@maxim_mazurok/gapi.client.iam-v1 0.0.20250425 → 0.0.20250509
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.d.ts +18 -16
- package/package.json +1 -1
package/index.d.ts
CHANGED
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
// This file was generated by https://github.com/Maxim-Mazurok/google-api-typings-generator. Please do not edit it manually.
|
|
10
10
|
// In case of any problems please post issue to https://github.com/Maxim-Mazurok/google-api-typings-generator
|
|
11
11
|
// Generated from: https://iam.googleapis.com/$discovery/rest?version=v1
|
|
12
|
-
// Revision:
|
|
12
|
+
// Revision: 20250509
|
|
13
13
|
|
|
14
14
|
/// <reference types="gapi.client" />
|
|
15
15
|
|
|
@@ -149,7 +149,7 @@ declare namespace gapi.client {
|
|
|
149
149
|
queryParameters?: GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters;
|
|
150
150
|
}
|
|
151
151
|
interface GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters {
|
|
152
|
-
/** Optional. The filter used to request specific records from IdP.
|
|
152
|
+
/** Optional. The filter used to request specific records from the IdP. By default, all of the groups that are associated with a user are fetched. For Microsoft Entra ID, you can add `$search` query parameters using [Keyword Query Language] (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference). To learn more about `$search` querying in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn.microsoft.com/en-us/graph/search-query-parameter). Additionally, Workforce Identity Federation automatically adds the following [`$filter` query parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), based on the value of `attributes_type`. Values passed to `filter` are converted to `$search` query parameters. Additional `$filter` query parameters cannot be added using this field. * `AZURE_AD_GROUPS_MAIL`: `mailEnabled` and `securityEnabled` filters are applied. * `AZURE_AD_GROUPS_ID`: `securityEnabled` filter is applied. */
|
|
153
153
|
filter?: string;
|
|
154
154
|
}
|
|
155
155
|
interface GoogleIamAdminV1WorkforcePoolProviderOidc {
|
|
@@ -187,17 +187,17 @@ declare namespace gapi.client {
|
|
|
187
187
|
idpMetadataXml?: string;
|
|
188
188
|
}
|
|
189
189
|
interface InlineCertificateIssuanceConfig {
|
|
190
|
-
/** Optional. A required mapping of a
|
|
190
|
+
/** Optional. A required mapping of a Google Cloud region to the CA pool resource located in that region. The CA pool is used for certificate issuance, adhering to the following constraints: * Key format: A supported cloud region name equivalent to the location identifier in the corresponding map entry's value. * Value format: A valid CA pool resource path format like: "projects/{project}/locations/{location}/caPools/{ca_pool}" * Region Matching: Workloads are ONLY issued certificates from CA pools within the same region. Also the CA pool region (in value) must match the workload's region (key). */
|
|
191
191
|
caPools?: {[P in string]: string};
|
|
192
|
-
/** Optional. Key algorithm to use when generating the key pair. This key pair will be used to create the certificate. If
|
|
192
|
+
/** Optional. Key algorithm to use when generating the key pair. This key pair will be used to create the certificate. If not specified, this will default to ECDSA_P256. */
|
|
193
193
|
keyAlgorithm?: string;
|
|
194
|
-
/** Optional. Lifetime of the workload certificates issued by the CA pool. Must be between 10 hours
|
|
194
|
+
/** Optional. Lifetime of the workload certificates issued by the CA pool. Must be between 10 hours and 30 days. If not specified, this will be defaulted to 24 hours. */
|
|
195
195
|
lifetime?: string;
|
|
196
|
-
/** Optional. Rotation window percentage indicating when certificate rotation should be initiated based on remaining lifetime. Must be between 10
|
|
196
|
+
/** Optional. Rotation window percentage indicating when certificate rotation should be initiated based on remaining lifetime. Must be between 10 and 80. If not specified, this will be defaulted to 50. */
|
|
197
197
|
rotationWindowPercentage?: number;
|
|
198
198
|
}
|
|
199
199
|
interface InlineTrustConfig {
|
|
200
|
-
/** Optional. Maps specific trust domains (e.g., "example.com") to their corresponding TrustStore
|
|
200
|
+
/** Optional. Maps specific trust domains (e.g., "example.com") to their corresponding TrustStore, which contain the trusted root certificates for that domain. There can be a maximum of 10 trust domain entries in this map. Note that a trust domain automatically trusts itself and don't need to be specified here. If however, this WorkloadIdentityPool's trust domain contains any trust anchors in the additional_trust_bundles map, those trust anchors will be *appended to* the trust bundle automatically derived from your InlineCertificateIssuanceConfig's ca_pools. */
|
|
201
201
|
additionalTrustBundles?: {[P in string]: TrustStore};
|
|
202
202
|
}
|
|
203
203
|
interface IntermediateCA {
|
|
@@ -357,7 +357,7 @@ declare namespace gapi.client {
|
|
|
357
357
|
interface Oidc {
|
|
358
358
|
/** Optional. Acceptable values for the `aud` field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ``` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ ``` */
|
|
359
359
|
allowedAudiences?: string[];
|
|
360
|
-
/** Required. The OIDC issuer URL. Must be an HTTPS endpoint.
