OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-02-23 15:49:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

update API descriptions

Browse Source
This commit is contained in:
Sebastian Thiel
2020-07-10 09:11:32 +08:00
parent b6ee34dcff
commit 69fb05c4e1
271 changed files with 82506 additions and 23249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
etc/api/abusiveexperiencereport/v1/abusiveexperiencereport-api.json
View File

@@ -139,7 +139,7 @@
}
}
},
"revision": "20200405",
"revision": "20200706",
"rootUrl": "https://abusiveexperiencereport.googleapis.com/",
"schemas": {
"SiteSummaryResponse": {

2
etc/api/acceleratedmobilepageurl/v1/acceleratedmobilepageurl-api.json
View File

@@ -115,7 +115,7 @@
}
}
},
"revision": "20200409",
"revision": "20200708",
"rootUrl": "https://acceleratedmobilepageurl.googleapis.com/",
"schemas": {
"AmpUrl": {

8
etc/api/accessapproval/v1/accessapproval-api.json
View File

@@ -286,7 +286,7 @@
],
"parameters": {
"filter": {
"description": "A filter on the type of approval requests to retrieve. Must be one of the\nfollowing values:\n<ol>\n <li>[not set]: Requests that are pending or have active approvals.</li>\n <li>ALL: All requests.</li>\n <li>PENDING: Only pending requests.</li>\n <li>ACTIVE: Only active (i.e. currently approved) requests.</li>\n <li>DISMISSED: Only dismissed (including expired) requests.</li>\n</ol>",
"description": "A filter on the type of approval requests to retrieve. Must be one of the\nfollowing values:\n<ol>\n <li>[not set]: Requests that are pending or have active approvals.</li>\n <li>ALL: All requests.</li>\n <li>PENDING: Only pending requests.</li>\n <li>ACTIVE: Only active (i.e. currently approved) requests.</li>\n <li>DISMISSED: Only dismissed (including expired) requests.</li>\n <li>HISTORY: Active and dismissed (including expired) requests.</li>\n</ol>",
"location": "query",
"type": "string"
},
@@ -502,7 +502,7 @@
],
"parameters": {
"filter": {
"description": "A filter on the type of approval requests to retrieve. Must be one of the\nfollowing values:\n<ol>\n <li>[not set]: Requests that are pending or have active approvals.</li>\n <li>ALL: All requests.</li>\n <li>PENDING: Only pending requests.</li>\n <li>ACTIVE: Only active (i.e. currently approved) requests.</li>\n <li>DISMISSED: Only dismissed (including expired) requests.</li>\n</ol>",
"description": "A filter on the type of approval requests to retrieve. Must be one of the\nfollowing values:\n<ol>\n <li>[not set]: Requests that are pending or have active approvals.</li>\n <li>ALL: All requests.</li>\n <li>PENDING: Only pending requests.</li>\n <li>ACTIVE: Only active (i.e. currently approved) requests.</li>\n <li>DISMISSED: Only dismissed (including expired) requests.</li>\n <li>HISTORY: Active and dismissed (including expired) requests.</li>\n</ol>",
"location": "query",
"type": "string"
},
@@ -718,7 +718,7 @@
],
"parameters": {
"filter": {
"description": "A filter on the type of approval requests to retrieve. Must be one of the\nfollowing values:\n<ol>\n <li>[not set]: Requests that are pending or have active approvals.</li>\n <li>ALL: All requests.</li>\n <li>PENDING: Only pending requests.</li>\n <li>ACTIVE: Only active (i.e. currently approved) requests.</li>\n <li>DISMISSED: Only dismissed (including expired) requests.</li>\n</ol>",
"description": "A filter on the type of approval requests to retrieve. Must be one of the\nfollowing values:\n<ol>\n <li>[not set]: Requests that are pending or have active approvals.</li>\n <li>ALL: All requests.</li>\n <li>PENDING: Only pending requests.</li>\n <li>ACTIVE: Only active (i.e. currently approved) requests.</li>\n <li>DISMISSED: Only dismissed (including expired) requests.</li>\n <li>HISTORY: Active and dismissed (including expired) requests.</li>\n</ol>",
"location": "query",
"type": "string"
},
@@ -754,7 +754,7 @@
}
}
},
"revision": "20200409",
"revision": "20200708",
"rootUrl": "https://accessapproval.googleapis.com/",
"schemas": {
"AccessApprovalSettings": {

8
etc/api/accessapproval/v1beta1/accessapproval-api.json
View File

@@ -286,7 +286,7 @@
],
"parameters": {
"filter": {
"description": "A filter on the type of approval requests to retrieve. Must be one of the\nfollowing values:\n<ol>\n <li>[not set]: Requests that are pending or have active approvals.</li>\n <li>ALL: All requests.</li>\n <li>PENDING: Only pending requests.</li>\n <li>ACTIVE: Only active (i.e. currently approved) requests.</li>\n <li>DISMISSED: Only dismissed (including expired) requests.</li>\n</ol>",
"description": "A filter on the type of approval requests to retrieve. Must be one of the\nfollowing values:\n<ol>\n <li>[not set]: Requests that are pending or have active approvals.</li>\n <li>ALL: All requests.</li>\n <li>PENDING: Only pending requests.</li>\n <li>ACTIVE: Only active (i.e. currently approved) requests.</li>\n <li>DISMISSED: Only dismissed (including expired) requests.</li>\n <li>HISTORY: Active and dismissed (including expired) requests.</li>\n</ol>",
"location": "query",
"type": "string"
},
@@ -502,7 +502,7 @@
],
"parameters": {
"filter": {
"description": "A filter on the type of approval requests to retrieve. Must be one of the\nfollowing values:\n<ol>\n <li>[not set]: Requests that are pending or have active approvals.</li>\n <li>ALL: All requests.</li>\n <li>PENDING: Only pending requests.</li>\n <li>ACTIVE: Only active (i.e. currently approved) requests.</li>\n <li>DISMISSED: Only dismissed (including expired) requests.</li>\n</ol>",
"description": "A filter on the type of approval requests to retrieve. Must be one of the\nfollowing values:\n<ol>\n <li>[not set]: Requests that are pending or have active approvals.</li>\n <li>ALL: All requests.</li>\n <li>PENDING: Only pending requests.</li>\n <li>ACTIVE: Only active (i.e. currently approved) requests.</li>\n <li>DISMISSED: Only dismissed (including expired) requests.</li>\n <li>HISTORY: Active and dismissed (including expired) requests.</li>\n</ol>",
"location": "query",
"type": "string"
},
@@ -718,7 +718,7 @@
],
"parameters": {
"filter": {
"description": "A filter on the type of approval requests to retrieve. Must be one of the\nfollowing values:\n<ol>\n <li>[not set]: Requests that are pending or have active approvals.</li>\n <li>ALL: All requests.</li>\n <li>PENDING: Only pending requests.</li>\n <li>ACTIVE: Only active (i.e. currently approved) requests.</li>\n <li>DISMISSED: Only dismissed (including expired) requests.</li>\n</ol>",
"description": "A filter on the type of approval requests to retrieve. Must be one of the\nfollowing values:\n<ol>\n <li>[not set]: Requests that are pending or have active approvals.</li>\n <li>ALL: All requests.</li>\n <li>PENDING: Only pending requests.</li>\n <li>ACTIVE: Only active (i.e. currently approved) requests.</li>\n <li>DISMISSED: Only dismissed (including expired) requests.</li>\n <li>HISTORY: Active and dismissed (including expired) requests.</li>\n</ol>",
"location": "query",
"type": "string"
},
@@ -754,7 +754,7 @@
}
}
},
"revision": "20200409",
"revision": "20200708",
"rootUrl": "https://accessapproval.googleapis.com/",
"schemas": {
"AccessApprovalSettings": {

2
etc/api/accesscontextmanager/v1/accesscontextmanager-api.json
View File

@@ -777,7 +777,7 @@
}
}
},
"revision": "20200405",
"revision": "20200619",
"rootUrl": "https://accesscontextmanager.googleapis.com/",
"schemas": {
"AccessLevel": {

2
etc/api/accesscontextmanager/v1beta/accesscontextmanager-api.json
View File

@@ -599,7 +599,7 @@
}
}
},
"revision": "20200405",
"revision": "20200619",
"rootUrl": "https://accesscontextmanager.googleapis.com/",
"schemas": {
"AccessLevel": {

2
etc/api/adexchangebuyer/v1.2/adexchangebuyer-api.json
View File

@@ -15,7 +15,7 @@
"description": "Accesses your bidding-account information, submits creatives for validation, finds available direct deals, and retrieves performance reports.",
"discoveryVersion": "v1",
"documentationLink": "https://developers.google.com/ad-exchange/buyer-rest",
"etag": "\"u9GIe6H63LSGq-9_t39K2Zx_EAc/NqH-dIwRC63Jam7EMg3FwCUSX_o\"",
"etag": "\"-2NioU2H8y8siEzrBOV_qzRI6kQ/NqH-dIwRC63Jam7EMg3FwCUSX_o\"",
"icons": {
"x16": "https://www.google.com/images/icons/product/doubleclick-16.gif",
"x32": "https://www.google.com/images/icons/product/doubleclick-32.gif"

2
etc/api/adexchangebuyer/v1.3/adexchangebuyer-api.json
View File

@@ -15,7 +15,7 @@
"description": "Accesses your bidding-account information, submits creatives for validation, finds available direct deals, and retrieves performance reports.",
"discoveryVersion": "v1",
"documentationLink": "https://developers.google.com/ad-exchange/buyer-rest",
"etag": "\"u9GIe6H63LSGq-9_t39K2Zx_EAc/q3PXuYjke5DLC1iS16IMMN2X5Kc\"",
"etag": "\"-2NioU2H8y8siEzrBOV_qzRI6kQ/q3PXuYjke5DLC1iS16IMMN2X5Kc\"",
"icons": {
"x16": "https://www.google.com/images/icons/product/doubleclick-16.gif",
"x32": "https://www.google.com/images/icons/product/doubleclick-32.gif"

2
etc/api/adexchangebuyer/v1.4/adexchangebuyer-api.json
View File

@@ -15,7 +15,7 @@
"description": "Accesses your bidding-account information, submits creatives for validation, finds available direct deals, and retrieves performance reports.",
"discoveryVersion": "v1",
"documentationLink": "https://developers.google.com/ad-exchange/buyer-rest",
"etag": "\"u9GIe6H63LSGq-9_t39K2Zx_EAc/jeeKbeKt3C57J6G4NBTg4KfprYo\"",
"etag": "\"-2NioU2H8y8siEzrBOV_qzRI6kQ/jeeKbeKt3C57J6G4NBTg4KfprYo\"",
"icons": {
"x16": "https://www.google.com/images/icons/product/doubleclick-16.gif",
"x32": "https://www.google.com/images/icons/product/doubleclick-32.gif"

24
etc/api/adexchangebuyer2/v2beta1/adexchangebuyer2-api.json
View File

@@ -2486,7 +2486,7 @@
}
}
},
"revision": "20200409",
"revision": "20200709",
"rootUrl": "https://adexchangebuyer.googleapis.com/",
"schemas": {
"AbsoluteDateRange": {
@@ -2660,6 +2660,10 @@
"$ref": "MetricValue",
"description": "The number of bids for which the corresponding impression was measurable\nfor viewability (as defined by Active View)."
},
"reachedQueries": {
"$ref": "MetricValue",
"description": "The number of bids that won the auction and also won the mediation\nwaterfall (if any)."
},
"rowDimensions": {
"$ref": "RowDimensions",
"description": "The values of all dimensions associated with metric values in this row."
@@ -2753,7 +2757,7 @@
"type": "string"
},
"entityId": {
"description": "Numerical identifier of the client entity.\nThe entity can be an advertiser, a brand, or an agency.\nThis identifier is unique among all the entities with the same type.\n\nA list of all known advertisers with their identifiers is available in the\n[advertisers.txt](https://storage.googleapis.com/adx-rtb-dictionaries/advertisers.txt)\nfile.\n\nA list of all known brands with their identifiers is available in the\n[brands.txt](https://storage.googleapis.com/adx-rtb-dictionaries/brands.txt)\nfile.\n\nA list of all known agencies with their identifiers is available in the\n[agencies.txt](https://storage.googleapis.com/adx-rtb-dictionaries/agencies.txt)\nfile.",
"description": "Numerical identifier of the client entity.\nThe entity can be an advertiser, a brand, or an agency.\nThis identifier is unique among all the entities with the same type.\nThe value of this field is ignored if the entity type is not provided.\n\nA list of all known advertisers with their identifiers is available in the\n[advertisers.txt](https://storage.googleapis.com/adx-rtb-dictionaries/advertisers.txt)\nfile.\n\nA list of all known brands with their identifiers is available in the\n[brands.txt](https://storage.googleapis.com/adx-rtb-dictionaries/brands.txt)\nfile.\n\nA list of all known agencies with their identifiers is available in the\n[agencies.txt](https://storage.googleapis.com/adx-rtb-dictionaries/agencies.txt)\nfile.",
"format": "int64",
"type": "string"
},
@@ -2762,7 +2766,7 @@
"type": "string"
},
"entityType": {
"description": "The type of the client entity: `ADVERTISER`, `BRAND`, or `AGENCY`.",
"description": "An optional field for specifying the type of the client entity:\n`ADVERTISER`, `BRAND`, or `AGENCY`.",
"enum": [
"ENTITY_TYPE_UNSPECIFIED",
"ADVERTISER",
@@ -4963,12 +4967,16 @@
"enum": [
"STATUS_UNSPECIFIED",
"AD_NOT_RENDERED",
"INVALID_IMPRESSION"
"INVALID_IMPRESSION",
"FATAL_VAST_ERROR",
"LOST_IN_MEDIATION"
],
"enumDescriptions": [
"A placeholder for an undefined status.\nThis value will never be returned in responses.",
"The buyer was not billed because the ad was not rendered by the\npublisher.",
"The buyer was not billed because the impression won by the bid was\ndetermined to be invalid."
"The buyer was not billed because the impression won by the bid was\ndetermined to be invalid.",
"A video impression was served but a fatal error was reported from the\nclient during playback.",
"The buyer was not billed because the ad was outplaced in the mediation\nwaterfall."
],
"type": "string"
}
@@ -5391,7 +5399,7 @@
"type": "object"
},
"PublisherProfile": {
"description": "Note: this resource requires whitelisting for access. Please contact your\naccount manager for access to Marketplace resources.\n\nRepresents a publisher profile in Marketplace.\n\nAll fields are read only. All string fields are free-form text entered by the\npublisher unless noted otherwise.",
"description": "Note: this resource requires whitelisting for access. Please contact your\naccount manager for access to Marketplace resources.\n\nRepresents a publisher profile\n(https://support.google.com/admanager/answer/6035806?hl=en) in Marketplace.\n\nAll fields are read only. All string fields are free-form text entered by the\npublisher unless noted otherwise.",
"id": "PublisherProfile",
"properties": {
"audienceDescription": {
@@ -5421,6 +5429,10 @@
"description": "URL to publisher's Google+ page.",
"type": "string"
},
"isParent": {
"description": "Indicates if this profile is the parent profile of the seller. A parent\nprofile represents all the inventory from the seller, as opposed to child\nprofile that is created to brand a portion of inventory. One seller should\nhave only one parent publisher profile, and can have multiple child\nprofiles. Publisher profiles for the same seller will have same value of\nfield google.ads.adexchange.buyer.v2beta1.PublisherProfile.seller.\nSee https://support.google.com/admanager/answer/6035806?hl=en for details.",
"type": "boolean"
},
"logoUrl": {
"description": "A Google public URL to the logo for this publisher profile. The logo is\nstored as a PNG, JPG, or GIF image.",
"type": "string"

2
etc/api/adexperiencereport/v1/adexperiencereport-api.json
View File

@@ -138,7 +138,7 @@
}
}
},
"revision": "20200405",
"revision": "20200704",
"rootUrl": "https://adexperiencereport.googleapis.com/",
"schemas": {
"PlatformSummary": {

411
etc/api/admin/datatransfer_v1/admin-api.json
View File

@@ -1,411 +0,0 @@
{
"auth": {
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/admin.datatransfer": {
"description": "View and manage data transfers between users in your organization"
},
"https://www.googleapis.com/auth/admin.datatransfer.readonly": {
"description": "View data transfers between users in your organization"
}
}
}
},
"basePath": "/admin/datatransfer/v1/",
"baseUrl": "https://www.googleapis.com/admin/datatransfer/v1/",
"batchPath": "batch/admin/datatransfer_v1",
"canonicalName": "DataTransfer",
"description": "Transfers user data from one user to another.",
"discoveryVersion": "v1",
"documentationLink": "https://developers.google.com/admin-sdk/data-transfer/",
"etag": "\"u9GIe6H63LSGq-9_t39K2Zx_EAc/o-H78Id0Lcq1iHheSzpqURY4CLE\"",
"icons": {
"x16": "https://www.gstatic.com/images/branding/product/1x/googleg_16dp.png",
"x32": "https://www.gstatic.com/images/branding/product/1x/googleg_32dp.png"
},
"id": "admin:datatransfer_v1",
"kind": "discovery#restDescription",
"name": "admin",
"ownerDomain": "google.com",
"ownerName": "Google",
"packagePath": "admin",
"parameters": {
"alt": {
"default": "json",
"description": "Data format for the response.",
"enum": [
"json"
],
"enumDescriptions": [
"Responses with Content-Type of application/json"
],
"location": "query",
"type": "string"
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"location": "query",
"type": "string"
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"location": "query",
"type": "string"
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"location": "query",
"type": "string"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
"location": "query",
"type": "boolean"
},
"quotaUser": {
"description": "An opaque string that represents a user for quota purposes. Must not exceed 40 characters.",
"location": "query",
"type": "string"
},
"userIp": {
"description": "Deprecated. Please use quotaUser instead.",
"location": "query",
"type": "string"
}
},
"protocol": "rest",
"resources": {
"applications": {
"methods": {
"get": {
"description": "Retrieves information about an application for the given application ID.",
"httpMethod": "GET",
"id": "datatransfer.applications.get",
"parameterOrder": [
"applicationId"
],
"parameters": {
"applicationId": {
"description": "ID of the application resource to be retrieved.",
"format": "int64",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "applications/{applicationId}",
"response": {
"$ref": "Application"
},
"scopes": [
"https://www.googleapis.com/auth/admin.datatransfer",
"https://www.googleapis.com/auth/admin.datatransfer.readonly"
]
},
"list": {
"description": "Lists the applications available for data transfer for a customer.",
"httpMethod": "GET",
"id": "datatransfer.applications.list",
"parameters": {
"customerId": {
"description": "Immutable ID of the G Suite account.",
"location": "query",
"type": "string"
},
"maxResults": {
"description": "Maximum number of results to return. Default is 100.",
"format": "int32",
"location": "query",
"maximum": "500",
"minimum": "1",
"type": "integer"
},
"pageToken": {
"description": "Token to specify next page in the list.",
"location": "query",
"type": "string"
}
},
"path": "applications",
"response": {
"$ref": "ApplicationsListResponse"
},
"scopes": [
"https://www.googleapis.com/auth/admin.datatransfer",
"https://www.googleapis.com/auth/admin.datatransfer.readonly"
]
}
}
},
"transfers": {
"methods": {
"get": {
"description": "Retrieves a data transfer request by its resource ID.",
"httpMethod": "GET",
"id": "datatransfer.transfers.get",
"parameterOrder": [
"dataTransferId"
],
"parameters": {
"dataTransferId": {
"description": "ID of the resource to be retrieved. This is returned in the response from the insert method.",
"location": "path",
"required": true,
"type": "string"
}
},
"path": "transfers/{dataTransferId}",
"response": {
"$ref": "DataTransfer"
},
"scopes": [
"https://www.googleapis.com/auth/admin.datatransfer",
"https://www.googleapis.com/auth/admin.datatransfer.readonly"
]
},
"insert": {
"description": "Inserts a data transfer request.",
"httpMethod": "POST",
"id": "datatransfer.transfers.insert",
"path": "transfers",
"request": {
"$ref": "DataTransfer"
},
"response": {
"$ref": "DataTransfer"
},
"scopes": [
"https://www.googleapis.com/auth/admin.datatransfer"
]
},
"list": {
"description": "Lists the transfers for a customer by source user, destination user, or status.",
"httpMethod": "GET",
"id": "datatransfer.transfers.list",
"parameters": {
"customerId": {
"description": "Immutable ID of the G Suite account.",
"location": "query",
"type": "string"
},
"maxResults": {
"description": "Maximum number of results to return. Default is 100.",
"format": "int32",
"location": "query",
"maximum": "500",
"minimum": "1",
"type": "integer"
},
"newOwnerUserId": {
"description": "Destination user's profile ID.",
"location": "query",
"type": "string"
},
"oldOwnerUserId": {
"description": "Source user's profile ID.",
"location": "query",
"type": "string"
},
"pageToken": {
"description": "Token to specify the next page in the list.",
"location": "query",
"type": "string"
},
"status": {
"description": "Status of the transfer.",
"location": "query",
"type": "string"
}
},
"path": "transfers",
"response": {
"$ref": "DataTransfersListResponse"
},
"scopes": [
"https://www.googleapis.com/auth/admin.datatransfer",
"https://www.googleapis.com/auth/admin.datatransfer.readonly"
]
}
}
}
},
"revision": "20191105",
"rootUrl": "https://www.googleapis.com/",
"schemas": {
"Application": {
"description": "The JSON template for an Application resource.",
"id": "Application",
"properties": {
"etag": {
"description": "Etag of the resource.",
"type": "string"
},
"id": {
"description": "The application's ID.",
"format": "int64",
"type": "string"
},
"kind": {
"default": "admin#datatransfer#ApplicationResource",
"description": "Identifies the resource as a DataTransfer Application Resource.",
"type": "string"
},
"name": {
"description": "The application's name.",
"type": "string"
},
"transferParams": {
"description": "The list of all possible transfer parameters for this application. These parameters can be used to select the data of the user in this application to be transferred.",
"items": {
"$ref": "ApplicationTransferParam"
},
"type": "array"
}
},
"type": "object"
},
"ApplicationDataTransfer": {
"description": "Template to map fields of ApplicationDataTransfer resource.",
"id": "ApplicationDataTransfer",
"properties": {
"applicationId": {
"description": "The application's ID.",
"format": "int64",
"type": "string"
},
"applicationTransferParams": {
"description": "The transfer parameters for the application. These parameters are used to select the data which will get transferred in context of this application.",
"items": {
"$ref": "ApplicationTransferParam"
},
"type": "array"
},
"applicationTransferStatus": {
"description": "Current status of transfer for this application. (Read-only)",
"type": "string"
}
},
"type": "object"
},
"ApplicationTransferParam": {
"description": "Template for application transfer parameters.",
"id": "ApplicationTransferParam",
"properties": {
"key": {
"description": "The type of the transfer parameter. eg: 'PRIVACY_LEVEL'",
"type": "string"
},
"value": {
"description": "The value of the corresponding transfer parameter. eg: 'PRIVATE' or 'SHARED'",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"ApplicationsListResponse": {
"description": "Template for a collection of Applications.",
"id": "ApplicationsListResponse",
"properties": {
"applications": {
"description": "List of applications that support data transfer and are also installed for the customer.",
"items": {
"$ref": "Application"
},
"type": "array"
},
"etag": {
"description": "ETag of the resource.",
"type": "string"
},
"kind": {
"default": "admin#datatransfer#applicationsList",
"description": "Identifies the resource as a collection of Applications.",
"type": "string"
},
"nextPageToken": {
"description": "Continuation token which will be used to specify next page in list API.",
"type": "string"
}
},
"type": "object"
},
"DataTransfer": {
"description": "The JSON template for a DataTransfer resource.",
"id": "DataTransfer",
"properties": {
"applicationDataTransfers": {
"description": "List of per application data transfer resources. It contains data transfer details of the applications associated with this transfer resource. Note that this list is also used to specify the applications for which data transfer has to be done at the time of the transfer resource creation.",
"items": {
"$ref": "ApplicationDataTransfer"
},
"type": "array"
},
"etag": {
"description": "ETag of the resource.",
"type": "string"
},
"id": {
"description": "The transfer's ID (Read-only).",
"type": "string"
},
"kind": {
"default": "admin#datatransfer#DataTransfer",
"description": "Identifies the resource as a DataTransfer request.",
"type": "string"
},
"newOwnerUserId": {
"description": "ID of the user to whom the data is being transferred.",
"type": "string"
},
"oldOwnerUserId": {
"description": "ID of the user whose data is being transferred.",
"type": "string"
},
"overallTransferStatusCode": {
"description": "Overall transfer status (Read-only).",
"type": "string"
},
"requestTime": {
"description": "The time at which the data transfer was requested (Read-only).",
"format": "date-time",
"type": "string"
}
},
"type": "object"
},
"DataTransfersListResponse": {
"description": "Template for a collection of DataTransfer resources.",
"id": "DataTransfersListResponse",
"properties": {
"dataTransfers": {
"description": "List of data transfer requests.",
"items": {
"$ref": "DataTransfer"
},
"type": "array"
},
"etag": {
"description": "ETag of the resource.",
"type": "string"
},
"kind": {
"default": "admin#datatransfer#dataTransfersList",
"description": "Identifies the resource as a collection of data transfer requests.",
"type": "string"
},
"nextPageToken": {
"description": "Continuation token which will be used to specify next page in list API.",
"type": "string"
}
},
"type": "object"
}
},
"servicePath": "admin/datatransfer/v1/",
"title": "Admin Data Transfer API",
"version": "datatransfer_v1"
}

6921
etc/api/admin/directory_v1/admin-api.json
View File

File diff suppressed because it is too large Load Diff

1012
etc/api/admin/reports_v1/admin-api.json
View File

File diff suppressed because it is too large Load Diff

8
etc/api/admob/v1/admob-api.json
View File

@@ -108,7 +108,7 @@
],
"parameters": {
"name": {
"description": "Resource name of the publisher account to retrieve.\nExample: accounts/pub-9876543210987654",
"description": "Required. Resource name of the publisher account to retrieve.\nExample: accounts/pub-9876543210987654",
"location": "path",
"pattern": "^accounts/[^/]+$",
"required": true,
@@ -207,7 +207,7 @@
}
}
},
"revision": "20200409",
"revision": "20200709",
"rootUrl": "https://admob.googleapis.com/",
"schemas": {
"Date": {
@@ -259,7 +259,7 @@
"type": "object"
},
"GenerateMediationReportResponse": {
"description": "The streaming response for the AdMob Mediation report where the first\nresponse contains the report header, then a stream of row responses, and\nfinally a footer as the last response message.\n\nFor example:\n\n [{\n \"header\": {\n \"date_range\": {\n \"start_date\": {\"year\": 2018, \"month\": 9, \"day\": 1},\n \"end_date\": {\"year\": 2018, \"month\": 9, \"day\": 30}\n }\n \"localization_settings\": {\n \"currency_code\": \"USD\",\n \"language_code\": \"en-US\"\n }\n }\n },\n {\n \"row\": {\n \"dimension_values\": {\n \"DATE\": {\"value\": \"20180918\"},\n \"APP\": {\n \"value\": \"ca-app-pub-8123415297019784~1001342552\",\n \"display_label\": \"My app name!\"\n }\n },\n \"metric_values\": {\n \"ESTIMATED_EARNINGS\": {\"decimal_value\": \"1324746\"}\n }\n }\n },\n {\n \"footer\": {\"matching_row_count\": 1}\n }]",
"description": "The streaming response for the AdMob Mediation report where the first\nresponse contains the report header, then a stream of row responses, and\nfinally a footer as the last response message.\n\nFor example:\n\n [{\n \"header\": {\n \"date_range\": {\n \"start_date\": {\"year\": 2018, \"month\": 9, \"day\": 1},\n \"end_date\": {\"year\": 2018, \"month\": 9, \"day\": 1}\n },\n \"localization_settings\": {\n \"currency_code\": \"USD\",\n \"language_code\": \"en-US\"\n }\n }\n },\n {\n \"row\": {\n \"dimension_values\": {\n \"DATE\": {\"value\": \"20180918\"},\n \"APP\": {\n \"value\": \"ca-app-pub-8123415297019784~1001342552\",\n \"display_label\": \"My app name!\"\n }\n },\n \"metric_values\": {\n \"ESTIMATED_EARNINGS\": {\"decimal_value\": \"1324746\"}\n }\n }\n },\n {\n \"footer\": {\"matching_row_count\": 1}\n }]",
"id": "GenerateMediationReportResponse",
"properties": {
"footer": {
@@ -289,7 +289,7 @@
"type": "object"
},
"GenerateNetworkReportResponse": {
"description": "The streaming response for the AdMob Network report where the first response\ncontains the report header, then a stream of row responses, and finally a\nfooter as the last response message.\n\nFor example:\n\n [{\n \"header\": {\n \"dateRange\": {\n \"startDate\": {\"year\": 2018, \"month\": 9, \"day\": 1},\n \"endDate\": {\"year\": 2018, \"month\": 9, \"day\": 30}\n }\n \"localizationSettings\": {\n \"currencyCode\": \"USD\",\n \"languageCode\": \"en-US\"\n }\n }\n },\n {\n \"row\": {\n \"dimensionValues\": {\n \"DATE\": {\"value\": \"20180918\"},\n \"APP\": {\n \"value\": \"ca-app-pub-8123415297019784~1001342552\",\n displayLabel: \"My app name!\"\n }\n },\n \"metricValues\": {\n \"ESTIMATED_EARNINGS\": {\"microsValue\": 6500000}\n }\n }\n },\n ...\n {\n \"footer\": {\"matchingRowCount\": 5}\n }]",
"description": "The streaming response for the AdMob Network report where the first response\ncontains the report header, then a stream of row responses, and finally a\nfooter as the last response message.\n\nFor example:\n\n [{\n \"header\": {\n \"dateRange\": {\n \"startDate\": {\"year\": 2018, \"month\": 9, \"day\": 1},\n \"endDate\": {\"year\": 2018, \"month\": 9, \"day\": 1}\n },\n \"localizationSettings\": {\n \"currencyCode\": \"USD\",\n \"languageCode\": \"en-US\"\n }\n }\n },\n {\n \"row\": {\n \"dimensionValues\": {\n \"DATE\": {\"value\": \"20180918\"},\n \"APP\": {\n \"value\": \"ca-app-pub-8123415297019784~1001342552\",\n displayLabel: \"My app name!\"\n }\n },\n \"metricValues\": {\n \"ESTIMATED_EARNINGS\": {\"microsValue\": 6500000}\n }\n }\n },\n {\n \"footer\": {\"matchingRowCount\": 1}\n }]",
"id": "GenerateNetworkReportResponse",
"properties": {
"footer": {

2
etc/api/adsense/v1.4/adsense-api.json
View File

@@ -1654,7 +1654,7 @@
}
}
},
"revision": "20200407",
"revision": "20200708",
"rootUrl": "https://www.googleapis.com/",
"schemas": {
"Account": {

2
etc/api/adsensehost/v4.1/adsensehost-api.json
View File

@@ -1076,7 +1076,7 @@
}
}
},
"revision": "20200407",
"revision": "20200709",
"rootUrl": "https://www.googleapis.com/",
"schemas": {
"Account": {

2
etc/api/alertcenter/v1beta1/alertcenter-api.json
View File

@@ -423,7 +423,7 @@
}
}
},
"revision": "20200406",
"revision": "20200704",
"rootUrl": "https://alertcenter.googleapis.com/",
"schemas": {
"AccountWarning": {

2
etc/api/analyticsreporting/v4/analyticsreporting-api.json
View File

@@ -155,7 +155,7 @@
}
}
},
"revision": "20200405",
"revision": "20200707",
"rootUrl": "https://analyticsreporting.googleapis.com/",
"schemas": {
"Activity": {

38
etc/api/androiddeviceprovisioning/v1/androiddeviceprovisioning-api.json
View File

@@ -825,7 +825,7 @@
}
}
},
"revision": "20200408",
"revision": "20200708",
"rootUrl": "https://androiddeviceprovisioning.googleapis.com/",
"schemas": {
"ClaimDeviceRequest": {
@@ -839,7 +839,7 @@
},
"deviceIdentifier": {
"$ref": "DeviceIdentifier",
"description": "Required. The device identifier of the device to claim."
"description": "Required. Required. The device identifier of the device to claim."
},
"deviceMetadata": {
"$ref": "DeviceMetadata",
@@ -897,7 +897,7 @@
"id": "Company",
"properties": {
"adminEmails": {
"description": "Optional. Input only. Email address of customer's users in the admin role.\nEach email address must be associated with a Google Account.",
"description": "Optional. Email address of customer's users in the admin role.\nEach email address must be associated with a Google Account.",
"items": {
"type": "string"
},
@@ -917,7 +917,7 @@
"type": "string"
},
"ownerEmails": {
"description": "Input only. Email address of customer's users in the owner role. At least\none `owner_email` is required. Each email address must be associated with a\nGoogle Account. Owners share the same access as admins but can also add,\ndelete, and edit your organization's portal users.",
"description": "Required. Input only. Email address of customer's users in the owner role. At least\none `owner_email` is required. Each email address must be associated with a\nGoogle Account. Owners share the same access as admins but can also add,\ndelete, and edit your organization's portal users.",
"items": {
"type": "string"
},
@@ -1124,11 +1124,11 @@
},
"deviceIdentifier": {
"$ref": "DeviceIdentifier",
"description": "The hardware IDs that identify a manufactured device. To learn more, read\n[Identifiers](/zero-touch/guides/identifiers)."
"description": "The hardware IDs that identify a manufactured device. To learn more, read\n[Identifiers](https://developers.google.com/zero-touch/guides/identifiers)."
},
"deviceMetadata": {
"$ref": "DeviceMetadata",
"description": "The metadata attached to the device. Structured as key-value pairs. To\nlearn more, read [Device metadata](/zero-touch/guides/metadata)."
"description": "The metadata attached to the device. Structured as key-value pairs. To\nlearn more, read [Device\nmetadata](https://developers.google.com/zero-touch/guides/metadata)."
},
"name": {
"description": "Output only. The API resource name in the format\n`partners/[PARTNER_ID]/devices/[DEVICE_ID]`. Assigned by the server.",
@@ -1179,7 +1179,7 @@
"type": "object"
},
"DeviceIdentifier": {
"description": "Encapsulates hardware and product IDs to identify a manufactured device.\nTo understand requirements on identifier sets, read\n[Identifiers](/zero-touch/guides/identifiers).",
"description": "Encapsulates hardware and product IDs to identify a manufactured device.\nTo understand requirements on identifier sets, read\n[Identifiers](https://developers.google.com/zero-touch/guides/identifiers).",
"id": "DeviceIdentifier",
"properties": {
"imei": {
@@ -1206,7 +1206,7 @@
"type": "object"
},
"DeviceMetadata": {
"description": "Metadata entries that can be attached to a `Device`. To learn more, read\n[Device metadata](/zero-touch/guides/metadata).",
"description": "Metadata entries that can be attached to a `Device`. To learn more, read\n[Device metadata](https://developers.google.com/zero-touch/guides/metadata).",
"id": "DeviceMetadata",
"properties": {
"entries": {
@@ -1220,7 +1220,7 @@
"type": "object"
},
"DeviceReference": {
"description": "A `DeviceReference` is an API abstraction that lets you supply a _device_\nargument to a method using one of the following identifier types:\n\n* A numeric API resource ID.\n* Real-world hardware IDs, such as IMEI number, belonging to the manufactured\n device.\n\nMethods that operate on devices take a `DeviceReference` as a parameter type\nbecause it's more flexible for the caller. To learn more about device\nidentifiers, read [Identifiers](/zero-touch/guides/identifiers).",
"description": "A `DeviceReference` is an API abstraction that lets you supply a _device_\nargument to a method using one of the following identifier types:\n\n* A numeric API resource ID.\n* Real-world hardware IDs, such as IMEI number, belonging to the manufactured\n device.\n\nMethods that operate on devices take a `DeviceReference` as a parameter type\nbecause it's more flexible for the caller. To learn more about device\nidentifiers, read\n[Identifiers](https://developers.google.com/zero-touch/guides/identifiers).",
"id": "DeviceReference",
"properties": {
"deviceId": {
@@ -1318,7 +1318,7 @@
"properties": {
"deviceIdentifier": {
"$ref": "DeviceIdentifier",
"description": "Required. The device identifier to search for."
"description": "Required. Required. The device identifier to search for."
},
"limit": {
"description": "Required. The maximum number of devices to show in a page of results. Must\nbe between 1 and 100 inclusive.",
@@ -1554,7 +1554,7 @@
},
"deviceIdentifier": {
"$ref": "DeviceIdentifier",
"description": "Required. Device identifier of the device."
"description": "Required. Required. Device identifier of the device."
},
"deviceMetadata": {
"$ref": "DeviceMetadata",
@@ -1582,13 +1582,13 @@
"id": "PartnerUnclaim",
"properties": {
"deviceId": {
"description": "Device ID of the device.",
"description": "Required. Device ID of the device.",
"format": "int64",
"type": "string"
},
"deviceIdentifier": {
"$ref": "DeviceIdentifier",
"description": "Device identifier of the device."
"description": "Required. Device identifier of the device."
},
"sectionType": {
"description": "Required. The section type of the device's provisioning record.",
@@ -1605,12 +1605,12 @@
"type": "string"
},
"vacationModeDays": {
"description": "The duration of the vacation unlock starting from when the request is\nprocessed. (1 day is treated as 24 hours)",
"description": "Optional. The duration of the vacation unlock starting from when the request is\nprocessed. (1 day is treated as 24 hours)",
"format": "int32",
"type": "integer"
},
"vacationModeExpireTime": {
"description": "The expiration time of the vacation unlock.",
"description": "Optional. The expiration time of the vacation unlock.",
"format": "google-datetime",
"type": "string"
}
@@ -1693,13 +1693,13 @@
"id": "UnclaimDeviceRequest",
"properties": {
"deviceId": {
"description": "The device ID returned by `ClaimDevice`.",
"description": "Required. The device ID returned by `ClaimDevice`.",
"format": "int64",
"type": "string"
},
"deviceIdentifier": {
"$ref": "DeviceIdentifier",
"description": "The device identifier you used when you claimed this device."
"description": "Required. The device identifier you used when you claimed this device."
},
"sectionType": {
"description": "Required. The section type of the device's provisioning record.",
@@ -1772,13 +1772,13 @@
"id": "UpdateMetadataArguments",
"properties": {
"deviceId": {
"description": "Device ID of the device.",
"description": "Required. Device ID of the device.",
"format": "int64",
"type": "string"
},
"deviceIdentifier": {
"$ref": "DeviceIdentifier",
"description": "Device identifier."
"description": "Required. Device identifier."
},
"deviceMetadata": {
"$ref": "DeviceMetadata",

1463
etc/api/androidenterprise/v1/androidenterprise-api.json
View File

File diff suppressed because it is too large Load Diff

131
etc/api/androidmanagement/v1/androidmanagement-api.json
View File

@@ -924,7 +924,7 @@
}
}
},
"revision": "20200330",
"revision": "20200701",
"rootUrl": "https://androidmanagement.googleapis.com/",
"schemas": {
"AdvancedSecurityOverrides": {
@@ -1300,6 +1300,20 @@
"description": "Number of days the policy is non-compliant before the device or work profile is blocked. To block access immediately, set to 0. blockAfterDays must be less than wipeAfterDays.",
"format": "int32",
"type": "integer"
},
"blockScope": {
"description": "Specifies the scope of this BlockAction. Only applicable to devices that are company-owned.",
"enum": [
"BLOCK_SCOPE_UNSPECIFIED",
"BLOCK_SCOPE_WORK_PROFILE",
"BLOCK_SCOPE_DEVICE"
],
"enumDescriptions": [
"Unspecified. Defaults to BLOCK_SCOPE_WORK_PROFILE.",
"Block action is only applied to apps in the work profile. Apps in the personal profile are unaffected.",
"Block action is applied to the entire device, including apps in the personal profile."
],
"type": "string"
}
},
"type": "object"
@@ -1591,6 +1605,20 @@
},
"type": "array"
},
"ownership": {
"description": "Ownership of the managed device.",
"enum": [
"OWNERSHIP_UNSPECIFIED",
"COMPANY_OWNED",
"PERSONALLY_OWNED"
],
"enumDescriptions": [
"Ownership is unspecified.",
"Device is company-owned.",
"Device is personally-owned."
],
"type": "string"
},
"policyCompliant": {
"description": "Whether the device is compliant with its policy.",
"type": "boolean"
@@ -1778,6 +1806,20 @@
"description": "Optional, arbitrary data associated with the enrollment token. This could contain, for example, the ID of an org unit the device is assigned to after enrollment. After a device enrolls with the token, this data will be exposed in the enrollment_token_data field of the Device resource. The data must be 1024 characters or less; otherwise, the creation request will fail.",
"type": "string"
},
"allowPersonalUsage": {
"description": "Controls personal usage on devices provisioned using this enrollment token.",
"enum": [
"ALLOW_PERSONAL_USAGE_UNSPECIFIED",
"PERSONAL_USAGE_ALLOWED",
"PERSONAL_USAGE_DISALLOWED"
],
"enumDescriptions": [
"Personal usage restriction is not specified",
"Personal usage is allowed",
"Personal usage is disallowed"
],
"type": "string"
},
"duration": {
"description": "The length of time the enrollment token is valid, ranging from 1 minute to 30 days. If not specified, the default duration is 1 hour.",
"format": "google-duration",
@@ -2785,6 +2827,75 @@
},
"type": "object"
},
"PersonalApplicationPolicy": {
"description": "Policies for apps on the personal profile of a Corporate Owned Personally Enabled device.",
"id": "PersonalApplicationPolicy",
"properties": {
"installType": {
"description": "The type of installation to perform.",
"enum": [
"INSTALL_TYPE_UNSPECIFIED",
"BLOCKED"
],
"enumDescriptions": [
"Unspecified. The default behavior is that all installs are allowed.",
"The app is blocked and can't be installed."
],
"type": "string"
},
"packageName": {
"description": "The package name of the application.",
"type": "string"
}
},
"type": "object"
},
"PersonalUsagePolicies": {
"description": "Policies controlling personal usage on a Corporate Owned Personally Enabled device.",
"id": "PersonalUsagePolicies",
"properties": {
"accountTypesWithManagementDisabled": {
"description": "Account types that can't be managed by the user.",
"items": {
"type": "string"
},
"type": "array"
},
"cameraDisabled": {
"description": "Whether camera is disabled.",
"type": "boolean"
},
"maxDaysWithWorkOff": {
"description": "Controls how long the work profile can stay off.",
"format": "int32",
"type": "integer"
},
"personalApplications": {
"description": "Policy applied to applications on the personal profile.",
"items": {
"$ref": "PersonalApplicationPolicy"
},
"type": "array"
},
"personalPlayStoreMode": {
"description": "Controls how apps on the personal profile are allowed or blocked.",
"enum": [
"PLAY_STORE_MODE_UNSPECIFIED",
"BLACKLIST"
],
"enumDescriptions": [
"Unspecified. Default behavior is to allow all installs.",
"All Play Store apps are available, except those whose install_type is BLOCKED in PersonalApplicationPolicy."
],
"type": "string"
},
"screenCaptureDisabled": {
"description": "Whether screen capture is disabled.",
"type": "boolean"
}
},
"type": "object"
},
"Policy": {
"description": "A policy resource represents a group of settings that govern the behavior of a managed device and the apps installed on it.",
"id": "Policy",
@@ -3123,6 +3234,10 @@
},
"type": "array"
},
"personalUsagePolicies": {
"$ref": "PersonalUsagePolicies",
"description": "Policies managing personal usage on a company-owned device."
},
"playStoreMode": {
"description": "This mode controls which apps are available to the user in the Play Store and the behavior on the device when apps are removed from the policy.",
"enum": [
@@ -3434,6 +3549,20 @@
"description": "A resource containing sign in details for an enterprise.",
"id": "SigninDetail",
"properties": {
"allowPersonalUsage": {
"description": "Controls whether personal usage is allowed on a device provisioned with this enrollment token.For company-owned devices:\nEnabling personal usage allows the user to set up a work profile on the device.\nDisabling personal usage requires the user provision the device as a fully managed device.For personally-owned devices:\nEnabling personal usage allows the user to set up a work profile on the device.\nDisabling personal usage will prevent the device from provisioning. Personal usage cannot be disabled on personally-owned device.",
"enum": [
"ALLOW_PERSONAL_USAGE_UNSPECIFIED",
"PERSONAL_USAGE_ALLOWED",
"PERSONAL_USAGE_DISALLOWED"
],
"enumDescriptions": [
"Personal usage restriction is not specified",
"Personal usage is allowed",
"Personal usage is disallowed"
],
"type": "string"
},
"qrCode": {
"description": "A JSON string whose UTF-8 representation can be used to generate a QR code to enroll a device with this enrollment token. To enroll a device using NFC, the NFC record must contain a serialized java.util.Properties representation of the properties in the JSON. This is a read-only field generated by the server.",
"type": "string"

1479
etc/api/androidpublisher/v3/androidpublisher-api.json
View File

File diff suppressed because it is too large Load Diff

77
etc/api/api-list.yaml
View File

@@ -8,6 +8,7 @@ api:
acceleratedmobilepageurl:
- v1
accessapproval:
- v1
- v1beta1
accesscontextmanager:
- v1
@@ -24,6 +25,8 @@ api:
admin:
- directory_v1
- reports_v1
admob:
- v1
adsense:
- v1.4
adsensehost:
@@ -43,6 +46,8 @@ api:
androidpublisher:
- v2
- v3
apigee:
- v1
appengine:
- v1
- v1beta4
@@ -51,17 +56,26 @@ api:
- v1
appstate:
- v1
artifactregistry:
- v1beta1
audit:
- v1
autoscaler:
- v1beta2
bigquery:
- v2
bigqueryconnection:
- v1beta1
bigquerydatatransfer:
- v1
bigqueryreservation:
- v1
bigtableadmin:
- v2
billingbudgets:
- v1beta1
binaryauthorization:
- v1
- v1beta1
blogger:
- v3
@@ -71,6 +85,8 @@ api:
- v3
chat:
- v1
chromeuxreport:
- v1
civicinfo:
- v2
classroom:
@@ -144,6 +160,8 @@ api:
- v1
customsearch:
- v1
datacatalog:
- v1beta1
dataflow:
- v1b4
datafusion:
@@ -161,6 +179,7 @@ api:
- v3.0
- v3.2
- v3.3
- v3.4
dialogflow:
- v2
- v2beta1
@@ -168,13 +187,22 @@ api:
- v1
discovery:
- v1
displayvideo:
- v1
dlp:
- v2
- v2beta1
dns:
- v1
docs:
- v1
documentai:
- v1beta2
domainsrdap:
- v1
doubleclickbidmanager:
- v1
- v1.1
doubleclicksearch:
- v2
drive:
@@ -194,7 +222,10 @@ api:
firebasedynamiclinks:
- v1
firebasehosting:
- v1
- v1beta1
firebaseml:
- v1
firebaseremoteconfig:
- v1
firebaserules:
@@ -212,6 +243,8 @@ api:
- v1
gamesconfiguration:
- v1configuration
gameservices:
- v1
gamesmanagement:
- v1management
gan:
@@ -220,12 +253,17 @@ api:
- v1
gmail:
- v1
gmailpostmastertools:
- v1beta1
groupsmigration:
- v1
groupssettings:
- v1
healthcare:
- v1
- v1beta1
homegraph:
- v1
iam:
- v1
iamcredentials:
@@ -248,15 +286,21 @@ api:
- v1
licensing:
- v1
lifesciences:
- v2beta
logging:
- v2
- v2beta1
managedidentities:
- v1
manager:
- v1beta2
manufacturers:
- v1
mapsengine:
- v1
memcache:
- v1beta2
mirror:
- v1
ml:
@@ -265,10 +309,14 @@ api:
- v3
mybusiness:
- v4
networkmanagement:
- v1
oauth2:
- v2
osconfig:
- v1
- v1alpha2
- v1beta
oslogin:
- v1
- v1beta
@@ -282,6 +330,8 @@ api:
- v1
photoslibrary:
- v1
playablelocations:
- v3
playcustomapp:
- v1
playmoviespartner:
@@ -290,10 +340,14 @@ api:
- v1
plusdomains:
- v1
policytroubleshooter:
- v1
poly:
- v1
prediction:
- v1.6
prod_tt_sasportal:
- v1alpha1
proximitybeacon:
- v1beta1
pubsub:
@@ -301,6 +355,11 @@ api:
- v1beta2
qpxexpress:
- v1
realtimebidding:
- v1
recommender:
- v1
- v1beta1
redis:
- v1
remotebuildexecution:
@@ -320,10 +379,15 @@ api:
- v1beta1
safebrowsing:
- v4
sasportal:
- v1alpha1
script:
- v1
searchconsole:
- v1
secretmanager:
- v1
- v1beta1
securitycenter:
- v1
servicebroker:
@@ -332,6 +396,9 @@ api:
- v1
servicecontrol:
- v1
- v2
servicedirectory:
- v1beta1
servicemanagement:
- v1
servicenetworking:
@@ -358,6 +425,8 @@ api:
speech:
- v1
- v1beta1
sql:
- v1beta4
sqladmin:
- v1beta4
storage:
@@ -380,16 +449,24 @@ api:
texttospeech:
- v1
toolresults:
- v1
- v1beta3
tpu:
- v1
- v1alpha1
trafficdirector:
- v2
translate:
- v2
- v3
urlshortener:
- v1
vault:
- v1
vectortile:
- v1
verifiedaccess:
- v1
videointelligence:
- v1
- v1beta1

7568
etc/api/apigee/v1/apigee-api.json Normal file
View File

File diff suppressed because it is too large Load Diff

18
etc/api/appengine/v1/appengine-api.json
View File

@@ -1573,7 +1573,7 @@
}
}
},
"revision": "20200403",
"revision": "20200701",
"rootUrl": "https://appengine.googleapis.com/",
"schemas": {
"ApiConfigHandler": {
@@ -1662,6 +1662,22 @@
"description": "Google Cloud Storage bucket that can be used for storing files associated with this application. This bucket is associated with the application and can be used by the gcloud deployment commands.@OutputOnly",
"type": "string"
},
"databaseType": {
"description": "The type of the Cloud Firestore or Cloud Datastore database associated with this application.",
"enum": [
"DATABASE_TYPE_UNSPECIFIED",
"CLOUD_DATASTORE",
"CLOUD_FIRESTORE",
"CLOUD_DATASTORE_COMPATIBILITY"
],
"enumDescriptions": [
"Database type is unspecified.",
"Cloud Datastore",
"Cloud Firestore Native",
"Cloud Firestore in Datastore Mode"
],
"type": "string"
},
"defaultBucket": {
"description": "Google Cloud Storage bucket that can be used by this application to store content.@OutputOnly",
"type": "string"

2
etc/api/appengine/v1alpha/appengine-api.json
View File

@@ -695,7 +695,7 @@
}
}
},
"revision": "20200403",
"revision": "20200701",
"rootUrl": "https://appengine.googleapis.com/",
"schemas": {
"AuthorizedCertificate": {

18
etc/api/appengine/v1beta/appengine-api.json
View File

@@ -1573,7 +1573,7 @@
}
}
},
"revision": "20200403",
"revision": "20200701",
"rootUrl": "https://appengine.googleapis.com/",
"schemas": {
"ApiConfigHandler": {
@@ -1662,6 +1662,22 @@
"description": "Google Cloud Storage bucket that can be used for storing files associated with this application. This bucket is associated with the application and can be used by the gcloud deployment commands.@OutputOnly",
"type": "string"
},
"databaseType": {
"description": "The type of the Cloud Firestore or Cloud Datastore database associated with this application.",
"enum": [
"DATABASE_TYPE_UNSPECIFIED",
"CLOUD_DATASTORE",
"CLOUD_FIRESTORE",
"CLOUD_DATASTORE_COMPATIBILITY"
],
"enumDescriptions": [
"Database type is unspecified.",
"Cloud Datastore",
"Cloud Firestore Native",
"Cloud Firestore in Datastore Mode"
],
"type": "string"
},
"defaultBucket": {
"description": "Google Cloud Storage bucket that can be used by this application to store content.@OutputOnly",
"type": "string"

4
etc/api/appsactivity/v1/appsactivity-api.json
View File

@@ -14,7 +14,7 @@
"description": "Provides a historical view of activity.",
"discoveryVersion": "v1",
"documentationLink": "https://developers.google.com/google-apps/activity/",
"etag": "\"u9GIe6H63LSGq-9_t39K2Zx_EAc/rwk4WL3MtQtqWL81CbRykDH0ZLo\"",
"etag": "\"-2NioU2H8y8siEzrBOV_qzRI6kQ/taM_2jThRCVPrSu6zXaiRaqPiXA\"",
"icons": {
"x16": "https://www.gstatic.com/images/branding/product/1x/googleg_16dp.png",
"x32": "https://www.gstatic.com/images/branding/product/1x/googleg_32dp.png"
@@ -137,7 +137,7 @@
}
}
},
"revision": "20200405",
"revision": "20200628",
"rootUrl": "https://www.googleapis.com/",
"schemas": {
"Activity": {

1565
etc/api/artifactregistry/v1beta1/artifactregistry-api.json Normal file
View File

File diff suppressed because it is too large Load Diff

404
etc/api/bigquery/v2/bigquery-api.json
View File

@@ -1265,6 +1265,37 @@
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"getIamPolicy": {
"description": "Gets the access control policy for a resource.\nReturns an empty policy if the resource exists and does not have a policy\nset.",
"flatPath": "projects/{projectsId}/datasets/{datasetsId}/tables/{tablesId}:getIamPolicy",
"httpMethod": "POST",
"id": "bigquery.tables.getIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/datasets/[^/]+/tables/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "{+resource}:getIamPolicy",
"request": {
"$ref": "GetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/bigquery",
"https://www.googleapis.com/auth/bigquery.readonly",
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"insert": {
"description": "Creates a new, empty table in the dataset.",
"httpMethod": "POST",
@@ -1384,6 +1415,66 @@
"https://www.googleapis.com/auth/cloud-platform"
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
"flatPath": "projects/{projectsId}/datasets/{datasetsId}/tables/{tablesId}:setIamPolicy",
"httpMethod": "POST",
"id": "bigquery.tables.setIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/datasets/[^/]+/tables/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "{+resource}:setIamPolicy",
"request": {
"$ref": "SetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/bigquery",
"https://www.googleapis.com/auth/cloud-platform"
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a `NOT_FOUND` error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"flatPath": "projects/{projectsId}/datasets/{datasetsId}/tables/{tablesId}:testIamPermissions",
"httpMethod": "POST",
"id": "bigquery.tables.testIamPermissions",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^projects/[^/]+/datasets/[^/]+/tables/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "{+resource}:testIamPermissions",
"request": {
"$ref": "TestIamPermissionsRequest"
},
"response": {
"$ref": "TestIamPermissionsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/bigquery",
"https://www.googleapis.com/auth/bigquery.readonly",
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/cloud-platform.read-only"
]
},
"update": {
"description": "Updates information in an existing table. The update method replaces the entire table resource, whereas the patch method only replaces fields that are provided in the submitted table resource.",
"httpMethod": "PUT",
@@ -1428,7 +1519,7 @@
}
}
},
"revision": "20200330",
"revision": "20200625",
"rootUrl": "https://bigquery.googleapis.com/",
"schemas": {
"AggregateClassificationMetrics": {
@@ -1551,17 +1642,17 @@
"id": "ArimaFittingMetrics",
"properties": {
"aic": {
"description": "AIC",
"description": "AIC.",
"format": "double",
"type": "number"
},
"logLikelihood": {
"description": "log-likelihood",
"description": "Log-likelihood.",
"format": "double",
"type": "number"
},
"variance": {
"description": "variance.",
"description": "Variance.",
"format": "double",
"type": "number"
}
@@ -1580,9 +1671,42 @@
"$ref": "ArimaFittingMetrics",
"description": "Arima fitting metrics."
},
"hasDrift": {
"description": "Whether Arima model fitted with drift or not. It is always false\nwhen d is not 1.",
"type": "boolean"
},
"nonSeasonalOrder": {
"$ref": "ArimaOrder",
"description": "Non-seasonal order."
},
"seasonalPeriods": {
"description": "Seasonal periods. Repeated because multiple periods are supported\nfor one time series.",
"enumDescriptions": [
"",
"No seasonality",
"Daily period, 24 hours.",
"Weekly period, 7 days.",
"Monthly period, 30 days or irregular.",
"Quarterly period, 90 days or irregular.",
"Yearly period, 365 days or irregular."
],
"items": {
"enum": [
"SEASONAL_PERIOD_TYPE_UNSPECIFIED",
"NO_SEASONALITY",
"DAILY",
"WEEKLY",
"MONTHLY",
"QUARTERLY",
"YEARLY"
],
"type": "string"
},
"type": "array"
},
"timeSeriesId": {
"description": "The id to indicate different time series.",
"type": "string"
}
},
"type": "object"
@@ -1627,9 +1751,9 @@
"No seasonality",
"Daily period, 24 hours.",
"Weekly period, 7 days.",
"Monthly period, can be as 30 days or irregular.",
"Quarterly period, can be as 90 days or irregular.",
"Yearly period, can be as 365 days or irregular."
"Monthly period, 30 days or irregular.",
"Quarterly period, 90 days or irregular.",
"Yearly period, 365 days or irregular."
],
"items": {
"enum": [
@@ -1648,6 +1772,54 @@
},
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
"description": "The configuration for logging of each type of permission.",
"items": {
"$ref": "AuditLogConfig"
},
"type": "array"
},
"service": {
"description": "Specifies a service that will be enabled for audit logging.\nFor example, `storage.googleapis.com`, `cloudsql.googleapis.com`.\n`allServices` is a special value that covers all services.",
"type": "string"
}
},
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
"description": "Specifies the identities that do not cause logging for this type of\npermission.\nFollows the same format of Binding.members.",
"items": {
"type": "string"
},
"type": "array"
},
"logType": {
"description": "The log type that this config enables.",
"enum": [
"LOG_TYPE_UNSPECIFIED",
"ADMIN_READ",
"DATA_WRITE",
"DATA_READ"
],
"enumDescriptions": [
"Default case. Should never be this.",
"Admin reads. Example: CloudIAM getIamPolicy",
"Data writes. Example: CloudSQL Users create",
"Data reads. Example: CloudSQL Users list"
],
"type": "string"
}
},
"type": "object"
},
"BigQueryModelTraining": {
"id": "BigQueryModelTraining",
"properties": {
@@ -1822,6 +1994,28 @@
},
"type": "object"
},
"Binding": {
"description": "Associates `members` with a `role`.",
"id": "Binding",
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
"items": {
"type": "string"
},
"type": "array"
},
"role": {
"description": "Role that is assigned to `members`.\nFor example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
"type": "string"
}
},
"type": "object"
},
"BqmlIterationResult": {
"id": "BqmlIterationResult",
"properties": {
@@ -2046,6 +2240,20 @@
},
"type": "object"
},
"ConnectionProperty": {
"id": "ConnectionProperty",
"properties": {
"key": {
"description": "[Required] Name of the connection property to set.",
"type": "string"
},
"value": {
"description": "[Required] Value of the connection property.",
"type": "string"
}
},
"type": "object"
},
"CsvOptions": {
"id": "CsvOptions",
"properties": {
@@ -2552,6 +2760,29 @@
},
"type": "object"
},
"Expr": {
"description": "Represents a textual expression in the Common Expression Language (CEL)\nsyntax. CEL is a C-like expression language. The syntax and semantics of CEL\nare documented at https://github.com/google/cel-spec.\n\nExample (Comparison):\n\n title: \"Summary size limit\"\n description: \"Determines if a summary is less than 100 chars\"\n expression: \"document.summary.size() < 100\"\n\nExample (Equality):\n\n title: \"Requestor is owner\"\n description: \"Determines if requestor is the document owner\"\n expression: \"document.owner == request.auth.claims.email\"\n\nExample (Logic):\n\n title: \"Public documents\"\n description: \"Determine whether the document should be publicly visible\"\n expression: \"document.type != 'private' && document.type != 'internal'\"\n\nExample (Data Manipulation):\n\n title: \"Notification string\"\n description: \"Create a notification string with a timestamp.\"\n expression: \"'New message received at ' + string(document.create_time)\"\n\nThe exact variables and functions that may be referenced within an expression\nare determined by the service that evaluates it. See the service\ndocumentation for additional information.",
"id": "Expr",
"properties": {
"description": {
"description": "Optional. Description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"type": "string"
},
"expression": {
"description": "Textual representation of an expression in Common Expression Language\nsyntax.",
"type": "string"
},
"location": {
"description": "Optional. String indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"type": "string"
},
"title": {
"description": "Optional. Title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"type": "string"
}
},
"type": "object"
},
"ExternalDataConfiguration": {
"id": "ExternalDataConfiguration",
"properties": {
@@ -2567,6 +2798,10 @@
"description": "[Optional] The compression type of the data source. Possible values include GZIP and NONE. The default value is NONE. This setting is ignored for Google Cloud Bigtable, Google Cloud Datastore backups and Avro formats.",
"type": "string"
},
"connectionId": {
"description": "[Optional, Trusted Tester] Connection for external data source.",
"type": "string"
},
"csvOptions": {
"$ref": "CsvOptions",
"description": "Additional properties to set if sourceFormat is set to CSV."
@@ -2575,10 +2810,6 @@
"$ref": "GoogleSheetsOptions",
"description": "[Optional] Additional options if sourceFormat is set to GOOGLE_SHEETS."
},
"hivePartitioningMode": {
"description": "[Optional, Trusted Tester] Deprecated, do not use. Please set hivePartitioningOptions instead.",
"type": "string"
},
"hivePartitioningOptions": {
"$ref": "HivePartitioningOptions",
"description": "[Optional, Trusted Tester] Options to configure hive partitioning support."
@@ -2630,6 +2861,29 @@
},
"type": "object"
},
"GetIamPolicyRequest": {
"description": "Request message for `GetIamPolicy` method.",
"id": "GetIamPolicyRequest",
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
},
"GetPolicyOptions": {
"description": "Encapsulates settings provided to GetIamPolicy.",
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"GetQueryResultsResponse": {
"id": "GetQueryResultsResponse",
"properties": {
@@ -2969,10 +3223,6 @@
"description": "[Optional] The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the data in its raw, binary state. BigQuery also supports the escape sequence \"\\t\" to specify a tab separator. The default value is a comma (',').",
"type": "string"
},
"hivePartitioningMode": {
"description": "[Optional, Trusted Tester] Deprecated, do not use. Please set hivePartitioningOptions instead.",
"type": "string"
},
"hivePartitioningOptions": {
"$ref": "HivePartitioningOptions",
"description": "[Optional, Trusted Tester] Options to configure hive partitioning support."
@@ -3072,7 +3322,7 @@
"connectionProperties": {
"description": "Connection properties.",
"items": {
"type": "any"
"$ref": "ConnectionProperty"
},
"type": "array"
},
@@ -3188,10 +3438,18 @@
"$ref": "EncryptionConfiguration",
"description": "Custom encryption configuration (e.g., Cloud KMS keys)."
},
"destinationExpirationTime": {
"description": "[Optional] The time when the destination table expires. Expired tables will be deleted and their storage reclaimed.",
"type": "any"
},
"destinationTable": {
"$ref": "TableReference",
"description": "[Required] The destination table"
},
"operationType": {
"description": "[Optional] Supported operation types in table copy job.",
"type": "string"
},
"sourceTable": {
"$ref": "TableReference",
"description": "[Pick one] Source table to copy."
@@ -3866,6 +4124,37 @@
},
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
"description": "Specifies cloud audit logging configuration for this policy.",
"items": {
"$ref": "AuditConfig"
},
"type": "array"
},
"bindings": {
"description": "Associates a list of `members` to a `role`. Optionally, may specify a\n`condition` that determines how and when the `bindings` are applied. Each\nof the `bindings` must contain at least one member.",
"items": {
"$ref": "Binding"
},
"type": "array"
},
"etag": {
"description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.",
"format": "byte",
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"ProjectList": {
"id": "ProjectList",
"properties": {
@@ -4014,7 +4303,7 @@
"connectionProperties": {
"description": "Connection properties.",
"items": {
"type": "any"
"$ref": "ConnectionProperty"
},
"type": "array"
},
@@ -4031,6 +4320,13 @@
"description": "The resource type of the request.",
"type": "string"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"description": "The labels associated with this job. You can use these to organize and group your jobs. Label keys and values can be no longer than 63 characters, can only contain lowercase letters, numeric characters, underscores and dashes. International characters are allowed. Label values are optional. Label keys must start with a letter and each label in the list must have a different key.",
"type": "object"
},
"location": {
"description": "The geographic location where the job should run. See details at https://cloud.google.com/bigquery/docs/locations#specifying_your_location.",
"type": "string"
@@ -4040,6 +4336,11 @@
"format": "uint32",
"type": "integer"
},
"maximumBytesBilled": {
"description": "[Optional] Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). If unspecified, this will be set to your project default.",
"format": "int64",
"type": "string"
},
"parameterMode": {
"description": "Standard SQL only. Set to POSITIONAL to use positional (?) query parameters or to NAMED to use named (@myparam) query parameters in this query.",
"type": "string"
@@ -4064,6 +4365,10 @@
},
"type": "array"
},
"requestId": {
"description": "A unique user provided identifier to ensure idempotent behavior for queries. Note that this is different from the job_id. It has the following properties: 1. It is case-sensitive, limited to up to 36 ASCII characters. A UUID is recommended. 2. Read only queries can ignore this token since they are nullipotent by definition. 3. For the purposes of idempotency ensured by the request_id, a request is considered duplicate of another only if they have the same request_id and are actually duplicates. When determining whether a request is a duplicate of the previous request, all parameters in the request that may affect the behavior are considered. For example, query, connection_properties, query_parameters, use_legacy_sql are parameters that affect the result and are considered when determining whether a request is a duplicate, but properties like timeout_ms don't affect the result and are thus not considered. Dry run query requests are never considered duplicate of another request. 4. When a duplicate mutating query request is detected, it returns: a. the results of the mutation if it completes successfully within the timeout. b. the running operation if it is still in progress at the end of the timeout. 5. Its lifetime is limited to 15 minutes. In other words, if two requests are sent with the same request_id, but more than 15 minutes apart, idempotency is not guaranteed.",
"type": "string"
},
"timeoutMs": {
"description": "[Optional] How long to wait for the query to complete, in milliseconds, before the request times out and returns. Note that this is only a timeout for the request, not the query. If the query takes longer to run than the timeout value, the call returns without any results and with the 'jobComplete' flag set to false. You can call GetQueryResults() to wait for the query to complete and read the results. The default value is 10000 milliseconds (10 seconds).",
"format": "uint32",
@@ -4287,6 +4592,20 @@
"description": "Optional. [Experimental] The description of the routine if defined.",
"type": "string"
},
"determinismLevel": {
"description": "Optional. [Experimental] The determinism level of the JavaScript UDF if defined.",
"enum": [
"DETERMINISM_LEVEL_UNSPECIFIED",
"DETERMINISTIC",
"NOT_DETERMINISTIC"
],
"enumDescriptions": [
"The determinism of the UDF is unspecified.",
"The UDF is deterministic, meaning that 2 function calls with the same\ninputs always produce the same result, even across 2 query runs.",
"The UDF is not deterministic."
],
"type": "string"
},
"etag": {
"description": "Output only. A hash of this resource.",
"type": "string"
@@ -4461,6 +4780,22 @@
},
"type": "object"
},
"SetIamPolicyRequest": {
"description": "Request message for `SetIamPolicy` method.",
"id": "SetIamPolicyRequest",
"properties": {
"policy": {
"$ref": "Policy",
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}
},
"type": "object"
},
"StandardSqlDataType": {
"description": "The type of a variable, e.g., a function argument.\nExamples:\nINT64: {type_kind=\"INT64\"}\nARRAY<STRING>: {type_kind=\"ARRAY\", array_element_type=\"STRING\"}\nSTRUCT<x STRING, y ARRAY<DATE>>:\n {type_kind=\"STRUCT\",\n struct_type={fields=[\n {name=\"x\", type={type_kind=\"STRING\"}},\n {name=\"y\", type={type_kind=\"ARRAY\", array_element_type=\"DATE\"}}\n ]}}",
"id": "StandardSqlDataType",
@@ -4488,6 +4823,7 @@
"DATETIME",
"GEOGRAPHY",
"NUMERIC",
"BIGNUMERIC",
"ARRAY",
"STRUCT"
],
@@ -4504,6 +4840,7 @@
"Encoded as RFC 3339 full-date \"T\" partial-time: 1985-04-12T23:20:50.52",
"Encoded as WKT",
"Encoded as a decimal string.",
"Encoded as a decimal string.",
"Encoded as a list with types matching Type.array_type.",
"Encoded as a list with fields of type Type.struct_type[i]. List is used\nbecause a JSON object cannot have duplicate field names."
],
@@ -5008,6 +5345,34 @@
},
"type": "object"
},
"TestIamPermissionsRequest": {
"description": "Request message for `TestIamPermissions` method.",
"id": "TestIamPermissionsRequest",
"properties": {
"permissions": {
"description": "The set of permissions to check for the `resource`. Permissions with\nwildcards (such as '*' or 'storage.*') are not allowed. For more\ninformation see\n[IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"TestIamPermissionsResponse": {
"description": "Response message for `TestIamPermissions` method.",
"id": "TestIamPermissionsResponse",
"properties": {
"permissions": {
"description": "A subset of `TestPermissionsRequest.permissions` that the caller is\nallowed.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"TimePartitioning": {
"id": "TimePartitioning",
"properties": {
@@ -5247,6 +5612,10 @@
],
"type": "string"
},
"preserveInputStructs": {
"description": "Whether to preserve the input structs in output feature names.\nSuppose there is a struct A with field b.\nWhen false (default), the output feature name is A_b.\nWhen true, the output feature name is A.b.",
"type": "boolean"
},
"subsample": {
"description": "Subsample fraction of the training data to grow tree to prevent\noverfitting for boosted tree models.",
"format": "double",
@@ -5300,6 +5669,7 @@
"type": "object"
},
"UserDefinedFunctionResource": {
"description": "This is used for defining User Defined Function (UDF) resources only when using legacy SQL. Users of Standard SQL should leverage either DDL (e.g. CREATE [TEMPORARY] FUNCTION ... ) or the Routines API to define UDF resources. For additional information on migrating, see: https://cloud.google.com/bigquery/docs/reference/standard-sql/migrating-from-legacy-sql#differences_in_user-defined_javascript_functions",
"id": "UserDefinedFunctionResource",
"properties": {
"inlineCode": {

