google-api-python-client 2.122.0__py2.py3-none-any.whl → 2.124.0__py2.py3-none-any.whl

googleapiclient/discovery_cache/documents/gkehub.v1beta.json

@@ -1611,6 +1611,83 @@
 "https://www.googleapis.com/auth/cloud-platform"
 ]
 },
+"listMemberships": {
+"description": "Lists Memberships bound to a Scope. The response includes relevant Memberships from all regions.",
+"flatPath": "v1beta/projects/{projectsId}/locations/{locationsId}/scopes/{scopesId}:listMemberships",
+"httpMethod": "GET",
+"id": "gkehub.projects.locations.scopes.listMemberships",
+"parameterOrder": [
+"scopeName"
+],
+"parameters": {
+"filter": {
+"description": "Optional. Lists Memberships that match the filter expression, following the syntax outlined in https://google.aip.dev/160. Currently, filtering can be done only based on Memberships's `name`, `labels`, `create_time`, `update_time`, and `unique_id`.",
+"location": "query",
+"type": "string"
+},
+"pageSize": {
+"description": "Optional. When requesting a 'page' of resources, `page_size` specifies number of resources to return. If unspecified or set to 0, all resources will be returned. Pagination is currently not supported; therefore, setting this field does not have any impact for now.",
+"format": "int32",
+"location": "query",
+"type": "integer"
+},
+"pageToken": {
+"description": "Optional. Token returned by previous call to `ListBoundMemberships` which specifies the position in the list from where to continue listing the resources.",
+"location": "query",
+"type": "string"
+},
+"scopeName": {
+"description": "Required. Name of the Scope, in the format `projects/*/locations/global/scopes/*`, to which the Memberships are bound.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/scopes/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1beta/{+scopeName}:listMemberships",
+"response": {
+"$ref": "ListBoundMembershipsResponse"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"listPermitted": {
+"description": "Lists permitted Scopes.",
+"flatPath": "v1beta/projects/{projectsId}/locations/{locationsId}/scopes:listPermitted",
+"httpMethod": "GET",
+"id": "gkehub.projects.locations.scopes.listPermitted",
+"parameterOrder": [
+"parent"
+],
+"parameters": {
+"pageSize": {
+"description": "Optional. When requesting a 'page' of resources, `page_size` specifies number of resources to return. If unspecified or set to 0, all resources will be returned.",
+"format": "int32",
+"location": "query",
+"type": "integer"
+},
+"pageToken": {
+"description": "Optional. Token returned by previous call to `ListPermittedScopes` which specifies the position in the list from where to continue listing the resources.",
+"location": "query",
+"type": "string"
+},
+"parent": {
+"description": "Required. The parent (project and location) where the Scope will be listed. Specified in the format `projects/*/locations/*`.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1beta/{+parent}/scopes:listPermitted",
+"response": {
+"$ref": "ListPermittedScopesResponse"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
 "patch": {
 "description": "Updates a scopes.",
 "flatPath": "v1beta/projects/{projectsId}/locations/{locationsId}/scopes/{scopesId}",
@@ -2024,7 +2101,7 @@
 }
 }
 },
-"revision": "20240229",
+"revision": "20240318",
 "rootUrl": "https://gkehub.googleapis.com/",
 "schemas": {
 "AnthosObservabilityFeatureSpec": {
@@ -4017,6 +4094,10 @@
 "$ref": "IdentityServiceGoogleConfig",
 "description": "GoogleConfig specific configuration."
 },
+"ldapConfig": {
+"$ref": "IdentityServiceLdapConfig",
+"description": "LDAP specific configuration."
+},
 "name": {
 "description": "Identifier for auth config.",
 "type": "string"
@@ -4084,6 +4165,48 @@
 },
 "type": "object"
 },
+"IdentityServiceGroupConfig": {
+"description": "Contains the properties for locating and authenticating groups in the directory.",
+"id": "IdentityServiceGroupConfig",
+"properties": {
+"baseDn": {
+"description": "Required. The location of the subtree in the LDAP directory to search for group entries.",
+"type": "string"
+},
+"filter": {
+"description": "Optional. Optional filter to be used when searching for groups a user belongs to. This can be used to explicitly match only certain groups in order to reduce the amount of groups returned for each user. This defaults to \"(objectClass=Group)\".",
+"type": "string"
+},
+"idAttribute": {
+"description": "Optional. The identifying name of each group a user belongs to. For example, if this is set to \"distinguishedName\" then RBACs and other group expectations should be written as full DNs. This defaults to \"distinguishedName\".",
+"type": "string"
+}
+},
+"type": "object"
+},
+"IdentityServiceLdapConfig": {
+"description": "Configuration for the LDAP Auth flow.",
+"id": "IdentityServiceLdapConfig",
+"properties": {
+"group": {
+"$ref": "IdentityServiceGroupConfig",
+"description": "Optional. Contains the properties for locating and authenticating groups in the directory."
+},
+"server": {
+"$ref": "IdentityServiceServerConfig",
+"description": "Required. Server settings for the external LDAP server."
+},
+"serviceAccount": {
+"$ref": "IdentityServiceServiceAccountConfig",
+"description": "Required. Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate."
+},
+"user": {
+"$ref": "IdentityServiceUserConfig",
+"description": "Required. Defines where users exist in the LDAP directory."
