google-identity-access_context_manager-v1 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +1 -1
- data/lib/google/identity/access_context_manager/v1/access_context_manager/client.rb +437 -114
- data/lib/google/identity/access_context_manager/v1/access_context_manager.rb +8 -8
- data/lib/google/identity/access_context_manager/v1/version.rb +1 -1
- data/lib/google/identity/accesscontextmanager/v1/access_context_manager_pb.rb +2 -0
- data/lib/google/identity/accesscontextmanager/v1/access_context_manager_services_pb.rb +128 -112
- data/lib/google/identity/accesscontextmanager/v1/access_policy_pb.rb +1 -0
- data/lib/google/identity/accesscontextmanager/v1/service_perimeter_pb.rb +11 -10
- data/proto_docs/google/iam/v1/iam_policy.rb +87 -0
- data/proto_docs/google/iam/v1/options.rb +50 -0
- data/proto_docs/google/iam/v1/policy.rb +418 -0
- data/proto_docs/google/identity/accesscontextmanager/v1/access_context_manager.rb +1 -1
- data/proto_docs/google/identity/accesscontextmanager/v1/access_policy.rb +16 -0
- data/proto_docs/google/identity/accesscontextmanager/v1/service_perimeter.rb +72 -64
- data/proto_docs/google/protobuf/empty.rb +0 -2
- metadata +21 -4
@@ -27,15 +27,15 @@ module Google
|
|
27
27
|
##
|
28
28
|
# Client for the AccessContextManager service.
|
29
29
|
#
|
30
|
-
# API for setting [
|
31
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel] and [
|
32
|
-
#
|
33
|
-
# for Google Cloud
|
34
|
-
# [google.identity.accesscontextmanager.v1.AccessPolicy]
|
35
|
-
# [
|
36
|
-
# and [
|
30
|
+
# API for setting [access levels]
|
31
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] and [service
|
32
|
+
# perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
33
|
+
# for Google Cloud projects. Each organization has one [access policy]
|
34
|
+
# [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
|
35
|
+
# [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
|
36
|
+
# and [service perimeters]
|
37
37
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
|
38
|
-
# [
|
38
|
+
# [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
|
39
39
|
# applicable to all resources in the organization.
|
40
40
|
# AccessPolicies
|
41
41
|
#
|
@@ -170,9 +170,9 @@ module Google
|
|
170
170
|
# Service calls
|
171
171
|
|
172
172
|
##
|
173
|
-
#
|
174
|
-
# [google.identity.accesscontextmanager.v1.AccessPolicy]
|
175
|
-
#
|
173
|
+
# Lists all [access policies]
|
174
|
+
# [google.identity.accesscontextmanager.v1.AccessPolicy] in an
|
175
|
+
# organization.
|
176
176
|
#
|
177
177
|
# @overload list_access_policies(request, options = nil)
|
178
178
|
# Pass arguments to `list_access_policies` via a request object, either of type
|
@@ -265,8 +265,8 @@ module Google
|
|
265
265
|
end
|
266
266
|
|
267
267
|
##
|
268
|
-
#
|
269
|
-
# [google.identity.accesscontextmanager.v1.AccessPolicy]
|
268
|
+
# Returns an [access policy]
|
269
|
+
# [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
|
270
270
|
#
|
271
271
|
# @overload get_access_policy(request, options = nil)
|
272
272
|
# Pass arguments to `get_access_policy` via a request object, either of type
|
@@ -353,10 +353,10 @@ module Google
|
|
353
353
|
end
|
354
354
|
|
355
355
|
##
|
356
|
-
#
|
357
|
-
#
|
358
|
-
#
|
359
|
-
# Syntactic and basic semantic errors
|
356
|
+
# Creates an access policy. This method fails if the organization already has
|
357
|
+
# an access policy. The long-running operation has a successful status
|
358
|
+
# after the access policy propagates to long-lasting storage.
|
359
|
+
# Syntactic and basic semantic errors are returned in `metadata` as a
|
360
360
|
# BadRequest proto.
|
361
361
|
#
|
362
362
|
# @overload create_access_policy(request, options = nil)
|
@@ -369,7 +369,7 @@ module Google
|
|
369
369
|
# @param options [::Gapic::CallOptions, ::Hash]
|
370
370
|
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
371
371
|
#
|
372
|
-
# @overload create_access_policy(name: nil, parent: nil, title: nil, create_time: nil, update_time: nil, etag: nil)
|
372
|
+
# @overload create_access_policy(name: nil, parent: nil, title: nil, scopes: nil, create_time: nil, update_time: nil, etag: nil)
