| // Copyright 2020 Google LLC. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| // Code generated file. DO NOT EDIT. |
| |
| // Package iam provides access to the Identity and Access Management (IAM) API. |
| // |
| // For product documentation, see: https://cloud.google.com/iam/ |
| // |
| // Creating a client |
| // |
| // Usage example: |
| // |
| // import "google.golang.org/api/iam/v1" |
| // ... |
| // ctx := context.Background() |
| // iamService, err := iam.NewService(ctx) |
| // |
| // In this example, Google Application Default Credentials are used for authentication. |
| // |
| // For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. |
| // |
| // Other authentication options |
| // |
| // To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey: |
| // |
| // iamService, err := iam.NewService(ctx, option.WithAPIKey("AIza...")) |
| // |
| // To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource: |
| // |
| // config := &oauth2.Config{...} |
| // // ... |
| // token, err := config.Exchange(ctx, ...) |
| // iamService, err := iam.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) |
| // |
| // See https://godoc.org/google.golang.org/api/option/ for details on options. |
| package iam // import "google.golang.org/api/iam/v1" |
| |
| import ( |
| "bytes" |
| "context" |
| "encoding/json" |
| "errors" |
| "fmt" |
| "io" |
| "net/http" |
| "net/url" |
| "strconv" |
| "strings" |
| |
| googleapi "google.golang.org/api/googleapi" |
| gensupport "google.golang.org/api/internal/gensupport" |
| option "google.golang.org/api/option" |
| internaloption "google.golang.org/api/option/internaloption" |
| htransport "google.golang.org/api/transport/http" |
| ) |
| |
| // Always reference these packages, just in case the auto-generated code |
| // below doesn't. |
| var _ = bytes.NewBuffer |
| var _ = strconv.Itoa |
| var _ = fmt.Sprintf |
| var _ = json.NewDecoder |
| var _ = io.Copy |
| var _ = url.Parse |
| var _ = gensupport.MarshalJSON |
| var _ = googleapi.Version |
| var _ = errors.New |
| var _ = strings.Replace |
| var _ = context.Canceled |
| var _ = internaloption.WithDefaultEndpoint |
| |
| const apiId = "iam:v1" |
| const apiName = "iam" |
| const apiVersion = "v1" |
| const basePath = "https://iam.googleapis.com/" |
| const mtlsBasePath = "https://iam.mtls.googleapis.com/" |
| |
| // OAuth2 scopes used by this API. |
| const ( |
| // View and manage your data across Google Cloud Platform services |
| CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" |
| ) |
| |
| // NewService creates a new Service. |
| func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { |
| scopesOption := option.WithScopes( |
| "https://www.googleapis.com/auth/cloud-platform", |
| ) |
| // NOTE: prepend, so we don't override user-specified scopes. |
| opts = append([]option.ClientOption{scopesOption}, opts...) |
| opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) |
| opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) |
| client, endpoint, err := htransport.NewClient(ctx, opts...) |
| if err != nil { |
| return nil, err |
| } |
| s, err := New(client) |
| if err != nil { |
| return nil, err |
| } |
| if endpoint != "" { |
| s.BasePath = endpoint |
| } |
| return s, nil |
| } |
| |
| // New creates a new Service. It uses the provided http.Client for requests. |
| // |
| // Deprecated: please use NewService instead. |
| // To provide a custom HTTP client, use option.WithHTTPClient. |
| // If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. |
| func New(client *http.Client) (*Service, error) { |
| if client == nil { |
| return nil, errors.New("client is nil") |
| } |
| s := &Service{client: client, BasePath: basePath} |
| s.IamPolicies = NewIamPoliciesService(s) |
| s.Organizations = NewOrganizationsService(s) |
| s.Permissions = NewPermissionsService(s) |
| s.Projects = NewProjectsService(s) |
| s.Roles = NewRolesService(s) |
| return s, nil |
| } |
| |
| type Service struct { |
| client *http.Client |
| BasePath string // API endpoint base URL |
| UserAgent string // optional additional User-Agent fragment |
| |
| IamPolicies *IamPoliciesService |
| |
| Organizations *OrganizationsService |
| |
| Permissions *PermissionsService |
| |
| Projects *ProjectsService |
| |
| Roles *RolesService |
| } |
| |
| func (s *Service) userAgent() string { |
| if s.UserAgent == "" { |
| return googleapi.UserAgent |
| } |
| return googleapi.UserAgent + " " + s.UserAgent |
| } |
| |
| func NewIamPoliciesService(s *Service) *IamPoliciesService { |
| rs := &IamPoliciesService{s: s} |
| return rs |
| } |
| |
| type IamPoliciesService struct { |
| s *Service |
| } |
| |
| func NewOrganizationsService(s *Service) *OrganizationsService { |
| rs := &OrganizationsService{s: s} |
| rs.Roles = NewOrganizationsRolesService(s) |
| return rs |
| } |
| |
| type OrganizationsService struct { |
| s *Service |
| |
| Roles *OrganizationsRolesService |
| } |
| |
| func NewOrganizationsRolesService(s *Service) *OrganizationsRolesService { |
| rs := &OrganizationsRolesService{s: s} |
| return rs |
| } |
| |
| type OrganizationsRolesService struct { |
| s *Service |
| } |
| |
| func NewPermissionsService(s *Service) *PermissionsService { |
| rs := &PermissionsService{s: s} |
| return rs |
| } |
| |
| type PermissionsService struct { |
| s *Service |
| } |
| |
| func NewProjectsService(s *Service) *ProjectsService { |
| rs := &ProjectsService{s: s} |
| rs.Roles = NewProjectsRolesService(s) |
| rs.ServiceAccounts = NewProjectsServiceAccountsService(s) |
| return rs |
| } |
| |
| type ProjectsService struct { |
| s *Service |
| |
| Roles *ProjectsRolesService |
| |
| ServiceAccounts *ProjectsServiceAccountsService |
| } |
| |
| func NewProjectsRolesService(s *Service) *ProjectsRolesService { |
| rs := &ProjectsRolesService{s: s} |
| return rs |
| } |
| |
| type ProjectsRolesService struct { |
| s *Service |
| } |
| |
| func NewProjectsServiceAccountsService(s *Service) *ProjectsServiceAccountsService { |
| rs := &ProjectsServiceAccountsService{s: s} |
| rs.Keys = NewProjectsServiceAccountsKeysService(s) |
| return rs |
| } |
| |
| type ProjectsServiceAccountsService struct { |
| s *Service |
| |
| Keys *ProjectsServiceAccountsKeysService |
| } |
| |
| func NewProjectsServiceAccountsKeysService(s *Service) *ProjectsServiceAccountsKeysService { |
| rs := &ProjectsServiceAccountsKeysService{s: s} |
| return rs |
| } |
| |
| type ProjectsServiceAccountsKeysService struct { |
| s *Service |
| } |
| |
| func NewRolesService(s *Service) *RolesService { |
| rs := &RolesService{s: s} |
| return rs |
| } |
| |
| type RolesService struct { |
| s *Service |
| } |
| |
| // AdminAuditData: Audit log information specific to Cloud IAM admin |
| // APIs. This message is serialized as an `Any` type in the |
| // `ServiceData` message of an `AuditLog` message. |
| type AdminAuditData struct { |
| // PermissionDelta: The permission_delta when when creating or updating |
| // a Role. |
| PermissionDelta *PermissionDelta `json:"permissionDelta,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "PermissionDelta") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "PermissionDelta") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *AdminAuditData) MarshalJSON() ([]byte, error) { |
| type NoMethod AdminAuditData |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // AuditConfig: Specifies the audit configuration for a service. The |
| // configuration determines which permission types are logged, and what |
| // identities, if any, are exempted from logging. An AuditConfig must |
| // have one or more AuditLogConfigs. If there are AuditConfigs for both |
| // `allServices` and a specific service, the union of the two |
| // AuditConfigs is used for that service: the log_types specified in |
| // each AuditConfig are enabled, and the exempted_members in each |
| // AuditLogConfig are exempted. Example Policy with multiple |
| // AuditConfigs: { "audit_configs": [ { "service": "allServices", |
| // "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": |
| // [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { |
| // "log_type": "ADMIN_READ" } ] }, { "service": |
| // "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": |
| // "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ |
| // "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy |
| // enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts |
| // jose@example.com from DATA_READ logging, and aliya@example.com from |
| // DATA_WRITE logging. |
| type AuditConfig struct { |
| // AuditLogConfigs: The configuration for logging of each type of |
| // permission. |
| AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"` |
| |
| // Service: Specifies a service that will be enabled for audit logging. |
| // For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. |
| // `allServices` is a special value that covers all services. |
| Service string `json:"service,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "AuditLogConfigs") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *AuditConfig) MarshalJSON() ([]byte, error) { |
| type NoMethod AuditConfig |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // AuditData: Audit log information specific to Cloud IAM. This message |
| // is serialized as an `Any` type in the `ServiceData` message of an |
| // `AuditLog` message. |
| type AuditData struct { |
| // PolicyDelta: Policy delta between the original policy and the newly |
| // set policy. |
| PolicyDelta *PolicyDelta `json:"policyDelta,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "PolicyDelta") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "PolicyDelta") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *AuditData) MarshalJSON() ([]byte, error) { |
| type NoMethod AuditData |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // AuditLogConfig: Provides the configuration for logging a type of |
| // permissions. Example: { "audit_log_configs": [ { "log_type": |
| // "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { |
| // "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and |
| // 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ |
| // logging. |
| type AuditLogConfig struct { |
| // ExemptedMembers: Specifies the identities that do not cause logging |
| // for this type of permission. Follows the same format of |
| // Binding.members. |
| ExemptedMembers []string `json:"exemptedMembers,omitempty"` |
| |
| // LogType: The log type that this config enables. |
| // |
| // Possible values: |
| // "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this. |
| // "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy |
| // "DATA_WRITE" - Data writes. Example: CloudSQL Users create |
| // "DATA_READ" - Data reads. Example: CloudSQL Users list |
| LogType string `json:"logType,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "ExemptedMembers") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "ExemptedMembers") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *AuditLogConfig) MarshalJSON() ([]byte, error) { |
| type NoMethod AuditLogConfig |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // AuditableService: Contains information about an auditable service. |
| type AuditableService struct { |
| // Name: Public name of the service. For example, the service name for |
| // Cloud IAM is 'iam.googleapis.com'. |
| Name string `json:"name,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Name") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Name") to include in API |
| // requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *AuditableService) MarshalJSON() ([]byte, error) { |
| type NoMethod AuditableService |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // Binding: Associates `members` with a `role`. |
| type Binding struct { |
| // BindingId: A client-specified ID for this binding. Expected to be |
| // globally unique to support the internal bindings-by-ID API. |
| BindingId string `json:"bindingId,omitempty"` |
| |
| // Condition: The condition that is associated with this binding. If the |
| // condition evaluates to `true`, then this binding applies to the |
| // current request. If the condition evaluates to `false`, then this |
| // binding does not apply to the current request. However, a different |
| // role binding might grant the same role to one or more of the members |
| // in this binding. To learn which resources support conditions in their |
| // IAM policies, see the [IAM |
| // documentation](https://cloud.google.com/iam/help/conditions/resource-p |
| // olicies). |
| Condition *Expr `json:"condition,omitempty"` |
| |
| // Members: Specifies the identities requesting access for a Cloud |
| // Platform resource. `members` can have the following values: * |
| // `allUsers`: A special identifier that represents anyone who is on the |
| // internet; with or without a Google account. * |
| // `allAuthenticatedUsers`: A special identifier that represents anyone |
| // who is authenticated with a Google account or a service account. * |
| // `user:{emailid}`: An email address that represents a specific Google |
| // account. For example, `alice@example.com` . * |
| // `serviceAccount:{emailid}`: An email address that represents a |
| // service account. For example, |
| // `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An |
| // email address that represents a Google group. For example, |
| // `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An |
| // email address (plus unique identifier) representing a user that has |
| // been recently deleted. For example, |
| // `alice@example.com?uid=123456789012345678901`. If the user is |
| // recovered, this value reverts to `user:{emailid}` and the recovered |
| // user retains the role in the binding. * |
| // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address |
| // (plus unique identifier) representing a service account that has been |
