@maxim_mazurok/gapi.client.cloudasset-v1beta1 0.0.20220805

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/index.d.ts +1087 -0
  2. package/package.json +20 -0
  3. package/readme.md +93 -0
  4. package/tests.ts +129 -0
  5. package/tsconfig.json +18 -0
  6. package/tslint.json +6 -0
package/index.d.ts ADDED
@@ -0,0 +1,1087 @@
1
+ /* Type definitions for non-npm package Cloud Asset API v1beta1 0.0 */
2
+ // Project: https://cloud.google.com/asset-inventory/docs/quickstart
3
+ // Definitions by: Maxim Mazurok <https://github.com/Maxim-Mazurok>
4
+ // Nick Amoscato <https://github.com/namoscato>
5
+ // Declan Vong <https://github.com/declanvong>
6
+ // Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
7
+ // TypeScript Version: 2.8
8
+
9
+ // IMPORTANT
10
+ // This file was generated by https://github.com/Maxim-Mazurok/google-api-typings-generator. Please do not edit it manually.
11
+ // In case of any problems please post issue to https://github.com/Maxim-Mazurok/google-api-typings-generator
12
+ // Generated from: https://cloudasset.googleapis.com/$discovery/rest?version=v1beta1
13
+ // Revision: 20220805
14
+
15
+ /// <reference types="gapi.client" />
16
+
17
+ declare namespace gapi.client {
18
+ /** Load Cloud Asset API v1beta1 */
19
+ function load(urlOrObject: "https://cloudasset.googleapis.com/$discovery/rest?version=v1beta1"): Promise<void>;
20
+ /** @deprecated Please load APIs with discovery documents. */
21
+ function load(name: "cloudasset", version: "v1beta1"): Promise<void>;
22
+ /** @deprecated Please load APIs with discovery documents. */
23
+ function load(name: "cloudasset", version: "v1beta1", callback: () => any): void;
24
+
25
+ namespace cloudasset {
26
+ interface AnalyzeIamPolicyLongrunningMetadata {
27
+ /** Output only. The time the operation was created. */
28
+ createTime?: string;
29
+ }
30
+ // tslint:disable-next-line:no-empty-interface
31
+ interface AnalyzeIamPolicyLongrunningResponse {
32
+ }
33
+ interface Asset {
34
+ /** Please also refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels). */
35
+ accessLevel?: GoogleIdentityAccesscontextmanagerV1AccessLevel;
36
+ /** Please also refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies). */
37
+ accessPolicy?: GoogleIdentityAccesscontextmanagerV1AccessPolicy;
38
+ /** The type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information. */
39
+ assetType?: string;
40
+ /**
41
+ * A representation of the Cloud IAM policy set on a Google Cloud resource. There can be a maximum of one Cloud IAM policy set on any given resource. In addition, Cloud IAM policies
42
+ * inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this
43
+ * resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) for
44
+ * more information.
45
+ */
46
+ iamPolicy?: Policy;
47
+ /**
48
+ * The full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource
49
+ * names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
50
+ */
51
+ name?: string;
52
+ /**
53
+ * A representation of an [organization policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). There can be more than one
54
+ * organization policy with different constraints set on a given resource.
55
+ */
56
+ orgPolicy?: GoogleCloudOrgpolicyV1Policy[];
57
+ /** A representation of the resource. */
58
+ resource?: Resource;
59
+ /** Please also refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview). */
60
+ servicePerimeter?: GoogleIdentityAccesscontextmanagerV1ServicePerimeter;
61
+ }
62
+ interface AuditConfig {
63
+ /** The configuration for logging of each type of permission. */
64
+ auditLogConfigs?: AuditLogConfig[];
65
+ /**
66
+ * Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all
67
+ * services.
68
+ */
69
+ service?: string;
70
+ }
71
+ interface AuditLogConfig {
72
+ /** Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. */
73
+ exemptedMembers?: string[];
74
+ /** The log type that this config enables. */
75
+ logType?: string;
76
+ }
77
+ interface BatchGetAssetsHistoryResponse {
78
+ /** A list of assets with valid time windows. */
79
+ assets?: TemporalAsset[];
80
+ }
81
+ interface Binding {
82
+ /**
83
+ * The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`,
84
+ * then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which
85
+ * resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
86
+ */
87
+ condition?: Expr;
88
+ /**
89
+ * Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on
90
+ * the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service
91
+ * account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that
92
+ * represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier
93
+ * for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example,
94
+ * `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. *
95
+ * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example,
96
+ * `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. *
97
+ * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,
98
+ * `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service
99
+ * account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently
100
+ * deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in
101
+ * the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`.
102
+ */
103
+ members?: string[];
104
+ /** Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. */
105
+ role?: string;
106
+ }
107
+ interface ExportAssetsRequest {
108
+ /**
109
+ * A list of asset types of which to take a snapshot for. For example: "google.compute.Disk". If specified, only matching assets will be returned. See [Introduction to Cloud Asset
110
+ * Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) for all supported asset types.
111
+ */
112
+ assetTypes?: string[];
113
+ /** Asset content type. If not specified, no content but the asset name will be returned. */
114
+ contentType?: string;
115
+ /** Required. Output configuration indicating where the results will be output to. All results will be in newline delimited JSON format. */
116
+ outputConfig?: OutputConfig;
117
+ /**
118
+ * Timestamp to take an asset snapshot. This can only be set to a timestamp between 2018-10-02 UTC (inclusive) and the current time. If not specified, the current time will be used.
119
+ * Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.
120
+ */
121
+ readTime?: string;
122
+ }
123
+ interface Expr {
124
+ /** Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. */
125
+ description?: string;
126
+ /** Textual representation of an expression in Common Expression Language syntax. */
127
+ expression?: string;
128
+ /** Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. */
129
+ location?: string;
130
+ /** Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. */
131
+ title?: string;
132
+ }
133
+ interface GcsDestination {
134
+ /**
135
+ * The uri of the Cloud Storage object. It's the same uri that is used by gsutil. For example: "gs://bucket_name/object_name". See [Viewing and Editing Object
136
+ * Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata) for more information.
137
+ */
138
+ uri?: string;
139
+ /**
140
+ * The uri prefix of all generated Cloud Storage objects. For example: "gs://bucket_name/object_name_prefix". Each object uri is in format: "gs://bucket_name/object_name_prefix// and
141
+ * only contains assets for that type. starts from 0. For example: "gs://bucket_name/object_name_prefix/google.compute.disk/0" is the first shard of output objects containing all
142
+ * google.compute.disk assets. An INVALID_ARGUMENT error will be returned if file with the same name "gs://bucket_name/object_name_prefix" already exists.
