OMGeeky/google-apis-rs
1
0
Fork 0
mirror of https://github.com/OMGeeky/google-apis-rs.git synced 2026-02-23 15:49:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

update all json files

Browse Source
This commit is contained in:
Sebastian Thiel
2020-04-12 18:55:37 +08:00
parent ea3b428364
commit aacc30f08d
260 changed files with 138411 additions and 26293 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
etc/api/iam/v1/iam-api.json
View File

@@ -22,6 +22,7 @@
},
"id": "iam:v1",
"kind": "discovery#restDescription",
"mtlsRootUrl": "https://iam.mtls.googleapis.com/",
"name": "iam",
"ownerDomain": "google.com",
"ownerName": "Google",
@@ -107,7 +108,7 @@
"iamPolicies": {
"methods": {
"lintPolicy": {
"description": "Lints a Cloud IAM policy object or its sub fields. Currently supports\ngoogle.iam.v1.Policy, google.iam.v1.Binding and\ngoogle.iam.v1.Binding.condition.\n\nEach lint operation consists of multiple lint validation units.\nValidation units have the following properties:\n\n- Each unit inspects the input object in regard to a particular\n linting aspect and issues a google.iam.admin.v1.LintResult\n disclosing the result.\n- Domain of discourse of each unit can be either\n google.iam.v1.Policy, google.iam.v1.Binding, or\n google.iam.v1.Binding.condition depending on the purpose of the\n validation.\n- A unit may require additional data (like the list of all possible\n enumerable values of a particular attribute used in the policy instance)\n which shall be provided by the caller. Refer to the comments of\n google.iam.admin.v1.LintPolicyRequest.context for more details.\n\nThe set of applicable validation units is determined by the Cloud IAM\nserver and is not configurable.\n\nRegardless of any lint issues or their severities, successful calls to\n`lintPolicy` return an HTTP 200 OK status code.",
"description": "Lints a Cloud IAM policy object or its sub fields. Currently supports\ngoogle.iam.v1.Binding.condition.\n\nEach lint operation consists of multiple lint validation units.\nEach unit inspects the input object in regard to a particular linting\naspect and issues a google.iam.admin.v1.LintResult disclosing the\nresult.\n\nThe set of applicable validation units is determined by the Cloud IAM\nserver and is not configurable.\n\nRegardless of any lint issues or their severities, successful calls to\n`lintPolicy` return an HTTP 200 OK status code.",
"flatPath": "v1/iamPolicies:lintPolicy",
"httpMethod": "POST",
"id": "iam.iamPolicies.lintPolicy",
@@ -612,7 +613,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"description": "Required. The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
"required": true,
@@ -665,7 +666,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_UNIQUE_ID}'.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account.",
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
"required": true,
@@ -693,7 +694,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"description": "Required. The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
"required": true,
@@ -718,7 +719,7 @@
],
"parameters": {
"options.requestedPolicyVersion": {
"description": "Optional. The policy format version to be returned.\nAcceptable values are 0 and 1.\nIf the value is 0, or the field is omitted, policy format version 1 will be\nreturned.",
"description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
"format": "int32",
"location": "query",
"type": "integer"
@@ -841,7 +842,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"description": "Required. The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
"required": true,
@@ -869,7 +870,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"description": "Required. The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
"required": true,
@@ -925,7 +926,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_UNIQUE_ID}'.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account.",
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_UNIQUE_ID}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
"required": true,
@@ -985,7 +986,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"description": "Required. The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
"required": true,
@@ -1013,7 +1014,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the service account key in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"description": "Required. The resource name of the service account key in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$",
"required": true,
@@ -1038,7 +1039,7 @@
],
"parameters": {
"name": {
"description": "The resource name of the service account key in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.\n\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"description": "Required. The resource name of the service account key in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.\n\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$",
"required": true,
@@ -1084,7 +1085,7 @@
"type": "string"
},
"name": {
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\n\nUsing `-` as a wildcard for the `PROJECT_ID`, will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"description": "Required. The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\n\nUsing `-` as a wildcard for the `PROJECT_ID`, will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
"required": true,
@@ -1098,6 +1099,34 @@
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"upload": {
"description": "Upload public key for a given service account.\nThis rpc will create a\nServiceAccountKey that has the\nprovided public key and returns it.",
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys:upload",
"httpMethod": "POST",
"id": "iam.projects.serviceAccounts.keys.upload",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The resource name of the service account in the following format:\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`.\nUsing `-` as a wildcard for the `PROJECT_ID` will infer the project from\nthe account. The `ACCOUNT` value can be the `email` address or the\n`unique_id` of the service account.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}/keys:upload",
"request": {
"$ref": "UploadServiceAccountKeyRequest"
},
"response": {
"$ref": "ServiceAccountKey"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
}
}
}
@@ -1199,7 +1228,7 @@
