google-api-ruby-client/generated/google/apis/cloudasset_v1beta1/classes.rb

872 lines
36 KiB
Ruby
Raw Normal View History

# Copyright 2015 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require 'date'
require 'google/apis/core/base_service'
require 'google/apis/core/json_representation'
require 'google/apis/core/hashable'
require 'google/apis/errors'
module Google
module Apis
module CloudassetV1beta1
# Cloud asset. This includes all Google Cloud Platform resources,
# Cloud IAM policies, and other non-GCP assets.
class Asset
include Google::Apis::Core::Hashable
# Type of the asset. Example: "google.compute.Disk".
# Corresponds to the JSON property `assetType`
# @return [String]
attr_accessor :asset_type
# An Identity and Access Management (IAM) policy, which specifies access
# controls for Google Cloud resources.
# A `Policy` is a collection of `bindings`. A `binding` binds one or more
# `members` to a single `role`. Members can be user accounts, service accounts,
# Google groups, and domains (such as G Suite). A `role` is a named list of
# permissions; each `role` can be an IAM predefined role or a user-created
# custom role.
# For some types of Google Cloud resources, a `binding` can also specify a
# `condition`, which is a logical expression that allows access to a resource
# only if the expression evaluates to `true`. A condition can add constraints
# based on attributes of the request, the resource, or both. To learn which
# resources support conditions in their IAM policies, see the
# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-
# policies).
# **JSON example:**
# `
# "bindings": [
# `
# "role": "roles/resourcemanager.organizationAdmin",
# "members": [
# "user:mike@example.com",
# "group:admins@example.com",
# "domain:google.com",
# "serviceAccount:my-project-id@appspot.gserviceaccount.com"
# ]
# `,
# `
# "role": "roles/resourcemanager.organizationViewer",
# "members": [
# "user:eve@example.com"
# ],
# "condition": `
# "title": "expirable access",
# "description": "Does not grant access after Sep 2020",
# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')
# ",
# `
# `
# ],
# "etag": "BwWWja0YfJA=",
# "version": 3
# `
# **YAML example:**
# bindings:
# - members:
# - user:mike@example.com
# - group:admins@example.com
# - domain:google.com
# - serviceAccount:my-project-id@appspot.gserviceaccount.com
# role: roles/resourcemanager.organizationAdmin
# - members:
# - user:eve@example.com
# role: roles/resourcemanager.organizationViewer
# condition:
# title: expirable access
# description: Does not grant access after Sep 2020
# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
# - etag: BwWWja0YfJA=
# - version: 3
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
# Corresponds to the JSON property `iamPolicy`
# @return [Google::Apis::CloudassetV1beta1::Policy]
attr_accessor :iam_policy
# The full name of the asset. For example:
# `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/
# instance1`.
# See [Resource
# Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
# for more information.
# Corresponds to the JSON property `name`
# @return [String]
attr_accessor :name
# Representation of a cloud resource.
# Corresponds to the JSON property `resource`
# @return [Google::Apis::CloudassetV1beta1::Resource]
attr_accessor :resource
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@asset_type = args[:asset_type] if args.key?(:asset_type)
@iam_policy = args[:iam_policy] if args.key?(:iam_policy)
@name = args[:name] if args.key?(:name)
@resource = args[:resource] if args.key?(:resource)
