blob: 67a8f4c25b5f722db4cf974f16cce82be2c455dd [file] [log] [blame]
// Copyright 2020 Google LLC.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Code generated file. DO NOT EDIT.
// Package iam provides access to the Identity and Access Management (IAM) API.
//
// For product documentation, see: https://cloud.google.com/iam/
//
// Creating a client
//
// Usage example:
//
// import "google.golang.org/api/iam/v1"
// ...
// ctx := context.Background()
// iamService, err := iam.NewService(ctx)
//
// In this example, Google Application Default Credentials are used for authentication.
//
// For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.
//
// Other authentication options
//
// To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey:
//
// iamService, err := iam.NewService(ctx, option.WithAPIKey("AIza..."))
//
// To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource:
//
// config := &oauth2.Config{...}
// // ...
// token, err := config.Exchange(ctx, ...)
// iamService, err := iam.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))
//
// See https://godoc.org/google.golang.org/api/option/ for details on options.
package iam // import "google.golang.org/api/iam/v1"
import (
"bytes"
"context"
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
"net/url"
"strconv"
"strings"
googleapi "google.golang.org/api/googleapi"
gensupport "google.golang.org/api/internal/gensupport"
option "google.golang.org/api/option"
internaloption "google.golang.org/api/option/internaloption"
htransport "google.golang.org/api/transport/http"
)
// Always reference these packages, just in case the auto-generated code
// below doesn't.
var _ = bytes.NewBuffer
var _ = strconv.Itoa
var _ = fmt.Sprintf
var _ = json.NewDecoder
var _ = io.Copy
var _ = url.Parse
var _ = gensupport.MarshalJSON
var _ = googleapi.Version
var _ = errors.New
var _ = strings.Replace
var _ = context.Canceled
var _ = internaloption.WithDefaultEndpoint
const apiId = "iam:v1"
const apiName = "iam"
const apiVersion = "v1"
const basePath = "https://iam.googleapis.com/"
const mtlsBasePath = "https://iam.mtls.googleapis.com/"
// OAuth2 scopes used by this API.
const (
// View and manage your data across Google Cloud Platform services
CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
)
// NewService creates a new Service.
func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) {
scopesOption := option.WithScopes(
"https://www.googleapis.com/auth/cloud-platform",
)
// NOTE: prepend, so we don't override user-specified scopes.
opts = append([]option.ClientOption{scopesOption}, opts...)
opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
client, endpoint, err := htransport.NewClient(ctx, opts...)
if err != nil {
return nil, err
}
s, err := New(client)
if err != nil {
return nil, err
}
if endpoint != "" {
s.BasePath = endpoint
}
return s, nil
}
// New creates a new Service. It uses the provided http.Client for requests.
//
// Deprecated: please use NewService instead.
// To provide a custom HTTP client, use option.WithHTTPClient.
// If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.
func New(client *http.Client) (*Service, error) {
if client == nil {
return nil, errors.New("client is nil")
}
s := &Service{client: client, BasePath: basePath}
s.IamPolicies = NewIamPoliciesService(s)
s.Organizations = NewOrganizationsService(s)
s.Permissions = NewPermissionsService(s)
s.Projects = NewProjectsService(s)
s.Roles = NewRolesService(s)
return s, nil
}
type Service struct {
client *http.Client
BasePath string // API endpoint base URL
UserAgent string // optional additional User-Agent fragment
IamPolicies *IamPoliciesService
Organizations *OrganizationsService
Permissions *PermissionsService
Projects *ProjectsService
Roles *RolesService
}
func (s *Service) userAgent() string {
if s.UserAgent == "" {
return googleapi.UserAgent
}
return googleapi.UserAgent + " " + s.UserAgent
}
func NewIamPoliciesService(s *Service) *IamPoliciesService {
rs := &IamPoliciesService{s: s}
return rs
}
type IamPoliciesService struct {
s *Service
}
func NewOrganizationsService(s *Service) *OrganizationsService {
rs := &OrganizationsService{s: s}
rs.Roles = NewOrganizationsRolesService(s)
return rs
}
type OrganizationsService struct {
s *Service
Roles *OrganizationsRolesService
}
func NewOrganizationsRolesService(s *Service) *OrganizationsRolesService {
rs := &OrganizationsRolesService{s: s}
return rs
}
type OrganizationsRolesService struct {
s *Service
}
func NewPermissionsService(s *Service) *PermissionsService {
rs := &PermissionsService{s: s}
return rs
}
type PermissionsService struct {
s *Service
}
func NewProjectsService(s *Service) *ProjectsService {
rs := &ProjectsService{s: s}
rs.Roles = NewProjectsRolesService(s)
rs.ServiceAccounts = NewProjectsServiceAccountsService(s)
return rs
}
type ProjectsService struct {
s *Service
Roles *ProjectsRolesService
ServiceAccounts *ProjectsServiceAccountsService
}
func NewProjectsRolesService(s *Service) *ProjectsRolesService {
rs := &ProjectsRolesService{s: s}
return rs
}
type ProjectsRolesService struct {
s *Service
}
func NewProjectsServiceAccountsService(s *Service) *ProjectsServiceAccountsService {
rs := &ProjectsServiceAccountsService{s: s}
rs.Keys = NewProjectsServiceAccountsKeysService(s)
return rs
}
type ProjectsServiceAccountsService struct {
s *Service
Keys *ProjectsServiceAccountsKeysService
}
func NewProjectsServiceAccountsKeysService(s *Service) *ProjectsServiceAccountsKeysService {
rs := &ProjectsServiceAccountsKeysService{s: s}
return rs
}
type ProjectsServiceAccountsKeysService struct {
s *Service
}
func NewRolesService(s *Service) *RolesService {
rs := &RolesService{s: s}
return rs
}
type RolesService struct {
s *Service
}
// AdminAuditData: Audit log information specific to Cloud IAM admin
// APIs. This message is serialized as an `Any` type in the
// `ServiceData` message of an `AuditLog` message.
type AdminAuditData struct {
// PermissionDelta: The permission_delta when when creating or updating
// a Role.
PermissionDelta *PermissionDelta `json:"permissionDelta,omitempty"`
// ForceSendFields is a list of field names (e.g. "PermissionDelta") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "PermissionDelta") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *AdminAuditData) MarshalJSON() ([]byte, error) {
type NoMethod AdminAuditData
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// AuditConfig: Specifies the audit configuration for a service. The
// configuration determines which permission types are logged, and what
// identities, if any, are exempted from logging. An AuditConfig must
// have one or more AuditLogConfigs. If there are AuditConfigs for both
// `allServices` and a specific service, the union of the two
// AuditConfigs is used for that service: the log_types specified in
// each AuditConfig are enabled, and the exempted_members in each
// AuditLogConfig are exempted. Example Policy with multiple
// AuditConfigs: { "audit_configs": [ { "service": "allServices",
// "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members":
// [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, {
// "log_type": "ADMIN_READ" } ] }, { "service":
// "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type":
// "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [
// "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy
// enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts
// jose@example.com from DATA_READ logging, and aliya@example.com from
// DATA_WRITE logging.
type AuditConfig struct {
// AuditLogConfigs: The configuration for logging of each type of
// permission.
AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"`
// Service: Specifies a service that will be enabled for audit logging.
// For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
// `allServices` is a special value that covers all services.
Service string `json:"service,omitempty"`
// ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "AuditLogConfigs") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *AuditConfig) MarshalJSON() ([]byte, error) {
type NoMethod AuditConfig
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// AuditData: Audit log information specific to Cloud IAM. This message
// is serialized as an `Any` type in the `ServiceData` message of an
// `AuditLog` message.
type AuditData struct {
// PolicyDelta: Policy delta between the original policy and the newly
// set policy.
PolicyDelta *PolicyDelta `json:"policyDelta,omitempty"`
// ForceSendFields is a list of field names (e.g. "PolicyDelta") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "PolicyDelta") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *AuditData) MarshalJSON() ([]byte, error) {
type NoMethod AuditData
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// AuditLogConfig: Provides the configuration for logging a type of
// permissions. Example: { "audit_log_configs": [ { "log_type":
// "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, {
// "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and
// 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ
// logging.
type AuditLogConfig struct {
// ExemptedMembers: Specifies the identities that do not cause logging
// for this type of permission. Follows the same format of
// Binding.members.
ExemptedMembers []string `json:"exemptedMembers,omitempty"`
// LogType: The log type that this config enables.
//
// Possible values:
// "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this.
// "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy
// "DATA_WRITE" - Data writes. Example: CloudSQL Users create
// "DATA_READ" - Data reads. Example: CloudSQL Users list
LogType string `json:"logType,omitempty"`
// ForceSendFields is a list of field names (e.g. "ExemptedMembers") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "ExemptedMembers") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *AuditLogConfig) MarshalJSON() ([]byte, error) {
type NoMethod AuditLogConfig
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// AuditableService: Contains information about an auditable service.
type AuditableService struct {
// Name: Public name of the service. For example, the service name for
// Cloud IAM is 'iam.googleapis.com'.
Name string `json:"name,omitempty"`
// ForceSendFields is a list of field names (e.g. "Name") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Name") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *AuditableService) MarshalJSON() ([]byte, error) {
type NoMethod AuditableService
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// Binding: Associates `members` with a `role`.
type Binding struct {
// BindingId: A client-specified ID for this binding. Expected to be
// globally unique to support the internal bindings-by-ID API.
BindingId string `json:"bindingId,omitempty"`
// Condition: The condition that is associated with this binding. If the
// condition evaluates to `true`, then this binding applies to the
// current request. If the condition evaluates to `false`, then this
// binding does not apply to the current request. However, a different
// role binding might grant the same role to one or more of the members
// in this binding. To learn which resources support conditions in their
// IAM policies, see the [IAM
// documentation](https://cloud.google.com/iam/help/conditions/resource-p
// olicies).
