google-identity-access_context_manager-v1 0.2.0 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -27,15 +27,15 @@ module Google
27
27
  ##
28
28
  # Client for the AccessContextManager service.
29
29
  #
30
- # API for setting [Access Levels]
31
- # [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
32
- # Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
33
- # for Google Cloud Projects. Each organization has one [AccessPolicy]
34
- # [google.identity.accesscontextmanager.v1.AccessPolicy] containing the
35
- # [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
36
- # and [Service Perimeters]
30
+ # API for setting [access levels]
31
+ # [google.identity.accesscontextmanager.v1.AccessLevel] and [service
32
+ # perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
33
+ # for Google Cloud projects. Each organization has one [access policy]
34
+ # [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
35
+ # [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
36
+ # and [service perimeters]
37
37
  # [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
38
- # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
38
+ # [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
39
39
  # applicable to all resources in the organization.
40
40
  # AccessPolicies
41
41
  #
@@ -170,9 +170,9 @@ module Google
170
170
  # Service calls
171
171
 
172
172
  ##
173
- # List all [AccessPolicies]
174
- # [google.identity.accesscontextmanager.v1.AccessPolicy] under a
175
- # container.
173
+ # Lists all [access policies]
174
+ # [google.identity.accesscontextmanager.v1.AccessPolicy] in an
175
+ # organization.
176
176
  #
177
177
  # @overload list_access_policies(request, options = nil)
178
178
  # Pass arguments to `list_access_policies` via a request object, either of type
@@ -265,8 +265,8 @@ module Google
265
265
  end
266
266
 
267
267
  ##
268
- # Get an [AccessPolicy]
269
- # [google.identity.accesscontextmanager.v1.AccessPolicy] by name.
268
+ # Returns an [access policy]
269
+ # [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
270
270
  #
271
271
  # @overload get_access_policy(request, options = nil)
272
272
  # Pass arguments to `get_access_policy` via a request object, either of type
@@ -353,10 +353,10 @@ module Google
353
353
  end
354
354
 
355
355
  ##
356
- # Create an `AccessPolicy`. Fails if this organization already has a
357
- # `AccessPolicy`. The longrunning Operation will have a successful status
358
- # once the `AccessPolicy` has propagated to long-lasting storage.
359
- # Syntactic and basic semantic errors will be returned in `metadata` as a
356
+ # Creates an access policy. This method fails if the organization already has
357
+ # an access policy. The long-running operation has a successful status
358
+ # after the access policy propagates to long-lasting storage.
359
+ # Syntactic and basic semantic errors are returned in `metadata` as a
360
360
  # BadRequest proto.
361
361
  #
362
362
  # @overload create_access_policy(request, options = nil)
@@ -369,7 +369,7 @@ module Google
369
369
  # @param options [::Gapic::CallOptions, ::Hash]
370
370
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
371
371
  #
372
- # @overload create_access_policy(name: nil, parent: nil, title: nil, create_time: nil, update_time: nil, etag: nil)
372
+ # @overload create_access_policy(name: nil, parent: nil, title: nil, scopes: nil, create_time: nil, update_time: nil, etag: nil)
373
373
  # Pass arguments to `create_access_policy` via keyword arguments. Note that at
374
374
  # least one keyword argument is required. To specify no parameters, or to keep all
375
375
  # the default parameter values, pass an empty Hash as a request object (see above).
@@ -383,6 +383,21 @@ module Google
383
383
  # `organizations/{organization_id}`
384
384
  # @param title [::String]
385
385
  # Required. Human readable title. Does not affect behavior.
386
+ # @param scopes [::Array<::String>]
387
+ # The scopes of a policy define which resources an ACM policy can restrict,
388
+ # and where ACM resources can be referenced.
389
+ # For example, a policy with scopes=["folders/123"] has the following
390
+ # behavior:
391
+ # - vpcsc perimeters can only restrict projects within folders/123
392
+ # - access levels can only be referenced by resources within folders/123.
393
+ # If empty, there are no limitations on which resources can be restricted by
394
+ # an ACM policy, and there are no limitations on where ACM resources can be
395
+ # referenced.
396
+ # Only one policy can include a given scope (attempting to create a second
397
+ # policy which includes "folders/123" will result in an error).
398
+ # Currently, scopes cannot be modified after a policy is created.
399
+ # Currently, policies can only have a single scope.
400
+ # Format: list of `folders/{folder_number}` or `projects/{project_number}`
386
401
  # @param create_time [::Google::Protobuf::Timestamp, ::Hash]
387
402
  # Output only. Time the `AccessPolicy` was created in UTC.
388
403
  # @param update_time [::Google::Protobuf::Timestamp, ::Hash]
@@ -458,13 +473,12 @@ module Google
458
473
  end
459
474
 
