OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-01-05 02:55:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

update all json files

Browse Source
This commit is contained in:
Sebastian Thiel
2020-04-12 18:55:37 +08:00
parent ea3b428364
commit aacc30f08d
260 changed files with 138411 additions and 26293 deletions
Download Patch File Download Diff File Expand all files Collapse all files

314
etc/api/accesscontextmanager/v1/accesscontextmanager-api.json
View File

@@ -22,6 +22,7 @@
},
"id": "accesscontextmanager:v1",
"kind": "discovery#restDescription",
"mtlsRootUrl": "https://accesscontextmanager.mtls.googleapis.com/",
"name": "accesscontextmanager",
"ownerDomain": "google.com",
"ownerName": "Google",
@@ -388,14 +389,14 @@
],
"parameters": {
"name": {
"description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
"description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length\nof the `short_name` component is 50 characters.",
"location": "path",
"pattern": "^accessPolicies/[^/]+/accessLevels/[^/]+$",
"required": true,
"type": "string"
},
"updateMask": {
"description": "Required. Mask to control which fields get updated. Must be non-empty.",
"description": "Required. Mask to control which fields get updated. Must be non-empty.",
"format": "google-fieldmask",
"location": "query",
"type": "string"
@@ -411,13 +412,69 @@
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"replaceAll": {
"description": "Replace all existing Access Levels in an Access\nPolicy with\nthe Access Levels provided. This\nis done atomically. The longrunning operation from this RPC will have a\nsuccessful status once all replacements have propagated to long-lasting\nstorage. Replacements containing errors will result in an error response\nfor the first error encountered. Replacement will be cancelled on error,\nexisting Access Levels will not be\naffected. Operation.response field will contain\nReplaceAccessLevelsResponse. Removing Access Levels contained in existing\nService Perimeters will result in\nerror.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/accessLevels:replaceAll",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.accessLevels.replaceAll",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. Resource name for the access policy which owns these\nAccess Levels.\n\nFormat: `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+parent}/accessLevels:replaceAll",
"request": {
"$ref": "ReplaceAccessLevelsRequest"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
},
"servicePerimeters": {
"methods": {
"commit": {
"description": "Commit the dry-run spec for all the Service Perimeters in an\nAccess Policy.\nA commit operation on a Service Perimeter involves copying its `spec` field\nto that Service Perimeter's `status` field. Only Service Perimeters with\n`use_explicit_dry_run_spec` field set to true are affected by a commit\noperation. The longrunning operation from this RPC will have a successful\nstatus once the dry-run specs for all the Service Perimeters have been\ncommitted. If a commit fails, it will cause the longrunning operation to\nreturn an error response and the entire commit operation will be cancelled.\nWhen successful, Operation.response field will contain\nCommitServicePerimetersResponse. The `dry_run` and the `spec` fields will\nbe cleared after a successful commit operation.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters:commit",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.commit",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. Resource name for the parent Access Policy which owns all\nService Perimeters in scope for\nthe commit operation.\n\nFormat: `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+parent}/servicePerimeters:commit",
"request": {
"$ref": "CommitServicePerimetersRequest"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"create": {
"description": "Create an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nService Perimeter has\npropagated to long-lasting storage. Service Perimeters containing\nerrors will result in an error response for the first error encountered.",
"description": "Create a Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nService Perimeter has\npropagated to long-lasting storage. Service Perimeters containing\nerrors will result in an error response for the first error encountered.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.create",