| // recently deleted. For example, |
| // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. |
| // If the service account is undeleted, this value reverts to |
| // `serviceAccount:{emailid}` and the undeleted service account retains |
| // the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: |
| // An email address (plus unique identifier) representing a Google group |
| // that has been recently deleted. For example, |
| // `admins@example.com?uid=123456789012345678901`. If the group is |
| // recovered, this value reverts to `group:{emailid}` and the recovered |
| // group retains the role in the binding. * `domain:{domain}`: The G |
| // Suite domain (primary) that represents all the users of that domain. |
| // For example, `google.com` or `example.com`. |
| Members []string `json:"members,omitempty"` |
| |
| // Role: Role that is assigned to `members`. For example, |
| // `roles/viewer`, `roles/editor`, or `roles/owner`. |
| Role string `json:"role,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "BindingId") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "BindingId") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *Binding) MarshalJSON() ([]byte, error) { |
| type NoMethod Binding |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // BindingDelta: One delta entry for Binding. Each individual change |
| // (only one member in each entry) to a binding will be a separate |
| // entry. |
| type BindingDelta struct { |
| // Action: The action that was performed on a Binding. Required |
| // |
| // Possible values: |
| // "ACTION_UNSPECIFIED" - Unspecified. |
| // "ADD" - Addition of a Binding. |
| // "REMOVE" - Removal of a Binding. |
| Action string `json:"action,omitempty"` |
| |
| // Condition: The condition that is associated with this binding. |
| Condition *Expr `json:"condition,omitempty"` |
| |
| // Member: A single identity requesting access for a Cloud Platform |
| // resource. Follows the same format of Binding.members. Required |
| Member string `json:"member,omitempty"` |
| |
| // Role: Role that is assigned to `members`. For example, |
| // `roles/viewer`, `roles/editor`, or `roles/owner`. Required |
| Role string `json:"role,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Action") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Action") to include in API |
| // requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *BindingDelta) MarshalJSON() ([]byte, error) { |
| type NoMethod BindingDelta |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // CreateRoleRequest: The request to create a new role. |
| type CreateRoleRequest struct { |
| // Role: The Role resource to create. |
| Role *Role `json:"role,omitempty"` |
| |
| // RoleId: The role ID to use for this role. A role ID may contain |
| // alphanumeric characters, underscores (`_`), and periods (`.`). It |
| // must contain a minimum of 3 characters and a maximum of 64 |
| // characters. |
| RoleId string `json:"roleId,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Role") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Role") to include in API |
| // requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *CreateRoleRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod CreateRoleRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // CreateServiceAccountKeyRequest: The service account key create |
| // request. |
| type CreateServiceAccountKeyRequest struct { |
| // KeyAlgorithm: Which type of key and algorithm to use for the key. The |
| // default is currently a 2K RSA key. However this may change in the |
| // future. |
| // |
| // Possible values: |
| // "KEY_ALG_UNSPECIFIED" - An unspecified key algorithm. |
| // "KEY_ALG_RSA_1024" - 1k RSA Key. |
| // "KEY_ALG_RSA_2048" - 2k RSA Key. |
| KeyAlgorithm string `json:"keyAlgorithm,omitempty"` |
| |
| // PrivateKeyType: The output format of the private key. The default |
| // value is `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google |
| // Credentials File format. |
| // |
| // Possible values: |
| // "TYPE_UNSPECIFIED" - Unspecified. Equivalent to |
| // `TYPE_GOOGLE_CREDENTIALS_FILE`. |
| // "TYPE_PKCS12_FILE" - PKCS12 format. The password for the PKCS12 |
| // file is `notasecret`. For more information, see |
| // https://tools.ietf.org/html/rfc7292. |
| // "TYPE_GOOGLE_CREDENTIALS_FILE" - Google Credentials File format. |
| PrivateKeyType string `json:"privateKeyType,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "KeyAlgorithm") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "KeyAlgorithm") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *CreateServiceAccountKeyRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod CreateServiceAccountKeyRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // CreateServiceAccountRequest: The service account create request. |
| type CreateServiceAccountRequest struct { |
| // AccountId: Required. The account id that is used to generate the |
| // service account email address and a stable unique id. It is unique |
| // within a project, must be 6-30 characters long, and match the regular |
| // expression `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035. |
| AccountId string `json:"accountId,omitempty"` |
| |
| // ServiceAccount: The ServiceAccount resource to create. Currently, |
| // only the following values are user assignable: `display_name` and |
| // `description`. |
| ServiceAccount *ServiceAccount `json:"serviceAccount,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "AccountId") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "AccountId") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *CreateServiceAccountRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod CreateServiceAccountRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // DisableServiceAccountRequest: The service account disable request. |
| type DisableServiceAccountRequest struct { |
| } |
| |
| // Empty: A generic empty message that you can re-use to avoid defining |
| // duplicated empty messages in your APIs. A typical example is to use |
| // it as the request or the response type of an API method. For |
| // instance: service Foo { rpc Bar(google.protobuf.Empty) returns |
| // (google.protobuf.Empty); } The JSON representation for `Empty` is |
| // empty JSON object `{}`. |
| type Empty struct { |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| } |
| |
| // EnableServiceAccountRequest: The service account enable request. |
| type EnableServiceAccountRequest struct { |
| } |
| |
| // Expr: Represents a textual expression in the Common Expression |
| // Language (CEL) syntax. CEL is a C-like expression language. The |
| // syntax and semantics of CEL are documented at |
| // https://github.com/google/cel-spec. Example (Comparison): title: |
| // "Summary size limit" description: "Determines if a summary is less |
| // than 100 chars" expression: "document.summary.size() < 100" Example |
| // (Equality): title: "Requestor is owner" description: "Determines if |
| // requestor is the document owner" expression: "document.owner == |
| // request.auth.claims.email" Example (Logic): title: "Public documents" |
| // description: "Determine whether the document should be publicly |
| // visible" expression: "document.type != 'private' && document.type != |
| // 'internal'" Example (Data Manipulation): title: "Notification string" |
| // description: "Create a notification string with a timestamp." |
| // expression: "'New message received at ' + |
| // string(document.create_time)" The exact variables and functions that |
| // may be referenced within an expression are determined by the service |
| // that evaluates it. See the service documentation for additional |
| // information. |
| type Expr struct { |
| // Description: Optional. Description of the expression. This is a |
| // longer text which describes the expression, e.g. when hovered over it |
| // in a UI. |
| Description string `json:"description,omitempty"` |
| |
| // Expression: Textual representation of an expression in Common |
| // Expression Language syntax. |
| Expression string `json:"expression,omitempty"` |
| |
| // Location: Optional. String indicating the location of the expression |
| // for error reporting, e.g. a file name and a position in the file. |
| Location string `json:"location,omitempty"` |
| |
| // Title: Optional. Title for the expression, i.e. a short string |
| // describing its purpose. This can be used e.g. in UIs which allow to |
| // enter the expression. |
| Title string `json:"title,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Description") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Description") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *Expr) MarshalJSON() ([]byte, error) { |
| type NoMethod Expr |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // LintPolicyRequest: The request to lint a Cloud IAM policy object. |
| type LintPolicyRequest struct { |
| // Condition: google.iam.v1.Binding.condition object to be linted. |
| Condition *Expr `json:"condition,omitempty"` |
| |
| // FullResourceName: The full resource name of the policy this lint |
| // request is about. The name follows the Google Cloud Platform (GCP) |
| // resource format. For example, a GCP project with ID `my-project` will |
| // be named `//cloudresourcemanager.googleapis.com/projects/my-project`. |
| // The resource name is not used to read the policy instance from the |
| // Cloud IAM database. The candidate policy for lint has to be provided |
| // in the same request object. |
| FullResourceName string `json:"fullResourceName,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Condition") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Condition") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *LintPolicyRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod LintPolicyRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // LintPolicyResponse: The response of a lint operation. An empty |
| // response indicates the operation was able to fully execute and no |
| // lint issue was found. |
| type LintPolicyResponse struct { |
| // LintResults: List of lint results sorted by `severity` in descending |
| // order. |
| LintResults []*LintResult `json:"lintResults,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "LintResults") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "LintResults") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *LintPolicyResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod LintPolicyResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // LintResult: Structured response of a single validation unit. |
| type LintResult struct { |
| // DebugMessage: Human readable debug message associated with the issue. |
| DebugMessage string `json:"debugMessage,omitempty"` |
| |
| // FieldName: The name of the field for which this lint result is about. |
| // For nested messages `field_name` consists of names of the embedded |
| // fields separated by period character. The top-level qualifier is the |
| // input object to lint in the request. For example, the `field_name` |
| // value `condition.expression` identifies a lint result for the |
| // `expression` field of the provided condition. |
| FieldName string `json:"fieldName,omitempty"` |
| |
| // Level: The validation unit level. |
| // |
| // Possible values: |
| // "LEVEL_UNSPECIFIED" - Level is unspecified. |
| // "CONDITION" - A validation unit which operates on an individual |
| // condition within a binding. |
| Level string `json:"level,omitempty"` |
| |
| // LocationOffset: 0-based character position of problematic construct |
| // within the object identified by `field_name`. Currently, this is |
| // populated only for condition expression. |
| LocationOffset int64 `json:"locationOffset,omitempty"` |
| |
| // Severity: The validation unit severity. |
| // |
| // Possible values: |
| // "SEVERITY_UNSPECIFIED" - Severity is unspecified. |
| // "ERROR" - A validation unit returns an error only for critical |
| // issues. If an attempt is made to set the problematic policy without |
| // rectifying the critical issue, it causes the `setPolicy` operation to |
| // fail. |
| // "WARNING" - Any issue which is severe enough but does not cause an |
| // error. For example, suspicious constructs in the input object will |
| // not necessarily fail `setPolicy`, but there is a high likelihood that |
| // they won't behave as expected during policy evaluation in |
| // `checkPolicy`. This includes the following common scenarios: - |
| // Unsatisfiable condition: Expired timestamp in date/time condition. - |
| // Ineffective condition: Condition on a pair which is granted |
| // unconditionally in another binding of the same policy. |
| // "NOTICE" - Reserved for the issues that are not severe as |
| // `ERROR`/`WARNING`, but need special handling. For instance, messages |
| // about skipped validation units are issued as `NOTICE`. |
| // "INFO" - Any informative statement which is not severe enough to |
| // raise `ERROR`/`WARNING`/`NOTICE`, like auto-correction |
| // recommendations on the input content. Note that current version of |
| // the linter does not utilize `INFO`. |
| // "DEPRECATED" - Deprecated severity level. |
| Severity string `json:"severity,omitempty"` |
| |
| // ValidationUnitName: The validation unit name, for instance |
| // "lintValidationUnits/ConditionComplexityCheck". |
| ValidationUnitName string `json:"validationUnitName,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "DebugMessage") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "DebugMessage") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *LintResult) MarshalJSON() ([]byte, error) { |
| type NoMethod LintResult |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // ListRolesResponse: The response containing the roles defined under a |
| // resource. |
| type ListRolesResponse struct { |
