google-apis-iam-v1-0.36.0/0000755000175000017500000000000014413333754013571 5ustar raviravigoogle-apis-iam-v1-0.36.0/LICENSE.md0000644000175000017500000002636114413333754015205 0ustar raviravi Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. google-apis-iam-v1-0.36.0/lib/0000755000175000017500000000000014413333754014337 5ustar raviravigoogle-apis-iam-v1-0.36.0/lib/google/0000755000175000017500000000000014413333754015613 5ustar raviravigoogle-apis-iam-v1-0.36.0/lib/google/apis/0000755000175000017500000000000014413333754016547 5ustar raviravigoogle-apis-iam-v1-0.36.0/lib/google/apis/iam_v1.rb0000644000175000017500000000265314413333754020256 0ustar raviravi# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require 'google/apis/iam_v1/service.rb' require 'google/apis/iam_v1/classes.rb' require 'google/apis/iam_v1/representations.rb' require 'google/apis/iam_v1/gem_version.rb' module Google module Apis # Identity and Access Management (IAM) API # # Manages identity and access control for Google Cloud Platform resources, # including the creation of service accounts, which you can use to authenticate # to Google and make API calls. # # @see https://cloud.google.com/iam/ module IamV1 # Version of the Identity and Access Management (IAM) API this client connects to. # This is NOT the gem version. VERSION = 'V1' # See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account. AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform' end end end google-apis-iam-v1-0.36.0/lib/google/apis/iam_v1/0000755000175000017500000000000014413333754017723 5ustar raviravigoogle-apis-iam-v1-0.36.0/lib/google/apis/iam_v1/classes.rb0000644000175000017500000026605114413333754021717 0ustar raviravi# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require 'date' require 'google/apis/core/base_service' require 'google/apis/core/json_representation' require 'google/apis/core/hashable' require 'google/apis/errors' module Google module Apis module IamV1 # Audit log information specific to Cloud IAM admin APIs. This message is # serialized as an `Any` type in the `ServiceData` message of an `AuditLog` # message. class AdminAuditData include Google::Apis::Core::Hashable # A PermissionDelta message to record the added_permissions and # removed_permissions inside a role. # Corresponds to the JSON property `permissionDelta` # @return [Google::Apis::IamV1::PermissionDelta] attr_accessor :permission_delta def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @permission_delta = args[:permission_delta] if args.key?(:permission_delta) end end # Specifies the audit configuration for a service. The configuration determines # which permission types are logged, and what identities, if any, are exempted # from logging. An AuditConfig must have one or more AuditLogConfigs. If there # are AuditConfigs for both `allServices` and a specific service, the union of # the two AuditConfigs is used for that service: the log_types specified in each # AuditConfig are enabled, and the exempted_members in each AuditLogConfig are # exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` " # service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", " # exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `, # ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com", # "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE" # , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice, # this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also # exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` # from DATA_WRITE logging. class AuditConfig include Google::Apis::Core::Hashable # The configuration for logging of each type of permission. # Corresponds to the JSON property `auditLogConfigs` # @return [Array] attr_accessor :audit_log_configs # Specifies a service that will be enabled for audit logging. For example, ` # storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special # value that covers all services. # Corresponds to the JSON property `service` # @return [String] attr_accessor :service def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs) @service = args[:service] if args.key?(:service) end end # Audit log information specific to Cloud IAM. This message is serialized as an ` # Any` type in the `ServiceData` message of an `AuditLog` message. class AuditData include Google::Apis::Core::Hashable # The difference delta between two policies. # Corresponds to the JSON property `policyDelta` # @return [Google::Apis::IamV1::PolicyDelta] attr_accessor :policy_delta def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @policy_delta = args[:policy_delta] if args.key?(:policy_delta) end end # Provides the configuration for logging a type of permissions. Example: ` " # audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user: # jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables ' # DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from # DATA_READ logging. class AuditLogConfig include Google::Apis::Core::Hashable # Specifies the identities that do not cause logging for this type of permission. # Follows the same format of Binding.members. # Corresponds to the JSON property `exemptedMembers` # @return [Array] attr_accessor :exempted_members # The log type that this config enables. # Corresponds to the JSON property `logType` # @return [String] attr_accessor :log_type def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @exempted_members = args[:exempted_members] if args.key?(:exempted_members) @log_type = args[:log_type] if args.key?(:log_type) end end # Contains information about an auditable service. class AuditableService include Google::Apis::Core::Hashable # Public name of the service. For example, the service name for Cloud IAM is ' # iam.googleapis.com'. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @name = args[:name] if args.key?(:name) end end # Represents an Amazon Web Services identity provider. class Aws include Google::Apis::Core::Hashable # Required. The AWS account ID. # Corresponds to the JSON property `accountId` # @return [String] attr_accessor :account_id def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @account_id = args[:account_id] if args.key?(:account_id) end end # Associates `members`, or principals, with a `role`. class Binding include Google::Apis::Core::Hashable # Represents a textual expression in the Common Expression Language (CEL) syntax. # CEL is a C-like expression language. The syntax and semantics of CEL are # documented at https://github.com/google/cel-spec. Example (Comparison): title: # "Summary size limit" description: "Determines if a summary is less than 100 # chars" expression: "document.summary.size() < 100" Example (Equality): title: " # Requestor is owner" description: "Determines if requestor is the document # owner" expression: "document.owner == request.auth.claims.email" Example ( # Logic): title: "Public documents" description: "Determine whether the document # should be publicly visible" expression: "document.type != 'private' && # document.type != 'internal'" Example (Data Manipulation): title: "Notification # string" description: "Create a notification string with a timestamp." # expression: "'New message received at ' + string(document.create_time)" The # exact variables and functions that may be referenced within an expression are # determined by the service that evaluates it. See the service documentation for # additional information. # Corresponds to the JSON property `condition` # @return [Google::Apis::IamV1::Expr] attr_accessor :condition # Specifies the principals requesting access for a Google Cloud resource. ` # members` can have the following values: * `allUsers`: A special identifier # that represents anyone who is on the internet; with or without a Google # account. * `allAuthenticatedUsers`: A special identifier that represents # anyone who is authenticated with a Google account or a service account. Does # not include identities that come from external identity providers (IdPs) # through identity federation. * `user:`emailid``: An email address that # represents a specific Google account. For example, `alice@example.com` . * ` # serviceAccount:`emailid``: An email address that represents a Google service # account. For example, `my-other-app@appspot.gserviceaccount.com`. * ` # serviceAccount:`projectid`.svc.id.goog[`namespace`/`kubernetes-sa`]`: An # identifier for a [Kubernetes service account](https://cloud.google.com/ # kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my- # project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:`emailid``: An # email address that represents a Google group. For example, `admins@example.com` # . * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique # identifier) representing a user that has been recently deleted. For example, ` # alice@example.com?uid=123456789012345678901`. If the user is recovered, this # value reverts to `user:`emailid`` and the recovered user retains the role in # the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email # address (plus unique identifier) representing a service account that has been # recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid= # 123456789012345678901`. If the service account is undeleted, this value # reverts to `serviceAccount:`emailid`` and the undeleted service account # retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``: # An email address (plus unique identifier) representing a Google group that has # been recently deleted. For example, `admins@example.com?uid= # 123456789012345678901`. If the group is recovered, this value reverts to ` # group:`emailid`` and the recovered group retains the role in the binding. * ` # domain:`domain``: The G Suite domain (primary) that represents all the users # of that domain. For example, `google.com` or `example.com`. # Corresponds to the JSON property `members` # @return [Array] attr_accessor :members # Role that is assigned to the list of `members`, or principals. For example, ` # roles/viewer`, `roles/editor`, or `roles/owner`. # Corresponds to the JSON property `role` # @return [String] attr_accessor :role def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @condition = args[:condition] if args.key?(:condition) @members = args[:members] if args.key?(:members) @role = args[:role] if args.key?(:role) end end # One delta entry for Binding. Each individual change (only one member in each # entry) to a binding will be a separate entry. class BindingDelta include Google::Apis::Core::Hashable # The action that was performed on a Binding. Required # Corresponds to the JSON property `action` # @return [String] attr_accessor :action # Represents a textual expression in the Common Expression Language (CEL) syntax. # CEL is a C-like expression language. The syntax and semantics of CEL are # documented at https://github.com/google/cel-spec. Example (Comparison): title: # "Summary size limit" description: "Determines if a summary is less than 100 # chars" expression: "document.summary.size() < 100" Example (Equality): title: " # Requestor is owner" description: "Determines if requestor is the document # owner" expression: "document.owner == request.auth.claims.email" Example ( # Logic): title: "Public documents" description: "Determine whether the document # should be publicly visible" expression: "document.type != 'private' && # document.type != 'internal'" Example (Data Manipulation): title: "Notification # string" description: "Create a notification string with a timestamp." # expression: "'New message received at ' + string(document.create_time)" The # exact variables and functions that may be referenced within an expression are # determined by the service that evaluates it. See the service documentation for # additional information. # Corresponds to the JSON property `condition` # @return [Google::Apis::IamV1::Expr] attr_accessor :condition # A single identity requesting access for a Google Cloud resource. Follows the # same format of Binding.members. Required # Corresponds to the JSON property `member` # @return [String] attr_accessor :member # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor` # , or `roles/owner`. Required # Corresponds to the JSON property `role` # @return [String] attr_accessor :role def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @action = args[:action] if args.key?(:action) @condition = args[:condition] if args.key?(:condition) @member = args[:member] if args.key?(:member) @role = args[:role] if args.key?(:role) end end # The request to create a new role. class CreateRoleRequest include Google::Apis::Core::Hashable # A role in the Identity and Access Management API. # Corresponds to the JSON property `role` # @return [Google::Apis::IamV1::Role] attr_accessor :role # The role ID to use for this role. A role ID may contain alphanumeric # characters, underscores (`_`), and periods (`.`). It must contain a minimum of # 3 characters and a maximum of 64 characters. # Corresponds to the JSON property `roleId` # @return [String] attr_accessor :role_id def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @role = args[:role] if args.key?(:role) @role_id = args[:role_id] if args.key?(:role_id) end end # The service account key create request. class CreateServiceAccountKeyRequest include Google::Apis::Core::Hashable # Which type of key and algorithm to use for the key. The default is currently a # 2K RSA key. However this may change in the future. # Corresponds to the JSON property `keyAlgorithm` # @return [String] attr_accessor :key_algorithm # The output format of the private key. The default value is ` # TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File format. # Corresponds to the JSON property `privateKeyType` # @return [String] attr_accessor :private_key_type def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @key_algorithm = args[:key_algorithm] if args.key?(:key_algorithm) @private_key_type = args[:private_key_type] if args.key?(:private_key_type) end end # The service account create request. class CreateServiceAccountRequest include Google::Apis::Core::Hashable # Required. The account id that is used to generate the service account email # address and a stable unique id. It is unique within a project, must be 6-30 # characters long, and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])` # to comply with RFC1035. # Corresponds to the JSON property `accountId` # @return [String] attr_accessor :account_id # An IAM service account. A service account is an account for an application or # a virtual machine (VM) instance, not a person. You can use a service account # to call Google APIs. To learn more, read the [overview of service accounts]( # https://cloud.google.com/iam/help/service-accounts/overview). When you create # a service account, you specify the project ID that owns the service account, # as well as a name that must be unique within the project. IAM uses these # values to create an email address that identifies the service // # Corresponds to the JSON property `serviceAccount` # @return [Google::Apis::IamV1::ServiceAccount] attr_accessor :service_account def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @account_id = args[:account_id] if args.key?(:account_id) @service_account = args[:service_account] if args.key?(:service_account) end end # The service account key disable request. class DisableServiceAccountKeyRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # The service account disable request. class DisableServiceAccountRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # A generic empty message that you can re-use to avoid defining duplicated empty # messages in your APIs. A typical example is to use it as the request or the # response type of an API method. For instance: service Foo ` rpc Bar(google. # protobuf.Empty) returns (google.protobuf.Empty); ` class Empty include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # The service account key enable request. class EnableServiceAccountKeyRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # The service account enable request. class EnableServiceAccountRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # Represents a textual expression in the Common Expression Language (CEL) syntax. # CEL is a C-like expression language. The syntax and semantics of CEL are # documented at https://github.com/google/cel-spec. Example (Comparison): title: # "Summary size limit" description: "Determines if a summary is less than 100 # chars" expression: "document.summary.size() < 100" Example (Equality): title: " # Requestor is owner" description: "Determines if requestor is the document # owner" expression: "document.owner == request.auth.claims.email" Example ( # Logic): title: "Public documents" description: "Determine whether the document # should be publicly visible" expression: "document.type != 'private' && # document.type != 'internal'" Example (Data Manipulation): title: "Notification # string" description: "Create a notification string with a timestamp." # expression: "'New message received at ' + string(document.create_time)" The # exact variables and functions that may be referenced within an expression are # determined by the service that evaluates it. See the service documentation for # additional information. class Expr include Google::Apis::Core::Hashable # Optional. Description of the expression. This is a longer text which describes # the expression, e.g. when hovered over it in a UI. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Textual representation of an expression in Common Expression Language syntax. # Corresponds to the JSON property `expression` # @return [String] attr_accessor :expression # Optional. String indicating the location of the expression for error reporting, # e.g. a file name and a position in the file. # Corresponds to the JSON property `location` # @return [String] attr_accessor :location # Optional. Title for the expression, i.e. a short string describing its purpose. # This can be used e.g. in UIs which allow to enter the expression. # Corresponds to the JSON property `title` # @return [String] attr_accessor :title def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @description = args[:description] if args.key?(:description) @expression = args[:expression] if args.key?(:expression) @location = args[:location] if args.key?(:location) @title = args[:title] if args.key?(:title) end end # The request to lint a Cloud IAM policy object. class LintPolicyRequest include Google::Apis::Core::Hashable # Represents a textual expression in the Common Expression Language (CEL) syntax. # CEL is a C-like expression language. The syntax and semantics of CEL are # documented at https://github.com/google/cel-spec. Example (Comparison): title: # "Summary size limit" description: "Determines if a summary is less than 100 # chars" expression: "document.summary.size() < 100" Example (Equality): title: " # Requestor is owner" description: "Determines if requestor is the document # owner" expression: "document.owner == request.auth.claims.email" Example ( # Logic): title: "Public documents" description: "Determine whether the document # should be publicly visible" expression: "document.type != 'private' && # document.type != 'internal'" Example (Data Manipulation): title: "Notification # string" description: "Create a notification string with a timestamp." # expression: "'New message received at ' + string(document.create_time)" The # exact variables and functions that may be referenced within an expression are # determined by the service that evaluates it. See the service documentation for # additional information. # Corresponds to the JSON property `condition` # @return [Google::Apis::IamV1::Expr] attr_accessor :condition # The full resource name of the policy this lint request is about. The name # follows the Google Cloud Platform (GCP) resource format. For example, a GCP # project with ID `my-project` will be named `//cloudresourcemanager.googleapis. # com/projects/my-project`. The resource name is not used to read the policy # instance from the Cloud IAM database. The candidate policy for lint has to be # provided in the same request object. # Corresponds to the JSON property `fullResourceName` # @return [String] attr_accessor :full_resource_name def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @condition = args[:condition] if args.key?