|
373
373
|
# Pass arguments to `create_access_policy` via keyword arguments. Note that at
|
374
374
|
# least one keyword argument is required. To specify no parameters, or to keep all
|
375
375
|
# the default parameter values, pass an empty Hash as a request object (see above).
|
@@ -383,6 +383,21 @@ module Google
|
|
383
383
|
# `organizations/{organization_id}`
|
384
384
|
# @param title [::String]
|
385
385
|
# Required. Human readable title. Does not affect behavior.
|
386
|
+
# @param scopes [::Array<::String>]
|
387
|
+
# The scopes of a policy define which resources an ACM policy can restrict,
|
388
|
+
# and where ACM resources can be referenced.
|
389
|
+
# For example, a policy with scopes=["folders/123"] has the following
|
390
|
+
# behavior:
|
391
|
+
# - vpcsc perimeters can only restrict projects within folders/123
|
392
|
+
# - access levels can only be referenced by resources within folders/123.
|
393
|
+
# If empty, there are no limitations on which resources can be restricted by
|
394
|
+
# an ACM policy, and there are no limitations on where ACM resources can be
|
395
|
+
# referenced.
|
396
|
+
# Only one policy can include a given scope (attempting to create a second
|
397
|
+
# policy which includes "folders/123" will result in an error).
|
398
|
+
# Currently, scopes cannot be modified after a policy is created.
|
399
|
+
# Currently, policies can only have a single scope.
|
400
|
+
# Format: list of `folders/{folder_number}` or `projects/{project_number}`
|
386
401
|
# @param create_time [::Google::Protobuf::Timestamp, ::Hash]
|
387
402
|
# Output only. Time the `AccessPolicy` was created in UTC.
|
388
403
|
# @param update_time [::Google::Protobuf::Timestamp, ::Hash]
|
@@ -458,13 +473,12 @@ module Google
|
|
458
473
|
end
|
459
474
|
|
460
475
|
##
|
461
|
-
#
|
476
|
+
# Updates an [access policy]
|
462
477
|
# [google.identity.accesscontextmanager.v1.AccessPolicy]. The
|
463
|
-
#
|
464
|
-
# changes to the [
|
465
|
-
# [google.identity.accesscontextmanager.v1.AccessPolicy]
|
466
|
-
# to long-lasting storage.
|
467
|
-
# returned in `metadata` as a BadRequest proto.
|
478
|
+
# long-running operation from this RPC has a successful status after the
|
479
|
+
# changes to the [access policy]
|
480
|
+
# [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
|
481
|
+
# to long-lasting storage.
|
468
482
|
#
|
469
483
|
# @overload update_access_policy(request, options = nil)
|
470
484
|
# Pass arguments to `update_access_policy` via a request object, either of type
|
@@ -559,11 +573,11 @@ module Google
|
|
559
573
|
end
|
560
574
|
|
561
575
|
##
|
562
|
-
#
|
563
|
-
# [google.identity.accesscontextmanager.v1.AccessPolicy]
|
564
|
-
# name. The
|
565
|
-
# [
|
566
|
-
#
|
576
|
+
# Deletes an [access policy]
|
577
|
+
# [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
|
578
|
+
# resource name. The long-running operation has a successful status after the
|
579
|
+
# [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
|
580
|
+
# is removed from long-lasting storage.
|
567
581
|
#
|
568
582
|
# @overload delete_access_policy(request, options = nil)
|
569
583
|
# Pass arguments to `delete_access_policy` via a request object, either of type
|
@@ -658,7 +672,7 @@ module Google
|
|
658
672
|
end
|
659
673
|
|
660
674
|
##
|
661
|
-
#
|
675
|
+
# Lists all [access levels]
|
662
676
|
# [google.identity.accesscontextmanager.v1.AccessLevel] for an access
|
663
677
|
# policy.
|
664
678
|
#
|
@@ -768,8 +782,8 @@ module Google
|
|
768
782
|
end
|
769
783
|
|
770
784
|
##
|
771
|
-
#
|
772
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]
|
785
|
+
# Gets an [access level]
|
786
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
|
773
787
|
# name.
|
774
788
|
#
|
775
789
|
# @overload get_access_level(request, options = nil)
|
@@ -868,13 +882,13 @@ module Google
|
|
868
882
|
end
|
869
883
|
|
870
884
|
##
|
871
|
-
#
|
872
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]. The
|
873
|
-
# operation from this RPC
|
874
|
-
#
|
875
|
-
#
|
876
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]
