mirror of
https://github.com/OMGeeky/google-apis-rs.git
synced 2026-02-23 15:49:49 +01:00
update API descriptions
This commit is contained in:
Sebastian Thiel
@@ -108,7 +108,7 @@
|
||||
"iamPolicies": {
|
||||
"methods": {
|
||||
"lintPolicy": {
|
||||
"description": "Lints a Cloud IAM policy object or its sub fields. Currently supports\ngoogle.iam.v1.Binding.condition.\n\nEach lint operation consists of multiple lint validation units.\nEach unit inspects the input object in regard to a particular linting\naspect and issues a google.iam.admin.v1.LintResult disclosing the\nresult.\n\nThe set of applicable validation units is determined by the Cloud IAM\nserver and is not configurable.\n\nRegardless of any lint issues or their severities, successful calls to\n`lintPolicy` return an HTTP 200 OK status code.",
|
||||
"description": "Lints, or validates, an IAM policy. Currently checks the\ngoogle.iam.v1.Binding.condition field, which contains a condition\nexpression for a role binding.\n\nSuccessful calls to this method always return an HTTP `200 OK` status code,\neven if the linter detects an issue in the IAM policy.",
|
||||
"flatPath": "v1/iamPolicies:lintPolicy",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.iamPolicies.lintPolicy",
|
||||
@@ -126,7 +126,7 @@
|
||||
]
|
||||
},
|
||||
"queryAuditableServices": {
|
||||
"description": "Returns a list of services that support service level audit logging\nconfiguration for the given resource.",
|
||||
"description": "Returns a list of services that allow you to opt into audit logs that are\nnot generated by default.\n\nTo learn more about audit logs, see the [Logging\ndocumentation](https://cloud.google.com/logging/docs/audit).",
|
||||
"flatPath": "v1/iamPolicies:queryAuditableServices",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.iamPolicies.queryAuditableServices",
|
||||
@@ -150,7 +150,7 @@
|
||||
"roles": {
|
||||
"methods": {
|
||||
"create": {
|
||||
"description": "Creates a new Role.",
|
||||
"description": "Creates a new custom Role.",
|
||||
"flatPath": "v1/organizations/{organizationsId}/roles",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.organizations.roles.create",
|
||||
@@ -178,7 +178,7 @@
|
||||
]
|
||||
},
|
||||
"delete": {
|
||||
"description": "Soft deletes a role. The role is suspended and cannot be used to create new\nIAM Policy Bindings.\nThe Role will not be included in `ListRoles()` unless `show_deleted` is set\nin the `ListRolesRequest`. The Role contains the deleted boolean set.\nExisting Bindings remains, but are inactive. The Role can be undeleted\nwithin 7 days. After 7 days the Role is deleted and all Bindings associated\nwith the role are removed.",
|
||||
"description": "Deletes a custom Role.\n\nWhen you delete a custom role, the following changes occur immediately:\n\n* You cannot bind a member to the custom role in an IAM\nPolicy.\n* Existing bindings to the custom role are not changed, but they have no\neffect.\n* By default, the response from ListRoles does not include the custom\nrole.\n\nYou have 7 days to undelete the custom role. After 7 days, the following\nchanges occur:\n\n* The custom role is permanently deleted and cannot be recovered.\n* If an IAM policy contains a binding to the custom role, the binding is\npermanently removed.",
|
||||
"flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}",
|
||||
"httpMethod": "DELETE",
|
||||
"id": "iam.organizations.roles.delete",
|
||||
@@ -209,7 +209,7 @@
|
||||
]
|
||||
},
|
||||
"get": {
|
||||
"description": "Gets a Role definition.",
|
||||
"description": "Gets the definition of a Role.",
|
||||
"flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}",
|
||||
"httpMethod": "GET",
|
||||
"id": "iam.organizations.roles.get",
|
||||
@@ -234,7 +234,7 @@
|
||||
]
|
||||
},
|
||||
"list": {
|
||||
"description": "Lists the Roles defined on a resource.",
|
||||
"description": "Lists every predefined Role that IAM supports, or every custom role\nthat is defined for an organization or project.",
|
||||
"flatPath": "v1/organizations/{organizationsId}/roles",
|
||||
"httpMethod": "GET",
|
||||
"id": "iam.organizations.roles.list",
|
||||
@@ -243,7 +243,7 @@
|
||||
],
|
||||
"parameters": {
|
||||
"pageSize": {
|
||||
"description": "Optional limit on the number of roles to include in the response.",
|
||||
"description": "Optional limit on the number of roles to include in the response.\n\nThe default is 300, and the maximum is 1,000.",
|
||||
"format": "int32",
|
||||
"location": "query",
|
||||
"type": "integer"
|
||||
@@ -284,7 +284,7 @@
|
||||
]
|
||||
},
|
||||
"patch": {
|
||||
"description": "Updates a Role definition.",
|
||||
"description": "Updates the definition of a custom Role.",
|
||||
"flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}",
|
||||
"httpMethod": "PATCH",
|
||||
"id": "iam.organizations.roles.patch",