Condition *Expr `json:"condition,omitempty"`
// Members: Specifies the identities requesting access for a Cloud
// Platform resource. `members` can have the following values: *
// `allUsers`: A special identifier that represents anyone who is on the
// internet; with or without a Google account. *
// `allAuthenticatedUsers`: A special identifier that represents anyone
// who is authenticated with a Google account or a service account. *
// `user:{emailid}`: An email address that represents a specific Google
// account. For example, `alice@example.com` . *
// `serviceAccount:{emailid}`: An email address that represents a
// service account. For example,
// `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An
// email address that represents a Google group. For example,
// `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An
// email address (plus unique identifier) representing a user that has
// been recently deleted. For example,
// `alice@example.com?uid=123456789012345678901`. If the user is
// recovered, this value reverts to `user:{emailid}` and the recovered
// user retains the role in the binding. *
// `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address
// (plus unique identifier) representing a service account that has been
// recently deleted. For example,
// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
// If the service account is undeleted, this value reverts to
// `serviceAccount:{emailid}` and the undeleted service account retains
// the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`:
// An email address (plus unique identifier) representing a Google group
// that has been recently deleted. For example,
// `admins@example.com?uid=123456789012345678901`. If the group is
// recovered, this value reverts to `group:{emailid}` and the recovered
// group retains the role in the binding. * `domain:{domain}`: The G
// Suite domain (primary) that represents all the users of that domain.
// For example, `google.com` or `example.com`.
Members []string `json:"members,omitempty"`
// Role: Role that is assigned to `members`. For example,
// `roles/viewer`, `roles/editor`, or `roles/owner`.
Role string `json:"role,omitempty"`
// ForceSendFields is a list of field names (e.g. "BindingId") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "BindingId") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *Binding) MarshalJSON() ([]byte, error) {
type NoMethod Binding
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// BindingDelta: One delta entry for Binding. Each individual change
// (only one member in each entry) to a binding will be a separate
// entry.
type BindingDelta struct {
// Action: The action that was performed on a Binding. Required
//
// Possible values:
// "ACTION_UNSPECIFIED" - Unspecified.
// "ADD" - Addition of a Binding.
// "REMOVE" - Removal of a Binding.
Action string `json:"action,omitempty"`
// Condition: The condition that is associated with this binding.
Condition *Expr `json:"condition,omitempty"`
// Member: A single identity requesting access for a Cloud Platform
// resource. Follows the same format of Binding.members. Required
Member string `json:"member,omitempty"`
// Role: Role that is assigned to `members`. For example,
// `roles/viewer`, `roles/editor`, or `roles/owner`. Required
Role string `json:"role,omitempty"`
// ForceSendFields is a list of field names (e.g. "Action") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Action") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *BindingDelta) MarshalJSON() ([]byte, error) {
type NoMethod BindingDelta
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// CreateRoleRequest: The request to create a new role.
type CreateRoleRequest struct {
// Role: The Role resource to create.
Role *Role `json:"role,omitempty"`
// RoleId: The role ID to use for this role. A role ID may contain
// alphanumeric characters, underscores (`_`), and periods (`.`). It
// must contain a minimum of 3 characters and a maximum of 64
// characters.
RoleId string `json:"roleId,omitempty"`
// ForceSendFields is a list of field names (e.g. "Role") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Role") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *CreateRoleRequest) MarshalJSON() ([]byte, error) {
type NoMethod CreateRoleRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// CreateServiceAccountKeyRequest: The service account key create
// request.
type CreateServiceAccountKeyRequest struct {
// KeyAlgorithm: Which type of key and algorithm to use for the key. The
// default is currently a 2K RSA key. However this may change in the
// future.
//
// Possible values:
// "KEY_ALG_UNSPECIFIED" - An unspecified key algorithm.
// "KEY_ALG_RSA_1024" - 1k RSA Key.
// "KEY_ALG_RSA_2048" - 2k RSA Key.
KeyAlgorithm string `json:"keyAlgorithm,omitempty"`
// PrivateKeyType: The output format of the private key. The default
// value is `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google
// Credentials File format.
//
// Possible values:
// "TYPE_UNSPECIFIED" - Unspecified. Equivalent to
// `TYPE_GOOGLE_CREDENTIALS_FILE`.
// "TYPE_PKCS12_FILE" - PKCS12 format. The password for the PKCS12
// file is `notasecret`. For more information, see
// https://tools.ietf.org/html/rfc7292.
// "TYPE_GOOGLE_CREDENTIALS_FILE" - Google Credentials File format.
PrivateKeyType string `json:"privateKeyType,omitempty"`
// ForceSendFields is a list of field names (e.g. "KeyAlgorithm") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "KeyAlgorithm") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *CreateServiceAccountKeyRequest) MarshalJSON() ([]byte, error) {
type NoMethod CreateServiceAccountKeyRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// CreateServiceAccountRequest: The service account create request.
type CreateServiceAccountRequest struct {
// AccountId: Required. The account id that is used to generate the
// service account email address and a stable unique id. It is unique
// within a project, must be 6-30 characters long, and match the regular
// expression `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
AccountId string `json:"accountId,omitempty"`
// ServiceAccount: The ServiceAccount resource to create. Currently,
// only the following values are user assignable: `display_name` and
// `description`.
ServiceAccount *ServiceAccount `json:"serviceAccount,omitempty"`
// ForceSendFields is a list of field names (e.g. "AccountId") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "AccountId") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *CreateServiceAccountRequest) MarshalJSON() ([]byte, error) {
type NoMethod CreateServiceAccountRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// DisableServiceAccountRequest: The service account disable request.
type DisableServiceAccountRequest struct {
}
// Empty: A generic empty message that you can re-use to avoid defining
// duplicated empty messages in your APIs. A typical example is to use
// it as the request or the response type of an API method. For
// instance: service Foo { rpc Bar(google.protobuf.Empty) returns
// (google.protobuf.Empty); } The JSON representation for `Empty` is
// empty JSON object `{}`.
type Empty struct {
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
}
// EnableServiceAccountRequest: The service account enable request.
type EnableServiceAccountRequest struct {
}
// Expr: Represents a textual expression in the Common Expression
// Language (CEL) syntax. CEL is a C-like expression language. The
// syntax and semantics of CEL are documented at
// https://github.com/google/cel-spec. Example (Comparison): title:
// "Summary size limit" description: "Determines if a summary is less
// than 100 chars" expression: "document.summary.size() < 100" Example
// (Equality): title: "Requestor is owner" description: "Determines if
// requestor is the document owner" expression: "document.owner ==
// request.auth.claims.email" Example (Logic): title: "Public documents"
// description: "Determine whether the document should be publicly
// visible" expression: "document.type != 'private' && document.type !=
// 'internal'" Example (Data Manipulation): title: "Notification string"
// description: "Create a notification string with a timestamp."
// expression: "'New message received at ' +
// string(document.create_time)" The exact variables and functions that
// may be referenced within an expression are determined by the service
// that evaluates it. See the service documentation for additional
// information.
type Expr struct {
// Description: Optional. Description of the expression. This is a
// longer text which describes the expression, e.g. when hovered over it
// in a UI.
Description string `json:"description,omitempty"`
// Expression: Textual representation of an expression in Common
// Expression Language syntax.
Expression string `json:"expression,omitempty"`
// Location: Optional. String indicating the location of the expression
// for error reporting, e.g. a file name and a position in the file.
Location string `json:"location,omitempty"`
// Title: Optional. Title for the expression, i.e. a short string
// describing its purpose. This can be used e.g. in UIs which allow to
// enter the expression.
Title string `json:"title,omitempty"`
// ForceSendFields is a list of field names (e.g. "Description") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Description") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *Expr) MarshalJSON() ([]byte, error) {
type NoMethod Expr
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// LintPolicyRequest: The request to lint a Cloud IAM policy object.
type LintPolicyRequest struct {
// Condition: google.iam.v1.Binding.condition object to be linted.
Condition *Expr `json:"condition,omitempty"`
// FullResourceName: The full resource name of the policy this lint
// request is about. The name follows the Google Cloud Platform (GCP)
// resource format. For example, a GCP project with ID `my-project` will
// be named `//cloudresourcemanager.googleapis.com/projects/my-project`.
// The resource name is not used to read the policy instance from the
// Cloud IAM database. The candidate policy for lint has to be provided
// in the same request object.
FullResourceName string `json:"fullResourceName,omitempty"`
// ForceSendFields is a list of field names (e.g. "Condition") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Condition") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *LintPolicyRequest) MarshalJSON() ([]byte, error) {
type NoMethod LintPolicyRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// LintPolicyResponse: The response of a lint operation. An empty
// response indicates the operation was able to fully execute and no
// lint issue was found.
type LintPolicyResponse struct {
// LintResults: List of lint results sorted by `severity` in descending
// order.
LintResults []*LintResult `json:"lintResults,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "LintResults") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "LintResults") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *LintPolicyResponse) MarshalJSON() ([]byte, error) {
type NoMethod LintPolicyResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// LintResult: Structured response of a single validation unit.
type LintResult struct {
// DebugMessage: Human readable debug message associated with the issue.
DebugMessage string `json:"debugMessage,omitempty"`
// FieldName: The name of the field for which this lint result is about.
// For nested messages `field_name` consists of names of the embedded
// fields separated by period character. The top-level qualifier is the
// input object to lint in the request. For example, the `field_name`
// value `condition.expression` identifies a lint result for the
// `expression` field of the provided condition.
FieldName string `json:"fieldName,omitempty"`
// Level: The validation unit level.
//
// Possible values:
// "LEVEL_UNSPECIFIED" - Level is unspecified.
// "CONDITION" - A validation unit which operates on an individual
// condition within a binding.
Level string `json:"level,omitempty"`
// LocationOffset: 0-based character position of problematic construct
// within the object identified by `field_name`. Currently, this is
// populated only for condition expression.
LocationOffset int64 `json:"locationOffset,omitempty"`
// Severity: The validation unit severity.
//
// Possible values:
// "SEVERITY_UNSPECIFIED" - Severity is unspecified.
// "ERROR" - A validation unit returns an error only for critical
// issues. If an attempt is made to set the problematic policy without
// rectifying the critical issue, it causes the `setPolicy` operation to
// fail.
// "WARNING" - Any issue which is severe enough but does not cause an
// error. For example, suspicious constructs in the input object will
// not necessarily fail `setPolicy`, but there is a high likelihood that
// they won't behave as expected during policy evaluation in
// `checkPolicy`. This includes the following common scenarios: -
// Unsatisfiable condition: Expired timestamp in date/time condition. -
// Ineffective condition: Condition on a pair which is granted
// unconditionally in another binding of the same policy.
// "NOTICE" - Reserved for the issues that are not severe as
// `ERROR`/`WARNING`, but need special handling. For instance, messages
// about skipped validation units are issued as `NOTICE`.
// "INFO" - Any informative statement which is not severe enough to
// raise `ERROR`/`WARNING`/`NOTICE`, like auto-correction
// recommendations on the input content. Note that current version of
// the linter does not utilize `INFO`.
// "DEPRECATED" - Deprecated severity level.