460
475
  ##
461
- # Update an [AccessPolicy]
476
+ # Updates an [access policy]
462
477
  # [google.identity.accesscontextmanager.v1.AccessPolicy]. The
463
- # longrunning Operation from this RPC will have a successful status once the
464
- # changes to the [AccessPolicy]
465
- # [google.identity.accesscontextmanager.v1.AccessPolicy] have propagated
466
- # to long-lasting storage. Syntactic and basic semantic errors will be
467
- # returned in `metadata` as a BadRequest proto.
478
+ # long-running operation from this RPC has a successful status after the
479
+ # changes to the [access policy]
480
+ # [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
481
+ # to long-lasting storage.
468
482
  #
469
483
  # @overload update_access_policy(request, options = nil)
470
484
  # Pass arguments to `update_access_policy` via a request object, either of type
@@ -559,11 +573,11 @@ module Google
559
573
  end
560
574
 
561
575
  ##
562
- # Delete an [AccessPolicy]
563
- # [google.identity.accesscontextmanager.v1.AccessPolicy] by resource
564
- # name. The longrunning Operation will have a successful status once the
565
- # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy]
566
- # has been removed from long-lasting storage.
576
+ # Deletes an [access policy]
577
+ # [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
578
+ # resource name. The long-running operation has a successful status after the
579
+ # [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
580
+ # is removed from long-lasting storage.
567
581
  #
568
582
  # @overload delete_access_policy(request, options = nil)
569
583
  # Pass arguments to `delete_access_policy` via a request object, either of type
@@ -658,7 +672,7 @@ module Google
658
672
  end
659
673
 
660
674
  ##
661
- # List all [Access Levels]
675
+ # Lists all [access levels]
662
676
  # [google.identity.accesscontextmanager.v1.AccessLevel] for an access
663
677
  # policy.
664
678
  #
@@ -768,8 +782,8 @@ module Google
768
782
  end
769
783
 
770
784
  ##
771
- # Get an [Access Level]
772
- # [google.identity.accesscontextmanager.v1.AccessLevel] by resource
785
+ # Gets an [access level]
786
+ # [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
773
787
  # name.
774
788
  #
775
789
  # @overload get_access_level(request, options = nil)
@@ -868,13 +882,13 @@ module Google
868
882
  end
869
883
 
870
884
  ##
871
- # Create an [Access Level]
872
- # [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
873
- # operation from this RPC will have a successful status once the [Access
874
- # Level] [google.identity.accesscontextmanager.v1.AccessLevel] has
875
- # propagated to long-lasting storage. [Access Levels]
876
- # [google.identity.accesscontextmanager.v1.AccessLevel] containing
877
- # errors will result in an error response for the first error encountered.
885
+ # Creates an [access level]
886
+ # [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
887
+ # operation from this RPC has a successful status after the [access
888
+ # level] [google.identity.accesscontextmanager.v1.AccessLevel]
889
+ # propagates to long-lasting storage. If [access levels]
890
+ # [google.identity.accesscontextmanager.v1.AccessLevel] contain
891
+ # errors, an error response is returned for the first error encountered.
878
892
  #
879
893
  # @overload create_access_level(request, options = nil)
880
894
  # Pass arguments to `create_access_level` via a request object, either of type
@@ -976,14 +990,14 @@ module Google
976
990
  end
977
991
 