|
||||
@@ -318,7 +318,7 @@
|
||||
]
|
||||
},
|
||||
"undelete": {
|
||||
"description": "Undelete a Role, bringing it back in its previous state.",
|
||||
"description": "Undeletes a custom Role.",
|
||||
"flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}:undelete",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.organizations.roles.undelete",
|
||||
@@ -352,7 +352,7 @@
|
||||
"permissions": {
|
||||
"methods": {
|
||||
"queryTestablePermissions": {
|
||||
"description": "Lists the permissions testable on a resource.\nA permission is testable if it can be tested for an identity on a resource.",
|
||||
"description": "Lists every permission that you can test on a resource. A permission is\ntestable if you can check whether a member has that permission on the\nresource.",
|
||||
"flatPath": "v1/permissions:queryTestablePermissions",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.permissions.queryTestablePermissions",
|
||||
@@ -376,7 +376,7 @@
|
||||
"roles": {
|
||||
"methods": {
|
||||
"create": {
|
||||
"description": "Creates a new Role.",
|
||||
"description": "Creates a new custom Role.",
|
||||
"flatPath": "v1/projects/{projectsId}/roles",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.projects.roles.create",
|
||||
@@ -404,7 +404,7 @@
|
||||
]
|
||||
},
|
||||
"delete": {
|
||||
"description": "Soft deletes a role. The role is suspended and cannot be used to create new\nIAM Policy Bindings.\nThe Role will not be included in `ListRoles()` unless `show_deleted` is set\nin the `ListRolesRequest`. The Role contains the deleted boolean set.\nExisting Bindings remains, but are inactive. The Role can be undeleted\nwithin 7 days. After 7 days the Role is deleted and all Bindings associated\nwith the role are removed.",
|
||||
"description": "Deletes a custom Role.\n\nWhen you delete a custom role, the following changes occur immediately:\n\n* You cannot bind a member to the custom role in an IAM\nPolicy.\n* Existing bindings to the custom role are not changed, but they have no\neffect.\n* By default, the response from ListRoles does not include the custom\nrole.\n\nYou have 7 days to undelete the custom role. After 7 days, the following\nchanges occur:\n\n* The custom role is permanently deleted and cannot be recovered.\n* If an IAM policy contains a binding to the custom role, the binding is\npermanently removed.",
|
||||
"flatPath": "v1/projects/{projectsId}/roles/{rolesId}",
|
||||
"httpMethod": "DELETE",
|
||||
"id": "iam.projects.roles.delete",
|
||||
@@ -435,7 +435,7 @@
|
||||
]
|
||||
},
|
||||
"get": {
|
||||
"description": "Gets a Role definition.",
|
||||
"description": "Gets the definition of a Role.",
|
||||
"flatPath": "v1/projects/{projectsId}/roles/{rolesId}",
|
||||
"httpMethod": "GET",
|
||||
"id": "iam.projects.roles.get",
|
||||
@@ -460,7 +460,7 @@
|
||||
]
|
||||
},
|
||||
"list": {
|
||||
"description": "Lists the Roles defined on a resource.",
|
||||
"description": "Lists every predefined Role that IAM supports, or every custom role\nthat is defined for an organization or project.",
|
||||
"flatPath": "v1/projects/{projectsId}/roles",
|
||||
"httpMethod": "GET",
|
||||
"id": "iam.projects.roles.list",
|
||||
@@ -469,7 +469,7 @@
|
||||
],
|
||||
"parameters": {
|
||||
"pageSize": {
|
||||
"description": "Optional limit on the number of roles to include in the response.",
|
||||
"description": "Optional limit on the number of roles to include in the response.\n\nThe default is 300, and the maximum is 1,000.",
|
||||
"format": "int32",
|
||||
"location": "query",
|
||||
"type": "integer"
|
||||
@@ -510,7 +510,7 @@
|
||||
]
|
||||
},
|
||||
"patch": {
|
||||
"description": "Updates a Role definition.",
|
||||
"description": "Updates the definition of a custom Role.",
|
||||
"flatPath": "v1/projects/{projectsId}/roles/{rolesId}",
|
||||
"httpMethod": "PATCH",
|
||||
"id": "iam.projects.roles.patch",
|
||||
@@ -544,7 +544,7 @@
|
||||
]
|
||||
},
|
||||
"undelete": {
|
||||
"description": "Undelete a Role, bringing it back in its previous state.",
|
||||
"description": "Undeletes a custom Role.",
|
||||
"flatPath": "v1/projects/{projectsId}/roles/{rolesId}:undelete",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.projects.roles.undelete",
|
||||
@@ -576,7 +576,7 @@
|
||||
"serviceAccounts": {
|
||||
"methods": {
|
||||
"create": {
|
||||
"description": "Creates a ServiceAccount\nand returns it.",
|
||||
"description": "Creates a ServiceAccount.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.projects.serviceAccounts.create",
|
||||
@@ -604,7 +604,7 @@
|
||||
]
|
||||
},
|
||||
"delete": {
|
||||
"description": "Deletes a ServiceAccount.",
|
||||