| // NextPageToken: To retrieve the next page of results, set |
| // `ListRolesRequest.page_token` to this value. |
| NextPageToken string `json:"nextPageToken,omitempty"` |
| |
| // Roles: The Roles defined on this resource. |
| Roles []*Role `json:"roles,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "NextPageToken") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "NextPageToken") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *ListRolesResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod ListRolesResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // ListServiceAccountKeysResponse: The service account keys list |
| // response. |
| type ListServiceAccountKeysResponse struct { |
| // Keys: The public keys for the service account. |
| Keys []*ServiceAccountKey `json:"keys,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Keys") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Keys") to include in API |
| // requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *ListServiceAccountKeysResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod ListServiceAccountKeysResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // ListServiceAccountsResponse: The service account list response. |
| type ListServiceAccountsResponse struct { |
| // Accounts: The list of matching service accounts. |
| Accounts []*ServiceAccount `json:"accounts,omitempty"` |
| |
| // NextPageToken: To retrieve the next page of results, set |
| // ListServiceAccountsRequest.page_token to this value. |
| NextPageToken string `json:"nextPageToken,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Accounts") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Accounts") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *ListServiceAccountsResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod ListServiceAccountsResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // PatchServiceAccountRequest: The request for PatchServiceAccount. You |
| // can patch only the `display_name` and `description` fields. You must |
| // use the `update_mask` field to specify which of these fields you want |
| // to patch. Only the fields specified in the request are guaranteed to |
| // be returned in the response. Other fields may be empty in the |
| // response. |
| type PatchServiceAccountRequest struct { |
| ServiceAccount *ServiceAccount `json:"serviceAccount,omitempty"` |
| |
| UpdateMask string `json:"updateMask,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "ServiceAccount") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "ServiceAccount") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *PatchServiceAccountRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod PatchServiceAccountRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // Permission: A permission which can be included by a role. |
| type Permission struct { |
| // ApiDisabled: The service API associated with the permission is not |
| // enabled. |
| ApiDisabled bool `json:"apiDisabled,omitempty"` |
| |
| // CustomRolesSupportLevel: The current custom role support level. |
| // |
| // Possible values: |
| // "SUPPORTED" - Permission is fully supported for custom role use. |
| // "TESTING" - Permission is being tested to check custom role |
| // compatibility. |
| // "NOT_SUPPORTED" - Permission is not supported for custom role use. |
| CustomRolesSupportLevel string `json:"customRolesSupportLevel,omitempty"` |
| |
| // Description: A brief description of what this Permission is used for. |
| // This permission can ONLY be used in predefined roles. |
| Description string `json:"description,omitempty"` |
| |
| // Name: The name of this Permission. |
| Name string `json:"name,omitempty"` |
| |
| OnlyInPredefinedRoles bool `json:"onlyInPredefinedRoles,omitempty"` |
| |
| // PrimaryPermission: The preferred name for this permission. If |
| // present, then this permission is an alias of, and equivalent to, the |
| // listed primary_permission. |
| PrimaryPermission string `json:"primaryPermission,omitempty"` |
| |
| // Stage: The current launch stage of the permission. |
| // |
| // Possible values: |
| // "ALPHA" - The permission is currently in an alpha phase. |
| // "BETA" - The permission is currently in a beta phase. |
| // "GA" - The permission is generally available. |
| // "DEPRECATED" - The permission is being deprecated. |
| Stage string `json:"stage,omitempty"` |
| |
| // Title: The title of this Permission. |
| Title string `json:"title,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "ApiDisabled") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "ApiDisabled") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *Permission) MarshalJSON() ([]byte, error) { |
| type NoMethod Permission |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // PermissionDelta: A PermissionDelta message to record the |
| // added_permissions and removed_permissions inside a role. |
| type PermissionDelta struct { |
| // AddedPermissions: Added permissions. |
| AddedPermissions []string `json:"addedPermissions,omitempty"` |
| |
| // RemovedPermissions: Removed permissions. |
| RemovedPermissions []string `json:"removedPermissions,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "AddedPermissions") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "AddedPermissions") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *PermissionDelta) MarshalJSON() ([]byte, error) { |
| type NoMethod PermissionDelta |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // Policy: An Identity and Access Management (IAM) policy, which |
| // specifies access controls for Google Cloud resources. A `Policy` is a |
| // collection of `bindings`. A `binding` binds one or more `members` to |
| // a single `role`. Members can be user accounts, service accounts, |
| // Google groups, and domains (such as G Suite). A `role` is a named |
| // list of permissions; each `role` can be an IAM predefined role or a |
| // user-created custom role. For some types of Google Cloud resources, a |
| // `binding` can also specify a `condition`, which is a logical |
| // expression that allows access to a resource only if the expression |
| // evaluates to `true`. A condition can add constraints based on |
| // attributes of the request, the resource, or both. To learn which |
| // resources support conditions in their IAM policies, see the [IAM |
| // documentation](https://cloud.google.com/iam/help/conditions/resource-p |
| // olicies). **JSON example:** { "bindings": [ { "role": |
| // "roles/resourcemanager.organizationAdmin", "members": [ |
| // "user:mike@example.com", "group:admins@example.com", |
| // "domain:google.com", |
| // "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { |
| // "role": "roles/resourcemanager.organizationViewer", "members": [ |
| // "user:eve@example.com" ], "condition": { "title": "expirable access", |
| // "description": "Does not grant access after Sep 2020", "expression": |
| // "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], |
| // "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - |
| // members: - user:mike@example.com - group:admins@example.com - |
| // domain:google.com - |
| // serviceAccount:my-project-id@appspot.gserviceaccount.com role: |
| // roles/resourcemanager.organizationAdmin - members: - |
| // user:eve@example.com role: roles/resourcemanager.organizationViewer |
| // condition: title: expirable access description: Does not grant access |
| // after Sep 2020 expression: request.time < |
| // timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: |
| // 3 For a description of IAM and its features, see the [IAM |
| // documentation](https://cloud.google.com/iam/docs/). |
| type Policy struct { |
| // AuditConfigs: Specifies cloud audit logging configuration for this |
| // policy. |
| AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"` |
| |
| // Bindings: Associates a list of `members` to a `role`. Optionally, may |
| // specify a `condition` that determines how and when the `bindings` are |
| // applied. Each of the `bindings` must contain at least one member. |
| Bindings []*Binding `json:"bindings,omitempty"` |
| |
| // Etag: `etag` is used for optimistic concurrency control as a way to |
| // help prevent simultaneous updates of a policy from overwriting each |
| // other. It is strongly suggested that systems make use of the `etag` |
| // in the read-modify-write cycle to perform policy updates in order to |
| // avoid race conditions: An `etag` is returned in the response to |
| // `getIamPolicy`, and systems are expected to put that etag in the |
| // request to `setIamPolicy` to ensure that their change will be applied |
| // to the same version of the policy. **Important:** If you use IAM |
| // Conditions, you must include the `etag` field whenever you call |
| // `setIamPolicy`. If you omit this field, then IAM allows you to |
| // overwrite a version `3` policy with a version `1` policy, and all of |
| // the conditions in the version `3` policy are lost. |
| Etag string `json:"etag,omitempty"` |
| |
| // Version: Specifies the format of the policy. Valid values are `0`, |
| // `1`, and `3`. Requests that specify an invalid value are rejected. |
| // Any operation that affects conditional role bindings must specify |
| // version `3`. This requirement applies to the following operations: * |
| // Getting a policy that includes a conditional role binding * Adding a |
| // conditional role binding to a policy * Changing a conditional role |
| // binding in a policy * Removing any role binding, with or without a |
| // condition, from a policy that includes conditions **Important:** If |
| // you use IAM Conditions, you must include the `etag` field whenever |
| // you call `setIamPolicy`. If you omit this field, then IAM allows you |
| // to overwrite a version `3` policy with a version `1` policy, and all |
| // of the conditions in the version `3` policy are lost. If a policy |
| // does not include any conditions, operations on that policy may |
| // specify any valid version or leave the field unset. To learn which |
| // resources support conditions in their IAM policies, see the [IAM |
| // documentation](https://cloud.google.com/iam/help/conditions/resource-p |
| // olicies). |
| Version int64 `json:"version,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "AuditConfigs") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "AuditConfigs") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *Policy) MarshalJSON() ([]byte, error) { |
| type NoMethod Policy |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // PolicyDelta: The difference delta between two policies. |
| type PolicyDelta struct { |
| // BindingDeltas: The delta for Bindings between two policies. |
| BindingDeltas []*BindingDelta `json:"bindingDeltas,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "BindingDeltas") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "BindingDeltas") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *PolicyDelta) MarshalJSON() ([]byte, error) { |
| type NoMethod PolicyDelta |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // QueryAuditableServicesRequest: A request to get the list of auditable |
| // services for a resource. |
| type QueryAuditableServicesRequest struct { |
| // FullResourceName: Required. The full resource name to query from the |
| // list of auditable services. The name follows the Google Cloud |
| // Platform resource format. For example, a Cloud Platform project with |
| // id `my-project` will be named |
| // `//cloudresourcemanager.googleapis.com/projects/my-project`. |
| FullResourceName string `json:"fullResourceName,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "FullResourceName") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "FullResourceName") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *QueryAuditableServicesRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod QueryAuditableServicesRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // QueryAuditableServicesResponse: A response containing a list of |
| // auditable services for a resource. |
| type QueryAuditableServicesResponse struct { |
| // Services: The auditable services for a resource. |
| Services []*AuditableService `json:"services,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Services") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Services") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *QueryAuditableServicesResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod QueryAuditableServicesResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // QueryGrantableRolesRequest: The grantable role query request. |
| type QueryGrantableRolesRequest struct { |
| // FullResourceName: Required. The full resource name to query from the |
| // list of grantable roles. The name follows the Google Cloud Platform |
| // resource format. For example, a Cloud Platform project with id |
| // `my-project` will be named |
| // `//cloudresourcemanager.googleapis.com/projects/my-project`. |
| FullResourceName string `json:"fullResourceName,omitempty"` |
| |
| // PageSize: Optional limit on the number of roles to include in the |
| // response. The default is 300, and the maximum is 1,000. |
| PageSize int64 `json:"pageSize,omitempty"` |
| |
| // PageToken: Optional pagination token returned in an earlier |
| // QueryGrantableRolesResponse. |
| PageToken string `json:"pageToken,omitempty"` |
| |
| // Possible values: |
| // "BASIC" - Omits the `included_permissions` field. This is the |
| // default value. |
| // "FULL" - Returns all fields. |
| View string `json:"view,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "FullResourceName") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "FullResourceName") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *QueryGrantableRolesRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod QueryGrantableRolesRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // QueryGrantableRolesResponse: The grantable role query response. |