end
end
# Specifies the audit configuration for a service.
# The configuration determines which permission types are logged, and what
# identities, if any, are exempted from logging.
# An AuditConfig must have one or more AuditLogConfigs.
# If there are AuditConfigs for both `allServices` and a specific service,
# the union of the two AuditConfigs is used for that service: the log_types
# specified in each AuditConfig are enabled, and the exempted_members in each
# AuditLogConfig are exempted.
# Example Policy with multiple AuditConfigs:
# `
# "audit_configs": [
# `
# "service": "allServices",
# "audit_log_configs": [
# `
# "log_type": "DATA_READ",
# "exempted_members": [
# "user:jose@example.com"
# ]
# `,
# `
# "log_type": "DATA_WRITE"
# `,
# `
# "log_type": "ADMIN_READ"
# `
# ]
# `,
# `
# "service": "sampleservice.googleapis.com",
# "audit_log_configs": [
# `
# "log_type": "DATA_READ"
# `,
# `
# "log_type": "DATA_WRITE",
# "exempted_members": [
# "user:aliya@example.com"
# ]
# `
# ]
# `
# ]
# `
# For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
# logging. It also exempts jose@example.com from DATA_READ logging, and
# aliya@example.com from DATA_WRITE logging.
class AuditConfig
include Google::Apis::Core::Hashable
# The configuration for logging of each type of permission.
# Corresponds to the JSON property `auditLogConfigs`
# @return [Array<Google::Apis::CloudassetV1beta1::AuditLogConfig>]
attr_accessor :audit_log_configs
# Specifies a service that will be enabled for audit logging.
# For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
# `allServices` is a special value that covers all services.
# Corresponds to the JSON property `service`
# @return [String]
attr_accessor :service
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@audit_log_configs = args[:audit_log_configs] if args.key?(:audit_log_configs)
@service = args[:service] if args.key?(:service)
end
end
# Provides the configuration for logging a type of permissions.
# Example:
# `
# "audit_log_configs": [
# `
# "log_type": "DATA_READ",
# "exempted_members": [
# "user:jose@example.com"
# ]
# `,
# `
# "log_type": "DATA_WRITE"
# `
# ]
# `
# This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
# jose@example.com from DATA_READ logging.
class AuditLogConfig
include Google::Apis::Core::Hashable
# Specifies the identities that do not cause logging for this type of
# permission.
# Follows the same format of Binding.members.
# Corresponds to the JSON property `exemptedMembers`
# @return [Array<String>]
attr_accessor :exempted_members
# The log type that this config enables.
# Corresponds to the JSON property `logType`
# @return [String]
attr_accessor :log_type
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@exempted_members = args[:exempted_members] if args.key?(:exempted_members)
@log_type = args[:log_type] if args.key?(:log_type)
end
end
# Batch get assets history response.
class BatchGetAssetsHistoryResponse
include Google::Apis::Core::Hashable
# A list of assets with valid time windows.
# Corresponds to the JSON property `assets`
# @return [Array<Google::Apis::CloudassetV1beta1::TemporalAsset>]
attr_accessor :assets
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@assets = args[:assets] if args.key?(:assets)
