
+
rescue ::GRPC::BadStatus => e
|
2679
|
+
raise ::Google::Cloud::Error.from_error(e)
|
2680
|
+
end
|
2681
|
+
|
2682
|
+
##
|
2683
|
+
# Gets the IAM policy for the specified Access Context Manager
|
2684
|
+
# {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
|
2685
|
+
#
|
2686
|
+
# @overload get_iam_policy(request, options = nil)
|
2687
|
+
# Pass arguments to `get_iam_policy` via a request object, either of type
|
2688
|
+
# {::Google::Iam::V1::GetIamPolicyRequest} or an equivalent Hash.
|
2689
|
+
#
|
2690
|
+
# @param request [::Google::Iam::V1::GetIamPolicyRequest, ::Hash]
|
2691
|
+
# A request object representing the call parameters. Required. To specify no
|
2692
|
+
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
2693
|
+
# @param options [::Gapic::CallOptions, ::Hash]
|
2694
|
+
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
2695
|
+
#
|
2696
|
+
# @overload get_iam_policy(resource: nil, options: nil)
|
2697
|
+
# Pass arguments to `get_iam_policy` via keyword arguments. Note that at
|
2698
|
+
# least one keyword argument is required. To specify no parameters, or to keep all
|
2699
|
+
# the default parameter values, pass an empty Hash as a request object (see above).
|
2700
|
+
#
|
2701
|
+
# @param resource [::String]
|
2702
|
+
# REQUIRED: The resource for which the policy is being requested.
|
2703
|
+
# See the operation documentation for the appropriate value for this field.
|
2704
|
+
# @param options [::Google::Iam::V1::GetPolicyOptions, ::Hash]
|
2705
|
+
# OPTIONAL: A `GetPolicyOptions` object for specifying options to
|
2706
|
+
# `GetIamPolicy`.
|
2707
|
+
#
|
2708
|
+
# @yield [response, operation] Access the result along with the RPC operation
|
2709
|
+
# @yieldparam response [::Google::Iam::V1::Policy]
|
2710
|
+
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
2711
|
+
#
|
2712
|
+
# @return [::Google::Iam::V1::Policy]
|
2713
|
+
#
|
2714
|
+
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
2715
|
+
#
|
2716
|
+
# @example Basic example
|
2717
|
+
# require "google/identity/access_context_manager/v1"
|
2718
|
+
#
|
2719
|
+
# # Create a client object. The client can be reused for multiple calls.
|
2720
|
+
# client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
|
2721
|
+
#
|
2722
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
2723
|
+
# request = Google::Iam::V1::GetIamPolicyRequest.new
|
2724
|
+
#
|
2725
|
+
# # Call the get_iam_policy method.
|
2726
|
+
# result = client.get_iam_policy request
|
2727
|
+
#
|
2728
|
+
# # The returned object is of type Google::Iam::V1::Policy.
|
2729
|
+
# p result
|
2730
|
+
#
|
2731
|
+
def get_iam_policy request, options = nil
|
2732
|
+
raise ::ArgumentError, "request must be provided" if request.nil?
|
2733
|
+
|
2734
|
+
request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::GetIamPolicyRequest
|
2735
|
+
|
2736
|
+
# Converts hash and nil to an options object
|
2737
|
+
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
2738
|
+
|
2739
|
+
# Customize the options with defaults
|
2740
|
+
metadata = @config.rpcs.get_iam_policy.metadata.to_h
|
2741
|
+
|
2742
|
+
# Set x-goog-api-client and x-goog-user-project headers
|
2743
|
+
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
2744
|
+
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
2745
|
+
gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
|
2746
|
+
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
2747
|
+
|
2748
|
+
header_params = {}
|
2749
|
+
if request.resource
|
2750
|
+
header_params["resource"] = request.resource
|
2751
|
+
end
|
2752
|
+
|
2753
|
+
request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
|
2754
|
+
metadata[:"x-goog-request-params"] ||= request_params_header
|
2755
|
+
|
2756
|
+
options.apply_defaults timeout: @config.rpcs.get_iam_policy.timeout,
|
2757
|
+
metadata: metadata,
|
2758
|
+
retry_policy: @config.rpcs.get_iam_policy.retry_policy
|
2759
|
+
|
2760
|
+
options.apply_defaults timeout: @config.timeout,
|
2761
|
+
metadata: @config.metadata,
|
2762
|
+
retry_policy: @config.retry_policy
|
2763
|
+
|
2764
|
+
@access_context_manager_stub.call_rpc :get_iam_policy, request, options: options do |response, operation|
|
2765
|
+
yield response, operation if block_given?