| type QueryGrantableRolesResponse struct { |
| // NextPageToken: To retrieve the next page of results, set |
| // `QueryGrantableRolesRequest.page_token` to this value. |
| NextPageToken string `json:"nextPageToken,omitempty"` |
| |
| // Roles: The list of matching roles. |
| Roles []*Role `json:"roles,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "NextPageToken") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "NextPageToken") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *QueryGrantableRolesResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod QueryGrantableRolesResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // QueryTestablePermissionsRequest: A request to get permissions which |
| // can be tested on a resource. |
| type QueryTestablePermissionsRequest struct { |
| // FullResourceName: Required. The full resource name to query from the |
| // list of testable permissions. The name follows the Google Cloud |
| // Platform resource format. For example, a Cloud Platform project with |
| // id `my-project` will be named |
| // `//cloudresourcemanager.googleapis.com/projects/my-project`. |
| FullResourceName string `json:"fullResourceName,omitempty"` |
| |
| // PageSize: Optional limit on the number of permissions to include in |
| // the response. The default is 100, and the maximum is 1,000. |
| PageSize int64 `json:"pageSize,omitempty"` |
| |
| // PageToken: Optional pagination token returned in an earlier |
| // QueryTestablePermissionsRequest. |
| PageToken string `json:"pageToken,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "FullResourceName") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "FullResourceName") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *QueryTestablePermissionsRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod QueryTestablePermissionsRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // QueryTestablePermissionsResponse: The response containing permissions |
| // which can be tested on a resource. |
| type QueryTestablePermissionsResponse struct { |
| // NextPageToken: To retrieve the next page of results, set |
| // `QueryTestableRolesRequest.page_token` to this value. |
| NextPageToken string `json:"nextPageToken,omitempty"` |
| |
| // Permissions: The Permissions testable on the requested resource. |
| Permissions []*Permission `json:"permissions,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "NextPageToken") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "NextPageToken") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *QueryTestablePermissionsResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod QueryTestablePermissionsResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // Role: A role in the Identity and Access Management API. |
| type Role struct { |
| // Deleted: The current deleted state of the role. This field is read |
| // only. It will be ignored in calls to CreateRole and UpdateRole. |
| Deleted bool `json:"deleted,omitempty"` |
| |
| // Description: Optional. A human-readable description for the role. |
| Description string `json:"description,omitempty"` |
| |
| // Etag: Used to perform a consistent read-modify-write. |
| Etag string `json:"etag,omitempty"` |
| |
| // IncludedPermissions: The names of the permissions this role grants |
| // when bound in an IAM policy. |
| IncludedPermissions []string `json:"includedPermissions,omitempty"` |
| |
| // Name: The name of the role. When Role is used in CreateRole, the role |
| // name must not be set. When Role is used in output and other input |
| // such as UpdateRole, the role name is the complete path, e.g., |
| // roles/logging.viewer for predefined roles and |
| // organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom |
| // roles. |
| Name string `json:"name,omitempty"` |
| |
| // Stage: The current launch stage of the role. If the `ALPHA` launch |
| // stage has been selected for a role, the `stage` field will not be |
| // included in the returned definition for the role. |
| // |
| // Possible values: |
| // "ALPHA" - The user has indicated this role is currently in an Alpha |
| // phase. If this launch stage is selected, the `stage` field will not |
| // be included when requesting the definition for a given role. |
| // "BETA" - The user has indicated this role is currently in a Beta |
| // phase. |
| // "GA" - The user has indicated this role is generally available. |
| // "DEPRECATED" - The user has indicated this role is being |
| // deprecated. |
| // "DISABLED" - This role is disabled and will not contribute |
| // permissions to any members it is granted to in policies. |
| // "EAP" - The user has indicated this role is currently in an EAP |
| // phase. |
| Stage string `json:"stage,omitempty"` |
| |
| // Title: Optional. A human-readable title for the role. Typically this |
| // is limited to 100 UTF-8 bytes. |
| Title string `json:"title,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Deleted") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Deleted") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *Role) MarshalJSON() ([]byte, error) { |
| type NoMethod Role |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // ServiceAccount: An IAM service account. A service account is an |
| // account for an application or a virtual machine (VM) instance, not a |
| // person. You can use a service account to call Google APIs. To learn |
| // more, read the [overview of service |
| // accounts](https://cloud.google.com/iam/help/service-accounts/overview) |
| // . When you create a service account, you specify the project ID that |
| // owns the service account, as well as a name that must be unique |
| // within the project. IAM uses these values to create an email address |
| // that identifies the service account. |
| type ServiceAccount struct { |
| // Description: Optional. A user-specified, human-readable description |
| // of the service account. The maximum length is 256 UTF-8 bytes. |
| Description string `json:"description,omitempty"` |
| |
| // Disabled: Output only. Whether the service account is disabled. |
| Disabled bool `json:"disabled,omitempty"` |
| |
| // DisplayName: Optional. A user-specified, human-readable name for the |
| // service account. The maximum length is 100 UTF-8 bytes. |
| DisplayName string `json:"displayName,omitempty"` |
| |
| // Email: Output only. The email address of the service account. |
| Email string `json:"email,omitempty"` |
| |
| // Etag: Deprecated. Do not use. |
| Etag string `json:"etag,omitempty"` |
| |
| // Name: The resource name of the service account. Use one of the |
| // following formats: * |
| // `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * |
| // `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an |
| // alternative, you can use the `-` wildcard character instead of the |
| // project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * |
| // `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using |
| // the `-` wildcard character, because it can cause response messages to |
| // contain misleading error codes. For example, if you try to get the |
| // service account `projects/-/serviceAccounts/fake@example.com`, which |
| // does not exist, the response contains an HTTP `403 Forbidden` error |
| // instead of a `404 Not Found` error. |
| Name string `json:"name,omitempty"` |
| |
| // Oauth2ClientId: Output only. The OAuth 2.0 client ID for the service |
| // account. |
| Oauth2ClientId string `json:"oauth2ClientId,omitempty"` |
| |
| // ProjectId: Output only. The ID of the project that owns the service |
| // account. |
| ProjectId string `json:"projectId,omitempty"` |
| |
| // UniqueId: Output only. The unique, stable numeric ID for the service |
| // account. Each service account retains its unique ID even if you |
| // delete the service account. For example, if you delete a service |
| // account, then create a new service account with the same name, the |
| // new service account has a different unique ID than the deleted |
| // service account. |
| UniqueId string `json:"uniqueId,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Description") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Description") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *ServiceAccount) MarshalJSON() ([]byte, error) { |
| type NoMethod ServiceAccount |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // ServiceAccountKey: Represents a service account key. A service |
| // account has two sets of key-pairs: user-managed, and system-managed. |
| // User-managed key-pairs can be created and deleted by users. Users are |
| // responsible for rotating these keys periodically to ensure security |
| // of their service accounts. Users retain the private key of these |
| // key-pairs, and Google retains ONLY the public key. System-managed |
| // keys are automatically rotated by Google, and are used for signing |
| // for a maximum of two weeks. The rotation process is probabilistic, |
| // and usage of the new key will gradually ramp up and down over the |
| // key's lifetime. We recommend caching the public key set for a service |
| // account for no more than 24 hours to ensure you have access to the |
| // latest keys. Public keys for all service accounts are also published |
| // at the OAuth2 Service Account API. |
| type ServiceAccountKey struct { |
| // KeyAlgorithm: Specifies the algorithm (and possibly key size) for the |
| // key. |
| // |
| // Possible values: |
| // "KEY_ALG_UNSPECIFIED" - An unspecified key algorithm. |
| // "KEY_ALG_RSA_1024" - 1k RSA Key. |
| // "KEY_ALG_RSA_2048" - 2k RSA Key. |
| KeyAlgorithm string `json:"keyAlgorithm,omitempty"` |
| |
| // KeyOrigin: The key origin. |
| // |
| // Possible values: |
| // "ORIGIN_UNSPECIFIED" - Unspecified key origin. |
| // "USER_PROVIDED" - Key is provided by user. |
| // "GOOGLE_PROVIDED" - Key is provided by Google. |
| KeyOrigin string `json:"keyOrigin,omitempty"` |
| |
| // KeyType: The key type. |
| // |
| // Possible values: |
| // "KEY_TYPE_UNSPECIFIED" - Unspecified key type. The presence of this |
| // in the message will immediately result in an error. |
| // "USER_MANAGED" - User-managed keys (managed and rotated by the |
| // user). |
| // "SYSTEM_MANAGED" - System-managed keys (managed and rotated by |
| // Google). |
| KeyType string `json:"keyType,omitempty"` |
| |
| // Name: The resource name of the service account key in the following |
| // format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. |
| Name string `json:"name,omitempty"` |
| |
| // PrivateKeyData: The private key data. Only provided in |
| // `CreateServiceAccountKey` responses. Make sure to keep the private |
| // key data secure because it allows for the assertion of the service |
| // account identity. When base64 decoded, the private key data can be |
| // used to authenticate with Google API client libraries and with gcloud |
| // auth activate-service-account. |
| PrivateKeyData string `json:"privateKeyData,omitempty"` |
| |
| // PrivateKeyType: The output format for the private key. Only provided |
| // in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey` |
| // or `ListServiceAccountKey` responses. Google never exposes |
| // system-managed private keys, and never retains user-managed private |
| // keys. |
| // |
| // Possible values: |
| // "TYPE_UNSPECIFIED" - Unspecified. Equivalent to |
| // `TYPE_GOOGLE_CREDENTIALS_FILE`. |
| // "TYPE_PKCS12_FILE" - PKCS12 format. The password for the PKCS12 |
| // file is `notasecret`. For more information, see |
| // https://tools.ietf.org/html/rfc7292. |
| // "TYPE_GOOGLE_CREDENTIALS_FILE" - Google Credentials File format. |
| PrivateKeyType string `json:"privateKeyType,omitempty"` |
| |
| // PublicKeyData: The public key data. Only provided in |
| // `GetServiceAccountKey` responses. |
| PublicKeyData string `json:"publicKeyData,omitempty"` |
| |
| // ValidAfterTime: The key can be used after this timestamp. |
| ValidAfterTime string `json:"validAfterTime,omitempty"` |
| |
| // ValidBeforeTime: The key can be used before this timestamp. For |
| // system-managed key pairs, this timestamp is the end time for the |
| // private key signing operation. The public key could still be used for |
| // verification for a few hours after this time. |
| ValidBeforeTime string `json:"validBeforeTime,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "KeyAlgorithm") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "KeyAlgorithm") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *ServiceAccountKey) MarshalJSON() ([]byte, error) { |
| type NoMethod ServiceAccountKey |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // SetIamPolicyRequest: Request message for `SetIamPolicy` method. |
| type SetIamPolicyRequest struct { |
| // Policy: REQUIRED: The complete policy to be applied to the |
| // `resource`. The size of the policy is limited to a few 10s of KB. An |
| // empty policy is a valid policy but certain Cloud Platform services |
| // (such as Projects) might reject them. |
| Policy *Policy `json:"policy,omitempty"` |
| |
| // UpdateMask: OPTIONAL: A FieldMask specifying which fields of the |
| // policy to modify. Only the fields in the mask will be modified. If no |
| // mask is provided, the following default mask is used: `paths: |
| // "bindings, etag" |
| UpdateMask string `json:"updateMask,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Policy") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Policy") to include in API |
| // requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod SetIamPolicyRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // SignBlobRequest: Deprecated. [Migrate to Service Account Credentials |
| // API](https://cloud.google.com/iam/help/credentials/migrate-api). The |
| // service account sign blob request. |