end
end
# Associates `members` with a `role`.
class Binding
include Google::Apis::Core::Hashable
# Represents a textual expression in the Common Expression Language (CEL)
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
# are documented at https://github.com/google/cel-spec.
# Example (Comparison):
# title: "Summary size limit"
# description: "Determines if a summary is less than 100 chars"
# expression: "document.summary.size() < 100"
# Example (Equality):
# title: "Requestor is owner"
# description: "Determines if requestor is the document owner"
# expression: "document.owner == request.auth.claims.email"
# Example (Logic):
# title: "Public documents"
# description: "Determine whether the document should be publicly visible"
# expression: "document.type != 'private' && document.type != 'internal'"
# Example (Data Manipulation):
# title: "Notification string"
# description: "Create a notification string with a timestamp."
# expression: "'New message received at ' + string(document.create_time)"
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
# Corresponds to the JSON property `condition`
# @return [Google::Apis::CloudassetV1beta1::Expr]
attr_accessor :condition
# Specifies the identities requesting access for a Cloud Platform resource.
# `members` can have the following values:
# * `allUsers`: A special identifier that represents anyone who is
# on the internet; with or without a Google account.
# * `allAuthenticatedUsers`: A special identifier that represents anyone
# who is authenticated with a Google account or a service account.
# * `user:`emailid``: An email address that represents a specific Google
# account. For example, `alice@example.com` .
# * `serviceAccount:`emailid``: An email address that represents a service
# account. For example, `my-other-app@appspot.gserviceaccount.com`.
# * `group:`emailid``: An email address that represents a Google group.
# For example, `admins@example.com`.
# * `deleted:user:`emailid`?uid=`uniqueid``: An email address (plus unique
# identifier) representing a user that has been recently deleted. For
# example, `alice@example.com?uid=123456789012345678901`. If the user is
# recovered, this value reverts to `user:`emailid`` and the recovered user
# retains the role in the binding.
# * `deleted:serviceAccount:`emailid`?uid=`uniqueid``: An email address (plus
# unique identifier) representing a service account that has been recently
# deleted. For example,
# `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
# If the service account is undeleted, this value reverts to
# `serviceAccount:`emailid`` and the undeleted service account retains the
# role in the binding.
# * `deleted:group:`emailid`?uid=`uniqueid``: An email address (plus unique
# identifier) representing a Google group that has been recently
# deleted. For example, `admins@example.com?uid=123456789012345678901`. If
# the group is recovered, this value reverts to `group:`emailid`` and the
# recovered group retains the role in the binding.
# * `domain:`domain``: The G Suite domain (primary) that represents all the
# users of that domain. For example, `google.com` or `example.com`.
# Corresponds to the JSON property `members`
# @return [Array<String>]
attr_accessor :members
# Role that is assigned to `members`.
# For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
# Corresponds to the JSON property `role`
# @return [String]
attr_accessor :role
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@condition = args[:condition] if args.key?(:condition)
@members = args[:members] if args.key?(:members)
@role = args[:role] if args.key?(:role)
end
end
# Export asset request.
class ExportAssetsRequest
include Google::Apis::Core::Hashable
# A list of asset types of which to take a snapshot for. For example:
# "google.compute.Disk". If specified, only matching assets will be returned.
# See [Introduction to Cloud Asset
# Inventory](https://cloud.google.com/resource-manager/docs/cloud-asset-
# inventory/overview)
# for all supported asset types.
# Corresponds to the JSON property `assetTypes`
# @return [Array<String>]
attr_accessor :asset_types
# Asset content type. If not specified, no content but the asset name will be
# returned.
# Corresponds to the JSON property `contentType`
# @return [String]
attr_accessor :content_type
# Output configuration for export assets destination.
# Corresponds to the JSON property `outputConfig`
# @return [Google::Apis::CloudassetV1beta1::OutputConfig]
attr_accessor :output_config
# Timestamp to take an asset snapshot. This can only be set to a timestamp
# between 2018-10-02 UTC (inclusive) and the current time. If not specified,
# the current time will be used. Due to delays in resource data collection
# and indexing, there is a volatile window during which running the same
# query may get different results.
# Corresponds to the JSON property `readTime`
# @return [String]
attr_accessor :read_time
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@asset_types = args[:asset_types] if args.key?(:asset_types)
@content_type = args[:content_type] if args.key?(:content_type)
@output_config = args[:output_config] if args.key?(:output_config)
@read_time = args[:read_time] if args.key?(:read_time)
end
end
# Represents a textual expression in the Common Expression Language (CEL)
# syntax. CEL is a C-like expression language. The syntax and semantics of CEL
# are documented at https://github.com/google/cel-spec.
# Example (Comparison):
# title: "Summary size limit"
# description: "Determines if a summary is less than 100 chars"
# expression: "document.summary.size() < 100"
# Example (Equality):
# title: "Requestor is owner"
# description: "Determines if requestor is the document owner"
# expression: "document.owner == request.auth.claims.email"
# Example (Logic):
# title: "Public documents"
# description: "Determine whether the document should be publicly visible"
# expression: "document.type != 'private' && document.type != 'internal'"
# Example (Data Manipulation):
# title: "Notification string"
# description: "Create a notification string with a timestamp."
# expression: "'New message received at ' + string(document.create_time)"
# The exact variables and functions that may be referenced within an expression
# are determined by the service that evaluates it. See the service
# documentation for additional information.
class Expr
include Google::Apis::Core::Hashable
# Optional. Description of the expression. This is a longer text which
# describes the expression, e.g. when hovered over it in a UI.
# Corresponds to the JSON property `description`
# @return [String]
attr_accessor :description
# Textual representation of an expression in Common Expression Language
# syntax.
# Corresponds to the JSON property `expression`
# @return [String]
attr_accessor :expression
# Optional. String indicating the location of the expression for error
# reporting, e.g. a file name and a position in the file.
# Corresponds to the JSON property `location`
# @return [String]
attr_accessor :location
# Optional. Title for the expression, i.e. a short string describing
# its purpose. This can be used e.g. in UIs which allow to enter the
# expression.
# Corresponds to the JSON property `title`
# @return [String]
attr_accessor :title
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@description = args[:description] if args.key?(:description)
@expression = args[:expression] if args.key?(:expression)
@location = args[:location] if args.key?(:location)
@title = args[:title] if args.key?(:title)
