OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-01-24 12:15:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

update dependencies

Browse Source
This commit is contained in:
Sebastian Thiel
2023-01-25 11:39:00 +01:00
parent 37ccd2238d
commit 3edefb7f01
357 changed files with 128026 additions and 16259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

335
etc/api/cloudresourcemanager/v3/cloudresourcemanager-api.json
View File

@@ -108,6 +108,43 @@
},
"protocol": "rest",
"resources": {
"effectiveTags": {
"methods": {
"list": {
"description": "Return a list of effective tags for the given Google Cloud resource, as specified in `parent`.",
"flatPath": "v3/effectiveTags",
"httpMethod": "GET",
"id": "cloudresourcemanager.effectiveTags.list",
"parameterOrder": [],
"parameters": {
"pageSize": {
"description": "Optional. The maximum number of effective tags to return in the response. The server allows a maximum of 300 effective tags to return in a single page. If unspecified, the server will use 100 as the default.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Optional. A pagination token returned from a previous call to `ListEffectiveTags` that indicates from where this listing should continue.",
"location": "query",
"type": "string"
},
"parent": {
"description": "Required. The full resource name of a resource for which you want to list the effective tags. E.g. \"//cloudresourcemanager.googleapis.com/projects/123\"",
"location": "query",
"type": "string"
}
},
"path": "v3/effectiveTags",
"response": {
"$ref": "ListEffectiveTagsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
}
}
},
"folders": {
"methods": {
"create": {
@@ -189,7 +226,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^folders/[^/]+$",
"required": true,
@@ -227,7 +264,7 @@
"type": "string"
},
"parent": {
"description": "Required. The resource name of the organization or folder whose folders are being listed. Must be of the form `folders/{folder_id}` or `organizations/{org_id}`. Access to this method is controlled by checking the `resourcemanager.folders.list` permission on the `parent`.",
"description": "Required. The name of the parent resource whose folders are being listed. Only children of this parent resource are listed; descendants are not listed. If the parent is a folder, use the value `folders/{folder_id}`. If the parent is an organization, use the value `organizations/{org_id}`. Access to this method is controlled by checking the `resourcemanager.folders.list` permission on the `parent`.",
"location": "query",
"type": "string"
},
@@ -351,7 +388,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^folders/[^/]+$",
"required": true,
@@ -379,7 +416,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^folders/[^/]+$",
"required": true,
@@ -603,7 +640,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
@@ -665,7 +702,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
@@ -693,7 +730,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^organizations/[^/]+$",
"required": true,
@@ -795,7 +832,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
@@ -833,7 +870,7 @@
"type": "string"
},
"parent": {
"description": "Required. The name of the parent resource to list projects under. For example, setting this field to 'folders/1234' would list all projects directly under that folder.",
"description": "Required. The name of the parent resource whose projects are being listed. Only children of this parent resource are listed; descendants are not listed. If the parent is a folder, use the value `folders/{folder_id}`. If the parent is an organization, use the value `organizations/{org_id}`.",
"location": "query",
"type": "string"
},
@@ -933,7 +970,7 @@
"type": "string"
},
"query": {
"description": "Optional. A query string for searching for projects that the caller has `resourcemanager.projects.get` permission to. If multiple fields are included in the query, then it will return results that match any of the fields. Some eligible fields are: ``` | Field | Description | |-------------------------|----------------------------------------------| | displayName, name | Filters by displayName. | | parent | Project's parent (for example: folders/123, organizations/*). Prefer parent field over parent.type and parent.id.| | parent.type | Parent's type: `folder` or `organization`. | | parent.id | Parent's id number (for example: 123) | | id, projectId | Filters by projectId. | | state, lifecycleState | Filters by state. | | labels | Filters by label name or value. | | labels.\\ (where *key* is the name of a label) | Filters by label name.