"description": "Deletes a ServiceAccount.\n\n**Warning:** After you delete a service account, you might not be able to\nundelete it. If you know that you need to re-enable the service account in\nthe future, use DisableServiceAccount instead.\n\nIf you delete a service account, IAM permanently removes the service\naccount 30 days later. Google Cloud cannot recover the service account\nafter it is permanently removed, even if you file a support request.\n\nTo help avoid unplanned outages, we recommend that you disable the service\naccount before you delete it. Use DisableServiceAccount to disable the\nservice account, then wait at least 24 hours and watch for unintended\nconsequences. If there are no unintended consequences, you can delete the\nservice account.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}",
|
||||
"httpMethod": "DELETE",
|
||||
"id": "iam.projects.serviceAccounts.delete",
|
||||
@@ -629,7 +629,7 @@
|
||||
]
|
||||
},
|
||||
"disable": {
|
||||
"description": "DisableServiceAccount is currently in the alpha launch stage.\n\nDisables a ServiceAccount,\nwhich immediately prevents the service account from authenticating and\ngaining access to APIs.\n\nDisabled service accounts can be safely restored by using\nEnableServiceAccount at any point. Deleted service accounts cannot be\nrestored using this method.\n\nDisabling a service account that is bound to VMs, Apps, Functions, or\nother jobs will cause those jobs to lose access to resources if they are\nusing the disabled service account.\n\nTo improve reliability of your services and avoid unexpected outages, it\nis recommended to first disable a service account rather than delete it.\nAfter disabling the service account, wait at least 24 hours to verify there\nare no unintended consequences, and then delete the service account.",
|
||||
"description": "Disables a ServiceAccount immediately.\n\nIf an application uses the service account to authenticate, that\napplication can no longer call Google APIs or access Google Cloud\nresources. Existing access tokens for the service account are rejected, and\nrequests for new access tokens will fail.\n\nTo re-enable the service account, use EnableServiceAccount. After you\nre-enable the service account, its existing access tokens will be accepted,\nand you can request new access tokens.\n\nTo help avoid unplanned outages, we recommend that you disable the service\naccount before you delete it. Use this method to disable the service\naccount, then wait at least 24 hours and watch for unintended consequences.\nIf there are no unintended consequences, you can delete the service account\nwith DeleteServiceAccount.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:disable",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.projects.serviceAccounts.disable",
|
||||
@@ -657,7 +657,7 @@
|
||||
]
|
||||
},
|
||||
"enable": {
|
||||
"description": "EnableServiceAccount is currently in the alpha launch stage.\n\n Restores a disabled ServiceAccount\n that has been manually disabled by using DisableServiceAccount. Service\n accounts that have been disabled by other means or for other reasons,\n such as abuse, cannot be restored using this method.\n\n EnableServiceAccount will have no effect on a service account that is\n not disabled. Enabling an already enabled service account will have no\n effect.",
|
||||
"description": "Enables a ServiceAccount that was disabled by\nDisableServiceAccount.\n\nIf the service account is already enabled, then this method has no effect.\n\nIf the service account was disabled by other means\u2014for example, if Google\ndisabled the service account because it was compromised\u2014you cannot use this\nmethod to enable the service account.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:enable",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.projects.serviceAccounts.enable",
|
||||
@@ -710,7 +710,7 @@
|
||||
]
|
||||
},
|
||||
"getIamPolicy": {
|
||||
"description": "Returns the Cloud IAM access control policy for a\nServiceAccount.\n\nNote: Service accounts are both\n[resources and\nidentities](/iam/docs/service-accounts#service_account_permissions). This\nmethod treats the service account as a resource. It returns the Cloud IAM\npolicy that reflects what members have access to the service account.\n\nThis method does not return what resources the service account has access\nto. To see if a service account has access to a resource, call the\n`getIamPolicy` method on the target resource. For example, to view grants\nfor a project, call the\n[projects.getIamPolicy](/resource-manager/reference/rest/v1/projects/getIamPolicy)\nmethod.",
|
||||
"description": "Gets the IAM policy that is attached to a ServiceAccount. This IAM\npolicy specifies which members have access to the service account.\n\nThis method does not tell you whether the service account has been granted\nany roles on other resources. To check whether a service account has role\ngrants on a resource, use the `getIamPolicy` method for that resource. For\nexample, to view the role grants for a project, call the Resource Manager\nAPI's\n[`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy)\nmethod.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:getIamPolicy",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.projects.serviceAccounts.getIamPolicy",
