google-identity-access_context_manager-v1 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -27,15 +27,15 @@ module Google
27
27
  ##
28
28
  # Client for the AccessContextManager service.
29
29
  #
30
- # API for setting [Access Levels]
31
- # [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
32
- # Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
33
- # for Google Cloud Projects. Each organization has one [AccessPolicy]
34
- # [google.identity.accesscontextmanager.v1.AccessPolicy] containing the
35
- # [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
36
- # and [Service Perimeters]
30
+ # API for setting [access levels]
31
+ # [google.identity.accesscontextmanager.v1.AccessLevel] and [service
32
+ # perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
33
+ # for Google Cloud projects. Each organization has one [access policy]
34
+ # [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
35
+ # [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
36
+ # and [service perimeters]
37
37
  # [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
38
- # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
38
+ # [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
39
39
  # applicable to all resources in the organization.
40
40
  # AccessPolicies
41
41
  #
@@ -170,9 +170,9 @@ module Google
170
170
  # Service calls
171
171
 
172
172
  ##
173
- # List all [AccessPolicies]
174
- # [google.identity.accesscontextmanager.v1.AccessPolicy] under a
175
- # container.
173
+ # Lists all [access policies]
174
+ # [google.identity.accesscontextmanager.v1.AccessPolicy] in an
175
+ # organization.
176
176
  #
177
177
  # @overload list_access_policies(request, options = nil)
178
178
  # Pass arguments to `list_access_policies` via a request object, either of type
@@ -265,8 +265,8 @@ module Google
265
265
  end
266
266
 
267
267
  ##
268
- # Get an [AccessPolicy]
269
- # [google.identity.accesscontextmanager.v1.AccessPolicy] by name.
268
+ # Returns an [access policy]
269
+ # [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
270
270
  #
271
271
  # @overload get_access_policy(request, options = nil)
272
272
  # Pass arguments to `get_access_policy` via a request object, either of type
@@ -353,10 +353,10 @@ module Google
353
353
  end
354
354
 
355
355
  ##
356
- # Create an `AccessPolicy`. Fails if this organization already has a
357
- # `AccessPolicy`. The longrunning Operation will have a successful status
358
- # once the `AccessPolicy` has propagated to long-lasting storage.
359
- # Syntactic and basic semantic errors will be returned in `metadata` as a
356
+ # Creates an access policy. This method fails if the organization already has
357
+ # an access policy. The long-running operation has a successful status
358
+ # after the access policy propagates to long-lasting storage.
359
+ # Syntactic and basic semantic errors are returned in `metadata` as a
360
360
  # BadRequest proto.
361
361
  #
362
362
  # @overload create_access_policy(request, options = nil)
@@ -369,7 +369,7 @@ module Google
369
369
  # @param options [::Gapic::CallOptions, ::Hash]
370
370
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
371
371
  #
372
- # @overload create_access_policy(name: nil, parent: nil, title: nil, create_time: nil, update_time: nil, etag: nil)
372
+ # @overload create_access_policy(name: nil, parent: nil, title: nil, scopes: nil, create_time: nil, update_time: nil, etag: nil)
373
373
  # Pass arguments to `create_access_policy` via keyword arguments. Note that at
374
374
  # least one keyword argument is required. To specify no parameters, or to keep all
375
375
  # the default parameter values, pass an empty Hash as a request object (see above).
@@ -383,6 +383,21 @@ module Google
383
383
  # `organizations/{organization_id}`
384
384
  # @param title [::String]
385
385
  # Required. Human readable title. Does not affect behavior.
386
+ # @param scopes [::Array<::String>]
387
+ # The scopes of a policy define which resources an ACM policy can restrict,
388
+ # and where ACM resources can be referenced.
389
+ # For example, a policy with scopes=["folders/123"] has the following
390
+ # behavior:
391
+ # - vpcsc perimeters can only restrict projects within folders/123
392
+ # - access levels can only be referenced by resources within folders/123.
393
+ # If empty, there are no limitations on which resources can be restricted by
394
+ # an ACM policy, and there are no limitations on where ACM resources can be
395
+ # referenced.
396
+ # Only one policy can include a given scope (attempting to create a second
397
+ # policy which includes "folders/123" will result in an error).
398
+ # Currently, scopes cannot be modified after a policy is created.
399
+ # Currently, policies can only have a single scope.
400
+ # Format: list of `folders/{folder_number}` or `projects/{project_number}`
386
401
  # @param create_time [::Google::Protobuf::Timestamp, ::Hash]
387
402
  # Output only. Time the `AccessPolicy` was created in UTC.
388
403
  # @param update_time [::Google::Protobuf::Timestamp, ::Hash]
@@ -458,13 +473,12 @@ module Google
458
473
  end
459
474
 