143
+ */
144
+ uriPrefix?: string;
145
+ }
146
+ interface GoogleCloudAssetV1p7beta1Asset {
147
+ /** Please also refer to the [access level user guide](https://cloud.google.com/access-context-manager/docs/overview#access-levels). */
148
+ accessLevel?: GoogleIdentityAccesscontextmanagerV1AccessLevel;
149
+ /** Please also refer to the [access policy user guide](https://cloud.google.com/access-context-manager/docs/overview#access-policies). */
150
+ accessPolicy?: GoogleIdentityAccesscontextmanagerV1AccessPolicy;
151
+ /**
152
+ * The ancestry path of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of
153
+ * relative resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. If the asset is a project, folder, or organization, the ancestry path
154
+ * starts from the asset itself. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
155
+ */
156
+ ancestors?: string[];
157
+ /** The type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information. */
158
+ assetType?: string;
159
+ /**
160
+ * A representation of the Cloud IAM policy set on a Google Cloud resource. There can be a maximum of one Cloud IAM policy set on any given resource. In addition, Cloud IAM policies
161
+ * inherit their granted access scope from any policies set on parent resources in the resource hierarchy. Therefore, the effectively policy is the union of both the policy set on this
162
+ * resource and each policy set on all of the resource's ancestry resource levels in the hierarchy. See [this topic](https://cloud.google.com/iam/help/allow-policies/inheritance) for
163
+ * more information.
164
+ */
165
+ iamPolicy?: Policy;
166
+ /**
167
+ * The full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource
168
+ * names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
169
+ */
170
+ name?: string;
171
+ /**
172
+ * A representation of an [organization policy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). There can be more than one
173
+ * organization policy with different constraints set on a given resource.
174
+ */
175
+ orgPolicy?: GoogleCloudOrgpolicyV1Policy[];
176
+ /** The related assets of the asset of one relationship type. One asset only represents one type of relationship. */
177
+ relatedAssets?: GoogleCloudAssetV1p7beta1RelatedAssets;
178
+ /** A representation of the resource. */
179
+ resource?: GoogleCloudAssetV1p7beta1Resource;
180
+ /** Please also refer to the [service perimeter user guide](https://cloud.google.com/vpc-service-controls/docs/overview). */
181
+ servicePerimeter?: GoogleIdentityAccesscontextmanagerV1ServicePerimeter;
182
+ /** The last update timestamp of an asset. update_time is updated when create/update/delete operation is performed. */
183
+ updateTime?: string;
184
+ }
185
+ interface GoogleCloudAssetV1p7beta1RelatedAsset {
186
+ /**
187
+ * The ancestors of an asset in Google Cloud [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), represented as a list of relative
188
+ * resource names. An ancestry path starts with the closest ancestor in the hierarchy and ends at root. Example: `["projects/123456789", "folders/5432", "organizations/1234"]`
189
+ */
190
+ ancestors?: string[];
191
+ /**
192
+ * The full name of the asset. Example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1` See [Resource
193
+ * names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information.
194
+ */
195
+ asset?: string;
196
+ /** The type of the asset. Example: `compute.googleapis.com/Disk` See [Supported asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types) for more information. */
197
+ assetType?: string;
198
+ }
199
+ interface GoogleCloudAssetV1p7beta1RelatedAssets {
200
+ /** The peer resources of the relationship. */
201
+ assets?: GoogleCloudAssetV1p7beta1RelatedAsset[];
202
+ /** The detailed relation attributes. */
203
+ relationshipAttributes?: GoogleCloudAssetV1p7beta1RelationshipAttributes;
204
+ }
205
+ interface GoogleCloudAssetV1p7beta1RelationshipAttributes {
206
+ /** The detail of the relationship, e.g. `contains`, `attaches` */
207
+ action?: string;
208
+ /** The source asset type. Example: `compute.googleapis.com/Instance` */
209
+ sourceResourceType?: string;
210
+ /** The target asset type. Example: `compute.googleapis.com/Disk` */
211
+ targetResourceType?: string;
212
+ /** The unique identifier of the relationship type. Example: `INSTANCE_TO_INSTANCEGROUP` */
213
+ type?: string;
214
+ }
215
+ interface GoogleCloudAssetV1p7beta1Resource {
216
+ /** The content of the resource, in which some sensitive fields are removed and may not be present. */
217
+ data?: { [P in string]: any };
218
+ /**
219
+ * The URL of the discovery document containing the resource's JSON schema. Example: `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is unspecified for
220
+ * resources that do not have an API based on a discovery document, such as Cloud Bigtable.
221
+ */
222
+ discoveryDocumentUri?: string;
223
+ /**
224
+ * The JSON schema name listed in the discovery document. Example: `Project` This value is unspecified for resources that do not have an API based on a discovery document, such as
225
+ * Cloud Bigtable.
226
+ */
227
+ discoveryName?: string;
228
+ /** The location of the resource in Google Cloud, such as its zone and region. For more information, see https://cloud.google.com/about/locations/. */
229
+ location?: string;
230
+ /**
231
+ * The full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google
232
+ * Cloud assets, this value is the parent resource defined in the [Cloud IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example:
233
+ * `//cloudresourcemanager.googleapis.com/projects/my_project_123` For third-party assets, this field may be set differently.
234
+ */
235
+ parent?: string;
236
+ /**
237
+ * The REST URL for accessing the resource. An HTTP `GET` request using this URL returns the resource itself. Example:
238
+ * `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` This value is unspecified for resources without a REST API.
