google-apis-iam_v1-0.83.0/0000755000004100000410000000000015141175474015223 5ustar www-datawww-datagoogle-apis-iam_v1-0.83.0/OVERVIEW.md0000644000004100000410000001363515141175474017023 0ustar www-datawww-data# Simple REST client for version V1 of the Identity and Access Management (IAM) API This is a simple client library for version V1 of the Identity and Access Management (IAM) API. It provides: * A client object that connects to the HTTP/JSON REST endpoint for the service. * Ruby objects for data structures related to the service. * Integration with the googleauth gem for authentication using OAuth, API keys, and service accounts. * Control of retry, pagination, and timeouts. Note that although this client library is supported and will continue to be updated to track changes to the service, it is otherwise considered complete and not under active development. Many Google services, especially Google Cloud Platform services, may provide a more modern client that is under more active development and improvement. See the section below titled *Which client should I use?* for more information. ## Getting started ### Before you begin There are a few setup steps you need to complete before you can use this library: 1. If you don't already have a Google account, [sign up](https://www.google.com/accounts). 2. If you have never created a Google APIs Console project, read about [Managing Projects](https://cloud.google.com/resource-manager/docs/creating-managing-projects) and create a project in the [Google API Console](https://console.cloud.google.com/). 3. Most APIs need to be enabled for your project. [Enable it](https://console.cloud.google.com/apis/library/iam.googleapis.com) in the console. ### Installation Add this line to your application's Gemfile: ```ruby gem 'google-apis-iam_v1', '~> 0.1' ``` And then execute: ``` $ bundle ``` Or install it yourself as: ``` $ gem install google-apis-iam_v1 ``` ### Creating a client object Once the gem is installed, you can load the client code and instantiate a client. ```ruby # Load the client require "google/apis/iam_v1" # Create a client object client = Google::Apis::IamV1::IamService.new # Authenticate calls client.authorization = # ... use the googleauth gem to create credentials ``` See the class reference docs for information on the methods you can call from a client. ## Documentation More detailed descriptions of the Google simple REST clients are available in two documents. * The [Usage Guide](https://github.com/googleapis/google-api-ruby-client/blob/main/docs/usage-guide.md) discusses how to make API calls, how to use the provided data structures, and how to work the various features of the client library, including media upload and download, error handling, retries, pagination, and logging. * The [Auth Guide](https://github.com/googleapis/google-api-ruby-client/blob/main/docs/auth-guide.md) discusses authentication in the client libraries, including API keys, OAuth 2.0, service accounts, and environment variables. (Note: the above documents are written for the simple REST clients in general, and their examples may not reflect the Iam service in particular.) For reference information on specific calls in the Identity and Access Management (IAM) API, see the {Google::Apis::IamV1::IamService class reference docs}. ## Which client should I use? Google provides two types of Ruby API client libraries: **simple REST clients** and **modern clients**. This library, `google-apis-iam_v1`, is a simple REST client. You can identify these clients by their gem names, which are always in the form `google-apis-_`. The simple REST clients connect to HTTP/JSON REST endpoints and are automatically generated from service discovery documents. They support most API functionality, but their class interfaces are sometimes awkward. Modern clients are produced by a modern code generator, sometimes combined with hand-crafted functionality. Most modern clients connect to high-performance gRPC endpoints, although a few are backed by REST services. Modern clients are available for many Google services, especially Google Cloud Platform services, but do not yet support all the services covered by the simple clients. Gem names for modern clients are often of the form `google-cloud-`. (For example, [google-cloud-pubsub](https://rubygems.org/gems/google-cloud-pubsub).) Note that most modern clients also have corresponding "versioned" gems with names like `google-cloud--`. (For example, [google-cloud-pubsub-v1](https://rubygems.org/gems/google-cloud-pubsub-v1).) The "versioned" gems can be used directly, but often provide lower-level interfaces. In most cases, the main gem is recommended. **For most users, we recommend the modern client, if one is available.** Compared with simple clients, modern clients are generally much easier to use and more Ruby-like, support more advanced features such as streaming and long-running operations, and often provide much better performance. You may consider using a simple client instead, if a modern client is not yet available for the service you want to use, or if you are not able to use gRPC on your infrastructure. The [product documentation](https://cloud.google.com/iam/) may provide guidance regarding the preferred client library to use. ## Supported Ruby versions This library is supported on Ruby 3.1+. Google provides official support for Ruby versions that are actively supported by Ruby Core -- that is, Ruby versions that are either in normal maintenance or in security maintenance, and not end of life. Older versions of Ruby _may_ still work, but are unsupported and not recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby support schedule. ## License This library is licensed under Apache 2.0. Full license text is available in the {file:LICENSE.md LICENSE}. ## Support Please [report bugs at the project on Github](https://github.com/google/google-api-ruby-client/issues). Don't hesitate to [ask questions](http://stackoverflow.com/questions/tagged/google-api-ruby-client) about the client or APIs on [StackOverflow](http://stackoverflow.com). google-apis-iam_v1-0.83.0/lib/0000755000004100000410000000000015141175474015771 5ustar www-datawww-datagoogle-apis-iam_v1-0.83.0/lib/google/0000755000004100000410000000000015141175474017245 5ustar www-datawww-datagoogle-apis-iam_v1-0.83.0/lib/google/apis/0000755000004100000410000000000015141175474020201 5ustar www-datawww-datagoogle-apis-iam_v1-0.83.0/lib/google/apis/iam_v1/0000755000004100000410000000000015141175474021355 5ustar www-datawww-datagoogle-apis-iam_v1-0.83.0/lib/google/apis/iam_v1/gem_version.rb0000644000004100000410000000163015141175474024217 0ustar www-datawww-data# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. module Google module Apis module IamV1 # Version of the google-apis-iam_v1 gem GEM_VERSION = "0.83.0" # Version of the code generator used to generate this client GENERATOR_VERSION = "0.18.0" # Revision of the discovery document this client was generated from REVISION = "20260123" end end end google-apis-iam_v1-0.83.0/lib/google/apis/iam_v1/service.rb0000644000004100000410000122745015141175474023355 0ustar www-datawww-data# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require 'google/apis/core/base_service' require 'google/apis/core/json_representation' require 'google/apis/core/hashable' require 'google/apis/errors' module Google module Apis module IamV1 # Identity and Access Management (IAM) API # # Manages identity and access control for Google Cloud resources, including the # creation of service accounts, which you can use to authenticate to Google and # make API calls. Enabling this API also enables the IAM Service Account # Credentials API (iamcredentials.googleapis.com). However, disabling this API # doesn't disable the IAM Service Account Credentials API. # # @example # require 'google/apis/iam_v1' # # Iam = Google::Apis::IamV1 # Alias the module # service = Iam::IamService.new # # @see https://cloud.google.com/iam/ class IamService < Google::Apis::Core::BaseService DEFAULT_ENDPOINT_TEMPLATE = "https://iam.$UNIVERSE_DOMAIN$/" # @return [String] # API key. Your API key identifies your project and provides you with API access, # quota, and reports. Required unless you provide an OAuth 2.0 token. attr_accessor :key # @return [String] # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. attr_accessor :quota_user def initialize super(DEFAULT_ENDPOINT_TEMPLATE, '', client_name: 'google-apis-iam_v1', client_version: Google::Apis::IamV1::GEM_VERSION) @batch_path = 'batch' end # Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding. # condition field, which contains a condition expression for a role binding. # Successful calls to this method always return an HTTP `200 OK` status code, # even if the linter detects an issue in the IAM policy. # @param [Google::Apis::IamV1::LintPolicyRequest] lint_policy_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::LintPolicyResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::LintPolicyResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def lint_iam_policy_policy(lint_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/iamPolicies:lintPolicy', options) command.request_representation = Google::Apis::IamV1::LintPolicyRequest::Representation command.request_object = lint_policy_request_object command.response_representation = Google::Apis::IamV1::LintPolicyResponse::Representation command.response_class = Google::Apis::IamV1::LintPolicyResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Returns a list of services that allow you to opt into audit logs that are not # generated by default. To learn more about audit logs, see the [Logging # documentation](https://cloud.google.com/logging/docs/audit). # @param [Google::Apis::IamV1::QueryAuditableServicesRequest] query_auditable_services_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::QueryAuditableServicesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::QueryAuditableServicesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def query_iam_policy_auditable_services(query_auditable_services_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/iamPolicies:queryAuditableServices', options) command.request_representation = Google::Apis::IamV1::QueryAuditableServicesRequest::Representation command.request_object = query_auditable_services_request_object command.response_representation = Google::Apis::IamV1::QueryAuditableServicesResponse::Representation command.response_class = Google::Apis::IamV1::QueryAuditableServicesResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new WorkforcePool. You cannot reuse the name of a deleted pool until # 30 days after deletion. # @param [String] location # Optional. The location of the pool to create. Format: `locations/`location``. # @param [Google::Apis::IamV1::WorkforcePool] workforce_pool_object # @param [String] workforce_pool_id # Optional. The ID to use for the pool, which becomes the final component of the # resource name. The IDs must be a globally unique string of 6 to 63 lowercase # letters, digits, or hyphens. It must start with a letter, and cannot have a # trailing hyphen. The prefix `gcp-` is reserved for use by Google, and may not # be specified. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_location_workforce_pool(location, workforce_pool_object = nil, workforce_pool_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+location}/workforcePools', options) command.request_representation = Google::Apis::IamV1::WorkforcePool::Representation command.request_object = workforce_pool_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['location'] = location unless location.nil? command.query['workforcePoolId'] = workforce_pool_id unless workforce_pool_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a WorkforcePool. You cannot use a deleted WorkforcePool to exchange # external credentials for Google Cloud credentials. However, deletion does not # revoke credentials that have already been issued. Credentials issued for a # deleted pool do not grant access to resources. If the pool is undeleted, and # the credentials are not expired, they grant access again. You can undelete a # pool for 30 days. After 30 days, deletion is permanent. You cannot update # deleted pools. However, you can view and list them. # @param [String] name # Required. The name of the pool to delete. Format: `locations/`location`/ # workforcePools/`workforce_pool_id`` # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_location_workforce_pool(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets an individual WorkforcePool. # @param [String] name # Required. The name of the pool to retrieve. Format: `locations/`location`/ # workforcePools/`workforce_pool_id`` # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkforcePool] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkforcePool] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_location_workforce_pool(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkforcePool::Representation command.response_class = Google::Apis::IamV1::WorkforcePool command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets IAM policies on a WorkforcePool. # @param [String] resource # REQUIRED: The resource for which the policy is being requested. See [Resource # names](https://cloud.google.com/apis/design/resource_names) for the # appropriate value for this field. # @param [Google::Apis::IamV1::GetIamPolicyRequest] get_iam_policy_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Policy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_workforce_pool_iam_policy(resource, get_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options) command.request_representation = Google::Apis::IamV1::GetIamPolicyRequest::Representation command.request_object = get_iam_policy_request_object command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists all non-deleted WorkforcePools under the specified parent. If ` # show_deleted` is set to `true`, then deleted pools are also listed. # @param [String] location # The location of the pool. Format: `locations/`location``. # @param [Fixnum] page_size # The maximum number of pools to return. The default value is 50. The maximum # value is 100. # @param [String] page_token # A page token, received from a previous `ListWorkforcePools` call. Provide this # to retrieve the subsequent page. # @param [String] parent # Required. The parent resource to list pools for. Format: `organizations/`org- # id``. # @param [Boolean] show_deleted # Whether to return soft-deleted pools. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListWorkforcePoolsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListWorkforcePoolsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_location_workforce_pools(location, page_size: nil, page_token: nil, parent: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+location}/workforcePools', options) command.response_representation = Google::Apis::IamV1::ListWorkforcePoolsResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkforcePoolsResponse command.params['location'] = location unless location.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['parent'] = parent unless parent.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates an existing WorkforcePool. # @param [String] name # Identifier. The resource name of the pool. Format: `locations/`location`/ # workforcePools/`workforce_pool_id`` # @param [Google::Apis::IamV1::WorkforcePool] workforce_pool_object # @param [String] update_mask # Required. The list of fields to update. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_location_workforce_pool(name, workforce_pool_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::WorkforcePool::Representation command.request_object = workforce_pool_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Sets IAM policies on a WorkforcePool. # @param [String] resource # REQUIRED: The resource for which the policy is being specified. See [Resource # names](https://cloud.google.com/apis/design/resource_names) for the # appropriate value for this field. # @param [Google::Apis::IamV1::SetIamPolicyRequest] set_iam_policy_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Policy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def set_workforce_pool_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options) command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation command.request_object = set_iam_policy_request_object command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Returns the caller's permissions on the WorkforcePool. If the pool doesn't # exist, this call returns an empty set of permissions. It doesn't return a ` # NOT_FOUND` error. # @param [String] resource # REQUIRED: The resource for which the policy detail is being requested. See [ # Resource names](https://cloud.google.com/apis/design/resource_names) for the # appropriate value for this field. # @param [Google::Apis::IamV1::TestIamPermissionsRequest] test_iam_permissions_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::TestIamPermissionsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::TestIamPermissionsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def test_workforce_pool_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options) command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation command.request_object = test_iam_permissions_request_object command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a WorkforcePool, as long as it was deleted fewer than 30 days ago. # @param [String] name # Required. The name of the pool to undelete. Format: `locations/`location`/ # workforcePools/`workforce_pool_id`` # @param [Google::Apis::IamV1::UndeleteWorkforcePoolRequest] undelete_workforce_pool_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_workforce_pool(name, undelete_workforce_pool_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkforcePoolRequest::Representation command.request_object = undelete_workforce_pool_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_location_workforce_pool_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new WorkforcePoolProvider in a WorkforcePool. You cannot reuse the # name of a deleted provider until 30 days after deletion. # @param [String] parent # Required. The pool to create this provider in. Format: `locations/`location`/ # workforcePools/`workforce_pool_id`` # @param [Google::Apis::IamV1::WorkforcePoolProvider] workforce_pool_provider_object # @param [String] workforce_pool_provider_id # Required. The ID for the provider, which becomes the final component of the # resource name. This value must be 4-32 characters, and may contain the # characters `[a-z0-9-]`. The prefix `gcp-` is reserved for use by Google, and # may not be specified. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_location_workforce_pool_provider(parent, workforce_pool_provider_object = nil, workforce_pool_provider_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/providers', options) command.request_representation = Google::Apis::IamV1::WorkforcePoolProvider::Representation command.request_object = workforce_pool_provider_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['parent'] = parent unless parent.nil? command.query['workforcePoolProviderId'] = workforce_pool_provider_id unless workforce_pool_provider_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a WorkforcePoolProvider. Deleting a provider does not revoke # credentials that have already been issued; they continue to grant access. You # can undelete a provider for 30 days. After 30 days, deletion is permanent. You # cannot update deleted providers. However, you can view and list them. # @param [String] name # Required. The name of the provider to delete. Format: `locations/`location`/ # workforcePools/`workforce_pool_id`/providers/`provider_id`` # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_location_workforce_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets an individual WorkforcePoolProvider. # @param [String] name # Required. The name of the provider to retrieve. Format: `locations/`location`/ # workforcePools/`workforce_pool_id`/providers/`provider_id`` # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkforcePoolProvider] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkforcePoolProvider] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_location_workforce_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkforcePoolProvider::Representation command.response_class = Google::Apis::IamV1::WorkforcePoolProvider command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists all non-deleted WorkforcePoolProviders in a WorkforcePool. If ` # show_deleted` is set to `true`, then deleted providers are also listed. # @param [String] parent # Required. The pool to list providers for. Format: `locations/`location`/ # workforcePools/`workforce_pool_id`` # @param [Fixnum] page_size # The maximum number of providers to return. If unspecified, at most 50 # providers are returned. The maximum value is 100; values above 100 are # truncated to 100. # @param [String] page_token # A page token, received from a previous `ListWorkforcePoolProviders` call. # Provide this to retrieve the subsequent page. # @param [Boolean] show_deleted # Whether to return soft-deleted providers. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListWorkforcePoolProvidersResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListWorkforcePoolProvidersResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_location_workforce_pool_providers(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/providers', options) command.response_representation = Google::Apis::IamV1::ListWorkforcePoolProvidersResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkforcePoolProvidersResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates an existing WorkforcePoolProvider. # @param [String] name # Identifier. The resource name of the provider. Format: `locations/`location`/ # workforcePools/`workforce_pool_id`/providers/`provider_id`` # @param [Google::Apis::IamV1::WorkforcePoolProvider] workforce_pool_provider_object # @param [String] update_mask # Required. The list of fields to update. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_location_workforce_pool_provider(name, workforce_pool_provider_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::WorkforcePoolProvider::Representation command.request_object = workforce_pool_provider_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a WorkforcePoolProvider, as long as it was deleted fewer than 30 # days ago. # @param [String] name # Required. The name of the provider to undelete. Format: `locations/`location`/ # workforcePools/`workforce_pool_id`/providers/`provider_id`` # @param [Google::Apis::IamV1::UndeleteWorkforcePoolProviderRequest] undelete_workforce_pool_provider_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_workforce_pool_provider(name, undelete_workforce_pool_provider_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkforcePoolProviderRequest::Representation command.request_object = undelete_workforce_pool_provider_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new WorkforcePoolProviderKey in a WorkforcePoolProvider. # @param [String] parent # Required. The provider to create this key in. # @param [Google::Apis::IamV1::WorkforcePoolProviderKey] workforce_pool_provider_key_object # @param [String] workforce_pool_provider_key_id # Required. The ID to use for the key, which becomes the final component of the # resource name. This value must be 4-32 characters, and may contain the # characters `[a-z0-9-]`. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_location_workforce_pool_provider_key(parent, workforce_pool_provider_key_object = nil, workforce_pool_provider_key_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/keys', options) command.request_representation = Google::Apis::IamV1::WorkforcePoolProviderKey::Representation command.request_object = workforce_pool_provider_key_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['parent'] = parent unless parent.nil? command.query['workforcePoolProviderKeyId'] = workforce_pool_provider_key_id unless workforce_pool_provider_key_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a WorkforcePoolProviderKey. You can undelete a key for 30 days. After # 30 days, deletion is permanent. # @param [String] name # Required. The name of the key to delete. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_location_workforce_pool_provider_key(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets a WorkforcePoolProviderKey. # @param [String] name # Required. The name of the key to retrieve. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkforcePoolProviderKey] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkforcePoolProviderKey] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_location_workforce_pool_provider_key(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkforcePoolProviderKey::Representation command.response_class = Google::Apis::IamV1::WorkforcePoolProviderKey command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists all non-deleted WorkforcePoolProviderKeys in a WorkforcePoolProvider. If # `show_deleted` is set to `true`, then deleted keys are also listed. # @param [String] parent # Required. The provider resource to list encryption keys for. Format: ` # locations/`location`/workforcePools/`workforce_pool_id`/providers/`provider_id` # ` # @param [Fixnum] page_size # The maximum number of keys to return. If unspecified, all keys are returned. # The maximum value is 10; values above 10 are truncated to 10. # @param [String] page_token # A page token, received from a previous `ListWorkforcePoolProviderKeys` call. # Provide this to retrieve the subsequent page. # @param [Boolean] show_deleted # Whether to return soft-deleted keys. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListWorkforcePoolProviderKeysResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListWorkforcePoolProviderKeysResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_location_workforce_pool_provider_keys(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/keys', options) command.response_representation = Google::Apis::IamV1::ListWorkforcePoolProviderKeysResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkforcePoolProviderKeysResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a WorkforcePoolProviderKey, as long as it was deleted fewer than 30 # days ago. # @param [String] name # Required. The name of the key to undelete. # @param [Google::Apis::IamV1::UndeleteWorkforcePoolProviderKeyRequest] undelete_workforce_pool_provider_key_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_workforce_pool_provider_key(name, undelete_workforce_pool_provider_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkforcePoolProviderKeyRequest::Representation command.request_object = undelete_workforce_pool_provider_key_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_location_workforce_pool_provider_key_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_location_workforce_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gemini Enterprise only. Creates a new WorkforcePoolProviderScimTenant in a # WorkforcePoolProvider. You cannot reuse the name of a deleted SCIM tenant # until 30 days after deletion. # @param [String] parent # Required. Gemini Enterprise only. The parent to create SCIM tenant. Format: ' # locations/`location`/workforcePools/`workforce_pool`/providers/`provider`' # @param [Google::Apis::IamV1::WorkforcePoolProviderScimTenant] workforce_pool_provider_scim_tenant_object # @param [String] workforce_pool_provider_scim_tenant_id # Required. Gemini Enterprise only. The ID to use for the SCIM tenant, which # becomes the final component of the resource name. This value should be 4-32 # characters, containing the characters `[a-z0-9-]`. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkforcePoolProviderScimTenant] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkforcePoolProviderScimTenant] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_location_workforce_pool_provider_scim_tenant(parent, workforce_pool_provider_scim_tenant_object = nil, workforce_pool_provider_scim_tenant_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/scimTenants', options) command.request_representation = Google::Apis::IamV1::WorkforcePoolProviderScimTenant::Representation command.request_object = workforce_pool_provider_scim_tenant_object command.response_representation = Google::Apis::IamV1::WorkforcePoolProviderScimTenant::Representation command.response_class = Google::Apis::IamV1::WorkforcePoolProviderScimTenant command.params['parent'] = parent unless parent.nil? command.query['workforcePoolProviderScimTenantId'] = workforce_pool_provider_scim_tenant_id unless workforce_pool_provider_scim_tenant_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gemini Enterprise only. Deletes a WorkforcePoolProviderScimTenant. You can # undelete a SCIM tenant for 30 days. After 30 days, deletion is permanent. You # cannot update deleted SCIM tenants. However, you can view and list them. # @param [String] name # Required. Gemini Enterprise only. The name of the SCIM tenant to delete. # Format: `locations/`location`/workforcePools/`workforce_pool`/providers/` # provider`/scimTenants/`scim_tenant`` # @param [Boolean] hard_delete # Optional. Deletes the SCIM tenant immediately. This operation cannot be undone. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkforcePoolProviderScimTenant] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkforcePoolProviderScimTenant] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_location_workforce_pool_provider_scim_tenant(name, hard_delete: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkforcePoolProviderScimTenant::Representation command.response_class = Google::Apis::IamV1::WorkforcePoolProviderScimTenant command.params['name'] = name unless name.nil? command.query['hardDelete'] = hard_delete unless hard_delete.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gemini Enterprise only. Gets an individual WorkforcePoolProviderScimTenant. # @param [String] name # Required. Gemini Enterprise only. The name of the SCIM tenant to retrieve. # Format: `locations/`location`/workforcePools/`workforce_pool`/providers/` # provider`/scimTenants/`scim_tenant`` # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkforcePoolProviderScimTenant] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkforcePoolProviderScimTenant] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_location_workforce_pool_provider_scim_tenant(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkforcePoolProviderScimTenant::Representation command.response_class = Google::Apis::IamV1::WorkforcePoolProviderScimTenant command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gemini Enterprise only. Lists all non-deleted WorkforcePoolProviderScimTenants # in a WorkforcePoolProvider. If `show_deleted` is set to `true`, then deleted # SCIM tenants are also listed. # @param [String] parent # Required. Gemini Enterprise only. The parent to list SCIM tenants. Format: ' # locations/`location`/workforcePools/`workforce_pool`/providers/`provider`' # @param [Fixnum] page_size # Optional. Gemini Enterprise only. The maximum number of SCIM tenants to return. # If unspecified, at most 50 SCIM tenants will be returned. The maximum value # is 100; values above 100 are truncated to 100. # @param [String] page_token # Optional. Gemini Enterprise only. A page token, received from a previous ` # ListScimTenants` call. Provide this to retrieve the subsequent page. # @param [Boolean] show_deleted # Optional. Gemini Enterprise only. Whether to return soft-deleted SCIM tenants. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListWorkforcePoolProviderScimTenantsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListWorkforcePoolProviderScimTenantsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_location_workforce_pool_provider_scim_tenants(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/scimTenants', options) command.response_representation = Google::Apis::IamV1::ListWorkforcePoolProviderScimTenantsResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkforcePoolProviderScimTenantsResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gemini Enterprise only. Updates an existing WorkforcePoolProviderScimTenant. # @param [String] name # Identifier. Gemini Enterprise only. The resource name of the SCIM Tenant. # Format: `locations/`location`/workforcePools/`workforce_pool`/providers/ ` # workforce_pool_provider`/scimTenants/`scim_tenant`` # @param [Google::Apis::IamV1::WorkforcePoolProviderScimTenant] workforce_pool_provider_scim_tenant_object # @param [String] update_mask # Optional. Gemini Enterprise only. The list of fields to update. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkforcePoolProviderScimTenant] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkforcePoolProviderScimTenant] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_location_workforce_pool_provider_scim_tenant(name, workforce_pool_provider_scim_tenant_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::WorkforcePoolProviderScimTenant::Representation command.request_object = workforce_pool_provider_scim_tenant_object command.response_representation = Google::Apis::IamV1::WorkforcePoolProviderScimTenant::Representation command.response_class = Google::Apis::IamV1::WorkforcePoolProviderScimTenant command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gemini Enterprise only. Undeletes a WorkforcePoolProviderScimTenant, that was # deleted fewer than 30 days ago. # @param [String] name # Required. Gemini Enterprise only. The name of the SCIM tenant to undelete. # Format: `locations/`location`/workforcePools/`workforce_pool`/providers/` # provider`/scimTenants/`scim_tenant`` # @param [Google::Apis::IamV1::UndeleteWorkforcePoolProviderScimTenantRequest] undelete_workforce_pool_provider_scim_tenant_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkforcePoolProviderScimTenant] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkforcePoolProviderScimTenant] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_workforce_pool_provider_scim_tenant(name, undelete_workforce_pool_provider_scim_tenant_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkforcePoolProviderScimTenantRequest::Representation command.request_object = undelete_workforce_pool_provider_scim_tenant_request_object command.response_representation = Google::Apis::IamV1::WorkforcePoolProviderScimTenant::Representation command.response_class = Google::Apis::IamV1::WorkforcePoolProviderScimTenant command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gemini Enterprise only. Creates a new WorkforcePoolProviderScimToken in a # WorkforcePoolProviderScimTenant. You cannot reuse the name of a deleted SCIM # token until 30 days after deletion. # @param [String] parent # Required. Gemini Enterprise only. The parent tenant to create SCIM token. # Format: 'locations/`location`/workforcePools/`workforce_pool`/providers/` # provider`/scimTenants/`scim_tenant`' # @param [Google::Apis::IamV1::WorkforcePoolProviderScimToken] workforce_pool_provider_scim_token_object # @param [String] workforce_pool_provider_scim_token_id # Required. Gemini Enterprise only. The ID to use for the SCIM token, which # becomes the final component of the resource name. This value should be 4-32 # characters and follow the pattern: `([a-z]([a-z0-9\\-]`2,30`[a-z0-9]))` # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkforcePoolProviderScimToken] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkforcePoolProviderScimToken] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_location_workforce_pool_provider_scim_tenant_token(parent, workforce_pool_provider_scim_token_object = nil, workforce_pool_provider_scim_token_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/tokens', options) command.request_representation = Google::Apis::IamV1::WorkforcePoolProviderScimToken::Representation command.request_object = workforce_pool_provider_scim_token_object command.response_representation = Google::Apis::IamV1::WorkforcePoolProviderScimToken::Representation command.response_class = Google::Apis::IamV1::WorkforcePoolProviderScimToken command.params['parent'] = parent unless parent.nil? command.query['workforcePoolProviderScimTokenId'] = workforce_pool_provider_scim_token_id unless workforce_pool_provider_scim_token_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gemini Enterprise only. Deletes a WorkforcePoolProviderScimToken. You can # undelete a SCIM token for 30 days. After 30 days, the SCIM token is # permanently deleted. You cannot update deleted SCIM tokens, however, you can # view and list them. # @param [String] name # Required. Gemini Enterprise only. The name of the SCIM token to delete. Format: # `locations/`location`/workforcePools/`workforce_pool`/providers/`provider`/ # scimTenants/`scim_tenant`/tokens/`token`` # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkforcePoolProviderScimToken] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkforcePoolProviderScimToken] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_location_workforce_pool_provider_scim_tenant_token(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkforcePoolProviderScimToken::Representation command.response_class = Google::Apis::IamV1::WorkforcePoolProviderScimToken command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gemini Enterprise only. Gets an individual WorkforcePoolProviderScimToken. # @param [String] name # Required. Gemini Enterprise only. The name of the SCIM token to retrieve. # Format: `locations/`location`/workforcePools/`workforce_pool`/providers/` # provider`/scimTenants/`scim_tenant`/tokens/`token`` # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkforcePoolProviderScimToken] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkforcePoolProviderScimToken] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_location_workforce_pool_provider_scim_tenant_token(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkforcePoolProviderScimToken::Representation command.response_class = Google::Apis::IamV1::WorkforcePoolProviderScimToken command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gemini Enterprise only. Lists all non-deleted WorkforcePoolProviderScimTokenss # in a WorkforcePoolProviderScimTenant. If `show_deleted` is set to `true`, then # deleted SCIM tokens are also listed. # @param [String] parent # Required. Gemini Enterprise only. The parent to list SCIM tokens. Format: ' # locations/`location`/workforcePools/`workforce_pool`/providers/`provider`/ # scimTenants/`scim_tenant`' # @param [Fixnum] page_size # Optional. Gemini Enterprise only. The maximum number of SCIM tokens to return. # If unspecified, at most 2 SCIM tokens will be returned. # @param [String] page_token # Optional. Gemini Enterprise only. A page token, received from a previous ` # ListWorkforcePoolProviderScimTokens` call. Provide this to retrieve the # subsequent page. # @param [Boolean] show_deleted # Optional. Gemini Enterprise only. Whether to return soft-deleted SCIM tokens. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListWorkforcePoolProviderScimTokensResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListWorkforcePoolProviderScimTokensResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_location_workforce_pool_provider_scim_tenant_tokens(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/tokens', options) command.response_representation = Google::Apis::IamV1::ListWorkforcePoolProviderScimTokensResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkforcePoolProviderScimTokensResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gemini Enterprise only. Updates an existing WorkforcePoolProviderScimToken. # @param [String] name # Identifier. Gemini Enterprise only. The resource name of the SCIM Token. # Format: `locations/`location`/workforcePools/`workforce_pool`/providers/ ` # workforce_pool_provider`/scimTenants/`scim_tenant`/tokens/`token`` # @param [Google::Apis::IamV1::WorkforcePoolProviderScimToken] workforce_pool_provider_scim_token_object # @param [String] update_mask # Optional. Gemini Enterprise only. The list of fields to update. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkforcePoolProviderScimToken] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkforcePoolProviderScimToken] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_location_workforce_pool_provider_scim_tenant_token(name, workforce_pool_provider_scim_token_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::WorkforcePoolProviderScimToken::Representation command.request_object = workforce_pool_provider_scim_token_object command.response_representation = Google::Apis::IamV1::WorkforcePoolProviderScimToken::Representation command.response_class = Google::Apis::IamV1::WorkforcePoolProviderScimToken command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gemini Enterprise only. Undeletes a WorkforcePoolProviderScimToken,that was # deleted fewer than 30 days ago. # @param [String] name # Required. Gemini Enterprise only. The name of the SCIM token to undelete. # Format: `locations/`location`/workforcePools/`workforce_pool`/providers/` # provider`/scimTenants/`scim_tenant`/tokens/`token`` # @param [Google::Apis::IamV1::UndeleteWorkforcePoolProviderScimTokenRequest] undelete_workforce_pool_provider_scim_token_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkforcePoolProviderScimToken] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkforcePoolProviderScimToken] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_workforce_pool_provider_scim_token(name, undelete_workforce_pool_provider_scim_token_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkforcePoolProviderScimTokenRequest::Representation command.request_object = undelete_workforce_pool_provider_scim_token_request_object command.response_representation = Google::Apis::IamV1::WorkforcePoolProviderScimToken::Representation command.response_class = Google::Apis::IamV1::WorkforcePoolProviderScimToken command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a WorkforcePoolSubject. Subject must not already be in a deleted state. # A WorkforcePoolSubject is automatically created the first time an external # credential is exchanged for a Google Cloud credential using a mapped `google. # subject` attribute. There is no endpoint to manually create a # WorkforcePoolSubject. For 30 days after a WorkforcePoolSubject is deleted, # using the same `google.subject` attribute in token exchanges with Google Cloud # STS fails. Call UndeleteWorkforcePoolSubject to undelete a # WorkforcePoolSubject that has been deleted, within within 30 days of deleting # it. After 30 days, the WorkforcePoolSubject is permanently deleted. At this # point, a token exchange with Google Cloud STS that uses the same mapped ` # google.subject` attribute automatically creates a new WorkforcePoolSubject # that is unrelated to the previously deleted WorkforcePoolSubject but has the # same `google.subject` value. # @param [String] name # Required. The resource name of the WorkforcePoolSubject. Special characters, # like `/` and `:`, must be escaped, because all URLs need to conform to the " # When to Escape and Unescape" section of [RFC3986](https://www.ietf.org/rfc/ # rfc2396.txt). Format: `locations/`location`/workforcePools/`workforce_pool_id`/ # subjects/`subject_id`` # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_location_workforce_pool_subject(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a WorkforcePoolSubject, as long as it was deleted fewer than 30 days # ago. # @param [String] name # Required. The resource name of the WorkforcePoolSubject. Special characters, # like `/` and `:`, must be escaped, because all URLs need to conform to the " # When to Escape and Unescape" section of [RFC3986](https://www.ietf.org/rfc/ # rfc2396.txt). Format: `locations/`location`/workforcePools/`workforce_pool_id`/ # subjects/`subject_id`` # @param [Google::Apis::IamV1::UndeleteWorkforcePoolSubjectRequest] undelete_workforce_pool_subject_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_workforce_pool_subject(name, undelete_workforce_pool_subject_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkforcePoolSubjectRequest::Representation command.request_object = undelete_workforce_pool_subject_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_location_workforce_pool_subject_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new custom Role. # @param [String] parent # The `parent` parameter's value depends on the target resource for the request, # namely [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects. # roles) or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `parent` value format is described # below: * [projects.roles.create](https://cloud.google.com/iam/docs/reference/ # rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates # project-level [custom roles](https://cloud.google.com/iam/docs/understanding- # custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/` # PROJECT_ID`/roles` * [organizations.roles.create](https://cloud.google.com/iam/ # docs/reference/rest/v1/organizations.roles/create): `organizations/` # ORGANIZATION_ID``. This method creates organization-level [custom roles](https: # //cloud.google.com/iam/docs/understanding-custom-roles). Example request URL: ` # https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_organization_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/roles', options) command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation command.request_object = create_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['parent'] = parent unless parent.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a custom Role. When you delete a custom role, the following changes # occur immediately: * You cannot bind a principal to the custom role in an IAM # Policy. * Existing bindings to the custom role are not changed, but they have # no effect. * By default, the response from ListRoles does not include the # custom role. A deleted custom role still counts toward the [custom role limit]( # https://cloud.google.com/iam/help/limits) until it is permanently deleted. You # have 7 days to undelete the custom role. After 7 days, the following changes # occur: * The custom role is permanently deleted and cannot be recovered. * If # an IAM policy contains a binding to the custom role, the binding is # permanently removed. * The custom role no longer counts toward your custom # role limit. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects. # roles) or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [projects.roles.delete](https://cloud.google.com/iam/docs/reference/ # rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. # This method deletes only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [organizations.roles.delete](https://cloud.google. # com/iam/docs/reference/rest/v1/organizations.roles/delete): `organizations/` # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [String] etag # Used to perform a consistent read-modify-write. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_organization_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['etag'] = etag unless etag.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the definition of a Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [roles](https://cloud.google.com/iam/docs/reference/rest/v1/roles), [ # projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles), # or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [roles.get](https://cloud.google.com/iam/docs/reference/rest/v1/roles/ # get): `roles/`ROLE_NAME``. This method returns results from all [predefined # roles](https://cloud.google.com/iam/docs/understanding-roles#predefined_roles) # in IAM. Example request URL: `https://iam.googleapis.com/v1/roles/`ROLE_NAME`` # * [projects.roles.get](https://cloud.google.com/iam/docs/reference/rest/v1/ # projects.roles/get): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This # method returns only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [organizations.roles.get](https://cloud.google.com/ # iam/docs/reference/rest/v1/organizations.roles/get): `organizations/` # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method returns only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_organization_role(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists every predefined Role that IAM supports, or every custom role that is # defined for an organization or project. # @param [String] parent # The `parent` parameter's value depends on the target resource for the request, # namely [roles](https://cloud.google.com/iam/docs/reference/rest/v1/roles), [ # projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles), # or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `parent` value format is described # below: * [roles.list](https://cloud.google.com/iam/docs/reference/rest/v1/ # roles/list): An empty string. This method doesn't require a resource; it # simply returns all [predefined roles](https://cloud.google.com/iam/docs/ # understanding-roles#predefined_roles) in IAM. Example request URL: `https:// # iam.googleapis.com/v1/roles` * [projects.roles.list](https://cloud.google.com/ # iam/docs/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This # method lists all project-level [custom roles](https://cloud.google.com/iam/ # docs/understanding-custom-roles). Example request URL: `https://iam.googleapis. # com/v1/projects/`PROJECT_ID`/roles` * [organizations.roles.list](https://cloud. # google.com/iam/docs/reference/rest/v1/organizations.roles/list): ` # organizations/`ORGANIZATION_ID``. This method lists all organization-level [ # custom roles](https://cloud.google.com/iam/docs/understanding-custom-roles). # Example request URL: `https://iam.googleapis.com/v1/organizations/` # ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must # specify a complete project ID or organization ID. # @param [Fixnum] page_size # Optional limit on the number of roles to include in the response. The default # is 300, and the maximum is 1,000. # @param [String] page_token # Optional pagination token returned in an earlier ListRolesResponse. # @param [Boolean] show_deleted # Include Roles that have been deleted. # @param [String] view # Optional view for the returned Role objects. When `FULL` is specified, the ` # includedPermissions` field is returned, which includes a list of all # permissions in the role. The default value is `BASIC`, which does not return # the `includedPermissions` field. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListRolesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_organization_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/roles', options) command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation command.response_class = Google::Apis::IamV1::ListRolesResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['view'] = view unless view.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates the definition of a custom Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects. # roles) or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [projects.roles.patch](https://cloud.google.com/iam/docs/reference/ # rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. # This method updates only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [organizations.roles.patch](https://cloud.google.com/ # iam/docs/reference/rest/v1/organizations.roles/patch): `organizations/` # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [Google::Apis::IamV1::Role] role_object # @param [String] update_mask # A mask describing which fields in the Role have changed. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_organization_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::Role::Representation command.request_object = role_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a custom Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects. # roles) or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [projects.roles.undelete](https://cloud.google.com/iam/docs/reference/ # rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID` # `. This method undeletes only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [organizations.roles.undelete](https://cloud.google. # com/iam/docs/reference/rest/v1/organizations.roles/undelete): `organizations/` # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method undeletes only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_organization_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation command.request_object = undelete_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists every permission that you can test on a resource. A permission is # testable if you can check whether a principal has that permission on the # resource. # @param [Google::Apis::IamV1::QueryTestablePermissionsRequest] query_testable_permissions_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::QueryTestablePermissionsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::QueryTestablePermissionsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def query_testable_permissions(query_testable_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/permissions:queryTestablePermissions', options) command.request_representation = Google::Apis::IamV1::QueryTestablePermissionsRequest::Representation command.request_object = query_testable_permissions_request_object command.response_representation = Google::Apis::IamV1::QueryTestablePermissionsResponse::Representation command.response_class = Google::Apis::IamV1::QueryTestablePermissionsResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new OauthClient. You cannot reuse the name of a deleted OauthClient # until 30 days after deletion. # @param [String] parent # Required. The parent resource to create the OauthClient in. The only supported # location is `global`. # @param [Google::Apis::IamV1::OauthClient] oauth_client_object # @param [String] oauth_client_id # Required. The ID to use for the OauthClient, which becomes the final component # of the resource name. This value should be a string of 6 to 63 lowercase # letters, digits, or hyphens. It must start with a letter, and cannot have a # trailing hyphen. The prefix `gcp-` is reserved for use by Google, and may not # be specified. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::OauthClient] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::OauthClient] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_project_location_oauth_client(parent, oauth_client_object = nil, oauth_client_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/oauthClients', options) command.request_representation = Google::Apis::IamV1::OauthClient::Representation command.request_object = oauth_client_object command.response_representation = Google::Apis::IamV1::OauthClient::Representation command.response_class = Google::Apis::IamV1::OauthClient command.params['parent'] = parent unless parent.nil? command.query['oauthClientId'] = oauth_client_id unless oauth_client_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes an OauthClient. You cannot use a deleted OauthClient. However, # deletion does not revoke access tokens that have already been issued. They # continue to grant access. Deletion does revoke refresh tokens that have # already been issued. They cannot be used to renew an access token. If the # OauthClient is undeleted, and the refresh tokens are not expired, they are # valid for token exchange again. You can undelete an OauthClient for 30 days. # After 30 days, deletion is permanent. You cannot update deleted OauthClients. # However, you can view and list them. # @param [String] name # Required. The name of the OauthClient to delete. Format: `projects/`project`/ # locations/`location`/oauthClients/`oauth_client``. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::OauthClient] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::OauthClient] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_location_oauth_client(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::OauthClient::Representation command.response_class = Google::Apis::IamV1::OauthClient command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets an individual OauthClient. # @param [String] name # Required. The name of the OauthClient to retrieve. Format: `projects/`project`/ # locations/`location`/oauthClients/`oauth_client``. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::OauthClient] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::OauthClient] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_oauth_client(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::OauthClient::Representation command.response_class = Google::Apis::IamV1::OauthClient command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists all non-deleted OauthClients in a project. If `show_deleted` is set to ` # true`, then deleted OauthClients are also listed. # @param [String] parent # Required. The parent to list OauthClients for. # @param [Fixnum] page_size # Optional. The maximum number of OauthClients to return. If unspecified, at # most 50 OauthClients will be returned. The maximum value is 100; values above # 100 are truncated to 100. # @param [String] page_token # Optional. A page token, received from a previous `ListOauthClients` call. # Provide this to retrieve the subsequent page. # @param [Boolean] show_deleted # Optional. Whether to return soft-deleted OauthClients. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListOauthClientsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListOauthClientsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_location_oauth_clients(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/oauthClients', options) command.response_representation = Google::Apis::IamV1::ListOauthClientsResponse::Representation command.response_class = Google::Apis::IamV1::ListOauthClientsResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates an existing OauthClient. # @param [String] name # Immutable. Identifier. The resource name of the OauthClient. Format:`projects/` # project`/locations/`location`/oauthClients/`oauth_client``. # @param [Google::Apis::IamV1::OauthClient] oauth_client_object # @param [String] update_mask # Required. The list of fields to update. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::OauthClient] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::OauthClient] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_project_location_oauth_client(name, oauth_client_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::OauthClient::Representation command.request_object = oauth_client_object command.response_representation = Google::Apis::IamV1::OauthClient::Representation command.response_class = Google::Apis::IamV1::OauthClient command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes an OauthClient, as long as it was deleted fewer than 30 days ago. # @param [String] name # Required. The name of the OauthClient to undelete. Format: `projects/`project`/ # locations/`location`/oauthClients/`oauth_client``. # @param [Google::Apis::IamV1::UndeleteOauthClientRequest] undelete_oauth_client_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::OauthClient] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::OauthClient] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_oauth_client(name, undelete_oauth_client_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteOauthClientRequest::Representation command.request_object = undelete_oauth_client_request_object command.response_representation = Google::Apis::IamV1::OauthClient::Representation command.response_class = Google::Apis::IamV1::OauthClient command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new OauthClientCredential. # @param [String] parent # Required. The parent resource to create the OauthClientCredential in. # @param [Google::Apis::IamV1::OauthClientCredential] oauth_client_credential_object # @param [String] oauth_client_credential_id # Required. The ID to use for the OauthClientCredential, which becomes the final # component of the resource name. This value should be 4-32 characters, and may # contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by # Google, and may not be specified. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::OauthClientCredential] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::OauthClientCredential] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_project_location_oauth_client_credential(parent, oauth_client_credential_object = nil, oauth_client_credential_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/credentials', options) command.request_representation = Google::Apis::IamV1::OauthClientCredential::Representation command.request_object = oauth_client_credential_object command.response_representation = Google::Apis::IamV1::OauthClientCredential::Representation command.response_class = Google::Apis::IamV1::OauthClientCredential command.params['parent'] = parent unless parent.nil? command.query['oauthClientCredentialId'] = oauth_client_credential_id unless oauth_client_credential_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes an OauthClientCredential. Before deleting an OauthClientCredential, it # should first be disabled. # @param [String] name # Required. The name of the OauthClientCredential to delete. Format: `projects/` # project`/locations/`location`/oauthClients/`oauth_client`/credentials/` # credential``. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_location_oauth_client_credential(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets an individual OauthClientCredential. # @param [String] name # Required. The name of the OauthClientCredential to retrieve. Format: `projects/ # `project`/locations/`location`/oauthClients/`oauth_client`/credentials/` # credential``. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::OauthClientCredential] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::OauthClientCredential] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_oauth_client_credential(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::OauthClientCredential::Representation command.response_class = Google::Apis::IamV1::OauthClientCredential command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists all OauthClientCredentials in an OauthClient. # @param [String] parent # Required. The parent to list OauthClientCredentials for. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListOauthClientCredentialsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListOauthClientCredentialsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_location_oauth_client_credentials(parent, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/credentials', options) command.response_representation = Google::Apis::IamV1::ListOauthClientCredentialsResponse::Representation command.response_class = Google::Apis::IamV1::ListOauthClientCredentialsResponse command.params['parent'] = parent unless parent.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates an existing OauthClientCredential. # @param [String] name # Immutable. Identifier. The resource name of the OauthClientCredential. Format: # `projects/`project`/locations/`location`/oauthClients/`oauth_client`/ # credentials/`credential`` # @param [Google::Apis::IamV1::OauthClientCredential] oauth_client_credential_object # @param [String] update_mask # Required. The list of fields to update. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::OauthClientCredential] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::OauthClientCredential] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_project_location_oauth_client_credential(name, oauth_client_credential_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::OauthClientCredential::Representation command.request_object = oauth_client_credential_object command.response_representation = Google::Apis::IamV1::OauthClientCredential::Representation command.response_class = Google::Apis::IamV1::OauthClientCredential command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new WorkloadIdentityPool. You cannot reuse the name of a deleted # pool until 30 days after deletion. # @param [String] parent # Required. The parent resource to create the pool in. The only supported # location is `global`. # @param [Google::Apis::IamV1::WorkloadIdentityPool] workload_identity_pool_object # @param [String] workload_identity_pool_id # Required. The ID to use for the pool, which becomes the final component of the # resource name. This value should be 4-32 characters, and may contain the # characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may # not be specified. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_project_location_workload_identity_pool(parent, workload_identity_pool_object = nil, workload_identity_pool_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/workloadIdentityPools', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation command.request_object = workload_identity_pool_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['parent'] = parent unless parent.nil? command.query['workloadIdentityPoolId'] = workload_identity_pool_id unless workload_identity_pool_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a WorkloadIdentityPool. You cannot use a deleted pool to exchange # external credentials for Google Cloud credentials. However, deletion does not # revoke credentials that have already been issued. Credentials issued for a # deleted pool do not grant access to resources. If the pool is undeleted, and # the credentials are not expired, they grant access again. You can undelete a # pool for 30 days. After 30 days, deletion is permanent. You cannot update # deleted pools. However, you can view and list them. # @param [String] name # Required. The name of the pool to delete. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_location_workload_identity_pool(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets an individual WorkloadIdentityPool. # @param [String] name # Required. The name of the pool to retrieve. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkloadIdentityPool] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkloadIdentityPool] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation command.response_class = Google::Apis::IamV1::WorkloadIdentityPool command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the IAM policy of a WorkloadIdentityPool. # @param [String] resource # REQUIRED: The resource for which the policy is being requested. See [Resource # names](https://cloud.google.com/apis/design/resource_names) for the # appropriate value for this field. # @param [Google::Apis::IamV1::GetIamPolicyRequest] get_iam_policy_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Policy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_workload_identity_pool_iam_policy(resource, get_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options) command.request_representation = Google::Apis::IamV1::GetIamPolicyRequest::Representation command.request_object = get_iam_policy_request_object command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists all non-deleted WorkloadIdentityPools in a project. If `show_deleted` is # set to `true`, then deleted pools are also listed. # @param [String] parent # Required. The parent resource to list pools for. # @param [Fixnum] page_size # The maximum number of pools to return. If unspecified, at most 50 pools are # returned. The maximum value is 1000; values above are 1000 truncated to 1000. # @param [String] page_token # A page token, received from a previous `ListWorkloadIdentityPools` call. # Provide this to retrieve the subsequent page. # @param [Boolean] show_deleted # Whether to return soft-deleted pools. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_location_workload_identity_pools(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/workloadIdentityPools', options) command.response_representation = Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkloadIdentityPoolsResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates an existing WorkloadIdentityPool. # @param [String] name # Identifier. The resource name of the pool. # @param [Google::Apis::IamV1::WorkloadIdentityPool] workload_identity_pool_object # @param [String] update_mask # Required. The list of fields to update. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_project_location_workload_identity_pool(name, workload_identity_pool_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPool::Representation command.request_object = workload_identity_pool_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Sets the IAM policies on a WorkloadIdentityPool # @param [String] resource # REQUIRED: The resource for which the policy is being specified. See [Resource # names](https://cloud.google.com/apis/design/resource_names) for the # appropriate value for this field. # @param [Google::Apis::IamV1::SetIamPolicyRequest] set_iam_policy_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Policy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def set_workload_identity_pool_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options) command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation command.request_object = set_iam_policy_request_object command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Returns the caller's permissions on a WorkloadIdentityPool # @param [String] resource # REQUIRED: The resource for which the policy detail is being requested. See [ # Resource names](https://cloud.google.com/apis/design/resource_names) for the # appropriate value for this field. # @param [Google::Apis::IamV1::TestIamPermissionsRequest] test_iam_permissions_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::TestIamPermissionsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::TestIamPermissionsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def test_workload_identity_pool_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options) command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation command.request_object = test_iam_permissions_request_object command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days # ago. # @param [String] name # Required. The name of the pool to undelete. # @param [Google::Apis::IamV1::UndeleteWorkloadIdentityPoolRequest] undelete_workload_identity_pool_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_workload_identity_pool(name, undelete_workload_identity_pool_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkloadIdentityPoolRequest::Representation command.request_object = undelete_workload_identity_pool_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new WorkloadIdentityPoolNamespace in a WorkloadIdentityPool. # @param [String] parent # Required. The parent resource to create the namespace in. The only supported # location is `global`. # @param [Google::Apis::IamV1::WorkloadIdentityPoolNamespace] workload_identity_pool_namespace_object # @param [String] workload_identity_pool_namespace_id # Required. The ID to use for the namespace. This value must: * contain at most # 63 characters * contain only lowercase alphanumeric characters or `-` * start # with an alphanumeric character * end with an alphanumeric character The prefix # "gcp-" will be reserved for future uses. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_project_location_workload_identity_pool_namespace(parent, workload_identity_pool_namespace_object = nil, workload_identity_pool_namespace_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/namespaces', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolNamespace::Representation command.request_object = workload_identity_pool_namespace_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['parent'] = parent unless parent.nil? command.query['workloadIdentityPoolNamespaceId'] = workload_identity_pool_namespace_id unless workload_identity_pool_namespace_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a WorkloadIdentityPoolNamespace. You can undelete a namespace for 30 # days. After 30 days, deletion is permanent. # @param [String] name # Required. The name of the namespace to delete. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_location_workload_identity_pool_namespace(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets an individual WorkloadIdentityPoolNamespace. # @param [String] name # Required. The name of the namespace to retrieve. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkloadIdentityPoolNamespace] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkloadIdentityPoolNamespace] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_namespace(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkloadIdentityPoolNamespace::Representation command.response_class = Google::Apis::IamV1::WorkloadIdentityPoolNamespace command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists all non-deleted WorkloadIdentityPoolNamespaces in a workload identity # pool. If `show_deleted` is set to `true`, then deleted namespaces are also # listed. # @param [String] parent # Required. The parent resource to list namespaces for. # @param [Fixnum] page_size # The maximum number of namespaces to return. If unspecified, at most 50 # namespaces are returned. The maximum value is 1000; values above are 1000 # truncated to 1000. # @param [String] page_token # A page token, received from a previous `ListWorkloadIdentityPoolNamespaces` # call. Provide this to retrieve the subsequent page. # @param [Boolean] show_deleted # Whether to return soft-deleted namespaces. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListWorkloadIdentityPoolNamespacesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListWorkloadIdentityPoolNamespacesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_location_workload_identity_pool_namespaces(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/namespaces', options) command.response_representation = Google::Apis::IamV1::ListWorkloadIdentityPoolNamespacesResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkloadIdentityPoolNamespacesResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates an existing WorkloadIdentityPoolNamespace in a WorkloadIdentityPool. # @param [String] name # Identifier. The resource name of the namespace. # @param [Google::Apis::IamV1::WorkloadIdentityPoolNamespace] workload_identity_pool_namespace_object # @param [String] update_mask # Required. The list of fields to update. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_project_location_workload_identity_pool_namespace(name, workload_identity_pool_namespace_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolNamespace::Representation command.request_object = workload_identity_pool_namespace_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a WorkloadIdentityPoolNamespace, as long as it was deleted fewer # than 30 days ago. # @param [String] name # Required. The name of the namespace to undelete. # @param [Google::Apis::IamV1::UndeleteWorkloadIdentityPoolNamespaceRequest] undelete_workload_identity_pool_namespace_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_workload_identity_pool_namespace(name, undelete_workload_identity_pool_namespace_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkloadIdentityPoolNamespaceRequest::Representation command.request_object = undelete_workload_identity_pool_namespace_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Add an AttestationRule on a WorkloadIdentityPoolManagedIdentity. The total # attestation rules after addition must not exceed 50. # @param [String] resource # Required. The resource name of the managed identity or namespace resource to # add an attestation rule to. # @param [Google::Apis::IamV1::AddAttestationRuleRequest] add_attestation_rule_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def add_managed_identity_attestation_rule(resource, add_attestation_rule_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:addAttestationRule', options) command.request_representation = Google::Apis::IamV1::AddAttestationRuleRequest::Representation command.request_object = add_attestation_rule_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new WorkloadIdentityPoolManagedIdentity in a # WorkloadIdentityPoolNamespace. # @param [String] parent # Required. The parent resource to create the manage identity in. The only # supported location is `global`. # @param [Google::Apis::IamV1::WorkloadIdentityPoolManagedIdentity] workload_identity_pool_managed_identity_object # @param [String] workload_identity_pool_managed_identity_id # Required. The ID to use for the managed identity. This value must: * contain # at most 63 characters * contain only lowercase alphanumeric characters or `-` * # start with an alphanumeric character * end with an alphanumeric character The # prefix "gcp-" will be reserved for future uses. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_project_location_workload_identity_pool_namespace_managed_identity(parent, workload_identity_pool_managed_identity_object = nil, workload_identity_pool_managed_identity_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/managedIdentities', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolManagedIdentity::Representation command.request_object = workload_identity_pool_managed_identity_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['parent'] = parent unless parent.nil? command.query['workloadIdentityPoolManagedIdentityId'] = workload_identity_pool_managed_identity_id unless workload_identity_pool_managed_identity_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a WorkloadIdentityPoolManagedIdentity. You can undelete a managed # identity for 30 days. After 30 days, deletion is permanent. # @param [String] name # Required. The name of the managed identity to delete. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_location_workload_identity_pool_namespace_managed_identity(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets an individual WorkloadIdentityPoolManagedIdentity. # @param [String] name # Required. The name of the managed identity to retrieve. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkloadIdentityPoolManagedIdentity] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkloadIdentityPoolManagedIdentity] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_namespace_managed_identity(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkloadIdentityPoolManagedIdentity::Representation command.response_class = Google::Apis::IamV1::WorkloadIdentityPoolManagedIdentity command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists all non-deleted WorkloadIdentityPoolManagedIdentitys in a namespace. If ` # show_deleted` is set to `true`, then deleted managed identities are also # listed. # @param [String] parent # Required. The parent resource to list managed identities for. # @param [Fixnum] page_size # The maximum number of managed identities to return. If unspecified, at most 50 # managed identities are returned. The maximum value is 1000; values above are # 1000 truncated to 1000. # @param [String] page_token # A page token, received from a previous ` # ListWorkloadIdentityPoolManagedIdentities` call. Provide this to retrieve the # subsequent page. # @param [Boolean] show_deleted # Whether to return soft-deleted managed identities. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListWorkloadIdentityPoolManagedIdentitiesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListWorkloadIdentityPoolManagedIdentitiesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_location_workload_identity_pool_namespace_managed_identities(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/managedIdentities', options) command.response_representation = Google::Apis::IamV1::ListWorkloadIdentityPoolManagedIdentitiesResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkloadIdentityPoolManagedIdentitiesResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # List all AttestationRule on a WorkloadIdentityPoolManagedIdentity. # @param [String] resource # Required. The resource name of the managed identity or namespace resource to # list attestation rules of. # @param [String] filter # Optional. A query filter. Supports the following function: * `container_ids()`: # Returns only the AttestationRules under the specific container ids. The # function expects a comma-delimited list with only project numbers and must use # the format `projects/`. For example: `container_ids(projects/, projects/,...)`. # @param [Fixnum] page_size # Optional. The maximum number of AttestationRules to return. If unspecified, at # most 50 AttestationRules are returned. The maximum value is 100; values above # 100 are truncated to 100. # @param [String] page_token # Optional. A page token, received from a previous ` # ListWorkloadIdentityPoolProviderKeys` call. Provide this to retrieve the # subsequent page. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListAttestationRulesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListAttestationRulesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_location_workload_identity_pool_namespace_managed_identity_attestation_rules(resource, filter: nil, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+resource}:listAttestationRules', options) command.response_representation = Google::Apis::IamV1::ListAttestationRulesResponse::Representation command.response_class = Google::Apis::IamV1::ListAttestationRulesResponse command.params['resource'] = resource unless resource.nil? command.query['filter'] = filter unless filter.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates an existing WorkloadIdentityPoolManagedIdentity in a # WorkloadIdentityPoolNamespace. # @param [String] name # Identifier. The resource name of the managed identity. # @param [Google::Apis::IamV1::WorkloadIdentityPoolManagedIdentity] workload_identity_pool_managed_identity_object # @param [String] update_mask # Required. The list of fields to update. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_project_location_workload_identity_pool_namespace_managed_identity(name, workload_identity_pool_managed_identity_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolManagedIdentity::Representation command.request_object = workload_identity_pool_managed_identity_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Remove an AttestationRule on a WorkloadIdentityPoolManagedIdentity. # @param [String] resource # Required. The resource name of the managed identity or namespace resource to # remove an attestation rule from. # @param [Google::Apis::IamV1::RemoveAttestationRuleRequest] remove_attestation_rule_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def remove_managed_identity_attestation_rule(resource, remove_attestation_rule_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:removeAttestationRule', options) command.request_representation = Google::Apis::IamV1::RemoveAttestationRuleRequest::Representation command.request_object = remove_attestation_rule_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Set all AttestationRule on a WorkloadIdentityPoolManagedIdentity. A maximum of # 50 AttestationRules can be set. # @param [String] resource # Required. The resource name of the managed identity or namespace resource to # add an attestation rule to. # @param [Google::Apis::IamV1::SetAttestationRulesRequest] set_attestation_rules_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def set_managed_identity_attestation_rules(resource, set_attestation_rules_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:setAttestationRules', options) command.request_representation = Google::Apis::IamV1::SetAttestationRulesRequest::Representation command.request_object = set_attestation_rules_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a WorkloadIdentityPoolManagedIdentity, as long as it was deleted # fewer than 30 days ago. # @param [String] name # Required. The name of the managed identity to undelete. # @param [Google::Apis::IamV1::UndeleteWorkloadIdentityPoolManagedIdentityRequest] undelete_workload_identity_pool_managed_identity_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_workload_identity_pool_managed_identity(name, undelete_workload_identity_pool_managed_identity_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkloadIdentityPoolManagedIdentityRequest::Representation command.request_object = undelete_workload_identity_pool_managed_identity_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_namespace_managed_identity_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_namespace_managed_identity_workload_source_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_namespace_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool. You # cannot reuse the name of a deleted provider until 30 days after deletion. # @param [String] parent # Required. The pool to create this provider in. # @param [Google::Apis::IamV1::WorkloadIdentityPoolProvider] workload_identity_pool_provider_object # @param [String] workload_identity_pool_provider_id # Required. The ID for the provider, which becomes the final component of the # resource name. This value must be 4-32 characters, and may contain the # characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may # not be specified. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_project_location_workload_identity_pool_provider(parent, workload_identity_pool_provider_object = nil, workload_identity_pool_provider_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/providers', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation command.request_object = workload_identity_pool_provider_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['parent'] = parent unless parent.nil? command.query['workloadIdentityPoolProviderId'] = workload_identity_pool_provider_id unless workload_identity_pool_provider_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a WorkloadIdentityPoolProvider. Deleting a provider does not revoke # credentials that have already been issued; they continue to grant access. You # can undelete a provider for 30 days. After 30 days, deletion is permanent. You # cannot update deleted providers. However, you can view and list them. # @param [String] name # Required. The name of the provider to delete. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_location_workload_identity_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets an individual WorkloadIdentityPoolProvider. # @param [String] name # Required. The name of the provider to retrieve. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkloadIdentityPoolProvider] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkloadIdentityPoolProvider] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_provider(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation command.response_class = Google::Apis::IamV1::WorkloadIdentityPoolProvider command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool. # If `show_deleted` is set to `true`, then deleted providers are also listed. # @param [String] parent # Required. The pool to list providers for. # @param [Fixnum] page_size # The maximum number of providers to return. If unspecified, at most 50 # providers are returned. The maximum value is 100; values above 100 are # truncated to 100. # @param [String] page_token # A page token, received from a previous `ListWorkloadIdentityPoolProviders` # call. Provide this to retrieve the subsequent page. # @param [Boolean] show_deleted # Whether to return soft-deleted providers. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_location_workload_identity_pool_providers(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/providers', options) command.response_representation = Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkloadIdentityPoolProvidersResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates an existing WorkloadIdentityPoolProvider. # @param [String] name # Identifier. The resource name of the provider. # @param [Google::Apis::IamV1::WorkloadIdentityPoolProvider] workload_identity_pool_provider_object # @param [String] update_mask # Required. The list of fields to update. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_project_location_workload_identity_pool_provider(name, workload_identity_pool_provider_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation command.request_object = workload_identity_pool_provider_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a WorkloadIdentityPoolProvider, as long as it was deleted fewer than # 30 days ago. # @param [String] name # Required. The name of the provider to undelete. # @param [Google::Apis::IamV1::UndeleteWorkloadIdentityPoolProviderRequest] undelete_workload_identity_pool_provider_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_workload_identity_pool_provider(name, undelete_workload_identity_pool_provider_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkloadIdentityPoolProviderRequest::Representation command.request_object = undelete_workload_identity_pool_provider_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Create a new WorkloadIdentityPoolProviderKey in a WorkloadIdentityPoolProvider. # @param [String] parent # Required. The parent provider resource to create the key in. # @param [Google::Apis::IamV1::WorkloadIdentityPoolProviderKey] workload_identity_pool_provider_key_object # @param [String] workload_identity_pool_provider_key_id # Required. The ID to use for the key, which becomes the final component of the # resource name. This value should be 4-32 characters, and may contain the # characters [a-z0-9-]. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_project_location_workload_identity_pool_provider_key(parent, workload_identity_pool_provider_key_object = nil, workload_identity_pool_provider_key_id: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/keys', options) command.request_representation = Google::Apis::IamV1::WorkloadIdentityPoolProviderKey::Representation command.request_object = workload_identity_pool_provider_key_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['parent'] = parent unless parent.nil? command.query['workloadIdentityPoolProviderKeyId'] = workload_identity_pool_provider_key_id unless workload_identity_pool_provider_key_id.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes an WorkloadIdentityPoolProviderKey. You can undelete a key for 30 days. # After 30 days, deletion is permanent. # @param [String] name # Required. The name of the encryption key to delete. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_location_workload_identity_pool_provider_key(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets an individual WorkloadIdentityPoolProviderKey. # @param [String] name # Required. The name of the key to retrieve. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::WorkloadIdentityPoolProviderKey] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::WorkloadIdentityPoolProviderKey] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_provider_key(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::WorkloadIdentityPoolProviderKey::Representation command.response_class = Google::Apis::IamV1::WorkloadIdentityPoolProviderKey command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists all non-deleted WorkloadIdentityPoolProviderKeys in a project. If # show_deleted is set to `true`, then deleted pools are also listed. # @param [String] parent # Required. The parent provider resource to list encryption keys for. # @param [Fixnum] page_size # The maximum number of keys to return. If unspecified, all keys are returned. # The maximum value is 10; values above 10 are truncated to 10. # @param [String] page_token # A page token, received from a previous `ListWorkloadIdentityPoolProviderKeys` # call. Provide this to retrieve the subsequent page. # @param [Boolean] show_deleted # Whether to return soft deleted resources as well. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListWorkloadIdentityPoolProviderKeysResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListWorkloadIdentityPoolProviderKeysResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_location_workload_identity_pool_provider_keys(parent, page_size: nil, page_token: nil, show_deleted: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/keys', options) command.response_representation = Google::Apis::IamV1::ListWorkloadIdentityPoolProviderKeysResponse::Representation command.response_class = Google::Apis::IamV1::ListWorkloadIdentityPoolProviderKeysResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes an WorkloadIdentityPoolProviderKey, as long as it was deleted fewer # than 30 days ago. # @param [String] name # Required. The name of the encryption key to undelete. # @param [Google::Apis::IamV1::UndeleteWorkloadIdentityPoolProviderKeyRequest] undelete_workload_identity_pool_provider_key_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_workload_identity_pool_provider_key(name, undelete_workload_identity_pool_provider_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteWorkloadIdentityPoolProviderKeyRequest::Representation command.request_object = undelete_workload_identity_pool_provider_key_request_object command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_provider_key_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the latest state of a long-running operation. Clients can use this method # to poll the operation result at intervals as recommended by the API service. # @param [String] name # The name of the operation resource. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Operation] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Operation] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_location_workload_identity_pool_provider_operation(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Operation::Representation command.response_class = Google::Apis::IamV1::Operation command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a new custom Role. # @param [String] parent # The `parent` parameter's value depends on the target resource for the request, # namely [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects. # roles) or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `parent` value format is described # below: * [projects.roles.create](https://cloud.google.com/iam/docs/reference/ # rest/v1/projects.roles/create): `projects/`PROJECT_ID``. This method creates # project-level [custom roles](https://cloud.google.com/iam/docs/understanding- # custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/` # PROJECT_ID`/roles` * [organizations.roles.create](https://cloud.google.com/iam/ # docs/reference/rest/v1/organizations.roles/create): `organizations/` # ORGANIZATION_ID``. This method creates organization-level [custom roles](https: # //cloud.google.com/iam/docs/understanding-custom-roles). Example request URL: ` # https://iam.googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [Google::Apis::IamV1::CreateRoleRequest] create_role_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_project_role(parent, create_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+parent}/roles', options) command.request_representation = Google::Apis::IamV1::CreateRoleRequest::Representation command.request_object = create_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['parent'] = parent unless parent.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a custom Role. When you delete a custom role, the following changes # occur immediately: * You cannot bind a principal to the custom role in an IAM # Policy. * Existing bindings to the custom role are not changed, but they have # no effect. * By default, the response from ListRoles does not include the # custom role. A deleted custom role still counts toward the [custom role limit]( # https://cloud.google.com/iam/help/limits) until it is permanently deleted. You # have 7 days to undelete the custom role. After 7 days, the following changes # occur: * The custom role is permanently deleted and cannot be recovered. * If # an IAM policy contains a binding to the custom role, the binding is # permanently removed. * The custom role no longer counts toward your custom # role limit. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects. # roles) or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [projects.roles.delete](https://cloud.google.com/iam/docs/reference/ # rest/v1/projects.roles/delete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. # This method deletes only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [organizations.roles.delete](https://cloud.google. # com/iam/docs/reference/rest/v1/organizations.roles/delete): `organizations/` # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method deletes only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [String] etag # Used to perform a consistent read-modify-write. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_role(name, etag: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['etag'] = etag unless etag.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the definition of a Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [roles](https://cloud.google.com/iam/docs/reference/rest/v1/roles), [ # projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles), # or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [roles.get](https://cloud.google.com/iam/docs/reference/rest/v1/roles/ # get): `roles/`ROLE_NAME``. This method returns results from all [predefined # roles](https://cloud.google.com/iam/docs/understanding-roles#predefined_roles) # in IAM. Example request URL: `https://iam.googleapis.com/v1/roles/`ROLE_NAME`` # * [projects.roles.get](https://cloud.google.com/iam/docs/reference/rest/v1/ # projects.roles/get): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This # method returns only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [organizations.roles.get](https://cloud.google.com/ # iam/docs/reference/rest/v1/organizations.roles/get): `organizations/` # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method returns only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_role(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists every predefined Role that IAM supports, or every custom role that is # defined for an organization or project. # @param [String] parent # The `parent` parameter's value depends on the target resource for the request, # namely [roles](https://cloud.google.com/iam/docs/reference/rest/v1/roles), [ # projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles), # or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `parent` value format is described # below: * [roles.list](https://cloud.google.com/iam/docs/reference/rest/v1/ # roles/list): An empty string. This method doesn't require a resource; it # simply returns all [predefined roles](https://cloud.google.com/iam/docs/ # understanding-roles#predefined_roles) in IAM. Example request URL: `https:// # iam.googleapis.com/v1/roles` * [projects.roles.list](https://cloud.google.com/ # iam/docs/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This # method lists all project-level [custom roles](https://cloud.google.com/iam/ # docs/understanding-custom-roles). Example request URL: `https://iam.googleapis. # com/v1/projects/`PROJECT_ID`/roles` * [organizations.roles.list](https://cloud. # google.com/iam/docs/reference/rest/v1/organizations.roles/list): ` # organizations/`ORGANIZATION_ID``. This method lists all organization-level [ # custom roles](https://cloud.google.com/iam/docs/understanding-custom-roles). # Example request URL: `https://iam.googleapis.com/v1/organizations/` # ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must # specify a complete project ID or organization ID. # @param [Fixnum] page_size # Optional limit on the number of roles to include in the response. The default # is 300, and the maximum is 1,000. # @param [String] page_token # Optional pagination token returned in an earlier ListRolesResponse. # @param [Boolean] show_deleted # Include Roles that have been deleted. # @param [String] view # Optional view for the returned Role objects. When `FULL` is specified, the ` # includedPermissions` field is returned, which includes a list of all # permissions in the role. The default value is `BASIC`, which does not return # the `includedPermissions` field. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListRolesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_roles(parent, page_size: nil, page_token: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+parent}/roles', options) command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation command.response_class = Google::Apis::IamV1::ListRolesResponse command.params['parent'] = parent unless parent.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['view'] = view unless view.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Updates the definition of a custom Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects. # roles) or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [projects.roles.patch](https://cloud.google.com/iam/docs/reference/ # rest/v1/projects.roles/patch): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. # This method updates only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [organizations.roles.patch](https://cloud.google.com/ # iam/docs/reference/rest/v1/organizations.roles/patch): `organizations/` # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method updates only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [Google::Apis::IamV1::Role] role_object # @param [String] update_mask # A mask describing which fields in the Role have changed. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_project_role(name, role_object = nil, update_mask: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::Role::Representation command.request_object = role_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['updateMask'] = update_mask unless update_mask.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Undeletes a custom Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects. # roles) or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [projects.roles.undelete](https://cloud.google.com/iam/docs/reference/ # rest/v1/projects.roles/undelete): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID` # `. This method undeletes only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [organizations.roles.undelete](https://cloud.google. # com/iam/docs/reference/rest/v1/organizations.roles/undelete): `organizations/` # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method undeletes only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [Google::Apis::IamV1::UndeleteRoleRequest] undelete_role_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_project_role(name, undelete_role_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteRoleRequest::Representation command.request_object = undelete_role_request_object command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a ServiceAccount. # @param [String] name # Required. The resource name of the project associated with the service # accounts, such as `projects/my-project-123`. # @param [Google::Apis::IamV1::CreateServiceAccountRequest] create_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccount] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_service_account(name, create_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}/serviceAccounts', options) command.request_representation = Google::Apis::IamV1::CreateServiceAccountRequest::Representation command.request_object = create_service_account_request_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a ServiceAccount. **Warning:** After you delete a service account, you # might not be able to undelete it. If you know that you need to re-enable the # service account in the future, use DisableServiceAccount instead. If you # delete a service account, IAM permanently removes the service account 30 days # later. Google Cloud cannot recover the service account after it is permanently # removed, even if you file a support request. To help avoid unplanned outages, # we recommend that you disable the service account before you delete it. Use # DisableServiceAccount to disable the service account, then wait at least 24 # hours and watch for unintended consequences. If there are no unintended # consequences, you can delete the service account. # @param [String] name # Required. The resource name of the service account. Use one of the following # formats: * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/ # `PROJECT_ID`/serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `- # ` wildcard character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to access the # service account `projects/-/serviceAccounts/fake@example.com`, which does not # exist, the response contains an HTTP `403 Forbidden` error instead of a `404 # Not Found` error. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Disables a ServiceAccount immediately. If an application uses the service # account to authenticate, that application can no longer call Google APIs or # access Google Cloud resources. Existing access tokens for the service account # are rejected, and requests for new access tokens will fail. To re-enable the # service account, use EnableServiceAccount. After you re-enable the service # account, its existing access tokens will be accepted, and you can request new # access tokens. To help avoid unplanned outages, we recommend that you disable # the service account before you delete it. Use this method to disable the # service account, then wait at least 24 hours and watch for unintended # consequences. If there are no unintended consequences, you can delete the # service account with DeleteServiceAccount. # @param [String] name # The resource name of the service account. Use one of the following formats: * ` # projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID` # /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard # character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to access the # service account `projects/-/serviceAccounts/fake@example.com`, which does not # exist, the response contains an HTTP `403 Forbidden` error instead of a `404 # Not Found` error. # @param [Google::Apis::IamV1::DisableServiceAccountRequest] disable_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def disable_service_account(name, disable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:disable', options) command.request_representation = Google::Apis::IamV1::DisableServiceAccountRequest::Representation command.request_object = disable_service_account_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Enables a ServiceAccount that was disabled by DisableServiceAccount. If the # service account is already enabled, then this method has no effect. If the # service account was disabled by other means—for example, if Google disabled # the service account because it was compromised—you cannot use this method to # enable the service account. # @param [String] name # The resource name of the service account. Use one of the following formats: * ` # projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID` # /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard # character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to access the # service account `projects/-/serviceAccounts/fake@example.com`, which does not # exist, the response contains an HTTP `403 Forbidden` error instead of a `404 # Not Found` error. # @param [Google::Apis::IamV1::EnableServiceAccountRequest] enable_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def enable_service_account(name, enable_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:enable', options) command.request_representation = Google::Apis::IamV1::EnableServiceAccountRequest::Representation command.request_object = enable_service_account_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets a ServiceAccount. # @param [String] name # Required. The resource name of the service account. Use one of the following # formats: * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/ # `PROJECT_ID`/serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `- # ` wildcard character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to access the # service account `projects/-/serviceAccounts/fake@example.com`, which does not # exist, the response contains an HTTP `403 Forbidden` error instead of a `404 # Not Found` error. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccount] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_service_account(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the IAM policy that is attached to a ServiceAccount. This IAM policy # specifies which principals have access to the service account. This method # does not tell you whether the service account has been granted any roles on # other resources. To check whether a service account has role grants on a # resource, use the `getIamPolicy` method for that resource. For example, to # view the role grants for a project, call the Resource Manager API's [projects. # getIamPolicy](https://cloud.google.com/resource-manager/reference/rest/v1/ # projects/getIamPolicy) method. # @param [String] resource # REQUIRED: The resource for which the policy is being requested. See [Resource # names](https://cloud.google.com/apis/design/resource_names) for the # appropriate value for this field. # @param [Fixnum] options_requested_policy_version # Optional. The maximum policy version that will be used to format the policy. # Valid values are 0, 1, and 3. Requests specifying an invalid value will be # rejected. Requests for policies with any conditional role bindings must # specify version 3. Policies with no conditional role bindings may specify any # valid value or leave the field unset. The policy in the response might use the # policy version that you specified, or it might use a lower policy version. For # example, if you specify version 3, but the policy has no conditional role # bindings, the response uses version 1. To learn which resources support # conditions in their IAM policies, see the [IAM documentation](https://cloud. # google.com/iam/help/conditions/resource-policies). # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Policy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_service_account_iam_policy(resource, options_requested_policy_version: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:getIamPolicy', options) command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['options.requestedPolicyVersion'] = options_requested_policy_version unless options_requested_policy_version.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists every ServiceAccount that belongs to a specific project. # @param [String] name # Required. The resource name of the project associated with the service # accounts, such as `projects/my-project-123`. # @param [Fixnum] page_size # Optional limit on the number of service accounts to include in the response. # Further accounts can subsequently be obtained by including the # ListServiceAccountsResponse.next_page_token in a subsequent request. The # default is 20, and the maximum is 100. # @param [String] page_token # Optional pagination token returned in an earlier ListServiceAccountsResponse. # next_page_token. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListServiceAccountsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListServiceAccountsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_service_accounts(name, page_size: nil, page_token: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}/serviceAccounts', options) command.response_representation = Google::Apis::IamV1::ListServiceAccountsResponse::Representation command.response_class = Google::Apis::IamV1::ListServiceAccountsResponse command.params['name'] = name unless name.nil? command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Patches a ServiceAccount. # @param [String] name # The resource name of the service account. Use one of the following formats: * ` # projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID` # /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard # character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to access the # service account `projects/-/serviceAccounts/fake@example.com`, which does not # exist, the response contains an HTTP `403 Forbidden` error instead of a `404 # Not Found` error. # @param [Google::Apis::IamV1::PatchServiceAccountRequest] patch_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccount] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def patch_service_account(name, patch_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:patch, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::PatchServiceAccountRequest::Representation command.request_object = patch_service_account_request_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Sets the IAM policy that is attached to a ServiceAccount. Use this method to # grant or revoke access to the service account. For example, you could grant a # principal the ability to impersonate the service account. This method does not # enable the service account to access other resources. To grant roles to a # service account on a resource, follow these steps: 1. Call the resource's ` # getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that # it binds the service account to an IAM role for the resource. 3. Call the # resource's `setIamPolicy` method to update its IAM policy. For detailed # instructions, see [Manage access to project, folders, and organizations](https: # //cloud.google.com/iam/help/service-accounts/granting-access-to-service- # accounts) or [Manage access to other resources](https://cloud.google.com/iam/ # help/access/manage-other-resources). # @param [String] resource # REQUIRED: The resource for which the policy is being specified. See [Resource # names](https://cloud.google.com/apis/design/resource_names) for the # appropriate value for this field. # @param [Google::Apis::IamV1::SetIamPolicyRequest] set_iam_policy_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Policy] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Policy] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def set_service_account_iam_policy(resource, set_iam_policy_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:setIamPolicy', options) command.request_representation = Google::Apis::IamV1::SetIamPolicyRequest::Representation command.request_object = set_iam_policy_request_object command.response_representation = Google::Apis::IamV1::Policy::Representation command.response_class = Google::Apis::IamV1::Policy command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Signs a blob using the system-managed private key for a ServiceAccount. # @param [String] name # Required. Deprecated. [Migrate to Service Account Credentials API](https:// # cloud.google.com/iam/help/credentials/migrate-api). The resource name of the # service account. Use one of the following formats: * `projects/`PROJECT_ID`/ # serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID`/serviceAccounts/` # UNIQUE_ID`` As an alternative, you can use the `-` wildcard character instead # of the project ID: * `projects/-/serviceAccounts/`EMAIL_ADDRESS`` * `projects/- # /serviceAccounts/`UNIQUE_ID`` When possible, avoid using the `-` wildcard # character, because it can cause response messages to contain misleading error # codes. For example, if you try to access the service account `projects/-/ # serviceAccounts/fake@example.com`, which does not exist, the response contains # an HTTP `403 Forbidden` error instead of a `404 Not Found` error. # @param [Google::Apis::IamV1::SignBlobRequest] sign_blob_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::SignBlobResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::SignBlobResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def sign_service_account_blob(name, sign_blob_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:signBlob', options) command.request_representation = Google::Apis::IamV1::SignBlobRequest::Representation command.request_object = sign_blob_request_object command.response_representation = Google::Apis::IamV1::SignBlobResponse::Representation command.response_class = Google::Apis::IamV1::SignBlobResponse command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Signs a JSON Web Token (JWT) using the system-managed private key for a # ServiceAccount. # @param [String] name # Required. Deprecated. [Migrate to Service Account Credentials API](https:// # cloud.google.com/iam/help/credentials/migrate-api). The resource name of the # service account. Use one of the following formats: * `projects/`PROJECT_ID`/ # serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID`/serviceAccounts/` # UNIQUE_ID`` As an alternative, you can use the `-` wildcard character instead # of the project ID: * `projects/-/serviceAccounts/`EMAIL_ADDRESS`` * `projects/- # /serviceAccounts/`UNIQUE_ID`` When possible, avoid using the `-` wildcard # character, because it can cause response messages to contain misleading error # codes. For example, if you try to access the service account `projects/-/ # serviceAccounts/fake@example.com`, which does not exist, the response contains # an HTTP `403 Forbidden` error instead of a `404 Not Found` error. # @param [Google::Apis::IamV1::SignJwtRequest] sign_jwt_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::SignJwtResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::SignJwtResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def sign_service_account_jwt(name, sign_jwt_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:signJwt', options) command.request_representation = Google::Apis::IamV1::SignJwtRequest::Representation command.request_object = sign_jwt_request_object command.response_representation = Google::Apis::IamV1::SignJwtResponse::Representation command.response_class = Google::Apis::IamV1::SignJwtResponse command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Tests whether the caller has the specified permissions on a ServiceAccount. # @param [String] resource # REQUIRED: The resource for which the policy detail is being requested. See [ # Resource names](https://cloud.google.com/apis/design/resource_names) for the # appropriate value for this field. # @param [Google::Apis::IamV1::TestIamPermissionsRequest] test_iam_permissions_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::TestIamPermissionsResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::TestIamPermissionsResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def test_service_account_iam_permissions(resource, test_iam_permissions_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+resource}:testIamPermissions', options) command.request_representation = Google::Apis::IamV1::TestIamPermissionsRequest::Representation command.request_object = test_iam_permissions_request_object command.response_representation = Google::Apis::IamV1::TestIamPermissionsResponse::Representation command.response_class = Google::Apis::IamV1::TestIamPermissionsResponse command.params['resource'] = resource unless resource.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Restores a deleted ServiceAccount. **Important:** It is not always possible to # restore a deleted service account. Use this method only as a last resort. # After you delete a service account, IAM permanently removes the service # account 30 days later. There is no way to restore a deleted service account # that has been permanently removed. # @param [String] name # The resource name of the service account. Use one of the following formats: * ` # projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID` # /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard # character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to access the # service account `projects/-/serviceAccounts/fake@example.com`, which does not # exist, the response contains an HTTP `403 Forbidden` error instead of a `404 # Not Found` error. # @param [Google::Apis::IamV1::UndeleteServiceAccountRequest] undelete_service_account_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::UndeleteServiceAccountResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::UndeleteServiceAccountResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def undelete_service_account(name, undelete_service_account_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:undelete', options) command.request_representation = Google::Apis::IamV1::UndeleteServiceAccountRequest::Representation command.request_object = undelete_service_account_request_object command.response_representation = Google::Apis::IamV1::UndeleteServiceAccountResponse::Representation command.response_class = Google::Apis::IamV1::UndeleteServiceAccountResponse command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # **Note:** We are in the process of deprecating this method. Use # PatchServiceAccount instead. Updates a ServiceAccount. You can update only the # `display_name` field. # @param [String] name # The resource name of the service account. Use one of the following formats: * ` # projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID` # /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard # character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to access the # service account `projects/-/serviceAccounts/fake@example.com`, which does not # exist, the response contains an HTTP `403 Forbidden` error instead of a `404 # Not Found` error. # @param [Google::Apis::IamV1::ServiceAccount] service_account_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccount] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccount] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def update_project_service_account(name, service_account_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:put, 'v1/{+name}', options) command.request_representation = Google::Apis::IamV1::ServiceAccount::Representation command.request_object = service_account_object command.response_representation = Google::Apis::IamV1::ServiceAccount::Representation command.response_class = Google::Apis::IamV1::ServiceAccount command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Creates a ServiceAccountKey. # @param [String] name # Required. The resource name of the service account. Use one of the following # formats: * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/ # `PROJECT_ID`/serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `- # ` wildcard character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to access the # service account `projects/-/serviceAccounts/fake@example.com`, which does not # exist, the response contains an HTTP `403 Forbidden` error instead of a `404 # Not Found` error. # @param [Google::Apis::IamV1::CreateServiceAccountKeyRequest] create_service_account_key_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccountKey] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def create_service_account_key(name, create_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}/keys', options) command.request_representation = Google::Apis::IamV1::CreateServiceAccountKeyRequest::Representation command.request_object = create_service_account_key_request_object command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation command.response_class = Google::Apis::IamV1::ServiceAccountKey command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Deletes a ServiceAccountKey. Deleting a service account key does not revoke # short-lived credentials that have been issued based on the service account key. # @param [String] name # Required. The resource name of the service account key. Use one of the # following formats: * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`/ # keys/`KEY_ID`` * `projects/`PROJECT_ID`/serviceAccounts/`UNIQUE_ID`/keys/` # KEY_ID`` As an alternative, you can use the `-` wildcard character instead of # the project ID: * `projects/-/serviceAccounts/`EMAIL_ADDRESS`/keys/`KEY_ID`` * # `projects/-/serviceAccounts/`UNIQUE_ID`/keys/`KEY_ID`` When possible, avoid # using the `-` wildcard character, because it can cause response messages to # contain misleading error codes. For example, if you try to access the service # account key `projects/-/serviceAccounts/fake@example.com/keys/fake-key`, which # does not exist, the response contains an HTTP `403 Forbidden` error instead of # a `404 Not Found` error. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def delete_project_service_account_key(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:delete, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Disable a ServiceAccountKey. A disabled service account key can be re-enabled # with EnableServiceAccountKey. # @param [String] name # Required. The resource name of the service account key. Use one of the # following formats: * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`/ # keys/`KEY_ID`` * `projects/`PROJECT_ID`/serviceAccounts/`UNIQUE_ID`/keys/` # KEY_ID`` As an alternative, you can use the `-` wildcard character instead of # the project ID: * `projects/-/serviceAccounts/`EMAIL_ADDRESS`/keys/`KEY_ID`` * # `projects/-/serviceAccounts/`UNIQUE_ID`/keys/`KEY_ID`` When possible, avoid # using the `-` wildcard character, because it can cause response messages to # contain misleading error codes. For example, if you try to access the service # account key `projects/-/serviceAccounts/fake@example.com/keys/fake-key`, which # does not exist, the response contains an HTTP `403 Forbidden` error instead of # a `404 Not Found` error. # @param [Google::Apis::IamV1::DisableServiceAccountKeyRequest] disable_service_account_key_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def disable_service_account_key(name, disable_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:disable', options) command.request_representation = Google::Apis::IamV1::DisableServiceAccountKeyRequest::Representation command.request_object = disable_service_account_key_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Enable a ServiceAccountKey. # @param [String] name # Required. The resource name of the service account key. Use one of the # following formats: * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`/ # keys/`KEY_ID`` * `projects/`PROJECT_ID`/serviceAccounts/`UNIQUE_ID`/keys/` # KEY_ID`` As an alternative, you can use the `-` wildcard character instead of # the project ID: * `projects/-/serviceAccounts/`EMAIL_ADDRESS`/keys/`KEY_ID`` * # `projects/-/serviceAccounts/`UNIQUE_ID`/keys/`KEY_ID`` When possible, avoid # using the `-` wildcard character, because it can cause response messages to # contain misleading error codes. For example, if you try to access the service # account key `projects/-/serviceAccounts/fake@example.com/keys/fake-key`, which # does not exist, the response contains an HTTP `403 Forbidden` error instead of # a `404 Not Found` error. # @param [Google::Apis::IamV1::EnableServiceAccountKeyRequest] enable_service_account_key_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Empty] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Empty] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def enable_service_account_key(name, enable_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}:enable', options) command.request_representation = Google::Apis::IamV1::EnableServiceAccountKeyRequest::Representation command.request_object = enable_service_account_key_request_object command.response_representation = Google::Apis::IamV1::Empty::Representation command.response_class = Google::Apis::IamV1::Empty command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets a ServiceAccountKey. # @param [String] name # Required. The resource name of the service account key. Use one of the # following formats: * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`/ # keys/`KEY_ID`` * `projects/`PROJECT_ID`/serviceAccounts/`UNIQUE_ID`/keys/` # KEY_ID`` As an alternative, you can use the `-` wildcard character instead of # the project ID: * `projects/-/serviceAccounts/`EMAIL_ADDRESS`/keys/`KEY_ID`` * # `projects/-/serviceAccounts/`UNIQUE_ID`/keys/`KEY_ID`` When possible, avoid # using the `-` wildcard character, because it can cause response messages to # contain misleading error codes. For example, if you try to access the service # account key `projects/-/serviceAccounts/fake@example.com/keys/fake-key`, which # does not exist, the response contains an HTTP `403 Forbidden` error instead of # a `404 Not Found` error. # @param [String] public_key_type # Optional. The output format of the public key. The default is `TYPE_NONE`, # which means that the public key is not returned. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccountKey] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_project_service_account_key(name, public_key_type: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation command.response_class = Google::Apis::IamV1::ServiceAccountKey command.params['name'] = name unless name.nil? command.query['publicKeyType'] = public_key_type unless public_key_type.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists every ServiceAccountKey for a service account. # @param [String] name # Required. The resource name of the service account. Use one of the following # formats: * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/ # `PROJECT_ID`/serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `- # ` wildcard character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to access the # service account `projects/-/serviceAccounts/fake@example.com`, which does not # exist, the response contains an HTTP `403 Forbidden` error instead of a `404 # Not Found` error. # @param [Array, String] key_types # Filters the types of keys the user wants to include in the list response. # Duplicate key types are not allowed. If no key type is provided, all keys are # returned. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListServiceAccountKeysResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListServiceAccountKeysResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_project_service_account_keys(name, key_types: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}/keys', options) command.response_representation = Google::Apis::IamV1::ListServiceAccountKeysResponse::Representation command.response_class = Google::Apis::IamV1::ListServiceAccountKeysResponse command.params['name'] = name unless name.nil? command.query['keyTypes'] = key_types unless key_types.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Uploads the public key portion of a key pair that you manage, and associates # the public key with a ServiceAccount. After you upload the public key, you can # use the private key from the key pair as a service account key. # @param [String] name # The resource name of the service account key. Use one of the following formats: # * `projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/` # PROJECT_ID`/serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` # wildcard character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to access the # service account `projects/-/serviceAccounts/fake@example.com`, which does not # exist, the response contains an HTTP `403 Forbidden` error instead of a `404 # Not Found` error. # @param [Google::Apis::IamV1::UploadServiceAccountKeyRequest] upload_service_account_key_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ServiceAccountKey] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ServiceAccountKey] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def upload_service_account_key(name, upload_service_account_key_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/{+name}/keys:upload', options) command.request_representation = Google::Apis::IamV1::UploadServiceAccountKeyRequest::Representation command.request_object = upload_service_account_key_request_object command.response_representation = Google::Apis::IamV1::ServiceAccountKey::Representation command.response_class = Google::Apis::IamV1::ServiceAccountKey command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Gets the definition of a Role. # @param [String] name # The `name` parameter's value depends on the target resource for the request, # namely [roles](https://cloud.google.com/iam/docs/reference/rest/v1/roles), [ # projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles), # or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `name` value format is described # below: * [roles.get](https://cloud.google.com/iam/docs/reference/rest/v1/roles/ # get): `roles/`ROLE_NAME``. This method returns results from all [predefined # roles](https://cloud.google.com/iam/docs/understanding-roles#predefined_roles) # in IAM. Example request URL: `https://iam.googleapis.com/v1/roles/`ROLE_NAME`` # * [projects.roles.get](https://cloud.google.com/iam/docs/reference/rest/v1/ # projects.roles/get): `projects/`PROJECT_ID`/roles/`CUSTOM_ROLE_ID``. This # method returns only [custom roles](https://cloud.google.com/iam/docs/ # understanding-custom-roles) that have been created at the project level. # Example request URL: `https://iam.googleapis.com/v1/projects/`PROJECT_ID`/ # roles/`CUSTOM_ROLE_ID`` * [organizations.roles.get](https://cloud.google.com/ # iam/docs/reference/rest/v1/organizations.roles/get): `organizations/` # ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID``. This method returns only [custom # roles](https://cloud.google.com/iam/docs/understanding-custom-roles) that have # been created at the organization level. Example request URL: `https://iam. # googleapis.com/v1/organizations/`ORGANIZATION_ID`/roles/`CUSTOM_ROLE_ID`` Note: # Wildcard (*) values are invalid; you must specify a complete project ID or # organization ID. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::Role] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::Role] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def get_role(name, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/{+name}', options) command.response_representation = Google::Apis::IamV1::Role::Representation command.response_class = Google::Apis::IamV1::Role command.params['name'] = name unless name.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists every predefined Role that IAM supports, or every custom role that is # defined for an organization or project. # @param [Fixnum] page_size # Optional limit on the number of roles to include in the response. The default # is 300, and the maximum is 1,000. # @param [String] page_token # Optional pagination token returned in an earlier ListRolesResponse. # @param [String] parent # The `parent` parameter's value depends on the target resource for the request, # namely [roles](https://cloud.google.com/iam/docs/reference/rest/v1/roles), [ # projects](https://cloud.google.com/iam/docs/reference/rest/v1/projects.roles), # or [organizations](https://cloud.google.com/iam/docs/reference/rest/v1/ # organizations.roles). Each resource type's `parent` value format is described # below: * [roles.list](https://cloud.google.com/iam/docs/reference/rest/v1/ # roles/list): An empty string. This method doesn't require a resource; it # simply returns all [predefined roles](https://cloud.google.com/iam/docs/ # understanding-roles#predefined_roles) in IAM. Example request URL: `https:// # iam.googleapis.com/v1/roles` * [projects.roles.list](https://cloud.google.com/ # iam/docs/reference/rest/v1/projects.roles/list): `projects/`PROJECT_ID``. This # method lists all project-level [custom roles](https://cloud.google.com/iam/ # docs/understanding-custom-roles). Example request URL: `https://iam.googleapis. # com/v1/projects/`PROJECT_ID`/roles` * [organizations.roles.list](https://cloud. # google.com/iam/docs/reference/rest/v1/organizations.roles/list): ` # organizations/`ORGANIZATION_ID``. This method lists all organization-level [ # custom roles](https://cloud.google.com/iam/docs/understanding-custom-roles). # Example request URL: `https://iam.googleapis.com/v1/organizations/` # ORGANIZATION_ID`/roles` Note: Wildcard (*) values are invalid; you must # specify a complete project ID or organization ID. # @param [Boolean] show_deleted # Include Roles that have been deleted. # @param [String] view # Optional view for the returned Role objects. When `FULL` is specified, the ` # includedPermissions` field is returned, which includes a list of all # permissions in the role. The default value is `BASIC`, which does not return # the `includedPermissions` field. # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::ListRolesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::ListRolesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def list_roles(page_size: nil, page_token: nil, parent: nil, show_deleted: nil, view: nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:get, 'v1/roles', options) command.response_representation = Google::Apis::IamV1::ListRolesResponse::Representation command.response_class = Google::Apis::IamV1::ListRolesResponse command.query['pageSize'] = page_size unless page_size.nil? command.query['pageToken'] = page_token unless page_token.nil? command.query['parent'] = parent unless parent.nil? command.query['showDeleted'] = show_deleted unless show_deleted.nil? command.query['view'] = view unless view.nil? command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end # Lists roles that can be granted on a Google Cloud resource. A role is # grantable if the IAM policy for the resource can contain bindings to the role. # @param [Google::Apis::IamV1::QueryGrantableRolesRequest] query_grantable_roles_request_object # @param [String] fields # Selector specifying which fields to include in a partial response. # @param [String] quota_user # Available to use for quota purposes for server-side applications. Can be any # arbitrary string assigned to a user, but should not exceed 40 characters. # @param [Google::Apis::RequestOptions] options # Request-specific options # # @yield [result, err] Result & error if block supplied # @yieldparam result [Google::Apis::IamV1::QueryGrantableRolesResponse] parsed result object # @yieldparam err [StandardError] error object if request failed # # @return [Google::Apis::IamV1::QueryGrantableRolesResponse] # # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification # @raise [Google::Apis::AuthorizationError] Authorization is required def query_grantable_roles(query_grantable_roles_request_object = nil, fields: nil, quota_user: nil, options: nil, &block) command = make_simple_command(:post, 'v1/roles:queryGrantableRoles', options) command.request_representation = Google::Apis::IamV1::QueryGrantableRolesRequest::Representation command.request_object = query_grantable_roles_request_object command.response_representation = Google::Apis::IamV1::QueryGrantableRolesResponse::Representation command.response_class = Google::Apis::IamV1::QueryGrantableRolesResponse command.query['fields'] = fields unless fields.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? execute_or_queue_command(command, &block) end protected def apply_command_defaults(command) command.query['key'] = key unless key.nil? command.query['quotaUser'] = quota_user unless quota_user.nil? end end end end end google-apis-iam_v1-0.83.0/lib/google/apis/iam_v1/classes.rb0000644000004100000410000054572115141175474023355 0ustar www-datawww-data# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require 'date' require 'google/apis/core/base_service' require 'google/apis/core/json_representation' require 'google/apis/core/hashable' require 'google/apis/errors' module Google module Apis module IamV1 # Access related restrictions on the workforce pool. class AccessRestrictions include Google::Apis::Core::Hashable # Optional. Immutable. Services allowed for web sign-in with the workforce pool. # If not set by default there are no restrictions. # Corresponds to the JSON property `allowedServices` # @return [Array] attr_accessor :allowed_services # Optional. Disable programmatic sign-in by disabling token issue via the # Security Token API endpoint. See [Security Token Service API] (https://cloud. # google.com/iam/docs/reference/sts/rest). # Corresponds to the JSON property `disableProgrammaticSignin` # @return [Boolean] attr_accessor :disable_programmatic_signin alias_method :disable_programmatic_signin?, :disable_programmatic_signin def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @allowed_services = args[:allowed_services] if args.key?(:allowed_services) @disable_programmatic_signin = args[:disable_programmatic_signin] if args.key?(:disable_programmatic_signin) end end # Request message for AddAttestationRule. class AddAttestationRuleRequest include Google::Apis::Core::Hashable # Defines which workloads can receive an identity within a pool. When an # AttestationRule is defined under a managed identity, matching workloads may # receive that identity. # Corresponds to the JSON property `attestationRule` # @return [Google::Apis::IamV1::AttestationRule] attr_accessor :attestation_rule def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @attestation_rule = args[:attestation_rule] if args.key?(:attestation_rule) end end # Audit log information specific to Cloud IAM admin APIs. This message is # serialized as an `Any` type in the `ServiceData` message of an `AuditLog` # message. class AdminAuditData include Google::Apis::Core::Hashable # A PermissionDelta message to record the added_permissions and # removed_permissions inside a role. # Corresponds to the JSON property `permissionDelta` # @return [Google::Apis::IamV1::PermissionDelta] attr_accessor :permission_delta def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @permission_delta = args[:permission_delta] if args.key?(:permission_delta) end end # Defines which workloads can receive an identity within a pool. When an # AttestationRule is defined under a managed identity, matching workloads may # receive that identity. class AttestationRule include Google::Apis::Core::Hashable # Optional. A single workload operating on Google Cloud. For example: `//compute. # googleapis.com/projects/123/uid/zones/us-central1-a/instances/12345`. # Corresponds to the JSON property `googleCloudResource` # @return [String] attr_accessor :google_cloud_resource def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @google_cloud_resource = args[:google_cloud_resource] if args.key?(:google_cloud_resource) end end # Specifies the audit configuration for a service. The configuration determines # which permission types are logged, and what identities, if any, are exempted # from logging. An AuditConfig must have one or more AuditLogConfigs. If there # are AuditConfigs for both `allServices` and a specific service, the union of # the two AuditConfigs is used for that service: the log_types specified in each # AuditConfig are enabled, and the exempted_members in each AuditLogConfig are # exempted. Example Policy with multiple AuditConfigs: ` "audit_configs": [ ` " # service": "allServices", "audit_log_configs": [ ` "log_type": "DATA_READ", " # exempted_members": [ "user:jose@example.com" ] `, ` "log_type": "DATA_WRITE" `, # ` "log_type": "ADMIN_READ" ` ] `, ` "service": "sampleservice.googleapis.com", # "audit_log_configs": [ ` "log_type": "DATA_READ" `, ` "log_type": "DATA_WRITE" # , "exempted_members": [ "user:aliya@example.com" ] ` ] ` ] ` For sampleservice, # this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also # exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` # from DATA_WRITE logging. class AuditConfig include Google::Apis::Core::Hashable # The configuration for logging of each type of permission. # Corresponds to the JSON property `auditLogConfigs` # @return [Array] attr_accessor :audit_log_configs # Specifies a service that will be enabled for audit logging. For example, ` # storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special # value that covers all services. # Corresponds to the JSON property `service` # @return [String] attr_accessor :service def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs) @service = args[:service] if args.key?(:service) end end # Audit log information specific to Cloud IAM. This message is serialized as an ` # Any` type in the `ServiceData` message of an `AuditLog` message. class AuditData include Google::Apis::Core::Hashable # The difference delta between two policies. # Corresponds to the JSON property `policyDelta` # @return [Google::Apis::IamV1::PolicyDelta] attr_accessor :policy_delta def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @policy_delta = args[:policy_delta] if args.key?(:policy_delta) end end # Provides the configuration for logging a type of permissions. Example: ` " # audit_log_configs": [ ` "log_type": "DATA_READ", "exempted_members": [ "user: # jose@example.com" ] `, ` "log_type": "DATA_WRITE" ` ] ` This enables ' # DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from # DATA_READ logging. class AuditLogConfig include Google::Apis::Core::Hashable # Specifies the identities that do not cause logging for this type of permission. # Follows the same format of Binding.members. # Corresponds to the JSON property `exemptedMembers` # @return [Array] attr_accessor :exempted_members # The log type that this config enables. # Corresponds to the JSON property `logType` # @return [String] attr_accessor :log_type def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @exempted_members = args[:exempted_members] if args.key?(:exempted_members) @log_type = args[:log_type] if args.key?(:log_type) end end # Contains information about an auditable service. class AuditableService include Google::Apis::Core::Hashable # Public name of the service. For example, the service name for IAM is 'iam. # googleapis.com'. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @name = args[:name] if args.key?(:name) end end # Represents an Amazon Web Services identity provider. class Aws include Google::Apis::Core::Hashable # Required. The AWS account ID. # Corresponds to the JSON property `accountId` # @return [String] attr_accessor :account_id def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @account_id = args[:account_id] if args.key?(:account_id) end end # Associates `members`, or principals, with a `role`. class Binding include Google::Apis::Core::Hashable # Represents a textual expression in the Common Expression Language (CEL) syntax. # CEL is a C-like expression language. The syntax and semantics of CEL are # documented at https://github.com/google/cel-spec. Example (Comparison): title: # "Summary size limit" description: "Determines if a summary is less than 100 # chars" expression: "document.summary.size() < 100" Example (Equality): title: " # Requestor is owner" description: "Determines if requestor is the document # owner" expression: "document.owner == request.auth.claims.email" Example ( # Logic): title: "Public documents" description: "Determine whether the document # should be publicly visible" expression: "document.type != 'private' && # document.type != 'internal'" Example (Data Manipulation): title: "Notification # string" description: "Create a notification string with a timestamp." # expression: "'New message received at ' + string(document.create_time)" The # exact variables and functions that may be referenced within an expression are # determined by the service that evaluates it. See the service documentation for # additional information. # Corresponds to the JSON property `condition` # @return [Google::Apis::IamV1::Expr] attr_accessor :condition # Specifies the principals requesting access for a Google Cloud resource. ` # members` can have the following values: * `allUsers`: A special identifier # that represents anyone who is on the internet; with or without a Google # account. * `allAuthenticatedUsers`: A special identifier that represents # anyone who is authenticated with a Google account or a service account. Does # not include identities that come from external identity providers (IdPs) # through identity federation. * `user:`emailid``: An email address that # represents a specific Google account. For example, `alice@example.com` . * ` # serviceAccount:`emailid``: An email address that represents a Google service # account. For example, `my-other-app@appspot.gserviceaccount.com`. * ` # serviceAccount:`projectid`.svc.id.goog[`namespace`/`kubernetes-sa`]`: An # identifier for a [Kubernetes service account](https://cloud.google.com/ # kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my- # project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:`emailid``: An # email address that represents a Google group. For example, `admins@example.com` # . * `domain:`domain``: The G Suite domain (primary) that represents all the # users of that domain. For example, `google.com` or `example.com`. * `principal: # //iam.googleapis.com/locations/global/workforcePools/`pool_id`/subject/` # subject_attribute_value``: A single identity in a workforce identity pool. * ` # principalSet://iam.googleapis.com/locations/global/workforcePools/`pool_id`/ # group/`group_id``: All workforce identities in a group. * `principalSet://iam. # googleapis.com/locations/global/workforcePools/`pool_id`/attribute.` # attribute_name`/`attribute_value``: All workforce identities with a specific # attribute value. * `principalSet://iam.googleapis.com/locations/global/ # workforcePools/`pool_id`/*`: All identities in a workforce identity pool. * ` # principal://iam.googleapis.com/projects/`project_number`/locations/global/ # workloadIdentityPools/`pool_id`/subject/`subject_attribute_value``: A single # identity in a workload identity pool. * `principalSet://iam.googleapis.com/ # projects/`project_number`/locations/global/workloadIdentityPools/`pool_id`/ # group/`group_id``: A workload identity pool group. * `principalSet://iam. # googleapis.com/projects/`project_number`/locations/global/ # workloadIdentityPools/`pool_id`/attribute.`attribute_name`/`attribute_value``: # All identities in a workload identity pool with a certain attribute. * ` # principalSet://iam.googleapis.com/projects/`project_number`/locations/global/ # workloadIdentityPools/`pool_id`/*`: All identities in a workload identity pool. # * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique # identifier) representing a user that has been recently deleted. For example, ` # alice@example.com?uid=123456789012345678901`. If the user is recovered, this # value reverts to `user:`emailid`` and the recovered user retains the role in # the binding. * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email # address (plus unique identifier) representing a service account that has been # recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid= # 123456789012345678901`. If the service account is undeleted, this value # reverts to `serviceAccount:`emailid`` and the undeleted service account # retains the role in the binding. * `deleted:group:`emailid`?uid=`uniqueid``: # An email address (plus unique identifier) representing a Google group that has # been recently deleted. For example, `admins@example.com?uid= # 123456789012345678901`. If the group is recovered, this value reverts to ` # group:`emailid`` and the recovered group retains the role in the binding. * ` # deleted:principal://iam.googleapis.com/locations/global/workforcePools/` # pool_id`/subject/`subject_attribute_value``: Deleted single identity in a # workforce identity pool. For example, `deleted:principal://iam.googleapis.com/ # locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. # Corresponds to the JSON property `members` # @return [Array] attr_accessor :members # Role that is assigned to the list of `members`, or principals. For example, ` # roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM # roles and permissions, see the [IAM documentation](https://cloud.google.com/ # iam/docs/roles-overview). For a list of the available pre-defined roles, see [ # here](https://cloud.google.com/iam/docs/understanding-roles). # Corresponds to the JSON property `role` # @return [String] attr_accessor :role def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @condition = args[:condition] if args.key?(:condition) @members = args[:members] if args.key?(:members) @role = args[:role] if args.key?(:role) end end # One delta entry for Binding. Each individual change (only one member in each # entry) to a binding will be a separate entry. class BindingDelta include Google::Apis::Core::Hashable # The action that was performed on a Binding. Required # Corresponds to the JSON property `action` # @return [String] attr_accessor :action # Represents a textual expression in the Common Expression Language (CEL) syntax. # CEL is a C-like expression language. The syntax and semantics of CEL are # documented at https://github.com/google/cel-spec. Example (Comparison): title: # "Summary size limit" description: "Determines if a summary is less than 100 # chars" expression: "document.summary.size() < 100" Example (Equality): title: " # Requestor is owner" description: "Determines if requestor is the document # owner" expression: "document.owner == request.auth.claims.email" Example ( # Logic): title: "Public documents" description: "Determine whether the document # should be publicly visible" expression: "document.type != 'private' && # document.type != 'internal'" Example (Data Manipulation): title: "Notification # string" description: "Create a notification string with a timestamp." # expression: "'New message received at ' + string(document.create_time)" The # exact variables and functions that may be referenced within an expression are # determined by the service that evaluates it. See the service documentation for # additional information. # Corresponds to the JSON property `condition` # @return [Google::Apis::IamV1::Expr] attr_accessor :condition # A single identity requesting access for a Google Cloud resource. Follows the # same format of Binding.members. Required # Corresponds to the JSON property `member` # @return [String] attr_accessor :member # Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor` # , or `roles/owner`. Required # Corresponds to the JSON property `role` # @return [String] attr_accessor :role def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @action = args[:action] if args.key?(:action) @condition = args[:condition] if args.key?(:condition) @member = args[:member] if args.key?(:member) @role = args[:role] if args.key?(:role) end end # The request to create a new role. class CreateRoleRequest include Google::Apis::Core::Hashable # A role in the Identity and Access Management API. # Corresponds to the JSON property `role` # @return [Google::Apis::IamV1::Role] attr_accessor :role # The role ID to use for this role. A role ID may contain alphanumeric # characters, underscores (`_`), and periods (`.`). It must contain a minimum of # 3 characters and a maximum of 64 characters. # Corresponds to the JSON property `roleId` # @return [String] attr_accessor :role_id def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @role = args[:role] if args.key?(:role) @role_id = args[:role_id] if args.key?(:role_id) end end # The service account key create request. class CreateServiceAccountKeyRequest include Google::Apis::Core::Hashable # Which type of key and algorithm to use for the key. The default is currently a # 2K RSA key. However this may change in the future. # Corresponds to the JSON property `keyAlgorithm` # @return [String] attr_accessor :key_algorithm # The output format of the private key. The default value is ` # TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google Credentials File format. # Corresponds to the JSON property `privateKeyType` # @return [String] attr_accessor :private_key_type def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @key_algorithm = args[:key_algorithm] if args.key?(:key_algorithm) @private_key_type = args[:private_key_type] if args.key?(:private_key_type) end end # The service account create request. class CreateServiceAccountRequest include Google::Apis::Core::Hashable # Required. The account id that is used to generate the service account email # address and a stable unique id. It is unique within a project, must be 6-30 # characters long, and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])` # to comply with RFC1035. # Corresponds to the JSON property `accountId` # @return [String] attr_accessor :account_id # An IAM service account. A service account is an account for an application or # a virtual machine (VM) instance, not a person. You can use a service account # to call Google APIs. To learn more, read the [overview of service accounts]( # https://cloud.google.com/iam/help/service-accounts/overview). When you create # a service account, you specify the project ID that owns the service account, # as well as a name that must be unique within the project. IAM uses these # values to create an email address that identifies the service account. // # Corresponds to the JSON property `serviceAccount` # @return [Google::Apis::IamV1::ServiceAccount] attr_accessor :service_account def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @account_id = args[:account_id] if args.key?(:account_id) @service_account = args[:service_account] if args.key?(:service_account) end end # The service account key disable request. class DisableServiceAccountKeyRequest include Google::Apis::Core::Hashable # Optional. Usable by internal google services only. An extended_status_message # can be used to include additional information about the key, such as its # private key data being exposed on a public repository like GitHub. # Corresponds to the JSON property `extendedStatusMessage` # @return [String] attr_accessor :extended_status_message # Optional. Describes the reason this key is being disabled. If unspecified, the # default value of SERVICE_ACCOUNT_KEY_DISABLE_REASON_USER_INITIATED will be # used. # Corresponds to the JSON property `serviceAccountKeyDisableReason` # @return [String] attr_accessor :service_account_key_disable_reason def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @extended_status_message = args[:extended_status_message] if args.key?(:extended_status_message) @service_account_key_disable_reason = args[:service_account_key_disable_reason] if args.key?(:service_account_key_disable_reason) end end # The service account disable request. class DisableServiceAccountRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # A generic empty message that you can re-use to avoid defining duplicated empty # messages in your APIs. A typical example is to use it as the request or the # response type of an API method. For instance: service Foo ` rpc Bar(google. # protobuf.Empty) returns (google.protobuf.Empty); ` class Empty include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # The service account key enable request. class EnableServiceAccountKeyRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # The service account enable request. class EnableServiceAccountRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # Represents a textual expression in the Common Expression Language (CEL) syntax. # CEL is a C-like expression language. The syntax and semantics of CEL are # documented at https://github.com/google/cel-spec. Example (Comparison): title: # "Summary size limit" description: "Determines if a summary is less than 100 # chars" expression: "document.summary.size() < 100" Example (Equality): title: " # Requestor is owner" description: "Determines if requestor is the document # owner" expression: "document.owner == request.auth.claims.email" Example ( # Logic): title: "Public documents" description: "Determine whether the document # should be publicly visible" expression: "document.type != 'private' && # document.type != 'internal'" Example (Data Manipulation): title: "Notification # string" description: "Create a notification string with a timestamp." # expression: "'New message received at ' + string(document.create_time)" The # exact variables and functions that may be referenced within an expression are # determined by the service that evaluates it. See the service documentation for # additional information. class Expr include Google::Apis::Core::Hashable # Optional. Description of the expression. This is a longer text which describes # the expression, e.g. when hovered over it in a UI. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Textual representation of an expression in Common Expression Language syntax. # Corresponds to the JSON property `expression` # @return [String] attr_accessor :expression # Optional. String indicating the location of the expression for error reporting, # e.g. a file name and a position in the file. # Corresponds to the JSON property `location` # @return [String] attr_accessor :location # Optional. Title for the expression, i.e. a short string describing its purpose. # This can be used e.g. in UIs which allow to enter the expression. # Corresponds to the JSON property `title` # @return [String] attr_accessor :title def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @description = args[:description] if args.key?(:description) @expression = args[:expression] if args.key?(:expression) @location = args[:location] if args.key?(:location) @title = args[:title] if args.key?(:title) end end # Extended status can store additional metadata. For example, for keys disabled # due to their private key data being expoesed we may include a message with # more information about the exposure. class ExtendedStatus include Google::Apis::Core::Hashable # The key for this extended status. # Corresponds to the JSON property `key` # @return [String] attr_accessor :key # The value for the extended status. # Corresponds to the JSON property `value` # @return [String] attr_accessor :value def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @key = args[:key] if args.key?(:key) @value = args[:value] if args.key?(:value) end end # Request message for `GetIamPolicy` method. class GetIamPolicyRequest include Google::Apis::Core::Hashable # Encapsulates settings provided to GetIamPolicy. # Corresponds to the JSON property `options` # @return [Google::Apis::IamV1::GetPolicyOptions] attr_accessor :options def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @options = args[:options] if args.key?(:options) end end # Encapsulates settings provided to GetIamPolicy. class GetPolicyOptions include Google::Apis::Core::Hashable # Optional. The maximum policy version that will be used to format the policy. # Valid values are 0, 1, and 3. Requests specifying an invalid value will be # rejected. Requests for policies with any conditional role bindings must # specify version 3. Policies with no conditional role bindings may specify any # valid value or leave the field unset. The policy in the response might use the # policy version that you specified, or it might use a lower policy version. For # example, if you specify version 3, but the policy has no conditional role # bindings, the response uses version 1. To learn which resources support # conditions in their IAM policies, see the [IAM documentation](https://cloud. # google.com/iam/help/conditions/resource-policies). # Corresponds to the JSON property `requestedPolicyVersion` # @return [Fixnum] attr_accessor :requested_policy_version def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @requested_policy_version = args[:requested_policy_version] if args.key?