460
475
  ##
461
- # Update an [AccessPolicy]
476
+ # Updates an [access policy]
462
477
  # [google.identity.accesscontextmanager.v1.AccessPolicy]. The
463
- # longrunning Operation from this RPC will have a successful status once the
464
- # changes to the [AccessPolicy]
465
- # [google.identity.accesscontextmanager.v1.AccessPolicy] have propagated
466
- # to long-lasting storage. Syntactic and basic semantic errors will be
467
- # returned in `metadata` as a BadRequest proto.
478
+ # long-running operation from this RPC has a successful status after the
479
+ # changes to the [access policy]
480
+ # [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
481
+ # to long-lasting storage.
468
482
  #
469
483
  # @overload update_access_policy(request, options = nil)
470
484
  # Pass arguments to `update_access_policy` via a request object, either of type
@@ -559,11 +573,11 @@ module Google
559
573
  end
560
574
 
561
575
  ##
562
- # Delete an [AccessPolicy]
563
- # [google.identity.accesscontextmanager.v1.AccessPolicy] by resource
564
- # name. The longrunning Operation will have a successful status once the
565
- # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy]
566
- # has been removed from long-lasting storage.
576
+ # Deletes an [access policy]
577
+ # [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
578
+ # resource name. The long-running operation has a successful status after the
579
+ # [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
580
+ # is removed from long-lasting storage.
567
581
  #
568
582
  # @overload delete_access_policy(request, options = nil)
569
583
  # Pass arguments to `delete_access_policy` via a request object, either of type
@@ -658,7 +672,7 @@ module Google
658
672
  end
659
673
 
660
674
  ##
661
- # List all [Access Levels]
675
+ # Lists all [access levels]
662
676
  # [google.identity.accesscontextmanager.v1.AccessLevel] for an access
663
677
  # policy.
664
678
  #
@@ -768,8 +782,8 @@ module Google
768
782
  end
769
783
 
770
784
  ##
771
- # Get an [Access Level]
772
- # [google.identity.accesscontextmanager.v1.AccessLevel] by resource
785
+ # Gets an [access level]
786
+ # [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
773
787
  # name.
774
788
  #
775
789
  # @overload get_access_level(request, options = nil)
@@ -868,13 +882,13 @@ module Google
868
882
  end
869
883
 
870
884
  ##
871
- # Create an [Access Level]
872
- # [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
873
- # operation from this RPC will have a successful status once the [Access
874
- # Level] [google.identity.accesscontextmanager.v1.AccessLevel] has
875
- # propagated to long-lasting storage. [Access Levels]
876
- # [google.identity.accesscontextmanager.v1.AccessLevel] containing
877
- # errors will result in an error response for the first error encountered.
885
+ # Creates an [access level]
886
+ # [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
887
+ # operation from this RPC has a successful status after the [access
888
+ # level] [google.identity.accesscontextmanager.v1.AccessLevel]
889
+ # propagates to long-lasting storage. If [access levels]
890
+ # [google.identity.accesscontextmanager.v1.AccessLevel] contain
891
+ # errors, an error response is returned for the first error encountered.
878
892
  #
879
893
  # @overload create_access_level(request, options = nil)
880
894
  # Pass arguments to `create_access_level` via a request object, either of type
@@ -976,14 +990,14 @@ module Google
976
990
  end
977
991
 
