all: autogenerated update (2019-09-09)
Update:
- cloudasset/v1
- cloudasset/v1beta1
- cloudresourcemanager/v2beta1
diff --git a/cloudasset/v1/cloudasset-api.json b/cloudasset/v1/cloudasset-api.json
index 066d2a7..d728f30 100644
--- a/cloudasset/v1/cloudasset-api.json
+++ b/cloudasset/v1/cloudasset-api.json
@@ -156,7 +156,8 @@
"CONTENT_TYPE_UNSPECIFIED",
"RESOURCE",
"IAM_POLICY",
- "ORG_POLICY"
+ "ORG_POLICY",
+ "ACCESS_POLICY"
],
"location": "query",
"type": "string"
@@ -220,13 +221,19 @@
}
}
},
- "revision": "20190709",
+ "revision": "20190831",
"rootUrl": "https://cloudasset.googleapis.com/",
"schemas": {
"Asset": {
"description": "Cloud asset. This includes all Google Cloud Platform resources,\nCloud IAM policies, and other non-GCP assets.",
"id": "Asset",
"properties": {
+ "accessLevel": {
+ "$ref": "GoogleIdentityAccesscontextmanagerV1AccessLevel"
+ },
+ "accessPolicy": {
+ "$ref": "GoogleIdentityAccesscontextmanagerV1AccessPolicy"
+ },
"assetType": {
"description": "Type of the asset. Example: \"compute.googleapis.com/Disk\".",
"type": "string"
@@ -249,6 +256,9 @@
"resource": {
"$ref": "Resource",
"description": "Representation of the resource."
+ },
+ "servicePerimeter": {
+ "$ref": "GoogleIdentityAccesscontextmanagerV1ServicePerimeter"
}
},
"type": "object"
@@ -282,10 +292,6 @@
},
"type": "array"
},
- "ignoreChildExemptions": {
- "description": "Specifies whether principals can be exempted for the same LogType in\nlower-level resource policies. If true, any lower-level exemptions will\nbe ignored.",
- "type": "boolean"
- },
"logType": {
"description": "The log type that this config enables.",
"enum": [
@@ -319,6 +325,25 @@
},
"type": "object"
},
+ "BigQueryDestination": {
+ "description": "A BigQuery destination.",
+ "id": "BigQueryDestination",
+ "properties": {
+ "dataset": {
+ "description": "Required. The BigQuery dataset in format\n\"projects/projectId/datasets/datasetId\", to which the snapshot result\nshould be exported. If this dataset does not exist, the export call returns\nan error.",
+ "type": "string"
+ },
+ "force": {
+ "description": "If the destination table already exists and this flag is `TRUE`, the\ntable will be overwritten by the contents of assets snapshot. If the flag\nis not set and the destination table already exists, the export call\nreturns an error.",
+ "type": "boolean"
+ },
+ "table": {
+ "description": "Required. The BigQuery table to which the snapshot result should be\nwritten. If this table does not exist, a new table with the given name\nwill be created.",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
"Binding": {
"description": "Associates `members` with a `role`.",
"id": "Binding",
@@ -358,13 +383,15 @@
"CONTENT_TYPE_UNSPECIFIED",
"RESOURCE",
"IAM_POLICY",
- "ORG_POLICY"
+ "ORG_POLICY",
+ "ACCESS_POLICY"
],
"enumDescriptions": [
"Unspecified content type.",
"Resource metadata.",
"The actual IAM policy set on a resource.",
- "The Cloud Organization Policy set on an asset."
+ "The Cloud Organization Policy set on an asset.",
+ "The Cloud Access context mananger Policy set on an asset."
],
"type": "string"
},
@@ -516,6 +543,307 @@
"properties": {},
"type": "object"
},
+ "GoogleIdentityAccesscontextmanagerV1AccessLevel": {
+ "description": "An `AccessLevel` is a label that can be applied to requests to GCP services,\nalong with a list of requirements necessary for the label to be applied.",
+ "id": "GoogleIdentityAccesscontextmanagerV1AccessLevel",
+ "properties": {
+ "basic": {
+ "$ref": "GoogleIdentityAccesscontextmanagerV1BasicLevel",
+ "description": "A `BasicLevel` composed of `Conditions`."
+ },
+ "createTime": {
+ "description": "Output only. Time the `AccessLevel` was created in UTC.",
+ "format": "google-datetime",
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the `AccessLevel` and its use. Does not affect behavior.",
+ "type": "string"
+ },
+ "name": {
+ "description": "Required. Resource name for the Access Level. The `short_name` component\nmust begin with a letter and only include alphanumeric and '_'. Format:\n`accessPolicies/{policy_id}/accessLevels/{short_name}`",
+ "type": "string"
+ },
+ "title": {
+ "description": "Human readable title. Must be unique within the Policy.",
+ "type": "string"
+ },
+ "updateTime": {
+ "description": "Output only. Time the `AccessLevel` was updated in UTC.",
+ "format": "google-datetime",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "GoogleIdentityAccesscontextmanagerV1AccessPolicy": {
+ "description": "`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use GCP services) and `ServicePerimeters` (which define regions\nof services able to freely pass data within a perimeter). An access policy is\nglobally visible within an organization, and the restrictions it specifies\napply to all projects within an organization.",
+ "id": "GoogleIdentityAccesscontextmanagerV1AccessPolicy",
+ "properties": {
+ "createTime": {
+ "description": "Output only. Time the `AccessPolicy` was created in UTC.",
+ "format": "google-datetime",
+ "type": "string"
+ },
+ "name": {
+ "description": "Output only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{policy_id}`",
+ "type": "string"
+ },
+ "parent": {
+ "description": "Required. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`",
+ "type": "string"
+ },
+ "title": {
+ "description": "Required. Human readable title. Does not affect behavior.",
+ "type": "string"
+ },
+ "updateTime": {
+ "description": "Output only. Time the `AccessPolicy` was updated in UTC.",
+ "format": "google-datetime",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "GoogleIdentityAccesscontextmanagerV1BasicLevel": {
+ "description": "`BasicLevel` is an `AccessLevel` using a set of recommended features.",
+ "id": "GoogleIdentityAccesscontextmanagerV1BasicLevel",
+ "properties": {
+ "combiningFunction": {
+ "description": "How the `conditions` list should be combined to determine if a request is\ngranted this `AccessLevel`. If AND is used, each `Condition` in\n`conditions` must be satisfied for the `AccessLevel` to be applied. If OR\nis used, at least one `Condition` in `conditions` must be satisfied for the\n`AccessLevel` to be applied. Default behavior is AND.",
+ "enum": [
+ "AND",
+ "OR"
+ ],
+ "enumDescriptions": [
+ "All `Conditions` must be true for the `BasicLevel` to be true.",
+ "If at least one `Condition` is true, then the `BasicLevel` is true."