(:requested_policy_version) end end # Represents the OAuth 2.0 client credential configuration for retrieving # additional user attributes that are not present in the initial authentication # credentials from the identity provider, for example, groups. See https:// # datatracker.ietf.org/doc/html/rfc6749#section-4.4 for more details on client # credentials grant flow. class GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client include Google::Apis::Core::Hashable # Required. Represents the IdP and type of claims that should be fetched. # Corresponds to the JSON property `attributesType` # @return [String] attr_accessor :attributes_type # Required. The OAuth 2.0 client ID for retrieving extra attributes from the # identity provider. Required to get the Access Token using client credentials # grant flow. # Corresponds to the JSON property `clientId` # @return [String] attr_accessor :client_id # Representation of a client secret configured for the OIDC provider. # Corresponds to the JSON property `clientSecret` # @return [Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret] attr_accessor :client_secret # Required. The OIDC identity provider's issuer URI. Must be a valid URI using # the `https` scheme. Required to get the OIDC discovery document. # Corresponds to the JSON property `issuerUri` # @return [String] attr_accessor :issuer_uri # Represents the parameters to control which claims are fetched from an IdP. # Corresponds to the JSON property `queryParameters` # @return [Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters] attr_accessor :query_parameters def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @attributes_type = args[:attributes_type] if args.key?(:attributes_type) @client_id = args[:client_id] if args.key?(:client_id) @client_secret = args[:client_secret] if args.key?(:client_secret) @issuer_uri = args[:issuer_uri] if args.key?(:issuer_uri) @query_parameters = args[:query_parameters] if args.key?(:query_parameters) end end # Represents the parameters to control which claims are fetched from an IdP. class GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters include Google::Apis::Core::Hashable # Optional. The filter used to request specific records from the IdP. By default, # all of the groups that are associated with a user are fetched. For Microsoft # Entra ID, you can add `$search` query parameters using [Keyword Query Language] # (https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword- # query-language-kql-syntax-reference). To learn more about `$search` querying # in Microsoft Entra ID, see [Use the `$search` query parameter] (https://learn. # microsoft.com/en-us/graph/search-query-parameter). Additionally, Workforce # Identity Federation automatically adds the following [`$filter` query # parameters] (https://learn.microsoft.com/en-us/graph/filter-query-parameter), # based on the value of `attributes_type`. Values passed to `filter` are # converted to `$search` query parameters. Additional `$filter` query parameters # cannot be added using this field. * `AZURE_AD_GROUPS_MAIL`: `mailEnabled` and ` # securityEnabled` filters are applied. * `AZURE_AD_GROUPS_ID`: `securityEnabled` # filter is applied. # Corresponds to the JSON property `filter` # @return [String] attr_accessor :filter def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @filter = args[:filter] if args.key?(:filter) end end # Represents an OpenID Connect 1.0 identity provider. class GoogleIamAdminV1WorkforcePoolProviderOidc include Google::Apis::Core::Hashable # Required. The client ID. Must match the audience claim of the JWT issued by # the identity provider. # Corresponds to the JSON property `clientId` # @return [String] attr_accessor :client_id # Representation of a client secret configured for the OIDC provider. # Corresponds to the JSON property `clientSecret` # @return [Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret] attr_accessor :client_secret # Required. The OIDC issuer URI. Must be a valid URI using the `https` scheme. # Corresponds to the JSON property `issuerUri` # @return [String] attr_accessor :issuer_uri # Optional. OIDC JWKs in JSON String format. For details on the definition of a # JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from # the discovery document that is fetched from the well-known path of the ` # issuer_uri`, will be used. RSA and EC asymmetric keys are supported. The JWK # must use the following format and include only the following fields: ` "keys": # [ ` "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": # "", "y": "", "crv": "" ` ] ` # Corresponds to the JSON property `jwksJson` # @return [String] attr_accessor :jwks_json # Configuration for web single sign-on for the OIDC provider. # Corresponds to the JSON property `webSsoConfig` # @return [Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig] attr_accessor :web_sso_config def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @client_id = args[:client_id] if args.key?(:client_id) @client_secret = args[:client_secret] if args.key?(:client_secret) @issuer_uri = args[:issuer_uri] if args.key?(:issuer_uri) @jwks_json = args[:jwks_json] if args.key?(:jwks_json) @web_sso_config = args[:web_sso_config] if args.key?(:web_sso_config) end end # Representation of a client secret configured for the OIDC provider. class GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret include Google::Apis::Core::Hashable # Representation of the value of the client secret. # Corresponds to the JSON property `value` # @return [Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue] attr_accessor :value def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @value = args[:value] if args.key?(:value) end end # Representation of the value of the client secret. class GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue include Google::Apis::Core::Hashable # Optional. Input only. The plain text of the client secret value. For security # reasons, this field is only used for input and will never be populated in any # response. # Corresponds to the JSON property `plainText` # @return [String] attr_accessor :plain_text # Output only. A thumbprint to represent the current client secret value. # Corresponds to the JSON property `thumbprint` # @return [String] attr_accessor :thumbprint def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @plain_text = args[:plain_text] if args.key?(:plain_text) @thumbprint = args[:thumbprint] if args.key?(:thumbprint) end end # Configuration for web single sign-on for the OIDC provider. class GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig include Google::Apis::Core::Hashable # Optional. Additional scopes to request for in the OIDC authentication request # on top of scopes requested by default. By default, the `openid`, `profile` and # `email` scopes that are supported by the identity provider are requested. Each # additional scope may be at most 256 characters. A maximum of 10 additional # scopes may be configured. # Corresponds to the JSON property `additionalScopes` # @return [Array] attr_accessor :additional_scopes # Required. The behavior for how OIDC Claims are included in the `assertion` # object used for attribute mapping and attribute condition. # Corresponds to the JSON property `assertionClaimsBehavior` # @return [String] attr_accessor :assertion_claims_behavior # Required. The Response Type to request for in the OIDC Authorization Request # for web sign-in. The `CODE` Response Type is recommended to avoid the Implicit # Flow, for security reasons. # Corresponds to the JSON property `responseType` # @return [String] attr_accessor :response_type def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @additional_scopes = args[:additional_scopes] if args.key?(:additional_scopes) @assertion_claims_behavior = args[:assertion_claims_behavior] if args.key?(:assertion_claims_behavior) @response_type = args[:response_type] if args.key?(:response_type) end end # Represents a SAML identity provider. class GoogleIamAdminV1WorkforcePoolProviderSaml include Google::Apis::Core::Hashable # Required. SAML Identity provider configuration metadata xml doc. The xml # document should comply with [SAML 2.0 specification](https://docs.oasis-open. # org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the # acceptable xml document will be bounded to 128k characters. The metadata xml # document should satisfy the following constraints: 1) Must contain an Identity # Provider Entity ID. 2) Must contain at least one non-expired signing key # certificate. 3) For each signing key: a) Valid from should be no more than 7 # days from now. b) Valid to should be no more than 25 years in the future. 4) # Up to 3 IdP signing keys are allowed in the metadata xml. When updating the # provider's metadata xml, at least one non-expired signing key must overlap # with the existing metadata. This requirement is skipped if there are no non- # expired signing keys present in the existing metadata. # Corresponds to the JSON property `idpMetadataXml` # @return [String] attr_accessor :idp_metadata_xml def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @idp_metadata_xml = args[:idp_metadata_xml] if args.key?(:idp_metadata_xml) end end # Represents configuration for generating mutual TLS (mTLS) certificates for the # identities within this pool. class InlineCertificateIssuanceConfig include Google::Apis::Core::Hashable # Optional. A required mapping of a Google Cloud region to the CA pool resource # located in that region. The CA pool is used for certificate issuance, adhering # to the following constraints: * Key format: A supported cloud region name # equivalent to the location identifier in the corresponding map entry's value. * # Value format: A valid CA pool resource path format like: "projects/`project`/ # locations/`location`/caPools/`ca_pool`" * Region Matching: Workloads are ONLY # issued certificates from CA pools within the same region. Also the CA pool # region (in value) must match the workload's region (key). # Corresponds to the JSON property `caPools` # @return [Hash] attr_accessor :ca_pools # Optional. Key algorithm to use when generating the key pair. This key pair # will be used to create the certificate. If not specified, this will default to # ECDSA_P256. # Corresponds to the JSON property `keyAlgorithm` # @return [String] attr_accessor :key_algorithm # Optional. Lifetime of the workload certificates issued by the CA pool. Must be # between 24 hours and 30 days. If not specified, this will be defaulted to 24 # hours. # Corresponds to the JSON property `lifetime` # @return [String] attr_accessor :lifetime # Optional. Rotation window percentage, the percentage of remaining lifetime # after which certificate rotation is initiated. Must be between 50 and 80. If # no value is specified, rotation window percentage is defaulted to 50. # Corresponds to the JSON property `rotationWindowPercentage` # @return [Fixnum] attr_accessor :rotation_window_percentage def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @ca_pools = args[:ca_pools] if args.key?(:ca_pools) @key_algorithm = args[:key_algorithm] if args.key?(:key_algorithm) @lifetime = args[:lifetime] if args.key?(:lifetime) @rotation_window_percentage = args[:rotation_window_percentage] if args.key?(:rotation_window_percentage) end end # Defines configuration for extending trust to additional trust domains. By # establishing trust with another domain, the current domain will recognize and # accept certificates issued by entities within the trusted domains. Note that a # trust domain automatically trusts itself, eliminating the need for explicit # configuration. class InlineTrustConfig include Google::Apis::Core::Hashable # Optional. Maps specific trust domains (e.g., "example.com") to their # corresponding TrustStore, which contain the trusted root certificates for that # domain. There can be a maximum of 10 trust domain entries in this map. Note # that a trust domain automatically trusts itself and don't need to be specified # here. If however, this WorkloadIdentityPool's trust domain contains any trust # anchors in the additional_trust_bundles map, those trust anchors will be * # appended to* the trust bundle automatically derived from your # InlineCertificateIssuanceConfig's ca_pools. # Corresponds to the JSON property `additionalTrustBundles` # @return [Hash] attr_accessor :additional_trust_bundles def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @additional_trust_bundles = args[:additional_trust_bundles] if args.key?(:additional_trust_bundles) end end # Intermediate CA certificates used for building the trust chain to trust anchor class IntermediateCa include Google::Apis::Core::Hashable # PEM certificate of the PKI used for validation. Must only contain one ca # certificate. # Corresponds to the JSON property `pemCertificate` # @return [String] attr_accessor :pem_certificate def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @pem_certificate = args[:pem_certificate] if args.key?(:pem_certificate) end end # Represents a public key data along with its format. class KeyData include Google::Apis::Core::Hashable # Output only. The format of the key. # Corresponds to the JSON property `format` # @return [String] attr_accessor :format # Output only. The key data. The format of the key is represented by the format # field. # Corresponds to the JSON property `key` # @return [String] attr_accessor :key # Required. The specifications for the key. # Corresponds to the JSON property `keySpec` # @return [String] attr_accessor :key_spec # Output only. Latest timestamp when this key is valid. Attempts to use this key # after this time will fail. Only present if the key data represents a X.509 # certificate. # Corresponds to the JSON property `notAfterTime` # @return [String] attr_accessor :not_after_time # Output only. Earliest timestamp when this key is valid. Attempts to use this # key before this time will fail. Only present if the key data represents a X. # 509 certificate. # Corresponds to the JSON property `notBeforeTime` # @return [String] attr_accessor :not_before_time def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @format = args[:format] if args.key?(:format) @key = args[:key] if args.key?(:key) @key_spec = args[:key_spec] if args.key?(:key_spec) @not_after_time = args[:not_after_time] if args.key?(:not_after_time) @not_before_time = args[:not_before_time] if args.key?(:not_before_time) end end # The request to lint an IAM policy object. class LintPolicyRequest include Google::Apis::Core::Hashable # Represents a textual expression in the Common Expression Language (CEL) syntax. # CEL is a C-like expression language. The syntax and semantics of CEL are # documented at https://github.com/google/cel-spec. Example (Comparison): title: # "Summary size limit" description: "Determines if a summary is less than 100 # chars" expression: "document.summary.size() < 100" Example (Equality): title: " # Requestor is owner" description: "Determines if requestor is the document # owner" expression: "document.owner == request.auth.claims.email" Example ( # Logic): title: "Public documents" description: "Determine whether the document # should be publicly visible" expression: "document.type != 'private' && # document.type != 'internal'" Example (Data Manipulation): title: "Notification # string" description: "Create a notification string with a timestamp." # expression: "'New message received at ' + string(document.create_time)" The # exact variables and functions that may be referenced within an expression are # determined by the service that evaluates it. See the service documentation for # additional information. # Corresponds to the JSON property `condition` # @return [Google::Apis::IamV1::Expr] attr_accessor :condition # The full resource name of the policy this lint request is about. The name # follows the Google Cloud format for full resource names. For example, a Google # Cloud project with ID `my-project` will be named `//cloudresourcemanager. # googleapis.com/projects/my-project`. The resource name is not used to read a # policy from IAM. Only the data in the request object is linted. # Corresponds to the JSON property `fullResourceName` # @return [String] attr_accessor :full_resource_name def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @condition = args[:condition] if args.key?(:condition) @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name) end end # The response of a lint operation. An empty response indicates the operation # was able to fully execute and no lint issue was found. class LintPolicyResponse include Google::Apis::Core::Hashable # List of lint results sorted by `severity` in descending order. # Corresponds to the JSON property `lintResults` # @return [Array] attr_accessor :lint_results def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @lint_results = args[:lint_results] if args.key?(:lint_results) end end # Structured response of a single validation unit. class LintResult include Google::Apis::Core::Hashable # Human readable debug message associated with the issue. # Corresponds to the JSON property `debugMessage` # @return [String] attr_accessor :debug_message # The name of the field for which this lint result is about. For nested messages # `field_name` consists of names of the embedded fields separated by period # character. The top-level qualifier is the input object to lint in the request. # For example, the `field_name` value `condition.expression` identifies a lint # result for the `expression` field of the provided condition. # Corresponds to the JSON property `fieldName` # @return [String] attr_accessor :field_name # The validation unit level. # Corresponds to the JSON property `level` # @return [String] attr_accessor :level # 0-based character position of problematic construct within the object # identified by `field_name`. Currently, this is populated only for condition # expression. # Corresponds to the JSON property `locationOffset` # @return [Fixnum] attr_accessor :location_offset # The validation unit severity. # Corresponds to the JSON property `severity` # @return [String] attr_accessor :severity # The validation unit name, for instance "lintValidationUnits/ # ConditionComplexityCheck". # Corresponds to the JSON property `validationUnitName` # @return [String] attr_accessor :validation_unit_name def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @debug_message = args[:debug_message] if args.key?(:debug_message) @field_name = args[:field_name] if args.key?(:field_name) @level = args[:level] if args.key?(:level) @location_offset = args[:location_offset] if args.key?(:location_offset) @severity = args[:severity] if args.key?(:severity) @validation_unit_name = args[:validation_unit_name] if args.key?(:validation_unit_name) end end # Response message for ListAttestationRules. class ListAttestationRulesResponse include Google::Apis::Core::Hashable # A list of AttestationRules. # Corresponds to the JSON property `attestationRules` # @return [Array] attr_accessor :attestation_rules # Optional. A token, which can be sent as `page_token` to retrieve the next page. # If this field is omitted, there are no subsequent pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @attestation_rules = args[:attestation_rules] if args.key?(:attestation_rules) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) end end # Response message for ListOauthClientCredentials. class ListOauthClientCredentialsResponse include Google::Apis::Core::Hashable # A list of OauthClientCredentials. # Corresponds to the JSON property `oauthClientCredentials` # @return [Array] attr_accessor :oauth_client_credentials def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @oauth_client_credentials = args[:oauth_client_credentials] if args.key?(:oauth_client_credentials) end end # Response message for ListOauthClients. class ListOauthClientsResponse include Google::Apis::Core::Hashable # Optional. A token, which can be sent as `page_token` to retrieve the next page. # If this field is omitted, there are no subsequent pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # A list of OauthClients. # Corresponds to the JSON property `oauthClients` # @return [Array] attr_accessor :oauth_clients def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @oauth_clients = args[:oauth_clients] if args.key?(:oauth_clients) end end # The response containing the roles defined under a resource. class ListRolesResponse include Google::Apis::Core::Hashable # To retrieve the next page of results, set `ListRolesRequest.page_token` to # this value. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # The Roles defined on this resource. # Corresponds to the JSON property `roles` # @return [Array] attr_accessor :roles def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @roles = args[:roles] if args.key?(:roles) end end # The service account keys list response. class ListServiceAccountKeysResponse include Google::Apis::Core::Hashable # The public keys for the service account. # Corresponds to the JSON property `keys` # @return [Array] attr_accessor :keys def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @keys = args[:keys] if args.key?(:keys) end end # The service account list response. class ListServiceAccountsResponse include Google::Apis::Core::Hashable # The list of matching service accounts. # Corresponds to the JSON property `accounts` # @return [Array] attr_accessor :accounts # To retrieve the next page of results, set ListServiceAccountsRequest. # page_token to this value. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @accounts = args[:accounts] if args.key?(:accounts) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) end end # Response message for ListWorkforcePoolProviderKeys. class ListWorkforcePoolProviderKeysResponse include Google::Apis::Core::Hashable # A token, which can be sent as `page_token` to retrieve the next page. If this # field is omitted, there are no subsequent pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # A list of WorkforcePoolProviderKeys. # Corresponds to the JSON property `workforcePoolProviderKeys` # @return [Array] attr_accessor :workforce_pool_provider_keys def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @workforce_pool_provider_keys = args[:workforce_pool_provider_keys] if args.key?(:workforce_pool_provider_keys) end end # Gemini Enterprise only. Response message for # ListWorkforcePoolProviderScimTenants. class ListWorkforcePoolProviderScimTenantsResponse include Google::Apis::Core::Hashable # Optional. Gemini Enterprise only. A token, which can be sent as `page_token` # to retrieve the next page. If this field is omitted, there are no subsequent # pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # Output only. Gemini Enterprise only. A list of SCIM tenants. # Corresponds to the JSON property `workforcePoolProviderScimTenants` # @return [Array] attr_accessor :workforce_pool_provider_scim_tenants def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @workforce_pool_provider_scim_tenants = args[:workforce_pool_provider_scim_tenants] if args.key?(:workforce_pool_provider_scim_tenants) end end # Gemini Enterprise only. Response message for # ListWorkforcePoolProviderScimTokens. class ListWorkforcePoolProviderScimTokensResponse include Google::Apis::Core::Hashable # Optional. Gemini Enterprise only. A token, which can be sent as `page_token` # to retrieve the next page. If this field is omitted, there are no subsequent # pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # Output only. Gemini Enterprise only. A list of SCIM tokens. # Corresponds to the JSON property `workforcePoolProviderScimTokens` # @return [Array] attr_accessor :workforce_pool_provider_scim_tokens def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @workforce_pool_provider_scim_tokens = args[:workforce_pool_provider_scim_tokens] if args.key?(:workforce_pool_provider_scim_tokens) end end # Response message for ListWorkforcePoolProviders. class ListWorkforcePoolProvidersResponse include Google::Apis::Core::Hashable # A token, which can be sent as `page_token` to retrieve the next page. If this # field is omitted, there are no subsequent pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # A list of providers. # Corresponds to the JSON property `workforcePoolProviders` # @return [Array] attr_accessor :workforce_pool_providers def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @workforce_pool_providers = args[:workforce_pool_providers] if args.key?(:workforce_pool_providers) end end # Response message for ListWorkforcePools. class ListWorkforcePoolsResponse include Google::Apis::Core::Hashable # A token, which can be sent as `page_token` to retrieve the next page. If this # field is omitted, there are no subsequent pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # A list of pools. # Corresponds to the JSON property `workforcePools` # @return [Array] attr_accessor :workforce_pools def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @workforce_pools = args[:workforce_pools] if args.key?(:workforce_pools) end end # Response message for ListWorkloadIdentityPoolManagedIdentities. class ListWorkloadIdentityPoolManagedIdentitiesResponse include Google::Apis::Core::Hashable # A token, which can be sent as `page_token` to retrieve the next page. If this # field is omitted, there are no subsequent pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # A list of managed identities. # Corresponds to the JSON property `workloadIdentityPoolManagedIdentities` # @return [Array] attr_accessor :workload_identity_pool_managed_identities def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @workload_identity_pool_managed_identities = args[:workload_identity_pool_managed_identities] if args.key?(:workload_identity_pool_managed_identities) end end # Response message for ListWorkloadIdentityPoolNamespaces. class ListWorkloadIdentityPoolNamespacesResponse include Google::Apis::Core::Hashable # A token, which can be sent as `page_token` to retrieve the next page. If this # field is omitted, there are no subsequent pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # A list of namespaces. # Corresponds to the JSON property `workloadIdentityPoolNamespaces` # @return [Array] attr_accessor :workload_identity_pool_namespaces def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @workload_identity_pool_namespaces = args[:workload_identity_pool_namespaces] if args.key?(:workload_identity_pool_namespaces) end end # Response message for ListWorkloadIdentityPoolProviderKeys. class ListWorkloadIdentityPoolProviderKeysResponse include Google::Apis::Core::Hashable # A token, which can be sent as `page_token` to retrieve the next page. If this # field is omitted, there are no subsequent pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # A list of WorkloadIdentityPoolProviderKey # Corresponds to the JSON property `workloadIdentityPoolProviderKeys` # @return [Array] attr_accessor :workload_identity_pool_provider_keys def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @workload_identity_pool_provider_keys = args[:workload_identity_pool_provider_keys] if args.key?(:workload_identity_pool_provider_keys) end end # Response message for ListWorkloadIdentityPoolProviders. class ListWorkloadIdentityPoolProvidersResponse include Google::Apis::Core::Hashable # A token, which can be sent as `page_token` to retrieve the next page. If this # field is omitted, there are no subsequent pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # A list of providers. # Corresponds to the JSON property `workloadIdentityPoolProviders` # @return [Array] attr_accessor :workload_identity_pool_providers def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @workload_identity_pool_providers = args[:workload_identity_pool_providers] if args.key?(:workload_identity_pool_providers) end end # Response message for ListWorkloadIdentityPools. class ListWorkloadIdentityPoolsResponse include Google::Apis::Core::Hashable # A token, which can be sent as `page_token` to retrieve the next page. If this # field is omitted, there are no subsequent pages. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # A list of pools. # Corresponds to the JSON property `workloadIdentityPools` # @return [Array] attr_accessor :workload_identity_pools def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @workload_identity_pools = args[:workload_identity_pools] if args.key?(:workload_identity_pools) end end # Represents an OauthClient. Used to access Google Cloud resources on behalf of # a Workforce Identity Federation user by using OAuth 2.0 Protocol to obtain an # access token from Google Cloud. class OauthClient include Google::Apis::Core::Hashable # Required. The list of OAuth grant types is allowed for the OauthClient. # Corresponds to the JSON property `allowedGrantTypes` # @return [Array] attr_accessor :allowed_grant_types # Required. The list of redirect uris that is allowed to redirect back when # authorization process is completed. # Corresponds to the JSON property `allowedRedirectUris` # @return [Array] attr_accessor :allowed_redirect_uris # Required. The list of scopes that the OauthClient is allowed to request during # OAuth flows. The following scopes are supported: * `https://www.googleapis.com/ # auth/cloud-platform`: See, edit, configure, and delete your Google Cloud data # and see the email address for your Google Account. # Corresponds to the JSON property `allowedScopes` # @return [Array] attr_accessor :allowed_scopes # Output only. The system-generated OauthClient id. # Corresponds to the JSON property `clientId` # @return [String] attr_accessor :client_id # Immutable. The type of OauthClient. Either public or private. For private # clients, the client secret can be managed using the dedicated # OauthClientCredential resource. # Corresponds to the JSON property `clientType` # @return [String] attr_accessor :client_type # Optional. A user-specified description of the OauthClient. Cannot exceed 256 # characters. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Optional. Whether the OauthClient is disabled. You cannot use a disabled OAuth # client. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # Optional. A user-specified display name of the OauthClient. Cannot exceed 32 # characters. # Corresponds to the JSON property `displayName` # @return [String] attr_accessor :display_name # Output only. Time after which the OauthClient will be permanently purged and # cannot be recovered. # Corresponds to the JSON property `expireTime` # @return [String] attr_accessor :expire_time # Immutable. Identifier. The resource name of the OauthClient. Format:`projects/` # project`/locations/`location`/oauthClients/`oauth_client``. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Output only. The state of the OauthClient. # Corresponds to the JSON property `state` # @return [String] attr_accessor :state def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @allowed_grant_types = args[:allowed_grant_types] if args.key?(:allowed_grant_types) @allowed_redirect_uris = args[:allowed_redirect_uris] if args.key?(:allowed_redirect_uris) @allowed_scopes = args[:allowed_scopes] if args.key?(:allowed_scopes) @client_id = args[:client_id] if args.key?(:client_id) @client_type = args[:client_type] if args.key?(:client_type) @description = args[:description] if args.key?(:description) @disabled = args[:disabled] if args.key?(:disabled) @display_name = args[:display_name] if args.key?(:display_name) @expire_time = args[:expire_time] if args.key?(:expire_time) @name = args[:name] if args.key?(:name) @state = args[:state] if args.key?(:state) end end # Represents an OauthClientCredential. Used to authenticate an OauthClient while # accessing Google Cloud resources on behalf of a user by using OAuth 2.0 # Protocol. class OauthClientCredential include Google::Apis::Core::Hashable # Output only. The system-generated OAuth client secret. The client secret must # be stored securely. If the client secret is leaked, you must delete and re- # create the client credential. To learn more, see [OAuth client and credential # security risks and mitigations](https://cloud.google.com/iam/docs/workforce- # oauth-app#security) # Corresponds to the JSON property `clientSecret` # @return [String] attr_accessor :client_secret # Optional. Whether the OauthClientCredential is disabled. You cannot use a # disabled OauthClientCredential. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # Optional. A user-specified display name of the OauthClientCredential. Cannot # exceed 32 characters. # Corresponds to the JSON property `displayName` # @return [String] attr_accessor :display_name # Immutable. Identifier. The resource name of the OauthClientCredential. Format: # `projects/`project`/locations/`location`/oauthClients/`oauth_client`/ # credentials/`credential`` # Corresponds to the JSON property `name` # @return [String] attr_accessor :name def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @client_secret = args[:client_secret] if args.key?(:client_secret) @disabled = args[:disabled] if args.key?(:disabled) @display_name = args[:display_name] if args.key?(:display_name) @name = args[:name] if args.key?(:name) end end # Represents an OpenId Connect 1.0 identity provider. class Oidc include Google::Apis::Core::Hashable # Optional. Acceptable values for the `aud` field (audience) in the OIDC token. # Token exchange requests are rejected if the token audience does not match one # of the configured values. Each audience may be at most 256 characters. A # maximum of 10 audiences may be configured. If this list is empty, the OIDC # token audience must be equal to the full canonical resource name of the # WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: `` # ` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ # https://iam.googleapis.com/projects//locations//workloadIdentityPools// # providers/ ``` # Corresponds to the JSON property `allowedAudiences` # @return [Array] attr_accessor :allowed_audiences # Required. The OIDC issuer URL. Must be an HTTPS endpoint. Per OpenID Connect # Discovery 1.0 spec, the OIDC issuer URL is used to locate the provider's # public keys (via `jwks_uri`) for verifying tokens like the OIDC ID token. # These public key types must be 'EC' or 'RSA'. # Corresponds to the JSON property `issuerUri` # @return [String] attr_accessor :issuer_uri # Optional. OIDC JWKs in JSON String format. For details on the definition of a # JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from # the discovery document(fetched from the .well-known path of the `issuer_uri`) # will be used. Currently, RSA and EC asymmetric keys are supported. The JWK # must use following format and include only the following fields: ` "keys": [ ` # "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", # "y": "", "crv": "" ` ] ` # Corresponds to the JSON property `jwksJson` # @return [String] attr_accessor :jwks_json def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @allowed_audiences = args[:allowed_audiences] if args.key?(:allowed_audiences) @issuer_uri = args[:issuer_uri] if args.key?(:issuer_uri) @jwks_json = args[:jwks_json] if args.key?(:jwks_json) end end # This resource represents a long-running operation that is the result of a # network API call. class Operation include Google::Apis::Core::Hashable # If the value is `false`, it means the operation is still in progress. If `true` # , the operation is completed, and either `error` or `response` is available. # Corresponds to the JSON property `done` # @return [Boolean] attr_accessor :done alias_method :done?, :done # The `Status` type defines a logical error model that is suitable for different # programming environments, including REST APIs and RPC APIs. It is used by [ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of # data: error code, error message, and error details. You can find out more # about this error model and how to work with it in the [API Design Guide](https: # //cloud.google.com/apis/design/errors). # Corresponds to the JSON property `error` # @return [Google::Apis::IamV1::Status] attr_accessor :error # Service-specific metadata associated with the operation. It typically contains # progress information and common metadata such as create time. Some services # might not provide such metadata. Any method that returns a long-running # operation should document the metadata type, if any. # Corresponds to the JSON property `metadata` # @return [Hash] attr_accessor :metadata # The server-assigned name, which is only unique within the same service that # originally returns it. If you use the default HTTP mapping, the `name` should # be a resource name ending with `operations/`unique_id``. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # The normal, successful response of the operation. If the original method # returns no data on success, such as `Delete`, the response is `google.protobuf. # Empty`. If the original method is standard `Get`/`Create`/`Update`, the # response should be the resource. For other methods, the response should have # the type `XxxResponse`, where `Xxx` is the original method name. For example, # if the original method name is `TakeSnapshot()`, the inferred response type is # `TakeSnapshotResponse`. # Corresponds to the JSON property `response` # @return [Hash] attr_accessor :response def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @done = args[:done] if args.key?(:done) @error = args[:error] if args.key?(:error) @metadata = args[:metadata] if args.key?(:metadata) @name = args[:name] if args.key?(:name) @response = args[:response] if args.key?(:response) end end # Represents the metadata of the long-running operation. class OperationMetadata include Google::Apis::Core::Hashable # Output only. API version used to start the operation. # Corresponds to the JSON property `apiVersion` # @return [String] attr_accessor :api_version # Output only. Identifies whether the user has requested cancellation of the # operation. Operations that have been cancelled successfully have google. # longrunning.Operation.error value with a google.rpc.Status.code of `1`, # corresponding to `Code.CANCELLED`. # Corresponds to the JSON property `cancelRequested` # @return [Boolean] attr_accessor :cancel_requested alias_method :cancel_requested?, :cancel_requested # Output only. The time the operation was created. # Corresponds to the JSON property `createTime` # @return [String] attr_accessor :create_time # Output only. The time the operation finished running. # Corresponds to the JSON property `endTime` # @return [String] attr_accessor :end_time # Output only. Human-readable status of the operation, if any. # Corresponds to the JSON property `statusDetail` # @return [String] attr_accessor :status_detail # Output only. Server-defined resource path for the target of the operation. # Corresponds to the JSON property `target` # @return [String] attr_accessor :target # Output only. Name of the verb executed by the operation. # Corresponds to the JSON property `verb` # @return [String] attr_accessor :verb def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @api_version = args[:api_version] if args.key?(:api_version) @cancel_requested = args[:cancel_requested] if args.key?(:cancel_requested) @create_time = args[:create_time] if args.key?(:create_time) @end_time = args[:end_time] if args.key?(:end_time) @status_detail = args[:status_detail] if args.key?(:status_detail) @target = args[:target] if args.key?(:target) @verb = args[:verb] if args.key?(:verb) end end # The Google Cloud service that owns this namespace. class OwnerService include Google::Apis::Core::Hashable # Required. The service agent principal subject, e.g. "serviceAccount:service- # 1234@gcp-sa-gkehub.iam.gserviceaccount.com". # Corresponds to the JSON property `principalSubject` # @return [String] attr_accessor :principal_subject def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @principal_subject = args[:principal_subject] if args.key?(:principal_subject) end end # The service account patch request. You can patch only the `display_name` and ` # description` fields. You must use the `update_mask` field to specify which of # these fields you want to patch. Only the fields specified in the request are # guaranteed to be returned in the response. Other fields may be empty in the # response. class PatchServiceAccountRequest include Google::Apis::Core::Hashable # An IAM service account. A service account is an account for an application or # a virtual machine (VM) instance, not a person. You can use a service account # to call Google APIs. To learn more, read the [overview of service accounts]( # https://cloud.google.com/iam/help/service-accounts/overview). When you create # a service account, you specify the project ID that owns the service account, # as well as a name that must be unique within the project. IAM uses these # values to create an email address that identifies the service account. // # Corresponds to the JSON property `serviceAccount` # @return [Google::Apis::IamV1::ServiceAccount] attr_accessor :service_account # # Corresponds to the JSON property `updateMask` # @return [String] attr_accessor :update_mask def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @service_account = args[:service_account] if args.key?(:service_account) @update_mask = args[:update_mask] if args.key?