978
992
  ##
979
- # Update an [Access Level]
980
- # [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
981
- # operation from this RPC will have a successful status once the changes to
982
- # the [Access Level]
983
- # [google.identity.accesscontextmanager.v1.AccessLevel] have propagated
984
- # to long-lasting storage. [Access Levels]
985
- # [google.identity.accesscontextmanager.v1.AccessLevel] containing
986
- # errors will result in an error response for the first error encountered.
993
+ # Updates an [access level]
994
+ # [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
995
+ # operation from this RPC has a successful status after the changes to
996
+ # the [access level]
997
+ # [google.identity.accesscontextmanager.v1.AccessLevel] propagate
998
+ # to long-lasting storage. If [access levels]
999
+ # [google.identity.accesscontextmanager.v1.AccessLevel] contain
1000
+ # errors, an error response is returned for the first error encountered.
987
1001
  #
988
1002
  # @overload update_access_level(request, options = nil)
989
1003
  # Pass arguments to `update_access_level` via a request object, either of type
@@ -1082,10 +1096,10 @@ module Google
1082
1096
  end
1083
1097
 
1084
1098
  ##
1085
- # Delete an [Access Level]
1086
- # [google.identity.accesscontextmanager.v1.AccessLevel] by resource
1087
- # name. The longrunning operation from this RPC will have a successful status
1088
- # once the [Access Level]
1099
+ # Deletes an [access level]
1100
+ # [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
1101
+ # name. The long-running operation from this RPC has a successful status
1102
+ # after the [access level]
1089
1103
  # [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
1090
1104
  # from long-lasting storage.
1091
1105
  #
@@ -1184,22 +1198,22 @@ module Google
1184
1198
  end
1185
1199
 
1186
1200
  ##
1187
- # Replace all existing [Access Levels]
1188
- # [google.identity.accesscontextmanager.v1.AccessLevel] in an [Access
1189
- # Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
1190
- # the [Access Levels]
1201
+ # Replaces all existing [access levels]
1202
+ # [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
1203
+ # policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
1204
+ # the [access levels]
1191
1205
  # [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
1192
- # is done atomically. The longrunning operation from this RPC will have a
1193
- # successful status once all replacements have propagated to long-lasting
1194
- # storage. Replacements containing errors will result in an error response
1195
- # for the first error encountered. Replacement will be cancelled on error,
1196
- # existing [Access Levels]
1197
- # [google.identity.accesscontextmanager.v1.AccessLevel] will not be
1198
- # affected. Operation.response field will contain
1199
- # ReplaceAccessLevelsResponse. Removing [Access Levels]
1206
+ # is done atomically. The long-running operation from this RPC has a
1207
+ # successful status after all replacements propagate to long-lasting
1208
+ # storage. If the replacement contains errors, an error response is returned
1209
+ # for the first error encountered. Upon error, the replacement is cancelled,
1210
+ # and existing [access levels]
1211
+ # [google.identity.accesscontextmanager.v1.AccessLevel] are not
1212
+ # affected. The Operation.response field contains
1213
+ # ReplaceAccessLevelsResponse. Removing [access levels]
1200
1214
  # [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
1201
- # [Service Perimeters]
1202
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] will result in
1215
+ # [service perimeters]
1216
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
1203
1217
  # error.
1204
1218
  #
1205
1219
  # @overload replace_access_levels(request, options = nil)
@@ -1312,7 +1326,7 @@ module Google
1312
1326
  end
1313
1327
 
1314
1328
  ##
1315
- # List all [Service Perimeters]
1329
+ # Lists all [service perimeters]
1316
1330
  # [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
1317
1331
  # access policy.
1318
1332
  #
@@ -1418,9 +1432,9 @@ module Google
1418
1432
  end
1419
1433
 
1420
1434
  ##
1421
- # Get a [Service Perimeter]
1422
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
1423
- # name.
1435
+ # Gets a [service perimeter]
1436
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
1437
+ # resource name.
1424
1438
  #
1425
1439
  # @overload get_service_perimeter(request, options = nil)
1426
1440
  # Pass arguments to `get_service_perimeter` via a request object, either of type
@@ -1509,14 +1523,14 @@ module Google
1509
1523
  end
1510
1524
 