+ ],
+ "type": "string"
+ },
+ "conditions": {
+ "description": "Required. A list of requirements for the `AccessLevel` to be granted.",
+ "items": {
+ "$ref": "GoogleIdentityAccesscontextmanagerV1Condition"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "GoogleIdentityAccesscontextmanagerV1Condition": {
+ "description": "A condition necessary for an `AccessLevel` to be granted. The Condition is an\nAND over its fields. So a Condition is true if: 1) the request IP is from one\nof the listed subnetworks AND 2) the originating device complies with the\nlisted device policy AND 3) all listed access levels are granted AND 4) the\nrequest was sent at a time allowed by the DateTimeRestriction.",
+ "id": "GoogleIdentityAccesscontextmanagerV1Condition",
+ "properties": {
+ "devicePolicy": {
+ "$ref": "GoogleIdentityAccesscontextmanagerV1DevicePolicy",
+ "description": "Device specific restrictions, all restrictions must hold for the\nCondition to be true. If not specified, all devices are allowed."
+ },
+ "ipSubnetworks": {
+ "description": "CIDR block IP subnetwork specification. May be IPv4 or IPv6. Note that for\na CIDR IP address block, the specified IP address portion must be properly\ntruncated (i.e. all the host bits must be zero) or the input is considered\nmalformed. For example, \"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is\nnot. Similarly, for IPv6, \"2001:db8::/32\" is accepted whereas\n\"2001:db8::1/32\" is not. The originating IP of a request must be in one of\nthe listed subnets in order for this Condition to be true. If empty, all IP\naddresses are allowed.",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "members": {
+ "description": "The request must be made by one of the provided user or service\naccounts. Groups are not supported.\nSyntax:\n`user:{emailid}`\n`serviceAccount:{emailid}`\nIf not specified, a request may come from any user.",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "negate": {
+ "description": "Whether to negate the Condition. If true, the Condition becomes a NAND over\nits non-empty fields, each field must be false for the Condition overall to\nbe satisfied. Defaults to false.",
+ "type": "boolean"
+ },
+ "regions": {
+ "description": "The request must originate from one of the provided countries/regions.\nMust be valid ISO 3166-1 alpha-2 codes.",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "requiredAccessLevels": {
+ "description": "A list of other access levels defined in the same `Policy`, referenced by\nresource name. Referencing an `AccessLevel` which does not exist is an\nerror. All access levels listed must be granted for the Condition\nto be true. Example:\n\"`accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME\"`",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "GoogleIdentityAccesscontextmanagerV1DevicePolicy": {
+ "description": "`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops.",
+ "id": "GoogleIdentityAccesscontextmanagerV1DevicePolicy",
+ "properties": {
+ "allowedDeviceManagementLevels": {
+ "description": "Allowed device management levels, an empty list allows all management\nlevels.",
+ "enumDescriptions": [
+ "The device's management level is not specified or not known.",
+ "The device is not managed.",
+ "Basic management is enabled, which is generally limited to monitoring and\nwiping the corporate account.",
+ "Complete device management. This includes more thorough monitoring and the\nability to directly manage the device (such as remote wiping). This can be\nenabled through the Android Enterprise Platform."
+ ],
+ "items": {
+ "enum": [
+ "MANAGEMENT_UNSPECIFIED",
+ "NONE",
+ "BASIC",
+ "COMPLETE"
+ ],
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "allowedEncryptionStatuses": {
+ "description": "Allowed encryptions statuses, an empty list allows all statuses.",
+ "enumDescriptions": [
+ "The encryption status of the device is not specified or not known.",
+ "The device does not support encryption.",
+ "The device supports encryption, but is currently unencrypted.",
+ "The device is encrypted."
+ ],
+ "items": {
+ "enum": [
+ "ENCRYPTION_UNSPECIFIED",
+ "ENCRYPTION_UNSUPPORTED",
+ "UNENCRYPTED",
+ "ENCRYPTED"
+ ],
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "osConstraints": {
+ "description": "Allowed OS versions, an empty list allows all types and all versions.",
+ "items": {
+ "$ref": "GoogleIdentityAccesscontextmanagerV1OsConstraint"
+ },
+ "type": "array"
+ },
+ "requireAdminApproval": {
+ "description": "Whether the device needs to be approved by the customer admin.",
+ "type": "boolean"
+ },
+ "requireCorpOwned": {
+ "description": "Whether the device needs to be corp owned.",
+ "type": "boolean"
+ },
+ "requireScreenlock": {
+ "description": "Whether or not screenlock is required for the DevicePolicy to be true.\nDefaults to `false`.",
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ },
+ "GoogleIdentityAccesscontextmanagerV1OsConstraint": {
+ "description": "A restriction on the OS type and version of devices making requests.",
+ "id": "GoogleIdentityAccesscontextmanagerV1OsConstraint",
+ "properties": {
+ "minimumVersion": {
+ "description": "The minimum allowed OS version. If not set, any version of this OS\nsatisfies the constraint. Format: `\"major.minor.patch\"`.\nExamples: `\"10.5.301\"`, `\"9.2.1\"`.",
+ "type": "string"
+ },
+ "osType": {
+ "description": "Required. The allowed OS type.",
+ "enum": [
+ "OS_UNSPECIFIED",
+ "DESKTOP_MAC",
+ "DESKTOP_WINDOWS",
+ "DESKTOP_LINUX",
+ "DESKTOP_CHROME_OS"
+ ],
+ "enumDescriptions": [
+ "The operating system of the device is not specified or not known.",
+ "A desktop Mac operating system.",
+ "A desktop Windows operating system.",
+ "A desktop Linux operating system.",
+ "A desktop ChromeOS operating system."