|
||||
@@ -719,7 +719,7 @@
|
||||
],
|
||||
"parameters": {
|
||||
"options.requestedPolicyVersion": {
|
||||
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
|
||||
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
|
||||
"format": "int32",
|
||||
"location": "query",
|
||||
"type": "integer"
|
||||
@@ -741,7 +741,7 @@
|
||||
]
|
||||
},
|
||||
"list": {
|
||||
"description": "Lists ServiceAccounts for a project.",
|
||||
"description": "Lists every ServiceAccount that belongs to a specific project.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts",
|
||||
"httpMethod": "GET",
|
||||
"id": "iam.projects.serviceAccounts.list",
|
||||
@@ -757,7 +757,7 @@
|
||||
"type": "string"
|
||||
},
|
||||
"pageSize": {
|
||||
"description": "Optional limit on the number of service accounts to include in the\nresponse. Further accounts can subsequently be obtained by including the\nListServiceAccountsResponse.next_page_token\nin a subsequent request.",
|
||||
"description": "Optional limit on the number of service accounts to include in the\nresponse. Further accounts can subsequently be obtained by including the\nListServiceAccountsResponse.next_page_token\nin a subsequent request.\n\nThe default is 20, and the maximum is 100.",
|
||||
"format": "int32",
|
||||
"location": "query",
|
||||
"type": "integer"
|
||||
@@ -777,7 +777,7 @@
|
||||
]
|
||||
},
|
||||
"patch": {
|
||||
"description": "Patches a ServiceAccount.\n\nCurrently, only the following fields are updatable:\n`display_name` and `description`.\n\nOnly fields specified in the request are guaranteed to be returned in\nthe response. Other fields in the response may be empty.\n\nNote: The field mask is required.",
|
||||
"description": "Patches a ServiceAccount.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}",
|
||||
"httpMethod": "PATCH",
|
||||
"id": "iam.projects.serviceAccounts.patch",
|
||||
@@ -786,7 +786,7 @@
|
||||
],
|
||||
"parameters": {
|
||||
"name": {
|
||||
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\n\nRequests using `-` as a wildcard for the `PROJECT_ID` will infer the\nproject from the `account` and the `ACCOUNT` value can be the `email`\naddress or the `unique_id` of the service account.\n\nIn responses the resource name will always be in the format\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.",
|
||||
"description": "The resource name of the service account.\n\nUse one of the following formats:\n\n* `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}`\n* `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}`\n\nAs an alternative, you can use the `-` wildcard character instead of the\nproject ID:\n\n* `projects/-/serviceAccounts/{EMAIL_ADDRESS}`\n* `projects/-/serviceAccounts/{UNIQUE_ID}`\n\nWhen possible, avoid using the `-` wildcard character, because it can cause\nresponse messages to contain misleading error codes. For example, if you\ntry to get the service account\n`projects/-/serviceAccounts/fake@example.com`, which does not exist, the\nresponse contains an HTTP `403 Forbidden` error instead of a `404 Not\nFound` error.",
|
||||
"location": "path",
|
||||
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
|
||||
"required": true,
|
||||
@@ -805,7 +805,7 @@
|
||||
]
|
||||
},
|
||||
"setIamPolicy": {
|
||||
"description": "Sets the Cloud IAM access control policy for a\nServiceAccount.\n\nNote: Service accounts are both\n[resources and\nidentities](/iam/docs/service-accounts#service_account_permissions). This\nmethod treats the service account as a resource. Use it to grant members\naccess to the service account, such as when they need to impersonate it.\n\nThis method does not grant the service account access to other resources,\nsuch as projects. To grant a service account access to resources, include\nthe service account in the Cloud IAM policy for the desired resource, then\ncall the appropriate `setIamPolicy` method on the target resource. For\nexample, to grant a service account access to a project, call the\n[projects.setIamPolicy](/resource-manager/reference/rest/v1/projects/setIamPolicy)\nmethod.",
|
||||