1511
1525
  ##
1512
- # Create a [Service Perimeter]
1526
+ # Creates a [service perimeter]
1513
1527
  # [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
1514
- # longrunning operation from this RPC will have a successful status once the
1515
- # [Service Perimeter]
1516
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] has
1517
- # propagated to long-lasting storage. [Service Perimeters]
1518
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
1519
- # errors will result in an error response for the first error encountered.
1528
+ # long-running operation from this RPC has a successful status after the
1529
+ # [service perimeter]
1530
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter]
1531
+ # propagates to long-lasting storage. If a [service perimeter]
1532
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
1533
+ # errors, an error response is returned for the first error encountered.
1520
1534
  #
1521
1535
  # @overload create_service_perimeter(request, options = nil)
1522
1536
  # Pass arguments to `create_service_perimeter` via a request object, either of type
@@ -1618,14 +1632,14 @@ module Google
1618
1632
  end
1619
1633
 
1620
1634
  ##
1621
- # Update a [Service Perimeter]
1635
+ # Updates a [service perimeter]
1622
1636
  # [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
1623
- # longrunning operation from this RPC will have a successful status once the
1624
- # changes to the [Service Perimeter]
1625
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] have
1626
- # propagated to long-lasting storage. [Service Perimeter]
1627
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
1628
- # errors will result in an error response for the first error encountered.
1637
+ # long-running operation from this RPC has a successful status after the
1638
+ # [service perimeter]
1639
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter]
1640
+ # propagates to long-lasting storage. If a [service perimeter]
1641
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
1642
+ # errors, an error response is returned for the first error encountered.
1629
1643
  #
1630
1644
  # @overload update_service_perimeter(request, options = nil)
1631
1645
  # Pass arguments to `update_service_perimeter` via a request object, either of type
@@ -1721,12 +1735,12 @@ module Google
1721
1735
  end
1722
1736
 
1723
1737
  ##
1724
- # Delete a [Service Perimeter]
1725
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
1726
- # name. The longrunning operation from this RPC will have a successful status
1727
- # once the [Service Perimeter]
1728
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] has been
1729
- # removed from long-lasting storage.
1738
+ # Deletes a [service perimeter]
1739
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
1740
+ # resource name. The long-running operation from this RPC has a successful
1741
+ # status after the [service perimeter]
1742
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
1743
+ # long-lasting storage.
1730
1744
  #
1731
1745
  # @overload delete_service_perimeter(request, options = nil)
1732
1746
  # Pass arguments to `delete_service_perimeter` via a request object, either of type
@@ -1823,18 +1837,18 @@ module Google
1823
1837
  end
1824
1838
 
1825
1839
  ##
1826
- # Replace all existing [Service Perimeters]
1827
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
1828
- # [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
1829
- # with the [Service Perimeters]
1830
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] provided.
1831
- # This is done atomically. The longrunning operation from this
1832
- # RPC will have a successful status once all replacements have propagated to
1833
- # long-lasting storage. Replacements containing errors will result in an
1834
- # error response for the first error encountered. Replacement will be
1835
- # cancelled on error, existing [Service Perimeters]
1836
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] will not be
1837
- # affected. Operation.response field will contain
1840
+ # Replace all existing [service perimeters]
1841
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
1842
+ # policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
1843
+ # [service perimeters]
1844
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
1845
+ # is done atomically. The long-running operation from this RPC has a
1846
+ # successful status after all replacements propagate to long-lasting storage.
1847
+ # Replacements containing errors result in an error response for the first
1848
+ # error encountered. Upon an error, replacement are cancelled and existing
1849
+ # [service perimeters]
1850
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
1851
+ # affected. The Operation.response field contains
1838
1852
  # ReplaceServicePerimetersResponse.
1839
1853
  #
1840
1854
  # @overload replace_service_perimeters(request, options = nil)
@@ -1947,21 +1961,21 @@ module Google
1947
1961
  end
1948
1962
 