+ ],
+ "type": "string"
+ },
+ "requireVerifiedChromeOs": {
+ "description": "Only allows requests from devices with a verified Chrome OS.\nVerifications includes requirements that the device is enterprise-managed,\nconformant to Dasher domain policies, and the caller has permission to call\nthe API targeted by the request.",
+ "type": "boolean"
+ }
+ },
+ "type": "object"
+ },
+ "GoogleIdentityAccesscontextmanagerV1ServicePerimeter": {
+ "description": "`ServicePerimeter` describes a set of GCP resources which can freely import\nand export data amongst themselves, but not export outside of the\n`ServicePerimeter`. If a request with a source within this `ServicePerimeter`\nhas a target outside of the `ServicePerimeter`, the request will be blocked.\nOtherwise the request is allowed. There are two types of Service Perimeter -\nRegular and Bridge. Regular Service Perimeters cannot overlap, a single GCP\nproject can only belong to a single regular Service Perimeter. Service\nPerimeter Bridges can contain only GCP projects as members, a single GCP\nproject may belong to multiple Service Perimeter Bridges.",
+ "id": "GoogleIdentityAccesscontextmanagerV1ServicePerimeter",
+ "properties": {
+ "createTime": {
+ "description": "Output only. Time the `ServicePerimeter` was created in UTC.",
+ "format": "google-datetime",
+ "type": "string"
+ },
+ "description": {
+ "description": "Description of the `ServicePerimeter` and its use. Does not affect\nbehavior.",
+ "type": "string"
+ },
+ "name": {
+ "description": "Required. Resource name for the ServicePerimeter. The `short_name`\ncomponent must begin with a letter and only include alphanumeric and '_'.\nFormat: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`",
+ "type": "string"
+ },
+ "perimeterType": {
+ "description": "Perimeter type indicator. A single project is\nallowed to be a member of single regular perimeter, but multiple service\nperimeter bridges. A project cannot be a included in a perimeter bridge\nwithout being included in regular perimeter. For perimeter bridges,\nthe restricted service list as well as access level lists must be\nempty.",
+ "enum": [
+ "PERIMETER_TYPE_REGULAR",
+ "PERIMETER_TYPE_BRIDGE"
+ ],
+ "enumDescriptions": [
+ "Regular Perimeter.",
+ "Perimeter Bridge."
+ ],
+ "type": "string"
+ },
+ "status": {
+ "$ref": "GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig",
+ "description": "Current ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine perimeter\ncontent and boundaries."
+ },
+ "title": {
+ "description": "Human readable title. Must be unique within the Policy.",
+ "type": "string"
+ },
+ "updateTime": {
+ "description": "Output only. Time the `ServicePerimeter` was updated in UTC.",
+ "format": "google-datetime",
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig": {
+ "description": "`ServicePerimeterConfig` specifies a set of GCP resources that describe\nspecific Service Perimeter configuration.",
+ "id": "GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig",
+ "properties": {
+ "accessLevels": {
+ "description": "A list of `AccessLevel` resource names that allow resources within the\n`ServicePerimeter` to be accessed from the internet. `AccessLevels` listed\nmust be in the same policy as this `ServicePerimeter`. Referencing a\nnonexistent `AccessLevel` is a syntax error. If no `AccessLevel` names are\nlisted, resources within the perimeter can only be accessed via GCP calls\nwith request origins within the perimeter. Example:\n`\"accessPolicies/MY_POLICY/accessLevels/MY_LEVEL\"`.\nFor Service Perimeter Bridge, must be empty.",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "resources": {
+ "description": "A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed. Format: `projects/{project_number}`",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "restrictedServices": {
+ "description": "GCP services that are subject to the Service Perimeter restrictions. For\nexample, if `storage.googleapis.com` is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access restrictions.",
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
"Operation": {
"description": "This resource represents a long-running operation that is the result of a\nnetwork API call.",
"id": "Operation",
@@ -555,6 +883,10 @@
"description": "Output configuration for export assets destination.",
"id": "OutputConfig",
"properties": {
+ "bigqueryDestination": {
+ "$ref": "BigQueryDestination",
+ "description": "Destination on BigQuery. The output table stores the fields in asset\nproto as columns in BigQuery. The resource/iam_policy field is converted\nto a record with each field to a column, except metadata to a single JSON\nstring."
+ },
"gcsDestination": {
"$ref": "GcsDestination",
"description": "Destination on Cloud Storage."
@@ -586,7 +918,7 @@
"type": "string"
},
"version": {
- "description": "Deprecated.",
+ "description": "Specifies the format of the policy.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nPolicies with any conditional bindings must specify version 3. Policies\nwithout any conditional bindings may specify any valid value or leave the\nfield unset.",
"format": "int32",
"type": "integer"
}
diff --git a/cloudasset/v1/cloudasset-gen.go b/cloudasset/v1/cloudasset-gen.go
index fcb9cff..8b1f359 100644
--- a/cloudasset/v1/cloudasset-gen.go
+++ b/cloudasset/v1/cloudasset-gen.go
@@ -155,6 +155,10 @@
// resources,
// Cloud IAM policies, and other non-GCP assets.
type Asset struct {
+ AccessLevel *GoogleIdentityAccesscontextmanagerV1AccessLevel `json:"accessLevel,omitempty"`
+
+ AccessPolicy *GoogleIdentityAccesscontextmanagerV1AccessPolicy `json:"accessPolicy,omitempty"`
+
// AssetType: Type of the asset. Example: "compute.googleapis.com/Disk".
AssetType string `json:"assetType,omitempty"`
@@ -184,7 +188,9 @@
// Resource: Representation of the resource.
Resource *Resource `json:"resource,omitempty"`
- // ForceSendFields is a list of field names (e.g. "AssetType") to
+ ServicePerimeter *GoogleIdentityAccesscontextmanagerV1ServicePerimeter `json:"servicePerimeter,omitempty"`
+
+ // ForceSendFields is a list of field names (e.g. "AccessLevel") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
@@ -192,10 +198,10 @@
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
- // NullFields is a list of field names (e.g. "AssetType") to include in
- // API requests with the JSON null value. By default, fields with empty
- // values are omitted from API requests. However, any field with an
- // empty value appearing in NullFields will be sent to the server as
+ // NullFields is a list of field names (e.g. "AccessLevel") to include
+ // in API requests with the JSON null value. By default, fields with
+ // empty values are omitted from API requests. However, any field with
+ // an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
@@ -328,13 +334,6 @@
// Follows the same format of Binding.members.
ExemptedMembers []string `json:"exemptedMembers,omitempty"`
- // IgnoreChildExemptions: Specifies whether principals can be exempted
- // for the same LogType in
- // lower-level resource policies. If true, any lower-level exemptions
- // will
- // be ignored.
- IgnoreChildExemptions bool `json:"ignoreChildExemptions,omitempty"`
-
// LogType: The log type that this config enables.
//
// Possible values:
@@ -400,6 +399,56 @@
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
+// BigQueryDestination: A BigQuery destination.
+type BigQueryDestination struct {
+ // Dataset: Required. The BigQuery dataset in
+ // format
+ // "projects/projectId/datasets/datasetId", to which the snapshot
+ // result
+ // should be exported. If this dataset does not exist, the export call
+ // returns
+ // an error.
+ Dataset string `json:"dataset,omitempty"`
+
+ // Force: If the destination table already exists and this flag is
+ // `TRUE`, the
+ // table will be overwritten by the contents of assets snapshot. If the
+ // flag
+ // is not set and the destination table already exists, the export
+ // call
+ // returns an error.