@@ -445,7 +502,7 @@
]
},
"delete": {
"description": "Delete an Service Perimeter by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Service Perimeter has been\nremoved from long-lasting storage.",
"description": "Delete a Service Perimeter by resource\nname. The longrunning operation from this RPC will have a successful status\nonce the Service Perimeter has been\nremoved from long-lasting storage.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
"httpMethod": "DELETE",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.delete",
@@ -470,7 +527,7 @@
]
},
"get": {
"description": "Get an Service Perimeter by resource\nname.",
"description": "Get a Service Perimeter by resource\nname.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.get",
@@ -531,7 +588,7 @@
]
},
"patch": {
"description": "Update an Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nchanges to the Service Perimeter have\npropagated to long-lasting storage. Service Perimeter containing\nerrors will result in an error response for the first error encountered.",
"description": "Update a Service Perimeter. The\nlongrunning operation from this RPC will have a successful status once the\nchanges to the Service Perimeter have\npropagated to long-lasting storage. Service Perimeter containing\nerrors will result in an error response for the first error encountered.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters/{servicePerimetersId}",
"httpMethod": "PATCH",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.patch",
@@ -563,6 +620,34 @@
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"replaceAll": {
"description": "Replace all existing Service Perimeters in an\nAccess Policy\nwith the Service Perimeters provided.\nThis is done atomically. The longrunning operation from this\nRPC will have a successful status once all replacements have propagated to\nlong-lasting storage. Replacements containing errors will result in an\nerror response for the first error encountered. Replacement will be\ncancelled on error, existing Service Perimeters will not be\naffected. Operation.response field will contain\nReplaceServicePerimetersResponse.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/servicePerimeters:replaceAll",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.servicePerimeters.replaceAll",
"parameterOrder": [
"parent"
],
"parameters": {
"parent": {
"description": "Required. Resource name for the access policy which owns these\nService Perimeters.\n\nFormat: `accessPolicies/{policy_id}`",
"location": "path",
"pattern": "^accessPolicies/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+parent}/servicePerimeters:replaceAll",
"request": {
"$ref": "ReplaceServicePerimetersRequest"
},
"response": {
"$ref": "Operation"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
@@ -582,7 +667,7 @@
"name": {
"description": "The name of the operation resource to be cancelled.",
"location": "path",
"pattern": "^operations/.+$",
"pattern": "^operations/.*$",
"required": true,
"type": "string"
}
@@ -610,7 +695,7 @@
"name": {
"description": "The name of the operation resource to be deleted.",
"location": "path",
"pattern": "^operations/.+$",
"pattern": "^operations/.*$",
"required": true,
"type": "string"
}
@@ -635,7 +720,7 @@
"name": {
"description": "The name of the operation resource.",
"location": "path",
"pattern": "^operations/.+$",
"pattern": "^operations/.*$",
"required": true,
"type": "string"
}
@@ -692,49 +777,42 @@
}
}
},
"revision": "20190626",
"revision": "20200405",
"rootUrl": "https://accesscontextmanager.googleapis.com/",
"schemas": {
"AccessLevel": {
"description": "An `AccessLevel` is a label that can be applied to requests to GCP services,\nalong with a list of requirements necessary for the label to be applied.",
"description": "An `AccessLevel` is a label that can be applied to requests to Google Cloud\nservices, along with a list of requirements necessary for the label to be\napplied.",
"id": "AccessLevel",
"properties": {
"basic": {
"$ref": "BasicLevel",
"description": "A `BasicLevel` composed of `Conditions`."
},
"createTime": {
"description": "Output only. Time the `AccessLevel` was created in UTC.",
"format": "google-datetime",
"type": "string"
"custom": {
"$ref": "CustomLevel",
"description": "A `CustomLevel` written in the Common Expression Language."