Severity string `json:"severity,omitempty"`
// ValidationUnitName: The validation unit name, for instance
// "lintValidationUnits/ConditionComplexityCheck".
ValidationUnitName string `json:"validationUnitName,omitempty"`
// ForceSendFields is a list of field names (e.g. "DebugMessage") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "DebugMessage") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *LintResult) MarshalJSON() ([]byte, error) {
type NoMethod LintResult
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// ListRolesResponse: The response containing the roles defined under a
// resource.
type ListRolesResponse struct {
// NextPageToken: To retrieve the next page of results, set
// `ListRolesRequest.page_token` to this value.
NextPageToken string `json:"nextPageToken,omitempty"`
// Roles: The Roles defined on this resource.
Roles []*Role `json:"roles,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "NextPageToken") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "NextPageToken") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *ListRolesResponse) MarshalJSON() ([]byte, error) {
type NoMethod ListRolesResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// ListServiceAccountKeysResponse: The service account keys list
// response.
type ListServiceAccountKeysResponse struct {
// Keys: The public keys for the service account.
Keys []*ServiceAccountKey `json:"keys,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Keys") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Keys") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *ListServiceAccountKeysResponse) MarshalJSON() ([]byte, error) {
type NoMethod ListServiceAccountKeysResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// ListServiceAccountsResponse: The service account list response.
type ListServiceAccountsResponse struct {
// Accounts: The list of matching service accounts.
Accounts []*ServiceAccount `json:"accounts,omitempty"`
// NextPageToken: To retrieve the next page of results, set
// ListServiceAccountsRequest.page_token to this value.
NextPageToken string `json:"nextPageToken,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Accounts") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Accounts") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *ListServiceAccountsResponse) MarshalJSON() ([]byte, error) {
type NoMethod ListServiceAccountsResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// PatchServiceAccountRequest: The request for PatchServiceAccount. You
// can patch only the `display_name` and `description` fields. You must
// use the `update_mask` field to specify which of these fields you want
// to patch. Only the fields specified in the request are guaranteed to
// be returned in the response. Other fields may be empty in the
// response.
type PatchServiceAccountRequest struct {
ServiceAccount *ServiceAccount `json:"serviceAccount,omitempty"`
UpdateMask string `json:"updateMask,omitempty"`
// ForceSendFields is a list of field names (e.g. "ServiceAccount") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "ServiceAccount") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *PatchServiceAccountRequest) MarshalJSON() ([]byte, error) {
type NoMethod PatchServiceAccountRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// Permission: A permission which can be included by a role.
type Permission struct {
// ApiDisabled: The service API associated with the permission is not
// enabled.
ApiDisabled bool `json:"apiDisabled,omitempty"`
// CustomRolesSupportLevel: The current custom role support level.
//
// Possible values:
// "SUPPORTED" - Permission is fully supported for custom role use.
// "TESTING" - Permission is being tested to check custom role
// compatibility.
// "NOT_SUPPORTED" - Permission is not supported for custom role use.
CustomRolesSupportLevel string `json:"customRolesSupportLevel,omitempty"`
// Description: A brief description of what this Permission is used for.
// This permission can ONLY be used in predefined roles.
Description string `json:"description,omitempty"`
// Name: The name of this Permission.
Name string `json:"name,omitempty"`
OnlyInPredefinedRoles bool `json:"onlyInPredefinedRoles,omitempty"`
// PrimaryPermission: The preferred name for this permission. If
// present, then this permission is an alias of, and equivalent to, the
// listed primary_permission.
PrimaryPermission string `json:"primaryPermission,omitempty"`
// Stage: The current launch stage of the permission.
//
// Possible values:
// "ALPHA" - The permission is currently in an alpha phase.
// "BETA" - The permission is currently in a beta phase.
// "GA" - The permission is generally available.
// "DEPRECATED" - The permission is being deprecated.
Stage string `json:"stage,omitempty"`
// Title: The title of this Permission.
Title string `json:"title,omitempty"`
// ForceSendFields is a list of field names (e.g. "ApiDisabled") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "ApiDisabled") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *Permission) MarshalJSON() ([]byte, error) {
type NoMethod Permission
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// PermissionDelta: A PermissionDelta message to record the
// added_permissions and removed_permissions inside a role.
type PermissionDelta struct {
// AddedPermissions: Added permissions.
AddedPermissions []string `json:"addedPermissions,omitempty"`
// RemovedPermissions: Removed permissions.
RemovedPermissions []string `json:"removedPermissions,omitempty"`
// ForceSendFields is a list of field names (e.g. "AddedPermissions") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "AddedPermissions") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *PermissionDelta) MarshalJSON() ([]byte, error) {
type NoMethod PermissionDelta
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// Policy: An Identity and Access Management (IAM) policy, which
// specifies access controls for Google Cloud resources. A `Policy` is a
// collection of `bindings`. A `binding` binds one or more `members` to
// a single `role`. Members can be user accounts, service accounts,
// Google groups, and domains (such as G Suite). A `role` is a named
// list of permissions; each `role` can be an IAM predefined role or a
// user-created custom role. For some types of Google Cloud resources, a
// `binding` can also specify a `condition`, which is a logical
// expression that allows access to a resource only if the expression
// evaluates to `true`. A condition can add constraints based on
// attributes of the request, the resource, or both. To learn which
// resources support conditions in their IAM policies, see the [IAM
// documentation](https://cloud.google.com/iam/help/conditions/resource-p
// olicies). **JSON example:** { "bindings": [ { "role":
// "roles/resourcemanager.organizationAdmin", "members": [
// "user:mike@example.com", "group:admins@example.com",
// "domain:google.com",
// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, {
// "role": "roles/resourcemanager.organizationViewer", "members": [
// "user:eve@example.com" ], "condition": { "title": "expirable access",
// "description": "Does not grant access after Sep 2020", "expression":
// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ],
// "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: -
// members: - user:mike@example.com - group:admins@example.com -
// domain:google.com -
// serviceAccount:my-project-id@appspot.gserviceaccount.com role:
// roles/resourcemanager.organizationAdmin - members: -
// user:eve@example.com role: roles/resourcemanager.organizationViewer
// condition: title: expirable access description: Does not grant access
// after Sep 2020 expression: request.time <
// timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version:
// 3 For a description of IAM and its features, see the [IAM
// documentation](https://cloud.google.com/iam/docs/).
type Policy struct {
// AuditConfigs: Specifies cloud audit logging configuration for this
// policy.
AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"`
// Bindings: Associates a list of `members` to a `role`. Optionally, may
// specify a `condition` that determines how and when the `bindings` are
// applied. Each of the `bindings` must contain at least one member.
Bindings []*Binding `json:"bindings,omitempty"`
// Etag: `etag` is used for optimistic concurrency control as a way to
// help prevent simultaneous updates of a policy from overwriting each
// other. It is strongly suggested that systems make use of the `etag`
// in the read-modify-write cycle to perform policy updates in order to
// avoid race conditions: An `etag` is returned in the response to
// `getIamPolicy`, and systems are expected to put that etag in the
// request to `setIamPolicy` to ensure that their change will be applied
// to the same version of the policy. **Important:** If you use IAM
// Conditions, you must include the `etag` field whenever you call
// `setIamPolicy`. If you omit this field, then IAM allows you to
// overwrite a version `3` policy with a version `1` policy, and all of
// the conditions in the version `3` policy are lost.
Etag string `json:"etag,omitempty"`
// Version: Specifies the format of the policy. Valid values are `0`,
// `1`, and `3`. Requests that specify an invalid value are rejected.
// Any operation that affects conditional role bindings must specify
// version `3`. This requirement applies to the following operations: *
// Getting a policy that includes a conditional role binding * Adding a
// conditional role binding to a policy * Changing a conditional role
// binding in a policy * Removing any role binding, with or without a
// condition, from a policy that includes conditions **Important:** If
// you use IAM Conditions, you must include the `etag` field whenever
// you call `setIamPolicy`. If you omit this field, then IAM allows you
// to overwrite a version `3` policy with a version `1` policy, and all
// of the conditions in the version `3` policy are lost. If a policy
// does not include any conditions, operations on that policy may
// specify any valid version or leave the field unset. To learn which
// resources support conditions in their IAM policies, see the [IAM
// documentation](https://cloud.google.com/iam/help/conditions/resource-p
// olicies).
Version int64 `json:"version,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "AuditConfigs") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "AuditConfigs") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *Policy) MarshalJSON() ([]byte, error) {
type NoMethod Policy
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// PolicyDelta: The difference delta between two policies.
type PolicyDelta struct {
// BindingDeltas: The delta for Bindings between two policies.
BindingDeltas []*BindingDelta `json:"bindingDeltas,omitempty"`
// ForceSendFields is a list of field names (e.g. "BindingDeltas") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "BindingDeltas") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *PolicyDelta) MarshalJSON() ([]byte, error) {
type NoMethod PolicyDelta
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// QueryAuditableServicesRequest: A request to get the list of auditable
// services for a resource.
type QueryAuditableServicesRequest struct {
// FullResourceName: Required. The full resource name to query from the
// list of auditable services. The name follows the Google Cloud
// Platform resource format. For example, a Cloud Platform project with
// id `my-project` will be named
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
FullResourceName string `json:"fullResourceName,omitempty"`
// ForceSendFields is a list of field names (e.g. "FullResourceName") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "FullResourceName") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *QueryAuditableServicesRequest) MarshalJSON() ([]byte, error) {
type NoMethod QueryAuditableServicesRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// QueryAuditableServicesResponse: A response containing a list of
// auditable services for a resource.
type QueryAuditableServicesResponse struct {
// Services: The auditable services for a resource.
Services []*AuditableService `json:"services,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Services") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Services") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *QueryAuditableServicesResponse) MarshalJSON() ([]byte, error) {
type NoMethod QueryAuditableServicesResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// QueryGrantableRolesRequest: The grantable role query request.
type QueryGrantableRolesRequest struct {
// FullResourceName: Required. The full resource name to query from the
// list of grantable roles. The name follows the Google Cloud Platform
// resource format. For example, a Cloud Platform project with id
// `my-project` will be named
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
FullResourceName string `json:"fullResourceName,omitempty"`
// PageSize: Optional limit on the number of roles to include in the
// response. The default is 300, and the maximum is 1,000.
PageSize int64 `json:"pageSize,omitempty"`
// PageToken: Optional pagination token returned in an earlier
// QueryGrantableRolesResponse.
PageToken string `json:"pageToken,omitempty"`
// Possible values:
// "BASIC" - Omits the `included_permissions` field. This is the
// default value.