|
877
|
-
# errors
|
885
|
+
# Creates an [access level]
|
886
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
|
887
|
+
# operation from this RPC has a successful status after the [access
|
888
|
+
# level] [google.identity.accesscontextmanager.v1.AccessLevel]
|
889
|
+
# propagates to long-lasting storage. If [access levels]
|
890
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] contain
|
891
|
+
# errors, an error response is returned for the first error encountered.
|
878
892
|
#
|
879
893
|
# @overload create_access_level(request, options = nil)
|
880
894
|
# Pass arguments to `create_access_level` via a request object, either of type
|
@@ -976,14 +990,14 @@ module Google
|
|
976
990
|
end
|
977
991
|
|
978
992
|
##
|
979
|
-
#
|
980
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]. The
|
981
|
-
# operation from this RPC
|
982
|
-
# the [
|
983
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]
|
984
|
-
# to long-lasting storage. [
|
985
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]
|
986
|
-
# errors
|
993
|
+
# Updates an [access level]
|
994
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
|
995
|
+
# operation from this RPC has a successful status after the changes to
|
996
|
+
# the [access level]
|
997
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] propagate
|
998
|
+
# to long-lasting storage. If [access levels]
|
999
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] contain
|
1000
|
+
# errors, an error response is returned for the first error encountered.
|
987
1001
|
#
|
988
1002
|
# @overload update_access_level(request, options = nil)
|
989
1003
|
# Pass arguments to `update_access_level` via a request object, either of type
|
@@ -1082,10 +1096,10 @@ module Google
|
|
1082
1096
|
end
|
1083
1097
|
|
1084
1098
|
##
|
1085
|
-
#
|
1086
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]