(:condition) @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name) end end # The response of a lint operation. An empty response indicates the operation # was able to fully execute and no lint issue was found. class LintPolicyResponse include Google::Apis::Core::Hashable # List of lint results sorted by `severity` in descending order. # Corresponds to the JSON property `lintResults` # @return [Array] attr_accessor :lint_results def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @lint_results = args[:lint_results] if args.key?(:lint_results) end end # Structured response of a single validation unit. class LintResult include Google::Apis::Core::Hashable # Human readable debug message associated with the issue. # Corresponds to the JSON property `debugMessage` # @return [String] attr_accessor :debug_message # The name of the field for which this lint result is about. For nested messages # `field_name` consists of names of the embedded fields separated by period # character. The top-level qualifier is the input object to lint in the request. # For example, the `field_name` value `condition.expression` identifies a lint # result for the `expression` field of the provided condition. # Corresponds to the JSON property `fieldName` # @return [String] attr_accessor :field_name # The validation unit level. # Corresponds to the JSON property `level` # @return [String] attr_accessor :level # 0-based character position of problematic construct within the object # identified by `field_name`. Currently, this is populated only for condition # expression. # Corresponds to the JSON property `locationOffset` # @return [Fixnum] attr_accessor :location_offset # The validation unit severity. # Corresponds to the JSON property `severity` # @return [String] attr_accessor :severity # The validation unit name, for instance "lintValidationUnits/ # ConditionComplexityCheck". # Corresponds to the JSON property `validationUnitName` # @return [String] attr_accessor :validation_unit_name def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @debug_message = args[:debug_message] if args.key?(:debug_message) @field_name = args[:field_name] if args.key?(:field_name) @level = args[:level] if args.key?(:level) @location_offset = args[:location_offset] if args.key?(:location_offset) @severity = args[:severity] if args.key?(:severity) @validation_unit_name = args[:validation_unit_name] if args.key?(:validation_unit_name) end end # The response containing the roles defined under a resource. class ListRolesResponse include Google::Apis::Core::Hashable # To retrieve the next page of results, set `ListRolesRequest.page_token` to # this value. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # The Roles defined on this resource. # Corresponds to the JSON property `roles` # @return [Array] attr_accessor :roles def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @roles = args[:roles] if args.key?(:roles) end end # The service account keys list response. class ListServiceAccountKeysResponse include Google::Apis::Core::Hashable # The public keys for the service account. # Corresponds to the JSON property `keys` # @return [Array] attr_accessor :keys def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @keys = args[:keys] if args.key?(:keys) end end # The service account list response. class ListServiceAccountsResponse include Google::Apis::Core::Hashable # The list of matching service accounts. # Corresponds to the JSON property `accounts` # @return [Array] attr_accessor :accounts # To retrieve the next page of results, set ListServiceAccountsRequest. # page_token to this value. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @accounts = args[:accounts] if args.key?(:accounts) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) end end # Response message for ListWorkloadIdentityPoolProviders. class ListWorkloadIdentityPoolProvidersResponse include Google::Apis::Core::Hashable # A token, which can be sent as `page_token` to retrieve the next page. If this # field is omitted, there are no subsequent pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # A list of providers. # Corresponds to the JSON property `workloadIdentityPoolProviders` # @return [Array] attr_accessor :workload_identity_pool_providers def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @workload_identity_pool_providers = args[:workload_identity_pool_providers] if args.key?(:workload_identity_pool_providers) end end # Response message for ListWorkloadIdentityPools. class ListWorkloadIdentityPoolsResponse include Google::Apis::Core::Hashable # A token, which can be sent as `page_token` to retrieve the next page. If this # field is omitted, there are no subsequent pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # A list of pools. # Corresponds to the JSON property `workloadIdentityPools` # @return [Array] attr_accessor :workload_identity_pools def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @workload_identity_pools = args[:workload_identity_pools] if args.key?(:workload_identity_pools) end end # Represents an OpenId Connect 1.0 identity provider. class Oidc include Google::Apis::Core::Hashable # Acceptable values for the `aud` field (audience) in the OIDC token. Token # exchange requests are rejected if the token audience does not match one of the # configured values. Each audience may be at most 256 characters. A maximum of # 10 audiences may be configured. If this list is empty, the OIDC token audience # must be equal to the full canonical resource name of the # WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: `` # ` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ # https://iam.googleapis.com/projects//locations//workloadIdentityPools// # providers/ ``` # Corresponds to the JSON property `allowedAudiences` # @return [Array] attr_accessor :allowed_audiences # Required. The OIDC issuer URL. Must be an HTTPS endpoint. # Corresponds to the JSON property `issuerUri` # @return [String] attr_accessor :issuer_uri def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @allowed_audiences = args[:allowed_audiences] if args.key?(:allowed_audiences) @issuer_uri = args[:issuer_uri] if args.key?(:issuer_uri) end end # This resource represents a long-running operation that is the result of a # network API call. class Operation include Google::Apis::Core::Hashable # If the value is `false`, it means the operation is still in progress. If `true` # , the operation is completed, and either `error` or `response` is available. # Corresponds to the JSON property `done` # @return [Boolean] attr_accessor :done alias_method :done?, :done # The `Status` type defines a logical error model that is suitable for different # programming environments, including REST APIs and RPC APIs. It is used by [ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of # data: error code, error message, and error details. You can find out more # about this error model and how to work with it in the [API Design Guide](https: # //cloud.google.com/apis/design/errors). # Corresponds to the JSON property `error` # @return [Google::Apis::IamV1::Status] attr_accessor :error # Service-specific metadata associated with the operation. It typically contains # progress information and common metadata such as create time. Some services # might not provide such metadata. Any method that returns a long-running # operation should document the metadata type, if any. # Corresponds to the JSON property `metadata` # @return [Hash] attr_accessor :metadata # The server-assigned name, which is only unique within the same service that # originally returns it. If you use the default HTTP mapping, the `name` should # be a resource name ending with `operations/`unique_id``. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # The normal response of the operation in case of success. If the original # method returns no data on success, such as `Delete`, the response is `google. # protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, # the response should be the resource. For other methods, the response should # have the type `XxxResponse`, where `Xxx` is the original method name. For # example, if the original method name is `TakeSnapshot()`, the inferred # response type is `TakeSnapshotResponse`. # Corresponds to the JSON property `response` # @return [Hash] attr_accessor :response def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @done = args[:done] if args.key?(:done) @error = args[:error] if args.key?(:error) @metadata = args[:metadata] if args.key?(:metadata) @name = args[:name] if args.key?(:name) @response = args[:response] if args.key?(:response) end end # The service account patch request. You can patch only the `display_name` and ` # description` fields. You must use the `update_mask` field to specify which of # these fields you want to patch. Only the fields specified in the request are # guaranteed to be returned in the response. Other fields may be empty in the # response. class PatchServiceAccountRequest include Google::Apis::Core::Hashable # An IAM service account. A service account is an account for an application or # a virtual machine (VM) instance, not a person. You can use a service account # to call Google APIs. To learn more, read the [overview of service accounts]( # https://cloud.google.com/iam/help/service-accounts/overview). When you create # a service account, you specify the project ID that owns the service account, # as well as a name that must be unique within the project. IAM uses these # values to create an email address that identifies the service // # Corresponds to the JSON property `serviceAccount` # @return [Google::Apis::IamV1::ServiceAccount] attr_accessor :service_account # # Corresponds to the JSON property `updateMask` # @return [String] attr_accessor :update_mask def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @service_account = args[:service_account] if args.key?(:service_account) @update_mask = args[:update_mask] if args.key?(:update_mask) end end # A permission which can be included by a role. class Permission include Google::Apis::Core::Hashable # The service API associated with the permission is not enabled. # Corresponds to the JSON property `apiDisabled` # @return [Boolean] attr_accessor :api_disabled alias_method :api_disabled?, :api_disabled # The current custom role support level. # Corresponds to the JSON property `customRolesSupportLevel` # @return [String] attr_accessor :custom_roles_support_level # A brief description of what this Permission is used for. This permission can # ONLY be used in predefined roles. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # The name of this Permission. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # # Corresponds to the JSON property `onlyInPredefinedRoles` # @return [Boolean] attr_accessor :only_in_predefined_roles alias_method :only_in_predefined_roles?, :only_in_predefined_roles # The preferred name for this permission. If present, then this permission is an # alias of, and equivalent to, the listed primary_permission. # Corresponds to the JSON property `primaryPermission` # @return [String] attr_accessor :primary_permission # The current launch stage of the permission. # Corresponds to the JSON property `stage` # @return [String] attr_accessor :stage # The title of this Permission. # Corresponds to the JSON property `title` # @return [String] attr_accessor :title def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @api_disabled = args[:api_disabled] if args.key?(:api_disabled) @custom_roles_support_level = args[:custom_roles_support_level] if args.key?(:custom_roles_support_level) @description = args[:description] if args.key?(:description) @name = args[:name] if args.key?(:name) @only_in_predefined_roles = args[:only_in_predefined_roles] if args.key?(:only_in_predefined_roles) @primary_permission = args[:primary_permission] if args.key?(:primary_permission) @stage = args[:stage] if args.key?(:stage) @title = args[:title] if args.key?(:title) end end # A PermissionDelta message to record the added_permissions and # removed_permissions inside a role. class PermissionDelta include Google::Apis::Core::Hashable # Added permissions. # Corresponds to the JSON property `addedPermissions` # @return [Array] attr_accessor :added_permissions # Removed permissions. # Corresponds to the JSON property `removedPermissions` # @return [Array] attr_accessor :removed_permissions def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @added_permissions = args[:added_permissions] if args.key?(:added_permissions) @removed_permissions = args[:removed_permissions] if args.key?(:removed_permissions) end end # An Identity and Access Management (IAM) policy, which specifies access # controls for Google Cloud resources. A `Policy` is a collection of `bindings`. # A `binding` binds one or more `members`, or principals, to a single `role`. # Principals can be user accounts, service accounts, Google groups, and domains ( # such as G Suite). A `role` is a named list of permissions; each `role` can be # an IAM predefined role or a user-created custom role. For some types of Google # Cloud resources, a `binding` can also specify a `condition`, which is a # logical expression that allows access to a resource only if the expression # evaluates to `true`. A condition can add constraints based on attributes of # the request, the resource, or both. To learn which resources support # conditions in their IAM policies, see the [IAM documentation](https://cloud. # google.com/iam/help/conditions/resource-policies). **JSON example:** ` " # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [ # "user:mike@example.com", "group:admins@example.com", "domain:google.com", " # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": " # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" # ], "condition": ` "title": "expirable access", "description": "Does not grant # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00: # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** # bindings: - members: - user:mike@example.com - group:admins@example.com - # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example. # com role: roles/resourcemanager.organizationViewer condition: title: expirable # access description: Does not grant access after Sep 2020 expression: request. # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For # a description of IAM and its features, see the [IAM documentation](https:// # cloud.google.com/iam/docs/). class Policy include Google::Apis::Core::Hashable # Specifies cloud audit logging configuration for this policy. # Corresponds to the JSON property `auditConfigs` # @return [Array] attr_accessor :audit_configs # Associates a list of `members`, or principals, with a `role`. Optionally, may # specify a `condition` that determines how and when the `bindings` are applied. # Each of the `bindings` must contain at least one principal. The `bindings` in # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals # can be Google groups. Each occurrence of a principal counts towards these # limits. For example, if the `bindings` grant 50 different roles to `user:alice@ # example.com`, and not to any other principal, then you can add another 1,450 # principals to the `bindings` in the `Policy`. # Corresponds to the JSON property `bindings` # @return [Array] attr_accessor :bindings # `etag` is used for optimistic concurrency control as a way to help prevent # simultaneous updates of a policy from overwriting each other. It is strongly # suggested that systems make use of the `etag` in the read-modify-write cycle # to perform policy updates in order to avoid race conditions: An `etag` is # returned in the response to `getIamPolicy`, and systems are expected to put # that etag in the request to `setIamPolicy` to ensure that their change will be # applied to the same version of the policy. **Important:** If you use IAM # Conditions, you must include the `etag` field whenever you call `setIamPolicy`. # If you omit this field, then IAM allows you to overwrite a version `3` policy # with a version `1` policy, and all of the conditions in the version `3` policy # are lost. # Corresponds to the JSON property `etag` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :etag # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. # Requests that specify an invalid value are rejected. Any operation that # affects conditional role bindings must specify version `3`. This requirement # applies to the following operations: * Getting a policy that includes a # conditional role binding * Adding a conditional role binding to a policy * # Changing a conditional role binding in a policy * Removing any role binding, # with or without a condition, from a policy that includes conditions ** # Important:** If you use IAM Conditions, you must include the `etag` field # whenever you call `setIamPolicy`. If you omit this field, then IAM allows you # to overwrite a version `3` policy with a version `1` policy, and all of the # conditions in the version `3` policy are lost. If a policy does not include # any conditions, operations on that policy may specify any valid version or # leave the field unset. To learn which resources support conditions in their # IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/ # conditions/resource-policies). # Corresponds to the JSON property `version` # @return [Fixnum] attr_accessor :version def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @audit_configs = args[:audit_configs] if args.key?(:audit_configs) @bindings = args[:bindings] if args.key?(:bindings) @etag = args[:etag] if args.key?(:etag) @version = args[:version] if args.key?(:version) end end # The difference delta between two policies. class PolicyDelta include Google::Apis::Core::Hashable # The delta for Bindings between two policies. # Corresponds to the JSON property `bindingDeltas` # @return [Array] attr_accessor :binding_deltas def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @binding_deltas = args[:binding_deltas] if args.key?(:binding_deltas) end end # A request to get the list of auditable services for a resource. class QueryAuditableServicesRequest include Google::Apis::Core::Hashable # Required. The full resource name to query from the list of auditable services. # The name follows the Google Cloud Platform resource format. For example, a # Cloud Platform project with id `my-project` will be named `// # cloudresourcemanager.googleapis.com/projects/my-project`. # Corresponds to the JSON property `fullResourceName` # @return [String] attr_accessor :full_resource_name def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name) end end # A response containing a list of auditable services for a resource. class QueryAuditableServicesResponse include Google::Apis::Core::Hashable # The auditable services for a resource. # Corresponds to the JSON property `services` # @return [Array] attr_accessor :services def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @services = args[:services] if args.key?