978
992
  ##
979
- # Update an [Access Level]
980
- # [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
981
- # operation from this RPC will have a successful status once the changes to
982
- # the [Access Level]
983
- # [google.identity.accesscontextmanager.v1.AccessLevel] have propagated
984
- # to long-lasting storage. [Access Levels]
985
- # [google.identity.accesscontextmanager.v1.AccessLevel] containing
986
- # errors will result in an error response for the first error encountered.
993
+ # Updates an [access level]
994
+ # [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
995
+ # operation from this RPC has a successful status after the changes to
996
+ # the [access level]
997
+ # [google.identity.accesscontextmanager.v1.AccessLevel] propagate
998
+ # to long-lasting storage. If [access levels]
999
+ # [google.identity.accesscontextmanager.v1.AccessLevel] contain
1000
+ # errors, an error response is returned for the first error encountered.
987
1001
  #
988
1002
  # @overload update_access_level(request, options = nil)
989
1003
  # Pass arguments to `update_access_level` via a request object, either of type
@@ -1082,10 +1096,10 @@ module Google
1082
1096
  end
1083
1097
 
1084
1098
  ##
1085
- # Delete an [Access Level]
1086
- # [google.identity.accesscontextmanager.v1.AccessLevel] by resource
1087
- # name. The longrunning operation from this RPC will have a successful status
1088
- # once the [Access Level]
1099
+ # Deletes an [access level]
1100
+ # [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
1101
+ # name. The long-running operation from this RPC has a successful status
1102
+ # after the [access level]
1089
1103
  # [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
1090
1104
  # from long-lasting storage.
1091
1105
  #
@@ -1184,22 +1198,22 @@ module Google
1184
1198
  end
1185
1199
 
1186
1200
  ##
1187
- # Replace all existing [Access Levels]
1188
- # [google.identity.accesscontextmanager.v1.AccessLevel] in an [Access
1189
- # Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
1190
- # the [Access Levels]
1201
+ # Replaces all existing [access levels]
1202
+ # [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
1203
+ # policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
1204
+ # the [access levels]
1191
1205
  # [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
1192
- # is done atomically. The longrunning operation from this RPC will have a
1193
- # successful status once all replacements have propagated to long-lasting
1194
- # storage. Replacements containing errors will result in an error response
1195
- # for the first error encountered. Replacement will be cancelled on error,
1196
- # existing [Access Levels]
1197
- # [google.identity.accesscontextmanager.v1.AccessLevel] will not be
1198
- # affected. Operation.response field will contain
1199
- # ReplaceAccessLevelsResponse. Removing [Access Levels]
1206
+ # is done atomically. The long-running operation from this RPC has a
1207
+ # successful status after all replacements propagate to long-lasting
1208
+ # storage. If the replacement contains errors, an error response is returned
1209
+ # for the first error encountered. Upon error, the replacement is cancelled,
1210
+ # and existing [access levels]
1211
+ # [google.identity.accesscontextmanager.v1.AccessLevel] are not
1212
+ # affected. The Operation.response field contains
1213
+ # ReplaceAccessLevelsResponse. Removing [access levels]
1200
1214
  # [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
1201
- # [Service Perimeters]
1202
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] will result in
1215
+ # [service perimeters]
1216
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
1203
1217
  # error.
1204
1218
  #
1205
1219
  # @overload replace_access_levels(request, options = nil)
@@ -1312,7 +1326,7 @@ module Google
1312
1326
  end
1313
1327
 
1314
1328
  ##
1315
- # List all [Service Perimeters]
1329
+ # Lists all [service perimeters]
1316
1330
  # [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
1317
1331
  # access policy.
1318
1332
  #
@@ -1418,9 +1432,9 @@ module Google
1418
1432
  end
1419
1433
 
1420
1434
  ##
1421
- # Get a [Service Perimeter]
1422
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
1423
- # name.
1435
+ # Gets a [service perimeter]
1436
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
1437
+ # resource name.
1424
1438
  #
1425
1439
  # @overload get_service_perimeter(request, options = nil)
1426
1440
  # Pass arguments to `get_service_perimeter` via a request object, either of type
@@ -1509,14 +1523,14 @@ module Google
1509
1523
  end
1510
1524
 
1511
1525
  ##
1512
- # Create a [Service Perimeter]
1526
+ # Creates a [service perimeter]
1513
1527
  # [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
1514
- # longrunning operation from this RPC will have a successful status once the
1515
- # [Service Perimeter]
1516
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] has
1517
- # propagated to long-lasting storage. [Service Perimeters]
1518
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
1519
- # errors will result in an error response for the first error encountered.
1528
+ # long-running operation from this RPC has a successful status after the
1529
+ # [service perimeter]
1530
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter]
1531
+ # propagates to long-lasting storage. If a [service perimeter]
1532
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
1533
+ # errors, an error response is returned for the first error encountered.
1520
1534
  #
1521
1535
  # @overload create_service_perimeter(request, options = nil)
1522
1536
  # Pass arguments to `create_service_perimeter` via a request object, either of type
@@ -1618,14 +1632,14 @@ module Google
1618
1632
  end
1619
1633
 