}
}
},
"revision": "20190627",
"revision": "20200319",
"rootUrl": "https://iam.googleapis.com/",
"schemas": {
"AdminAuditData": {
@@ -1214,7 +1243,7 @@
"type": "object"
},
"AuditConfig": {
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"fooservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:bar@gmail.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts foo@gmail.com from DATA_READ logging, and\nbar@gmail.com from DATA_WRITE logging.",
"description": "Specifies the audit configuration for a service.\nThe configuration determines which permission types are logged, and what\nidentities, if any, are exempted from logging.\nAn AuditConfig must have one or more AuditLogConfigs.\n\nIf there are AuditConfigs for both `allServices` and a specific service,\nthe union of the two AuditConfigs is used for that service: the log_types\nspecified in each AuditConfig are enabled, and the exempted_members in each\nAuditLogConfig are exempted.\n\nExample Policy with multiple AuditConfigs:\n\n {\n \"audit_configs\": [\n {\n \"service\": \"allServices\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n },\n {\n \"log_type\": \"ADMIN_READ\",\n }\n ]\n },\n {\n \"service\": \"sampleservice.googleapis.com\"\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n },\n {\n \"log_type\": \"DATA_WRITE\",\n \"exempted_members\": [\n \"user:aliya@example.com\"\n ]\n }\n ]\n }\n ]\n }\n\nFor sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ\nlogging. It also exempts jose@example.com from DATA_READ logging, and\naliya@example.com from DATA_WRITE logging.",
"id": "AuditConfig",
"properties": {
"auditLogConfigs": {
@@ -1243,7 +1272,7 @@
"type": "object"
},
"AuditLogConfig": {
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\nfoo@gmail.com from DATA_READ logging.",
"description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:jose@example.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\njose@example.com from DATA_READ logging.",
"id": "AuditLogConfig",
"properties": {
"exemptedMembers": {
@@ -1292,7 +1321,7 @@
"description": "The condition that is associated with this binding.\nNOTE: An unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently."
},
"members": {
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@gmail.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
"description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n* `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n* `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n* `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n",
"items": {
"type": "string"
},
@@ -1325,7 +1354,7 @@
},
"condition": {
"$ref": "Expr",
"description": "Unimplemented. The condition that is associated with this binding.\nThis field is logged only for Cloud Audit Logging."
"description": "The condition that is associated with this binding."
},
"member": {
"description": "A single identity requesting access for a Cloud Platform resource.\nFollows the same format of Binding.members.\nRequired",
@@ -1398,7 +1427,7 @@
},
"serviceAccount": {
"$ref": "ServiceAccount",
"description": "The ServiceAccount resource to\ncreate. Currently, only the following values are user assignable:\n`display_name` ."
"description": "The ServiceAccount resource to\ncreate. Currently, only the following values are user assignable:\n`display_name` and `description`."
}
},
"type": "object"
@@ -1422,55 +1451,39 @@
"type": "object"
},
"Expr": {
"description": "Represents an expression text. Example:\n\n title: \"User account presence\"\n description: \"Determines whether the request has a user account\"\n expression: \"size(request.user) > 0\"",
"description": "Represents a textual expression in the Common Expression Language (CEL)\nsyntax. CEL is a C-like expression language. The syntax and semantics of CEL\nare documented at https://github.com/google/cel-spec.\n\nExample (Comparison):\n\n title: \"Summary size limit\"\n description: \"Determines if a summary is less than 100 chars\"\n expression: \"document.summary.size() < 100\"\n\nExample (Equality):\n\n title: \"Requestor is owner\"\n description: \"Determines if requestor is the document owner\"\n expression: \"document.owner == request.auth.claims.email\"\n\nExample (Logic):\n\n title: \"Public documents\"\n description: \"Determine whether the document should be publicly visible\"\n expression: \"document.type != 'private' && document.type != 'internal'\"\n\nExample (Data Manipulation):\n\n title: \"Notification string\"\n description: \"Create a notification string with a timestamp.\"\n expression: \"'New message received at ' + string(document.create_time)\"\n\nThe exact variables and functions that may be referenced within an expression\nare determined by the service that evaluates it. See the service\ndocumentation for additional information.",
"id": "Expr",
"properties": {
"description": {
"description": "An optional description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"description": "Optional. Description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.",
"type": "string"
},
"expression": {
"description": "Textual representation of an expression in\nCommon Expression Language syntax.\n\nThe application context of the containing message determines which\nwell-known feature set of CEL is supported.",
"description": "Textual representation of an expression in Common Expression Language\nsyntax.",
"type": "string"
},
"location": {
"description": "An optional string indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"description": "Optional. String indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.",
"type": "string"
},
"title": {
"description": "An optional title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"description": "Optional. Title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.",
"type": "string"
}
},
"type": "object"
},
"LintPolicyRequest": {
"description": "The request to lint a Cloud IAM policy object. LintPolicy is currently\nfunctional only for `lint_object` of type `condition`.",
"description": "The request to lint a Cloud IAM policy object.",
"id": "LintPolicyRequest",
"properties": {
"binding": {
"$ref": "Binding",
"description": "Binding object to be linted. The functionality of linting a binding is\nnot yet implemented and if this field is set, it returns NOT_IMPLEMENTED\nerror."