239
+ */
240
+ resourceUrl?: string;
241
+ /** The API version. Example: `v1` */
242
+ version?: string;
243
+ }
244
+ interface GoogleCloudOrgpolicyV1BooleanPolicy {
245
+ /**
246
+ * If `true`, then the `Policy` is enforced. If `false`, then any configuration is acceptable. Suppose you have a `Constraint` `constraints/compute.disableSerialPortAccess` with
247
+ * `constraint_default` set to `ALLOW`. A `Policy` for that `Constraint` exhibits the following behavior: - If the `Policy` at this resource has enforced set to `false`, serial port
248
+ * connection attempts will be allowed. - If the `Policy` at this resource has enforced set to `true`, serial port connection attempts will be refused. - If the `Policy` at this
249
+ * resource is `RestoreDefault`, serial port connection attempts will be allowed. - If no `Policy` is set at this resource or anywhere higher in the resource hierarchy, serial port
250
+ * connection attempts will be allowed. - If no `Policy` is set at this resource, but one exists higher in the resource hierarchy, the behavior is as if the`Policy` were set at this
251
+ * resource. The following examples demonstrate the different possible layerings: Example 1 (nearest `Constraint` wins): `organizations/foo` has a `Policy` with: {enforced: false}
252
+ * `projects/bar` has no `Policy` set. The constraint at `projects/bar` and `organizations/foo` will not be enforced. Example 2 (enforcement gets replaced): `organizations/foo` has a
253
+ * `Policy` with: {enforced: false} `projects/bar` has a `Policy` with: {enforced: true} The constraint at `organizations/foo` is not enforced. The constraint at `projects/bar` is
254
+ * enforced. Example 3 (RestoreDefault): `organizations/foo` has a `Policy` with: {enforced: true} `projects/bar` has a `Policy` with: {RestoreDefault: {}} The constraint at
255
+ * `organizations/foo` is enforced. The constraint at `projects/bar` is not enforced, because `constraint_default` for the `Constraint` is `ALLOW`.
256
+ */
257
+ enforced?: boolean;
258
+ }
259
+ interface GoogleCloudOrgpolicyV1ListPolicy {
260
+ /** List of values allowed at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. */
261
+ allowedValues?: string[];
262
+ /** The policy all_values state. */
263
+ allValues?: string;
264
+ /** List of values denied at this resource. Can only be set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. */
265
+ deniedValues?: string[];
266
+ /**
267
+ * Determines the inheritance behavior for this `Policy`. By default, a `ListPolicy` set at a resource supersedes any `Policy` set anywhere up the resource hierarchy. However, if
268
+ * `inherit_from_parent` is set to `true`, then the values from the effective `Policy` of the parent resource are inherited, meaning the values set in this `Policy` are added to the
269
+ * values inherited up the hierarchy. Setting `Policy` hierarchies that inherit both allowed values and denied values isn't recommended in most circumstances to keep the configuration
270
+ * simple and understandable. However, it is possible to set a `Policy` with `allowed_values` set that inherits a `Policy` with `denied_values` set. In this case, the values that are
271
+ * allowed must be in `allowed_values` and not present in `denied_values`. For example, suppose you have a `Constraint` `constraints/serviceuser.services`, which has a
272
+ * `constraint_type` of `list_constraint`, and with `constraint_default` set to `ALLOW`. Suppose that at the Organization level, a `Policy` is applied that restricts the allowed API
273
+ * activations to {`E1`, `E2`}. Then, if a `Policy` is applied to a project below the Organization that has `inherit_from_parent` set to `false` and field all_values set to DENY, then
274
+ * an attempt to activate any API will be denied. The following examples demonstrate different possible layerings for `projects/bar` parented by `organizations/foo`: Example 1 (no
275
+ * inherited values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has `inherit_from_parent` `false` and values:
276
+ * {allowed_values: "E3" allowed_values: "E4"} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E3`, and `E4`. Example 2 (inherited
277
+ * values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {value: "E3" value: "E4"
278
+ * inherit_from_parent: true} The accepted values at `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. Example 3 (inheriting
279
+ * both allowed and denied values): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {denied_values:
280
+ * "E1"} The accepted values at `organizations/foo` are `E1`, `E2`. The value accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): `organizations/foo` has a `Policy` with
281
+ * values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a `Policy` with values: {RestoreDefault: {}} The accepted values at `organizations/foo` are `E1`, `E2`. The
282
+ * accepted values at `projects/bar` are either all or none depending on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 5 (no policy inherits parent
283
+ * policy): `organizations/foo` has no `Policy` set. `projects/bar` has no `Policy` set. The accepted values at both levels are either all or none depending on the value of
284
+ * `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 (ListConstraint allowing all): `organizations/foo` has a `Policy` with values: {allowed_values: "E1"
285
+ * allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: ALLOW} The accepted values at `organizations/foo` are `E1`, E2`. Any value is accepted at `projects/bar`. Example 7
286
+ * (ListConstraint allowing none): `organizations/foo` has a `Policy` with values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: DENY} The
287
+ * accepted values at `organizations/foo` are `E1`, E2`. No value is accepted at `projects/bar`. Example 10 (allowed and denied subtrees of Resource Manager hierarchy): Given the
288
+ * following resource hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` has a `Policy` with values: {allowed_values: "under:organizations/O1"} `projects/bar` has a
289
+ * `Policy` with: {allowed_values: "under:projects/P3"} {denied_values: "under:folders/F2"} The accepted values at `organizations/foo` are `organizations/O1`, `folders/F1`,
290
+ * `folders/F2`, `projects/P1`, `projects/P2`, `projects/P3`. The accepted values at `projects/bar` are `organizations/O1`, `folders/F1`, `projects/P1`.
291
+ */
292
+ inheritFromParent?: boolean;
293
+ /**
294
+ * Optional. The Google Cloud Console will try to default to a configuration that matches the value specified in this `Policy`. If `suggested_value` is not set, it will inherit the
295
+ * value specified higher in the hierarchy, unless `inherit_from_parent` is `false`.
296
+ */
297
+ suggestedValue?: string;
298
+ }
299
+ interface GoogleCloudOrgpolicyV1Policy {
300
+ /** For boolean `Constraints`, whether to enforce the `Constraint` or not. */
301
+ booleanPolicy?: GoogleCloudOrgpolicyV1BooleanPolicy;
302
+ /**
303
+ * The name of the `Constraint` the `Policy` is configuring, for example, `constraints/serviceuser.services`. A [list of available
304
+ * constraints](/resource-manager/docs/organization-policy/org-policy-constraints) is available. Immutable after creation.
305
+ */
306
+ constraint?: string;
307
+ /**
308
+ * An opaque tag indicating the current version of the `Policy`, used for concurrency control. When the `Policy` is returned from either a `GetPolicy` or a `ListOrgPolicy` request,
309
+ * this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the
310
+ * `etag` will be unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value that was returned from a `GetOrgPolicy` request as part of a read-modify-write loop
311
+ * for concurrency control. Not setting the `etag`in a `SetOrgPolicy` request will result in an unconditional write of the `Policy`.
312
+ */
313
+ etag?: string;
314
+ /** List of values either allowed or disallowed. */
315
+ listPolicy?: GoogleCloudOrgpolicyV1ListPolicy;
316
+ /** Restores the default behavior of the constraint; independent of `Constraint` type. */
317
+ restoreDefault?: any;
318
+ /**
319
+ * The time stamp the `Policy` was previously updated. This is set by the server, not specified by the caller, and represents the last time a call to `SetOrgPolicy` was made for that
320
+ * `Policy`. Any value set by the client will be ignored.