|
1087
|
-
# name. The
|
1088
|
-
#
|
1099
|
+
# Deletes an [access level]
|
1100
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
|
1101
|
+
# name. The long-running operation from this RPC has a successful status
|
1102
|
+
# after the [access level]
|
1089
1103
|
# [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
|
1090
1104
|
# from long-lasting storage.
|
1091
1105
|
#
|
@@ -1184,22 +1198,22 @@ module Google
|
|
1184
1198
|
end
|
1185
1199
|
|
1186
1200
|
##
|
1187
|
-
#
|
1188
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel] in an [
|
1189
|
-
#
|
1190
|
-
# the [
|
1201
|
+
# Replaces all existing [access levels]
|
1202
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
|
1203
|
+
# policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
|
1204
|
+
# the [access levels]
|
1191
1205
|
# [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
|
1192
|
-
# is done atomically. The
|
1193
|
-
# successful status
|
1194
|
-
# storage.
|
1195
|
-
# for the first error encountered.
|
1196
|
-
# existing [
|
1197
|
-
# [google.identity.accesscontextmanager.v1.AccessLevel]
|
1198
|
-
# affected. Operation.response field
|
1199
|
-
# ReplaceAccessLevelsResponse. Removing [
|
1206
|
+
# is done atomically. The long-running operation from this RPC has a
|
1207
|
+
# successful status after all replacements propagate to long-lasting
|
1208
|
+
# storage. If the replacement contains errors, an error response is returned
|
1209
|
+
# for the first error encountered. Upon error, the replacement is cancelled,
|
1210
|
+
# and existing [access levels]
|
1211
|
+
# [google.identity.accesscontextmanager.v1.AccessLevel] are not
|
1212
|
+
# affected. The Operation.response field contains
|
1213
|
+
# ReplaceAccessLevelsResponse. Removing [access levels]
|
1200
1214
|
# [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
|
1201
|
-
# [
|
1202
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1215
|
+
# [service perimeters]
|
1216
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
|
1203
1217
|
# error.
|
1204
1218
|
#
|
1205
1219
|
# @overload replace_access_levels(request, options = nil)
|
@@ -1312,7 +1326,7 @@ module Google
|
|
1312
1326
|
end
|
1313
1327
|
|
1314
1328
|
##
|
1315
|
-
#
|
1329
|
+
# Lists all [service perimeters]
|
1316
1330
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
|
1317
1331
|
# access policy.
|
1318
1332
|
#
|
@@ -1418,9 +1432,9 @@ module Google
|
|
1418
1432
|
end
|
1419
1433
|
|
1420
1434
|
##
|
1421
|
-
#
|
1422
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1423
|
-
# name.
|
1435
|
+
# Gets a [service perimeter]
|
1436
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
|
1437
|
+
# resource name.
|
1424
1438
|
#
|
1425
1439
|
# @overload get_service_perimeter(request, options = nil)
|
1426
1440
|
# Pass arguments to `get_service_perimeter` via a request object, either of type
|
@@ -1509,14 +1523,14 @@ module Google
|
|
1509
1523
|
end
|
1510
1524
|
|
1511
1525
|
##
|
1512
|
-
#
|
1526
|
+
# Creates a [service perimeter]
|
1513
1527
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
|
1514
|
-
#
|
1515
|
-
# [
|
1516
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1517
|
-
#
|
1518
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1519
|
-
# errors
|
1528
|
+
# long-running operation from this RPC has a successful status after the
|
1529
|
+
# [service perimeter]
|
1530
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1531
|
+
# propagates to long-lasting storage. If a [service perimeter]
|
1532
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
|
1533
|
+
# errors, an error response is returned for the first error encountered.
|
1520
1534
|
#
|
1521
1535
|
# @overload create_service_perimeter(request, options = nil)
|
1522
1536
|
# Pass arguments to `create_service_perimeter` via a request object, either of type
|
@@ -1618,14 +1632,14 @@ module Google
|
|
1618
1632
|
end
|
1619
1633
|
|
1620
1634
|
##
|
1621
|
-
#
|
1635
|
+
# Updates a [service perimeter]
|
1622
1636
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
|
1623
|
-
#
|
1624
|
-
#
|
1625
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1626
|
-
#
|
1627
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1628
|
-
# errors
|
1637
|
+
# long-running operation from this RPC has a successful status after the
|
1638
|
+
# [service perimeter]
|
1639
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1640
|
+
# propagates to long-lasting storage. If a [service perimeter]
|
1641
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
|
1642
|
+
# errors, an error response is returned for the first error encountered.
|
1629
1643
|
#
|
1630
1644
|
# @overload update_service_perimeter(request, options = nil)
|
1631
1645
|
# Pass arguments to `update_service_perimeter` via a request object, either of type
|
@@ -1721,12 +1735,12 @@ module Google
|
|
1721
1735
|
end
|
1722
1736
|
|
1723
1737
|
##
|
1724
|
-
#
|
1725
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1726
|
-
# name. The
|
1727
|
-
#
|
1728
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1729
|
-
#
|
1738
|
+
# Deletes a [service perimeter]
|
1739
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
|
1740
|
+
# resource name. The long-running operation from this RPC has a successful
|
1741
|
+
# status after the [service perimeter]
|
1742
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
|
1743
|
+
# long-lasting storage.
|
1730
1744
|
#
|
1731
1745
|
# @overload delete_service_perimeter(request, options = nil)
|
1732
1746
|
# Pass arguments to `delete_service_perimeter` via a request object, either of type
|
@@ -1823,18 +1837,18 @@ module Google
|
|
1823
1837
|
end
|
1824
1838
|
|
1825
1839
|
##
|
1826
|
-
# Replace all existing [
|
1827
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
|
1828
|
-
#
|
1829
|
-
#
|
1830
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter] provided.