| ``` Search expressions are case insensitive. Some examples queries: ``` | Query | Description | |------------------|-----------------------------------------------------| | name:how* | The project's name starts with \"how\". | | name:Howl | The project's name is `Howl` or `howl`. | | name:HOWL | Equivalent to above. | | NAME:howl | Equivalent to above. | | labels.color:* | The project has the label `color`. | | labels.color:red | The project's label `color` has the value `red`. | | labels.color:red labels.size:big | The project's label `color` has the value `red` and its label `size` has the value `big`.| ``` If no query is specified, the call will return projects for which the user has the `resourcemanager.projects.get` permission.",
"description": "Optional. A query string for searching for projects that the caller has `resourcemanager.projects.get` permission to. If multiple fields are included in the query, then it will return results that match any of the fields. Some eligible fields are: ``` | Field | Description | |-------------------------|----------------------------------------------| | displayName, name | Filters by displayName. | | parent | Project's parent (for example: folders/123, organizations/*). Prefer parent field over parent.type and parent.id.| | parent.type | Parent's type: `folder` or `organization`. | | parent.id | Parent's id number (for example: 123) | | id, projectId | Filters by projectId. | | state, lifecycleState | Filters by state. | | labels | Filters by label name or value. | | labels.\\ (where *key* is the name of a label) | Filters by label name.| ``` Search expressions are case insensitive. Some examples queries: ``` | Query | Description | |------------------|-----------------------------------------------------| | name:how* | The project's name starts with \"how\". | | name:Howl | The project's name is `Howl` or `howl`. | | name:HOWL | Equivalent to above. | | NAME:howl | Equivalent to above. | | labels.color:* | The project has the label `color`. | | labels.color:red | The project's label `color` has the value `red`. | | labels.color:red labels.size:big | The project's label `color` has the value `red` or its label `size` has the value `big`. | ``` If no query is specified, the call will return projects for which the user has the `resourcemanager.projects.get` permission.",
"location": "query",
"type": "string"
}
@@ -943,11 +980,12 @@
"$ref": "SearchProjectsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"setIamPolicy": {
"description": "Sets the IAM access control policy for the specified project, in the format `projects/{ProjectIdOrNumber}` e.g. projects/123. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. The following constraints apply when using `setIamPolicy()`: + Project does not support `allUsers` and `allAuthenticatedUsers` as `members` in a `Binding` of a `Policy`. + The owner role can be granted to a `user`, `serviceAccount`, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited using the Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using `setIamPolicy()`. The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using `setIamPolicy()`; they must be sent only using the Cloud Platform Console. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling `setIamPolicy()` to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible. + Calling this method requires enabling the App Engine Admin API.",
"description": "Sets the IAM access control policy for the specified project, in the format `projects/{ProjectIdOrNumber}` e.g. projects/123. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. The following constraints apply when using `setIamPolicy()`: + Project does not support `allUsers` and `allAuthenticatedUsers` as `members` in a `Binding` of a `Policy`. + The owner role can be granted to a `user`, `serviceAccount`, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited using the Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using `setIamPolicy()`. The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + Invitations to grant the owner role cannot be sent using `setIamPolicy()`; they must be sent only using the Cloud Platform Console. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling `setIamPolicy()` to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible.",
"flatPath": "v3/projects/{projectsId}:setIamPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.setIamPolicy",
@@ -956,7 +994,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
@@ -984,7 +1022,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
@@ -1036,7 +1074,7 @@