},
"description": {
"description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
"type": "string"
},
"name": {
"description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
"description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length\nof the `short_name` component is 50 characters.",
"type": "string"
},
"title": {
"description": "Human readable title. Must be unique within the Policy.",
"type": "string"
},
"updateTime": {
"description": "Output only. Time the `AccessLevel` was updated in UTC.",
"format": "google-datetime",
"type": "string"
}
},
"type": "object"
},
"AccessPolicy": {
"description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use GCP services) and `ServicePerimeters` (which define regions\nof services able to freely pass data within a perimeter). An access policy is\nglobally visible within an organization, and the restrictions it specifies\napply to all projects within an organization.",
"description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use Google Cloud services) and `ServicePerimeters` (which\ndefine regions of services able to freely pass data within a perimeter). An\naccess policy is globally visible within an organization, and the\nrestrictions it specifies apply to all projects within an organization.",
"id": "AccessPolicy",
"properties": {
"createTime": {
"description": "Output only. Time the `AccessPolicy` was created in UTC.",
"format": "google-datetime",
"etag": {
"description": "Output only. An opaque identifier for the current version of the\n`AccessPolicy`. This will always be a strongly validated etag, meaning that\ntwo Access Polices will be identical if and only if their etags are\nidentical. Clients should not expect this to be in any specific format.",
"type": "string"
},
"name": {
@@ -748,11 +826,6 @@
"title": {
"description": "Required. Human readable title. Does not affect behavior.",
"type": "string"
},
"updateTime": {
"description": "Output only. Time the `AccessPolicy` was updated in UTC.",
"format": "google-datetime",
"type": "string"
}
},
"type": "object"
@@ -789,6 +862,31 @@
"properties": {},
"type": "object"
},
"CommitServicePerimetersRequest": {
"description": "A request to commit dry-run specs in all Service Perimeters belonging to\nan Access Policy.",
"id": "CommitServicePerimetersRequest",
"properties": {
"etag": {
"description": "Optional. The etag for the version of the Access Policy that this\ncommit operation is to be performed on. If, at the time of commit, the\netag for the Access Policy stored in Access Context Manager is different\nfrom the specified etag, then the commit operation will not be performed\nand the call will fail. This field is not required. If etag is not\nprovided, the operation will be performed as if a valid etag is provided.",
"type": "string"
}
},
"type": "object"
},
"CommitServicePerimetersResponse": {
"description": "A response to CommitServicePerimetersRequest. This will be put inside of\nOperation.response field.",
"id": "CommitServicePerimetersResponse",
"properties": {
"servicePerimeters": {
"description": "List of all the Service Perimeter instances in\nthe Access Policy.",
"items": {
"$ref": "ServicePerimeter"
},
"type": "array"
}
},
"type": "object"
},
"Condition": {
"description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
"id": "Condition",
@@ -832,6 +930,17 @@
},
"type": "object"
},
"CustomLevel": {
"description": "`CustomLevel` is an `AccessLevel` using the Cloud Common Expression Language\nto represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec",
"id": "CustomLevel",
"properties": {
"expr": {
"$ref": "Expr",
"description": "Required. A Cloud CEL expression evaluating to a boolean."
}
},
"type": "object"
},
"DevicePolicy": {
"description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
"id": "DevicePolicy",
@@ -902,6 +1011,29 @@
"properties": {},
"type": "object"
},
"Expr": {
"description": "Represents a textual expression in the Common Expression Language (CEL)\nsyntax. CEL is a C-like expression language. The syntax and semantics of CEL\nare documented at https://github.com/google/cel-spec.\n\nExample (Comparison):\n\n title: \"Summary size limit\"\n description: \"Determines if a summary is less than 100 chars\"\n expression: \"document.summary.size() < 100\"\n\nExample (Equality):\n\n title: \"Requestor is owner\"\n description: \"Determines if requestor is the document owner\"\n expression: \"document.owner == request.auth.claims.email\"\n\nExample (Logic):\n\n title: \"Public documents\"\n description: \"Determine whether the document should be publicly visible\"\n expression: \"document.type != 'private' && document.type != 'internal'\"\n\nExample (Data Manipulation):\n\n title: \"Notification string\"\n description: \"Create a notification string with a timestamp.\"\n expression: \"'New message received at ' + string(document.create_time)\"\n\nThe exact variables and functions that may be referenced within an expression\nare determined by the service that evaluates it. See the service\ndocumentation for additional information.",
"id": "Expr",
"properties": {
"description": {
"description": "Optional. Description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"type": "string"
},
"expression": {
"description": "Textual representation of an expression in Common Expression Language\nsyntax.",
"type": "string"
},
"location": {
"description": "Optional. String indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"type": "string"
},
"title": {
"description": "Optional. Title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"type": "string"
}
},
"type": "object"
},
"ListAccessLevelsResponse": {
"description": "A response to `ListAccessLevelsRequest`.",
"id": "ListAccessLevelsResponse",
@@ -1024,33 +1156,96 @@
"DESKTOP_MAC",
"DESKTOP_WINDOWS",
"DESKTOP_LINUX",
"DESKTOP_CHROME_OS"
"DESKTOP_CHROME_OS",
"ANDROID",
"IOS"
],
"enumDescriptions": [
"The operating system of the device is not specified or not known.",
"A desktop Mac operating system.",
"A desktop Windows operating system.",
"A desktop Linux operating system.",
"A desktop ChromeOS operating system."
