RubyGems - google-identity-access_context_manager-v1 - Versions diffs - 0.2.0 → 0.3.0 - Mend

google-identity-access_context_manager-v1 0.2.0 → 0.3.0

Files changed (17) hide show

data/lib/google/identity/access_context_manager/v1/access_context_manager/client.rb CHANGED Viewed

@@ -27,15 +27,15 @@ module Google
           ##
           # Client for the AccessContextManager service.
           #
-          # API for setting [Access Levels]
-          # [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
-          # Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
-          # for Google Cloud Projects. Each organization has one [AccessPolicy]
-          # [google.identity.accesscontextmanager.v1.AccessPolicy] containing the
-          # [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
-          # and [Service Perimeters]
+          # API for setting [access levels]
+          # [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+          # perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+          # for Google Cloud projects. Each organization has one [access policy]
+          # [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+          # [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+          # and [service perimeters]
           # [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
-          # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+          # [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
           # applicable to all resources in the organization.
           # AccessPolicies
           #
@@ -170,9 +170,9 @@ module Google
             # Service calls
             ##
-            # List all [AccessPolicies]
-            # [google.identity.accesscontextmanager.v1.AccessPolicy] under a
-            # container.
+            # Lists all [access policies]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] in an
+            # organization.
             #
             # @overload list_access_policies(request, options = nil)
             #   Pass arguments to `list_access_policies` via a request object, either of type
@@ -265,8 +265,8 @@ module Google
             end
             ##
-            # Get an [AccessPolicy]
-            # [google.identity.accesscontextmanager.v1.AccessPolicy] by name.
+            # Returns an [access policy]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
             #
             # @overload get_access_policy(request, options = nil)
             #   Pass arguments to `get_access_policy` via a request object, either of type
@@ -353,10 +353,10 @@ module Google
             end
             ##
-            # Create an `AccessPolicy`. Fails if this organization already has a
-            # `AccessPolicy`. The longrunning Operation will have a successful status
-            # once the `AccessPolicy` has propagated to long-lasting storage.
-            # Syntactic and basic semantic errors will be returned in `metadata` as a
+            # Creates an access policy. This method fails if the organization already has
+            # an access policy. The long-running operation has a successful status
+            # after the access policy propagates to long-lasting storage.
+            # Syntactic and basic semantic errors are returned in `metadata` as a
             # BadRequest proto.
             #
             # @overload create_access_policy(request, options = nil)
@@ -369,7 +369,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload create_access_policy(name: nil, parent: nil, title: nil, create_time: nil, update_time: nil, etag: nil)
+            # @overload create_access_policy(name: nil, parent: nil, title: nil, scopes: nil, create_time: nil, update_time: nil, etag: nil)
             #   Pass arguments to `create_access_policy` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -383,6 +383,21 @@ module Google
             #     `organizations/{organization_id}`
             #   @param title [::String]
             #     Required. Human readable title. Does not affect behavior.
+            #   @param scopes [::Array<::String>]
+            #     The scopes of a policy define which resources an ACM policy can restrict,
+            #     and where ACM resources can be referenced.
+            #     For example, a policy with scopes=["folders/123"] has the following
+            #     behavior:
+            #     - vpcsc perimeters can only restrict projects within folders/123
+            #     - access levels can only be referenced by resources within folders/123.
+            #     If empty, there are no limitations on which resources can be restricted by
+            #     an ACM policy, and there are no limitations on where ACM resources can be
+            #     referenced.
+            #     Only one policy can include a given scope (attempting to create a second
+            #     policy which includes "folders/123" will result in an error).
+            #     Currently, scopes cannot be modified after a policy is created.
+            #     Currently, policies can only have a single scope.
