OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-01-22 03:04:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update all json files; make some fixes to make it work at all

Browse Source
This commit is contained in:
Sebastian Thiel
2022-03-08 07:59:31 +08:00
parent d12cd3238e
commit 743a56f4b7
372 changed files with 256017 additions and 32197 deletions
Download Patch File Download Diff File Expand all files Collapse all files

399
etc/api/accesscontextmanager/v1/accesscontextmanager-api.json
View File

@@ -3,7 +3,7 @@
"oauth2": {
"scopes": {
"https://www.googleapis.com/auth/cloud-platform": {
"description": "See, edit, configure, and delete your Google Cloud Platform data"
"description": "See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account."
}
}
}
@@ -108,7 +108,7 @@
"accessPolicies": {
"methods": {
"create": {
"description": "Create an `AccessPolicy`. Fails if this organization already has a `AccessPolicy`. The longrunning Operation will have a successful status once the `AccessPolicy` has propagated to long-lasting storage. Syntactic and basic semantic errors will be returned in `metadata` as a BadRequest proto.",
"description": "Creates an access policy. This method fails if the organization already has an access policy. The long-running operation has a successful status after the access policy propagates to long-lasting storage. Syntactic and basic semantic errors are returned in `metadata` as a BadRequest proto.",
"flatPath": "v1/accessPolicies",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.create",
@@ -126,7 +126,7 @@
]
},
"delete": {
"description": "Delete an AccessPolicy by resource name. The longrunning Operation will have a successful status once the AccessPolicy has been removed from long-lasting storage.",
"description": "Deletes an access policy based on the resource name. The long-running operation has a successful status after the access policy is removed from long-lasting storage.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}",
"httpMethod": "DELETE",
"id": "accesscontextmanager.accessPolicies.delete",
@@ -151,7 +151,7 @@
]
},
"get": {
"description": "Get an AccessPolicy by name.",
"description": "Returns an access policy based on the name.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.get",
@@ -175,8 +175,36 @@
"https://www.googleapis.com/auth/cloud-platform"
]
},
"getIamPolicy": {
"description": "Gets the IAM policy for the specified Access Context Manager access policy.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}:getIamPolicy",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.getIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:getIamPolicy",
"request": {
"$ref": "GetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"list": {
"description": "List all AccessPolicies under a container.",
"description": "Lists all access policies in an organization.",
"flatPath": "v1/accessPolicies",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.list",
@@ -208,7 +236,7 @@
]
},
"patch": {
"description": "Update an AccessPolicy. The longrunning Operation from this RPC will have a successful status once the changes to the AccessPolicy have propagated to long-lasting storage. Syntactic and basic semantic errors will be returned in `metadata` as a BadRequest proto.",
"description": "Updates an access policy. The long-running operation from this RPC has a successful status after the changes to the access policy propagate to long-lasting storage.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}",
"httpMethod": "PATCH",
"id": "accesscontextmanager.accessPolicies.patch",
@@ -217,7 +245,7 @@
],
"parameters": {
"name": {
"description": "Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`",
"description": "Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
@@ -240,13 +268,69 @@
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"setIamPolicy": {
"description": "Sets the IAM policy for the specified Access Context Manager access policy. This method replaces the existing IAM policy on the access policy. The IAM policy controls the set of users who can perform specific operations on the Access Context Manager access policy.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}:setIamPolicy",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.setIamPolicy",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:setIamPolicy",
"request": {
"$ref": "SetIamPolicyRequest"
},
"response": {
"$ref": "Policy"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"testIamPermissions": {
"description": "Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or ServicePerimeter. This method does not support other resources.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}:testIamPermissions",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.testIamPermissions",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:testIamPermissions",
"request": {
"$ref": "TestIamPermissionsRequest"
},
"response": {
"$ref": "TestIamPermissionsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
},
"resources": {
"accessLevels": {
"methods": {
"create": {
"description": "Create an Access Level. The longrunning operation from this RPC will have a successful status once the Access Level has propagated to long-lasting storage. Access Levels containing errors will result in an error response for the first error encountered.",
"description": "Creates an access level. The long-running operation from this RPC has a successful status after the access level propagates to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.accessLevels.create",
@@ -274,7 +358,7 @@
]
},
"delete": {
"description": "Delete an Access Level by resource name. The longrunning operation from this RPC will have a successful status once the Access Level has been removed from long-lasting storage.",