"tagBindings": {
"methods": {
"create": {
"description": "Creates a TagBinding between a TagValue and a cloud resource (currently project, folder, or organization).",
"description": "Creates a TagBinding between a TagValue and a Google Cloud resource.",
"flatPath": "v3/tagBindings",
"httpMethod": "POST",
"id": "cloudresourcemanager.tagBindings.create",
@@ -1085,20 +1123,20 @@
]
},
"list": {
"description": "Lists the TagBindings for the given cloud resource, as specified with `parent`. NOTE: The `parent` field is expected to be a full resource name: https://cloud.google.com/apis/design/resource_names#full_resource_name",
"description": "Lists the TagBindings for the given Google Cloud resource, as specified with `parent`. NOTE: The `parent` field is expected to be a full resource name: https://cloud.google.com/apis/design/resource_names#full_resource_name",
"flatPath": "v3/tagBindings",
"httpMethod": "GET",
"id": "cloudresourcemanager.tagBindings.list",
"parameterOrder": [],
"parameters": {
"pageSize": {
"description": "Optional. The maximum number of TagBindings to return in the response. The server allows a maximum of 300 TagBindings to return. If unspecified, the server will use 100 as the default. Currently this api returns unpaginated response and `page_size` is ignored.",
"description": "Optional. The maximum number of TagBindings to return in the response. The server allows a maximum of 300 TagBindings to return. If unspecified, the server will use 100 as the default.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Optional. A pagination token returned from a previous call to `ListTagBindings` that indicates where this listing should continue from. Currently this api returns unpaginated response and `page_token` is ignored.",
"description": "Optional. A pagination token returned from a previous call to `ListTagBindings` that indicates where this listing should continue from.",
"location": "query",
"type": "string"
},
@@ -1122,7 +1160,7 @@
"tagKeys": {
"methods": {
"create": {
"description": "Creates a new TagKey. If another request with the same parameters is sent while the original request is in process, the second request will receive an error. A maximum of 300 TagKeys can exist under a parent at any given time.",
"description": "Creates a new TagKey. If another request with the same parameters is sent while the original request is in process, the second request will receive an error. A maximum of 1000 TagKeys can exist under a parent at any given time.",
"flatPath": "v3/tagKeys",
"httpMethod": "POST",
"id": "cloudresourcemanager.tagKeys.create",
@@ -1216,7 +1254,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^tagKeys/[^/]+$",
"required": true,
@@ -1317,7 +1355,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^tagKeys/[^/]+$",
"required": true,
@@ -1345,7 +1383,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^tagKeys/[^/]+$",
"required": true,
@@ -1368,7 +1406,7 @@
"tagValues": {
"methods": {
"create": {
"description": "Creates a TagValue as a child of the specified TagKey. If a another request with the same parameters is sent while the original request is in process the second request will receive an error. A maximum of 300 TagValues can exist under a TagKey at any given time.",
"description": "Creates a TagValue as a child of the specified TagKey. If a another request with the same parameters is sent while the original request is in process the second request will receive an error. A maximum of 1000 TagValues can exist under a TagKey at any given time.",
"flatPath": "v3/tagValues",
"httpMethod": "POST",
"id": "cloudresourcemanager.tagValues.create",
@@ -1427,7 +1465,7 @@
]
},
"get": {
"description": "Retrieves TagValue. If the TagValue or namespaced name does not exist, or if the user does not have permission to view it, this method will return `PERMISSION_DENIED`.",
"description": "Retrieves a TagValue. This method will return `PERMISSION_DENIED` if the value does not exist or the user does not have permission to view it.",
"flatPath": "v3/tagValues/{tagValuesId}",
"httpMethod": "GET",
"id": "cloudresourcemanager.tagValues.get",
@@ -1462,7 +1500,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^tagValues/[^/]+$",
"required": true,
@@ -1500,7 +1538,7 @@
"type": "string"
},
"parent": {
"description": "Required. Resource name for TagKey, parent of the TagValues to be listed, in the format `tagKeys/123`.",
"description": "Required.",
"location": "query",
"type": "string"
}
@@ -1563,7 +1601,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy is being specified. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^tagValues/[^/]+$",