1949
1963
  ##
1950
- # Commit the dry-run spec for all the [Service Perimeters]
1964
+ # Commits the dry-run specification for all the [service perimeters]
1951
1965
  # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
1952
- # {::Google::Identity::AccessContextManager::V1::AccessPolicy Access Policy}.
1953
- # A commit operation on a Service Perimeter involves copying its `spec` field
1954
- # to that Service Perimeter's `status` field. Only [Service Perimeters]
1966
+ # {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
1967
+ # A commit operation on a service perimeter involves copying its `spec` field
1968
+ # to the `status` field of the service perimeter. Only [service perimeters]
1955
1969
  # [google.identity.accesscontextmanager.v1.ServicePerimeter] with
1956
1970
  # `use_explicit_dry_run_spec` field set to true are affected by a commit
1957
- # operation. The longrunning operation from this RPC will have a successful
1958
- # status once the dry-run specs for all the [Service Perimeters]
1971
+ # operation. The long-running operation from this RPC has a successful
1972
+ # status after the dry-run specifications for all the [service perimeters]
1959
1973
  # [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
1960
- # committed. If a commit fails, it will cause the longrunning operation to
1961
- # return an error response and the entire commit operation will be cancelled.
1962
- # When successful, Operation.response field will contain
1963
- # CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will
1964
- # be cleared after a successful commit operation.
1974
+ # committed. If a commit fails, it causes the long-running operation to
1975
+ # return an error response and the entire commit operation is cancelled.
1976
+ # When successful, the Operation.response field contains
1977
+ # CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
1978
+ # cleared after a successful commit operation.
1965
1979
  #
1966
1980
  # @overload commit_service_perimeters(request, options = nil)
1967
1981
  # Pass arguments to `commit_service_perimeters` via a request object, either of type
@@ -1988,7 +2002,7 @@ module Google
1988
2002
  # Format: `accessPolicies/{policy_id}`
1989
2003
  # @param etag [::String]
1990
2004
  # Optional. The etag for the version of the [Access Policy]
1991
- # [google.identity.accesscontextmanager.v1alpha.AccessPolicy] that this
2005
+ # [google.identity.accesscontextmanager.v1.AccessPolicy] that this
1992
2006
  # commit operation is to be performed on. If, at the time of commit, the
1993
2007
  # etag for the Access Policy stored in Access Context Manager is different
1994
2008
  # from the specified etag, then the commit operation will not be performed
@@ -2261,7 +2275,7 @@ module Google
2261
2275
  # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
2262
2276
  # client specifies a [name]
2263
2277
  # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
2264
- # the server will ignore it. Fails if a resource already exists with the same
2278
+ # the server ignores it. Fails if a resource already exists with the same
2265
2279
  # [group_key]
2266
2280
  # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
2267
2281
  # Completion of this long-running operation does not necessarily signify that
@@ -2563,6 +2577,294 @@ module Google
2563
2577
  raise ::Google::Cloud::Error.from_error(e)
2564
2578
  end
2565
2579
 