1620
1634
  ##
1621
- # Update a [Service Perimeter]
1635
+ # Updates a [service perimeter]
1622
1636
  # [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
1623
- # longrunning operation from this RPC will have a successful status once the
1624
- # changes to the [Service Perimeter]
1625
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] have
1626
- # propagated to long-lasting storage. [Service Perimeter]
1627
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
1628
- # errors will result in an error response for the first error encountered.
1637
+ # long-running operation from this RPC has a successful status after the
1638
+ # [service perimeter]
1639
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter]
1640
+ # propagates to long-lasting storage. If a [service perimeter]
1641
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
1642
+ # errors, an error response is returned for the first error encountered.
1629
1643
  #
1630
1644
  # @overload update_service_perimeter(request, options = nil)
1631
1645
  # Pass arguments to `update_service_perimeter` via a request object, either of type
@@ -1721,12 +1735,12 @@ module Google
1721
1735
  end
1722
1736
 
1723
1737
  ##
1724
- # Delete a [Service Perimeter]
1725
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
1726
- # name. The longrunning operation from this RPC will have a successful status
1727
- # once the [Service Perimeter]
1728
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] has been
1729
- # removed from long-lasting storage.
1738
+ # Deletes a [service perimeter]
1739
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
1740
+ # resource name. The long-running operation from this RPC has a successful
1741
+ # status after the [service perimeter]
1742
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
1743
+ # long-lasting storage.
1730
1744
  #
1731
1745
  # @overload delete_service_perimeter(request, options = nil)
1732
1746
  # Pass arguments to `delete_service_perimeter` via a request object, either of type
@@ -1823,18 +1837,18 @@ module Google
1823
1837
  end
1824
1838
 
1825
1839
  ##
1826
- # Replace all existing [Service Perimeters]
1827
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
1828
- # [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
1829
- # with the [Service Perimeters]
1830
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] provided.
1831
- # This is done atomically. The longrunning operation from this
1832
- # RPC will have a successful status once all replacements have propagated to
1833
- # long-lasting storage. Replacements containing errors will result in an
1834
- # error response for the first error encountered. Replacement will be
1835
- # cancelled on error, existing [Service Perimeters]
1836
- # [google.identity.accesscontextmanager.v1.ServicePerimeter] will not be
1837
- # affected. Operation.response field will contain
1840
+ # Replace all existing [service perimeters]
1841
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
1842
+ # policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
1843
+ # [service perimeters]
1844
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
1845
+ # is done atomically. The long-running operation from this RPC has a
1846
+ # successful status after all replacements propagate to long-lasting storage.
1847
+ # Replacements containing errors result in an error response for the first
1848
+ # error encountered. Upon an error, replacement are cancelled and existing
1849
+ # [service perimeters]
1850
+ # [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
1851
+ # affected. The Operation.response field contains
1838
1852
  # ReplaceServicePerimetersResponse.
1839
1853
  #
1840
1854
  # @overload replace_service_perimeters(request, options = nil)
@@ -1947,21 +1961,21 @@ module Google
1947
1961
  end
1948
1962
 