22
etc/api/bigqueryconnection/v1beta1/bigqueryconnection-api.json
View File

@@ -302,7 +302,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/connections/{connectionsId}:setIamPolicy",
"httpMethod": "POST",
"id": "bigqueryconnection.projects.locations.connections.setIamPolicy",
@@ -331,7 +331,7 @@
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a `NOT_FOUND` error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/connections/{connectionsId}:testIamPermissions",
"httpMethod": "POST",
"id": "bigqueryconnection.projects.locations.connections.testIamPermissions",
@@ -395,11 +395,11 @@
}
}
},
"revision": "20200331",
"revision": "20200626",
"rootUrl": "https://bigqueryconnection.googleapis.com/",
"schemas": {
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -417,7 +417,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -452,7 +452,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -599,7 +599,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -609,7 +609,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -635,7 +635,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -658,7 +658,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -674,7 +674,7 @@
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}

2
etc/api/bigquerydatatransfer/v1/bigquerydatatransfer-api.json
View File

@@ -1265,7 +1265,7 @@
}
}
},
"revision": "20200326",
"revision": "20200502",
"rootUrl": "https://bigquerydatatransfer.googleapis.com/",
"schemas": {
"CheckValidCredsRequest": {

171
etc/api/bigqueryreservation/v1/bigqueryreservation-api.json
View File

@@ -210,17 +210,17 @@
"https://www.googleapis.com/auth/cloud-platform"
]
},
"searchAssignments": {
"description": "Looks up assignments for a specified resource for a particular region.\nIf the request is about a project:\n 1) Assignments created on the project will be returned if they exist.\n 2) Otherwise assignments created on the closest ancestor will be\n returned. 3) Assignments for different JobTypes will all be returned.\nSame logic applies if the request is about a folder.\nIf the request is about an organization, then assignments created on the\norganization will be returned (organization doesn't have ancestors).\nComparing to ListAssignments, there are some behavior\ndifferences:\n 1) permission on the assignee will be verified in this API.\n 2) Hierarchy lookup (project->folder->organization) happens in this API.\n 3) Parent here is projects/*/locations/*, instead of\n projects/*/locations/*reservations/*.\nNote \"-\" cannot be used for projects\nnor locations.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}:searchAssignments",
"searchAllAssignments": {
"description": "Looks up assignments for a specified resource for a particular region.\nIf the request is about a project:\n\n1. Assignments created on the project will be returned if they exist.\n2. Otherwise assignments created on the closest ancestor will be\n returned.\n3. Assignments for different JobTypes will all be returned.\n\nThe same logic applies if the request is about a folder.\n\nIf the request is about an organization, then assignments created on the\norganization will be returned (organization doesn't have ancestors).\n\nComparing to ListAssignments, there are some behavior\ndifferences:\n\n1. permission on the assignee will be verified in this API.\n2. Hierarchy lookup (project->folder->organization) happens in this API.\n3. Parent here is `projects/*/locations/*`, instead of\n `projects/*/locations/*reservations/*`.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}:searchAllAssignments",
"httpMethod": "GET",
"id": "bigqueryreservation.projects.locations.searchAssignments",
"id": "bigqueryreservation.projects.locations.searchAllAssignments",
"parameterOrder": [
"parent"
],
"parameters": {
"pageSize": {
"description": "The maximum number of items to return.",
"description": "The maximum number of items to return per page.",
"format": "int32",
"location": "query",
"type": "integer"
@@ -231,14 +231,56 @@
"type": "string"
},
"parent": {
"description": "Required. The resource name of the admin project(containing project and location),\ne.g.:\n \"projects/myproject/locations/US\".",
"description": "Required. The resource name with location (project name could be the wildcard '-'),\ne.g.:\n `projects/-/locations/US`.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
"type": "string"
},
"query": {
"description": "Please specify resource name as assignee in the query.\ne.g., \"assignee=projects/myproject\"\n \"assignee=folders/123\"\n \"assignee=organizations/456\"",
"description": "Please specify resource name as assignee in the query.\n\nExamples:\n\n* `assignee=projects/myproject`\n* `assignee=folders/123`\n* `assignee=organizations/456`",
"location": "query",
"type": "string"
}
},
"path": "v1/{+parent}:searchAllAssignments",
"response": {
"$ref": "SearchAllAssignmentsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/bigquery",
"https://www.googleapis.com/auth/cloud-platform"
]
},
"searchAssignments": {
"description": "Looks up assignments for a specified resource for a particular region.\nIf the request is about a project:\n\n1. Assignments created on the project will be returned if they exist.\n2. Otherwise assignments created on the closest ancestor will be\n returned.\n3. Assignments for different JobTypes will all be returned.\n\nThe same logic applies if the request is about a folder.\n\nIf the request is about an organization, then assignments created on the\norganization will be returned (organization doesn't have ancestors).\n\nComparing to ListAssignments, there are some behavior\ndifferences:\n\n1. permission on the assignee will be verified in this API.\n2. Hierarchy lookup (project->folder->organization) happens in this API.\n3. Parent here is `projects/*/locations/*`, instead of\n `projects/*/locations/*reservations/*`.\n\n**Note** \"-\" cannot be used for projects\nnor locations.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}:searchAssignments",
"httpMethod": "GET",
"id": "bigqueryreservation.projects.locations.searchAssignments",
"parameterOrder": [
"parent"
],
"parameters": {
"pageSize": {
"description": "The maximum number of items to return per page.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "The next_page_token value returned from a previous List request, if any.",
"location": "query",
"type": "string"
},
"parent": {
"description": "Required. The resource name of the admin project(containing project and location),\ne.g.:\n `projects/myproject/locations/US`.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
"type": "string"
},
"query": {
"description": "Please specify resource name as assignee in the query.\n\nExamples:\n\n* `assignee=projects/myproject`\n* `assignee=folders/123`\n* `assignee=organizations/456`",
"location": "query",
"type": "string"
}
@@ -253,7 +295,7 @@
]
},
"updateBiReservation": {
"description": "Updates a BI reservation.\nOnly fields specified in the field_mask are updated.\nSingleton BI reservation always exists with default size 0.\nIn order to reserve BI capacity it needs to be updated to an amount\ngreater than 0. In order to release BI capacity reservation size\nmust be set to 0.",
"description": "Updates a BI reservation.\n\nOnly fields specified in the `field_mask` are updated.\n\nA singleton BI reservation always exists with default size 0.\nIn order to reserve BI capacity it needs to be updated to an amount\ngreater than 0. In order to release BI capacity reservation size\nmust be set to 0.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/biReservation",
"httpMethod": "PATCH",
"id": "bigqueryreservation.projects.locations.updateBiReservation",
@@ -306,7 +348,7 @@
"type": "boolean"
},
"parent": {
"description": "Required. Resource name of the parent reservation. E.g.,\n projects/myproject/locations/US",
"description": "Required. Resource name of the parent reservation. E.g.,\n `projects/myproject/locations/US`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
@@ -335,7 +377,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name of the capacity commitment to delete. E.g.,\n projects/myproject/locations/US/capacityCommitments/123",
"description": "Required. Resource name of the capacity commitment to delete. E.g.,\n `projects/myproject/locations/US/capacityCommitments/123`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/capacityCommitments/[^/]+$",
"required": true,
@@ -361,7 +403,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name of the capacity commitment to retrieve. E.g.,\n projects/myproject/locations/US/capacityCommitments/123",
"description": "Required. Resource name of the capacity commitment to retrieve. E.g.,\n `projects/myproject/locations/US/capacityCommitments/123`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/capacityCommitments/[^/]+$",
"required": true,
@@ -398,7 +440,7 @@
"type": "string"
},
"parent": {
"description": "Required. Resource name of the parent reservation. E.g.,\n projects/myproject/locations/US",
"description": "Required. Resource name of the parent reservation. E.g.,\n `projects/myproject/locations/US`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
@@ -415,7 +457,7 @@
]
},
"merge": {
"description": "Merges capacity commitments of the same plan into one. Resulting capacity\ncommitment has the longer commitment_end_time out of the two. Attempting to\nmerge capacity commitments of different plan will fail with the error code\n`google.rpc.Code.FAILED_PRECONDITION`.",
"description": "Merges capacity commitments of the same plan into a single commitment.\n\nThe resulting capacity commitment has the greater commitment_end_time\nout of the to-be-merged capacity commitments.\n\nAttempting to merge capacity commitments of different plan will fail\nwith the error code `google.rpc.Code.FAILED_PRECONDITION`.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/capacityCommitments:merge",
"httpMethod": "POST",
"id": "bigqueryreservation.projects.locations.capacityCommitments.merge",
@@ -424,7 +466,7 @@
],
"parameters": {
"parent": {
"description": "Parent resource that identifies admin project and location e.g.,\nprojects/myproject/locations/us",
"description": "Parent resource that identifies admin project and location e.g.,\n `projects/myproject/locations/us`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
@@ -444,7 +486,7 @@
]
},
"patch": {
"description": "Updates an existing capacity commitment.\n\nOnly plan and renewal_plan fields can be updated.\nPlan can only be changed to a plan of a longer commitment period.\nAttempting to change to a plan with shorter commitment period will fail\nwith the error code `google.rpc.Code.FAILED_PRECONDITION`.",
"description": "Updates an existing capacity commitment.\n\nOnly `plan` and `renewal_plan` fields can be updated.\n\nPlan can only be changed to a plan of a longer commitment period.\nAttempting to change to a plan with shorter commitment period will fail\nwith the error code `google.rpc.Code.FAILED_PRECONDITION`.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/capacityCommitments/{capacityCommitmentsId}",
"httpMethod": "PATCH",
"id": "bigqueryreservation.projects.locations.capacityCommitments.patch",
@@ -453,7 +495,7 @@
],
"parameters": {
"name": {
"description": "Output only. The resource name of the capacity commitment, e.g.,\n projects/myproject/locations/US/capacityCommitments/123",
"description": "Output only. The resource name of the capacity commitment, e.g.,\n`projects/myproject/locations/US/capacityCommitments/123`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/capacityCommitments/[^/]+$",
"required": true,
@@ -479,7 +521,7 @@
]
},
"split": {
"description": "Splits capacity commitment to two commitments of the same plan and\ncommitment_end_time. A common use case to do that is to perform a downgrade\ne.g., in order to downgrade from 10000 slots to 8000, one might split 10000\ncapacity commitment to 2000 and 8000, change the plan of the first one to\nflex and then delete it.",
"description": "Splits capacity commitment to two commitments of the same plan and\n`commitment_end_time`.\n\nA common use case is to enable downgrading commitments.\n\nFor example, in order to downgrade from 10000 slots to 8000, you might\nsplit a 10000 capacity commitment into commitments of 2000 and 8000. Then,\nyou would change the plan of the first one to `FLEX` and then delete it.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/capacityCommitments/{capacityCommitmentsId}:split",
"httpMethod": "POST",
"id": "bigqueryreservation.projects.locations.capacityCommitments.split",
@@ -488,7 +530,7 @@
],
"parameters": {
"name": {
"description": "Required. The resource name e.g.,:\n projects/myproject/locations/US/capacityCommitments/123",
"description": "Required. The resource name e.g.,:\n `projects/myproject/locations/US/capacityCommitments/123`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/capacityCommitments/[^/]+$",
"required": true,
@@ -521,7 +563,7 @@
],
"parameters": {
"parent": {
"description": "Required. Project, location. E.g.,\n projects/myproject/locations/US",
"description": "Required. Project, location. E.g.,\n`projects/myproject/locations/US`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
@@ -555,7 +597,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name of the reservation to retrieve. E.g.,\n projects/myproject/locations/US/reservations/team1-prod",
"description": "Required. Resource name of the reservation to retrieve. E.g.,\n `projects/myproject/locations/US/reservations/team1-prod`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+$",
"required": true,
@@ -581,7 +623,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name of the reservation to retrieve. E.g.,\n projects/myproject/locations/US/reservations/team1-prod",
"description": "Required. Resource name of the reservation to retrieve. E.g.,\n `projects/myproject/locations/US/reservations/team1-prod`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+$",
"required": true,
@@ -607,7 +649,7 @@
],
"parameters": {
"pageSize": {
"description": "The maximum number of items to return.",
"description": "The maximum number of items to return per page.",
"format": "int32",
"location": "query",
"type": "integer"
@@ -618,7 +660,7 @@
"type": "string"
},
"parent": {
"description": "Required. The parent resource name containing project and location, e.g.:\n \"projects/myproject/locations/US\"",
"description": "Required. The parent resource name containing project and location, e.g.:\n `projects/myproject/locations/US`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
@@ -644,7 +686,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the reservation, e.g.,\n\"projects/*/locations/*/reservations/team1-prod\".",
"description": "The resource name of the reservation, e.g.,\n`projects/*/locations/*/reservations/team1-prod`.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+$",
"required": true,
@@ -674,7 +716,7 @@
"assignments": {
"methods": {
"create": {
"description": "Creates an object which allows the given project to submit jobs\nof a certain type using slots from the specified reservation. Currently a\nresource (project, folder, organization) can only have one assignment per\n{job_type, location}, and that reservation will be used for all jobs of the\nmatching type. Within the organization, different assignments can be\ncreated on projects, folders or organization level. During query execution,\nthe assignment is looked up at the project, folder and organization levels\nin that order. The first assignment found is applied to the query. When\ncreating assignments, it does not matter if other assignments exist at\nhigher levels. E.g: organizationA contains project1, project2. Assignments\nfor organizationA, project1 and project2 could all be created, mapping to\nthe same or different reservations.\nReturns `google.rpc.Code.PERMISSION_DENIED` if user does not have\n'bigquery.admin' permissions on the project using the reservation\nand the project that owns this reservation.\nReturns `google.rpc.Code.INVALID_ARGUMENT` when location of the assignment\ndoes not match location of the reservation.",
"description": "Creates an assignment object which allows the given project to submit jobs\nof a certain type using slots from the specified reservation.\n\nCurrently a\nresource (project, folder, organization) can only have one assignment per\neach (job_type, location) combination, and that reservation will be used\nfor all jobs of the matching type.\n\nDifferent assignments can be created on different levels of the\nprojects, folders or organization hierarchy. During query execution,\nthe assignment is looked up at the project, folder and organization levels\nin that order. The first assignment found is applied to the query.\n\nWhen creating assignments, it does not matter if other assignments exist at\nhigher levels.\n\nExample:\n\n* The organization `organizationA` contains two projects, `project1`\n and `project2`.\n* Assignments for all three entities (`organizationA`, `project1`, and\n `project2`) could all be created and mapped to the same or different\n reservations.\n\nReturns `google.rpc.Code.PERMISSION_DENIED` if user does not have\n'bigquery.admin' permissions on the project using the reservation\nand the project that owns this reservation.\n\nReturns `google.rpc.Code.INVALID_ARGUMENT` when location of the assignment\ndoes not match location of the reservation.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/reservations/{reservationsId}/assignments",
"httpMethod": "POST",
"id": "bigqueryreservation.projects.locations.reservations.assignments.create",
@@ -683,7 +725,7 @@
],
"parameters": {
"parent": {
"description": "Required. The parent resource name of the assignment\nE.g.: projects/myproject/locations/US/reservations/team1-prod",
"description": "Required. The parent resource name of the assignment\nE.g. `projects/myproject/locations/US/reservations/team1-prod`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+$",
"required": true,
@@ -703,7 +745,7 @@
]
},
"delete": {
"description": "Deletes a assignment. No expansion will happen.\nE.g:\norganizationA contains project1 and project2. Reservation res1 exists.\nCreateAssignment was invoked previously and following assignments were\ncreated explicitly:\n <organizationA, res1>\n <project1, res1>\nThen deletion of <organizationA, res1> won't affect <project1, res1>. After\ndeletion of <organizationA, res1>, queries from project1 will still use\nres1, while queries from project2 will use on-demand mode.",
"description": "Deletes a assignment. No expansion will happen.\n\nExample:\n\n* Organization `organizationA` contains two projects, `project1` and\n `project2`.\n* Reservation `res1` exists and was created previously.\n* CreateAssignment was used previously to define the following\n associations between entities and reservations: `<organizationA, res1>`\n and `<project1, res1>`\n\nIn this example, deletion of the `<organizationA, res1>` assignment won't\naffect the other assignment `<project1, res1>`. After said deletion,\nqueries from `project1` will still use `res1` while queries from\n`project2` will switch to use on-demand mode.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/reservations/{reservationsId}/assignments/{assignmentsId}",
"httpMethod": "DELETE",
"id": "bigqueryreservation.projects.locations.reservations.assignments.delete",
@@ -712,7 +754,7 @@
],
"parameters": {
"name": {
"description": "Required. Name of the resource, e.g.:\n projects/myproject/locations/US/reservations/team1-prod/assignments/123",
"description": "Required. Name of the resource, e.g.\n `projects/myproject/locations/US/reservations/team1-prod/assignments/123`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+/assignments/[^/]+$",
"required": true,
@@ -729,7 +771,7 @@
]
},
"list": {
"description": "Lists assignments.\nOnly explicitly created assignments will be returned. E.g:\norganizationA contains project1 and project2. Reservation res1 exists.\nCreateAssignment was invoked previously and following assignments were\ncreated explicitly:\n <organizationA, res1>\n <project1, res1>\nThen this API will just return the above two assignments for reservation\nres1, and no expansion/merge will happen. Wildcard \"-\" can be used for\nreservations in the request. In that case all assignments belongs to the\nspecified project and location will be listed. Note\n\"-\" cannot be used for projects nor locations.",
"description": "Lists assignments.\n\nOnly explicitly created assignments will be returned.\n\nExample:\n\n* Organization `organizationA` contains two projects, `project1` and\n `project2`.\n* Reservation `res1` exists and was created previously.\n* CreateAssignment was used previously to define the following\n associations between entities and reservations: `<organizationA, res1>`\n and `<project1, res1>`\n\nIn this example, ListAssignments will just return the above two assignments\nfor reservation `res1`, and no expansion/merge will happen.\n\nThe wildcard \"-\" can be used for\nreservations in the request. In that case all assignments belongs to the\nspecified project and location will be listed.\n\n**Note** \"-\" cannot be used for projects nor locations.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/reservations/{reservationsId}/assignments",
"httpMethod": "GET",
"id": "bigqueryreservation.projects.locations.reservations.assignments.list",
@@ -738,7 +780,7 @@
],
"parameters": {
"pageSize": {
"description": "The maximum number of items to return.",
"description": "The maximum number of items to return per page.",
"format": "int32",
"location": "query",
"type": "integer"
@@ -749,7 +791,7 @@
"type": "string"
},
"parent": {
"description": "Required. The parent resource name e.g.:\nprojects/myproject/locations/US/reservations/team1-prod\nOr:\nprojects/myproject/locations/US/reservations/-",
"description": "Required. The parent resource name e.g.:\n\n`projects/myproject/locations/US/reservations/team1-prod`\n\nOr:\n\n`projects/myproject/locations/US/reservations/-`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+$",
"required": true,
@@ -766,7 +808,7 @@
]
},
"move": {
"description": "Moves a assignment under a new reservation. Customers can do this by\ndeleting the existing assignment followed by creating another assignment\nunder the new reservation, but this method provides a transactional way to\ndo so, to make sure the assignee always has an associated reservation.\nWithout the method customers might see some queries run on-demand which\nmight be unexpected.",
"description": "Moves an assignment under a new reservation.\n\nThis differs from removing an existing assignment and recreating a new one\nby providing a transactional change that ensures an assignee always has an\nassociated reservation.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/reservations/{reservationsId}/assignments/{assignmentsId}:move",
"httpMethod": "POST",
"id": "bigqueryreservation.projects.locations.reservations.assignments.move",
@@ -775,7 +817,7 @@
],
"parameters": {
"name": {
"description": "Required. The resource name of the assignment,\ne.g.:\n projects/myproject/locations/US/reservations/team1-prod/assignments/123",
"description": "Required. The resource name of the assignment,\ne.g.\n`projects/myproject/locations/US/reservations/team1-prod/assignments/123`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+/assignments/[^/]+$",
"required": true,
@@ -803,7 +845,7 @@
}
}
},
"revision": "20200403",
"revision": "20200702",
"rootUrl": "https://bigqueryreservation.googleapis.com/",
"schemas": {
"Assignment": {
@@ -811,7 +853,7 @@
"id": "Assignment",
"properties": {
"assignee": {
"description": "The resource which will use the reservation. E.g.\nprojects/myproject, folders/123, organizations/456.",
"description": "The resource which will use the reservation. E.g.\n`projects/myproject`, `folders/123`, or `organizations/456`.",
"type": "string"
},
"jobType": {
@@ -819,17 +861,19 @@
"enum": [
"JOB_TYPE_UNSPECIFIED",
"PIPELINE",
"QUERY"
"QUERY",
"ML_EXTERNAL"
],
"enumDescriptions": [
"Invalid type. Requests with this value will be rejected with\nerror code `google.rpc.Code.INVALID_ARGUMENT`.",
"Pipeline (load/export) jobs from the project will use the reservation.",
"Query jobs from the project will use the reservation."
"Query jobs from the project will use the reservation.",
"BigQuery ML jobs that use services external to BigQuery for model\ntraining. These jobs will not utilize idle slots from other reservations."
],
"type": "string"
},
"name": {
"description": "Output only. Name of the resource. E.g.:\nprojects/myproject/locations/US/reservations/team1-prod/assignments/123.",
"description": "Output only. Name of the resource. E.g.:\n`projects/myproject/locations/US/reservations/team1-prod/assignments/123`.",
"type": "string"
},
"state": {
@@ -871,7 +915,7 @@
"type": "object"
},
"CapacityCommitment": {
"description": "Capacity commitment is a way to purchase compute capacity for BigQuery jobs\n(in the form of slots) with some committed period of usage. Monthly and\nannual commitments renew by default. Only flex commitments can be removed. In\norder to remove monthly or annual commitments, their plan needs to be changed\nto flex first.\n\nA capacity commitment resource exists as a child resource of the admin\nproject.",
"description": "Capacity commitment is a way to purchase compute capacity for BigQuery jobs\n(in the form of slots) with some committed period of usage. Annual\ncommitments renew by default. Commitments can be removed after their\ncommitment end time passes.\n\nIn order to remove annual commitment, its plan needs to be changed\nto monthly or flex first.\n\nA capacity commitment resource exists as a child resource of the admin\nproject.",
"id": "CapacityCommitment",
"properties": {
"commitmentEndTime": {
@@ -879,12 +923,17 @@
"format": "google-datetime",
"type": "string"
},
"commitmentStartTime": {
"description": "Output only. The start of the current commitment period. It is applicable only for\nACTIVE capacity commitments.",
"format": "google-datetime",
"type": "string"
},
"failureStatus": {
"$ref": "Status",
"description": "Output only. For FAILED commitment plan, provides the reason of failure."
},
"name": {
"description": "Output only. The resource name of the capacity commitment, e.g.,\n projects/myproject/locations/US/capacityCommitments/123",
"description": "Output only. The resource name of the capacity commitment, e.g.,\n`projects/myproject/locations/US/capacityCommitments/123`",
"type": "string"
},
"plan": {
@@ -892,30 +941,34 @@
"enum": [
"COMMITMENT_PLAN_UNSPECIFIED",
"FLEX",
"TRIAL",
"MONTHLY",
"ANNUAL"
],
"enumDescriptions": [
"Invalid plan value. Requests with this value will be rejected with\nerror code `google.rpc.Code.INVALID_ARGUMENT`.",
"Flex commitments have committed period of 1 minute after becoming ACTIVE.\nAfter that, they are not in a committed period anymore and can be removed\nany time.",
"Monthly commitments have a committed period of 30 days after becoming\nACTIVE.",
"Annual commitments have a committed period of 365 days after becoming\nACTIVE."
"Trial commitments have a committed period of 182 days after becoming\nACTIVE. After that, they are converted to a new commitment based on the\n`renewal_plan`. Default `renewal_plan` for Trial commitment is Flex so\nthat it can be deleted right after committed period ends.",
"Monthly commitments have a committed period of 30 days after becoming\nACTIVE. After that, they are not in a committed period anymore and can be\nremoved any time.",
"Annual commitments have a committed period of 365 days after becoming\nACTIVE. After that they are converted to a new commitment based on the\nrenewal_plan."
],
"type": "string"
},
"renewalPlan": {
"description": "The plan this capacity commitment is converted to after commitment_end_time\npasses. Once the plan is changed, committed period is extended according to\ncommitment plan. Only applicable for ANNUAL commitments.",
"description": "The plan this capacity commitment is converted to after commitment_end_time\npasses. Once the plan is changed, committed period is extended according to\ncommitment plan. Only applicable for ANNUAL and TRIAL commitments.",
"enum": [
"COMMITMENT_PLAN_UNSPECIFIED",
"FLEX",
"TRIAL",
"MONTHLY",
"ANNUAL"
],
"enumDescriptions": [
"Invalid plan value. Requests with this value will be rejected with\nerror code `google.rpc.Code.INVALID_ARGUMENT`.",
"Flex commitments have committed period of 1 minute after becoming ACTIVE.\nAfter that, they are not in a committed period anymore and can be removed\nany time.",
"Monthly commitments have a committed period of 30 days after becoming\nACTIVE.",
"Annual commitments have a committed period of 365 days after becoming\nACTIVE."
"Trial commitments have a committed period of 182 days after becoming\nACTIVE. After that, they are converted to a new commitment based on the\n`renewal_plan`. Default `renewal_plan` for Trial commitment is Flex so\nthat it can be deleted right after committed period ends.",
"Monthly commitments have a committed period of 30 days after becoming\nACTIVE. After that, they are not in a committed period anymore and can be\nremoved any time.",
"Annual commitments have a committed period of 365 days after becoming\nACTIVE. After that they are converted to a new commitment based on the\nrenewal_plan."
],
"type": "string"
},
@@ -1037,7 +1090,7 @@
"id": "MergeCapacityCommitmentsRequest",
"properties": {
"capacityCommitmentIds": {
"description": "Ids of capacity commitments to merge.\nThese capacity commitments must exist under admin project and location\nspecified in the parent.",
"description": "Ids of capacity commitments to merge.\nThese capacity commitments must exist under admin project and location\nspecified in the parent.\nID is the last portion of capacity commitment name e.g., 'abc' for\nprojects/myproject/locations/US/capacityCommitments/abc",
"items": {
"type": "string"
},
@@ -1047,11 +1100,11 @@
"type": "object"
},
"MoveAssignmentRequest": {
"description": "The request for\nReservationService.MoveAssignment.\nNote: \"bigquery.reservationAssignments.create\" permission is required on the\ndestination_id. Note: \"bigquery.reservationAssignments.create\" and\n\"bigquery.reservationAssignments.delete\" permission is required on the\nrelated assignee.",
"description": "The request for\nReservationService.MoveAssignment.\n\n**Note**: \"bigquery.reservationAssignments.create\" permission is required on\nthe destination_id.\n\n**Note**: \"bigquery.reservationAssignments.create\" and\n\"bigquery.reservationAssignments.delete\" permission are required on the\nrelated assignee.",
"id": "MoveAssignmentRequest",
"properties": {
"destinationId": {
"description": "The new reservation ID, e.g.:\n projects/myotherproject/locations/US/reservations/team2-prod",
"description": "The new reservation ID, e.g.:\n `projects/myotherproject/locations/US/reservations/team2-prod`",
"type": "string"
}
},
@@ -1101,17 +1154,35 @@
"type": "boolean"
},
"name": {
"description": "The resource name of the reservation, e.g.,\n\"projects/*/locations/*/reservations/team1-prod\".",
"description": "The resource name of the reservation, e.g.,\n`projects/*/locations/*/reservations/team1-prod`.",
"type": "string"
},
"slotCapacity": {
"description": "Minimum slots available to this reservation. A slot is a unit of\ncomputational power in BigQuery, and serves as the unit of parallelism.\nQueries using this reservation might use more slots during runtime if\nignore_idle_slots is set to false.\nIf the new reservation's slot capacity exceed the parent's slot capacity or\nif total slot capacity of the new reservation and its siblings exceeds the\nparent's slot capacity, the request will fail with\n`google.rpc.Code.RESOURCE_EXHAUSTED`.",
"description": "Minimum slots available to this reservation. A slot is a unit of\ncomputational power in BigQuery, and serves as the unit of parallelism.\n\nQueries using this reservation might use more slots during runtime if\nignore_idle_slots is set to false.\n\nIf the new reservation's slot capacity exceed the parent's slot capacity or\nif total slot capacity of the new reservation and its siblings exceeds the\nparent's slot capacity, the request will fail with\n`google.rpc.Code.RESOURCE_EXHAUSTED`.",
"format": "int64",
"type": "string"
}
},
"type": "object"
},
"SearchAllAssignmentsResponse": {
"description": "The response for ReservationService.SearchAllAssignments.",
"id": "SearchAllAssignmentsResponse",
"properties": {
"assignments": {
"description": "List of assignments visible to the user.",
"items": {
"$ref": "Assignment"
},
"type": "array"
},
"nextPageToken": {
"description": "Token to retrieve the next page of results, or empty if there are no\nmore results in the list.",
"type": "string"
}
},
"type": "object"
},
"SearchAssignmentsResponse": {
"description": "The response for ReservationService.SearchAssignments.",
"id": "SearchAssignmentsResponse",

4
etc/api/bigqueryreservation/v1alpha2/bigqueryreservation-api.json
View File

@@ -614,7 +614,7 @@
}
}
},
"revision": "20200403",
"revision": "20200702",
"rootUrl": "https://bigqueryreservation.googleapis.com/",
"schemas": {
"CreateSlotPoolMetadata": {
@@ -830,12 +830,14 @@
"enum": [
"COMMITMENT_PLAN_UNSPECIFIED",
"FLEX",
"TRIAL",
"MONTHLY",
"ANNUAL"
],
"enumDescriptions": [
"Invalid plan value. Requests with this value will be rejected with\nerror code `google.rpc.Code.INVALID_ARGUMENT`.",
"Slot pool can be removed at any point, even after becoming ACTIVE.",
"Trial commitments have a committed period of 182 days after becoming\nACTIVE. After that, they are converted to a new commitment based on the\nrenewal_plan. Default renewal_plan for Trial commitment is Flex so that\nit can be deleted right after committed period ends.",
"Slot pool cannot be removed for 30 days after becoming ACTIVE.",
"Slot pool cannot be removed for 365 days after becoming ACTIVE.\nNote: annual commitments are automatically downgraded to monthly after\n365 days."
],

118
etc/api/bigqueryreservation/v1beta1/bigqueryreservation-api.json
View File

@@ -139,7 +139,7 @@
]
},
"searchAssignments": {
"description": "Looks up assignments for a specified resource for a particular region.\nIf the request is about a project:\n 1) Assignments created on the project will be returned if they exist.\n 2) Otherwise assignments created on the closest ancestor will be\n returned. 3) Assignments for different JobTypes will all be returned.\nSame logic applies if the request is about a folder.\nIf the request is about an organization, then assignments created on the\norganization will be returned (organization doesn't have ancestors).\nComparing to ListAssignments, there are some behavior\ndifferences:\n 1) permission on the assignee will be verified in this API.\n 2) Hierarchy lookup (project->folder->organization) happens in this API.\n 3) Parent here is projects/*/locations/*, instead of\n projects/*/locations/*reservations/*.\nNote \"-\" cannot be used for projects\nnor locations.",
"description": "Looks up assignments for a specified resource for a particular region.\nIf the request is about a project:\n\n1. Assignments created on the project will be returned if they exist.\n2. Otherwise assignments created on the closest ancestor will be\n returned.\n3. Assignments for different JobTypes will all be returned.\n\nThe same logic applies if the request is about a folder.\n\nIf the request is about an organization, then assignments created on the\norganization will be returned (organization doesn't have ancestors).\n\nComparing to ListAssignments, there are some behavior\ndifferences:\n\n1. permission on the assignee will be verified in this API.\n2. Hierarchy lookup (project->folder->organization) happens in this API.\n3. Parent here is `projects/*/locations/*`, instead of\n `projects/*/locations/*reservations/*`.\n\n**Note** \"-\" cannot be used for projects\nnor locations.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}:searchAssignments",
"httpMethod": "GET",
"id": "bigqueryreservation.projects.locations.searchAssignments",
@@ -159,14 +159,14 @@
"type": "string"
},
"parent": {
"description": "Required. The resource name of the admin project(containing project and location),\ne.g.:\n \"projects/myproject/locations/US\".",
"description": "Required. The resource name of the admin project(containing project and location),\ne.g.:\n `projects/myproject/locations/US`.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
"type": "string"
},
"query": {
"description": "Please specify resource name as assignee in the query.\ne.g., \"assignee=projects/myproject\"\n \"assignee=folders/123\"\n \"assignee=organizations/456\"",
"description": "Please specify resource name as assignee in the query.\n\nExamples:\n\n* `assignee=projects/myproject`\n* `assignee=folders/123`\n* `assignee=organizations/456`",
"location": "query",
"type": "string"
}
@@ -181,7 +181,7 @@
]
},
"updateBiReservation": {
"description": "Updates a BI reservation.\nOnly fields specified in the field_mask are updated.\nSingleton BI reservation always exists with default size 0.\nIn order to reserve BI capacity it needs to be updated to an amount\ngreater than 0. In order to release BI capacity reservation size\nmust be set to 0.",
"description": "Updates a BI reservation.\n\nOnly fields specified in the `field_mask` are updated.\n\nA singleton BI reservation always exists with default size 0.\nIn order to reserve BI capacity it needs to be updated to an amount\ngreater than 0. In order to release BI capacity reservation size\nmust be set to 0.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/biReservation",
"httpMethod": "PATCH",
"id": "bigqueryreservation.projects.locations.updateBiReservation",
@@ -234,7 +234,7 @@
"type": "boolean"
},
"parent": {
"description": "Required. Resource name of the parent reservation. E.g.,\n projects/myproject/locations/US",
"description": "Required. Resource name of the parent reservation. E.g.,\n `projects/myproject/locations/US`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
@@ -263,7 +263,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name of the capacity commitment to delete. E.g.,\n projects/myproject/locations/US/capacityCommitments/123",
"description": "Required. Resource name of the capacity commitment to delete. E.g.,\n `projects/myproject/locations/US/capacityCommitments/123`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/capacityCommitments/[^/]+$",
"required": true,
@@ -289,7 +289,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name of the capacity commitment to retrieve. E.g.,\n projects/myproject/locations/US/capacityCommitments/123",
"description": "Required. Resource name of the capacity commitment to retrieve. E.g.,\n `projects/myproject/locations/US/capacityCommitments/123`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/capacityCommitments/[^/]+$",
"required": true,
@@ -326,7 +326,7 @@
"type": "string"
},
"parent": {
"description": "Required. Resource name of the parent reservation. E.g.,\n projects/myproject/locations/US",
"description": "Required. Resource name of the parent reservation. E.g.,\n `projects/myproject/locations/US`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
@@ -343,7 +343,7 @@
]
},
"merge": {
"description": "Merges capacity commitments of the same plan into one. Resulting capacity\ncommitment has the longer commitment_end_time out of the two. Attempting to\nmerge capacity commitments of different plan will fail with the error code\n`google.rpc.Code.FAILED_PRECONDITION`.",
"description": "Merges capacity commitments of the same plan into a single commitment.\n\nThe resulting capacity commitment has the greater commitment_end_time\nout of the to-be-merged capacity commitments.\n\nAttempting to merge capacity commitments of different plan will fail\nwith the error code `google.rpc.Code.FAILED_PRECONDITION`.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/capacityCommitments:merge",
"httpMethod": "POST",
"id": "bigqueryreservation.projects.locations.capacityCommitments.merge",
@@ -352,7 +352,7 @@
],
"parameters": {
"parent": {
"description": "Parent resource that identifies admin project and location e.g.,\nprojects/myproject/locations/us",
"description": "Parent resource that identifies admin project and location e.g.,\n `projects/myproject/locations/us`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
@@ -372,7 +372,7 @@
]
},
"patch": {
"description": "Updates an existing capacity commitment.\n\nOnly plan and renewal_plan fields can be updated.\nPlan can only be changed to a plan of a longer commitment period.\nAttempting to change to a plan with shorter commitment period will fail\nwith the error code `google.rpc.Code.FAILED_PRECONDITION`.",
"description": "Updates an existing capacity commitment.\n\nOnly `plan` and `renewal_plan` fields can be updated.\n\nPlan can only be changed to a plan of a longer commitment period.\nAttempting to change to a plan with shorter commitment period will fail\nwith the error code `google.rpc.Code.FAILED_PRECONDITION`.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/capacityCommitments/{capacityCommitmentsId}",
"httpMethod": "PATCH",
"id": "bigqueryreservation.projects.locations.capacityCommitments.patch",
@@ -381,7 +381,7 @@
],
"parameters": {
"name": {
"description": "Output only. The resource name of the capacity commitment, e.g.,\n projects/myproject/locations/US/capacityCommitments/123",
"description": "Output only. The resource name of the capacity commitment, e.g.,\n`projects/myproject/locations/US/capacityCommitments/123`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/capacityCommitments/[^/]+$",
"required": true,
@@ -407,7 +407,7 @@
]
},
"split": {
"description": "Splits capacity commitment to two commitments of the same plan and\ncommitment_end_time. A common use case to do that is to perform a downgrade\ne.g., in order to downgrade from 10000 slots to 8000, one might split 10000\ncapacity commitment to 2000 and 8000, change the plan of the first one to\nflex and then delete it.",
"description": "Splits capacity commitment to two commitments of the same plan and\n`commitment_end_time`.\n\nA common use case is to enable downgrading commitments.\n\nFor example, in order to downgrade from 10000 slots to 8000, you might\nsplit a 10000 capacity commitment into commitments of 2000 and 8000. Then,\nyou would change the plan of the first one to `FLEX` and then delete it.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/capacityCommitments/{capacityCommitmentsId}:split",
"httpMethod": "POST",
"id": "bigqueryreservation.projects.locations.capacityCommitments.split",
@@ -416,7 +416,7 @@
],
"parameters": {
"name": {
"description": "Required. The resource name e.g.,:\n projects/myproject/locations/US/capacityCommitments/123",
"description": "Required. The resource name e.g.,:\n `projects/myproject/locations/US/capacityCommitments/123`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/capacityCommitments/[^/]+$",
"required": true,
@@ -449,7 +449,7 @@
],
"parameters": {
"parent": {
"description": "Required. Project, location. E.g.,\n projects/myproject/locations/US",
"description": "Required. Project, location. E.g.,\n`projects/myproject/locations/US`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
@@ -483,7 +483,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name of the reservation to retrieve. E.g.,\n projects/myproject/locations/US/reservations/team1-prod",
"description": "Required. Resource name of the reservation to retrieve. E.g.,\n `projects/myproject/locations/US/reservations/team1-prod`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+$",
"required": true,
@@ -509,7 +509,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name of the reservation to retrieve. E.g.,\n projects/myproject/locations/US/reservations/team1-prod",
"description": "Required. Resource name of the reservation to retrieve. E.g.,\n `projects/myproject/locations/US/reservations/team1-prod`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+$",
"required": true,
@@ -551,7 +551,7 @@
"type": "string"
},
"parent": {
"description": "Required. The parent resource name containing project and location, e.g.:\n \"projects/myproject/locations/US\"",
"description": "Required. The parent resource name containing project and location, e.g.:\n `projects/myproject/locations/US`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
@@ -577,7 +577,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the reservation, e.g.,\n\"projects/*/locations/*/reservations/team1-prod\".",
"description": "The resource name of the reservation, e.g.,\n`projects/*/locations/*/reservations/team1-prod`.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+$",
"required": true,
@@ -607,7 +607,7 @@
"assignments": {
"methods": {
"create": {
"description": "Returns `google.rpc.Code.PERMISSION_DENIED` if user does not have\n'bigquery.admin' permissions on the project using the reservation\nand the project that owns this reservation.\nReturns `google.rpc.Code.INVALID_ARGUMENT` when location of the assignment\ndoes not match location of the reservation.",
"description": "Creates an assignment object which allows the given project to submit jobs\nof a certain type using slots from the specified reservation.\n\nCurrently a\nresource (project, folder, organization) can only have one assignment per\neach (job_type, location) combination, and that reservation will be used\nfor all jobs of the matching type.\n\nDifferent assignments can be created on different levels of the\nprojects, folders or organization hierarchy. During query execution,\nthe assignment is looked up at the project, folder and organization levels\nin that order. The first assignment found is applied to the query.\n\nWhen creating assignments, it does not matter if other assignments exist at\nhigher levels.\n\nExample:\n\n* The organization `organizationA` contains two projects, `project1`\n and `project2`.\n* Assignments for all three entities (`organizationA`, `project1`, and\n `project2`) could all be created and mapped to the same or different\n reservations.\n\nReturns `google.rpc.Code.PERMISSION_DENIED` if user does not have\n'bigquery.admin' permissions on the project using the reservation\nand the project that owns this reservation.\n\nReturns `google.rpc.Code.INVALID_ARGUMENT` when location of the assignment\ndoes not match location of the reservation.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/reservations/{reservationsId}/assignments",
"httpMethod": "POST",
"id": "bigqueryreservation.projects.locations.reservations.assignments.create",
@@ -616,7 +616,7 @@
],
"parameters": {
"parent": {
"description": "Required. The parent resource name of the assignment\nE.g.: projects/myproject/locations/US/reservations/team1-prod",
"description": "Required. The parent resource name of the assignment\nE.g. `projects/myproject/locations/US/reservations/team1-prod`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+$",
"required": true,
@@ -636,7 +636,7 @@
]
},
"delete": {
"description": "Deletes a assignment. No expansion will happen.\nE.g:\norganizationA contains project1 and project2. Reservation res1 exists.\nCreateAssignment was invoked previously and following assignments were\ncreated explicitly:\n <organizationA, res1>\n <project1, res1>\nThen deletion of <organizationA, res1> won't affect <project1, res1>. After\ndeletion of <organizationA, res1>, queries from project1 will still use\nres1, while queries from project2 will use on-demand mode.",
"description": "Deletes a assignment. No expansion will happen.\n\nExample:\n\n* Organization `organizationA` contains two projects, `project1` and\n `project2`.\n* Reservation `res1` exists and was created previously.\n* CreateAssignment was used previously to define the following\n associations between entities and reservations: `<organizationA, res1>`\n and `<project1, res1>`\n\nIn this example, deletion of the `<organizationA, res1>` assignment won't\naffect the other assignment `<project1, res1>`. After said deletion,\nqueries from `project1` will still use `res1` while queries from\n`project2` will switch to use on-demand mode.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/reservations/{reservationsId}/assignments/{assignmentsId}",
"httpMethod": "DELETE",
"id": "bigqueryreservation.projects.locations.reservations.assignments.delete",
@@ -645,7 +645,7 @@
],
"parameters": {
"name": {
"description": "Required. Name of the resource, e.g.:\n projects/myproject/locations/US/reservations/team1-prod/assignments/123",
"description": "Required. Name of the resource, e.g.\n `projects/myproject/locations/US/reservations/team1-prod/assignments/123`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+/assignments/[^/]+$",
"required": true,
@@ -662,7 +662,7 @@
]
},
"list": {
"description": "Lists assignments.\nOnly explicitly created assignments will be returned. E.g:\norganizationA contains project1 and project2. Reservation res1 exists.\nCreateAssignment was invoked previously and following assignments were\ncreated explicitly:\n <organizationA, res1>\n <project1, res1>\nThen this API will just return the above two assignments for reservation\nres1, and no expansion/merge will happen. Wildcard \"-\" can be used for\nreservations in the request. In that case all assignments belongs to the\nspecified project and location will be listed. Note\n\"-\" cannot be used for projects nor locations.",
"description": "Lists assignments.\n\nOnly explicitly created assignments will be returned.\n\nExample:\n\n* Organization `organizationA` contains two projects, `project1` and\n `project2`.\n* Reservation `res1` exists and was created previously.\n* CreateAssignment was used previously to define the following\n associations between entities and reservations: `<organizationA, res1>`\n and `<project1, res1>`\n\nIn this example, ListAssignments will just return the above two assignments\nfor reservation `res1`, and no expansion/merge will happen.\n\nThe wildcard \"-\" can be used for\nreservations in the request. In that case all assignments belongs to the\nspecified project and location will be listed.\n\n**Note** \"-\" cannot be used for projects nor locations.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/reservations/{reservationsId}/assignments",
"httpMethod": "GET",
"id": "bigqueryreservation.projects.locations.reservations.assignments.list",
@@ -682,7 +682,7 @@
"type": "string"
},
"parent": {
"description": "Required. The parent resource name e.g.:\nprojects/myproject/locations/US/reservations/team1-prod\nOr:\nprojects/myproject/locations/US/reservations/-",
"description": "Required. The parent resource name e.g.:\n\n`projects/myproject/locations/US/reservations/team1-prod`\n\nOr:\n\n`projects/myproject/locations/US/reservations/-`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+$",
"required": true,
@@ -699,7 +699,7 @@
]
},
"move": {
"description": "Moves a assignment under a new reservation. Customers can do this by\ndeleting the existing assignment followed by creating another assignment\nunder the new reservation, but this method provides a transactional way to\ndo so, to make sure the assignee always has an associated reservation.\nWithout the method customers might see some queries run on-demand which\nmight be unexpected.",
"description": "Moves an assignment under a new reservation.\n\nThis differs from removing an existing assignment and recreating a new one\nby providing a transactional change that ensures an assignee always has an\nassociated reservation.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/reservations/{reservationsId}/assignments/{assignmentsId}:move",
"httpMethod": "POST",
"id": "bigqueryreservation.projects.locations.reservations.assignments.move",
@@ -708,7 +708,7 @@
],
"parameters": {
"name": {
"description": "Required. The resource name of the assignment,\ne.g.:\n projects/myproject/locations/US/reservations/team1-prod/assignments/123",
"description": "Required. The resource name of the assignment,\ne.g.\n`projects/myproject/locations/US/reservations/team1-prod/assignments/123`",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/reservations/[^/]+/assignments/[^/]+$",
"required": true,
@@ -736,7 +736,7 @@
}
}
},
"revision": "20200403",
"revision": "20200702",
"rootUrl": "https://bigqueryreservation.googleapis.com/",
"schemas": {
"Assignment": {
@@ -744,7 +744,7 @@
"id": "Assignment",
"properties": {
"assignee": {
"description": "The resource which will use the reservation. E.g.\nprojects/myproject, folders/123, organizations/456.",
"description": "The resource which will use the reservation. E.g.\n`projects/myproject`, `folders/123`, or `organizations/456`.",
"type": "string"
},
"jobType": {
@@ -752,17 +752,19 @@
"enum": [
"JOB_TYPE_UNSPECIFIED",
"PIPELINE",
"QUERY"
"QUERY",
"ML_EXTERNAL"
],
"enumDescriptions": [
"Invalid type. Requests with this value will be rejected with\nerror code `google.rpc.Code.INVALID_ARGUMENT`.",
"Pipeline (load/export) jobs from the project will use the reservation.",
"Query jobs from the project will use the reservation."
"Query jobs from the project will use the reservation.",
"BigQuery ML jobs that use services external to BigQuery for model\ntraining. These jobs will not utilize idle slots from other reservations."
],
"type": "string"
},
"name": {
"description": "Output only. Name of the resource. E.g.:\nprojects/myproject/locations/US/reservations/team1-prod/assignments/123.",
"description": "Output only. Name of the resource. E.g.:\n`projects/myproject/locations/US/reservations/team1-prod/assignments/123`.",
"type": "string"
},
"state": {
@@ -782,23 +784,6 @@
},
"type": "object"
},
"Autoscale": {
"description": "Auto scaling settings and current situation.\nSystem will create a dedicated FLEX capacity commitment to hold the slots\nfor auto-scale. Users won't be able to manage it,to avoid conflicts.\nScale-up will happen, if there are always pending tasks for the past 10\nminutes.\nScale-down will happen, if the system knows that scale-up won't be\ntriggered again.\nNote this is an alpha feature.",
"id": "Autoscale",
"properties": {
"currentSlots": {
"description": "Output only. The slot capacity added to this reservation when autoscale happens. Will\nbe between [0, max_slots].",
"format": "int64",
"type": "string"
},
"maxSlots": {
"description": "Number of slots to be scaled when needed.",
"format": "int64",
"type": "string"
}
},
"type": "object"
},
"BiReservation": {
"description": "Represents a BI Reservation.",
"id": "BiReservation",
@@ -821,7 +806,7 @@
"type": "object"
},
"CapacityCommitment": {
"description": "Capacity commitment is a way to purchase compute capacity for BigQuery jobs\n(in the form of slots) with some committed period of usage. Monthly and\nannual commitments renew by default. Only flex commitments can be removed. In\norder to remove monthly or annual commitments, their plan needs to be changed\nto flex first.\n\nA capacity commitment resource exists as a child resource of the admin\nproject.",
"description": "Capacity commitment is a way to purchase compute capacity for BigQuery jobs\n(in the form of slots) with some committed period of usage. Annual\ncommitments renew by default. Commitments can be removed after their\ncommitment end time passes.\n\nIn order to remove annual commitment, its plan needs to be changed\nto monthly or flex first.\n\nA capacity commitment resource exists as a child resource of the admin\nproject.",
"id": "CapacityCommitment",
"properties": {
"commitmentEndTime": {
@@ -829,12 +814,17 @@
"format": "google-datetime",
"type": "string"
},
"commitmentStartTime": {
"description": "Output only. The start of the current commitment period. It is applicable only for\nACTIVE capacity commitments.",
"format": "google-datetime",
"type": "string"
},
"failureStatus": {
"$ref": "Status",
"description": "Output only. For FAILED commitment plan, provides the reason of failure."
},
"name": {
"description": "Output only. The resource name of the capacity commitment, e.g.,\n projects/myproject/locations/US/capacityCommitments/123",
"description": "Output only. The resource name of the capacity commitment, e.g.,\n`projects/myproject/locations/US/capacityCommitments/123`",
"type": "string"
},
"plan": {
@@ -842,14 +832,16 @@
"enum": [
"COMMITMENT_PLAN_UNSPECIFIED",
"FLEX",
"TRIAL",
"MONTHLY",
"ANNUAL"
],
"enumDescriptions": [
"Invalid plan value. Requests with this value will be rejected with\nerror code `google.rpc.Code.INVALID_ARGUMENT`.",
"Flex commitments have committed period of 1 minute after becoming ACTIVE.\nAfter that, they are not in a committed period anymore and can be removed\nany time.",
"Monthly commitments have a committed period of 30 days after becoming\nACTIVE.",
"Annual commitments have a committed period of 365 days after becoming\nACTIVE."
"Trial commitments have a committed period of 182 days after becoming\nACTIVE. After that, they are converted to a new commitment based on the\n`renewal_plan`. Default `renewal_plan` for Trial commitment is Flex so\nthat it can be deleted right after committed period ends.",
"Monthly commitments have a committed period of 30 days after becoming\nACTIVE. After that, they are not in a committed period anymore and can be\nremoved any time.",
"Annual commitments have a committed period of 365 days after becoming\nACTIVE. After that they are converted to a new commitment based on the\nrenewal_plan."
],
"type": "string"
},
@@ -858,14 +850,16 @@
"enum": [
"COMMITMENT_PLAN_UNSPECIFIED",
"FLEX",
"TRIAL",
"MONTHLY",
"ANNUAL"
],
"enumDescriptions": [
"Invalid plan value. Requests with this value will be rejected with\nerror code `google.rpc.Code.INVALID_ARGUMENT`.",
"Flex commitments have committed period of 1 minute after becoming ACTIVE.\nAfter that, they are not in a committed period anymore and can be removed\nany time.",
"Monthly commitments have a committed period of 30 days after becoming\nACTIVE.",
"Annual commitments have a committed period of 365 days after becoming\nACTIVE."
"Trial commitments have a committed period of 182 days after becoming\nACTIVE. After that, they are converted to a new commitment based on the\n`renewal_plan`. Default `renewal_plan` for Trial commitment is Flex so\nthat it can be deleted right after committed period ends.",
"Monthly commitments have a committed period of 30 days after becoming\nACTIVE. After that, they are not in a committed period anymore and can be\nremoved any time.",
"Annual commitments have a committed period of 365 days after becoming\nACTIVE. After that they are converted to a new commitment based on the\nrenewal_plan."
],
"type": "string"
},
@@ -969,7 +963,7 @@
"id": "MergeCapacityCommitmentsRequest",
"properties": {
"capacityCommitmentIds": {
"description": "Ids of capacity commitments to merge.\nThese capacity commitments must exist under admin project and location\nspecified in the parent.",
"description": "Ids of capacity commitments to merge.\nThese capacity commitments must exist under admin project and location\nspecified in the parent.\nID is the last portion of capacity commitment name e.g., 'abc' for\nprojects/myproject/locations/US/capacityCommitments/abc",
"items": {
"type": "string"
},
@@ -979,11 +973,11 @@
"type": "object"
},
"MoveAssignmentRequest": {
"description": "The request for\nReservationService.MoveAssignment.\nNote: \"bigquery.reservationAssignments.create\" permission is required on the\ndestination_id. Note: \"bigquery.reservationAssignments.create\" and\n\"bigquery.reservationAssignments.delete\" permission is required on the\nrelated assignee.",
"description": "The request for\nReservationService.MoveAssignment.\n\n**Note**: \"bigquery.reservationAssignments.create\" permission is required on\nthe destination_id.\n\n**Note**: \"bigquery.reservationAssignments.create\" and\n\"bigquery.reservationAssignments.delete\" permission are required on the\nrelated assignee.",
"id": "MoveAssignmentRequest",
"properties": {
"destinationId": {
"description": "The new reservation ID, e.g.:\n projects/myotherproject/locations/US/reservations/team2-prod",
"description": "The new reservation ID, e.g.:\n `projects/myotherproject/locations/US/reservations/team2-prod`",
"type": "string"
}
},
@@ -993,20 +987,16 @@
"description": "A reservation is a mechanism used to guarantee slots to users.",
"id": "Reservation",
"properties": {
"autoscale": {
"$ref": "Autoscale",
"description": "The configuration parameters for the auto scaling feature. Note this is an\nalpha feature."
},
"ignoreIdleSlots": {
"description": "If false, any query using this reservation will use idle slots from other\nreservations within the same admin project. If true, a query using this\nreservation will execute with the slot capacity specified above at most.",
"type": "boolean"
},
"name": {
"description": "The resource name of the reservation, e.g.,\n\"projects/*/locations/*/reservations/team1-prod\".",
"description": "The resource name of the reservation, e.g.,\n`projects/*/locations/*/reservations/team1-prod`.",
"type": "string"
},
"slotCapacity": {
"description": "Minimum slots available to this reservation. A slot is a unit of\ncomputational power in BigQuery, and serves as the unit of parallelism.\nQueries using this reservation might use more slots during runtime if\nignore_idle_slots is set to false.\nIf the new reservation's slot capacity exceed the parent's slot capacity or\nif total slot capacity of the new reservation and its siblings exceeds the\nparent's slot capacity, the request will fail with\n`google.rpc.Code.RESOURCE_EXHAUSTED`.",
"description": "Minimum slots available to this reservation. A slot is a unit of\ncomputational power in BigQuery, and serves as the unit of parallelism.\n\nQueries using this reservation might use more slots during runtime if\nignore_idle_slots is set to false.\n\nIf the new reservation's slot capacity exceed the parent's slot capacity or\nif total slot capacity of the new reservation and its siblings exceeds the\nparent's slot capacity, the request will fail with\n`google.rpc.Code.RESOURCE_EXHAUSTED`.",
"format": "int64",
"type": "string"
}

16
etc/api/bigtableadmin/v1/bigtableadmin-api.json
View File

@@ -96,7 +96,7 @@
},
"protocol": "rest",
"resources": {},
"revision": "20200211",
"revision": "20200609",
"rootUrl": "https://bigtableadmin.googleapis.com/",
"schemas": {
"Cluster": {
@@ -104,7 +104,7 @@
"id": "Cluster",
"properties": {
"defaultStorageType": {
"description": "(`CreationOnly`)\nThe type of storage used by this cluster to serve its\nparent instance's tables, unless explicitly overridden.",
"description": "Immutable. The type of storage used by this cluster to serve its\nparent instance's tables, unless explicitly overridden.",
"enum": [
"STORAGE_TYPE_UNSPECIFIED",
"SSD",
@@ -118,11 +118,11 @@
"type": "string"
},
"location": {
"description": "(`CreationOnly`)\nThe location where this cluster's nodes and storage reside. For best\nperformance, clients should be located as close as possible to this\ncluster. Currently only zones are supported, so values should be of the\nform `projects/{project}/locations/{zone}`.",
"description": "Immutable. The location where this cluster's nodes and storage reside. For best\nperformance, clients should be located as close as possible to this\ncluster. Currently only zones are supported, so values should be of the\nform `projects/{project}/locations/{zone}`.",
"type": "string"
},
"name": {
"description": "Required. (`OutputOnly`)\nThe unique name of the cluster. Values are of the form\n`projects/{project}/instances/{instance}/clusters/a-z*`.",
"description": "The unique name of the cluster. Values are of the form\n`projects/{project}/instances/{instance}/clusters/a-z*`.",
"type": "string"
},
"serveNodes": {
@@ -131,7 +131,7 @@
"type": "integer"
},
"state": {
"description": "(`OutputOnly`)\nThe current state of the cluster.",
"description": "Output only. The current state of the cluster.",
"enum": [
"STATE_NOT_KNOWN",
"READY",
@@ -261,11 +261,11 @@
"type": "object"
},
"name": {
"description": "Required. (`OutputOnly`)\nThe unique name of the instance. Values are of the form\n`projects/{project}/instances/a-z+[a-z0-9]`.",
"description": "The unique name of the instance. Values are of the form\n`projects/{project}/instances/a-z+[a-z0-9]`.",
"type": "string"
},
"state": {
"description": "(`OutputOnly`)\nThe current state of the instance.",
"description": "Output only. The current state of the instance.",
"enum": [
"STATE_NOT_KNOWN",
"READY",
@@ -288,7 +288,7 @@
"enumDescriptions": [
"The type of the instance is unspecified. If set when creating an\ninstance, a `PRODUCTION` instance will be created. If set when updating\nan instance, the type will be left unchanged.",
"An instance meant for production use. `serve_nodes` must be set\non the cluster.",
"The instance is meant for development and testing purposes only; it has\nno performance or uptime guarantees and is not covered by SLA.\nAfter a development instance is created, it can be upgraded by\nupdating the instance to type `PRODUCTION`. An instance created\nas a production instance cannot be changed to a development instance.\nWhen creating a development instance, `serve_nodes` on the cluster must\nnot be set."
"DEPRECATED: Prefer PRODUCTION for all use cases, as it no longer enforces\na higher minimum node count than DEVELOPMENT."
],
"type": "string"
}