+ Force bool `json:"force,omitempty"`
+
+ // Table: Required. The BigQuery table to which the snapshot result
+ // should be
+ // written. If this table does not exist, a new table with the given
+ // name
+ // will be created.
+ Table string `json:"table,omitempty"`
+
+ // ForceSendFields is a list of field names (e.g. "Dataset") to
+ // unconditionally include in API requests. By default, fields with
+ // empty values are omitted from API requests. However, any non-pointer,
+ // non-interface field appearing in ForceSendFields will be sent to the
+ // server regardless of whether the field is empty or not. This may be
+ // used to include empty fields in Patch requests.
+ ForceSendFields []string `json:"-"`
+
+ // NullFields is a list of field names (e.g. "Dataset") to include in
+ // API requests with the JSON null value. By default, fields with empty
+ // values are omitted from API requests. However, any field with an
+ // empty value appearing in NullFields will be sent to the server as
+ // null. It is an error if a field in this list has a non-empty value.
+ // This may be used to include null fields in Patch requests.
+ NullFields []string `json:"-"`
+}
+
+func (s *BigQueryDestination) MarshalJSON() ([]byte, error) {
+ type NoMethod BigQueryDestination
+ raw := NoMethod(*s)
+ return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
// Binding: Associates `members` with a `role`.
type Binding struct {
// Condition: The condition that is associated with this binding.
@@ -494,6 +543,8 @@
// "RESOURCE" - Resource metadata.
// "IAM_POLICY" - The actual IAM policy set on a resource.
// "ORG_POLICY" - The Cloud Organization Policy set on an asset.
+ // "ACCESS_POLICY" - The Cloud Access context mananger Policy set on
+ // an asset.
ContentType string `json:"contentType,omitempty"`
// OutputConfig: Required. Output configuration indicating where the
@@ -1045,6 +1096,534 @@
type GoogleCloudOrgpolicyV1RestoreDefault struct {
}
+// GoogleIdentityAccesscontextmanagerV1AccessLevel: An `AccessLevel` is
+// a label that can be applied to requests to GCP services,
+// along with a list of requirements necessary for the label to be
+// applied.
+type GoogleIdentityAccesscontextmanagerV1AccessLevel struct {
+ // Basic: A `BasicLevel` composed of `Conditions`.
+ Basic *GoogleIdentityAccesscontextmanagerV1BasicLevel `json:"basic,omitempty"`
+
+ // CreateTime: Output only. Time the `AccessLevel` was created in UTC.
+ CreateTime string `json:"createTime,omitempty"`
+
+ // Description: Description of the `AccessLevel` and its use. Does not
+ // affect behavior.
+ Description string `json:"description,omitempty"`
+
+ // Name: Required. Resource name for the Access Level. The `short_name`
+ // component
+ // must begin with a letter and only include alphanumeric and '_'.
+ // Format:
+ // `accessPolicies/{policy_id}/accessLevels/{short_name}`
+ Name string `json:"name,omitempty"`
+
+ // Title: Human readable title. Must be unique within the Policy.
+ Title string `json:"title,omitempty"`
+
+ // UpdateTime: Output only. Time the `AccessLevel` was updated in UTC.
+ UpdateTime string `json:"updateTime,omitempty"`
+
+ // ForceSendFields is a list of field names (e.g. "Basic") to
+ // unconditionally include in API requests. By default, fields with
+ // empty values are omitted from API requests. However, any non-pointer,
+ // non-interface field appearing in ForceSendFields will be sent to the
+ // server regardless of whether the field is empty or not. This may be
+ // used to include empty fields in Patch requests.
+ ForceSendFields []string `json:"-"`
+
+ // NullFields is a list of field names (e.g. "Basic") to include in API
+ // requests with the JSON null value. By default, fields with empty
+ // values are omitted from API requests. However, any field with an
+ // empty value appearing in NullFields will be sent to the server as
+ // null. It is an error if a field in this list has a non-empty value.
+ // This may be used to include null fields in Patch requests.
+ NullFields []string `json:"-"`
+}
+
+func (s *GoogleIdentityAccesscontextmanagerV1AccessLevel) MarshalJSON() ([]byte, error) {
+ type NoMethod GoogleIdentityAccesscontextmanagerV1AccessLevel
+ raw := NoMethod(*s)
+ return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// GoogleIdentityAccesscontextmanagerV1AccessPolicy: `AccessPolicy` is a
+// container for `AccessLevels` (which define the necessary
+// attributes to use GCP services) and `ServicePerimeters` (which define
+// regions
+// of services able to freely pass data within a perimeter). An access
+// policy is
+// globally visible within an organization, and the restrictions it
+// specifies
+// apply to all projects within an organization.
+type GoogleIdentityAccesscontextmanagerV1AccessPolicy struct {
+ // CreateTime: Output only. Time the `AccessPolicy` was created in UTC.
+ CreateTime string `json:"createTime,omitempty"`
+
+ // Name: Output only. Resource name of the `AccessPolicy`.
+ // Format:
+ // `accessPolicies/{policy_id}`
+ Name string `json:"name,omitempty"`
+
+ // Parent: Required. The parent of this `AccessPolicy` in the Cloud
+ // Resource
+ // Hierarchy. Currently immutable once created.
+ // Format:
+ // `organizations/{organization_id}`
+ Parent string `json:"parent,omitempty"`
+
+ // Title: Required. Human readable title. Does not affect behavior.
+ Title string `json:"title,omitempty"`
+
+ // UpdateTime: Output only. Time the `AccessPolicy` was updated in UTC.
+ UpdateTime string `json:"updateTime,omitempty"`
+
+ // ForceSendFields is a list of field names (e.g. "CreateTime") to
+ // unconditionally include in API requests. By default, fields with
+ // empty values are omitted from API requests. However, any non-pointer,
+ // non-interface field appearing in ForceSendFields will be sent to the
+ // server regardless of whether the field is empty or not. This may be
+ // used to include empty fields in Patch requests.
+ ForceSendFields []string `json:"-"`
+
+ // NullFields is a list of field names (e.g. "CreateTime") to include in
+ // API requests with the JSON null value. By default, fields with empty
+ // values are omitted from API requests. However, any field with an
+ // empty value appearing in NullFields will be sent to the server as
+ // null. It is an error if a field in this list has a non-empty value.
+ // This may be used to include null fields in Patch requests.