},
"condition": {
"$ref": "Expr",
"description": "google.iam.v1.Binding.condition object to be linted."
},
"context": {
"additionalProperties": {
"description": "Properties of the object.",
"type": "any"
},
"description": "`context` contains additional *permission-controlled* data that any\nlint unit may depend on, in form of `{key: value}` pairs. Currently, this\nfield is non-operational and it will not be used during the lint operation.",
"type": "object"
},
"fullResourceName": {
"description": "The full resource name of the policy this lint request is about.\n\nThe name follows the Google Cloud Platform (GCP) resource format.\nFor example, a GCP project with ID `my-project` will be named\n`//cloudresourcemanager.googleapis.com/projects/my-project`.\n\nThe resource name is not used to read the policy instance from the Cloud\nIAM database. The candidate policy for lint has to be provided in the same\nrequest object.",
"type": "string"
},
"policy": {
"$ref": "Policy",
"description": "Policy object to be linted. The functionality of linting a policy is not\nyet implemented and if this field is set, it returns NOT_IMPLEMENTED\nerror."
}
},
"type": "object"
@@ -1480,7 +1493,7 @@
"id": "LintPolicyResponse",
"properties": {
"lintResults": {
"description": "List of lint results sorted by a composite <severity, binding_ordinal> key,\ndescending order of severity and ascending order of binding_ordinal.\nThere is no certain order among the same keys.\n\nFor cross-binding results (only if the input object to lint is\ninstance of google.iam.v1.Policy), there will be a\ngoogle.iam.admin.v1.LintResult for each of the involved bindings,\nand the associated debug_message may enumerate the other involved\nbinding ordinal number(s).",
"description": "List of lint results sorted by `severity` in descending order.",
"items": {
"$ref": "LintResult"
},
@@ -1493,32 +1506,23 @@
"description": "Structured response of a single validation unit.",
"id": "LintResult",
"properties": {
"bindingOrdinal": {
"description": "0-based index ordinality of the binding in the input object associated\nwith this result.\nThis field is populated only if the input object to lint is of type\ngoogle.iam.v1.Policy, which can comprise more than one binding.\nIt is set to -1 if the result is not associated with any particular\nbinding and only targets the policy as a whole, such as results about\npolicy size violations.",
"format": "int32",
"type": "integer"
},
"debugMessage": {
"description": "Human readable debug message associated with the issue.",
"type": "string"
},
"fieldName": {
"description": "The name of the field for which this lint result is about.\n\nFor nested messages, `field_name` consists of names of the embedded fields\nseparated by period character. The top-level qualifier is the input object\nto lint in the request. For instance, if the lint request is on a\ngoogle.iam.v1.Policy and this lint result is about a condition\nexpression of one of the input policy bindings, the field would be\npopulated as `policy.bindings.condition.expression`.\n\nThis field does not identify the ordinality of the repetitive fields (for\ninstance bindings in a policy).",
"description": "The name of the field for which this lint result is about.\n\nFor nested messages `field_name` consists of names of the embedded fields\nseparated by period character. The top-level qualifier is the input object\nto lint in the request. For example, the `field_name` value\n`condition.expression` identifies a lint result for the `expression` field\nof the provided condition.",
"type": "string"
},
"level": {
"description": "The validation unit level.",
"enum": [
"LEVEL_UNSPECIFIED",
"POLICY",
"BINDING",
"CONDITION"
],
"enumDescriptions": [
"Level is unspecified.",
"A validation unit which operates on a policy. It is executed only if the\ninput object to lint is of type google.iam.v1.Policy.",
"A validation unit which operates on an individual binding. It is executed\nin both cases where the input object to lint is of type\ngoogle.iam.v1.Policy or google.iam.v1.Binding.",
"A validation unit which operates on an individual condition within a\nbinding. It is executed in all three cases where the input object to\nlint is of type google.iam.v1.Policy,\ngoogle.iam.v1.Binding or\ngoogle.iam.v1.Binding.condition."