"description": "Sets the IAM policy that is attached to a ServiceAccount.\n\nUse this method to grant or revoke access to the service account. For\nexample, you could grant a member the ability to impersonate the service\naccount.\n\nThis method does not enable the service account to access other resources.\nTo grant roles to a service account on a resource, follow these steps:\n\n1. Call the resource's `getIamPolicy` method to get its current IAM policy.\n2. Edit the policy so that it binds the service account to an IAM role for\nthe resource.\n3. Call the resource's `setIamPolicy` method to update its IAM policy.\n\nFor detailed instructions, see\n[Granting roles to a service account for specific\nresources](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts).",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:setIamPolicy",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.projects.serviceAccounts.setIamPolicy",
|
||||
@@ -833,7 +833,7 @@
|
||||
]
|
||||
},
|
||||
"signBlob": {
|
||||
"description": "**Note**: This method is in the process of being deprecated. Call the\n[`signBlob()`](/iam/credentials/reference/rest/v1/projects.serviceAccounts/signBlob)\nmethod of the Cloud IAM Service Account Credentials API instead.\n\nSigns a blob using a service account's system-managed private key.",
|
||||
"description": "**Note:** We are in the process of deprecating this method. Use the\n[`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob)\nmethod in the IAM Service Account Credentials API instead.\n\nSigns a blob using the system-managed private key for a ServiceAccount.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signBlob",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.projects.serviceAccounts.signBlob",
|
||||
@@ -861,7 +861,7 @@
|
||||
]
|
||||
},
|
||||
"signJwt": {
|
||||
"description": "**Note**: This method is in the process of being deprecated. Call the\n[`signJwt()`](/iam/credentials/reference/rest/v1/projects.serviceAccounts/signJwt)\nmethod of the Cloud IAM Service Account Credentials API instead.\n\nSigns a JWT using a service account's system-managed private key.\n\nIf no expiry time (`exp`) is provided in the `SignJwtRequest`, IAM sets an\nan expiry time of one hour by default. If you request an expiry time of\nmore than one hour, the request will fail.",
|
||||
"description": "**Note:** We are in the process of deprecating this method. Use the\n[`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt)\nmethod in the IAM Service Account Credentials API instead.\n\nSigns a JSON Web Token (JWT) using the system-managed private key for a\nServiceAccount.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signJwt",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.projects.serviceAccounts.signJwt",
|
||||
@@ -889,7 +889,7 @@
|
||||
]
|
||||
},
|
||||
"testIamPermissions": {
|
||||
"description": "Tests the specified permissions against the IAM access control policy\nfor a ServiceAccount.",
|
||||
"description": "Tests whether the caller has the specified permissions on a\nServiceAccount.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:testIamPermissions",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.projects.serviceAccounts.testIamPermissions",
|
||||
@@ -917,7 +917,7 @@
|
||||
]
|
||||
},
|
||||
"undelete": {
|
||||
"description": "Restores a deleted ServiceAccount.\nThis is to be used as an action of last resort. A service account may\nnot always be restorable.",
|
||||
"description": "Restores a deleted ServiceAccount.\n\n**Important:** It is not always possible to restore a deleted service\naccount. Use this method only as a last resort.\n\nAfter you delete a service account, IAM permanently removes the service\naccount 30 days later. There is no way to restore a deleted service account\nthat has been permanently removed.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:undelete",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.projects.serviceAccounts.undelete",
|
||||
@@ -945,7 +945,7 @@
|
||||
]
|
||||
},
|
||||
"update": {
|
||||
"description": "Note: This method is in the process of being deprecated. Use\nPatchServiceAccount instead.\n\nUpdates a ServiceAccount.\n\nCurrently, only the following fields are updatable:\n`display_name` and `description`.",
|
||||
"description": "**Note:** We are in the process of deprecating this method. Use\nPatchServiceAccount instead.\n\nUpdates a ServiceAccount.\n\nYou can update only the `display_name` and `description` fields.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}",
|
||||
"httpMethod": "PUT",
|
||||
"id": "iam.projects.serviceAccounts.update",
|
||||
@@ -954,7 +954,7 @@
|
||||
],
|
||||
"parameters": {
|
||||
"name": {
|
||||
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\n\nRequests using `-` as a wildcard for the `PROJECT_ID` will infer the\nproject from the `account` and the `ACCOUNT` value can be the `email`\naddress or the `unique_id` of the service account.\n\nIn responses the resource name will always be in the format\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.",
|
||||