+}
+},
+"type": "object"
+},
 "IdentityServiceMembershipSpec": {
 "description": "**Anthos Identity Service**: Configuration for a single Membership.",
 "id": "IdentityServiceMembershipSpec",
@@ -4241,6 +4364,81 @@
 },
 "type": "object"
 },
+"IdentityServiceServerConfig": {
+"description": "Server settings for the external LDAP server.",
+"id": "IdentityServiceServerConfig",
+"properties": {
+"certificateAuthorityData": {
+"description": "Optional. Contains a Base64 encoded, PEM formatted certificate authority certificate for the LDAP server. This must be provided for the \"ldaps\" and \"startTLS\" connections.",
+"format": "byte",
+"type": "string"
+},
+"connectionType": {
+"description": "Optional. Defines the connection type to communicate with the LDAP server. If `starttls` or `ldaps` is specified, the certificate_authority_data should not be empty.",
+"type": "string"
+},
+"host": {
+"description": "Required. Defines the hostname or IP of the LDAP server. Port is optional and will default to 389, if unspecified. For example, \"ldap.server.example\" or \"10.10.10.10:389\".",
+"type": "string"
+}
+},
+"type": "object"
+},
+"IdentityServiceServiceAccountConfig": {
+"description": "Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate.",
+"id": "IdentityServiceServiceAccountConfig",
+"properties": {
+"simpleBindCredentials": {
+"$ref": "IdentityServiceSimpleBindCredentials",
+"description": "Credentials for basic auth."
+}
+},
+"type": "object"
+},
+"IdentityServiceSimpleBindCredentials": {
+"description": "The structure holds the LDAP simple binding credential.",
+"id": "IdentityServiceSimpleBindCredentials",
+"properties": {
+"dn": {
+"description": "Required. The distinguished name(DN) of the service account object/user.",
+"type": "string"
+},
+"encryptedPassword": {
+"description": "Output only. The encrypted password of the service account object/user.",
+"format": "byte",
+"readOnly": true,
+"type": "string"
+},
+"password": {
+"description": "Required. Input only. The password of the service account object/user.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"IdentityServiceUserConfig": {
+"description": "Defines where users exist in the LDAP directory.",
+"id": "IdentityServiceUserConfig",
+"properties": {
+"baseDn": {
+"description": "Required. The location of the subtree in the LDAP directory to search for user entries.",
+"type": "string"
+},
+"filter": {
+"description": "Optional. Filter to apply when searching for the user. This can be used to further restrict the user accounts which are allowed to login. This defaults to \"(objectClass=User)\".",
+"type": "string"
+},
+"idAttribute": {
+"description": "Optional. Determines which attribute to use as the user's identity after they are authenticated. This is distinct from the loginAttribute field to allow users to login with a username, but then have their actual identifier be an email address or full Distinguished Name (DN). For example, setting loginAttribute to \"sAMAccountName\" and identifierAttribute to \"userPrincipalName\" would allow a user to login as \"bsmith\", but actual RBAC policies for the user would be written as \"bsmith@example.com\". Using \"userPrincipalName\" is recommended since this will be unique for each user. This defaults to \"userPrincipalName\".",
+"type": "string"
+},
+"loginAttribute": {
+"description": "Optional. The name of the attribute which matches against the input username. This is used to find the user in the LDAP database e.g. \"(=)\" and is combined with the optional filter field. This defaults to \"userPrincipalName\".",
+"type": "string"
+}
+},
+"type": "object"
+},
 "KubernetesMetadata": {
 "description": "KubernetesMetadata provides informational metadata for Memberships representing Kubernetes clusters.",
 "id": "KubernetesMetadata",
@@ -4313,6 +4511,31 @@
 },
 "type": "object"
 },
+"ListBoundMembershipsResponse": {
+"description": "List of Memberships bound to a Scope.",
+"id": "ListBoundMembershipsResponse",
+"properties": {
+"memberships": {
+"description": "The list of Memberships bound to the given Scope.",
+"items": {
+"$ref": "Membership"
+},
+"type": "array"
+},
+"nextPageToken": {
+"description": "A token to request the next page of resources from the `ListBoundMemberships` method. The value of an empty string means that there are no more resources to return.",
+"type": "string"
+},
+"unreachable": {
+"description": "List of locations that could not be reached while fetching this list.",
+"items": {
+"type": "string"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
 "ListFeaturesResponse": {
 "description": "Response message for the `GkeHub.ListFeatures` method.",
 "id": "ListFeaturesResponse",
@@ -4446,6 +4669,24 @@
 },
 "type": "object"
 },
+"ListPermittedScopesResponse": {
+"description": "List of permitted Scopes.",
+"id": "ListPermittedScopesResponse",
+"properties": {
+"nextPageToken": {
+"description": "A token to request the next page of resources from the `ListPermittedScopes` method. The value of an empty string means that there are no more resources to return.",
+"type": "string"
+},
+"scopes": {
+"description": "The list of permitted Scopes",
+"items": {
+"$ref": "Scope"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
 "ListScopeNamespacesResponse": {
 "description": "List of fleet namespaces.",
 "id": "ListScopeNamespacesResponse",