321
+ */
322
+ updateTime?: string;
323
+ /** Version of the `Policy`. Default version is 0; */
324
+ version?: number;
325
+ }
326
+ // tslint:disable-next-line:no-empty-interface
327
+ interface GoogleCloudOrgpolicyV1RestoreDefault {
328
+ }
329
+ interface GoogleIdentityAccesscontextmanagerV1AccessLevel {
330
+ /** A `BasicLevel` composed of `Conditions`. */
331
+ basic?: GoogleIdentityAccesscontextmanagerV1BasicLevel;
332
+ /** A `CustomLevel` written in the Common Expression Language. */
333
+ custom?: GoogleIdentityAccesscontextmanagerV1CustomLevel;
334
+ /** Description of the `AccessLevel` and its use. Does not affect behavior. */
335
+ description?: string;
336
+ /**
337
+ * Required. Resource name for the Access Level. The `short_name` component must begin with a letter and only include alphanumeric and '_'. Format:
338
+ * `accessPolicies/{access_policy}/accessLevels/{access_level}`. The maximum length of the `access_level` component is 50 characters.
339
+ */
340
+ name?: string;
341
+ /** Human readable title. Must be unique within the Policy. */
342
+ title?: string;
343
+ }
344
+ interface GoogleIdentityAccesscontextmanagerV1AccessPolicy {
345
+ /**
346
+ * Output only. An opaque identifier for the current version of the `AccessPolicy`. This will always be a strongly validated etag, meaning that two Access Polices will be identical if
347
+ * and only if their etags are identical. Clients should not expect this to be in any specific format.
348
+ */
349
+ etag?: string;
350
+ /** Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}` */
351
+ name?: string;
352
+ /** Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}` */
353
+ parent?: string;
354
+ /**
355
+ * The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the
356
+ * following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no
357
+ * limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope
358
+ * (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can
359
+ * only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`
360
+ */
361
+ scopes?: string[];
362
+ /** Required. Human readable title. Does not affect behavior. */
363
+ title?: string;
364
+ }
365
+ interface GoogleIdentityAccesscontextmanagerV1ApiOperation {
366
+ /**
367
+ * API methods or permissions to allow. Method or permission must belong to the service specified by `service_name` field. A single MethodSelector entry with `*` specified for the
368
+ * `method` field will allow all methods AND permissions for the service specified in `service_name`.
369
+ */
370
+ methodSelectors?: GoogleIdentityAccesscontextmanagerV1MethodSelector[];
371
+ /**
372
+ * The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with `service_name` field set to `*` will allow all methods
373
+ * AND permissions for all services.
374
+ */
375
+ serviceName?: string;
376
+ }
377
+ interface GoogleIdentityAccesscontextmanagerV1BasicLevel {
378
+ /**
379
+ * How the `conditions` list should be combined to determine if a request is granted this `AccessLevel`. If AND is used, each `Condition` in `conditions` must be satisfied for the
380
+ * `AccessLevel` to be applied. If OR is used, at least one `Condition` in `conditions` must be satisfied for the `AccessLevel` to be applied. Default behavior is AND.
381
+ */
382
+ combiningFunction?: string;
383
+ /** Required. A list of requirements for the `AccessLevel` to be granted. */
384
+ conditions?: GoogleIdentityAccesscontextmanagerV1Condition[];
385
+ }
386
+ interface GoogleIdentityAccesscontextmanagerV1Condition {
387
+ /** Device specific restrictions, all restrictions must hold for the Condition to be true. If not specified, all devices are allowed. */
388
+ devicePolicy?: GoogleIdentityAccesscontextmanagerV1DevicePolicy;
389
+ /**
390
+ * CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for a CIDR IP address block, the specified IP address portion must be properly truncated (i.e. all the host
391
+ * bits must be zero) or the input is considered malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted whereas
392
+ * "2001:db8::1/32" is not. The originating IP of a request must be in one of the listed subnets in order for this Condition to be true. If empty, all IP addresses are allowed.
393
+ */
394
+ ipSubnetworks?: string[];
395
+ /**
396
+ * The request must be made by one of the provided user or service accounts. Groups are not supported. Syntax: `user:{emailid}` `serviceAccount:{emailid}` If not specified, a request
397
+ * may come from any user.
398
+ */
399
+ members?: string[];
400
+ /**
401
+ * Whether to negate the Condition. If true, the Condition becomes a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to
402
+ * false.
403
+ */
404
+ negate?: boolean;
405
+ /** The request must originate from one of the provided countries/regions. Must be valid ISO 3166-1 alpha-2 codes. */
406
+ regions?: string[];
407
+ /**
408
+ * A list of other access levels defined in the same `Policy`, referenced by resource name. Referencing an `AccessLevel` which does not exist is an error. All access levels listed must
409
+ * be granted for the Condition to be true. Example: "`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"`
410
+ */
411
+ requiredAccessLevels?: string[];
412
+ }
413
+ interface GoogleIdentityAccesscontextmanagerV1CustomLevel {
414
+ /** Required. A Cloud CEL expression evaluating to a boolean. */
415
+ expr?: Expr;
416
+ }
417
+ interface GoogleIdentityAccesscontextmanagerV1DevicePolicy {
418
+ /** Allowed device management levels, an empty list allows all management levels. */
419
+ allowedDeviceManagementLevels?: string[];
420
+ /** Allowed encryptions statuses, an empty list allows all statuses. */
421
+ allowedEncryptionStatuses?: string[];
422
+ /** Allowed OS versions, an empty list allows all types and all versions. */
423
+ osConstraints?: GoogleIdentityAccesscontextmanagerV1OsConstraint[];
424
+ /** Whether the device needs to be approved by the customer admin. */
425
+ requireAdminApproval?: boolean;
426
+ /** Whether the device needs to be corp owned. */
427
+ requireCorpOwned?: boolean;
428
+ /** Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`. */
429
+ requireScreenlock?: boolean;
430
+ }
431
+ interface GoogleIdentityAccesscontextmanagerV1EgressFrom {
432
+ /**
433
+ * A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service
434
+ * account only.
435
+ */
436
+ identities?: string[];
437
+ /** Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of `identities` field will be allowed access. */
438
+ identityType?: string;
439
+ }
440
+ interface GoogleIdentityAccesscontextmanagerV1EgressPolicy {
441
+ /** Defines conditions on the source of a request causing this EgressPolicy to apply. */
442
+ egressFrom?: GoogleIdentityAccesscontextmanagerV1EgressFrom;
443
+ /** Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply. */
444
+ egressTo?: GoogleIdentityAccesscontextmanagerV1EgressTo;
445
+ }
446
+ interface GoogleIdentityAccesscontextmanagerV1EgressTo {
447
+ /**
448
+ * A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage,
449
+ * the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path).