1949
1963
  ##
1950
- # Commit the dry-run spec for all the [Service Perimeters]
1964
+ # Commits the dry-run specification for all the [service perimeters]
1951
1965
  # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
1952
- # {::Google::Identity::AccessContextManager::V1::AccessPolicy Access Policy}.
1953
- # A commit operation on a Service Perimeter involves copying its `spec` field
1954
- # to that Service Perimeter's `status` field. Only [Service Perimeters]
1966
+ # {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
1967
+ # A commit operation on a service perimeter involves copying its `spec` field
1968
+ # to the `status` field of the service perimeter. Only [service perimeters]
1955
1969
  # [google.identity.accesscontextmanager.v1.ServicePerimeter] with
1956
1970
  # `use_explicit_dry_run_spec` field set to true are affected by a commit
1957
- # operation. The longrunning operation from this RPC will have a successful
1958
- # status once the dry-run specs for all the [Service Perimeters]
1971
+ # operation. The long-running operation from this RPC has a successful
1972
+ # status after the dry-run specifications for all the [service perimeters]
1959
1973
  # [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
1960
- # committed. If a commit fails, it will cause the longrunning operation to
1961
- # return an error response and the entire commit operation will be cancelled.
1962
- # When successful, Operation.response field will contain
1963
- # CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will
1964
- # be cleared after a successful commit operation.
1974
+ # committed. If a commit fails, it causes the long-running operation to
1975
+ # return an error response and the entire commit operation is cancelled.
1976
+ # When successful, the Operation.response field contains
1977
+ # CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
1978
+ # cleared after a successful commit operation.
1965
1979
  #
1966
1980
  # @overload commit_service_perimeters(request, options = nil)
1967
1981
  # Pass arguments to `commit_service_perimeters` via a request object, either of type
@@ -1988,7 +2002,7 @@ module Google
1988
2002
  # Format: `accessPolicies/{policy_id}`
1989
2003
  # @param etag [::String]
1990
2004
  # Optional. The etag for the version of the [Access Policy]
1991
- # [google.identity.accesscontextmanager.v1alpha.AccessPolicy] that this
2005
+ # [google.identity.accesscontextmanager.v1.AccessPolicy] that this
1992
2006
  # commit operation is to be performed on. If, at the time of commit, the
1993
2007
  # etag for the Access Policy stored in Access Context Manager is different
1994
2008
  # from the specified etag, then the commit operation will not be performed
@@ -2261,7 +2275,7 @@ module Google
2261
2275
  # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
2262
2276
  # client specifies a [name]
2263
2277
  # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
2264
- # the server will ignore it. Fails if a resource already exists with the same
2278
+ # the server ignores it. Fails if a resource already exists with the same
2265
2279
  # [group_key]
2266
2280
  # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
2267
2281
  # Completion of this long-running operation does not necessarily signify that
@@ -2563,6 +2577,294 @@ module Google
2563
2577
  raise ::Google::Cloud::Error.from_error(e)
2564
2578
  end
2565
2579
 