(:services) end end # The grantable role query request. class QueryGrantableRolesRequest include Google::Apis::Core::Hashable # Required. The full resource name to query from the list of grantable roles. # The name follows the Google Cloud Platform resource format. For example, a # Cloud Platform project with id `my-project` will be named `// # cloudresourcemanager.googleapis.com/projects/my-project`. # Corresponds to the JSON property `fullResourceName` # @return [String] attr_accessor :full_resource_name # Optional limit on the number of roles to include in the response. The default # is 300, and the maximum is 1,000. # Corresponds to the JSON property `pageSize` # @return [Fixnum] attr_accessor :page_size # Optional pagination token returned in an earlier QueryGrantableRolesResponse. # Corresponds to the JSON property `pageToken` # @return [String] attr_accessor :page_token # # Corresponds to the JSON property `view` # @return [String] attr_accessor :view def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name) @page_size = args[:page_size] if args.key?(:page_size) @page_token = args[:page_token] if args.key?(:page_token) @view = args[:view] if args.key?(:view) end end # The grantable role query response. class QueryGrantableRolesResponse include Google::Apis::Core::Hashable # To retrieve the next page of results, set `QueryGrantableRolesRequest. # page_token` to this value. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # The list of matching roles. # Corresponds to the JSON property `roles` # @return [Array] attr_accessor :roles def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @roles = args[:roles] if args.key?(:roles) end end # A request to get permissions which can be tested on a resource. class QueryTestablePermissionsRequest include Google::Apis::Core::Hashable # Required. The full resource name to query from the list of testable # permissions. The name follows the Google Cloud Platform resource format. For # example, a Cloud Platform project with id `my-project` will be named `// # cloudresourcemanager.googleapis.com/projects/my-project`. # Corresponds to the JSON property `fullResourceName` # @return [String] attr_accessor :full_resource_name # Optional limit on the number of permissions to include in the response. The # default is 100, and the maximum is 1,000. # Corresponds to the JSON property `pageSize` # @return [Fixnum] attr_accessor :page_size # Optional pagination token returned in an earlier # QueryTestablePermissionsRequest. # Corresponds to the JSON property `pageToken` # @return [String] attr_accessor :page_token def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name) @page_size = args[:page_size] if args.key?(:page_size) @page_token = args[:page_token] if args.key?(:page_token) end end # The response containing permissions which can be tested on a resource. class QueryTestablePermissionsResponse include Google::Apis::Core::Hashable # To retrieve the next page of results, set `QueryTestableRolesRequest. # page_token` to this value. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # The Permissions testable on the requested resource. # Corresponds to the JSON property `permissions` # @return [Array] attr_accessor :permissions def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @permissions = args[:permissions] if args.key?(:permissions) end end # A role in the Identity and Access Management API. class Role include Google::Apis::Core::Hashable # The current deleted state of the role. This field is read only. It will be # ignored in calls to CreateRole and UpdateRole. # Corresponds to the JSON property `deleted` # @return [Boolean] attr_accessor :deleted alias_method :deleted?, :deleted # Optional. A human-readable description for the role. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Used to perform a consistent read-modify-write. # Corresponds to the JSON property `etag` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :etag # The names of the permissions this role grants when bound in an IAM policy. # Corresponds to the JSON property `includedPermissions` # @return [Array] attr_accessor :included_permissions # The name of the role. When Role is used in CreateRole, the role name must not # be set. When Role is used in output and other input such as UpdateRole, the # role name is the complete path, e.g., roles/logging.viewer for predefined # roles and organizations/`ORGANIZATION_ID`/roles/logging.viewer for custom # roles. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # The current launch stage of the role. If the `ALPHA` launch stage has been # selected for a role, the `stage` field will not be included in the returned # definition for the role. # Corresponds to the JSON property `stage` # @return [String] attr_accessor :stage # Optional. A human-readable title for the role. Typically this is limited to # 100 UTF-8 bytes. # Corresponds to the JSON property `title` # @return [String] attr_accessor :title def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @deleted = args[:deleted] if args.key?(:deleted) @description = args[:description] if args.key?(:description) @etag = args[:etag] if args.key?(:etag) @included_permissions = args[:included_permissions] if args.key?(:included_permissions) @name = args[:name] if args.key?(:name) @stage = args[:stage] if args.key?(:stage) @title = args[:title] if args.key?(:title) end end # Represents an SAML 2.0 identity provider. class Saml include Google::Apis::Core::Hashable # Required. SAML Identity provider configuration metadata xml doc. The xml # document should comply with [SAML 2.0 specification](https://www.oasis-open. # org/committees/download.php/56785/sstc-saml-metadata-errata-2.0-wd-05.pdf). # The max size of the acceptable xml document will be bounded to 128k characters. # The metadata xml document should satisfy the following constraints: 1) Must # contain an Identity Provider Entity ID. 2) Must contain at least one non- # expired signing key certificate. 3) For each signing key: a) Valid from should # be no more than 7 days from now. b) Valid to should be no more than 14 years # in the future. 4) Upto 3 IdP signing keys are allowed in the metadata xml. # When updating the provider's metadata xml, at lease one non-expired signing # key must overlap with the existing metadata. This requirement is skipped if # there are no non-expired signing keys present in the existing metadata # Corresponds to the JSON property `idpMetadataXml` # @return [String] attr_accessor :idp_metadata_xml def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @idp_metadata_xml = args[:idp_metadata_xml] if args.key?(:idp_metadata_xml) end end # An IAM service account. A service account is an account for an application or # a virtual machine (VM) instance, not a person. You can use a service account # to call Google APIs. To learn more, read the [overview of service accounts]( # https://cloud.google.com/iam/help/service-accounts/overview). When you create # a service account, you specify the project ID that owns the service account, # as well as a name that must be unique within the project. IAM uses these # values to create an email address that identifies the service // class ServiceAccount include Google::Apis::Core::Hashable # Optional. A user-specified, human-readable description of the service account. # The maximum length is 256 UTF-8 bytes. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Output only. Whether the service account is disabled. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # Optional. A user-specified, human-readable name for the service account. The # maximum length is 100 UTF-8 bytes. # Corresponds to the JSON property `displayName` # @return [String] attr_accessor :display_name # Output only. The email address of the service account. # Corresponds to the JSON property `email` # @return [String] attr_accessor :email # Deprecated. Do not use. # Corresponds to the JSON property `etag` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :etag # The resource name of the service account. Use one of the following formats: * ` # projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID` # /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard # character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to get the service # account `projects/-/serviceAccounts/fake@example.com`, which does not exist, # the response contains an HTTP `403 Forbidden` error instead of a `404 Not # Found` error. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Output only. The OAuth 2.0 client ID for the service account. # Corresponds to the JSON property `oauth2ClientId` # @return [String] attr_accessor :oauth2_client_id # Output only. The ID of the project that owns the service account. # Corresponds to the JSON property `projectId` # @return [String] attr_accessor :project_id # Output only. The unique, stable numeric ID for the service account. Each # service account retains its unique ID even if you delete the service account. # For example, if you delete a service account, then create a new service # account with the same name, the new service account has a different unique ID # than the deleted service account. # Corresponds to the JSON property `uniqueId` # @return [String] attr_accessor :unique_id def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @description = args[:description] if args.key?(:description) @disabled = args[:disabled] if args.key?(:disabled) @display_name = args[:display_name] if args.key?(:display_name) @email = args[:email] if args.key?(:email) @etag = args[:etag] if args.key?(:etag) @name = args[:name] if args.key?(:name) @oauth2_client_id = args[:oauth2_client_id] if args.key?(:oauth2_client_id) @project_id = args[:project_id] if args.key?(:project_id) @unique_id = args[:unique_id] if args.key?(:unique_id) end end # Represents a service account key. A service account has two sets of key-pairs: # user-managed, and system-managed. User-managed key-pairs can be created and # deleted by users. Users are responsible for rotating these keys periodically # to ensure security of their service accounts. Users retain the private key of # these key-pairs, and Google retains ONLY the public key. System-managed keys # are automatically rotated by Google, and are used for signing for a maximum of # two weeks. The rotation process is probabilistic, and usage of the new key # will gradually ramp up and down over the key's lifetime. If you cache the # public key set for a service account, we recommend that you update the cache # every 15 minutes. User-managed keys can be added and removed at any time, so # it is important to update the cache frequently. For Google-managed keys, # Google will publish a key at least 6 hours before it is first used for signing # and will keep publishing it for at least 6 hours after it was last used for # signing. Public keys for all service accounts are also published at the OAuth2 # Service Account API. class ServiceAccountKey include Google::Apis::Core::Hashable # The key status. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # Specifies the algorithm (and possibly key size) for the key. # Corresponds to the JSON property `keyAlgorithm` # @return [String] attr_accessor :key_algorithm # The key origin. # Corresponds to the JSON property `keyOrigin` # @return [String] attr_accessor :key_origin # The key type. # Corresponds to the JSON property `keyType` # @return [String] attr_accessor :key_type # The resource name of the service account key in the following format `projects/ # `PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # The private key data. Only provided in `CreateServiceAccountKey` responses. # Make sure to keep the private key data secure because it allows for the # assertion of the service account identity. When base64 decoded, the private # key data can be used to authenticate with Google API client libraries and with # gcloud auth activate-service-account. # Corresponds to the JSON property `privateKeyData` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :private_key_data # The output format for the private key. Only provided in ` # CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or ` # ListServiceAccountKey` responses. Google never exposes system-managed private # keys, and never retains user-managed private keys. # Corresponds to the JSON property `privateKeyType` # @return [String] attr_accessor :private_key_type # The public key data. Only provided in `GetServiceAccountKey` responses. # Corresponds to the JSON property `publicKeyData` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :public_key_data # The key can be used after this timestamp. # Corresponds to the JSON property `validAfterTime` # @return [String] attr_accessor :valid_after_time # The key can be used before this timestamp. For system-managed key pairs, this # timestamp is the end time for the private key signing operation. The public # key could still be used for verification for a few hours after this time. # Corresponds to the JSON property `validBeforeTime` # @return [String] attr_accessor :valid_before_time def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @disabled = args[:disabled] if args.key?(:disabled) @key_algorithm = args[:key_algorithm] if args.key?(:key_algorithm) @key_origin = args[:key_origin] if args.key?(:key_origin) @key_type = args[:key_type] if args.key?(:key_type) @name = args[:name] if args.key?(:name) @private_key_data = args[:private_key_data] if args.key?(:private_key_data) @private_key_type = args[:private_key_type] if args.key?(:private_key_type) @public_key_data = args[:public_key_data] if args.key?(:public_key_data) @valid_after_time = args[:valid_after_time] if args.key?(:valid_after_time) @valid_before_time = args[:valid_before_time] if args.key?(:valid_before_time) end end # Request message for `SetIamPolicy` method. class SetIamPolicyRequest include Google::Apis::Core::Hashable # An Identity and Access Management (IAM) policy, which specifies access # controls for Google Cloud resources. A `Policy` is a collection of `bindings`. # A `binding` binds one or more `members`, or principals, to a single `role`. # Principals can be user accounts, service accounts, Google groups, and domains ( # such as G Suite). A `role` is a named list of permissions; each `role` can be # an IAM predefined role or a user-created custom role. For some types of Google # Cloud resources, a `binding` can also specify a `condition`, which is a # logical expression that allows access to a resource only if the expression # evaluates to `true`. A condition can add constraints based on attributes of # the request, the resource, or both. To learn which resources support # conditions in their IAM policies, see the [IAM documentation](https://cloud. # google.com/iam/help/conditions/resource-policies). **JSON example:** ` " # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [ # "user:mike@example.com", "group:admins@example.com", "domain:google.com", " # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": " # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" # ], "condition": ` "title": "expirable access", "description": "Does not grant # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00: # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` **YAML example:** # bindings: - members: - user:mike@example.com - group:admins@example.com - # domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com # role: roles/resourcemanager.organizationAdmin - members: - user:eve@example. # com role: roles/resourcemanager.organizationViewer condition: title: expirable # access description: Does not grant access after Sep 2020 expression: request. # time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For # a description of IAM and its features, see the [IAM documentation](https:// # cloud.google.com/iam/docs/). # Corresponds to the JSON property `policy` # @return [Google::Apis::IamV1::Policy] attr_accessor :policy # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only # the fields in the mask will be modified. If no mask is provided, the following # default mask is used: `paths: "bindings, etag"` # Corresponds to the JSON property `updateMask` # @return [String] attr_accessor :update_mask def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @policy = args[:policy] if args.key?(:policy) @update_mask = args[:update_mask] if args.key?(:update_mask) end end # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The service account sign blob request. class SignBlobRequest include Google::Apis::Core::Hashable # Required. Deprecated. [Migrate to Service Account Credentials API](https:// # cloud.google.com/iam/help/credentials/migrate-api). The bytes to sign. # Corresponds to the JSON property `bytesToSign` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :bytes_to_sign def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @bytes_to_sign = args[:bytes_to_sign] if args.key?(:bytes_to_sign) end end # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The service account sign blob response. class SignBlobResponse include Google::Apis::Core::Hashable # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The id of the key used to sign the blob. # Corresponds to the JSON property `keyId` # @return [String] attr_accessor :key_id # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The signed blob. # Corresponds to the JSON property `signature` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :signature def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @key_id = args[:key_id] if args.key?(:key_id) @signature = args[:signature] if args.key?(:signature) end end # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The service account sign JWT request. class SignJwtRequest include Google::Apis::Core::Hashable # Required. Deprecated. [Migrate to Service Account Credentials API](https:// # cloud.google.com/iam/help/credentials/migrate-api). The JWT payload to sign. # Must be a serialized JSON object that contains a JWT Claims Set. For example: ` # `"sub": "user@example.com", "iat": 313435`` If the JWT Claims Set contains an # expiration time (`exp`) claim, it must be an integer timestamp that is not in # the past and no more than 12 hours in the future. If the JWT Claims Set does # not contain an expiration time (`exp`) claim, this claim is added # automatically, with a timestamp that is 1 hour in the future. # Corresponds to the JSON property `payload` # @return [String] attr_accessor :payload def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @payload = args[:payload] if args.key?(:payload) end end # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The service account sign JWT response. class SignJwtResponse include Google::Apis::Core::Hashable # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The id of the key used to sign the JWT. # Corresponds to the JSON property `keyId` # @return [String] attr_accessor :key_id # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The signed JWT. # Corresponds to the JSON property `signedJwt` # @return [String] attr_accessor :signed_jwt def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @key_id = args[:key_id] if args.key?