"required": true,
@@ -1591,7 +1629,7 @@
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
"description": "REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field.",
"location": "path",
"pattern": "^tagValues/[^/]+$",
"required": true,
@@ -1609,14 +1647,125 @@
"https://www.googleapis.com/auth/cloud-platform"
]
}
},
"resources": {
"tagHolds": {
"methods": {
"create": {
"description": "Creates a TagHold. Returns ALREADY_EXISTS if a TagHold with the same resource and origin exists under the same TagValue.",
"flatPath": "v3/tagValues/{tagValuesId}/tagHolds",
"httpMethod": "POST",
"id": "cloudresourcemanager.tagValues.tagHolds.create",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. The resource name of the TagHold's parent TagValue. Must be of the form: `tagValues/{tag-value-id}`.",
"location": "path",
"pattern": "^tagValues/[^/]+$",
"required": true,
"type": "string"
},
"validateOnly": {
"description": "Optional. Set to true to perform the validations necessary for creating the resource, but not actually perform the action.",
"location": "query",
"type": "boolean"
}
},
"path": "v3/{+parent}/tagHolds",
"request": {
"$ref": "TagHold"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"delete": {
"description": "Deletes a TagHold.",
"flatPath": "v3/tagValues/{tagValuesId}/tagHolds/{tagHoldsId}",
"httpMethod": "DELETE",
"id": "cloudresourcemanager.tagValues.tagHolds.delete",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Required. The resource name of the TagHold to delete. Must be of the form: `tagValues/{tag-value-id}/tagHolds/{tag-hold-id}`.",
"location": "path",
"pattern": "^tagValues/[^/]+/tagHolds/[^/]+$",
"required": true,
"type": "string"
},
"validateOnly": {
"description": "Optional. Set to true to perform the validations necessary for deleting the resource, but not actually perform the action.",
"location": "query",
"type": "boolean"
}
},
"path": "v3/{+name}",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"list": {
"description": "Lists TagHolds under a TagValue.",
"flatPath": "v3/tagValues/{tagValuesId}/tagHolds",
"httpMethod": "GET",
"id": "cloudresourcemanager.tagValues.tagHolds.list",
"parameterOrder": [
"parent"
],
"parameters": {
"filter": {
"description": "Optional. Criteria used to select a subset of TagHolds parented by the TagValue to return. This field follows the syntax defined by aip.dev/160; the `holder` and `origin` fields are supported for filtering. Currently only `AND` syntax is supported. Some example queries are: * `holder = //compute.googleapis.com/compute/projects/myproject/regions/us-east-1/instanceGroupManagers/instance-group` * `origin = 35678234` * `holder = //compute.googleapis.com/compute/projects/myproject/regions/us-east-1/instanceGroupManagers/instance-group AND origin = 35678234`",
"location": "query",
"type": "string"
},
"pageSize": {
"description": "Optional. The maximum number of TagHolds to return in the response. The server allows a maximum of 300 TagHolds to return. If unspecified, the server will use 100 as the default.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Optional. A pagination token returned from a previous call to `ListTagHolds` that indicates where this listing should continue from.",
"location": "query",
"type": "string"
},
"parent": {
"description": "Required. The resource name of the parent TagValue. Must be of the form: `tagValues/{tag-value-id}`.",
"location": "path",
"pattern": "^tagValues/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v3/{+parent}/tagHolds",
"response": {
"$ref": "ListTagHoldsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
}
}
}
}
}
},
"revision": "20220306",
"revision": "20230115",
"rootUrl": "https://cloudresourcemanager.googleapis.com/",
"schemas": {
"AuditConfig": {
"description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:aliya@example.com\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:aliya@example.com\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -1672,7 +1821,7 @@
"description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
"description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
"items": {
"type": "string"
},
@@ -1840,8 +1989,35 @@
"properties": {},
"type": "object"
},
"EffectiveTag": {
"description": "An EffectiveTag represents a tag that applies to a resource during policy evaluation. Tags can be either directly bound to a resource or inherited from its ancestor. EffectiveTag contains the name and namespaced_name of the tag value and tag key, with additional fields of `inherited` to indicate the inheritance status of the effective tag.",