"A desktop ChromeOS operating system.",
"An Android operating system.",
"An iOS operating system."
],
"type": "string"
},
"requireVerifiedChromeOs": {
"description": "Only allows requests from devices with a verified Chrome OS.\nVerifications includes requirements that the device is enterprise-managed,\nconformant to Dasher domain policies, and the caller has permission to call\nthe API targeted by the request.",
"description": "Only allows requests from devices with a verified Chrome OS.\nVerifications includes requirements that the device is enterprise-managed,\nconformant to domain policies, and the caller has permission to call\nthe API targeted by the request.",
"type": "boolean"
}
},
"type": "object"
},
"ServicePerimeter": {
"description": "`ServicePerimeter` describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single GCP\nproject can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.",
"id": "ServicePerimeter",
"ReplaceAccessLevelsRequest": {
"description": "A request to replace all existing Access Levels in an Access Policy with\nthe Access Levels provided. This is done atomically.",
"id": "ReplaceAccessLevelsRequest",
"properties": {
"createTime": {
"description": "Output only. Time the `ServicePerimeter` was created in UTC.",
"format": "google-datetime",
"accessLevels": {
"description": "Required. The desired Access Levels that should\nreplace all existing Access Levels in the\nAccess Policy.",
"items": {
"$ref": "AccessLevel"
},
"type": "array"
},
"etag": {
"description": "Optional. The etag for the version of the Access Policy that this\nreplace operation is to be performed on. If, at the time of replace, the\netag for the Access Policy stored in Access Context Manager is different\nfrom the specified etag, then the replace operation will not be performed\nand the call will fail. This field is not required. If etag is not\nprovided, the operation will be performed as if a valid etag is provided.",
"type": "string"
}
},
"type": "object"
},
"ReplaceAccessLevelsResponse": {
"description": "A response to ReplaceAccessLevelsRequest. This will be put inside of\nOperation.response field.",
"id": "ReplaceAccessLevelsResponse",
"properties": {
"accessLevels": {
"description": "List of the Access Level instances.",
"items": {
"$ref": "AccessLevel"
},
"type": "array"
}
},
"type": "object"
},
"ReplaceServicePerimetersRequest": {
"description": "A request to replace all existing Service Perimeters in an Access Policy\nwith the Service Perimeters provided. This is done atomically.",
"id": "ReplaceServicePerimetersRequest",
"properties": {
"etag": {
"description": "Optional. The etag for the version of the Access Policy that this\nreplace operation is to be performed on. If, at the time of replace, the\netag for the Access Policy stored in Access Context Manager is different\nfrom the specified etag, then the replace operation will not be performed\nand the call will fail. This field is not required. If etag is not\nprovided, the operation will be performed as if a valid etag is provided.",
"type": "string"
},
"servicePerimeters": {
"description": "Required. The desired Service Perimeters that should\nreplace all existing Service Perimeters in the\nAccess Policy.",
"items": {
"$ref": "ServicePerimeter"
},
"type": "array"
}
},
"type": "object"
},
"ReplaceServicePerimetersResponse": {
"description": "A response to ReplaceServicePerimetersRequest. This will be put inside of\nOperation.response field.",
"id": "ReplaceServicePerimetersResponse",
"properties": {
"servicePerimeters": {
"description": "List of the Service Perimeter instances.",
"items": {
"$ref": "ServicePerimeter"
},
"type": "array"
}
},
"type": "object"
},
"ServicePerimeter": {
"description": "`ServicePerimeter` describes a set of Google Cloud resources which can freely\nimport and export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single\nGoogle Cloud project can only belong to a single regular Service Perimeter.\nService Perimeter Bridges can contain only Google Cloud projects as members,\na single Google Cloud project may belong to multiple Service Perimeter\nBridges.",
"id": "ServicePerimeter",
"properties": {
"description": {
"description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
"type": "string"
@@ -1071,6 +1266,10 @@
],
"type": "string"
},
"spec": {
"$ref": "ServicePerimeterConfig",
"description": "Proposed (or dry run) ServicePerimeter configuration. This configuration\nallows to specify and test ServicePerimeter configuration without enforcing\nactual access restrictions. Only allowed to be set when the\n\"use_explicit_dry_run_spec\" flag is set."