"description": "The resource name of the service account.\n\nUse one of the following formats:\n\n* `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}`\n* `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}`\n\nAs an alternative, you can use the `-` wildcard character instead of the\nproject ID:\n\n* `projects/-/serviceAccounts/{EMAIL_ADDRESS}`\n* `projects/-/serviceAccounts/{UNIQUE_ID}`\n\nWhen possible, avoid using the `-` wildcard character, because it can cause\nresponse messages to contain misleading error codes. For example, if you\ntry to get the service account\n`projects/-/serviceAccounts/fake@example.com`, which does not exist, the\nresponse contains an HTTP `403 Forbidden` error instead of a `404 Not\nFound` error.",
|
||||
"location": "path",
|
||||
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
|
||||
"required": true,
|
||||
@@ -977,7 +977,7 @@
|
||||
"keys": {
|
||||
"methods": {
|
||||
"create": {
|
||||
"description": "Creates a ServiceAccountKey\nand returns it.",
|
||||
"description": "Creates a ServiceAccountKey.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.projects.serviceAccounts.keys.create",
|
||||
@@ -1030,7 +1030,7 @@
|
||||
]
|
||||
},
|
||||
"get": {
|
||||
"description": "Gets the ServiceAccountKey\nby key id.",
|
||||
"description": "Gets a ServiceAccountKey.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}",
|
||||
"httpMethod": "GET",
|
||||
"id": "iam.projects.serviceAccounts.keys.get",
|
||||
@@ -1065,7 +1065,7 @@
|
||||
]
|
||||
},
|
||||
"list": {
|
||||
"description": "Lists ServiceAccountKeys.",
|
||||
"description": "Lists every ServiceAccountKey for a service account.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys",
|
||||
"httpMethod": "GET",
|
||||
"id": "iam.projects.serviceAccounts.keys.list",
|
||||
@@ -1101,7 +1101,7 @@
|
||||
]
|
||||
},
|
||||
"upload": {
|
||||
"description": "Upload public key for a given service account.\nThis rpc will create a\nServiceAccountKey that has the\nprovided public key and returns it.",
|
||||
"description": "Creates a ServiceAccountKey, using a public key that you provide.",
|
||||
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys:upload",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.projects.serviceAccounts.keys.upload",
|
||||
@@ -1137,7 +1137,7 @@
|
||||
"roles": {
|
||||
"methods": {
|
||||
"get": {
|
||||
"description": "Gets a Role definition.",
|
||||
"description": "Gets the definition of a Role.",
|
||||
"flatPath": "v1/roles/{rolesId}",
|
||||
"httpMethod": "GET",
|
||||
"id": "iam.roles.get",
|
||||
@@ -1162,14 +1162,14 @@
|
||||
]
|
||||
},
|
||||
"list": {
|
||||
"description": "Lists the Roles defined on a resource.",
|
||||
"description": "Lists every predefined Role that IAM supports, or every custom role\nthat is defined for an organization or project.",
|
||||
"flatPath": "v1/roles",
|
||||
"httpMethod": "GET",
|
||||
"id": "iam.roles.list",
|
||||
"parameterOrder": [],
|
||||
"parameters": {
|
||||
"pageSize": {
|
||||
"description": "Optional limit on the number of roles to include in the response.",
|
||||
"description": "Optional limit on the number of roles to include in the response.\n\nThe default is 300, and the maximum is 1,000.",
|
||||
"format": "int32",
|
||||
"location": "query",
|
||||
"type": "integer"
|
||||
@@ -1208,7 +1208,7 @@
|
||||
]
|
||||
},
|
||||
"queryGrantableRoles": {
|
||||
"description": "Queries roles that can be granted on a particular resource.\nA role is grantable if it can be used as the role in a binding for a policy\nfor that resource.",
|
||||
"description": "Lists roles that can be granted on a Google Cloud resource. A role is\ngrantable if the IAM policy for the resource can contain bindings to the\nrole.",
|
||||
"flatPath": "v1/roles:queryGrantableRoles",
|
||||
"httpMethod": "POST",
|
||||
"id": "iam.roles.queryGrantableRoles",
|
||||
@@ -1228,7 +1228,7 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"revision": "20200319",
|
||||
"revision": "20200617",
|
||||
"rootUrl": "https://iam.googleapis.com/",
|
||||
"schemas": {
|
||||
"AdminAuditData": {
|
||||
@@ -1243,7 +1243,7 @@
|
||||
"type": "object"
|
||||
},
|
||||
"AuditConfig": {
|
||||
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
|
||||
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
|
||||
"id": "AuditConfig",
|
||||
"properties": {
|
||||
"auditLogConfigs": {
|
||||
@@ -1272,7 +1272,7 @@
|
||||
"type": "object"
|
||||
},
|
||||
"AuditLogConfig": {
|
||||
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
|
||||
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
|
||||
"id": "AuditLogConfig",
|
||||
"properties": {
|
||||
"exemptedMembers": {
|
||||
@@ -1318,7 +1318,7 @@
|
||||
"properties": {
|
||||
"condition": {
|
||||
"$ref": "Expr",
|
||||
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
|
||||
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
|
||||
},
|
||||
"members": {
|
||||
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
|
||||
@@ -1376,7 +1376,7 @@
|
||||
"description": "The Role resource to create."