"id": "EffectiveTag",
"properties": {
"inherited": {
"description": "Indicates the inheritance status of a tag value attached to the given resource. If the tag value is inherited from one of the resource's ancestors, inherited will be true. If false, then the tag value is directly attached to the resource, inherited will be false.",
"type": "boolean"
},
"namespacedTagKey": {
"description": "The namespaced_name of the TagKey. Now only supported in the format of `{organization_id}/{tag_key_short_name}`. Other formats will be supported when we add non-org parented tags.",
"type": "string"
},
"namespacedTagValue": {
"description": "Namespaced name of the TagValue. Now only supported in the format `{organization_id}/{tag_key_short_name}/{tag_value_short_name}`. Other formats will be supported when we add non-org parented tags.",
"type": "string"
},
"tagKey": {
"description": "The name of the TagKey, in the format `tagKeys/{id}`, such as `tagKeys/123`.",
"type": "string"
},
"tagValue": {
"description": "Resource name for TagValue in the format `tagValues/456`.",
"type": "string"
}
},
"type": "object"
},
"Empty": {
"description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.",
"description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }",
"id": "Empty",
"properties": {},
"type": "object"
@@ -2053,6 +2229,24 @@
},
"type": "object"
},
"ListEffectiveTagsResponse": {
"description": "The response of ListEffectiveTags.",
"id": "ListEffectiveTagsResponse",
"properties": {
"effectiveTags": {
"description": "A possibly paginated list of effective tags for the specified resource.",
"items": {
"$ref": "EffectiveTag"
},
"type": "array"
},
"nextPageToken": {
"description": "Pagination token. If the result set is too large to fit in a single response, this token is returned. It encodes the position of the current result cursor. Feeding this value into a new list request with the `page_token` parameter gives the next page of the results. When `next_page_token` is not filled in, there is no next page and the list returned is the last page in the result set. Pagination tokens have a limited lifetime.",
"type": "string"
}
},
"type": "object"
},
"ListFoldersResponse": {
"description": "The ListFolders response message.",
"id": "ListFoldersResponse",
@@ -2125,6 +2319,24 @@
},
"type": "object"
},
"ListTagHoldsResponse": {
"description": "The ListTagHolds response.",
"id": "ListTagHoldsResponse",
"properties": {
"nextPageToken": {
"description": "Pagination token. If the result set is too large to fit in a single response, this token is returned. It encodes the position of the current result cursor. Feeding this value into a new list request with the `page_token` parameter gives the next page of the results. When `next_page_token` is not filled in, there is no next page and the list returned is the last page in the result set. Pagination tokens have a limited lifetime.",
"type": "string"
},
"tagHolds": {
"description": "A possibly paginated list of TagHolds.",
"items": {
"$ref": "TagHold"
},
"type": "array"
}
},
"type": "object"
},
"ListTagKeysResponse": {
"description": "The ListTagKeys response message.",
"id": "ListTagKeysResponse",
@@ -2362,7 +2574,7 @@
"additionalProperties": {
"type": "string"
},
"description": "Optional. The labels associated with this project. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: \\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?. Label values must be between 0 and 63 characters long and must conform to the regular expression (\\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?)?. No more than 256 labels can be associated with a given resource. Clients should store labels in a representation such as JSON that does not depend on specific characters being disallowed. Example: `\"myBusinessDimension\" : \"businessValue\"`",
"description": "Optional. The labels associated with this project. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: \\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?. Label values must be between 0 and 63 characters long and must conform to the regular expression (\\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?)?. No more than 64 labels can be associated with a given resource. Clients should store labels in a representation such as JSON that does not depend on specific characters being disallowed. Example: `\"myBusinessDimension\" : \"businessValue\"`",
"type": "object"
},
"name": {
@@ -2482,7 +2694,7 @@
"properties": {
"policy": {
"$ref": "Policy",
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them."