450
+ * Currently '*' is not allowed.
451
+ */
452
+ externalResources?: string[];
453
+ /** A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list. */
454
+ operations?: GoogleIdentityAccesscontextmanagerV1ApiOperation[];
455
+ /**
456
+ * A list of resources, currently only projects in the form `projects/`, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it
457
+ * contains a resource in this list. If `*` is specified for `resources`, then this EgressTo rule will authorize access to all resources outside the perimeter.
458
+ */
459
+ resources?: string[];
460
+ }
461
+ interface GoogleIdentityAccesscontextmanagerV1IngressFrom {
462
+ /**
463
+ * A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service
464
+ * account only.
465
+ */
466
+ identities?: string[];
467
+ /** Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of `identities` field will be allowed access. */
468
+ identityType?: string;
469
+ /** Sources that this IngressPolicy authorizes access from. */
470
+ sources?: GoogleIdentityAccesscontextmanagerV1IngressSource[];
471
+ }
472
+ interface GoogleIdentityAccesscontextmanagerV1IngressPolicy {
473
+ /** Defines the conditions on the source of a request causing this IngressPolicy to apply. */
474
+ ingressFrom?: GoogleIdentityAccesscontextmanagerV1IngressFrom;
475
+ /** Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply. */
476
+ ingressTo?: GoogleIdentityAccesscontextmanagerV1IngressTo;
477
+ }
478
+ interface GoogleIdentityAccesscontextmanagerV1IngressSource {
479
+ /**
480
+ * An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this
481
+ * ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud
482
+ * calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all IngressSources
483
+ * will be allowed.
484
+ */
485
+ accessLevel?: string;
486
+ /**
487
+ * A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects are allowed.
488
+ * Format: `projects/{project_number}` The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in. `*` is not allowed, the case of
489
+ * allowing all Google Cloud resources only is not supported.
490
+ */
491
+ resource?: string;
492
+ }
493
+ interface GoogleIdentityAccesscontextmanagerV1IngressTo {
494
+ /** A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter. */
495
+ operations?: GoogleIdentityAccesscontextmanagerV1ApiOperation[];
496
+ /**
497
+ * A list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding
498
+ * IngressFrom. If a single `*` is specified, then access to all resources inside the perimeter are allowed.
499
+ */
500
+ resources?: string[];
501
+ }
502
+ interface GoogleIdentityAccesscontextmanagerV1MethodSelector {
503
+ /**
504
+ * Value for `method` should be a valid method name for the corresponding `service_name` in ApiOperation. If `*` used as value for `method`, then ALL methods and permissions are
505
+ * allowed.
506
+ */
507
+ method?: string;
508
+ /** Value for `permission` should be a valid Cloud IAM permission for the corresponding `service_name` in ApiOperation. */
509
+ permission?: string;
510
+ }
511
+ interface GoogleIdentityAccesscontextmanagerV1OsConstraint {
512
+ /** The minimum allowed OS version. If not set, any version of this OS satisfies the constraint. Format: `"major.minor.patch"`. Examples: `"10.5.301"`, `"9.2.1"`. */
513
+ minimumVersion?: string;
514
+ /** Required. The allowed OS type. */
515
+ osType?: string;
516
+ /**
517
+ * Only allows requests from devices with a verified Chrome OS. Verifications includes requirements that the device is enterprise-managed, conformant to domain policies, and the caller
518
+ * has permission to call the API targeted by the request.
519
+ */
520
+ requireVerifiedChromeOs?: boolean;
521
+ }
522
+ interface GoogleIdentityAccesscontextmanagerV1ServicePerimeter {
523
+ /** Description of the `ServicePerimeter` and its use. Does not affect behavior. */
524
+ description?: string;
525
+ /**
526
+ * Required. Resource name for the ServicePerimeter. The `short_name` component must begin with a letter and only include alphanumeric and '_'. Format:
527
+ * `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`
528
+ */
529
+ name?: string;
530
+ /**
531
+ * Perimeter type indicator. A single project is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a
532
+ * perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.
533
+ */
534
+ perimeterType?: string;
535
+ /**
536
+ * Proposed (or dry run) ServicePerimeter configuration. This configuration allows to specify and test ServicePerimeter configuration without enforcing actual access restrictions. Only
537
+ * allowed to be set when the "use_explicit_dry_run_spec" flag is set.
538
+ */
539
+ spec?: GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig;
540
+ /** Current ServicePerimeter configuration. Specifies sets of resources, restricted services and access levels that determine perimeter content and boundaries. */
541
+ status?: GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig;
542
+ /** Human readable title. Must be unique within the Policy. */
543
+ title?: string;
544
+ /**
545
+ * Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists for all Service Perimeters, and that spec is identical to the status for those Service Perimeters. When
546
+ * this flag is set, it inhibits the generation of the implicit spec, thereby allowing the user to explicitly provide a configuration ("spec") to use in a dry-run version of the
547
+ * Service Perimeter. This allows the user to test changes to the enforced config ("status") without actually enforcing them. This testing is done through analyzing the differences
548
+ * between currently enforced and suggested restrictions. use_explicit_dry_run_spec must bet set to True if any of the fields in the spec are set to non-default values.
549
+ */
550
+ useExplicitDryRunSpec?: boolean;
551
+ }
552
+ interface GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig {
553
+ /**
554
+ * A list of `AccessLevel` resource names that allow resources within the `ServicePerimeter` to be accessed from the internet. `AccessLevels` listed must be in the same policy as this
555
+ * `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are listed, resources within the perimeter can only be accessed via Google
556
+ * Cloud calls with request origins within the perimeter. Example: `"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL"`. For Service Perimeter Bridge, must be empty.
557
+ */
558
+ accessLevels?: string[];
559
+ /**
560
+ * List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants
561
+ * it. Must be empty for a perimeter bridge.
562
+ */
563
+ egressPolicies?: GoogleIdentityAccesscontextmanagerV1EgressPolicy[];
564
+ /**
565
+ * List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy
566
+ * grants it. Must be empty for a perimeter bridge.