// "FULL" - Returns all fields.
View string `json:"view,omitempty"`
// ForceSendFields is a list of field names (e.g. "FullResourceName") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "FullResourceName") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *QueryGrantableRolesRequest) MarshalJSON() ([]byte, error) {
type NoMethod QueryGrantableRolesRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// QueryGrantableRolesResponse: The grantable role query response.
type QueryGrantableRolesResponse struct {
// NextPageToken: To retrieve the next page of results, set
// `QueryGrantableRolesRequest.page_token` to this value.
NextPageToken string `json:"nextPageToken,omitempty"`
// Roles: The list of matching roles.
Roles []*Role `json:"roles,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "NextPageToken") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "NextPageToken") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *QueryGrantableRolesResponse) MarshalJSON() ([]byte, error) {
type NoMethod QueryGrantableRolesResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// QueryTestablePermissionsRequest: A request to get permissions which
// can be tested on a resource.
type QueryTestablePermissionsRequest struct {
// FullResourceName: Required. The full resource name to query from the
// list of testable permissions. The name follows the Google Cloud
// Platform resource format. For example, a Cloud Platform project with
// id `my-project` will be named
// `//cloudresourcemanager.googleapis.com/projects/my-project`.
FullResourceName string `json:"fullResourceName,omitempty"`
// PageSize: Optional limit on the number of permissions to include in
// the response. The default is 100, and the maximum is 1,000.
PageSize int64 `json:"pageSize,omitempty"`
// PageToken: Optional pagination token returned in an earlier
// QueryTestablePermissionsRequest.
PageToken string `json:"pageToken,omitempty"`
// ForceSendFields is a list of field names (e.g. "FullResourceName") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "FullResourceName") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *QueryTestablePermissionsRequest) MarshalJSON() ([]byte, error) {
type NoMethod QueryTestablePermissionsRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// QueryTestablePermissionsResponse: The response containing permissions
// which can be tested on a resource.
type QueryTestablePermissionsResponse struct {
// NextPageToken: To retrieve the next page of results, set
// `QueryTestableRolesRequest.page_token` to this value.
NextPageToken string `json:"nextPageToken,omitempty"`
// Permissions: The Permissions testable on the requested resource.
Permissions []*Permission `json:"permissions,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "NextPageToken") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "NextPageToken") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *QueryTestablePermissionsResponse) MarshalJSON() ([]byte, error) {
type NoMethod QueryTestablePermissionsResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// Role: A role in the Identity and Access Management API.
type Role struct {
// Deleted: The current deleted state of the role. This field is read
// only. It will be ignored in calls to CreateRole and UpdateRole.
Deleted bool `json:"deleted,omitempty"`
// Description: Optional. A human-readable description for the role.
Description string `json:"description,omitempty"`
// Etag: Used to perform a consistent read-modify-write.
Etag string `json:"etag,omitempty"`
// IncludedPermissions: The names of the permissions this role grants
// when bound in an IAM policy.
IncludedPermissions []string `json:"includedPermissions,omitempty"`
// Name: The name of the role. When Role is used in CreateRole, the role
// name must not be set. When Role is used in output and other input
// such as UpdateRole, the role name is the complete path, e.g.,
// roles/logging.viewer for predefined roles and
// organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom
// roles.
Name string `json:"name,omitempty"`
// Stage: The current launch stage of the role. If the `ALPHA` launch
// stage has been selected for a role, the `stage` field will not be
// included in the returned definition for the role.
//
// Possible values:
// "ALPHA" - The user has indicated this role is currently in an Alpha
// phase. If this launch stage is selected, the `stage` field will not
// be included when requesting the definition for a given role.
// "BETA" - The user has indicated this role is currently in a Beta
// phase.
// "GA" - The user has indicated this role is generally available.
// "DEPRECATED" - The user has indicated this role is being
// deprecated.
// "DISABLED" - This role is disabled and will not contribute
// permissions to any members it is granted to in policies.
// "EAP" - The user has indicated this role is currently in an EAP
// phase.
Stage string `json:"stage,omitempty"`
// Title: Optional. A human-readable title for the role. Typically this
// is limited to 100 UTF-8 bytes.
Title string `json:"title,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Deleted") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Deleted") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *Role) MarshalJSON() ([]byte, error) {
type NoMethod Role
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// ServiceAccount: An IAM service account. A service account is an
// account for an application or a virtual machine (VM) instance, not a
// person. You can use a service account to call Google APIs. To learn
// more, read the [overview of service
// accounts](https://cloud.google.com/iam/help/service-accounts/overview)
// . When you create a service account, you specify the project ID that
// owns the service account, as well as a name that must be unique
// within the project. IAM uses these values to create an email address
// that identifies the service account.
type ServiceAccount struct {
// Description: Optional. A user-specified, human-readable description
// of the service account. The maximum length is 256 UTF-8 bytes.
Description string `json:"description,omitempty"`
// Disabled: Output only. Whether the service account is disabled.
Disabled bool `json:"disabled,omitempty"`
// DisplayName: Optional. A user-specified, human-readable name for the
// service account. The maximum length is 100 UTF-8 bytes.
DisplayName string `json:"displayName,omitempty"`
// Email: Output only. The email address of the service account.
Email string `json:"email,omitempty"`
// Etag: Deprecated. Do not use.
Etag string `json:"etag,omitempty"`
// Name: The resource name of the service account. Use one of the
// following formats: *
// `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` *
// `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an
// alternative, you can use the `-` wildcard character instead of the
// project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` *
// `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using
// the `-` wildcard character, because it can cause response messages to
// contain misleading error codes. For example, if you try to get the
// service account `projects/-/serviceAccounts/fake@example.com`, which
// does not exist, the response contains an HTTP `403 Forbidden` error
// instead of a `404 Not Found` error.
Name string `json:"name,omitempty"`
// Oauth2ClientId: Output only. The OAuth 2.0 client ID for the service
// account.
Oauth2ClientId string `json:"oauth2ClientId,omitempty"`
// ProjectId: Output only. The ID of the project that owns the service
// account.
ProjectId string `json:"projectId,omitempty"`
// UniqueId: Output only. The unique, stable numeric ID for the service
// account. Each service account retains its unique ID even if you
// delete the service account. For example, if you delete a service
// account, then create a new service account with the same name, the
// new service account has a different unique ID than the deleted
// service account.
UniqueId string `json:"uniqueId,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Description") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Description") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *ServiceAccount) MarshalJSON() ([]byte, error) {
type NoMethod ServiceAccount
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// ServiceAccountKey: Represents a service account key. A service
// account has two sets of key-pairs: user-managed, and system-managed.
// User-managed key-pairs can be created and deleted by users. Users are
// responsible for rotating these keys periodically to ensure security
// of their service accounts. Users retain the private key of these
// key-pairs, and Google retains ONLY the public key. System-managed
// keys are automatically rotated by Google, and are used for signing
// for a maximum of two weeks. The rotation process is probabilistic,
// and usage of the new key will gradually ramp up and down over the
// key's lifetime. We recommend caching the public key set for a service
// account for no more than 24 hours to ensure you have access to the
// latest keys. Public keys for all service accounts are also published
// at the OAuth2 Service Account API.
type ServiceAccountKey struct {
// KeyAlgorithm: Specifies the algorithm (and possibly key size) for the
// key.
//
// Possible values:
// "KEY_ALG_UNSPECIFIED" - An unspecified key algorithm.
// "KEY_ALG_RSA_1024" - 1k RSA Key.
// "KEY_ALG_RSA_2048" - 2k RSA Key.
KeyAlgorithm string `json:"keyAlgorithm,omitempty"`
// KeyOrigin: The key origin.
//
// Possible values:
// "ORIGIN_UNSPECIFIED" - Unspecified key origin.
// "USER_PROVIDED" - Key is provided by user.
// "GOOGLE_PROVIDED" - Key is provided by Google.
KeyOrigin string `json:"keyOrigin,omitempty"`
// KeyType: The key type.
//
// Possible values:
// "KEY_TYPE_UNSPECIFIED" - Unspecified key type. The presence of this
// in the message will immediately result in an error.
// "USER_MANAGED" - User-managed keys (managed and rotated by the
// user).
// "SYSTEM_MANAGED" - System-managed keys (managed and rotated by
// Google).
KeyType string `json:"keyType,omitempty"`
// Name: The resource name of the service account key in the following
// format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
Name string `json:"name,omitempty"`
// PrivateKeyData: The private key data. Only provided in
// `CreateServiceAccountKey` responses. Make sure to keep the private
// key data secure because it allows for the assertion of the service
// account identity. When base64 decoded, the private key data can be
// used to authenticate with Google API client libraries and with gcloud
// auth activate-service-account.
PrivateKeyData string `json:"privateKeyData,omitempty"`
// PrivateKeyType: The output format for the private key. Only provided
// in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey`
// or `ListServiceAccountKey` responses. Google never exposes
// system-managed private keys, and never retains user-managed private
// keys.
//
// Possible values:
// "TYPE_UNSPECIFIED" - Unspecified. Equivalent to
// `TYPE_GOOGLE_CREDENTIALS_FILE`.
// "TYPE_PKCS12_FILE" - PKCS12 format. The password for the PKCS12
// file is `notasecret`. For more information, see
// https://tools.ietf.org/html/rfc7292.
// "TYPE_GOOGLE_CREDENTIALS_FILE" - Google Credentials File format.
PrivateKeyType string `json:"privateKeyType,omitempty"`
// PublicKeyData: The public key data. Only provided in
// `GetServiceAccountKey` responses.
PublicKeyData string `json:"publicKeyData,omitempty"`
// ValidAfterTime: The key can be used after this timestamp.
ValidAfterTime string `json:"validAfterTime,omitempty"`
// ValidBeforeTime: The key can be used before this timestamp. For
// system-managed key pairs, this timestamp is the end time for the
// private key signing operation. The public key could still be used for
// verification for a few hours after this time.
ValidBeforeTime string `json:"validBeforeTime,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "KeyAlgorithm") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "KeyAlgorithm") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *ServiceAccountKey) MarshalJSON() ([]byte, error) {
type NoMethod ServiceAccountKey
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// SetIamPolicyRequest: Request message for `SetIamPolicy` method.
type SetIamPolicyRequest struct {
// Policy: REQUIRED: The complete policy to be applied to the
// `resource`. The size of the policy is limited to a few 10s of KB. An
// empty policy is a valid policy but certain Cloud Platform services
// (such as Projects) might reject them.