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: \"bindings, etag\"`",
@@ -2520,7 +2732,7 @@
"type": "object"
},
"TagBinding": {
"description": "A TagBinding represents a connection between a TagValue and a cloud resource (currently project, folder, or organization). Once a TagBinding is created, the TagValue is applied to all the descendants of the cloud resource.",
"description": "A TagBinding represents a connection between a TagValue and a cloud resource Once a TagBinding is created, the TagValue is applied to all the descendants of the Google Cloud resource.",
"id": "TagBinding",
"properties": {
"name": {
@@ -2539,6 +2751,36 @@
},
"type": "object"
},
"TagHold": {
"description": "A TagHold represents the use of a TagValue that is not captured by TagBindings. If a TagValue has any TagHolds, deletion will be blocked. This resource is intended to be created in the same cloud location as the `holder`.",
"id": "TagHold",
"properties": {
"createTime": {
"description": "Output only. The time this TagHold was created.",
"format": "google-datetime",
"readOnly": true,
"type": "string"
},
"helpLink": {
"description": "Optional. A URL where an end user can learn more about removing this hold. E.g. `https://cloud.google.com/resource-manager/docs/tags/tags-creating-and-managing`",
"type": "string"
},
"holder": {
"description": "Required. The name of the resource where the TagValue is being used. Must be less than 200 characters. E.g. `//compute.googleapis.com/compute/projects/myproject/regions/us-east-1/instanceGroupManagers/instance-group`",
"type": "string"
},
"name": {
"description": "Output only. The resource name of a TagHold. This is a String of the form: `tagValues/{tag-value-id}/tagHolds/{tag-hold-id}` (e.g. `tagValues/123/tagHolds/456`). This resource name is generated by the server.",
"readOnly": true,
"type": "string"
},
"origin": {
"description": "Optional. An optional string representing the origin of this request. This field should include human-understandable information to distinguish origins from each other. Must be less than 200 characters. E.g. `migs-35678234`",
"type": "string"
}
},
"type": "object"
},
"TagKey": {
"description": "A TagKey, used to group a set of TagValues.",
"id": "TagKey",
@@ -2570,6 +2812,25 @@
"description": "Immutable. The resource name of the new TagKey's parent. Must be of the form `organizations/{org_id}`.",
"type": "string"
},
"purpose": {
"description": "Optional. A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. A purpose does not grant a policy engine exclusive rights to the Tag, and it may be referenced by other policy engines. A purpose cannot be changed once set.",
"enum": [
"PURPOSE_UNSPECIFIED",
"GCE_FIREWALL"
],
"enumDescriptions": [
"Unspecified purpose.",
"Purpose for Compute Engine firewalls. A corresponding purpose_data should be set for the network the tag is intended for. The key should be 'network' and the value should be in either of these two formats: -https://www.googleapis.com/compute/{compute_version}/projects/{project_id}/global/networks/{network_id} -{project_id}/{network_name} Examples: -https://www.googleapis.com/compute/staging_v1/projects/fail-closed-load-testing/global/networks/6992953698831725600 -fail-closed-load-testing/load-testing-network"
],
"type": "string"
},
"purposeData": {
"additionalProperties": {
"type": "string"
},
"description": "Optional. Purpose data corresponds to the policy system that the tag is intended for. See documentation for `Purpose` for formatting of this field. Purpose data cannot be changed once set.",
"type": "object"
},
"shortName": {
"description": "Required. Immutable. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.",
"type": "string"
@@ -2606,7 +2867,7 @@
"type": "string"
},
"namespacedName": {
"description": "Output only. Namespaced name of the TagValue. Must be in the format `{organization_id}/{tag_key_short_name}/{short_name}`.",
"description": "Output only. Namespaced name of the TagValue. Now only supported in the format `{organization_id}/{tag_key_short_name}/{short_name}`. Other formats will be supported when we add non-org parented tags.",
"readOnly": true,
"type": "string"
},
@@ -2632,7 +2893,7 @@
"id": "TestIamPermissionsRequest",
"properties": {
"permissions": {
"description": "The set of permissions to check for the `resource`. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
"description": "The set of permissions to check for the `resource`. Permissions with wildcards (such as `*` or `storage.*`) are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
"items": {
"type": "string"
},