"description": "Deletes an access level based on the resource name. The long-running operation from this RPC has a successful status after the access level has been removed from long-lasting storage.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
"httpMethod": "DELETE",
"id": "accesscontextmanager.accessPolicies.accessLevels.delete",
@@ -299,7 +383,7 @@
]
},
"get": {
"description": "Get an Access Level by resource name.",
"description": "Gets an access level based on the resource name.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.accessLevels.get",
@@ -339,7 +423,7 @@
]
},
"list": {
"description": "List all Access Levels for an access policy.",
"description": "Lists all access levels for an access policy.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.accessLevels.list",
@@ -390,7 +474,7 @@
]
},
"patch": {
"description": "Update an Access Level. The longrunning operation from this RPC will have a successful status once the changes to the Access Level have propagated to long-lasting storage. Access Levels containing errors will result in an error response for the first error encountered.",
"description": "Updates an access level. The long-running operation from this RPC has a successful status after the changes to the access level propagate to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}",
"httpMethod": "PATCH",
"id": "accesscontextmanager.accessPolicies.accessLevels.patch",
@@ -399,7 +483,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name for the Access Level. The `short_name` component must begin with a letter and only include alphanumeric and '_'. Format: `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length of the `short_name` component is 50 characters.",
"description": "Required. Resource name for the Access Level. The `short_name` component must begin with a letter and only include alphanumeric and '_'. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The maximum length of the `access_level` component is 50 characters.",
"location": "path",
"pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
"required": true,
@@ -424,7 +508,7 @@
]
},
"replaceAll": {
"description": "Replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically. The longrunning operation from this RPC will have a successful status once all replacements have propagated to long-lasting storage. Replacements containing errors will result in an error response for the first error encountered. Replacement will be cancelled on error, existing Access Levels will not be affected. Operation.response field will contain ReplaceAccessLevelsResponse. Removing Access Levels contained in existing Service Perimeters will result in error.",
"description": "Replaces all existing access levels in an access policy with the access levels provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. If the replacement contains errors, an error response is returned for the first error encountered. Upon error, the replacement is cancelled, and existing access levels are not affected. The Operation.response field contains ReplaceAccessLevelsResponse. Removing access levels contained in existing service perimeters result in an error.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels:replaceAll",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.accessLevels.replaceAll",
@@ -450,13 +534,41 @@
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"testIamPermissions": {
"description": "Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or ServicePerimeter. This method does not support other resources.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels/{accessLevelsId}:testIamPermissions",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.accessLevels.testIamPermissions",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:testIamPermissions",
"request": {
"$ref": "TestIamPermissionsRequest"
},
"response": {
"$ref": "TestIamPermissionsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
},
"servicePerimeters": {
"methods": {
"commit": {
"description": "Commit the dry-run spec for all the Service Perimeters in an Access Policy. A commit operation on a Service Perimeter involves copying its `spec` field to that Service Perimeter's `status` field. Only Service Perimeters with `use_explicit_dry_run_spec` field set to true are affected by a commit operation. The longrunning operation from this RPC will have a successful status once the dry-run specs for all the Service Perimeters have been committed. If a commit fails, it will cause the longrunning operation to return an error response and the entire commit operation will be cancelled. When successful, Operation.response field will contain CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will be cleared after a successful commit operation.",
"description": "Commits the dry-run specification for all the service perimeters in an access policy. A commit operation on a service perimeter involves copying its `spec` field to the `status` field of the service perimeter. Only service perimeters with `use_explicit_dry_run_spec` field set to true are affected by a commit operation. The long-running operation from this RPC has a successful status after the dry-run specifications for all the service perimeters have been committed. If a commit fails, it causes the long-running operation to return an error response and the entire commit operation is cancelled. When successful, the Operation.response field contains CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are cleared after a successful commit operation.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters:commit",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.commit",
@@ -484,7 +596,7 @@
]
},
"create": {