66
etc/api/bigtableadmin/v2/bigtableadmin-api.json
View File

@@ -143,7 +143,7 @@
"name": {
"description": "The name of the operation resource to be cancelled.",
"location": "path",
"pattern": "^operations/.+$",
"pattern": "^operations/.*$",
"required": true,
"type": "string"
}
@@ -173,7 +173,7 @@
"name": {
"description": "The name of the operation resource to be deleted.",
"location": "path",
"pattern": "^operations/.+$",
"pattern": "^operations/.*$",
"required": true,
"type": "string"
}
@@ -203,7 +203,7 @@
"name": {
"description": "The name of the operation resource.",
"location": "path",
"pattern": "^operations/.+$",
"pattern": "^operations/.*$",
"required": true,
"type": "string"
}
@@ -245,7 +245,7 @@
"name": {
"description": "The name of the operation's parent resource.",
"location": "path",
"pattern": "^operations/projects/.+$",
"pattern": "^operations/projects/.*$",
"required": true,
"type": "string"
},
@@ -458,7 +458,7 @@
],
"parameters": {
"name": {
"description": "Required. (`OutputOnly`)\nThe unique name of the instance. Values are of the form\n`projects/{project}/instances/a-z+[a-z0-9]`.",
"description": "The unique name of the instance. Values are of the form\n`projects/{project}/instances/a-z+[a-z0-9]`.",
"location": "path",
"pattern": "^projects/[^/]+/instances/[^/]+$",
"required": true,
@@ -563,7 +563,7 @@
],
"parameters": {
"name": {
"description": "Required. (`OutputOnly`)\nThe unique name of the instance. Values are of the form\n`projects/{project}/instances/a-z+[a-z0-9]`.",
"description": "The unique name of the instance. Values are of the form\n`projects/{project}/instances/a-z+[a-z0-9]`.",
"location": "path",
"pattern": "^projects/[^/]+/instances/[^/]+$",
"required": true,
@@ -755,7 +755,7 @@
"type": "boolean"
},
"name": {
"description": "(`OutputOnly`)\nThe unique name of the app profile. Values are of the form\n`projects/<project>/instances/<instance>/appProfiles/_a-zA-Z0-9*`.",
"description": "The unique name of the app profile. Values are of the form\n`projects/{project}/instances/{instance}/appProfiles/_a-zA-Z0-9*`.",
"location": "path",
"pattern": "^projects/[^/]+/instances/[^/]+/appProfiles/[^/]+$",
"required": true,
@@ -933,7 +933,7 @@
],
"parameters": {
"name": {
"description": "Required. (`OutputOnly`)\nThe unique name of the cluster. Values are of the form\n`projects/{project}/instances/{instance}/clusters/a-z*`.",
"description": "The unique name of the cluster. Values are of the form\n`projects/{project}/instances/{instance}/clusters/a-z*`.",
"location": "path",
"pattern": "^projects/[^/]+/instances/[^/]+/clusters/[^/]+$",
"required": true,
@@ -961,7 +961,7 @@
"backups": {
"methods": {
"getIamPolicy": {
"description": "Gets the access control policy for a Table or Backup resource.\nReturns an empty policy if the resource exists but does not have a policy\nset.",
"description": "Gets the access control policy for a Table resource.\nReturns an empty policy if the resource exists but does not have a policy\nset.",
"flatPath": "v2/projects/{projectsId}/instances/{instancesId}/clusters/{clustersId}/backups/{backupsId}:getIamPolicy",
"httpMethod": "POST",
"id": "bigtableadmin.projects.instances.clusters.backups.getIamPolicy",
@@ -993,7 +993,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on a Table or Backup resource.\nReplaces any existing policy.",
"description": "Sets the access control policy on a Table resource.\nReplaces any existing policy.",
"flatPath": "v2/projects/{projectsId}/instances/{instancesId}/clusters/{clustersId}/backups/{backupsId}:setIamPolicy",
"httpMethod": "POST",
"id": "bigtableadmin.projects.instances.clusters.backups.setIamPolicy",
@@ -1262,7 +1262,7 @@
]
},
"getIamPolicy": {
"description": "Gets the access control policy for a Table or Backup resource.\nReturns an empty policy if the resource exists but does not have a policy\nset.",
"description": "Gets the access control policy for a Table resource.\nReturns an empty policy if the resource exists but does not have a policy\nset.",
"flatPath": "v2/projects/{projectsId}/instances/{instancesId}/tables/{tablesId}:getIamPolicy",
"httpMethod": "POST",
"id": "bigtableadmin.projects.instances.tables.getIamPolicy",
@@ -1379,7 +1379,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on a Table or Backup resource.\nReplaces any existing policy.",
"description": "Sets the access control policy on a Table resource.\nReplaces any existing policy.",
"flatPath": "v2/projects/{projectsId}/instances/{instancesId}/tables/{tablesId}:setIamPolicy",
"httpMethod": "POST",
"id": "bigtableadmin.projects.instances.tables.setIamPolicy",
@@ -1531,7 +1531,7 @@
}
}
},
"revision": "20200211",
"revision": "20200609",
"rootUrl": "https://bigtableadmin.googleapis.com/",
"schemas": {
"AppProfile": {
@@ -1539,7 +1539,7 @@
"id": "AppProfile",
"properties": {
"description": {
"description": "Optional long form description of the use case for this AppProfile.",
"description": "Long form description of the use case for this AppProfile.",
"type": "string"
},
"etag": {
@@ -1551,7 +1551,7 @@
"description": "Use a multi-cluster routing policy."
},
"name": {
"description": "(`OutputOnly`)\nThe unique name of the app profile. Values are of the form\n`projects/<project>/instances/<instance>/appProfiles/_a-zA-Z0-9*`.",
"description": "The unique name of the app profile. Values are of the form\n`projects/{project}/instances/{instance}/appProfiles/_a-zA-Z0-9*`.",
"type": "string"
},
"singleClusterRouting": {
@@ -1562,7 +1562,7 @@
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -1580,7 +1580,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -1615,7 +1615,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -1658,7 +1658,7 @@
"id": "Cluster",
"properties": {
"defaultStorageType": {
"description": "(`CreationOnly`)\nThe type of storage used by this cluster to serve its\nparent instance's tables, unless explicitly overridden.",
"description": "Immutable. The type of storage used by this cluster to serve its\nparent instance's tables, unless explicitly overridden.",
"enum": [
"STORAGE_TYPE_UNSPECIFIED",
"SSD",
@@ -1672,11 +1672,11 @@
"type": "string"
},
"location": {
"description": "(`CreationOnly`)\nThe location where this cluster's nodes and storage reside. For best\nperformance, clients should be located as close as possible to this\ncluster. Currently only zones are supported, so values should be of the\nform `projects/{project}/locations/{zone}`.",
"description": "Immutable. The location where this cluster's nodes and storage reside. For best\nperformance, clients should be located as close as possible to this\ncluster. Currently only zones are supported, so values should be of the\nform `projects/{project}/locations/{zone}`.",
"type": "string"
},
"name": {
"description": "Required. (`OutputOnly`)\nThe unique name of the cluster. Values are of the form\n`projects/{project}/instances/{instance}/clusters/a-z*`.",
"description": "The unique name of the cluster. Values are of the form\n`projects/{project}/instances/{instance}/clusters/a-z*`.",
"type": "string"
},
"serveNodes": {
@@ -1685,7 +1685,7 @@
"type": "integer"
},
"state": {
"description": "(`OutputOnly`)\nThe current state of the cluster.",
"description": "Output only. The current state of the cluster.",
"enum": [
"STATE_NOT_KNOWN",
"READY",
@@ -1950,7 +1950,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -1960,7 +1960,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1983,11 +1983,11 @@
"type": "object"
},
"name": {
"description": "Required. (`OutputOnly`)\nThe unique name of the instance. Values are of the form\n`projects/{project}/instances/a-z+[a-z0-9]`.",
"description": "The unique name of the instance. Values are of the form\n`projects/{project}/instances/a-z+[a-z0-9]`.",
"type": "string"
},
"state": {
"description": "(`OutputOnly`)\nThe current state of the instance.",
"description": "Output only. The current state of the instance.",
"enum": [
"STATE_NOT_KNOWN",
"READY",
@@ -2010,7 +2010,7 @@
"enumDescriptions": [
"The type of the instance is unspecified. If set when creating an\ninstance, a `PRODUCTION` instance will be created. If set when updating\nan instance, the type will be left unchanged.",
"An instance meant for production use. `serve_nodes` must be set\non the cluster.",
"The instance is meant for development and testing purposes only; it has\nno performance or uptime guarantees and is not covered by SLA.\nAfter a development instance is created, it can be upgraded by\nupdating the instance to type `PRODUCTION`. An instance created\nas a production instance cannot be changed to a development instance.\nWhen creating a development instance, `serve_nodes` on the cluster must\nnot be set."
"DEPRECATED: Prefer PRODUCTION for all use cases, as it no longer enforces\na higher minimum node count than DEVELOPMENT."
],
"type": "string"
}
@@ -2289,7 +2289,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -2312,7 +2312,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -2328,7 +2328,7 @@
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}
@@ -2404,11 +2404,11 @@
"additionalProperties": {
"$ref": "ColumnFamily"
},
"description": "(`CreationOnly`)\nThe column families configured for this table, mapped by column family ID.\nViews: `SCHEMA_VIEW`, `FULL`",
"description": "The column families configured for this table, mapped by column family ID.\nViews: `SCHEMA_VIEW`, `FULL`",
"type": "object"
},
"granularity": {
"description": "(`CreationOnly`)\nThe granularity (i.e. `MILLIS`) at which timestamps are stored in\nthis table. Timestamps not matching the granularity will be rejected.\nIf unspecified at creation time, the value will be set to `MILLIS`.\nViews: `SCHEMA_VIEW`, `FULL`.",
"description": "Immutable. The granularity (i.e. `MILLIS`) at which timestamps are stored in this\ntable. Timestamps not matching the granularity will be rejected.\nIf unspecified at creation time, the value will be set to `MILLIS`.\nViews: `SCHEMA_VIEW`, `FULL`.",
"enum": [
"TIMESTAMP_GRANULARITY_UNSPECIFIED",
"MILLIS"
@@ -2420,7 +2420,7 @@
"type": "string"
},
"name": {
"description": "Output only. The unique name of the table. Values are of the form\n`projects/<project>/instances/<instance>/tables/_a-zA-Z0-9*`.\nViews: `NAME_ONLY`, `SCHEMA_VIEW`, `REPLICATION_VIEW`, `FULL`",
"description": "The unique name of the table. Values are of the form\n`projects/{project}/instances/{instance}/tables/_a-zA-Z0-9*`.\nViews: `NAME_ONLY`, `SCHEMA_VIEW`, `REPLICATION_VIEW`, `FULL`",
"type": "string"
}
},

19
etc/api/billingbudgets/v1beta1/billingbudgets-api.json
View File

@@ -256,7 +256,7 @@
}
}
},
"revision": "20200405",
"revision": "20200704",
"rootUrl": "https://billingbudgets.googleapis.com/",
"schemas": {
"GoogleCloudBillingBudgetsV1beta1AllUpdatesRule": {
@@ -356,6 +356,16 @@
],
"type": "string"
},
"labels": {
"additionalProperties": {
"items": {
"type": "any"
},
"type": "array"
},
"description": "Optional. A single label and value pair specifying that usage from only this set of\nlabeled resources should be included in the budget. Currently, multiple\nentries or multiple values per entry are not allowed. If omitted, the\nreport will include all labeled and unlabeled usage.",
"type": "object"
},
"projects": {
"description": "Optional. A set of projects of the form `projects/{project}`,\nspecifying that usage from only this set of projects should be\nincluded in the budget. If omitted, the report will include all usage for\nthe billing account, regardless of which project the usage occurred on.\nOnly zero or one project can be specified currently.",
"items": {
@@ -369,6 +379,13 @@
"type": "string"
},
"type": "array"
},
"subaccounts": {
"description": "Optional. A set of subaccounts of the form `billingAccounts/{account_id}`, specifying\nthat usage from only this set of subaccounts should be included in the\nbudget. If a subaccount is set to the name of the resller account, usage\nfrom the reseller account will be included. If omitted, the report will\ninclude usage from the reseller account and all subaccounts, if they exist.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"

20
etc/api/binaryauthorization/v1/binaryauthorization-api.json
View File

@@ -257,7 +257,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -315,7 +315,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
"flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}:setIamPolicy",
"httpMethod": "POST",
"id": "binaryauthorization.projects.attestors.setIamPolicy",
@@ -343,7 +343,7 @@
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a `NOT_FOUND` error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}:testIamPermissions",
"httpMethod": "POST",
"id": "binaryauthorization.projects.attestors.testIamPermissions",
@@ -412,7 +412,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -434,7 +434,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
"flatPath": "v1/projects/{projectsId}/policy:setIamPolicy",
"httpMethod": "POST",
"id": "binaryauthorization.projects.policy.setIamPolicy",
@@ -462,7 +462,7 @@
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a `NOT_FOUND` error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"flatPath": "v1/projects/{projectsId}/policy:testIamPermissions",
"httpMethod": "POST",
"id": "binaryauthorization.projects.policy.testIamPermissions",
@@ -494,7 +494,7 @@
}
}
},
"revision": "20200327",
"revision": "20200619",
"rootUrl": "https://binaryauthorization.googleapis.com/",
"schemas": {
"AdmissionRule": {
@@ -605,7 +605,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -651,7 +651,7 @@
"type": "object"
},
"IamPolicy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "IamPolicy",
"properties": {
"bindings": {
@@ -667,7 +667,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}

20
etc/api/binaryauthorization/v1beta1/binaryauthorization-api.json
View File

@@ -257,7 +257,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -315,7 +315,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
"flatPath": "v1beta1/projects/{projectsId}/attestors/{attestorsId}:setIamPolicy",
"httpMethod": "POST",
"id": "binaryauthorization.projects.attestors.setIamPolicy",
@@ -343,7 +343,7 @@
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a `NOT_FOUND` error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"flatPath": "v1beta1/projects/{projectsId}/attestors/{attestorsId}:testIamPermissions",
"httpMethod": "POST",
"id": "binaryauthorization.projects.attestors.testIamPermissions",
@@ -412,7 +412,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -434,7 +434,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
"flatPath": "v1beta1/projects/{projectsId}/policy:setIamPolicy",
"httpMethod": "POST",
"id": "binaryauthorization.projects.policy.setIamPolicy",
@@ -462,7 +462,7 @@
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a `NOT_FOUND` error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"flatPath": "v1beta1/projects/{projectsId}/policy:testIamPermissions",
"httpMethod": "POST",
"id": "binaryauthorization.projects.policy.testIamPermissions",
@@ -494,7 +494,7 @@
}
}
},
"revision": "20200327",
"revision": "20200619",
"rootUrl": "https://binaryauthorization.googleapis.com/",
"schemas": {
"AdmissionRule": {
@@ -605,7 +605,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -651,7 +651,7 @@
"type": "object"
},
"IamPolicy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "IamPolicy",
"properties": {
"bindings": {
@@ -667,7 +667,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}

495
etc/api/blogger/v2/blogger-api.json
View File

File diff suppressed because it is too large Load Diff

BIN
etc/api/blogger/v3/blogger-api.json
View File

Binary file not shown.

1087
etc/api/books/v1/books-api.json
View File

File diff suppressed because it is too large Load Diff

13
etc/api/calendar/v3/calendar-api.json
View File

@@ -26,7 +26,6 @@
"description": "Manipulates events and other calendar data.",
"discoveryVersion": "v1",
"documentationLink": "https://developers.google.com/google-apps/calendar/firstapp",
"etag": "\"u9GIe6H63LSGq-9_t39K2Zx_EAc/7Yu8Dg6pIx8hQ9JbwRYcDNjZYUM\"",
"icons": {
"x16": "http://www.google.com/images/icons/product/calendar-16.png",
"x32": "http://www.google.com/images/icons/product/calendar-32.png"
@@ -1724,7 +1723,7 @@
}
}
},
"revision": "20200405",
"revision": "20200705",
"rootUrl": "https://www.googleapis.com/",
"schemas": {
"Acl": {
@@ -1930,7 +1929,7 @@
},
"hidden": {
"default": "false",
"description": "Whether the calendar has been hidden from the list. Optional. The default is False.",
"description": "Whether the calendar has been hidden from the list. Optional. The attribute is only returned when the calendar is hidden, in which case the value is true.",
"type": "boolean"
},
"id": {
@@ -2110,7 +2109,7 @@
},
"conferenceSolution": {
"$ref": "ConferenceSolution",
"description": "The conference solution, such as Hangouts or Hangouts Meet.\nUnset for a conference with a failed create request.\nEither conferenceSolution and at least one entryPoint, or createRequest is required."
"description": "The conference solution, such as Hangouts or Google Meet.\nUnset for a conference with a failed create request.\nEither conferenceSolution and at least one entryPoint, or createRequest is required."
},
"createRequest": {
"$ref": "CreateConferenceRequest",
@@ -2205,7 +2204,7 @@
"id": "ConferenceSolutionKey",
"properties": {
"type": {
"description": "The conference solution type.\nIf a client encounters an unfamiliar or empty type, it should still be able to display the entry points. However, it should disallow modifications.\nThe possible values are: \n- \"eventHangout\" for Hangouts for consumers (http://hangouts.google.com)\n- \"eventNamedHangout\" for classic Hangouts for G Suite users (http://hangouts.google.com)\n- \"hangoutsMeet\" for Hangouts Meet (http://meet.google.com)\n- \"addOn\" for 3P conference providers",
"description": "The conference solution type.\nIf a client encounters an unfamiliar or empty type, it should still be able to display the entry points. However, it should disallow modifications.\nThe possible values are: \n- \"eventHangout\" for Hangouts for consumers (http://hangouts.google.com)\n- \"eventNamedHangout\" for classic Hangouts for G Suite users (http://hangouts.google.com)\n- \"hangoutsMeet\" for Google Meet (http://meet.google.com)\n- \"addOn\" for 3P conference providers",
"type": "string"
}
},
@@ -2216,7 +2215,7 @@
"properties": {
"conferenceSolutionKey": {
"$ref": "ConferenceSolutionKey",
"description": "The conference solution, such as Hangouts or Hangouts Meet."
"description": "The conference solution, such as Hangouts or Google Meet."
},
"requestId": {
"description": "The client-generated unique ID for this request.\nClients should regenerate this ID for every new request. If an ID provided is the same as for the previous request, the request is ignored.",
@@ -2325,7 +2324,7 @@
},
"conferenceData": {
"$ref": "ConferenceData",
"description": "The conference-related information, such as details of a Hangouts Meet conference. To create new conference details use the createRequest field. To persist your changes, remember to set the conferenceDataVersion request parameter to 1 for all event modification requests."
"description": "The conference-related information, such as details of a Google Meet conference. To create new conference details use the createRequest field. To persist your changes, remember to set the conferenceDataVersion request parameter to 1 for all event modification requests."
},
"created": {
"description": "Creation time of the event (as a RFC3339 timestamp). Read-only.",

16
etc/api/chat/v1/chat-api.json
View File

@@ -317,7 +317,7 @@
}
}
},
"revision": "20200405",
"revision": "20200701",
"rootUrl": "https://chat.googleapis.com/",
"schemas": {
"ActionParameter": {
@@ -963,15 +963,23 @@
"id": "Space",
"properties": {
"displayName": {
"description": "Output only. The display name (only if the space is a room).",
"description": "Output only. The display name (only if the space is a room).\nPlease note that this field might not be populated in direct messages\nbetween humans.",
"type": "string"
},
"name": {
"description": "Resource name of the space, in the form \"spaces/*\".\n\nExample: spaces/AAAAMpdlehYs",
"type": "string"
},
"singleUserBotDm": {
"description": "Whether the space is a DM between a bot and a single human.",
"type": "boolean"
},
"threaded": {
"description": "Whether the messages are threaded in this space.",
"type": "boolean"
},
"type": {
"description": "Output only. The type of a space.",
"description": "Output only. The type of a space.\nThis is deprecated. Use `single_user_bot_dm` instead.",
"enum": [
"TYPE_UNSPECIFIED",
"ROOM",
@@ -979,7 +987,7 @@
],
"enumDescriptions": [
"",
"A chat space where memberships are free to change. Messages in rooms are\nthreaded.",
"Multi-user spaces such as rooms and DMs between humans.",
"1:1 Direct Message between a human and a bot, where all messages are\nflat."
],
"type": "string"

293
etc/api/chromeuxreport/v1/chromeuxreport-api.json Normal file
View File

@@ -0,0 +1,293 @@
{
"basePath": "",
"baseUrl": "https://chromeuxreport.googleapis.com/",
"batchPath": "batch",
"canonicalName": "Chrome UX Report",
"description": "The Chrome UX Report API lets you view real user experience data for millions of websites.\n",
"discoveryVersion": "v1",
"documentationLink": "https://developers.google.com/web/tools/chrome-user-experience-report/api/reference",
"fullyEncodeReservedExpansion": true,
"icons": {
"x16": "http://www.google.com/images/icons/product/search-16.gif",
"x32": "http://www.google.com/images/icons/product/search-32.gif"
},
"id": "chromeuxreport:v1",
"kind": "discovery#restDescription",
"mtlsRootUrl": "https://chromeuxreport.mtls.googleapis.com/",
"name": "chromeuxreport",
"ownerDomain": "google.com",
"ownerName": "Google",
"parameters": {
"$.xgafv": {
"description": "V1 error format.",
"enum": [
"1",
"2"
],
"enumDescriptions": [
"v1 error format",
"v2 error format"
],
"location": "query",
"type": "string"
},
"access_token": {
"description": "OAuth access token.",
"location": "query",
"type": "string"
},
"alt": {
"default": "json",
"description": "Data format for response.",
"enum": [
"json",
"media",
"proto"
],
"enumDescriptions": [
"Responses with Content-Type of application/json",
"Media download with context-dependent Content-Type",
"Responses with Content-Type of application/x-protobuf"
],
"location": "query",
"type": "string"
},
"callback": {
"description": "JSONP",
"location": "query",
"type": "string"
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"location": "query",
"type": "string"
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"location": "query",
"type": "string"
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"location": "query",
"type": "string"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
"location": "query",
"type": "boolean"
},
"quotaUser": {
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"location": "query",
"type": "string"
},
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"location": "query",
"type": "string"
},
"upload_protocol": {
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
"location": "query",
"type": "string"
}
},
"protocol": "rest",
"resources": {
"records": {
"methods": {
"queryRecord": {
"description": "Queries the Chrome User Experience for a single `record` for a given site.\n\nReturns a `record` that contains one or more `metrics` corresponding to\nperformance data about the requested site.",
"flatPath": "v1/records:queryRecord",
"httpMethod": "POST",
"id": "chromeuxreport.records.queryRecord",
"parameterOrder": [],
"parameters": {},
"path": "v1/records:queryRecord",
"request": {
"$ref": "QueryRequest"
},
"response": {
"$ref": "QueryResponse"
}
}
}
}
},
"revision": "20200708",
"rootUrl": "https://chromeuxreport.googleapis.com/",
"schemas": {
"Bin": {
"description": "A bin is a discrete portion of data spanning from start to end, or if no\nend is given, then from start to +inf.\n\nA bin's start and end values are given in the value type of the metric it\nrepresents. For example, \"first contentful paint\" is measured in\nmilliseconds and exposed as ints, therefore its metric bins will use int32s\nfor its start and end types. However, \"cumulative layout shift\" is measured\nin unitless decimals and is exposed as a decimal encoded as a string,\ntherefore its metric bins will use strings for its value type.",
"id": "Bin",
"properties": {
"density": {
"description": "The proportion of users that experienced this bin's value for the given\nmetric.",
"format": "double",
"type": "number"
},
"end": {
"description": "End is the end of the data bin. If end is not populated, then the bin has\nno end and is valid from start to +inf.",
"type": "any"
},
"start": {
"description": "Start is the beginning of the data bin.",
"type": "any"
}
},
"type": "object"
},
"Key": {
"description": "Key defines all the dimensions that identify this record as unique.",
"id": "Key",
"properties": {
"formFactor": {
"description": "The form factor is the device class that all users used to access the\nsite for this record.\n\nIf the form factor is unspecified, then aggregated data over all form\nfactors will be returned.",
"enum": [
"ALL_FORM_FACTORS",
"PHONE",
"DESKTOP",
"TABLET"
],
"enumDescriptions": [
"The default value, representing all device classes.",
"The device class representing a \"mobile\"/\"phone\" sized client.",
"The device class representing a \"desktop\"/\"laptop\" type full size client.",
"The device class representing a \"tablet\" type client."
],
"type": "string"
},
"origin": {
"description": "Origin specifies the origin that this record is for.\n\nNote: When specifying an origin, data for loads under this origin over\nall pages are aggregated into origin level user experience data.",
"type": "string"
},
"url": {
"description": "Url specifies a specific url that this record is for.\n\nNote: When specifying a \"url\" only data for that specific url will be\naggregated.",
"type": "string"
}
},
"type": "object"
},
"Metric": {
"description": "A `metric` is a set of user experience data for a single web performance\nmetric, like \"first contentful paint\". It contains a summary histogram of\nreal world Chrome usage as a series of `bins`.",
"id": "Metric",
"properties": {
"histogram": {
"description": "The histogram of user experiences for a metric. The histogram will have at\nleast one bin and the densities of all bins will add up to ~1.",
"items": {
"$ref": "Bin"
},
"type": "array"
},
"percentiles": {
"$ref": "Percentiles",
"description": "Common useful percentiles of the Metric. The value type for the\npercentiles will be the same as the value types given for the Histogram\nbins."
}
},
"type": "object"
},
"Percentiles": {
"description": "Percentiles contains synthetic values of a metric at a given statistical\npercentile. These are used for estimating a metric's value as experienced\nby a percentage of users out of the total number of users.",
"id": "Percentiles",
"properties": {
"p75": {
"description": "75% of users experienced the given metric at or below this value.",
"type": "any"
}
},
"type": "object"
},
"QueryRequest": {
"description": "Request payload sent by a physical web client.\n\nThis request includes all necessary context to load a particular\nuser experience record.",
"id": "QueryRequest",
"properties": {
"formFactor": {
"description": "The form factor is a query dimension that specifies the device class that\nthe record's data should belong to.\n\nNote: If no form factor is specified, then a special record with\naggregated data over all form factors will be returned.",
"enum": [
"ALL_FORM_FACTORS",
"PHONE",
"DESKTOP",
"TABLET"
],
"enumDescriptions": [
"The default value, representing all device classes.",
"The device class representing a \"mobile\"/\"phone\" sized client.",
"The device class representing a \"desktop\"/\"laptop\" type full size client.",
"The device class representing a \"tablet\" type client."
],
"type": "string"
},
"metrics": {
"description": "The metrics that should be included in the response.\nIf none are specified then any metrics found will be returned.\n\nAllowed values: [\"first_contentful_paint\",\n\"first_input_delay\", \"largest_contentful_paint\",\n\"cumulative_layout_shift\"]",
"items": {
"type": "string"
},
"type": "array"
},
"origin": {
"description": "The url pattern \"origin\" refers to a url pattern that is the origin of\na website.\n\nExamples: \"https://example.com\", \"https://cloud.google.com\"",
"type": "string"
},
"url": {
"description": "The url pattern \"url\" refers to a url pattern that is any arbitrary url.\n\nExamples: \"https://example.com/\",\n \"https://cloud.google.com/why-google-cloud/\"",
"type": "string"
}
},
"type": "object"
},
"QueryResponse": {
"description": "Response payload sent back to a physical web client.\n\nThis response contains the record found based on the identiers present in a\n`QueryRequest`. The returned response will have a record, and sometimes\ndetails on normalization actions taken on the request that were necessary to\nmake the request successful.",
"id": "QueryResponse",
"properties": {
"record": {
"$ref": "Record",
"description": "The record that was found."
},
"urlNormalizationDetails": {
"$ref": "UrlNormalization",
"description": "These are details about automated normalization actions that were taken in\norder to make the requested `url_pattern` valid."
}
},
"type": "object"
},
"Record": {
"description": "Record is a single Chrome UX report data record. It contains use experience\nstatistics for a single url pattern and set of dimensions.",
"id": "Record",
"properties": {
"key": {
"$ref": "Key",
"description": "Key defines all of the unique querying parameters needed to look up a user\nexperience record."
},
"metrics": {
"additionalProperties": {
"$ref": "Metric"
},
"description": "Metrics is the map of user experience data available for the record defined\nin the key field. Metrics are keyed on the metric name.\n\nAllowed key values: [\"first_contentful_paint\",\n\"first_input_delay\", \"largest_contentful_paint\",\n\"cumulative_layout_shift\"]",
"type": "object"
}
},
"type": "object"
},
"UrlNormalization": {
"description": "Object representing the normalization actions taken to normalize a url to\nachieve a higher chance of successful lookup. These are simple automated\nchanges that are taken when looking up the provided `url_patten` would be\nknown to fail. Complex actions like following redirects are not handled.",
"id": "UrlNormalization",
"properties": {
"normalizedUrl": {
"description": "The URL after any normalization actions. This is a valid user experience\nURL that could reasonably be looked up.",
"type": "string"
},
"originalUrl": {
"description": "The original requested URL prior to any normalization actions.",
"type": "string"
}
},
"type": "object"
}
},
"servicePath": "",
"title": "Chrome UX Report API",
"version": "v1",
"version_module": true
}

795
etc/api/civicinfo/v2/civicinfo-api.json
View File

File diff suppressed because it is too large Load Diff

8
etc/api/classroom/v1/classroom-api.json
View File

@@ -1343,7 +1343,7 @@
"type": "string"
},
"pageSize": {
"description": "Maximum number of items to return. Zero means no maximum.\n\nThe server may return fewer than the specified number of results.",
"description": "Maximum number of items to return. The default is 30 if unspecified or `0`.\n\nThe server may return fewer than the specified number of results.",
"format": "int32",
"location": "query",
"type": "integer"
@@ -1479,7 +1479,7 @@
"type": "string"
},
"pageSize": {
"description": "Maximum number of items to return. Zero means no maximum.\n\nThe server may return fewer than the specified number of results.",
"description": "Maximum number of items to return. The default is 30 if unspecified or `0`.\n\nThe server may return fewer than the specified number of results.",
"format": "int32",
"location": "query",
"type": "integer"
@@ -1781,7 +1781,7 @@
"type": "string"
},
"pageSize": {
"description": "Maximum number of items to return. Zero means no maximum.\n\nThe server may return fewer than the specified number of results.",
"description": "Maximum number of items to return. The default is 500 if unspecified or\n`0`.\n\nThe server may return fewer than the specified number of results.",
"format": "int32",
"location": "query",
"type": "integer"
@@ -2153,7 +2153,7 @@
}
}
},
"revision": "20200408",
"revision": "20200708",
"rootUrl": "https://classroom.googleapis.com/",
"schemas": {
"Announcement": {

78
etc/api/cloudasset/v1/cloudasset-api.json
View File

@@ -272,7 +272,7 @@
"v1": {
"methods": {
"batchGetAssetsHistory": {
"description": "Batch gets the update history of assets that overlap a time window.\nFor RESOURCE content, this API outputs history with asset in both\nnon-delete or deleted status.\nFor IAM_POLICY content, this API outputs history when the asset and its\nattached IAM POLICY both exist. This can create gaps in the output history.\nIf a specified asset does not exist, this API returns an INVALID_ARGUMENT\nerror.",
"description": "Batch gets the update history of assets that overlap a time window.\nFor IAM_POLICY content, this API outputs history when the asset and its\nattached IAM POLICY both exist. This can create gaps in the output history.\nOtherwise, this API outputs history with asset in both non-delete or\ndeleted status.\nIf a specified asset does not exist, this API returns an INVALID_ARGUMENT\nerror.",
"flatPath": "v1/{v1Id}/{v1Id1}:batchGetAssetsHistory",
"httpMethod": "GET",
"id": "cloudasset.batchGetAssetsHistory",
@@ -281,7 +281,7 @@
],
"parameters": {
"assetNames": {
"description": "A list of the full names of the assets. For example:\n`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.\nSee [Resource\nNames](https://cloud.google.com/apis/design/resource_names#full_resource_name)\nand [Resource Name\nFormat](https://cloud.google.com/asset-inventory/docs/resource-name-format)\nfor more info.\n\nThe request becomes a no-op if the asset name list is empty, and the max\nsize of the asset name list is 100 in one request.",
"description": "A list of the full names of the assets.\nSee: https://cloud.google.com/asset-inventory/docs/resource-name-format\nExample:\n\n`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.\n\nThe request becomes a no-op if the asset name list is empty, and the max\nsize of the asset name list is 100 in one request.",
"location": "query",
"repeated": true,
"type": "string"
@@ -327,7 +327,7 @@
]
},
"exportAssets": {
"description": "Exports assets with time and resource types to a given Cloud Storage\nlocation. The output format is newline-delimited JSON.\nThis API implements the google.longrunning.Operation API allowing you\nto keep track of the export.",
"description": "Exports assets with time and resource types to a given Cloud Storage\nlocation/BigQuery table. For Cloud Storage location destinations, the\noutput format is newline-delimited JSON. Each line represents a\ngoogle.cloud.asset.v1.Asset in the JSON format; for BigQuery table\ndestinations, the output table stores the fields in asset proto as columns.\nThis API implements the google.longrunning.Operation API\n, which allows you to keep track of the export. We recommend intervals of\nat least 2 seconds with exponential retry to poll the export operation\nresult. For regular-size resource parent, the export operation usually\nfinishes within 5 minutes.",
"flatPath": "v1/{v1Id}/{v1Id1}:exportAssets",
"httpMethod": "POST",
"id": "cloudasset.exportAssets",
@@ -357,28 +357,30 @@
}
}
},
"revision": "20200403",
"revision": "20200613",
"rootUrl": "https://cloudasset.googleapis.com/",
"schemas": {
"Asset": {
"description": "An asset in Google Cloud. An asset can be any resource in the Google Cloud\n[resource\nhierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),\na resource outside the Google Cloud resource hierarchy (such as Google\nKubernetes Engine clusters and objects), or a Cloud IAM policy.",
"description": "An asset in Google Cloud. An asset can be any resource in the Google Cloud\n[resource\nhierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),\na resource outside the Google Cloud resource hierarchy (such as Google\nKubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy).\nSee [Supported asset\ntypes](https://cloud.google.com/asset-inventory/docs/supported-asset-types)\nfor more information.",
"id": "Asset",
"properties": {
"accessLevel": {
"$ref": "GoogleIdentityAccesscontextmanagerV1AccessLevel"
"$ref": "GoogleIdentityAccesscontextmanagerV1AccessLevel",
"description": "Please also refer to the [access level user\nguide](https://cloud.google.com/access-context-manager/docs/overview#access-levels)."
},
"accessPolicy": {
"$ref": "GoogleIdentityAccesscontextmanagerV1AccessPolicy"
"$ref": "GoogleIdentityAccesscontextmanagerV1AccessPolicy",
"description": "Please also refer to the [access policy user\nguide](https://cloud.google.com/access-context-manager/docs/overview#access-policies)."
},
"ancestors": {
"description": "The ancestry path of an asset in Google Cloud [resource\nhierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),\nrepresented as a list of relative resource names. An ancestry path starts\nwith the closest ancestor in the hierarchy and ends at root. If the asset\nis a project, folder, or organization, the ancestry path starts from the\nasset itself.\n\nFor example: `[\"projects/123456789\", \"folders/5432\", \"organizations/1234\"]`",
"description": "The ancestry path of an asset in Google Cloud [resource\nhierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),\nrepresented as a list of relative resource names. An ancestry path starts\nwith the closest ancestor in the hierarchy and ends at root. If the asset\nis a project, folder, or organization, the ancestry path starts from the\nasset itself.\n\nExample: `[\"projects/123456789\", \"folders/5432\", \"organizations/1234\"]`",
"items": {
"type": "string"
},
"type": "array"
},
"assetType": {
"description": "The type of the asset. For example: \"compute.googleapis.com/Disk\"\n\nSee [Supported asset\ntypes](https://cloud.google.com/asset-inventory/docs/supported-asset-types)\nfor more information.",
"description": "The type of the asset. Example: `compute.googleapis.com/Disk`\n\nSee [Supported asset\ntypes](https://cloud.google.com/asset-inventory/docs/supported-asset-types)\nfor more information.",
"type": "string"
},
"iamPolicy": {
@@ -386,7 +388,7 @@
"description": "A representation of the Cloud IAM policy set on a Google Cloud resource.\nThere can be a maximum of one Cloud IAM policy set on any given resource.\nIn addition, Cloud IAM policies inherit their granted access scope from any\npolicies set on parent resources in the resource hierarchy. Therefore, the\neffectively policy is the union of both the policy set on this resource\nand each policy set on all of the resource's ancestry resource levels in\nthe hierarchy. See\n[this topic](https://cloud.google.com/iam/docs/policies#inheritance) for\nmore information."
},
"name": {
"description": "The full name of the asset. For example:\n\"//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1\"\n\nSee [Resource\nnames](https://cloud.google.com/apis/design/resource_names#full_resource_name)\nfor more information.",
"description": "The full name of the asset. Example:\n`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`\n\nSee [Resource\nnames](https://cloud.google.com/apis/design/resource_names#full_resource_name)\nfor more information.",
"type": "string"
},
"orgPolicy": {
@@ -401,13 +403,19 @@
"description": "A representation of the resource."
},
"servicePerimeter": {
"$ref": "GoogleIdentityAccesscontextmanagerV1ServicePerimeter"
"$ref": "GoogleIdentityAccesscontextmanagerV1ServicePerimeter",
"description": "Please also refer to the [service perimeter user\nguide](https://cloud.google.com/vpc-service-controls/docs/overview)."
},
"updateTime": {
"description": "The last update timestamp of an asset. update_time is updated when\ncreate/update/delete operation is performed.",
"format": "google-datetime",
"type": "string"
}
},
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -425,7 +433,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -469,7 +477,7 @@
"type": "object"
},
"BigQueryDestination": {
"description": "A BigQuery destination.",
"description": "A BigQuery destination for exporting assets to.",
"id": "BigQueryDestination",
"properties": {
"dataset": {
@@ -493,7 +501,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -535,7 +543,7 @@
"id": "ExportAssetsRequest",
"properties": {
"assetTypes": {
"description": "A list of asset types of which to take a snapshot for. For example:\n\"compute.googleapis.com/Disk\". If specified, only matching assets will be\nreturned. See [Introduction to Cloud Asset\nInventory](https://cloud.google.com/asset-inventory/docs/overview)\nfor all supported asset types.",
"description": "A list of asset types of which to take a snapshot for. Example:\n\"compute.googleapis.com/Disk\". If specified, only matching assets will be\nreturned. See [Introduction to Cloud Asset\nInventory](https://cloud.google.com/asset-inventory/docs/overview)\nfor all supported asset types.",
"items": {
"type": "string"
},
@@ -561,7 +569,7 @@
},
"outputConfig": {
"$ref": "OutputConfig",
"description": "Required. Output configuration indicating where the results will be output\nto. All results will be in newline delimited JSON format."
"description": "Required. Output configuration indicating where the results will be output to."
},
"readTime": {
"description": "Timestamp to take an asset snapshot. This can only be set to a timestamp\nbetween the current time and the current time minus 35 days (inclusive).\nIf not specified, the current time will be used. Due to delays in resource\ndata collection and indexing, there is a volatile window during which\nrunning the same query may get different results.",
@@ -599,14 +607,14 @@
"id": "Feed",
"properties": {
"assetNames": {
"description": "A list of the full names of the assets to receive updates. You must specify\neither or both of asset_names and asset_types. Only asset updates matching\nspecified asset_names and asset_types are exported to the feed. For\nexample:\n`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.\nSee [Resource\nNames](https://cloud.google.com/apis/design/resource_names#full_resource_name)\nfor more info.",
"description": "A list of the full names of the assets to receive updates. You must specify\neither or both of asset_names and asset_types. Only asset updates matching\nspecified asset_names or asset_types are exported to the feed.\nExample:\n`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.\nSee [Resource\nNames](https://cloud.google.com/apis/design/resource_names#full_resource_name)\nfor more info.",
"items": {
"type": "string"
},
"type": "array"
},
"assetTypes": {
"description": "A list of types of the assets to receive updates. You must specify either\nor both of asset_names and asset_types. Only asset updates matching\nspecified asset_names and asset_types are exported to the feed.\nFor example: `\"compute.googleapis.com/Disk\"`\n\nSee [this\ntopic](https://cloud.google.com/asset-inventory/docs/supported-asset-types)\nfor a list of all supported asset types.",
"description": "A list of types of the assets to receive updates. You must specify either\nor both of asset_names and asset_types. Only asset updates matching\nspecified asset_names or asset_types are exported to the feed.\nExample: `\"compute.googleapis.com/Disk\"`\n\nSee [this\ntopic](https://cloud.google.com/asset-inventory/docs/supported-asset-types)\nfor a list of all supported asset types.",
"items": {
"type": "string"
},
@@ -657,11 +665,11 @@
"id": "GcsDestination",
"properties": {
"uri": {
"description": "The uri of the Cloud Storage object. It's the same uri that is used by\ngsutil. For example: \"gs://bucket_name/object_name\". See [Viewing and\nEditing Object\nMetadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)\nfor more information.",
"description": "The uri of the Cloud Storage object. It's the same uri that is used by\ngsutil. Example: \"gs://bucket_name/object_name\". See [Viewing and\nEditing Object\nMetadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)\nfor more information.",
"type": "string"
},
"uriPrefix": {
"description": "The uri prefix of all generated Cloud Storage objects. For example:\n\"gs://bucket_name/object_name_prefix\". Each object uri is in format:\n\"gs://bucket_name/object_name_prefix/<asset type>/<shard number> and only\ncontains assets for that type. <shard number> starts from 0. For example:\n\"gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0\" is\nthe first shard of output objects containing all\ncompute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be\nreturned if file with the same name \"gs://bucket_name/object_name_prefix\"\nalready exists.",
"description": "The uri prefix of all generated Cloud Storage objects. Example:\n\"gs://bucket_name/object_name_prefix\". Each object uri is in format:\n\"gs://bucket_name/object_name_prefix/<asset type>/<shard number> and only\ncontains assets for that type. <shard number> starts from 0. Example:\n\"gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0\" is\nthe first shard of output objects containing all\ncompute.googleapis.com/Disk assets. An INVALID_ARGUMENT error will be\nreturned if file with the same name \"gs://bucket_name/object_name_prefix\"\nalready exists.",
"type": "string"
}
},
@@ -711,7 +719,7 @@
"type": "array"
},
"inheritFromParent": {
"description": "Determines the inheritance behavior for this `Policy`.\n\nBy default, a `ListPolicy` set at a resource supercedes any `Policy` set\nanywhere up the resource hierarchy. However, if `inherit_from_parent` is\nset to `true`, then the values from the effective `Policy` of the parent\nresource are inherited, meaning the values set in this `Policy` are\nadded to the values inherited up the hierarchy.\n\nSetting `Policy` hierarchies that inherit both allowed values and denied\nvalues isn't recommended in most circumstances to keep the configuration\nsimple and understandable. However, it is possible to set a `Policy` with\n`allowed_values` set that inherits a `Policy` with `denied_values` set.\nIn this case, the values that are allowed must be in `allowed_values` and\nnot present in `denied_values`.\n\nFor example, suppose you have a `Constraint`\n`constraints/serviceuser.services`, which has a `constraint_type` of\n`list_constraint`, and with `constraint_default` set to `ALLOW`.\nSuppose that at the Organization level, a `Policy` is applied that\nrestricts the allowed API activations to {`E1`, `E2`}. Then, if a\n`Policy` is applied to a project below the Organization that has\n`inherit_from_parent` set to `false` and field all_values set to DENY,\nthen an attempt to activate any API will be denied.\n\nThe following examples demonstrate different possible layerings for\n`projects/bar` parented by `organizations/foo`:\n\nExample 1 (no inherited values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has `inherit_from_parent` `false` and values:\n {allowed_values: \"E3\" allowed_values: \"E4\"}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are `E3`, and `E4`.\n\nExample 2 (inherited values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has a `Policy` with values:\n {value: \"E3\" value: \"E4\" inherit_from_parent: true}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.\n\nExample 3 (inheriting both allowed and denied values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {denied_values: \"E1\"}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe value accepted at `projects/bar` is `E2`.\n\nExample 4 (RestoreDefault):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has a `Policy` with values:\n {RestoreDefault: {}}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are either all or none depending on\nthe value of `constraint_default` (if `ALLOW`, all; if\n`DENY`, none).\n\nExample 5 (no policy inherits parent policy):\n `organizations/foo` has no `Policy` set.\n `projects/bar` has no `Policy` set.\nThe accepted values at both levels are either all or none depending on\nthe value of `constraint_default` (if `ALLOW`, all; if\n`DENY`, none).\n\nExample 6 (ListConstraint allowing all):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {all: ALLOW}\nThe accepted values at `organizations/foo` are `E1`, E2`.\nAny value is accepted at `projects/bar`.\n\nExample 7 (ListConstraint allowing none):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {all: DENY}\nThe accepted values at `organizations/foo` are `E1`, E2`.\nNo value is accepted at `projects/bar`.\n\nExample 10 (allowed and denied subtrees of Resource Manager hierarchy):\nGiven the following resource hierarchy\n O1->{F1, F2}; F1->{P1}; F2->{P2, P3},\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"under:organizations/O1\"}\n `projects/bar` has a `Policy` with:\n {allowed_values: \"under:projects/P3\"}\n {denied_values: \"under:folders/F2\"}\nThe accepted values at `organizations/foo` are `organizations/O1`,\n `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,\n `projects/P3`.\nThe accepted values at `projects/bar` are `organizations/O1`,\n `folders/F1`, `projects/P1`.",
"description": "Determines the inheritance behavior for this `Policy`.\n\nBy default, a `ListPolicy` set at a resource supersedes any `Policy` set\nanywhere up the resource hierarchy. However, if `inherit_from_parent` is\nset to `true`, then the values from the effective `Policy` of the parent\nresource are inherited, meaning the values set in this `Policy` are\nadded to the values inherited up the hierarchy.\n\nSetting `Policy` hierarchies that inherit both allowed values and denied\nvalues isn't recommended in most circumstances to keep the configuration\nsimple and understandable. However, it is possible to set a `Policy` with\n`allowed_values` set that inherits a `Policy` with `denied_values` set.\nIn this case, the values that are allowed must be in `allowed_values` and\nnot present in `denied_values`.\n\nFor example, suppose you have a `Constraint`\n`constraints/serviceuser.services`, which has a `constraint_type` of\n`list_constraint`, and with `constraint_default` set to `ALLOW`.\nSuppose that at the Organization level, a `Policy` is applied that\nrestricts the allowed API activations to {`E1`, `E2`}. Then, if a\n`Policy` is applied to a project below the Organization that has\n`inherit_from_parent` set to `false` and field all_values set to DENY,\nthen an attempt to activate any API will be denied.\n\nThe following examples demonstrate different possible layerings for\n`projects/bar` parented by `organizations/foo`:\n\nExample 1 (no inherited values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has `inherit_from_parent` `false` and values:\n {allowed_values: \"E3\" allowed_values: \"E4\"}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are `E3`, and `E4`.\n\nExample 2 (inherited values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has a `Policy` with values:\n {value: \"E3\" value: \"E4\" inherit_from_parent: true}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.\n\nExample 3 (inheriting both allowed and denied values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {denied_values: \"E1\"}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe value accepted at `projects/bar` is `E2`.\n\nExample 4 (RestoreDefault):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has a `Policy` with values:\n {RestoreDefault: {}}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are either all or none depending on\nthe value of `constraint_default` (if `ALLOW`, all; if\n`DENY`, none).\n\nExample 5 (no policy inherits parent policy):\n `organizations/foo` has no `Policy` set.\n `projects/bar` has no `Policy` set.\nThe accepted values at both levels are either all or none depending on\nthe value of `constraint_default` (if `ALLOW`, all; if\n`DENY`, none).\n\nExample 6 (ListConstraint allowing all):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {all: ALLOW}\nThe accepted values at `organizations/foo` are `E1`, E2`.\nAny value is accepted at `projects/bar`.\n\nExample 7 (ListConstraint allowing none):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {all: DENY}\nThe accepted values at `organizations/foo` are `E1`, E2`.\nNo value is accepted at `projects/bar`.\n\nExample 10 (allowed and denied subtrees of Resource Manager hierarchy):\nGiven the following resource hierarchy\n O1->{F1, F2}; F1->{P1}; F2->{P2, P3},\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"under:organizations/O1\"}\n `projects/bar` has a `Policy` with:\n {allowed_values: \"under:projects/P3\"}\n {denied_values: \"under:folders/F2\"}\nThe accepted values at `organizations/foo` are `organizations/O1`,\n `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,\n `projects/P3`.\nThe accepted values at `projects/bar` are `organizations/O1`,\n `folders/F1`, `projects/P1`.",
"type": "boolean"
},
"suggestedValue": {
@@ -730,7 +738,7 @@
"description": "For boolean `Constraints`, whether to enforce the `Constraint` or not."
},
"constraint": {
"description": "The name of the `Constraint` the `Policy` is configuring, for example,\n`constraints/serviceuser.services`.\n\nImmutable after creation.",
"description": "The name of the `Constraint` the `Policy` is configuring, for example,\n`constraints/serviceuser.services`.\n\nA [list of available\nconstraints](/resource-manager/docs/organization-policy/org-policy-constraints)\nis available.\n\nImmutable after creation.",
"type": "string"
},
"etag": {
@@ -1143,7 +1151,7 @@
"properties": {
"bigqueryDestination": {
"$ref": "BigQueryDestination",
"description": "Destination on BigQuery. The output table stores the fields in asset\nproto as columns in BigQuery. The resource/iam_policy field is converted\nto a record with each field to a column, except metadata to a single JSON\nstring."
"description": "Destination on BigQuery. The output table stores the fields in asset\nproto as columns in BigQuery."
},
"gcsDestination": {
"$ref": "GcsDestination",
@@ -1153,7 +1161,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -1176,7 +1184,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1188,7 +1196,7 @@
"id": "PubsubDestination",
"properties": {
"topic": {
"description": "The name of the Pub/Sub topic to publish to.\nFor example: `projects/PROJECT_ID/topics/TOPIC_ID`.",
"description": "The name of the Pub/Sub topic to publish to.\nExample: `projects/PROJECT_ID/topics/TOPIC_ID`.",
"type": "string"
}
},
@@ -1207,23 +1215,27 @@
"type": "object"
},
"discoveryDocumentUri": {
"description": "The URL of the discovery document containing the resource's JSON schema.\nFor example:\n\"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest\"\n\nThis value is unspecified for resources that do not have an API based on a\ndiscovery document, such as Cloud Bigtable.",
"description": "The URL of the discovery document containing the resource's JSON schema.\nExample:\n`https://www.googleapis.com/discovery/v1/apis/compute/v1/rest`\n\nThis value is unspecified for resources that do not have an API based on a\ndiscovery document, such as Cloud Bigtable.",
"type": "string"
},
"discoveryName": {
"description": "The JSON schema name listed in the discovery document. For example:\n\"Project\"\n\nThis value is unspecified for resources that do not have an API based on a\ndiscovery document, such as Cloud Bigtable.",
"description": "The JSON schema name listed in the discovery document. Example:\n`Project`\n\nThis value is unspecified for resources that do not have an API based on a\ndiscovery document, such as Cloud Bigtable.",
"type": "string"
},
"location": {
"description": "The location of the resource in Google Cloud, such as its zone and region.\nFor more information, see https://cloud.google.com/about/locations/.",
"type": "string"
},
"parent": {
"description": "The full name of the immediate parent of this resource. See\n[Resource\nNames](https://cloud.google.com/apis/design/resource_names#full_resource_name)\nfor more information.\n\nFor Google Cloud assets, this value is the parent resource defined in the\n[Cloud IAM policy\nhierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).\nFor example:\n\"//cloudresourcemanager.googleapis.com/projects/my_project_123\"\n\nFor third-party assets, this field may be set differently.",
"description": "The full name of the immediate parent of this resource. See\n[Resource\nNames](https://cloud.google.com/apis/design/resource_names#full_resource_name)\nfor more information.\n\nFor Google Cloud assets, this value is the parent resource defined in the\n[Cloud IAM policy\nhierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).\nExample:\n`//cloudresourcemanager.googleapis.com/projects/my_project_123`\n\nFor third-party assets, this field may be set differently.",
"type": "string"
},
"resourceUrl": {
"description": "The REST URL for accessing the resource. An HTTP `GET` request using this\nURL returns the resource itself. For example:\n\"https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123\"\n\nThis value is unspecified for resources without a REST API.",
"description": "The REST URL for accessing the resource. An HTTP `GET` request using this\nURL returns the resource itself. Example:\n`https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`\n\nThis value is unspecified for resources without a REST API.",
"type": "string"
},
"version": {
"description": "The API version. For example: \"v1\"",
"description": "The API version. Example: `v1`",
"type": "string"
}
},
@@ -1276,7 +1288,7 @@
"type": "object"
},
"TimeWindow": {
"description": "A time window specified by its \"start_time\" and \"end_time\".",
"description": "A time window specified by its `start_time` and `end_time`.",
"id": "TimeWindow",
"properties": {
"endTime": {