Policy *Policy `json:"policy,omitempty"`
// UpdateMask: OPTIONAL: A FieldMask specifying which fields of the
// policy to modify. Only the fields in the mask will be modified. If no
// mask is provided, the following default mask is used: `paths:
// "bindings, etag"
UpdateMask string `json:"updateMask,omitempty"`
// ForceSendFields is a list of field names (e.g. "Policy") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Policy") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error) {
type NoMethod SetIamPolicyRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// SignBlobRequest: Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api). The
// service account sign blob request.
type SignBlobRequest struct {
// BytesToSign: Required. Deprecated. [Migrate to Service Account
// Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api). The
// bytes to sign.
BytesToSign string `json:"bytesToSign,omitempty"`
// ForceSendFields is a list of field names (e.g. "BytesToSign") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "BytesToSign") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *SignBlobRequest) MarshalJSON() ([]byte, error) {
type NoMethod SignBlobRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// SignBlobResponse: Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api). The
// service account sign blob response.
type SignBlobResponse struct {
// KeyId: Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api). The
// id of the key used to sign the blob.
KeyId string `json:"keyId,omitempty"`
// Signature: Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api). The
// signed blob.
Signature string `json:"signature,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "KeyId") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "KeyId") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *SignBlobResponse) MarshalJSON() ([]byte, error) {
type NoMethod SignBlobResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// SignJwtRequest: Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api). The
// service account sign JWT request.
type SignJwtRequest struct {
// Payload: Required. Deprecated. [Migrate to Service Account
// Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api). The
// JWT payload to sign. Must be a serialized JSON object that contains a
// JWT Claims Set. For example: `{"sub": "user@example.com", "iat":
// 313435}` If the JWT Claims Set contains an expiration time (`exp`)
// claim, it must be an integer timestamp that is not in the past and no
// more than 1 hour in the future. If the JWT Claims Set does not
// contain an expiration time (`exp`) claim, this claim is added
// automatically, with a timestamp that is 1 hour in the future.
Payload string `json:"payload,omitempty"`
// ForceSendFields is a list of field names (e.g. "Payload") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Payload") to include in
// API requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *SignJwtRequest) MarshalJSON() ([]byte, error) {
type NoMethod SignJwtRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// SignJwtResponse: Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api). The
// service account sign JWT response.
type SignJwtResponse struct {
// KeyId: Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api). The
// id of the key used to sign the JWT.
KeyId string `json:"keyId,omitempty"`
// SignedJwt: Deprecated. [Migrate to Service Account Credentials
// API](https://cloud.google.com/iam/help/credentials/migrate-api). The
// signed JWT.
SignedJwt string `json:"signedJwt,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "KeyId") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "KeyId") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *SignJwtResponse) MarshalJSON() ([]byte, error) {
type NoMethod SignJwtResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// TestIamPermissionsRequest: Request message for `TestIamPermissions`
// method.
type TestIamPermissionsRequest struct {
// Permissions: The set of permissions to check for the `resource`.
// Permissions with wildcards (such as '*' or 'storage.*') are not
// allowed. For more information see [IAM
// Overview](https://cloud.google.com/iam/docs/overview#permissions).
Permissions []string `json:"permissions,omitempty"`
// ForceSendFields is a list of field names (e.g. "Permissions") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Permissions") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error) {
type NoMethod TestIamPermissionsRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// TestIamPermissionsResponse: Response message for `TestIamPermissions`
// method.
type TestIamPermissionsResponse struct {
// Permissions: A subset of `TestPermissionsRequest.permissions` that
// the caller is allowed.
Permissions []string `json:"permissions,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "Permissions") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Permissions") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) {
type NoMethod TestIamPermissionsResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// UndeleteRoleRequest: The request to undelete an existing role.
type UndeleteRoleRequest struct {
// Etag: Used to perform a consistent read-modify-write.
Etag string `json:"etag,omitempty"`
// ForceSendFields is a list of field names (e.g. "Etag") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "Etag") to include in API
// requests with the JSON null value. By default, fields with empty
// values are omitted from API requests. However, any field with an
// empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *UndeleteRoleRequest) MarshalJSON() ([]byte, error) {
type NoMethod UndeleteRoleRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// UndeleteServiceAccountRequest: The service account undelete request.
type UndeleteServiceAccountRequest struct {
}
type UndeleteServiceAccountResponse struct {
// RestoredAccount: Metadata for the restored service account.
RestoredAccount *ServiceAccount `json:"restoredAccount,omitempty"`
// ServerResponse contains the HTTP response code and headers from the
// server.
googleapi.ServerResponse `json:"-"`
// ForceSendFields is a list of field names (e.g. "RestoredAccount") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "RestoredAccount") to
// include in API requests with the JSON null value. By default, fields
// with empty values are omitted from API requests. However, any field
// with an empty value appearing in NullFields will be sent to the
// server as null. It is an error if a field in this list has a
// non-empty value. This may be used to include null fields in Patch
// requests.
NullFields []string `json:"-"`
}
func (s *UndeleteServiceAccountResponse) MarshalJSON() ([]byte, error) {
type NoMethod UndeleteServiceAccountResponse
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// UploadServiceAccountKeyRequest: The service account key upload
// request.
type UploadServiceAccountKeyRequest struct {
// PublicKeyData: A field that allows clients to upload their own public
// key. If set, use this public key data to create a service account key
// for given service account. Please note, the expected format for this
// field is X509_PEM.
PublicKeyData string `json:"publicKeyData,omitempty"`
// ForceSendFields is a list of field names (e.g. "PublicKeyData") to
// unconditionally include in API requests. By default, fields with
// empty values are omitted from API requests. However, any non-pointer,
// non-interface field appearing in ForceSendFields will be sent to the
// server regardless of whether the field is empty or not. This may be
// used to include empty fields in Patch requests.
ForceSendFields []string `json:"-"`
// NullFields is a list of field names (e.g. "PublicKeyData") to include
// in API requests with the JSON null value. By default, fields with
// empty values are omitted from API requests. However, any field with
// an empty value appearing in NullFields will be sent to the server as
// null. It is an error if a field in this list has a non-empty value.
// This may be used to include null fields in Patch requests.
NullFields []string `json:"-"`
}
func (s *UploadServiceAccountKeyRequest) MarshalJSON() ([]byte, error) {
type NoMethod UploadServiceAccountKeyRequest
raw := NoMethod(*s)
return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
}
// method id "iam.iamPolicies.lintPolicy":
type IamPoliciesLintPolicyCall struct {
s *Service
lintpolicyrequest *LintPolicyRequest
urlParams_ gensupport.URLParams
ctx_ context.Context
header_ http.Header
}
// LintPolicy: Lints, or validates, an IAM policy. Currently checks the
// google.iam.v1.Binding.condition field, which contains a condition
// expression for a role binding. Successful calls to this method always
// return an HTTP `200 OK` status code, even if the linter detects an
// issue in the IAM policy.
func (r *IamPoliciesService) LintPolicy(lintpolicyrequest *LintPolicyRequest) *IamPoliciesLintPolicyCall {
c := &IamPoliciesLintPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.lintpolicyrequest = lintpolicyrequest
return c
}
// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
// for more information.
func (c *IamPoliciesLintPolicyCall) Fields(s ...googleapi.Field) *IamPoliciesLintPolicyCall {
c.urlParams_.Set("fields", googleapi.CombineFields(s))
return c
}
// Context sets the context to be used in this call's Do method. Any
// pending HTTP request will be aborted if the provided context is
// canceled.
func (c *IamPoliciesLintPolicyCall) Context(ctx context.Context) *IamPoliciesLintPolicyCall {
c.ctx_ = ctx
return c
}
// Header returns an http.Header that can be modified by the caller to
// add HTTP headers to the request.
func (c *IamPoliciesLintPolicyCall) Header() http.Header {
if c.header_ == nil {
c.header_ = make(http.Header)
}
return c.header_
}
func (c *IamPoliciesLintPolicyCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926")
for k, v := range c.header_ {
reqHeaders[k] = v
}
reqHeaders.Set("User-Agent", c.s.userAgent())
var body io.Reader = nil
body, err := googleapi.WithoutDataWrapper.JSONReader(c.lintpolicyrequest)
if err != nil {
return nil, err
}
reqHeaders.Set("Content-Type", "application/json")
c.urlParams_.Set("alt", alt)
c.urlParams_.Set("prettyPrint", "false")
urls := googleapi.ResolveRelative(c.s.BasePath, "v1/iamPolicies:lintPolicy")
urls += "?" + c.urlParams_.Encode()
req, err := http.NewRequest("POST", urls, body)
if err != nil {
return nil, err
}
req.Header = reqHeaders
return gensupport.SendRequest(c.ctx_, c.s.client, req)
}
// Do executes the "iam.iamPolicies.lintPolicy" call.
// Exactly one of *LintPolicyResponse or error will be non-nil. Any
// non-2xx status code is an error. Response headers are in either
// *LintPolicyResponse.ServerResponse.Header or (if a response was
// returned at all) in error.(*googleapi.Error).Header. Use
// googleapi.IsNotModified to check whether the returned error was
// because http.StatusNotModified was returned.
func (c *IamPoliciesLintPolicyCall) Do(opts ...googleapi.CallOption) (*LintPolicyResponse, error) {
gensupport.SetOptions(c.urlParams_, opts...)
res, err := c.doRequest("json")
if res != nil && res.StatusCode == http.StatusNotModified {
if res.Body != nil {
res.Body.Close()
}
return nil, &googleapi.Error{
Code: res.StatusCode,
Header: res.Header,
}
}
if err != nil {
return nil, err
}
defer googleapi.CloseBody(res)
if err := googleapi.CheckResponse(res); err != nil {
return nil, err
}
ret := &LintPolicyResponse{
ServerResponse: googleapi.ServerResponse{
Header: res.Header,
HTTPStatusCode: res.StatusCode,
},
}
target := &ret
if err := gensupport.DecodeResponse(target, res); err != nil {
return nil, err
}
return ret, nil
// {
// "description": "Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition field, which contains a condition expression for a role binding. Successful calls to this method always return an HTTP `200 OK` status code, even if the linter detects an issue in the IAM policy.",
// "flatPath": "v1/iamPolicies:lintPolicy",
// "httpMethod": "POST",
// "id": "iam.iamPolicies.lintPolicy",
// "parameterOrder": [],
// "parameters": {},
// "path": "v1/iamPolicies:lintPolicy",
// "request": {
// "$ref": "LintPolicyRequest"
// },
// "response": {
// "$ref": "LintPolicyResponse"
// },
// "scopes": [
// "https://www.googleapis.com/auth/cloud-platform"
// ]
// }
}
// method id "iam.iamPolicies.queryAuditableServices":
type IamPoliciesQueryAuditableServicesCall struct {
s *Service
queryauditableservicesrequest *QueryAuditableServicesRequest
urlParams_ gensupport.URLParams
ctx_ context.Context
header_ http.Header
}
// QueryAuditableServices: Returns a list of services that allow you to
// opt into audit logs that are not generated by default. To learn more
// about audit logs, see the [Logging
// documentation](https://cloud.google.com/logging/docs/audit).