"description": "Create a Service Perimeter. The longrunning operation from this RPC will have a successful status once the Service Perimeter has propagated to long-lasting storage. Service Perimeters containing errors will result in an error response for the first error encountered.",
"description": "Creates a service perimeter. The long-running operation from this RPC has a successful status after the service perimeter propagates to long-lasting storage. If a service perimeter contains errors, an error response is returned for the first error encountered.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.create",
@@ -512,7 +624,7 @@
]
},
"delete": {
"description": "Delete a Service Perimeter by resource name. The longrunning operation from this RPC will have a successful status once the Service Perimeter has been removed from long-lasting storage.",
"description": "Deletes a service perimeter based on the resource name. The long-running operation from this RPC has a successful status after the service perimeter is removed from long-lasting storage.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
"httpMethod": "DELETE",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.delete",
@@ -537,7 +649,7 @@
]
},
"get": {
"description": "Get a Service Perimeter by resource name.",
"description": "Gets a service perimeter based on the resource name.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.get",
@@ -562,7 +674,7 @@
]
},
"list": {
"description": "List all Service Perimeters for an access policy.",
"description": "Lists all service perimeters for an access policy.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.list",
@@ -598,7 +710,7 @@
]
},
"patch": {
"description": "Update a Service Perimeter. The longrunning operation from this RPC will have a successful status once the changes to the Service Perimeter have propagated to long-lasting storage. Service Perimeter containing errors will result in an error response for the first error encountered.",
"description": "Updates a service perimeter. The long-running operation from this RPC has a successful status after the service perimeter propagates to long-lasting storage. If a service perimeter contains errors, an error response is returned for the first error encountered.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
"httpMethod": "PATCH",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.patch",
@@ -607,7 +719,7 @@
],
"parameters": {
"name": {
"description": "Required. Resource name for the ServicePerimeter. The `short_name` component must begin with a letter and only include alphanumeric and '_'. Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
"description": "Required. Resource name for the ServicePerimeter. The `short_name` component must begin with a letter and only include alphanumeric and '_'. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
"required": true,
@@ -632,7 +744,7 @@
]
},
"replaceAll": {
"description": "Replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. This is done atomically. The longrunning operation from this RPC will have a successful status once all replacements have propagated to long-lasting storage. Replacements containing errors will result in an error response for the first error encountered. Replacement will be cancelled on error, existing Service Perimeters will not be affected. Operation.response field will contain ReplaceServicePerimetersResponse.",
"description": "Replace all existing service perimeters in an access policy with the service perimeters provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. Replacements containing errors result in an error response for the first error encountered. Upon an error, replacement are cancelled and existing service perimeters are not affected. The Operation.response field contains ReplaceServicePerimetersResponse.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters:replaceAll",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.replaceAll",
@@ -658,6 +770,34 @@
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"testIamPermissions": {
"description": "Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or ServicePerimeter. This method does not support other resources.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}:testIamPermissions",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.testIamPermissions",
"parameterOrder": [
"resource"
],
"parameters": {
"resource": {
"description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
"location": "path",
"pattern": "^accessPolicies/[^/]+/servicePerimeters/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+resource}:testIamPermissions",
"request": {
"$ref": "TestIamPermissionsRequest"
},
"response": {
"$ref": "TestIamPermissionsResponse"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
@@ -791,7 +931,7 @@
"gcpUserAccessBindings": {
"methods": {
"create": {
"description": "Creates a GcpUserAccessBinding. If the client specifies a name, the server will ignore it. Fails if a resource already exists with the same group_key. Completion of this long-running operation does not necessarily signify that the new binding is deployed onto all affected users, which may take more time.",
"description": "Creates a GcpUserAccessBinding. If the client specifies a name, the server ignores it. Fails if a resource already exists with the same group_key. Completion of this long-running operation does not necessarily signify that the new binding is deployed onto all affected users, which may take more time.",
"flatPath": "v1/organizations/{organizationsId}/gcpUserAccessBindings",
"httpMethod": "POST",
"id": "accesscontextmanager.organizations.gcpUserAccessBindings.create",
@@ -943,9 +1083,15 @@
}
}
},
"revision": "20210319",
"revision": "20220301",