2580
+ ##
2581
+ # Sets the IAM policy for the specified Access Context Manager
2582
+ # {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
2583
+ # This method replaces the existing IAM policy on the access policy. The IAM
2584
+ # policy controls the set of users who can perform specific operations on the
2585
+ # Access Context Manager [access
2586
+ # policy][google.identity.accesscontextmanager.v1.AccessPolicy].
2587
+ #
2588
+ # @overload set_iam_policy(request, options = nil)
2589
+ # Pass arguments to `set_iam_policy` via a request object, either of type
2590
+ # {::Google::Iam::V1::SetIamPolicyRequest} or an equivalent Hash.
2591
+ #
2592
+ # @param request [::Google::Iam::V1::SetIamPolicyRequest, ::Hash]
2593
+ # A request object representing the call parameters. Required. To specify no
2594
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
2595
+ # @param options [::Gapic::CallOptions, ::Hash]
2596
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
2597
+ #
2598
+ # @overload set_iam_policy(resource: nil, policy: nil, update_mask: nil)
2599
+ # Pass arguments to `set_iam_policy` via keyword arguments. Note that at
2600
+ # least one keyword argument is required. To specify no parameters, or to keep all
2601
+ # the default parameter values, pass an empty Hash as a request object (see above).
2602
+ #
2603
+ # @param resource [::String]
2604
+ # REQUIRED: The resource for which the policy is being specified.
2605
+ # See the operation documentation for the appropriate value for this field.
2606
+ # @param policy [::Google::Iam::V1::Policy, ::Hash]
2607
+ # REQUIRED: The complete policy to be applied to the `resource`. The size of
2608
+ # the policy is limited to a few 10s of KB. An empty policy is a
2609
+ # valid policy but certain Cloud Platform services (such as Projects)
2610
+ # might reject them.
2611
+ # @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
2612
+ # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
2613
+ # the fields in the mask will be modified. If no mask is provided, the
2614
+ # following default mask is used:
2615
+ #
2616
+ # `paths: "bindings, etag"`
2617
+ #
2618
+ # @yield [response, operation] Access the result along with the RPC operation
2619
+ # @yieldparam response [::Google::Iam::V1::Policy]
2620
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
2621
+ #
2622
+ # @return [::Google::Iam::V1::Policy]
2623
+ #
2624
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
2625
+ #
2626
+ # @example Basic example
2627
+ # require "google/identity/access_context_manager/v1"
2628
+ #
2629
+ # # Create a client object. The client can be reused for multiple calls.
2630
+ # client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
2631
+ #
2632
+ # # Create a request. To set request fields, pass in keyword arguments.
2633
+ # request = Google::Iam::V1::SetIamPolicyRequest.new
2634
+ #
2635
+ # # Call the set_iam_policy method.
2636
+ # result = client.set_iam_policy request
2637
+ #
2638
+ # # The returned object is of type Google::Iam::V1::Policy.
2639
+ # p result
2640
+ #
2641
+ def set_iam_policy request, options = nil
2642
+ raise ::ArgumentError, "request must be provided" if request.nil?
2643
+
2644
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::SetIamPolicyRequest
2645
+
2646
+ # Converts hash and nil to an options object
2647
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
2648
+
2649
+ # Customize the options with defaults
2650
+ metadata = @config.rpcs.set_iam_policy.metadata.to_h
2651
+
2652
+ # Set x-goog-api-client and x-goog-user-project headers
2653
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
2654
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
2655
+ gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
2656
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
2657
+
2658
+ header_params = {}
2659
+ if request.resource
2660
+ header_params["resource"] = request.resource
2661
+ end
2662
+
2663
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
2664
+ metadata[:"x-goog-request-params"] ||= request_params_header
2665
+
2666
+ options.apply_defaults timeout: @config.rpcs.set_iam_policy.timeout,
2667
+ metadata: metadata,
2668
+ retry_policy: @config.rpcs.set_iam_policy.retry_policy
2669
+
2670
+ options.apply_defaults timeout: @config.timeout,
2671
+ metadata: @config.metadata,
2672
+ retry_policy: @config.retry_policy
2673
+
2674
+ @access_context_manager_stub.call_rpc :set_iam_policy, request, options: options do |response, operation|
2675
+ yield response, operation if block_given?
2676
+ return response
2677
+ end
2678
+ rescue ::GRPC::BadStatus => e
2679
+ raise ::Google::Cloud::Error.from_error(e)
2680
+ end
2681
+
2682
+ ##
2683
+ # Gets the IAM policy for the specified Access Context Manager
2684
+ # {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
2685
+ #
2686
+ # @overload get_iam_policy(request, options = nil)
2687
+ # Pass arguments to `get_iam_policy` via a request object, either of type