googleapiclient/discovery_cache/documents/gkehub.v1beta1.json

@@ -712,7 +712,7 @@
 }
 }
 },
-"revision": "20240229",
+"revision": "20240318",
 "rootUrl": "https://gkehub.googleapis.com/",
 "schemas": {
 "ApplianceCluster": {

googleapiclient/discovery_cache/documents/gkehub.v2alpha.json

@@ -280,7 +280,7 @@
 }
 }
 },
-"revision": "20240229",
+"revision": "20240318",
 "rootUrl": "https://gkehub.googleapis.com/",
 "schemas": {
 "CancelOperationRequest": {

googleapiclient/discovery_cache/documents/gmail.v1.json

@@ -3077,7 +3077,7 @@
 }
 }
 },
-"revision": "20240304",
+"revision": "20240318",
 "rootUrl": "https://gmail.googleapis.com/",
 "schemas": {
 "AutoForwarding": {

googleapiclient/discovery_cache/documents/gmailpostmastertools.v1.json

@@ -265,7 +265,7 @@
 }
 }
 },
-"revision": "20240310",
+"revision": "20240324",
 "rootUrl": "https://gmailpostmastertools.googleapis.com/",
 "schemas": {
 "DeliveryError": {

googleapiclient/discovery_cache/documents/gmailpostmastertools.v1beta1.json

@@ -265,7 +265,7 @@
 }
 }
 },
-"revision": "20240310",
+"revision": "20240324",
 "rootUrl": "https://gmailpostmastertools.googleapis.com/",
 "schemas": {
 "DeliveryError": {