|
|
360
|
+
/** Required. The OIDC issuer URL. Must be an HTTPS endpoint. Per OpenID Connect Discovery 1.0 spec, the OIDC issuer URL is used to locate the provider's public keys (via `jwks_uri`) for verifying tokens like the OIDC ID token. These public key types must be 'EC' or 'RSA'. */
|
|
361
361
|
issuerUri?: string;
|
|
362
362
|
/** Optional. OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] } */
|
|
363
363
|
jwksJson?: string;
|
|
@@ -444,7 +444,7 @@ declare namespace gapi.client {
|
|
|
444
444
|
services?: AuditableService[];
|
|
445
445
|
}
|
|
446
446
|
interface QueryGrantableRolesRequest {
|
|
447
|
-
/** Required. The full resource name to query from the list of grantable roles. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id `my-project` will be named `//cloudresourcemanager.googleapis.com/projects/my-project`. */
|
|
447
|
+
/** Required. Required. The full resource name to query from the list of grantable roles. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id `my-project` will be named `//cloudresourcemanager.googleapis.com/projects/my-project`. */
|
|
448
448
|
fullResourceName?: string;
|
|
449
449
|
/** Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 2,000. */
|
|
450
450
|
pageSize?: number;
|
|
@@ -603,9 +603,9 @@ declare namespace gapi.client {
|
|
|
603
603
|
pemCertificate?: string;
|
|
604
604
|
}
|
|
605
605
|
interface TrustStore {
|
|
606
|
-
/** Optional. Set of intermediate CA certificates used for building the trust chain to trust anchor.
|
|
606
|
+
/** Optional. Set of intermediate CA certificates used for building the trust chain to the trust anchor. Important: Intermediate CAs are only supported for X.509 federation. */
|
|
607
607
|
intermediateCas?: IntermediateCA[];
|
|
608
|
-
/** Required. List of
|
|
608
|
+
/** Required. List of trust anchors to be used while performing validation against a given TrustStore. The incoming end entity's certificate must be in the trust chain of one of the trust anchors here. */
|
|
609
609
|
trustAnchors?: TrustAnchor[];
|
|
610
610
|
}
|
|
611
611
|
interface UndeleteOauthClientRequest {}
|
|
@@ -658,6 +658,8 @@ declare namespace gapi.client {
|
|
|
658
658
|
attributeMapping?: {[P in string]: string};
|
|
659
659
|
/** Optional. A user-specified description of the provider. Cannot exceed 256 characters. */
|
|
660
660
|
description?: string;
|
|
661
|
+
/** Optional. If true, populates additional debug information in Cloud Audit Logs for this provider. Logged attribute mappings and values can be found in `sts.googleapis.com` data access logs. Default value is false. */
|
|
662
|
+
detailedAuditLogging?: boolean;
|
|
661
663
|
/** Optional. Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access. */
|
|
662
664
|
disabled?: boolean;
|
|
663
665
|
/** Optional. A user-specified display name for the provider. Cannot exceed 32 characters. */
|
|
@@ -773,7 +775,7 @@ declare namespace gapi.client {
|
|
|
773
775
|
use?: string;
|
|
774
776
|
}
|
|
775
777
|
interface X509 {
|
|
776
|
-
/** Required. A
|
|
778
|
+
/** Required. A TrustStore. Use this trust store as a wrapper to config the trust anchor and optional intermediate cas to help build the trust chain for the incoming end entity certificate. Follow the X.509 guidelines to define those PEM encoded certs. Only one trust store is currently supported. */
|
|
777
779
|
trustStore?: TrustStore;
|
|
778
780
|
}
|
|
779
781
|
interface IamPoliciesResource {
|
|
@@ -2959,7 +2961,7 @@ declare namespace gapi.client {
|
|
|
2959
2961
|
/** Legacy upload protocol for media (e.g. "media", "multipart"). */
|
|
2960
2962
|
uploadType?: string;
|
|
2961
2963
|
}): Request<WorkloadIdentityPoolManagedIdentity>;
|
|
2962
|
-
/** Lists all non-deleted WorkloadIdentityPoolManagedIdentitys in a namespace. If `show_deleted` is set to `true`, then deleted managed
|
|
2964
|
+
/** Lists all non-deleted WorkloadIdentityPoolManagedIdentitys in a namespace. If `show_deleted` is set to `true`, then deleted managed identities are also listed. */
|
|
2963
2965
|
list(request?: {
|
|
2964
2966
|
/** V1 error format. */
|
|
2965
2967
|
'$.xgafv'?: string;
|
|
@@ -4197,7 +4199,7 @@ declare namespace gapi.client {
|
|
|
4197
4199
|
/** Legacy upload protocol for media (e.g. "media", "multipart"). */
|
|
4198
4200
|
uploadType?: string;
|
|
4199
4201
|
}): Request<WorkloadIdentityPool>;
|
|
4200
|
-
/** Gets IAM
|
|
4202
|
+
/** Gets the IAM policy of a WorkloadIdentityPool. */
|
|
4201
4203
|
getIamPolicy(
|
|
4202
4204
|
request: {
|
|
4203
4205
|
/** V1 error format. */
|
|
@@ -4322,7 +4324,7 @@ declare namespace gapi.client {
|
|
|
4322
4324
|
},
|
|
4323
4325
|
body: WorkloadIdentityPool,
|
|
4324
4326
|
): Request<Operation>;
|
|
4325
|
-
/** Sets IAM policies on
|
|
4327
|
+
/** Sets the IAM policies on a WorkloadIdentityPool */
|
|
4326
4328
|
setIamPolicy(
|
|
4327
4329
|
request: {
|
|
4328
4330
|
/** V1 error format. */
|
|
@@ -4352,7 +4354,7 @@ declare namespace gapi.client {
|
|
|
4352
4354
|
},
|
|
4353
4355
|
body: SetIamPolicyRequest,
|
|
4354
4356
|
): Request<Policy>;
|
|
4355
|
-
/** Returns the caller's permissions on
|
|
4357
|
+
/** Returns the caller's permissions on a WorkloadIdentityPool */
|
|
4356
4358
|
testIamPermissions(
|
|
4357
4359
|
request: {
|
|
4358
4360
|
/** V1 error format. */
|