+ NullFields []string `json:"-"`
+}
+
+func (s *GoogleIdentityAccesscontextmanagerV1AccessPolicy) MarshalJSON() ([]byte, error) {
+ type NoMethod GoogleIdentityAccesscontextmanagerV1AccessPolicy
+ raw := NoMethod(*s)
+ return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// GoogleIdentityAccesscontextmanagerV1BasicLevel: `BasicLevel` is an
+// `AccessLevel` using a set of recommended features.
+type GoogleIdentityAccesscontextmanagerV1BasicLevel struct {
+ // CombiningFunction: How the `conditions` list should be combined to
+ // determine if a request is
+ // granted this `AccessLevel`. If AND is used, each `Condition`
+ // in
+ // `conditions` must be satisfied for the `AccessLevel` to be applied.
+ // If OR
+ // is used, at least one `Condition` in `conditions` must be satisfied
+ // for the
+ // `AccessLevel` to be applied. Default behavior is AND.
+ //
+ // Possible values:
+ // "AND" - All `Conditions` must be true for the `BasicLevel` to be
+ // true.
+ // "OR" - If at least one `Condition` is true, then the `BasicLevel`
+ // is true.
+ CombiningFunction string `json:"combiningFunction,omitempty"`
+
+ // Conditions: Required. A list of requirements for the `AccessLevel` to
+ // be granted.
+ Conditions []*GoogleIdentityAccesscontextmanagerV1Condition `json:"conditions,omitempty"`
+
+ // ForceSendFields is a list of field names (e.g. "CombiningFunction")
+ // to unconditionally include in API requests. By default, fields with
+ // empty values are omitted from API requests. However, any non-pointer,
+ // non-interface field appearing in ForceSendFields will be sent to the
+ // server regardless of whether the field is empty or not. This may be
+ // used to include empty fields in Patch requests.
+ ForceSendFields []string `json:"-"`
+
+ // NullFields is a list of field names (e.g. "CombiningFunction") to
+ // include in API requests with the JSON null value. By default, fields
+ // with empty values are omitted from API requests. However, any field
+ // with an empty value appearing in NullFields will be sent to the
+ // server as null. It is an error if a field in this list has a
+ // non-empty value. This may be used to include null fields in Patch
+ // requests.
+ NullFields []string `json:"-"`
+}
+
+func (s *GoogleIdentityAccesscontextmanagerV1BasicLevel) MarshalJSON() ([]byte, error) {
+ type NoMethod GoogleIdentityAccesscontextmanagerV1BasicLevel
+ raw := NoMethod(*s)
+ return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// GoogleIdentityAccesscontextmanagerV1Condition: A condition necessary
+// for an `AccessLevel` to be granted. The Condition is an
+// AND over its fields. So a Condition is true if: 1) the request IP is
+// from one
+// of the listed subnetworks AND 2) the originating device complies with
+// the
+// listed device policy AND 3) all listed access levels are granted AND
+// 4) the
+// request was sent at a time allowed by the DateTimeRestriction.
+type GoogleIdentityAccesscontextmanagerV1Condition struct {
+ // DevicePolicy: Device specific restrictions, all restrictions must
+ // hold for the
+ // Condition to be true. If not specified, all devices are allowed.
+ DevicePolicy *GoogleIdentityAccesscontextmanagerV1DevicePolicy `json:"devicePolicy,omitempty"`
+
+ // IpSubnetworks: CIDR block IP subnetwork specification. May be IPv4 or
+ // IPv6. Note that for
+ // a CIDR IP address block, the specified IP address portion must be
+ // properly
+ // truncated (i.e. all the host bits must be zero) or the input is
+ // considered
+ // malformed. For example, "192.0.2.0/24" is accepted but "192.0.2.1/24"
+ // is
+ // not. Similarly, for IPv6, "2001:db8::/32" is accepted
+ // whereas
+ // "2001:db8::1/32" is not. The originating IP of a request must be in
+ // one of
+ // the listed subnets in order for this Condition to be true. If empty,
+ // all IP
+ // addresses are allowed.
+ IpSubnetworks []string `json:"ipSubnetworks,omitempty"`
+
+ // Members: The request must be made by one of the provided user or
+ // service
+ // accounts. Groups are not
+ // supported.
+ // Syntax:
+ // `user:{emailid}`
+ // `serviceAccount:{emailid}`
+ // If not specified, a request may come from any user.
+ Members []string `json:"members,omitempty"`
+
+ // Negate: Whether to negate the Condition. If true, the Condition
+ // becomes a NAND over
+ // its non-empty fields, each field must be false for the Condition
+ // overall to
+ // be satisfied. Defaults to false.
+ Negate bool `json:"negate,omitempty"`
+
+ // Regions: The request must originate from one of the provided
+ // countries/regions.
+ // Must be valid ISO 3166-1 alpha-2 codes.
+ Regions []string `json:"regions,omitempty"`
+
+ // RequiredAccessLevels: A list of other access levels defined in the
+ // same `Policy`, referenced by
+ // resource name. Referencing an `AccessLevel` which does not exist is
+ // an
+ // error. All access levels listed must be granted for the Condition
+ // to be true.
+ // Example:
+ // "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME"
+ RequiredAccessLevels []string `json:"requiredAccessLevels,omitempty"`
+
+ // ForceSendFields is a list of field names (e.g. "DevicePolicy") to
+ // unconditionally include in API requests. By default, fields with
+ // empty values are omitted from API requests. However, any non-pointer,
+ // non-interface field appearing in ForceSendFields will be sent to the
+ // server regardless of whether the field is empty or not. This may be
+ // used to include empty fields in Patch requests.
+ ForceSendFields []string `json:"-"`
+
+ // NullFields is a list of field names (e.g. "DevicePolicy") to include
+ // in API requests with the JSON null value. By default, fields with
+ // empty values are omitted from API requests. However, any field with
+ // an empty value appearing in NullFields will be sent to the server as
+ // null. It is an error if a field in this list has a non-empty value.
+ // This may be used to include null fields in Patch requests.
+ NullFields []string `json:"-"`
+}
+
+func (s *GoogleIdentityAccesscontextmanagerV1Condition) MarshalJSON() ([]byte, error) {
+ type NoMethod GoogleIdentityAccesscontextmanagerV1Condition
+ raw := NoMethod(*s)
+ return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// GoogleIdentityAccesscontextmanagerV1DevicePolicy: `DevicePolicy`
+// specifies device specific restrictions necessary to acquire a
+// given access level. A `DevicePolicy` specifies requirements for
+// requests from
+// devices to be granted access levels, it does not do any enforcement
+// on the
+// device. `DevicePolicy` acts as an AND over all specified fields, and
+// each
+// repeated field is an OR over its elements. Any unset fields are
+// ignored. For
+// example, if the proto is { os_type : DESKTOP_WINDOWS, os_type
+// :
+// DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy
+// will be
+// true for requests originating from encrypted Linux desktops and
+// encrypted
+// Windows desktops.