501
etc/api/cloudasset/v1beta1/cloudasset-api.json
View File

@@ -108,7 +108,7 @@
"folders": {
"methods": {
"exportAssets": {
"description": "Exports assets with time and resource types to a given Cloud Storage\nlocation. The output format is newline-delimited JSON.\nThis API implements the google.longrunning.Operation API allowing you\nto keep track of the export.",
"description": "Exports assets with time and resource types to a given Cloud Storage\nlocation. The output format is newline-delimited JSON.\nThis API implements the google.longrunning.Operation API allowing you\nto keep track of the export. We recommend intervals of at least 2 seconds\nwith exponential retry to poll the export operation result. For\nregular-size resource parent, the export operation usually finishes within\n5 minutes.",
"flatPath": "v1beta1/folders/{foldersId}:exportAssets",
"httpMethod": "POST",
"id": "cloudasset.folders.exportAssets",
@@ -171,7 +171,7 @@
"organizations": {
"methods": {
"batchGetAssetsHistory": {
"description": "Batch gets the update history of assets that overlap a time window.\nFor RESOURCE content, this API outputs history with asset in both\nnon-delete or deleted status.\nFor IAM_POLICY content, this API outputs history when the asset and its\nattached IAM POLICY both exist. This can create gaps in the output history.\nIf a specified asset does not exist, this API returns an INVALID_ARGUMENT\nerror.",
"description": "Batch gets the update history of assets that overlap a time window.\nFor IAM_POLICY content, this API outputs history when the asset and its\nattached IAM POLICY both exist. This can create gaps in the output history.\nOtherwise, this API outputs history with asset in both non-delete or\ndeleted status.\nIf a specified asset does not exist, this API returns an INVALID_ARGUMENT\nerror.",
"flatPath": "v1beta1/organizations/{organizationsId}:batchGetAssetsHistory",
"httpMethod": "GET",
"id": "cloudasset.organizations.batchGetAssetsHistory",
@@ -203,7 +203,7 @@
"type": "string"
},
"readTimeWindow.endTime": {
"description": "End time of the time window (inclusive).\nCurrent timestamp if not specified.",
"description": "End time of the time window (inclusive). If not specified, the current\ntimestamp is used instead.",
"format": "google-datetime",
"location": "query",
"type": "string"
@@ -224,7 +224,7 @@
]
},
"exportAssets": {
"description": "Exports assets with time and resource types to a given Cloud Storage\nlocation. The output format is newline-delimited JSON.\nThis API implements the google.longrunning.Operation API allowing you\nto keep track of the export.",
"description": "Exports assets with time and resource types to a given Cloud Storage\nlocation. The output format is newline-delimited JSON.\nThis API implements the google.longrunning.Operation API allowing you\nto keep track of the export. We recommend intervals of at least 2 seconds\nwith exponential retry to poll the export operation result. For\nregular-size resource parent, the export operation usually finishes within\n5 minutes.",
"flatPath": "v1beta1/organizations/{organizationsId}:exportAssets",
"httpMethod": "POST",
"id": "cloudasset.organizations.exportAssets",
@@ -287,7 +287,7 @@
"projects": {
"methods": {
"batchGetAssetsHistory": {
"description": "Batch gets the update history of assets that overlap a time window.\nFor RESOURCE content, this API outputs history with asset in both\nnon-delete or deleted status.\nFor IAM_POLICY content, this API outputs history when the asset and its\nattached IAM POLICY both exist. This can create gaps in the output history.\nIf a specified asset does not exist, this API returns an INVALID_ARGUMENT\nerror.",
"description": "Batch gets the update history of assets that overlap a time window.\nFor IAM_POLICY content, this API outputs history when the asset and its\nattached IAM POLICY both exist. This can create gaps in the output history.\nOtherwise, this API outputs history with asset in both non-delete or\ndeleted status.\nIf a specified asset does not exist, this API returns an INVALID_ARGUMENT\nerror.",
"flatPath": "v1beta1/projects/{projectsId}:batchGetAssetsHistory",
"httpMethod": "GET",
"id": "cloudasset.projects.batchGetAssetsHistory",
@@ -319,7 +319,7 @@
"type": "string"
},
"readTimeWindow.endTime": {
"description": "End time of the time window (inclusive).\nCurrent timestamp if not specified.",
"description": "End time of the time window (inclusive). If not specified, the current\ntimestamp is used instead.",
"format": "google-datetime",
"location": "query",
"type": "string"
@@ -340,7 +340,7 @@
]
},
"exportAssets": {
"description": "Exports assets with time and resource types to a given Cloud Storage\nlocation. The output format is newline-delimited JSON.\nThis API implements the google.longrunning.Operation API allowing you\nto keep track of the export.",
"description": "Exports assets with time and resource types to a given Cloud Storage\nlocation. The output format is newline-delimited JSON.\nThis API implements the google.longrunning.Operation API allowing you\nto keep track of the export. We recommend intervals of at least 2 seconds\nwith exponential retry to poll the export operation result. For\nregular-size resource parent, the export operation usually finishes within\n5 minutes.",
"flatPath": "v1beta1/projects/{projectsId}:exportAssets",
"httpMethod": "POST",
"id": "cloudasset.projects.exportAssets",
@@ -401,34 +401,53 @@
}
}
},
"revision": "20200403",
"revision": "20200613",
"rootUrl": "https://cloudasset.googleapis.com/",
"schemas": {
"Asset": {
"description": "Cloud asset. This includes all Google Cloud Platform resources,\nCloud IAM policies, and other non-GCP assets.",
"description": "An asset in Google Cloud. An asset can be any resource in the Google Cloud\n[resource\nhierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy),\na resource outside the Google Cloud resource hierarchy (such as Google\nKubernetes Engine clusters and objects), or a policy (e.g. Cloud IAM policy).\nSee [Supported asset\ntypes](https://cloud.google.com/asset-inventory/docs/supported-asset-types)\nfor more information.",
"id": "Asset",
"properties": {
"accessLevel": {
"$ref": "GoogleIdentityAccesscontextmanagerV1AccessLevel",
"description": "Please also refer to the [access level user\nguide](https://cloud.google.com/access-context-manager/docs/overview#access-levels)."
},
"accessPolicy": {
"$ref": "GoogleIdentityAccesscontextmanagerV1AccessPolicy",
"description": "Please also refer to the [access policy user\nguide](https://cloud.google.com/access-context-manager/docs/overview#access-policies)."
},
"assetType": {
"description": "Type of the asset. Example: \"google.compute.Disk\".",
"description": "The type of the asset. Example: `compute.googleapis.com/Disk`\n\nSee [Supported asset\ntypes](https://cloud.google.com/asset-inventory/docs/supported-asset-types)\nfor more information.",
"type": "string"
},
"iamPolicy": {
"$ref": "Policy",
"description": "Representation of the actual Cloud IAM policy set on a cloud resource. For\neach resource, there must be at most one Cloud IAM policy set on it."
"description": "A representation of the Cloud IAM policy set on a Google Cloud resource.\nThere can be a maximum of one Cloud IAM policy set on any given resource.\nIn addition, Cloud IAM policies inherit their granted access scope from any\npolicies set on parent resources in the resource hierarchy. Therefore, the\neffectively policy is the union of both the policy set on this resource\nand each policy set on all of the resource's ancestry resource levels in\nthe hierarchy. See\n[this topic](https://cloud.google.com/iam/docs/policies#inheritance) for\nmore information."
},
"name": {
"description": "The full name of the asset. For example:\n`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.\nSee [Resource\nNames](https://cloud.google.com/apis/design/resource_names#full_resource_name)\nfor more information.",
"description": "The full name of the asset. Example:\n`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`\n\nSee [Resource\nnames](https://cloud.google.com/apis/design/resource_names#full_resource_name)\nfor more information.",
"type": "string"
},
"orgPolicy": {
"description": "A representation of an [organization\npolicy](https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy).\nThere can be more than one organization policy with different constraints\nset on a given resource.",
"items": {
"$ref": "GoogleCloudOrgpolicyV1Policy"
},
"type": "array"
},
"resource": {
"$ref": "Resource",
"description": "Representation of the resource."
"description": "A representation of the resource."
},
"servicePerimeter": {
"$ref": "GoogleIdentityAccesscontextmanagerV1ServicePerimeter",
"description": "Please also refer to the [service perimeter user\nguide](https://cloud.google.com/vpc-service-controls/docs/overview)."
}
},
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -446,7 +465,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -495,7 +514,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -586,6 +605,428 @@
},
"type": "object"
},
"GoogleCloudOrgpolicyV1BooleanPolicy": {
"description": "Used in `policy_type` to specify how `boolean_policy` will behave at this\nresource.",
"id": "GoogleCloudOrgpolicyV1BooleanPolicy",
"properties": {
"enforced": {
"description": "If `true`, then the `Policy` is enforced. If `false`, then any\nconfiguration is acceptable.\n\nSuppose you have a `Constraint`\n`constraints/compute.disableSerialPortAccess` with `constraint_default`\nset to `ALLOW`. A `Policy` for that `Constraint` exhibits the following\nbehavior:\n - If the `Policy` at this resource has enforced set to `false`, serial\n port connection attempts will be allowed.\n - If the `Policy` at this resource has enforced set to `true`, serial\n port connection attempts will be refused.\n - If the `Policy` at this resource is `RestoreDefault`, serial port\n connection attempts will be allowed.\n - If no `Policy` is set at this resource or anywhere higher in the\n resource hierarchy, serial port connection attempts will be allowed.\n - If no `Policy` is set at this resource, but one exists higher in the\n resource hierarchy, the behavior is as if the`Policy` were set at\n this resource.\n\nThe following examples demonstrate the different possible layerings:\n\nExample 1 (nearest `Constraint` wins):\n `organizations/foo` has a `Policy` with:\n {enforced: false}\n `projects/bar` has no `Policy` set.\nThe constraint at `projects/bar` and `organizations/foo` will not be\nenforced.\n\nExample 2 (enforcement gets replaced):\n `organizations/foo` has a `Policy` with:\n {enforced: false}\n `projects/bar` has a `Policy` with:\n {enforced: true}\nThe constraint at `organizations/foo` is not enforced.\nThe constraint at `projects/bar` is enforced.\n\nExample 3 (RestoreDefault):\n `organizations/foo` has a `Policy` with:\n {enforced: true}\n `projects/bar` has a `Policy` with:\n {RestoreDefault: {}}\nThe constraint at `organizations/foo` is enforced.\nThe constraint at `projects/bar` is not enforced, because\n`constraint_default` for the `Constraint` is `ALLOW`.",
"type": "boolean"
}
},
"type": "object"
},
"GoogleCloudOrgpolicyV1ListPolicy": {
"description": "Used in `policy_type` to specify how `list_policy` behaves at this\nresource.\n\n`ListPolicy` can define specific values and subtrees of Cloud Resource\nManager resource hierarchy (`Organizations`, `Folders`, `Projects`) that\nare allowed or denied by setting the `allowed_values` and `denied_values`\nfields. This is achieved by using the `under:` and optional `is:` prefixes.\nThe `under:` prefix is used to denote resource subtree values.\nThe `is:` prefix is used to denote specific values, and is required only\nif the value contains a \":\". Values prefixed with \"is:\" are treated the\nsame as values with no prefix.\nAncestry subtrees must be in one of the following formats:\n - \"projects/<project-id>\", e.g. \"projects/tokyo-rain-123\"\n - \"folders/<folder-id>\", e.g. \"folders/1234\"\n - \"organizations/<organization-id>\", e.g. \"organizations/1234\"\nThe `supports_under` field of the associated `Constraint` defines whether\nancestry prefixes can be used. You can set `allowed_values` and\n`denied_values` in the same `Policy` if `all_values` is\n`ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny all\nvalues. If `all_values` is set to either `ALLOW` or `DENY`,\n`allowed_values` and `denied_values` must be unset.",
"id": "GoogleCloudOrgpolicyV1ListPolicy",
"properties": {
"allValues": {
"description": "The policy all_values state.",
"enum": [
"ALL_VALUES_UNSPECIFIED",
"ALLOW",
"DENY"
],
"enumDescriptions": [
"Indicates that allowed_values or denied_values must be set.",
"A policy with this set allows all values.",
"A policy with this set denies all values."
],
"type": "string"
},
"allowedValues": {
"description": "List of values allowed at this resource. Can only be set if `all_values`\nis set to `ALL_VALUES_UNSPECIFIED`.",
"items": {
"type": "string"
},
"type": "array"
},
"deniedValues": {
"description": "List of values denied at this resource. Can only be set if `all_values`\nis set to `ALL_VALUES_UNSPECIFIED`.",
"items": {
"type": "string"
},
"type": "array"
},
"inheritFromParent": {
"description": "Determines the inheritance behavior for this `Policy`.\n\nBy default, a `ListPolicy` set at a resource supersedes any `Policy` set\nanywhere up the resource hierarchy. However, if `inherit_from_parent` is\nset to `true`, then the values from the effective `Policy` of the parent\nresource are inherited, meaning the values set in this `Policy` are\nadded to the values inherited up the hierarchy.\n\nSetting `Policy` hierarchies that inherit both allowed values and denied\nvalues isn't recommended in most circumstances to keep the configuration\nsimple and understandable. However, it is possible to set a `Policy` with\n`allowed_values` set that inherits a `Policy` with `denied_values` set.\nIn this case, the values that are allowed must be in `allowed_values` and\nnot present in `denied_values`.\n\nFor example, suppose you have a `Constraint`\n`constraints/serviceuser.services`, which has a `constraint_type` of\n`list_constraint`, and with `constraint_default` set to `ALLOW`.\nSuppose that at the Organization level, a `Policy` is applied that\nrestricts the allowed API activations to {`E1`, `E2`}. Then, if a\n`Policy` is applied to a project below the Organization that has\n`inherit_from_parent` set to `false` and field all_values set to DENY,\nthen an attempt to activate any API will be denied.\n\nThe following examples demonstrate different possible layerings for\n`projects/bar` parented by `organizations/foo`:\n\nExample 1 (no inherited values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has `inherit_from_parent` `false` and values:\n {allowed_values: \"E3\" allowed_values: \"E4\"}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are `E3`, and `E4`.\n\nExample 2 (inherited values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has a `Policy` with values:\n {value: \"E3\" value: \"E4\" inherit_from_parent: true}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.\n\nExample 3 (inheriting both allowed and denied values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {denied_values: \"E1\"}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe value accepted at `projects/bar` is `E2`.\n\nExample 4 (RestoreDefault):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has a `Policy` with values:\n {RestoreDefault: {}}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are either all or none depending on\nthe value of `constraint_default` (if `ALLOW`, all; if\n`DENY`, none).\n\nExample 5 (no policy inherits parent policy):\n `organizations/foo` has no `Policy` set.\n `projects/bar` has no `Policy` set.\nThe accepted values at both levels are either all or none depending on\nthe value of `constraint_default` (if `ALLOW`, all; if\n`DENY`, none).\n\nExample 6 (ListConstraint allowing all):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {all: ALLOW}\nThe accepted values at `organizations/foo` are `E1`, E2`.\nAny value is accepted at `projects/bar`.\n\nExample 7 (ListConstraint allowing none):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {all: DENY}\nThe accepted values at `organizations/foo` are `E1`, E2`.\nNo value is accepted at `projects/bar`.\n\nExample 10 (allowed and denied subtrees of Resource Manager hierarchy):\nGiven the following resource hierarchy\n O1->{F1, F2}; F1->{P1}; F2->{P2, P3},\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"under:organizations/O1\"}\n `projects/bar` has a `Policy` with:\n {allowed_values: \"under:projects/P3\"}\n {denied_values: \"under:folders/F2\"}\nThe accepted values at `organizations/foo` are `organizations/O1`,\n `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,\n `projects/P3`.\nThe accepted values at `projects/bar` are `organizations/O1`,\n `folders/F1`, `projects/P1`.",
"type": "boolean"
},
"suggestedValue": {
"description": "Optional. The Google Cloud Console will try to default to a configuration\nthat matches the value specified in this `Policy`. If `suggested_value`\nis not set, it will inherit the value specified higher in the hierarchy,\nunless `inherit_from_parent` is `false`.",
"type": "string"
}
},
"type": "object"
},
"GoogleCloudOrgpolicyV1Policy": {
"description": "Defines a Cloud Organization `Policy` which is used to specify `Constraints`\nfor configurations of Cloud Platform resources.",
"id": "GoogleCloudOrgpolicyV1Policy",
"properties": {
"booleanPolicy": {
"$ref": "GoogleCloudOrgpolicyV1BooleanPolicy",
"description": "For boolean `Constraints`, whether to enforce the `Constraint` or not."
},
"constraint": {
"description": "The name of the `Constraint` the `Policy` is configuring, for example,\n`constraints/serviceuser.services`.\n\nA [list of available\nconstraints](/resource-manager/docs/organization-policy/org-policy-constraints)\nis available.\n\nImmutable after creation.",
"type": "string"
},
"etag": {
"description": "An opaque tag indicating the current version of the `Policy`, used for\nconcurrency control.\n\nWhen the `Policy` is returned from either a `GetPolicy` or a\n`ListOrgPolicy` request, this `etag` indicates the version of the current\n`Policy` to use when executing a read-modify-write loop.\n\nWhen the `Policy` is returned from a `GetEffectivePolicy` request, the\n`etag` will be unset.\n\nWhen the `Policy` is used in a `SetOrgPolicy` method, use the `etag` value\nthat was returned from a `GetOrgPolicy` request as part of a\nread-modify-write loop for concurrency control. Not setting the `etag`in a\n`SetOrgPolicy` request will result in an unconditional write of the\n`Policy`.",
"format": "byte",
"type": "string"
},
"listPolicy": {
"$ref": "GoogleCloudOrgpolicyV1ListPolicy",
"description": "List of values either allowed or disallowed."
},
"restoreDefault": {
"$ref": "GoogleCloudOrgpolicyV1RestoreDefault",
"description": "Restores the default behavior of the constraint; independent of\n`Constraint` type."
},
"updateTime": {
"description": "The time stamp the `Policy` was previously updated. This is set by the\nserver, not specified by the caller, and represents the last time a call to\n`SetOrgPolicy` was made for that `Policy`. Any value set by the client will\nbe ignored.",
"format": "google-datetime",
"type": "string"
},
"version": {
"description": "Version of the `Policy`. Default version is 0;",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"GoogleCloudOrgpolicyV1RestoreDefault": {
"description": "Ignores policies set above this resource and restores the\n`constraint_default` enforcement behavior of the specific `Constraint` at\nthis resource.\n\nSuppose that `constraint_default` is set to `ALLOW` for the\n`Constraint` `constraints/serviceuser.services`. Suppose that organization\nfoo.com sets a `Policy` at their Organization resource node that restricts\nthe allowed service activations to deny all service activations. They\ncould then set a `Policy` with the `policy_type` `restore_default` on\nseveral experimental projects, restoring the `constraint_default`\nenforcement of the `Constraint` for only those projects, allowing those\nprojects to have all services activated.",
"id": "GoogleCloudOrgpolicyV1RestoreDefault",
"properties": {},
"type": "object"
},
"GoogleIdentityAccesscontextmanagerV1AccessLevel": {
"description": "An `AccessLevel` is a label that can be applied to requests to Google Cloud\nservices, along with a list of requirements necessary for the label to be\napplied.",
"id": "GoogleIdentityAccesscontextmanagerV1AccessLevel",
"properties": {
"basic": {
"$ref": "GoogleIdentityAccesscontextmanagerV1BasicLevel",
"description": "A `BasicLevel` composed of `Conditions`."
},
"custom": {
"$ref": "GoogleIdentityAccesscontextmanagerV1CustomLevel",
"description": "A `CustomLevel` written in the Common Expression Language."
},
"description": {
"description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
"type": "string"
},
"name": {
"description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length\nof the `short_name` component is 50 characters.",
"type": "string"
},
"title": {
"description": "Human readable title. Must be unique within the Policy.",
"type": "string"
}
},
"type": "object"
},
"GoogleIdentityAccesscontextmanagerV1AccessPolicy": {
"description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use Google Cloud services) and `ServicePerimeters` (which\ndefine regions of services able to freely pass data within a perimeter). An\naccess policy is globally visible within an organization, and the\nrestrictions it specifies apply to all projects within an organization.",
"id": "GoogleIdentityAccesscontextmanagerV1AccessPolicy",
"properties": {
"etag": {
"description": "Output only. An opaque identifier for the current version of the\n`AccessPolicy`. This will always be a strongly validated etag, meaning that\ntwo Access Polices will be identical if and only if their etags are\nidentical. Clients should not expect this to be in any specific format.",
"type": "string"
},
"name": {
"description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
"type": "string"
},
"parent": {
"description": "Required. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`",
"type": "string"
},
"title": {
"description": "Required. Human readable title. Does not affect behavior.",
"type": "string"
}
},
"type": "object"
},
"GoogleIdentityAccesscontextmanagerV1BasicLevel": {
"description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
"id": "GoogleIdentityAccesscontextmanagerV1BasicLevel",
"properties": {
"combiningFunction": {
"description": "How the `conditions` list should be combined to determine if a request is\ngranted this `AccessLevel`. If AND is used, each `Condition` in\n`conditions` must be satisfied for the `AccessLevel` to be applied. If OR\nis used, at least one `Condition` in `conditions` must be satisfied for the\n`AccessLevel` to be applied. Default behavior is AND.",
"enum": [
"AND",
"OR"
],
"enumDescriptions": [
"All `Conditions` must be true for the `BasicLevel` to be true.",
"If at least one `Condition` is true, then the `BasicLevel` is true."
],
"type": "string"
},
"conditions": {
"description": "Required. A list of requirements for the `AccessLevel` to be granted.",
"items": {
"$ref": "GoogleIdentityAccesscontextmanagerV1Condition"
},
"type": "array"
}
},
"type": "object"
},
"GoogleIdentityAccesscontextmanagerV1Condition": {
"description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
"id": "GoogleIdentityAccesscontextmanagerV1Condition",
"properties": {
"devicePolicy": {
"$ref": "GoogleIdentityAccesscontextmanagerV1DevicePolicy",
"description": "Device specific restrictions, all restrictions must hold for the\nCondition to be true. If not specified, all devices are allowed."
},
"ipSubnetworks": {
"description": "CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for\na CIDR IP address block, the specified IP address portion must be properly\ntruncated (i.e. all the host bits must be zero) or the input is considered\nmalformed. For example, \"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is\nnot. Similarly, for IPv6, \"2001:db8::/32\" is accepted whereas\n\"2001:db8::1/32\" is not. The originating IP of a request must be in one of\nthe listed subnets in order for this Condition to be true. If empty, all IP\naddresses are allowed.",
"items": {
"type": "string"
},
"type": "array"
},
"members": {
"description": "The request must be made by one of the provided user or service\naccounts. Groups are not supported.\nSyntax:\n`user:{emailid}`\n`serviceAccount:{emailid}`\nIf not specified, a request may come from any user.",
"items": {
"type": "string"
},
"type": "array"
},
"negate": {
"description": "Whether to negate the Condition. If true, the Condition becomes a NAND over\nits non-empty fields, each field must be false for the Condition overall to\nbe satisfied. Defaults to false.",
"type": "boolean"
},
"regions": {
"description": "The request must originate from one of the provided countries/regions.\nMust be valid ISO 3166-1 alpha-2 codes.",
"items": {
"type": "string"
},
"type": "array"
},
"requiredAccessLevels": {
"description": "A list of other access levels defined in the same `Policy`, referenced by\nresource name. Referencing an `AccessLevel` which does not exist is an\nerror. All access levels listed must be granted for the Condition\nto be true. Example:\n\"`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME\"`",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"GoogleIdentityAccesscontextmanagerV1CustomLevel": {
"description": "`CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language\nto represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec",
"id": "GoogleIdentityAccesscontextmanagerV1CustomLevel",
"properties": {
"expr": {
"$ref": "Expr",
"description": "Required. A Cloud CEL expression evaluating to a boolean."
}
},
"type": "object"
},
"GoogleIdentityAccesscontextmanagerV1DevicePolicy": {
"description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
"id": "GoogleIdentityAccesscontextmanagerV1DevicePolicy",
"properties": {
"allowedDeviceManagementLevels": {
"description": "Allowed device management levels, an empty list allows all management\nlevels.",
"enumDescriptions": [
"The device's management level is not specified or not known.",
"The device is not managed.",
"Basic management is enabled, which is generally limited to monitoring and\nwiping the corporate account.",
"Complete device management. This includes more thorough monitoring and the\nability to directly manage the device (such as remote wiping). This can be\nenabled through the Android Enterprise Platform."
],
"items": {
"enum": [
"MANAGEMENT_UNSPECIFIED",
"NONE",
"BASIC",
"COMPLETE"
],
"type": "string"
},
"type": "array"
},
"allowedEncryptionStatuses": {
"description": "Allowed encryptions statuses, an empty list allows all statuses.",
"enumDescriptions": [
"The encryption status of the device is not specified or not known.",
"The device does not support encryption.",
"The device supports encryption, but is currently unencrypted.",
"The device is encrypted."
],
"items": {
"enum": [
"ENCRYPTION_UNSPECIFIED",
"ENCRYPTION_UNSUPPORTED",
"UNENCRYPTED",
"ENCRYPTED"
],
"type": "string"
},
"type": "array"
},
"osConstraints": {
"description": "Allowed OS versions, an empty list allows all types and all versions.",
"items": {
"$ref": "GoogleIdentityAccesscontextmanagerV1OsConstraint"
},
"type": "array"
},
"requireAdminApproval": {
"description": "Whether the device needs to be approved by the customer admin.",
"type": "boolean"
},
"requireCorpOwned": {
"description": "Whether the device needs to be corp owned.",
"type": "boolean"
},
"requireScreenlock": {
"description": "Whether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`.",
"type": "boolean"
}
},
"type": "object"
},
"GoogleIdentityAccesscontextmanagerV1OsConstraint": {
"description": "A restriction on the OS type and version of devices making requests.",
"id": "GoogleIdentityAccesscontextmanagerV1OsConstraint",
"properties": {
"minimumVersion": {
"description": "The minimum allowed OS version. If not set, any version of this OS\nsatisfies the constraint. Format: `\"major.minor.patch\"`.\nExamples: `\"10.5.301\"`, `\"9.2.1\"`.",
"type": "string"
},
"osType": {
"description": "Required. The allowed OS type.",
"enum": [
"OS_UNSPECIFIED",
"DESKTOP_MAC",
"DESKTOP_WINDOWS",
"DESKTOP_LINUX",
"DESKTOP_CHROME_OS",
"ANDROID",
"IOS"
],
"enumDescriptions": [
"The operating system of the device is not specified or not known.",
"A desktop Mac operating system.",
"A desktop Windows operating system.",
"A desktop Linux operating system.",
"A desktop ChromeOS operating system.",
"An Android operating system.",
"An iOS operating system."
],
"type": "string"
},
"requireVerifiedChromeOs": {
"description": "Only allows requests from devices with a verified Chrome OS.\nVerifications includes requirements that the device is enterprise-managed,\nconformant to domain policies, and the caller has permission to call\nthe API targeted by the request.",
"type": "boolean"
}
},
"type": "object"
},
"GoogleIdentityAccesscontextmanagerV1ServicePerimeter": {
"description": "`ServicePerimeter` describes a set of Google Cloud resources which can freely\nimport and export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single\nGoogle Cloud project can only belong to a single regular Service Perimeter.\nService Perimeter Bridges can contain only Google Cloud projects as members,\na single Google Cloud project may belong to multiple Service Perimeter\nBridges.",
"id": "GoogleIdentityAccesscontextmanagerV1ServicePerimeter",
"properties": {
"description": {
"description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
"type": "string"
},
"name": {
"description": "Required. Resource name for the ServicePerimeter. The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
"type": "string"
},
"perimeterType": {
"description": "Perimeter type indicator. A single project is\nallowed to be a member of single regular perimeter, but multiple service\nperimeter bridges. A project cannot be a included in a perimeter bridge\nwithout being included in regular perimeter. For perimeter bridges,\nthe restricted service list as well as access level lists must be\nempty.",
"enum": [
"PERIMETER_TYPE_REGULAR",
"PERIMETER_TYPE_BRIDGE"
],
"enumDescriptions": [
"Regular Perimeter.",
"Perimeter Bridge."
],
"type": "string"
},
"spec": {
"$ref": "GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig",
"description": "Proposed (or dry run) ServicePerimeter configuration. This configuration\nallows to specify and test ServicePerimeter configuration without enforcing\nactual access restrictions. Only allowed to be set when the\n\"use_explicit_dry_run_spec\" flag is set."
},
"status": {
"$ref": "GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig",
"description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine perimeter\ncontent and boundaries."
},
"title": {
"description": "Human readable title. Must be unique within the Policy.",
"type": "string"
},
"useExplicitDryRunSpec": {
"description": "Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly\nexists for all Service Perimeters, and that spec is identical to the\nstatus for those Service Perimeters. When this flag is set, it inhibits the\ngeneration of the implicit spec, thereby allowing the user to explicitly\nprovide a configuration (\"spec\") to use in a dry-run version of the Service\nPerimeter. This allows the user to test changes to the enforced config\n(\"status\") without actually enforcing them. This testing is done through\nanalyzing the differences between currently enforced and suggested\nrestrictions. use_explicit_dry_run_spec must bet set to True if any of the\nfields in the spec are set to non-default values.",
"type": "boolean"
}
},
"type": "object"
},
"GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig": {
"description": "`ServicePerimeterConfig` specifies a set of Google Cloud resources that\ndescribe specific Service Perimeter configuration.",
"id": "GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig",
"properties": {
"accessLevels": {
"description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via Google\nCloud calls with request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
"items": {
"type": "string"
},
"type": "array"
},
"resources": {
"description": "A list of Google Cloud resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
"items": {
"type": "string"
},
"type": "array"
},
"restrictedServices": {
"description": "Google Cloud services that are subject to the Service Perimeter\nrestrictions. For example, if `storage.googleapis.com` is specified, access\nto the storage buckets inside the perimeter must meet the perimeter's\naccess restrictions.",
"items": {
"type": "string"
},
"type": "array"
},
"vpcAccessibleServices": {
"$ref": "GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices",
"description": "Configuration for APIs allowed within Perimeter."
}
},
"type": "object"
},
"GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices": {
"description": "Specifies how APIs are allowed to communicate within the Service\nPerimeter.",
"id": "GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices",
"properties": {
"allowedServices": {
"description": "The list of APIs usable within the Service Perimeter. Must be empty\nunless 'enable_restriction' is True.",
"items": {
"type": "string"
},
"type": "array"
},
"enableRestriction": {
"description": "Whether to restrict API calls within the Service Perimeter to the list of\nAPIs specified in 'allowed_services'.",
"type": "boolean"
}
},
"type": "object"
},
"Operation": {
"description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
"id": "Operation",
@@ -633,7 +1074,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -656,7 +1097,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -664,7 +1105,7 @@
"type": "object"
},
"Resource": {
"description": "Representation of a cloud resource.",
"description": "A representation of a Google Cloud resource.",
"id": "Resource",
"properties": {
"data": {
@@ -672,27 +1113,27 @@
"description": "Properties of the object.",
"type": "any"
},
"description": "The content of the resource, in which some sensitive fields are scrubbed\naway and may not be present.",
"description": "The content of the resource, in which some sensitive fields are removed\nand may not be present.",
"type": "object"
},
"discoveryDocumentUri": {
"description": "The URL of the discovery document containing the resource's JSON schema.\nFor example:\n`\"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest\"`.\nIt will be left unspecified for resources without a discovery-based API,\nsuch as Cloud Bigtable.",
"description": "The URL of the discovery document containing the resource's JSON schema.\nExample:\n`https://www.googleapis.com/discovery/v1/apis/compute/v1/rest`\n\nThis value is unspecified for resources that do not have an API based on a\ndiscovery document, such as Cloud Bigtable.",
"type": "string"
},
"discoveryName": {
"description": "The JSON schema name listed in the discovery document.\nExample: \"Project\". It will be left unspecified for resources (such as\nCloud Bigtable) without a discovery-based API.",
"description": "The JSON schema name listed in the discovery document. Example:\n`Project`\n\nThis value is unspecified for resources that do not have an API based on a\ndiscovery document, such as Cloud Bigtable.",
"type": "string"
},
"parent": {
"description": "The full name of the immediate parent of this resource. See\n[Resource\nNames](https://cloud.google.com/apis/design/resource_names#full_resource_name)\nfor more information.\n\nFor GCP assets, it is the parent resource defined in the [Cloud IAM policy\nhierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).\nFor example:\n`\"//cloudresourcemanager.googleapis.com/projects/my_project_123\"`.\n\nFor third-party assets, it is up to the users to define.",
"description": "The full name of the immediate parent of this resource. See\n[Resource\nNames](https://cloud.google.com/apis/design/resource_names#full_resource_name)\nfor more information.\n\nFor Google Cloud assets, this value is the parent resource defined in the\n[Cloud IAM policy\nhierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).\nExample:\n`//cloudresourcemanager.googleapis.com/projects/my_project_123`\n\nFor third-party assets, this field may be set differently.",
"type": "string"
},
"resourceUrl": {
"description": "The REST URL for accessing the resource. An HTTP GET operation using this\nURL returns the resource itself.\nExample:\n`https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`.\nIt will be left unspecified for resources without a REST API.",
"description": "The REST URL for accessing the resource. An HTTP `GET` request using this\nURL returns the resource itself. Example:\n`https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`\n\nThis value is unspecified for resources without a REST API.",
"type": "string"
},
"version": {
"description": "The API version. Example: \"v1\".",
"description": "The API version. Example: `v1`",
"type": "string"
}
},
@@ -726,15 +1167,15 @@
"type": "object"
},
"TemporalAsset": {
"description": "Temporal asset. In addition to the asset, the temporal asset includes the\nstatus of the asset and valid from and to time of it.",
"description": "An asset in Google Cloud and its temporal metadata, including the time window\nwhen it was observed and its status during that window.",
"id": "TemporalAsset",
"properties": {
"asset": {
"$ref": "Asset",
"description": "Asset."
"description": "An asset in Google Cloud."
},
"deleted": {
"description": "If the asset is deleted or not.",
"description": "Whether the asset has been deleted or not.",
"type": "boolean"
},
"window": {
@@ -745,11 +1186,11 @@
"type": "object"
},
"TimeWindow": {
"description": "A time window of (start_time, end_time].",
"description": "A time window specified by its `start_time` and `end_time`.",
"id": "TimeWindow",
"properties": {
"endTime": {
"description": "End time of the time window (inclusive).\nCurrent timestamp if not specified.",
"description": "End time of the time window (inclusive). If not specified, the current\ntimestamp is used instead.",
"format": "google-datetime",
"type": "string"
},

481
etc/api/cloudasset/v1p1beta1/cloudasset-api.json Normal file
View File

@@ -0,0 +1,481 @@
{
"auth": {
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
"description": "View and manage your data across Google Cloud Platform services"
}
}
}
},
"basePath": "",
"baseUrl": "https://cloudasset.googleapis.com/",
"batchPath": "batch",
"canonicalName": "Cloud Asset",
"description": "The cloud asset API manages the history and inventory of cloud resources.",
"discoveryVersion": "v1",
"documentationLink": "https://cloud.google.com/asset-inventory/docs/quickstart",
"fullyEncodeReservedExpansion": true,
"icons": {
"x16": "http://www.google.com/images/icons/product/search-16.gif",
"x32": "http://www.google.com/images/icons/product/search-32.gif"
},
"id": "cloudasset:v1p1beta1",
"kind": "discovery#restDescription",
"mtlsRootUrl": "https://cloudasset.mtls.googleapis.com/",
"name": "cloudasset",
"ownerDomain": "google.com",
"ownerName": "Google",
"parameters": {
"$.xgafv": {
"description": "V1 error format.",
"enum": [
"1",
"2"
],
"enumDescriptions": [
"v1 error format",
"v2 error format"
],
"location": "query",
"type": "string"
},
"access_token": {
"description": "OAuth access token.",
"location": "query",
"type": "string"
},
"alt": {
"default": "json",
"description": "Data format for response.",
"enum": [
"json",
"media",
"proto"
],
"enumDescriptions": [
"Responses with Content-Type of application/json",
"Media download with context-dependent Content-Type",
"Responses with Content-Type of application/x-protobuf"
],
"location": "query",
"type": "string"
},
"callback": {
"description": "JSONP",
"location": "query",
"type": "string"
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"location": "query",
"type": "string"
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"location": "query",
"type": "string"
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"location": "query",
"type": "string"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
"location": "query",
"type": "boolean"
},
"quotaUser": {
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"location": "query",
"type": "string"
},
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"location": "query",
"type": "string"
},
"upload_protocol": {
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
"location": "query",
"type": "string"
}
},
"protocol": "rest",
"resources": {
"iamPolicies": {
"methods": {
"searchAll": {
"description": "Searches all the IAM policies within a given accessible CRM scope\n(project/folder/organization). This RPC gives callers especially\nadministrators the ability to search all the IAM policies within a scope,\neven if they don't have `.getIamPolicy` permission of all the IAM policies.\nCallers should have `cloud.assets.SearchAllIamPolicies` permission on the\nrequested scope, otherwise the request will be rejected.",
"flatPath": "v1p1beta1/{v1p1beta1Id}/{v1p1beta1Id1}/iamPolicies:searchAll",
"httpMethod": "GET",
"id": "cloudasset.iamPolicies.searchAll",
"parameterOrder": [
"scope"
],
"parameters": {
"pageSize": {
"description": "Optional. The page size for search result pagination. Page size is capped at 500 even\nif a larger value is given. If set to zero, server will pick an appropriate\ndefault. Returned results may be fewer than requested. When this happens,\nthere could be more results as long as `next_page_token` is returned.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Optional. If present, retrieve the next batch of results from the preceding call to\nthis method. `page_token` must be the value of `next_page_token` from the\nprevious response. The values of all other method parameters must be\nidentical to those in the previous call.",
"location": "query",
"type": "string"
},
"query": {
"description": "Optional. The query statement. Examples:\n\n* \"policy:myuser@mydomain.com\"\n* \"policy:(myuser@mydomain.com viewer)\"",
"location": "query",
"type": "string"
},
"scope": {
"description": "Required. The relative name of an asset. The search is limited to the resources\nwithin the `scope`. The allowed value must be:\n\n* Organization number (such as \"organizations/123\")\n* Folder number(such as \"folders/1234\")\n* Project number (such as \"projects/12345\")\n* Project id (such as \"projects/abc\")",
"location": "path",
"pattern": "^[^/]+/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1p1beta1/{+scope}/iamPolicies:searchAll",
"response": {
"$ref": "SearchAllIamPoliciesResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
},
"resources": {
"methods": {
"searchAll": {
"description": "Searches all the resources within a given accessible CRM scope\n(project/folder/organization). This RPC gives callers especially\nadministrators the ability to search all the resources within a scope, even\nif they don't have `.get` permission of all the resources. Callers should\nhave `cloud.assets.SearchAllResources` permission on the requested scope,\notherwise the request will be rejected.",
"flatPath": "v1p1beta1/{v1p1beta1Id}/{v1p1beta1Id1}/resources:searchAll",
"httpMethod": "GET",
"id": "cloudasset.resources.searchAll",
"parameterOrder": [
"scope"
],
"parameters": {
"assetTypes": {
"description": "Optional. A list of asset types that this request searches for. If empty, it will\nsearch all the supported asset types.",
"location": "query",
"repeated": true,
"type": "string"
},
"orderBy": {
"description": "Optional. A comma separated list of fields specifying the sorting order of the\nresults. The default order is ascending. Add ` DESC` after the field name\nto indicate descending order. Redundant space characters are ignored. For\nexample, ` location DESC , name `.",
"location": "query",
"type": "string"
},
"pageSize": {
"description": "Optional. The page size for search result pagination. Page size is capped at 500 even\nif a larger value is given. If set to zero, server will pick an appropriate\ndefault. Returned results may be fewer than requested. When this happens,\nthere could be more results as long as `next_page_token` is returned.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "Optional. If present, then retrieve the next batch of results from the preceding call\nto this method. `page_token` must be the value of `next_page_token` from\nthe previous response. The values of all other method parameters, must be\nidentical to those in the previous call.",
"location": "query",
"type": "string"
},
"query": {
"description": "Optional. The query statement.",
"location": "query",
"type": "string"
},
"scope": {
"description": "Required. The relative name of an asset. The search is limited to the resources\nwithin the `scope`. The allowed value must be:\n\n* Organization number (such as \"organizations/123\")\n* Folder number(such as \"folders/1234\")\n* Project number (such as \"projects/12345\")\n* Project id (such as \"projects/abc\")",
"location": "path",
"pattern": "^[^/]+/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1p1beta1/{+scope}/resources:searchAll",
"response": {
"$ref": "SearchAllResourcesResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
},
"revision": "20200613",
"rootUrl": "https://cloudasset.googleapis.com/",
"schemas": {
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
"description": "The configuration for logging of each type of permission.",
"items": {
"$ref": "AuditLogConfig"
},
"type": "array"
},
"service": {
"description": "Specifies a service that will be enabled for audit logging.\nFor example, `storage.googleapis.com`, `cloudsql.googleapis.com`.\n`allServices` is a special value that covers all services.",
"type": "string"
}
},
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
"description": "Specifies the identities that do not cause logging for this type of\npermission.\nFollows the same format of Binding.members.",
"items": {
"type": "string"
},
"type": "array"
},
"logType": {
"description": "The log type that this config enables.",
"enum": [
"LOG_TYPE_UNSPECIFIED",
"ADMIN_READ",
"DATA_WRITE",
"DATA_READ"
],
"enumDescriptions": [
"Default case. Should never be this.",
"Admin reads. Example: CloudIAM getIamPolicy",
"Data writes. Example: CloudSQL Users create",
"Data reads. Example: CloudSQL Users list"
],
"type": "string"
}
},
"type": "object"
},
"Binding": {
"description": "Associates `members` with a `role`.",
"id": "Binding",
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
"items": {
"type": "string"
},
"type": "array"
},
"role": {
"description": "Role that is assigned to `members`.\nFor example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
"type": "string"
}
},
"type": "object"
},
"Explanation": {
"description": "Explanation about the IAM policy search result.",
"id": "Explanation",
"properties": {
"matchedPermissions": {
"additionalProperties": {
"$ref": "Permissions"
},
"description": "The map from roles to their included permission matching the permission\nquery (e.g. containing `policy.role.permissions:`). A sample role string:\n\"roles/compute.instanceAdmin\". The roles can also be found in the\nreturned `policy` bindings. Note that the map is populated only if\nrequesting with a permission query.",
"type": "object"
}
},
"type": "object"
},
"Expr": {
"description": "Represents a textual expression in the Common Expression Language (CEL)\nsyntax. CEL is a C-like expression language. The syntax and semantics of CEL\nare documented at https://github.com/google/cel-spec.\n\nExample (Comparison):\n\n title: \"Summary size limit\"\n description: \"Determines if a summary is less than 100 chars\"\n expression: \"document.summary.size() < 100\"\n\nExample (Equality):\n\n title: \"Requestor is owner\"\n description: \"Determines if requestor is the document owner\"\n expression: \"document.owner == request.auth.claims.email\"\n\nExample (Logic):\n\n title: \"Public documents\"\n description: \"Determine whether the document should be publicly visible\"\n expression: \"document.type != 'private' && document.type != 'internal'\"\n\nExample (Data Manipulation):\n\n title: \"Notification string\"\n description: \"Create a notification string with a timestamp.\"\n expression: \"'New message received at ' + string(document.create_time)\"\n\nThe exact variables and functions that may be referenced within an expression\nare determined by the service that evaluates it. See the service\ndocumentation for additional information.",
"id": "Expr",
"properties": {
"description": {
"description": "Optional. Description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"type": "string"
},
"expression": {
"description": "Textual representation of an expression in Common Expression Language\nsyntax.",
"type": "string"
},
"location": {
"description": "Optional. String indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"type": "string"
},
"title": {
"description": "Optional. Title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"type": "string"
}
},
"type": "object"
},
"IamPolicySearchResult": {
"description": "The result for a IAM Policy search.",
"id": "IamPolicySearchResult",
"properties": {
"explanation": {
"$ref": "Explanation",
"description": "Explanation about the IAM policy search result. It contains additional\ninformation to explain why the search result matches the query."
},
"policy": {
"$ref": "Policy",
"description": "The IAM policy directly set on the given resource. Note that the original\nIAM policy can contain multiple bindings. This only contains the bindings\nthat match the given query. For queries that don't contain a constrain on\npolicies (e.g. an empty query), this contains all the bindings."
},
"project": {
"description": "The project that the associated GCP resource belongs to, in the form of\n`projects/{project_number}`. If an IAM policy is set on a resource (like VM\ninstance, Cloud Storage bucket), the project field will indicate the\nproject that contains the resource. If an IAM policy is set on a folder or\norgnization, the project field will be empty.",
"type": "string"
},
"resource": {
"description": "The [full resource\nname](https://cloud.google.com/apis/design/resource_names#full_resource_name)\nof the resource associated with this IAM policy.",
"type": "string"
}
},
"type": "object"
},
"Permissions": {
"description": "IAM permissions",
"id": "Permissions",
"properties": {
"permissions": {
"description": "A list of permissions. A sample permission string: \"compute.disk.get\".",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
"description": "Specifies cloud audit logging configuration for this policy.",
"items": {
"$ref": "AuditConfig"
},
"type": "array"
},
"bindings": {
"description": "Associates a list of `members` to a `role`. Optionally, may specify a\n`condition` that determines how and when the `bindings` are applied. Each\nof the `bindings` must contain at least one member.",
"items": {
"$ref": "Binding"
},
"type": "array"
},
"etag": {
"description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.",
"format": "byte",
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"SearchAllIamPoliciesResponse": {
"description": "Search all IAM policies response.",
"id": "SearchAllIamPoliciesResponse",
"properties": {
"nextPageToken": {
"description": "Set if there are more results than those appearing in this response; to get\nthe next set of results, call this method again, using this value as the\n`page_token`.",
"type": "string"
},
"results": {
"description": "A list of IamPolicy that match the search query. Related information such\nas the associated resource is returned along with the policy.",
"items": {
"$ref": "IamPolicySearchResult"
},
"type": "array"
}
},
"type": "object"
},
"SearchAllResourcesResponse": {
"description": "Search all resources response.",
"id": "SearchAllResourcesResponse",
"properties": {
"nextPageToken": {
"description": "If there are more results than those appearing in this response, then\n`next_page_token` is included. To get the next set of results, call this\nmethod again using the value of `next_page_token` as `page_token`.",
"type": "string"
},
"results": {
"description": "A list of resource that match the search query.",
"items": {
"$ref": "StandardResourceMetadata"
},
"type": "array"
}
},
"type": "object"
},
"StandardResourceMetadata": {
"description": "The standard metadata of a cloud resource.",
"id": "StandardResourceMetadata",
"properties": {
"additionalAttributes": {
"description": "Additional searchable attributes of this resource.\nInformational only. The exact set of attributes is subject to change.\nFor example: project id, DNS name etc.",
"items": {
"type": "string"
},
"type": "array"
},
"assetType": {
"description": "The type of this resource.\nFor example: \"compute.googleapis.com/Disk\".",
"type": "string"
},
"description": {
"description": "One or more paragraphs of text description of this resource. Maximum length\ncould be up to 1M bytes.",
"type": "string"
},
"displayName": {
"description": "The display name of this resource.",
"type": "string"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"description": "Labels associated with this resource. See [Labelling and grouping GCP\nresources](https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)\nfor more information.",
"type": "object"
},
"location": {
"description": "Location can be \"global\", regional like \"us-east1\", or zonal like\n\"us-west1-b\".",
"type": "string"
},
"name": {
"description": "The full resource name. For example:\n`//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`.\nSee [Resource\nNames](https://cloud.google.com/apis/design/resource_names#full_resource_name)\nfor more information.",
"type": "string"
},
"networkTags": {
"description": "Network tags associated with this resource. Like labels, network tags are a\ntype of annotations used to group GCP resources. See [Labelling GCP\nresources](lhttps://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources)\nfor more information.",
"items": {
"type": "string"
},
"type": "array"
},
"project": {
"description": "The project that this resource belongs to, in the form of\n`projects/{project_number}`.",
"type": "string"
}
},
"type": "object"
}
},
"servicePath": "",
"title": "Cloud Asset API",
"version": "v1p1beta1",
"version_module": true
}

723
etc/api/cloudasset/v1p4beta1/cloudasset-api.json Normal file
View File

@@ -0,0 +1,723 @@
{
"auth": {
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
"description": "View and manage your data across Google Cloud Platform services"
}
}
}
},
"basePath": "",
"baseUrl": "https://cloudasset.googleapis.com/",
"batchPath": "batch",
"canonicalName": "Cloud Asset",
"description": "The cloud asset API manages the history and inventory of cloud resources.",
"discoveryVersion": "v1",
"documentationLink": "https://cloud.google.com/asset-inventory/docs/quickstart",
"fullyEncodeReservedExpansion": true,
"icons": {
"x16": "http://www.google.com/images/icons/product/search-16.gif",
"x32": "http://www.google.com/images/icons/product/search-32.gif"
},
"id": "cloudasset:v1p4beta1",
"kind": "discovery#restDescription",
"mtlsRootUrl": "https://cloudasset.mtls.googleapis.com/",
"name": "cloudasset",
"ownerDomain": "google.com",
"ownerName": "Google",
"parameters": {
"$.xgafv": {
"description": "V1 error format.",
"enum": [
"1",
"2"
],
"enumDescriptions": [
"v1 error format",
"v2 error format"
],
"location": "query",
"type": "string"
},
"access_token": {
"description": "OAuth access token.",
"location": "query",
"type": "string"
},
"alt": {
"default": "json",
"description": "Data format for response.",
"enum": [
"json",
"media",
"proto"
],
"enumDescriptions": [
"Responses with Content-Type of application/json",
"Media download with context-dependent Content-Type",
"Responses with Content-Type of application/x-protobuf"
],
"location": "query",
"type": "string"
},
"callback": {
"description": "JSONP",
"location": "query",
"type": "string"
},
"fields": {
"description": "Selector specifying which fields to include in a partial response.",
"location": "query",
"type": "string"
},
"key": {
"description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
"location": "query",
"type": "string"
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"location": "query",
"type": "string"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
"location": "query",
"type": "boolean"
},
"quotaUser": {
"description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
"location": "query",
"type": "string"
},
"uploadType": {
"description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
"location": "query",
"type": "string"
},
"upload_protocol": {
"description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
"location": "query",
"type": "string"
}
},
"protocol": "rest",
"resources": {
"v1p4beta1": {
"methods": {
"analyzeIamPolicy": {
"description": "Analyzes IAM policies to answer which identities have what accesses on\nwhich resources.",
"flatPath": "v1p4beta1/{v1p4beta1Id}/{v1p4beta1Id1}:analyzeIamPolicy",
"httpMethod": "GET",
"id": "cloudasset.analyzeIamPolicy",
"parameterOrder": [
"parent"
],
"parameters": {
"analysisQuery.accessSelector.permissions": {
"description": "Optional. The permissions to appear in result.",
"location": "query",
"repeated": true,
"type": "string"
},
"analysisQuery.accessSelector.roles": {
"description": "Optional. The roles to appear in result.",
"location": "query",
"repeated": true,
"type": "string"
},
"analysisQuery.identitySelector.identity": {
"description": "Required. The identity appear in the form of members in\n[IAM policy\nbinding](https://cloud.google.com/iam/reference/rest/v1/Binding).\n\nThe examples of supported forms are:\n\"user:mike@example.com\",\n\"group:admins@example.com\",\n\"domain:google.com\",\n\"serviceAccount:my-project-id@appspot.gserviceaccount.com\".\n\nNotice that wildcard characters (such as * and ?) are not supported.\nYou must give a specific identity.",
"location": "query",
"type": "string"
},
"analysisQuery.resourceSelector.fullResourceName": {
"description": "Required. The [full resource\nname](https://cloud.google.com/asset-inventory/docs/resource-name-format)\nof a resource of [supported resource\ntypes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types).",
"location": "query",
"type": "string"
},
"options.analyzeServiceAccountImpersonation": {
"description": "Optional. If true, the response will include access analysis from identities to\nresources via service account impersonation. This is a very expensive\noperation, because many derived queries will be executed. We highly\nrecommend you use AssetService.ExportIamPolicyAnalysis rpc instead.\n\nFor example, if the request analyzes for which resources user A has\npermission P, and there's an IAM policy states user A has\niam.serviceAccounts.getAccessToken permission to a service account SA,\nand there's another IAM policy states service account SA has permission P\nto a GCP folder F, then user A potentially has access to the GCP folder\nF. And those advanced analysis results will be included in\nAnalyzeIamPolicyResponse.service_account_impersonation_analysis.\n\nAnother example, if the request analyzes for who has\npermission P to a GCP folder F, and there's an IAM policy states user A\nhas iam.serviceAccounts.actAs permission to a service account SA, and\nthere's another IAM policy states service account SA has permission P to\nthe GCP folder F, then user A potentially has access to the GCP folder\nF. And those advanced analysis results will be included in\nAnalyzeIamPolicyResponse.service_account_impersonation_analysis.\n\nDefault is false.",
"location": "query",
"type": "boolean"
},
"options.executionTimeout": {
"description": "Optional. Amount of time executable has to complete. See JSON representation of\n[Duration](https://developers.google.com/protocol-buffers/docs/proto3#json).\n\nIf this field is set with a value less than the RPC deadline, and the\nexecution of your query hasn't finished in the specified\nexecution timeout, you will get a response with partial result.\nOtherwise, your query's execution will continue until the RPC deadline.\nIf it's not finished until then, you will get a DEADLINE_EXCEEDED error.\n\nDefault is empty.",
"format": "google-duration",
"location": "query",
"type": "string"
},
"options.expandGroups": {
"description": "Optional. If true, the identities section of the result will expand any\nGoogle groups appearing in an IAM policy binding.\n\nIf identity_selector is specified, the identity in the result will\nbe determined by the selector, and this flag will have no effect.\n\nDefault is false.",
"location": "query",
"type": "boolean"
},
"options.expandResources": {
"description": "Optional. If true, the resource section of the result will expand any\nresource attached to an IAM policy to include resources lower in the\nresource hierarchy.\n\nFor example, if the request analyzes for which resources user A has\npermission P, and the results include an IAM policy with P on a GCP\nfolder, the results will also include resources in that folder with\npermission P.\n\nIf resource_selector is specified, the resource section of the result\nwill be determined by the selector, and this flag will have no effect.\nDefault is false.",
"location": "query",
"type": "boolean"
},
"options.expandRoles": {
"description": "Optional. If true, the access section of result will expand any roles\nappearing in IAM policy bindings to include their permissions.\n\nIf access_selector is specified, the access section of the result\nwill be determined by the selector, and this flag will have no effect.\n\nDefault is false.",
"location": "query",
"type": "boolean"
},
"options.outputGroupEdges": {
"description": "Optional. If true, the result will output group identity edges, starting\nfrom the binding's group members, to any expanded identities.\nDefault is false.",
"location": "query",
"type": "boolean"
},
"options.outputResourceEdges": {
"description": "Optional. If true, the result will output resource edges, starting\nfrom the policy attached resource, to any expanded resources.\nDefault is false.",
"location": "query",
"type": "boolean"
},
"parent": {
"description": "Required. The relative name of the root asset. Only resources and IAM policies within\nthe parent will be analyzed. This can only be an organization number (such\nas \"organizations/123\") or a folder number (such as \"folders/123\").\n\nTo know how to get organization id, visit [here\n](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).\n\nTo know how to get folder id, visit [here\n](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).",
"location": "path",
"pattern": "^[^/]+/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1p4beta1/{+parent}:analyzeIamPolicy",
"response": {
"$ref": "AnalyzeIamPolicyResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"exportIamPolicyAnalysis": {
"description": "Exports the answers of which identities have what accesses on which\nresources to a Google Cloud Storage destination. The output format is\nthe JSON format that represents a AnalyzeIamPolicyResponse\nin the JSON format.\nThis method implements the google.longrunning.Operation, which allows\nyou to keep track of the export. We recommend intervals of at least 2\nseconds with exponential retry to poll the export operation result. The\nmetadata contains the request to help callers to map responses to requests.",
"flatPath": "v1p4beta1/{v1p4beta1Id}/{v1p4beta1Id1}:exportIamPolicyAnalysis",
"httpMethod": "POST",
"id": "cloudasset.exportIamPolicyAnalysis",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. The relative name of the root asset. Only resources and IAM policies within\nthe parent will be analyzed. This can only be an organization number (such\nas \"organizations/123\") or a folder number (such as \"folders/123\").\n\nTo know how to get organization id, visit [here\n](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).\n\nTo know how to get folder id, visit [here\n](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).",
"location": "path",
"pattern": "^[^/]+/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1p4beta1/{+parent}:exportIamPolicyAnalysis",
"request": {
"$ref": "ExportIamPolicyAnalysisRequest"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
},
"revision": "20200613",
"rootUrl": "https://cloudasset.googleapis.com/",
"schemas": {
"AccessSelector": {
"description": "Specifies roles and/or permissions to analyze, to determine both the\nidentities possessing them and the resources they control. If multiple\nvalues are specified, results will include identities and resources\nmatching any of them.",
"id": "AccessSelector",
"properties": {
"permissions": {
"description": "Optional. The permissions to appear in result.",
"items": {
"type": "string"
},
"type": "array"
},
"roles": {
"description": "Optional. The roles to appear in result.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"AnalyzeIamPolicyResponse": {
"description": "A response message for AssetService.AnalyzeIamPolicy.",
"id": "AnalyzeIamPolicyResponse",
"properties": {
"fullyExplored": {
"description": "Represents whether all entries in the main_analysis and\nservice_account_impersonation_analysis have been fully explored to\nanswer the query in the request.",
"type": "boolean"
},
"mainAnalysis": {
"$ref": "IamPolicyAnalysis",
"description": "The main analysis that matches the original request."
},
"nonCriticalErrors": {
"description": "A list of non-critical errors happened during the request handling to\nexplain why `fully_explored` is false, or empty if no error happened.",
"items": {
"$ref": "GoogleCloudAssetV1p4beta1AnalysisState"
},
"type": "array"
},
"serviceAccountImpersonationAnalysis": {
"description": "The service account impersonation analysis if\nAnalyzeIamPolicyRequest.analyze_service_account_impersonation is\nenabled.",
"items": {
"$ref": "IamPolicyAnalysis"
},
"type": "array"
}
},
"type": "object"
},
"Binding": {
"description": "Associates `members` with a `role`.",
"id": "Binding",
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
"items": {
"type": "string"
},
"type": "array"
},
"role": {
"description": "Role that is assigned to `members`.\nFor example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
"type": "string"
}
},
"type": "object"
},
"ExportIamPolicyAnalysisRequest": {
"description": "A request message for AssetService.ExportIamPolicyAnalysis.",
"id": "ExportIamPolicyAnalysisRequest",
"properties": {
"analysisQuery": {
"$ref": "IamPolicyAnalysisQuery",
"description": "Required. The request query."
},
"options": {
"$ref": "Options",
"description": "Optional. The request options."
},
"outputConfig": {
"$ref": "IamPolicyAnalysisOutputConfig",
"description": "Required. Output configuration indicating where the results will be output to."
}
},
"type": "object"
},
"Expr": {
"description": "Represents a textual expression in the Common Expression Language (CEL)\nsyntax. CEL is a C-like expression language. The syntax and semantics of CEL\nare documented at https://github.com/google/cel-spec.\n\nExample (Comparison):\n\n title: \"Summary size limit\"\n description: \"Determines if a summary is less than 100 chars\"\n expression: \"document.summary.size() < 100\"\n\nExample (Equality):\n\n title: \"Requestor is owner\"\n description: \"Determines if requestor is the document owner\"\n expression: \"document.owner == request.auth.claims.email\"\n\nExample (Logic):\n\n title: \"Public documents\"\n description: \"Determine whether the document should be publicly visible\"\n expression: \"document.type != 'private' && document.type != 'internal'\"\n\nExample (Data Manipulation):\n\n title: \"Notification string\"\n description: \"Create a notification string with a timestamp.\"\n expression: \"'New message received at ' + string(document.create_time)\"\n\nThe exact variables and functions that may be referenced within an expression\nare determined by the service that evaluates it. See the service\ndocumentation for additional information.",
"id": "Expr",
"properties": {
"description": {
"description": "Optional. Description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"type": "string"
},
"expression": {
"description": "Textual representation of an expression in Common Expression Language\nsyntax.",
"type": "string"
},
"location": {
"description": "Optional. String indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"type": "string"
},
"title": {
"description": "Optional. Title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"type": "string"
}
},
"type": "object"
},
"GcsDestination": {
"description": "A Cloud Storage location.",
"id": "GcsDestination",
"properties": {
"uri": {
"description": "Required. The uri of the Cloud Storage object. It's the same uri that is used by\ngsutil. For example: \"gs://bucket_name/object_name\". See [Viewing and\nEditing Object\nMetadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)\nfor more information.",
"type": "string"
}
},
"type": "object"
},
"GoogleCloudAssetV1p4beta1Access": {
"description": "An IAM role or permission under analysis.",
"id": "GoogleCloudAssetV1p4beta1Access",
"properties": {
"analysisState": {
"$ref": "GoogleCloudAssetV1p4beta1AnalysisState",
"description": "The analysis state of this access."
},
"permission": {
"description": "The permission.",
"type": "string"
},
"role": {
"description": "The role.",
"type": "string"
}
},
"type": "object"
},
"GoogleCloudAssetV1p4beta1AccessControlList": {
"description": "An access control list, derived from the above IAM policy binding, which\ncontains a set of resources and accesses. May include one\nitem from each set to compose an access control entry.\n\nNOTICE that there could be multiple access control lists for one IAM policy\nbinding. The access control lists are created based on resource and access\ncombinations.\n\nFor example, assume we have the following cases in one IAM policy binding:\n- Permission P1 and P2 apply to resource R1 and R2;\n- Permission P3 applies to resource R2 and R3;\n\nThis will result in the following access control lists:\n- AccessControlList 1: [R1, R2], [P1, P2]\n- AccessControlList 2: [R2, R3], [P3]",
"id": "GoogleCloudAssetV1p4beta1AccessControlList",
"properties": {
"accesses": {
"description": "The accesses that match one of the following conditions:\n- The access_selector, if it is specified in request;\n- Otherwise, access specifiers reachable from the policy binding's role.",
"items": {
"$ref": "GoogleCloudAssetV1p4beta1Access"
},
"type": "array"
},
"resourceEdges": {
"description": "Resource edges of the graph starting from the policy attached\nresource to any descendant resources. The Edge.source_node contains\nthe full resource name of a parent resource and Edge.target_node\ncontains the full resource name of a child resource. This field is\npresent only if the output_resource_edges option is enabled in request.",
"items": {
"$ref": "GoogleCloudAssetV1p4beta1Edge"
},
"type": "array"
},
"resources": {
"description": "The resources that match one of the following conditions:\n- The resource_selector, if it is specified in request;\n- Otherwise, resources reachable from the policy attached resource.",
"items": {
"$ref": "GoogleCloudAssetV1p4beta1Resource"
},
"type": "array"
}
},
"type": "object"
},
"GoogleCloudAssetV1p4beta1AnalysisState": {
"description": "Represents the detailed state of an entity under analysis, such as a\nresource, an identity or an access.",
"id": "GoogleCloudAssetV1p4beta1AnalysisState",
"properties": {
"cause": {
"description": "The human-readable description of the cause of failure.",
"type": "string"
},
"code": {
"description": "The Google standard error code that best describes the state.\nFor example:\n- OK means the analysis on this entity has been successfully finished;\n- PERMISSION_DENIED means an access denied error is encountered;\n- DEADLINE_EXCEEDED means the analysis on this entity hasn't been started\nin time;",
"enum": [
"OK",
"CANCELLED",
"UNKNOWN",
"INVALID_ARGUMENT",
"DEADLINE_EXCEEDED",
"NOT_FOUND",
"ALREADY_EXISTS",
"PERMISSION_DENIED",
"UNAUTHENTICATED",
"RESOURCE_EXHAUSTED",
"FAILED_PRECONDITION",
"ABORTED",
"OUT_OF_RANGE",
"UNIMPLEMENTED",
"INTERNAL",
"UNAVAILABLE",
"DATA_LOSS"
],
"enumDescriptions": [
"Not an error; returned on success\n\nHTTP Mapping: 200 OK",
"The operation was cancelled, typically by the caller.\n\nHTTP Mapping: 499 Client Closed Request",
"Unknown error. For example, this error may be returned when\na `Status` value received from another address space belongs to\nan error space that is not known in this address space. Also\nerrors raised by APIs that do not return enough error information\nmay be converted to this error.\n\nHTTP Mapping: 500 Internal Server Error",
"The client specified an invalid argument. Note that this differs\nfrom `FAILED_PRECONDITION`. `INVALID_ARGUMENT` indicates arguments\nthat are problematic regardless of the state of the system\n(e.g., a malformed file name).\n\nHTTP Mapping: 400 Bad Request",
"The deadline expired before the operation could complete. For operations\nthat change the state of the system, this error may be returned\neven if the operation has completed successfully. For example, a\nsuccessful response from a server could have been delayed long\nenough for the deadline to expire.\n\nHTTP Mapping: 504 Gateway Timeout",
"Some requested entity (e.g., file or directory) was not found.\n\nNote to server developers: if a request is denied for an entire class\nof users, such as gradual feature rollout or undocumented whitelist,\n`NOT_FOUND` may be used. If a request is denied for some users within\na class of users, such as user-based access control, `PERMISSION_DENIED`\nmust be used.\n\nHTTP Mapping: 404 Not Found",
"The entity that a client attempted to create (e.g., file or directory)\nalready exists.\n\nHTTP Mapping: 409 Conflict",
"The caller does not have permission to execute the specified\noperation. `PERMISSION_DENIED` must not be used for rejections\ncaused by exhausting some resource (use `RESOURCE_EXHAUSTED`\ninstead for those errors). `PERMISSION_DENIED` must not be\nused if the caller can not be identified (use `UNAUTHENTICATED`\ninstead for those errors). This error code does not imply the\nrequest is valid or the requested entity exists or satisfies\nother pre-conditions.\n\nHTTP Mapping: 403 Forbidden",
"The request does not have valid authentication credentials for the\noperation.\n\nHTTP Mapping: 401 Unauthorized",
"Some resource has been exhausted, perhaps a per-user quota, or\nperhaps the entire file system is out of space.\n\nHTTP Mapping: 429 Too Many Requests",
"The operation was rejected because the system is not in a state\nrequired for the operation's execution. For example, the directory\nto be deleted is non-empty, an rmdir operation is applied to\na non-directory, etc.\n\nService implementors can use the following guidelines to decide\nbetween `FAILED_PRECONDITION`, `ABORTED`, and `UNAVAILABLE`:\n (a) Use `UNAVAILABLE` if the client can retry just the failing call.\n (b) Use `ABORTED` if the client should retry at a higher level\n (e.g., when a client-specified test-and-set fails, indicating the\n client should restart a read-modify-write sequence).\n (c) Use `FAILED_PRECONDITION` if the client should not retry until\n the system state has been explicitly fixed. E.g., if an \"rmdir\"\n fails because the directory is non-empty, `FAILED_PRECONDITION`\n should be returned since the client should not retry unless\n the files are deleted from the directory.\n\nHTTP Mapping: 400 Bad Request",
"The operation was aborted, typically due to a concurrency issue such as\na sequencer check failure or transaction abort.\n\nSee the guidelines above for deciding between `FAILED_PRECONDITION`,\n`ABORTED`, and `UNAVAILABLE`.\n\nHTTP Mapping: 409 Conflict",
"The operation was attempted past the valid range. E.g., seeking or\nreading past end-of-file.\n\nUnlike `INVALID_ARGUMENT`, this error indicates a problem that may\nbe fixed if the system state changes. For example, a 32-bit file\nsystem will generate `INVALID_ARGUMENT` if asked to read at an\noffset that is not in the range [0,2^32-1], but it will generate\n`OUT_OF_RANGE` if asked to read from an offset past the current\nfile size.\n\nThere is a fair bit of overlap between `FAILED_PRECONDITION` and\n`OUT_OF_RANGE`. We recommend using `OUT_OF_RANGE` (the more specific\nerror) when it applies so that callers who are iterating through\na space can easily look for an `OUT_OF_RANGE` error to detect when\nthey are done.\n\nHTTP Mapping: 400 Bad Request",
"The operation is not implemented or is not supported/enabled in this\nservice.\n\nHTTP Mapping: 501 Not Implemented",
"Internal errors. This means that some invariants expected by the\nunderlying system have been broken. This error code is reserved\nfor serious errors.\n\nHTTP Mapping: 500 Internal Server Error",
"The service is currently unavailable. This is most likely a\ntransient condition, which can be corrected by retrying with\na backoff. Note that it is not always safe to retry\nnon-idempotent operations.\n\nSee the guidelines above for deciding between `FAILED_PRECONDITION`,\n`ABORTED`, and `UNAVAILABLE`.\n\nHTTP Mapping: 503 Service Unavailable",
"Unrecoverable data loss or corruption.\n\nHTTP Mapping: 500 Internal Server Error"
],
"type": "string"
}
},
"type": "object"
},
"GoogleCloudAssetV1p4beta1Edge": {
"description": "A directional edge.",
"id": "GoogleCloudAssetV1p4beta1Edge",
"properties": {
"sourceNode": {
"description": "The source node of the edge.",
"type": "string"
},
"targetNode": {
"description": "The target node of the edge.",
"type": "string"
}
},
"type": "object"
},
"GoogleCloudAssetV1p4beta1Identity": {
"description": "An identity under analysis.",
"id": "GoogleCloudAssetV1p4beta1Identity",
"properties": {
"analysisState": {
"$ref": "GoogleCloudAssetV1p4beta1AnalysisState",
"description": "The analysis state of this identity."
},
"name": {
"description": "The identity name in any form of members appear in\n[IAM policy\nbinding](https://cloud.google.com/iam/reference/rest/v1/Binding), such\nas:\n- user:foo@google.com\n- group:group1@google.com\n- serviceAccount:s1@prj1.iam.gserviceaccount.com\n- projectOwner:some_project_id\n- domain:google.com\n- allUsers\n- etc.",
"type": "string"
}
},
"type": "object"
},
"GoogleCloudAssetV1p4beta1IdentityList": {
"id": "GoogleCloudAssetV1p4beta1IdentityList",
"properties": {
"groupEdges": {
"description": "Group identity edges of the graph starting from the binding's\ngroup members to any node of the identities. The Edge.source_node\ncontains a group, such as \"group:parent@google.com\". The\nEdge.target_node contains a member of the group,\nsuch as \"group:child@google.com\" or \"user:foo@google.com\".\nThis field is present only if the output_group_edges option is enabled in\nrequest.",
"items": {
"$ref": "GoogleCloudAssetV1p4beta1Edge"
},
"type": "array"
},
"identities": {
"description": "Only the identities that match one of the following conditions will be\npresented:\n- The identity_selector, if it is specified in request;\n- Otherwise, identities reachable from the policy binding's members.",
"items": {
"$ref": "GoogleCloudAssetV1p4beta1Identity"
},
"type": "array"
}
},
"type": "object"
},
"GoogleCloudAssetV1p4beta1Resource": {
"description": "A Google Cloud resource under analysis.",
"id": "GoogleCloudAssetV1p4beta1Resource",
"properties": {
"analysisState": {
"$ref": "GoogleCloudAssetV1p4beta1AnalysisState",
"description": "The analysis state of this resource."
},
"fullResourceName": {
"description": "The [full resource\nname](https://cloud.google.com/asset-inventory/docs/resource-name-format)",
"type": "string"
}
},
"type": "object"
},
"IamPolicyAnalysis": {
"description": "An analysis message to group the query and results.",
"id": "IamPolicyAnalysis",
"properties": {
"analysisQuery": {
"$ref": "IamPolicyAnalysisQuery",
"description": "The analysis query."
},
"analysisResults": {
"description": "A list of IamPolicyAnalysisResult that matches the analysis query, or\nempty if no result is found.",
"items": {
"$ref": "IamPolicyAnalysisResult"
},
"type": "array"
},
"fullyExplored": {
"description": "Represents whether all entries in the analysis_results have been\nfully explored to answer the query.",
"type": "boolean"
}
},
"type": "object"
},
"IamPolicyAnalysisOutputConfig": {
"description": "Output configuration for export IAM policy analysis destination.",
"id": "IamPolicyAnalysisOutputConfig",
"properties": {
"gcsDestination": {
"$ref": "GcsDestination",
"description": "Destination on Cloud Storage."
}
},
"type": "object"
},
"IamPolicyAnalysisQuery": {
"description": "IAM policy analysis query message.",
"id": "IamPolicyAnalysisQuery",
"properties": {
"accessSelector": {
"$ref": "AccessSelector",
"description": "Optional. Specifies roles or permissions for analysis. This is optional."
},
"identitySelector": {
"$ref": "IdentitySelector",
"description": "Optional. Specifies an identity for analysis. Either ResourceSelector or\nIdentitySelector must be specified."
},
"parent": {
"description": "Required. The relative name of the root asset. Only resources and IAM policies within\nthe parent will be analyzed. This can only be an organization number (such\nas \"organizations/123\") or a folder number (such as \"folders/123\").\n\nTo know how to get organization id, visit [here\n](https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id).\n\nTo know how to get folder id, visit [here\n](https://cloud.google.com/resource-manager/docs/creating-managing-folders#viewing_or_listing_folders_and_projects).",
"type": "string"
},
"resourceSelector": {
"$ref": "ResourceSelector",
"description": "Optional. Specifies a resource for analysis. Either ResourceSelector or\nIdentitySelector must be specified."
}
},
"type": "object"
},
"IamPolicyAnalysisResult": {
"description": "IAM Policy analysis result, consisting of one IAM policy binding and derived\naccess control lists.",
"id": "IamPolicyAnalysisResult",
"properties": {
"accessControlLists": {
"description": "The access control lists derived from the iam_binding that match or\npotentially match resource and access selectors specified in the request.",
"items": {
"$ref": "GoogleCloudAssetV1p4beta1AccessControlList"
},
"type": "array"
},
"attachedResourceFullName": {
"description": "The [full resource\nname](https://cloud.google.com/asset-inventory/docs/resource-name-format)\nof the resource to which the iam_binding policy attaches.",
"type": "string"
},
"fullyExplored": {
"description": "Represents whether all analyses on the iam_binding have successfully\nfinished.",
"type": "boolean"
},
"iamBinding": {
"$ref": "Binding",
"description": "The Cloud IAM policy binding under analysis."
},
"identityList": {
"$ref": "GoogleCloudAssetV1p4beta1IdentityList",
"description": "The identity list derived from members of the iam_binding that match or\npotentially match identity selector specified in the request."
}
},
"type": "object"
},
"IdentitySelector": {
"description": "Specifies an identity for which to determine resource access, based on\nroles assigned either directly to them or to the groups they belong to,\ndirectly or indirectly.",
"id": "IdentitySelector",
"properties": {
"identity": {
"description": "Required. The identity appear in the form of members in\n[IAM policy\nbinding](https://cloud.google.com/iam/reference/rest/v1/Binding).\n\nThe examples of supported forms are:\n\"user:mike@example.com\",\n\"group:admins@example.com\",\n\"domain:google.com\",\n\"serviceAccount:my-project-id@appspot.gserviceaccount.com\".\n\nNotice that wildcard characters (such as * and ?) are not supported.\nYou must give a specific identity.",
"type": "string"
}
},
"type": "object"
},
"Operation": {
"description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
"id": "Operation",
"properties": {
"done": {
"description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
"type": "boolean"
},
"error": {
"$ref": "Status",
"description": "The error result of the operation in case of failure or cancellation."
},
"metadata": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "Service-specific metadata associated with the operation. It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata. Any method that returns a\nlong-running operation should document the metadata type, if any.",
"type": "object"
},
"name": {
"description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should be a resource name ending with `operations/{unique_id}`.",
"type": "string"
},
"response": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "The normal response of the operation in case of success. If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`. If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource. For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name. For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
"type": "object"
}
},
"type": "object"
},
"Options": {
"description": "Contains request options.",
"id": "Options",
"properties": {
"analyzeServiceAccountImpersonation": {
"description": "Optional. If true, the response will include access analysis from identities to\nresources via service account impersonation. This is a very expensive\noperation, because many derived queries will be executed.\n\nFor example, if the request analyzes for which resources user A has\npermission P, and there's an IAM policy states user A has\niam.serviceAccounts.getAccessToken permission to a service account SA,\nand there's another IAM policy states service account SA has permission P\nto a GCP folder F, then user A potentially has access to the GCP folder\nF. And those advanced analysis results will be included in\nAnalyzeIamPolicyResponse.service_account_impersonation_analysis.\n\nAnother example, if the request analyzes for who has\npermission P to a GCP folder F, and there's an IAM policy states user A\nhas iam.serviceAccounts.actAs permission to a service account SA, and\nthere's another IAM policy states service account SA has permission P to\nthe GCP folder F, then user A potentially has access to the GCP folder\nF. And those advanced analysis results will be included in\nAnalyzeIamPolicyResponse.service_account_impersonation_analysis.\n\nDefault is false.",
"type": "boolean"
},
"expandGroups": {
"description": "Optional. If true, the identities section of the result will expand any\nGoogle groups appearing in an IAM policy binding.\n\nIf identity_selector is specified, the identity in the result will\nbe determined by the selector, and this flag will have no effect.\n\nDefault is false.",
"type": "boolean"
},
"expandResources": {
"description": "Optional. If true, the resource section of the result will expand any\nresource attached to an IAM policy to include resources lower in the\nresource hierarchy.\n\nFor example, if the request analyzes for which resources user A has\npermission P, and the results include an IAM policy with P on a GCP\nfolder, the results will also include resources in that folder with\npermission P.\n\nIf resource_selector is specified, the resource section of the result\nwill be determined by the selector, and this flag will have no effect.\nDefault is false.",
"type": "boolean"
},
"expandRoles": {
"description": "Optional. If true, the access section of result will expand any roles\nappearing in IAM policy bindings to include their permissions.\n\nIf access_selector is specified, the access section of the result\nwill be determined by the selector, and this flag will have no effect.\n\nDefault is false.",
"type": "boolean"
},
"outputGroupEdges": {
"description": "Optional. If true, the result will output group identity edges, starting\nfrom the binding's group members, to any expanded identities.\nDefault is false.",
"type": "boolean"
},
"outputResourceEdges": {
"description": "Optional. If true, the result will output resource edges, starting\nfrom the policy attached resource, to any expanded resources.\nDefault is false.",
"type": "boolean"
}
},
"type": "object"
},
"ResourceSelector": {
"description": "Specifies the resource to analyze for access policies, which may be set\ndirectly on the resource, or on ancestors such as organizations, folders or\nprojects.",
"id": "ResourceSelector",
"properties": {
"fullResourceName": {
"description": "Required. The [full resource\nname](https://cloud.google.com/asset-inventory/docs/resource-name-format)\nof a resource of [supported resource\ntypes](https://cloud.google.com/asset-inventory/docs/supported-asset-types#analyzable_asset_types).",
"type": "string"
}
},
"type": "object"
},
"Status": {
"description": "The `Status` type defines a logical error model that is suitable for\ndifferent programming environments, including REST APIs and RPC APIs. It is\nused by [gRPC](https://github.com/grpc). Each `Status` message contains\nthree pieces of data: error code, error message, and error details.\n\nYou can find out more about this error model and how to work with it in the\n[API Design Guide](https://cloud.google.com/apis/design/errors).",
"id": "Status",
"properties": {
"code": {
"description": "The status code, which should be an enum value of google.rpc.Code.",
"format": "int32",
"type": "integer"
},
"details": {
"description": "A list of messages that carry the error details. There is a common set of\nmessage types for APIs to use.",
"items": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"type": "object"
},
"type": "array"
},
"message": {
"description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
"type": "string"
}
},
"type": "object"
}
},
"servicePath": "",
"title": "Cloud Asset API",
"version": "v1p4beta1",
"version_module": true
}