+            #     Format: list of `folders/{folder_number}` or `projects/{project_number}`
             #   @param create_time [::Google::Protobuf::Timestamp, ::Hash]
             #     Output only. Time the `AccessPolicy` was created in UTC.
             #   @param update_time [::Google::Protobuf::Timestamp, ::Hash]
@@ -458,13 +473,12 @@ module Google
             end
             ##
-            # Update an [AccessPolicy]
+            # Updates an [access policy]
             # [google.identity.accesscontextmanager.v1.AccessPolicy]. The
-            # longrunning Operation from this RPC will have a successful status once the
-            # changes to the [AccessPolicy]
-            # [google.identity.accesscontextmanager.v1.AccessPolicy] have propagated
-            # to long-lasting storage. Syntactic and basic semantic errors will be
-            # returned in `metadata` as a BadRequest proto.
+            # long-running operation from this RPC has a successful status after the
+            # changes to the [access policy]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
+            # to long-lasting storage.
             #
             # @overload update_access_policy(request, options = nil)
             #   Pass arguments to `update_access_policy` via a request object, either of type
@@ -559,11 +573,11 @@ module Google
             end
             ##
-            # Delete an [AccessPolicy]
-            # [google.identity.accesscontextmanager.v1.AccessPolicy] by resource
-            # name. The longrunning Operation will have a successful status once the
-            # [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy]
-            # has been removed from long-lasting storage.
+            # Deletes an [access policy]
+            # [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
+            # resource name. The long-running operation has a successful status after the
+            # [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
+            # is removed from long-lasting storage.
             #
             # @overload delete_access_policy(request, options = nil)
             #   Pass arguments to `delete_access_policy` via a request object, either of type
@@ -658,7 +672,7 @@ module Google
             end
             ##
-            # List all [Access Levels]
+            # Lists all [access levels]
             # [google.identity.accesscontextmanager.v1.AccessLevel] for an access
             # policy.
             #
@@ -768,8 +782,8 @@ module Google
             end
             ##
-            # Get an [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] by resource
+            # Gets an [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
             # name.
             #
             # @overload get_access_level(request, options = nil)
@@ -868,13 +882,13 @@ module Google
             end
             ##
-            # Create an [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
-            # operation from this RPC will have a successful status once the [Access
-            # Level] [google.identity.accesscontextmanager.v1.AccessLevel] has
-            # propagated to long-lasting storage. [Access Levels]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] containing
-            # errors will result in an error response for the first error encountered.
+            # Creates an [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+            # operation from this RPC has a successful status after the [access
+            # level] [google.identity.accesscontextmanager.v1.AccessLevel]
+            # propagates to long-lasting storage. If [access levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] contain
+            # errors, an error response is returned for the first error encountered.
             #
             # @overload create_access_level(request, options = nil)
             #   Pass arguments to `create_access_level` via a request object, either of type
@@ -976,14 +990,14 @@ module Google
             end
             ##
-            # Update an [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
-            # operation from this RPC will have a successful status once the changes to
-            # the [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] have propagated
-            # to long-lasting storage. [Access Levels]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] containing
-            # errors will result in an error response for the first error encountered.
+            # Updates an [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+            # operation from this RPC has a successful status after the changes to
+            # the [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] propagate
+            # to long-lasting storage. If [access levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] contain
+            # errors, an error response is returned for the first error encountered.
             #
             # @overload update_access_level(request, options = nil)
             #   Pass arguments to `update_access_level` via a request object, either of type
@@ -1082,10 +1096,10 @@ module Google
             end
             ##
-            # Delete an [Access Level]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] by resource
-            # name. The longrunning operation from this RPC will have a successful status
-            # once the [Access Level]
+            # Deletes an [access level]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
+            # name. The long-running operation from this RPC has a successful status
+            # after the [access level]