|
2766
|
+
return response
|
2767
|
+
end
|
2768
|
+
rescue ::GRPC::BadStatus => e
|
2769
|
+
raise ::Google::Cloud::Error.from_error(e)
|
2770
|
+
end
|
2771
|
+
|
2772
|
+
##
|
2773
|
+
# Returns the IAM permissions that the caller has on the specified Access
|
2774
|
+
# Context Manager resource. The resource can be an
|
2775
|
+
# {::Google::Identity::AccessContextManager::V1::AccessPolicy AccessPolicy},
|
2776
|
+
# {::Google::Identity::AccessContextManager::V1::AccessLevel AccessLevel}, or
|
2777
|
+
# [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
|
2778
|
+
# ]. This method does not support other resources.
|
2779
|
+
#
|
2780
|
+
# @overload test_iam_permissions(request, options = nil)
|
2781
|
+
# Pass arguments to `test_iam_permissions` via a request object, either of type
|
2782
|
+
# {::Google::Iam::V1::TestIamPermissionsRequest} or an equivalent Hash.
|
2783
|
+
#
|
2784
|
+
# @param request [::Google::Iam::V1::TestIamPermissionsRequest, ::Hash]
|
2785
|
+
# A request object representing the call parameters. Required. To specify no
|
2786
|
+
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
2787
|
+
# @param options [::Gapic::CallOptions, ::Hash]
|
2788
|
+
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
2789
|
+
#
|
2790
|
+
# @overload test_iam_permissions(resource: nil, permissions: nil)
|
2791
|
+
# Pass arguments to `test_iam_permissions` via keyword arguments. Note that at
|
2792
|
+
# least one keyword argument is required. To specify no parameters, or to keep all
|
2793
|
+
# the default parameter values, pass an empty Hash as a request object (see above).
|
2794
|
+
#
|
2795
|
+
# @param resource [::String]
|
2796
|
+
# REQUIRED: The resource for which the policy detail is being requested.
|
2797
|
+
# See the operation documentation for the appropriate value for this field.
|
2798
|
+
# @param permissions [::Array<::String>]
|
2799
|
+
# The set of permissions to check for the `resource`. Permissions with
|
2800
|
+
# wildcards (such as '*' or 'storage.*') are not allowed. For more
|
2801
|
+
# information see
|
2802
|
+
# [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
|
2803
|
+
#
|
2804
|
+
# @yield [response, operation] Access the result along with the RPC operation
|
2805
|
+
# @yieldparam response [::Google::Iam::V1::TestIamPermissionsResponse]
|
2806
|
+
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
2807
|
+
#
|
2808
|
+
# @return [::Google::Iam::V1::TestIamPermissionsResponse]
|
2809
|
+
#
|
2810
|
+
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
2811
|
+
#
|
2812
|
+
# @example Basic example
|
2813
|
+
# require "google/identity/access_context_manager/v1"
|
2814
|
+
#
|
2815
|
+
# # Create a client object. The client can be reused for multiple calls.
|
2816
|
+
# client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
|
2817
|
+
#
|
2818
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
2819
|
+
# request = Google::Iam::V1::TestIamPermissionsRequest.new
|
2820
|
+
#
|
2821
|
+
# # Call the test_iam_permissions method.
|
2822
|
+
# result = client.test_iam_permissions request
|
2823
|
+
#
|
2824
|
+
# # The returned object is of type Google::Iam::V1::TestIamPermissionsResponse.
|
2825
|
+
# p result
|
2826
|
+
#
|
2827
|
+
def test_iam_permissions request, options = nil
|
2828
|
+
raise ::ArgumentError, "request must be provided" if request.nil?