2688
+ # {::Google::Iam::V1::GetIamPolicyRequest} or an equivalent Hash.
2689
+ #
2690
+ # @param request [::Google::Iam::V1::GetIamPolicyRequest, ::Hash]
2691
+ # A request object representing the call parameters. Required. To specify no
2692
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
2693
+ # @param options [::Gapic::CallOptions, ::Hash]
2694
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
2695
+ #
2696
+ # @overload get_iam_policy(resource: nil, options: nil)
2697
+ # Pass arguments to `get_iam_policy` via keyword arguments. Note that at
2698
+ # least one keyword argument is required. To specify no parameters, or to keep all
2699
+ # the default parameter values, pass an empty Hash as a request object (see above).
2700
+ #
2701
+ # @param resource [::String]
2702
+ # REQUIRED: The resource for which the policy is being requested.
2703
+ # See the operation documentation for the appropriate value for this field.
2704
+ # @param options [::Google::Iam::V1::GetPolicyOptions, ::Hash]
2705
+ # OPTIONAL: A `GetPolicyOptions` object for specifying options to
2706
+ # `GetIamPolicy`.
2707
+ #
2708
+ # @yield [response, operation] Access the result along with the RPC operation
2709
+ # @yieldparam response [::Google::Iam::V1::Policy]
2710
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
2711
+ #
2712
+ # @return [::Google::Iam::V1::Policy]
2713
+ #
2714
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
2715
+ #
2716
+ # @example Basic example
2717
+ # require "google/identity/access_context_manager/v1"
2718
+ #
2719
+ # # Create a client object. The client can be reused for multiple calls.
2720
+ # client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
2721
+ #
2722
+ # # Create a request. To set request fields, pass in keyword arguments.
2723
+ # request = Google::Iam::V1::GetIamPolicyRequest.new
2724
+ #
2725
+ # # Call the get_iam_policy method.
2726
+ # result = client.get_iam_policy request
2727
+ #
2728
+ # # The returned object is of type Google::Iam::V1::Policy.
2729
+ # p result
2730
+ #
2731
+ def get_iam_policy request, options = nil
2732
+ raise ::ArgumentError, "request must be provided" if request.nil?
2733
+
2734
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::GetIamPolicyRequest
2735
+
2736
+ # Converts hash and nil to an options object
2737
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
2738
+
2739
+ # Customize the options with defaults
2740
+ metadata = @config.rpcs.get_iam_policy.metadata.to_h
2741
+
2742
+ # Set x-goog-api-client and x-goog-user-project headers
2743
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
2744
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
2745
+ gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
2746
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
2747
+
2748
+ header_params = {}
2749
+ if request.resource
2750
+ header_params["resource"] = request.resource
2751
+ end
2752
+
2753
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
2754
+ metadata[:"x-goog-request-params"] ||= request_params_header
2755
+
2756
+ options.apply_defaults timeout: @config.rpcs.get_iam_policy.timeout,
2757
+ metadata: metadata,
2758
+ retry_policy: @config.rpcs.get_iam_policy.retry_policy
2759
+
2760
+ options.apply_defaults timeout: @config.timeout,
2761
+ metadata: @config.metadata,
2762
+ retry_policy: @config.retry_policy
2763
+
2764
+ @access_context_manager_stub.call_rpc :get_iam_policy, request, options: options do |response, operation|
2765
+ yield response, operation if block_given?
2766
+ return response
2767
+ end
2768
+ rescue ::GRPC::BadStatus => e
2769
+ raise ::Google::Cloud::Error.from_error(e)
2770
+ end
2771
+
2772
+ ##
2773
+ # Returns the IAM permissions that the caller has on the specified Access
2774
+ # Context Manager resource. The resource can be an
2775
+ # {::Google::Identity::AccessContextManager::V1::AccessPolicy AccessPolicy},
2776
+ # {::Google::Identity::AccessContextManager::V1::AccessLevel AccessLevel}, or
2777
+ # [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
2778
+ # ]. This method does not support other resources.
2779
+ #
2780
+ # @overload test_iam_permissions(request, options = nil)
2781
+ # Pass arguments to `test_iam_permissions` via a request object, either of type
2782
+ # {::Google::Iam::V1::TestIamPermissionsRequest} or an equivalent Hash.
2783
+ #
2784
+ # @param request [::Google::Iam::V1::TestIamPermissionsRequest, ::Hash]
2785
+ # A request object representing the call parameters. Required. To specify no
2786
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
2787
+ # @param options [::Gapic::CallOptions, ::Hash]
2788
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
2789
+ #
2790
+ # @overload test_iam_permissions(resource: nil, permissions: nil)
2791
+ # Pass arguments to `test_iam_permissions` via keyword arguments. Note that at
2792
+ # least one keyword argument is required. To specify no parameters, or to keep all
2793