|
1831
|
-
#
|
1832
|
-
#
|
1833
|
-
#
|
1834
|
-
# error
|
1835
|
-
#
|
1836
|
-
# [google.identity.accesscontextmanager.v1.ServicePerimeter]
|
1837
|
-
# affected. Operation.response field
|
1840
|
+
# Replace all existing [service perimeters]
|
1841
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
|
1842
|
+
# policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
|
1843
|
+
# [service perimeters]
|
1844
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
|
1845
|
+
# is done atomically. The long-running operation from this RPC has a
|
1846
|
+
# successful status after all replacements propagate to long-lasting storage.
|
1847
|
+
# Replacements containing errors result in an error response for the first
|
1848
|
+
# error encountered. Upon an error, replacement are cancelled and existing
|
1849
|
+
# [service perimeters]
|
1850
|
+
# [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
|
1851
|
+
# affected. The Operation.response field contains
|
1838
1852
|
# ReplaceServicePerimetersResponse.
|
1839
1853
|
#
|
1840
1854
|
# @overload replace_service_perimeters(request, options = nil)
|
@@ -1947,21 +1961,21 @@ module Google
|
|
1947
1961
|
end
|
1948
1962
|
|
1949
1963
|
##
|
1950
|
-
#
|
1964
|
+
# Commits the dry-run specification for all the [service perimeters]
|
1951
1965
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
|
1952
|
-
# {::Google::Identity::AccessContextManager::V1::AccessPolicy
|
1953
|
-
# A commit operation on a
|
1954
|
-
# to
|
1966
|
+
# {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
|
1967
|
+
# A commit operation on a service perimeter involves copying its `spec` field
|
1968
|
+
# to the `status` field of the service perimeter. Only [service perimeters]
|
1955
1969
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter] with
|
1956
1970
|
# `use_explicit_dry_run_spec` field set to true are affected by a commit
|
1957
|
-
# operation. The
|
1958
|
-
# status
|
1971
|
+
# operation. The long-running operation from this RPC has a successful
|
1972
|
+
# status after the dry-run specifications for all the [service perimeters]
|
1959
1973
|
# [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
|
1960
|
-
# committed. If a commit fails, it
|
1961
|
-
# return an error response and the entire commit operation
|
1962
|
-
# When successful, Operation.response field
|
1963
|
-
# CommitServicePerimetersResponse. The `dry_run` and the `spec` fields
|
1964
|
-
#
|
1974
|
+
# committed. If a commit fails, it causes the long-running operation to
|
1975
|
+
# return an error response and the entire commit operation is cancelled.
|
1976
|
+
# When successful, the Operation.response field contains
|
1977
|
+
# CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
|
1978
|
+
# cleared after a successful commit operation.
|
1965
1979
|
#
|
1966
1980
|
# @overload commit_service_perimeters(request, options = nil)
|
1967
1981
|
# Pass arguments to `commit_service_perimeters` via a request object, either of type
|
@@ -1988,7 +2002,7 @@ module Google
|
|
1988
2002
|
# Format: `accessPolicies/{policy_id}`
|
1989
2003
|
# @param etag [::String]
|
1990
2004
|
# Optional. The etag for the version of the [Access Policy]
|
1991
|
-
# [google.identity.accesscontextmanager.
|
2005
|
+
# [google.identity.accesscontextmanager.v1.AccessPolicy] that this
|
1992
2006
|
# commit operation is to be performed on. If, at the time of commit, the
|
1993
2007
|
# etag for the Access Policy stored in Access Context Manager is different
|
1994
2008
|
# from the specified etag, then the commit operation will not be performed
|
@@ -2261,7 +2275,7 @@ module Google
|
|
2261
2275
|
# [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
|
2262
2276
|
# client specifies a [name]
|
2263
2277
|
# [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
|
2264
|
-
# the server
|
2278
|
+
# the server ignores it. Fails if a resource already exists with the same
|
2265
2279
|
# [group_key]
|
2266
2280
|
# [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
|
2267
2281
|
# Completion of this long-running operation does not necessarily signify that
|
@@ -2563,6 +2577,294 @@ module Google
|
|
2563
2577
|
raise ::Google::Cloud::Error.from_error(e)
|
2564
2578
|
end
|
2565
2579
|
|
2580
|
+
##
|
2581
|
+
# Sets the IAM policy for the specified Access Context Manager
|
2582
|
+
# {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
|
2583
|
+
# This method replaces the existing IAM policy on the access policy. The IAM
|
2584
|
+
# policy controls the set of users who can perform specific operations on the
|
2585
|
+
# Access Context Manager [access
|
2586
|
+
# policy][google.identity.accesscontextmanager.v1.AccessPolicy].
|
2587
|
+
#
|
2588
|
+
# @overload set_iam_policy(request, options = nil)
|
2589
|
+
# Pass arguments to `set_iam_policy` via a request object, either of type
|
2590
|
+
# {::Google::Iam::V1::SetIamPolicyRequest} or an equivalent Hash.
|
2591
|
+
#
|
2592
|
+
# @param request [::Google::Iam::V1::SetIamPolicyRequest, ::Hash]
|
2593
|
+
# A request object representing the call parameters. Required. To specify no
|
2594
|
+
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
2595
|
+
# @param options [::Gapic::CallOptions, ::Hash]
|
2596
|
+
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
2597
|
+
#
|
2598
|
+
# @overload set_iam_policy(resource: nil, policy: nil, update_mask: nil)
|
2599
|
+
# Pass arguments to `set_iam_policy` via keyword arguments. Note that at
|
2600
|
+
# least one keyword argument is required. To specify no parameters, or to keep all
|
2601
|
+
# the default parameter values, pass an empty Hash as a request object (see above).
|
2602
|
+
#
|
2603
|
+
# @param resource [::String]
|
2604
|
+
# REQUIRED: The resource for which the policy is being specified.
|
2605
|
+
# See the operation documentation for the appropriate value for this field.
|
2606
|
+
# @param policy [::Google::Iam::V1::Policy, ::Hash]
|
2607
|
+
# REQUIRED: The complete policy to be applied to the `resource`. The size of
|
2608
|
+
# the policy is limited to a few 10s of KB. An empty policy is a
|
2609
|
+
# valid policy but certain Cloud Platform services (such as Projects)
|
2610
|
+
# might reject them.
|
2611
|
+
# @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
|
2612
|
+
# OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
|
2613
|
+
# the fields in the mask will be modified. If no mask is provided, the
|
2614
|
+
# following default mask is used:
|
2615
|
+
#
|
2616
|
+
# `paths: "bindings, etag"`
|
2617
|
+
#
|
2618
|
+
# @yield [response, operation] Access the result along with the RPC operation
|
2619
|
+
# @yieldparam response [::Google::Iam::V1::Policy]
|
2620
|
+
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
2621
|
+
#
|
2622
|
+
# @return [::Google::Iam::V1::Policy]
|
2623
|
+
#
|
2624
|
+
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
2625
|
+
#
|
2626
|
+
# @example Basic example
|
2627
|
+
# require "google/identity/access_context_manager/v1"
|
2628
|
+
#
|
2629
|
+
# # Create a client object. The client can be reused for multiple calls.
|
2630
|
+
# client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
|
2631
|
+
#
|
2632
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
2633
|
+
# request = Google::Iam::V1::SetIamPolicyRequest.new
|
2634
|
+
#
|
2635
|
+
# # Call the set_iam_policy method.
|
2636
|
+
# result = client.set_iam_policy request
|
2637
|
+
#
|
2638
|
+
# # The returned object is of type Google::Iam::V1::Policy.
|
2639
|
+
# p result
|
2640
|
+
#
|
2641
|
+
def set_iam_policy request, options = nil
|
2642
|
+
raise ::ArgumentError, "request must be provided" if request.nil?