50
etc/api/cloudbilling/v1/cloudbilling-api.json
View File

@@ -160,7 +160,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -495,7 +495,7 @@
}
}
},
"revision": "20200401",
"revision": "20200623",
"rootUrl": "https://cloudbilling.googleapis.com/",
"schemas": {
"AggregationInfo": {
@@ -537,7 +537,7 @@
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -555,7 +555,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -613,7 +613,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -675,6 +675,36 @@
},
"type": "object"
},
"GeoTaxonomy": {
"description": "Encapsulates the geographic taxonomy data for a sku.",
"id": "GeoTaxonomy",
"properties": {
"regions": {
"description": "The list of regions associated with a sku. Empty for Global skus, which are\nassociated with all GCP regions.",
"items": {
"type": "string"
},
"type": "array"
},
"type": {
"description": "The type of Geo Taxonomy: GLOBAL, REGIONAL, or MULTI_REGIONAL.",
"enum": [
"TYPE_UNSPECIFIED",
"GLOBAL",
"REGIONAL",
"MULTI_REGIONAL"
],
"enumDescriptions": [
"The type is not specified.",
"The sku is global in nature, e.g. a license sku. Global skus are\navailable in all regions, and so have an empty region list.",
"The sku is available in a specific region, e.g. \"us-west2\".",
"The sku is associated with multiple regions, e.g. \"us-west2\" and\n\"us-east1\"."
],
"type": "string"
}
},
"type": "object"
},
"ListBillingAccountsResponse": {
"description": "Response message for `ListBillingAccounts`.",
"id": "ListBillingAccountsResponse",
@@ -769,7 +799,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -792,7 +822,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -923,7 +953,7 @@
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}
@@ -942,6 +972,10 @@
"description": "A human readable description of the SKU, has a maximum length of 256\ncharacters.",
"type": "string"
},
"geoTaxonomy": {
"$ref": "GeoTaxonomy",
"description": "The geographic taxonomy for this sku."
},
"name": {
"description": "The resource name for the SKU.\nExample: \"services/DA34-426B-A397/skus/AA95-CD31-42FE\"",
"type": "string"

293
etc/api/cloudbuild/v1/cloudbuild-api.json
View File

@@ -159,47 +159,6 @@
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"list": {
"description": "Lists operations that match the specified filter in the request. If the\nserver doesn't support this method, it returns `UNIMPLEMENTED`.\n\nNOTE: the `name` binding allows API services to override the binding\nto use different resource name schemes, such as `users/*/operations`. To\noverride the binding, API services can add a binding such as\n`\"/v1/{name=users/*}/operations\"` to their service configuration.\nFor backwards compatibility, the default name includes the operations\ncollection id, however overriding users must ensure the name binding\nis the parent resource, without the operations collection id.",
"flatPath": "v1/operations",
"httpMethod": "GET",
"id": "cloudbuild.operations.list",
"parameterOrder": [
"name"
],
"parameters": {
"filter": {
"description": "The standard list filter.",
"location": "query",
"type": "string"
},
"name": {
"description": "The name of the operation's parent resource.",
"location": "path",
"pattern": "^operations$",
"required": true,
"type": "string"
},
"pageSize": {
"description": "The standard list page size.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "The standard list page token.",
"location": "query",
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "ListOperationsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
},
@@ -375,6 +334,67 @@
}
}
},
"locations": {
"resources": {
"operations": {
"methods": {
"cancel": {
"description": "Starts asynchronous cancellation on a long-running operation. The server\nmakes a best effort to cancel the operation, but success is not\nguaranteed. If the server doesn't support this method, it returns\n`google.rpc.Code.UNIMPLEMENTED`. Clients can use\nOperations.GetOperation or\nother methods to check whether the cancellation succeeded or whether the\noperation completed despite cancellation. On successful cancellation,\nthe operation is not deleted; instead, it becomes an operation with\nan Operation.error value with a google.rpc.Status.code of 1,\ncorresponding to `Code.CANCELLED`.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}:cancel",
"httpMethod": "POST",
"id": "cloudbuild.projects.locations.operations.cancel",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The name of the operation resource to be cancelled.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/operations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}:cancel",
"request": {
"$ref": "CancelOperationRequest"
},
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Gets the latest state of a long-running operation. Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}",
"httpMethod": "GET",
"id": "cloudbuild.projects.locations.operations.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The name of the operation resource.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/operations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
}
},
"triggers": {
"methods": {
"create": {
@@ -574,7 +594,7 @@
}
}
},
"revision": "20200323",
"revision": "20200704",
"rootUrl": "https://cloudbuild.googleapis.com/",
"schemas": {
"ArtifactObjects": {
@@ -765,7 +785,7 @@
"type": "array"
},
"timeout": {
"description": "Amount of time that this build should be allowed to run, to second\ngranularity. If this amount of time elapses, work on the build will cease\nand the build status will be `TIMEOUT`.\n\nDefault time is ten minutes.",
"description": "Amount of time that this build should be allowed to run, to second\ngranularity. If this amount of time elapses, work on the build will cease\nand the build status will be `TIMEOUT`.\n\n`timeout` starts ticking from `startTime`.\n\nDefault time is ten minutes.",
"format": "google-duration",
"type": "string"
},
@@ -799,6 +819,10 @@
"format": "int64",
"type": "string"
},
"dynamicSubstitutions": {
"description": "Option to specify whether or not to apply bash style string\noperations to the substitutions.\n\nNOTE: this is always enabled for triggered builds and cannot be\noverridden in the build configuration file.",
"type": "boolean"
},
"env": {
"description": "A list of global environment variable definitions that will exist for all\nbuild steps in this build. If a variable is defined in both globally and in\na build step, the variable will use the build step value.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\"\nbeing given the value \"VALUE\".",
"items": {
@@ -821,16 +845,20 @@
"type": "string"
},
"logging": {
"description": "Option to specify the logging mode, which determines where the logs are\nstored.",
"description": "Option to specify the logging mode, which determines if and where build\nlogs are stored.",
"enum": [
"LOGGING_UNSPECIFIED",
"LEGACY",
"GCS_ONLY"
"GCS_ONLY",
"STACKDRIVER_ONLY",
"NONE"
],
"enumDescriptions": [
"The service determines the logging mode. The default is `LEGACY`. Do not\nrely on the default logging behavior as it may change in the future.",
"Stackdriver logging and Cloud Storage logging are enabled.",
"Only Cloud Storage logging is enabled."
"Cloud Logging (Stackdriver) and Cloud Storage logging are enabled.",
"Only Cloud Storage logging is enabled.",
"Only Cloud Logging (Stackdriver) is enabled. Note that logs for both the\nCloud Console UI and Cloud SDK are based on Cloud Storage logs, so\nneither will provide logs if this option is chosen.",
"Turn off all logging. No build logs will be captured."
],
"type": "string"
},
@@ -885,7 +913,7 @@
"type": "array"
},
"substitutionOption": {
"description": "Option to specify behavior when there is an error in the substitution\nchecks.",
"description": "Option to specify behavior when there is an error in the substitution\nchecks.\n\nNOTE: this is always set to ALLOW_LOOSE for triggered builds and cannot\nbe overridden in the build configuration file.",
"enum": [
"MUST_MATCH",
"ALLOW_LOOSE"
@@ -1158,6 +1186,17 @@
},
"type": "object"
},
"HTTPDelivery": {
"description": "HTTPDelivery is the delivery configuration for an HTTP notification.",
"id": "HTTPDelivery",
"properties": {
"uri": {
"description": "The URI to which JSON-containing HTTP POST requests should be sent.",
"type": "string"
}
},
"type": "object"
},
"Hash": {
"description": "Container message for hash values.",
"id": "Hash",
@@ -1220,18 +1259,113 @@
},
"type": "object"
},
"ListOperationsResponse": {
"description": "The response message for Operations.ListOperations.",
"id": "ListOperationsResponse",
"Notification": {
"description": "Notification is the container which holds the data that is relevant to this\nparticular notification.",
"id": "Notification",
"properties": {
"nextPageToken": {
"description": "The standard List next-page token.",
"filter": {
"description": "The filter string to use for notification filtering.\nCurrently, this is assumed to be a CEL program.\nSee https://opensource.google/projects/cel for more.",
"type": "string"
},
"operations": {
"description": "A list of operations that matches the specified filter in the request.",
"httpDelivery": {
"$ref": "HTTPDelivery",
"description": "Configuration for HTTP delivery."
},
"slackDelivery": {
"$ref": "SlackDelivery",
"description": "Configuration for Slack delivery."
},
"smtpDelivery": {
"$ref": "SMTPDelivery",
"description": "Configuration for SMTP (email) delivery."
},
"structDelivery": {
"additionalProperties": {
"description": "Properties of the object.",
"type": "any"
},
"description": "Escape hatch for users to supply custom delivery configs.",
"type": "object"
}
},
"type": "object"
},
"NotifierConfig": {
"description": "NotifierConfig is the top-level configuration message.",
"id": "NotifierConfig",
"properties": {
"apiVersion": {
"description": "The API version of this configuration format.",
"type": "string"
},
"kind": {
"description": "The type of notifier to use (e.g. SMTPNotifier).",
"type": "string"
},
"metadata": {
"$ref": "NotifierMetadata",
"description": "Metadata for referring to/handling/deploying this notifier."
},
"spec": {
"$ref": "NotifierSpec",
"description": "The actual configuration for this notifier."
}
},
"type": "object"
},
"NotifierMetadata": {
"description": "NotifierMetadata contains the data which can be used to reference or describe\nthis notifier.",
"id": "NotifierMetadata",
"properties": {
"name": {
"description": "The human-readable and user-given name for the notifier.\nFor example: \"repo-merge-email-notifier\".",
"type": "string"
},
"notifier": {
"description": "The string representing the name and version of notifier to deploy.\nExpected to be of the form of \"<registry-path>/<name>:<version>\".\nFor example: \"gcr.io/my-project/notifiers/smtp:1.2.34\".",
"type": "string"
}
},
"type": "object"
},
"NotifierSecret": {
"description": "NotifierSecret is the container that maps a secret name (reference) to its\nGoogle Cloud Secret Manager resource path.",
"id": "NotifierSecret",
"properties": {
"name": {
"description": "Name is the local name of the secret, such as the verbatim string\n\"my-smtp-password\".",
"type": "string"
},
"value": {
"description": "Value is interpreted to be a resource path for fetching the actual\n(versioned) secret data for this secret. For example, this would be a\nGoogle Cloud Secret Manager secret version resource path like:\n\"projects/my-project/secrets/my-secret/versions/latest\".",
"type": "string"
}
},
"type": "object"
},
"NotifierSecretRef": {
"description": "NotifierSecretRef contains the reference to a secret stored in the\ncorresponding NotifierSpec.",
"id": "NotifierSecretRef",
"properties": {
"secretRef": {
"description": "The value of `secret_ref` should be a `name` that is registered in a\n`Secret` in the `secrets` list of the `Spec`.",
"type": "string"
}
},
"type": "object"
},
"NotifierSpec": {
"description": "NotifierSpec is the configuration container for notifications.",
"id": "NotifierSpec",
"properties": {
"notification": {
"$ref": "Notification",
"description": "The configuration of this particular notifier."
},
"secrets": {
"description": "Configurations for secret resources used by this particular notifier.",
"items": {
"$ref": "Operation"
"$ref": "NotifierSecret"
},
"type": "array"
}
@@ -1282,7 +1416,7 @@
"type": "string"
},
"commentControl": {
"description": "Whether to block builds on a \"/gcbrun\" comment from a repository admin or\ncollaborator.",
"description": "Configure builds to run whether a repository owner or collaborator need to\ncomment `/gcbrun`.",
"enum": [
"COMMENTS_DISABLED",
"COMMENTS_ENABLED"
@@ -1409,6 +1543,40 @@
"properties": {},
"type": "object"
},
"SMTPDelivery": {
"description": "SMTPDelivery is the delivery configuration for an SMTP (email) notification.",
"id": "SMTPDelivery",
"properties": {
"fromAddress": {
"description": "This is the SMTP account/email that appears in the `From:` of the email.\nIf empty, it is assumed to be sender.",
"type": "string"
},
"password": {
"$ref": "NotifierSecretRef",
"description": "The SMTP sender's password."
},
"port": {
"description": "The SMTP port of the server.",
"type": "string"
},
"recipientAddresses": {
"description": "This is the list of addresses to which we send the email (i.e. in the `To:`\nof the email).",
"items": {
"type": "string"
},
"type": "array"
},
"senderAddress": {
"description": "This is the SMTP account/email that is used to send the message.",
"type": "string"
},
"server": {
"description": "The address of the SMTP server.",
"type": "string"
}
},
"type": "object"
},
"Secret": {
"description": "Pairs a set of secret environment variables containing encrypted\nvalues with the Cloud KMS key to use to decrypt the value.",
"id": "Secret",
@@ -1428,6 +1596,17 @@
},
"type": "object"
},
"SlackDelivery": {
"description": "SlackDelivery is the delivery configuration for delivering Slack messages via\nwebhooks. See Slack webhook documentation at:\nhttps://api.slack.com/messaging/webhooks.",
"id": "SlackDelivery",
"properties": {
"webhookUri": {
"$ref": "NotifierSecretRef",
"description": "The secret reference for the Slack webhook URI for sending messages to a\nchannel."
}
},
"type": "object"
},
"Source": {
"description": "Location of the source in a supported storage service.",
"id": "Source",

320
etc/api/cloudbuild/v1alpha1/cloudbuild-api.json
View File

@@ -107,6 +107,67 @@
"resources": {
"projects": {
"resources": {
"locations": {
"resources": {
"operations": {
"methods": {
"cancel": {
"description": "Starts asynchronous cancellation on a long-running operation. The server\nmakes a best effort to cancel the operation, but success is not\nguaranteed. If the server doesn't support this method, it returns\n`google.rpc.Code.UNIMPLEMENTED`. Clients can use\nOperations.GetOperation or\nother methods to check whether the cancellation succeeded or whether the\noperation completed despite cancellation. On successful cancellation,\nthe operation is not deleted; instead, it becomes an operation with\nan Operation.error value with a google.rpc.Status.code of 1,\ncorresponding to `Code.CANCELLED`.",
"flatPath": "v1alpha1/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}:cancel",
"httpMethod": "POST",
"id": "cloudbuild.projects.locations.operations.cancel",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The name of the operation resource to be cancelled.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/operations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1alpha1/{+name}:cancel",
"request": {
"$ref": "CancelOperationRequest"
},
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Gets the latest state of a long-running operation. Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice.",
"flatPath": "v1alpha1/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}",
"httpMethod": "GET",
"id": "cloudbuild.projects.locations.operations.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The name of the operation resource.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/operations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1alpha1/{+name}",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
}
},
"workerPools": {
"methods": {
"create": {
@@ -245,7 +306,7 @@
}
}
},
"revision": "20200323",
"revision": "20200704",
"rootUrl": "https://cloudbuild.googleapis.com/",
"schemas": {
"ArtifactObjects": {
@@ -436,7 +497,7 @@
"type": "array"
},
"timeout": {
"description": "Amount of time that this build should be allowed to run, to second\ngranularity. If this amount of time elapses, work on the build will cease\nand the build status will be `TIMEOUT`.\n\nDefault time is ten minutes.",
"description": "Amount of time that this build should be allowed to run, to second\ngranularity. If this amount of time elapses, work on the build will cease\nand the build status will be `TIMEOUT`.\n\n`timeout` starts ticking from `startTime`.\n\nDefault time is ten minutes.",
"format": "google-duration",
"type": "string"
},
@@ -470,6 +531,10 @@
"format": "int64",
"type": "string"
},
"dynamicSubstitutions": {
"description": "Option to specify whether or not to apply bash style string\noperations to the substitutions.\n\nNOTE: this is always enabled for triggered builds and cannot be\noverridden in the build configuration file.",
"type": "boolean"
},
"env": {
"description": "A list of global environment variable definitions that will exist for all\nbuild steps in this build. If a variable is defined in both globally and in\na build step, the variable will use the build step value.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\"\nbeing given the value \"VALUE\".",
"items": {
@@ -492,16 +557,20 @@
"type": "string"
},
"logging": {
"description": "Option to specify the logging mode, which determines where the logs are\nstored.",
"description": "Option to specify the logging mode, which determines if and where build\nlogs are stored.",
"enum": [
"LOGGING_UNSPECIFIED",
"LEGACY",
"GCS_ONLY"
"GCS_ONLY",
"STACKDRIVER_ONLY",
"NONE"
],
"enumDescriptions": [
"The service determines the logging mode. The default is `LEGACY`. Do not\nrely on the default logging behavior as it may change in the future.",
"Stackdriver logging and Cloud Storage logging are enabled.",
"Only Cloud Storage logging is enabled."
"Cloud Logging (Stackdriver) and Cloud Storage logging are enabled.",
"Only Cloud Storage logging is enabled.",
"Only Cloud Logging (Stackdriver) is enabled. Note that logs for both the\nCloud Console UI and Cloud SDK are based on Cloud Storage logs, so\nneither will provide logs if this option is chosen.",
"Turn off all logging. No build logs will be captured."
],
"type": "string"
},
@@ -556,7 +625,7 @@
"type": "array"
},
"substitutionOption": {
"description": "Option to specify behavior when there is an error in the substitution\nchecks.",
"description": "Option to specify behavior when there is an error in the substitution\nchecks.\n\nNOTE: this is always set to ALLOW_LOOSE for triggered builds and cannot\nbe overridden in the build configuration file.",
"enum": [
"MUST_MATCH",
"ALLOW_LOOSE"
@@ -697,6 +766,12 @@
},
"type": "object"
},
"CancelOperationRequest": {
"description": "The request message for Operations.CancelOperation.",
"id": "CancelOperationRequest",
"properties": {},
"type": "object"
},
"Empty": {
"description": "A generic empty message that you can re-use to avoid defining duplicated\nempty messages in your APIs. A typical example is to use it as the request\nor the response type of an API method. For instance:\n\n service Foo {\n rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n }\n\nThe JSON representation for `Empty` is empty JSON object `{}`.",
"id": "Empty",
@@ -717,6 +792,17 @@
},
"type": "object"
},
"HTTPDelivery": {
"description": "HTTPDelivery is the delivery configuration for an HTTP notification.",
"id": "HTTPDelivery",
"properties": {
"uri": {
"description": "The URI to which JSON-containing HTTP POST requests should be sent.",
"type": "string"
}
},
"type": "object"
},
"Hash": {
"description": "Container message for hash values.",
"id": "Hash",
@@ -776,6 +862,154 @@
},
"type": "object"
},
"Notification": {
"description": "Notification is the container which holds the data that is relevant to this\nparticular notification.",
"id": "Notification",
"properties": {
"filter": {
"description": "The filter string to use for notification filtering.\nCurrently, this is assumed to be a CEL program.\nSee https://opensource.google/projects/cel for more.",
"type": "string"
},
"httpDelivery": {
"$ref": "HTTPDelivery",
"description": "Configuration for HTTP delivery."
},
"slackDelivery": {
"$ref": "SlackDelivery",
"description": "Configuration for Slack delivery."
},
"smtpDelivery": {
"$ref": "SMTPDelivery",
"description": "Configuration for SMTP (email) delivery."
},
"structDelivery": {
"additionalProperties": {
"description": "Properties of the object.",
"type": "any"
},
"description": "Escape hatch for users to supply custom delivery configs.",
"type": "object"
}
},
"type": "object"
},
"NotifierConfig": {
"description": "NotifierConfig is the top-level configuration message.",
"id": "NotifierConfig",
"properties": {
"apiVersion": {
"description": "The API version of this configuration format.",
"type": "string"
},
"kind": {
"description": "The type of notifier to use (e.g. SMTPNotifier).",
"type": "string"
},
"metadata": {
"$ref": "NotifierMetadata",
"description": "Metadata for referring to/handling/deploying this notifier."
},
"spec": {
"$ref": "NotifierSpec",
"description": "The actual configuration for this notifier."
}
},
"type": "object"
},
"NotifierMetadata": {
"description": "NotifierMetadata contains the data which can be used to reference or describe\nthis notifier.",
"id": "NotifierMetadata",
"properties": {
"name": {
"description": "The human-readable and user-given name for the notifier.\nFor example: \"repo-merge-email-notifier\".",
"type": "string"
},
"notifier": {
"description": "The string representing the name and version of notifier to deploy.\nExpected to be of the form of \"<registry-path>/<name>:<version>\".\nFor example: \"gcr.io/my-project/notifiers/smtp:1.2.34\".",
"type": "string"
}
},
"type": "object"
},
"NotifierSecret": {
"description": "NotifierSecret is the container that maps a secret name (reference) to its\nGoogle Cloud Secret Manager resource path.",
"id": "NotifierSecret",
"properties": {
"name": {
"description": "Name is the local name of the secret, such as the verbatim string\n\"my-smtp-password\".",
"type": "string"
},
"value": {
"description": "Value is interpreted to be a resource path for fetching the actual\n(versioned) secret data for this secret. For example, this would be a\nGoogle Cloud Secret Manager secret version resource path like:\n\"projects/my-project/secrets/my-secret/versions/latest\".",
"type": "string"
}
},
"type": "object"
},
"NotifierSecretRef": {
"description": "NotifierSecretRef contains the reference to a secret stored in the\ncorresponding NotifierSpec.",
"id": "NotifierSecretRef",
"properties": {
"secretRef": {
"description": "The value of `secret_ref` should be a `name` that is registered in a\n`Secret` in the `secrets` list of the `Spec`.",
"type": "string"
}
},
"type": "object"
},
"NotifierSpec": {
"description": "NotifierSpec is the configuration container for notifications.",
"id": "NotifierSpec",
"properties": {
"notification": {
"$ref": "Notification",
"description": "The configuration of this particular notifier."
},
"secrets": {
"description": "Configurations for secret resources used by this particular notifier.",
"items": {
"$ref": "NotifierSecret"
},
"type": "array"
}
},
"type": "object"
},
"Operation": {
"description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
"id": "Operation",
"properties": {
"done": {
"description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
"type": "boolean"
},
"error": {
"$ref": "Status",
"description": "The error result of the operation in case of failure or cancellation."
},
"metadata": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "Service-specific metadata associated with the operation. It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata. Any method that returns a\nlong-running operation should document the metadata type, if any.",
"type": "object"
},
"name": {
"description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should be a resource name ending with `operations/{unique_id}`.",
"type": "string"
},
"response": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "The normal response of the operation in case of success. If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`. If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource. For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name. For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
"type": "object"
}
},
"type": "object"
},
"RepoSource": {
"description": "Location of the source in a Google Cloud Source Repository.",
"id": "RepoSource",
@@ -860,6 +1094,40 @@
},
"type": "object"
},
"SMTPDelivery": {
"description": "SMTPDelivery is the delivery configuration for an SMTP (email) notification.",
"id": "SMTPDelivery",
"properties": {
"fromAddress": {
"description": "This is the SMTP account/email that appears in the `From:` of the email.\nIf empty, it is assumed to be sender.",
"type": "string"
},
"password": {
"$ref": "NotifierSecretRef",
"description": "The SMTP sender's password."
},
"port": {
"description": "The SMTP port of the server.",
"type": "string"
},
"recipientAddresses": {
"description": "This is the list of addresses to which we send the email (i.e. in the `To:`\nof the email).",
"items": {
"type": "string"
},
"type": "array"
},
"senderAddress": {
"description": "This is the SMTP account/email that is used to send the message.",
"type": "string"
},
"server": {
"description": "The address of the SMTP server.",
"type": "string"
}
},
"type": "object"
},
"Secret": {
"description": "Pairs a set of secret environment variables containing encrypted\nvalues with the Cloud KMS key to use to decrypt the value.",
"id": "Secret",
@@ -879,6 +1147,17 @@
},
"type": "object"
},
"SlackDelivery": {
"description": "SlackDelivery is the delivery configuration for delivering Slack messages via\nwebhooks. See Slack webhook documentation at:\nhttps://api.slack.com/messaging/webhooks.",
"id": "SlackDelivery",
"properties": {
"webhookUri": {
"$ref": "NotifierSecretRef",
"description": "The secret reference for the Slack webhook URI for sending messages to a\nchannel."
}
},
"type": "object"
},
"Source": {
"description": "Location of the source in a supported storage service.",
"id": "Source",
@@ -916,6 +1195,33 @@
},
"type": "object"
},
"Status": {
"description": "The `Status` type defines a logical error model that is suitable for\ndifferent programming environments, including REST APIs and RPC APIs. It is\nused by [gRPC](https://github.com/grpc). Each `Status` message contains\nthree pieces of data: error code, error message, and error details.\n\nYou can find out more about this error model and how to work with it in the\n[API Design Guide](https://cloud.google.com/apis/design/errors).",
"id": "Status",
"properties": {
"code": {
"description": "The status code, which should be an enum value of google.rpc.Code.",
"format": "int32",
"type": "integer"
},
"details": {
"description": "A list of messages that carry the error details. There is a common set of\nmessage types for APIs to use.",
"items": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"type": "object"
},
"type": "array"
},
"message": {
"description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
"type": "string"
}
},
"type": "object"
},
"StorageSource": {
"description": "Location of the source in an archive file in Google Cloud Storage.",
"id": "StorageSource",

320
etc/api/cloudbuild/v1alpha2/cloudbuild-api.json
View File

@@ -107,6 +107,67 @@
"resources": {
"projects": {
"resources": {
"locations": {
"resources": {
"operations": {
"methods": {
"cancel": {
"description": "Starts asynchronous cancellation on a long-running operation. The server\nmakes a best effort to cancel the operation, but success is not\nguaranteed. If the server doesn't support this method, it returns\n`google.rpc.Code.UNIMPLEMENTED`. Clients can use\nOperations.GetOperation or\nother methods to check whether the cancellation succeeded or whether the\noperation completed despite cancellation. On successful cancellation,\nthe operation is not deleted; instead, it becomes an operation with\nan Operation.error value with a google.rpc.Status.code of 1,\ncorresponding to `Code.CANCELLED`.",
"flatPath": "v1alpha2/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}:cancel",
"httpMethod": "POST",
"id": "cloudbuild.projects.locations.operations.cancel",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The name of the operation resource to be cancelled.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/operations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1alpha2/{+name}:cancel",
"request": {
"$ref": "CancelOperationRequest"
},
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"get": {
"description": "Gets the latest state of a long-running operation. Clients can use this\nmethod to poll the operation result at intervals as recommended by the API\nservice.",
"flatPath": "v1alpha2/projects/{projectsId}/locations/{locationsId}/operations/{operationsId}",
"httpMethod": "GET",
"id": "cloudbuild.projects.locations.operations.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The name of the operation resource.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/operations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1alpha2/{+name}",
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
}
},
"workerPools": {
"methods": {
"create": {
@@ -256,7 +317,7 @@
}
}
},
"revision": "20200323",
"revision": "20200704",
"rootUrl": "https://cloudbuild.googleapis.com/",
"schemas": {
"ArtifactObjects": {
@@ -447,7 +508,7 @@
"type": "array"
},
"timeout": {
"description": "Amount of time that this build should be allowed to run, to second\ngranularity. If this amount of time elapses, work on the build will cease\nand the build status will be `TIMEOUT`.\n\nDefault time is ten minutes.",
"description": "Amount of time that this build should be allowed to run, to second\ngranularity. If this amount of time elapses, work on the build will cease\nand the build status will be `TIMEOUT`.\n\n`timeout` starts ticking from `startTime`.\n\nDefault time is ten minutes.",
"format": "google-duration",
"type": "string"
},
@@ -481,6 +542,10 @@
"format": "int64",
"type": "string"
},
"dynamicSubstitutions": {
"description": "Option to specify whether or not to apply bash style string\noperations to the substitutions.\n\nNOTE: this is always enabled for triggered builds and cannot be\noverridden in the build configuration file.",
"type": "boolean"
},
"env": {
"description": "A list of global environment variable definitions that will exist for all\nbuild steps in this build. If a variable is defined in both globally and in\na build step, the variable will use the build step value.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\"\nbeing given the value \"VALUE\".",
"items": {
@@ -503,16 +568,20 @@
"type": "string"
},
"logging": {
"description": "Option to specify the logging mode, which determines where the logs are\nstored.",
"description": "Option to specify the logging mode, which determines if and where build\nlogs are stored.",
"enum": [
"LOGGING_UNSPECIFIED",
"LEGACY",
"GCS_ONLY"
"GCS_ONLY",
"STACKDRIVER_ONLY",
"NONE"
],
"enumDescriptions": [
"The service determines the logging mode. The default is `LEGACY`. Do not\nrely on the default logging behavior as it may change in the future.",
"Stackdriver logging and Cloud Storage logging are enabled.",
"Only Cloud Storage logging is enabled."
"Cloud Logging (Stackdriver) and Cloud Storage logging are enabled.",
"Only Cloud Storage logging is enabled.",
"Only Cloud Logging (Stackdriver) is enabled. Note that logs for both the\nCloud Console UI and Cloud SDK are based on Cloud Storage logs, so\nneither will provide logs if this option is chosen.",
"Turn off all logging. No build logs will be captured."
],
"type": "string"
},
@@ -567,7 +636,7 @@
"type": "array"
},
"substitutionOption": {
"description": "Option to specify behavior when there is an error in the substitution\nchecks.",
"description": "Option to specify behavior when there is an error in the substitution\nchecks.\n\nNOTE: this is always set to ALLOW_LOOSE for triggered builds and cannot\nbe overridden in the build configuration file.",
"enum": [
"MUST_MATCH",
"ALLOW_LOOSE"
@@ -708,6 +777,12 @@
},
"type": "object"
},
"CancelOperationRequest": {
"description": "The request message for Operations.CancelOperation.",
"id": "CancelOperationRequest",
"properties": {},
"type": "object"
},
"Empty": {
"description": "A generic empty message that you can re-use to avoid defining duplicated\nempty messages in your APIs. A typical example is to use it as the request\nor the response type of an API method. For instance:\n\n service Foo {\n rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n }\n\nThe JSON representation for `Empty` is empty JSON object `{}`.",
"id": "Empty",
@@ -728,6 +803,17 @@
},
"type": "object"
},
"HTTPDelivery": {
"description": "HTTPDelivery is the delivery configuration for an HTTP notification.",
"id": "HTTPDelivery",
"properties": {
"uri": {
"description": "The URI to which JSON-containing HTTP POST requests should be sent.",
"type": "string"
}
},
"type": "object"
},
"Hash": {
"description": "Container message for hash values.",
"id": "Hash",
@@ -779,6 +865,154 @@
},
"type": "object"
},
"Notification": {
"description": "Notification is the container which holds the data that is relevant to this\nparticular notification.",
"id": "Notification",
"properties": {
"filter": {
"description": "The filter string to use for notification filtering.\nCurrently, this is assumed to be a CEL program.\nSee https://opensource.google/projects/cel for more.",
"type": "string"
},
"httpDelivery": {
"$ref": "HTTPDelivery",
"description": "Configuration for HTTP delivery."
},
"slackDelivery": {
"$ref": "SlackDelivery",
"description": "Configuration for Slack delivery."
},
"smtpDelivery": {
"$ref": "SMTPDelivery",
"description": "Configuration for SMTP (email) delivery."
},
"structDelivery": {
"additionalProperties": {
"description": "Properties of the object.",
"type": "any"
},
"description": "Escape hatch for users to supply custom delivery configs.",
"type": "object"
}
},
"type": "object"
},
"NotifierConfig": {
"description": "NotifierConfig is the top-level configuration message.",
"id": "NotifierConfig",
"properties": {
"apiVersion": {
"description": "The API version of this configuration format.",
"type": "string"
},
"kind": {
"description": "The type of notifier to use (e.g. SMTPNotifier).",
"type": "string"
},
"metadata": {
"$ref": "NotifierMetadata",
"description": "Metadata for referring to/handling/deploying this notifier."
},
"spec": {
"$ref": "NotifierSpec",
"description": "The actual configuration for this notifier."
}
},
"type": "object"
},
"NotifierMetadata": {
"description": "NotifierMetadata contains the data which can be used to reference or describe\nthis notifier.",
"id": "NotifierMetadata",
"properties": {
"name": {
"description": "The human-readable and user-given name for the notifier.\nFor example: \"repo-merge-email-notifier\".",
"type": "string"
},
"notifier": {
"description": "The string representing the name and version of notifier to deploy.\nExpected to be of the form of \"<registry-path>/<name>:<version>\".\nFor example: \"gcr.io/my-project/notifiers/smtp:1.2.34\".",
"type": "string"
}
},
"type": "object"
},
"NotifierSecret": {
"description": "NotifierSecret is the container that maps a secret name (reference) to its\nGoogle Cloud Secret Manager resource path.",
"id": "NotifierSecret",
"properties": {
"name": {
"description": "Name is the local name of the secret, such as the verbatim string\n\"my-smtp-password\".",
"type": "string"
},
"value": {
"description": "Value is interpreted to be a resource path for fetching the actual\n(versioned) secret data for this secret. For example, this would be a\nGoogle Cloud Secret Manager secret version resource path like:\n\"projects/my-project/secrets/my-secret/versions/latest\".",
"type": "string"
}
},
"type": "object"
},
"NotifierSecretRef": {
"description": "NotifierSecretRef contains the reference to a secret stored in the\ncorresponding NotifierSpec.",
"id": "NotifierSecretRef",
"properties": {
"secretRef": {
"description": "The value of `secret_ref` should be a `name` that is registered in a\n`Secret` in the `secrets` list of the `Spec`.",
"type": "string"
}
},
"type": "object"
},
"NotifierSpec": {
"description": "NotifierSpec is the configuration container for notifications.",
"id": "NotifierSpec",
"properties": {
"notification": {
"$ref": "Notification",
"description": "The configuration of this particular notifier."
},
"secrets": {
"description": "Configurations for secret resources used by this particular notifier.",
"items": {
"$ref": "NotifierSecret"
},
"type": "array"
}
},
"type": "object"
},
"Operation": {
"description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
"id": "Operation",
"properties": {
"done": {
"description": "If the value is `false`, it means the operation is still in progress.\nIf `true`, the operation is completed, and either `error` or `response` is\navailable.",
"type": "boolean"
},
"error": {
"$ref": "Status",
"description": "The error result of the operation in case of failure or cancellation."
},
"metadata": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "Service-specific metadata associated with the operation. It typically\ncontains progress information and common metadata such as create time.\nSome services might not provide such metadata. Any method that returns a\nlong-running operation should document the metadata type, if any.",
"type": "object"
},
"name": {
"description": "The server-assigned name, which is only unique within the same service that\noriginally returns it. If you use the default HTTP mapping, the\n`name` should be a resource name ending with `operations/{unique_id}`.",
"type": "string"
},
"response": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"description": "The normal response of the operation in case of success. If the original\nmethod returns no data on success, such as `Delete`, the response is\n`google.protobuf.Empty`. If the original method is standard\n`Get`/`Create`/`Update`, the response should be the resource. For other\nmethods, the response should have the type `XxxResponse`, where `Xxx`\nis the original method name. For example, if the original method name\nis `TakeSnapshot()`, the inferred response type is\n`TakeSnapshotResponse`.",
"type": "object"
}
},
"type": "object"
},
"RepoSource": {
"description": "Location of the source in a Google Cloud Source Repository.",
"id": "RepoSource",
@@ -863,6 +1097,40 @@
},
"type": "object"
},
"SMTPDelivery": {
"description": "SMTPDelivery is the delivery configuration for an SMTP (email) notification.",
"id": "SMTPDelivery",
"properties": {
"fromAddress": {
"description": "This is the SMTP account/email that appears in the `From:` of the email.\nIf empty, it is assumed to be sender.",
"type": "string"
},
"password": {
"$ref": "NotifierSecretRef",
"description": "The SMTP sender's password."
},
"port": {
"description": "The SMTP port of the server.",
"type": "string"
},
"recipientAddresses": {
"description": "This is the list of addresses to which we send the email (i.e. in the `To:`\nof the email).",
"items": {
"type": "string"
},
"type": "array"
},
"senderAddress": {
"description": "This is the SMTP account/email that is used to send the message.",
"type": "string"
},
"server": {
"description": "The address of the SMTP server.",
"type": "string"
}
},
"type": "object"
},
"Secret": {
"description": "Pairs a set of secret environment variables containing encrypted\nvalues with the Cloud KMS key to use to decrypt the value.",
"id": "Secret",
@@ -882,6 +1150,17 @@
},
"type": "object"
},
"SlackDelivery": {
"description": "SlackDelivery is the delivery configuration for delivering Slack messages via\nwebhooks. See Slack webhook documentation at:\nhttps://api.slack.com/messaging/webhooks.",
"id": "SlackDelivery",
"properties": {
"webhookUri": {
"$ref": "NotifierSecretRef",
"description": "The secret reference for the Slack webhook URI for sending messages to a\nchannel."
}
},
"type": "object"
},
"Source": {
"description": "Location of the source in a supported storage service.",
"id": "Source",
@@ -919,6 +1198,33 @@
},
"type": "object"
},
"Status": {
"description": "The `Status` type defines a logical error model that is suitable for\ndifferent programming environments, including REST APIs and RPC APIs. It is\nused by [gRPC](https://github.com/grpc). Each `Status` message contains\nthree pieces of data: error code, error message, and error details.\n\nYou can find out more about this error model and how to work with it in the\n[API Design Guide](https://cloud.google.com/apis/design/errors).",
"id": "Status",
"properties": {
"code": {
"description": "The status code, which should be an enum value of google.rpc.Code.",
"format": "int32",
"type": "integer"
},
"details": {
"description": "A list of messages that carry the error details. There is a common set of\nmessage types for APIs to use.",
"items": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
"type": "any"
},
"type": "object"
},
"type": "array"
},
"message": {
"description": "A developer-facing error message, which should be in English. Any\nuser-facing error message should be localized and sent in the\ngoogle.rpc.Status.details field, or localized by the client.",
"type": "string"
}
},
"type": "object"
},
"StorageSource": {
"description": "Location of the source in an archive file in Google Cloud Storage.",
"id": "StorageSource",

64
etc/api/clouddebugger/v2/clouddebugger-api.json
View File

@@ -144,6 +144,11 @@
"debuggeeId"
],
"parameters": {
"agentId": {
"description": "Identifies the agent.\nThis is the ID returned in the RegisterDebuggee response.",
"location": "query",
"type": "string"
},
"debuggeeId": {
"description": "Required. Identifies the debuggee.",
"location": "path",
@@ -393,6 +398,16 @@
"debuggeeId"
],
"parameters": {
"canaryOption": {
"description": "The canary option set by the user upon setting breakpoint.",
"enum": [
"CANARY_OPTION_UNSPECIFIED",
"CANARY_OPTION_TRY_ENABLE",
"CANARY_OPTION_TRY_DISABLE"
],
"location": "query",
"type": "string"
},
"clientVersion": {
"description": "Required. The client version making the call.\nSchema: `domain/type/version` (e.g., `google.com/intellij/v1`).",
"location": "query",
@@ -424,7 +439,7 @@
}
}
},
"revision": "20200405",
"revision": "20200703",
"rootUrl": "https://clouddebugger.googleapis.com/",
"schemas": {
"AliasContext": {
@@ -470,6 +485,11 @@
],
"type": "string"
},
"canaryExpireTime": {
"description": "The deadline for the breakpoint to stay in CANARY_ACTIVE state. The value\nis meaningless when the breakpoint is not in CANARY_ACTIVE state.",
"format": "google-datetime",
"type": "string"
},
"condition": {
"description": "Condition that triggers the breakpoint.\nThe condition is a compound boolean expression composed using expressions\nin a programming language at the source location.",
"type": "string"
@@ -542,6 +562,24 @@
},
"type": "array"
},
"state": {
"description": "The current state of the breakpoint.",
"enum": [
"STATE_UNSPECIFIED",
"STATE_CANARY_PENDING_AGENTS",
"STATE_CANARY_ACTIVE",
"STATE_ROLLING_TO_ALL",
"STATE_IS_FINAL"
],
"enumDescriptions": [
"Breakpoint state UNSPECIFIED.",
"Enabling canary but no agents are available.",
"Enabling canary and successfully assigning canary agents.",
"Breakpoint rolling out to all agents.",
"Breakpoint is hit/complete/failed."
],
"type": "string"
},
"status": {
"$ref": "StatusMessage",
"description": "Breakpoint status.\n\nThe status includes an error flag and a human readable message.\nThis field is usually unset. The message can be either\ninformational or an error message. Regardless, clients should always\ndisplay the text message back to the user.\n\nError status indicates complete failure of the breakpoint.\n\nExample (non-final state): `Still loading symbols...`\n\nExamples (final state):\n\n* `Invalid line number` referring to location\n* `Field f not found in class C` referring to condition"
@@ -621,6 +659,24 @@
"description": "Version ID of the agent.\nSchema: `domain/language-platform/vmajor.minor` (for example\n`google.com/java-gcp/v1.1`).",
"type": "string"
},
"canaryMode": {
"description": "Used when setting breakpoint canary for this debuggee.",
"enum": [
"CANARY_MODE_UNSPECIFIED",
"CANARY_MODE_ALWAYS_ENABLED",
"CANARY_MODE_ALWAYS_DISABLED",
"CANARY_MODE_DEFAULT_ENABLED",
"CANARY_MODE_DEFAULT_DISABLED"
],
"enumDescriptions": [
"CANARY_MODE_UNSPECIFIED is equivalent to CANARY_MODE_ALWAYS_DISABLED so\nthat if the debuggee is not configured to use the canary feature, the\nfeature will be disabled.",
"Always enable breakpoint canary regardless of the value of breakpoint's\ncanary option.",
"Always disable breakpoint canary regardless of the value of breakpoint's\ncanary option.",
"Depends on the breakpoint's canary option. Enable canary by default if\nthe breakpoint's canary option is not specified.",
"Depends on the breakpoint's canary option. Disable canary by default if\nthe breakpoint's canary option is not specified."
],
"type": "string"
},
"description": {
"description": "Human readable description of the debuggee.\nIncluding a human-readable project name, environment name and version\ninformation is recommended.",
"type": "string"
@@ -852,6 +908,10 @@
"description": "Response for registering a debuggee.",
"id": "RegisterDebuggeeResponse",
"properties": {
"agentId": {
"description": "A unique ID generated for the agent.\nEach RegisterDebuggee request will generate a new agent ID.",
"type": "string"
},
"debuggee": {
"$ref": "Debuggee",
"description": "Debuggee resource.\nThe field `id` is guaranteed to be set (in addition to the echoed fields).\nIf the field `is_disabled` is set to `true`, the agent should disable\nitself by removing all breakpoints and detaching from the application.\nIt should however continue to poll `RegisterDebuggee` until reenabled."
@@ -978,6 +1038,7 @@
"BREAKPOINT_CONDITION",
"BREAKPOINT_EXPRESSION",
"BREAKPOINT_AGE",
"BREAKPOINT_CANARY_FAILED",
"VARIABLE_NAME",
"VARIABLE_VALUE"
],
@@ -987,6 +1048,7 @@
"Status applies to the breakpoint and is related to its condition.",
"Status applies to the breakpoint and is related to its expressions.",
"Status applies to the breakpoint and is related to its age.",
"Status applies to the breakpoint when the breakpoint failed to exit the\ncanary state.",
"Status applies to the entire variable.",
"Status applies to variable value (variable name is valid)."
],

6
etc/api/clouderrorreporting/v1beta1/clouderrorreporting-api.json
View File

@@ -354,7 +354,7 @@
],
"parameters": {
"groupName": {
"description": "Required. The group resource name. Written as\n<code>projects/<var>projectID</var>/groups/<var>group_name</var></code>.\nCall\n<a href=\"/error-reporting/reference/rest/v1beta1/projects.groupStats/list\">\n<code>groupStats.list</code></a> to return a list of groups belonging to\nthis project.\n\nExample: <code>projects/my-project-123/groups/my-group</code>",
"description": "Required. The group resource name. Written as\n`projects/{projectID}/groups/{group_name}`. Call\n[`groupStats.list`](https://cloud.google.com/error-reporting/reference/rest/v1beta1/projects.groupStats/list)\nto return a list of groups belonging to this project.\n\nExample: `projects/my-project-123/groups/my-group`",
"location": "path",
"pattern": "^projects/[^/]+/groups/[^/]+$",
"required": true,
@@ -402,7 +402,7 @@
}
}
},
"revision": "20200331",
"revision": "20200610",
"rootUrl": "https://clouderrorreporting.googleapis.com/",
"schemas": {
"DeleteEventsResponse": {
@@ -726,7 +726,7 @@
"id": "TrackingIssue",
"properties": {
"url": {
"description": "A URL pointing to a related entry in an issue tracking system.\nExample: https://github.com/user/project/issues/4",
"description": "A URL pointing to a related entry in an issue tracking system.\nExample: `https://github.com/user/project/issues/4`",
"type": "string"
}
},

30
etc/api/cloudfunctions/v1/cloudfunctions-api.json
View File

@@ -392,7 +392,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -546,11 +546,11 @@
}
}
},
"revision": "20200401",
"revision": "20200629",
"rootUrl": "https://cloudfunctions.googleapis.com/",
"schemas": {
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -568,7 +568,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -603,7 +603,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -658,6 +658,10 @@
"format": "int32",
"type": "integer"
},
"buildId": {
"description": "Output only. The Cloud Build ID of the latest successful deployment of the\nfunction.",
"type": "string"
},
"description": {
"description": "User-provided description of a function.",
"type": "string"
@@ -686,12 +690,14 @@
"enum": [
"INGRESS_SETTINGS_UNSPECIFIED",
"ALLOW_ALL",
"ALLOW_INTERNAL_ONLY"
"ALLOW_INTERNAL_ONLY",
"ALLOW_INTERNAL_AND_GCLB"
],
"enumDescriptions": [
"Unspecified.",
"Allow HTTP traffic from public and private sources.",
"Allow HTTP traffic from only private VPC sources."
"Allow HTTP traffic from only private VPC sources.",
"Allow HTTP traffic from private VPC sources and through GCLB."
],
"type": "string"
},
@@ -1033,6 +1039,10 @@
"description": "Metadata describing an Operation",
"id": "OperationMetadataV1",
"properties": {
"buildId": {
"description": "The Cloud Build ID of the function created or updated by an API call.\nThis field is only populated for Create and Update operations.",
"type": "string"
},
"request": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",
@@ -1120,7 +1130,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -1143,7 +1153,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1165,7 +1175,7 @@
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}

6
etc/api/cloudfunctions/v1beta2/cloudfunctions-api.json
View File

@@ -453,7 +453,7 @@
}
}
},
"revision": "20200401",
"revision": "20200629",
"rootUrl": "https://cloudfunctions.googleapis.com/",
"schemas": {
"CallFunctionRequest": {
@@ -821,6 +821,10 @@
"description": "Metadata describing an Operation",
"id": "OperationMetadataV1",
"properties": {
"buildId": {
"description": "The Cloud Build ID of the function created or updated by an API call.\nThis field is only populated for Create and Update operations.",
"type": "string"
},
"request": {
"additionalProperties": {
"description": "Properties of the object. Contains field @type with type URL.",

2
etc/api/cloudidentity/v1/cloudidentity-api.json
View File

@@ -512,7 +512,7 @@
}
}
},
"revision": "20200401",
"revision": "20200707",
"rootUrl": "https://cloudidentity.googleapis.com/",
"schemas": {
"EntityKey": {

282
etc/api/cloudidentity/v1beta1/cloudidentity-api.json
View File

@@ -550,68 +550,17 @@
}
}
},
"revision": "20200401",
"revision": "20200707",
"rootUrl": "https://cloudidentity.googleapis.com/",
"schemas": {
"AndroidAttributes": {
"description": "Resource representing the Android specific attributes of a Device.",
"id": "AndroidAttributes",
"properties": {
"basebandVersion": {
"description": "Baseband version of Android device.",
"type": "string"
},
"bootloaderVersion": {
"description": "Device bootloader version. Example: 0.6.7.",
"type": "string"
},
"buildNumber": {
"description": "Build number of Android device.",
"type": "string"
},
"enabledDeveloperOptions": {
"description": "Whether developer options is enabled on device.",
"type": "boolean"
},
"enabledUnknownSources": {
"description": "Whether applications from unknown sources can be installed on device.",
"type": "boolean"
},
"enabledUsbDebugging": {
"description": "Whether adb (USB debugging) is enabled on device.",
"type": "boolean"
},
"encryptionState": {
"description": "Device encryption state.",
"enum": [
"ENCRYPTION_STATE_UNSPECIFIED",
"UNSUPPORTED_BY_DEVICE",
"ENCRYPTED",
"NOT_ENCRYPTED"
],
"enumDescriptions": [
"Encryption Status is not set.",
"Device doesn't support encryption.",
"Device is encrypted.",
"Device is not encrypted."
],
"type": "string"
},
"hardware": {
"description": "Device hardware. Example: Sprout.",
"type": "string"
},
"kernelVersion": {
"description": "Kernel version of Android device.",
"type": "string"
},
"otherAccounts": {
"description": "Domain name for Google accounts on device. Type for other accounts on\ndevice. Will only be populated if |ownership_privilege| is\n|PROFILE_OWNER| or |DEVICE_OWNER|. Does not include the account signed in\nto the device policy app if that account's domain has only one account.\nExamples: \"com.example\", \"xyz.com\".",
"items": {
"type": "string"
},
"type": "array"
},
"ownerProfileAccount": {
"description": "Whether this account is on an owner/primary profile.\nFor phones, only true for owner profiles. Android 4+ devices\ncan have secondary or restricted user profiles.",
"type": "boolean"
@@ -632,11 +581,6 @@
],
"type": "string"
},
"securityPatchTime": {
"description": "OS security patch update time on device.",
"format": "google-datetime",
"type": "string"
},
"supportsWorkProfile": {
"description": "Whether device supports Android work profiles. If false, this service\nwill not block access to corp data even if an administrator turns on the\n\"Enforce Work Profile\" policy.",
"type": "boolean"
@@ -688,6 +632,135 @@
},
"type": "object"
},
"ClientState": {
"description": "Resource representing ClientState and supports updates from API users",
"id": "ClientState",
"properties": {
"assetTags": {
"description": "The caller can specify asset tags for this resource",
"items": {
"type": "string"
},
"type": "array"
},
"complianceState": {
"description": "The compliance state of the resource as specified by the API client.",
"enum": [
"COMPLIANCE_STATE_UNSPECIFIED",
"COMPLIANT",
"NON_COMPLIANT"
],
"enumDescriptions": [
"The compliance state of the resource is unknown or unspecified.",
"Device is compliant with third party policies",
"Device is not compliant with third party policies"
],
"type": "string"
},
"createTime": {
"description": "Output only. The time the client state data was created.",
"format": "google-datetime",
"type": "string"
},
"customId": {
"description": "This field may be used to store a unique identifier for the API resource\nwithin which these CustomAttributes are a field.",
"type": "string"
},
"etag": {
"description": "The token that needs to be passed back for\nconcurrency control in updates. Token needs to be passed back\nin UpdateRequest",
"type": "string"
},
"healthScore": {
"description": "The Health score of the resource",
"enum": [
"HEALTH_SCORE_UNSPECIFIED",
"VERY_POOR",
"POOR",
"NEUTRAL",
"GOOD",
"VERY_GOOD"
],
"enumDescriptions": [
"Default value",
"The object is in very poor health as defined by the caller.",
"The object is in poor health as defined by the caller.",
"The object health is neither good nor poor, as defined by the caller.",
"The object is in good health as defined by the caller.",
"The object is in very good health as defined by the caller."
],
"type": "string"
},
"keyValuePairs": {
"additionalProperties": {
"$ref": "CustomAttributeValue"
},
"description": "The map of key-value attributes stored by callers specific to a\ndevice. The total serialized length of this map may not exceed 10KB. No\nlimit is placed on the number of attributes in a map.",
"type": "object"
},
"lastUpdateTime": {
"description": "Output only. The time the client state data was last updated.",
"format": "google-datetime",
"type": "string"
},
"managed": {
"description": "The management state of the resource as specified by the API client.",
"enum": [
"MANAGED_STATE_UNSPECIFIED",
"MANAGED",
"UNMANAGED"
],
"enumDescriptions": [
"The management state of the resource is unknown or unspecified.",
"The resource is managed.",
"The resource is not managed."
],
"type": "string"
},
"name": {
"description": "Output only. [Resource name](https://cloud.google.com/apis/design/resource_names) of\nthe ClientState in format:\n`devices/{device_id}/deviceUsers/{device_user_id}/clientState/{partner_id}`,\nwhere partner_id corresponds to the partner storing the data.",
"type": "string"
},
"ownerType": {
"description": "Output only. The owner of the ClientState",
"enum": [
"OWNER_TYPE_UNSPECIFIED",
"OWNER_TYPE_CUSTOMER",
"OWNER_TYPE_PARTNER"
],
"enumDescriptions": [
"Unknown owner type",
"Customer is the owner",
"Partner is the owner"
],
"type": "string"
},
"scoreReason": {
"description": "A descriptive cause of the health score.",
"type": "string"
}
},
"type": "object"
},
"CustomAttributeValue": {
"description": "Additional custom attribute values may be one of these types",
"id": "CustomAttributeValue",
"properties": {
"boolValue": {
"description": "Represents a boolean value.",
"type": "boolean"
},
"numberValue": {
"description": "Represents a double value.",
"format": "double",
"type": "number"
},
"stringValue": {
"description": "Represents a string value.",
"type": "string"
}
},
"type": "object"
},
"Device": {
"description": "Represents a Device known to Google Cloud, independent of the device\nownership, type, and whether it is assigned or in use by a user.",
"id": "Device",
@@ -700,10 +773,22 @@
"description": "Asset tag of the device.",
"type": "string"
},
"basebandVersion": {
"description": "Output only. Baseband version of the device.",
"type": "string"
},
"bootloaderVersion": {
"description": "Output only. Device bootloader version. Example: 0.6.7.",
"type": "string"
},
"brand": {
"description": "Output only. Device brand. Example: Samsung.",
"type": "string"
},
"buildNumber": {
"description": "Output only. Build number of the device.",
"type": "string"
},
"compromisedState": {
"description": "Output only. Represents whether the Device is compromised.",
"enum": [
@@ -747,10 +832,38 @@
],
"type": "string"
},
"enabledDeveloperOptions": {
"description": "Output only. Whether developer options is enabled on device.",
"type": "boolean"
},
"enabledUsbDebugging": {
"description": "Output only. Whether USB debugging is enabled on device.",
"type": "boolean"
},
"encryptionState": {
"description": "Output only. Device encryption state.",
"enum": [
"ENCRYPTION_STATE_UNSPECIFIED",
"UNSUPPORTED_BY_DEVICE",
"ENCRYPTED",
"NOT_ENCRYPTED"
],
"enumDescriptions": [
"Encryption Status is not set.",
"Device doesn't support encryption.",
"Device is encrypted.",
"Device is not encrypted."
],
"type": "string"
},
"imei": {
"description": "Output only. IMEI number of device if GSM device; empty otherwise.",
"type": "string"
},
"kernelVersion": {
"description": "Output only. Kernel version of the device.",
"type": "string"
},
"lastSyncTime": {
"description": "Most recent time when device synced with this service.",
"format": "google-datetime",
@@ -802,8 +915,15 @@
"description": "Output only. OS version of the device. Example: Android 8.1.0.",
"type": "string"
},
"otherAccounts": {
"description": "Output only. Domain name for Google accounts on device. Type for other accounts on\ndevice. On Android, will only be populated if |ownership_privilege| is\n|PROFILE_OWNER| or |DEVICE_OWNER|. Does not include the account signed in\nto the device policy app if that account's domain has only one account.\nExamples: \"com.example\", \"xyz.com\".",
"items": {
"type": "string"
},
"type": "array"
},
"ownerType": {
"description": "Whether the device is owned by the company or an individual",
"description": "Output only. Whether the device is owned by the company or an individual",
"enum": [
"DEVICE_OWNERSHIP_UNSPECIFIED",
"COMPANY",
@@ -820,6 +940,11 @@
"description": "Output only. OS release version. Example: 6.0.",
"type": "string"
},
"securityPatchTime": {
"description": "Output only. OS security patch update time on device.",
"format": "google-datetime",
"type": "string"
},
"serialNumber": {
"description": "Serial Number of device. Example: HT82V1A01076.",
"type": "string"
@@ -852,6 +977,11 @@
],
"type": "string"
},
"createTime": {
"description": "When the user first signed in to the device",
"format": "google-datetime",
"type": "string"
},
"firstSyncTime": {
"description": "Output only. Most recent time when user registered with this service.",
"format": "google-datetime",
@@ -1039,6 +1169,24 @@
},
"type": "object"
},
"ListClientStatesResponse": {
"description": "Response message that is returned in LRO result of ListClientStates\nOperation.",
"id": "ListClientStatesResponse",
"properties": {
"clientStates": {
"description": "Client states meeting the list restrictions.",
"items": {
"$ref": "ClientState"
},
"type": "array"
},
"nextPageToken": {
"description": "Token to retrieve the next page of results. Empty if there are no more\nresults.",
"type": "string"
}
},
"type": "object"
},
"ListDeviceUsersResponse": {
"description": "Response message that is returned in LRO result of ListDeviceUsers Operation.",
"id": "ListDeviceUsersResponse",
@@ -1201,6 +1349,24 @@
},
"type": "array"
},
"type": {
"description": "Output only. The type of the membership.",
"enum": [
"TYPE_UNSPECIFIED",
"USER",
"SERVICE_ACCOUNT",
"GROUP",
"OTHER"
],
"enumDescriptions": [
"Default. Should not be used.",
"Represents user type.",
"Represents service account type.",
"Represents group type.",
"Represents other type."
],
"type": "string"
},
"updateTime": {
"description": "Output only. The time when the `Membership` was last updated.",
"format": "google-datetime",