"A validation unit which operates on an individual condition within a\nbinding."
],
"type": "string"
},
@@ -1548,7 +1552,7 @@
"type": "string"
},
"validationUnitName": {
"description": "The validation unit name, for instance\n\u201clintValidationUnits/ConditionComplexityCheck\u201d.",
"description": "The validation unit name, for instance\n\"lintValidationUnits/ConditionComplexityCheck\".",
"type": "string"
}
},
@@ -1641,7 +1645,7 @@
"type": "string"
},
"description": {
"description": "A brief description of what this Permission is used for.",
"description": "A brief description of what this Permission is used for.\nThis permission can ONLY be used in predefined roles.",
"type": "string"
},
"name": {
@@ -1649,9 +1653,12 @@
"type": "string"
},
"onlyInPredefinedRoles": {
"description": "This permission can ONLY be used in predefined roles.",
"type": "boolean"
},
"primaryPermission": {
"description": "The preferred name for this permission. If present, then this permission is\nan alias of, and equivalent to, the listed primary_permission.",
"type": "string"
},
"stage": {
"description": "The current launch stage of the permission.",
"enum": [
@@ -1697,7 +1704,7 @@
"type": "object"
},
"Policy": {
"description": "Defines an Identity and Access Management (IAM) policy. It is used to\nspecify access control policies for Cloud Platform resources.\n\n\nA `Policy` consists of a list of `bindings`. A `binding` binds a list of\n`members` to a `role`, where the members can be user accounts, Google groups,\nGoogle domains, and service accounts. A `role` is a named list of permissions\ndefined by IAM.\n\n**JSON Example**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/owner\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-other-app@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/viewer\",\n \"members\": [\"user:sean@example.com\"]\n }\n ]\n }\n\n**YAML Example**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-other-app@appspot.gserviceaccount.com\n role: roles/owner\n - members:\n - user:sean@example.com\n role: roles/viewer\n\n\nFor a description of IAM and its features, see the\n[IAM developer's guide](https://cloud.google.com/iam/docs).",
"description": "An Identity and Access Management (IAM) policy, which specifies access\ncontrols for Google Cloud resources.\n\n\nA `Policy` is a collection of `bindings`. A `binding` binds one or more\n`members` to a single `role`. Members can be user accounts, service accounts,\nGoogle groups, and domains (such as G Suite). A `role` is a named list of\npermissions; each `role` can be an IAM predefined role or a user-created\ncustom role.\n\nOptionally, a `binding` can specify a `condition`, which is a logical\nexpression that allows access to a resource only if the expression evaluates\nto `true`. A condition can add constraints based on attributes of the\nrequest, the resource, or both.\n\n**JSON example:**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/resourcemanager.organizationAdmin\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-project-id@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/resourcemanager.organizationViewer\",\n \"members\": [\"user:eve@example.com\"],\n \"condition\": {\n \"title\": \"expirable access\",\n \"description\": \"Does not grant access after Sep 2020\",\n \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\",\n }\n }\n ],\n \"etag\": \"BwWWja0YfJA=\",\n \"version\": 3\n }\n\n**YAML example:**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-project-id@appspot.gserviceaccount.com\n role: roles/resourcemanager.organizationAdmin\n - members:\n - user:eve@example.com\n role: roles/resourcemanager.organizationViewer\n condition:\n title: expirable access\n description: Does not grant access after Sep 2020\n expression: request.time < timestamp('2020-10-01T00:00:00.000Z')\n - etag: BwWWja0YfJA=\n - version: 3\n\nFor a description of IAM and its features, see the\n[IAM documentation](https://cloud.google.com/iam/docs/).",
"id": "Policy",
"properties": {
"auditConfigs": {
@@ -1708,19 +1715,19 @@
"type": "array"
},
"bindings": {
"description": "Associates a list of `members` to a `role`.\n`bindings` with no members will result in an error.",
"description": "Associates a list of `members` to a `role`. Optionally, may specify a\n`condition` that determines how and when the `bindings` are applied. Each\nof the `bindings` must contain at least one member.",
"items": {
"$ref": "Binding"
},
"type": "array"
},
"etag": {