2580
+ ##
2581
+ # Sets the IAM policy for the specified Access Context Manager
2582
+ # {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
2583
+ # This method replaces the existing IAM policy on the access policy. The IAM
2584
+ # policy controls the set of users who can perform specific operations on the
2585
+ # Access Context Manager [access
2586
+ # policy][google.identity.accesscontextmanager.v1.AccessPolicy].
2587
+ #
2588
+ # @overload set_iam_policy(request, options = nil)
2589
+ # Pass arguments to `set_iam_policy` via a request object, either of type
2590
+ # {::Google::Iam::V1::SetIamPolicyRequest} or an equivalent Hash.
2591
+ #
2592
+ # @param request [::Google::Iam::V1::SetIamPolicyRequest, ::Hash]
2593
+ # A request object representing the call parameters. Required. To specify no
2594
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
2595
+ # @param options [::Gapic::CallOptions, ::Hash]
2596
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
2597
+ #
2598
+ # @overload set_iam_policy(resource: nil, policy: nil, update_mask: nil)
2599
+ # Pass arguments to `set_iam_policy` via keyword arguments. Note that at
2600
+ # least one keyword argument is required. To specify no parameters, or to keep all
2601
+ # the default parameter values, pass an empty Hash as a request object (see above).
2602
+ #
2603
+ # @param resource [::String]
2604
+ # REQUIRED: The resource for which the policy is being specified.
2605
+ # See the operation documentation for the appropriate value for this field.
2606
+ # @param policy [::Google::Iam::V1::Policy, ::Hash]
2607
+ # REQUIRED: The complete policy to be applied to the `resource`. The size of
2608
+ # the policy is limited to a few 10s of KB. An empty policy is a
2609
+ # valid policy but certain Cloud Platform services (such as Projects)
2610
+ # might reject them.
2611
+ # @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
2612
+ # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
2613
+ # the fields in the mask will be modified. If no mask is provided, the
2614
+ # following default mask is used:
2615
+ #
2616
+ # `paths: "bindings, etag"`
2617
+ #
2618
+ # @yield [response, operation] Access the result along with the RPC operation
2619
+ # @yieldparam response [::Google::Iam::V1::Policy]
2620
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
2621
+ #
2622
+ # @return [::Google::Iam::V1::Policy]
2623
+ #
2624
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
2625
+ #
2626
+ # @example Basic example
2627
+ # require "google/identity/access_context_manager/v1"
2628
+ #
2629
+ # # Create a client object. The client can be reused for multiple calls.
2630
+ # client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
2631
+ #
2632
+ # # Create a request. To set request fields, pass in keyword arguments.
2633
+ # request = Google::Iam::V1::SetIamPolicyRequest.new
2634
+ #
2635
+ # # Call the set_iam_policy method.
2636
+ # result = client.set_iam_policy request
2637
+ #
2638
+ # # The returned object is of type Google::Iam::V1::Policy.
2639
+ # p result
2640
+ #
2641
+ def set_iam_policy request, options = nil
2642
+ raise ::ArgumentError, "request must be provided" if request.nil?
2643
+
2644
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::SetIamPolicyRequest
2645
+
2646
+ # Converts hash and nil to an options object
2647
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
2648
+
2649
+ # Customize the options with defaults
2650
+ metadata = @config.rpcs.set_iam_policy.metadata.to_h
2651
+
2652
+ # Set x-goog-api-client and x-goog-user-project headers
2653
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
2654
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
2655
+ gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
2656
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
2657
+
2658
+ header_params = {}
2659
+ if request.resource
2660
+ header_params["resource"] = request.resource
2661
+ end
2662
+
2663
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
2664
+ metadata[:"x-goog-request-params"] ||= request_params_header
2665
+
2666
+ options.apply_defaults timeout: @config.rpcs.set_iam_policy.timeout,
2667
+ metadata: metadata,
2668
+ retry_policy: @config.rpcs.set_iam_policy.retry_policy
2669
+
2670
+ options.apply_defaults timeout: @config.timeout,
2671
+ metadata: @config.metadata,
2672
+ retry_policy: @config.retry_policy
2673
+
2674
+ @access_context_manager_stub.call_rpc :set_iam_policy, request, options: options do |response, operation|
2675
+ yield response, operation if block_given?
2676
+ return response
2677
+ end
2678
+ rescue ::GRPC::BadStatus => e
2679
+ raise ::Google::Cloud::Error.from_error(e)
2680
+ end
2681
+
2682
+ ##
2683
+ # Gets the IAM policy for the specified Access Context Manager
2684
+ # {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
2685
+ #
2686
+ # @overload get_iam_policy(request, options = nil)
2687
+ # Pass arguments to `get_iam_policy` via a request object, either of type
2688
