@maxim_mazurok/gapi.client.iam-v1 0.0.20250425 → 0.0.20250502
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.d.ts +15 -15
- package/package.json +1 -1
package/index.d.ts
CHANGED
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
// This file was generated by https://github.com/Maxim-Mazurok/google-api-typings-generator. Please do not edit it manually.
|
|
10
10
|
// In case of any problems please post issue to https://github.com/Maxim-Mazurok/google-api-typings-generator
|
|
11
11
|
// Generated from: https://iam.googleapis.com/$discovery/rest?version=v1
|
|
12
|
-
// Revision:
|
|
12
|
+
// Revision: 20250502
|
|
13
13
|
|
|
14
14
|
/// <reference types="gapi.client" />
|
|
15
15
|
|
|
@@ -187,17 +187,17 @@ declare namespace gapi.client {
|
|
|
187
187
|
idpMetadataXml?: string;
|
|
188
188
|
}
|
|
189
189
|
interface InlineCertificateIssuanceConfig {
|
|
190
|
-
/** Optional. A required mapping of a
|
|
190
|
+
/** Optional. A required mapping of a Google Cloud region to the CA pool resource located in that region. The CA pool is used for certificate issuance, adhering to the following constraints: * Key format: A supported cloud region name equivalent to the location identifier in the corresponding map entry's value. * Value format: A valid CA pool resource path format like: "projects/{project}/locations/{location}/caPools/{ca_pool}" * Region Matching: Workloads are ONLY issued certificates from CA pools within the same region. Also the CA pool region (in value) must match the workload's region (key). */
|
|
191
191
|
caPools?: {[P in string]: string};
|
|
192
|
-
/** Optional. Key algorithm to use when generating the key pair. This key pair will be used to create the certificate. If
|
|
192
|
+
/** Optional. Key algorithm to use when generating the key pair. This key pair will be used to create the certificate. If not specified, this will default to ECDSA_P256. */
|
|
193
193
|
keyAlgorithm?: string;
|
|
194
|
-
/** Optional. Lifetime of the workload certificates issued by the CA pool. Must be between 10 hours
|
|
194
|
+
/** Optional. Lifetime of the workload certificates issued by the CA pool. Must be between 10 hours and 30 days. If not specified, this will be defaulted to 24 hours. */
|
|
195
195
|
lifetime?: string;
|
|
196
|
-
/** Optional. Rotation window percentage indicating when certificate rotation should be initiated based on remaining lifetime. Must be between 10
|
|
196
|
+
/** Optional. Rotation window percentage indicating when certificate rotation should be initiated based on remaining lifetime. Must be between 10 and 80. If not specified, this will be defaulted to 50. */
|
|
197
197
|
rotationWindowPercentage?: number;
|
|
198
198
|
}
|
|
199
199
|
interface InlineTrustConfig {
|
|
200
|
-
/** Optional. Maps specific trust domains (e.g., "example.com") to their corresponding TrustStore
|
|
200
|
+
/** Optional. Maps specific trust domains (e.g., "example.com") to their corresponding TrustStore, which contain the trusted root certificates for that domain. There can be a maximum of 10 trust domain entries in this map. Note that a trust domain automatically trusts itself and don't need to be specified here. If however, this WorkloadIdentityPool's trust domain contains any trust anchors in the additional_trust_bundles map, those trust anchors will be *appended to* the trust bundle automatically derived from your InlineCertificateIssuanceConfig's ca_pools. */
|
|
201
201
|
additionalTrustBundles?: {[P in string]: TrustStore};
|
|
202
202
|
}
|
|
203
203
|
interface IntermediateCA {
|
|
@@ -357,7 +357,7 @@ declare namespace gapi.client {
|
|
|
357
357
|
interface Oidc {
|
|
358
358
|
/** Optional. Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ ``` */
|
|
359
359
|
allowedAudiences?: string[];
|
|
360
|
-
/** Required. The OIDC issuer URL. Must be an HTTPS endpoint.