googleapiclient/discovery_cache/documents/groupsmigration.v1.json

@@ -146,7 +146,7 @@
 }
 }
 },
-"revision": "20240222",
+"revision": "20240311",
 "rootUrl": "https://groupsmigration.googleapis.com/",
 "schemas": {
 "Groups": {

googleapiclient/discovery_cache/documents/healthcare.v1.json

@@ -4554,7 +4554,7 @@
 }
 }
 },
-"revision": "20240228",
+"revision": "20240312",
 "rootUrl": "https://healthcare.googleapis.com/",
 "schemas": {
 "ActivateConsentRequest": {
@@ -7135,7 +7135,7 @@
 "type": "boolean"
 },
 "inputGcsObject": {
-"description": "Optional. GCS object containing list of {resourceType}/{resourceId} lines, identifying resources to be reverted",
+"description": "Optional. Cloud Storage object containing list of {resourceType}/{resourceId} lines, identifying resources to be reverted",
 "type": "string"
 },
 "resultGcsBucket": {

googleapiclient/discovery_cache/documents/healthcare.v1beta1.json

@@ -2650,7 +2650,7 @@
 ],
 "parameters": {
 "resource": {
-"description": "Required. The path of the resource to update the blob storage settings in the format of `projects/{projectID}/datasets/{datasetID}/dicomStores/{dicomStoreID}/dicomWeb/studies/{studyUID}`, `projects/{projectID}/datasets/{datasetID}/dicomStores/{dicomStoreID}/dicomWeb/studies/{studyUID}/series/{seriesUID}/`, or `projects/{projectID}/datasets/{datasetID}/dicomStores/{dicomStoreID}/dicomWeb/studies/{studyUID}/series/{seriesUID}/instances/{instanceUID}`. If `filter_config` is specified, set the value of `resource` to the resource name of a DICOM store in the format `projects/{projectID}/datasets/{datasetID}/dicomStores/{dicomStoreID}`.",
+"description": "Required. The path of the resource to update the blob storage settings in the format of `projects/{projectID}/locations/{locationID}/datasets/{datasetID}/dicomStores/{dicomStoreID}/dicomWeb/studies/{studyUID}`, `projects/{projectID}/locations/{locationID}/datasets/{datasetID}/dicomStores/{dicomStoreID}/dicomWeb/studies/{studyUID}/series/{seriesUID}/`, or `projects/{projectID}/locations/{locationID}/datasets/{datasetID}/dicomStores/{dicomStoreID}/dicomWeb/studies/{studyUID}/series/{seriesUID}/instances/{instanceUID}`. If `filter_config` is specified, set the value of `resource` to the resource name of a DICOM store in the format `projects/{projectID}/locations/{locationID}/datasets/{datasetID}/dicomStores/{dicomStoreID}`.",
 "location": "path",
 "pattern": "^projects/[^/]+/locations/[^/]+/datasets/[^/]+/dicomStores/[^/]+$",
 "required": true,
@@ -2806,7 +2806,7 @@
 ],
 "parameters": {
 "resource": {
-"description": "Required. The path of the resource to update the blob storage settings in the format of `projects/{projectID}/datasets/{datasetID}/dicomStores/{dicomStoreID}/dicomWeb/studies/{studyUID}`, `projects/{projectID}/datasets/{datasetID}/dicomStores/{dicomStoreID}/dicomWeb/studies/{studyUID}/series/{seriesUID}/`, or `projects/{projectID}/datasets/{datasetID}/dicomStores/{dicomStoreID}/dicomWeb/studies/{studyUID}/series/{seriesUID}/instances/{instanceUID}`. If `filter_config` is specified, set the value of `resource` to the resource name of a DICOM store in the format `projects/{projectID}/datasets/{datasetID}/dicomStores/{dicomStoreID}`.",
+"description": "Required. The path of the resource to update the blob storage settings in the format of `projects/{projectID}/locations/{locationID}/datasets/{datasetID}/dicomStores/{dicomStoreID}/dicomWeb/studies/{studyUID}`, `projects/{projectID}/locations/{locationID}/datasets/{datasetID}/dicomStores/{dicomStoreID}/dicomWeb/studies/{studyUID}/series/{seriesUID}/`, or `projects/{projectID}/locations/{locationID}/datasets/{datasetID}/dicomStores/{dicomStoreID}/dicomWeb/studies/{studyUID}/series/{seriesUID}/instances/{instanceUID}`. If `filter_config` is specified, set the value of `resource` to the resource name of a DICOM store in the format `projects/{projectID}/locations/{locationID}/datasets/{datasetID}/dicomStores/{dicomStoreID}`.",
 "location": "path",
 "pattern": "^projects/[^/]+/locations/[^/]+/datasets/[^/]+/dicomStores/[^/]+/dicomWeb/studies/.*$",
 "required": true,
@@ -2869,7 +2869,7 @@
 ],
 "parameters": {
 "resource": {
-"description": "Required. The path of the resource for which the storage info is requested (for exaxmple for a DICOM Instance: `projects/{projectid}/datasets/{datasetid}/dicomStores/{dicomStoreId}/dicomWeb/studies/{study_uid}/series/{series_uid}/instances/{instance_uid}`)",
+"description": "Required. The path of the resource for which the storage info is requested (for exaxmple for a DICOM Instance: `projects/{projectID}/locations/{locationID}/datasets/{datasetID}/dicomStores/{dicomStoreId}/dicomWeb/studies/{study_uid}/series/{series_uid}/instances/{instance_uid}`)",
 "location": "path",