end
end
# A Cloud Storage location.
class GcsDestination
include Google::Apis::Core::Hashable
# The uri of the Cloud Storage object. It's the same uri that is used by
# gsutil. For example: "gs://bucket_name/object_name". See [Viewing and
# Editing Object
# Metadata](https://cloud.google.com/storage/docs/viewing-editing-metadata)
# for more information.
# Corresponds to the JSON property `uri`
# @return [String]
attr_accessor :uri
Autogenerated update (2019-04-25) Delete: - logging_v2beta1 Update: - adexchangebuyer2_v2beta1 - admin_reports_v1 - alertcenter_v1beta1 - androiddeviceprovisioning_v1 - androidenterprise_v1 - androidmanagement_v1 - androidpublisher_v2 - androidpublisher_v3 - appengine_v1 - appengine_v1beta - appsactivity_v1 - bigtableadmin_v1 - bigtableadmin_v2 - binaryauthorization_v1beta1 - calendar_v3 - classroom_v1 - cloudasset_v1 - cloudasset_v1beta1 - cloudbilling_v1 - cloudbuild_v1alpha1 - clouderrorreporting_v1beta1 - cloudfunctions_v1 - cloudfunctions_v1beta2 - cloudiot_v1 - cloudprivatecatalogproducer_v1beta1 - cloudresourcemanager_v1 - cloudresourcemanager_v1beta1 - cloudresourcemanager_v2 - cloudresourcemanager_v2beta1 - cloudsearch_v1 - cloudtasks_v2 - cloudtasks_v2beta2 - cloudtasks_v2beta3 - compute_alpha - compute_beta - compute_v1 - container_v1 - container_v1beta1 - containeranalysis_v1alpha1 - containeranalysis_v1beta1 - content_v2 - content_v2_1 - datastore_v1 - datastore_v1beta1 - datastore_v1beta3 - dialogflow_v2 - dialogflow_v2beta1 - dlp_v2 - dns_v1 - dns_v1beta2 - dns_v2beta1 - docs_v1 - drive_v2 - drive_v3 - driveactivity_v2 - file_v1 - file_v1beta1 - firebasedynamiclinks_v1 - firebasehosting_v1beta1 - firebaserules_v1 - firestore_v1 - firestore_v1beta1 - firestore_v1beta2 - fitness_v1 - games_v1 - gmail_v1 - iap_v1 - iap_v1beta1 - jobs_v3 - jobs_v3p1beta1 - language_v1 - language_v1beta2 - ml_v1 - monitoring_v3 - oauth2_v1 - oauth2_v2 - people_v1 - plus_domains_v1 - plus_v1 - poly_v1 - pubsub_v1 - pubsub_v1beta2 - remotebuildexecution_v1 - remotebuildexecution_v1alpha - remotebuildexecution_v2 - run_v1alpha1 - runtimeconfig_v1beta1 - servicebroker_v1 - servicebroker_v1alpha1 - servicebroker_v1beta1 - serviceconsumermanagement_v1 - servicemanagement_v1 - servicenetworking_v1 - servicenetworking_v1beta - serviceusage_v1 - serviceusage_v1beta1 - sourcerepo_v1 - spanner_v1 - sqladmin_v1beta4 - storage_v1 - storagetransfer_v1 - texttospeech_v1beta1 - toolresults_v1beta3 - tpu_v1 - tpu_v1alpha1 - vault_v1 - vision_v1 - vision_v1p1beta1 - vision_v1p2beta1 - youtube_partner_v1 - youtube_v3 - youtubereporting_v1