+type GoogleIdentityAccesscontextmanagerV1DevicePolicy struct {
+ // AllowedDeviceManagementLevels: Allowed device management levels, an
+ // empty list allows all management
+ // levels.
+ //
+ // Possible values:
+ // "MANAGEMENT_UNSPECIFIED" - The device's management level is not
+ // specified or not known.
+ // "NONE" - The device is not managed.
+ // "BASIC" - Basic management is enabled, which is generally limited
+ // to monitoring and
+ // wiping the corporate account.
+ // "COMPLETE" - Complete device management. This includes more
+ // thorough monitoring and the
+ // ability to directly manage the device (such as remote wiping). This
+ // can be
+ // enabled through the Android Enterprise Platform.
+ AllowedDeviceManagementLevels []string `json:"allowedDeviceManagementLevels,omitempty"`
+
+ // AllowedEncryptionStatuses: Allowed encryptions statuses, an empty
+ // list allows all statuses.
+ //
+ // Possible values:
+ // "ENCRYPTION_UNSPECIFIED" - The encryption status of the device is
+ // not specified or not known.
+ // "ENCRYPTION_UNSUPPORTED" - The device does not support encryption.
+ // "UNENCRYPTED" - The device supports encryption, but is currently
+ // unencrypted.
+ // "ENCRYPTED" - The device is encrypted.
+ AllowedEncryptionStatuses []string `json:"allowedEncryptionStatuses,omitempty"`
+
+ // OsConstraints: Allowed OS versions, an empty list allows all types
+ // and all versions.
+ OsConstraints []*GoogleIdentityAccesscontextmanagerV1OsConstraint `json:"osConstraints,omitempty"`
+
+ // RequireAdminApproval: Whether the device needs to be approved by the
+ // customer admin.
+ RequireAdminApproval bool `json:"requireAdminApproval,omitempty"`
+
+ // RequireCorpOwned: Whether the device needs to be corp owned.
+ RequireCorpOwned bool `json:"requireCorpOwned,omitempty"`
+
+ // RequireScreenlock: Whether or not screenlock is required for the
+ // DevicePolicy to be true.
+ // Defaults to `false`.
+ RequireScreenlock bool `json:"requireScreenlock,omitempty"`
+
+ // ForceSendFields is a list of field names (e.g.
+ // "AllowedDeviceManagementLevels") to unconditionally include in API
+ // requests. By default, fields with empty values are omitted from API
+ // requests. However, any non-pointer, non-interface field appearing in
+ // ForceSendFields will be sent to the server regardless of whether the
+ // field is empty or not. This may be used to include empty fields in
+ // Patch requests.
+ ForceSendFields []string `json:"-"`
+
+ // NullFields is a list of field names (e.g.
+ // "AllowedDeviceManagementLevels") to include in API requests with the
+ // JSON null value. By default, fields with empty values are omitted
+ // from API requests. However, any field with an empty value appearing
+ // in NullFields will be sent to the server as null. It is an error if a
+ // field in this list has a non-empty value. This may be used to include
+ // null fields in Patch requests.
+ NullFields []string `json:"-"`
+}
+
+func (s *GoogleIdentityAccesscontextmanagerV1DevicePolicy) MarshalJSON() ([]byte, error) {
+ type NoMethod GoogleIdentityAccesscontextmanagerV1DevicePolicy
+ raw := NoMethod(*s)
+ return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// GoogleIdentityAccesscontextmanagerV1OsConstraint: A restriction on
+// the OS type and version of devices making requests.
+type GoogleIdentityAccesscontextmanagerV1OsConstraint struct {
+ // MinimumVersion: The minimum allowed OS version. If not set, any
+ // version of this OS
+ // satisfies the constraint. Format: "major.minor.patch".
+ // Examples: "10.5.301", "9.2.1".
+ MinimumVersion string `json:"minimumVersion,omitempty"`
+
+ // OsType: Required. The allowed OS type.
+ //
+ // Possible values:
+ // "OS_UNSPECIFIED" - The operating system of the device is not
+ // specified or not known.
+ // "DESKTOP_MAC" - A desktop Mac operating system.
+ // "DESKTOP_WINDOWS" - A desktop Windows operating system.
+ // "DESKTOP_LINUX" - A desktop Linux operating system.
+ // "DESKTOP_CHROME_OS" - A desktop ChromeOS operating system.
+ OsType string `json:"osType,omitempty"`
+
+ // RequireVerifiedChromeOs: Only allows requests from devices with a
+ // verified Chrome OS.
+ // Verifications includes requirements that the device is
+ // enterprise-managed,
+ // conformant to Dasher domain policies, and the caller has permission
+ // to call
+ // the API targeted by the request.
+ RequireVerifiedChromeOs bool `json:"requireVerifiedChromeOs,omitempty"`
+
+ // ForceSendFields is a list of field names (e.g. "MinimumVersion") to
+ // unconditionally include in API requests. By default, fields with
+ // empty values are omitted from API requests. However, any non-pointer,
+ // non-interface field appearing in ForceSendFields will be sent to the
+ // server regardless of whether the field is empty or not. This may be
+ // used to include empty fields in Patch requests.
+ ForceSendFields []string `json:"-"`
+
+ // NullFields is a list of field names (e.g. "MinimumVersion") to
+ // include in API requests with the JSON null value. By default, fields
+ // with empty values are omitted from API requests. However, any field
+ // with an empty value appearing in NullFields will be sent to the
+ // server as null. It is an error if a field in this list has a
+ // non-empty value. This may be used to include null fields in Patch
+ // requests.
+ NullFields []string `json:"-"`
+}
+
+func (s *GoogleIdentityAccesscontextmanagerV1OsConstraint) MarshalJSON() ([]byte, error) {
+ type NoMethod GoogleIdentityAccesscontextmanagerV1OsConstraint
+ raw := NoMethod(*s)
+ return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// GoogleIdentityAccesscontextmanagerV1ServicePerimeter:
+// `ServicePerimeter` describes a set of GCP resources which can freely
+// import
+// and export data amongst themselves, but not export outside of
+// the
+// `ServicePerimeter`. If a request with a source within this
+// `ServicePerimeter`
+// has a target outside of the `ServicePerimeter`, the request will be
+// blocked.
+// Otherwise the request is allowed. There are two types of Service
+// Perimeter -
+// Regular and Bridge. Regular Service Perimeters cannot overlap, a
+// single GCP
+// project can only belong to a single regular Service Perimeter.
+// Service
+// Perimeter Bridges can contain only GCP projects as members, a single
+// GCP
+// project may belong to multiple Service Perimeter Bridges.