 "pattern": "^projects/[^/]+/locations/[^/]+/datasets/[^/]+/dicomStores/[^/]+/dicomWeb/studies/[^/]+/series/[^/]+/instances/[^/]+$",
 "required": true,
@@ -5614,7 +5614,7 @@
 }
 }
 },
-"revision": "20240228",
+"revision": "20240312",
 "rootUrl": "https://healthcare.googleapis.com/",
 "schemas": {
 "AccessDeterminationLogConfig": {
@@ -5632,7 +5632,7 @@
 "enumDescriptions": [
 "No log level specified. This value is unused.",
 "No additional consent-related logging is added to audit logs.",
-"The following information is included: * One of the following [`consentMode`](https://cloud.google.com/healthcare-api/docs/fhir-consent#audit_logs) fields: (`off`|`emptyScope`|`enforced`|`btg`|`bypass`). * The accessor's request headers * The `log_level` of the [AccessDeterminationLogConfig](https://cloud.google.com/healthcare-api/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#AccessDeterminationLogConfig) * The final consent evaluation (`PERMIT`, `DENY`, or `NO_CONSENT`) * A human-readable summary of the evaluation",
+"The following information is included: * One of the following [`consentMode`](https://cloud.google.com/healthcare-api/docs/fhir-consent#audit_logs) fields: (`off`|`emptyScope`|`enforced`|`btg`|`bypass`). * The accessor's request headers * The `log_level` of the AccessDeterminationLogConfig * The final consent evaluation (`PERMIT`, `DENY`, or `NO_CONSENT`) * A human-readable summary of the evaluation",
 "Includes `MINIMUM` and, for each resource owner, returns: * The resource owner's name * Most specific part of the `X-Consent-Scope` resulting in consensual determination * Timestamp of the applied enforcement leading to the decision * Enforcement version at the time the applicable consents were applied * The Consent resource name * The timestamp of the Consent resource used for enforcement * Policy type (`PATIENT` or `ADMIN`) Note that this mode adds some overhead to CRUD operations."
 ],
 "type": "string"
@@ -6400,11 +6400,11 @@
 "type": "string"
 },
 "environment": {
-"description": "An abstract identifier that describes the environment or conditions under which the accessor is acting. Can be \u201c*\u201d if it applies to all environments.",
+"description": "An abstract identifier that describes the environment or conditions under which the accessor is acting. Can be \"*\" if it applies to all environments.",
 "type": "string"
 },
 "purpose": {
-"description": "The intent of data use. Can be \u201c*\u201d if it applies to all purposes.",
+"description": "The intent of data use. Can be \"*\" if it applies to all purposes.",
 "type": "string"
 }
 },
@@ -7188,7 +7188,7 @@
 "type": "array"
 },
 "consentResource": {
-"description": "The resource name of this consent resource. Format: `projects/{projectId}/datasets/{datasetId}/fhirStores/{fhirStoreId}/fhir/{resourceType}/{id}`.",
+"description": "The resource name of this consent resource. Format: `projects/{projectId}/locations/{locationId}/datasets/{datasetId}/fhirStores/{fhirStoreId}/fhir/{resourceType}/{id}`.",
 "type": "string"
 },
 "enforcementTime": {
@@ -7225,9 +7225,9 @@
 "description": "The consent's variant combinations. A single consent may have multiple variants.",
 "items": {
 "enum": [
-"VARIANT_UNSPECIFIED",
-"VARIANT_STANDARD",
-"VARIANT_CASCADE"
+"CONSENT_VARIANT_UNSPECIFIED",
+"CONSENT_VARIANT_STANDARD",
+"CONSENT_VARIANT_CASCADE"
 ],
 "enumDescriptions": [
 "Consent variant unspecified.",
@@ -9709,7 +9709,7 @@
 },
 "filterConfig": {
 "$ref": "DicomFilterConfig",
-"description": "Optional. A filter configuration. If `filter_config` is specified, set the value of `resource` to the resource name of a DICOM store in the format `projects/{projectID}/datasets/{datasetID}/dicomStores/{dicomStoreID}`."
+"description": "Optional. A filter configuration. If `filter_config` is specified, set the value of `resource` to the resource name of a DICOM store in the format `projects/{projectID}/locations/{locationID}/datasets/{datasetID}/dicomStores/{dicomStoreID}`."
 }
 },
 "type": "object"
@@ -9799,7 +9799,7 @@
 "description": "Info about the data stored in blob storage for the resource."
 },
 "referencedResource": {
-"description": "The resource whose storage info is returned. For example, to specify the resource path of a DICOM Instance: `projects/{projectid}/datasets/{datasetid}/dicomStores/{dicom_store_id}/dicomWeb/studi/{study_uid}/series/{series_uid}/instances/{instance_uid}`",
+"description": "The resource whose storage info is returned. For example, to specify the resource path of a DICOM Instance: `projects/{projectID}/locations/{locationID}/datasets/{datasetID}/dicomStores/{dicom_store_id}/dicomWeb/studi/{study_uid}/series/{series_uid}/instances/{instance_uid}`",
 "type": "string"
 },
 "structuredStorageInfo": {