"description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\nIf no `etag` is provided in the call to `setIamPolicy`, then the existing\npolicy is overwritten blindly.",
"description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.",
"format": "byte",
"type": "string"
},
"version": {
"description": "Deprecated.",
"description": "Specifies the format of the policy.\n\nValid values are `0`, `1`, and `3`. Requests that specify an invalid value\nare rejected.\n\nAny operation that affects conditional role bindings must specify version\n`3`. This requirement applies to the following operations:\n\n* Getting a policy that includes a conditional role binding\n* Adding a conditional role binding to a policy\n* Changing a conditional role binding in a policy\n* Removing any role binding, with or without a condition, from a policy\n that includes conditions\n\n**Important:** If you use IAM Conditions, you must include the `etag` field\nwhenever you call `setIamPolicy`. If you omit this field, then IAM allows\nyou to overwrite a version `3` policy with a version `1` policy, and all of\nthe conditions in the version `3` policy are lost.\n\nIf a policy does not include any conditions, operations on that policy may\nspecify any valid version or leave the field unset.",
"format": "int32",
"type": "integer"
}
@@ -1862,7 +1869,7 @@
"type": "boolean"
},
"description": {
"description": "Optional. A human-readable description for the role.",
"description": "Optional. A human-readable description for the role.",
"type": "string"
},
"etag": {
@@ -1878,7 +1885,7 @@
"type": "array"
},
"name": {
"description": "The name of the role.\n\nWhen Role is used in CreateRole, the role name must not be set.\n\nWhen Role is used in output and other input such as UpdateRole, the role\nname is the complete path, e.g., roles/logging.viewer for curated roles\nand organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.",
"description": "The name of the role.\n\nWhen Role is used in CreateRole, the role name must not be set.\n\nWhen Role is used in output and other input such as UpdateRole, the role\nname is the complete path, e.g., roles/logging.viewer for predefined roles\nand organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.",
"type": "string"
},
"stage": {
@@ -1902,7 +1909,7 @@
"type": "string"
},
"title": {
"description": "Optional. A human-readable title for the role. Typically this\nis limited to 100 UTF-8 bytes.",
"description": "Optional. A human-readable title for the role. Typically this\nis limited to 100 UTF-8 bytes.",
"type": "string"
}
},
@@ -1984,6 +1991,20 @@
],
"type": "string"
},
"keyType": {
"description": "The key type.",
"enum": [
"KEY_TYPE_UNSPECIFIED",
"USER_MANAGED",
"SYSTEM_MANAGED"
],
"enumDescriptions": [
"Unspecified key type. The presence of this in the\nmessage will immediately result in an error.",
"User-managed keys (managed and rotated by the user).",
"System-managed keys (managed and rotated by Google)."
],
"type": "string"
},
"name": {
"description": "The resource name of the service account key in the following format\n`projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.",
"type": "string"
@@ -2018,7 +2039,7 @@
"type": "string"
},
"validBeforeTime": {
"description": "The key can be used before this timestamp.",
"description": "The key can be used before this timestamp.\nFor system-managed key pairs, this timestamp is the end time for the\nprivate key signing operation. The public key could still be used\nfor verification for a few hours after this time.",
"format": "google-datetime",
"type": "string"
}
@@ -2046,7 +2067,7 @@
"id": "SignBlobRequest",
"properties": {
"bytesToSign": {
"description": "The bytes to sign.",
"description": "Required. The bytes to sign.",
"format": "byte",
"type": "string"
}
@@ -2074,7 +2095,7 @@
"id": "SignJwtRequest",
"properties": {
"payload": {
"description": "The JWT payload to sign, a JSON JWT Claim set.",
"description": "Required. The JWT payload to sign, a JSON JWT Claim set.",
"type": "string"
}
},
@@ -2150,6 +2171,18 @@
}
},
"type": "object"
},
"UploadServiceAccountKeyRequest": {
"description": "The service account key upload request.",
"id": "UploadServiceAccountKeyRequest",
"properties": {
"publicKeyData": {
"description": "A field that allows clients to upload their own public key. If set,\nuse this public key data to create a service account key for given\nservice account.\nPlease note, the expected format for this field is X509_PEM.",
"format": "byte",
"type": "string"
}
},
"type": "object"
}
},
"servicePath": "",