+type GoogleIdentityAccesscontextmanagerV1ServicePerimeter struct {
+ // CreateTime: Output only. Time the `ServicePerimeter` was created in
+ // UTC.
+ CreateTime string `json:"createTime,omitempty"`
+
+ // Description: Description of the `ServicePerimeter` and its use. Does
+ // not affect
+ // behavior.
+ Description string `json:"description,omitempty"`
+
+ // Name: Required. Resource name for the ServicePerimeter. The
+ // `short_name`
+ // component must begin with a letter and only include alphanumeric and
+ // '_'.
+ // Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+ Name string `json:"name,omitempty"`
+
+ // PerimeterType: Perimeter type indicator. A single project is
+ // allowed to be a member of single regular perimeter, but multiple
+ // service
+ // perimeter bridges. A project cannot be a included in a perimeter
+ // bridge
+ // without being included in regular perimeter. For perimeter
+ // bridges,
+ // the restricted service list as well as access level lists must
+ // be
+ // empty.
+ //
+ // Possible values:
+ // "PERIMETER_TYPE_REGULAR" - Regular Perimeter.
+ // "PERIMETER_TYPE_BRIDGE" - Perimeter Bridge.
+ PerimeterType string `json:"perimeterType,omitempty"`
+
+ // Status: Current ServicePerimeter configuration. Specifies sets of
+ // resources,
+ // restricted services and access levels that determine
+ // perimeter
+ // content and boundaries.
+ Status *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig `json:"status,omitempty"`
+
+ // Title: Human readable title. Must be unique within the Policy.
+ Title string `json:"title,omitempty"`
+
+ // UpdateTime: Output only. Time the `ServicePerimeter` was updated in
+ // UTC.
+ UpdateTime string `json:"updateTime,omitempty"`
+
+ // ForceSendFields is a list of field names (e.g. "CreateTime") to
+ // unconditionally include in API requests. By default, fields with
+ // empty values are omitted from API requests. However, any non-pointer,
+ // non-interface field appearing in ForceSendFields will be sent to the
+ // server regardless of whether the field is empty or not. This may be
+ // used to include empty fields in Patch requests.
+ ForceSendFields []string `json:"-"`
+
+ // NullFields is a list of field names (e.g. "CreateTime") to include in
+ // API requests with the JSON null value. By default, fields with empty
+ // values are omitted from API requests. However, any field with an
+ // empty value appearing in NullFields will be sent to the server as
+ // null. It is an error if a field in this list has a non-empty value.
+ // This may be used to include null fields in Patch requests.
+ NullFields []string `json:"-"`
+}
+
+func (s *GoogleIdentityAccesscontextmanagerV1ServicePerimeter) MarshalJSON() ([]byte, error) {
+ type NoMethod GoogleIdentityAccesscontextmanagerV1ServicePerimeter
+ raw := NoMethod(*s)
+ return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
+// GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig:
+// `ServicePerimeterConfig` specifies a set of GCP resources that
+// describe
+// specific Service Perimeter configuration.
+type GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig struct {
+ // AccessLevels: A list of `AccessLevel` resource names that allow
+ // resources within the
+ // `ServicePerimeter` to be accessed from the internet. `AccessLevels`
+ // listed
+ // must be in the same policy as this `ServicePerimeter`. Referencing
+ // a
+ // nonexistent `AccessLevel` is a syntax error. If no `AccessLevel`
+ // names are
+ // listed, resources within the perimeter can only be accessed via GCP
+ // calls
+ // with request origins within the perimeter.
+ // Example:
+ // "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL".
+ // For Service Perimeter Bridge, must be empty.
+ AccessLevels []string `json:"accessLevels,omitempty"`
+
+ // Resources: A list of GCP resources that are inside of the service
+ // perimeter.
+ // Currently only projects are allowed. Format:
+ // `projects/{project_number}`
+ Resources []string `json:"resources,omitempty"`
+
+ // RestrictedServices: GCP services that are subject to the Service
+ // Perimeter restrictions. For
+ // example, if `storage.googleapis.com` is specified, access to the
+ // storage
+ // buckets inside the perimeter must meet the perimeter's access
+ // restrictions.
+ RestrictedServices []string `json:"restrictedServices,omitempty"`
+
+ // ForceSendFields is a list of field names (e.g. "AccessLevels") to
+ // unconditionally include in API requests. By default, fields with
+ // empty values are omitted from API requests. However, any non-pointer,
+ // non-interface field appearing in ForceSendFields will be sent to the
+ // server regardless of whether the field is empty or not. This may be
+ // used to include empty fields in Patch requests.
+ ForceSendFields []string `json:"-"`
+
+ // NullFields is a list of field names (e.g. "AccessLevels") to include
+ // in API requests with the JSON null value. By default, fields with
+ // empty values are omitted from API requests. However, any field with
+ // an empty value appearing in NullFields will be sent to the server as
+ // null. It is an error if a field in this list has a non-empty value.
+ // This may be used to include null fields in Patch requests.
+ NullFields []string `json:"-"`
+}
+
+func (s *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig) MarshalJSON() ([]byte, error) {
+ type NoMethod GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig
+ raw := NoMethod(*s)
+ return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
+}
+
// Operation: This resource represents a long-running operation that is
// the result of a
// network API call.
@@ -1123,18 +1702,27 @@
// OutputConfig: Output configuration for export assets destination.
type OutputConfig struct {
+ // BigqueryDestination: Destination on BigQuery. The output table stores
+ // the fields in asset
+ // proto as columns in BigQuery. The resource/iam_policy field is
+ // converted
+ // to a record with each field to a column, except metadata to a single
+ // JSON
+ // string.
+ BigqueryDestination *BigQueryDestination `json:"bigqueryDestination,omitempty"`
+
// GcsDestination: Destination on Cloud Storage.
GcsDestination *GcsDestination `json:"gcsDestination,omitempty"`
- // ForceSendFields is a list of field names (e.g. "GcsDestination") to
- // unconditionally include in API requests. By default, fields with
+ // ForceSendFields is a list of field names (e.g. "BigqueryDestination")
+ // to unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
- // NullFields is a list of field names (e.g. "GcsDestination") to
+ // NullFields is a list of field names (e.g. "BigqueryDestination") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
@@ -1229,7 +1817,17 @@
// policy is overwritten.
Etag string `json:"etag,omitempty"`
- // Version: Deprecated.
+ // Version: Specifies the format of the policy.
+ //
+ // Valid values are 0, 1, and 3. Requests specifying an invalid value
+ // will be
+ // rejected.
+ //
+ // Policies with any conditional bindings must specify version 3.