567
+ */
568
+ ingressPolicies?: GoogleIdentityAccesscontextmanagerV1IngressPolicy[];
569
+ /** A list of Google Cloud resources that are inside of the service perimeter. Currently only projects are allowed. Format: `projects/{project_number}` */
570
+ resources?: string[];
571
+ /**
572
+ * Google Cloud services that are subject to the Service Perimeter restrictions. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the
573
+ * perimeter must meet the perimeter's access restrictions.
574
+ */
575
+ restrictedServices?: string[];
576
+ /** Configuration for APIs allowed within Perimeter. */
577
+ vpcAccessibleServices?: GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices;
578
+ }
579
+ interface GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices {
580
+ /**
581
+ * The list of APIs usable within the Service Perimeter. Must be empty unless 'enable_restriction' is True. You can specify a list of individual services, as well as include the
582
+ * 'RESTRICTED-SERVICES' value, which automatically includes all of the services protected by the perimeter.
583
+ */
584
+ allowedServices?: string[];
585
+ /** Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowed_services'. */
586
+ enableRestriction?: boolean;
587
+ }
588
+ interface Operation {
589
+ /** If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available. */
590
+ done?: boolean;
591
+ /** The error result of the operation in case of failure or cancellation. */
592
+ error?: Status;
593
+ /**
594
+ * Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such
595
+ * metadata. Any method that returns a long-running operation should document the metadata type, if any.
596
+ */
597
+ metadata?: { [P in string]: any };
598
+ /**
599
+ * The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending
600
+ * with `operations/{unique_id}`.
601
+ */
602
+ name?: string;
603
+ /**
604
+ * The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the
605
+ * original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the
606
+ * original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.
607
+ */
608
+ response?: { [P in string]: any };
609
+ }
610
+ interface OutputConfig {
611
+ /** Destination on Cloud Storage. */
612
+ gcsDestination?: GcsDestination;
613
+ }
614
+ interface Policy {
615
+ /** Specifies cloud audit logging configuration for this policy. */
616
+ auditConfigs?: AuditConfig[];
617
+ /**
618
+ * Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings`
619
+ * must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a
620
+ * principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another
621
+ * 1,450 principals to the `bindings` in the `Policy`.
622
+ */
623
+ bindings?: Binding[];
624
+ /**
625
+ * `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make
626
+ * use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems
627
+ * are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM
628
+ * Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1`
629
+ * policy, and all of the conditions in the version `3` policy are lost.
630
+ */
631
+ etag?: string;
632
+ /**
633
+ * Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings
634
+ * must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a
635
+ * policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use
636
+ * IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1`
637
+ * policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave
638
+ * the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
639
+ */
640
+ version?: number;
641
+ }
642
+ interface Resource {
643
+ /** The content of the resource, in which some sensitive fields are removed and may not be present. */
644
+ data?: { [P in string]: any };
645
+ /**
646
+ * The URL of the discovery document containing the resource's JSON schema. Example: `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is unspecified for
647
+ * resources that do not have an API based on a discovery document, such as Cloud Bigtable.
648
+ */
649
+ discoveryDocumentUri?: string;
650
+ /**
651
+ * The JSON schema name listed in the discovery document. Example: `Project` This value is unspecified for resources that do not have an API based on a discovery document, such as
652
+ * Cloud Bigtable.
653
+ */
654
+ discoveryName?: string;
655
+ /**
656
+ * The full name of the immediate parent of this resource. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more information. For Google
657
+ * Cloud assets, this value is the parent resource defined in the [Cloud IAM policy hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example:
658
+ * `//cloudresourcemanager.googleapis.com/projects/my_project_123` For third-party assets, this field may be set differently.
659
+ */
660
+ parent?: string;
661
+ /**
662
+ * The REST URL for accessing the resource. An HTTP `GET` request using this URL returns the resource itself. Example:
663
+ * `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` This value is unspecified for resources without a REST API.
664
+ */
665
+ resourceUrl?: string;
666
+ /** The API version. Example: `v1` */
667
+ version?: string;
668
+ }
669
+ interface Status {
670
+ /** The status code, which should be an enum value of google.rpc.Code. */
671
+ code?: number;
672
+ /** A list of messages that carry the error details. There is a common set of message types for APIs to use. */
673
+ details?: Array<{ [P in string]: any }>;
674
+ /**
675
+ * A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the
676
+ * client.
677
+ */
678
+ message?: string;
679
+ }
680
+ interface TemporalAsset {
681
+ /** An asset in Google Cloud. */
682
+ asset?: Asset;
683
+ /** Whether the asset has been deleted or not. */
684
+ deleted?: boolean;
685
+ /** The time window when the asset data and state was observed. */
686
+ window?: TimeWindow;
687
+ }
688
+ interface TimeWindow {
689
+ /** End time of the time window (inclusive). If not specified, the current timestamp is used instead. */
690
+ endTime?: string;
691
+ /** Start time of the time window (exclusive). */
692
+ startTime?: string;
693
+ }
694
+ interface OperationsResource {
695
+ /** Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service. */
696
+ get(request?: {
697
+ /** V1 error format. */
698
+ "$.xgafv"?: string;
699
+ /** OAuth access token. */
700
+ access_token?: string;
701
+ /** Data format for response. */
702
+ alt?: string;
703
+ /** JSONP */
704
+ callback?: string;
705
+ /** Selector specifying which fields to include in a partial response. */
706
+ fields?: string;
707
+ /** API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */
708
+ key?: string;
709
+ /** The name of the operation resource. */
710
+ name: string;
711
+ /** OAuth 2.0 token for the current user. */
712
+ oauth_token?: string;
713
+ /** Returns response with indentations and line breaks. */
714
+ prettyPrint?: boolean;
715
+ /** Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */
716
+ quotaUser?: string;
717
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
718
+ upload_protocol?: string;
719
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
720
+ uploadType?: string;
721
+ }): Request<Operation>;
722
+ }
723
+ interface FoldersResource {
724
+ /**
725
+ * Exports assets with time and resource types to a given Cloud Storage location. The output format is newline-delimited JSON. This API implements the google.longrunning.Operation API
726
+ * allowing you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result. For regular-size resource parent,
727
+ * the export operation usually finishes within 5 minutes.
728
+ */
729
+ exportAssets(request: {
730
+ /** V1 error format. */
731
+ "$.xgafv"?: string;
732
+ /** OAuth access token. */
733
+ access_token?: string;
734
+ /** Data format for response. */
735
+ alt?: string;
736
+ /** JSONP */
737
+ callback?: string;
738
+ /** Selector specifying which fields to include in a partial response. */
739
+ fields?: string;
740
+ /** API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */
741
+ key?: string;
742
+ /** OAuth 2.0 token for the current user. */
743
+ oauth_token?: string;
744
+ /**
745
+ * Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), a project
746
+ * number (such as "projects/12345"), or a folder number (such as "folders/123").