|
||||
},
|
||||
"roleId": {
|
||||
"description": "The role ID to use for this role.",
|
||||
"description": "The role ID to use for this role.\n\nA role ID may contain alphanumeric characters, underscores (`_`), and\nperiods (`.`). It must contain a minimum of 3 characters and a maximum of\n64 characters.",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
@@ -1609,7 +1609,7 @@
|
||||
"type": "object"
|
||||
},
|
||||
"PatchServiceAccountRequest": {
|
||||
"description": "The patch service account request.",
|
||||
"description": "The request for\nPatchServiceAccount.\n\nYou can patch only the `display_name` and `description` fields. You must use\nthe `update_mask` field to specify which of these fields you want to patch.\n\nOnly the fields specified in the request are guaranteed to be returned in\nthe response. Other fields may be empty in the response.",
|
||||
"id": "PatchServiceAccountRequest",
|
||||
"properties": {
|
||||
"serviceAccount": {
|
||||
@@ -1704,7 +1704,7 @@
|
||||
"type": "object"
|
||||
},
|
||||
"Policy": {
|
||||
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
|
||||
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
|
||||
"id": "Policy",
|
||||
"properties": {
|
||||
"auditConfigs": {
|
||||
@@ -1727,7 +1727,7 @@
|
||||
"type": "string"
|
||||
},
|
||||
"version": {
|
||||
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
|
||||
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
|
||||
"format": "int32",
|
||||
"type": "integer"
|
||||
}
|
||||
@@ -1782,7 +1782,7 @@
|
||||
"type": "string"
|
||||
},
|
||||
"pageSize": {
|
||||
"description": "Optional limit on the number of roles to include in the response.",
|
||||
"description": "Optional limit on the number of roles to include in the response.\n\nThe default is 300, and the maximum is 1,000.",
|
||||
"format": "int32",
|
||||
"type": "integer"
|
||||
},
|
||||
@@ -1831,7 +1831,7 @@
|
||||
"type": "string"
|
||||
},
|
||||
"pageSize": {
|
||||
"description": "Optional limit on the number of permissions to include in the response.",
|
||||
"description": "Optional limit on the number of permissions to include in the response.\n\nThe default is 100, and the maximum is 1,000.",
|
||||
"format": "int32",
|
||||
"type": "integer"
|
||||
},
|
||||
@@ -1916,44 +1916,44 @@
|
||||
"type": "object"
|
||||
},
|
||||
"ServiceAccount": {
|
||||
"description": "A service account in the Identity and Access Management API.\n\nTo create a service account, specify the `project_id` and the `account_id`\nfor the account. The `account_id` is unique within the project, and is used\nto generate the service account email address and a stable\n`unique_id`.\n\nIf the account already exists, the account's resource name is returned\nin the format of projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}. The caller\ncan use the name in other methods to access the account.\n\nAll other methods can identify the service account using the format\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
|
||||
"description": "An IAM service account.\n\nA service account is an account for an application or a virtual machine (VM)\ninstance, not a person. You can use a service account to call Google APIs. To\nlearn more, read the [overview of service\naccounts](https://cloud.google.com/iam/help/service-accounts/overview).\n\nWhen you create a service account, you specify the project ID that owns the\nservice account, as well as a name that must be unique within the project.\nIAM uses these values to create an email address that identifies the service\naccount.",
|
||||
"id": "ServiceAccount",
|
||||
"properties": {
|
||||
"description": {
|
||||
"description": "Optional. A user-specified opaque description of the service account.\nMust be less than or equal to 256 UTF-8 bytes.",
|
||||
"description": "Optional. A user-specified, human-readable description of the service account. The\nmaximum length is 256 UTF-8 bytes.",
|
||||
"type": "string"
|
||||
},
|
||||
"disabled": {
|
||||
"description": "@OutputOnly A bool indicate if the service account is disabled.\nThe field is currently in alpha phase.",
|
||||
"description": "Output only. Whether the service account is disabled.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"displayName": {