+ // Policies
+ // without any conditional bindings may specify any valid value or leave
+ // the
+ // field unset.
Version int64 `json:"version,omitempty"`
// ForceSendFields is a list of field names (e.g. "AuditConfigs") to
@@ -1663,6 +2261,7 @@
// "RESOURCE"
// "IAM_POLICY"
// "ORG_POLICY"
+// "ACCESS_POLICY"
func (c *V1BatchGetAssetsHistoryCall) ContentType(contentType string) *V1BatchGetAssetsHistoryCall {
c.urlParams_.Set("contentType", contentType)
return c
@@ -1804,7 +2403,8 @@
// "CONTENT_TYPE_UNSPECIFIED",
// "RESOURCE",
// "IAM_POLICY",
- // "ORG_POLICY"
+ // "ORG_POLICY",
+ // "ACCESS_POLICY"
// ],
// "location": "query",
// "type": "string"
diff --git a/cloudasset/v1beta1/cloudasset-api.json b/cloudasset/v1beta1/cloudasset-api.json
index 7b6711c..94c80aa 100644
--- a/cloudasset/v1beta1/cloudasset-api.json
+++ b/cloudasset/v1beta1/cloudasset-api.json
@@ -400,7 +400,7 @@
}
}
},
- "revision": "20190709",
+ "revision": "20190831",
"rootUrl": "https://cloudasset.googleapis.com/",
"schemas": {
"Asset": {
@@ -455,10 +455,6 @@
},
"type": "array"
},
- "ignoreChildExemptions": {
- "description": "Specifies whether principals can be exempted for the same LogType in\nlower-level resource policies. If true, any lower-level exemptions will\nbe ignored.",
- "type": "boolean"
- },
"logType": {
"description": "The log type that this config enables.",
"enum": [
@@ -659,7 +655,7 @@
"type": "string"
},
"version": {
- "description": "Deprecated.",
+ "description": "Specifies the format of the policy.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nPolicies with any conditional bindings must specify version 3. Policies\nwithout any conditional bindings may specify any valid value or leave the\nfield unset.",
"format": "int32",
"type": "integer"
}
diff --git a/cloudasset/v1beta1/cloudasset-gen.go b/cloudasset/v1beta1/cloudasset-gen.go
index 365fdcf..ea3cfb8 100644
--- a/cloudasset/v1beta1/cloudasset-gen.go
+++ b/cloudasset/v1beta1/cloudasset-gen.go
@@ -369,13 +369,6 @@
// Follows the same format of Binding.members.
ExemptedMembers []string `json:"exemptedMembers,omitempty"`
- // IgnoreChildExemptions: Specifies whether principals can be exempted
- // for the same LogType in
- // lower-level resource policies. If true, any lower-level exemptions
- // will
- // be ignored.
- IgnoreChildExemptions bool `json:"ignoreChildExemptions,omitempty"`
-
// LogType: The log type that this config enables.
//
// Possible values:
@@ -865,7 +858,17 @@
// policy is overwritten.
Etag string `json:"etag,omitempty"`
- // Version: Deprecated.
+ // Version: Specifies the format of the policy.
+ //
+ // Valid values are 0, 1, and 3. Requests specifying an invalid value
+ // will be
+ // rejected.
+ //
+ // Policies with any conditional bindings must specify version 3.
+ // Policies
+ // without any conditional bindings may specify any valid value or leave
+ // the
+ // field unset.
Version int64 `json:"version,omitempty"`
// ForceSendFields is a list of field names (e.g. "AuditConfigs") to
diff --git a/cloudresourcemanager/v2beta1/cloudresourcemanager-api.json b/cloudresourcemanager/v2beta1/cloudresourcemanager-api.json
index c006cd4..192b207 100644
--- a/cloudresourcemanager/v2beta1/cloudresourcemanager-api.json
+++ b/cloudresourcemanager/v2beta1/cloudresourcemanager-api.json
@@ -449,7 +449,7 @@
}
}
},
- "revision": "20190830",
+ "revision": "20190807",
"rootUrl": "https://cloudresourcemanager.googleapis.com/",
"schemas": {
"AuditConfig": {
@@ -667,7 +667,7 @@
"id": "GetPolicyOptions",
"properties": {
"requestedPolicyVersion": {
- "description": "Optional. The policy format version to be returned.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nRequests for policies with any conditional bindings must specify version 3.\nPolicies without any conditional bindings may specify any valid value or\nleave the field unset.",
+ "description": "Optional. The policy format version to be returned.\nAcceptable values are 0, 1, and 3.\nIf the value is 0, or the field is omitted, policy format version 1 will be\nreturned.",
"format": "int32",
"type": "integer"
}
@@ -762,7 +762,7 @@
"type": "string"
},
"version": {
- "description": "Specifies the format of the policy.\n\nValid values are 0, 1, and 3. Requests specifying an invalid value will be\nrejected.\n\nPolicies with any conditional bindings must specify version 3. Policies\nwithout any conditional bindings may specify any valid value or leave the\nfield unset.",
+ "description": "Deprecated.",
"format": "int32",
"type": "integer"
}
diff --git a/cloudresourcemanager/v2beta1/cloudresourcemanager-gen.go b/cloudresourcemanager/v2beta1/cloudresourcemanager-gen.go
index fd55d92..b9cb450 100644
--- a/cloudresourcemanager/v2beta1/cloudresourcemanager-gen.go
+++ b/cloudresourcemanager/v2beta1/cloudresourcemanager-gen.go
@@ -643,16 +643,10 @@
type GetPolicyOptions struct {
// RequestedPolicyVersion: Optional. The policy format version to be
// returned.
- //
- // Valid values are 0, 1, and 3. Requests specifying an invalid value
+ // Acceptable values are 0, 1, and 3.
+ // If the value is 0, or the field is omitted, policy format version 1
// will be
- // rejected.
- //
- // Requests for policies with any conditional bindings must specify
- // version 3.
- // Policies without any conditional bindings may specify any valid value
- // or
- // leave the field unset.
+ // returned.
RequestedPolicyVersion int64 `json:"requestedPolicyVersion,omitempty"`
// ForceSendFields is a list of field names (e.g.
@@ -908,17 +902,7 @@
// policy is overwritten.
Etag string `json:"etag,omitempty"`
- // Version: Specifies the format of the policy.
- //
- // Valid values are 0, 1, and 3. Requests specifying an invalid value
- // will be
- // rejected.
- //
- // Policies with any conditional bindings must specify version 3.
- // Policies
- // without any conditional bindings may specify any valid value or leave
- // the
- // field unset.
+ // Version: Deprecated.
Version int64 `json:"version,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