googleapiclient/discovery_cache/documents/homegraph.v1.json

@@ -216,7 +216,7 @@
 }
 }
 },
-"revision": "20240226",
+"revision": "20240315",
 "rootUrl": "https://homegraph.googleapis.com/",
 "schemas": {
 "AgentDeviceId": {

googleapiclient/discovery_cache/documents/iam.v1.json

@@ -12,7 +12,7 @@
 "baseUrl": "https://iam.googleapis.com/",
 "batchPath": "batch",
 "canonicalName": "Iam",
-"description": "Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. ",
+"description": "Manages identity and access control for Google Cloud resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. Enabling this API also enables the IAM Service Account Credentials API (iamcredentials.googleapis.com). However, disabling this API doesn't disable the IAM Service Account Credentials API. ",
 "discoveryVersion": "v1",
 "documentationLink": "https://cloud.google.com/iam/",
 "fullyEncodeReservedExpansion": true,
@@ -2850,7 +2850,7 @@
 }
 }
 },
-"revision": "20240220",
+"revision": "20240314",
 "rootUrl": "https://iam.googleapis.com/",
 "schemas": {
 "AccessRestrictions": {
@@ -3916,6 +3916,37 @@
 },
 "type": "object"
 },
+"ReconciliationOperationMetadata": {
+"description": "Operation metadata returned by the CLH during resource state reconciliation.",
+"id": "ReconciliationOperationMetadata",
+"properties": {
+"deleteResource": {
+"deprecated": true,
+"description": "DEPRECATED. Use exclusive_action instead.",
+"type": "boolean"
+},
+"exclusiveAction": {
+"description": "Excluisive action returned by the CLH.",
+"enum": [
+"UNKNOWN_REPAIR_ACTION",
+"DELETE",
+"RETRY"
+],
+"enumDeprecated": [
+false,
+true,
+false
+],
+"enumDescriptions": [
+"Unknown repair action.",
+"The resource has to be deleted. When using this bit, the CLH should fail the operation. DEPRECATED. Instead use DELETE_RESOURCE OperationSignal in SideChannel.",
+"This resource could not be repaired but the repair should be tried again at a later time. This can happen if there is a dependency that needs to be resolved first- e.g. if a parent resource must be repaired before a child resource."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
 "Role": {
 "description": "A role in the Identity and Access Management API.",
 "id": "Role",
@@ -3941,7 +3972,7 @@
 "type": "array"
 },
 "name": {
-"description": "The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/my-role` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/my-role` for project-level custom roles.",
+"description": "The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/myRole` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/myRole` for project-level custom roles.",
 "type": "string"
 },
 "stage": {
@@ -3976,7 +4007,7 @@
 "id": "Saml",
 "properties": {
 "idpMetadataXml": {
-"description": "Required. SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://www.oasis-open.org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 15 years in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at lease one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata",
+"description": "Required. SAML identity provider (IdP) configuration metadata XML doc. The XML document must comply with the [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The maximum size of an acceptable XML document is 128K characters. The SAML metadata XML document must satisfy the following constraints: * Must contain an IdP Entity ID. * Must contain at least one non-expired signing certificate. * For each signing certificate, the expiration must be: * From no more than 7 days in the future. * To no more than 15 years in the future. * Up to three IdP signing keys are allowed. When updating the provider's metadata XML, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata.",
 "type": "string"
 }
 },
@@ -4417,7 +4448,7 @@
 "additionalProperties": {
 "type": "string"
 },