| type SignBlobRequest struct { |
| // BytesToSign: Required. Deprecated. [Migrate to Service Account |
| // Credentials |
| // API](https://cloud.google.com/iam/help/credentials/migrate-api). The |
| // bytes to sign. |
| BytesToSign string `json:"bytesToSign,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "BytesToSign") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "BytesToSign") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *SignBlobRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod SignBlobRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // SignBlobResponse: Deprecated. [Migrate to Service Account Credentials |
| // API](https://cloud.google.com/iam/help/credentials/migrate-api). The |
| // service account sign blob response. |
| type SignBlobResponse struct { |
| // KeyId: Deprecated. [Migrate to Service Account Credentials |
| // API](https://cloud.google.com/iam/help/credentials/migrate-api). The |
| // id of the key used to sign the blob. |
| KeyId string `json:"keyId,omitempty"` |
| |
| // Signature: Deprecated. [Migrate to Service Account Credentials |
| // API](https://cloud.google.com/iam/help/credentials/migrate-api). The |
| // signed blob. |
| Signature string `json:"signature,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "KeyId") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "KeyId") to include in API |
| // requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *SignBlobResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod SignBlobResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // SignJwtRequest: Deprecated. [Migrate to Service Account Credentials |
| // API](https://cloud.google.com/iam/help/credentials/migrate-api). The |
| // service account sign JWT request. |
| type SignJwtRequest struct { |
| // Payload: Required. Deprecated. [Migrate to Service Account |
| // Credentials |
| // API](https://cloud.google.com/iam/help/credentials/migrate-api). The |
| // JWT payload to sign. Must be a serialized JSON object that contains a |
| // JWT Claims Set. For example: `{"sub": "user@example.com", "iat": |
| // 313435}` If the JWT Claims Set contains an expiration time (`exp`) |
| // claim, it must be an integer timestamp that is not in the past and no |
| // more than 1 hour in the future. If the JWT Claims Set does not |
| // contain an expiration time (`exp`) claim, this claim is added |
| // automatically, with a timestamp that is 1 hour in the future. |
| Payload string `json:"payload,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Payload") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Payload") to include in |
| // API requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *SignJwtRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod SignJwtRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // SignJwtResponse: Deprecated. [Migrate to Service Account Credentials |
| // API](https://cloud.google.com/iam/help/credentials/migrate-api). The |
| // service account sign JWT response. |
| type SignJwtResponse struct { |
| // KeyId: Deprecated. [Migrate to Service Account Credentials |
| // API](https://cloud.google.com/iam/help/credentials/migrate-api). The |
| // id of the key used to sign the JWT. |
| KeyId string `json:"keyId,omitempty"` |
| |
| // SignedJwt: Deprecated. [Migrate to Service Account Credentials |
| // API](https://cloud.google.com/iam/help/credentials/migrate-api). The |
| // signed JWT. |
| SignedJwt string `json:"signedJwt,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "KeyId") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "KeyId") to include in API |
| // requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *SignJwtResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod SignJwtResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // TestIamPermissionsRequest: Request message for `TestIamPermissions` |
| // method. |
| type TestIamPermissionsRequest struct { |
| // Permissions: The set of permissions to check for the `resource`. |
| // Permissions with wildcards (such as '*' or 'storage.*') are not |
| // allowed. For more information see [IAM |
| // Overview](https://cloud.google.com/iam/docs/overview#permissions). |
| Permissions []string `json:"permissions,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Permissions") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Permissions") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod TestIamPermissionsRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // TestIamPermissionsResponse: Response message for `TestIamPermissions` |
| // method. |
| type TestIamPermissionsResponse struct { |
| // Permissions: A subset of `TestPermissionsRequest.permissions` that |
| // the caller is allowed. |
| Permissions []string `json:"permissions,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "Permissions") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Permissions") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod TestIamPermissionsResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // UndeleteRoleRequest: The request to undelete an existing role. |
| type UndeleteRoleRequest struct { |
| // Etag: Used to perform a consistent read-modify-write. |
| Etag string `json:"etag,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "Etag") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "Etag") to include in API |
| // requests with the JSON null value. By default, fields with empty |
| // values are omitted from API requests. However, any field with an |
| // empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *UndeleteRoleRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod UndeleteRoleRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // UndeleteServiceAccountRequest: The service account undelete request. |
| type UndeleteServiceAccountRequest struct { |
| } |
| |
| type UndeleteServiceAccountResponse struct { |
| // RestoredAccount: Metadata for the restored service account. |
| RestoredAccount *ServiceAccount `json:"restoredAccount,omitempty"` |
| |
| // ServerResponse contains the HTTP response code and headers from the |
| // server. |
| googleapi.ServerResponse `json:"-"` |
| |
| // ForceSendFields is a list of field names (e.g. "RestoredAccount") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "RestoredAccount") to |
| // include in API requests with the JSON null value. By default, fields |
| // with empty values are omitted from API requests. However, any field |
| // with an empty value appearing in NullFields will be sent to the |
| // server as null. It is an error if a field in this list has a |
| // non-empty value. This may be used to include null fields in Patch |
| // requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *UndeleteServiceAccountResponse) MarshalJSON() ([]byte, error) { |
| type NoMethod UndeleteServiceAccountResponse |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // UploadServiceAccountKeyRequest: The service account key upload |
| // request. |
| type UploadServiceAccountKeyRequest struct { |
| // PublicKeyData: A field that allows clients to upload their own public |
| // key. If set, use this public key data to create a service account key |
| // for given service account. Please note, the expected format for this |
| // field is X509_PEM. |
| PublicKeyData string `json:"publicKeyData,omitempty"` |
| |
| // ForceSendFields is a list of field names (e.g. "PublicKeyData") to |
| // unconditionally include in API requests. By default, fields with |
| // empty values are omitted from API requests. However, any non-pointer, |
| // non-interface field appearing in ForceSendFields will be sent to the |
| // server regardless of whether the field is empty or not. This may be |
| // used to include empty fields in Patch requests. |
| ForceSendFields []string `json:"-"` |
| |
| // NullFields is a list of field names (e.g. "PublicKeyData") to include |
| // in API requests with the JSON null value. By default, fields with |
| // empty values are omitted from API requests. However, any field with |
| // an empty value appearing in NullFields will be sent to the server as |
| // null. It is an error if a field in this list has a non-empty value. |
| // This may be used to include null fields in Patch requests. |
| NullFields []string `json:"-"` |
| } |
| |
| func (s *UploadServiceAccountKeyRequest) MarshalJSON() ([]byte, error) { |
| type NoMethod UploadServiceAccountKeyRequest |
| raw := NoMethod(*s) |
| return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) |
| } |
| |
| // method id "iam.iamPolicies.lintPolicy": |
| |
| type IamPoliciesLintPolicyCall struct { |
| s *Service |
| lintpolicyrequest *LintPolicyRequest |
| urlParams_ gensupport.URLParams |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // LintPolicy: Lints, or validates, an IAM policy. Currently checks the |
| // google.iam.v1.Binding.condition field, which contains a condition |
| // expression for a role binding. Successful calls to this method always |
| // return an HTTP `200 OK` status code, even if the linter detects an |
| // issue in the IAM policy. |
| func (r *IamPoliciesService) LintPolicy(lintpolicyrequest *LintPolicyRequest) *IamPoliciesLintPolicyCall { |
| c := &IamPoliciesLintPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.lintpolicyrequest = lintpolicyrequest |
| return c |
| } |
| |
| // Fields allows partial responses to be retrieved. See |
| // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse |
| // for more information. |
| func (c *IamPoliciesLintPolicyCall) Fields(s ...googleapi.Field) *IamPoliciesLintPolicyCall { |
| c.urlParams_.Set("fields", googleapi.CombineFields(s)) |
| return c |
| } |
| |
| // Context sets the context to be used in this call's Do method. Any |
| // pending HTTP request will be aborted if the provided context is |
| // canceled. |
| func (c *IamPoliciesLintPolicyCall) Context(ctx context.Context) *IamPoliciesLintPolicyCall { |
| c.ctx_ = ctx |
| return c |
| } |
| |
| // Header returns an http.Header that can be modified by the caller to |
| // add HTTP headers to the request. |
| func (c *IamPoliciesLintPolicyCall) Header() http.Header { |
| if c.header_ == nil { |
| c.header_ = make(http.Header) |
| } |
| return c.header_ |
| } |
| |
| func (c *IamPoliciesLintPolicyCall) doRequest(alt string) (*http.Response, error) { |
| reqHeaders := make(http.Header) |
| reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926") |
| for k, v := range c.header_ { |
| reqHeaders[k] = v |
| } |
| reqHeaders.Set("User-Agent", c.s.userAgent()) |
| var body io.Reader = nil |
| body, err := googleapi.WithoutDataWrapper.JSONReader(c.lintpolicyrequest) |
| if err != nil { |
| return nil, err |
| } |
| reqHeaders.Set("Content-Type", "application/json") |
| c.urlParams_.Set("alt", alt) |
| c.urlParams_.Set("prettyPrint", "false") |
| urls := googleapi.ResolveRelative(c.s.BasePath, "v1/iamPolicies:lintPolicy") |
| urls += "?" + c.urlParams_.Encode() |
| req, err := http.NewRequest("POST", urls, body) |
| if err != nil { |
| return nil, err |
| } |
| req.Header = reqHeaders |
| return gensupport.SendRequest(c.ctx_, c.s.client, req) |
| } |
| |
| // Do executes the "iam.iamPolicies.lintPolicy" call. |
| // Exactly one of *LintPolicyResponse or error will be non-nil. Any |
| // non-2xx status code is an error. Response headers are in either |
| // *LintPolicyResponse.ServerResponse.Header or (if a response was |
| // returned at all) in error.(*googleapi.Error).Header. Use |
| // googleapi.IsNotModified to check whether the returned error was |
| // because http.StatusNotModified was returned. |
| func (c *IamPoliciesLintPolicyCall) Do(opts ...googleapi.CallOption) (*LintPolicyResponse, error) { |
| gensupport.SetOptions(c.urlParams_, opts...) |
| res, err := c.doRequest("json") |
| if res != nil && res.StatusCode == http.StatusNotModified { |
| if res.Body != nil { |
| res.Body.Close() |
| } |
| return nil, &googleapi.Error{ |
| Code: res.StatusCode, |
| Header: res.Header, |
| } |
| } |
| if err != nil { |
| return nil, err |
| } |
| defer googleapi.CloseBody(res) |
| if err := googleapi.CheckResponse(res); err != nil { |
| return nil, err |
| } |
| ret := &LintPolicyResponse{ |
| ServerResponse: googleapi.ServerResponse{ |
| Header: res.Header, |
| HTTPStatusCode: res.StatusCode, |
| }, |
| } |
| target := &ret |
| if err := gensupport.DecodeResponse(target, res); err != nil { |
| return nil, err |
| } |
| return ret, nil |
| // { |
| // "description": "Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition field, which contains a condition expression for a role binding. Successful calls to this method always return an HTTP `200 OK` status code, even if the linter detects an issue in the IAM policy.", |
| // "flatPath": "v1/iamPolicies:lintPolicy", |
| // "httpMethod": "POST", |
| // "id": "iam.iamPolicies.lintPolicy", |
| // "parameterOrder": [], |
| // "parameters": {}, |
| // "path": "v1/iamPolicies:lintPolicy", |
| // "request": { |
| // "$ref": "LintPolicyRequest" |
| // }, |
| // "response": { |
| // "$ref": "LintPolicyResponse" |
| // }, |
| // "scopes": [ |
| // "https://www.googleapis.com/auth/cloud-platform" |
| // ] |
| // } |
| |
| } |
| |
| // method id "iam.iamPolicies.queryAuditableServices": |
| |
| type IamPoliciesQueryAuditableServicesCall struct { |
| s *Service |
| queryauditableservicesrequest *QueryAuditableServicesRequest |
| urlParams_ gensupport.URLParams |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // QueryAuditableServices: Returns a list of services that allow you to |
| // opt into audit logs that are not generated by default. To learn more |
| // about audit logs, see the [Logging |
| // documentation](https://cloud.google.com/logging/docs/audit). |
| func (r *IamPoliciesService) QueryAuditableServices(queryauditableservicesrequest *QueryAuditableServicesRequest) *IamPoliciesQueryAuditableServicesCall { |
| c := &IamPoliciesQueryAuditableServicesCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.queryauditableservicesrequest = queryauditableservicesrequest |
| return c |
| } |
| |
| // Fields allows partial responses to be retrieved. See |
| // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse |
| // for more information. |
| func (c *IamPoliciesQueryAuditableServicesCall) Fields(s ...googleapi.Field) *IamPoliciesQueryAuditableServicesCall { |
| c.urlParams_.Set("fields", googleapi.CombineFields(s)) |
| return c |
| } |
| |
| // Context sets the context to be used in this call's Do method. Any |
| // pending HTTP request will be aborted if the provided context is |
| // canceled. |
| func (c *IamPoliciesQueryAuditableServicesCall) Context(ctx context.Context) *IamPoliciesQueryAuditableServicesCall { |
| c.ctx_ = ctx |
| return c |
| } |
| |
| // Header returns an http.Header that can be modified by the caller to |
| // add HTTP headers to the request. |
| func (c *IamPoliciesQueryAuditableServicesCall) Header() http.Header { |
| if c.header_ == nil { |
| c.header_ = make(http.Header) |
| } |
| return c.header_ |
| } |
| |
| func (c *IamPoliciesQueryAuditableServicesCall) doRequest(alt string) (*http.Response, error) { |
| reqHeaders := make(http.Header) |
| reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926") |
| for k, v := range c.header_ { |
| reqHeaders[k] = v |
| } |
| reqHeaders.Set("User-Agent", c.s.userAgent()) |
| var body io.Reader = nil |
| body, err := googleapi.WithoutDataWrapper.JSONReader(c.queryauditableservicesrequest) |
| if err != nil { |
| return nil, err |
| } |
| reqHeaders.Set("Content-Type", "application/json") |
| c.urlParams_.Set("alt", alt) |
| c.urlParams_.Set("prettyPrint", "false") |
| urls := googleapi.ResolveRelative(c.s.BasePath, "v1/iamPolicies:queryAuditableServices") |
| urls += "?" + c.urlParams_.Encode() |
| req, err := http.NewRequest("POST", urls, body) |
| if err != nil { |
| return nil, err |
| } |
| req.Header = reqHeaders |
| return gensupport.SendRequest(c.ctx_, c.s.client, req) |
| } |
| |
| // Do executes the "iam.iamPolicies.queryAuditableServices" call. |
| // Exactly one of *QueryAuditableServicesResponse or error will be |
| // non-nil. Any non-2xx status code is an error. Response headers are in |
| // either *QueryAuditableServicesResponse.ServerResponse.Header or (if a |
| // response was returned at all) in error.(*googleapi.Error).Header. Use |
| // googleapi.IsNotModified to check whether the returned error was |
| // because http.StatusNotModified was returned. |
| func (c *IamPoliciesQueryAuditableServicesCall) Do(opts ...googleapi.CallOption) (*QueryAuditableServicesResponse, error) { |
| gensupport.SetOptions(c.urlParams_, opts...) |
| res, err := c.doRequest("json") |
| if res != nil && res.StatusCode == http.StatusNotModified { |
| if res.Body != nil { |
| res.Body.Close() |
| } |
| return nil, &googleapi.Error{ |
| Code: res.StatusCode, |
| Header: res.Header, |
| } |
| } |
| if err != nil { |
| return nil, err |
| } |
| defer googleapi.CloseBody(res) |
| if err := googleapi.CheckResponse(res); err != nil { |
| return nil, err |
| } |
| ret := &QueryAuditableServicesResponse{ |
| ServerResponse: googleapi.ServerResponse{ |
| Header: res.Header, |
| HTTPStatusCode: res.StatusCode, |
| }, |
| } |
| target := &ret |
| if err := gensupport.DecodeResponse(target, res); err != nil { |
| return nil, err |
| } |
| return ret, nil |
| // { |
| // "description": "Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the [Logging documentation](https://cloud.google.com/logging/docs/audit).", |
| // "flatPath": "v1/iamPolicies:queryAuditableServices", |
| // "httpMethod": "POST", |
| // "id": "iam.iamPolicies.queryAuditableServices", |
| // "parameterOrder": [], |
| // "parameters": {}, |
| // "path": "v1/iamPolicies:queryAuditableServices", |
| // "request": { |
| // "$ref": "QueryAuditableServicesRequest" |
| // }, |
| // "response": { |
| // "$ref": "QueryAuditableServicesResponse" |
| // }, |
| // "scopes": [ |
| // "https://www.googleapis.com/auth/cloud-platform" |
| // ] |
| // } |
| |
| } |
| |
| // method id "iam.organizations.roles.create": |
| |
| type OrganizationsRolesCreateCall struct { |
| s *Service |
| parent string |
| createrolerequest *CreateRoleRequest |
| urlParams_ gensupport.URLParams |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // Create: Creates a new custom Role. |
| func (r *OrganizationsRolesService) Create(parent string, createrolerequest *CreateRoleRequest) *OrganizationsRolesCreateCall { |
| c := &OrganizationsRolesCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.parent = parent |
| c.createrolerequest = createrolerequest |
| return c |
| } |
| |
| // Fields allows partial responses to be retrieved. See |
| // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse |
| // for more information. |
| func (c *OrganizationsRolesCreateCall) Fields(s ...googleapi.Field) *OrganizationsRolesCreateCall { |
| c.urlParams_.Set("fields", googleapi.CombineFields(s)) |
| return c |
| } |
| |
| // Context sets the context to be used in this call's Do method. Any |
| // pending HTTP request will be aborted if the provided context is |
| // canceled. |
| func (c *OrganizationsRolesCreateCall) Context(ctx context.Context) *OrganizationsRolesCreateCall { |
| c.ctx_ = ctx |
| return c |
| } |
| |
| // Header returns an http.Header that can be modified by the caller to |
| // add HTTP headers to the request. |
| func (c *OrganizationsRolesCreateCall) Header() http.Header { |
| if c.header_ == nil { |
| c.header_ = make(http.Header) |
| } |
| return c.header_ |
| } |
| |
| func (c *OrganizationsRolesCreateCall) doRequest(alt string) (*http.Response, error) { |
| reqHeaders := make(http.Header) |
| reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926") |
| for k, v := range c.header_ { |
| reqHeaders[k] = v |
| } |
| reqHeaders.Set("User-Agent", c.s.userAgent()) |
| var body io.Reader = nil |
| body, err := googleapi.WithoutDataWrapper.JSONReader(c.createrolerequest) |
| if err != nil { |
| return nil, err |
| } |
| reqHeaders.Set("Content-Type", "application/json") |
| c.urlParams_.Set("alt", alt) |
| c.urlParams_.Set("prettyPrint", "false") |
| urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/roles") |
| urls += "?" + c.urlParams_.Encode() |
| req, err := http.NewRequest("POST", urls, body) |
| if err != nil { |
| return nil, err |
| } |
| req.Header = reqHeaders |
| googleapi.Expand(req.URL, map[string]string{ |
| "parent": c.parent, |
| }) |
| return gensupport.SendRequest(c.ctx_, c.s.client, req) |
| } |
| |
| // Do executes the "iam.organizations.roles.create" call. |
| // Exactly one of *Role or error will be non-nil. Any non-2xx status |
| // code is an error. Response headers are in either |
| // *Role.ServerResponse.Header or (if a response was returned at all) in |
| // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check |
| // whether the returned error was because http.StatusNotModified was |
| // returned. |
| func (c *OrganizationsRolesCreateCall) Do(opts ...googleapi.CallOption) (*Role, error) { |
| gensupport.SetOptions(c.urlParams_, opts...) |
| res, err := c.doRequest("json") |
| if res != nil && res.StatusCode == http.StatusNotModified { |
| if res.Body != nil { |
| res.Body.Close() |
| } |
| return nil, &googleapi.Error{ |
| Code: res.StatusCode, |
| Header: res.Header, |
| } |
| } |
| if err != nil { |
| return nil, err |
| } |
| defer googleapi.CloseBody(res) |
| if err := googleapi.CheckResponse(res); err != nil { |
| return nil, err |
| } |
| ret := &Role{ |
| ServerResponse: googleapi.ServerResponse{ |
| Header: res.Header, |
| HTTPStatusCode: res.StatusCode, |
| }, |
| } |
| target := &ret |
| if err := gensupport.DecodeResponse(target, res); err != nil { |
| return nil, err |
| } |
| return ret, nil |
| // { |
| // "description": "Creates a new custom Role.", |
| // "flatPath": "v1/organizations/{organizationsId}/roles", |
| // "httpMethod": "POST", |
| // "id": "iam.organizations.roles.create", |
| // "parameterOrder": [ |
| // "parent" |
| // ], |
| // "parameters": { |
| // "parent": { |
| // "description": "The `parent` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create): `projects/{PROJECT_ID}`. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/create): `organizations/{ORGANIZATION_ID}`. This method creates organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.", |
| // "location": "path", |
| // "pattern": "^organizations/[^/]+$", |
| // "required": true, |
| // "type": "string" |
| // } |
| // }, |
| // "path": "v1/{+parent}/roles", |
| // "request": { |
| // "$ref": "CreateRoleRequest" |
| // }, |
| // "response": { |
| // "$ref": "Role" |
| // }, |
| // "scopes": [ |
| // "https://www.googleapis.com/auth/cloud-platform" |
| // ] |
| // } |
| |
| } |
| |
| // method id "iam.organizations.roles.delete": |
| |
| type OrganizationsRolesDeleteCall struct { |
| s *Service |
| name string |
| urlParams_ gensupport.URLParams |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // Delete: Deletes a custom Role. When you delete a custom role, the |
| // following changes occur immediately: * You cannot bind a member to |
| // the custom role in an IAM Policy. * Existing bindings to the custom |
| // role are not changed, but they have no effect. * By default, the |
| // response from ListRoles does not include the custom role. You have 7 |
| // days to undelete the custom role. After 7 days, the following changes |
| // occur: * The custom role is permanently deleted and cannot be |
| // recovered. * If an IAM policy contains a binding to the custom role, |
| // the binding is permanently removed. |
| func (r *OrganizationsRolesService) Delete(name string) *OrganizationsRolesDeleteCall { |
| c := &OrganizationsRolesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.name = name |
| return c |
| } |
| |
| // Etag sets the optional parameter "etag": Used to perform a consistent |
| // read-modify-write. |
| func (c *OrganizationsRolesDeleteCall) Etag(etag string) *OrganizationsRolesDeleteCall { |
| c.urlParams_.Set("etag", etag) |
| return c |
| } |
| |
| // Fields allows partial responses to be retrieved. See |
| // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse |
| // for more information. |
| func (c *OrganizationsRolesDeleteCall) Fields(s ...googleapi.Field) *OrganizationsRolesDeleteCall { |
| c.urlParams_.Set("fields", googleapi.CombineFields(s)) |
| return c |
| } |
| |
| // Context sets the context to be used in this call's Do method. Any |
| // pending HTTP request will be aborted if the provided context is |
| // canceled. |
| func (c *OrganizationsRolesDeleteCall) Context(ctx context.Context) *OrganizationsRolesDeleteCall { |
| c.ctx_ = ctx |
| return c |
| } |
| |
| // Header returns an http.Header that can be modified by the caller to |
| // add HTTP headers to the request. |
| func (c *OrganizationsRolesDeleteCall) Header() http.Header { |
| if c.header_ == nil { |
| c.header_ = make(http.Header) |
| } |
| return c.header_ |
| } |
| |
| func (c *OrganizationsRolesDeleteCall) doRequest(alt string) (*http.Response, error) { |
| reqHeaders := make(http.Header) |
| reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926") |
| for k, v := range c.header_ { |
| reqHeaders[k] = v |
| } |
| reqHeaders.Set("User-Agent", c.s.userAgent()) |
| var body io.Reader = nil |
| c.urlParams_.Set("alt", alt) |
| c.urlParams_.Set("prettyPrint", "false") |
| urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") |
| urls += "?" + c.urlParams_.Encode() |
| req, err := http.NewRequest("DELETE", urls, body) |
| if err != nil { |
| return nil, err |
| } |
| req.Header = reqHeaders |
| googleapi.Expand(req.URL, map[string]string{ |
| "name": c.name, |
| }) |
| return gensupport.SendRequest(c.ctx_, c.s.client, req) |
| } |
| |
| // Do executes the "iam.organizations.roles.delete" call. |
| // Exactly one of *Role or error will be non-nil. Any non-2xx status |
| // code is an error. Response headers are in either |
| // *Role.ServerResponse.Header or (if a response was returned at all) in |
| // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check |
| // whether the returned error was because http.StatusNotModified was |
| // returned. |
| func (c *OrganizationsRolesDeleteCall) Do(opts ...googleapi.CallOption) (*Role, error) { |
| gensupport.SetOptions(c.urlParams_, opts...) |
| res, err := c.doRequest("json") |
| if res != nil && res.StatusCode == http.StatusNotModified { |
| if res.Body != nil { |
| res.Body.Close() |
| } |
| return nil, &googleapi.Error{ |
| Code: res.StatusCode, |
| Header: res.Header, |
| } |
| } |
| if err != nil { |
| return nil, err |
| } |
| defer googleapi.CloseBody(res) |
| if err := googleapi.CheckResponse(res); err != nil { |
| return nil, err |
| } |
| ret := &Role{ |
| ServerResponse: googleapi.ServerResponse{ |
| Header: res.Header, |
| HTTPStatusCode: res.StatusCode, |
| }, |
| } |
| target := &ret |
| if err := gensupport.DecodeResponse(target, res); err != nil { |
| return nil, err |
| } |
| return ret, nil |
| // { |
| // "description": "Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a member to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.", |
| // "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}", |
| // "httpMethod": "DELETE", |
| // "id": "iam.organizations.roles.delete", |
| // "parameterOrder": [ |
| // "name" |
| // ], |
| // "parameters": { |
| // "etag": { |
| // "description": "Used to perform a consistent read-modify-write.", |
| // "format": "byte", |
| // "location": "query", |
| // "type": "string" |
| // }, |
| // "name": { |
| // "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/delete): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.", |
| // "location": "path", |
| // "pattern": "^organizations/[^/]+/roles/[^/]+$", |
| // "required": true, |
| // "type": "string" |
| // } |
| // }, |