|
2643
|
+
|
2644
|
+
request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::SetIamPolicyRequest
|
2645
|
+
|
2646
|
+
# Converts hash and nil to an options object
|
2647
|
+
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
2648
|
+
|
2649
|
+
# Customize the options with defaults
|
2650
|
+
metadata = @config.rpcs.set_iam_policy.metadata.to_h
|
2651
|
+
|
2652
|
+
# Set x-goog-api-client and x-goog-user-project headers
|
2653
|
+
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
2654
|
+
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
2655
|
+
gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
|
2656
|
+
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
2657
|
+
|
2658
|
+
header_params = {}
|
2659
|
+
if request.resource
|
2660
|
+
header_params["resource"] = request.resource
|
2661
|
+
end
|
2662
|
+
|
2663
|
+
request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
|
2664
|
+
metadata[:"x-goog-request-params"] ||= request_params_header
|
2665
|
+
|
2666
|
+
options.apply_defaults timeout: @config.rpcs.set_iam_policy.timeout,
|
2667
|
+
metadata: metadata,
|
2668
|
+
retry_policy: @config.rpcs.set_iam_policy.retry_policy
|
2669
|
+
|
2670
|
+
options.apply_defaults timeout: @config.timeout,
|
2671
|
+
metadata: @config.metadata,
|
2672
|
+
retry_policy: @config.retry_policy
|
2673
|
+
|
2674
|
+
@access_context_manager_stub.call_rpc :set_iam_policy, request, options: options do |response, operation|
|
2675
|
+
yield response, operation if block_given?
|
2676
|
+
return response
|
2677
|
+
end
|
2678
|
+
rescue ::GRPC::BadStatus => e
|
2679
|
+
raise ::Google::Cloud::Error.from_error(e)
|
2680
|
+
end
|
2681
|
+
|
2682
|
+
##
|
2683
|
+
# Gets the IAM policy for the specified Access Context Manager
|
2684
|
+
# {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
|
2685
|
+
#
|
2686
|
+
# @overload get_iam_policy(request, options = nil)
|
2687
|
+
# Pass arguments to `get_iam_policy` via a request object, either of type
|
2688
|
+
# {::Google::Iam::V1::GetIamPolicyRequest} or an equivalent Hash.
|
2689
|
+
#
|
2690
|
+
# @param request [::Google::Iam::V1::GetIamPolicyRequest, ::Hash]
|
2691
|
+
# A request object representing the call parameters. Required. To specify no
|
2692
|
+
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
2693
|
+
# @param options [::Gapic::CallOptions, ::Hash]
|
2694
|
+
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
2695
|
+
#
|
2696
|
+
# @overload get_iam_policy(resource: nil, options: nil)
|
2697
|
+
# Pass arguments to `get_iam_policy` via keyword arguments. Note that at
|
2698
|
+
# least one keyword argument is required. To specify no parameters, or to keep all
|
2699
|
+
# the default parameter values, pass an empty Hash as a request object (see above).
|
2700
|
+
#
|
2701
|
+
# @param resource [::String]
|
2702
|
+
# REQUIRED: The resource for which the policy is being requested.
|
2703
|
+
# See the operation documentation for the appropriate value for this field.
|
2704
|
+
# @param options [::Google::Iam::V1::GetPolicyOptions, ::Hash]
|
2705
|
+
# OPTIONAL: A `GetPolicyOptions` object for specifying options to
|
2706
|
+
# `GetIamPolicy`.
|
2707
|
+
#
|
2708
|
+
# @yield [response, operation] Access the result along with the RPC operation
|
2709
|
+
# @yieldparam response [::Google::Iam::V1::Policy]
|
2710
|
+
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
2711
|
+
#
|
2712
|
+
# @return [::Google::Iam::V1::Policy]
|
2713
|
+
#
|
2714
|
+
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
2715
|
+
#
|
2716
|
+
# @example Basic example
|
2717
|
+
# require "google/identity/access_context_manager/v1"
|
2718
|
+
#
|
2719
|
+
# # Create a client object. The client can be reused for multiple calls.
|
2720
|
+
# client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
|
2721
|
+
#
|
2722
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
2723
|
+
# request = Google::Iam::V1::GetIamPolicyRequest.new
|
2724
|
+
#
|
2725
|
+
# # Call the get_iam_policy method.
|
2726
|
+
# result = client.get_iam_policy request
|
2727
|
+
#
|
2728
|
+
# # The returned object is of type Google::Iam::V1::Policy.
|
2729
|
+
# p result
|
2730
|
+
#
|
2731
|
+
def get_iam_policy request, options = nil
|
2732
|
+
raise ::ArgumentError, "request must be provided" if request.nil?