(:key_id) @signed_jwt = args[:signed_jwt] if args.key?(:signed_jwt) end end # The `Status` type defines a logical error model that is suitable for different # programming environments, including REST APIs and RPC APIs. It is used by [ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of # data: error code, error message, and error details. You can find out more # about this error model and how to work with it in the [API Design Guide](https: # //cloud.google.com/apis/design/errors). class Status include Google::Apis::Core::Hashable # The status code, which should be an enum value of google.rpc.Code. # Corresponds to the JSON property `code` # @return [Fixnum] attr_accessor :code # A list of messages that carry the error details. There is a common set of # message types for APIs to use. # Corresponds to the JSON property `details` # @return [Array>] attr_accessor :details # A developer-facing error message, which should be in English. Any user-facing # error message should be localized and sent in the google.rpc.Status.details # field, or localized by the client. # Corresponds to the JSON property `message` # @return [String] attr_accessor :message def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @code = args[:code] if args.key?(:code) @details = args[:details] if args.key?(:details) @message = args[:message] if args.key?(:message) end end # Request message for `TestIamPermissions` method. class TestIamPermissionsRequest include Google::Apis::Core::Hashable # The set of permissions to check for the `resource`. Permissions with wildcards # (such as `*` or `storage.*`) are not allowed. For more information see [IAM # Overview](https://cloud.google.com/iam/docs/overview#permissions). # Corresponds to the JSON property `permissions` # @return [Array] attr_accessor :permissions def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @permissions = args[:permissions] if args.key?(:permissions) end end # Response message for `TestIamPermissions` method. class TestIamPermissionsResponse include Google::Apis::Core::Hashable # A subset of `TestPermissionsRequest.permissions` that the caller is allowed. # Corresponds to the JSON property `permissions` # @return [Array] attr_accessor :permissions def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @permissions = args[:permissions] if args.key?(:permissions) end end # The request to undelete an existing role. class UndeleteRoleRequest include Google::Apis::Core::Hashable # Used to perform a consistent read-modify-write. # Corresponds to the JSON property `etag` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :etag def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @etag = args[:etag] if args.key?(:etag) end end # The service account undelete request. class UndeleteServiceAccountRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # class UndeleteServiceAccountResponse include Google::Apis::Core::Hashable # An IAM service account. A service account is an account for an application or # a virtual machine (VM) instance, not a person. You can use a service account # to call Google APIs. To learn more, read the [overview of service accounts]( # https://cloud.google.com/iam/help/service-accounts/overview). When you create # a service account, you specify the project ID that owns the service account, # as well as a name that must be unique within the project. IAM uses these # values to create an email address that identifies the service // # Corresponds to the JSON property `restoredAccount` # @return [Google::Apis::IamV1::ServiceAccount] attr_accessor :restored_account def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @restored_account = args[:restored_account] if args.key?(:restored_account) end end # Request message for UndeleteWorkloadIdentityPoolProvider. class UndeleteWorkloadIdentityPoolProviderRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # Request message for UndeleteWorkloadIdentityPool. class UndeleteWorkloadIdentityPoolRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # The service account key upload request. class UploadServiceAccountKeyRequest include Google::Apis::Core::Hashable # The public key to associate with the service account. Must be an RSA public # key that is wrapped in an X.509 v3 certificate. Include the first line, `----- # BEGIN CERTIFICATE-----`, and the last line, `-----END CERTIFICATE-----`. # Corresponds to the JSON property `publicKeyData` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :public_key_data def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @public_key_data = args[:public_key_data] if args.key?(:public_key_data) end end # Represents a collection of external workload identities. You can define IAM # policies to grant these identities access to Google Cloud resources. class WorkloadIdentityPool include Google::Apis::Core::Hashable # A description of the pool. Cannot exceed 256 characters. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Whether the pool is disabled. You cannot use a disabled pool to exchange # tokens, or use existing tokens to access resources. If the pool is re-enabled, # existing tokens grant access again. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # A display name for the pool. Cannot exceed 32 characters. # Corresponds to the JSON property `displayName` # @return [String] attr_accessor :display_name # Output only. The resource name of the pool. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Output only. The state of the pool. # Corresponds to the JSON property `state` # @return [String] attr_accessor :state def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @description = args[:description] if args.key?(:description) @disabled = args[:disabled] if args.key?(:disabled) @display_name = args[:display_name] if args.key?(:display_name) @name = args[:name] if args.key?(:name) @state = args[:state] if args.key?(:state) end end # Metadata for long-running WorkloadIdentityPool operations. class WorkloadIdentityPoolOperationMetadata include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # A configuration for an external identity provider. class WorkloadIdentityPoolProvider include Google::Apis::Core::Hashable # [A Common Expression Language](https://opensource.google/projects/cel) # expression, in plain text, to restrict what otherwise valid authentication # credentials issued by the provider should not be accepted. The expression must # output a boolean representing whether to allow the federation. The following # keywords may be referenced in the expressions: * `assertion`: JSON # representing the authentication credential issued by the provider. * `google`: # The Google attributes mapped from the assertion in the `attribute_mappings`. * # `attribute`: The custom attributes mapped from the assertion in the ` # attribute_mappings`. The maximum length of the attribute condition expression # is 4096 characters. If unspecified, all valid authentication credential are # accepted. The following example shows how to only allow credentials with a # mapped `google.groups` value of `admins`: ``` "'admins' in google.groups" ``` # Corresponds to the JSON property `attributeCondition` # @return [String] attr_accessor :attribute_condition # Maps attributes from authentication credentials issued by an external identity # provider to Google Cloud attributes, such as `subject` and `segment`. Each key # must be a string specifying the Google Cloud IAM attribute to map to. The # following keys are supported: * `google.subject`: The principal IAM is # authenticating. You can reference this value in IAM bindings. This is also the # subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. * `google. # groups`: Groups the external identity belongs to. You can grant groups access # to resources using an IAM `principalSet` binding; access applies to all # members of the group. You can also provide custom attributes by specifying ` # attribute.`custom_attribute``, where ``custom_attribute`` is the name of the # custom attribute to be mapped. You can define a maximum of 50 custom # attributes. The maximum length of a mapped attribute key is 100 characters, # and the key may only contain the characters [a-z0-9_]. You can reference these # attributes in IAM policies to define fine-grained access for a workload to # Google Cloud resources. For example: * `google.subject`: `principal://iam. # googleapis.com/projects/`project`/locations/`location`/workloadIdentityPools/` # pool`/subject/`value`` * `google.groups`: `principalSet://iam.googleapis.com/ # projects/`project`/locations/`location`/workloadIdentityPools/`pool`/group/` # value`` * `attribute.`custom_attribute``: `principalSet://iam.googleapis.com/ # projects/`project`/locations/`location`/workloadIdentityPools/`pool`/attribute. # `custom_attribute`/`value`` Each value must be a [Common Expression Language] ( # https://opensource.google/projects/cel) function that maps an identity # provider credential to the normalized attribute specified by the corresponding # map key. You can use the `assertion` keyword in the expression to access a # JSON representation of the authentication credential issued by the provider. # The maximum length of an attribute mapping expression is 2048 characters. When # evaluated, the total size of all mapped attributes must not exceed 8KB. For # AWS providers, if no attribute mapping is defined, the following default # mapping applies: ``` ` "google.subject":"assertion.arn", "attribute.aws_role": # "assertion.arn.contains('assumed-role')" " ? assertion.arn.extract('` # account_arn`assumed-role/')" " + 'assumed-role/'" " + assertion.arn.extract(' # assumed-role/`role_name`/')" " : assertion.arn", ` ``` If any custom attribute # mappings are defined, they must include a mapping to the `google.subject` # attribute. For OIDC providers, you must supply a custom mapping, which must # include the `google.subject` attribute. For example, the following maps the ` # sub` claim of the incoming credential to the `subject` attribute on a Google # token: ``` `"google.subject": "assertion.sub"` ``` # Corresponds to the JSON property `attributeMapping` # @return [Hash] attr_accessor :attribute_mapping # Represents an Amazon Web Services identity provider. # Corresponds to the JSON property `aws` # @return [Google::Apis::IamV1::Aws] attr_accessor :aws # A description for the provider. Cannot exceed 256 characters. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Whether the provider is disabled. You cannot use a disabled provider to # exchange tokens. However, existing tokens still grant access. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # A display name for the provider. Cannot exceed 32 characters. # Corresponds to the JSON property `displayName` # @return [String] attr_accessor :display_name # Output only. The resource name of the provider. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Represents an OpenId Connect 1.0 identity provider. # Corresponds to the JSON property `oidc` # @return [Google::Apis::IamV1::Oidc] attr_accessor :oidc # Represents an SAML 2.0 identity provider. # Corresponds to the JSON property `saml` # @return [Google::Apis::IamV1::Saml] attr_accessor :saml # Output only. The state of the provider. # Corresponds to the JSON property `state` # @return [String] attr_accessor :state def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @attribute_condition = args[:attribute_condition] if args.key?(:attribute_condition) @attribute_mapping = args[:attribute_mapping] if args.key?(:attribute_mapping) @aws = args[:aws] if args.key?(:aws) @description = args[:description] if args.key?(:description) @disabled = args[:disabled] if args.key?(:disabled) @display_name = args[:display_name] if args.key?(:display_name) @name = args[:name] if args.key?(:name) @oidc = args[:oidc] if args.key?(:oidc) @saml = args[:saml] if args.key?(:saml) @state = args[:state] if args.key?(:state) end end end end end google-apis-iam-v1-0.36.0/lib/google/apis/iam_v1/representations.rb0000644000175000017500000007353214413333754023507 0ustar raviravi# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require 'date' require 'google/apis/core/base_service' require 'google/apis/core/json_representation' require 'google/apis/core/hashable' require 'google/apis/errors' module Google module Apis module IamV1 class AdminAuditData class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class AuditConfig class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class AuditData class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class AuditLogConfig class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class AuditableService class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Aws class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Binding class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class BindingDelta class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class CreateRoleRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class CreateServiceAccountKeyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class CreateServiceAccountRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class DisableServiceAccountKeyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class DisableServiceAccountRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Empty class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class EnableServiceAccountKeyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class EnableServiceAccountRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Expr class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class LintPolicyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class LintPolicyResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class LintResult class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListRolesResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListServiceAccountKeysResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListServiceAccountsResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListWorkloadIdentityPoolProvidersResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListWorkloadIdentityPoolsResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Oidc class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Operation class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class PatchServiceAccountRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Permission class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class PermissionDelta class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Policy class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class PolicyDelta class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class QueryAuditableServicesRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class QueryAuditableServicesResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class QueryGrantableRolesRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class QueryGrantableRolesResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class QueryTestablePermissionsRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class QueryTestablePermissionsResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Role class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Saml class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ServiceAccount class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ServiceAccountKey class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class SetIamPolicyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class SignBlobRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class SignBlobResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class SignJwtRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class SignJwtResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Status class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class TestIamPermissionsRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class TestIamPermissionsResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteRoleRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteServiceAccountRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteServiceAccountResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteWorkloadIdentityPoolProviderRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteWorkloadIdentityPoolRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UploadServiceAccountKeyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkloadIdentityPool class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkloadIdentityPoolOperationMetadata class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkloadIdentityPoolProvider class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class AdminAuditData # @private class Representation < Google::Apis::Core::JsonRepresentation property :permission_delta, as: 'permissionDelta', class: Google::Apis::IamV1::PermissionDelta, decorator: Google::Apis::IamV1::PermissionDelta::Representation end end class AuditConfig # @private class Representation < Google::Apis::Core::JsonRepresentation collection :audit_log_configs, as: 'auditLogConfigs', class: Google::Apis::IamV1::AuditLogConfig, decorator: Google::Apis::IamV1::AuditLogConfig::Representation property :service, as: 'service' end end class AuditData # @private class Representation < Google::Apis::Core::JsonRepresentation property :policy_delta, as: 'policyDelta', class: Google::Apis::IamV1::PolicyDelta, decorator: Google::Apis::IamV1::PolicyDelta::Representation end end class AuditLogConfig # @private class Representation < Google::Apis::Core::JsonRepresentation collection :exempted_members, as: 'exemptedMembers' property :log_type, as: 'logType' end end class AuditableService # @private class Representation < Google::Apis::Core::JsonRepresentation property :name, as: 'name' end end class Aws # @private class Representation < Google::Apis::Core::JsonRepresentation property :account_id, as: 'accountId' end end class Binding # @private class Representation < Google::Apis::Core::JsonRepresentation property :condition, as: 'condition', class: Google::Apis::IamV1::Expr, decorator: Google::Apis::IamV1::Expr::Representation collection :members, as: 'members' property :role, as: 'role' end end class BindingDelta # @private class Representation < Google::Apis::Core::JsonRepresentation property :action, as: 'action' property :condition, as: 'condition', class: Google::Apis::IamV1::Expr, decorator: Google::Apis::IamV1::Expr::Representation property :member, as: 'member' property :role, as: 'role' end end class CreateRoleRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :role, as: 'role', class: Google::Apis::IamV1::Role, decorator: Google::Apis::IamV1::Role::Representation property :role_id, as: 'roleId' end end class CreateServiceAccountKeyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :key_algorithm, as: 'keyAlgorithm' property :private_key_type, as: 'privateKeyType' end end class CreateServiceAccountRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :account_id, as: 'accountId' property :service_account, as: 'serviceAccount', class: Google::Apis::IamV1::ServiceAccount, decorator: Google::Apis::IamV1::ServiceAccount::Representation end end class DisableServiceAccountKeyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class DisableServiceAccountRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class Empty # @private class Representation < Google::Apis::Core::JsonRepresentation end end class EnableServiceAccountKeyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class EnableServiceAccountRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class Expr # @private class Representation < Google::Apis::Core::JsonRepresentation property :description, as: 'description' property :expression, as: 'expression' property :location, as: 'location' property :title, as: 'title' end end class LintPolicyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :condition, as: 'condition', class: Google::Apis::IamV1::Expr, decorator: Google::Apis::IamV1::Expr::Representation property :full_resource_name, as: 'fullResourceName' end end class LintPolicyResponse # @private class Representation < Google::Apis::Core::JsonRepresentation collection :lint_results, as: 'lintResults', class: Google::Apis::IamV1::LintResult, decorator: Google::Apis::IamV1::LintResult::Representation end end class LintResult # @private class Representation < Google::Apis::Core::JsonRepresentation property :debug_message, as: 'debugMessage' property :field_name, as: 'fieldName' property :level, as: 'level' property :location_offset, as: 'locationOffset' property :severity, as: 'severity' property :validation_unit_name, as: 'validationUnitName' end end class ListRolesResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :roles, as: 'roles', class: Google::Apis::IamV1::Role, decorator: Google::Apis::IamV1::Role::Representation end end class ListServiceAccountKeysResponse # @private class Representation < Google::Apis::Core::JsonRepresentation collection :keys, as: 'keys', class: Google::Apis::IamV1::ServiceAccountKey, decorator: Google::Apis::IamV1::ServiceAccountKey::Representation end end class ListServiceAccountsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation collection :accounts, as: 'accounts', class: Google::Apis::IamV1::ServiceAccount, decorator: Google::Apis::IamV1::ServiceAccount::Representation property :next_page_token, as: 'nextPageToken' end end class ListWorkloadIdentityPoolProvidersResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :workload_identity_pool_providers, as: 'workloadIdentityPoolProviders', class: Google::Apis::IamV1::WorkloadIdentityPoolProvider, decorator: Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation end end class ListWorkloadIdentityPoolsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :workload_identity_pools, as: 'workloadIdentityPools', class: Google::Apis::IamV1::WorkloadIdentityPool, decorator: Google::Apis::IamV1::WorkloadIdentityPool::Representation end end class Oidc # @private class Representation < Google::Apis::Core::JsonRepresentation collection :allowed_audiences, as: 'allowedAudiences' property :issuer_uri, as: 'issuerUri' end end class Operation # @private class Representation < Google::Apis::Core::JsonRepresentation property :done, as: 'done' property :error, as: 'error', class: Google::Apis::IamV1::Status, decorator: Google::Apis::IamV1::Status::Representation hash :metadata, as: 'metadata' property :name, as: 'name' hash :response, as: 'response' end end class PatchServiceAccountRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :service_account, as: 'serviceAccount', class: Google::Apis::IamV1::ServiceAccount, decorator: Google::Apis::IamV1::ServiceAccount::Representation property :update_mask, as: 'updateMask' end end class Permission # @private class Representation < Google::Apis::Core::JsonRepresentation property :api_disabled, as: 'apiDisabled' property :custom_roles_support_level, as: 'customRolesSupportLevel' property :description, as: 'description' property :name, as: 'name' property :only_in_predefined_roles, as: 'onlyInPredefinedRoles' property :primary_permission, as: 'primaryPermission' property :stage, as: 'stage' property :title, as: 'title' end end class PermissionDelta # @private class Representation < Google::Apis::Core::JsonRepresentation collection :added_permissions, as: 'addedPermissions' collection :removed_permissions, as: 'removedPermissions' end end class Policy # @private class Representation < Google::Apis::Core::JsonRepresentation collection :audit_configs, as: 'auditConfigs', class: Google::Apis::IamV1::AuditConfig, decorator: Google::Apis::IamV1::AuditConfig::Representation collection :bindings, as: 'bindings', class: Google::Apis::IamV1::Binding, decorator: Google::Apis::IamV1::Binding::Representation property :etag, :base64 => true, as: 'etag' property :version, as: 'version' end end class PolicyDelta # @private class Representation < Google::Apis::Core::JsonRepresentation collection :binding_deltas, as: 'bindingDeltas', class: Google::Apis::IamV1::BindingDelta, decorator: Google::Apis::IamV1::BindingDelta::Representation end end class QueryAuditableServicesRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :full_resource_name, as: 'fullResourceName' end end class QueryAuditableServicesResponse # @private class Representation < Google::Apis::Core::JsonRepresentation collection :services, as: 'services', class: Google::Apis::IamV1::AuditableService, decorator: Google::Apis::IamV1::AuditableService::Representation end end class QueryGrantableRolesRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :full_resource_name, as: 'fullResourceName' property :page_size, as: 'pageSize' property :page_token, as: 'pageToken' property :view, as: 'view' end end class QueryGrantableRolesResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :roles, as: 'roles', class: Google::Apis::IamV1::Role, decorator: Google::Apis::IamV1::Role::Representation end end class QueryTestablePermissionsRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :full_resource_name, as: 'fullResourceName' property :page_size, as: 'pageSize' property :page_token, as: 'pageToken' end end class QueryTestablePermissionsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :permissions, as: 'permissions', class: Google::Apis::IamV1::Permission, decorator: Google::Apis::IamV1::Permission::Representation end end class Role # @private class Representation < Google::Apis::Core::JsonRepresentation property :deleted, as: 'deleted' property :description, as: 'description' property :etag, :base64 => true, as: 'etag' collection :included_permissions, as: 'includedPermissions' property :name, as: 'name' property :stage, as: 'stage' property :title, as: 'title' end end class Saml # @private class Representation < Google::Apis::Core::JsonRepresentation property :idp_metadata_xml, as: 'idpMetadataXml' end end class ServiceAccount # @private class Representation < Google::Apis::Core::JsonRepresentation property :description, as: 'description' property :disabled, as: 'disabled' property :display_name, as: 'displayName' property :email, as: 'email' property :etag, :base64 => true, as: 'etag' property :name, as: 'name' property :oauth2_client_id, as: 'oauth2ClientId' property :project_id, as: 'projectId' property :unique_id, as: 'uniqueId' end end class ServiceAccountKey # @private class Representation < Google::Apis::Core::JsonRepresentation property :disabled, as: 'disabled' property :key_algorithm, as: 'keyAlgorithm' property :key_origin, as: 'keyOrigin' property :key_type, as: 'keyType' property :name, as: 'name' property :private_key_data, :base64 => true, as: 'privateKeyData' property :private_key_type, as: 'privateKeyType' property :public_key_data, :base64 => true, as: 'publicKeyData' property :valid_after_time, as: 'validAfterTime' property :valid_before_time, as: 'validBeforeTime' end end class SetIamPolicyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :policy, as: 'policy', class: Google::Apis::IamV1::Policy, decorator: Google::Apis::IamV1::Policy::Representation property :update_mask, as: 'updateMask' end end class SignBlobRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :bytes_to_sign, :base64 => true, as: 'bytesToSign' end end class SignBlobResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :key_id, as: 'keyId' property :signature, :base64 => true, as: 'signature' end end class SignJwtRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :payload, as: 'payload' end end class SignJwtResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :key_id, as: 'keyId' property :signed_jwt, as: 'signedJwt' end end class Status # @private class Representation < Google::Apis::Core::JsonRepresentation property :code, as: 'code' collection :details, as: 'details' property :message, as: 'message' end end class TestIamPermissionsRequest # @private class Representation < Google::Apis::Core::JsonRepresentation collection :permissions, as: 'permissions' end end class TestIamPermissionsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation collection :permissions, as: 'permissions' end end class UndeleteRoleRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :etag, :base64 => true, as: 'etag' end end class UndeleteServiceAccountRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteServiceAccountResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :restored_account, as: 'restoredAccount', class: Google::Apis::IamV1::ServiceAccount, decorator: Google::Apis::IamV1::ServiceAccount::Representation end end class UndeleteWorkloadIdentityPoolProviderRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteWorkloadIdentityPoolRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UploadServiceAccountKeyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :public_key_data, :base64 => true, as: 'publicKeyData' end end class WorkloadIdentityPool # @private class Representation < Google::Apis::Core::JsonRepresentation property :description, as: 'description' property :disabled, as: 'disabled' property :display_name, as: 'displayName' property :name, as: 'name' property :state, as: 'state' end end class WorkloadIdentityPoolOperationMetadata # @private class Representation < Google::Apis::Core::JsonRepresentation end end class WorkloadIdentityPoolProvider # @private class Representation < Google::Apis::Core::JsonRepresentation property :attribute_condition, as: 'attributeCondition' hash :attribute_mapping, as: 'attributeMapping' property :aws, as: 'aws', class: Google::Apis::IamV1::Aws, decorator: Google::Apis::IamV1::Aws::Representation property :description, as: 'description' property :disabled, as: 'disabled' property :display_name, as: 'displayName' property :name, as: 'name' property :oidc, as: 'oidc', class: Google::Apis::IamV1::Oidc, decorator: Google::Apis::IamV1::Oidc::Representation property :saml, as: 'saml', class: Google::Apis::IamV1::Saml, decorator: Google::Apis::IamV1::Saml::Representation property :state, as: 'state' end end end end end google-apis-iam-v1-0.36.0/lib/google/apis/iam_v1/gem_version.rb0000644000175000017500000000163014413333754022565 0ustar raviravi# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. module Google module Apis module IamV1 # Version of the google-apis-iam_v1 gem GEM_VERSION = "0.36.0" # Version of the code generator used to generate this client GENERATOR_VERSION = "0.11.0" # Revision of the discovery document this client was generated from REVISION = "20221013" end end end google-apis-iam-v1-0.36.0/lib/google/apis/iam_v1/service.rb0000644000175000017500000047174414413333754021731 0ustar raviravi# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require 'google/apis/core/base_service' require 'google/apis/core/json_representation' require 'google/apis/core/hashable' require 'google/apis/errors' module Google module Apis module IamV1 # Identity and Access Management (IAM) API # # Manages identity and access control for Google Cloud Platform resources, # including the creation of service accounts, which you can use to authenticate # to Google and make API calls. # # @example # require 'google/apis/iam_v1' # # Iam = Google::Apis::IamV1 # Alias the module # service = Iam::IamService.new # # @see https://cloud.google.com/iam/ class IamService < Google::Apis::Core::BaseService # @return [String] # API key. Your API key identifies your project and provides you with API access, # quota, and reports. Required unless you provide an OAuth 2.0 token. attr_accessor :key # @return [String] # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. attr_accessor :quota_user def initialize super('https://iam.googleapis.com/', '', client_name: 'google-apis-iam_v1', client_version: Google::Apis::IamV1::GEM_VERSION) @batch_path = 'batch' end # Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding. # condition field, which contains a condition expression for a role binding. # Successful calls to this method always return an HTTP `200 OK` status code, # even if the linter detects an issue in the IAM policy. # @param [Google::Apis::IamV1::LintPolicyRequest] lint_policy_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::LintPolicyResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::LintPolicyResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options) command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation command.request_object = lint_policy_request_object command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation command.response_class = Google::Apis::IamV1::LintPolicyResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Returns a list of services that allow you to opt into audit logs that are not # generated by default. To learn more about audit logs, see the [Logging # documentation](https://cloud.google.com/logging/docs/audit). # @param [Google::Apis::IamV1::QueryAuditableServicesRequest] query_auditable_services_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::QueryAuditableServicesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::QueryAuditableServicesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options) command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation command.request_object = query_auditable_services_request_object command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_location_workforce_pool_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_location_workforce_pool_provider_key_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_location_workforce_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_location_workforce_pool_subject_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new custom Role. # @param [String] parent # The `parent` parameter's value depends on the target resource for the request, # namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects. # roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/ # organizations.roles). Each resource type's `parent` value format is described # below: * [`projects.roles.create()`](https://cloud.google.com/iam/reference/ # rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates # project-level [custom roles](https://cloud.google.com/iam/docs/understanding- # custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/` # PROJECT_ID`/roles` * [`organizations.roles.create()`](https://cloud.google.com/ # iam/reference/rest/v1/organizations.roles/create): `organizations/` # ORGANIZATION_ID``. This method creates organization-level [custom roles](https: # //cloud.google.com/iam/docs/understanding-custom-roles). Example request URL: ` # https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/roles', options) command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation command.request_object = create_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['parent'] = parent unless parent.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a custom Role. When you delete a custom role, the following changes # occur immediately: * You cannot bind a principal to the custom role in an IAM # Policy. * Existing bindings to the custom role are not changed, but they have # no effect. * By default, the response from ListRoles does not include the # custom role. You have 7 days to undelete the custom role. After 7 days, the # following changes occur: * The custom role is permanently deleted and cannot # be recovered. * If an IAM policy contains a binding to the custom role, the # binding is permanently removed. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects. # roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [`projects.roles.delete()`](https://cloud.google.com/iam/reference/ # rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. # This method deletes only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.delete()`](https://cloud. # google.com/iam/reference/rest/v1/organizations.roles/delete): `organizations/` # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [String] etag # Used to perform a consistent read-modify-write. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['etag'] = etag unless etag.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the definition of a Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles), [` # projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles), or [ # `organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations. # roles). Each resource type's `name` value format is described below: * [`roles. # get()`](https://cloud.google.com/iam/reference/rest/v1/roles/get): `roles/` # ROLE_NAME``. This method returns results from all [predefined roles](https:// # cloud.google.com/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. # Example request URL: `https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [` # projects.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/projects. # roles/get): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method # returns only [custom roles](https://cloud.google.com/iam/docs/understanding- # custom-roles) that have been created at the project level. Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * # [`organizations.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/ # organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/` # CUSTOM_ROLE_ID``. This method returns only [custom roles](https://cloud.google. # com/iam/docs/understanding-custom-roles) that have been created at the # organization level. Example request URL: `https://iam.googleapis.com/v1/ # organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) # values are invalid; you must specify a complete project ID or organization ID. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists every predefined Role that IAM supports, or every custom role that is # defined for an organization or project. # @param [String] parent # The `parent` parameter's value depends on the target resource for the request, # namely [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles), [` # projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles), or [ # `organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations. # roles). Each resource type's `parent` value format is described below: * [` # roles.list()`](https://cloud.google.com/iam/reference/rest/v1/roles/list): An # empty string. This method doesn't require a resource; it simply returns all [ # predefined roles](https://cloud.google.com/iam/docs/understanding-roles# # predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis. # com/v1/roles` * [`projects.roles.list()`](https://cloud.google.com/iam/ # reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This method # lists all project-level [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles). Example request URL: `https://iam.googleapis.com/ # v1/projects/`PROJECT_ID`/roles` * [`organizations.roles.list()`](https://cloud. # google.com/iam/reference/rest/v1/organizations.roles/list): `organizations/` # ORGANIZATION_ID``. This method lists all organization-level [custom roles]( # https://cloud.google.com/iam/docs/understanding-custom-roles). Example request # URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` # Note: Wildcard (*) values are invalid; you must specify a complete project ID # or organization ID. # @param [Fixnum] page_size # Optional limit on the number of roles to include in the response. The default # is 300, and the maximum is 1,000. # @param [String] page_token # Optional pagination token returned in an earlier ListRolesResponse. # @param [Boolean] show_deleted # Include Roles that have been deleted. # @param [String] view # Optional view for the returned Role objects. When `FULL` is specified, the ` # includedPermissions` field is returned, which includes a list of all # permissions in the role. The default value is `BASIC`, which does not return # the `includedPermissions` field. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListRolesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/roles', options) command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation command.response_class = Google::Apis::IamV1::ListRolesResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['view'] = view unless view.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates the definition of a custom Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects. # roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [`projects.roles.patch()`](https://cloud.google.com/iam/reference/ # rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. # This method updates only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.patch()`](https://cloud.google. # com/iam/reference/rest/v1/organizations.roles/patch): `organizations/` # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [Google::Apis::IamV1::Role] role_object # @param [String] update_mask # A mask describing which fields in the Role have changed. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::Role::Representation command.request_object = role_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a custom Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects. # roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [`projects.roles.undelete()`](https://cloud.google.com/iam/reference/ # rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID` # `. This method undeletes only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.undelete()`](https://cloud. # google.com/iam/reference/rest/v1/organizations.roles/undelete): `organizations/ # `ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method undeletes only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation command.request_object = undelete_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists every permission that you can test on a resource. A permission is # testable if you can check whether a principal has that permission on the # resource. # @param [Google::Apis::IamV1::QueryTestablePermissionsRequest] query_testable_permissions_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::QueryTestablePermissionsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::QueryTestablePermissionsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options) command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation command.request_object = query_testable_permissions_request_object command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new WorkloadIdentityPool. You cannot reuse the name of a deleted # pool until 30 days after deletion. # @param [String] parent # Required. The parent resource to create the pool in. The only supported # location is `global`. # @param [Google::Apis::IamV1::WorkloadIdentityPool] workload_identity_pool_object # @param [String] workload_identity_pool_id # Required. The ID to use for the pool, which becomes the final component of the # resource name. This value should be 4-32 characters, and may contain the # characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may # not be specified. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_project_location_workload_identity_pool(parent, workload_identity_pool_object = nil, workload_identity_pool_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/workloadIdentityPools', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation command.request_object = workload_identity_pool_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['parent'] = parent unless parent.nil? command.query['workloadIdentityPoolId'] = workload_identity_pool_id unless workload_identity_pool_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a WorkloadIdentityPool. You cannot use a deleted pool to exchange # external credentials for Google Cloud credentials. However, deletion does not # revoke credentials that have already been issued. Credentials issued for a # deleted pool do not grant access to resources. If the pool is undeleted, and # the credentials are not expired, they grant access again. You can undelete a # pool for 30 days. After 30 days, deletion is permanent. You cannot update # deleted pools. However, you can view and list them. # @param [String] name # Required. The name of the pool to delete. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_location_workload_identity_pool(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets an individual WorkloadIdentityPool. # @param [String] name # Required. The name of the pool to retrieve. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkloadIdentityPool] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkloadIdentityPool] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation command.response_class = Google::Apis::IamV1::WorkloadIdentityPool command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists all non-deleted WorkloadIdentityPools in a project. If `show_deleted` is # set to `true`, then deleted pools are also listed. # @param [String] parent # Required. The parent resource to list pools for. # @param [Fixnum] page_size # The maximum number of pools to return. If unspecified, at most 50 pools are # returned. The maximum value is 1000; values above are 1000 truncated to 1000. # @param [String] page_token # A page token, received from a previous `ListWorkloadIdentityPools` call. # Provide this to retrieve the subsequent page. # @param [Boolean] show_deleted # Whether to return soft-deleted pools. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_location_workload_identity_pools(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/workloadIdentityPools', options) command.response_representation = Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates an existing WorkloadIdentityPool. # @param [String] name # Output only. The resource name of the pool. # @param [Google::Apis::IamV1::WorkloadIdentityPool] workload_identity_pool_object # @param [String] update_mask # Required. The list of fields to update. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_project_location_workload_identity_pool(name, workload_identity_pool_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation command.request_object = workload_identity_pool_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days # ago. # @param [String] name # Required. The name of the pool to undelete. # @param [Google::Apis::IamV1::UndeleteWorkloadIdentityPoolRequest] undelete_workload_identity_pool_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_workload_identity_pool(name, undelete_workload_identity_pool_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkloadIdentityPoolRequest::Representation command.request_object = undelete_workload_identity_pool_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool. You # cannot reuse the name of a deleted provider until 30 days after deletion. # @param [String] parent # Required. The pool to create this provider in. # @param [Google::Apis::IamV1::WorkloadIdentityPoolProvider] workload_identity_pool_provider_object # @param [String] workload_identity_pool_provider_id # Required. The ID for the provider, which becomes the final component of the # resource name. This value must be 4-32 characters, and may contain the # characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may # not be specified. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_project_location_workload_identity_pool_provider(parent, workload_identity_pool_provider_object = nil, workload_identity_pool_provider_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/providers', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation command.request_object = workload_identity_pool_provider_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['parent'] = parent unless parent.nil? command.query['workloadIdentityPoolProviderId'] = workload_identity_pool_provider_id unless workload_identity_pool_provider_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a WorkloadIdentityPoolProvider. Deleting a provider does not revoke # credentials that have already been issued; they continue to grant access. You # can undelete a provider for 30 days. After 30 days, deletion is permanent. You # cannot update deleted providers. However, you can view and list them. # @param [String] name # Required. The name of the provider to delete. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_location_workload_identity_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets an individual WorkloadIdentityPoolProvider. # @param [String] name # Required. The name of the provider to retrieve. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkloadIdentityPoolProvider] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkloadIdentityPoolProvider] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation command.response_class = Google::Apis::IamV1::WorkloadIdentityPoolProvider command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool. # If `show_deleted` is set to `true`, then deleted providers are also listed. # @param [String] parent # Required. The pool to list providers for. # @param [Fixnum] page_size # The maximum number of providers to return. If unspecified, at most 50 # providers are returned. The maximum value is 100; values above 100 are # truncated to 100. # @param [String] page_token # A page token, received from a previous `ListWorkloadIdentityPoolProviders` # call. Provide this to retrieve the subsequent page. # @param [Boolean] show_deleted # Whether to return soft-deleted providers. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_location_workload_identity_pool_providers(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/providers', options) command.response_representation = Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates an existing WorkloadIdentityPoolProvider. # @param [String] name # Output only. The resource name of the provider. # @param [Google::Apis::IamV1::WorkloadIdentityPoolProvider] workload_identity_pool_provider_object # @param [String] update_mask # Required. The list of fields to update. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_project_location_workload_identity_pool_provider(name, workload_identity_pool_provider_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation command.request_object = workload_identity_pool_provider_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a WorkloadIdentityPoolProvider, as long as it was deleted fewer than # 30 days ago. # @param [String] name # Required. The name of the provider to undelete. # @param [Google::Apis::IamV1::UndeleteWorkloadIdentityPoolProviderRequest] undelete_workload_identity_pool_provider_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_workload_identity_pool_provider(name, undelete_workload_identity_pool_provider_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkloadIdentityPoolProviderRequest::Representation command.request_object = undelete_workload_identity_pool_provider_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_provider_key_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new custom Role. # @param [String] parent # The `parent` parameter's value depends on the target resource for the request, # namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects. # roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/ # organizations.roles). Each resource type's `parent` value format is described # below: * [`projects.roles.create()`](https://cloud.google.com/iam/reference/ # rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates # project-level [custom roles](https://cloud.google.com/iam/docs/understanding- # custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/` # PROJECT_ID`/roles` * [`organizations.roles.create()`](https://cloud.google.com/ # iam/reference/rest/v1/organizations.roles/create): `organizations/` # ORGANIZATION_ID``. This method creates organization-level [custom roles](https: # //cloud.google.com/iam/docs/understanding-custom-roles). Example request URL: ` # https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/roles', options) command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation command.request_object = create_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['parent'] = parent unless parent.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a custom Role. When you delete a custom role, the following changes # occur immediately: * You cannot bind a principal to the custom role in an IAM # Policy. * Existing bindings to the custom role are not changed, but they have # no effect. * By default, the response from ListRoles does not include the # custom role. You have 7 days to undelete the custom role. After 7 days, the # following changes occur: * The custom role is permanently deleted and cannot # be recovered. * If an IAM policy contains a binding to the custom role, the # binding is permanently removed. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects. # roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [`projects.roles.delete()`](https://cloud.google.com/iam/reference/ # rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. # This method deletes only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.delete()`](https://cloud. # google.com/iam/reference/rest/v1/organizations.roles/delete): `organizations/` # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [String] etag # Used to perform a consistent read-modify-write. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['etag'] = etag unless etag.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the definition of a Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles), [` # projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles), or [ # `organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations. # roles). Each resource type's `name` value format is described below: * [`roles. # get()`](https://cloud.google.com/iam/reference/rest/v1/roles/get): `roles/` # ROLE_NAME``. This method returns results from all [predefined roles](https:// # cloud.google.com/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. # Example request URL: `https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [` # projects.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/projects. # roles/get): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method # returns only [custom roles](https://cloud.google.com/iam/docs/understanding- # custom-roles) that have been created at the project level. Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * # [`organizations.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/ # organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/` # CUSTOM_ROLE_ID``. This method returns only [custom roles](https://cloud.google. # com/iam/docs/understanding-custom-roles) that have been created at the # organization level. Example request URL: `https://iam.googleapis.com/v1/ # organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) # values are invalid; you must specify a complete project ID or organization ID. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists every predefined Role that IAM supports, or every custom role that is # defined for an organization or project. # @param [String] parent # The `parent` parameter's value depends on the target resource for the request, # namely [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles), [` # projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles), or [ # `organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations. # roles). Each resource type's `parent` value format is described below: * [` # roles.list()`](https://cloud.google.com/iam/reference/rest/v1/roles/list): An # empty string. This method doesn't require a resource; it simply returns all [ # predefined roles](https://cloud.google.com/iam/docs/understanding-roles# # predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis. # com/v1/roles` * [`projects.roles.list()`](https://cloud.google.com/iam/ # reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This method # lists all project-level [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles). Example request URL: `https://iam.googleapis.com/ # v1/projects/`PROJECT_ID`/roles` * [`organizations.roles.list()`](https://cloud. # google.com/iam/reference/rest/v1/organizations.roles/list): `organizations/` # ORGANIZATION_ID``. This method lists all organization-level [custom roles]( # https://cloud.google.com/iam/docs/understanding-custom-roles). Example request # URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` # Note: Wildcard (*) values are invalid; you must specify a complete project ID # or organization ID. # @param [Fixnum] page_size # Optional limit on the number of roles to include in the response. The default # is 300, and the maximum is 1,000. # @param [String] page_token # Optional pagination token returned in an earlier ListRolesResponse. # @param [Boolean] show_deleted # Include Roles that have been deleted. # @param [String] view # Optional view for the returned Role objects. When `FULL` is specified, the ` # includedPermissions` field is returned, which includes a list of all # permissions in the role. The default value is `BASIC`, which does not return # the `includedPermissions` field. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListRolesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/roles', options) command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation command.response_class = Google::Apis::IamV1::ListRolesResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['view'] = view unless view.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates the definition of a custom Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects. # roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [`projects.roles.patch()`](https://cloud.google.com/iam/reference/ # rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. # This method updates only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.patch()`](https://cloud.google. # com/iam/reference/rest/v1/organizations.roles/patch): `organizations/` # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [Google::Apis::IamV1::Role] role_object # @param [String] update_mask # A mask describing which fields in the Role have changed. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::Role::Representation command.request_object = role_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a custom Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [`projects`](https://cloud.google.com/iam/reference/rest/v1/projects. # roles) or [`organizations`](https://cloud.google.com/iam/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [`projects.roles.undelete()`](https://cloud.google.com/iam/reference/ # rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID` # `. This method undeletes only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [`organizations.roles.undelete()`](https://cloud. # google.com/iam/reference/rest/v1/organizations.roles/undelete): `organizations/ # `ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method undeletes only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation command.request_object = undelete_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a ServiceAccount. # @param [String] name # Required. The resource name of the project associated with the service # accounts, such as `projects/my-project-123`. # @param [Google::Apis::IamV1::CreateServiceAccountRequest] create_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccount] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}/serviceAccounts', options) command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation command.request_object = create_service_account_request_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a ServiceAccount. **Warning:** After you delete a service account, you # might not be able to undelete it. If you know that you need to re-enable the # service account in the future, use DisableServiceAccount instead. If you # delete a service account, IAM permanently removes the service account 30 days # later. Google Cloud cannot recover the service account after it is permanently # removed, even if you file a support request. To help avoid unplanned outages, # we recommend that you disable the service account before you delete it. Use # DisableServiceAccount to disable the service account, then wait at least 24 # hours and watch for unintended consequences. If there are no unintended # consequences, you can delete the service account. # @param [String] name # Required. The resource name of the service account in the following format: ` # projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for # the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value # can be the `email` address or the `unique_id` of the service account. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Disables a ServiceAccount immediately. If an application uses the service # account to authenticate, that application can no longer call Google APIs or # access Google Cloud resources. Existing access tokens for the service account # are rejected, and requests for new access tokens will fail. To re-enable the # service account, use EnableServiceAccount. After you re-enable the service # account, its existing access tokens will be accepted, and you can request new # access tokens. To help avoid unplanned outages, we recommend that you disable # the service account before you delete it. Use this method to disable the # service account, then wait at least 24 hours and watch for unintended # consequences. If there are no unintended consequences, you can delete the # service account with DeleteServiceAccount. # @param [String] name # The resource name of the service account in the following format: `projects/` # PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the ` # PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can # be the `email` address or the `unique_id` of the service account. # @param [Google::Apis::IamV1::DisableServiceAccountRequest] disable_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:disable', options) command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation command.request_object = disable_service_account_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Enables a ServiceAccount that was disabled by DisableServiceAccount. If the # service account is already enabled, then this method has no effect. If the # service account was disabled by other means—for example, if Google disabled # the service account because it was compromised—you cannot use this method to # enable the service account. # @param [String] name # The resource name of the service account in the following format: `projects/` # PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the ` # PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can # be the `email` address or the `unique_id` of the service account. # @param [Google::Apis::IamV1::EnableServiceAccountRequest] enable_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:enable', options) command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation command.request_object = enable_service_account_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets a ServiceAccount. # @param [String] name # Required. The resource name of the service account in the following format: ` # projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for # the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value # can be the `email` address or the `unique_id` of the service account. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccount] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the IAM policy that is attached to a ServiceAccount. This IAM policy # specifies which principals have access to the service account. This method # does not tell you whether the service account has been granted any roles on # other resources. To check whether a service account has role grants on a # resource, use the `getIamPolicy` method for that resource. For example, to # view the role grants for a project, call the Resource Manager API's [`projects. # getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/ # projects/getIamPolicy) method. # @param [String] resource # REQUIRED: The resource for which the policy is being requested. See [Resource # names](https://cloud.google.com/apis/design/resource_names) for the # appropriate value for this field. # @param [Fixnum] options_requested_policy_version # Optional. The maximum policy version that will be used to format the policy. # Valid values are 0, 1, and 3. Requests specifying an invalid value will be # rejected. Requests for policies with any conditional role bindings must # specify version 3. Policies with no conditional role bindings may specify any # valid value or leave the field unset. The policy in the response might use the # policy version that you specified, or it might use a lower policy version. For # example, if you specify version 3, but the policy has no conditional role # bindings, the response uses version 1. To learn which resources support # conditions in their IAM policies, see the [IAM documentation](https://cloud. # google.com/iam/help/conditions/resource-policies). # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Policy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options) command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists every ServiceAccount that belongs to a specific project. # @param [String] name # Required. The resource name of the project associated with the service # accounts, such as `projects/my-project-123`. # @param [Fixnum] page_size # Optional limit on the number of service accounts to include in the response. # Further accounts can subsequently be obtained by including the # ListServiceAccountsResponse.next_page_token in a subsequent request. The # default is 20, and the maximum is 100. # @param [String] page_token # Optional pagination token returned in an earlier ListServiceAccountsResponse. # next_page_token. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListServiceAccountsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListServiceAccountsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}/serviceAccounts', options) command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse command.params['name'] = name unless name.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Patches a ServiceAccount. # @param [String] name # The resource name of the service account. Use one of the following formats: * ` # projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID` # /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard # character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to get the service # account `projects/-/serviceAccounts/fake@example.com`, which does not exist, # the response contains an HTTP `403 Forbidden` error instead of a `404 Not # Found` error. # @param [Google::Apis::IamV1::PatchServiceAccountRequest] patch_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccount] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation command.request_object = patch_service_account_request_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Sets the IAM policy that is attached to a ServiceAccount. Use this method to # grant or revoke access to the service account. For example, you could grant a # principal the ability to impersonate the service account. This method does not # enable the service account to access other resources. To grant roles to a # service account on a resource, follow these steps: 1. Call the resource's ` # getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that # it binds the service account to an IAM role for the resource. 3. Call the # resource's `setIamPolicy` method to update its IAM policy. For detailed # instructions, see [Manage access to project, folders, and organizations](https: # //cloud.google.com/iam/help/service-accounts/granting-access-to-service- # accounts) or [Manage access to other resources](https://cloud.google.com/iam/ # help/access/manage-other-resources). # @param [String] resource # REQUIRED: The resource for which the policy is being specified. See [Resource # names](https://cloud.google.com/apis/design/resource_names) for the # appropriate value for this field. # @param [Google::Apis::IamV1::SetIamPolicyRequest] set_iam_policy_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Policy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options) command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation command.request_object = set_iam_policy_request_object command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # **Note:** This method is deprecated. Use the [`signBlob`](https://cloud.google. # com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob) method in # the IAM Service Account Credentials API instead. If you currently use this # method, see the [migration guide](https://cloud.google.com/iam/help/ # credentials/migrate-api) for instructions. Signs a blob using the system- # managed private key for a ServiceAccount. # @param [String] name # Required. Deprecated. [Migrate to Service Account Credentials API](https:// # cloud.google.com/iam/help/credentials/migrate-api). The resource name of the # service account in the following format: `projects/`PROJECT_ID`/ # serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will # infer the project from the account. The `ACCOUNT` value can be the `email` # address or the `unique_id` of the service account. # @param [Google::Apis::IamV1::SignBlobRequest] sign_blob_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::SignBlobResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::SignBlobResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:signBlob', options) command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation command.request_object = sign_blob_request_object command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation command.response_class = Google::Apis::IamV1::SignBlobResponse command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # **Note:** This method is deprecated. Use the [`signJwt`](https://cloud.google. # com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt) method in # the IAM Service Account Credentials API instead. If you currently use this # method, see the [migration guide](https://cloud.google.com/iam/help/ # credentials/migrate-api) for instructions. Signs a JSON Web Token (JWT) using # the system-managed private key for a ServiceAccount. # @param [String] name # Required. Deprecated. [Migrate to Service Account Credentials API](https:// # cloud.google.com/iam/help/credentials/migrate-api). The resource name of the # service account in the following format: `projects/`PROJECT_ID`/ # serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the `PROJECT_ID` will # infer the project from the account. The `ACCOUNT` value can be the `email` # address or the `unique_id` of the service account. # @param [Google::Apis::IamV1::SignJwtRequest] sign_jwt_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::SignJwtResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::SignJwtResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:signJwt', options) command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation command.request_object = sign_jwt_request_object command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation command.response_class = Google::Apis::IamV1::SignJwtResponse command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Tests whether the caller has the specified permissions on a ServiceAccount. # @param [String] resource # REQUIRED: The resource for which the policy detail is being requested. See [ # Resource names](https://cloud.google.com/apis/design/resource_names) for the # appropriate value for this field. # @param [Google::Apis::IamV1::TestIamPermissionsRequest] test_iam_permissions_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::TestIamPermissionsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::TestIamPermissionsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options) command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation command.request_object = test_iam_permissions_request_object command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Restores a deleted ServiceAccount. **Important:** It is not always possible to # restore a deleted service account. Use this method only as a last resort. # After you delete a service account, IAM permanently removes the service # account 30 days later. There is no way to restore a deleted service account # that has been permanently removed. # @param [String] name # The resource name of the service account in the following format: `projects/` # PROJECT_ID`/serviceAccounts/`ACCOUNT_UNIQUE_ID``. Using `-` as a wildcard for # the `PROJECT_ID` will infer the project from the account. # @param [Google::Apis::IamV1::UndeleteServiceAccountRequest] undelete_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::UndeleteServiceAccountResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::UndeleteServiceAccountResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation command.request_object = undelete_service_account_request_object command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # **Note:** We are in the process of deprecating this method. Use # PatchServiceAccount instead. Updates a ServiceAccount. You can update only the # `display_name` field. # @param [String] name # The resource name of the service account. Use one of the following formats: * ` # projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID` # /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard # character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to get the service # account `projects/-/serviceAccounts/fake@example.com`, which does not exist, # the response contains an HTTP `403 Forbidden` error instead of a `404 Not # Found` error. # @param [Google::Apis::IamV1::ServiceAccount] service_account_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccount] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:put, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation command.request_object = service_account_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a ServiceAccountKey. # @param [String] name # Required. The resource name of the service account in the following format: ` # projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for # the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value # can be the `email` address or the `unique_id` of the service account. # @param [Google::Apis::IamV1::CreateServiceAccountKeyRequest] create_service_account_key_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccountKey] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}/keys', options) command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation command.request_object = create_service_account_key_request_object command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation command.response_class = Google::Apis::IamV1::ServiceAccountKey command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a ServiceAccountKey. Deleting a service account key does not revoke # short-lived credentials that have been issued based on the service account key. # @param [String] name # Required. The resource name of the service account key in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a # wildcard for the `PROJECT_ID` will infer the project from the account. The ` # ACCOUNT` value can be the `email` address or the `unique_id` of the service # account. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Disable a ServiceAccountKey. A disabled service account key can be re-enabled # with EnableServiceAccountKey. # @param [String] name # Required. The resource name of the service account key in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a # wildcard for the `PROJECT_ID` will infer the project from the account. The ` # ACCOUNT` value can be the `email` address or the `unique_id` of the service # account. # @param [Google::Apis::IamV1::DisableServiceAccountKeyRequest] disable_service_account_key_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def disable_service_account_key(name, disable_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:disable', options) command.request_representation = Google::Apis::IamV1::DisableServiceAccountKeyRequest::Representation command.request_object = disable_service_account_key_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Enable a ServiceAccountKey. # @param [String] name # Required. The resource name of the service account key in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a # wildcard for the `PROJECT_ID` will infer the project from the account. The ` # ACCOUNT` value can be the `email` address or the `unique_id` of the service # account. # @param [Google::Apis::IamV1::EnableServiceAccountKeyRequest] enable_service_account_key_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def enable_service_account_key(name, enable_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:enable', options) command.request_representation = Google::Apis::IamV1::EnableServiceAccountKeyRequest::Representation command.request_object = enable_service_account_key_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets a ServiceAccountKey. # @param [String] name # Required. The resource name of the service account key in the following format: # `projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. Using `-` as a # wildcard for the `PROJECT_ID` will infer the project from the account. The ` # ACCOUNT` value can be the `email` address or the `unique_id` of the service # account. # @param [String] public_key_type # Optional. The output format of the public key. The default is `TYPE_NONE`, # which means that the public key is not returned. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccountKey] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation command.response_class = Google::Apis::IamV1::ServiceAccountKey command.params['name'] = name unless name.nil? command.query['publicKeyType'] = public_key_type unless public_key_type.