|
|
360
|
+
/** Required. The OIDC issuer URL. Must be an HTTPS endpoint. Per OpenID Connect Discovery 1.0 spec, the OIDC issuer URL is used to locate the provider's public keys (via `jwks_uri`) for verifying tokens like the OIDC ID token. These public key types must be 'EC' or 'RSA'. */
|
|
361
361
|
issuerUri?: string;
|
|
362
362
|
/** Optional. OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } */
|
|
363
363
|
jwksJson?: string;
|
|
@@ -444,7 +444,7 @@ declare namespace gapi.client {
|
|
|
444
444
|
services?: AuditableService[];
|
|
445
445
|
}
|
|
446
446
|
interface QueryGrantableRolesRequest {
|
|
447
|
-
/** Required. The full resource name to query from the list of grantable roles. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id `my-project` will be named `//cloudresourcemanager.googleapis.com/projects/my-project`. */
|
|
447
|
+
/** Required. Required. The full resource name to query from the list of grantable roles. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id `my-project` will be named `//cloudresourcemanager.googleapis.com/projects/my-project`. */
|
|
448
448
|
fullResourceName?: string;
|
|
449
449
|
/** Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 2,000. */
|
|
450
450
|
pageSize?: number;
|
|
@@ -603,9 +603,9 @@ declare namespace gapi.client {
|
|
|
603
603
|
pemCertificate?: string;
|
|
604
604
|
}
|
|
605
605
|
interface TrustStore {
|
|
606
|
-
/** Optional. Set of intermediate CA certificates used for building the trust chain to trust anchor.
|
|
606
|
+
/** Optional. Set of intermediate CA certificates used for building the trust chain to the trust anchor. Important: Intermediate CAs are only supported for X.509 federation. */
|
|
607
607
|
intermediateCas?: IntermediateCA[];
|
|
608
|
-
/** Required. List of
|
|
608
|
+
/** Required. List of trust anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be in the trust chain of one of the trust anchors here. */
|
|
609
609
|
trustAnchors?: TrustAnchor[];
|
|
610
610
|
}
|
|
611
611
|
interface UndeleteOauthClientRequest {}
|
|
@@ -773,7 +773,7 @@ declare namespace gapi.client {
|
|
|
773
773
|
use?: string;
|
|
774
774
|
}
|
|
775
775
|
interface X509 {
|
|
776
|
-
/** Required. A
|
|
776
|
+
/** Required. A TrustStore. Use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the X.509 guidelines to define those PEM encoded certs. Only one trust store is currently supported. */
|
|
777
777
|
trustStore?: TrustStore;
|
|
778
778
|
}
|
|
779
779
|
interface IamPoliciesResource {
|
|
@@ -2959,7 +2959,7 @@ declare namespace gapi.client {
|
|
|
2959
2959
|
/** Legacy upload protocol for media (e.g. "media", "multipart"). */
|
|
2960
2960
|
uploadType?: string;
|
|
2961
2961
|
}): Request<WorkloadIdentityPoolManagedIdentity>;
|
|
2962
|
-
/** Lists all non-deleted WorkloadIdentityPoolManagedIdentitys in a namespace. If `show_deleted` is set to `true`, then deleted managed
|
|
2962
|
+
/** Lists all non-deleted WorkloadIdentityPoolManagedIdentitys in a namespace. If `show_deleted` is set to `true`, then deleted managed identities are also listed. */
|
|
2963
2963
|
list(request?: {
|
|
2964
2964
|
/** V1 error format. */
|
|
2965
2965
|
'$.xgafv'?: string;
|
|
@@ -4197,7 +4197,7 @@ declare namespace gapi.client {
|
|
|
4197
4197
|
/** Legacy upload protocol for media (e.g. "media", "multipart"). */
|
|
4198
4198
|
uploadType?: string;
|
|
4199
4199
|
}): Request<WorkloadIdentityPool>;
|
|
4200
|
-
/** Gets IAM
|
|
4200
|
+
/** Gets the IAM policy of a WorkloadIdentityPool. */
|
|
4201
4201
|
getIamPolicy(
|
|
4202
4202
|
request: {
|
|
4203
4203
|
/** V1 error format. */
|
|
@@ -4322,7 +4322,7 @@ declare namespace gapi.client {
|
|
|
4322
4322
|
},
|
|
4323
4323
|
body: WorkloadIdentityPool,
|
|
4324
4324
|
): Request<Operation>;
|
|
4325
|
-
/** Sets IAM policies on
|
|
4325
|
+
/** Sets the IAM policies on a WorkloadIdentityPool */
|
|
4326
4326
|
setIamPolicy(
|
|
4327
4327
|
request: {
|
|
4328
4328
|
/** V1 error format. */
|
|
@@ -4352,7 +4352,7 @@ declare namespace gapi.client {
|
|
|
4352
4352
|
},
|
|
4353
4353
|
body: SetIamPolicyRequest,
|
|
4354
4354
|
): Request<Policy>;
|
|
4355
|
-
/** Returns the caller's permissions on
|
|
4355
|
+
/** Returns the caller's permissions on a WorkloadIdentityPool */
|
|
4356
4356
|
testIamPermissions(
|
|
4357
4357
|
request: {
|
|
4358
4358
|
/** V1 error format. */
|