             # [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
             # from long-lasting storage.
             #
@@ -1184,22 +1198,22 @@ module Google
             end
             ##
-            # Replace all existing [Access Levels]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] in an [Access
-            # Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
-            # the [Access Levels]
+            # Replaces all existing [access levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
+            # policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
+            # the [access levels]
             # [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
-            # is done atomically. The longrunning operation from this RPC will have a
-            # successful status once all replacements have propagated to long-lasting
-            # storage. Replacements containing errors will result in an error response
-            # for the first error encountered.  Replacement will be cancelled on error,
-            # existing [Access Levels]
-            # [google.identity.accesscontextmanager.v1.AccessLevel] will not be
-            # affected. Operation.response field will contain
-            # ReplaceAccessLevelsResponse. Removing [Access Levels]
+            # is done atomically. The long-running operation from this RPC has a
+            # successful status after all replacements propagate to long-lasting
+            # storage. If the replacement contains errors, an error response is returned
+            # for the first error encountered.  Upon error, the replacement is cancelled,
+            # and existing [access levels]
+            # [google.identity.accesscontextmanager.v1.AccessLevel] are not
+            # affected. The Operation.response field contains
+            # ReplaceAccessLevelsResponse. Removing [access levels]
             # [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
-            # [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] will result in
+            # [service perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
             # error.
             #
             # @overload replace_access_levels(request, options = nil)
@@ -1312,7 +1326,7 @@ module Google
             end
             ##
-            # List all [Service Perimeters]
+            # Lists all [service perimeters]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
             # access policy.
             #
@@ -1418,9 +1432,9 @@ module Google
             end
             ##
-            # Get a [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
-            # name.
+            # Gets a [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+            # resource name.
             #
             # @overload get_service_perimeter(request, options = nil)
             #   Pass arguments to `get_service_perimeter` via a request object, either of type
@@ -1509,14 +1523,14 @@ module Google
             end
             ##
-            # Create a [Service Perimeter]
+            # Creates a [service perimeter]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
-            # longrunning operation from this RPC will have a successful status once the
-            # [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] has
-            # propagated to long-lasting storage. [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
-            # errors will result in an error response for the first error encountered.
+            # long-running operation from this RPC has a successful status after the
+            # [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter]
+            # propagates to long-lasting storage. If a [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+            # errors, an error response is returned for the first error encountered.
             #
             # @overload create_service_perimeter(request, options = nil)
             #   Pass arguments to `create_service_perimeter` via a request object, either of type
@@ -1618,14 +1632,14 @@ module Google
             end
             ##
-            # Update a [Service Perimeter]
+            # Updates a [service perimeter]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
-            # longrunning operation from this RPC will have a successful status once the
-            # changes to the [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] have
-            # propagated to long-lasting storage. [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
-            # errors will result in an error response for the first error encountered.
+            # long-running operation from this RPC has a successful status after the
+            # [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter]
+            # propagates to long-lasting storage. If a [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+            # errors, an error response is returned for the first error encountered.
             #
             # @overload update_service_perimeter(request, options = nil)
             #   Pass arguments to `update_service_perimeter` via a request object, either of type
@@ -1721,12 +1735,12 @@ module Google
             end
             ##
-            # Delete a [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
-            # name. The longrunning operation from this RPC will have a successful status
-            # once the [Service Perimeter]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] has been
-            # removed from long-lasting storage.
+            # Deletes a [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+            # resource name. The long-running operation from this RPC has a successful
+            # status after the [service perimeter]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
+            # long-lasting storage.
             #
             # @overload delete_service_perimeter(request, options = nil)
             #   Pass arguments to `delete_service_perimeter` via a request object, either of type
@@ -1823,18 +1837,18 @@ module Google
             end
             ##
-            # Replace all existing [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
-            # [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
-            # with the [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] provided.
-            # This is done atomically. The longrunning operation from this
-            # RPC will have a successful status once all replacements have propagated to
-            # long-lasting storage. Replacements containing errors will result in an
-            # error response for the first error encountered. Replacement will be
-            # cancelled on error, existing [Service Perimeters]
-            # [google.identity.accesscontextmanager.v1.ServicePerimeter] will not be
-            # affected. Operation.response field will contain
+            # Replace all existing [service perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
+            # policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
+            # [service perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
+            # is done atomically. The long-running operation from this RPC has a
+            # successful status after all replacements propagate to long-lasting storage.
+            # Replacements containing errors result in an error response for the first
+            # error encountered. Upon an error, replacement are cancelled and existing
+            # [service perimeters]
+            # [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
+            # affected. The Operation.response field contains
             # ReplaceServicePerimetersResponse.
             #
             # @overload replace_service_perimeters(request, options = nil)
@@ -1947,21 +1961,21 @@ module Google
             end
             ##
-            # Commit the dry-run spec for all the [Service Perimeters]
+            # Commits the dry-run specification for all the [service perimeters]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
-            # {::Google::Identity::AccessContextManager::V1::AccessPolicy Access Policy}.