-"description": "Required. Maps attributes from the authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. This is a required field and the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. * `google.display_name`: The name of the authenticated user. This is an optional field and the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead. This attribute cannot be referenced in IAM bindings. * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo. This is an optional field. When set, the image will be visible as the user's profile picture. If not set, a generic user icon will be displayed instead. This attribute cannot be referenced in IAM bindings. * `google.posix_username`: The linux username used by OS login. This is an optional field and the mapped posix username cannot exceed 32 characters, The key must match the regex \"^a-zA-Z0-9._{0,31}$\". This attribute cannot be referenced in IAM bindings. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute} is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workforce pool to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/locations/global/workforcePools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 4KB. For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: ``` {\"google.subject\": \"assertion.sub\"} ```",
+"description": "Required. Maps attributes from the authentication credentials issued by an external identity provider to Google Cloud attributes, such as `subject` and `segment`. Each key must be a string specifying the Google Cloud IAM attribute to map to. The following keys are supported: * `google.subject`: The principal IAM is authenticating. You can reference this value in IAM bindings. This is also the subject that appears in Cloud Logging logs. This is a required field and the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups the authenticating user belongs to. You can grant groups access to resources using an IAM `principalSet` binding; access applies to all members of the group. * `google.display_name`: The name of the authenticated user. This is an optional field and the mapped display name cannot exceed 100 bytes. If not set, `google.subject` will be displayed instead. This attribute cannot be referenced in IAM bindings. * `google.profile_photo`: The URL that specifies the authenticated user's thumbnail photo. This is an optional field. When set, the image will be visible as the user's profile picture. If not set, a generic user icon will be displayed instead. This attribute cannot be referenced in IAM bindings. * `google.posix_username`: The Linux username used by OS Login. This is an optional field and the mapped POSIX username cannot exceed 32 characters, The key must match the regex \"^a-zA-Z0-9._{0,31}$\". This attribute cannot be referenced in IAM bindings. You can also provide custom attributes by specifying `attribute.{custom_attribute}`, where {custom_attribute} is the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes. The maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_]. You can reference these attributes in IAM policies to define fine-grained access for a workforce pool to Google Cloud resources. For example: * `google.subject`: `principal://iam.googleapis.com/locations/global/workforcePools/{pool}/subject/{value}` * `google.groups`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/group/{value}` * `attribute.{custom_attribute}`: `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool}/attribute.{custom_attribute}/{value}` Each value must be a [Common Expression Language] (https://opensource.google/projects/cel) function that maps an identity provider credential to the normalized attribute specified by the corresponding map key. You can use the `assertion` keyword in the expression to access a JSON representation of the authentication credential issued by the provider. The maximum length of an attribute mapping expression is 2048 characters. When evaluated, the total size of all mapped attributes must not exceed 4KB. For OIDC providers, you must supply a custom mapping that includes the `google.subject` attribute. For example, the following maps the `sub` claim of the incoming credential to the `subject` attribute on a Google token: ``` {\"google.subject\": \"assertion.sub\"} ```",
 "type": "object"
 },
 "description": {
@@ -4633,6 +4664,10 @@
 ],
 "readOnly": true,
 "type": "string"
+},
+"x509": {
+"$ref": "X509",
+"description": "An X.509-type identity provider."
 }
 },
 "type": "object"
@@ -4685,6 +4720,12 @@
 }
 },
 "type": "object"
+},
+"X509": {
+"description": "An X.509-type identity provider represents a CA. It is trusted to assert a client identity if the client has a certificate that chains up to this CA.",
+"id": "X509",
+"properties": {},
+"type": "object"
 }
 },
 "servicePath": "",