},
"status": {
"$ref": "ServicePerimeterConfig",
"description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine perimeter\ncontent and boundaries."
@@ -1079,38 +1278,41 @@
"description": "Human readable title. Must be unique within the Policy.",
"type": "string"
},
"updateTime": {
"description": "Output only. Time the `ServicePerimeter` was updated in UTC.",
"format": "google-datetime",
"type": "string"
"useExplicitDryRunSpec": {
"description": "Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly\nexists for all Service Perimeters, and that spec is identical to the\nstatus for those Service Perimeters. When this flag is set, it inhibits the\ngeneration of the implicit spec, thereby allowing the user to explicitly\nprovide a configuration (\"spec\") to use in a dry-run version of the Service\nPerimeter. This allows the user to test changes to the enforced config\n(\"status\") without actually enforcing them. This testing is done through\nanalyzing the differences between currently enforced and suggested\nrestrictions. use_explicit_dry_run_spec must bet set to True if any of the\nfields in the spec are set to non-default values.",
"type": "boolean"
}
},
"type": "object"
},
"ServicePerimeterConfig": {
"description": "`ServicePerimeterConfig` specifies a set of GCP resources that describe\nspecific Service Perimeter configuration.",
"description": "`ServicePerimeterConfig` specifies a set of Google Cloud resources that\ndescribe specific Service Perimeter configuration.",
"id": "ServicePerimeterConfig",
"properties": {
"accessLevels": {
"description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via GCP calls\nwith request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
"description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via Google\nCloud calls with request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
"items": {
"type": "string"
},
"type": "array"
},
"resources": {
"description": "A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
"description": "A list of Google Cloud resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
"items": {
"type": "string"
},
"type": "array"
},
"restrictedServices": {
"description": "GCP services that are subject to the Service Perimeter restrictions. For\nexample, if `storage.googleapis.com` is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access restrictions.",
"description": "Google Cloud services that are subject to the Service Perimeter\nrestrictions. For example, if `storage.googleapis.com` is specified, access\nto the storage buckets inside the perimeter must meet the perimeter's\naccess restrictions.",
"items": {
"type": "string"
},
"type": "array"
},
"vpcAccessibleServices": {
"$ref": "VpcAccessibleServices",
"description": "Configuration for APIs allowed within Perimeter."
}
},
"type": "object"
@@ -1141,6 +1343,24 @@
}
},
"type": "object"
},
"VpcAccessibleServices": {
"description": "Specifies how APIs are allowed to communicate within the Service\nPerimeter.",
"id": "VpcAccessibleServices",
"properties": {
"allowedServices": {
"description": "The list of APIs usable within the Service Perimeter. Must be empty\nunless 'enable_restriction' is True.",
"items": {
"type": "string"
},
"type": "array"
},
"enableRestriction": {
"description": "Whether to restrict API calls within the Service Perimeter to the list of\nAPIs specified in 'allowed_services'.",
"type": "boolean"
}
},
"type": "object"
}
},
"servicePath": "",