-            # A commit operation on a Service Perimeter involves copying its `spec` field
-            # to that Service Perimeter's `status` field. Only [Service Perimeters]
+            # {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
+            # A commit operation on a service perimeter involves copying its `spec` field
+            # to the `status` field of the service perimeter. Only [service perimeters]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter] with
             # `use_explicit_dry_run_spec` field set to true are affected by a commit
-            # operation. The longrunning operation from this RPC will have a successful
-            # status once the dry-run specs for all the [Service Perimeters]
+            # operation. The long-running operation from this RPC has a successful
+            # status after the dry-run specifications for all the [service perimeters]
             # [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
-            # committed. If a commit fails, it will cause the longrunning operation to
-            # return an error response and the entire commit operation will be cancelled.
-            # When successful, Operation.response field will contain
-            # CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will
-            # be cleared after a successful commit operation.
+            # committed. If a commit fails, it causes the long-running operation to
+            # return an error response and the entire commit operation is cancelled.
+            # When successful, the Operation.response field contains
+            # CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
+            # cleared after a successful commit operation.
             #
             # @overload commit_service_perimeters(request, options = nil)
             #   Pass arguments to `commit_service_perimeters` via a request object, either of type
@@ -1988,7 +2002,7 @@ module Google
             #     Format: `accessPolicies/{policy_id}`
             #   @param etag [::String]
             #     Optional. The etag for the version of the [Access Policy]
-            #     [google.identity.accesscontextmanager.v1alpha.AccessPolicy] that this
+            #     [google.identity.accesscontextmanager.v1.AccessPolicy] that this
             #     commit operation is to be performed on. If, at the time of commit, the
             #     etag for the Access Policy stored in Access Context Manager is different
             #     from the specified etag, then the commit operation will not be performed
@@ -2261,7 +2275,7 @@ module Google
             # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
             # client specifies a [name]
             # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
-            # the server will ignore it. Fails if a resource already exists with the same
+            # the server ignores it. Fails if a resource already exists with the same
             # [group_key]
             # [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
             # Completion of this long-running operation does not necessarily signify that
@@ -2563,6 +2577,294 @@ module Google
               raise ::Google::Cloud::Error.from_error(e)
             end
+            ##
+            # Sets the IAM policy for the specified Access Context Manager
+            # {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
+            # This method replaces the existing IAM policy on the access policy. The IAM
+            # policy controls the set of users who can perform specific operations on the
+            # Access Context Manager [access
+            # policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+            #
+            # @overload set_iam_policy(request, options = nil)
+            #   Pass arguments to `set_iam_policy` via a request object, either of type
+            #   {::Google::Iam::V1::SetIamPolicyRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Iam::V1::SetIamPolicyRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload set_iam_policy(resource: nil, policy: nil, update_mask: nil)
+            #   Pass arguments to `set_iam_policy` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param resource [::String]
+            #     REQUIRED: The resource for which the policy is being specified.
+            #     See the operation documentation for the appropriate value for this field.
+            #   @param policy [::Google::Iam::V1::Policy, ::Hash]
+            #     REQUIRED: The complete policy to be applied to the `resource`. The size of
+            #     the policy is limited to a few 10s of KB. An empty policy is a
+            #     valid policy but certain Cloud Platform services (such as Projects)
+            #     might reject them.
+            #   @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
+            #     OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
+            #     the fields in the mask will be modified. If no mask is provided, the
+            #     following default mask is used:
+            #
+            #     `paths: "bindings, etag"`
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Iam::V1::Policy]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Iam::V1::Policy]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/identity/access_context_manager/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Iam::V1::SetIamPolicyRequest.new
+            #
+            #   # Call the set_iam_policy method.
+            #   result = client.set_iam_policy request
+            #
+            #   # The returned object is of type Google::Iam::V1::Policy.