"rootUrl": "https://accesscontextmanager.googleapis.com/",
"schemas": {
"AccessContextManagerOperationMetadata": {
"description": "Metadata of Access Context Manager's Long Running Operations.",
"id": "AccessContextManagerOperationMetadata",
"properties": {},
"type": "object"
},
"AccessLevel": {
"description": "An `AccessLevel` is a label that can be applied to requests to Google Cloud services, along with a list of requirements necessary for the label to be applied.",
"id": "AccessLevel",
@@ -963,7 +1109,7 @@
"type": "string"
},
"name": {
"description": "Required. Resource name for the Access Level. The `short_name` component must begin with a letter and only include alphanumeric and '_'. Format: `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length of the `short_name` component is 50 characters.",
"description": "Required. Resource name for the Access Level. The `short_name` component must begin with a letter and only include alphanumeric and '_'. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The maximum length of the `access_level` component is 50 characters.",
"type": "string"
},
"title": {
@@ -982,13 +1128,20 @@
"type": "string"
},
"name": {
"description": "Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{policy_id}`",
"description": "Output only. Resource name of the `AccessPolicy`. Format: `accessPolicies/{access_policy}`",
"type": "string"
},
"parent": {
"description": "Required. The parent of this `AccessPolicy` in the Cloud Resource Hierarchy. Currently immutable once created. Format: `organizations/{organization_id}`",
"type": "string"
},
"scopes": {
"description": "The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=[\"folders/123\"] has the following behavior: - vpcsc perimeters can only restrict projects within folders/123 - access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes \"folders/123\" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`",
"items": {
"type": "string"
},
"type": "array"
},
"title": {
"description": "Required. Human readable title. Does not affect behavior.",
"type": "string"
@@ -1014,6 +1167,54 @@
},
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:aliya@example.com\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
"description": "The configuration for logging of each type of permission.",
"items": {
"$ref": "AuditLogConfig"
},
"type": "array"
},
"service": {
"description": "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.",
"type": "string"
}
},
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions. Example: { \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
"description": "Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.",
"items": {
"type": "string"
},
"type": "array"
},
"logType": {
"description": "The log type that this config enables.",
"enum": [
"LOG_TYPE_UNSPECIFIED",
"ADMIN_READ",
"DATA_WRITE",
"DATA_READ"
],
"enumDescriptions": [
"Default case. Should never be this.",
"Admin reads. Example: CloudIAM getIamPolicy",
"Data writes. Example: CloudSQL Users create",
"Data reads. Example: CloudSQL Users list"
],
"type": "string"
}
},
"type": "object"
},
"BasicLevel": {
"description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
"id": "BasicLevel",
@@ -1040,6 +1241,28 @@
},
"type": "object"
},
"Binding": {
"description": "Associates `members`, or principals, with a `role`.",
"id": "Binding",
"properties": {
"condition": {
"$ref": "Expr",
"description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
"items": {
"type": "string"
},
"type": "array"
},
"role": {
"description": "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.",
"type": "string"
}
},
"type": "object"
},
"CancelOperationRequest": {
"description": "The request message for Operations.CancelOperation.",
"id": "CancelOperationRequest",
@@ -1190,7 +1413,7 @@
"type": "object"
},
"EgressFrom": {
"description": "Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed.",
"description": "Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed.",
"id": "EgressFrom",
"properties": {
"identities": {
@@ -1235,18 +1458,18 @@
"type": "object"
},
"EgressTo": {
"description": "Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed.",
"description": "Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter.",
"id": "EgressTo",
"properties": {
"operations": {
"description": "A list of ApiOperations that this egress rule applies to. A request matches if it contains an operation/service in this list.",
"description": "A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.",
"items": {
"$ref": "ApiOperation"
},
"type": "array"
},
"resources": {
"description": "A list of resources, currently only projects in the form `projects/`, that match this to stanza. A request matches if it contains a resource in this list. If `*` is specified for resources, then this EgressTo rule will authorize access to all resources outside the perimeter.",
"description": "A list of resources, currently only projects in the form `projects/`, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If `*` is specified for `resources`, then this EgressTo rule will authorize access to all resources outside the perimeter.",
"items": {
"type": "string"
},
@@ -1306,8 +1529,37 @@
},
"type": "object"
},
"GcpUserAccessBindingOperationMetadata": {
"description": "Currently, a completed operation means nothing. In the future, this metadata and a completed operation may indicate that the binding has taken effect and is affecting access decisions for all users.",
"id": "GcpUserAccessBindingOperationMetadata",
"properties": {},
"type": "object"
},
"GetIamPolicyRequest": {
"description": "Request message for `GetIamPolicy` method.",
"id": "GetIamPolicyRequest",
"properties": {
"options": {
"$ref": "GetPolicyOptions",
"description": "OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`."