| // "path": "v1/{+name}", |
| // "response": { |
| // "$ref": "Role" |
| // }, |
| // "scopes": [ |
| // "https://www.googleapis.com/auth/cloud-platform" |
| // ] |
| // } |
| |
| } |
| |
| // method id "iam.organizations.roles.get": |
| |
| type OrganizationsRolesGetCall struct { |
| s *Service |
| name string |
| urlParams_ gensupport.URLParams |
| ifNoneMatch_ string |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // Get: Gets the definition of a Role. |
| func (r *OrganizationsRolesService) Get(name string) *OrganizationsRolesGetCall { |
| c := &OrganizationsRolesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.name = name |
| return c |
| } |
| |
| // Fields allows partial responses to be retrieved. See |
| // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse |
| // for more information. |
| func (c *OrganizationsRolesGetCall) Fields(s ...googleapi.Field) *OrganizationsRolesGetCall { |
| c.urlParams_.Set("fields", googleapi.CombineFields(s)) |
| return c |
| } |
| |
| // IfNoneMatch sets the optional parameter which makes the operation |
| // fail if the object's ETag matches the given value. This is useful for |
| // getting updates only after the object has changed since the last |
| // request. Use googleapi.IsNotModified to check whether the response |
| // error from Do is the result of In-None-Match. |
| func (c *OrganizationsRolesGetCall) IfNoneMatch(entityTag string) *OrganizationsRolesGetCall { |
| c.ifNoneMatch_ = entityTag |
| return c |
| } |
| |
| // Context sets the context to be used in this call's Do method. Any |
| // pending HTTP request will be aborted if the provided context is |
| // canceled. |
| func (c *OrganizationsRolesGetCall) Context(ctx context.Context) *OrganizationsRolesGetCall { |
| c.ctx_ = ctx |
| return c |
| } |
| |
| // Header returns an http.Header that can be modified by the caller to |
| // add HTTP headers to the request. |
| func (c *OrganizationsRolesGetCall) Header() http.Header { |
| if c.header_ == nil { |
| c.header_ = make(http.Header) |
| } |
| return c.header_ |
| } |
| |
| func (c *OrganizationsRolesGetCall) doRequest(alt string) (*http.Response, error) { |
| reqHeaders := make(http.Header) |
| reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926") |
| for k, v := range c.header_ { |
| reqHeaders[k] = v |
| } |
| reqHeaders.Set("User-Agent", c.s.userAgent()) |
| if c.ifNoneMatch_ != "" { |
| reqHeaders.Set("If-None-Match", c.ifNoneMatch_) |
| } |
| var body io.Reader = nil |
| c.urlParams_.Set("alt", alt) |
| c.urlParams_.Set("prettyPrint", "false") |
| urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") |
| urls += "?" + c.urlParams_.Encode() |
| req, err := http.NewRequest("GET", urls, body) |
| if err != nil { |
| return nil, err |
| } |
| req.Header = reqHeaders |
| googleapi.Expand(req.URL, map[string]string{ |
| "name": c.name, |
| }) |
| return gensupport.SendRequest(c.ctx_, c.s.client, req) |
| } |
| |
| // Do executes the "iam.organizations.roles.get" call. |
| // Exactly one of *Role or error will be non-nil. Any non-2xx status |
| // code is an error. Response headers are in either |
| // *Role.ServerResponse.Header or (if a response was returned at all) in |
| // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check |
| // whether the returned error was because http.StatusNotModified was |
| // returned. |
| func (c *OrganizationsRolesGetCall) Do(opts ...googleapi.CallOption) (*Role, error) { |
| gensupport.SetOptions(c.urlParams_, opts...) |
| res, err := c.doRequest("json") |
| if res != nil && res.StatusCode == http.StatusNotModified { |
| if res.Body != nil { |
| res.Body.Close() |
| } |
| return nil, &googleapi.Error{ |
| Code: res.StatusCode, |
| Header: res.Header, |
| } |
| } |
| if err != nil { |
| return nil, err |
| } |
| defer googleapi.CloseBody(res) |
| if err := googleapi.CheckResponse(res); err != nil { |
| return nil, err |
| } |
| ret := &Role{ |
| ServerResponse: googleapi.ServerResponse{ |
| Header: res.Header, |
| HTTPStatusCode: res.StatusCode, |
| }, |
| } |
| target := &ret |
| if err := gensupport.DecodeResponse(target, res); err != nil { |
| return nil, err |
| } |
| return ret, nil |
| // { |
| // "description": "Gets the definition of a Role.", |
| // "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}", |
| // "httpMethod": "GET", |
| // "id": "iam.organizations.roles.get", |
| // "parameterOrder": [ |
| // "name" |
| // ], |
| // "parameters": { |
| // "name": { |
| // "description": "The `name` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`. This method returns results from all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.", |
| // "location": "path", |
| // "pattern": "^organizations/[^/]+/roles/[^/]+$", |
| // "required": true, |
| // "type": "string" |
| // } |
| // }, |
| // "path": "v1/{+name}", |
| // "response": { |
| // "$ref": "Role" |
| // }, |
| // "scopes": [ |
| // "https://www.googleapis.com/auth/cloud-platform" |
| // ] |
| // } |
| |
| } |
| |
| // method id "iam.organizations.roles.list": |
| |
| type OrganizationsRolesListCall struct { |
| s *Service |
| parent string |
| urlParams_ gensupport.URLParams |
| ifNoneMatch_ string |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // List: Lists every predefined Role that IAM supports, or every custom |
| // role that is defined for an organization or project. |
| func (r *OrganizationsRolesService) List(parent string) *OrganizationsRolesListCall { |
| c := &OrganizationsRolesListCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.parent = parent |
| return c |
| } |
| |
| // PageSize sets the optional parameter "pageSize": Optional limit on |
| // the number of roles to include in the response. The default is 300, |
| // and the maximum is 1,000. |
| func (c *OrganizationsRolesListCall) PageSize(pageSize int64) *OrganizationsRolesListCall { |
| c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) |
| return c |
| } |
| |
| // PageToken sets the optional parameter "pageToken": Optional |
| // pagination token returned in an earlier ListRolesResponse. |
| func (c *OrganizationsRolesListCall) PageToken(pageToken string) *OrganizationsRolesListCall { |
| c.urlParams_.Set("pageToken", pageToken) |
| return c |
| } |
| |
| // ShowDeleted sets the optional parameter "showDeleted": Include Roles |
| // that have been deleted. |
| func (c *OrganizationsRolesListCall) ShowDeleted(showDeleted bool) *OrganizationsRolesListCall { |
| c.urlParams_.Set("showDeleted", fmt.Sprint(showDeleted)) |
| return c |
| } |
| |
| // View sets the optional parameter "view": Optional view for the |
| // returned Role objects. When `FULL` is specified, the |
| // `includedPermissions` field is returned, which includes a list of all |
| // permissions in the role. The default value is `BASIC`, which does not |
| // return the `includedPermissions` field. |
| // |
| // Possible values: |
| // "BASIC" - Omits the `included_permissions` field. This is the |
| // default value. |
| // "FULL" - Returns all fields. |
| func (c *OrganizationsRolesListCall) View(view string) *OrganizationsRolesListCall { |
| c.urlParams_.Set("view", view) |
| return c |
| } |
| |
| // Fields allows partial responses to be retrieved. See |
| // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse |
| // for more information. |
| func (c *OrganizationsRolesListCall) Fields(s ...googleapi.Field) *OrganizationsRolesListCall { |
| c.urlParams_.Set("fields", googleapi.CombineFields(s)) |
| return c |
| } |
| |
| // IfNoneMatch sets the optional parameter which makes the operation |
| // fail if the object's ETag matches the given value. This is useful for |
| // getting updates only after the object has changed since the last |
| // request. Use googleapi.IsNotModified to check whether the response |
| // error from Do is the result of In-None-Match. |
| func (c *OrganizationsRolesListCall) IfNoneMatch(entityTag string) *OrganizationsRolesListCall { |
| c.ifNoneMatch_ = entityTag |
| return c |
| } |
| |
| // Context sets the context to be used in this call's Do method. Any |
| // pending HTTP request will be aborted if the provided context is |
| // canceled. |
| func (c *OrganizationsRolesListCall) Context(ctx context.Context) *OrganizationsRolesListCall { |
| c.ctx_ = ctx |
| return c |
| } |
| |
| // Header returns an http.Header that can be modified by the caller to |
| // add HTTP headers to the request. |
| func (c *OrganizationsRolesListCall) Header() http.Header { |
| if c.header_ == nil { |
| c.header_ = make(http.Header) |
| } |
| return c.header_ |
| } |
| |
| func (c *OrganizationsRolesListCall) doRequest(alt string) (*http.Response, error) { |
| reqHeaders := make(http.Header) |
| reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926") |
| for k, v := range c.header_ { |
| reqHeaders[k] = v |
| } |
| reqHeaders.Set("User-Agent", c.s.userAgent()) |
| if c.ifNoneMatch_ != "" { |
| reqHeaders.Set("If-None-Match", c.ifNoneMatch_) |
| } |
| var body io.Reader = nil |
| c.urlParams_.Set("alt", alt) |
| c.urlParams_.Set("prettyPrint", "false") |
| urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/roles") |
| urls += "?" + c.urlParams_.Encode() |
| req, err := http.NewRequest("GET", urls, body) |
| if err != nil { |
| return nil, err |
| } |
| req.Header = reqHeaders |
| googleapi.Expand(req.URL, map[string]string{ |
| "parent": c.parent, |
| }) |
| return gensupport.SendRequest(c.ctx_, c.s.client, req) |
| } |
| |
| // Do executes the "iam.organizations.roles.list" call. |
| // Exactly one of *ListRolesResponse or error will be non-nil. Any |
| // non-2xx status code is an error. Response headers are in either |
| // *ListRolesResponse.ServerResponse.Header or (if a response was |
| // returned at all) in error.(*googleapi.Error).Header. Use |
| // googleapi.IsNotModified to check whether the returned error was |
| // because http.StatusNotModified was returned. |
| func (c *OrganizationsRolesListCall) Do(opts ...googleapi.CallOption) (*ListRolesResponse, error) { |
| gensupport.SetOptions(c.urlParams_, opts...) |
| res, err := c.doRequest("json") |
| if res != nil && res.StatusCode == http.StatusNotModified { |
| if res.Body != nil { |
| res.Body.Close() |
| } |
| return nil, &googleapi.Error{ |
| Code: res.StatusCode, |
| Header: res.Header, |
| } |
| } |
| if err != nil { |
| return nil, err |
| } |
| defer googleapi.CloseBody(res) |
| if err := googleapi.CheckResponse(res); err != nil { |
| return nil, err |
| } |
| ret := &ListRolesResponse{ |
| ServerResponse: googleapi.ServerResponse{ |
| Header: res.Header, |
| HTTPStatusCode: res.StatusCode, |
| }, |
| } |
| target := &ret |
| if err := gensupport.DecodeResponse(target, res); err != nil { |
| return nil, err |
| } |
| return ret, nil |
| // { |
| // "description": "Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.", |
| // "flatPath": "v1/organizations/{organizationsId}/roles", |
| // "httpMethod": "GET", |
| // "id": "iam.organizations.roles.list", |
| // "parameterOrder": [ |
| // "parent" |
| // ], |
| // "parameters": { |
| // "pageSize": { |
| // "description": "Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.", |
| // "format": "int32", |
| // "location": "query", |
| // "type": "integer" |
| // }, |
| // "pageToken": { |
| // "description": "Optional pagination token returned in an earlier ListRolesResponse.", |
| // "location": "query", |
| // "type": "string" |
| // }, |
| // "parent": { |
| // "description": "The `parent` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. This method doesn't require a resource; it simply returns all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list): `projects/{PROJECT_ID}`. This method lists all project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list): `organizations/{ORGANIZATION_ID}`. This method lists all organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.", |
| // "location": "path", |
| // "pattern": "^organizations/[^/]+$", |
| // "required": true, |
| // "type": "string" |
| // }, |
| // "showDeleted": { |
| // "description": "Include Roles that have been deleted.", |
| // "location": "query", |
| // "type": "boolean" |
| // }, |
| // "view": { |
| // "description": "Optional view for the returned Role objects. When `FULL` is specified, the `includedPermissions` field is returned, which includes a list of all permissions in the role. The default value is `BASIC`, which does not return the `includedPermissions` field.", |
| // "enum": [ |
| // "BASIC", |
| // "FULL" |
| // ], |
| // "enumDescriptions": [ |
| // "Omits the `included_permissions` field. This is the default value.", |
| // "Returns all fields." |
| // ], |
| // "location": "query", |
| // "type": "string" |
| // } |
| // }, |
| // "path": "v1/{+parent}/roles", |
| // "response": { |
| // "$ref": "ListRolesResponse" |
| // }, |
| // "scopes": [ |
| // "https://www.googleapis.com/auth/cloud-platform" |
| // ] |
| // } |
| |
| } |
| |
| // Pages invokes f for each page of results. |
| // A non-nil error returned from f will halt the iteration. |
| // The provided context supersedes any context provided to the Context method. |
| func (c *OrganizationsRolesListCall) Pages(ctx context.Context, f func(*ListRolesResponse) error) error { |
| c.ctx_ = ctx |
| defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point |
| for { |
| x, err := c.Do() |
| if err != nil { |
| return err |
| } |
| if err := f(x); err != nil { |
| return err |
| } |
| if x.NextPageToken == "" { |
| return nil |
| } |
| c.PageToken(x.NextPageToken) |
| } |
| } |
| |
| // method id "iam.organizations.roles.patch": |
| |
| type OrganizationsRolesPatchCall struct { |
| s *Service |
| name string |
| role *Role |
| urlParams_ gensupport.URLParams |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // Patch: Updates the definition of a custom Role. |
| func (r *OrganizationsRolesService) Patch(name string, role *Role) *OrganizationsRolesPatchCall { |