|
||||
"description": "Optional. A user-specified name for the service account.\nMust be less than or equal to 100 UTF-8 bytes.",
|
||||
"description": "Optional. A user-specified, human-readable name for the service account. The maximum\nlength is 100 UTF-8 bytes.",
|
||||
"type": "string"
|
||||
},
|
||||
"email": {
|
||||
"description": "@OutputOnly The email address of the service account.",
|
||||
"description": "Output only. The email address of the service account.",
|
||||
"type": "string"
|
||||
},
|
||||
"etag": {
|
||||
"description": "Optional. Note: `etag` is an inoperable legacy field that is only returned\nfor backwards compatibility.",
|
||||
"description": "Deprecated. Do not use.",
|
||||
"format": "byte",
|
||||
"type": "string"
|
||||
},
|
||||
"name": {
|
||||
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\n\nRequests using `-` as a wildcard for the `PROJECT_ID` will infer the\nproject from the `account` and the `ACCOUNT` value can be the `email`\naddress or the `unique_id` of the service account.\n\nIn responses the resource name will always be in the format\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.",
|
||||
"description": "The resource name of the service account.\n\nUse one of the following formats:\n\n* `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}`\n* `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}`\n\nAs an alternative, you can use the `-` wildcard character instead of the\nproject ID:\n\n* `projects/-/serviceAccounts/{EMAIL_ADDRESS}`\n* `projects/-/serviceAccounts/{UNIQUE_ID}`\n\nWhen possible, avoid using the `-` wildcard character, because it can cause\nresponse messages to contain misleading error codes. For example, if you\ntry to get the service account\n`projects/-/serviceAccounts/fake@example.com`, which does not exist, the\nresponse contains an HTTP `403 Forbidden` error instead of a `404 Not\nFound` error.",
|
||||
"type": "string"
|
||||
},
|
||||
"oauth2ClientId": {
|
||||
"description": "@OutputOnly The OAuth2 client id for the service account.\nThis is used in conjunction with the OAuth2 clientconfig API to make\nthree legged OAuth2 (3LO) flows to access the data of Google users.",
|
||||
"description": "Output only. The OAuth 2.0 client ID for the service account.",
|
||||
"type": "string"
|
||||
},
|
||||
"projectId": {
|
||||
"description": "@OutputOnly The id of the project that owns the service account.",
|
||||
"description": "Output only. The ID of the project that owns the service account.",
|
||||
"type": "string"
|
||||
},
|
||||
"uniqueId": {
|
||||
"description": "@OutputOnly The unique and stable id of the service account.",
|
||||
"description": "Output only. The unique, stable numeric ID for the service account.\n\nEach service account retains its unique ID even if you delete the service\naccount. For example, if you delete a service account, then create a new\nservice account with the same name, the new service account has a different\nunique ID than the deleted service account.",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
@@ -2055,7 +2055,7 @@
|
||||
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
|
||||
},
|
||||
"updateMask": {
|
||||
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
|
||||
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
|
||||
"format": "google-fieldmask",
|
||||
"type": "string"
|
||||
}
|
||||
@@ -2095,7 +2095,7 @@
|
||||
"id": "SignJwtRequest",
|
||||
"properties": {
|
||||
"payload": {
|
||||
"description": "Required. The JWT payload to sign, a JSON JWT Claim set.",
|
||||
"description": "Required. The JWT payload to sign. Must be a serialized JSON object that contains a\nJWT Claims Set. For example: `{\"sub\": \"user@example.com\", \"iat\": 313435}`\n\nIf the JWT Claims Set contains an expiration time (`exp`) claim, it must be\nan integer timestamp that is not in the past and no more than 1 hour in the\nfuture.\n\nIf the JWT Claims Set does not contain an expiration time (`exp`) claim,\nthis claim is added automatically, with a timestamp that is 1 hour in the\nfuture.",
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user