func (r *IamPoliciesService) QueryAuditableServices(queryauditableservicesrequest *QueryAuditableServicesRequest) *IamPoliciesQueryAuditableServicesCall {
c := &IamPoliciesQueryAuditableServicesCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.queryauditableservicesrequest = queryauditableservicesrequest
return c
}
// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
// for more information.
func (c *IamPoliciesQueryAuditableServicesCall) Fields(s ...googleapi.Field) *IamPoliciesQueryAuditableServicesCall {
c.urlParams_.Set("fields", googleapi.CombineFields(s))
return c
}
// Context sets the context to be used in this call's Do method. Any
// pending HTTP request will be aborted if the provided context is
// canceled.
func (c *IamPoliciesQueryAuditableServicesCall) Context(ctx context.Context) *IamPoliciesQueryAuditableServicesCall {
c.ctx_ = ctx
return c
}
// Header returns an http.Header that can be modified by the caller to
// add HTTP headers to the request.
func (c *IamPoliciesQueryAuditableServicesCall) Header() http.Header {
if c.header_ == nil {
c.header_ = make(http.Header)
}
return c.header_
}
func (c *IamPoliciesQueryAuditableServicesCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926")
for k, v := range c.header_ {
reqHeaders[k] = v
}
reqHeaders.Set("User-Agent", c.s.userAgent())
var body io.Reader = nil
body, err := googleapi.WithoutDataWrapper.JSONReader(c.queryauditableservicesrequest)
if err != nil {
return nil, err
}
reqHeaders.Set("Content-Type", "application/json")
c.urlParams_.Set("alt", alt)
c.urlParams_.Set("prettyPrint", "false")
urls := googleapi.ResolveRelative(c.s.BasePath, "v1/iamPolicies:queryAuditableServices")
urls += "?" + c.urlParams_.Encode()
req, err := http.NewRequest("POST", urls, body)
if err != nil {
return nil, err
}
req.Header = reqHeaders
return gensupport.SendRequest(c.ctx_, c.s.client, req)
}
// Do executes the "iam.iamPolicies.queryAuditableServices" call.
// Exactly one of *QueryAuditableServicesResponse or error will be
// non-nil. Any non-2xx status code is an error. Response headers are in
// either *QueryAuditableServicesResponse.ServerResponse.Header or (if a
// response was returned at all) in error.(*googleapi.Error).Header. Use
// googleapi.IsNotModified to check whether the returned error was
// because http.StatusNotModified was returned.
func (c *IamPoliciesQueryAuditableServicesCall) Do(opts ...googleapi.CallOption) (*QueryAuditableServicesResponse, error) {
gensupport.SetOptions(c.urlParams_, opts...)
res, err := c.doRequest("json")
if res != nil && res.StatusCode == http.StatusNotModified {
if res.Body != nil {
res.Body.Close()
}
return nil, &googleapi.Error{
Code: res.StatusCode,
Header: res.Header,
}
}
if err != nil {
return nil, err
}
defer googleapi.CloseBody(res)
if err := googleapi.CheckResponse(res); err != nil {
return nil, err
}
ret := &QueryAuditableServicesResponse{
ServerResponse: googleapi.ServerResponse{
Header: res.Header,
HTTPStatusCode: res.StatusCode,
},
}
target := &ret
if err := gensupport.DecodeResponse(target, res); err != nil {
return nil, err
}
return ret, nil
// {
// "description": "Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the [Logging documentation](https://cloud.google.com/logging/docs/audit).",
// "flatPath": "v1/iamPolicies:queryAuditableServices",
// "httpMethod": "POST",
// "id": "iam.iamPolicies.queryAuditableServices",
// "parameterOrder": [],
// "parameters": {},
// "path": "v1/iamPolicies:queryAuditableServices",
// "request": {
// "$ref": "QueryAuditableServicesRequest"
// },
// "response": {
// "$ref": "QueryAuditableServicesResponse"
// },
// "scopes": [
// "https://www.googleapis.com/auth/cloud-platform"
// ]
// }
}
// method id "iam.organizations.roles.create":
type OrganizationsRolesCreateCall struct {
s *Service
parent string
createrolerequest *CreateRoleRequest
urlParams_ gensupport.URLParams
ctx_ context.Context
header_ http.Header
}
// Create: Creates a new custom Role.
func (r *OrganizationsRolesService) Create(parent string, createrolerequest *CreateRoleRequest) *OrganizationsRolesCreateCall {
c := &OrganizationsRolesCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.parent = parent
c.createrolerequest = createrolerequest
return c
}
// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
// for more information.
func (c *OrganizationsRolesCreateCall) Fields(s ...googleapi.Field) *OrganizationsRolesCreateCall {
c.urlParams_.Set("fields", googleapi.CombineFields(s))
return c
}
// Context sets the context to be used in this call's Do method. Any
// pending HTTP request will be aborted if the provided context is
// canceled.
func (c *OrganizationsRolesCreateCall) Context(ctx context.Context) *OrganizationsRolesCreateCall {
c.ctx_ = ctx
return c
}
// Header returns an http.Header that can be modified by the caller to
// add HTTP headers to the request.
func (c *OrganizationsRolesCreateCall) Header() http.Header {
if c.header_ == nil {
c.header_ = make(http.Header)
}
return c.header_
}
func (c *OrganizationsRolesCreateCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926")
for k, v := range c.header_ {
reqHeaders[k] = v
}
reqHeaders.Set("User-Agent", c.s.userAgent())
var body io.Reader = nil
body, err := googleapi.WithoutDataWrapper.JSONReader(c.createrolerequest)
if err != nil {
return nil, err
}
reqHeaders.Set("Content-Type", "application/json")
c.urlParams_.Set("alt", alt)
c.urlParams_.Set("prettyPrint", "false")
urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/roles")
urls += "?" + c.urlParams_.Encode()
req, err := http.NewRequest("POST", urls, body)
if err != nil {
return nil, err
}
req.Header = reqHeaders
googleapi.Expand(req.URL, map[string]string{
"parent": c.parent,
})
return gensupport.SendRequest(c.ctx_, c.s.client, req)
}
// Do executes the "iam.organizations.roles.create" call.
// Exactly one of *Role or error will be non-nil. Any non-2xx status
// code is an error. Response headers are in either
// *Role.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was
// returned.
func (c *OrganizationsRolesCreateCall) Do(opts ...googleapi.CallOption) (*Role, error) {
gensupport.SetOptions(c.urlParams_, opts...)
res, err := c.doRequest("json")
if res != nil && res.StatusCode == http.StatusNotModified {
if res.Body != nil {
res.Body.Close()
}
return nil, &googleapi.Error{
Code: res.StatusCode,
Header: res.Header,
}
}
if err != nil {
return nil, err
}
defer googleapi.CloseBody(res)
if err := googleapi.CheckResponse(res); err != nil {
return nil, err
}
ret := &Role{
ServerResponse: googleapi.ServerResponse{
Header: res.Header,
HTTPStatusCode: res.StatusCode,
},
}
target := &ret
if err := gensupport.DecodeResponse(target, res); err != nil {
return nil, err
}
return ret, nil
// {
// "description": "Creates a new custom Role.",
// "flatPath": "v1/organizations/{organizationsId}/roles",
// "httpMethod": "POST",
// "id": "iam.organizations.roles.create",
// "parameterOrder": [
// "parent"
// ],
// "parameters": {
// "parent": {
// "description": "The `parent` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create): `projects/{PROJECT_ID}`. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/create): `organizations/{ORGANIZATION_ID}`. This method creates organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
// "location": "path",
// "pattern": "^organizations/[^/]+$",
// "required": true,
// "type": "string"
// }
// },
// "path": "v1/{+parent}/roles",
// "request": {
// "$ref": "CreateRoleRequest"
// },
// "response": {
// "$ref": "Role"
// },
// "scopes": [
// "https://www.googleapis.com/auth/cloud-platform"
// ]
// }
}
// method id "iam.organizations.roles.delete":
type OrganizationsRolesDeleteCall struct {
s *Service
name string
urlParams_ gensupport.URLParams
ctx_ context.Context
header_ http.Header
}
// Delete: Deletes a custom Role. When you delete a custom role, the
// following changes occur immediately: * You cannot bind a member to
// the custom role in an IAM Policy. * Existing bindings to the custom
// role are not changed, but they have no effect. * By default, the
// response from ListRoles does not include the custom role. You have 7
// days to undelete the custom role. After 7 days, the following changes
// occur: * The custom role is permanently deleted and cannot be
// recovered. * If an IAM policy contains a binding to the custom role,
// the binding is permanently removed.
func (r *OrganizationsRolesService) Delete(name string) *OrganizationsRolesDeleteCall {
c := &OrganizationsRolesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.name = name
return c
}
// Etag sets the optional parameter "etag": Used to perform a consistent
// read-modify-write.
func (c *OrganizationsRolesDeleteCall) Etag(etag string) *OrganizationsRolesDeleteCall {
c.urlParams_.Set("etag", etag)
return c
}
// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
// for more information.
func (c *OrganizationsRolesDeleteCall) Fields(s ...googleapi.Field) *OrganizationsRolesDeleteCall {
c.urlParams_.Set("fields", googleapi.CombineFields(s))
return c
}
// Context sets the context to be used in this call's Do method. Any
// pending HTTP request will be aborted if the provided context is
// canceled.
func (c *OrganizationsRolesDeleteCall) Context(ctx context.Context) *OrganizationsRolesDeleteCall {
c.ctx_ = ctx
return c
}
// Header returns an http.Header that can be modified by the caller to
// add HTTP headers to the request.
func (c *OrganizationsRolesDeleteCall) Header() http.Header {
if c.header_ == nil {
c.header_ = make(http.Header)
}
return c.header_
}
func (c *OrganizationsRolesDeleteCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926")
for k, v := range c.header_ {
reqHeaders[k] = v
}
reqHeaders.Set("User-Agent", c.s.userAgent())
var body io.Reader = nil
c.urlParams_.Set("alt", alt)
c.urlParams_.Set("prettyPrint", "false")
urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
urls += "?" + c.urlParams_.Encode()
req, err := http.NewRequest("DELETE", urls, body)
if err != nil {
return nil, err
}
req.Header = reqHeaders
googleapi.Expand(req.URL, map[string]string{
"name": c.name,
})
return gensupport.SendRequest(c.ctx_, c.s.client, req)
}
// Do executes the "iam.organizations.roles.delete" call.