+            #   p result
+            #
+            def set_iam_policy request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::SetIamPolicyRequest
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+              # Customize the options with defaults
+              metadata = @config.rpcs.set_iam_policy.metadata.to_h
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+              header_params = {}
+              if request.resource
+                header_params["resource"] = request.resource
+              end
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+              options.apply_defaults timeout:      @config.rpcs.set_iam_policy.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.set_iam_policy.retry_policy
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+              @access_context_manager_stub.call_rpc :set_iam_policy, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+            ##
+            # Gets the IAM policy for the specified Access Context Manager
+            # {::Google::Identity::AccessContextManager::V1::AccessPolicy access policy}.
+            #
+            # @overload get_iam_policy(request, options = nil)
+            #   Pass arguments to `get_iam_policy` via a request object, either of type
+            #   {::Google::Iam::V1::GetIamPolicyRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Iam::V1::GetIamPolicyRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload get_iam_policy(resource: nil, options: nil)
+            #   Pass arguments to `get_iam_policy` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param resource [::String]
+            #     REQUIRED: The resource for which the policy is being requested.
+            #     See the operation documentation for the appropriate value for this field.
+            #   @param options [::Google::Iam::V1::GetPolicyOptions, ::Hash]
+            #     OPTIONAL: A `GetPolicyOptions` object for specifying options to
+            #     `GetIamPolicy`.
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Iam::V1::Policy]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Iam::V1::Policy]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/identity/access_context_manager/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Iam::V1::GetIamPolicyRequest.new
+            #
+            #   # Call the get_iam_policy method.
+            #   result = client.get_iam_policy request
+            #
+            #   # The returned object is of type Google::Iam::V1::Policy.
+            #   p result
+            #
+            def get_iam_policy request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::GetIamPolicyRequest
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+              # Customize the options with defaults
+              metadata = @config.rpcs.get_iam_policy.metadata.to_h
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+              header_params = {}
+              if request.resource
+                header_params["resource"] = request.resource
+              end
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+              options.apply_defaults timeout:      @config.rpcs.get_iam_policy.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.get_iam_policy.retry_policy
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+              @access_context_manager_stub.call_rpc :get_iam_policy, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
+            ##
+            # Returns the IAM permissions that the caller has on the specified Access
+            # Context Manager resource. The resource can be an
+            # {::Google::Identity::AccessContextManager::V1::AccessPolicy AccessPolicy},
+            # {::Google::Identity::AccessContextManager::V1::AccessLevel AccessLevel}, or
+            # [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
+            # ]. This method does not support other resources.
+            #
+            # @overload test_iam_permissions(request, options = nil)
+            #   Pass arguments to `test_iam_permissions` via a request object, either of type
+            #   {::Google::Iam::V1::TestIamPermissionsRequest} or an equivalent Hash.
+            #
+            #   @param request [::Google::Iam::V1::TestIamPermissionsRequest, ::Hash]
+            #     A request object representing the call parameters. Required. To specify no
+            #     parameters, or to keep all the default parameter values, pass an empty Hash.
+            #   @param options [::Gapic::CallOptions, ::Hash]
+            #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
+            #
+            # @overload test_iam_permissions(resource: nil, permissions: nil)
+            #   Pass arguments to `test_iam_permissions` via keyword arguments. Note that at
+            #   least one keyword argument is required. To specify no parameters, or to keep all
+            #   the default parameter values, pass an empty Hash as a request object (see above).
+            #
+            #   @param resource [::String]
+            #     REQUIRED: The resource for which the policy detail is being requested.
+            #     See the operation documentation for the appropriate value for this field.
+            #   @param permissions [::Array<::String>]
+            #     The set of permissions to check for the `resource`. Permissions with
+            #     wildcards (such as '*' or 'storage.*') are not allowed. For more
+            #     information see
+            #     [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
+            #
+            # @yield [response, operation] Access the result along with the RPC operation
+            # @yieldparam response [::Google::Iam::V1::TestIamPermissionsResponse]
+            # @yieldparam operation [::GRPC::ActiveCall::Operation]
+            #
+            # @return [::Google::Iam::V1::TestIamPermissionsResponse]
+            #
+            # @raise [::Google::Cloud::Error] if the RPC is aborted.