747
+ */
748
+ parent: string;
749
+ /** Returns response with indentations and line breaks. */
750
+ prettyPrint?: boolean;
751
+ /** Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */
752
+ quotaUser?: string;
753
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
754
+ upload_protocol?: string;
755
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
756
+ uploadType?: string;
757
+ /** Request body */
758
+ resource: ExportAssetsRequest;
759
+ }): Request<Operation>;
760
+ exportAssets(request: {
761
+ /** V1 error format. */
762
+ "$.xgafv"?: string;
763
+ /** OAuth access token. */
764
+ access_token?: string;
765
+ /** Data format for response. */
766
+ alt?: string;
767
+ /** JSONP */
768
+ callback?: string;
769
+ /** Selector specifying which fields to include in a partial response. */
770
+ fields?: string;
771
+ /** API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */
772
+ key?: string;
773
+ /** OAuth 2.0 token for the current user. */
774
+ oauth_token?: string;
775
+ /**
776
+ * Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), a project
777
+ * number (such as "projects/12345"), or a folder number (such as "folders/123").
778
+ */
779
+ parent: string;
780
+ /** Returns response with indentations and line breaks. */
781
+ prettyPrint?: boolean;
782
+ /** Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */
783
+ quotaUser?: string;
784
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
785
+ upload_protocol?: string;
786
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
787
+ uploadType?: string;
788
+ },
789
+ body: ExportAssetsRequest): Request<Operation>;
790
+ operations: OperationsResource;
791
+ }
792
+ interface OperationsResource {
793
+ /** Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service. */
794
+ get(request?: {
795
+ /** V1 error format. */
796
+ "$.xgafv"?: string;
797
+ /** OAuth access token. */
798
+ access_token?: string;
799
+ /** Data format for response. */
800
+ alt?: string;
801
+ /** JSONP */
802
+ callback?: string;
803
+ /** Selector specifying which fields to include in a partial response. */
804
+ fields?: string;
805
+ /** API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */
806
+ key?: string;
807
+ /** The name of the operation resource. */
808
+ name: string;
809
+ /** OAuth 2.0 token for the current user. */
810
+ oauth_token?: string;
811
+ /** Returns response with indentations and line breaks. */
812
+ prettyPrint?: boolean;
813
+ /** Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */
814
+ quotaUser?: string;
815
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
816
+ upload_protocol?: string;
817
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
818
+ uploadType?: string;
819
+ }): Request<Operation>;
820
+ }
821
+ interface OrganizationsResource {
822
+ /**
823
+ * Batch gets the update history of assets that overlap a time window. For IAM_POLICY content, this API outputs history when the asset and its attached IAM POLICY both exist. This can
824
+ * create gaps in the output history. Otherwise, this API outputs history with asset in both non-delete or deleted status. If a specified asset does not exist, this API returns an
825
+ * INVALID_ARGUMENT error.
826
+ */
827
+ batchGetAssetsHistory(request?: {
828
+ /** V1 error format. */
829
+ "$.xgafv"?: string;
830
+ /** OAuth access token. */
831
+ access_token?: string;
832
+ /** Data format for response. */
833
+ alt?: string;
834
+ /**
835
+ * A list of the full names of the assets. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Resource
836
+ * Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more info. The request becomes a no-op if the asset name list is empty, and the max size of
837
+ * the asset name list is 100 in one request.
838
+ */
839
+ assetNames?: string | string[];
840
+ /** JSONP */
841
+ callback?: string;
842
+ /** Optional. The content type. */
843
+ contentType?: string;
844
+ /** Selector specifying which fields to include in a partial response. */
845
+ fields?: string;
846
+ /** API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */
847
+ key?: string;
848
+ /** OAuth 2.0 token for the current user. */
849
+ oauth_token?: string;
850
+ /**
851
+ * Required. The relative name of the root asset. It can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id")", or a
852
+ * project number (such as "projects/12345").
853
+ */
854
+ parent: string;
855
+ /** Returns response with indentations and line breaks. */
856
+ prettyPrint?: boolean;
857
+ /** Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */
858
+ quotaUser?: string;
859
+ /** End time of the time window (inclusive). If not specified, the current timestamp is used instead. */
860
+ "readTimeWindow.endTime"?: string;
861
+ /** Start time of the time window (exclusive). */
862
+ "readTimeWindow.startTime"?: string;
863
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
864
+ upload_protocol?: string;
865
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
866
+ uploadType?: string;
867
+ }): Request<BatchGetAssetsHistoryResponse>;
868
+ /**
869
+ * Exports assets with time and resource types to a given Cloud Storage location. The output format is newline-delimited JSON. This API implements the google.longrunning.Operation API
870
+ * allowing you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result. For regular-size resource parent,
871
+ * the export operation usually finishes within 5 minutes.
872
+ */
873
+ exportAssets(request: {
874
+ /** V1 error format. */
875
+ "$.xgafv"?: string;
876
+ /** OAuth access token. */
877
+ access_token?: string;
878
+ /** Data format for response. */
879
+ alt?: string;
880
+ /** JSONP */
881
+ callback?: string;
882
+ /** Selector specifying which fields to include in a partial response. */
883
+ fields?: string;
884
+ /** API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */
885
+ key?: string;
886
+ /** OAuth 2.0 token for the current user. */
887
+ oauth_token?: string;
888
+ /**
889
+ * Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), a project
890
+ * number (such as "projects/12345"), or a folder number (such as "folders/123").
891
+ */
892
+ parent: string;
893
+ /** Returns response with indentations and line breaks. */
894
+ prettyPrint?: boolean;
895
+ /** Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */
896
+ quotaUser?: string;
897
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
898
+ upload_protocol?: string;
899
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
900
+ uploadType?: string;
901
+ /** Request body */
902
+ resource: ExportAssetsRequest;
903
+ }): Request<Operation>;
904
+ exportAssets(request: {
905
+ /** V1 error format. */
906
+ "$.xgafv"?: string;
907
+ /** OAuth access token. */
908
+ access_token?: string;
909
+ /** Data format for response. */
910
+ alt?: string;
911
+ /** JSONP */
912
+ callback?: string;
913
+ /** Selector specifying which fields to include in a partial response. */
914
+ fields?: string;
915
+ /** API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */
916
+ key?: string;
917
+ /** OAuth 2.0 token for the current user. */
918
+ oauth_token?: string;
919
+ /**
920
+ * Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), a project
921
+ * number (such as "projects/12345"), or a folder number (such as "folders/123").