// Exactly one of *Role or error will be non-nil. Any non-2xx status
// code is an error. Response headers are in either
// *Role.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was
// returned.
func (c *OrganizationsRolesDeleteCall) Do(opts ...googleapi.CallOption) (*Role, error) {
gensupport.SetOptions(c.urlParams_, opts...)
res, err := c.doRequest("json")
if res != nil && res.StatusCode == http.StatusNotModified {
if res.Body != nil {
res.Body.Close()
}
return nil, &googleapi.Error{
Code: res.StatusCode,
Header: res.Header,
}
}
if err != nil {
return nil, err
}
defer googleapi.CloseBody(res)
if err := googleapi.CheckResponse(res); err != nil {
return nil, err
}
ret := &Role{
ServerResponse: googleapi.ServerResponse{
Header: res.Header,
HTTPStatusCode: res.StatusCode,
},
}
target := &ret
if err := gensupport.DecodeResponse(target, res); err != nil {
return nil, err
}
return ret, nil
// {
// "description": "Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a member to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.",
// "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}",
// "httpMethod": "DELETE",
// "id": "iam.organizations.roles.delete",
// "parameterOrder": [
// "name"
// ],
// "parameters": {
// "etag": {
// "description": "Used to perform a consistent read-modify-write.",
// "format": "byte",
// "location": "query",
// "type": "string"
// },
// "name": {
// "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/delete): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
// "location": "path",
// "pattern": "^organizations/[^/]+/roles/[^/]+$",
// "required": true,
// "type": "string"
// }
// },
// "path": "v1/{+name}",
// "response": {
// "$ref": "Role"
// },
// "scopes": [
// "https://www.googleapis.com/auth/cloud-platform"
// ]
// }
}
// method id "iam.organizations.roles.get":
type OrganizationsRolesGetCall struct {
s *Service
name string
urlParams_ gensupport.URLParams
ifNoneMatch_ string
ctx_ context.Context
header_ http.Header
}
// Get: Gets the definition of a Role.
func (r *OrganizationsRolesService) Get(name string) *OrganizationsRolesGetCall {
c := &OrganizationsRolesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.name = name
return c
}
// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
// for more information.
func (c *OrganizationsRolesGetCall) Fields(s ...googleapi.Field) *OrganizationsRolesGetCall {
c.urlParams_.Set("fields", googleapi.CombineFields(s))
return c
}
// IfNoneMatch sets the optional parameter which makes the operation
// fail if the object's ETag matches the given value. This is useful for
// getting updates only after the object has changed since the last
// request. Use googleapi.IsNotModified to check whether the response
// error from Do is the result of In-None-Match.
func (c *OrganizationsRolesGetCall) IfNoneMatch(entityTag string) *OrganizationsRolesGetCall {
c.ifNoneMatch_ = entityTag
return c
}
// Context sets the context to be used in this call's Do method. Any
// pending HTTP request will be aborted if the provided context is
// canceled.
func (c *OrganizationsRolesGetCall) Context(ctx context.Context) *OrganizationsRolesGetCall {
c.ctx_ = ctx
return c
}
// Header returns an http.Header that can be modified by the caller to
// add HTTP headers to the request.
func (c *OrganizationsRolesGetCall) Header() http.Header {
if c.header_ == nil {
c.header_ = make(http.Header)
}
return c.header_
}
func (c *OrganizationsRolesGetCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926")
for k, v := range c.header_ {
reqHeaders[k] = v
}
reqHeaders.Set("User-Agent", c.s.userAgent())
if c.ifNoneMatch_ != "" {
reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
}
var body io.Reader = nil
c.urlParams_.Set("alt", alt)
c.urlParams_.Set("prettyPrint", "false")
urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
urls += "?" + c.urlParams_.Encode()
req, err := http.NewRequest("GET", urls, body)
if err != nil {
return nil, err
}
req.Header = reqHeaders
googleapi.Expand(req.URL, map[string]string{
"name": c.name,
})
return gensupport.SendRequest(c.ctx_, c.s.client, req)
}
// Do executes the "iam.organizations.roles.get" call.
// Exactly one of *Role or error will be non-nil. Any non-2xx status
// code is an error. Response headers are in either
// *Role.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was
// returned.
func (c *OrganizationsRolesGetCall) Do(opts ...googleapi.CallOption) (*Role, error) {
gensupport.SetOptions(c.urlParams_, opts...)
res, err := c.doRequest("json")
if res != nil && res.StatusCode == http.StatusNotModified {
if res.Body != nil {
res.Body.Close()
}
return nil, &googleapi.Error{
Code: res.StatusCode,
Header: res.Header,
}
}
if err != nil {
return nil, err
}
defer googleapi.CloseBody(res)
if err := googleapi.CheckResponse(res); err != nil {
return nil, err
}
ret := &Role{
ServerResponse: googleapi.ServerResponse{
Header: res.Header,
HTTPStatusCode: res.StatusCode,
},
}
target := &ret
if err := gensupport.DecodeResponse(target, res); err != nil {
return nil, err
}
return ret, nil
// {
// "description": "Gets the definition of a Role.",
// "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}",
// "httpMethod": "GET",
// "id": "iam.organizations.roles.get",
// "parameterOrder": [
// "name"
// ],
// "parameters": {
// "name": {
// "description": "The `name` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`. This method returns results from all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
// "location": "path",
// "pattern": "^organizations/[^/]+/roles/[^/]+$",
// "required": true,
// "type": "string"
// }
// },
// "path": "v1/{+name}",
// "response": {
// "$ref": "Role"
// },
// "scopes": [
// "https://www.googleapis.com/auth/cloud-platform"
// ]
// }
}
// method id "iam.organizations.roles.list":
type OrganizationsRolesListCall struct {
s *Service
parent string
urlParams_ gensupport.URLParams
ifNoneMatch_ string
ctx_ context.Context
header_ http.Header
}
// List: Lists every predefined Role that IAM supports, or every custom
// role that is defined for an organization or project.
func (r *OrganizationsRolesService) List(parent string) *OrganizationsRolesListCall {
c := &OrganizationsRolesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.parent = parent
return c
}
// PageSize sets the optional parameter "pageSize": Optional limit on
// the number of roles to include in the response. The default is 300,
// and the maximum is 1,000.
func (c *OrganizationsRolesListCall) PageSize(pageSize int64) *OrganizationsRolesListCall {
c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
return c
}
// PageToken sets the optional parameter "pageToken": Optional
// pagination token returned in an earlier ListRolesResponse.
func (c *OrganizationsRolesListCall) PageToken(pageToken string) *OrganizationsRolesListCall {
c.urlParams_.Set("pageToken", pageToken)
return c
}
// ShowDeleted sets the optional parameter "showDeleted": Include Roles
// that have been deleted.
func (c *OrganizationsRolesListCall) ShowDeleted(showDeleted bool) *OrganizationsRolesListCall {
c.urlParams_.Set("showDeleted", fmt.Sprint(showDeleted))
return c
}
// View sets the optional parameter "view": Optional view for the
// returned Role objects. When `FULL` is specified, the
// `includedPermissions` field is returned, which includes a list of all
// permissions in the role. The default value is `BASIC`, which does not
// return the `includedPermissions` field.
//
// Possible values:
// "BASIC" - Omits the `included_permissions` field. This is the
// default value.
// "FULL" - Returns all fields.
func (c *OrganizationsRolesListCall) View(view string) *OrganizationsRolesListCall {
c.urlParams_.Set("view", view)
return c
}
// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
// for more information.
func (c *OrganizationsRolesListCall) Fields(s ...googleapi.Field) *OrganizationsRolesListCall {
c.urlParams_.Set("fields", googleapi.CombineFields(s))
return c
}
// IfNoneMatch sets the optional parameter which makes the operation
// fail if the object's ETag matches the given value. This is useful for
// getting updates only after the object has changed since the last
// request. Use googleapi.IsNotModified to check whether the response
// error from Do is the result of In-None-Match.
func (c *OrganizationsRolesListCall) IfNoneMatch(entityTag string) *OrganizationsRolesListCall {
c.ifNoneMatch_ = entityTag
return c
}
// Context sets the context to be used in this call's Do method. Any
// pending HTTP request will be aborted if the provided context is
// canceled.
func (c *OrganizationsRolesListCall) Context(ctx context.Context) *OrganizationsRolesListCall {
c.ctx_ = ctx
return c
}
// Header returns an http.Header that can be modified by the caller to
// add HTTP headers to the request.
func (c *OrganizationsRolesListCall) Header() http.Header {
if c.header_ == nil {
c.header_ = make(http.Header)
}
return c.header_
}
func (c *OrganizationsRolesListCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926")
for k, v := range c.header_ {
reqHeaders[k] = v
}
reqHeaders.Set("User-Agent", c.s.userAgent())
if c.ifNoneMatch_ != "" {
reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
}
var body io.Reader = nil
c.urlParams_.Set("alt", alt)
c.urlParams_.Set("prettyPrint", "false")
urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/roles")
urls += "?" + c.urlParams_.Encode()
req, err := http.NewRequest("GET", urls, body)
if err != nil {
return nil, err
}
req.Header = reqHeaders
googleapi.Expand(req.URL, map[string]string{
"parent": c.parent,
})
return gensupport.SendRequest(c.ctx_, c.s.client, req)
}
// Do executes the "iam.organizations.roles.list" call.