|
2829
|
+
|
2830
|
+
request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::TestIamPermissionsRequest
|
2831
|
+
|
2832
|
+
# Converts hash and nil to an options object
|
2833
|
+
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
2834
|
+
|
2835
|
+
# Customize the options with defaults
|
2836
|
+
metadata = @config.rpcs.test_iam_permissions.metadata.to_h
|
2837
|
+
|
2838
|
+
# Set x-goog-api-client and x-goog-user-project headers
|
2839
|
+
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
2840
|
+
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
2841
|
+
gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
|
2842
|
+
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
2843
|
+
|
2844
|
+
header_params = {}
|
2845
|
+
if request.resource
|
2846
|
+
header_params["resource"] = request.resource
|
2847
|
+
end
|
2848
|
+
|
2849
|
+
request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
|
2850
|
+
metadata[:"x-goog-request-params"] ||= request_params_header
|
2851
|
+
|
2852
|
+
options.apply_defaults timeout: @config.rpcs.test_iam_permissions.timeout,
|
2853
|
+
metadata: metadata,
|
2854
|
+
retry_policy: @config.rpcs.test_iam_permissions.retry_policy
|
2855
|
+
|
2856
|
+
options.apply_defaults timeout: @config.timeout,
|
2857
|
+
metadata: @config.metadata,
|
2858
|
+
retry_policy: @config.retry_policy
|
2859
|
+
|
2860
|
+
@access_context_manager_stub.call_rpc :test_iam_permissions, request, options: options do |response, operation|
|
2861
|
+
yield response, operation if block_given?
|
2862
|
+
return response
|
2863
|
+
end
|
2864
|
+
rescue ::GRPC::BadStatus => e
|
2865
|
+
raise ::Google::Cloud::Error.from_error(e)
|
2866
|
+
end
|
2867
|
+
|
2566
2868
|
##
|
2567
2869
|
# Configuration class for the AccessContextManager API.
|
2568
2870
|
#
|
@@ -2813,6 +3115,21 @@ module Google
|
|
2813
3115
|
# @return [::Gapic::Config::Method]
|
2814
3116
|
#
|
2815
3117
|
attr_reader :delete_gcp_user_access_binding
|
3118
|
+
##
|
3119
|
+
# RPC-specific configuration for `set_iam_policy`
|
3120
|
+
# @return [::Gapic::Config::Method]
|
3121
|
+
#
|
3122
|
+
attr_reader :set_iam_policy
|
3123
|
+
##
|
3124
|
+
# RPC-specific configuration for `get_iam_policy`
|
3125
|
+
# @return [::Gapic::Config::Method]
|
3126
|
+
#
|
3127
|
+
attr_reader :get_iam_policy
|
3128
|
+
##
|
3129
|
+
# RPC-specific configuration for `test_iam_permissions`
|
3130
|
+
# @return [::Gapic::Config::Method]
|
3131
|
+
#
|
3132
|
+
attr_reader :test_iam_permissions
|
2816
3133
|
|
2817
3134
|
# @private
|
2818
3135
|
def initialize parent_rpcs = nil
|
@@ -2862,6 +3179,12 @@ module Google
|
|
2862
3179
|
@update_gcp_user_access_binding = ::Gapic::Config::Method.new update_gcp_user_access_binding_config
|
2863
3180
|
delete_gcp_user_access_binding_config = parent_rpcs.delete_gcp_user_access_binding if parent_rpcs.respond_to? :delete_gcp_user_access_binding
|
2864
3181
|
@delete_gcp_user_access_binding = ::Gapic::Config::Method.new delete_gcp_user_access_binding_config
|
3182
|
+
set_iam_policy_config = parent_rpcs.set_iam_policy if parent_rpcs.respond_to? :set_iam_policy
|
3183
|
+
@set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
|
3184
|
+
get_iam_policy_config = parent_rpcs.get_iam_policy if parent_rpcs.respond_to? :get_iam_policy
|
3185
|
+
@get_iam_policy = ::Gapic::Config::Method.new get_iam_policy_config
|
3186
|
+
test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
|
3187
|
+
@test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
|
2865
3188
|
|
2866
3189
|
yield self if block_given?
|
2867
3190
|
end
|