+ # {::Google::Iam::V1::GetIamPolicyRequest} or an equivalent Hash.
2689
+ #
2690
+ # @param request [::Google::Iam::V1::GetIamPolicyRequest, ::Hash]
2691
+ # A request object representing the call parameters. Required. To specify no
2692
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
2693
+ # @param options [::Gapic::CallOptions, ::Hash]
2694
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
2695
+ #
2696
+ # @overload get_iam_policy(resource: nil, options: nil)
2697
+ # Pass arguments to `get_iam_policy` via keyword arguments. Note that at
2698
+ # least one keyword argument is required. To specify no parameters, or to keep all
2699
+ # the default parameter values, pass an empty Hash as a request object (see above).
2700
+ #
2701
+ # @param resource [::String]
2702
+ # REQUIRED: The resource for which the policy is being requested.
2703
+ # See the operation documentation for the appropriate value for this field.
2704
+ # @param options [::Google::Iam::V1::GetPolicyOptions, ::Hash]
2705
+ # OPTIONAL: A `GetPolicyOptions` object for specifying options to
2706
+ # `GetIamPolicy`.
2707
+ #
2708
+ # @yield [response, operation] Access the result along with the RPC operation
2709
+ # @yieldparam response [::Google::Iam::V1::Policy]
2710
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
2711
+ #
2712
+ # @return [::Google::Iam::V1::Policy]
2713
+ #
2714
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
2715
+ #
2716
+ # @example Basic example
2717
+ # require "google/identity/access_context_manager/v1"
2718
+ #
2719
+ # # Create a client object. The client can be reused for multiple calls.
2720
+ # client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
2721
+ #
2722
+ # # Create a request. To set request fields, pass in keyword arguments.
2723
+ # request = Google::Iam::V1::GetIamPolicyRequest.new
2724
+ #
2725
+ # # Call the get_iam_policy method.
2726
+ # result = client.get_iam_policy request
2727
+ #
2728
+ # # The returned object is of type Google::Iam::V1::Policy.
2729
+ # p result
2730
+ #
2731
+ def get_iam_policy request, options = nil
2732
+ raise ::ArgumentError, "request must be provided" if request.nil?
2733
+
2734
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::GetIamPolicyRequest
2735
+
2736
+ # Converts hash and nil to an options object
2737
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
2738
+
2739
+ # Customize the options with defaults
2740
+ metadata = @config.rpcs.get_iam_policy.metadata.to_h
2741
+
2742
+ # Set x-goog-api-client and x-goog-user-project headers
2743
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
2744
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
2745
+ gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
2746
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
2747
+
2748
+ header_params = {}
2749
+ if request.resource
2750
+ header_params["resource"] = request.resource
2751
+ end
2752
+
2753
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
2754
+ metadata[:"x-goog-request-params"] ||= request_params_header
2755
+
2756
+ options.apply_defaults timeout: @config.rpcs.get_iam_policy.timeout,
2757
+ metadata: metadata,
2758
+ retry_policy: @config.rpcs.get_iam_policy.retry_policy
2759
+
2760
+ options.apply_defaults timeout: @config.timeout,
2761
+ metadata: @config.metadata,
2762
+ retry_policy: @config.retry_policy
2763
+
2764
+ @access_context_manager_stub.call_rpc :get_iam_policy, request, options: options do |response, operation|
2765
+ yield response, operation if block_given?
2766
+ return response
2767
+ end
2768
+ rescue ::GRPC::BadStatus => e
2769
+ raise ::Google::Cloud::Error.from_error(e)
2770
+ end
2771
+
2772
+ ##
2773
+ # Returns the IAM permissions that the caller has on the specified Access
2774
+ # Context Manager resource. The resource can be an
2775
+ # {::Google::Identity::AccessContextManager::V1::AccessPolicy AccessPolicy},
2776
+ # {::Google::Identity::AccessContextManager::V1::AccessLevel AccessLevel}, or
2777
+ # [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
2778
+ # ]. This method does not support other resources.
2779
+ #
2780
+ # @overload test_iam_permissions(request, options = nil)
2781
+ # Pass arguments to `test_iam_permissions` via a request object, either of type
2782
+ # {::Google::Iam::V1::TestIamPermissionsRequest} or an equivalent Hash.
2783
+ #
2784
+ # @param request [::Google::Iam::V1::TestIamPermissionsRequest, ::Hash]
2785
+ # A request object representing the call parameters. Required. To specify no
2786
+ # parameters, or to keep all the default parameter values, pass an empty Hash.
2787
+ # @param options [::Gapic::CallOptions, ::Hash]
2788
+ # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
2789
+ #
2790
+ # @overload test_iam_permissions(resource: nil, permissions: nil)
2791
+ # Pass arguments to `test_iam_permissions` via keyword arguments. Note that at
2792
+ # least one keyword argument is required. To specify no parameters, or to keep all
2793
+ # the default parameter values, pass an empty Hash as a request object (see above).