2019-04-25 00:37:02 +00:00
# The uri prefix of all generated Cloud Storage objects. For example:
# "gs://bucket_name/object_name_prefix". Each object uri is in format:
# "gs://bucket_name/object_name_prefix/<asset type>/<shard number> and only
# contains assets for that type. <shard number> starts from 0. For example:
# "gs://bucket_name/object_name_prefix/google.compute.disk/0" is the first
# shard of output objects containing all google.compute.disk assets.
# An INVALID_ARGUMENT error will be returned if file with the same name
# "gs://bucket_name/object_name_prefix" already exists.
# Corresponds to the JSON property `uriPrefix`
# @return [String]
attr_accessor :uri_prefix
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@uri = args[:uri] if args.key?(:uri)
Autogenerated update (2019-04-25) Delete: - logging_v2beta1 Update: - adexchangebuyer2_v2beta1 - admin_reports_v1 - alertcenter_v1beta1 - androiddeviceprovisioning_v1 - androidenterprise_v1 - androidmanagement_v1 - androidpublisher_v2 - androidpublisher_v3 - appengine_v1 - appengine_v1beta - appsactivity_v1 - bigtableadmin_v1 - bigtableadmin_v2 - binaryauthorization_v1beta1 - calendar_v3 - classroom_v1 - cloudasset_v1 - cloudasset_v1beta1 - cloudbilling_v1 - cloudbuild_v1alpha1 - clouderrorreporting_v1beta1 - cloudfunctions_v1 - cloudfunctions_v1beta2 - cloudiot_v1 - cloudprivatecatalogproducer_v1beta1 - cloudresourcemanager_v1 - cloudresourcemanager_v1beta1 - cloudresourcemanager_v2 - cloudresourcemanager_v2beta1 - cloudsearch_v1 - cloudtasks_v2 - cloudtasks_v2beta2 - cloudtasks_v2beta3 - compute_alpha - compute_beta - compute_v1 - container_v1 - container_v1beta1 - containeranalysis_v1alpha1 - containeranalysis_v1beta1 - content_v2 - content_v2_1 - datastore_v1 - datastore_v1beta1 - datastore_v1beta3 - dialogflow_v2 - dialogflow_v2beta1 - dlp_v2 - dns_v1 - dns_v1beta2 - dns_v2beta1 - docs_v1 - drive_v2 - drive_v3 - driveactivity_v2 - file_v1 - file_v1beta1 - firebasedynamiclinks_v1 - firebasehosting_v1beta1 - firebaserules_v1 - firestore_v1 - firestore_v1beta1 - firestore_v1beta2 - fitness_v1 - games_v1 - gmail_v1 - iap_v1 - iap_v1beta1 - jobs_v3 - jobs_v3p1beta1 - language_v1 - language_v1beta2 - ml_v1 - monitoring_v3 - oauth2_v1 - oauth2_v2 - people_v1 - plus_domains_v1 - plus_v1 - poly_v1 - pubsub_v1 - pubsub_v1beta2 - remotebuildexecution_v1 - remotebuildexecution_v1alpha - remotebuildexecution_v2 - run_v1alpha1 - runtimeconfig_v1beta1 - servicebroker_v1 - servicebroker_v1alpha1 - servicebroker_v1beta1 - serviceconsumermanagement_v1 - servicemanagement_v1 - servicenetworking_v1 - servicenetworking_v1beta - serviceusage_v1 - serviceusage_v1beta1 - sourcerepo_v1 - spanner_v1 - sqladmin_v1beta4 - storage_v1 - storagetransfer_v1 - texttospeech_v1beta1 - toolresults_v1beta3 - tpu_v1 - tpu_v1alpha1 - vault_v1 - vision_v1 - vision_v1p1beta1 - vision_v1p2beta1 - youtube_partner_v1 - youtube_v3 - youtubereporting_v1
2019-04-25 00:37:02 +00:00
@uri_prefix = args[:uri_prefix] if args.key?(:uri_prefix)