|
2733
|
+
|
2734
|
+
request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::GetIamPolicyRequest
|
2735
|
+
|
2736
|
+
# Converts hash and nil to an options object
|
2737
|
+
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
2738
|
+
|
2739
|
+
# Customize the options with defaults
|
2740
|
+
metadata = @config.rpcs.get_iam_policy.metadata.to_h
|
2741
|
+
|
2742
|
+
# Set x-goog-api-client and x-goog-user-project headers
|
2743
|
+
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
2744
|
+
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
2745
|
+
gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
|
2746
|
+
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
2747
|
+
|
2748
|
+
header_params = {}
|
2749
|
+
if request.resource
|
2750
|
+
header_params["resource"] = request.resource
|
2751
|
+
end
|
2752
|
+
|
2753
|
+
request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
|
2754
|
+
metadata[:"x-goog-request-params"] ||= request_params_header
|
2755
|
+
|
2756
|
+
options.apply_defaults timeout: @config.rpcs.get_iam_policy.timeout,
|
2757
|
+
metadata: metadata,
|
2758
|
+
retry_policy: @config.rpcs.get_iam_policy.retry_policy
|
2759
|
+
|
2760
|
+
options.apply_defaults timeout: @config.timeout,
|
2761
|
+
metadata: @config.metadata,
|
2762
|
+
retry_policy: @config.retry_policy
|
2763
|
+
|
2764
|
+
@access_context_manager_stub.call_rpc :get_iam_policy, request, options: options do |response, operation|
|
2765
|
+
yield response, operation if block_given?
|
2766
|
+
return response
|
2767
|
+
end
|
2768
|
+
rescue ::GRPC::BadStatus => e
|
2769
|
+
raise ::Google::Cloud::Error.from_error(e)
|
2770
|
+
end
|
2771
|
+
|
2772
|
+
##
|
2773
|
+
# Returns the IAM permissions that the caller has on the specified Access
|
2774
|
+
# Context Manager resource. The resource can be an
|
2775
|
+
# {::Google::Identity::AccessContextManager::V1::AccessPolicy AccessPolicy},
|
2776
|
+
# {::Google::Identity::AccessContextManager::V1::AccessLevel AccessLevel}, or
|
2777
|
+
# [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
|
2778
|
+
# ]. This method does not support other resources.
|
2779
|
+
#
|
2780
|
+
# @overload test_iam_permissions(request, options = nil)
|
2781
|
+
# Pass arguments to `test_iam_permissions` via a request object, either of type
|
2782
|
+
# {::Google::Iam::V1::TestIamPermissionsRequest} or an equivalent Hash.
|
2783
|
+
#
|
2784
|
+
# @param request [::Google::Iam::V1::TestIamPermissionsRequest, ::Hash]
|
2785
|
+
# A request object representing the call parameters. Required. To specify no
|
2786
|
+
# parameters, or to keep all the default parameter values, pass an empty Hash.
|
2787
|
+
# @param options [::Gapic::CallOptions, ::Hash]
|
2788
|
+
# Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
|
2789
|
+
#
|
2790
|
+
# @overload test_iam_permissions(resource: nil, permissions: nil)
|
2791
|
+
# Pass arguments to `test_iam_permissions` via keyword arguments. Note that at
|
2792
|
+
# least one keyword argument is required. To specify no parameters, or to keep all
|
2793
|
+
# the default parameter values, pass an empty Hash as a request object (see above).
|
2794
|
+
#
|
2795
|
+
# @param resource [::String]
|
2796
|
+
# REQUIRED: The resource for which the policy detail is being requested.
|
2797
|
+
# See the operation documentation for the appropriate value for this field.
|
2798
|
+
# @param permissions [::Array<::String>]
|
2799
|
+
# The set of permissions to check for the `resource`. Permissions with
|
2800
|
+
# wildcards (such as '*' or 'storage.*') are not allowed. For more
|
2801
|
+
# information see
|
2802
|
+
# [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
|
2803
|
+
#
|
2804
|
+
# @yield [response, operation] Access the result along with the RPC operation
|
2805
|
+
# @yieldparam response [::Google::Iam::V1::TestIamPermissionsResponse]
|
2806
|
+
# @yieldparam operation [::GRPC::ActiveCall::Operation]
|
2807
|
+
#
|
2808
|
+
# @return [::Google::Iam::V1::TestIamPermissionsResponse]
|
2809
|
+
#
|
2810
|
+
# @raise [::Google::Cloud::Error] if the RPC is aborted.
|
2811
|
+
#
|
2812
|
+
# @example Basic example
|
2813
|
+
# require "google/identity/access_context_manager/v1"
|
2814
|
+
#
|
2815
|
+
# # Create a client object. The client can be reused for multiple calls.
|
2816
|
+
# client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
|
2817
|
+
#
|
2818
|
+
# # Create a request. To set request fields, pass in keyword arguments.
|
2819
|
+
# request = Google::Iam::V1::TestIamPermissionsRequest.new
|
2820
|
+
#
|
2821
|
+
# # Call the test_iam_permissions method.
|
2822
|
+
# result = client.test_iam_permissions request
|
2823
|
+
#
|
2824
|
+
# # The returned object is of type Google::Iam::V1::TestIamPermissionsResponse.
|
2825
|
+
# p result
|
2826
|
+
#
|
2827
|
+
def test_iam_permissions request, options = nil
|
2828
|
+
raise ::ArgumentError, "request must be provided" if request.nil?