googleapiclient/discovery_cache/documents/iam.v2.json

@@ -12,7 +12,7 @@
 "baseUrl": "https://iam.googleapis.com/",
 "batchPath": "batch",
 "canonicalName": "Iam",
-"description": "Manages identity and access control for Google Cloud Platform resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. ",
+"description": "Manages identity and access control for Google Cloud resources, including the creation of service accounts, which you can use to authenticate to Google and make API calls. Enabling this API also enables the IAM Service Account Credentials API (iamcredentials.googleapis.com). However, disabling this API doesn't disable the IAM Service Account Credentials API. ",
 "discoveryVersion": "v1",
 "documentationLink": "https://cloud.google.com/iam/",
 "fullyEncodeReservedExpansion": true,
@@ -293,9 +293,40 @@
 }
 }
 },
-"revision": "20240307",
+"revision": "20240314",
 "rootUrl": "https://iam.googleapis.com/",
 "schemas": {
+"CloudControl2SharedOperationsReconciliationOperationMetadata": {
+"description": "Operation metadata returned by the CLH during resource state reconciliation.",
+"id": "CloudControl2SharedOperationsReconciliationOperationMetadata",
+"properties": {
+"deleteResource": {
+"deprecated": true,
+"description": "DEPRECATED. Use exclusive_action instead.",
+"type": "boolean"
+},
+"exclusiveAction": {
+"description": "Excluisive action returned by the CLH.",
+"enum": [
+"UNKNOWN_REPAIR_ACTION",
+"DELETE",
+"RETRY"
+],
+"enumDeprecated": [
+false,
+true,
+false
+],
+"enumDescriptions": [
+"Unknown repair action.",
+"The resource has to be deleted. When using this bit, the CLH should fail the operation. DEPRECATED. Instead use DELETE_RESOURCE OperationSignal in SideChannel.",
+"This resource could not be repaired but the repair should be tried again at a later time. This can happen if there is a dependency that needs to be resolved first- e.g. if a parent resource must be repaired before a child resource."
+],
+"type": "string"
+}
+},
+"type": "object"
+},
 "GoogleCloudCommonOperationMetadata": {
 "description": "Represents the metadata of the long-running operation.",
 "id": "GoogleCloudCommonOperationMetadata",