12
etc/api/cloudiot/v1/cloudiot-api.json
View File

@@ -928,7 +928,7 @@
}
}
},
"revision": "20200331",
"revision": "20200519",
"rootUrl": "https://cloudiot.googleapis.com/",
"schemas": {
"BindDeviceToGatewayRequest": {
@@ -958,7 +958,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -1291,7 +1291,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -1301,7 +1301,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1432,7 +1432,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"bindings": {
@@ -1448,7 +1448,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}

115
etc/api/cloudkms/v1/cloudkms-api.json
View File

@@ -254,7 +254,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -324,7 +324,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}:setIamPolicy",
"httpMethod": "POST",
"id": "cloudkms.projects.locations.keyRings.setIamPolicy",
@@ -353,7 +353,7 @@
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a `NOT_FOUND` error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}:testIamPermissions",
"httpMethod": "POST",
"id": "cloudkms.projects.locations.keyRings.testIamPermissions",
@@ -518,7 +518,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -632,7 +632,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:setIamPolicy",
"httpMethod": "POST",
"id": "cloudkms.projects.locations.keyRings.cryptoKeys.setIamPolicy",
@@ -661,7 +661,7 @@
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a `NOT_FOUND` error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/cryptoKeys/{cryptoKeysId}:testIamPermissions",
"httpMethod": "POST",
"id": "cloudkms.projects.locations.keyRings.cryptoKeys.testIamPermissions",
@@ -1115,7 +1115,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -1185,7 +1185,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/importJobs/{importJobsId}:setIamPolicy",
"httpMethod": "POST",
"id": "cloudkms.projects.locations.keyRings.importJobs.setIamPolicy",
@@ -1214,7 +1214,7 @@
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a `NOT_FOUND` error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/keyRings/{keyRingsId}/importJobs/{importJobsId}:testIamPermissions",
"httpMethod": "POST",
"id": "cloudkms.projects.locations.keyRings.importJobs.testIamPermissions",
@@ -1251,7 +1251,7 @@
}
}
},
"revision": "20200313",
"revision": "20200623",
"rootUrl": "https://cloudkms.googleapis.com/",
"schemas": {
"AsymmetricDecryptRequest": {
@@ -1262,6 +1262,11 @@
"description": "Required. The data encrypted with the named CryptoKeyVersion's public\nkey using OAEP.",
"format": "byte",
"type": "string"
},
"ciphertextCrc32c": {
"description": "Optional. An optional CRC32C checksum of the AsymmetricDecryptRequest.ciphertext.\nIf specified, KeyManagementService will verify the integrity of the\nreceived AsymmetricDecryptRequest.ciphertext using this checksum.\nKeyManagementService will report an error if the checksum verification\nfails. If you receive a checksum error, your client should verify that\nCRC32C(AsymmetricDecryptRequest.ciphertext) is equal to\nAsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform a\nlimited number of retries. A persistent mismatch may indicate an issue in\nyour computation of the CRC32C checksum.\nNote: This field is defined as int64 for reasons of compatibility across\ndifferent languages. However, it is a non-negative integer, which will\nnever exceed 2^32-1, and can be safely downconverted to uint32 in languages\nthat support this type.\n\nNOTE: This field is in Beta.",
"format": "int64",
"type": "string"
}
},
"type": "object"
@@ -1274,6 +1279,15 @@
"description": "The decrypted data originally encrypted with the matching public key.",
"format": "byte",
"type": "string"
},
"plaintextCrc32c": {
"description": "Integrity verification field. A CRC32C checksum of the returned\nAsymmetricDecryptResponse.plaintext. An integrity check of\nAsymmetricDecryptResponse.plaintext can be performed by computing the\nCRC32C checksum of AsymmetricDecryptResponse.plaintext and comparing\nyour results to this field. Discard the response in case of non-matching\nchecksum values, and perform a limited number of retries. A persistent\nmismatch may indicate an issue in your computation of the CRC32C checksum.\nNote: This field is defined as int64 for reasons of compatibility across\ndifferent languages. However, it is a non-negative integer, which will\nnever exceed 2^32-1, and can be safely downconverted to uint32 in languages\nthat support this type.\n\nNOTE: This field is in Beta.",
"format": "int64",
"type": "string"
},
"verifiedCiphertextCrc32c": {
"description": "Integrity verification field. A flag indicating whether\nAsymmetricDecryptRequest.ciphertext_crc32c was received by\nKeyManagementService and used for the integrity verification of the\nciphertext. A false value of this\nfield indicates either that AsymmetricDecryptRequest.ciphertext_crc32c\nwas left unset or that it was not delivered to KeyManagementService. If\nyou've set AsymmetricDecryptRequest.ciphertext_crc32c but this field is\nstill false, discard the response and perform a limited number of retries.\n\nNOTE: This field is in Beta.",
"type": "boolean"
}
},
"type": "object"
@@ -1285,6 +1299,11 @@
"digest": {
"$ref": "Digest",
"description": "Required. The digest of the data to sign. The digest must be produced with\nthe same digest algorithm as specified by the key version's\nalgorithm."
},
"digestCrc32c": {
"description": "Optional. An optional CRC32C checksum of the AsymmetricSignRequest.digest. If\nspecified, KeyManagementService will verify the integrity of the\nreceived AsymmetricSignRequest.digest using this checksum.\nKeyManagementService will report an error if the checksum verification\nfails. If you receive a checksum error, your client should verify that\nCRC32C(AsymmetricSignRequest.digest) is equal to\nAsymmetricSignRequest.digest_crc32c, and if so, perform a limited\nnumber of retries. A persistent mismatch may indicate an issue in your\ncomputation of the CRC32C checksum.\nNote: This field is defined as int64 for reasons of compatibility across\ndifferent languages. However, it is a non-negative integer, which will\nnever exceed 2^32-1, and can be safely downconverted to uint32 in languages\nthat support this type.\n\nNOTE: This field is in Beta.",
"format": "int64",
"type": "string"
}
},
"type": "object"
@@ -1293,16 +1312,29 @@
"description": "Response message for KeyManagementService.AsymmetricSign.",
"id": "AsymmetricSignResponse",
"properties": {
"name": {
"description": "The resource name of the CryptoKeyVersion used for signing. Check\nthis field to verify that the intended resource was used for signing.\n\nNOTE: This field is in Beta.",
"type": "string"
},
"signature": {
"description": "The created signature.",
"format": "byte",
"type": "string"
},
"signatureCrc32c": {
"description": "Integrity verification field. A CRC32C checksum of the returned\nAsymmetricSignResponse.signature. An integrity check of\nAsymmetricSignResponse.signature can be performed by computing the\nCRC32C checksum of AsymmetricSignResponse.signature and comparing your\nresults to this field. Discard the response in case of non-matching\nchecksum values, and perform a limited number of retries. A persistent\nmismatch may indicate an issue in your computation of the CRC32C checksum.\nNote: This field is defined as int64 for reasons of compatibility across\ndifferent languages. However, it is a non-negative integer, which will\nnever exceed 2^32-1, and can be safely downconverted to uint32 in languages\nthat support this type.\n\nNOTE: This field is in Beta.",
"format": "int64",
"type": "string"
},
"verifiedDigestCrc32c": {
"description": "Integrity verification field. A flag indicating whether\nAsymmetricSignRequest.digest_crc32c was received by\nKeyManagementService and used for the integrity verification of the\ndigest. A false value of this field\nindicates either that AsymmetricSignRequest.digest_crc32c was left\nunset or that it was not delivered to KeyManagementService. If you've\nset AsymmetricSignRequest.digest_crc32c but this field is still false,\ndiscard the response and perform a limited number of retries.\n\nNOTE: This field is in Beta.",
"type": "boolean"
}
},
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -1320,7 +1352,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -1355,7 +1387,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -1372,7 +1404,7 @@
"type": "object"
},
"CryptoKey": {
"description": "A CryptoKey represents a logical key that can be used for cryptographic\noperations.\n\nA CryptoKey is made up of one or more versions, which\nrepresent the actual key material used in cryptographic operations.",
"description": "A CryptoKey represents a logical key that can be used for cryptographic\noperations.\n\nA CryptoKey is made up of zero or more versions,\nwhich represent the actual key material used in cryptographic operations.",
"id": "CryptoKey",
"properties": {
"createTime": {
@@ -1384,7 +1416,7 @@
"additionalProperties": {
"type": "string"
},
"description": "Labels with user-defined metadata. For more information, see\n[Labeling Keys](/kms/docs/labeling-keys).",
"description": "Labels with user-defined metadata. For more information, see\n[Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).",
"type": "object"
},
"name": {
@@ -1636,10 +1668,20 @@
"format": "byte",
"type": "string"
},
"additionalAuthenticatedDataCrc32c": {
"description": "Optional. An optional CRC32C checksum of the\nDecryptRequest.additional_authenticated_data. If specified,\nKeyManagementService will verify the integrity of the received\nDecryptRequest.additional_authenticated_data using this checksum.\nKeyManagementService will report an error if the checksum verification\nfails. If you receive a checksum error, your client should verify that\nCRC32C(DecryptRequest.additional_authenticated_data) is equal to\nDecryptRequest.additional_authenticated_data_crc32c, and if so, perform\na limited number of retries. A persistent mismatch may indicate an issue in\nyour computation of the CRC32C checksum.\nNote: This field is defined as int64 for reasons of compatibility across\ndifferent languages. However, it is a non-negative integer, which will\nnever exceed 2^32-1, and can be safely downconverted to uint32 in languages\nthat support this type.\n\nNOTE: This field is in Beta.",
"format": "int64",
"type": "string"
},
"ciphertext": {
"description": "Required. The encrypted data originally returned in\nEncryptResponse.ciphertext.",
"format": "byte",
"type": "string"
},
"ciphertextCrc32c": {
"description": "Optional. An optional CRC32C checksum of the DecryptRequest.ciphertext. If\nspecified, KeyManagementService will verify the integrity of the\nreceived DecryptRequest.ciphertext using this checksum.\nKeyManagementService will report an error if the checksum verification\nfails. If you receive a checksum error, your client should verify that\nCRC32C(DecryptRequest.ciphertext) is equal to\nDecryptRequest.ciphertext_crc32c, and if so, perform a limited number\nof retries. A persistent mismatch may indicate an issue in your computation\nof the CRC32C checksum.\nNote: This field is defined as int64 for reasons of compatibility across\ndifferent languages. However, it is a non-negative integer, which will\nnever exceed 2^32-1, and can be safely downconverted to uint32 in languages\nthat support this type.\n\nNOTE: This field is in Beta.",
"format": "int64",
"type": "string"
}
},
"type": "object"
@@ -1652,6 +1694,11 @@
"description": "The decrypted data originally supplied in EncryptRequest.plaintext.",
"format": "byte",
"type": "string"
},
"plaintextCrc32c": {
"description": "Integrity verification field. A CRC32C checksum of the returned\nDecryptResponse.plaintext. An integrity check of\nDecryptResponse.plaintext can be performed by computing the CRC32C\nchecksum of DecryptResponse.plaintext and comparing your results to\nthis field. Discard the response in case of non-matching checksum values,\nand perform a limited number of retries. A persistent mismatch may indicate\nan issue in your computation of the CRC32C checksum. Note: receiving this\nresponse message indicates that KeyManagementService is able to\nsuccessfully decrypt the ciphertext.\nNote: This field is defined as int64 for reasons of compatibility across\ndifferent languages. However, it is a non-negative integer, which will\nnever exceed 2^32-1, and can be safely downconverted to uint32 in languages\nthat support this type.\n\nNOTE: This field is in Beta.",
"format": "int64",
"type": "string"
}
},
"type": "object"
@@ -1693,10 +1740,20 @@
"format": "byte",
"type": "string"
},
"additionalAuthenticatedDataCrc32c": {
"description": "Optional. An optional CRC32C checksum of the\nEncryptRequest.additional_authenticated_data. If specified,\nKeyManagementService will verify the integrity of the received\nEncryptRequest.additional_authenticated_data using this checksum.\nKeyManagementService will report an error if the checksum verification\nfails. If you receive a checksum error, your client should verify that\nCRC32C(EncryptRequest.additional_authenticated_data) is equal to\nEncryptRequest.additional_authenticated_data_crc32c, and if so, perform\na limited number of retries. A persistent mismatch may indicate an issue in\nyour computation of the CRC32C checksum.\nNote: This field is defined as int64 for reasons of compatibility across\ndifferent languages. However, it is a non-negative integer, which will\nnever exceed 2^32-1, and can be safely downconverted to uint32 in languages\nthat support this type.\n\nNOTE: This field is in Beta.",
"format": "int64",
"type": "string"
},
"plaintext": {
"description": "Required. The data to encrypt. Must be no larger than 64KiB.\n\nThe maximum size depends on the key version's\nprotection_level. For\nSOFTWARE keys, the plaintext must be no larger\nthan 64KiB. For HSM keys, the combined length of the\nplaintext and additional_authenticated_data fields must be no larger than\n8KiB.",
"format": "byte",
"type": "string"
},
"plaintextCrc32c": {
"description": "Optional. An optional CRC32C checksum of the EncryptRequest.plaintext. If\nspecified, KeyManagementService will verify the integrity of the\nreceived EncryptRequest.plaintext using this checksum.\nKeyManagementService will report an error if the checksum verification\nfails. If you receive a checksum error, your client should verify that\nCRC32C(EncryptRequest.plaintext) is equal to\nEncryptRequest.plaintext_crc32c, and if so, perform a limited number of\nretries. A persistent mismatch may indicate an issue in your computation of\nthe CRC32C checksum.\nNote: This field is defined as int64 for reasons of compatibility across\ndifferent languages. However, it is a non-negative integer, which will\nnever exceed 2^32-1, and can be safely downconverted to uint32 in languages\nthat support this type.\n\nNOTE: This field is in Beta.",
"format": "int64",
"type": "string"
}
},
"type": "object"
@@ -1710,9 +1767,22 @@
"format": "byte",
"type": "string"
},
"ciphertextCrc32c": {
"description": "Integrity verification field. A CRC32C checksum of the returned\nEncryptResponse.ciphertext. An integrity check of\nEncryptResponse.ciphertext can be performed by computing the CRC32C\nchecksum of EncryptResponse.ciphertext and comparing your results to\nthis field. Discard the response in case of non-matching checksum values,\nand perform a limited number of retries. A persistent mismatch may indicate\nan issue in your computation of the CRC32C checksum.\nNote: This field is defined as int64 for reasons of compatibility across\ndifferent languages. However, it is a non-negative integer, which will\nnever exceed 2^32-1, and can be safely downconverted to uint32 in languages\nthat support this type.\n\nNOTE: This field is in Beta.",
"format": "int64",
"type": "string"
},
"name": {
"description": "The resource name of the CryptoKeyVersion used in encryption. Check\nthis field to verify that the intended resource was used for encryption.",
"type": "string"
},
"verifiedAdditionalAuthenticatedDataCrc32c": {
"description": "Integrity verification field. A flag indicating whether\nEncryptRequest.additional_authenticated_data_crc32c was received by\nKeyManagementService and used for the integrity verification of the\nAAD. A false value of this\nfield indicates either that\nEncryptRequest.additional_authenticated_data_crc32c was left unset or\nthat it was not delivered to KeyManagementService. If you've set\nEncryptRequest.additional_authenticated_data_crc32c but this field is\nstill false, discard the response and perform a limited number of retries.\n\nNOTE: This field is in Beta.",
"type": "boolean"
},
"verifiedPlaintextCrc32c": {
"description": "Integrity verification field. A flag indicating whether\nEncryptRequest.plaintext_crc32c was received by\nKeyManagementService and used for the integrity verification of the\nplaintext. A false value of this field\nindicates either that EncryptRequest.plaintext_crc32c was left unset or\nthat it was not delivered to KeyManagementService. If you've set\nEncryptRequest.plaintext_crc32c but this field is still false, discard\nthe response and perform a limited number of retries.\n\nNOTE: This field is in Beta.",
"type": "boolean"
}
},
"type": "object"
@@ -2096,7 +2166,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -2119,7 +2189,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -2172,9 +2242,18 @@
],
"type": "string"
},
"name": {
"description": "The name of the CryptoKeyVersion public key.\nProvided here for verification.\n\nNOTE: This field is in Beta.",
"type": "string"
},
"pem": {
"description": "The public key, encoded in PEM format. For more information, see the\n[RFC 7468](https://tools.ietf.org/html/rfc7468) sections for\n[General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and\n[Textual Encoding of Subject Public Key Info]\n(https://tools.ietf.org/html/rfc7468#section-13).",
"type": "string"
},
"pemCrc32c": {
"description": "Integrity verification field. A CRC32C checksum of the returned\nPublicKey.pem. An integrity check of PublicKey.pem can be performed\nby computing the CRC32C checksum of PublicKey.pem and\ncomparing your results to this field. Discard the response in case of\nnon-matching checksum values, and perform a limited number of retries. A\npersistent mismatch may indicate an issue in your computation of the CRC32C\nchecksum.\nNote: This field is defined as int64 for reasons of compatibility across\ndifferent languages. However, it is a non-negative integer, which will\nnever exceed 2^32-1, and can be safely downconverted to uint32 in languages\nthat support this type.\n\nNOTE: This field is in Beta.",
"format": "int64",
"type": "string"
}
},
"type": "object"
@@ -2194,7 +2273,7 @@
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}

2
etc/api/cloudprofiler/v2/cloudprofiler-api.json
View File

@@ -216,7 +216,7 @@
}
}
},
"revision": "20200405",
"revision": "20200704",
"rootUrl": "https://cloudprofiler.googleapis.com/",
"schemas": {
"CreateProfileRequest": {

44
etc/api/cloudresourcemanager/v1/cloudresourcemanager-api.json
View File

@@ -884,7 +884,7 @@
]
},
"getIamPolicy": {
"description": "Returns the IAM access control policy for the specified Project.\nPermission is denied if the policy or the resource does not exist.\n\nAuthorization requires the Google IAM permission\n`resourcemanager.projects.getIamPolicy` on the project.\n\nFor additional information about resource structure and identification,\nsee [Resource Names](/apis/design/resource_names).",
"description": "Returns the IAM access control policy for the specified Project.\nPermission is denied if the policy or the resource does not exist.\n\nAuthorization requires the Google IAM permission\n`resourcemanager.projects.getIamPolicy` on the project.\n\nFor additional information about `resource` (e.g. my-project-id) structure\nand identification, see [Resource Names](/apis/design/resource_names).",
"flatPath": "v1/projects/{resource}:getIamPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.getIamPolicy",
@@ -948,7 +948,7 @@
"parameterOrder": [],
"parameters": {
"filter": {
"description": "An expression for filtering the results of the request. Filter rules are\ncase insensitive. The fields eligible for filtering are:\n\n+ `name`\n+ `id`\n+ `labels.<key>` (where *key* is the name of a label)\n+ `parent.type`\n+ `parent.id`\n\nSome examples of using labels as filters:\n\n| Filter | Description |\n|------------------|-----------------------------------------------------|\n| name:how* | The project's name starts with \"how\". |\n| name:Howl | The project's name is `Howl` or `howl`. |\n| name:HOWL | Equivalent to above. |\n| NAME:howl | Equivalent to above. |\n| labels.color:* | The project has the label `color`. |\n| labels.color:red | The project's label `color` has the value `red`. |\n| labels.color:red&nbsp;labels.size:big |The project's label `color` has\n the value `red` and its label `size` has the value `big`. |\n\nIf no filter is specified, the call will return projects for which the user\nhas the `resourcemanager.projects.get` permission.\n\nNOTE: To perform a by-parent query (eg., what projects are directly in a\nFolder), the caller must have the `resourcemanager.projects.list`\npermission on the parent and the filter must contain both a `parent.type`\nand a `parent.id` restriction\n(example: \"parent.type:folder parent.id:123\"). In this case an alternate\nsearch index is used which provides more consistent results.\n\nOptional.",
"description": "An expression for filtering the results of the request. Filter rules are\ncase insensitive. Some eligible fields for filtering are:\n\n+ `name`\n+ `id`\n+ `labels.<key>` (where *key* is the name of a label)\n+ `parent.type`\n+ `parent.id`\n+ `lifecycleState`\n\nSome examples of filter strings:\n\n| Filter | Description |\n|------------------|-----------------------------------------------------|\n| name:how* | The project's name starts with \"how\". |\n| name:Howl | The project's name is `Howl` or `howl`. |\n| name:HOWL | Equivalent to above. |\n| NAME:howl | Equivalent to above. |\n| labels.color:* | The project has the label `color`. |\n| labels.color:red | The project's label `color` has the value `red`. |\n| labels.color:red&nbsp;labels.size:big | The project's label `color` |\n: : has the value `red` and its :\n: : label`size` has the value :\n: : `big`. :\n| lifecycleState:DELETE_REQUESTED | Only show projects that are |\n: : pending deletion. :\n\nIf no filter is specified, the call will return projects for which the user\nhas the `resourcemanager.projects.get` permission.\n\nNOTE: To perform a by-parent query (eg., what projects are directly in a\nFolder), the caller must have the `resourcemanager.projects.list`\npermission on the parent and the filter must contain both a `parent.type`\nand a `parent.id` restriction\n(example: \"parent.type:folder parent.id:123\"). In this case an alternate\nsearch index is used which provides more consistent results.\n\nOptional.",
"location": "query",
"type": "string"
},
@@ -1032,7 +1032,7 @@
]
},
"setIamPolicy": {
"description": "Sets the IAM access control policy for the specified Project. Overwrites\nany existing policy.\n\nThe following constraints apply when using `setIamPolicy()`:\n\n+ Project does not support `allUsers` and `allAuthenticatedUsers` as\n`members` in a `Binding` of a `Policy`.\n\n+ The owner role can be granted to a `user`, `serviceAccount`, or a group\nthat is part of an organization. For example,\ngroup@myownpersonaldomain.com could be added as an owner to a project in\nthe myownpersonaldomain.com organization, but not the examplepetstore.com\norganization.\n\n+ Service accounts can be made owners of a project directly\nwithout any restrictions. However, to be added as an owner, a user must be\ninvited via Cloud Platform console and must accept the invitation.\n\n+ A user cannot be granted the owner role using `setIamPolicy()`. The user\nmust be granted the owner role using the Cloud Platform Console and must\nexplicitly accept the invitation.\n\n+ You can only grant ownership of a project to a member by using the\nGCP Console. Inviting a member will deliver an invitation email that\nthey must accept. An invitation email is not generated if you are\ngranting a role other than owner, or if both the member you are inviting\nand the project are part of your organization.\n\n+ Membership changes that leave the project without any owners that have\naccepted the Terms of Service (ToS) will be rejected.\n\n+ If the project is not part of an organization, there must be at least\none owner who has accepted the Terms of Service (ToS) agreement in the\npolicy. Calling `setIamPolicy()` to remove the last ToS-accepted owner\nfrom the policy will fail. This restriction also applies to legacy\nprojects that no longer have owners who have accepted the ToS. Edits to\nIAM policies will be rejected until the lack of a ToS-accepting owner is\nrectified.\n\n+ This method will replace the existing policy, and cannot be used to\nappend additional IAM settings.\n\nNote: Removing service accounts from policies or changing their roles\ncan render services completely inoperable. It is important to understand\nhow the service account is being used before removing or updating its\nroles.\n\nAuthorization requires the Google IAM permission\n`resourcemanager.projects.setIamPolicy` on the project",
"description": "Sets the IAM access control policy for the specified Project.\n\nCAUTION: This method will replace the existing policy, and cannot be used\nto append additional IAM settings.\n\nNOTE: Removing service accounts from policies or changing their roles can\nrender services completely inoperable. It is important to understand how\nthe service account is being used before removing or updating its roles.\n\nFor additional information about `resource` (e.g. my-project-id) structure\nand identification, see [Resource Names](/apis/design/resource_names).\n\nThe following constraints apply when using `setIamPolicy()`:\n\n+ Project does not support `allUsers` and `allAuthenticatedUsers` as\n`members` in a `Binding` of a `Policy`.\n\n+ The owner role can be granted to a `user`, `serviceAccount`, or a group\nthat is part of an organization. For example,\ngroup@myownpersonaldomain.com could be added as an owner to a project in\nthe myownpersonaldomain.com organization, but not the examplepetstore.com\norganization.\n\n+ Service accounts can be made owners of a project directly\nwithout any restrictions. However, to be added as an owner, a user must be\ninvited via Cloud Platform console and must accept the invitation.\n\n+ A user cannot be granted the owner role using `setIamPolicy()`. The user\nmust be granted the owner role using the Cloud Platform Console and must\nexplicitly accept the invitation.\n\n+ You can only grant ownership of a project to a member by using the\nGCP Console. Inviting a member will deliver an invitation email that\nthey must accept. An invitation email is not generated if you are\ngranting a role other than owner, or if both the member you are inviting\nand the project are part of your organization.\n\n+ Membership changes that leave the project without any owners that have\naccepted the Terms of Service (ToS) will be rejected.\n\n+ If the project is not part of an organization, there must be at least\none owner who has accepted the Terms of Service (ToS) agreement in the\npolicy. Calling `setIamPolicy()` to remove the last ToS-accepted owner\nfrom the policy will fail. This restriction also applies to legacy\nprojects that no longer have owners who have accepted the ToS. Edits to\nIAM policies will be rejected until the lack of a ToS-accepting owner is\nrectified.\n\nAuthorization requires the Google IAM permission\n`resourcemanager.projects.setIamPolicy` on the project",
"flatPath": "v1/projects/{resource}:setIamPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.setIamPolicy",
@@ -1087,7 +1087,7 @@
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified Project.\n\nThere are no permissions required for making this API call.",
"description": "Returns permissions that a caller has on the specified Project.\n\nFor additional information about `resource` (e.g. my-project-id) structure\nand identification, see [Resource Names](/apis/design/resource_names).\n\nThere are no permissions required for making this API call.",
"flatPath": "v1/projects/{resource}:testIamPermissions",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.testIamPermissions",
@@ -1171,7 +1171,7 @@
}
}
},
"revision": "20200408",
"revision": "20200629",
"rootUrl": "https://cloudresourcemanager.googleapis.com/",
"schemas": {
"Ancestor": {
@@ -1186,7 +1186,7 @@
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -1204,7 +1204,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -1239,7 +1239,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -1289,7 +1289,7 @@
"type": "object"
},
"Constraint": {
"description": "A `Constraint` describes a way in which a resource's configuration can be\nrestricted. For example, it controls which cloud services can be activated\nacross an organization, or whether a Compute Engine instance can have\nserial port connections established. `Constraints` can be configured by the\norganization's policy adminstrator to fit the needs of the organzation by\nsetting Policies for `Constraints` at different locations in the\norganization's resource hierarchy. Policies are inherited down the resource\nhierarchy from higher levels, but can also be overridden. For details about\nthe inheritance rules please read about\nPolicies.\n\n`Constraints` have a default behavior determined by the `constraint_default`\nfield, which is the enforcement behavior that is used in the absence of a\n`Policy` being defined or inherited for the resource in question.",
"description": "A `Constraint` describes a way in which a resource's configuration can be\nrestricted. For example, it controls which cloud services can be activated\nacross an organization, or whether a Compute Engine instance can have\nserial port connections established. `Constraints` can be configured by the\norganization's policy administrator to fit the needs of the organzation by\nsetting Policies for `Constraints` at different locations in the\norganization's resource hierarchy. Policies are inherited down the resource\nhierarchy from higher levels, but can also be overridden. For details about\nthe inheritance rules please read about\n[Policies](/resource-manager/reference/rest/v1/Policy).\n\n`Constraints` have a default behavior determined by the `constraint_default`\nfield, which is the enforcement behavior that is used in the absence of a\n`Policy` being defined or inherited for the resource in question.",
"id": "Constraint",
"properties": {
"booleanConstraint": {
@@ -1297,7 +1297,7 @@
"description": "Defines this constraint as being a BooleanConstraint."
},
"constraintDefault": {
"description": "The evaluation behavior of this constraint in the absense of 'Policy'.",
"description": "The evaluation behavior of this constraint in the absence of 'Policy'.",
"enum": [
"CONSTRAINT_DEFAULT_UNSPECIFIED",
"ALLOW",
@@ -1438,7 +1438,7 @@
"type": "object"
},
"GetAncestryResponse": {
"description": "Response from the GetAncestry method.",
"description": "Response from the\nprojects.getAncestry\nmethod.",
"id": "GetAncestryResponse",
"properties": {
"ancestor": {
@@ -1468,7 +1468,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -1489,7 +1489,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1532,7 +1532,7 @@
"type": "object"
},
"ListAvailableOrgPolicyConstraintsRequest": {
"description": "The request sent to the [ListAvailableOrgPolicyConstraints]\ngoogle.cloud.OrgPolicy.v1.ListAvailableOrgPolicyConstraints] method.",
"description": "The request sent to the `ListAvailableOrgPolicyConstraints` method on the\nproject, folder, or organization.",
"id": "ListAvailableOrgPolicyConstraintsRequest",
"properties": {
"pageSize": {
@@ -1548,7 +1548,7 @@
"type": "object"
},
"ListAvailableOrgPolicyConstraintsResponse": {
"description": "The response returned from the ListAvailableOrgPolicyConstraints method.\nReturns all `Constraints` that could be set at this level of the hierarchy\n(contrast with the response from `ListPolicies`, which returns all policies\nwhich are set).",
"description": "The response returned from the `ListAvailableOrgPolicyConstraints` method.\nReturns all `Constraints` that could be set at this level of the hierarchy\n(contrast with the response from `ListPolicies`, which returns all policies\nwhich are set).",
"id": "ListAvailableOrgPolicyConstraintsResponse",
"properties": {
"constraints": {
@@ -1615,7 +1615,7 @@
"type": "object"
},
"ListOrgPoliciesResponse": {
"description": "The response returned from the ListOrgPolicies method. It will be empty\nif no `Policies` are set on the resource.",
"description": "The response returned from the `ListOrgPolicies` method. It will be empty\nif no `Policies` are set on the resource.",
"id": "ListOrgPoliciesResponse",
"properties": {
"nextPageToken": {
@@ -1665,7 +1665,7 @@
"type": "array"
},
"inheritFromParent": {
"description": "Determines the inheritance behavior for this `Policy`.\n\nBy default, a `ListPolicy` set at a resource supercedes any `Policy` set\nanywhere up the resource hierarchy. However, if `inherit_from_parent` is\nset to `true`, then the values from the effective `Policy` of the parent\nresource are inherited, meaning the values set in this `Policy` are\nadded to the values inherited up the hierarchy.\n\nSetting `Policy` hierarchies that inherit both allowed values and denied\nvalues isn't recommended in most circumstances to keep the configuration\nsimple and understandable. However, it is possible to set a `Policy` with\n`allowed_values` set that inherits a `Policy` with `denied_values` set.\nIn this case, the values that are allowed must be in `allowed_values` and\nnot present in `denied_values`.\n\nFor example, suppose you have a `Constraint`\n`constraints/serviceuser.services`, which has a `constraint_type` of\n`list_constraint`, and with `constraint_default` set to `ALLOW`.\nSuppose that at the Organization level, a `Policy` is applied that\nrestricts the allowed API activations to {`E1`, `E2`}. Then, if a\n`Policy` is applied to a project below the Organization that has\n`inherit_from_parent` set to `false` and field all_values set to DENY,\nthen an attempt to activate any API will be denied.\n\nThe following examples demonstrate different possible layerings for\n`projects/bar` parented by `organizations/foo`:\n\nExample 1 (no inherited values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has `inherit_from_parent` `false` and values:\n {allowed_values: \"E3\" allowed_values: \"E4\"}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are `E3`, and `E4`.\n\nExample 2 (inherited values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has a `Policy` with values:\n {value: \"E3\" value: \"E4\" inherit_from_parent: true}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.\n\nExample 3 (inheriting both allowed and denied values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {denied_values: \"E1\"}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe value accepted at `projects/bar` is `E2`.\n\nExample 4 (RestoreDefault):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has a `Policy` with values:\n {RestoreDefault: {}}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are either all or none depending on\nthe value of `constraint_default` (if `ALLOW`, all; if\n`DENY`, none).\n\nExample 5 (no policy inherits parent policy):\n `organizations/foo` has no `Policy` set.\n `projects/bar` has no `Policy` set.\nThe accepted values at both levels are either all or none depending on\nthe value of `constraint_default` (if `ALLOW`, all; if\n`DENY`, none).\n\nExample 6 (ListConstraint allowing all):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {all: ALLOW}\nThe accepted values at `organizations/foo` are `E1`, E2`.\nAny value is accepted at `projects/bar`.\n\nExample 7 (ListConstraint allowing none):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {all: DENY}\nThe accepted values at `organizations/foo` are `E1`, E2`.\nNo value is accepted at `projects/bar`.\n\nExample 10 (allowed and denied subtrees of Resource Manager hierarchy):\nGiven the following resource hierarchy\n O1->{F1, F2}; F1->{P1}; F2->{P2, P3},\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"under:organizations/O1\"}\n `projects/bar` has a `Policy` with:\n {allowed_values: \"under:projects/P3\"}\n {denied_values: \"under:folders/F2\"}\nThe accepted values at `organizations/foo` are `organizations/O1`,\n `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,\n `projects/P3`.\nThe accepted values at `projects/bar` are `organizations/O1`,\n `folders/F1`, `projects/P1`.",
"description": "Determines the inheritance behavior for this `Policy`.\n\nBy default, a `ListPolicy` set at a resource supersedes any `Policy` set\nanywhere up the resource hierarchy. However, if `inherit_from_parent` is\nset to `true`, then the values from the effective `Policy` of the parent\nresource are inherited, meaning the values set in this `Policy` are\nadded to the values inherited up the hierarchy.\n\nSetting `Policy` hierarchies that inherit both allowed values and denied\nvalues isn't recommended in most circumstances to keep the configuration\nsimple and understandable. However, it is possible to set a `Policy` with\n`allowed_values` set that inherits a `Policy` with `denied_values` set.\nIn this case, the values that are allowed must be in `allowed_values` and\nnot present in `denied_values`.\n\nFor example, suppose you have a `Constraint`\n`constraints/serviceuser.services`, which has a `constraint_type` of\n`list_constraint`, and with `constraint_default` set to `ALLOW`.\nSuppose that at the Organization level, a `Policy` is applied that\nrestricts the allowed API activations to {`E1`, `E2`}. Then, if a\n`Policy` is applied to a project below the Organization that has\n`inherit_from_parent` set to `false` and field all_values set to DENY,\nthen an attempt to activate any API will be denied.\n\nThe following examples demonstrate different possible layerings for\n`projects/bar` parented by `organizations/foo`:\n\nExample 1 (no inherited values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has `inherit_from_parent` `false` and values:\n {allowed_values: \"E3\" allowed_values: \"E4\"}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are `E3`, and `E4`.\n\nExample 2 (inherited values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has a `Policy` with values:\n {value: \"E3\" value: \"E4\" inherit_from_parent: true}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`.\n\nExample 3 (inheriting both allowed and denied values):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {denied_values: \"E1\"}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe value accepted at `projects/bar` is `E2`.\n\nExample 4 (RestoreDefault):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values:\"E2\"}\n `projects/bar` has a `Policy` with values:\n {RestoreDefault: {}}\nThe accepted values at `organizations/foo` are `E1`, `E2`.\nThe accepted values at `projects/bar` are either all or none depending on\nthe value of `constraint_default` (if `ALLOW`, all; if\n`DENY`, none).\n\nExample 5 (no policy inherits parent policy):\n `organizations/foo` has no `Policy` set.\n `projects/bar` has no `Policy` set.\nThe accepted values at both levels are either all or none depending on\nthe value of `constraint_default` (if `ALLOW`, all; if\n`DENY`, none).\n\nExample 6 (ListConstraint allowing all):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {all: ALLOW}\nThe accepted values at `organizations/foo` are `E1`, E2`.\nAny value is accepted at `projects/bar`.\n\nExample 7 (ListConstraint allowing none):\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"E1\" allowed_values: \"E2\"}\n `projects/bar` has a `Policy` with:\n {all: DENY}\nThe accepted values at `organizations/foo` are `E1`, E2`.\nNo value is accepted at `projects/bar`.\n\nExample 10 (allowed and denied subtrees of Resource Manager hierarchy):\nGiven the following resource hierarchy\n O1->{F1, F2}; F1->{P1}; F2->{P2, P3},\n `organizations/foo` has a `Policy` with values:\n {allowed_values: \"under:organizations/O1\"}\n `projects/bar` has a `Policy` with:\n {allowed_values: \"under:projects/P3\"}\n {denied_values: \"under:folders/F2\"}\nThe accepted values at `organizations/foo` are `organizations/O1`,\n `folders/F1`, `folders/F2`, `projects/P1`, `projects/P2`,\n `projects/P3`.\nThe accepted values at `projects/bar` are `organizations/O1`,\n `folders/F1`, `projects/P1`.",
"type": "boolean"
},
"suggestedValue": {
@@ -1737,7 +1737,7 @@
"description": "For boolean `Constraints`, whether to enforce the `Constraint` or not."
},
"constraint": {
"description": "The name of the `Constraint` the `Policy` is configuring, for example,\n`constraints/serviceuser.services`.\n\nImmutable after creation.",
"description": "The name of the `Constraint` the `Policy` is configuring, for example,\n`constraints/serviceuser.services`.\n\nA [list of available\nconstraints](/resource-manager/docs/organization-policy/org-policy-constraints)\nis available.\n\nImmutable after creation.",
"type": "string"
},
"etag": {
@@ -1816,7 +1816,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -1839,7 +1839,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1859,7 +1859,7 @@
"additionalProperties": {
"type": "string"
},
"description": "The labels associated with this Project.\n\nLabel keys must be between 1 and 63 characters long and must conform\nto the following regular expression: \\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?.\n\nLabel values must be between 0 and 63 characters long and must conform\nto the regular expression (\\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?)?. A label\nvalue can be empty.\n\nNo more than 256 labels can be associated with a given resource.\n\nClients should store labels in a representation such as JSON that does not\ndepend on specific characters being disallowed.\n\nExample: <code>\"environment\" : \"dev\"</code>\nRead-write.",
"description": "The labels associated with this Project.\n\nLabel keys must be between 1 and 63 characters long and must conform\nto the following regular expression: a-z{0,62}.\n\nLabel values must be between 0 and 63 characters long and must conform\nto the regular expression [a-z0-9_-]{0,63}. A label value can be empty.\n\nNo more than 256 labels can be associated with a given resource.\n\nClients should store labels in a representation such as JSON that does not\ndepend on specific characters being disallowed.\n\nExample: <code>\"environment\" : \"dev\"</code>\nRead-write.",
"type": "object"
},
"lifecycleState": {
@@ -1986,7 +1986,7 @@
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}

26
etc/api/cloudresourcemanager/v1beta1/cloudresourcemanager-api.json
View File

@@ -455,7 +455,7 @@
]
},
"setIamPolicy": {
"description": "Sets the IAM access control policy for the specified Project. Overwrites\nany existing policy.\n\nThe following constraints apply when using `setIamPolicy()`:\n\n+ Project does not support `allUsers` and `allAuthenticatedUsers` as\n`members` in a `Binding` of a `Policy`.\n\n+ The owner role can be granted to a `user`, `serviceAccount`, or a group\nthat is part of an organization. For example,\ngroup@myownpersonaldomain.com could be added as an owner to a project in\nthe myownpersonaldomain.com organization, but not the examplepetstore.com\norganization.\n\n+ Service accounts can be made owners of a project directly\nwithout any restrictions. However, to be added as an owner, a user must be\ninvited via Cloud Platform console and must accept the invitation.\n\n+ A user cannot be granted the owner role using `setIamPolicy()`. The user\nmust be granted the owner role using the Cloud Platform Console and must\nexplicitly accept the invitation.\n\n+ Invitations to grant the owner role cannot be sent using\n`setIamPolicy()`; they must be sent only using the Cloud Platform Console.\n\n+ Membership changes that leave the project without any owners that have\naccepted the Terms of Service (ToS) will be rejected.\n\n+ If the project is not part of an organization, there must be at least\none owner who has accepted the Terms of Service (ToS) agreement in the\npolicy. Calling `setIamPolicy()` to remove the last ToS-accepted owner\nfrom the policy will fail. This restriction also applies to legacy\nprojects that no longer have owners who have accepted the ToS. Edits to\nIAM policies will be rejected until the lack of a ToS-accepting owner is\nrectified.\n\n+ This method will replace the existing policy, and cannot be used to\nappend additional IAM settings.\n\nNote: Removing service accounts from policies or changing their roles\ncan render services completely inoperable. It is important to understand\nhow the service account is being used before removing or updating its\nroles.",
"description": "Sets the IAM access control policy for the specified Project.\n\nCAUTION: This method will replace the existing policy, and cannot be used\nto append additional IAM settings.\n\nNOTE: Removing service accounts from policies or changing their roles can\nrender services completely inoperable. It is important to understand how\nthe service account is being used before removing or updating its roles.\n\nThe following constraints apply when using `setIamPolicy()`:\n\n+ Project does not support `allUsers` and `allAuthenticatedUsers` as\n`members` in a `Binding` of a `Policy`.\n\n+ The owner role can be granted to a `user`, `serviceAccount`, or a group\nthat is part of an organization. For example,\ngroup@myownpersonaldomain.com could be added as an owner to a project in\nthe myownpersonaldomain.com organization, but not the examplepetstore.com\norganization.\n\n+ Service accounts can be made owners of a project directly\nwithout any restrictions. However, to be added as an owner, a user must be\ninvited via Cloud Platform console and must accept the invitation.\n\n+ A user cannot be granted the owner role using `setIamPolicy()`. The user\nmust be granted the owner role using the Cloud Platform Console and must\nexplicitly accept the invitation.\n\n+ Invitations to grant the owner role cannot be sent using\n`setIamPolicy()`; they must be sent only using the Cloud Platform Console.\n\n+ Membership changes that leave the project without any owners that have\naccepted the Terms of Service (ToS) will be rejected.\n\n+ If the project is not part of an organization, there must be at least\none owner who has accepted the Terms of Service (ToS) agreement in the\npolicy. Calling `setIamPolicy()` to remove the last ToS-accepted owner\nfrom the policy will fail. This restriction also applies to legacy\nprojects that no longer have owners who have accepted the ToS. Edits to\nIAM policies will be rejected until the lack of a ToS-accepting owner is\nrectified.\n\nAuthorization requires the Google IAM permission\n`resourcemanager.projects.setIamPolicy` on the project",
"flatPath": "v1beta1/projects/{resource}:setIamPolicy",
"httpMethod": "POST",
"id": "cloudresourcemanager.projects.setIamPolicy",
@@ -566,7 +566,7 @@
}
}
},
"revision": "20200408",
"revision": "20200629",
"rootUrl": "https://cloudresourcemanager.googleapis.com/",
"schemas": {
"Ancestor": {
@@ -581,7 +581,7 @@
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -599,7 +599,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -634,7 +634,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -748,13 +748,13 @@
"type": "object"
},
"GetAncestryRequest": {
"description": "The request sent to the\nGetAncestry\nmethod.",
"description": "The request sent to the\n[google.cloudresourcemanager.projects.v1beta1.DeveloperProjects.GetAncestry]\nmethod.",
"id": "GetAncestryRequest",
"properties": {},
"type": "object"
},
"GetAncestryResponse": {
"description": "Response from the GetAncestry method.",
"description": "Response from the\nprojects.getAncestry\nmethod.",
"id": "GetAncestryResponse",
"properties": {
"ancestor": {
@@ -773,7 +773,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -783,7 +783,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -880,7 +880,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -903,7 +903,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -923,7 +923,7 @@
"additionalProperties": {
"type": "string"
},
"description": "The labels associated with this Project.\n\nLabel keys must be between 1 and 63 characters long and must conform\nto the following regular expression: \\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?.\n\nLabel values must be between 0 and 63 characters long and must conform\nto the regular expression (\\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?)?. A label\nvalue can be empty.\n\nNo more than 256 labels can be associated with a given resource.\n\nClients should store labels in a representation such as JSON that does not\ndepend on specific characters being disallowed.\n\nExample: <code>\"environment\" : \"dev\"</code>\nRead-write.",
"description": "The labels associated with this Project.\n\nLabel keys must be between 1 and 63 characters long and must conform\nto the following regular expression: a-z{0,62}.\n\nLabel values must be between 0 and 63 characters long and must conform\nto the regular expression [a-z0-9_-]{0,63}. A label value can be empty.\n\nNo more than 256 labels can be associated with a given resource.\n\nClients should store labels in a representation such as JSON that does not\ndepend on specific characters being disallowed.\n\nExample: <code>\"environment\" : \"dev\"</code>\nRead-write.",
"type": "object"
},
"lifecycleState": {
@@ -1006,7 +1006,7 @@
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}

18
etc/api/cloudresourcemanager/v2/cloudresourcemanager-api.json
View File

@@ -450,11 +450,11 @@
}
}
},
"revision": "20200408",
"revision": "20200629",
"rootUrl": "https://cloudresourcemanager.googleapis.com/",
"schemas": {
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -472,7 +472,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -507,7 +507,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -658,7 +658,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -668,7 +668,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -740,7 +740,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -763,7 +763,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -837,7 +837,7 @@
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}

18
etc/api/cloudresourcemanager/v2beta1/cloudresourcemanager-api.json
View File

@@ -450,11 +450,11 @@
}
}
},
"revision": "20200408",
"revision": "20200629",
"rootUrl": "https://cloudresourcemanager.googleapis.com/",
"schemas": {
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -472,7 +472,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -507,7 +507,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -658,7 +658,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -668,7 +668,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -740,7 +740,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -763,7 +763,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -837,7 +837,7 @@
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}

6
etc/api/cloudscheduler/v1/cloudscheduler-api.json
View File

@@ -418,7 +418,7 @@
}
}
},
"revision": "20200331",
"revision": "20200618",
"rootUrl": "https://cloudscheduler.googleapis.com/",
"schemas": {
"AppEngineHttpTarget": {
@@ -751,7 +751,7 @@
"additionalProperties": {
"type": "string"
},
"description": "Attributes for this message. If this field is empty, the message must\ncontain non-empty data.",
"description": "Attributes for this message. If this field is empty, the message must\ncontain non-empty data. This can be used to filter messages on the\nsubscription.",
"type": "object"
},
"data": {
@@ -810,7 +810,7 @@
"type": "string"
},
"maxDoublings": {
"description": "The time between retries will double `max_doublings` times.\n\nA job's retry interval starts at\nmin_backoff_duration, then doubles\n`max_doublings` times, then increases linearly, and finally\nretries retries at intervals of\nmax_backoff_duration up to\nretry_count times.\n\nFor example, if min_backoff_duration is\n10s, max_backoff_duration is 300s, and\n`max_doublings` is 3, then the a job will first be retried in 10s. The\nretry interval will double three times, and then increase linearly by\n2^3 * 10s. Finally, the job will retry at intervals of\nmax_backoff_duration until the job has\nbeen attempted retry_count times. Thus, the\nrequests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, 300s, ....\n\nThe default value of this field is 5.",
"description": "The time between retries will double `max_doublings` times.\n\nA job's retry interval starts at\nmin_backoff_duration, then doubles\n`max_doublings` times, then increases linearly, and finally\nretries at intervals of\nmax_backoff_duration up to\nretry_count times.\n\nFor example, if min_backoff_duration is\n10s, max_backoff_duration is 300s, and\n`max_doublings` is 3, then the a job will first be retried in 10s. The\nretry interval will double three times, and then increase linearly by\n2^3 * 10s. Finally, the job will retry at intervals of\nmax_backoff_duration until the job has\nbeen attempted retry_count times. Thus, the\nrequests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, 300s, ....\n\nThe default value of this field is 5.",
"format": "int32",
"type": "integer"
},

6
etc/api/cloudscheduler/v1beta1/cloudscheduler-api.json
View File

@@ -418,7 +418,7 @@
}
}
},
"revision": "20200331",
"revision": "20200618",
"rootUrl": "https://cloudscheduler.googleapis.com/",
"schemas": {
"AppEngineHttpTarget": {
@@ -751,7 +751,7 @@
"additionalProperties": {
"type": "string"
},
"description": "Attributes for this message. If this field is empty, the message must\ncontain non-empty data.",
"description": "Attributes for this message. If this field is empty, the message must\ncontain non-empty data. This can be used to filter messages on the\nsubscription.",
"type": "object"
},
"data": {
@@ -810,7 +810,7 @@
"type": "string"
},
"maxDoublings": {
"description": "The time between retries will double `max_doublings` times.\n\nA job's retry interval starts at\nmin_backoff_duration, then doubles\n`max_doublings` times, then increases linearly, and finally\nretries retries at intervals of\nmax_backoff_duration up to\nretry_count times.\n\nFor example, if min_backoff_duration is\n10s, max_backoff_duration is 300s, and\n`max_doublings` is 3, then the a job will first be retried in 10s. The\nretry interval will double three times, and then increase linearly by\n2^3 * 10s. Finally, the job will retry at intervals of\nmax_backoff_duration until the job has\nbeen attempted retry_count times. Thus, the\nrequests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, 300s, ....\n\nThe default value of this field is 5.",
"description": "The time between retries will double `max_doublings` times.\n\nA job's retry interval starts at\nmin_backoff_duration, then doubles\n`max_doublings` times, then increases linearly, and finally\nretries at intervals of\nmax_backoff_duration up to\nretry_count times.\n\nFor example, if min_backoff_duration is\n10s, max_backoff_duration is 300s, and\n`max_doublings` is 3, then the a job will first be retried in 10s. The\nretry interval will double three times, and then increase linearly by\n2^3 * 10s. Finally, the job will retry at intervals of\nmax_backoff_duration until the job has\nbeen attempted retry_count times. Thus, the\nrequests will retry at 10s, 20s, 40s, 80s, 160s, 240s, 300s, 300s, ....\n\nThe default value of this field is 5.",
"format": "int32",
"type": "integer"
},

20
etc/api/cloudsearch/v1/cloudsearch-api.json
View File

@@ -766,7 +766,7 @@
],
"parameters": {
"name": {
"description": "Name of the Item to start a resumable upload.\nFormat: datasources/{source_id}/items/{item_id}.",
"description": "Name of the Item to start a resumable upload.\nFormat: datasources/{source_id}/items/{item_id}.\nThe maximum length is 1536 bytes.",
"location": "path",
"pattern": "^datasources/[^/]+/items/[^/]+$",
"required": true,
@@ -937,7 +937,7 @@
"type": "string"
},
"requestOptions.searchApplicationId": {
"description": "Id of the application created using SearchApplicationsService.",
"description": "The ID generated when you create a search application using the\n[admin console](https://support.google.com/a/answer/9043922).",
"location": "query",
"type": "string"
},
@@ -1183,7 +1183,7 @@
"type": "boolean"
},
"name": {
"description": "Name of the search application.\n<br />Format: applications/{application_id}.",
"description": "Name of the search application.\n<br />Format: searchapplications/{application_id}.",
"location": "path",
"pattern": "^searchapplications/[^/]+$",
"required": true,
@@ -1805,7 +1805,7 @@
}
}
},
"revision": "20200331",
"revision": "20200629",
"rootUrl": "https://cloudsearch.googleapis.com/",
"schemas": {
"BooleanOperatorOptions": {
@@ -2396,7 +2396,7 @@
"type": "integer"
},
"percentage": {
"description": "Percent of results that match the bucket value. This value is between\n(0-100]. Percentages are returned for all searches, but are an estimate.\nBecause percentages are always returned, you should render percentages\ninstead of counts.",
"description": "Percent of results that match the bucket value. The returned value is\nbetween (0-100], and is rounded down to an integer if fractional. If the\nvalue is not explicitly returned, it represents a percentage value that\nrounds to 0. Percentages are returned for all searches, but are an\nestimate. Because percentages are always returned, you should render\npercentages instead of counts.",
"format": "int32",
"type": "integer"
},
@@ -2874,7 +2874,7 @@
"type": "object"
},
"ItemAcl": {
"description": "Access control list information for the item. For more information see\nhttps://developers.google.com/cloud-search/docs/guides/index-your-data#acls",
"description": "Access control list information for the item. For more information see\n[Map ACLs](/cloud-search/docs/guides/acls).",
"id": "ItemAcl",
"properties": {
"aclInheritanceType": {
@@ -3367,7 +3367,7 @@
"type": "array"
},
"objectDisplayLabel": {
"description": "The user friendly label to display in the search result to indicate the\ntype of the item. This is OPTIONAL; if not provided, an object label isn't\ndisplayed on the context line of the search results. The maximum length\nis 32 characters.",
"description": "The user friendly label to display in the search result to indicate the\ntype of the item. This is OPTIONAL; if not provided, an object label isn't\ndisplayed on the context line of the search results. The maximum length\nis 64 characters.",
"type": "string"
}
},
@@ -3690,7 +3690,7 @@
"id": "PropertyDisplayOptions",
"properties": {
"displayLabel": {
"description": "The user friendly label for the property that is used if the property\nis specified to be displayed in ObjectDisplayOptions. If provided, the\ndisplay label is shown in front of the property values when the property is\npart of the object display options. For example, if the property value is\n'1', the value by itself may not be useful context for the user. If the\ndisplay name given was 'priority', then the user sees 'priority : 1' in\nthe search results which provides clear context to search users. This is\nOPTIONAL; if not given, only the property values are displayed.\nThe maximum length is 32 characters.",
"description": "The user friendly label for the property that is used if the property\nis specified to be displayed in ObjectDisplayOptions. If provided, the\ndisplay label is shown in front of the property values when the property is\npart of the object display options. For example, if the property value is\n'1', the value by itself may not be useful context for the user. If the\ndisplay name given was 'priority', then the user sees 'priority : 1' in\nthe search results which provides clear context to search users. This is\nOPTIONAL; if not given, only the property values are displayed.\nThe maximum length is 64 characters.",
"type": "string"
}
},
@@ -4011,7 +4011,7 @@
"type": "string"
},
"searchApplicationId": {
"description": "Id of the application created using SearchApplicationsService.",
"description": "The ID generated when you create a search application using the\n[admin console](https://support.google.com/a/answer/9043922).",
"type": "string"
},
"timeZone": {
@@ -4232,7 +4232,7 @@
"type": "string"
},
"operationIds": {
"description": "IDs of the Long Running Operations (LROs) currently running for this\nschema. Output only field.",
"description": "Output only. IDs of the Long Running Operations (LROs) currently running for this\nschema. Output only field.",
"items": {
"type": "string"
},

10
etc/api/cloudshell/v1/cloudshell-api.json
View File

@@ -229,7 +229,7 @@
}
}
},
"revision": "20200409",
"revision": "20200704",
"rootUrl": "https://cloudshell.googleapis.com/",
"schemas": {
"CancelOperationRequest": {
@@ -300,13 +300,15 @@
"STATE_UNSPECIFIED",
"DISABLED",
"STARTING",
"RUNNING"
"RUNNING",
"DELETING"
],
"enumDescriptions": [
"The environment's states is unknown.",
"The environment is not running and can't be connected to. Starting the\nenvironment will transition it to the STARTING state.",
"The environment is being started but is not yet ready to accept\nconnections.",
"The environment is running and ready to accept connections. It will\nautomatically transition back to DISABLED after a period of inactivity or\nif another environment is started."
"The environment is running and ready to accept connections. It will\nautomatically transition back to DISABLED after a period of inactivity or\nif another environment is started.",
"The environment is being deleted and can't be connected to."
],
"type": "string"
},
@@ -439,7 +441,7 @@
"Startup is waiting for the user's disk to be unarchived. This can happen\nwhen the user returns to Cloud Shell after not having used it for a\nwhile, and suggests that startup will take longer than normal.",
"Startup is waiting for a VM to be assigned to the environment. This\nshould normally happen very quickly, but an environment might stay in\nthis state for an extended period of time if the system is experiencing\nheavy load.",
"Startup is waiting for compute resources to be assigned to the\nenvironment. This should normally happen very quickly, but an environment\nmight stay in this state for an extended period of time if the system is\nexperiencing heavy load.",
"Startup is complete and the user should be able to establish an SSH\nconnection to their environment."
"Startup has completed. If the start operation was successful, the user\nshould be able to establish an SSH connection to their environment.\nOtherwise, the operation will contain details of the failure."
],
"type": "string"
}

17
etc/api/cloudshell/v1alpha1/cloudshell-api.json
View File

@@ -288,7 +288,7 @@
}
}
},
"revision": "20200409",
"revision": "20200704",
"rootUrl": "https://cloudshell.googleapis.com/",
"schemas": {
"AuthorizeEnvironmentRequest": {
@@ -384,13 +384,15 @@
"STATE_UNSPECIFIED",
"DISABLED",
"STARTING",
"RUNNING"
"RUNNING",
"DELETING"
],
"enumDescriptions": [
"The environment's states is unknown.",
"The environment is not running and can't be connected to. Starting the\nenvironment will transition it to the STARTING state.",
"The environment is being started but is not yet ready to accept\nconnections.",
"The environment is running and ready to accept connections. It will\nautomatically transition back to DISABLED after a period of inactivity or\nif another environment is started."
"The environment is running and ready to accept connections. It will\nautomatically transition back to DISABLED after a period of inactivity or\nif another environment is started.",
"The environment is being deleted and can't be connected to."
],
"type": "string"
},
@@ -505,7 +507,7 @@
"Startup is waiting for the user's disk to be unarchived. This can happen\nwhen the user returns to Cloud Shell after not having used it for a\nwhile, and suggests that startup will take longer than normal.",
"Startup is waiting for a VM to be assigned to the environment. This\nshould normally happen very quickly, but an environment might stay in\nthis state for an extended period of time if the system is experiencing\nheavy load.",
"Startup is waiting for compute resources to be assigned to the\nenvironment. This should normally happen very quickly, but an environment\nmight stay in this state for an extended period of time if the system is\nexperiencing heavy load.",
"Startup is complete and the user should be able to establish an SSH\nconnection to their environment."
"Startup has completed. If the start operation was successful, the user\nshould be able to establish an SSH connection to their environment.\nOtherwise, the operation will contain details of the failure."
],
"type": "string"
}
@@ -519,6 +521,13 @@
"accessToken": {
"description": "The initial access token passed to the environment. If this is present and\nvalid, the environment will be pre-authenticated with gcloud so that the\nuser can run gcloud commands in Cloud Shell without having to log in. This\ncode can be updated later by calling AuthorizeEnvironment.",
"type": "string"
},
"publicKeys": {
"description": "Public keys that should be added to the environment before it is started.",
"items": {
"$ref": "PublicKey"
},
"type": "array"
}
},
"type": "object"