|
2829
|
+
|
2830
|
+
request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::TestIamPermissionsRequest
|
2831
|
+
|
2832
|
+
# Converts hash and nil to an options object
|
2833
|
+
options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
|
2834
|
+
|
2835
|
+
# Customize the options with defaults
|
2836
|
+
metadata = @config.rpcs.test_iam_permissions.metadata.to_h
|
2837
|
+
|
2838
|
+
# Set x-goog-api-client and x-goog-user-project headers
|
2839
|
+
metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
|
2840
|
+
lib_name: @config.lib_name, lib_version: @config.lib_version,
|
2841
|
+
gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
|
2842
|
+
metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
|
2843
|
+
|
2844
|
+
header_params = {}
|
2845
|
+
if request.resource
|
2846
|
+
header_params["resource"] = request.resource
|
2847
|
+
end
|
2848
|
+
|
2849
|
+
request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
|
2850
|
+
metadata[:"x-goog-request-params"] ||= request_params_header
|
2851
|
+
|
2852
|
+
options.apply_defaults timeout: @config.rpcs.test_iam_permissions.timeout,
|
2853
|
+
metadata: metadata,
|
2854
|
+
retry_policy: @config.rpcs.test_iam_permissions.retry_policy
|
2855
|
+
|
2856
|
+
options.apply_defaults timeout: @config.timeout,
|
2857
|
+
metadata: @config.metadata,
|
2858
|
+
retry_policy: @config.retry_policy
|
2859
|
+
|
2860
|
+
@access_context_manager_stub.call_rpc :test_iam_permissions, request, options: options do |response, operation|
|
2861
|
+
yield response, operation if block_given?
|
2862
|
+
return response
|
2863
|
+
end
|
2864
|
+
rescue ::GRPC::BadStatus => e
|
2865
|
+
raise ::Google::Cloud::Error.from_error(e)
|
2866
|
+
end
|
2867
|
+
|
2566
2868
|
##
|
2567
2869
|
# Configuration class for the AccessContextManager API.
|
2568
2870
|
#
|
@@ -2813,6 +3115,21 @@ module Google
|
|
2813
3115
|
# @return [::Gapic::Config::Method]
|
2814
3116
|
#
|
2815
3117
|
attr_reader :delete_gcp_user_access_binding
|
3118
|
+
##
|
3119
|
+
# RPC-specific configuration for `set_iam_policy`
|
3120
|
+
# @return [::Gapic::Config::Method]
|
3121
|
+
#
|
3122
|
+
attr_reader :set_iam_policy
|
3123
|
+
##
|
3124
|
+
# RPC-specific configuration for `get_iam_policy`
|
3125
|
+
# @return [::Gapic::Config::Method]
|
3126
|
+
#
|
3127
|
+
attr_reader :get_iam_policy
|
3128
|
+
##
|
3129
|
+
# RPC-specific configuration for `test_iam_permissions`
|
3130
|
+
# @return [::Gapic::Config::Method]
|
3131
|
+
#
|
3132
|
+
attr_reader :test_iam_permissions
|
2816
3133
|
|
2817
3134
|
# @private
|
2818
3135
|
def initialize parent_rpcs = nil
|
@@ -2862,6 +3179,12 @@ module Google
|
|
2862
3179
|
@update_gcp_user_access_binding = ::Gapic::Config::Method.new update_gcp_user_access_binding_config
|
2863
3180
|
delete_gcp_user_access_binding_config = parent_rpcs.delete_gcp_user_access_binding if parent_rpcs.respond_to? :delete_gcp_user_access_binding
|
2864
3181
|
@delete_gcp_user_access_binding = ::Gapic::Config::Method.new delete_gcp_user_access_binding_config
|
3182
|
+
set_iam_policy_config = parent_rpcs.set_iam_policy if parent_rpcs.respond_to? :set_iam_policy
|
3183
|
+
@set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
|
3184
|
+
get_iam_policy_config = parent_rpcs.get_iam_policy if parent_rpcs.respond_to? :get_iam_policy
|
3185
|
+
@get_iam_policy = ::Gapic::Config::Method.new get_iam_policy_config
|
3186
|
+
test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
|
3187
|
+
@test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
|
2865
3188
|
|
2866
3189
|
yield self if block_given?
|
2867
3190
|
end
|