end
end
# This resource represents a long-running operation that is the result of a
# network API call.
class Operation
include Google::Apis::Core::Hashable
# If the value is `false`, it means the operation is still in progress.
# If `true`, the operation is completed, and either `error` or `response` is
# available.
# Corresponds to the JSON property `done`
# @return [Boolean]
attr_accessor :done
alias_method :done?, :done
# The `Status` type defines a logical error model that is suitable for
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
# three pieces of data: error code, error message, and error details.
# You can find out more about this error model and how to work with it in the
# [API Design Guide](https://cloud.google.com/apis/design/errors).
# Corresponds to the JSON property `error`
# @return [Google::Apis::CloudassetV1beta1::Status]
attr_accessor :error
# Service-specific metadata associated with the operation. It typically
# contains progress information and common metadata such as create time.
# Some services might not provide such metadata. Any method that returns a
# long-running operation should document the metadata type, if any.
# Corresponds to the JSON property `metadata`
# @return [Hash<String,Object>]
attr_accessor :metadata
# The server-assigned name, which is only unique within the same service that
# originally returns it. If you use the default HTTP mapping, the
# `name` should be a resource name ending with `operations/`unique_id``.
# Corresponds to the JSON property `name`
# @return [String]
attr_accessor :name
# The normal response of the operation in case of success. If the original
# method returns no data on success, such as `Delete`, the response is
# `google.protobuf.Empty`. If the original method is standard
# `Get`/`Create`/`Update`, the response should be the resource. For other
# methods, the response should have the type `XxxResponse`, where `Xxx`
# is the original method name. For example, if the original method name
# is `TakeSnapshot()`, the inferred response type is
# `TakeSnapshotResponse`.
# Corresponds to the JSON property `response`
# @return [Hash<String,Object>]
attr_accessor :response
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@done = args[:done] if args.key?(:done)
@error = args[:error] if args.key?(:error)
@metadata = args[:metadata] if args.key?(:metadata)
@name = args[:name] if args.key?(:name)
@response = args[:response] if args.key?(:response)
end
end
# Output configuration for export assets destination.
class OutputConfig
include Google::Apis::Core::Hashable
# A Cloud Storage location.
# Corresponds to the JSON property `gcsDestination`
# @return [Google::Apis::CloudassetV1beta1::GcsDestination]
attr_accessor :gcs_destination
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@gcs_destination = args[:gcs_destination] if args.key?(:gcs_destination)