+ # the default parameter values, pass an empty Hash as a request object (see above).
2794
+ #
2795
+ # @param resource [::String]
2796
+ # REQUIRED: The resource for which the policy detail is being requested.
2797
+ # See the operation documentation for the appropriate value for this field.
2798
+ # @param permissions [::Array<::String>]
2799
+ # The set of permissions to check for the `resource`. Permissions with
2800
+ # wildcards (such as '*' or 'storage.*') are not allowed. For more
2801
+ # information see
2802
+ # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
2803
+ #
2804
+ # @yield [response, operation] Access the result along with the RPC operation
2805
+ # @yieldparam response [::Google::Iam::V1::TestIamPermissionsResponse]
2806
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
2807
+ #
2808
+ # @return [::Google::Iam::V1::TestIamPermissionsResponse]
2809
+ #
2810
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
2811
+ #
2812
+ # @example Basic example
2813
+ # require "google/identity/access_context_manager/v1"
2814
+ #
2815
+ # # Create a client object. The client can be reused for multiple calls.
2816
+ # client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
2817
+ #
2818
+ # # Create a request. To set request fields, pass in keyword arguments.
2819
+ # request = Google::Iam::V1::TestIamPermissionsRequest.new
2820
+ #
2821
+ # # Call the test_iam_permissions method.
2822
+ # result = client.test_iam_permissions request
2823
+ #
2824
+ # # The returned object is of type Google::Iam::V1::TestIamPermissionsResponse.
2825
+ # p result
2826
+ #
2827
+ def test_iam_permissions request, options = nil
2828
+ raise ::ArgumentError, "request must be provided" if request.nil?
2829
+
2830
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::TestIamPermissionsRequest
2831
+
2832
+ # Converts hash and nil to an options object
2833
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
2834
+
2835
+ # Customize the options with defaults
2836
+ metadata = @config.rpcs.test_iam_permissions.metadata.to_h
2837
+
2838
+ # Set x-goog-api-client and x-goog-user-project headers
2839
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
2840
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
2841
+ gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
2842
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
2843
+
2844
+ header_params = {}
2845
+ if request.resource
2846
+ header_params["resource"] = request.resource
2847
+ end
2848
+
2849
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
2850
+ metadata[:"x-goog-request-params"] ||= request_params_header
2851
+
2852
+ options.apply_defaults timeout: @config.rpcs.test_iam_permissions.timeout,
2853
+ metadata: metadata,
2854
+ retry_policy: @config.rpcs.test_iam_permissions.retry_policy
2855
+
2856
+ options.apply_defaults timeout: @config.timeout,
2857
+ metadata: @config.metadata,
2858
+ retry_policy: @config.retry_policy
2859
+
2860
+ @access_context_manager_stub.call_rpc :test_iam_permissions, request, options: options do |response, operation|
2861
+ yield response, operation if block_given?
2862
+ return response
2863
+ end
2864
+ rescue ::GRPC::BadStatus => e
2865
+ raise ::Google::Cloud::Error.from_error(e)
2866
+ end
2867
+
2566
2868
  ##
2567
2869
  # Configuration class for the AccessContextManager API.
2568
2870
  #
@@ -2813,6 +3115,21 @@ module Google
2813
3115
  # @return [::Gapic::Config::Method]
2814
3116
  #
2815
3117
  attr_reader :delete_gcp_user_access_binding
3118
+ ##
3119
+ # RPC-specific configuration for `set_iam_policy`
3120
+ # @return [::Gapic::Config::Method]
3121
+ #
3122
+ attr_reader :set_iam_policy
3123
+ ##
3124
+ # RPC-specific configuration for `get_iam_policy`
3125
+ # @return [::Gapic::Config::Method]
3126
+ #
3127
+ attr_reader :get_iam_policy
3128
+ ##
3129
+ # RPC-specific configuration for `test_iam_permissions`
3130
+ # @return [::Gapic::Config::Method]
3131
+ #
3132
+ attr_reader :test_iam_permissions
2816
3133
 
2817
3134
  # @private
2818
3135
  def initialize parent_rpcs = nil
@@ -2862,6 +3179,12 @@ module Google
2862
3179
  @update_gcp_user_access_binding = ::Gapic::Config::Method.new update_gcp_user_access_binding_config
2863
3180
  delete_gcp_user_access_binding_config = parent_rpcs.delete_gcp_user_access_binding if parent_rpcs.respond_to? :delete_gcp_user_access_binding
2864
3181
  @delete_gcp_user_access_binding = ::Gapic::Config::Method.new delete_gcp_user_access_binding_config
3182
+ set_iam_policy_config = parent_rpcs.set_iam_policy if parent_rpcs.respond_to? :set_iam_policy
3183
+ @set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
3184
+ get_iam_policy_config = parent_rpcs.get_iam_policy if parent_rpcs.respond_to? :get_iam_policy
3185
+ @get_iam_policy = ::Gapic::Config::Method.new get_iam_policy_config
3186
+ test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
3187
+ @test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
2865
3188
 
2866
3189
  yield self if block_given?
2867
3190
  end