| c := &OrganizationsRolesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.name = name |
| c.role = role |
| return c |
| } |
| |
| // UpdateMask sets the optional parameter "updateMask": A mask |
| // describing which fields in the Role have changed. |
| func (c *OrganizationsRolesPatchCall) UpdateMask(updateMask string) *OrganizationsRolesPatchCall { |
| c.urlParams_.Set("updateMask", updateMask) |
| return c |
| } |
| |
| // Fields allows partial responses to be retrieved. See |
| // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse |
| // for more information. |
| func (c *OrganizationsRolesPatchCall) Fields(s ...googleapi.Field) *OrganizationsRolesPatchCall { |
| c.urlParams_.Set("fields", googleapi.CombineFields(s)) |
| return c |
| } |
| |
| // Context sets the context to be used in this call's Do method. Any |
| // pending HTTP request will be aborted if the provided context is |
| // canceled. |
| func (c *OrganizationsRolesPatchCall) Context(ctx context.Context) *OrganizationsRolesPatchCall { |
| c.ctx_ = ctx |
| return c |
| } |
| |
| // Header returns an http.Header that can be modified by the caller to |
| // add HTTP headers to the request. |
| func (c *OrganizationsRolesPatchCall) Header() http.Header { |
| if c.header_ == nil { |
| c.header_ = make(http.Header) |
| } |
| return c.header_ |
| } |
| |
| func (c *OrganizationsRolesPatchCall) doRequest(alt string) (*http.Response, error) { |
| reqHeaders := make(http.Header) |
| reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926") |
| for k, v := range c.header_ { |
| reqHeaders[k] = v |
| } |
| reqHeaders.Set("User-Agent", c.s.userAgent()) |
| var body io.Reader = nil |
| body, err := googleapi.WithoutDataWrapper.JSONReader(c.role) |
| if err != nil { |
| return nil, err |
| } |
| reqHeaders.Set("Content-Type", "application/json") |
| c.urlParams_.Set("alt", alt) |
| c.urlParams_.Set("prettyPrint", "false") |
| urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") |
| urls += "?" + c.urlParams_.Encode() |
| req, err := http.NewRequest("PATCH", urls, body) |
| if err != nil { |
| return nil, err |
| } |
| req.Header = reqHeaders |
| googleapi.Expand(req.URL, map[string]string{ |
| "name": c.name, |
| }) |
| return gensupport.SendRequest(c.ctx_, c.s.client, req) |
| } |
| |
| // Do executes the "iam.organizations.roles.patch" call. |
| // Exactly one of *Role or error will be non-nil. Any non-2xx status |
| // code is an error. Response headers are in either |
| // *Role.ServerResponse.Header or (if a response was returned at all) in |
| // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check |
| // whether the returned error was because http.StatusNotModified was |
| // returned. |
| func (c *OrganizationsRolesPatchCall) Do(opts ...googleapi.CallOption) (*Role, error) { |
| gensupport.SetOptions(c.urlParams_, opts...) |
| res, err := c.doRequest("json") |
| if res != nil && res.StatusCode == http.StatusNotModified { |
| if res.Body != nil { |
| res.Body.Close() |
| } |
| return nil, &googleapi.Error{ |
| Code: res.StatusCode, |
| Header: res.Header, |
| } |
| } |
| if err != nil { |
| return nil, err |
| } |
| defer googleapi.CloseBody(res) |
| if err := googleapi.CheckResponse(res); err != nil { |
| return nil, err |
| } |
| ret := &Role{ |
| ServerResponse: googleapi.ServerResponse{ |
| Header: res.Header, |
| HTTPStatusCode: res.StatusCode, |
| }, |
| } |
| target := &ret |
| if err := gensupport.DecodeResponse(target, res); err != nil { |
| return nil, err |
| } |
| return ret, nil |
| // { |
| // "description": "Updates the definition of a custom Role.", |
| // "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}", |
| // "httpMethod": "PATCH", |
| // "id": "iam.organizations.roles.patch", |
| // "parameterOrder": [ |
| // "name" |
| // ], |
| // "parameters": { |
| // "name": { |
| // "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.", |
| // "location": "path", |
| // "pattern": "^organizations/[^/]+/roles/[^/]+$", |
| // "required": true, |
| // "type": "string" |
| // }, |
| // "updateMask": { |
| // "description": "A mask describing which fields in the Role have changed.", |
| // "format": "google-fieldmask", |
| // "location": "query", |
| // "type": "string" |
| // } |
| // }, |
| // "path": "v1/{+name}", |
| // "request": { |
| // "$ref": "Role" |
| // }, |
| // "response": { |
| // "$ref": "Role" |
| // }, |
| // "scopes": [ |
| // "https://www.googleapis.com/auth/cloud-platform" |
| // ] |
| // } |
| |
| } |
| |
| // method id "iam.organizations.roles.undelete": |
| |
| type OrganizationsRolesUndeleteCall struct { |
| s *Service |
| name string |
| undeleterolerequest *UndeleteRoleRequest |
| urlParams_ gensupport.URLParams |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // Undelete: Undeletes a custom Role. |
| func (r *OrganizationsRolesService) Undelete(name string, undeleterolerequest *UndeleteRoleRequest) *OrganizationsRolesUndeleteCall { |
| c := &OrganizationsRolesUndeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.name = name |
| c.undeleterolerequest = undeleterolerequest |
| return c |
| } |
| |
| // Fields allows partial responses to be retrieved. See |
| // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse |
| // for more information. |
| func (c *OrganizationsRolesUndeleteCall) Fields(s ...googleapi.Field) *OrganizationsRolesUndeleteCall { |
| c.urlParams_.Set("fields", googleapi.CombineFields(s)) |
| return c |
| } |
| |
| // Context sets the context to be used in this call's Do method. Any |
| // pending HTTP request will be aborted if the provided context is |
| // canceled. |
| func (c *OrganizationsRolesUndeleteCall) Context(ctx context.Context) *OrganizationsRolesUndeleteCall { |
| c.ctx_ = ctx |
| return c |
| } |
| |
| // Header returns an http.Header that can be modified by the caller to |
| // add HTTP headers to the request. |
| func (c *OrganizationsRolesUndeleteCall) Header() http.Header { |
| if c.header_ == nil { |
| c.header_ = make(http.Header) |
| } |
| return c.header_ |
| } |
| |
| func (c *OrganizationsRolesUndeleteCall) doRequest(alt string) (*http.Response, error) { |
| reqHeaders := make(http.Header) |
| reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926") |
| for k, v := range c.header_ { |
| reqHeaders[k] = v |
| } |
| reqHeaders.Set("User-Agent", c.s.userAgent()) |
| var body io.Reader = nil |
| body, err := googleapi.WithoutDataWrapper.JSONReader(c.undeleterolerequest) |
| if err != nil { |
| return nil, err |
| } |
| reqHeaders.Set("Content-Type", "application/json") |
| c.urlParams_.Set("alt", alt) |
| c.urlParams_.Set("prettyPrint", "false") |
| urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:undelete") |
| urls += "?" + c.urlParams_.Encode() |
| req, err := http.NewRequest("POST", urls, body) |
| if err != nil { |
| return nil, err |
| } |
| req.Header = reqHeaders |
| googleapi.Expand(req.URL, map[string]string{ |
| "name": c.name, |
| }) |
| return gensupport.SendRequest(c.ctx_, c.s.client, req) |
| } |
| |
| // Do executes the "iam.organizations.roles.undelete" call. |
| // Exactly one of *Role or error will be non-nil. Any non-2xx status |
| // code is an error. Response headers are in either |
| // *Role.ServerResponse.Header or (if a response was returned at all) in |
| // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check |
| // whether the returned error was because http.StatusNotModified was |
| // returned. |
| func (c *OrganizationsRolesUndeleteCall) Do(opts ...googleapi.CallOption) (*Role, error) { |
| gensupport.SetOptions(c.urlParams_, opts...) |
| res, err := c.doRequest("json") |
| if res != nil && res.StatusCode == http.StatusNotModified { |
| if res.Body != nil { |
| res.Body.Close() |
| } |
| return nil, &googleapi.Error{ |
| Code: res.StatusCode, |
| Header: res.Header, |
| } |
| } |
| if err != nil { |
| return nil, err |
| } |
| defer googleapi.CloseBody(res) |
| if err := googleapi.CheckResponse(res); err != nil { |
| return nil, err |
| } |
| ret := &Role{ |
| ServerResponse: googleapi.ServerResponse{ |
| Header: res.Header, |
| HTTPStatusCode: res.StatusCode, |
| }, |
| } |
| target := &ret |
| if err := gensupport.DecodeResponse(target, res); err != nil { |
| return nil, err |
| } |
| return ret, nil |
| // { |
| // "description": "Undeletes a custom Role.", |
| // "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}:undelete", |
| // "httpMethod": "POST", |
| // "id": "iam.organizations.roles.undelete", |
| // "parameterOrder": [ |
| // "name" |
| // ], |
| // "parameters": { |
| // "name": { |
| // "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations.roles/undelete): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.", |
| // "location": "path", |
| // "pattern": "^organizations/[^/]+/roles/[^/]+$", |
| // "required": true, |
| // "type": "string" |
| // } |
| // }, |
| // "path": "v1/{+name}:undelete", |
| // "request": { |
| // "$ref": "UndeleteRoleRequest" |
| // }, |
| // "response": { |
| // "$ref": "Role" |
| // }, |
| // "scopes": [ |
| // "https://www.googleapis.com/auth/cloud-platform" |
| // ] |
| // } |
| |
| } |
| |
| // method id "iam.permissions.queryTestablePermissions": |
| |
| type PermissionsQueryTestablePermissionsCall struct { |
| s *Service |
| querytestablepermissionsrequest *QueryTestablePermissionsRequest |
| urlParams_ gensupport.URLParams |
| ctx_ context.Context |
| header_ http.Header |
| } |
| |
| // QueryTestablePermissions: Lists every permission that you can test on |
| // a resource. A permission is testable if you can check whether a |
| // member has that permission on the resource. |
| func (r *PermissionsService) QueryTestablePermissions(querytestablepermissionsrequest *QueryTestablePermissionsRequest) *PermissionsQueryTestablePermissionsCall { |
| c := &PermissionsQueryTestablePermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)} |
| c.querytestablepermissionsrequest = querytestablepermissionsrequest |
| return c |
| } |
| |
| // Fields allows partial responses to be retrieved. See |
| // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse |
| // for more information. |
| func (c *PermissionsQueryTestablePermissionsCall) Fields(s ...googleapi.Field) *PermissionsQueryTestablePermissionsCall { |
| c.urlParams_.Set("fields", googleapi.CombineFields(s)) |
| return c |
| } |
| |
| // Context sets the context to be used in this call's Do method. Any |
| // pending HTTP request will be aborted if the provided context is |
| // canceled. |
| func (c *PermissionsQueryTestablePermissionsCall) Context(ctx context.Context) *PermissionsQueryTestablePermissionsCall { |
| c.ctx_ = ctx |
| return c |
| } |
| |
| // Header returns an http.Header that can be modified by the caller to |
| // add HTTP headers to the request. |
| func (c *PermissionsQueryTestablePermissionsCall) Header() http.Header { |
| if c.header_ == nil { |
| c.header_ = make(http.Header) |
| } |
| return c.header_ |
| } |
| |
| func (c *PermissionsQueryTestablePermissionsCall) doRequest(alt string) (*http.Response, error) { |
| reqHeaders := make(http.Header) |
| reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926") |
| for k, v := range c.header_ { |
| reqHeaders[k] = v |
| } |
| reqHeaders.Set("User-Agent", c.s.userAgent()) |
| var body io.Reader = nil |
| body, err := googleapi.WithoutDataWrapper.JSONReader(c.querytestablepermissionsrequest) |
| if err != nil { |
| return nil, err |
| } |
| reqHeaders.Set("Content-Type", "application/json") |
| c.urlParams_.Set("alt", alt) |
| c.urlParams_.Set("prettyPrint", "false") |
| urls := googleapi.ResolveRelative(c.s.BasePath, "v1/permissions:queryTestablePermissions") |
| urls += "?" + c.urlParams_.Encode() |
| req, err := http.NewRequest("POST", urls, body) |
| if err != nil { |
| return nil, err |
| } |
| req.Header = reqHeaders |
| return gensupport.SendRequest(c.ctx_, c.s.client, req) |
| } |
| |
| // Do executes the "iam.permissions.queryTestablePermissions" call. |
| // Exactly one of *QueryTestablePermissionsResponse or error will be |
| // non-nil. Any non-2xx status code is an error. Response headers are in |
| // either *QueryTestablePermissionsResponse.ServerResponse.Header or (if |
| // a response was returned at all) in error.(*googleapi.Error).Header. |
| // Use googleapi.IsNotModified to check whether the returned error was |
| // because http.StatusNotModified was returned. |
| func (c *PermissionsQueryTestablePermissionsCall) Do(opts ...googleapi.CallOption) (*QueryTestablePermissionsResponse, error) { |
| gensupport.SetOptions(c.urlParams_, opts...) |
| res, err := c.doRequest("json") |
| if res != nil && res.StatusCode == http.StatusNotModified { |
| if res.Body != nil { |
| res.Body.Close() |
| } |
| return nil, &googleapi.Error{ |
| Code: res.StatusCode, |
| Header: res.Header, |
| } |
| } |
| if err != nil { |
| return nil, err |
| } |
| defer googleapi.CloseBody(res) |
| if err := googleapi.CheckResponse(res); err != nil { |
| return nil, err |
| } |
| ret := &QueryTestablePermissionsResponse{ |
| ServerResponse: googleapi.ServerResponse{ |
| Header: res.Header, |
| HTTPStatusCode: res.StatusCode, |
| }, |
| } |
| target := &ret |
| if err := gensupport.DecodeResponse(target, res); err != nil { |
| return nil, err |
| } |
| return ret, nil |
| // { |
| // "description": "Lists every permission that you can test on a resource. A permission is testable if you can check whether a member has that permission on the resource.", |
| // "flatPath": "v1/permissions:queryTestablePermissions", |
| // "httpMethod": "POST", |
| // "id": "iam.permissions.queryTestablePermissions", |
| // "parameterOrder": [], |
| // "parameters": {}, |
| // "path": "v1/permissions:queryTestablePermissions", |
| // "request": { |
| // "$ref": "QueryTestablePermissionsRequest" |
| // }, |
| // "response": { |
| // "$ref": "QueryTestablePermissionsResponse" |
| // }, |
| // "scopes": [ |
| // "https://www.googleapis.com/auth/cloud-platform" |
| // ] |
| // } |
| |
| |