end
end
# An Identity and Access Management (IAM) policy, which specifies access
# controls for Google Cloud resources.
# A `Policy` is a collection of `bindings`. A `binding` binds one or more
# `members` to a single `role`. Members can be user accounts, service accounts,
# Google groups, and domains (such as G Suite). A `role` is a named list of
# permissions; each `role` can be an IAM predefined role or a user-created
# custom role.
# For some types of Google Cloud resources, a `binding` can also specify a
# `condition`, which is a logical expression that allows access to a resource
# only if the expression evaluates to `true`. A condition can add constraints
# based on attributes of the request, the resource, or both. To learn which
# resources support conditions in their IAM policies, see the
# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-
# policies).
# **JSON example:**
# `
# "bindings": [
# `
# "role": "roles/resourcemanager.organizationAdmin",
# "members": [
# "user:mike@example.com",
# "group:admins@example.com",
# "domain:google.com",
# "serviceAccount:my-project-id@appspot.gserviceaccount.com"
# ]
# `,
# `
# "role": "roles/resourcemanager.organizationViewer",
# "members": [
# "user:eve@example.com"
# ],
# "condition": `
# "title": "expirable access",
# "description": "Does not grant access after Sep 2020",
# "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')
# ",
# `
# `
# ],
# "etag": "BwWWja0YfJA=",
# "version": 3
# `
# **YAML example:**
# bindings:
# - members:
# - user:mike@example.com
# - group:admins@example.com
# - domain:google.com
# - serviceAccount:my-project-id@appspot.gserviceaccount.com
# role: roles/resourcemanager.organizationAdmin
# - members:
# - user:eve@example.com
# role: roles/resourcemanager.organizationViewer
# condition:
# title: expirable access
# description: Does not grant access after Sep 2020
# expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
# - etag: BwWWja0YfJA=
# - version: 3
# For a description of IAM and its features, see the
# [IAM documentation](https://cloud.google.com/iam/docs/).
class Policy
include Google::Apis::Core::Hashable
# Specifies cloud audit logging configuration for this policy.
# Corresponds to the JSON property `auditConfigs`
# @return [Array<Google::Apis::CloudassetV1beta1::AuditConfig>]
attr_accessor :audit_configs
# Associates a list of `members` to a `role`. Optionally, may specify a
# `condition` that determines how and when the `bindings` are applied. Each
# of the `bindings` must contain at least one member.
# Corresponds to the JSON property `bindings`
# @return [Array<Google::Apis::CloudassetV1beta1::Binding>]
attr_accessor :bindings
# `etag` is used for optimistic concurrency control as a way to help
# prevent simultaneous updates of a policy from overwriting each other.
# It is strongly suggested that systems make use of the `etag` in the
# read-modify-write cycle to perform policy updates in order to avoid race
# conditions: An `etag` is returned in the response to `getIamPolicy`, and
# systems are expected to put that etag in the request to `setIamPolicy` to
# ensure that their change will be applied to the same version of the policy.
# **Important:** If you use IAM Conditions, you must include the `etag` field
# whenever you call `setIamPolicy`. If you omit this field, then IAM allows
# you to overwrite a version `3` policy with a version `1` policy, and all of
# the conditions in the version `3` policy are lost.
# Corresponds to the JSON property `etag`
# NOTE: Values are automatically base64 encoded/decoded in the client library.
# @return [String]
attr_accessor :etag
Autogenerated update (2019-09-10) Delete: - appstate_v1 Update: - abusiveexperiencereport_v1 - adexperiencereport_v1 - analyticsreporting_v4 - androidmanagement_v1 - bigquery_v2 - bigtableadmin_v2 - binaryauthorization_v1beta1 - calendar_v3 - cloudasset_v1 - cloudasset_v1beta1 - cloudiot_v1 - cloudkms_v1 - cloudresourcemanager_v1 - cloudresourcemanager_v1beta1 - cloudresourcemanager_v2 - cloudresourcemanager_v2beta1 - cloudsearch_v1 - cloudtasks_v2beta3 - cloudtrace_v2 - commentanalyzer_v1alpha1 - composer_v1 - composer_v1beta1 - compute_alpha - compute_beta - compute_v1 - container_v1 - container_v1beta1 - content_v2 - content_v2_1 - dataflow_v1b3 - dataproc_v1 - dataproc_v1beta2 - datastore_v1 - datastore_v1beta1 - dfareporting_v3_1 - dialogflow_v2beta1 - dlp_v2 - docs_v1 - drive_v2 - drive_v3 - driveactivity_v2 - firestore_v1 - firestore_v1beta1 - firestore_v1beta2 - healthcare_v1alpha2 - healthcare_v1beta1 - logging_v2 - ml_v1 - monitoring_v3 - pagespeedonline_v5 - pubsub_v1 - pubsub_v1beta2 - run_v1alpha1 - runtimeconfig_v1beta1 - script_v1 - securitycenter_v1 - securitycenter_v1beta1 - serviceconsumermanagement_v1 - servicemanagement_v1 - servicenetworking_v1 - servicenetworking_v1beta - serviceusage_v1 - serviceusage_v1beta1 - slides_v1 - speech_v1 - speech_v1p1beta1 - speech_v2beta - sqladmin_v1beta4 - storage_v1 - storagetransfer_v1 - testing_v1 - toolresults_v1beta3 - translate_v3beta1 - vision_v1 - vision_v1p1beta1 - vision_v1p2beta1 - youtube_partner_v1 - youtube_v3
2019-09-10 21:25:47 +00:00
# Specifies the format of the policy.
# Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
# are rejected.
# Any operation that affects conditional role bindings must specify version
# `3`. This requirement applies to the following operations:
# * Getting a policy that includes a conditional role binding
# * Adding a conditional role binding to a policy
# * Changing a conditional role binding in a policy
# * Removing any role binding, with or without a condition, from a policy
# that includes conditions
# **Important:** If you use IAM Conditions, you must include the `etag` field
# whenever you call `setIamPolicy`. If you omit this field, then IAM allows
# you to overwrite a version `3` policy with a version `1` policy, and all of
# the conditions in the version `3` policy are lost.
# If a policy does not include any conditions, operations on that policy may
# specify any valid version or leave the field unset.
# To learn which resources support conditions in their IAM policies, see the
# [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-
# policies).
# Corresponds to the JSON property `version`
# @return [Fixnum]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@audit_configs = args[:audit_configs] if args.key?(:audit_configs)
@bindings = args[:bindings] if args.key?(:bindings)
@etag = args[:etag] if args.key?(:etag)
@version = args[:version] if args.key?(:version)