(:update_mask) end end # A permission which can be included by a role. class Permission include Google::Apis::Core::Hashable # The service API associated with the permission is not enabled. # Corresponds to the JSON property `apiDisabled` # @return [Boolean] attr_accessor :api_disabled alias_method :api_disabled?, :api_disabled # The current custom role support level. # Corresponds to the JSON property `customRolesSupportLevel` # @return [String] attr_accessor :custom_roles_support_level # A brief description of what this Permission is used for. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # The name of this Permission. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # # Corresponds to the JSON property `onlyInPredefinedRoles` # @return [Boolean] attr_accessor :only_in_predefined_roles alias_method :only_in_predefined_roles?, :only_in_predefined_roles # The preferred name for this permission. If present, then this permission is an # alias of, and equivalent to, the listed primary_permission. # Corresponds to the JSON property `primaryPermission` # @return [String] attr_accessor :primary_permission # The current launch stage of the permission. # Corresponds to the JSON property `stage` # @return [String] attr_accessor :stage # The title of this Permission. # Corresponds to the JSON property `title` # @return [String] attr_accessor :title def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @api_disabled = args[:api_disabled] if args.key?(:api_disabled) @custom_roles_support_level = args[:custom_roles_support_level] if args.key?(:custom_roles_support_level) @description = args[:description] if args.key?(:description) @name = args[:name] if args.key?(:name) @only_in_predefined_roles = args[:only_in_predefined_roles] if args.key?(:only_in_predefined_roles) @primary_permission = args[:primary_permission] if args.key?(:primary_permission) @stage = args[:stage] if args.key?(:stage) @title = args[:title] if args.key?(:title) end end # A PermissionDelta message to record the added_permissions and # removed_permissions inside a role. class PermissionDelta include Google::Apis::Core::Hashable # Added permissions. # Corresponds to the JSON property `addedPermissions` # @return [Array] attr_accessor :added_permissions # Removed permissions. # Corresponds to the JSON property `removedPermissions` # @return [Array] attr_accessor :removed_permissions def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @added_permissions = args[:added_permissions] if args.key?(:added_permissions) @removed_permissions = args[:removed_permissions] if args.key?(:removed_permissions) end end # An Identity and Access Management (IAM) policy, which specifies access # controls for Google Cloud resources. A `Policy` is a collection of `bindings`. # A `binding` binds one or more `members`, or principals, to a single `role`. # Principals can be user accounts, service accounts, Google groups, and domains ( # such as G Suite). A `role` is a named list of permissions; each `role` can be # an IAM predefined role or a user-created custom role. For some types of Google # Cloud resources, a `binding` can also specify a `condition`, which is a # logical expression that allows access to a resource only if the expression # evaluates to `true`. A condition can add constraints based on attributes of # the request, the resource, or both. To learn which resources support # conditions in their IAM policies, see the [IAM documentation](https://cloud. # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` " # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [ # "user:mike@example.com", "group:admins@example.com", "domain:google.com", " # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": " # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" # ], "condition": ` "title": "expirable access", "description": "Does not grant # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00: # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML # example:** ``` bindings: - members: - user:mike@example.com - group:admins@ # example.com - domain:google.com - serviceAccount:my-project-id@appspot. # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - # user:eve@example.com role: roles/resourcemanager.organizationViewer condition: # title: expirable access description: Does not grant access after Sep 2020 # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the # [IAM documentation](https://cloud.google.com/iam/docs/). class Policy include Google::Apis::Core::Hashable # Specifies cloud audit logging configuration for this policy. # Corresponds to the JSON property `auditConfigs` # @return [Array] attr_accessor :audit_configs # Associates a list of `members`, or principals, with a `role`. Optionally, may # specify a `condition` that determines how and when the `bindings` are applied. # Each of the `bindings` must contain at least one principal. The `bindings` in # a `Policy` can refer to up to 1,500 principals; up to 250 of these principals # can be Google groups. Each occurrence of a principal counts towards these # limits. For example, if the `bindings` grant 50 different roles to `user:alice@ # example.com`, and not to any other principal, then you can add another 1,450 # principals to the `bindings` in the `Policy`. # Corresponds to the JSON property `bindings` # @return [Array] attr_accessor :bindings # `etag` is used for optimistic concurrency control as a way to help prevent # simultaneous updates of a policy from overwriting each other. It is strongly # suggested that systems make use of the `etag` in the read-modify-write cycle # to perform policy updates in order to avoid race conditions: An `etag` is # returned in the response to `getIamPolicy`, and systems are expected to put # that etag in the request to `setIamPolicy` to ensure that their change will be # applied to the same version of the policy. **Important:** If you use IAM # Conditions, you must include the `etag` field whenever you call `setIamPolicy`. # If you omit this field, then IAM allows you to overwrite a version `3` policy # with a version `1` policy, and all of the conditions in the version `3` policy # are lost. # Corresponds to the JSON property `etag` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :etag # Specifies the format of the policy. Valid values are `0`, `1`, and `3`. # Requests that specify an invalid value are rejected. Any operation that # affects conditional role bindings must specify version `3`. This requirement # applies to the following operations: * Getting a policy that includes a # conditional role binding * Adding a conditional role binding to a policy * # Changing a conditional role binding in a policy * Removing any role binding, # with or without a condition, from a policy that includes conditions ** # Important:** If you use IAM Conditions, you must include the `etag` field # whenever you call `setIamPolicy`. If you omit this field, then IAM allows you # to overwrite a version `3` policy with a version `1` policy, and all of the # conditions in the version `3` policy are lost. If a policy does not include # any conditions, operations on that policy may specify any valid version or # leave the field unset. To learn which resources support conditions in their # IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/ # conditions/resource-policies). # Corresponds to the JSON property `version` # @return [Fixnum] attr_accessor :version def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @audit_configs = args[:audit_configs] if args.key?(:audit_configs) @bindings = args[:bindings] if args.key?(:bindings) @etag = args[:etag] if args.key?(:etag) @version = args[:version] if args.key?(:version) end end # The difference delta between two policies. class PolicyDelta include Google::Apis::Core::Hashable # The delta for Bindings between two policies. # Corresponds to the JSON property `bindingDeltas` # @return [Array] attr_accessor :binding_deltas def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @binding_deltas = args[:binding_deltas] if args.key?(:binding_deltas) end end # A request to get the list of auditable services for a resource. class QueryAuditableServicesRequest include Google::Apis::Core::Hashable # Required. The full resource name to query from the list of auditable services. # The name follows the Google Cloud Platform resource format. For example, a # Cloud Platform project with id `my-project` will be named `// # cloudresourcemanager.googleapis.com/projects/my-project`. # Corresponds to the JSON property `fullResourceName` # @return [String] attr_accessor :full_resource_name def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name) end end # A response containing a list of auditable services for a resource. class QueryAuditableServicesResponse include Google::Apis::Core::Hashable # The auditable services for a resource. # Corresponds to the JSON property `services` # @return [Array] attr_accessor :services def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @services = args[:services] if args.key?(:services) end end # The grantable role query request. class QueryGrantableRolesRequest include Google::Apis::Core::Hashable # Required. Required. The full resource name to query from the list of grantable # roles. The name follows the Google Cloud Platform resource format. For example, # a Cloud Platform project with id `my-project` will be named `// # cloudresourcemanager.googleapis.com/projects/my-project`. # Corresponds to the JSON property `fullResourceName` # @return [String] attr_accessor :full_resource_name # Optional limit on the number of roles to include in the response. The default # is 300, and the maximum is 2,000. # Corresponds to the JSON property `pageSize` # @return [Fixnum] attr_accessor :page_size # Optional pagination token returned in an earlier QueryGrantableRolesResponse. # Corresponds to the JSON property `pageToken` # @return [String] attr_accessor :page_token # # Corresponds to the JSON property `view` # @return [String] attr_accessor :view def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name) @page_size = args[:page_size] if args.key?(:page_size) @page_token = args[:page_token] if args.key?(:page_token) @view = args[:view] if args.key?(:view) end end # The grantable role query response. class QueryGrantableRolesResponse include Google::Apis::Core::Hashable # To retrieve the next page of results, set `QueryGrantableRolesRequest. # page_token` to this value. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # The list of matching roles. # Corresponds to the JSON property `roles` # @return [Array] attr_accessor :roles def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @roles = args[:roles] if args.key?(:roles) end end # A request to get permissions which can be tested on a resource. class QueryTestablePermissionsRequest include Google::Apis::Core::Hashable # Required. The full resource name to query from the list of testable # permissions. The name follows the Google Cloud Platform resource format. For # example, a Cloud Platform project with id `my-project` will be named `// # cloudresourcemanager.googleapis.com/projects/my-project`. # Corresponds to the JSON property `fullResourceName` # @return [String] attr_accessor :full_resource_name # Optional limit on the number of permissions to include in the response. The # default is 100, and the maximum is 1,000. # Corresponds to the JSON property `pageSize` # @return [Fixnum] attr_accessor :page_size # Optional pagination token returned in an earlier # QueryTestablePermissionsRequest. # Corresponds to the JSON property `pageToken` # @return [String] attr_accessor :page_token def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @full_resource_name = args[:full_resource_name] if args.key?(:full_resource_name) @page_size = args[:page_size] if args.key?(:page_size) @page_token = args[:page_token] if args.key?(:page_token) end end # The response containing permissions which can be tested on a resource. class QueryTestablePermissionsResponse include Google::Apis::Core::Hashable # To retrieve the next page of results, set `QueryTestableRolesRequest. # page_token` to this value. # Corresponds to the JSON property `nextPageToken` # @return [String] attr_accessor :next_page_token # The Permissions testable on the requested resource. # Corresponds to the JSON property `permissions` # @return [Array] attr_accessor :permissions def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @next_page_token = args[:next_page_token] if args.key?(:next_page_token) @permissions = args[:permissions] if args.key?(:permissions) end end # Operation metadata returned by the CLH during resource state reconciliation. class ReconciliationOperationMetadata include Google::Apis::Core::Hashable # DEPRECATED. Use exclusive_action instead. # Corresponds to the JSON property `deleteResource` # @return [Boolean] attr_accessor :delete_resource alias_method :delete_resource?, :delete_resource # Excluisive action returned by the CLH. # Corresponds to the JSON property `exclusiveAction` # @return [String] attr_accessor :exclusive_action def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @delete_resource = args[:delete_resource] if args.key?(:delete_resource) @exclusive_action = args[:exclusive_action] if args.key?(:exclusive_action) end end # Request message for RemoveAttestationRule. class RemoveAttestationRuleRequest include Google::Apis::Core::Hashable # Defines which workloads can receive an identity within a pool. When an # AttestationRule is defined under a managed identity, matching workloads may # receive that identity. # Corresponds to the JSON property `attestationRule` # @return [Google::Apis::IamV1::AttestationRule] attr_accessor :attestation_rule def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @attestation_rule = args[:attestation_rule] if args.key?(:attestation_rule) end end # A role in the Identity and Access Management API. class Role include Google::Apis::Core::Hashable # The current deleted state of the role. This field is read only. It will be # ignored in calls to CreateRole and UpdateRole. # Corresponds to the JSON property `deleted` # @return [Boolean] attr_accessor :deleted alias_method :deleted?, :deleted # Optional. A human-readable description for the role. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Used to perform a consistent read-modify-write. # Corresponds to the JSON property `etag` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :etag # The names of the permissions this role grants when bound in an IAM policy. # Corresponds to the JSON property `includedPermissions` # @return [Array] attr_accessor :included_permissions # The name of the role. When `Role` is used in `CreateRole`, the role name must # not be set. When `Role` is used in output and other input such as `UpdateRole`, # the role name is the complete path. For example, `roles/logging.viewer` for # predefined roles, `organizations/`ORGANIZATION_ID`/roles/myRole` for # organization-level custom roles, and `projects/`PROJECT_ID`/roles/myRole` for # project-level custom roles. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # The current launch stage of the role. If the `ALPHA` launch stage has been # selected for a role, the `stage` field will not be included in the returned # definition for the role. # Corresponds to the JSON property `stage` # @return [String] attr_accessor :stage # Optional. A human-readable title for the role. Typically this is limited to # 100 UTF-8 bytes. # Corresponds to the JSON property `title` # @return [String] attr_accessor :title def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @deleted = args[:deleted] if args.key?(:deleted) @description = args[:description] if args.key?(:description) @etag = args[:etag] if args.key?(:etag) @included_permissions = args[:included_permissions] if args.key?(:included_permissions) @name = args[:name] if args.key?(:name) @stage = args[:stage] if args.key?(:stage) @title = args[:title] if args.key?(:title) end end # Represents an SAML 2.0 identity provider. class Saml include Google::Apis::Core::Hashable # Required. SAML identity provider (IdP) configuration metadata XML doc. The XML # document must comply with the [SAML 2.0 specification](https://docs.oasis-open. # org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The maximum size of an # acceptable XML document is 128K characters. The SAML metadata XML document # must satisfy the following constraints: * Must contain an IdP Entity ID. * # Must contain at least one non-expired signing certificate. * For each signing # certificate, the expiration must be: * From no more than 7 days in the future. # * To no more than 25 years in the future. * Up to three IdP signing keys are # allowed. When updating the provider's metadata XML, at least one non-expired # signing key must overlap with the existing metadata. This requirement is # skipped if there are no non-expired signing keys present in the existing # metadata. # Corresponds to the JSON property `idpMetadataXml` # @return [String] attr_accessor :idp_metadata_xml def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @idp_metadata_xml = args[:idp_metadata_xml] if args.key?(:idp_metadata_xml) end end # An IAM service account. A service account is an account for an application or # a virtual machine (VM) instance, not a person. You can use a service account # to call Google APIs. To learn more, read the [overview of service accounts]( # https://cloud.google.com/iam/help/service-accounts/overview). When you create # a service account, you specify the project ID that owns the service account, # as well as a name that must be unique within the project. IAM uses these # values to create an email address that identifies the service account. // class ServiceAccount include Google::Apis::Core::Hashable # Optional. A user-specified, human-readable description of the service account. # The maximum length is 256 UTF-8 bytes. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Output only. Whether the service account is disabled. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # Optional. A user-specified, human-readable name for the service account. The # maximum length is 100 UTF-8 bytes. # Corresponds to the JSON property `displayName` # @return [String] attr_accessor :display_name # Output only. The email address of the service account. # Corresponds to the JSON property `email` # @return [String] attr_accessor :email # Deprecated. Do not use. # Corresponds to the JSON property `etag` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :etag # The resource name of the service account. Use one of the following formats: * ` # projects/`PROJECT_ID`/serviceAccounts/`EMAIL_ADDRESS`` * `projects/`PROJECT_ID` # /serviceAccounts/`UNIQUE_ID`` As an alternative, you can use the `-` wildcard # character instead of the project ID: * `projects/-/serviceAccounts/` # EMAIL_ADDRESS`` * `projects/-/serviceAccounts/`UNIQUE_ID`` When possible, # avoid using the `-` wildcard character, because it can cause response messages # to contain misleading error codes. For example, if you try to access the # service account `projects/-/serviceAccounts/fake@example.com`, which does not # exist, the response contains an HTTP `403 Forbidden` error instead of a `404 # Not Found` error. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Output only. The OAuth 2.0 client ID for the service account. # Corresponds to the JSON property `oauth2ClientId` # @return [String] attr_accessor :oauth2_client_id # Output only. The ID of the project that owns the service account. # Corresponds to the JSON property `projectId` # @return [String] attr_accessor :project_id # Output only. The unique, stable numeric ID for the service account. Each # service account retains its unique ID even if you delete the service account. # For example, if you delete a service account, then create a new service # account with the same name, the new service account has a different unique ID # than the deleted service account. # Corresponds to the JSON property `uniqueId` # @return [String] attr_accessor :unique_id def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @description = args[:description] if args.key?(:description) @disabled = args[:disabled] if args.key?(:disabled) @display_name = args[:display_name] if args.key?(:display_name) @email = args[:email] if args.key?(:email) @etag = args[:etag] if args.key?(:etag) @name = args[:name] if args.key?(:name) @oauth2_client_id = args[:oauth2_client_id] if args.key?(:oauth2_client_id) @project_id = args[:project_id] if args.key?(:project_id) @unique_id = args[:unique_id] if args.key?(:unique_id) end end # Represents a service account key. A service account has two sets of key-pairs: # user-managed, and system-managed. User-managed key-pairs can be created and # deleted by users. Users are responsible for rotating these keys periodically # to ensure security of their service accounts. Users retain the private key of # these key-pairs, and Google retains ONLY the public key. System-managed keys # are automatically rotated by Google, and are used for signing for a maximum of # two weeks. The rotation process is probabilistic, and usage of the new key # will gradually ramp up and down over the key's lifetime. If you cache the # public key set for a service account, we recommend that you update the cache # every 15 minutes. User-managed keys can be added and removed at any time, so # it is important to update the cache frequently. For Google-managed keys, # Google will publish a key at least 6 hours before it is first used for signing # and will keep publishing it for at least 6 hours after it was last used for # signing. Public keys for all service accounts are also published at the OAuth2 # Service Account API. class ServiceAccountKey include Google::Apis::Core::Hashable # Output only. optional. If the key is disabled, it may have a DisableReason # describing why it was disabled. # Corresponds to the JSON property `disableReason` # @return [String] attr_accessor :disable_reason # The key status. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # Output only. Extended Status provides permanent information about a service # account key. For example, if this key was detected as exposed or compromised, # that information will remain for the lifetime of the key in the # extended_status. # Corresponds to the JSON property `extendedStatus` # @return [Array] attr_accessor :extended_status # Specifies the algorithm (and possibly key size) for the key. # Corresponds to the JSON property `keyAlgorithm` # @return [String] attr_accessor :key_algorithm # The key origin. # Corresponds to the JSON property `keyOrigin` # @return [String] attr_accessor :key_origin # The key type. # Corresponds to the JSON property `keyType` # @return [String] attr_accessor :key_type # The resource name of the service account key in the following format `projects/ # `PROJECT_ID`/serviceAccounts/`ACCOUNT`/keys/`key``. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # The private key data. Only provided in `CreateServiceAccountKey` responses. # Make sure to keep the private key data secure because it allows for the # assertion of the service account identity. When base64 decoded, the private # key data can be used to authenticate with Google API client libraries and with # gcloud auth activate-service-account. # Corresponds to the JSON property `privateKeyData` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :private_key_data # The output format for the private key. Only provided in ` # CreateServiceAccountKey` responses, not in `GetServiceAccountKey` or ` # ListServiceAccountKey` responses. Google never exposes system-managed private # keys, and never retains user-managed private keys. # Corresponds to the JSON property `privateKeyType` # @return [String] attr_accessor :private_key_type # The public key data. Only provided in `GetServiceAccountKey` responses. # Corresponds to the JSON property `publicKeyData` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :public_key_data # The key can be used after this timestamp. # Corresponds to the JSON property `validAfterTime` # @return [String] attr_accessor :valid_after_time # The key can be used before this timestamp. For system-managed key pairs, this # timestamp is the end time for the private key signing operation. The public # key could still be used for verification for a few hours after this time. # Corresponds to the JSON property `validBeforeTime` # @return [String] attr_accessor :valid_before_time def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @disable_reason = args[:disable_reason] if args.key?(:disable_reason) @disabled = args[:disabled] if args.key?(:disabled) @extended_status = args[:extended_status] if args.key?(:extended_status) @key_algorithm = args[:key_algorithm] if args.key?(:key_algorithm) @key_origin = args[:key_origin] if args.key?(:key_origin) @key_type = args[:key_type] if args.key?(:key_type) @name = args[:name] if args.key?(:name) @private_key_data = args[:private_key_data] if args.key?(:private_key_data) @private_key_type = args[:private_key_type] if args.key?(:private_key_type) @public_key_data = args[:public_key_data] if args.key?(:public_key_data) @valid_after_time = args[:valid_after_time] if args.key?(:valid_after_time) @valid_before_time = args[:valid_before_time] if args.key?(:valid_before_time) end end # Configuration for a service. class ServiceConfig include Google::Apis::Core::Hashable # Optional. Domain name of the service. Example: console.cloud.google # Corresponds to the JSON property `domain` # @return [String] attr_accessor :domain def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @domain = args[:domain] if args.key?(:domain) end end # Request message for SetAttestationRules. class SetAttestationRulesRequest include Google::Apis::Core::Hashable # Required. The attestation rules to be set. At most 50 attestation rules can be # set. # Corresponds to the JSON property `attestationRules` # @return [Array] attr_accessor :attestation_rules def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @attestation_rules = args[:attestation_rules] if args.key?(:attestation_rules) end end # Request message for `SetIamPolicy` method. class SetIamPolicyRequest include Google::Apis::Core::Hashable # An Identity and Access Management (IAM) policy, which specifies access # controls for Google Cloud resources. A `Policy` is a collection of `bindings`. # A `binding` binds one or more `members`, or principals, to a single `role`. # Principals can be user accounts, service accounts, Google groups, and domains ( # such as G Suite). A `role` is a named list of permissions; each `role` can be # an IAM predefined role or a user-created custom role. For some types of Google # Cloud resources, a `binding` can also specify a `condition`, which is a # logical expression that allows access to a resource only if the expression # evaluates to `true`. A condition can add constraints based on attributes of # the request, the resource, or both. To learn which resources support # conditions in their IAM policies, see the [IAM documentation](https://cloud. # google.com/iam/help/conditions/resource-policies). **JSON example:** ``` ` " # bindings": [ ` "role": "roles/resourcemanager.organizationAdmin", "members": [ # "user:mike@example.com", "group:admins@example.com", "domain:google.com", " # serviceAccount:my-project-id@appspot.gserviceaccount.com" ] `, ` "role": " # roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" # ], "condition": ` "title": "expirable access", "description": "Does not grant # access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00: # 00:00.000Z')", ` ` ], "etag": "BwWWja0YfJA=", "version": 3 ` ``` **YAML # example:** ``` bindings: - members: - user:mike@example.com - group:admins@ # example.com - domain:google.com - serviceAccount:my-project-id@appspot. # gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - # user:eve@example.com role: roles/resourcemanager.organizationViewer condition: # title: expirable access description: Does not grant access after Sep 2020 # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: # BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the # [IAM documentation](https://cloud.google.com/iam/docs/). # Corresponds to the JSON property `policy` # @return [Google::Apis::IamV1::Policy] attr_accessor :policy # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only # the fields in the mask will be modified. If no mask is provided, the following # default mask is used: `paths: "bindings, etag"` # Corresponds to the JSON property `updateMask` # @return [String] attr_accessor :update_mask def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @policy = args[:policy] if args.key?(:policy) @update_mask = args[:update_mask] if args.key?(:update_mask) end end # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The service account sign blob request. class SignBlobRequest include Google::Apis::Core::Hashable # Required. Deprecated. [Migrate to Service Account Credentials API](https:// # cloud.google.com/iam/help/credentials/migrate-api). The bytes to sign. # Corresponds to the JSON property `bytesToSign` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :bytes_to_sign def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @bytes_to_sign = args[:bytes_to_sign] if args.key?(:bytes_to_sign) end end # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The service account sign blob response. class SignBlobResponse include Google::Apis::Core::Hashable # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The id of the key used to sign the blob. # Corresponds to the JSON property `keyId` # @return [String] attr_accessor :key_id # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The signed blob. # Corresponds to the JSON property `signature` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :signature def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @key_id = args[:key_id] if args.key?(:key_id) @signature = args[:signature] if args.key?(:signature) end end # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The service account sign JWT request. class SignJwtRequest include Google::Apis::Core::Hashable # Required. Deprecated. [Migrate to Service Account Credentials API](https:// # cloud.google.com/iam/help/credentials/migrate-api). The JWT payload to sign. # Must be a serialized JSON object that contains a JWT Claims Set. For example: ` # `"sub": "user@example.com", "iat": 313435`` If the JWT Claims Set contains an # expiration time (`exp`) claim, it must be an integer timestamp that is not in # the past and no more than 12 hours in the future. If the JWT Claims Set does # not contain an expiration time (`exp`) claim, this claim is added # automatically, with a timestamp that is 1 hour in the future. # Corresponds to the JSON property `payload` # @return [String] attr_accessor :payload def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @payload = args[:payload] if args.key?(:payload) end end # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The service account sign JWT response. class SignJwtResponse include Google::Apis::Core::Hashable # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The id of the key used to sign the JWT. # Corresponds to the JSON property `keyId` # @return [String] attr_accessor :key_id # Deprecated. [Migrate to Service Account Credentials API](https://cloud.google. # com/iam/help/credentials/migrate-api). The signed JWT. # Corresponds to the JSON property `signedJwt` # @return [String] attr_accessor :signed_jwt def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @key_id = args[:key_id] if args.key?(:key_id) @signed_jwt = args[:signed_jwt] if args.key?(:signed_jwt) end end # The `Status` type defines a logical error model that is suitable for different # programming environments, including REST APIs and RPC APIs. It is used by [ # gRPC](https://github.com/grpc). Each `Status` message contains three pieces of # data: error code, error message, and error details. You can find out more # about this error model and how to work with it in the [API Design Guide](https: # //cloud.google.com/apis/design/errors). class Status include Google::Apis::Core::Hashable # The status code, which should be an enum value of google.rpc.Code. # Corresponds to the JSON property `code` # @return [Fixnum] attr_accessor :code # A list of messages that carry the error details. There is a common set of # message types for APIs to use. # Corresponds to the JSON property `details` # @return [Array>] attr_accessor :details # A developer-facing error message, which should be in English. Any user-facing # error message should be localized and sent in the google.rpc.Status.details # field, or localized by the client. # Corresponds to the JSON property `message` # @return [String] attr_accessor :message def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @code = args[:code] if args.key?(:code) @details = args[:details] if args.key?(:details) @message = args[:message] if args.key?(:message) end end # Request message for `TestIamPermissions` method. class TestIamPermissionsRequest include Google::Apis::Core::Hashable # The set of permissions to check for the `resource`. Permissions with wildcards # (such as `*` or `storage.*`) are not allowed. For more information see [IAM # Overview](https://cloud.google.com/iam/docs/overview#permissions). # Corresponds to the JSON property `permissions` # @return [Array] attr_accessor :permissions def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @permissions = args[:permissions] if args.key?(:permissions) end end # Response message for `TestIamPermissions` method. class TestIamPermissionsResponse include Google::Apis::Core::Hashable # A subset of `TestPermissionsRequest.permissions` that the caller is allowed. # Corresponds to the JSON property `permissions` # @return [Array] attr_accessor :permissions def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @permissions = args[:permissions] if args.key?(:permissions) end end # Represents a root of trust. class TrustAnchor include Google::Apis::Core::Hashable # PEM certificate of the PKI used for validation. Must only contain one ca # certificate (either root or intermediate cert). # Corresponds to the JSON property `pemCertificate` # @return [String] attr_accessor :pem_certificate def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @pem_certificate = args[:pem_certificate] if args.key?(:pem_certificate) end end # Trust store that contains trust anchors and optional intermediate CAs used in # PKI to build a trust chain(trust hierarchy) and verify a client's identity. class TrustStore include Google::Apis::Core::Hashable # Optional. Set of intermediate CA certificates used for building the trust # chain to the trust anchor. Important: Intermediate CAs are only supported for # X.509 federation. # Corresponds to the JSON property `intermediateCas` # @return [Array] attr_accessor :intermediate_cas # Required. List of trust anchors to be used while performing validation against # a given TrustStore. The incoming end entity's certificate must be in the trust # chain of one of the trust anchors here. # Corresponds to the JSON property `trustAnchors` # @return [Array] attr_accessor :trust_anchors def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @intermediate_cas = args[:intermediate_cas] if args.key?(:intermediate_cas) @trust_anchors = args[:trust_anchors] if args.key?(:trust_anchors) end end # Request message for UndeleteOauthClient. class UndeleteOauthClientRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # The request to undelete an existing role. class UndeleteRoleRequest include Google::Apis::Core::Hashable # Used to perform a consistent read-modify-write. # Corresponds to the JSON property `etag` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :etag def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @etag = args[:etag] if args.key?(:etag) end end # The service account undelete request. class UndeleteServiceAccountRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # class UndeleteServiceAccountResponse include Google::Apis::Core::Hashable # An IAM service account. A service account is an account for an application or # a virtual machine (VM) instance, not a person. You can use a service account # to call Google APIs. To learn more, read the [overview of service accounts]( # https://cloud.google.com/iam/help/service-accounts/overview). When you create # a service account, you specify the project ID that owns the service account, # as well as a name that must be unique within the project. IAM uses these # values to create an email address that identifies the service account. // # Corresponds to the JSON property `restoredAccount` # @return [Google::Apis::IamV1::ServiceAccount] attr_accessor :restored_account def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @restored_account = args[:restored_account] if args.key?(:restored_account) end end # Request message for UndeleteWorkforcePoolProviderKey. class UndeleteWorkforcePoolProviderKeyRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # Request message for UndeleteWorkforcePoolProvider. class UndeleteWorkforcePoolProviderRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # Gemini Enterprise only. Request message for # UndeleteWorkforcePoolProviderScimTenant. class UndeleteWorkforcePoolProviderScimTenantRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # Gemini Enterprise only. Request message for # UndeleteWorkforcePoolProviderScimToken. class UndeleteWorkforcePoolProviderScimTokenRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # Request message for UndeleteWorkforcePool. class UndeleteWorkforcePoolRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # Request message for UndeleteWorkforcePoolSubject. class UndeleteWorkforcePoolSubjectRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # Request message for UndeleteWorkloadIdentityPoolManagedIdentity. class UndeleteWorkloadIdentityPoolManagedIdentityRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # Request message for UndeleteWorkloadIdentityPoolNamespace. class UndeleteWorkloadIdentityPoolNamespaceRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # Request message for UndeleteWorkloadIdentityPoolProviderKey. class UndeleteWorkloadIdentityPoolProviderKeyRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # Request message for UndeleteWorkloadIdentityPoolProvider. class UndeleteWorkloadIdentityPoolProviderRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # Request message for UndeleteWorkloadIdentityPool. class UndeleteWorkloadIdentityPoolRequest include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # The service account key upload request. class UploadServiceAccountKeyRequest include Google::Apis::Core::Hashable # The public key to associate with the service account. Must be an RSA public # key that is wrapped in an X.509 v3 certificate. Include the first line, `----- # BEGIN CERTIFICATE-----`, and the last line, `-----END CERTIFICATE-----`. # Corresponds to the JSON property `publicKeyData` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :public_key_data def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @public_key_data = args[:public_key_data] if args.key?(:public_key_data) end end # Represents a collection of external workforces. Provides namespaces for # federated users that can be referenced in IAM policies. class WorkforcePool include Google::Apis::Core::Hashable # Access related restrictions on the workforce pool. # Corresponds to the JSON property `accessRestrictions` # @return [Google::Apis::IamV1::AccessRestrictions] attr_accessor :access_restrictions # Optional. A description of the pool. Cannot exceed 256 characters. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Optional. Disables the workforce pool. You cannot use a disabled pool to # exchange tokens, or use existing tokens to access resources. If the pool is re- # enabled, existing tokens grant access again. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # Optional. A display name for the pool. Cannot exceed 32 characters. # Corresponds to the JSON property `displayName` # @return [String] attr_accessor :display_name # Output only. Time after which the workforce pool will be permanently purged # and cannot be recovered. # Corresponds to the JSON property `expireTime` # @return [String] attr_accessor :expire_time # Identifier. The resource name of the pool. Format: `locations/`location`/ # workforcePools/`workforce_pool_id`` # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Immutable. The resource name of the parent. Format: `organizations/`org-id``. # Corresponds to the JSON property `parent` # @return [String] attr_accessor :parent # Optional. Duration that the Google Cloud access tokens, console sign-in # sessions, and `gcloud` sign-in sessions from this pool are valid. Must be # greater than 15 minutes (900s) and less than 12 hours (43200s). If ` # session_duration` is not configured, minted credentials have a default # duration of one hour (3600s). For SAML providers, the lifetime of the token is # the minimum of the `session_duration` and the `SessionNotOnOrAfter` claim in # the SAML assertion. # Corresponds to the JSON property `sessionDuration` # @return [String] attr_accessor :session_duration # Output only. The state of the pool. # Corresponds to the JSON property `state` # @return [String] attr_accessor :state def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @access_restrictions = args[:access_restrictions] if args.key?