22
etc/api/cloudtasks/v2/cloudtasks-api.json
View File

@@ -675,16 +675,16 @@
}
}
},
"revision": "20200331",
"revision": "20200615",
"rootUrl": "https://cloudtasks.googleapis.com/",
"schemas": {
"AppEngineHttpRequest": {
"description": "App Engine HTTP request.\n\nThe message defines the HTTP request that is sent to an App Engine app when\nthe task is dispatched.\n\nUsing AppEngineHttpRequest requires\n[`appengine.applications.get`](https://cloud.google.com/appengine/docs/admin-api/access-control)\nGoogle IAM permission for the project\nand the following scope:\n\n`https://www.googleapis.com/auth/cloud-platform`\n\nThe task will be delivered to the App Engine app which belongs to the same\nproject as the queue. For more information, see\n[How Requests are\nRouted](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed)\nand how routing is affected by\n[dispatch\nfiles](https://cloud.google.com/appengine/docs/python/config/dispatchref).\nTraffic is encrypted during transport and never leaves Google datacenters.\nBecause this traffic is carried over a communication mechanism internal to\nGoogle, you cannot explicitly set the protocol (for example, HTTP or HTTPS).\nThe request to the handler, however, will appear to have used the HTTP\nprotocol.\n\nThe AppEngineRouting used to construct the URL that the task is\ndelivered to can be set at the queue-level or task-level:\n\n* If app_engine_routing_override is set on the\n queue, this value is used for all\n tasks in the queue, no matter what the setting is for the task-level\n app_engine_routing.\n\n\nThe `url` that the task will be sent to is:\n\n* `url =` host `+`\n relative_uri\n\nTasks can be dispatched to secure app handlers, unsecure app handlers, and\nURIs restricted with\n[`login:\nadmin`](https://cloud.google.com/appengine/docs/standard/python/config/appref).\nBecause tasks are not run as any user, they cannot be dispatched to URIs\nrestricted with\n[`login:\nrequired`](https://cloud.google.com/appengine/docs/standard/python/config/appref)\nTask dispatches also do not follow redirects.\n\nThe task attempt has succeeded if the app's request handler returns an HTTP\nresponse code in the range [`200` - `299`]. The task attempt has failed if\nthe app's handler returns a non-2xx response code or Cloud Tasks does\nnot receive response before the deadline. Failed\ntasks will be retried according to the\nretry configuration. `503` (Service Unavailable) is\nconsidered an App Engine system error instead of an application error and\nwill cause Cloud Tasks' traffic congestion control to temporarily throttle\nthe queue's dispatches. Unlike other types of task targets, a `429` (Too Many\nRequests) response from an app handler does not cause traffic congestion\ncontrol to throttle the queue.",
"description": "App Engine HTTP request.\n\nThe message defines the HTTP request that is sent to an App Engine app when\nthe task is dispatched.\n\nUsing AppEngineHttpRequest requires\n[`appengine.applications.get`](https://cloud.google.com/appengine/docs/admin-api/access-control)\nGoogle IAM permission for the project\nand the following scope:\n\n`https://www.googleapis.com/auth/cloud-platform`\n\nThe task will be delivered to the App Engine app which belongs to the same\nproject as the queue. For more information, see\n[How Requests are\nRouted](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed)\nand how routing is affected by\n[dispatch\nfiles](https://cloud.google.com/appengine/docs/python/config/dispatchref).\nTraffic is encrypted during transport and never leaves Google datacenters.\nBecause this traffic is carried over a communication mechanism internal to\nGoogle, you cannot explicitly set the protocol (for example, HTTP or HTTPS).\nThe request to the handler, however, will appear to have used the HTTP\nprotocol.\n\nThe AppEngineRouting used to construct the URL that the task is\ndelivered to can be set at the queue-level or task-level:\n\n* If app_engine_routing_override is set on the\n queue, this value\n is used for all tasks in the queue, no matter what the setting is for the\n task-level\n app_engine_routing.\n\n\nThe `url` that the task will be sent to is:\n\n* `url =` host `+`\n relative_uri\n\nTasks can be dispatched to secure app handlers, unsecure app handlers, and\nURIs restricted with\n[`login:\nadmin`](https://cloud.google.com/appengine/docs/standard/python/config/appref).\nBecause tasks are not run as any user, they cannot be dispatched to URIs\nrestricted with\n[`login:\nrequired`](https://cloud.google.com/appengine/docs/standard/python/config/appref)\nTask dispatches also do not follow redirects.\n\nThe task attempt has succeeded if the app's request handler returns an HTTP\nresponse code in the range [`200` - `299`]. The task attempt has failed if\nthe app's handler returns a non-2xx response code or Cloud Tasks does\nnot receive response before the deadline. Failed\ntasks will be retried according to the\nretry configuration. `503` (Service Unavailable) is\nconsidered an App Engine system error instead of an application error and\nwill cause Cloud Tasks' traffic congestion control to temporarily throttle\nthe queue's dispatches. Unlike other types of task targets, a `429` (Too Many\nRequests) response from an app handler does not cause traffic congestion\ncontrol to throttle the queue.",
"id": "AppEngineHttpRequest",
"properties": {
"appEngineRouting": {
"$ref": "AppEngineRouting",
"description": "Task-level setting for App Engine routing.\n\n* If app_engine_routing_override is set on the\n queue, this value is used for all\n tasks in the queue, no matter what the setting is for the task-level\n app_engine_routing."
"description": "Task-level setting for App Engine routing.\n\n* If app_engine_routing_override is set on the\n queue, this\n value is used for all tasks in the queue, no matter what the setting is\n for the task-level\n app_engine_routing."
},
"body": {
"description": "HTTP request body.\n\nA request body is allowed only if the HTTP method is POST or PUT. It is\nan error to set a body on a task with an incompatible HttpMethod.",
@@ -699,7 +699,7 @@
"type": "object"
},
"httpMethod": {
"description": "The HTTP method to use for the request. The default is POST.\n\nThe app's request handler for the task's target URL must be able to handle\nHTTP requests with this http_method, otherwise the task attempt will fail\nwith error code 405 (Method Not Allowed). See\n[Writing a push task request\nhandler](https://cloud.google.com/appengine/docs/java/taskqueue/push/creating-handlers#writing_a_push_task_request_handler)\nand the documentation for the request handlers in the language your app is\nwritten in e.g.\n[Python Request\nHandler](https://cloud.google.com/appengine/docs/python/tools/webapp/requesthandlerclass).",
"description": "The HTTP method to use for the request. The default is POST.\n\nThe app's request handler for the task's target URL must be able to handle\nHTTP requests with this http_method, otherwise the task attempt fails with\nerror code 405 (Method Not Allowed). See [Writing a push task request\nhandler](https://cloud.google.com/appengine/docs/java/taskqueue/push/creating-handlers#writing_a_push_task_request_handler)\nand the App Engine documentation for your runtime on [How Requests are\nHandled](https://cloud.google.com/appengine/docs/standard/python3/how-requests-are-handled).",
"enum": [
"HTTP_METHOD_UNSPECIFIED",
"POST",
@@ -784,7 +784,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -860,7 +860,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -870,7 +870,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1057,7 +1057,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"bindings": {
@@ -1073,7 +1073,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1177,7 +1177,7 @@
"type": "string"
},
"maxDoublings": {
"description": "The time between retries will double `max_doublings` times.\n\nA task's retry interval starts at\nmin_backoff, then doubles\n`max_doublings` times, then increases linearly, and finally\nretries retries at intervals of\nmax_backoff up to\nmax_attempts times.\n\nFor example, if min_backoff is 10s,\nmax_backoff is 300s, and\n`max_doublings` is 3, then the a task will first be retried in\n10s. The retry interval will double three times, and then\nincrease linearly by 2^3 * 10s. Finally, the task will retry at\nintervals of max_backoff until the\ntask has been attempted max_attempts\ntimes. Thus, the requests will retry at 10s, 20s, 40s, 80s, 160s,\n240s, 300s, 300s, ....\n\nIf unspecified when the queue is created, Cloud Tasks will pick the\ndefault.\n\n\nThis field has the same meaning as\n[max_doublings in\nqueue.yaml/xml](https://cloud.google.com/appengine/docs/standard/python/config/queueref#retry_parameters).",
"description": "The time between retries will double `max_doublings` times.\n\nA task's retry interval starts at\nmin_backoff, then doubles\n`max_doublings` times, then increases linearly, and finally\nretries at intervals of\nmax_backoff up to\nmax_attempts times.\n\nFor example, if min_backoff is 10s,\nmax_backoff is 300s, and\n`max_doublings` is 3, then the a task will first be retried in\n10s. The retry interval will double three times, and then\nincrease linearly by 2^3 * 10s. Finally, the task will retry at\nintervals of max_backoff until the\ntask has been attempted max_attempts\ntimes. Thus, the requests will retry at 10s, 20s, 40s, 80s, 160s,\n240s, 300s, 300s, ....\n\nIf unspecified when the queue is created, Cloud Tasks will pick the\ndefault.\n\n\nThis field has the same meaning as\n[max_doublings in\nqueue.yaml/xml](https://cloud.google.com/appengine/docs/standard/python/config/queueref#retry_parameters).",
"format": "int32",
"type": "integer"
},
@@ -1284,7 +1284,7 @@
"type": "integer"
},
"dispatchDeadline": {
"description": "The deadline for requests sent to the worker. If the worker does not\nrespond by this deadline then the request is cancelled and the attempt\nis marked as a `DEADLINE_EXCEEDED` failure. Cloud Tasks will retry the\ntask according to the RetryConfig.\n\nNote that when the request is cancelled, Cloud Tasks will stop listing for\nthe response, but whether the worker stops processing depends on the\nworker. For example, if the worker is stuck, it may not react to cancelled\nrequests.\n\nThe default and maximum values depend on the type of request:\n\n* For HTTP tasks, the default is 10 minutes. The deadline\n must be in the interval [15 seconds, 30 minutes].\n\n* For App Engine tasks, 0 indicates that the\n request has the default deadline. The default deadline depends on the\n [scaling\n type](https://cloud.google.com/appengine/docs/standard/go/how-instances-are-managed#instance_scaling)\n of the service: 10 minutes for standard apps with automatic scaling, 24\n hours for standard apps with manual and basic scaling, and 60 minutes for\n flex apps. If the request deadline is set, it must be in the interval [15\n seconds, 24 hours 15 seconds]. Regardless of the task's\n `dispatch_deadline`, the app handler will not run for longer than than\n the service's timeout. We recommend setting the `dispatch_deadline` to\n at most a few seconds more than the app handler's timeout. For more\n information see\n [Timeouts](https://cloud.google.com/tasks/docs/creating-appengine-handlers#timeouts).\n\n`dispatch_deadline` will be truncated to the nearest millisecond. The\ndeadline is an approximate deadline.",
"description": "The deadline for requests sent to the worker. If the worker does not\nrespond by this deadline then the request is cancelled and the attempt\nis marked as a `DEADLINE_EXCEEDED` failure. Cloud Tasks will retry the\ntask according to the RetryConfig.\n\nNote that when the request is cancelled, Cloud Tasks will stop listening\nfor the response, but whether the worker stops processing depends on the\nworker. For example, if the worker is stuck, it may not react to cancelled\nrequests.\n\nThe default and maximum values depend on the type of request:\n\n* For HTTP tasks, the default is 10 minutes. The deadline\n must be in the interval [15 seconds, 30 minutes].\n\n* For App Engine tasks, 0 indicates that the\n request has the default deadline. The default deadline depends on the\n [scaling\n type](https://cloud.google.com/appengine/docs/standard/go/how-instances-are-managed#instance_scaling)\n of the service: 10 minutes for standard apps with automatic scaling, 24\n hours for standard apps with manual and basic scaling, and 60 minutes for\n flex apps. If the request deadline is set, it must be in the interval [15\n seconds, 24 hours 15 seconds]. Regardless of the task's\n `dispatch_deadline`, the app handler will not run for longer than than\n the service's timeout. We recommend setting the `dispatch_deadline` to\n at most a few seconds more than the app handler's timeout. For more\n information see\n [Timeouts](https://cloud.google.com/tasks/docs/creating-appengine-handlers#timeouts).\n\n`dispatch_deadline` will be truncated to the nearest millisecond. The\ndeadline is an approximate deadline.",
"format": "google-duration",
"type": "string"
},

18
etc/api/cloudtasks/v2beta2/cloudtasks-api.json
View File

@@ -793,7 +793,7 @@
}
}
},
"revision": "20200331",
"revision": "20200615",
"rootUrl": "https://cloudtasks.googleapis.com/",
"schemas": {
"AcknowledgeTaskRequest": {
@@ -809,7 +809,7 @@
"type": "object"
},
"AppEngineHttpRequest": {
"description": "App Engine HTTP request.\n\nThe message defines the HTTP request that is sent to an App Engine app when\nthe task is dispatched.\n\nThis proto can only be used for tasks in a queue which has\napp_engine_http_target set.\n\nUsing AppEngineHttpRequest requires\n[`appengine.applications.get`](https://cloud.google.com/appengine/docs/admin-api/access-control)\nGoogle IAM permission for the project\nand the following scope:\n\n`https://www.googleapis.com/auth/cloud-platform`\n\nThe task will be delivered to the App Engine app which belongs to the same\nproject as the queue. For more information, see\n[How Requests are\nRouted](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed)\nand how routing is affected by\n[dispatch\nfiles](https://cloud.google.com/appengine/docs/python/config/dispatchref).\nTraffic is encrypted during transport and never leaves Google datacenters.\nBecause this traffic is carried over a communication mechanism internal to\nGoogle, you cannot explicitly set the protocol (for example, HTTP or HTTPS).\nThe request to the handler, however, will appear to have used the HTTP\nprotocol.\n\nThe AppEngineRouting used to construct the URL that the task is\ndelivered to can be set at the queue-level or task-level:\n\n* If set,\n app_engine_routing_override\n is used for all tasks in the queue, no matter what the setting\n is for the\n task-level app_engine_routing.\n\n\nThe `url` that the task will be sent to is:\n\n* `url =` host `+`\n relative_url\n\nTasks can be dispatched to secure app handlers, unsecure app handlers, and\nURIs restricted with\n[`login:\nadmin`](https://cloud.google.com/appengine/docs/standard/python/config/appref).\nBecause tasks are not run as any user, they cannot be dispatched to URIs\nrestricted with\n[`login:\nrequired`](https://cloud.google.com/appengine/docs/standard/python/config/appref)\nTask dispatches also do not follow redirects.\n\nThe task attempt has succeeded if the app's request handler returns an HTTP\nresponse code in the range [`200` - `299`]. The task attempt has failed if\nthe app's handler returns a non-2xx response code or Cloud Tasks does\nnot receive response before the deadline. Failed\ntasks will be retried according to the\nretry configuration. `503` (Service Unavailable) is\nconsidered an App Engine system error instead of an application error and\nwill cause Cloud Tasks' traffic congestion control to temporarily throttle\nthe queue's dispatches. Unlike other types of task targets, a `429` (Too Many\nRequests) response from an app handler does not cause traffic congestion\ncontrol to throttle the queue.",
"description": "App Engine HTTP request.\n\nThe message defines the HTTP request that is sent to an App Engine app when\nthe task is dispatched.\n\nThis proto can only be used for tasks in a queue which has\napp_engine_http_target set.\n\nUsing AppEngineHttpRequest requires\n[`appengine.applications.get`](https://cloud.google.com/appengine/docs/admin-api/access-control)\nGoogle IAM permission for the project\nand the following scope:\n\n`https://www.googleapis.com/auth/cloud-platform`\n\nThe task will be delivered to the App Engine app which belongs to the same\nproject as the queue. For more information, see\n[How Requests are\nRouted](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed)\nand how routing is affected by\n[dispatch\nfiles](https://cloud.google.com/appengine/docs/python/config/dispatchref).\nTraffic is encrypted during transport and never leaves Google datacenters.\nBecause this traffic is carried over a communication mechanism internal to\nGoogle, you cannot explicitly set the protocol (for example, HTTP or HTTPS).\nThe request to the handler, however, will appear to have used the HTTP\nprotocol.\n\nThe AppEngineRouting used to construct the URL that the task is\ndelivered to can be set at the queue-level or task-level:\n\n* If set,\n app_engine_routing_override\n is used for all tasks in the queue, no matter what the setting\n is for the\n task-level app_engine_routing.\n\n\nThe `url` that the task will be sent to is:\n\n* `url =` host `+`\n relative_url\n\nTasks can be dispatched to secure app handlers, unsecure app handlers, and\nURIs restricted with\n[`login:\nadmin`](https://cloud.google.com/appengine/docs/standard/python/config/appref).\nBecause tasks are not run as any user, they cannot be dispatched to URIs\nrestricted with\n[`login:\nrequired`](https://cloud.google.com/appengine/docs/standard/python/config/appref)\nTask dispatches also do not follow redirects.\n\nThe task attempt has succeeded if the app's request handler returns an HTTP\nresponse code in the range [`200` - `299`]. The task attempt has failed if\nthe app's handler returns a non-2xx response code or Cloud Tasks does\nnot receive response before the deadline. Failed\ntasks will be retried according to the\nretry configuration. `503` (Service Unavailable) is\nconsidered an App Engine system error instead of an application error and\nwill cause Cloud Tasks' traffic congestion control to temporarily throttle\nthe queue's dispatches. Unlike other types of task targets, a `429` (Too Many\nRequests) response from an app handler does not cause traffic congestion\ncontrol to throttle the queue.",
"id": "AppEngineHttpRequest",
"properties": {
"appEngineRouting": {
@@ -824,7 +824,7 @@
"type": "object"
},
"httpMethod": {
"description": "The HTTP method to use for the request. The default is POST.\n\nThe app's request handler for the task's target URL must be able to handle\nHTTP requests with this http_method, otherwise the task attempt will fail\nwith error code 405 (Method Not Allowed). See\n[Writing a push task request\nhandler](https://cloud.google.com/appengine/docs/java/taskqueue/push/creating-handlers#writing_a_push_task_request_handler)\nand the documentation for the request handlers in the language your app is\nwritten in e.g.\n[Python Request\nHandler](https://cloud.google.com/appengine/docs/python/tools/webapp/requesthandlerclass).",
"description": "The HTTP method to use for the request. The default is POST.\n\nThe app's request handler for the task's target URL must be able to handle\nHTTP requests with this http_method, otherwise the task attempt fails with\nerror code 405 (Method Not Allowed). See [Writing a push task request\nhandler](https://cloud.google.com/appengine/docs/java/taskqueue/push/creating-handlers#writing_a_push_task_request_handler)\nand the App Engine documentation for your runtime on [How Requests are\nHandled](https://cloud.google.com/appengine/docs/standard/python3/how-requests-are-handled).",
"enum": [
"HTTP_METHOD_UNSPECIFIED",
"POST",
@@ -921,7 +921,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -1023,7 +1023,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -1033,7 +1033,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1184,7 +1184,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"bindings": {
@@ -1200,7 +1200,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1357,7 +1357,7 @@
"type": "string"
},
"maxDoublings": {
"description": "The time between retries will double `max_doublings` times.\n\nA task's retry interval starts at\nmin_backoff, then doubles\n`max_doublings` times, then increases linearly, and finally\nretries retries at intervals of\nmax_backoff up to\nmax_attempts times.\n\nFor example, if min_backoff is 10s,\nmax_backoff is 300s, and\n`max_doublings` is 3, then the a task will first be retried in\n10s. The retry interval will double three times, and then\nincrease linearly by 2^3 * 10s. Finally, the task will retry at\nintervals of max_backoff until the\ntask has been attempted max_attempts\ntimes. Thus, the requests will retry at 10s, 20s, 40s, 80s, 160s,\n240s, 300s, 300s, ....\n\nIf unspecified when the queue is created, Cloud Tasks will pick the\ndefault.\n\nThis field is output only for pull queues.\n\n\nThis field has the same meaning as\n[max_doublings in\nqueue.yaml/xml](https://cloud.google.com/appengine/docs/standard/python/config/queueref#retry_parameters).",
"description": "The time between retries will double `max_doublings` times.\n\nA task's retry interval starts at\nmin_backoff, then doubles\n`max_doublings` times, then increases linearly, and finally\nretries at intervals of\nmax_backoff up to\nmax_attempts times.\n\nFor example, if min_backoff is 10s,\nmax_backoff is 300s, and\n`max_doublings` is 3, then the a task will first be retried in\n10s. The retry interval will double three times, and then\nincrease linearly by 2^3 * 10s. Finally, the task will retry at\nintervals of max_backoff until the\ntask has been attempted max_attempts\ntimes. Thus, the requests will retry at 10s, 20s, 40s, 80s, 160s,\n240s, 300s, 300s, ....\n\nIf unspecified when the queue is created, Cloud Tasks will pick the\ndefault.\n\nThis field is output only for pull queues.\n\n\nThis field has the same meaning as\n[max_doublings in\nqueue.yaml/xml](https://cloud.google.com/appengine/docs/standard/python/config/queueref#retry_parameters).",
"format": "int32",
"type": "integer"
},

34
etc/api/cloudtasks/v2beta3/cloudtasks-api.json
View File

@@ -675,7 +675,7 @@
}
}
},
"revision": "20200331",
"revision": "20200615",
"rootUrl": "https://cloudtasks.googleapis.com/",
"schemas": {
"AppEngineHttpQueue": {
@@ -690,7 +690,7 @@
"type": "object"
},
"AppEngineHttpRequest": {
"description": "App Engine HTTP request.\n\nThe message defines the HTTP request that is sent to an App Engine app when\nthe task is dispatched.\n\nUsing AppEngineHttpRequest requires\n[`appengine.applications.get`](https://cloud.google.com/appengine/docs/admin-api/access-control)\nGoogle IAM permission for the project\nand the following scope:\n\n`https://www.googleapis.com/auth/cloud-platform`\n\nThe task will be delivered to the App Engine app which belongs to the same\nproject as the queue. For more information, see\n[How Requests are\nRouted](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed)\nand how routing is affected by\n[dispatch\nfiles](https://cloud.google.com/appengine/docs/python/config/dispatchref).\nTraffic is encrypted during transport and never leaves Google datacenters.\nBecause this traffic is carried over a communication mechanism internal to\nGoogle, you cannot explicitly set the protocol (for example, HTTP or HTTPS).\nThe request to the handler, however, will appear to have used the HTTP\nprotocol.\n\nThe AppEngineRouting used to construct the URL that the task is\ndelivered to can be set at the queue-level or task-level:\n\n* If set,\n app_engine_routing_override\n is used for all tasks in the queue, no matter what the setting\n is for the\n task-level app_engine_routing.\n\n\nThe `url` that the task will be sent to is:\n\n* `url =` host `+`\n relative_uri\n\nTasks can be dispatched to secure app handlers, unsecure app handlers, and\nURIs restricted with\n[`login:\nadmin`](https://cloud.google.com/appengine/docs/standard/python/config/appref).\nBecause tasks are not run as any user, they cannot be dispatched to URIs\nrestricted with\n[`login:\nrequired`](https://cloud.google.com/appengine/docs/standard/python/config/appref)\nTask dispatches also do not follow redirects.\n\nThe task attempt has succeeded if the app's request handler returns an HTTP\nresponse code in the range [`200` - `299`]. The task attempt has failed if\nthe app's handler returns a non-2xx response code or Cloud Tasks does\nnot receive response before the deadline. Failed\ntasks will be retried according to the\nretry configuration. `503` (Service Unavailable) is\nconsidered an App Engine system error instead of an application error and\nwill cause Cloud Tasks' traffic congestion control to temporarily throttle\nthe queue's dispatches. Unlike other types of task targets, a `429` (Too Many\nRequests) response from an app handler does not cause traffic congestion\ncontrol to throttle the queue.",
"description": "App Engine HTTP request.\n\nThe message defines the HTTP request that is sent to an App Engine app when\nthe task is dispatched.\n\nUsing AppEngineHttpRequest requires\n[`appengine.applications.get`](https://cloud.google.com/appengine/docs/admin-api/access-control)\nGoogle IAM permission for the project\nand the following scope:\n\n`https://www.googleapis.com/auth/cloud-platform`\n\nThe task will be delivered to the App Engine app which belongs to the same\nproject as the queue. For more information, see\n[How Requests are\nRouted](https://cloud.google.com/appengine/docs/standard/python/how-requests-are-routed)\nand how routing is affected by\n[dispatch\nfiles](https://cloud.google.com/appengine/docs/python/config/dispatchref).\nTraffic is encrypted during transport and never leaves Google datacenters.\nBecause this traffic is carried over a communication mechanism internal to\nGoogle, you cannot explicitly set the protocol (for example, HTTP or HTTPS).\nThe request to the handler, however, will appear to have used the HTTP\nprotocol.\n\nThe AppEngineRouting used to construct the URL that the task is\ndelivered to can be set at the queue-level or task-level:\n\n* If set,\n app_engine_routing_override\n is used for all tasks in the queue, no matter what the setting\n is for the\n task-level app_engine_routing.\n\n\nThe `url` that the task will be sent to is:\n\n* `url =` host `+`\n relative_uri\n\nTasks can be dispatched to secure app handlers, unsecure app handlers, and\nURIs restricted with\n[`login:\nadmin`](https://cloud.google.com/appengine/docs/standard/python/config/appref).\nBecause tasks are not run as any user, they cannot be dispatched to URIs\nrestricted with\n[`login:\nrequired`](https://cloud.google.com/appengine/docs/standard/python/config/appref)\nTask dispatches also do not follow redirects.\n\nThe task attempt has succeeded if the app's request handler returns an HTTP\nresponse code in the range [`200` - `299`]. The task attempt has failed if\nthe app's handler returns a non-2xx response code or Cloud Tasks does\nnot receive response before the deadline. Failed\ntasks will be retried according to the\nretry configuration. `503` (Service Unavailable) is\nconsidered an App Engine system error instead of an application error and\nwill cause Cloud Tasks' traffic congestion control to temporarily throttle\nthe queue's dispatches. Unlike other types of task targets, a `429` (Too Many\nRequests) response from an app handler does not cause traffic congestion\ncontrol to throttle the queue.",
"id": "AppEngineHttpRequest",
"properties": {
"appEngineRouting": {
@@ -710,7 +710,7 @@
"type": "object"
},
"httpMethod": {
"description": "The HTTP method to use for the request. The default is POST.\n\nThe app's request handler for the task's target URL must be able to handle\nHTTP requests with this http_method, otherwise the task attempt will fail\nwith error code 405 (Method Not Allowed). See\n[Writing a push task request\nhandler](https://cloud.google.com/appengine/docs/java/taskqueue/push/creating-handlers#writing_a_push_task_request_handler)\nand the documentation for the request handlers in the language your app is\nwritten in e.g.\n[Python Request\nHandler](https://cloud.google.com/appengine/docs/python/tools/webapp/requesthandlerclass).",
"description": "The HTTP method to use for the request. The default is POST.\n\nThe app's request handler for the task's target URL must be able to handle\nHTTP requests with this http_method, otherwise the task attempt fails with\nerror code 405 (Method Not Allowed). See [Writing a push task request\nhandler](https://cloud.google.com/appengine/docs/java/taskqueue/push/creating-handlers#writing_a_push_task_request_handler)\nand the App Engine documentation for your runtime on [How Requests are\nHandled](https://cloud.google.com/appengine/docs/standard/python3/how-requests-are-handled).",
"enum": [
"HTTP_METHOD_UNSPECIFIED",
"POST",
@@ -795,7 +795,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -871,7 +871,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -881,7 +881,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1068,7 +1068,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"bindings": {
@@ -1084,7 +1084,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1141,6 +1141,20 @@
"The queue is disabled.\n\nA queue becomes `DISABLED` when\n[queue.yaml](https://cloud.google.com/appengine/docs/python/config/queueref)\nor\n[queue.xml](https://cloud.google.com/appengine/docs/standard/java/config/queueref)\nis uploaded which does not contain the queue. You cannot directly disable\na queue.\n\nWhen a queue is disabled, tasks can still be added to a queue\nbut the tasks are not dispatched.\n\nTo permanently delete this queue and all of its tasks, call\nDeleteQueue."
],
"type": "string"
},
"type": {
"description": "Immutable. The type of a queue (push or pull).\n\n`Queue.type` is an immutable property of the queue that is set at the queue\ncreation time. When left unspecified, the default value of `PUSH` is\nselected.",
"enum": [
"TYPE_UNSPECIFIED",
"PULL",
"PUSH"
],
"enumDescriptions": [
"Default value.",
"A pull queue.",
"A push queue."
],
"type": "string"
}
},
"type": "object"
@@ -1188,7 +1202,7 @@
"type": "string"
},
"maxDoublings": {
"description": "The time between retries will double `max_doublings` times.\n\nA task's retry interval starts at\nmin_backoff, then doubles\n`max_doublings` times, then increases linearly, and finally\nretries retries at intervals of\nmax_backoff up to\nmax_attempts times.\n\nFor example, if min_backoff is 10s,\nmax_backoff is 300s, and\n`max_doublings` is 3, then the a task will first be retried in\n10s. The retry interval will double three times, and then\nincrease linearly by 2^3 * 10s. Finally, the task will retry at\nintervals of max_backoff until the\ntask has been attempted max_attempts\ntimes. Thus, the requests will retry at 10s, 20s, 40s, 80s, 160s,\n240s, 300s, 300s, ....\n\nIf unspecified when the queue is created, Cloud Tasks will pick the\ndefault.\n\n\nThis field has the same meaning as\n[max_doublings in\nqueue.yaml/xml](https://cloud.google.com/appengine/docs/standard/python/config/queueref#retry_parameters).",
"description": "The time between retries will double `max_doublings` times.\n\nA task's retry interval starts at\nmin_backoff, then doubles\n`max_doublings` times, then increases linearly, and finally\nretries at intervals of\nmax_backoff up to\nmax_attempts times.\n\nFor example, if min_backoff is 10s,\nmax_backoff is 300s, and\n`max_doublings` is 3, then the a task will first be retried in\n10s. The retry interval will double three times, and then\nincrease linearly by 2^3 * 10s. Finally, the task will retry at\nintervals of max_backoff until the\ntask has been attempted max_attempts\ntimes. Thus, the requests will retry at 10s, 20s, 40s, 80s, 160s,\n240s, 300s, 300s, ....\n\nIf unspecified when the queue is created, Cloud Tasks will pick the\ndefault.\n\n\nThis field has the same meaning as\n[max_doublings in\nqueue.yaml/xml](https://cloud.google.com/appengine/docs/standard/python/config/queueref#retry_parameters).",
"format": "int32",
"type": "integer"
},
@@ -1295,7 +1309,7 @@
"type": "integer"
},
"dispatchDeadline": {
"description": "The deadline for requests sent to the worker. If the worker does not\nrespond by this deadline then the request is cancelled and the attempt\nis marked as a `DEADLINE_EXCEEDED` failure. Cloud Tasks will retry the\ntask according to the RetryConfig.\n\nNote that when the request is cancelled, Cloud Tasks will stop listing for\nthe response, but whether the worker stops processing depends on the\nworker. For example, if the worker is stuck, it may not react to cancelled\nrequests.\n\nThe default and maximum values depend on the type of request:\n\n* For HTTP tasks, the default is 10 minutes. The deadline\n must be in the interval [15 seconds, 30 minutes].\n\n* For App Engine tasks, 0 indicates that the\n request has the default deadline. The default deadline depends on the\n [scaling\n type](https://cloud.google.com/appengine/docs/standard/go/how-instances-are-managed#instance_scaling)\n of the service: 10 minutes for standard apps with automatic scaling, 24\n hours for standard apps with manual and basic scaling, and 60 minutes for\n flex apps. If the request deadline is set, it must be in the interval [15\n seconds, 24 hours 15 seconds]. Regardless of the task's\n `dispatch_deadline`, the app handler will not run for longer than than\n the service's timeout. We recommend setting the `dispatch_deadline` to\n at most a few seconds more than the app handler's timeout. For more\n information see\n [Timeouts](https://cloud.google.com/tasks/docs/creating-appengine-handlers#timeouts).\n\n`dispatch_deadline` will be truncated to the nearest millisecond. The\ndeadline is an approximate deadline.",
"description": "The deadline for requests sent to the worker. If the worker does not\nrespond by this deadline then the request is cancelled and the attempt\nis marked as a `DEADLINE_EXCEEDED` failure. Cloud Tasks will retry the\ntask according to the RetryConfig.\n\nNote that when the request is cancelled, Cloud Tasks will stop listening\nfor the response, but whether the worker stops processing depends on the\nworker. For example, if the worker is stuck, it may not react to cancelled\nrequests.\n\nThe default and maximum values depend on the type of request:\n\n* For HTTP tasks, the default is 10 minutes. The deadline\n must be in the interval [15 seconds, 30 minutes].\n\n* For App Engine tasks, 0 indicates that the\n request has the default deadline. The default deadline depends on the\n [scaling\n type](https://cloud.google.com/appengine/docs/standard/go/how-instances-are-managed#instance_scaling)\n of the service: 10 minutes for standard apps with automatic scaling, 24\n hours for standard apps with manual and basic scaling, and 60 minutes for\n flex apps. If the request deadline is set, it must be in the interval [15\n seconds, 24 hours 15 seconds]. Regardless of the task's\n `dispatch_deadline`, the app handler will not run for longer than than\n the service's timeout. We recommend setting the `dispatch_deadline` to\n at most a few seconds more than the app handler's timeout. For more\n information see\n [Timeouts](https://cloud.google.com/tasks/docs/creating-appengine-handlers#timeouts).\n\n`dispatch_deadline` will be truncated to the nearest millisecond. The\ndeadline is an approximate deadline.",
"format": "google-duration",
"type": "string"
},

2
etc/api/cloudtrace/v1/cloudtrace-api.json
View File

@@ -251,7 +251,7 @@
}
}
},
"revision": "20200330",
"revision": "20200622",
"rootUrl": "https://cloudtrace.googleapis.com/",
"schemas": {
"Empty": {

4
etc/api/cloudtrace/v2/cloudtrace-api.json
View File

@@ -181,7 +181,7 @@
}
}
},
"revision": "20200330",
"revision": "20200622",
"rootUrl": "https://cloudtrace.googleapis.com/",
"schemas": {
"Annotation": {
@@ -227,7 +227,7 @@
"additionalProperties": {
"$ref": "AttributeValue"
},
"description": "The set of attributes. Each attribute's key can be up to 128 bytes\nlong. The value can be a string up to 256 bytes, a signed 64-bit integer,\nor the Boolean values `true` and `false`. For example:\n\n \"/instance_id\": \"my-instance\"\n \"/http/user_agent\": \"\"\n \"/http/request_bytes\": 300\n \"abc.com/myattribute\": true",
"description": "The set of attributes. Each attribute's key can be up to 128 bytes\nlong. The value can be a string up to 256 bytes, a signed 64-bit integer,\nor the Boolean values `true` and `false`. For example:\n\n \"/instance_id\": { \"string_value\": { \"value\": \"my-instance\" } }\n \"/http/request_bytes\": { \"int_value\": 300 }\n \"abc.com/myattribute\": { \"bool_value\": false }",
"type": "object"
},
"droppedAttributesCount": {

2
etc/api/cloudtrace/v2beta1/cloudtrace-api.json
View File

@@ -273,7 +273,7 @@
}
}
},
"revision": "20200330",
"revision": "20200622",
"rootUrl": "https://cloudtrace.googleapis.com/",
"schemas": {
"Empty": {

2
etc/api/composer/v1/composer-api.json
View File

@@ -401,7 +401,7 @@
}
}
},
"revision": "20200406",
"revision": "20200625",
"rootUrl": "https://composer.googleapis.com/",
"schemas": {
"Empty": {

34
etc/api/composer/v1beta1/composer-api.json
View File

File diff suppressed because one or more lines are too long

2270
etc/api/compute/alpha/compute-api.json
View File

File diff suppressed because it is too large Load Diff

739
etc/api/compute/beta/compute-api.json
View File

File diff suppressed because it is too large Load Diff

1350
etc/api/compute/v1/compute-api.json
View File

File diff suppressed because it is too large Load Diff

405
etc/api/container/v1/container-api.json
View File

File diff suppressed because it is too large Load Diff

469
etc/api/container/v1beta1/container-api.json
View File

File diff suppressed because it is too large Load Diff

12
etc/api/containeranalysis/v1alpha1/containeranalysis-api.json
View File

@@ -1206,7 +1206,7 @@
}
}
},
"revision": "20200327",
"revision": "20200704",
"rootUrl": "https://containeranalysis.googleapis.com/",
"schemas": {
"Artifact": {
@@ -1287,7 +1287,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -1826,7 +1826,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -1836,7 +1836,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -2495,7 +2495,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"bindings": {
@@ -2511,7 +2511,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}

232
etc/api/containeranalysis/v1beta1/containeranalysis-api.json
View File

@@ -853,7 +853,7 @@
}
}
},
"revision": "20200327",
"revision": "20200704",
"rootUrl": "https://containeranalysis.googleapis.com/",
"schemas": {
"AliasContext": {
@@ -905,6 +905,29 @@
},
"type": "object"
},
"ArtifactHashes": {
"description": "Defines a hash object for use in Materials and Products.",
"id": "ArtifactHashes",
"properties": {
"sha256": {
"type": "string"
}
},
"type": "object"
},
"ArtifactRule": {
"description": "Defines an object to declare an in-toto artifact rule",
"id": "ArtifactRule",
"properties": {
"artifactRule": {
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"Attestation": {
"description": "Occurrence that represents a single \"attestation\". The authenticity of an\nattestation can be verified using the attached signature. If the verifier\ntrusts the public key of the signer, then verifying the signature is\nsufficient to establish trust. In this circumstance, the authority to which\nthis attestation is attached is primarily useful for look-up (how to find\nthis attestation if you already know the authority and artifact to be\nverified) and intent (which authority was this attestation intended to sign\nfor).",
"id": "Attestation",
@@ -1007,7 +1030,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -1143,6 +1166,19 @@
},
"type": "object"
},
"ByProducts": {
"description": "Defines an object for the byproducts field in in-toto links. The suggested\nfields are \"stderr\", \"stdout\", and \"return-value\".",
"id": "ByProducts",
"properties": {
"customValues": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object"
},
"CVSSv3": {
"description": "Common Vulnerability Scoring System version 3.\nFor details, see https://www.first.org/cvss/specification-document",
"id": "CVSSv3",
@@ -1555,7 +1591,8 @@
"PACKAGE",
"DEPLOYMENT",
"DISCOVERY",
"ATTESTATION"
"ATTESTATION",
"INTOTO"
],
"enumDescriptions": [
"Unknown.",
@@ -1565,7 +1602,8 @@
"This represents a package installed via a package manager.",
"The note and occurrence track deployment events.",
"The note and occurrence track the initial discovery status of a resource.",
"This represents a logical \"role\" that can attest to artifacts."
"This represents a logical \"role\" that can attest to artifacts.",
"This represents an in-toto link."
],
"type": "string"
}
@@ -1619,6 +1657,19 @@
"properties": {},
"type": "object"
},
"Environment": {
"description": "Defines an object for the environment field in in-toto links. The suggested\nfields are \"variables\", \"filesystem\", and \"workdir\".",
"id": "Environment",
"properties": {
"customValues": {
"additionalProperties": {
"type": "string"
},
"type": "object"
}
},
"type": "object"
},
"Expr": {
"description": "Represents a textual expression in the Common Expression Language (CEL)\nsyntax. CEL is a C-like expression language. The syntax and semantics of CEL\nare documented at https://github.com/google/cel-spec.\n\nExample (Comparison):\n\n title: \"Summary size limit\"\n description: \"Determines if a summary is less than 100 chars\"\n expression: \"document.summary.size() < 100\"\n\nExample (Equality):\n\n title: \"Requestor is owner\"\n description: \"Determines if requestor is the document owner\"\n expression: \"document.owner == request.auth.claims.email\"\n\nExample (Logic):\n\n title: \"Public documents\"\n description: \"Determine whether the document should be publicly visible\"\n expression: \"document.type != 'private' && document.type != 'internal'\"\n\nExample (Data Manipulation):\n\n title: \"Notification string\"\n description: \"Create a notification string with a timestamp.\"\n expression: \"'New message received at ' + string(document.create_time)\"\n\nThe exact variables and functions that may be referenced within an expression\nare determined by the service that evaluates it. See the service\ndocumentation for additional information.",
"id": "Expr",
@@ -1779,7 +1830,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -1789,7 +1840,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1876,6 +1927,47 @@
},
"type": "object"
},
"GrafeasV1beta1IntotoArtifact": {
"id": "GrafeasV1beta1IntotoArtifact",
"properties": {
"hashes": {
"$ref": "ArtifactHashes"
},
"resourceUri": {
"type": "string"
}
},
"type": "object"
},
"GrafeasV1beta1IntotoDetails": {
"description": "This corresponds to a signed in-toto link - it is made up of one or more\nsignatures and the in-toto link itself. This is used for occurrences of a\nGrafeas in-toto note.",
"id": "GrafeasV1beta1IntotoDetails",
"properties": {
"signatures": {
"items": {
"$ref": "GrafeasV1beta1IntotoSignature"
},
"type": "array"
},
"signed": {
"$ref": "Link"
}
},
"type": "object"
},
"GrafeasV1beta1IntotoSignature": {
"description": "A signature object consists of the KeyID used and the signature itself.",
"id": "GrafeasV1beta1IntotoSignature",
"properties": {
"keyid": {
"type": "string"
},
"sig": {
"type": "string"
}
},
"type": "object"
},
"GrafeasV1beta1PackageDetails": {
"description": "Details of a package occurrence.",
"id": "GrafeasV1beta1PackageDetails",
@@ -2000,6 +2092,49 @@
},
"type": "object"
},
"InToto": {
"description": "This contains the fields corresponding to the definition of a software supply\nchain step in an in-toto layout. This information goes into a Grafeas note.",
"id": "InToto",
"properties": {
"expectedCommand": {
"description": "This field contains the expected command used to perform the step.",
"items": {
"type": "string"
},
"type": "array"
},
"expectedMaterials": {
"description": "The following fields contain in-toto artifact rules identifying the\nartifacts that enter this supply chain step, and exit the supply chain\nstep, i.e. materials and products of the step.",
"items": {
"$ref": "ArtifactRule"
},
"type": "array"
},
"expectedProducts": {
"items": {
"$ref": "ArtifactRule"
},
"type": "array"
},
"signingKeys": {
"description": "This field contains the public keys that can be used to verify the\nsignatures on the step metadata.",
"items": {
"$ref": "SigningKey"
},
"type": "array"
},
"stepName": {
"description": "This field identifies the name of the step in the supply chain.",
"type": "string"
},
"threshold": {
"description": "This field contains a value that indicates the minimum number of keys that\nneed to be used to sign the step's in-toto link.",
"format": "int64",
"type": "string"
}
},
"type": "object"
},
"Installation": {
"description": "This represents how a particular software package may be installed on a\nsystem.",
"id": "Installation",
@@ -2087,6 +2222,42 @@
},
"type": "object"
},
"Link": {
"description": "This corresponds to an in-toto link.",
"id": "Link",
"properties": {
"byproducts": {
"$ref": "ByProducts",
"description": "ByProducts are data generated as part of a software supply chain step, but\nare not the actual result of the step."
},
"command": {
"description": "This field contains the full command executed for the step. This can also\nbe empty if links are generated for operations that aren't directly mapped\nto a specific command. Each term in the command is an independent string\nin the list. An example of a command in the in-toto metadata field is:\n\"command\": [\"git\", \"clone\", \"https://github.com/in-toto/demo-project.git\"]",
"items": {
"type": "string"
},
"type": "array"
},
"environment": {
"$ref": "Environment",
"description": "This is a field that can be used to capture information about the\nenvironment. It is suggested for this field to contain information that\ndetails environment variables, filesystem information, and the present\nworking directory. The recommended structure of this field is:\n\"environment\": {\n \"custom_values\": {\n \"variables\": \"<ENV>\",\n \"filesystem\": \"<FS>\",\n \"workdir\": \"<CWD>\",\n \"<ANY OTHER RELEVANT FIELDS>\": \"...\"\n }\n}"
},
"materials": {
"description": "Materials are the supply chain artifacts that go into the step and are used\nfor the operation performed. The key of the map is the path of the artifact\nand the structure contains the recorded hash information. An example is:\n\"materials\": [\n {\n \"resource_uri\": \"foo/bar\",\n \"hashes\": {\n \"sha256\": \"ebebf...\",\n <OTHER HASH ALGORITHMS>: <HASH VALUE>\n }\n }\n]",
"items": {
"$ref": "GrafeasV1beta1IntotoArtifact"
},
"type": "array"
},
"products": {
"description": "Products are the supply chain artifacts generated as a result of the step.\nThe structure is identical to that of materials.",
"items": {
"$ref": "GrafeasV1beta1IntotoArtifact"
},
"type": "array"
}
},
"type": "object"
},
"ListNoteOccurrencesResponse": {
"description": "Response for listing occurrences for a note.",
"id": "ListNoteOccurrencesResponse",
@@ -2212,6 +2383,10 @@
"format": "google-datetime",
"type": "string"
},
"intoto": {
"$ref": "InToto",
"description": "A note describing an in-toto link."
},
"kind": {
"description": "Output only. The type of analysis. This field can be used as a filter in\nlist requests.",
"enum": [
@@ -2222,7 +2397,8 @@
"PACKAGE",
"DEPLOYMENT",
"DISCOVERY",
"ATTESTATION"
"ATTESTATION",
"INTOTO"
],
"enumDescriptions": [
"Unknown.",
@@ -2232,7 +2408,8 @@
"This represents a package installed via a package manager.",
"The note and occurrence track deployment events.",
"The note and occurrence track the initial discovery status of a resource.",
"This represents a logical \"role\" that can attest to artifacts."
"This represents a logical \"role\" that can attest to artifacts.",
"This represents an in-toto link."
],
"type": "string"
},
@@ -2311,6 +2488,10 @@
"$ref": "GrafeasV1beta1PackageDetails",
"description": "Describes the installation of a package on the linked resource."
},
"intoto": {
"$ref": "GrafeasV1beta1IntotoDetails",
"description": "Describes a specific in-toto link."
},
"kind": {
"description": "Output only. This explicitly denotes which of the occurrence details are\nspecified. This field can be used as a filter in list requests.",
"enum": [
@@ -2321,7 +2502,8 @@
"PACKAGE",
"DEPLOYMENT",
"DISCOVERY",
"ATTESTATION"
"ATTESTATION",
"INTOTO"
],
"enumDescriptions": [
"Unknown.",
@@ -2331,7 +2513,8 @@
"This represents a package installed via a package manager.",
"The note and occurrence track deployment events.",
"The note and occurrence track the initial discovery status of a resource.",
"This represents a logical \"role\" that can attest to artifacts."
"This represents a logical \"role\" that can attest to artifacts.",
"This represents an in-toto link."
],
"type": "string"
},
@@ -2428,7 +2611,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"bindings": {
@@ -2444,7 +2627,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -2560,7 +2743,7 @@
"id": "Signature",
"properties": {
"publicKeyId": {
"description": "The identifier for the public key that verifies this signature.\n * The `public_key_id` is required.\n * The `public_key_id` MUST be an RFC3986 conformant URI.\n * When possible, the `public_key_id` SHOULD be an immutable reference,\n such as a cryptographic digest.\n\nExamples of valid `public_key_id`s:\n\nOpenPGP V4 public key fingerprint:\n * \"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA\"\nSee https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more\ndetails on this scheme.\n\nRFC6920 digest-named SubjectPublicKeyInfo (digest of the DER\nserialization):\n * \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"\n * \"nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5\"",
"description": "The identifier for the public key that verifies this signature.\n * The `public_key_id` is required.\n * The `public_key_id` SHOULD be an RFC3986 conformant URI.\n * When possible, the `public_key_id` SHOULD be an immutable reference,\n such as a cryptographic digest.\n\nExamples of valid `public_key_id`s:\n\nOpenPGP V4 public key fingerprint:\n * \"openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA\"\nSee https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more\ndetails on this scheme.\n\nRFC6920 digest-named SubjectPublicKeyInfo (digest of the DER\nserialization):\n * \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"\n * \"nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5\"",
"type": "string"
},
"signature": {
@@ -2571,6 +2754,29 @@
},
"type": "object"
},
"SigningKey": {
"description": "This defines the format used to record keys used in the software supply\nchain. An in-toto link is attested using one or more keys defined in the\nin-toto layout. An example of this is:\n{\n \"key_id\": \"776a00e29f3559e0141b3b096f696abc6cfb0c657ab40f441132b345b0...\",\n \"key_type\": \"rsa\",\n \"public_key_value\": \"-----BEGIN PUBLIC KEY-----\\nMIIBojANBgkqhkiG9w0B...\",\n \"key_scheme\": \"rsassa-pss-sha256\"\n}\nThe format for in-toto's key definition can be found in section 4.2 of the\nin-toto specification.",
"id": "SigningKey",
"properties": {
"keyId": {
"description": "key_id is an identifier for the signing key.",
"type": "string"
},
"keyScheme": {
"description": "This field contains the corresponding signature scheme.\nEg: \"rsassa-pss-sha256\".",
"type": "string"
},
"keyType": {
"description": "This field identifies the specific signing method. Eg: \"rsa\", \"ed25519\",\nand \"ecdsa\".",
"type": "string"
},
"publicKeyValue": {
"description": "This field contains the actual public key.",
"type": "string"
}
},
"type": "object"
},
"Source": {
"description": "Source describes the location of the source used for the build.",
"id": "Source",

1668
etc/api/content/v2.1/content-api.json
View File

File diff suppressed because it is too large Load Diff

673
etc/api/content/v2/content-api.json
View File

File diff suppressed because it is too large Load Diff

1243
etc/api/customsearch/v1/customsearch-api.json
View File

File diff suppressed because it is too large Load Diff

86
etc/api/datacatalog/v1beta1/datacatalog-api.json
View File

@@ -108,7 +108,7 @@
"catalog": {
"methods": {
"search": {
"description": "Searches Data Catalog for multiple resources like entries, tags that\nmatch a query.\n\nThis is a custom method\n(https://cloud.google.com/apis/design/custom_methods) and does not return\nthe complete resource, only the resource identifier and high level\nfields. Clients can subsequentally call `Get` methods.\n\nNote that Data Catalog search queries do not guarantee full recall. Query\nresults that match your query may not be returned, even in subsequent\nresult pages. Also note that results returned (and not returned) can vary\nacross repeated search queries.\n\nSee [Data Catalog Search\nSyntax](/data-catalog/docs/how-to/search-reference) for more information.",
"description": "Searches Data Catalog for multiple resources like entries, tags that\nmatch a query.\n\nThis is a custom method\n(https://cloud.google.com/apis/design/custom_methods) and does not return\nthe complete resource, only the resource identifier and high level\nfields. Clients can subsequentally call `Get` methods.\n\nNote that Data Catalog search queries do not guarantee full recall. Query\nresults that match your query may not be returned, even in subsequent\nresult pages. Also note that results returned (and not returned) can vary\nacross repeated search queries.\n\nSee [Data Catalog Search\nSyntax](https://cloud.google.com/data-catalog/docs/how-to/search-reference)\nfor more information.",
"flatPath": "v1beta1/catalog:search",
"httpMethod": "POST",
"id": "datacatalog.catalog.search",
@@ -142,7 +142,7 @@
"type": "string"
},
"sqlResource": {
"description": "The SQL name of the entry. SQL names are case-sensitive.\n\nExamples:\n\n * `cloud_pubsub.project_id.topic_id`\n * ``pubsub.project_id.`topic.id.with.dots` ``\n * `bigquery.table.project_id.dataset_id.table_id`\n * `bigquery.dataset.project_id.dataset_id`\n * `datacatalog.entry.project_id.location_id.entry_group_id.entry_id`\n\n`*_id`s shoud satisfy the standard SQL rules for identifiers.\nhttps://cloud.google.com/bigquery/docs/reference/standard-sql/lexical.",
"description": "The SQL name of the entry. SQL names are case-sensitive.\n\nExamples:\n\n * `pubsub.project_id.topic_id`\n * ``pubsub.project_id.`topic.id.with.dots` ``\n * `bigquery.table.project_id.dataset_id.table_id`\n * `bigquery.dataset.project_id.dataset_id`\n * `datacatalog.entry.project_id.location_id.entry_group_id.entry_id`\n\n`*_id`s shoud satisfy the standard SQL rules for identifiers.\nhttps://cloud.google.com/bigquery/docs/reference/standard-sql/lexical.",
"location": "query",
"type": "string"
}
@@ -164,7 +164,7 @@
"entryGroups": {
"methods": {
"create": {
"description": "A maximum of 10,000 entry groups may be created per organization across all\nlocations.\n\nUsers should enable the Data Catalog API in the project identified by\nthe `parent` parameter (see [Data Catalog Resource Project]\n(/data-catalog/docs/concepts/resource-project) for more information).",
"description": "A maximum of 10,000 entry groups may be created per organization across all\nlocations.\n\nUsers should enable the Data Catalog API in the project identified by\nthe `parent` parameter (see [Data Catalog Resource Project]\n(https://cloud.google.com/data-catalog/docs/concepts/resource-project) for\nmore information).",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/entryGroups",
"httpMethod": "POST",
"id": "datacatalog.projects.locations.entryGroups.create",
@@ -197,7 +197,7 @@
]
},
"delete": {
"description": "Deletes an EntryGroup. Only entry groups that do not contain entries can be\ndeleted. Users should enable the Data Catalog API in the project\nidentified by the `name` parameter (see [Data Catalog Resource Project]\n(/data-catalog/docs/concepts/resource-project) for more information).",
"description": "Deletes an EntryGroup. Only entry groups that do not contain entries can be\ndeleted. Users should enable the Data Catalog API in the project\nidentified by the `name` parameter (see [Data Catalog Resource Project]\n(https://cloud.google.com/data-catalog/docs/concepts/resource-project) for\nmore information).",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/entryGroups/{entryGroupsId}",
"httpMethod": "DELETE",
"id": "datacatalog.projects.locations.entryGroups.delete",
@@ -322,7 +322,7 @@
]
},
"patch": {
"description": "Updates an EntryGroup. The user should enable the Data Catalog API in the\nproject identified by the `entry_group.name` parameter (see [Data Catalog\nResource Project] (/data-catalog/docs/concepts/resource-project) for more\ninformation).",
"description": "Updates an EntryGroup. The user should enable the Data Catalog API in the\nproject identified by the `entry_group.name` parameter (see [Data Catalog\nResource Project]\n(https://cloud.google.com/data-catalog/docs/concepts/resource-project) for\nmore information).",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/entryGroups/{entryGroupsId}",
"httpMethod": "PATCH",
"id": "datacatalog.projects.locations.entryGroups.patch",
@@ -416,7 +416,7 @@
"entries": {
"methods": {
"create": {
"description": "Creates an entry. Only entries of 'FILESET' type or user-specified type can\nbe created.\n\nUsers should enable the Data Catalog API in the project identified by\nthe `parent` parameter (see [Data Catalog Resource Project]\n(/data-catalog/docs/concepts/resource-project) for more information).\n\nA maximum of 100,000 entries may be created per entry group.",
"description": "Creates an entry. Only entries of 'FILESET' type or user-specified type can\nbe created.\n\nUsers should enable the Data Catalog API in the project identified by\nthe `parent` parameter (see [Data Catalog Resource Project]\n(https://cloud.google.com/data-catalog/docs/concepts/resource-project) for\nmore information).\n\nA maximum of 100,000 entries may be created per entry group.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/entryGroups/{entryGroupsId}/entries",
"httpMethod": "POST",
"id": "datacatalog.projects.locations.entryGroups.entries.create",
@@ -449,7 +449,7 @@
]
},
"delete": {
"description": "Deletes an existing entry. Only entries created through\nCreateEntry\nmethod can be deleted.\nUsers should enable the Data Catalog API in the project identified by\nthe `name` parameter (see [Data Catalog Resource Project]\n(/data-catalog/docs/concepts/resource-project) for more information).",
"description": "Deletes an existing entry. Only entries created through\nCreateEntry\nmethod can be deleted.\nUsers should enable the Data Catalog API in the project identified by\nthe `name` parameter (see [Data Catalog Resource Project]\n(https://cloud.google.com/data-catalog/docs/concepts/resource-project) for\nmore information).",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/entryGroups/{entryGroupsId}/entries/{entriesId}",
"httpMethod": "DELETE",
"id": "datacatalog.projects.locations.entryGroups.entries.delete",
@@ -569,7 +569,7 @@
]
},
"patch": {
"description": "Updates an existing entry.\nUsers should enable the Data Catalog API in the project identified by\nthe `entry.name` parameter (see [Data Catalog Resource Project]\n(/data-catalog/docs/concepts/resource-project) for more information).",
"description": "Updates an existing entry.\nUsers should enable the Data Catalog API in the project identified by\nthe `entry.name` parameter (see [Data Catalog Resource Project]\n(https://cloud.google.com/data-catalog/docs/concepts/resource-project) for\nmore information).",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/entryGroups/{entryGroupsId}/entries/{entriesId}",
"httpMethod": "PATCH",
"id": "datacatalog.projects.locations.entryGroups.entries.patch",
@@ -635,7 +635,7 @@
"tags": {
"methods": {
"create": {
"description": "Creates a tag on an Entry.\nNote: The project identified by the `parent` parameter for the\n[tag](/data-catalog/docs/reference/rest/v1beta1/projects.locations.entryGroups.entries.tags/create#path-parameters)\nand the\n[tag\ntemplate](/data-catalog/docs/reference/rest/v1beta1/projects.locations.tagTemplates/create#path-parameters)\nused to create the tag must be from the same organization.",
"description": "Creates a tag on an Entry.\nNote: The project identified by the `parent` parameter for the\n[tag](https://cloud.google.com/data-catalog/docs/reference/rest/v1beta1/projects.locations.entryGroups.entries.tags/create#path-parameters)\nand the\n[tag\ntemplate](https://cloud.google.com/data-catalog/docs/reference/rest/v1beta1/projects.locations.tagTemplates/create#path-parameters)\nused to create the tag must be from the same organization.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/entryGroups/{entryGroupsId}/entries/{entriesId}/tags",
"httpMethod": "POST",
"id": "datacatalog.projects.locations.entryGroups.entries.tags.create",
@@ -764,7 +764,7 @@
"tags": {
"methods": {
"create": {
"description": "Creates a tag on an Entry.\nNote: The project identified by the `parent` parameter for the\n[tag](/data-catalog/docs/reference/rest/v1beta1/projects.locations.entryGroups.entries.tags/create#path-parameters)\nand the\n[tag\ntemplate](/data-catalog/docs/reference/rest/v1beta1/projects.locations.tagTemplates/create#path-parameters)\nused to create the tag must be from the same organization.",
"description": "Creates a tag on an Entry.\nNote: The project identified by the `parent` parameter for the\n[tag](https://cloud.google.com/data-catalog/docs/reference/rest/v1beta1/projects.locations.entryGroups.entries.tags/create#path-parameters)\nand the\n[tag\ntemplate](https://cloud.google.com/data-catalog/docs/reference/rest/v1beta1/projects.locations.tagTemplates/create#path-parameters)\nused to create the tag must be from the same organization.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/entryGroups/{entryGroupsId}/tags",
"httpMethod": "POST",
"id": "datacatalog.projects.locations.entryGroups.tags.create",
@@ -893,7 +893,7 @@
"tagTemplates": {
"methods": {
"create": {
"description": "Creates a tag template. The user should enable the Data Catalog API in\nthe project identified by the `parent` parameter (see [Data Catalog\nResource Project](/data-catalog/docs/concepts/resource-project) for more\ninformation).",
"description": "Creates a tag template. The user should enable the Data Catalog API in\nthe project identified by the `parent` parameter (see [Data Catalog\nResource\nProject](https://cloud.google.com/data-catalog/docs/concepts/resource-project)\nfor more information).",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/tagTemplates",
"httpMethod": "POST",
"id": "datacatalog.projects.locations.tagTemplates.create",
@@ -902,7 +902,7 @@
],
"parameters": {
"parent": {
"description": "Required. The name of the project and the template location\n[region](/compute/docs/regions-zones/#available).\nNOTE: Currently, only the `us-central1 region` is supported.\n\nExample:\n\n* projects/{project_id}/locations/us-central1",
"description": "Required. The name of the project and the template location\n[region](https://cloud.google.com/data-catalog/docs/concepts/regions.\n\nExample:\n\n* projects/{project_id}/locations/us-central1",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
@@ -926,7 +926,7 @@
]
},
"delete": {
"description": "Deletes a tag template and all tags using the template.\nUsers should enable the Data Catalog API in the project identified by\nthe `name` parameter (see [Data Catalog Resource Project]\n(/data-catalog/docs/concepts/resource-project) for more information).",
"description": "Deletes a tag template and all tags using the template.\nUsers should enable the Data Catalog API in the project identified by\nthe `name` parameter (see [Data Catalog Resource Project]\n(https://cloud.google.com/data-catalog/docs/concepts/resource-project) for\nmore information).",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/tagTemplates/{tagTemplatesId}",
"httpMethod": "DELETE",
"id": "datacatalog.projects.locations.tagTemplates.delete",
@@ -1009,7 +1009,7 @@
]
},
"patch": {
"description": "Updates a tag template. This method cannot be used to update the fields of\na template. The tag template fields are represented as separate resources\nand should be updated using their own create/update/delete methods.\nUsers should enable the Data Catalog API in the project identified by\nthe `tag_template.name` parameter (see [Data Catalog Resource Project]\n(/data-catalog/docs/concepts/resource-project) for more information).",
"description": "Updates a tag template. This method cannot be used to update the fields of\na template. The tag template fields are represented as separate resources\nand should be updated using their own create/update/delete methods.\nUsers should enable the Data Catalog API in the project identified by\nthe `tag_template.name` parameter (see [Data Catalog Resource Project]\n(https://cloud.google.com/data-catalog/docs/concepts/resource-project) for\nmore information).",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/tagTemplates/{tagTemplatesId}",
"httpMethod": "PATCH",
"id": "datacatalog.projects.locations.tagTemplates.patch",
@@ -1103,7 +1103,7 @@
"fields": {
"methods": {
"create": {
"description": "Creates a field in a tag template. The user should enable the Data Catalog\nAPI in the project identified by the `parent` parameter (see\n[Data Catalog Resource\nProject](/data-catalog/docs/concepts/resource-project) for more\ninformation).",
"description": "Creates a field in a tag template. The user should enable the Data Catalog\nAPI in the project identified by the `parent` parameter (see\n[Data Catalog Resource\nProject](https://cloud.google.com/data-catalog/docs/concepts/resource-project)\nfor more information).",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/tagTemplates/{tagTemplatesId}/fields",
"httpMethod": "POST",
"id": "datacatalog.projects.locations.tagTemplates.fields.create",
@@ -1112,7 +1112,7 @@
],
"parameters": {
"parent": {
"description": "Required. The name of the project and the template location\n[region](/compute/docs/regions-zones/#available).\nNOTE: Currently, only the `us-central1 region` is supported.\n\nExample:\n\n* projects/{project_id}/locations/us-central1/tagTemplates/{tag_template_id}",
"description": "Required. The name of the project and the template location\n[region](https://cloud.google.com/data-catalog/docs/concepts/regions).\n\nExample:\n\n* projects/{project_id}/locations/us-central1/tagTemplates/{tag_template_id}",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+/tagTemplates/[^/]+$",
"required": true,
@@ -1136,7 +1136,7 @@
]
},
"delete": {
"description": "Deletes a field in a tag template and all uses of that field.\nUsers should enable the Data Catalog API in the project identified by\nthe `name` parameter (see [Data Catalog Resource Project]\n(/data-catalog/docs/concepts/resource-project) for more information).",
"description": "Deletes a field in a tag template and all uses of that field.\nUsers should enable the Data Catalog API in the project identified by\nthe `name` parameter (see [Data Catalog Resource Project]\n(https://cloud.google.com/data-catalog/docs/concepts/resource-project) for\nmore information).",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/tagTemplates/{tagTemplatesId}/fields/{fieldsId}",
"httpMethod": "DELETE",
"id": "datacatalog.projects.locations.tagTemplates.fields.delete",
@@ -1166,7 +1166,7 @@
]
},
"patch": {
"description": "Updates a field in a tag template. This method cannot be used to update the\nfield type. Users should enable the Data Catalog API in the project\nidentified by the `name` parameter (see [Data Catalog Resource Project]\n(/data-catalog/docs/concepts/resource-project) for more information).",
"description": "Updates a field in a tag template. This method cannot be used to update the\nfield type. Users should enable the Data Catalog API in the project\nidentified by the `name` parameter (see [Data Catalog Resource Project]\n(https://cloud.google.com/data-catalog/docs/concepts/resource-project) for\nmore information).",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/tagTemplates/{tagTemplatesId}/fields/{fieldsId}",
"httpMethod": "PATCH",
"id": "datacatalog.projects.locations.tagTemplates.fields.patch",
@@ -1200,7 +1200,7 @@
]
},
"rename": {
"description": "Renames a field in a tag template. The user should enable the Data Catalog\nAPI in the project identified by the `name` parameter (see [Data Catalog\nResource Project](/data-catalog/docs/concepts/resource-project) for more\ninformation).",
"description": "Renames a field in a tag template. The user should enable the Data Catalog\nAPI in the project identified by the `name` parameter (see [Data Catalog\nResource\nProject](https://cloud.google.com/data-catalog/docs/concepts/resource-project)\nfor more information).",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/tagTemplates/{tagTemplatesId}/fields/{fieldsId}:rename",
"httpMethod": "POST",
"id": "datacatalog.projects.locations.tagTemplates.fields.rename",
@@ -1385,7 +1385,7 @@
],
"parameters": {
"parent": {
"description": "Required. Resource name of project that the newly created taxonomies will\nbelong to.",
"description": "Required. Resource name of project that the imported taxonomies will belong to.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
@@ -1774,7 +1774,7 @@
}
}
},
"revision": "20200402",
"revision": "20200528",
"rootUrl": "https://datacatalog.googleapis.com/",
"schemas": {
"Binding": {
@@ -1783,7 +1783,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -1834,7 +1834,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`. This field is only used by Cloud IAM."
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to\n`GetIamPolicy`."
}
},
"type": "object"
@@ -1844,7 +1844,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1880,12 +1880,14 @@
"enum": [
"TABLE_SOURCE_TYPE_UNSPECIFIED",
"BIGQUERY_VIEW",
"BIGQUERY_TABLE"
"BIGQUERY_TABLE",
"BIGQUERY_MATERIALIZED_VIEW"
],
"enumDescriptions": [
"Default unknown type.",
"Table view.",
"BigQuery native table."
"BigQuery native table.",
"BigQuery materialized view."
],
"type": "string"
},
@@ -1996,7 +1998,7 @@
"enumDescriptions": [
"Default unknown type.",
"Output only. The type of entry that has a GoogleSQL schema, including\nlogical views.",
"Output only. The type of models.",
"Output only. The type of models.\nhttps://cloud.google.com/bigquery-ml/docs/bigqueryml-intro",
"Output only. An entry type which is used for streaming entries. Example:\nPub/Sub topic.",
"An entry type which is a set of files or objects. Example:\nCloud Storage fileset."
],
@@ -2148,7 +2150,7 @@
"properties": {
"inlineSource": {
"$ref": "GoogleCloudDatacatalogV1beta1InlineSource",
"description": "Inline source used for taxonomies import"
"description": "Inline source used for taxonomies to be imported."
}
},
"type": "object"
@@ -2344,7 +2346,7 @@
"type": "string"
},
"query": {
"description": "Required. The query string in search query syntax. The query must be non-empty.\n\nQuery strings can be simple as \"x\" or more qualified as:\n\n* name:x\n* column:x\n* description:y\n\nNote: Query tokens need to have a minimum of 3 characters for substring\nmatching to work correctly. See [Data Catalog Search\nSyntax](/data-catalog/docs/how-to/search-reference) for more information.",
"description": "Required. The query string in search query syntax. The query must be non-empty.\n\nQuery strings can be simple as \"x\" or more qualified as:\n\n* name:x\n* column:x\n* description:y\n\nNote: Query tokens need to have a minimum of 3 characters for substring\nmatching to work correctly. See [Data Catalog Search\nSyntax](https://cloud.google.com/data-catalog/docs/how-to/search-reference)\nfor more information.",
"type": "string"
},
"scope": {
@@ -2375,6 +2377,13 @@
"type": "string"
},
"type": "array"
},
"restrictedLocations": {
"description": "Optional. The list of locations to search within.\n1. If empty, search will be performed in all locations;\n2. If any of the locations are NOT in the valid locations list, error\nwill be returned;\n3. Otherwise, search only the given locations for matching results.\nTypical usage is to leave this field empty. When a location is\nunreachable as returned in the `SearchCatalogResponse.unreachable` field,\nusers can repeat the search request with this parameter set to get\nadditional information on the error.\n\nValid locations:\n * asia-east1\n * asia-east2\n * asia-northeast1\n * asia-northeast2\n * asia-northeast3\n * asia-south1\n * asia-southeast1\n * australia-southeast1\n * eu\n * europe-north1\n * europe-west1\n * europe-west2\n * europe-west3\n * europe-west4\n * europe-west6\n * global\n * northamerica-northeast1\n * southamerica-east1\n * us\n * us-central1\n * us-east1\n * us-east4\n * us-west1\n * us-west2",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
@@ -2393,6 +2402,13 @@
"$ref": "GoogleCloudDatacatalogV1beta1SearchCatalogResult"
},
"type": "array"
},
"unreachable": {
"description": "Unreachable locations. Search result does not include data from those\nlocations. Users can get additional information on the error by repeating\nthe search request with a more restrictive parameter -- setting the value\nfor `SearchDataCatalogRequest.scope.include_locations`.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
@@ -2450,6 +2466,10 @@
"displayName": {
"description": "Required. Display name of the policy tag. Max 200 bytes when encoded in UTF-8.",
"type": "string"
},
"policyTag": {
"description": "Resource name of the policy tag.\n\nThis field will be ignored when calling ImportTaxonomies.",
"type": "string"
}
},
"type": "object"
@@ -2510,7 +2530,7 @@
"type": "object"
},
"GoogleCloudDatacatalogV1beta1Tag": {
"description": "Tags are used to attach custom metadata to Data Catalog resources. Tags\nconform to the specifications within their tag template.\n\nSee [Data Catalog IAM](/data-catalog/docs/concepts/iam) for information on\nthe permissions needed to create or view tags.",
"description": "Tags are used to attach custom metadata to Data Catalog resources. Tags\nconform to the specifications within their tag template.\n\nSee [Data Catalog\nIAM](https://cloud.google.com/data-catalog/docs/concepts/iam) for information\non the permissions needed to create or view tags.",
"id": "GoogleCloudDatacatalogV1beta1Tag",
"properties": {
"column": {
@@ -2589,7 +2609,7 @@
"type": "object"
},
"GoogleCloudDatacatalogV1beta1TagTemplate": {
"description": "A tag template defines a tag, which can have one or more typed fields.\nThe template is used to create and attach the tag to GCP resources.\n[Tag template roles](/iam/docs/understanding-roles#data-catalog-roles)\nprovide permissions to create, edit, and use the template (see, for example,\nthe [TagTemplate User](/data-catalog/docs/how-to/template-user) role, which\nincludes permission to use the tag template to tag resources.",
"description": "A tag template defines a tag, which can have one or more typed fields.\nThe template is used to create and attach the tag to GCP resources.\n[Tag template\nroles](https://cloud.google.com/iam/docs/understanding-roles#data-catalog-roles)\nprovide permissions to create, edit, and use the template. See, for example,\nthe [TagTemplate\nUser](https://cloud.google.com/data-catalog/docs/how-to/template-user) role,\nwhich includes permission to use the tag template to tag resources.",
"id": "GoogleCloudDatacatalogV1beta1TagTemplate",
"properties": {
"displayName": {
@@ -2684,7 +2704,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"bindings": {
@@ -2700,7 +2720,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}