}
},
"type": "object"
},
"GetPolicyOptions": {
"description": "Encapsulates settings provided to GetIamPolicy.",
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
"description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"IngressFrom": {
"description": "Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request.",
"description": "Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request. The request must satisfy what is defined in `sources` AND identity related fields in order to match.",
"id": "IngressFrom",
"properties": {
"identities": {
@@ -1363,7 +1615,7 @@
"id": "IngressSource",
"properties": {
"accessLevel": {
"description": "An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If `*` is specified, then all IngressSources will be allowed.",
"description": "An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all IngressSources will be allowed.",
"type": "string"
},
"resource": {
@@ -1374,18 +1626,18 @@
"type": "object"
},
"IngressTo": {
"description": "Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the destination of the request.",
"description": "Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the target resource of the request. The request must satisfy what is defined in `operations` AND `resources` in order to match.",
"id": "IngressTo",
"properties": {
"operations": {
"description": "A list of ApiOperations the sources specified in corresponding IngressFrom are allowed to perform in this ServicePerimeter.",
"description": "A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.",
"items": {
"$ref": "ApiOperation"
},
"type": "array"
},
"resources": {
"description": "A list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. A request matches if it contains a resource in this list. If `*` is specified for resources, then this IngressTo rule will authorize access to all resources inside the perimeter, provided that the request also matches the `operations` field.",
"description": "A list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single `*` is specified, then access to all resources inside the perimeter are allowed.",
"items": {
"type": "string"
},
@@ -1571,6 +1823,37 @@
},
"type": "object"
},
"Policy": {
"description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
"description": "Specifies cloud audit logging configuration for this policy.",
"items": {
"$ref": "AuditConfig"
},
"type": "array"
},
"bindings": {
"description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.",
"items": {
"$ref": "Binding"
},
"type": "array"
},
"etag": {
"description": "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.",
"format": "byte",
"type": "string"
},
"version": {
"description": "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
"format": "int32",
"type": "integer"
}
},
"type": "object"
},
"ReplaceAccessLevelsRequest": {
"description": "A request to replace all existing Access Levels in an Access Policy with the Access Levels provided. This is done atomically.",
"id": "ReplaceAccessLevelsRequest",
@@ -1644,7 +1927,7 @@
"type": "string"
},
"name": {
"description": "Required. Resource name for the ServicePerimeter. The `short_name` component must begin with a letter and only include alphanumeric and '_'. Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
"description": "Required. Resource name for the ServicePerimeter. The `short_name` component must begin with a letter and only include alphanumeric and '_'. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`",
"type": "string"
},
"perimeterType": {
@@ -1724,6 +2007,22 @@
},
"type": "object"
},
"SetIamPolicyRequest": {
"description": "Request message for `SetIamPolicy` method.",
"id": "SetIamPolicyRequest",
"properties": {
"policy": {
"$ref": "Policy",
"description": "REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them."
},
"updateMask": {
"description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: \"bindings, etag\"`",
"format": "google-fieldmask",
"type": "string"
}
},
"type": "object"
},
"Status": {
"description": "The `Status` type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by [gRPC](https://github.com/grpc). Each `Status` message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the [API Design Guide](https://cloud.google.com/apis/design/errors).",
"id": "Status",
@@ -1751,6 +2050,34 @@
},
"type": "object"
},
"TestIamPermissionsRequest": {
"description": "Request message for `TestIamPermissions` method.",
"id": "TestIamPermissionsRequest",
"properties": {
"permissions": {
"description": "The set of permissions to check for the `resource`. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"TestIamPermissionsResponse": {
"description": "Response message for `TestIamPermissions` method.",
"id": "TestIamPermissionsResponse",
"properties": {
"permissions": {
"description": "A subset of `TestPermissionsRequest.permissions` that the caller is allowed.",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"VpcAccessibleServices": {
"description": "Specifies how APIs are allowed to communicate within the Service Perimeter.",
"id": "VpcAccessibleServices",