end
end
# Representation of a cloud resource.
class Resource
include Google::Apis::Core::Hashable
# The content of the resource, in which some sensitive fields are scrubbed
# away and may not be present.
# Corresponds to the JSON property `data`
# @return [Hash<String,Object>]
attr_accessor :data
# The URL of the discovery document containing the resource's JSON schema.
# For example:
# `"https://www.googleapis.com/discovery/v1/apis/compute/v1/rest"`.
# It will be left unspecified for resources without a discovery-based API,
# such as Cloud Bigtable.
# Corresponds to the JSON property `discoveryDocumentUri`
# @return [String]
attr_accessor :discovery_document_uri
# The JSON schema name listed in the discovery document.
# Example: "Project". It will be left unspecified for resources (such as
# Cloud Bigtable) without a discovery-based API.
# Corresponds to the JSON property `discoveryName`
# @return [String]
attr_accessor :discovery_name
# The full name of the immediate parent of this resource. See
# [Resource
# Names](https://cloud.google.com/apis/design/resource_names#full_resource_name)
# for more information.
# For GCP assets, it is the parent resource defined in the [Cloud IAM policy
# hierarchy](https://cloud.google.com/iam/docs/overview#policy_hierarchy).
# For example:
# `"//cloudresourcemanager.googleapis.com/projects/my_project_123"`.
# For third-party assets, it is up to the users to define.
# Corresponds to the JSON property `parent`
# @return [String]
attr_accessor :parent
# The REST URL for accessing the resource. An HTTP GET operation using this
# URL returns the resource itself.
# Example:
# `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123`.
# It will be left unspecified for resources without a REST API.
# Corresponds to the JSON property `resourceUrl`
# @return [String]
attr_accessor :resource_url
# The API version. Example: "v1".
# Corresponds to the JSON property `version`
# @return [String]
attr_accessor :version
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@data = args[:data] if args.key?(:data)
@discovery_document_uri = args[:discovery_document_uri] if args.key?(:discovery_document_uri)
@discovery_name = args[:discovery_name] if args.key?(:discovery_name)
@parent = args[:parent] if args.key?(:parent)
@resource_url = args[:resource_url] if args.key?(:resource_url)
@version = args[:version] if args.key?(:version)
end
end
# The `Status` type defines a logical error model that is suitable for
# different programming environments, including REST APIs and RPC APIs. It is
# used by [gRPC](https://github.com/grpc). Each `Status` message contains
# three pieces of data: error code, error message, and error details.
# You can find out more about this error model and how to work with it in the
# [API Design Guide](https://cloud.google.com/apis/design/errors).
class Status
include Google::Apis::Core::Hashable
# The status code, which should be an enum value of google.rpc.Code.
# Corresponds to the JSON property `code`
# @return [Fixnum]
attr_accessor :code
# A list of messages that carry the error details. There is a common set of
# message types for APIs to use.
# Corresponds to the JSON property `details`
# @return [Array<Hash<String,Object>>]
attr_accessor :details
# A developer-facing error message, which should be in English. Any
# user-facing error message should be localized and sent in the
# google.rpc.Status.details field, or localized by the client.
# Corresponds to the JSON property `message`
# @return [String]
attr_accessor :message
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@code = args[:code] if args.key?(:code)
@details = args[:details] if args.key?(:details)
@message = args[:message] if args.key?(:message)
end
end
# Temporal asset. In addition to the asset, the temporal asset includes the
# status of the asset and valid from and to time of it.
class TemporalAsset
include Google::Apis::Core::Hashable
# Cloud asset. This includes all Google Cloud Platform resources,
# Cloud IAM policies, and other non-GCP assets.
# Corresponds to the JSON property `asset`
# @return [Google::Apis::CloudassetV1beta1::Asset]
attr_accessor :asset
# If the asset is deleted or not.
# Corresponds to the JSON property `deleted`
# @return [Boolean]
attr_accessor :deleted
alias_method :deleted?, :deleted
# A time window of (start_time, end_time].
# Corresponds to the JSON property `window`
# @return [Google::Apis::CloudassetV1beta1::TimeWindow]
attr_accessor :window
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@asset = args[:asset] if args.key?(:asset)
@deleted = args[:deleted] if args.key?(:deleted)
@window = args[:window] if args.key?(:window)
end
end
# A time window of (start_time, end_time].
class TimeWindow
include Google::Apis::Core::Hashable
# End time of the time window (inclusive).
# Current timestamp if not specified.
# Corresponds to the JSON property `endTime`
# @return [String]
attr_accessor :end_time
# Start time of the time window (exclusive).
# Corresponds to the JSON property `startTime`
# @return [String]
attr_accessor :start_time
def initialize(**args)
update!(**args)
end
# Update properties of this object
def update!(**args)
@end_time = args[:end_time] if args.key?(:end_time)
@start_time = args[:start_time] if args.key?(:start_time)
end
end
end
end
end