2794
+ #
2795
+ # @param resource [::String]
2796
+ # REQUIRED: The resource for which the policy detail is being requested.
2797
+ # See the operation documentation for the appropriate value for this field.
2798
+ # @param permissions [::Array<::String>]
2799
+ # The set of permissions to check for the `resource`. Permissions with
2800
+ # wildcards (such as '*' or 'storage.*') are not allowed. For more
2801
+ # information see
2802
+ # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
2803
+ #
2804
+ # @yield [response, operation] Access the result along with the RPC operation
2805
+ # @yieldparam response [::Google::Iam::V1::TestIamPermissionsResponse]
2806
+ # @yieldparam operation [::GRPC::ActiveCall::Operation]
2807
+ #
2808
+ # @return [::Google::Iam::V1::TestIamPermissionsResponse]
2809
+ #
2810
+ # @raise [::Google::Cloud::Error] if the RPC is aborted.
2811
+ #
2812
+ # @example Basic example
2813
+ # require "google/identity/access_context_manager/v1"
2814
+ #
2815
+ # # Create a client object. The client can be reused for multiple calls.
2816
+ # client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
2817
+ #
2818
+ # # Create a request. To set request fields, pass in keyword arguments.
2819
+ # request = Google::Iam::V1::TestIamPermissionsRequest.new
2820
+ #
2821
+ # # Call the test_iam_permissions method.
2822
+ # result = client.test_iam_permissions request
2823
+ #
2824
+ # # The returned object is of type Google::Iam::V1::TestIamPermissionsResponse.
2825
+ # p result
2826
+ #
2827
+ def test_iam_permissions request, options = nil
2828
+ raise ::ArgumentError, "request must be provided" if request.nil?
2829
+
2830
+ request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::TestIamPermissionsRequest
2831
+
2832
+ # Converts hash and nil to an options object
2833
+ options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
2834
+
2835
+ # Customize the options with defaults
2836
+ metadata = @config.rpcs.test_iam_permissions.metadata.to_h
2837
+
2838
+ # Set x-goog-api-client and x-goog-user-project headers
2839
+ metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
2840
+ lib_name: @config.lib_name, lib_version: @config.lib_version,
2841
+ gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
2842
+ metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
2843
+
2844
+ header_params = {}
2845
+ if request.resource
2846
+ header_params["resource"] = request.resource
2847
+ end
2848
+
2849
+ request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
2850
+ metadata[:"x-goog-request-params"] ||= request_params_header
2851
+
2852
+ options.apply_defaults timeout: @config.rpcs.test_iam_permissions.timeout,
2853
+ metadata: metadata,
2854
+ retry_policy: @config.rpcs.test_iam_permissions.retry_policy
2855
+
2856
+ options.apply_defaults timeout: @config.timeout,
2857
+ metadata: @config.metadata,
2858
+ retry_policy: @config.retry_policy
2859
+
2860
+ @access_context_manager_stub.call_rpc :test_iam_permissions, request, options: options do |response, operation|
2861
+ yield response, operation if block_given?
2862
+ return response
2863
+ end
2864
+ rescue ::GRPC::BadStatus => e
2865
+ raise ::Google::Cloud::Error.from_error(e)
2866
+ end
2867
+
2566
2868
  ##
2567
2869
  # Configuration class for the AccessContextManager API.
2568
2870
  #
@@ -2813,6 +3115,21 @@ module Google
2813
3115
  # @return [::Gapic::Config::Method]
2814
3116
  #
2815
3117
  attr_reader :delete_gcp_user_access_binding
3118
+ ##
3119
+ # RPC-specific configuration for `set_iam_policy`
3120
+ # @return [::Gapic::Config::Method]
3121
+ #
3122
+ attr_reader :set_iam_policy
3123
+ ##
3124
+ # RPC-specific configuration for `get_iam_policy`
3125
+ # @return [::Gapic::Config::Method]
3126
+ #
3127
+ attr_reader :get_iam_policy
3128
+ ##
3129
+ # RPC-specific configuration for `test_iam_permissions`
3130
+ # @return [::Gapic::Config::Method]
3131
+ #
3132
+ attr_reader :test_iam_permissions
2816
3133
 
2817
3134
  # @private
2818
3135
  def initialize parent_rpcs = nil
@@ -2862,6 +3179,12 @@ module Google
2862
3179
  @update_gcp_user_access_binding = ::Gapic::Config::Method.new update_gcp_user_access_binding_config
2863
3180
  delete_gcp_user_access_binding_config = parent_rpcs.delete_gcp_user_access_binding if parent_rpcs.respond_to? :delete_gcp_user_access_binding
2864
3181
  @delete_gcp_user_access_binding = ::Gapic::Config::Method.new delete_gcp_user_access_binding_config
3182
+ set_iam_policy_config = parent_rpcs.set_iam_policy if parent_rpcs.respond_to? :set_iam_policy
3183
+ @set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
3184
+ get_iam_policy_config = parent_rpcs.get_iam_policy if parent_rpcs.respond_to? :get_iam_policy
3185
+ @get_iam_policy = ::Gapic::Config::Method.new get_iam_policy_config
3186
+ test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
3187
+ @test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
2865
3188
 
2866
3189
  yield self if block_given?
2867
3190
  end