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists every ServiceAccountKey for a service account. # @param [String] name # Required. The resource name of the service account in the following format: ` # projects/`PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for # the `PROJECT_ID`, will infer the project from the account. The `ACCOUNT` value # can be the `email` address or the `unique_id` of the service account. # @param [Array, String] key_types # Filters the types of keys the user wants to include in the list response. # Duplicate key types are not allowed. If no key type is provided, all keys are # returned. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListServiceAccountKeysResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListServiceAccountKeysResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}/keys', options) command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse command.params['name'] = name unless name.nil? command.query['keyTypes'] = key_types unless key_types.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Uploads the public key portion of a key pair that you manage, and associates # the public key with a ServiceAccount. After you upload the public key, you can # use the private key from the key pair as a service account key. # @param [String] name # The resource name of the service account in the following format: `projects/` # PROJECT_ID`/serviceAccounts/`ACCOUNT``. Using `-` as a wildcard for the ` # PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can # be the `email` address or the `unique_id` of the service account. # @param [Google::Apis::IamV1::UploadServiceAccountKeyRequest] upload_service_account_key_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccountKey] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}/keys:upload', options) command.request_representation = Google::Apis::IamV1::UploadServiceAccountKeyRequest::Representation command.request_object = upload_service_account_key_request_object command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation command.response_class = Google::Apis::IamV1::ServiceAccountKey command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the definition of a Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles), [` # projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles), or [ # `organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations. # roles). Each resource type's `name` value format is described below: * [`roles. # get()`](https://cloud.google.com/iam/reference/rest/v1/roles/get): `roles/` # ROLE_NAME``. This method returns results from all [predefined roles](https:// # cloud.google.com/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. # Example request URL: `https://iam.googleapis.com/v1/roles/`ROLE_NAME`` * [` # projects.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/projects. # roles/get): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This method # returns only [custom roles](https://cloud.google.com/iam/docs/understanding- # custom-roles) that have been created at the project level. Example request URL: # `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID`` * # [`organizations.roles.get()`](https://cloud.google.com/iam/reference/rest/v1/ # organizations.roles/get): `organizations/`ORGANIZATION_ID`/roles/` # CUSTOM_ROLE_ID``. This method returns only [custom roles](https://cloud.google. # com/iam/docs/understanding-custom-roles) that have been created at the # organization level. Example request URL: `https://iam.googleapis.com/v1/ # organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: Wildcard (*) # values are invalid; you must specify a complete project ID or organization ID. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_role(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists every predefined Role that IAM supports, or every custom role that is # defined for an organization or project. # @param [Fixnum] page_size # Optional limit on the number of roles to include in the response. The default # is 300, and the maximum is 1,000. # @param [String] page_token # Optional pagination token returned in an earlier ListRolesResponse. # @param [String] parent # The `parent` parameter's value depends on the target resource for the request, # namely [`roles`](https://cloud.google.com/iam/reference/rest/v1/roles), [` # projects`](https://cloud.google.com/iam/reference/rest/v1/projects.roles), or [ # `organizations`](https://cloud.google.com/iam/reference/rest/v1/organizations. # roles). Each resource type's `parent` value format is described below: * [` # roles.list()`](https://cloud.google.com/iam/reference/rest/v1/roles/list): An # empty string. This method doesn't require a resource; it simply returns all [ # predefined roles](https://cloud.google.com/iam/docs/understanding-roles# # predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis. # com/v1/roles` * [`projects.roles.list()`](https://cloud.google.com/iam/ # reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This method # lists all project-level [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles). Example request URL: `https://iam.googleapis.com/ # v1/projects/`PROJECT_ID`/roles` * [`organizations.roles.list()`](https://cloud. # google.com/iam/reference/rest/v1/organizations.roles/list): `organizations/` # ORGANIZATION_ID``. This method lists all organization-level [custom roles]( # https://cloud.google.com/iam/docs/understanding-custom-roles). Example request # URL: `https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` # Note: Wildcard (*) values are invalid; you must specify a complete project ID # or organization ID. # @param [Boolean] show_deleted # Include Roles that have been deleted. # @param [String] view # Optional view for the returned Role objects. When `FULL` is specified, the ` # includedPermissions` field is returned, which includes a list of all # permissions in the role. The default value is `BASIC`, which does not return # the `includedPermissions` field. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListRolesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/roles', options) command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation command.response_class = Google::Apis::IamV1::ListRolesResponse command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['parent'] = parent unless parent.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['view'] = view unless view.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists roles that can be granted on a Google Cloud resource. A role is # grantable if the IAM policy for the resource can contain bindings to the role. # @param [Google::Apis::IamV1::QueryGrantableRolesRequest] query_grantable_roles_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::QueryGrantableRolesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::QueryGrantableRolesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/roles:queryGrantableRoles', options) command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation command.request_object = query_grantable_roles_request_object command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end protected def apply_command_defaults(command) command.query['key'] = key unless key.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? end end end end end google-apis-iam-v1-0.36.0/lib/google-apis-iam_v1.rb0000644000175000017500000000113514413333754020244 0ustar raviravi# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require "google/apis/iam_v1" google-apis-iam-v1-0.36.0/OVERVIEW.md0000644000175000017500000001370714413333754015371 0ustar raviravi# Simple REST client for version V1 of the Identity and Access Management (IAM) API This is a simple client library for version V1 of the Identity and Access Management (IAM) API. It provides: * A client object that connects to the HTTP/JSON REST endpoint for the service. * Ruby objects for data structures related to the service. * Integration with the googleauth gem for authentication using OAuth, API keys, and service accounts. * Control of retry, pagination, and timeouts. Note that although this client library is supported and will continue to be updated to track changes to the service, it is otherwise considered complete and not under active development. Many Google services, especially Google Cloud Platform services, may provide a more modern client that is under more active development and improvement. See the section below titled *Which client should I use?* for more information. ## Getting started ### Before you begin There are a few setup steps you need to complete before you can use this library: 1. If you don't already have a Google account, [sign up](https://www.google.com/accounts). 2. If you have never created a Google APIs Console project, read about [Managing Projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects) and create a project in the [Google API Console](https://console.cloud.google.com/). 3. Most APIs need to be enabled for your project. [Enable it](https://console.cloud.google.com/apis/library/iam.googleapis.com) in the console. ### Installation Add this line to your application's Gemfile: ```ruby gem 'google-apis-iam_v1', '~> 0.1' ``` And then execute: ``` $ bundle ``` Or install it yourself as: ``` $ gem install google-apis-iam_v1 ``` ### Creating a client object Once the gem is installed, you can load the client code and instantiate a client. ```ruby # Load the client require "google/apis/iam_v1" # Create a client object client = Google::Apis::IamV1::IamService.new # Authenticate calls client.authorization = # ... use the googleauth gem to create credentials ``` See the class reference docs for information on the methods you can call from a client. ## Documentation More detailed descriptions of the Google simple REST clients are available in two documents. * The [Usage Guide](https://github.com/googleapis/google-api-ruby-client/blob/main/docs/usage-guide.md) discusses how to make API calls, how to use the provided data structures, and how to work the various features of the client library, including media upload and download, error handling, retries, pagination, and logging. * The [Auth Guide](https://github.com/googleapis/google-api-ruby-client/blob/main/docs/auth-guide.md) discusses authentication in the client libraries, including API keys, OAuth 2.0, service accounts, and environment variables. (Note: the above documents are written for the simple REST clients in general, and their examples may not reflect the Iam service in particular.) For reference information on specific calls in the Identity and Access Management (IAM) API, see the {Google::Apis::IamV1::IamService class reference docs}. ## Which client should I use? Google provides two types of Ruby API client libraries: **simple REST clients** and **modern clients**. This library, `google-apis-iam_v1`, is a simple REST client. You can identify these clients by their gem names, which are always in the form `google-apis-_`. The simple REST clients connect to HTTP/JSON REST endpoints and are automatically generated from service discovery documents. They support most API functionality, but their class interfaces are sometimes awkward. Modern clients are produced by a modern code generator, sometimes combined with hand-crafted functionality. Most modern clients connect to high-performance gRPC endpoints, although a few are backed by REST services. Modern clients are available for many Google services, especially Google Cloud Platform services, but do not yet support all the services covered by the simple clients. Gem names for modern clients are often of the form `google-cloud-`. (For example, [google-cloud-pubsub](https://rubygems.org/gems/google-cloud-pubsub).) Note that most modern clients also have corresponding "versioned" gems with names like `google-cloud--`. (For example, [google-cloud-pubsub-v1](https://rubygems.org/gems/google-cloud-pubsub-v1).) The "versioned" gems can be used directly, but often provide lower-level interfaces. In most cases, the main gem is recommended. **For most users, we recommend the modern client, if one is available.** Compared with simple clients, modern clients are generally much easier to use and more Ruby-like, support more advanced features such as streaming and long-running operations, and often provide much better performance. You may consider using a simple client instead, if a modern client is not yet available for the service you want to use, or if you are not able to use gRPC on your infrastructure. The [product documentation](https://cloud.google.com/iam/) may provide guidance regarding the preferred client library to use. ## Supported Ruby versions This library is supported on Ruby 2.5+. Google provides official support for Ruby versions that are actively supported by Ruby Core -- that is, Ruby versions that are either in normal maintenance or in security maintenance, and not end of life. Currently, this means Ruby 2.5 and later. Older versions of Ruby _may_ still work, but are unsupported and not recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby support schedule. ## License This library is licensed under Apache 2.0. Full license text is available in the {file:LICENSE.md LICENSE}. ## Support Please [report bugs at the project on Github](https://github.com/google/google-api-ruby-client/issues). Don't hesitate to [ask questions](http://stackoverflow.com/questions/tagged/google-api-ruby-client) about the client or APIs on [StackOverflow](http://stackoverflow.com). google-apis-iam-v1-0.36.0/.yardopts0000644000175000017500000000034214413333754015436 0ustar raviravi--hide-void-return --no-private --verbose --title=google-apis-iam_v1 --markup-provider=redcarpet --markup=markdown --main OVERVIEW.md lib/google/apis/iam_v1/*.rb lib/google/apis/iam_v1.rb - OVERVIEW.md CHANGELOG.md LICENSE.md google-apis-iam-v1-0.36.0/google-apis-iam_v1.gemspec0000644000175000017500000000510314413333754020515 0ustar raviravi######################################################### # This file has been automatically generated by gem2tgz # ######################################################### # -*- encoding: utf-8 -*- # stub: google-apis-iam_v1 0.36.0 ruby lib Gem::Specification.new do |s| s.name = "google-apis-iam_v1".freeze s.version = "0.36.0" s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= s.metadata = { "bug_tracker_uri" => "https://github.com/googleapis/google-api-ruby-client/issues", "changelog_uri" => "https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-iam_v1/CHANGELOG.md", "documentation_uri" => "https://googleapis.dev/ruby/google-apis-iam_v1/v0.36.0", "source_code_uri" => "https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-iam_v1" } if s.respond_to? :metadata= s.require_paths = ["lib".freeze] s.authors = ["Google LLC".freeze] s.date = "2022-10-31" s.description = "This is the simple REST client for Identity and Access Management (IAM) API V1. Simple REST clients are Ruby client libraries that provide access to Google services via their HTTP REST API endpoints. These libraries are generated and updated automatically based on the discovery documents published by the service, and they handle most concerns such as authentication, pagination, retry, timeouts, and logging. You can use this client to access the Identity and Access Management (IAM) API, but note that some services may provide a separate modern client that is easier to use.".freeze s.email = "googleapis-packages@google.com".freeze s.files = [".yardopts".freeze, "CHANGELOG.md".freeze, "LICENSE.md".freeze, "OVERVIEW.md".freeze, "lib/google-apis-iam_v1.rb".freeze, "lib/google/apis/iam_v1.rb".freeze, "lib/google/apis/iam_v1/classes.rb".freeze, "lib/google/apis/iam_v1/gem_version.rb".freeze, "lib/google/apis/iam_v1/representations.rb".freeze, "lib/google/apis/iam_v1/service.rb".freeze] s.homepage = "https://github.com/google/google-api-ruby-client".freeze s.licenses = ["Apache-2.0".freeze] s.required_ruby_version = Gem::Requirement.new(">= 2.5".freeze) s.rubygems_version = "3.3.15".freeze s.summary = "Simple REST client for Identity and Access Management (IAM) API V1".freeze if s.respond_to? :specification_version then s.specification_version = 4 end if s.respond_to? :add_runtime_dependency then s.add_runtime_dependency(%q.freeze, [">= 0.9.1", "< 2.a"]) else s.add_dependency(%q.freeze, [">= 0.9.1", "< 2.a"]) end end google-apis-iam-v1-0.36.0/CHANGELOG.md0000644000175000017500000000623114413333754015404 0ustar raviravi# Release history for google-apis-iam_v1 ### v0.36.0 (2022-10-27) * Regenerated from discovery document revision 20221013 * Regenerated using generator version 0.11.0 ### v0.35.0 (2022-09-21) * Regenerated using generator version 0.10.0 ### v0.34.0 (2022-09-01) * Regenerated from discovery document revision 20220825 ### v0.33.0 (2022-08-20) * Regenerated from discovery document revision 20220811 * Regenerated using generator version 0.9.0 ### v0.32.0 (2022-07-01) * Regenerated using generator version 0.8.0 ### v0.31.0 (2022-06-21) * Regenerated using generator version 0.7.0 ### v0.30.0 (2022-06-07) * Regenerated from discovery document revision 20220526 * Regenerated using generator version 0.5.0 ### v0.29.0 (2022-05-19) * Regenerated from discovery document revision 20220511 ### v0.28.0 (2022-05-12) * Regenerated from discovery document revision 20220509 ### v0.27.0 (2022-05-05) * Regenerated from discovery document revision 20220428 ### v0.26.0 (2022-04-28) * Regenerated from discovery document revision 20220421 ### v0.25.0 (2022-04-21) * Regenerated from discovery document revision 20220413 ### v0.24.0 (2022-04-07) * Regenerated from discovery document revision 20220331 ### v0.23.0 (2022-04-01) * Regenerated from discovery document revision 20220324 ### v0.22.0 (2022-03-17) * Regenerated from discovery document revision 20220310 ### v0.21.0 (2022-02-24) * Regenerated from discovery document revision 20220217 ### v0.20.0 (2022-02-16) * Regenerated from discovery document revision 20220209 ### v0.19.0 (2022-01-21) * Regenerated from discovery document revision 20220112 ### v0.18.0 (2022-01-13) * Regenerated from discovery document revision 20220105 * Regenerated using generator version 0.4.1 ### v0.17.0 (2021-12-16) * Unspecified changes ### v0.16.0 (2021-11-11) * Regenerated from discovery document revision 20211104 ### v0.15.0 (2021-10-21) * Regenerated from discovery document revision 20211013 * Unspecified changes ### v0.14.0 (2021-09-24) * Regenerated from discovery document revision 20210918 ### v0.13.0 (2021-09-16) * Regenerated from discovery document revision 20210909 ### v0.12.0 (2021-09-01) * Regenerated from discovery document revision 20210825 ### v0.11.0 (2021-08-20) * Regenerated from discovery document revision 20210812 ### v0.10.0 (2021-08-05) * Regenerated from discovery document revision 20210728 ### v0.9.0 (2021-07-29) * Regenerated from discovery document revision 20210722 ### v0.8.0 (2021-06-29) * Regenerated using generator version 0.4.0 ### v0.7.0 (2021-06-24) * Regenerated using generator version 0.3.0 ### v0.6.0 (2021-05-22) * Regenerated from discovery document revision 20210519 ### v0.5.0 (2021-03-31) * Regenerated from discovery document revision 20210325 ### v0.4.0 (2021-03-10) * Regenerated from discovery document revision 20210226 * Regenerated using generator version 0.2.0 ### v0.3.0 (2021-03-04) * Unspecified changes ### v0.2.0 (2021-02-18) * Regenerated from discovery document revision 20210211 * Regenerated using generator version 0.1.2 ### v0.1.0 (2021-01-07) * Regenerated using generator version 0.1.1 * Regenerated from discovery document revision 20201112