922
+ */
923
+ parent: string;
924
+ /** Returns response with indentations and line breaks. */
925
+ prettyPrint?: boolean;
926
+ /** Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */
927
+ quotaUser?: string;
928
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
929
+ upload_protocol?: string;
930
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
931
+ uploadType?: string;
932
+ },
933
+ body: ExportAssetsRequest): Request<Operation>;
934
+ operations: OperationsResource;
935
+ }
936
+ interface OperationsResource {
937
+ /** Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service. */
938
+ get(request?: {
939
+ /** V1 error format. */
940
+ "$.xgafv"?: string;
941
+ /** OAuth access token. */
942
+ access_token?: string;
943
+ /** Data format for response. */
944
+ alt?: string;
945
+ /** JSONP */
946
+ callback?: string;
947
+ /** Selector specifying which fields to include in a partial response. */
948
+ fields?: string;
949
+ /** API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */
950
+ key?: string;
951
+ /** The name of the operation resource. */
952
+ name: string;
953
+ /** OAuth 2.0 token for the current user. */
954
+ oauth_token?: string;
955
+ /** Returns response with indentations and line breaks. */
956
+ prettyPrint?: boolean;
957
+ /** Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */
958
+ quotaUser?: string;
959
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
960
+ upload_protocol?: string;
961
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
962
+ uploadType?: string;
963
+ }): Request<Operation>;
964
+ }
965
+ interface ProjectsResource {
966
+ /**
967
+ * Batch gets the update history of assets that overlap a time window. For IAM_POLICY content, this API outputs history when the asset and its attached IAM POLICY both exist. This can
968
+ * create gaps in the output history. Otherwise, this API outputs history with asset in both non-delete or deleted status. If a specified asset does not exist, this API returns an
969
+ * INVALID_ARGUMENT error.
970
+ */
971
+ batchGetAssetsHistory(request?: {
972
+ /** V1 error format. */
973
+ "$.xgafv"?: string;
974
+ /** OAuth access token. */
975
+ access_token?: string;
976
+ /** Data format for response. */
977
+ alt?: string;
978
+ /**
979
+ * A list of the full names of the assets. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Resource
980
+ * Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more info. The request becomes a no-op if the asset name list is empty, and the max size of
981
+ * the asset name list is 100 in one request.
982
+ */
983
+ assetNames?: string | string[];
984
+ /** JSONP */
985
+ callback?: string;
986
+ /** Optional. The content type. */
987
+ contentType?: string;
988
+ /** Selector specifying which fields to include in a partial response. */
989
+ fields?: string;
990
+ /** API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */
991
+ key?: string;
992
+ /** OAuth 2.0 token for the current user. */
993
+ oauth_token?: string;
994
+ /**
995
+ * Required. The relative name of the root asset. It can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id")", or a
996
+ * project number (such as "projects/12345").
997
+ */
998
+ parent: string;
999
+ /** Returns response with indentations and line breaks. */
1000
+ prettyPrint?: boolean;
1001
+ /** Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */
1002
+ quotaUser?: string;
1003
+ /** End time of the time window (inclusive). If not specified, the current timestamp is used instead. */
1004
+ "readTimeWindow.endTime"?: string;
1005
+ /** Start time of the time window (exclusive). */
1006
+ "readTimeWindow.startTime"?: string;
1007
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
1008
+ upload_protocol?: string;
1009
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
1010
+ uploadType?: string;
1011
+ }): Request<BatchGetAssetsHistoryResponse>;
1012
+ /**
1013
+ * Exports assets with time and resource types to a given Cloud Storage location. The output format is newline-delimited JSON. This API implements the google.longrunning.Operation API
1014
+ * allowing you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result. For regular-size resource parent,
1015
+ * the export operation usually finishes within 5 minutes.
1016
+ */
1017
+ exportAssets(request: {
1018
+ /** V1 error format. */
1019
+ "$.xgafv"?: string;
1020
+ /** OAuth access token. */
1021
+ access_token?: string;
1022
+ /** Data format for response. */
1023
+ alt?: string;
1024
+ /** JSONP */
1025
+ callback?: string;
1026
+ /** Selector specifying which fields to include in a partial response. */
1027
+ fields?: string;
1028
+ /** API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */
1029
+ key?: string;
1030
+ /** OAuth 2.0 token for the current user. */
1031
+ oauth_token?: string;
1032
+ /**
1033
+ * Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), a project
1034
+ * number (such as "projects/12345"), or a folder number (such as "folders/123").
1035
+ */
1036
+ parent: string;
1037
+ /** Returns response with indentations and line breaks. */
1038
+ prettyPrint?: boolean;
1039
+ /** Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */
1040
+ quotaUser?: string;
1041
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
1042
+ upload_protocol?: string;
1043
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
1044
+ uploadType?: string;
1045
+ /** Request body */
1046
+ resource: ExportAssetsRequest;
1047
+ }): Request<Operation>;
1048
+ exportAssets(request: {
1049
+ /** V1 error format. */
1050
+ "$.xgafv"?: string;
1051
+ /** OAuth access token. */
1052
+ access_token?: string;
1053
+ /** Data format for response. */
1054
+ alt?: string;
1055
+ /** JSONP */
1056
+ callback?: string;
1057
+ /** Selector specifying which fields to include in a partial response. */
1058
+ fields?: string;
1059
+ /** API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */
1060
+ key?: string;
1061
+ /** OAuth 2.0 token for the current user. */
1062
+ oauth_token?: string;
1063
+ /**
1064
+ * Required. The relative name of the root asset. This can only be an organization number (such as "organizations/123"), a project ID (such as "projects/my-project-id"), a project
1065
+ * number (such as "projects/12345"), or a folder number (such as "folders/123").
1066
+ */
1067
+ parent: string;
1068
+ /** Returns response with indentations and line breaks. */
1069
+ prettyPrint?: boolean;
1070
+ /** Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */
1071
+ quotaUser?: string;
1072
+ /** Upload protocol for media (e.g. "raw", "multipart"). */
1073
+ upload_protocol?: string;
1074
+ /** Legacy upload protocol for media (e.g. "media", "multipart"). */
1075
+ uploadType?: string;
1076
+ },
1077
+ body: ExportAssetsRequest): Request<Operation>;
1078
+ operations: OperationsResource;
1079
+ }
1080
+
1081
+ const folders: FoldersResource;
1082
+
1083
+ const organizations: OrganizationsResource;
1084
+
1085
+ const projects: ProjectsResource;
1086
+ }
1087
+ }