+            #
+            # @example Basic example
+            #   require "google/identity/access_context_manager/v1"
+            #
+            #   # Create a client object. The client can be reused for multiple calls.
+            #   client = Google::Identity::AccessContextManager::V1::AccessContextManager::Client.new
+            #
+            #   # Create a request. To set request fields, pass in keyword arguments.
+            #   request = Google::Iam::V1::TestIamPermissionsRequest.new
+            #
+            #   # Call the test_iam_permissions method.
+            #   result = client.test_iam_permissions request
+            #
+            #   # The returned object is of type Google::Iam::V1::TestIamPermissionsResponse.
+            #   p result
+            #
+            def test_iam_permissions request, options = nil
+              raise ::ArgumentError, "request must be provided" if request.nil?
+              request = ::Gapic::Protobuf.coerce request, to: ::Google::Iam::V1::TestIamPermissionsRequest
+              # Converts hash and nil to an options object
+              options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h
+              # Customize the options with defaults
+              metadata = @config.rpcs.test_iam_permissions.metadata.to_h
+              # Set x-goog-api-client and x-goog-user-project headers
+              metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
+                lib_name: @config.lib_name, lib_version: @config.lib_version,
+                gapic_version: ::Google::Identity::AccessContextManager::V1::VERSION
+              metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id
+              header_params = {}
+              if request.resource
+                header_params["resource"] = request.resource
+              end
+              request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
+              metadata[:"x-goog-request-params"] ||= request_params_header
+              options.apply_defaults timeout:      @config.rpcs.test_iam_permissions.timeout,
+                                     metadata:     metadata,
+                                     retry_policy: @config.rpcs.test_iam_permissions.retry_policy
+              options.apply_defaults timeout:      @config.timeout,
+                                     metadata:     @config.metadata,
+                                     retry_policy: @config.retry_policy
+              @access_context_manager_stub.call_rpc :test_iam_permissions, request, options: options do |response, operation|
+                yield response, operation if block_given?
+                return response
+              end
+            rescue ::GRPC::BadStatus => e
+              raise ::Google::Cloud::Error.from_error(e)
+            end
             ##
             # Configuration class for the AccessContextManager API.
             #
@@ -2813,6 +3115,21 @@ module Google
                 # @return [::Gapic::Config::Method]
                 #
                 attr_reader :delete_gcp_user_access_binding
+                ##
+                # RPC-specific configuration for `set_iam_policy`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :set_iam_policy
+                ##
+                # RPC-specific configuration for `get_iam_policy`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :get_iam_policy
+                ##
+                # RPC-specific configuration for `test_iam_permissions`
+                # @return [::Gapic::Config::Method]
+                #
+                attr_reader :test_iam_permissions
                 # @private
                 def initialize parent_rpcs = nil
@@ -2862,6 +3179,12 @@ module Google
                   @update_gcp_user_access_binding = ::Gapic::Config::Method.new update_gcp_user_access_binding_config
                   delete_gcp_user_access_binding_config = parent_rpcs.delete_gcp_user_access_binding if parent_rpcs.respond_to? :delete_gcp_user_access_binding
                   @delete_gcp_user_access_binding = ::Gapic::Config::Method.new delete_gcp_user_access_binding_config
+                  set_iam_policy_config = parent_rpcs.set_iam_policy if parent_rpcs.respond_to? :set_iam_policy
+                  @set_iam_policy = ::Gapic::Config::Method.new set_iam_policy_config
+                  get_iam_policy_config = parent_rpcs.get_iam_policy if parent_rpcs.respond_to? :get_iam_policy
+                  @get_iam_policy = ::Gapic::Config::Method.new get_iam_policy_config
+                  test_iam_permissions_config = parent_rpcs.test_iam_permissions if parent_rpcs.respond_to? :test_iam_permissions
+                  @test_iam_permissions = ::Gapic::Config::Method.new test_iam_permissions_config
                   yield self if block_given?
                 end