(:access_restrictions) @description = args[:description] if args.key?(:description) @disabled = args[:disabled] if args.key?(:disabled) @display_name = args[:display_name] if args.key?(:display_name) @expire_time = args[:expire_time] if args.key?(:expire_time) @name = args[:name] if args.key?(:name) @parent = args[:parent] if args.key?(:parent) @session_duration = args[:session_duration] if args.key?(:session_duration) @state = args[:state] if args.key?(:state) end end # A configuration for an external identity provider. class WorkforcePoolProvider include Google::Apis::Core::Hashable # Optional. A [Common Expression Language](https://opensource.google/projects/ # cel) expression, in plain text, to restrict what otherwise valid # authentication credentials issued by the provider should not be accepted. The # expression must output a boolean representing whether to allow the federation. # The following keywords may be referenced in the expressions: * `assertion`: # JSON representing the authentication credential issued by the provider. * ` # google`: The Google attributes mapped from the assertion in the ` # attribute_mappings`. `google.profile_photo`, `google.display_name` and `google. # posix_username` are not supported. * `attribute`: The custom attributes mapped # from the assertion in the `attribute_mappings`. The maximum length of the # attribute condition expression is 4096 characters. If unspecified, all valid # authentication credentials will be accepted. The following example shows how # to only allow credentials with a mapped `google.groups` value of `admins`: ``` # "'admins' in google.groups" ``` # Corresponds to the JSON property `attributeCondition` # @return [String] attr_accessor :attribute_condition # Required. Maps attributes from the authentication credentials issued by an # external identity provider to Google Cloud attributes, such as `subject` and ` # segment`. Each key must be a string specifying the Google Cloud IAM attribute # to map to. The following keys are supported: * `google.subject`: The principal # IAM is authenticating. You can reference this value in IAM bindings. This is # also the subject that appears in Cloud Logging logs. This is a required field # and the mapped subject cannot exceed 127 bytes. * `google.groups`: Groups the # authenticating user belongs to. You can grant groups access to resources using # an IAM `principalSet` binding; access applies to all members of the group. * ` # google.display_name`: The name of the authenticated user. This is an optional # field and the mapped display name cannot exceed 100 bytes. If not set, `google. # subject` will be displayed instead. This attribute cannot be referenced in IAM # bindings. * `google.profile_photo`: The URL that specifies the authenticated # user's thumbnail photo. This is an optional field. When set, the image will be # visible as the user's profile picture. If not set, a generic user icon will be # displayed instead. This attribute cannot be referenced in IAM bindings. * ` # google.posix_username`: The Linux username used by OS Login. This is an # optional field and the mapped POSIX username cannot exceed 32 characters. The # key must match the regex `^a-zA-Z0-9._`0,31`$`. This attribute cannot be # referenced in IAM bindings. You can also provide custom attributes by # specifying `attribute.`custom_attribute``, where `custom_attribute` is the # name of the custom attribute to be mapped. You can define a maximum of 50 # custom attributes. The maximum length of a mapped attribute key is 100 # characters, and the key may only contain the characters `[a-z0-9_]`. You can # reference these attributes in IAM policies to define fine-grained access for a # workforce pool to Google Cloud resources. For example: * `google.subject`: ` # principal://iam.googleapis.com/locations/global/workforcePools/`pool`/subject/` # value`` * `google.groups`: `principalSet://iam.googleapis.com/locations/global/ # workforcePools/`pool`/group/`value`` * `attribute.`custom_attribute``: ` # principalSet://iam.googleapis.com/locations/global/workforcePools/`pool`/ # attribute.`custom_attribute`/`value`` Each value must be a [Common Expression # Language] (https://opensource.google/projects/cel) function that maps an # identity provider credential to the normalized attribute specified by the # corresponding map key. You can use the `assertion` keyword in the expression # to access a JSON representation of the authentication credential issued by the # provider. The maximum length of an attribute mapping expression is 2048 # characters. When evaluated, the total size of all mapped attributes must not # exceed 16 KB. For OIDC providers, you must supply a custom mapping that # includes the `google.subject` attribute. For example, the following maps the ` # sub` claim of the incoming credential to the `subject` attribute on a Google # token: ``` `"google.subject": "assertion.sub"` ``` # Corresponds to the JSON property `attributeMapping` # @return [Hash] attr_accessor :attribute_mapping # Optional. A description of the provider. Cannot exceed 256 characters. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Optional. If true, populates additional debug information in Cloud Audit Logs # for this provider. Logged attribute mappings and values can be found in `sts. # googleapis.com` data access logs. Default value is false. # Corresponds to the JSON property `detailedAuditLogging` # @return [Boolean] attr_accessor :detailed_audit_logging alias_method :detailed_audit_logging?, :detailed_audit_logging # Optional. Disables the workforce pool provider. You cannot use a disabled # provider to exchange tokens. However, existing tokens still grant access. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # Optional. A display name for the provider. Cannot exceed 32 characters. # Corresponds to the JSON property `displayName` # @return [String] attr_accessor :display_name # Output only. Time after which the workforce identity pool provider will be # permanently purged and cannot be recovered. # Corresponds to the JSON property `expireTime` # @return [String] attr_accessor :expire_time # Represents the OAuth 2.0 client credential configuration for retrieving # additional user attributes that are not present in the initial authentication # credentials from the identity provider, for example, groups. See https:// # datatracker.ietf.org/doc/html/rfc6749#section-4.4 for more details on client # credentials grant flow. # Corresponds to the JSON property `extendedAttributesOauth2Client` # @return [Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client] attr_accessor :extended_attributes_oauth2_client # Represents the OAuth 2.0 client credential configuration for retrieving # additional user attributes that are not present in the initial authentication # credentials from the identity provider, for example, groups. See https:// # datatracker.ietf.org/doc/html/rfc6749#section-4.4 for more details on client # credentials grant flow. # Corresponds to the JSON property `extraAttributesOauth2Client` # @return [Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client] attr_accessor :extra_attributes_oauth2_client # Identifier. The resource name of the provider. Format: `locations/`location`/ # workforcePools/`workforce_pool_id`/providers/`provider_id`` # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Represents an OpenID Connect 1.0 identity provider. # Corresponds to the JSON property `oidc` # @return [Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidc] attr_accessor :oidc # Represents a SAML identity provider. # Corresponds to the JSON property `saml` # @return [Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderSaml] attr_accessor :saml # Optional. Gemini Enterprise only. Specifies whether the workforce identity # pool provider uses SCIM-managed groups instead of the `google.groups` # attribute mapping for authorization checks. The `scim_usage` and ` # extended_attributes_oauth2_client` fields are mutually exclusive. A request # that enables both fields on the same workforce identity pool provider will # produce an error. # Corresponds to the JSON property `scimUsage` # @return [String] attr_accessor :scim_usage # Output only. The state of the provider. # Corresponds to the JSON property `state` # @return [String] attr_accessor :state def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @attribute_condition = args[:attribute_condition] if args.key?(:attribute_condition) @attribute_mapping = args[:attribute_mapping] if args.key?(:attribute_mapping) @description = args[:description] if args.key?(:description) @detailed_audit_logging = args[:detailed_audit_logging] if args.key?(:detailed_audit_logging) @disabled = args[:disabled] if args.key?(:disabled) @display_name = args[:display_name] if args.key?(:display_name) @expire_time = args[:expire_time] if args.key?(:expire_time) @extended_attributes_oauth2_client = args[:extended_attributes_oauth2_client] if args.key?(:extended_attributes_oauth2_client) @extra_attributes_oauth2_client = args[:extra_attributes_oauth2_client] if args.key?(:extra_attributes_oauth2_client) @name = args[:name] if args.key?(:name) @oidc = args[:oidc] if args.key?(:oidc) @saml = args[:saml] if args.key?(:saml) @scim_usage = args[:scim_usage] if args.key?(:scim_usage) @state = args[:state] if args.key?(:state) end end # Represents a public key configuration for a Workforce Pool Provider. The key # can be configured in your identity provider to encrypt SAML assertions. Google # holds the corresponding private key, which it uses to decrypt encrypted tokens. class WorkforcePoolProviderKey include Google::Apis::Core::Hashable # Output only. The time after which the key will be permanently deleted and # cannot be recovered. Note that the key may get purged before this time if the # total limit of keys per provider is exceeded. # Corresponds to the JSON property `expireTime` # @return [String] attr_accessor :expire_time # Represents a public key data along with its format. # Corresponds to the JSON property `keyData` # @return [Google::Apis::IamV1::KeyData] attr_accessor :key_data # Identifier. The resource name of the key. Format: `locations/`location`/ # workforcePools/`workforce_pool_id`/providers/`provider_id`/keys/`key_id`` # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Output only. The state of the key. # Corresponds to the JSON property `state` # @return [String] attr_accessor :state # Required. The purpose of the key. # Corresponds to the JSON property `use` # @return [String] attr_accessor :use def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @expire_time = args[:expire_time] if args.key?(:expire_time) @key_data = args[:key_data] if args.key?(:key_data) @name = args[:name] if args.key?(:name) @state = args[:state] if args.key?(:state) @use = args[:use] if args.key?(:use) end end # Gemini Enterprise only. Represents a SCIM tenant. Used for provisioning and # managing identity data (such as Users and Groups) in cross-domain environments. class WorkforcePoolProviderScimTenant include Google::Apis::Core::Hashable # Output only. Gemini Enterprise only. Represents the base URI as defined in [ # RFC 7644, Section 1.3](https://datatracker.ietf.org/doc/html/rfc7644#section-1. # 3). Clients must use this as the root address for managing resources under the # tenant. Format: https://iamscim.googleapis.com/`version`/`tenant_id`/ # Corresponds to the JSON property `baseUri` # @return [String] attr_accessor :base_uri # Required. Immutable. Gemini Enterprise only. Maps SCIM attributes to Google # attributes. This mapping is used to associate the attributes synced via SCIM # with the Google Cloud attributes used in IAM policies for Workforce Identity # Federation. SCIM-managed user and group attributes are mapped to `google. # subject` and `google.group` respectively. Each key must be a string specifying # the Google Cloud IAM attribute to map to. The supported keys are as follows: * # `google.subject`: The principal IAM is authenticating. You can reference this # value in IAM bindings. This is also the subject that appears in Cloud Logging # logs. This is a required field and the mapped subject cannot exceed 127 bytes. # * `google.group`: Group the authenticating user belongs to. You can grant # group access to resources using an IAM `principalSet` binding; access applies # to all members of the group. Each value must be a [Common Expression Language] # (https://opensource.google/projects/cel) expression that maps SCIM user or # group attribute to the normalized attribute specified by the corresponding map # key. Example: To map the SCIM user's `externalId` to `google.subject` and the # SCIM group's `externalId` to `google.group`: ``` ` "google.subject": "user. # externalId", "google.group": "group.externalId" ` ``` # Corresponds to the JSON property `claimMapping` # @return [Hash] attr_accessor :claim_mapping # Optional. Gemini Enterprise only. The description of the SCIM tenant. Cannot # exceed 256 characters. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Optional. Gemini Enterprise only. The display name of the SCIM tenant. Cannot # exceed 32 characters. # Corresponds to the JSON property `displayName` # @return [String] attr_accessor :display_name # Identifier. Gemini Enterprise only. The resource name of the SCIM Tenant. # Format: `locations/`location`/workforcePools/`workforce_pool`/providers/ ` # workforce_pool_provider`/scimTenants/`scim_tenant`` # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Output only. Gemini Enterprise only. The timestamp that represents the time # when the SCIM tenant is purged. # Corresponds to the JSON property `purgeTime` # @return [String] attr_accessor :purge_time # Output only. Service Agent created by SCIM Tenant API. SCIM tokens created # under this tenant will be attached to this service agent. # Corresponds to the JSON property `serviceAgent` # @return [String] attr_accessor :service_agent # Output only. Gemini Enterprise only. The state of the tenant. # Corresponds to the JSON property `state` # @return [String] attr_accessor :state def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @base_uri = args[:base_uri] if args.key?(:base_uri) @claim_mapping = args[:claim_mapping] if args.key?(:claim_mapping) @description = args[:description] if args.key?(:description) @display_name = args[:display_name] if args.key?(:display_name) @name = args[:name] if args.key?(:name) @purge_time = args[:purge_time] if args.key?(:purge_time) @service_agent = args[:service_agent] if args.key?(:service_agent) @state = args[:state] if args.key?(:state) end end # Gemini Enterprise only. Represents a token for the # WorkforcePoolProviderScimTenant. Used for authenticating SCIM provisioning # requests. class WorkforcePoolProviderScimToken include Google::Apis::Core::Hashable # Optional. Gemini Enterprise only. The display name of the SCIM token. Cannot # exceed 32 characters. # Corresponds to the JSON property `displayName` # @return [String] attr_accessor :display_name # Identifier. Gemini Enterprise only. The resource name of the SCIM Token. # Format: `locations/`location`/workforcePools/`workforce_pool`/providers/ ` # workforce_pool_provider`/scimTenants/`scim_tenant`/tokens/`token`` # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Output only. Gemini Enterprise only. The token string. Provide this to the IdP # for authentication. Will be set only during creation. # Corresponds to the JSON property `securityToken` # @return [String] attr_accessor :security_token # Output only. Gemini Enterprise only. The state of the token. # Corresponds to the JSON property `state` # @return [String] attr_accessor :state def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @display_name = args[:display_name] if args.key?(:display_name) @name = args[:name] if args.key?(:name) @security_token = args[:security_token] if args.key?(:security_token) @state = args[:state] if args.key?(:state) end end # Represents a collection of workload identities. You can define IAM policies to # grant these identities access to Google Cloud resources. class WorkloadIdentityPool include Google::Apis::Core::Hashable # Optional. A description of the pool. Cannot exceed 256 characters. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Optional. Whether the pool is disabled. You cannot use a disabled pool to # exchange tokens, or use existing tokens to access resources. If the pool is re- # enabled, existing tokens grant access again. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # Optional. A display name for the pool. Cannot exceed 32 characters. # Corresponds to the JSON property `displayName` # @return [String] attr_accessor :display_name # Output only. Time after which the workload identity pool will be permanently # purged and cannot be recovered. # Corresponds to the JSON property `expireTime` # @return [String] attr_accessor :expire_time # Represents configuration for generating mutual TLS (mTLS) certificates for the # identities within this pool. # Corresponds to the JSON property `inlineCertificateIssuanceConfig` # @return [Google::Apis::IamV1::InlineCertificateIssuanceConfig] attr_accessor :inline_certificate_issuance_config # Defines configuration for extending trust to additional trust domains. By # establishing trust with another domain, the current domain will recognize and # accept certificates issued by entities within the trusted domains. Note that a # trust domain automatically trusts itself, eliminating the need for explicit # configuration. # Corresponds to the JSON property `inlineTrustConfig` # @return [Google::Apis::IamV1::InlineTrustConfig] attr_accessor :inline_trust_config # Immutable. The mode the pool is operating in. # Corresponds to the JSON property `mode` # @return [String] attr_accessor :mode # Identifier. The resource name of the pool. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Output only. The state of the pool. # Corresponds to the JSON property `state` # @return [String] attr_accessor :state def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @description = args[:description] if args.key?(:description) @disabled = args[:disabled] if args.key?(:disabled) @display_name = args[:display_name] if args.key?(:display_name) @expire_time = args[:expire_time] if args.key?(:expire_time) @inline_certificate_issuance_config = args[:inline_certificate_issuance_config] if args.key?(:inline_certificate_issuance_config) @inline_trust_config = args[:inline_trust_config] if args.key?(:inline_trust_config) @mode = args[:mode] if args.key?(:mode) @name = args[:name] if args.key?(:name) @state = args[:state] if args.key?(:state) end end # Represents a managed identity for a workload identity pool namespace. class WorkloadIdentityPoolManagedIdentity include Google::Apis::Core::Hashable # Optional. A description of the managed identity. Cannot exceed 256 characters. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Optional. Whether the managed identity is disabled. If disabled, credentials # may no longer be issued for the identity, however existing credentials will # still be accepted until they expire. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # Output only. Time after which the managed identity will be permanently purged # and cannot be recovered. # Corresponds to the JSON property `expireTime` # @return [String] attr_accessor :expire_time # Identifier. The resource name of the managed identity. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Output only. The state of the managed identity. # Corresponds to the JSON property `state` # @return [String] attr_accessor :state def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @description = args[:description] if args.key?(:description) @disabled = args[:disabled] if args.key?(:disabled) @expire_time = args[:expire_time] if args.key?(:expire_time) @name = args[:name] if args.key?(:name) @state = args[:state] if args.key?(:state) end end # Represents a namespace for a workload identity pool. Namespaces are used to # segment identities within the pool. class WorkloadIdentityPoolNamespace include Google::Apis::Core::Hashable # Optional. A description of the namespace. Cannot exceed 256 characters. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Optional. Whether the namespace is disabled. If disabled, credentials may no # longer be issued for identities within this namespace, however existing # credentials will still be accepted until they expire. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # Output only. Time after which the namespace will be permanently purged and # cannot be recovered. # Corresponds to the JSON property `expireTime` # @return [String] attr_accessor :expire_time # Identifier. The resource name of the namespace. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # The Google Cloud service that owns this namespace. # Corresponds to the JSON property `ownerService` # @return [Google::Apis::IamV1::OwnerService] attr_accessor :owner_service # Output only. The state of the namespace. # Corresponds to the JSON property `state` # @return [String] attr_accessor :state def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @description = args[:description] if args.key?(:description) @disabled = args[:disabled] if args.key?(:disabled) @expire_time = args[:expire_time] if args.key?(:expire_time) @name = args[:name] if args.key?(:name) @owner_service = args[:owner_service] if args.key?(:owner_service) @state = args[:state] if args.key?(:state) end end # Metadata for long-running WorkloadIdentityPool operations. class WorkloadIdentityPoolOperationMetadata include Google::Apis::Core::Hashable def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) end end # A configuration for an external identity provider. class WorkloadIdentityPoolProvider include Google::Apis::Core::Hashable # Optional. [A Common Expression Language](https://opensource.google/projects/ # cel) expression, in plain text, to restrict what otherwise valid # authentication credentials issued by the provider should not be accepted. The # expression must output a boolean representing whether to allow the federation. # The following keywords may be referenced in the expressions: * `assertion`: # JSON representing the authentication credential issued by the provider. * ` # google`: The Google attributes mapped from the assertion in the ` # attribute_mappings`. * `attribute`: The custom attributes mapped from the # assertion in the `attribute_mappings`. The maximum length of the attribute # condition expression is 4096 characters. If unspecified, all valid # authentication credential are accepted. The following example shows how to # only allow credentials with a mapped `google.groups` value of `admins`: ``` "' # admins' in google.groups" ``` # Corresponds to the JSON property `attributeCondition` # @return [String] attr_accessor :attribute_condition # Optional. Maps attributes from authentication credentials issued by an # external identity provider to Google Cloud attributes, such as `subject` and ` # segment`. Each key must be a string specifying the Google Cloud IAM attribute # to map to. The following keys are supported: * `google.subject`: The principal # IAM is authenticating. You can reference this value in IAM bindings. This is # also the subject that appears in Cloud Logging logs. Cannot exceed 127 bytes. * # `google.groups`: Groups the external identity belongs to. You can grant # groups access to resources using an IAM `principalSet` binding; access applies # to all members of the group. You can also provide custom attributes by # specifying `attribute.`custom_attribute``, where ``custom_attribute`` is the # name of the custom attribute to be mapped. You can define a maximum of 50 # custom attributes. The maximum length of a mapped attribute key is 100 # characters, and the key may only contain the characters [a-z0-9_]. You can # reference these attributes in IAM policies to define fine-grained access for a # workload to Google Cloud resources. For example: * `google.subject`: ` # principal://iam.googleapis.com/projects/`project`/locations/`location`/ # workloadIdentityPools/`pool`/subject/`value`` * `google.groups`: `principalSet: # //iam.googleapis.com/projects/`project`/locations/`location`/ # workloadIdentityPools/`pool`/group/`value`` * `attribute.`custom_attribute``: ` # principalSet://iam.googleapis.com/projects/`project`/locations/`location`/ # workloadIdentityPools/`pool`/attribute.`custom_attribute`/`value`` Each value # must be a [Common Expression Language] (https://opensource.google/projects/cel) # function that maps an identity provider credential to the normalized # attribute specified by the corresponding map key. You can use the `assertion` # keyword in the expression to access a JSON representation of the # authentication credential issued by the provider. The maximum length of an # attribute mapping expression is 2048 characters. When evaluated, the total # size of all mapped attributes must not exceed 8KB. For AWS providers, if no # attribute mapping is defined, the following default mapping applies: ``` ` " # google.subject":"assertion.arn", "attribute.aws_role": "assertion.arn.contains( # 'assumed-role')" " ? assertion.arn.extract('`account_arn`assumed-role/')" " + ' # assumed-role/'" " + assertion.arn.extract('assumed-role/`role_name`/')" " : # assertion.arn", ` ``` If any custom attribute mappings are defined, they must # include a mapping to the `google.subject` attribute. For OIDC providers, you # must supply a custom mapping, which must include the `google.subject` # attribute. For example, the following maps the `sub` claim of the incoming # credential to the `subject` attribute on a Google token: ``` `"google.subject": # "assertion.sub"` ``` # Corresponds to the JSON property `attributeMapping` # @return [Hash] attr_accessor :attribute_mapping # Represents an Amazon Web Services identity provider. # Corresponds to the JSON property `aws` # @return [Google::Apis::IamV1::Aws] attr_accessor :aws # Optional. A description for the provider. Cannot exceed 256 characters. # Corresponds to the JSON property `description` # @return [String] attr_accessor :description # Optional. Whether the provider is disabled. You cannot use a disabled provider # to exchange tokens. However, existing tokens still grant access. # Corresponds to the JSON property `disabled` # @return [Boolean] attr_accessor :disabled alias_method :disabled?, :disabled # Optional. A display name for the provider. Cannot exceed 32 characters. # Corresponds to the JSON property `displayName` # @return [String] attr_accessor :display_name # Output only. Time after which the workload identity pool provider will be # permanently purged and cannot be recovered. # Corresponds to the JSON property `expireTime` # @return [String] attr_accessor :expire_time # Identifier. The resource name of the provider. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Represents an OpenId Connect 1.0 identity provider. # Corresponds to the JSON property `oidc` # @return [Google::Apis::IamV1::Oidc] attr_accessor :oidc # Represents an SAML 2.0 identity provider. # Corresponds to the JSON property `saml` # @return [Google::Apis::IamV1::Saml] attr_accessor :saml # Output only. The state of the provider. # Corresponds to the JSON property `state` # @return [String] attr_accessor :state # An X.509-type identity provider represents a CA. It is trusted to assert a # client identity if the client has a certificate that chains up to this CA. # Corresponds to the JSON property `x509` # @return [Google::Apis::IamV1::X509] attr_accessor :x509 def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @attribute_condition = args[:attribute_condition] if args.key?(:attribute_condition) @attribute_mapping = args[:attribute_mapping] if args.key?(:attribute_mapping) @aws = args[:aws] if args.key?(:aws) @description = args[:description] if args.key?(:description) @disabled = args[:disabled] if args.key?(:disabled) @display_name = args[:display_name] if args.key?(:display_name) @expire_time = args[:expire_time] if args.key?(:expire_time) @name = args[:name] if args.key?(:name) @oidc = args[:oidc] if args.key?(:oidc) @saml = args[:saml] if args.key?(:saml) @state = args[:state] if args.key?(:state) @x509 = args[:x509] if args.key?(:x509) end end # Represents a public key configuration for your workload identity pool provider. # The key can be configured in your identity provider to encrypt the SAML # assertions. Google holds the corresponding private key which it uses to # decrypt encrypted tokens. class WorkloadIdentityPoolProviderKey include Google::Apis::Core::Hashable # Output only. Time after which the key will be permanently purged and cannot be # recovered. Note that the key may get purged before this timestamp if the total # limit of keys per provider is crossed. # Corresponds to the JSON property `expireTime` # @return [String] attr_accessor :expire_time # Represents a public key data along with its format. # Corresponds to the JSON property `keyData` # @return [Google::Apis::IamV1::KeyData] attr_accessor :key_data # Identifier. The resource name of the key. # Corresponds to the JSON property `name` # @return [String] attr_accessor :name # Output only. The state of the key. # Corresponds to the JSON property `state` # @return [String] attr_accessor :state # Required. The purpose of the key. # Corresponds to the JSON property `use` # @return [String] attr_accessor :use def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @expire_time = args[:expire_time] if args.key?(:expire_time) @key_data = args[:key_data] if args.key?(:key_data) @name = args[:name] if args.key?(:name) @state = args[:state] if args.key?(:state) @use = args[:use] if args.key?(:use) end end # An X.509-type identity provider represents a CA. It is trusted to assert a # client identity if the client has a certificate that chains up to this CA. class X509 include Google::Apis::Core::Hashable # Trust store that contains trust anchors and optional intermediate CAs used in # PKI to build a trust chain(trust hierarchy) and verify a client's identity. # Corresponds to the JSON property `trustStore` # @return [Google::Apis::IamV1::TrustStore] attr_accessor :trust_store def initialize(**args) update!(**args) end # Update properties of this object def update!(**args) @trust_store = args[:trust_store] if args.key?(:trust_store) end end end end end google-apis-iam_v1-0.83.0/lib/google/apis/iam_v1/representations.rb0000644000004100000410000017626615141175474025151 0ustar www-datawww-data# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require 'date' require 'google/apis/core/base_service' require 'google/apis/core/json_representation' require 'google/apis/core/hashable' require 'google/apis/errors' module Google module Apis module IamV1 class AccessRestrictions class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class AddAttestationRuleRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class AdminAuditData class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class AttestationRule class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class AuditConfig class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class AuditData class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class AuditLogConfig class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class AuditableService class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Aws class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Binding class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class BindingDelta class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class CreateRoleRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class CreateServiceAccountKeyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class CreateServiceAccountRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class DisableServiceAccountKeyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class DisableServiceAccountRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Empty class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class EnableServiceAccountKeyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class EnableServiceAccountRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Expr class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ExtendedStatus class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class GetIamPolicyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class GetPolicyOptions class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class GoogleIamAdminV1WorkforcePoolProviderOidc class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class GoogleIamAdminV1WorkforcePoolProviderSaml class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class InlineCertificateIssuanceConfig class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class InlineTrustConfig class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class IntermediateCa class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class KeyData class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class LintPolicyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class LintPolicyResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class LintResult class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListAttestationRulesResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListOauthClientCredentialsResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListOauthClientsResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListRolesResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListServiceAccountKeysResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListServiceAccountsResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListWorkforcePoolProviderKeysResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListWorkforcePoolProviderScimTenantsResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListWorkforcePoolProviderScimTokensResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListWorkforcePoolProvidersResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListWorkforcePoolsResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListWorkloadIdentityPoolManagedIdentitiesResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListWorkloadIdentityPoolNamespacesResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListWorkloadIdentityPoolProviderKeysResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListWorkloadIdentityPoolProvidersResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ListWorkloadIdentityPoolsResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class OauthClient class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class OauthClientCredential class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Oidc class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Operation class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class OperationMetadata class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class OwnerService class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class PatchServiceAccountRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Permission class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class PermissionDelta class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Policy class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class PolicyDelta class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class QueryAuditableServicesRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class QueryAuditableServicesResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class QueryGrantableRolesRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class QueryGrantableRolesResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class QueryTestablePermissionsRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class QueryTestablePermissionsResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ReconciliationOperationMetadata class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class RemoveAttestationRuleRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Role class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Saml class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ServiceAccount class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ServiceAccountKey class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class ServiceConfig class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class SetAttestationRulesRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class SetIamPolicyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class SignBlobRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class SignBlobResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class SignJwtRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class SignJwtResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class Status class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class TestIamPermissionsRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class TestIamPermissionsResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class TrustAnchor class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class TrustStore class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteOauthClientRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteRoleRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteServiceAccountRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteServiceAccountResponse class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteWorkforcePoolProviderKeyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteWorkforcePoolProviderRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteWorkforcePoolProviderScimTenantRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteWorkforcePoolProviderScimTokenRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteWorkforcePoolRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteWorkforcePoolSubjectRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteWorkloadIdentityPoolManagedIdentityRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteWorkloadIdentityPoolNamespaceRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteWorkloadIdentityPoolProviderKeyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteWorkloadIdentityPoolProviderRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UndeleteWorkloadIdentityPoolRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class UploadServiceAccountKeyRequest class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkforcePool class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkforcePoolProvider class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkforcePoolProviderKey class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkforcePoolProviderScimTenant class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkforcePoolProviderScimToken class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkloadIdentityPool class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkloadIdentityPoolManagedIdentity class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkloadIdentityPoolNamespace class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkloadIdentityPoolOperationMetadata class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkloadIdentityPoolProvider class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class WorkloadIdentityPoolProviderKey class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class X509 class Representation < Google::Apis::Core::JsonRepresentation; end include Google::Apis::Core::JsonObjectSupport end class AccessRestrictions # @private class Representation < Google::Apis::Core::JsonRepresentation collection :allowed_services, as: 'allowedServices', class: Google::Apis::IamV1::ServiceConfig, decorator: Google::Apis::IamV1::ServiceConfig::Representation property :disable_programmatic_signin, as: 'disableProgrammaticSignin' end end class AddAttestationRuleRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :attestation_rule, as: 'attestationRule', class: Google::Apis::IamV1::AttestationRule, decorator: Google::Apis::IamV1::AttestationRule::Representation end end class AdminAuditData # @private class Representation < Google::Apis::Core::JsonRepresentation property :permission_delta, as: 'permissionDelta', class: Google::Apis::IamV1::PermissionDelta, decorator: Google::Apis::IamV1::PermissionDelta::Representation end end class AttestationRule # @private class Representation < Google::Apis::Core::JsonRepresentation property :google_cloud_resource, as: 'googleCloudResource' end end class AuditConfig # @private class Representation < Google::Apis::Core::JsonRepresentation collection :audit_log_configs, as: 'auditLogConfigs', class: Google::Apis::IamV1::AuditLogConfig, decorator: Google::Apis::IamV1::AuditLogConfig::Representation property :service, as: 'service' end end class AuditData # @private class Representation < Google::Apis::Core::JsonRepresentation property :policy_delta, as: 'policyDelta', class: Google::Apis::IamV1::PolicyDelta, decorator: Google::Apis::IamV1::PolicyDelta::Representation end end class AuditLogConfig # @private class Representation < Google::Apis::Core::JsonRepresentation collection :exempted_members, as: 'exemptedMembers' property :log_type, as: 'logType' end end class AuditableService # @private class Representation < Google::Apis::Core::JsonRepresentation property :name, as: 'name' end end class Aws # @private class Representation < Google::Apis::Core::JsonRepresentation property :account_id, as: 'accountId' end end class Binding # @private class Representation < Google::Apis::Core::JsonRepresentation property :condition, as: 'condition', class: Google::Apis::IamV1::Expr, decorator: Google::Apis::IamV1::Expr::Representation collection :members, as: 'members' property :role, as: 'role' end end class BindingDelta # @private class Representation < Google::Apis::Core::JsonRepresentation property :action, as: 'action' property :condition, as: 'condition', class: Google::Apis::IamV1::Expr, decorator: Google::Apis::IamV1::Expr::Representation property :member, as: 'member' property :role, as: 'role' end end class CreateRoleRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :role, as: 'role', class: Google::Apis::IamV1::Role, decorator: Google::Apis::IamV1::Role::Representation property :role_id, as: 'roleId' end end class CreateServiceAccountKeyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :key_algorithm, as: 'keyAlgorithm' property :private_key_type, as: 'privateKeyType' end end class CreateServiceAccountRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :account_id, as: 'accountId' property :service_account, as: 'serviceAccount', class: Google::Apis::IamV1::ServiceAccount, decorator: Google::Apis::IamV1::ServiceAccount::Representation end end class DisableServiceAccountKeyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :extended_status_message, as: 'extendedStatusMessage' property :service_account_key_disable_reason, as: 'serviceAccountKeyDisableReason' end end class DisableServiceAccountRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class Empty # @private class Representation < Google::Apis::Core::JsonRepresentation end end class EnableServiceAccountKeyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class EnableServiceAccountRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class Expr # @private class Representation < Google::Apis::Core::JsonRepresentation property :description, as: 'description' property :expression, as: 'expression' property :location, as: 'location' property :title, as: 'title' end end class ExtendedStatus # @private class Representation < Google::Apis::Core::JsonRepresentation property :key, as: 'key' property :value, as: 'value' end end class GetIamPolicyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :options, as: 'options', class: Google::Apis::IamV1::GetPolicyOptions, decorator: Google::Apis::IamV1::GetPolicyOptions::Representation end end class GetPolicyOptions # @private class Representation < Google::Apis::Core::JsonRepresentation property :requested_policy_version, as: 'requestedPolicyVersion' end end class GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client # @private class Representation < Google::Apis::Core::JsonRepresentation property :attributes_type, as: 'attributesType' property :client_id, as: 'clientId' property :client_secret, as: 'clientSecret', class: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret, decorator: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret::Representation property :issuer_uri, as: 'issuerUri' property :query_parameters, as: 'queryParameters', class: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters, decorator: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters::Representation end end class GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2ClientQueryParameters # @private class Representation < Google::Apis::Core::JsonRepresentation property :filter, as: 'filter' end end class GoogleIamAdminV1WorkforcePoolProviderOidc # @private class Representation < Google::Apis::Core::JsonRepresentation property :client_id, as: 'clientId' property :client_secret, as: 'clientSecret', class: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret, decorator: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret::Representation property :issuer_uri, as: 'issuerUri' property :jwks_json, as: 'jwksJson' property :web_sso_config, as: 'webSsoConfig', class: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig, decorator: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig::Representation end end class GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret # @private class Representation < Google::Apis::Core::JsonRepresentation property :value, as: 'value', class: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue, decorator: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue::Representation end end class GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue # @private class Representation < Google::Apis::Core::JsonRepresentation property :plain_text, as: 'plainText' property :thumbprint, as: 'thumbprint' end end class GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig # @private class Representation < Google::Apis::Core::JsonRepresentation collection :additional_scopes, as: 'additionalScopes' property :assertion_claims_behavior, as: 'assertionClaimsBehavior' property :response_type, as: 'responseType' end end class GoogleIamAdminV1WorkforcePoolProviderSaml # @private class Representation < Google::Apis::Core::JsonRepresentation property :idp_metadata_xml, as: 'idpMetadataXml' end end class InlineCertificateIssuanceConfig # @private class Representation < Google::Apis::Core::JsonRepresentation hash :ca_pools, as: 'caPools' property :key_algorithm, as: 'keyAlgorithm' property :lifetime, as: 'lifetime' property :rotation_window_percentage, as: 'rotationWindowPercentage' end end class InlineTrustConfig # @private class Representation < Google::Apis::Core::JsonRepresentation hash :additional_trust_bundles, as: 'additionalTrustBundles', class: Google::Apis::IamV1::TrustStore, decorator: Google::Apis::IamV1::TrustStore::Representation end end class IntermediateCa # @private class Representation < Google::Apis::Core::JsonRepresentation property :pem_certificate, as: 'pemCertificate' end end class KeyData # @private class Representation < Google::Apis::Core::JsonRepresentation property :format, as: 'format' property :key, as: 'key' property :key_spec, as: 'keySpec' property :not_after_time, as: 'notAfterTime' property :not_before_time, as: 'notBeforeTime' end end class LintPolicyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :condition, as: 'condition', class: Google::Apis::IamV1::Expr, decorator: Google::Apis::IamV1::Expr::Representation property :full_resource_name, as: 'fullResourceName' end end class LintPolicyResponse # @private class Representation < Google::Apis::Core::JsonRepresentation collection :lint_results, as: 'lintResults', class: Google::Apis::IamV1::LintResult, decorator: Google::Apis::IamV1::LintResult::Representation end end class LintResult # @private class Representation < Google::Apis::Core::JsonRepresentation property :debug_message, as: 'debugMessage' property :field_name, as: 'fieldName' property :level, as: 'level' property :location_offset, as: 'locationOffset' property :severity, as: 'severity' property :validation_unit_name, as: 'validationUnitName' end end class ListAttestationRulesResponse # @private class Representation < Google::Apis::Core::JsonRepresentation collection :attestation_rules, as: 'attestationRules', class: Google::Apis::IamV1::AttestationRule, decorator: Google::Apis::IamV1::AttestationRule::Representation property :next_page_token, as: 'nextPageToken' end end class ListOauthClientCredentialsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation collection :oauth_client_credentials, as: 'oauthClientCredentials', class: Google::Apis::IamV1::OauthClientCredential, decorator: Google::Apis::IamV1::OauthClientCredential::Representation end end class ListOauthClientsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :oauth_clients, as: 'oauthClients', class: Google::Apis::IamV1::OauthClient, decorator: Google::Apis::IamV1::OauthClient::Representation end end class ListRolesResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :roles, as: 'roles', class: Google::Apis::IamV1::Role, decorator: Google::Apis::IamV1::Role::Representation end end class ListServiceAccountKeysResponse # @private class Representation < Google::Apis::Core::JsonRepresentation collection :keys, as: 'keys', class: Google::Apis::IamV1::ServiceAccountKey, decorator: Google::Apis::IamV1::ServiceAccountKey::Representation end end class ListServiceAccountsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation collection :accounts, as: 'accounts', class: Google::Apis::IamV1::ServiceAccount, decorator: Google::Apis::IamV1::ServiceAccount::Representation property :next_page_token, as: 'nextPageToken' end end class ListWorkforcePoolProviderKeysResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :workforce_pool_provider_keys, as: 'workforcePoolProviderKeys', class: Google::Apis::IamV1::WorkforcePoolProviderKey, decorator: Google::Apis::IamV1::WorkforcePoolProviderKey::Representation end end class ListWorkforcePoolProviderScimTenantsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :workforce_pool_provider_scim_tenants, as: 'workforcePoolProviderScimTenants', class: Google::Apis::IamV1::WorkforcePoolProviderScimTenant, decorator: Google::Apis::IamV1::WorkforcePoolProviderScimTenant::Representation end end class ListWorkforcePoolProviderScimTokensResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :workforce_pool_provider_scim_tokens, as: 'workforcePoolProviderScimTokens', class: Google::Apis::IamV1::WorkforcePoolProviderScimToken, decorator: Google::Apis::IamV1::WorkforcePoolProviderScimToken::Representation end end class ListWorkforcePoolProvidersResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :workforce_pool_providers, as: 'workforcePoolProviders', class: Google::Apis::IamV1::WorkforcePoolProvider, decorator: Google::Apis::IamV1::WorkforcePoolProvider::Representation end end class ListWorkforcePoolsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :workforce_pools, as: 'workforcePools', class: Google::Apis::IamV1::WorkforcePool, decorator: Google::Apis::IamV1::WorkforcePool::Representation end end class ListWorkloadIdentityPoolManagedIdentitiesResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :workload_identity_pool_managed_identities, as: 'workloadIdentityPoolManagedIdentities', class: Google::Apis::IamV1::WorkloadIdentityPoolManagedIdentity, decorator: Google::Apis::IamV1::WorkloadIdentityPoolManagedIdentity::Representation end end class ListWorkloadIdentityPoolNamespacesResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :workload_identity_pool_namespaces, as: 'workloadIdentityPoolNamespaces', class: Google::Apis::IamV1::WorkloadIdentityPoolNamespace, decorator: Google::Apis::IamV1::WorkloadIdentityPoolNamespace::Representation end end class ListWorkloadIdentityPoolProviderKeysResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :workload_identity_pool_provider_keys, as: 'workloadIdentityPoolProviderKeys', class: Google::Apis::IamV1::WorkloadIdentityPoolProviderKey, decorator: Google::Apis::IamV1::WorkloadIdentityPoolProviderKey::Representation end end class ListWorkloadIdentityPoolProvidersResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :workload_identity_pool_providers, as: 'workloadIdentityPoolProviders', class: Google::Apis::IamV1::WorkloadIdentityPoolProvider, decorator: Google::Apis::IamV1::WorkloadIdentityPoolProvider::Representation end end class ListWorkloadIdentityPoolsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :workload_identity_pools, as: 'workloadIdentityPools', class: Google::Apis::IamV1::WorkloadIdentityPool, decorator: Google::Apis::IamV1::WorkloadIdentityPool::Representation end end class OauthClient # @private class Representation < Google::Apis::Core::JsonRepresentation collection :allowed_grant_types, as: 'allowedGrantTypes' collection :allowed_redirect_uris, as: 'allowedRedirectUris' collection :allowed_scopes, as: 'allowedScopes' property :client_id, as: 'clientId' property :client_type, as: 'clientType' property :description, as: 'description' property :disabled, as: 'disabled' property :display_name, as: 'displayName' property :expire_time, as: 'expireTime' property :name, as: 'name' property :state, as: 'state' end end class OauthClientCredential # @private class Representation < Google::Apis::Core::JsonRepresentation property :client_secret, as: 'clientSecret' property :disabled, as: 'disabled' property :display_name, as: 'displayName' property :name, as: 'name' end end class Oidc # @private class Representation < Google::Apis::Core::JsonRepresentation collection :allowed_audiences, as: 'allowedAudiences' property :issuer_uri, as: 'issuerUri' property :jwks_json, as: 'jwksJson' end end class Operation # @private class Representation < Google::Apis::Core::JsonRepresentation property :done, as: 'done' property :error, as: 'error', class: Google::Apis::IamV1::Status, decorator: Google::Apis::IamV1::Status::Representation hash :metadata, as: 'metadata' property :name, as: 'name' hash :response, as: 'response' end end class OperationMetadata # @private class Representation < Google::Apis::Core::JsonRepresentation property :api_version, as: 'apiVersion' property :cancel_requested, as: 'cancelRequested' property :create_time, as: 'createTime' property :end_time, as: 'endTime' property :status_detail, as: 'statusDetail' property :target, as: 'target' property :verb, as: 'verb' end end class OwnerService # @private class Representation < Google::Apis::Core::JsonRepresentation property :principal_subject, as: 'principalSubject' end end class PatchServiceAccountRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :service_account, as: 'serviceAccount', class: Google::Apis::IamV1::ServiceAccount, decorator: Google::Apis::IamV1::ServiceAccount::Representation property :update_mask, as: 'updateMask' end end class Permission # @private class Representation < Google::Apis::Core::JsonRepresentation property :api_disabled, as: 'apiDisabled' property :custom_roles_support_level, as: 'customRolesSupportLevel' property :description, as: 'description' property :name, as: 'name' property :only_in_predefined_roles, as: 'onlyInPredefinedRoles' property :primary_permission, as: 'primaryPermission' property :stage, as: 'stage' property :title, as: 'title' end end class PermissionDelta # @private class Representation < Google::Apis::Core::JsonRepresentation collection :added_permissions, as: 'addedPermissions' collection :removed_permissions, as: 'removedPermissions' end end class Policy # @private class Representation < Google::Apis::Core::JsonRepresentation collection :audit_configs, as: 'auditConfigs', class: Google::Apis::IamV1::AuditConfig, decorator: Google::Apis::IamV1::AuditConfig::Representation collection :bindings, as: 'bindings', class: Google::Apis::IamV1::Binding, decorator: Google::Apis::IamV1::Binding::Representation property :etag, :base64 => true, as: 'etag' property :version, as: 'version' end end class PolicyDelta # @private class Representation < Google::Apis::Core::JsonRepresentation collection :binding_deltas, as: 'bindingDeltas', class: Google::Apis::IamV1::BindingDelta, decorator: Google::Apis::IamV1::BindingDelta::Representation end end class QueryAuditableServicesRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :full_resource_name, as: 'fullResourceName' end end class QueryAuditableServicesResponse # @private class Representation < Google::Apis::Core::JsonRepresentation collection :services, as: 'services', class: Google::Apis::IamV1::AuditableService, decorator: Google::Apis::IamV1::AuditableService::Representation end end class QueryGrantableRolesRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :full_resource_name, as: 'fullResourceName' property :page_size, as: 'pageSize' property :page_token, as: 'pageToken' property :view, as: 'view' end end class QueryGrantableRolesResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :roles, as: 'roles', class: Google::Apis::IamV1::Role, decorator: Google::Apis::IamV1::Role::Representation end end class QueryTestablePermissionsRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :full_resource_name, as: 'fullResourceName' property :page_size, as: 'pageSize' property :page_token, as: 'pageToken' end end class QueryTestablePermissionsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :next_page_token, as: 'nextPageToken' collection :permissions, as: 'permissions', class: Google::Apis::IamV1::Permission, decorator: Google::Apis::IamV1::Permission::Representation end end class ReconciliationOperationMetadata # @private class Representation < Google::Apis::Core::JsonRepresentation property :delete_resource, as: 'deleteResource' property :exclusive_action, as: 'exclusiveAction' end end class RemoveAttestationRuleRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :attestation_rule, as: 'attestationRule', class: Google::Apis::IamV1::AttestationRule, decorator: Google::Apis::IamV1::AttestationRule::Representation end end class Role # @private class Representation < Google::Apis::Core::JsonRepresentation property :deleted, as: 'deleted' property :description, as: 'description' property :etag, :base64 => true, as: 'etag' collection :included_permissions, as: 'includedPermissions' property :name, as: 'name' property :stage, as: 'stage' property :title, as: 'title' end end class Saml # @private class Representation < Google::Apis::Core::JsonRepresentation property :idp_metadata_xml, as: 'idpMetadataXml' end end class ServiceAccount # @private class Representation < Google::Apis::Core::JsonRepresentation property :description, as: 'description' property :disabled, as: 'disabled' property :display_name, as: 'displayName' property :email, as: 'email' property :etag, :base64 => true, as: 'etag' property :name, as: 'name' property :oauth2_client_id, as: 'oauth2ClientId' property :project_id, as: 'projectId' property :unique_id, as: 'uniqueId' end end class ServiceAccountKey # @private class Representation < Google::Apis::Core::JsonRepresentation property :disable_reason, as: 'disableReason' property :disabled, as: 'disabled' collection :extended_status, as: 'extendedStatus', class: Google::Apis::IamV1::ExtendedStatus, decorator: Google::Apis::IamV1::ExtendedStatus::Representation property :key_algorithm, as: 'keyAlgorithm' property :key_origin, as: 'keyOrigin' property :key_type, as: 'keyType' property :name, as: 'name' property :private_key_data, :base64 => true, as: 'privateKeyData' property :private_key_type, as: 'privateKeyType' property :public_key_data, :base64 => true, as: 'publicKeyData' property :valid_after_time, as: 'validAfterTime' property :valid_before_time, as: 'validBeforeTime' end end class ServiceConfig # @private class Representation < Google::Apis::Core::JsonRepresentation property :domain, as: 'domain' end end class SetAttestationRulesRequest # @private class Representation < Google::Apis::Core::JsonRepresentation collection :attestation_rules, as: 'attestationRules', class: Google::Apis::IamV1::AttestationRule, decorator: Google::Apis::IamV1::AttestationRule::Representation end end class SetIamPolicyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :policy, as: 'policy', class: Google::Apis::IamV1::Policy, decorator: Google::Apis::IamV1::Policy::Representation property :update_mask, as: 'updateMask' end end class SignBlobRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :bytes_to_sign, :base64 => true, as: 'bytesToSign' end end class SignBlobResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :key_id, as: 'keyId' property :signature, :base64 => true, as: 'signature' end end class SignJwtRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :payload, as: 'payload' end end class SignJwtResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :key_id, as: 'keyId' property :signed_jwt, as: 'signedJwt' end end class Status # @private class Representation < Google::Apis::Core::JsonRepresentation property :code, as: 'code' collection :details, as: 'details' property :message, as: 'message' end end class TestIamPermissionsRequest # @private class Representation < Google::Apis::Core::JsonRepresentation collection :permissions, as: 'permissions' end end class TestIamPermissionsResponse # @private class Representation < Google::Apis::Core::JsonRepresentation collection :permissions, as: 'permissions' end end class TrustAnchor # @private class Representation < Google::Apis::Core::JsonRepresentation property :pem_certificate, as: 'pemCertificate' end end class TrustStore # @private class Representation < Google::Apis::Core::JsonRepresentation collection :intermediate_cas, as: 'intermediateCas', class: Google::Apis::IamV1::IntermediateCa, decorator: Google::Apis::IamV1::IntermediateCa::Representation collection :trust_anchors, as: 'trustAnchors', class: Google::Apis::IamV1::TrustAnchor, decorator: Google::Apis::IamV1::TrustAnchor::Representation end end class UndeleteOauthClientRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteRoleRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :etag, :base64 => true, as: 'etag' end end class UndeleteServiceAccountRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteServiceAccountResponse # @private class Representation < Google::Apis::Core::JsonRepresentation property :restored_account, as: 'restoredAccount', class: Google::Apis::IamV1::ServiceAccount, decorator: Google::Apis::IamV1::ServiceAccount::Representation end end class UndeleteWorkforcePoolProviderKeyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteWorkforcePoolProviderRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteWorkforcePoolProviderScimTenantRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteWorkforcePoolProviderScimTokenRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteWorkforcePoolRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteWorkforcePoolSubjectRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteWorkloadIdentityPoolManagedIdentityRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteWorkloadIdentityPoolNamespaceRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteWorkloadIdentityPoolProviderKeyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteWorkloadIdentityPoolProviderRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UndeleteWorkloadIdentityPoolRequest # @private class Representation < Google::Apis::Core::JsonRepresentation end end class UploadServiceAccountKeyRequest # @private class Representation < Google::Apis::Core::JsonRepresentation property :public_key_data, :base64 => true, as: 'publicKeyData' end end class WorkforcePool # @private class Representation < Google::Apis::Core::JsonRepresentation property :access_restrictions, as: 'accessRestrictions', class: Google::Apis::IamV1::AccessRestrictions, decorator: Google::Apis::IamV1::AccessRestrictions::Representation property :description, as: 'description' property :disabled, as: 'disabled' property :display_name, as: 'displayName' property :expire_time, as: 'expireTime' property :name, as: 'name' property :parent, as: 'parent' property :session_duration, as: 'sessionDuration' property :state, as: 'state' end end class WorkforcePoolProvider # @private class Representation < Google::Apis::Core::JsonRepresentation property :attribute_condition, as: 'attributeCondition' hash :attribute_mapping, as: 'attributeMapping' property :description, as: 'description' property :detailed_audit_logging, as: 'detailedAuditLogging' property :disabled, as: 'disabled' property :display_name, as: 'displayName' property :expire_time, as: 'expireTime' property :extended_attributes_oauth2_client, as: 'extendedAttributesOauth2Client', class: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client, decorator: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client::Representation property :extra_attributes_oauth2_client, as: 'extraAttributesOauth2Client', class: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client, decorator: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderExtraAttributesOAuth2Client::Representation property :name, as: 'name' property :oidc, as: 'oidc', class: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidc, decorator: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderOidc::Representation property :saml, as: 'saml', class: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderSaml, decorator: Google::Apis::IamV1::GoogleIamAdminV1WorkforcePoolProviderSaml::Representation property :scim_usage, as: 'scimUsage' property :state, as: 'state' end end class WorkforcePoolProviderKey # @private class Representation < Google::Apis::Core::JsonRepresentation property :expire_time, as: 'expireTime' property :key_data, as: 'keyData', class: Google::Apis::IamV1::KeyData, decorator: Google::Apis::IamV1::KeyData::Representation property :name, as: 'name' property :state, as: 'state' property :use, as: 'use' end end class WorkforcePoolProviderScimTenant # @private class Representation < Google::Apis::Core::JsonRepresentation property :base_uri, as: 'baseUri' hash :claim_mapping, as: 'claimMapping' property :description, as: 'description' property :display_name, as: 'displayName' property :name, as: 'name' property :purge_time, as: 'purgeTime' property :service_agent, as: 'serviceAgent' property :state, as: 'state' end end class WorkforcePoolProviderScimToken # @private class Representation < Google::Apis::Core::JsonRepresentation property :display_name, as: 'displayName' property :name, as: 'name' property :security_token, as: 'securityToken' property :state, as: 'state' end end class WorkloadIdentityPool # @private class Representation < Google::Apis::Core::JsonRepresentation property :description, as: 'description' property :disabled, as: 'disabled' property :display_name, as: 'displayName' property :expire_time, as: 'expireTime' property :inline_certificate_issuance_config, as: 'inlineCertificateIssuanceConfig', class: Google::Apis::IamV1::InlineCertificateIssuanceConfig, decorator: Google::Apis::IamV1::InlineCertificateIssuanceConfig::Representation property :inline_trust_config, as: 'inlineTrustConfig', class: Google::Apis::IamV1::InlineTrustConfig, decorator: Google::Apis::IamV1::InlineTrustConfig::Representation property :mode, as: 'mode' property :name, as: 'name' property :state, as: 'state' end end class WorkloadIdentityPoolManagedIdentity # @private class Representation < Google::Apis::Core::JsonRepresentation property :description, as: 'description' property :disabled, as: 'disabled' property :expire_time, as: 'expireTime' property :name, as: 'name' property :state, as: 'state' end end class WorkloadIdentityPoolNamespace # @private class Representation < Google::Apis::Core::JsonRepresentation property :description, as: 'description' property :disabled, as: 'disabled' property :expire_time, as: 'expireTime' property :name, as: 'name' property :owner_service, as: 'ownerService', class: Google::Apis::IamV1::OwnerService, decorator: Google::Apis::IamV1::OwnerService::Representation property :state, as: 'state' end end class WorkloadIdentityPoolOperationMetadata # @private class Representation < Google::Apis::Core::JsonRepresentation end end class WorkloadIdentityPoolProvider # @private class Representation < Google::Apis::Core::JsonRepresentation property :attribute_condition, as: 'attributeCondition' hash :attribute_mapping, as: 'attributeMapping' property :aws, as: 'aws', class: Google::Apis::IamV1::Aws, decorator: Google::Apis::IamV1::Aws::Representation property :description, as: 'description' property :disabled, as: 'disabled' property :display_name, as: 'displayName' property :expire_time, as: 'expireTime' property :name, as: 'name' property :oidc, as: 'oidc', class: Google::Apis::IamV1::Oidc, decorator: Google::Apis::IamV1::Oidc::Representation property :saml, as: 'saml', class: Google::Apis::IamV1::Saml, decorator: Google::Apis::IamV1::Saml::Representation property :state, as: 'state' property :x509, as: 'x509', class: Google::Apis::IamV1::X509, decorator: Google::Apis::IamV1::X509::Representation end end class WorkloadIdentityPoolProviderKey # @private class Representation < Google::Apis::Core::JsonRepresentation property :expire_time, as: 'expireTime' property :key_data, as: 'keyData', class: Google::Apis::IamV1::KeyData, decorator: Google::Apis::IamV1::KeyData::Representation property :name, as: 'name' property :state, as: 'state' property :use, as: 'use' end end class X509 # @private class Representation < Google::Apis::Core::JsonRepresentation property :trust_store, as: 'trustStore', class: Google::Apis::IamV1::TrustStore, decorator: Google::Apis::IamV1::TrustStore::Representation end end end end end google-apis-iam_v1-0.83.0/lib/google/apis/iam_v1.rb0000644000004100000410000000315315141175474021704 0ustar www-datawww-data# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require 'google/apis/iam_v1/service.rb' require 'google/apis/iam_v1/classes.rb' require 'google/apis/iam_v1/representations.rb' require 'google/apis/iam_v1/gem_version.rb' module Google module Apis # Identity and Access Management (IAM) API # # Manages identity and access control for Google Cloud resources, including the # creation of service accounts, which you can use to authenticate to Google and # make API calls. Enabling this API also enables the IAM Service Account # Credentials API (iamcredentials.googleapis.com). However, disabling this API # doesn't disable the IAM Service Account Credentials API. # # @see https://cloud.google.com/iam/ module IamV1 # Version of the Identity and Access Management (IAM) API this client connects to. # This is NOT the gem version. VERSION = 'V1' # See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account. AUTH_CLOUD_PLATFORM = 'https://www.googleapis.com/auth/cloud-platform' end end end google-apis-iam_v1-0.83.0/lib/google-apis-iam_v1.rb0000644000004100000410000000113515141175474021676 0ustar www-datawww-data# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. require "google/apis/iam_v1" google-apis-iam_v1-0.83.0/google-apis-iam_v1.gemspec0000644000004100000410000000463115141175474022154 0ustar www-datawww-data######################################################### # This file has been automatically generated by gem2tgz # ######################################################### # -*- encoding: utf-8 -*- # stub: google-apis-iam_v1 0.83.0 ruby lib Gem::Specification.new do |s| s.name = "google-apis-iam_v1".freeze s.version = "0.83.0".freeze s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= s.metadata = { "bug_tracker_uri" => "https://github.com/googleapis/google-api-ruby-client/issues", "changelog_uri" => "https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-iam_v1/CHANGELOG.md", "documentation_uri" => "https://googleapis.dev/ruby/google-apis-iam_v1/v0.83.0", "source_code_uri" => "https://github.com/googleapis/google-api-ruby-client/tree/main/generated/google-apis-iam_v1" } if s.respond_to? :metadata= s.require_paths = ["lib".freeze] s.authors = ["Google LLC".freeze] s.date = "1980-01-02" s.description = "This is the simple REST client for Identity and Access Management (IAM) API V1. Simple REST clients are Ruby client libraries that provide access to Google services via their HTTP REST API endpoints. These libraries are generated and updated automatically based on the discovery documents published by the service, and they handle most concerns such as authentication, pagination, retry, timeouts, and logging. You can use this client to access the Identity and Access Management (IAM) API, but note that some services may provide a separate modern client that is easier to use.".freeze s.email = "googleapis-packages@google.com".freeze s.files = [".yardopts".freeze, "CHANGELOG.md".freeze, "LICENSE.md".freeze, "OVERVIEW.md".freeze, "lib/google-apis-iam_v1.rb".freeze, "lib/google/apis/iam_v1.rb".freeze, "lib/google/apis/iam_v1/classes.rb".freeze, "lib/google/apis/iam_v1/gem_version.rb".freeze, "lib/google/apis/iam_v1/representations.rb".freeze, "lib/google/apis/iam_v1/service.rb".freeze] s.homepage = "https://github.com/google/google-api-ruby-client".freeze s.licenses = ["Apache-2.0".freeze] s.required_ruby_version = Gem::Requirement.new(">= 3.1".freeze) s.rubygems_version = "3.6.9".freeze s.summary = "Simple REST client for Identity and Access Management (IAM) API V1".freeze s.specification_version = 4 s.add_runtime_dependency(%q.freeze, [">= 0.15.0".freeze, "< 2.a".freeze]) end google-apis-iam_v1-0.83.0/.yardopts0000644000004100000410000000034215141175474017070 0ustar www-datawww-data--hide-void-return --no-private --verbose --title=google-apis-iam_v1 --markup-provider=redcarpet --markup=markdown --main OVERVIEW.md lib/google/apis/iam_v1/*.rb lib/google/apis/iam_v1.rb - OVERVIEW.md CHANGELOG.md LICENSE.md google-apis-iam_v1-0.83.0/LICENSE.md0000644000004100000410000002636115141175474016637 0ustar www-datawww-data Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. google-apis-iam_v1-0.83.0/CHANGELOG.md0000644000004100000410000001656615141175474017052 0ustar www-datawww-data# Release history for google-apis-iam_v1 ### v0.83.0 (2026-02-01) * Regenerated from discovery document revision 20260123 ### v0.82.0 (2026-01-25) * Regenerated from discovery document revision 20260116 ### v0.81.0 (2025-12-14) * Regenerated from discovery document revision 20251204 ### v0.80.0 (2025-10-19) * Regenerated from discovery document revision 20251010 ### v0.79.0 (2025-10-12) * Regenerated from discovery document revision 20251003 ### v0.78.0 (2025-10-05) * Regenerated from discovery document revision 20250925 ### v0.77.0 (2025-09-28) * Regenerated from discovery document revision 20250919 ### v0.76.0 (2025-09-14) * Regenerated from discovery document revision 20250905 ### v0.75.0 (2025-08-31) * Regenerated from discovery document revision 20250825 ### v0.74.0 (2025-08-24) * Regenerated from discovery document revision 20250815 ### v0.73.0 (2025-07-27) * Regenerated from discovery document revision 20250718 ### v0.72.0 (2025-07-06) * Regenerated from discovery document revision 20250627 ### v0.71.0 (2025-06-29) * Regenerated from discovery document revision 20250619 ### v0.70.0 (2025-06-22) * Regenerated from discovery document revision 20250613 ### v0.69.0 (2025-05-25) * Regenerated from discovery document revision 20250516 * Regenerated using generator version 0.18.0 ### v0.68.0 (2025-05-18) * Regenerated from discovery document revision 20250509 * Regenerated using generator version 0.17.0 ### v0.67.0 (2025-04-20) * Regenerated from discovery document revision 20250411 ### v0.66.0 (2025-03-30) * Regenerated from discovery document revision 20250320 ### v0.65.0 (2025-03-23) * Regenerated from discovery document revision 20250313 ### v0.64.0 (2025-01-26) * Regenerated from discovery document revision 20250116 ### v0.63.0 (2025-01-12) * Regenerated from discovery document revision 20250102 * Regenerated using generator version 0.16.0 ### v0.62.0 (2024-12-02) * Regenerated from discovery document revision 20241114 * Regenerated using generator version 0.15.1 ### v0.61.0 (2024-07-25) * Regenerated from discovery document revision 20240722 ### v0.60.0 (2024-06-23) * Regenerated from discovery document revision 20240617 ### v0.59.0 (2024-06-16) * Regenerated from discovery document revision 20240530 ### v0.58.0 (2024-05-26) * Regenerated from discovery document revision 20240521 * Regenerated using generator version 0.15.0 ### v0.57.0 (2024-04-28) * Regenerated from discovery document revision 20240418 ### v0.56.0 (2024-04-21) * Regenerated from discovery document revision 20240415 ### v0.55.0 (2024-03-24) * Regenerated from discovery document revision 20240314 * Regenerated using generator version 0.14.0 ### v0.54.0 (2024-02-23) * Unspecified changes ### v0.53.0 (2024-01-28) * Regenerated from discovery document revision 20240118 * Regenerated using generator version 0.13.1 ### v0.52.0 (2024-01-22) * Regenerated from discovery document revision 20240108 * Regenerated using generator version 0.13.0 ### v0.51.0 (2023-12-10) * Regenerated from discovery document revision 20231130 ### v0.50.0 (2023-11-05) * Regenerated from discovery document revision 20231026 ### v0.49.0 (2023-09-24) * Regenerated from discovery document revision 20230914 ### v0.48.0 (2023-08-13) * Regenerated from discovery document revision 20230803 ### v0.47.0 (2023-07-23) * Regenerated from discovery document revision 20230713 ### v0.46.0 (2023-07-16) * Regenerated from discovery document revision 20230710 ### v0.45.0 (2023-07-02) * Regenerated from discovery document revision 20230622 ### v0.44.0 (2023-05-28) * Regenerated from discovery document revision 20230518 ### v0.43.0 (2023-04-30) * Regenerated from discovery document revision 20230420 ### v0.42.0 (2023-04-16) * Regenerated from discovery document revision 20230406 ### v0.41.0 (2023-03-26) * Regenerated from discovery document revision 20230320 ### v0.40.0 (2023-02-15) * Regenerated from discovery document revision 20230209 * Regenerated using generator version 0.12.0 ### v0.39.0 (2023-02-12) * Regenerated from discovery document revision 20230202 ### v0.38.0 (2023-02-05) * Regenerated from discovery document revision 20230126 ### v0.37.0 (2023-01-15) * Regenerated from discovery document revision 20230105 * Regenerated using generator version 0.11.1 ### v0.36.0 (2022-10-27) * Regenerated from discovery document revision 20221013 * Regenerated using generator version 0.11.0 ### v0.35.0 (2022-09-21) * Regenerated using generator version 0.10.0 ### v0.34.0 (2022-09-01) * Regenerated from discovery document revision 20220825 ### v0.33.0 (2022-08-20) * Regenerated from discovery document revision 20220811 * Regenerated using generator version 0.9.0 ### v0.32.0 (2022-07-01) * Regenerated using generator version 0.8.0 ### v0.31.0 (2022-06-21) * Regenerated using generator version 0.7.0 ### v0.30.0 (2022-06-07) * Regenerated from discovery document revision 20220526 * Regenerated using generator version 0.5.0 ### v0.29.0 (2022-05-19) * Regenerated from discovery document revision 20220511 ### v0.28.0 (2022-05-12) * Regenerated from discovery document revision 20220509 ### v0.27.0 (2022-05-05) * Regenerated from discovery document revision 20220428 ### v0.26.0 (2022-04-28) * Regenerated from discovery document revision 20220421 ### v0.25.0 (2022-04-21) * Regenerated from discovery document revision 20220413 ### v0.24.0 (2022-04-07) * Regenerated from discovery document revision 20220331 ### v0.23.0 (2022-04-01) * Regenerated from discovery document revision 20220324 ### v0.22.0 (2022-03-17) * Regenerated from discovery document revision 20220310 ### v0.21.0 (2022-02-24) * Regenerated from discovery document revision 20220217 ### v0.20.0 (2022-02-16) * Regenerated from discovery document revision 20220209 ### v0.19.0 (2022-01-21) * Regenerated from discovery document revision 20220112 ### v0.18.0 (2022-01-13) * Regenerated from discovery document revision 20220105 * Regenerated using generator version 0.4.1 ### v0.17.0 (2021-12-16) * Unspecified changes ### v0.16.0 (2021-11-11) * Regenerated from discovery document revision 20211104 ### v0.15.0 (2021-10-21) * Regenerated from discovery document revision 20211013 * Unspecified changes ### v0.14.0 (2021-09-24) * Regenerated from discovery document revision 20210918 ### v0.13.0 (2021-09-16) * Regenerated from discovery document revision 20210909 ### v0.12.0 (2021-09-01) * Regenerated from discovery document revision 20210825 ### v0.11.0 (2021-08-20) * Regenerated from discovery document revision 20210812 ### v0.10.0 (2021-08-05) * Regenerated from discovery document revision 20210728 ### v0.9.0 (2021-07-29) * Regenerated from discovery document revision 20210722 ### v0.8.0 (2021-06-29) * Regenerated using generator version 0.4.0 ### v0.7.0 (2021-06-24) * Regenerated using generator version 0.3.0 ### v0.6.0 (2021-05-22) * Regenerated from discovery document revision 20210519 ### v0.5.0 (2021-03-31) * Regenerated from discovery document revision 20210325 ### v0.4.0 (2021-03-10) * Regenerated from discovery document revision 20210226 * Regenerated using generator version 0.2.0 ### v0.3.0 (2021-03-04) * Unspecified changes ### v0.2.0 (2021-02-18) * Regenerated from discovery document revision 20210211 * Regenerated using generator version 0.1.2 ### v0.1.0 (2021-01-07) * Regenerated using generator version 0.1.1 * Regenerated from discovery document revision 20201112