444
etc/api/dataflow/v1b3/dataflow-api.json
View File

@@ -183,6 +183,184 @@
}
},
"resources": {
"catalogTemplates": {
"methods": {
"commit": {
"description": "Creates a new TemplateVersion (Important: not new Template) entry in the\nspanner table. Requires project_id and display_name (template).",
"flatPath": "v1b3/projects/{projectsId}/catalogTemplates/{catalogTemplatesId}:commit",
"httpMethod": "POST",
"id": "dataflow.projects.catalogTemplates.commit",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The location of the template, name includes project_id and display_name.\n\nCommit using project_id(pid1) and display_name(tid1).\n Format: projects/{pid1}/catalogTemplates/{tid1}",
"location": "path",
"pattern": "^projects/[^/]+/catalogTemplates/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1b3/{+name}:commit",
"request": {
"$ref": "CommitTemplateVersionRequest"
},
"response": {
"$ref": "TemplateVersion"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/userinfo.email"
]
},
"delete": {
"description": "Deletes an existing Template. Do nothing if Template does not exist.",
"flatPath": "v1b3/projects/{projectsId}/catalogTemplates/{catalogTemplatesId}",
"httpMethod": "DELETE",
"id": "dataflow.projects.catalogTemplates.delete",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "name includes project_id and display_name.\n\nDelete by project_id(pid1) and display_name(tid1).\n Format: projects/{pid1}/catalogTemplates/{tid1}",
"location": "path",
"pattern": "^projects/[^/]+/catalogTemplates/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1b3/{+name}",
"response": {
"$ref": "Empty"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/userinfo.email"
]
},
"get": {
"description": "Get TemplateVersion using project_id and display_name with an optional\nversion_id field. Get latest (has tag \"latest\") TemplateVersion if\nversion_id not set.",
"flatPath": "v1b3/projects/{projectsId}/catalogTemplates/{catalogTemplatesId}",
"httpMethod": "GET",
"id": "dataflow.projects.catalogTemplates.get",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Resource name includes project_id and display_name. version_id is optional.\nGet the latest TemplateVersion if version_id not set.\n\nGet by project_id(pid1) and display_name(tid1):\n Format: projects/{pid1}/catalogTemplates/{tid1}\n\nGet by project_id(pid1), display_name(tid1), and version_id(vid1):\n Format: projects/{pid1}/catalogTemplates/{tid1@vid}",
"location": "path",
"pattern": "^projects/[^/]+/catalogTemplates/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1b3/{+name}",
"response": {
"$ref": "TemplateVersion"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/userinfo.email"
]
},
"label": {
"description": "Updates the label of the TemplateVersion. Label can be duplicated in\nTemplate, so either add or remove the label in the TemplateVersion.",
"flatPath": "v1b3/projects/{projectsId}/catalogTemplates/{catalogTemplatesId}:label",
"httpMethod": "POST",
"id": "dataflow.projects.catalogTemplates.label",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Resource name includes project_id, display_name, and version_id.\n\nUpdates by project_id(pid1), display_name(tid1), and version_id(vid1):\n Format: projects/{pid1}/catalogTemplates/{tid1@vid}",
"location": "path",
"pattern": "^projects/[^/]+/catalogTemplates/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1b3/{+name}:label",
"request": {
"$ref": "ModifyTemplateVersionLabelRequest"
},
"response": {
"$ref": "ModifyTemplateVersionLabelResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/userinfo.email"
]
},
"tag": {
"description": "Updates the tag of the TemplateVersion, and tag is unique in Template.\nIf tag exists in another TemplateVersion in the Template, updates the tag\nto this TemplateVersion will remove it from the old TemplateVersion and add\nit to this TemplateVersion. If request is remove_only (remove_only = true),\nremove the tag from this TemplateVersion.",
"flatPath": "v1b3/projects/{projectsId}/catalogTemplates/{catalogTemplatesId}:tag",
"httpMethod": "POST",
"id": "dataflow.projects.catalogTemplates.tag",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "Resource name includes project_id, display_name, and version_id.\n\nUpdates by project_id(pid1), display_name(tid1), and version_id(vid1):\n Format: projects/{pid1}/catalogTemplates/{tid1@vid}",
"location": "path",
"pattern": "^projects/[^/]+/catalogTemplates/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1b3/{+name}:tag",
"request": {
"$ref": "ModifyTemplateVersionTagRequest"
},
"response": {
"$ref": "ModifyTemplateVersionTagResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/userinfo.email"
]
}
},
"resources": {
"templateVersions": {
"methods": {
"create": {
"description": "Creates a new Template with TemplateVersion. Requires\nproject_id(projects) and template display_name(catalogTemplates).\nThe template display_name is set by the user.",
"flatPath": "v1b3/projects/{projectsId}/catalogTemplates/{catalogTemplatesId}/templateVersions",
"httpMethod": "POST",
"id": "dataflow.projects.catalogTemplates.templateVersions.create",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "The parent project and template that the TemplateVersion will be created\nunder.\n\nCreate using project_id(pid1) and display_name(tid1).\n Format: projects/{pid1}/catalogTemplates/{tid1}",
"location": "path",
"pattern": "^projects/[^/]+/catalogTemplates/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1b3/{+parent}/templateVersions",
"request": {
"$ref": "CreateTemplateVersionRequest"
},
"response": {
"$ref": "TemplateVersion"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/userinfo.email"
]
}
}
}
}
},
"jobs": {
"methods": {
"aggregated": {
@@ -1877,6 +2055,47 @@
}
}
},
"templateVersions": {
"methods": {
"list": {
"description": "List TemplateVersions using project_id and an optional display_name field.\nList all the TemplateVersions in the Template if display set.\nList all the TemplateVersions in the Project if display_name not set.",
"flatPath": "v1b3/projects/{projectsId}/templateVersions",
"httpMethod": "GET",
"id": "dataflow.projects.templateVersions.list",
"parameterOrder": [
"parent"
],
"parameters": {
"pageSize": {
"description": "The maximum number of TemplateVersions to return per page.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "The page token, received from a previous ListTemplateVersions call.\nProvide this to retrieve the subsequent page.",
"location": "query",
"type": "string"
},
"parent": {
"description": "parent includes project_id, and display_name is optional.\n\nList by project_id(pid1) and display_name(tid1).\n Format: projects/{pid1}/catalogTemplates/{tid1}\n\nList by project_id(pid1).\n Format: projects/{pid1}",
"location": "path",
"pattern": "^projects/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1b3/{+parent}/templateVersions",
"response": {
"$ref": "ListTemplateVersionsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/userinfo.email"
]
}
}
},
"templates": {
"methods": {
"create": {
@@ -2014,7 +2233,7 @@
}
}
},
"revision": "20200319",
"revision": "20200602",
"rootUrl": "https://dataflow.googleapis.com/",
"schemas": {
"ApproximateProgress": {
@@ -2083,6 +2302,25 @@
},
"type": "object"
},
"Artifact": {
"description": "Job information for templates.",
"id": "Artifact",
"properties": {
"containerSpec": {
"$ref": "ContainerSpec",
"description": "Container image path set for flex Template."
},
"jobGraphGcsPath": {
"description": "job_graph_gcs_path set for legacy Template.",
"type": "string"
},
"metadata": {
"$ref": "TemplateMetadata",
"description": "Metadata set for legacy Template."
}
},
"type": "object"
},
"AutoscalingEvent": {
"description": "A structured message reporting an autoscaling decision made by the Dataflow\nservice.",
"id": "AutoscalingEvent",
@@ -2221,6 +2459,17 @@
},
"type": "object"
},
"CommitTemplateVersionRequest": {
"description": "Commit will add a new TemplateVersion to an existing template.",
"id": "CommitTemplateVersionRequest",
"properties": {
"templateVersion": {
"$ref": "TemplateVersion",
"description": "TemplateVersion obejct to create."
}
},
"type": "object"
},
"ComponentSource": {
"description": "Description of an interstitial value between transforms in an execution\nstage.",
"id": "ComponentSource",
@@ -2584,6 +2833,17 @@
},
"type": "object"
},
"CreateTemplateVersionRequest": {
"description": "Creates a new Template with TemplateVersions.",
"id": "CreateTemplateVersionRequest",
"properties": {
"templateVersion": {
"$ref": "TemplateVersion",
"description": "The TemplateVersion object to create."
}
},
"type": "object"
},
"CustomSourceLocation": {
"description": "Identifies the location of a custom souce.",
"id": "CustomSourceLocation",
@@ -2787,6 +3047,12 @@
},
"type": "object"
},
"Empty": {
"description": "A generic empty message that you can re-use to avoid defining duplicated\nempty messages in your APIs. A typical example is to use it as the request\nor the response type of an API method. For instance:\n\n service Foo {\n rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);\n }\n\nThe JSON representation for `Empty` is empty JSON object `{}`.",
"id": "Empty",
"properties": {},
"type": "object"
},
"Environment": {
"description": "Describes the environment in which a Dataflow Job runs.",
"id": "Environment",
@@ -3868,6 +4134,24 @@
},
"type": "object"
},
"ListTemplateVersionsResponse": {
"description": "Respond a list of TemplateVersions.",
"id": "ListTemplateVersionsResponse",
"properties": {
"nextPageToken": {
"description": "A token that can be sent as `page_token` to retrieve the next page.\nIf this field is omitted, there are no subsequent pages.",
"type": "string"
},
"templateVersions": {
"description": "A list of TemplateVersions.",
"items": {
"$ref": "TemplateVersion"
},
"type": "array"
}
},
"type": "object"
},
"MapTask": {
"description": "MapTask consists of an ordered set of instructions, each of which\ndescribes one particular low-level operation for the worker to\nperform in order to accomplish the MapTask's WorkItem.\n\nEach instruction must appear in the list before any instructions which\ndepends on its output.",
"id": "MapTask",
@@ -4012,6 +4296,78 @@
},
"type": "object"
},
"ModifyTemplateVersionLabelRequest": {
"description": "Either add the label to TemplateVersion or remove it from the\nTemplateVersion.",
"id": "ModifyTemplateVersionLabelRequest",
"properties": {
"key": {
"description": "The label key for update.",
"type": "string"
},
"op": {
"description": "Requests for add label to TemplateVersion or remove label from\nTemplateVersion.",
"enum": [
"OPERATION_UNSPECIFIED",
"ADD",
"REMOVE"
],
"enumDescriptions": [
"Default value.",
"Add the label to the TemplateVersion object.",
"Remove the label from the TemplateVersion object."
],
"type": "string"
},
"value": {
"description": "The label value for update.",
"type": "string"
}
},
"type": "object"
},
"ModifyTemplateVersionLabelResponse": {
"description": "Respond the labels in the TemplateVersion.",
"id": "ModifyTemplateVersionLabelResponse",
"properties": {
"labels": {
"additionalProperties": {
"type": "string"
},
"description": "All the label in the TemplateVersion.",
"type": "object"
}
},
"type": "object"
},
"ModifyTemplateVersionTagRequest": {
"description": "Add a tag to the current TemplateVersion. If tag exist in another\nTemplateVersion in the Template, remove the tag before add it to the current\nTemplateVersion. If remove_only set, remove the tag from the current\nTemplateVersion.",
"id": "ModifyTemplateVersionTagRequest",
"properties": {
"removeOnly": {
"description": "The flag that indicates if the request is only for remove tag from\nTemplateVersion.",
"type": "boolean"
},
"tag": {
"description": "The tag for update.",
"type": "string"
}
},
"type": "object"
},
"ModifyTemplateVersionTagResponse": {
"description": "Respond the current tags in the TemplateVersion.",
"id": "ModifyTemplateVersionTagResponse",
"properties": {
"tags": {
"description": "All the tags in the TemplateVersion.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"MountedDataDisk": {
"description": "Describes mounted data disk.",
"id": "MountedDataDisk",
@@ -4418,6 +4774,28 @@
},
"type": "object"
},
"QueryInfo": {
"description": "Information about a validated query.",
"id": "QueryInfo",
"properties": {
"queryProperty": {
"description": "Includes an entry for each satisfied QueryProperty.",
"enumDescriptions": [
"The query property is unknown or unspecified.",
"Indicates this query reads from >= 1 unbounded source."
],
"items": {
"enum": [
"QUERY_PROPERTY_UNSPECIFIED",
"HAS_UNBOUNDED_SOURCE"
],
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"ReadInstruction": {
"description": "An instruction that reads records.\nTakes no inputs, produces one output.",
"id": "ReadInstruction",
@@ -5723,6 +6101,66 @@
},
"type": "object"
},
"TemplateVersion": {
"description": "/////////////////////////////////////////////////////////////////////////////\n//// Template Catalog is used to organize user TemplateVersions.\n//// TemplateVersions that have the same project_id and display_name are\n//// belong to the same Template.\n//// Templates with the same project_id belong to the same Project.\n//// TemplateVersion may have labels and multiple labels are allowed.\n//// Duplicated labels in the same `TemplateVersion` are not allowed.\n//// TemplateVersion may have tags and multiple tags are allowed. Duplicated\n//// tags in the same `Template` are not allowed!",
"id": "TemplateVersion",
"properties": {
"artifact": {
"$ref": "Artifact",
"description": "Job graph and metadata if it is a legacy Template.\nContainer image path and metadata if it is flex Template."
},
"createTime": {
"description": "Creation time of this TemplateVersion.",
"format": "google-datetime",
"type": "string"
},
"description": {
"description": "Template description from the user.",
"type": "string"
},
"displayName": {
"description": "A customized name for Template. Multiple TemplateVersions per Template.",
"type": "string"
},
"labels": {
"additionalProperties": {
"type": "string"
},
"description": "Labels for the Template Version. Labels can be duplicate within Template.",
"type": "object"
},
"projectId": {
"description": "A unique project_id. Multiple Templates per Project.",
"type": "string"
},
"tags": {
"description": "Alias for version_id, helps locate a TemplateVersion.",
"items": {
"type": "string"
},
"type": "array"
},
"type": {
"description": "Either LEGACY or FLEX. This should match with the type of artifact.",
"enum": [
"TEMPLATE_TYPE_UNSPECIFIED",
"LEGACY",
"FLEX"
],
"enumDescriptions": [
"Default value. Not a useful zero case.",
"Legacy Template.",
"Flex Template."
],
"type": "string"
},
"versionId": {
"description": "An auto generated version_id for TemplateVersion.",
"type": "string"
}
},
"type": "object"
},
"TopologyConfig": {
"description": "Global topology of the streaming Dataflow job, including all\ncomputations and their sharded locations.",
"id": "TopologyConfig",
@@ -5830,6 +6268,10 @@
"errorMessage": {
"description": "Will be empty if validation succeeds.",
"type": "string"
},
"queryInfo": {
"$ref": "QueryInfo",
"description": "Information about the validated query. Not defined if validation fails."
}
},
"type": "object"

99
etc/api/datafusion/v1beta1/datafusion-api.json
View File

@@ -40,11 +40,6 @@
"location": "query",
"type": "string"
},
"access_token": {
"description": "OAuth access token.",
"location": "query",
"type": "string"
},
"alt": {
"default": "json",
"description": "Data format for response.",
@@ -76,11 +71,6 @@
"location": "query",
"type": "string"
},
"oauth_token": {
"description": "OAuth 2.0 token for the current user.",
"location": "query",
"type": "string"
},
"prettyPrint": {
"default": "true",
"description": "Returns response with indentations and line breaks.",
@@ -277,7 +267,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -407,7 +397,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.\n\nCan return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/instances/{instancesId}:setIamPolicy",
"httpMethod": "POST",
"id": "datafusion.projects.locations.instances.setIamPolicy",
@@ -435,7 +425,7 @@
]
},
"testIamPermissions": {
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a `NOT_FOUND` error.\n\nNote: This operation is designed to be used for building permission-aware\nUIs and command-line tools, not for authorization checking. This operation\nmay \"fail open\" without warning.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/instances/{instancesId}:testIamPermissions",
"httpMethod": "POST",
"id": "datafusion.projects.locations.instances.testIamPermissions",
@@ -614,13 +604,58 @@
]
}
}
},
"versions": {
"methods": {
"list": {
"description": "Lists possible versions for Data Fusion instances in the specified project\nand location.",
"flatPath": "v1beta1/projects/{projectsId}/locations/{locationsId}/versions",
"httpMethod": "GET",
"id": "datafusion.projects.locations.versions.list",
"parameterOrder": [
"parent"
],
"parameters": {
"latestPatchOnly": {
"description": "Whether or not to return the latest patch of every available minor version.\nIf true, only the latest patch will be returned. Ex. if allowed versions is\n[6.1.1, 6.1.2, 6.2.0] then response will be [6.1.2, 6.2.0]",
"location": "query",
"type": "boolean"
},
"pageSize": {
"description": "The maximum number of items to return.",
"format": "int32",
"location": "query",
"type": "integer"
},
"pageToken": {
"description": "The next_page_token value to use if there are additional\nresults to retrieve for this list request.",
"location": "query",
"type": "string"
},
"parent": {
"description": "Required. The project and location for which to retrieve instance information\nin the format projects/{project}/locations/{location}.",
"location": "path",
"pattern": "^projects/[^/]+/locations/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1beta1/{+parent}/versions",
"response": {
"$ref": "ListAvailableVersionsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
}
}
}
}
},
"revision": "20200318",
"revision": "20200609",
"rootUrl": "https://datafusion.googleapis.com/",
"schemas": {
"Accelerator": {
@@ -645,7 +680,7 @@
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n },\n {\n \"log_type\": \"ADMIN_READ\"\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\",\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\"\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -663,7 +698,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\"\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -698,7 +733,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
"description": "The condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the members in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
@@ -777,7 +812,7 @@
"type": "string"
},
"description": {
"description": "Optional. An optional description of this instance.",
"description": "A description of this instance.",
"type": "string"
},
"displayName": {
@@ -894,6 +929,24 @@
},
"type": "object"
},
"ListAvailableVersionsResponse": {
"description": "Response message for the list available versions request.",
"id": "ListAvailableVersionsResponse",
"properties": {
"availableVersions": {
"description": "Represents a list of versions that are supported.",
"items": {
"$ref": "Version"
},
"type": "array"
},
"nextPageToken": {
"description": "Token to retrieve the next page of results or empty if there are no more\nresults in the list.",
"type": "string"
}
},
"type": "object"
},
"ListInstancesResponse": {
"description": "Response message for the list instance request.",
"id": "ListInstancesResponse",
@@ -1077,7 +1130,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nFor some types of Google Cloud resources, a `binding` can also specify a\n`condition`, which is a logical expression that allows access to a resource\nonly if the expression evaluates to `true`. A condition can add constraints\nbased on attributes of the request, the resource, or both. To learn which\nresources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -1100,7 +1153,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -1122,7 +1175,7 @@
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, the\nfollowing default mask is used:\n\n`paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}
@@ -1194,6 +1247,10 @@
"description": "The Data Fusion version.",
"id": "Version",
"properties": {
"defaultVersion": {
"description": "Whether this is currently the default version for Cloud Data Fusion",
"type": "boolean"
},
"versionNumber": {
"description": "The version number of the Data Fusion instance, such as '6.0.1.0'.",
"type": "string"

124
etc/api/dataproc/v1/dataproc-api.json
View File

@@ -254,7 +254,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/autoscalingPolicies/{autoscalingPoliciesId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.locations.autoscalingPolicies.setIamPolicy",
@@ -557,7 +557,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workflowTemplates/{workflowTemplatesId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.locations.workflowTemplates.setIamPolicy",
@@ -791,7 +791,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1/projects/{projectsId}/regions/{regionsId}/autoscalingPolicies/{autoscalingPoliciesId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.regions.autoscalingPolicies.setIamPolicy",
@@ -1178,7 +1178,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1/projects/{projectsId}/regions/{regionsId}/clusters/{clustersId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.regions.clusters.setIamPolicy",
@@ -1492,7 +1492,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1/projects/{projectsId}/regions/{regionsId}/jobs/{jobsId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.regions.jobs.setIamPolicy",
@@ -1764,7 +1764,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1/projects/{projectsId}/regions/{regionsId}/operations/{operationsId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.regions.operations.setIamPolicy",
@@ -2039,7 +2039,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1/projects/{projectsId}/regions/{regionsId}/workflowTemplates/{workflowTemplatesId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.regions.workflowTemplates.setIamPolicy",
@@ -2129,11 +2129,11 @@
}
}
},
"revision": "20200323",
"revision": "20200703",
"rootUrl": "https://dataproc.googleapis.com/",
"schemas": {
"AcceleratorConfig": {
"description": "Specifies the type and number of accelerator cards attached to the instances of an instance. See GPUs on Compute Engine.",
"description": "Specifies the type and number of accelerator cards attached to the instances of an instance. See GPUs on Compute Engine (https://cloud.google.com/compute/docs/gpus/).",
"id": "AcceleratorConfig",
"properties": {
"acceleratorCount": {
@@ -2142,7 +2142,7 @@
"type": "integer"
},
"acceleratorTypeUri": {
"description": "Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See Compute Engine AcceleratorTypes.Examples:\nhttps://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80\nprojects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80\nnvidia-tesla-k80Auto Zone Exception: If you are using the Dataproc Auto Zone Placement feature, you must use the short name of the accelerator type resource, for example, nvidia-tesla-k80.",
"description": "Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See Compute Engine AcceleratorTypes (https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes).Examples:\nhttps://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80\nprojects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80\nnvidia-tesla-k80Auto Zone Exception: If you are using the Dataproc Auto Zone Placement (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, nvidia-tesla-k80.",
"type": "string"
}
},
@@ -2211,7 +2211,7 @@
"type": "string"
},
"scaleDownFactor": {
"description": "Required. Fraction of average pending memory in the last cooldown period for which to remove workers. A scale-down factor of 1 will result in scaling down so that there is no available memory remaining after the update (more aggressive scaling). A scale-down factor of 0 disables removing workers, which can be beneficial for autoscaling a single job.Bounds: 0.0, 1.0.",
"description": "Required. Fraction of average YARN pending memory in the last cooldown period for which to remove workers. A scale-down factor of 1 will result in scaling down so that there is no available memory remaining after the update (more aggressive scaling). A scale-down factor of 0 disables removing workers, which can be beneficial for autoscaling a single job. See How autoscaling works for more information.Bounds: 0.0, 1.0.",
"format": "double",
"type": "number"
},
@@ -2221,7 +2221,7 @@
"type": "number"
},
"scaleUpFactor": {
"description": "Required. Fraction of average pending memory in the last cooldown period for which to add workers. A scale-up factor of 1.0 will result in scaling up so that there is no pending memory remaining after the update (more aggressive scaling). A scale-up factor closer to 0 will result in a smaller magnitude of scaling up (less aggressive scaling).Bounds: 0.0, 1.0.",
"description": "Required. Fraction of average YARN pending memory in the last cooldown period for which to add workers. A scale-up factor of 1.0 will result in scaling up so that there is no pending memory remaining after the update (more aggressive scaling). A scale-up factor closer to 0 will result in a smaller magnitude of scaling up (less aggressive scaling). See How autoscaling works for more information.Bounds: 0.0, 1.0.",
"format": "double",
"type": "number"
},
@@ -2239,7 +2239,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently."
"description": "The condition that is associated with this binding.If the condition evaluates to true, then this binding applies to the current request.If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource. members can have the following values:\nallUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.\nallAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.\nuser:{emailid}: An email address that represents a specific Google account. For example, alice@example.com .\nserviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\ngroup:{emailid}: An email address that represents a Google group. For example, admins@example.com.\ndeleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding.\ndeleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding.\ndeleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.\ndomain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com.",
@@ -2286,7 +2286,7 @@
},
"metrics": {
"$ref": "ClusterMetrics",
"description": "Contains cluster daemon metrics such as HDFS and YARN stats.Beta Feature: This report is available for testing purposes only. It may be changed before final release."
"description": "Output only. Contains cluster daemon metrics such as HDFS and YARN stats.Beta Feature: This report is available for testing purposes only. It may be changed before final release."
},
"projectId": {
"description": "Required. The Google Cloud Platform project ID that the cluster belongs to.",
@@ -2315,13 +2315,17 @@
"description": "Optional. Autoscaling config for the policy associated with the cluster. Cluster does not autoscale if this field is unset."
},
"configBucket": {
"description": "Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see Dataproc staging bucket).",
"description": "Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see Dataproc staging bucket (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)).",
"type": "string"
},
"encryptionConfig": {
"$ref": "EncryptionConfig",
"description": "Optional. Encryption settings for the cluster."
},
"endpointConfig": {
"$ref": "EndpointConfig",
"description": "Optional. Port/endpoint configuration for this cluster"
},
"gceClusterConfig": {
"$ref": "GceClusterConfig",
"description": "Optional. The shared Compute Engine config settings for all instances in a cluster."
@@ -2353,6 +2357,10 @@
"$ref": "SoftwareConfig",
"description": "Optional. The config settings for software inside the cluster."
},
"tempBucket": {
"description": "Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket.",
"type": "string"
},
"workerConfig": {
"$ref": "InstanceGroupConfig",
"description": "Optional. The Compute Engine config settings for worker instances in a cluster."
@@ -2609,6 +2617,24 @@
},
"type": "object"
},
"EndpointConfig": {
"description": "Endpoint config for this cluster",
"id": "EndpointConfig",
"properties": {
"enableHttpPortAccess": {
"description": "Optional. If true, enable http access to specific ports on the cluster from external sources. Defaults to false.",
"type": "boolean"
},
"httpPorts": {
"additionalProperties": {
"type": "string"
},
"description": "Output only. The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.",
"type": "object"
}
},
"type": "object"
},
"Expr": {
"description": "Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec.Example (Comparison):\ntitle: \"Summary size limit\"\ndescription: \"Determines if a summary is less than 100 chars\"\nexpression: \"document.summary.size() < 100\"\nExample (Equality):\ntitle: \"Requestor is owner\"\ndescription: \"Determines if requestor is the document owner\"\nexpression: \"document.owner == request.auth.claims.email\"\nExample (Logic):\ntitle: \"Public documents\"\ndescription: \"Determine whether the document should be publicly visible\"\nexpression: \"document.type != 'private' && document.type != 'internal'\"\nExample (Data Manipulation):\ntitle: \"Notification string\"\ndescription: \"Create a notification string with a timestamp.\"\nexpression: \"'New message received at ' + string(document.create_time)\"\nThe exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.",
"id": "Expr",
@@ -2648,7 +2674,7 @@
"type": "object"
},
"networkUri": {
"description": "Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither network_uri nor subnetwork_uri is specified, the \"default\" network of the project is used, if it exists. Cannot be a \"Custom Subnet Network\" (see Using Subnetworks for more information).A full URL, partial URI, or short name are valid. Examples:\nhttps://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default\nprojects/[project_id]/regions/global/default\ndefault",
"description": "Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither network_uri nor subnetwork_uri is specified, the \"default\" network of the project is used, if it exists. Cannot be a \"Custom Subnet Network\" (see Using Subnetworks (https://cloud.google.com/compute/docs/subnetworks) for more information).A full URL, partial URI, or short name are valid. Examples:\nhttps://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default\nprojects/[project_id]/regions/global/default\ndefault",
"type": "string"
},
"reservationAffinity": {
@@ -2656,7 +2682,7 @@
"description": "Optional. Reservation Affinity for consuming Zonal reservation."
},
"serviceAccount": {
"description": "Optional. The Dataproc service account (also see VM Data Plane identity) used by Dataproc cluster VM instances to access Google Cloud Platform services.If not specified, the Compute Engine default service account is used.",
"description": "Optional. The Dataproc service account (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_cloud_dataproc) (also see VM Data Plane identity (https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services.If not specified, the Compute Engine default service account (https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used.",
"type": "string"
},
"serviceAccountScopes": {
@@ -2671,7 +2697,7 @@
"type": "string"
},
"tags": {
"description": "The Compute Engine tags to add to all instances (see Tagging instances).",
"description": "The Compute Engine tags to add to all instances (see Tagging instances (https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).",
"items": {
"type": "string"
},
@@ -2690,7 +2716,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy. This field is only used by Cloud IAM."
"description": "OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy."
}
},
"type": "object"
@@ -2700,7 +2726,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.",
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -2839,7 +2865,7 @@
"description": "Optional. Disk option config settings."
},
"imageUri": {
"description": "Optional. The Compute Engine image resource used for cluster instances. It can be specified or may be inferred from SoftwareConfig.image_version.",
"description": "Optional. The Compute Engine image resource used for cluster instances.The URI can represent an image or image family.Image examples:\nhttps://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]\nprojects/[project_id]/global/images/[image-id]\nimage-idImage family examples. Dataproc will use the most recent image from the family:\nhttps://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]\nprojects/[project_id]/global/images/family/[custom-image-family-name]If the URI is unspecified, it will be inferred from SoftwareConfig.image_version or the system default.",
"type": "string"
},
"instanceNames": {
@@ -2854,7 +2880,7 @@
"type": "boolean"
},
"machineTypeUri": {
"description": "Optional. The Compute Engine machine type used for cluster instances.A full URL, partial URI, or short name are valid. Examples:\nhttps://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2\nprojects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2\nn1-standard-2Auto Zone Exception: If you are using the Dataproc Auto Zone Placement feature, you must use the short name of the machine type resource, for example, n1-standard-2.",
"description": "Optional. The Compute Engine machine type used for cluster instances.A full URL, partial URI, or short name are valid. Examples:\nhttps://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2\nprojects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2\nn1-standard-2Auto Zone Exception: If you are using the Dataproc Auto Zone Placement (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, n1-standard-2.",
"type": "string"
},
"managedGroupConfig": {
@@ -2862,7 +2888,7 @@
"description": "Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups."
},
"minCpuPlatform": {
"description": "Optional. Specifies the minimum cpu platform for the Instance Group. See Dataproc&rarr;Minimum CPU Platform.",
"description": "Optional. Specifies the minimum cpu platform for the Instance Group. See Dataproc -&gt; Minimum CPU Platform (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).",
"type": "string"
},
"numInstances": {
@@ -3050,7 +3076,7 @@
"type": "string"
},
"projectId": {
"description": "Required. The ID of the Google Cloud Platform project that the job belongs to.",
"description": "Optional. The ID of the Google Cloud Platform project that the job belongs to. If specified, must match the request project ID.",
"type": "string"
}
},
@@ -3149,7 +3175,7 @@
"type": "string"
},
"enableKerberos": {
"description": "Optional. Flag to indicate whether to Kerberize the cluster.",
"description": "Optional. Flag to indicate whether to Kerberize the cluster (default: false). Set this field to true to enable Kerberos on a cluster.",
"type": "boolean"
},
"kdcDbKeyUri": {
@@ -3431,10 +3457,12 @@
"id": "OrderedJob",
"properties": {
"hadoopJob": {
"$ref": "HadoopJob"
"$ref": "HadoopJob",
"description": "Optional. Job is a Hadoop job."
},
"hiveJob": {
"$ref": "HiveJob"
"$ref": "HiveJob",
"description": "Optional. Job is a Hive job."
},
"labels": {
"additionalProperties": {
@@ -3444,7 +3472,8 @@
"type": "object"
},
"pigJob": {
"$ref": "PigJob"
"$ref": "PigJob",
"description": "Optional. Job is a Pig job."
},
"prerequisiteStepIds": {
"description": "Optional. The optional list of prerequisite job step_ids. If not specified, the job will start at the beginning of workflow.",
@@ -3455,24 +3484,27 @@
},
"prestoJob": {
"$ref": "PrestoJob",
"description": "Presto job"
"description": "Optional. Job is a Presto job."
},
"pysparkJob": {
"$ref": "PySparkJob"
"$ref": "PySparkJob",
"description": "Optional. Job is a PySpark job."
},
"scheduling": {
"$ref": "JobScheduling",
"description": "Optional. Job scheduling configuration."
},
"sparkJob": {
"$ref": "SparkJob"
"$ref": "SparkJob",
"description": "Optional. Job is a Spark job."
},
"sparkRJob": {
"$ref": "SparkRJob",
"description": "Spark R job"
"description": "Optional. Job is a SparkR job."
},
"sparkSqlJob": {
"$ref": "SparkSqlJob"
"$ref": "SparkSqlJob",
"description": "Optional. Job is a SparkSql job."
},
"stepId": {
"description": "Required. The step id. The id must be unique among all jobs within the template.The step id is used as prefix for job id, as job goog-dataproc-workflow-step-id label, and in prerequisiteStepIds field from other steps.The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between 3 and 50 characters.",
@@ -3541,7 +3573,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role.Optionally, a binding can specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both.JSON example:\n{\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n}\nYAML example:\nbindings:\n- members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n- members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n- etag: BwWWja0YfJA=\n- version: 3\nFor a description of IAM and its features, see the IAM documentation (https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role.For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).JSON example:\n{\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n}\nYAML example:\nbindings:\n- members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n- members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n- etag: BwWWja0YfJA=\n- version: 3\nFor a description of IAM and its features, see the IAM documentation (https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"bindings": {
@@ -3557,7 +3589,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.Valid values are 0, 1, and 3. Requests that specify an invalid value are rejected.Any operation that affects conditional role bindings must specify version 3. This requirement applies to the following operations:\nGetting a policy that includes a conditional role binding\nAdding a conditional role binding to a policy\nChanging a conditional role binding in a policy\nRemoving any role binding, with or without a condition, from a policy that includes conditionsImportant: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost.If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.Valid values are 0, 1, and 3. Requests that specify an invalid value are rejected.Any operation that affects conditional role bindings must specify version 3. This requirement applies to the following operations:\nGetting a policy that includes a conditional role binding\nAdding a conditional role binding to a policy\nChanging a conditional role binding in a policy\nRemoving any role binding, with or without a condition, from a policy that includes conditionsImportant: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost.If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -3565,7 +3597,7 @@
"type": "object"
},
"PrestoJob": {
"description": "A Dataproc job for running Presto (https://prestosql.io/) queries",
"description": "A Dataproc job for running Presto (https://prestosql.io/) queries. IMPORTANT: The Dataproc Presto Optional Component (https://cloud.google.com/dataproc/docs/concepts/components/presto) must be enabled when the cluster is created to submit a Presto job to the cluster.",
"id": "PrestoJob",
"properties": {
"clientTags": {
@@ -3610,7 +3642,7 @@
"id": "PySparkJob",
"properties": {
"archiveUris": {
"description": "Optional. HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.",
"description": "Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.",
"items": {
"type": "string"
},
@@ -3624,7 +3656,7 @@
"type": "array"
},
"fileUris": {
"description": "Optional. HCFS URIs of files to be copied to the working directory of Python drivers and distributed tasks. Useful for naively parallel tasks.",
"description": "Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.",
"items": {
"type": "string"
},
@@ -3751,13 +3783,13 @@
"id": "SoftwareConfig",
"properties": {
"imageVersion": {
"description": "Optional. The version of software inside the cluster. It must be one of the supported Dataproc Versions, such as \"1.2\" (including a subminor version, such as \"1.2.29\"), or the \"preview\" version. If unspecified, it defaults to the latest Debian version.",
"description": "Optional. The version of software inside the cluster. It must be one of the supported Dataproc Versions (https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_cloud_dataproc_versions), such as \"1.2\" (including a subminor version, such as \"1.2.29\"), or the \"preview\" version (https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). If unspecified, it defaults to the latest Debian version.",
"type": "string"
},
"optionalComponents": {
"description": "Optional. The set of components to activate on the cluster.",
"enumDescriptions": [
"Unspecified component.",
"Unspecified component. Specifying this will cause Cluster creation to fail.",
"The Anaconda python distribution.",
"The Hive Web HCatalog (the REST service for accessing HCatalog).",
"The Jupyter Notebook.",
@@ -3783,7 +3815,7 @@
"additionalProperties": {
"type": "string"
},
"description": "Optional. The properties to set on daemon config files.Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. The following are supported prefixes and their mappings:\ncapacity-scheduler: capacity-scheduler.xml\ncore: core-site.xml\ndistcp: distcp-default.xml\nhdfs: hdfs-site.xml\nhive: hive-site.xml\nmapred: mapred-site.xml\npig: pig.properties\nspark: spark-defaults.conf\nyarn: yarn-site.xmlFor more information, see Cluster properties.",
"description": "Optional. The properties to set on daemon config files.Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. The following are supported prefixes and their mappings:\ncapacity-scheduler: capacity-scheduler.xml\ncore: core-site.xml\ndistcp: distcp-default.xml\nhdfs: hdfs-site.xml\nhive: hive-site.xml\nmapred: mapred-site.xml\npig: pig.properties\nspark: spark-defaults.conf\nyarn: yarn-site.xmlFor more information, see Cluster properties (https://cloud.google.com/dataproc/docs/concepts/cluster-properties).",
"type": "object"
}
},
@@ -3794,7 +3826,7 @@
"id": "SparkJob",
"properties": {
"archiveUris": {
"description": "Optional. HCFS URIs of archives to be extracted in the working directory of Spark drivers and tasks. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.",
"description": "Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.",
"items": {
"type": "string"
},
@@ -3808,7 +3840,7 @@
"type": "array"
},
"fileUris": {
"description": "Optional. HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.",
"description": "Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.",
"items": {
"type": "string"
},
@@ -3848,7 +3880,7 @@
"id": "SparkRJob",
"properties": {
"archiveUris": {
"description": "Optional. HCFS URIs of archives to be extracted in the working directory of Spark drivers and tasks. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.",
"description": "Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.",
"items": {
"type": "string"
},
@@ -3862,7 +3894,7 @@
"type": "array"
},
"fileUris": {
"description": "Optional. HCFS URIs of files to be copied to the working directory of R drivers and distributed tasks. Useful for naively parallel tasks.",
"description": "Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.",
"items": {
"type": "string"
},
@@ -4196,7 +4228,7 @@
"type": "string"
},
"parameters": {
"description": "Optional. emplate parameters whose values are substituted into the template. Values for parameters must be provided when the template is instantiated.",
"description": "Optional. Template parameters whose values are substituted into the template. Values for parameters must be provided when the template is instantiated.",
"items": {
"$ref": "TemplateParameter"
},

166
etc/api/dataproc/v1beta2/dataproc-api.json
View File

@@ -199,7 +199,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.",
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -257,7 +257,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1beta2/projects/{projectsId}/locations/{locationsId}/autoscalingPolicies/{autoscalingPoliciesId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.locations.autoscalingPolicies.setIamPolicy",
@@ -444,7 +444,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.",
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -568,7 +568,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1beta2/projects/{projectsId}/locations/{locationsId}/workflowTemplates/{workflowTemplatesId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.locations.workflowTemplates.setIamPolicy",
@@ -747,7 +747,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.",
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -805,7 +805,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1beta2/projects/{projectsId}/regions/{regionsId}/autoscalingPolicies/{autoscalingPoliciesId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.regions.autoscalingPolicies.setIamPolicy",
@@ -1068,7 +1068,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.",
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -1195,7 +1195,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1beta2/projects/{projectsId}/regions/{regionsId}/clusters/{clustersId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.regions.clusters.setIamPolicy",
@@ -1463,7 +1463,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.",
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -1594,7 +1594,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1beta2/projects/{projectsId}/regions/{regionsId}/jobs/{jobsId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.regions.jobs.setIamPolicy",
@@ -1806,7 +1806,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.",
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -1869,7 +1869,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1beta2/projects/{projectsId}/regions/{regionsId}/operations/{operationsId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.regions.operations.setIamPolicy",
@@ -2028,7 +2028,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.",
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"location": "query",
"type": "integer"
@@ -2152,7 +2152,7 @@
]
},
"setIamPolicy": {
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED",
"description": "Sets the access control policy on the specified resource. Replaces any existing policy.Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIED errors.",
"flatPath": "v1beta2/projects/{projectsId}/regions/{regionsId}/workflowTemplates/{workflowTemplatesId}:setIamPolicy",
"httpMethod": "POST",
"id": "dataproc.projects.regions.workflowTemplates.setIamPolicy",
@@ -2242,11 +2242,11 @@
}
}
},
"revision": "20200323",
"revision": "20200703",
"rootUrl": "https://dataproc.googleapis.com/",
"schemas": {
"AcceleratorConfig": {
"description": "Specifies the type and number of accelerator cards attached to the instances of an instance group (see GPUs on Compute Engine).",
"description": "Specifies the type and number of accelerator cards attached to the instances of an instance group (see GPUs on Compute Engine (https://cloud.google.com/compute/docs/gpus/)).",
"id": "AcceleratorConfig",
"properties": {
"acceleratorCount": {
@@ -2255,7 +2255,7 @@
"type": "integer"
},
"acceleratorTypeUri": {
"description": "Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See Compute Engine AcceleratorTypesExamples * https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80 * projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80 * nvidia-tesla-k80Auto Zone Exception: If you are using the Dataproc Auto Zone Placement feature, you must use the short name of the accelerator type resource, for example, nvidia-tesla-k80.",
"description": "Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See Compute Engine AcceleratorTypes (https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes)Examples * https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80 * projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80 * nvidia-tesla-k80Auto Zone Exception: If you are using the Dataproc Auto Zone Placement (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, nvidia-tesla-k80.",
"type": "string"
}
},
@@ -2324,7 +2324,7 @@
"type": "string"
},
"scaleDownFactor": {
"description": "Required. Fraction of average pending memory in the last cooldown period for which to remove workers. A scale-down factor of 1 will result in scaling down so that there is no available memory remaining after the update (more aggressive scaling). A scale-down factor of 0 disables removing workers, which can be beneficial for autoscaling a single job.Bounds: 0.0, 1.0.",
"description": "Required. Fraction of average YARN pending memory in the last cooldown period for which to remove workers. A scale-down factor of 1 will result in scaling down so that there is no available memory remaining after the update (more aggressive scaling). A scale-down factor of 0 disables removing workers, which can be beneficial for autoscaling a single job. See How autoscaling works for more information.Bounds: 0.0, 1.0.",
"format": "double",
"type": "number"
},
@@ -2334,7 +2334,7 @@
"type": "number"
},
"scaleUpFactor": {
"description": "Required. Fraction of average pending memory in the last cooldown period for which to add workers. A scale-up factor of 1.0 will result in scaling up so that there is no pending memory remaining after the update (more aggressive scaling). A scale-up factor closer to 0 will result in a smaller magnitude of scaling up (less aggressive scaling).Bounds: 0.0, 1.0.",
"description": "Required. Fraction of average YARN pending memory in the last cooldown period for which to add workers. A scale-up factor of 1.0 will result in scaling up so that there is no pending memory remaining after the update (more aggressive scaling). A scale-up factor closer to 0 will result in a smaller magnitude of scaling up (less aggressive scaling). See How autoscaling works for more information.Bounds: 0.0, 1.0.",
"format": "double",
"type": "number"
},
@@ -2352,7 +2352,7 @@
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding. NOTE: An unsatisfied condition will not allow user access via current binding. Different bindings, including their conditions, are examined independently."
"description": "The condition that is associated with this binding.If the condition evaluates to true, then this binding applies to the current request.If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource. members can have the following values:\nallUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.\nallAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.\nuser:{emailid}: An email address that represents a specific Google account. For example, alice@example.com .\nserviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\ngroup:{emailid}: An email address that represents a Google group. For example, admins@example.com.\ndeleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding.\ndeleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding.\ndeleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.\ndomain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com.",
@@ -2428,7 +2428,7 @@
"description": "Optional. Autoscaling config for the policy associated with the cluster. Cluster does not autoscale if this field is unset."
},
"configBucket": {
"description": "Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see Dataproc staging bucket).",
"description": "Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see Dataproc staging bucket (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)).",
"type": "string"
},
"encryptionConfig": {
@@ -2474,6 +2474,10 @@
"$ref": "SoftwareConfig",
"description": "Optional. The config settings for software inside the cluster."
},
"tempBucket": {
"description": "Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket.",
"type": "string"
},
"workerConfig": {
"$ref": "InstanceGroupConfig",
"description": "Optional. The Compute Engine config settings for worker instances in a cluster."
@@ -2641,7 +2645,10 @@
"RUNNING",
"ERROR",
"DELETING",
"UPDATING"
"UPDATING",
"STOPPING",
"STOPPED",
"STARTING"
],
"enumDescriptions": [
"The cluster state is unknown.",
@@ -2649,7 +2656,10 @@
"The cluster is currently running and healthy. It is ready for use.",
"The cluster encountered an error. It is not ready for use.",
"The cluster is being deleted. It cannot be used.",
"The cluster is being updated. It continues to accept and process jobs."
"The cluster is being updated. It continues to accept and process jobs.",
"The cluster is being stopped. It cannot be used.",
"The cluster is currently stopped. It is not ready for use.",
"The cluster is being started. It is not ready for use."
],
"type": "string"
},
@@ -2787,7 +2797,7 @@
"type": "object"
},
"networkUri": {
"description": "Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither network_uri nor subnetwork_uri is specified, the \"default\" network of the project is used, if it exists. Cannot be a \"Custom Subnet Network\" (see Using Subnetworks for more information).A full URL, partial URI, or short name are valid. Examples:\nhttps://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default\nprojects/[project_id]/regions/global/default\ndefault",
"description": "Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither network_uri nor subnetwork_uri is specified, the \"default\" network of the project is used, if it exists. Cannot be a \"Custom Subnet Network\" (see Using Subnetworks (https://cloud.google.com/compute/docs/subnetworks) for more information).A full URL, partial URI, or short name are valid. Examples:\nhttps://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default\nprojects/[project_id]/regions/global/default\ndefault",
"type": "string"
},
"reservationAffinity": {
@@ -2795,7 +2805,7 @@
"description": "Optional. Reservation Affinity for consuming Zonal reservation."
},
"serviceAccount": {
"description": "Optional. The Dataproc service account (also see VM Data Plane identity) used by Dataproc cluster VM instances to access Google Cloud Platform services.If not specified, the Compute Engine default service account is used.",
"description": "Optional. The Dataproc service account (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_cloud_dataproc) (also see VM Data Plane identity (https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services.If not specified, the Compute Engine default service account (https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used.",
"type": "string"
},
"serviceAccountScopes": {
@@ -2810,7 +2820,7 @@
"type": "string"
},
"tags": {
"description": "The Compute Engine tags to add to all instances (see Tagging instances).",
"description": "The Compute Engine tags to add to all instances (see Tagging instances (https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).",
"items": {
"type": "string"
},
@@ -2829,7 +2839,7 @@
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy. This field is only used by Cloud IAM."
"description": "OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy."
}
},
"type": "object"
@@ -2839,7 +2849,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.",
"description": "Optional. The policy format version to be returned.Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected.Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -2989,7 +2999,7 @@
"description": "Optional. Disk option config settings."
},
"imageUri": {
"description": "Optional. The Compute Engine image resource used for cluster instances. It can be specified or may be inferred from SoftwareConfig.image_version.",
"description": "Optional. The Compute Engine image resource used for cluster instances.The URI can represent an image or image family.Image examples:\nhttps://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]\nprojects/[project_id]/global/images/[image-id]\nimage-idImage family examples. Dataproc will use the most recent image from the family:\nhttps://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]\nprojects/[project_id]/global/images/family/[custom-image-family-name]If the URI is unspecified, it will be inferred from SoftwareConfig.image_version or the system default.",
"type": "string"
},
"instanceNames": {
@@ -3004,7 +3014,7 @@
"type": "boolean"
},
"machineTypeUri": {
"description": "Optional. The Compute Engine machine type used for cluster instances.A full URL, partial URI, or short name are valid. Examples:\nhttps://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2\nprojects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2\nn1-standard-2Auto Zone Exception: If you are using the Dataproc Auto Zone Placement feature, you must use the short name of the machine type resource, for example, n1-standard-2.",
"description": "Optional. The Compute Engine machine type used for cluster instances.A full URL, partial URI, or short name are valid. Examples:\nhttps://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2\nprojects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2\nn1-standard-2Auto Zone Exception: If you are using the Dataproc Auto Zone Placement (https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, n1-standard-2.",
"type": "string"
},
"managedGroupConfig": {
@@ -3012,7 +3022,7 @@
"description": "Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups."
},
"minCpuPlatform": {
"description": "Specifies the minimum cpu platform for the Instance Group. See Dataproc&rarr;Minimum CPU Platform.",
"description": "Specifies the minimum cpu platform for the Instance Group. See Dataproc -&gt; Minimum CPU Platform (https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).",
"type": "string"
},
"numInstances": {
@@ -3081,10 +3091,12 @@
"type": "string"
},
"hadoopJob": {
"$ref": "HadoopJob"
"$ref": "HadoopJob",
"description": "Optional. Job is a Hadoop job."
},
"hiveJob": {
"$ref": "HiveJob"
"$ref": "HiveJob",
"description": "Optional. Job is a Hive job."
},
"jobUuid": {
"description": "Output only. A UUID that uniquely identifies a job within the project over time. This is in contrast to a user-settable reference.job_id that may be reused over time.",
@@ -3098,17 +3110,20 @@
"type": "object"
},
"pigJob": {
"$ref": "PigJob"
"$ref": "PigJob",
"description": "Optional. Job is a Pig job."
},
"placement": {
"$ref": "JobPlacement",
"description": "Required. Job information, including how, when, and where to run the job."
},
"prestoJob": {
"$ref": "PrestoJob"
"$ref": "PrestoJob",
"description": "Optional. Job is a Presto job."
},
"pysparkJob": {
"$ref": "PySparkJob"
"$ref": "PySparkJob",
"description": "Optional. Job is a PySpark job."
},
"reference": {
"$ref": "JobReference",
@@ -3119,13 +3134,16 @@
"description": "Optional. Job scheduling configuration."
},
"sparkJob": {
"$ref": "SparkJob"
"$ref": "SparkJob",
"description": "Optional. Job is a Spark job."
},
"sparkRJob": {
"$ref": "SparkRJob"
"$ref": "SparkRJob",
"description": "Optional. Job is a SparkR job."
},
"sparkSqlJob": {
"$ref": "SparkSqlJob"
"$ref": "SparkSqlJob",
"description": "Optional. Job is a SparkSql job."
},
"status": {
"$ref": "JobStatus",
@@ -3200,7 +3218,7 @@
"type": "string"
},
"projectId": {
"description": "Required. The ID of the Google Cloud Platform project that the job belongs to.",
"description": "Optional. The ID of the Google Cloud Platform project that the job belongs to. If specified, must match the request project ID.",
"type": "string"
}
},
@@ -3299,7 +3317,7 @@
"type": "string"
},
"enableKerberos": {
"description": "Optional. Flag to indicate whether to Kerberize the cluster.",
"description": "Optional. Flag to indicate whether to Kerberize the cluster (default: false). Set this field to true to enable Kerberos on a cluster.",
"type": "boolean"
},
"kdcDbKeyUri": {
@@ -3596,10 +3614,12 @@
"id": "OrderedJob",
"properties": {
"hadoopJob": {
"$ref": "HadoopJob"
"$ref": "HadoopJob",
"description": "Optional. Job is a Hadoop job."
},
"hiveJob": {
"$ref": "HiveJob"
"$ref": "HiveJob",
"description": "Optional. Job is a Hive job."
},
"labels": {
"additionalProperties": {
@@ -3609,7 +3629,8 @@
"type": "object"
},
"pigJob": {
"$ref": "PigJob"
"$ref": "PigJob",
"description": "Optional. Job is a Pig job."
},
"prerequisiteStepIds": {
"description": "Optional. The optional list of prerequisite job step_ids. If not specified, the job will start at the beginning of workflow.",
@@ -3620,24 +3641,27 @@
},
"prestoJob": {
"$ref": "PrestoJob",
"description": "Presto job"
"description": "Optional. Job is a Presto job."
},
"pysparkJob": {
"$ref": "PySparkJob"
"$ref": "PySparkJob",
"description": "Optional. Job is a PySpark job."
},
"scheduling": {
"$ref": "JobScheduling",
"description": "Optional. Job scheduling configuration."
},
"sparkJob": {
"$ref": "SparkJob"
"$ref": "SparkJob",
"description": "Optional. Job is a Spark job."
},
"sparkRJob": {
"$ref": "SparkRJob",
"description": "Spark R job"
"description": "Optional. Job is a SparkR job."
},
"sparkSqlJob": {
"$ref": "SparkSqlJob"
"$ref": "SparkSqlJob",
"description": "Optional. Job is a SparkSql job."
},
"stepId": {
"description": "Required. The step id. The id must be unique among all jobs within the template.The step id is used as prefix for job id, as job goog-dataproc-workflow-step-id label, and in prerequisiteStepIds field from other steps.The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between 3 and 50 characters.",
@@ -3706,7 +3730,7 @@
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role.Optionally, a binding can specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both.JSON example:\n{\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n}\nYAML example:\nbindings:\n- members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n- members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n- etag: BwWWja0YfJA=\n- version: 3\nFor a description of IAM and its features, see the IAM documentation (https://cloud.google.com/iam/docs/).",
"description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role.For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).JSON example:\n{\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\n \"user:eve@example.com\"\n ],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n}\nYAML example:\nbindings:\n- members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n- members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n- etag: BwWWja0YfJA=\n- version: 3\nFor a description of IAM and its features, see the IAM documentation (https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"bindings": {
@@ -3722,7 +3746,7 @@
"type": "string"
},
"version": {
"description": "Specifies the format of the policy.Valid values are 0, 1, and 3. Requests that specify an invalid value are rejected.Any operation that affects conditional role bindings must specify version 3. This requirement applies to the following operations:\nGetting a policy that includes a conditional role binding\nAdding a conditional role binding to a policy\nChanging a conditional role binding in a policy\nRemoving any role binding, with or without a condition, from a policy that includes conditionsImportant: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost.If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset.",
"description": "Specifies the format of the policy.Valid values are 0, 1, and 3. Requests that specify an invalid value are rejected.Any operation that affects conditional role bindings must specify version 3. This requirement applies to the following operations:\nGetting a policy that includes a conditional role binding\nAdding a conditional role binding to a policy\nChanging a conditional role binding in a policy\nRemoving any role binding, with or without a condition, from a policy that includes conditionsImportant: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost.If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
@@ -3730,7 +3754,7 @@
"type": "object"
},
"PrestoJob": {
"description": "A Dataproc job for running Presto (https://prestosql.io/) queries",
"description": "A Dataproc job for running Presto (https://prestosql.io/) queries. IMPORTANT: The Dataproc Presto Optional Component (https://cloud.google.com/dataproc/docs/concepts/components/presto) must be enabled when the cluster is created to submit a Presto job to the cluster.",
"id": "PrestoJob",
"properties": {
"clientTags": {
@@ -3775,7 +3799,7 @@
"id": "PySparkJob",
"properties": {
"archiveUris": {
"description": "Optional. HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.",
"description": "Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.",
"items": {
"type": "string"
},
@@ -3789,7 +3813,7 @@
"type": "array"
},
"fileUris": {
"description": "Optional. HCFS URIs of files to be copied to the working directory of Python drivers and distributed tasks. Useful for naively parallel tasks.",
"description": "Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.",
"items": {
"type": "string"
},
@@ -3916,13 +3940,13 @@
"id": "SoftwareConfig",
"properties": {
"imageVersion": {
"description": "Optional. The version of software inside the cluster. It must be one of the supported Dataproc Versions, such as \"1.2\" (including a subminor version, such as \"1.2.29\"), or the \"preview\" version. If unspecified, it defaults to the latest Debian version.",
"description": "Optional. The version of software inside the cluster. It must be one of the supported Dataproc Versions (https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_cloud_dataproc_versions), such as \"1.2\" (including a subminor version, such as \"1.2.29\"), or the \"preview\" version (https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). If unspecified, it defaults to the latest Debian version.",
"type": "string"
},
"optionalComponents": {
"description": "The set of optional components to activate on the cluster.",
"enumDescriptions": [
"Unspecified component.",
"Unspecified component. Specifying this will cause Cluster creation to fail.",
"The Anaconda python distribution.",
"The Druid query engine.",
"HBase.",
@@ -3958,7 +3982,7 @@
"additionalProperties": {
"type": "string"
},
"description": "Optional. The properties to set on daemon config files.Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. The following are supported prefixes and their mappings:\ncapacity-scheduler: capacity-scheduler.xml\ncore: core-site.xml\ndistcp: distcp-default.xml\nhdfs: hdfs-site.xml\nhive: hive-site.xml\nmapred: mapred-site.xml\npig: pig.properties\nspark: spark-defaults.conf\nyarn: yarn-site.xmlFor more information, see Cluster properties.",
"description": "Optional. The properties to set on daemon config files.Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. The following are supported prefixes and their mappings:\ncapacity-scheduler: capacity-scheduler.xml\ncore: core-site.xml\ndistcp: distcp-default.xml\nhdfs: hdfs-site.xml\nhive: hive-site.xml\nmapred: mapred-site.xml\npig: pig.properties\nspark: spark-defaults.conf\nyarn: yarn-site.xmlFor more information, see Cluster properties (https://cloud.google.com/dataproc/docs/concepts/cluster-properties).",
"type": "object"
}
},
@@ -3969,7 +3993,7 @@
"id": "SparkJob",
"properties": {
"archiveUris": {
"description": "Optional. HCFS URIs of archives to be extracted in the working directory of Spark drivers and tasks. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.",
"description": "Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.",
"items": {
"type": "string"
},
@@ -3983,7 +4007,7 @@
"type": "array"
},
"fileUris": {
"description": "Optional. HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.",
"description": "Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.",
"items": {
"type": "string"
},
@@ -4023,7 +4047,7 @@
"id": "SparkRJob",
"properties": {
"archiveUris": {
"description": "Optional. HCFS URIs of archives to be extracted in the working directory of Spark drivers and tasks. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.",
"description": "Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.",
"items": {
"type": "string"
},
@@ -4037,7 +4061,7 @@
"type": "array"
},
"fileUris": {
"description": "Optional. HCFS URIs of files to be copied to the working directory of R drivers and distributed tasks. Useful for naively parallel tasks.",
"description": "Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.",
"items": {
"type": "string"
},
@@ -4271,6 +4295,21 @@
"$ref": "ClusterOperation",
"description": "Output only. The create cluster operation metadata."
},
"dagEndTime": {
"description": "Output only. DAG end time, only set for workflows with dag_timeout when DAG ends.",
"format": "google-datetime",
"type": "string"
},
"dagStartTime": {
"description": "Output only. DAG start time, only set for workflows with dag_timeout when DAG begins.",
"format": "google-datetime",
"type": "string"
},
"dagTimeout": {
"description": "Output only. The timeout duration for the DAG of jobs. Minimum timeout duration is 10 minutes and maximum is 24 hours, expressed as a google.protobuf.Duration. For example, \"1800\" = 1800 seconds/30 minutes duration.",
"format": "google-duration",
"type": "string"
},
"deleteCluster": {
"$ref": "ClusterOperation",
"description": "Output only. The delete cluster operation metadata."
@@ -4379,6 +4418,11 @@
"format": "google-datetime",
"type": "string"
},
"dagTimeout": {
"description": "Optional. Timeout for DAG of jobs. The timer begins when the first job is submitted. Minimum duration of 10 minutes, max of 24 hours.",
"format": "google-duration",
"type": "string"
},
"id": {
"description": "Required. The template id.The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between 3 and 50 characters..",
"type": "string"

4
etc/api/datastore/v1/datastore-api.json
View File

@@ -625,7 +625,7 @@
}
}
},
"revision": "20200311",
"revision": "20200524",
"rootUrl": "https://datastore.googleapis.com/",
"schemas": {
"AllocateIdsRequest": {
@@ -2038,7 +2038,7 @@
"type": "string"
},
"stringValue": {
"description": "A UTF-8 encoded string value.\nWhen `exclude_from_indexes` is false (it is indexed) , may have at most 1500 bytes.\nOtherwise, may be set to at least 1,000,000 bytes.",
"description": "A UTF-8 encoded string value.\nWhen `exclude_from_indexes` is false (it is indexed) , may have at most 1500 bytes.\nOtherwise, may be set to at most 1,000,000 bytes.",
"type": "string"
},
"timestampValue": {

2
etc/api/datastore/v1beta1/datastore-api.json
View File

@@ -167,7 +167,7 @@
}
}
},
"revision": "20200311",
"revision": "20200524",
"rootUrl": "https://datastore.googleapis.com/",
"schemas": {
"GoogleDatastoreAdminV1CommonMetadata": {

Some files were not shown because too many files have changed in this diff Show More