// Exactly one of *ListRolesResponse or error will be non-nil. Any
// non-2xx status code is an error. Response headers are in either
// *ListRolesResponse.ServerResponse.Header or (if a response was
// returned at all) in error.(*googleapi.Error).Header. Use
// googleapi.IsNotModified to check whether the returned error was
// because http.StatusNotModified was returned.
func (c *OrganizationsRolesListCall) Do(opts ...googleapi.CallOption) (*ListRolesResponse, error) {
gensupport.SetOptions(c.urlParams_, opts...)
res, err := c.doRequest("json")
if res != nil && res.StatusCode == http.StatusNotModified {
if res.Body != nil {
res.Body.Close()
}
return nil, &googleapi.Error{
Code: res.StatusCode,
Header: res.Header,
}
}
if err != nil {
return nil, err
}
defer googleapi.CloseBody(res)
if err := googleapi.CheckResponse(res); err != nil {
return nil, err
}
ret := &ListRolesResponse{
ServerResponse: googleapi.ServerResponse{
Header: res.Header,
HTTPStatusCode: res.StatusCode,
},
}
target := &ret
if err := gensupport.DecodeResponse(target, res); err != nil {
return nil, err
}
return ret, nil
// {
// "description": "Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.",
// "flatPath": "v1/organizations/{organizationsId}/roles",
// "httpMethod": "GET",
// "id": "iam.organizations.roles.list",
// "parameterOrder": [
// "parent"
// ],
// "parameters": {
// "pageSize": {
// "description": "Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.",
// "format": "int32",
// "location": "query",
// "type": "integer"
// },
// "pageToken": {
// "description": "Optional pagination token returned in an earlier ListRolesResponse.",
// "location": "query",
// "type": "string"
// },
// "parent": {
// "description": "The `parent` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. This method doesn't require a resource; it simply returns all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list): `projects/{PROJECT_ID}`. This method lists all project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list): `organizations/{ORGANIZATION_ID}`. This method lists all organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
// "location": "path",
// "pattern": "^organizations/[^/]+$",
// "required": true,
// "type": "string"
// },
// "showDeleted": {
// "description": "Include Roles that have been deleted.",
// "location": "query",
// "type": "boolean"
// },
// "view": {
// "description": "Optional view for the returned Role objects. When `FULL` is specified, the `includedPermissions` field is returned, which includes a list of all permissions in the role. The default value is `BASIC`, which does not return the `includedPermissions` field.",
// "enum": [
// "BASIC",
// "FULL"
// ],
// "enumDescriptions": [
// "Omits the `included_permissions` field. This is the default value.",
// "Returns all fields."
// ],
// "location": "query",
// "type": "string"
// }
// },
// "path": "v1/{+parent}/roles",
// "response": {
// "$ref": "ListRolesResponse"
// },
// "scopes": [
// "https://www.googleapis.com/auth/cloud-platform"
// ]
// }
}
// Pages invokes f for each page of results.
// A non-nil error returned from f will halt the iteration.
// The provided context supersedes any context provided to the Context method.
func (c *OrganizationsRolesListCall) Pages(ctx context.Context, f func(*ListRolesResponse) error) error {
c.ctx_ = ctx
defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
for {
x, err := c.Do()
if err != nil {
return err
}
if err := f(x); err != nil {
return err
}
if x.NextPageToken == "" {
return nil
}
c.PageToken(x.NextPageToken)
}
}
// method id "iam.organizations.roles.patch":
type OrganizationsRolesPatchCall struct {
s *Service
name string
role *Role
urlParams_ gensupport.URLParams
ctx_ context.Context
header_ http.Header
}
// Patch: Updates the definition of a custom Role.
func (r *OrganizationsRolesService) Patch(name string, role *Role) *OrganizationsRolesPatchCall {
c := &OrganizationsRolesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.name = name
c.role = role
return c
}
// UpdateMask sets the optional parameter "updateMask": A mask
// describing which fields in the Role have changed.
func (c *OrganizationsRolesPatchCall) UpdateMask(updateMask string) *OrganizationsRolesPatchCall {
c.urlParams_.Set("updateMask", updateMask)
return c
}
// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
// for more information.
func (c *OrganizationsRolesPatchCall) Fields(s ...googleapi.Field) *OrganizationsRolesPatchCall {
c.urlParams_.Set("fields", googleapi.CombineFields(s))
return c
}
// Context sets the context to be used in this call's Do method. Any
// pending HTTP request will be aborted if the provided context is
// canceled.
func (c *OrganizationsRolesPatchCall) Context(ctx context.Context) *OrganizationsRolesPatchCall {
c.ctx_ = ctx
return c
}
// Header returns an http.Header that can be modified by the caller to
// add HTTP headers to the request.
func (c *OrganizationsRolesPatchCall) Header() http.Header {
if c.header_ == nil {
c.header_ = make(http.Header)
}
return c.header_
}
func (c *OrganizationsRolesPatchCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926")
for k, v := range c.header_ {
reqHeaders[k] = v
}
reqHeaders.Set("User-Agent", c.s.userAgent())
var body io.Reader = nil
body, err := googleapi.WithoutDataWrapper.JSONReader(c.role)
if err != nil {
return nil, err
}
reqHeaders.Set("Content-Type", "application/json")
c.urlParams_.Set("alt", alt)
c.urlParams_.Set("prettyPrint", "false")
urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
urls += "?" + c.urlParams_.Encode()
req, err := http.NewRequest("PATCH", urls, body)
if err != nil {
return nil, err
}
req.Header = reqHeaders
googleapi.Expand(req.URL, map[string]string{
"name": c.name,
})
return gensupport.SendRequest(c.ctx_, c.s.client, req)
}
// Do executes the "iam.organizations.roles.patch" call.
// Exactly one of *Role or error will be non-nil. Any non-2xx status
// code is an error. Response headers are in either
// *Role.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was
// returned.
func (c *OrganizationsRolesPatchCall) Do(opts ...googleapi.CallOption) (*Role, error) {
gensupport.SetOptions(c.urlParams_, opts...)
res, err := c.doRequest("json")
if res != nil && res.StatusCode == http.StatusNotModified {
if res.Body != nil {
res.Body.Close()
}
return nil, &googleapi.Error{
Code: res.StatusCode,
Header: res.Header,
}
}
if err != nil {
return nil, err
}
defer googleapi.CloseBody(res)
if err := googleapi.CheckResponse(res); err != nil {
return nil, err
}
ret := &Role{
ServerResponse: googleapi.ServerResponse{
Header: res.Header,
HTTPStatusCode: res.StatusCode,
},
}
target := &ret
if err := gensupport.DecodeResponse(target, res); err != nil {
return nil, err
}
return ret, nil
// {
// "description": "Updates the definition of a custom Role.",
// "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}",
// "httpMethod": "PATCH",
// "id": "iam.organizations.roles.patch",
// "parameterOrder": [
// "name"
// ],
// "parameters": {
// "name": {
// "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
// "location": "path",
// "pattern": "^organizations/[^/]+/roles/[^/]+$",
// "required": true,
// "type": "string"
// },
// "updateMask": {
// "description": "A mask describing which fields in the Role have changed.",
// "format": "google-fieldmask",
// "location": "query",
// "type": "string"
// }
// },
// "path": "v1/{+name}",
// "request": {
// "$ref": "Role"
// },
// "response": {
// "$ref": "Role"
// },
// "scopes": [
// "https://www.googleapis.com/auth/cloud-platform"
// ]
// }
}
// method id "iam.organizations.roles.undelete":
type OrganizationsRolesUndeleteCall struct {
s *Service
name string
undeleterolerequest *UndeleteRoleRequest
urlParams_ gensupport.URLParams
ctx_ context.Context
header_ http.Header
}
// Undelete: Undeletes a custom Role.
func (r *OrganizationsRolesService) Undelete(name string, undeleterolerequest *UndeleteRoleRequest) *OrganizationsRolesUndeleteCall {
c := &OrganizationsRolesUndeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.name = name
c.undeleterolerequest = undeleterolerequest
return c
}
// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
// for more information.
func (c *OrganizationsRolesUndeleteCall) Fields(s ...googleapi.Field) *OrganizationsRolesUndeleteCall {
c.urlParams_.Set("fields", googleapi.CombineFields(s))
return c
}
// Context sets the context to be used in this call's Do method. Any
// pending HTTP request will be aborted if the provided context is
// canceled.
func (c *OrganizationsRolesUndeleteCall) Context(ctx context.Context) *OrganizationsRolesUndeleteCall {
c.ctx_ = ctx
return c
}
// Header returns an http.Header that can be modified by the caller to
// add HTTP headers to the request.
func (c *OrganizationsRolesUndeleteCall) Header() http.Header {
if c.header_ == nil {
c.header_ = make(http.Header)
}
return c.header_
}
func (c *OrganizationsRolesUndeleteCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926")
for k, v := range c.header_ {
reqHeaders[k] = v
}
reqHeaders.Set("User-Agent", c.s.userAgent())
var body io.Reader = nil
body, err := googleapi.WithoutDataWrapper.JSONReader(c.undeleterolerequest)
if err != nil {
return nil, err
}
reqHeaders.Set("Content-Type", "application/json")
c.urlParams_.Set("alt", alt)
c.urlParams_.Set("prettyPrint", "false")
urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:undelete")
urls += "?" + c.urlParams_.Encode()
req, err := http.NewRequest("POST", urls, body)
if err != nil {
return nil, err
}
req.Header = reqHeaders
googleapi.Expand(req.URL, map[string]string{
"name": c.name,
})
return gensupport.SendRequest(c.ctx_, c.s.client, req)
}
// Do executes the "iam.organizations.roles.undelete" call.
// Exactly one of *Role or error will be non-nil. Any non-2xx status
// code is an error. Response headers are in either
// *Role.ServerResponse.Header or (if a response was returned at all) in
// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
// whether the returned error was because http.StatusNotModified was
// returned.
func (c *OrganizationsRolesUndeleteCall) Do(opts ...googleapi.CallOption) (*Role, error) {
gensupport.SetOptions(c.urlParams_, opts...)
res, err := c.doRequest("json")
if res != nil && res.StatusCode == http.StatusNotModified {
if res.Body != nil {
res.Body.Close()
}
return nil, &googleapi.Error{
Code: res.StatusCode,
Header: res.Header,
}
}
if err != nil {
return nil, err
}
defer googleapi.CloseBody(res)
if err := googleapi.CheckResponse(res); err != nil {
return nil, err
}
ret := &Role{
ServerResponse: googleapi.ServerResponse{
Header: res.Header,
HTTPStatusCode: res.StatusCode,
},
}
target := &ret
if err := gensupport.DecodeResponse(target, res); err != nil {
return nil, err
}
return ret, nil
// {
// "description": "Undeletes a custom Role.",
// "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}:undelete",
// "httpMethod": "POST",
// "id": "iam.organizations.roles.undelete",
// "parameterOrder": [
// "name"
// ],
// "parameters": {
// "name": {
// "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations.roles/undelete): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
// "location": "path",
// "pattern": "^organizations/[^/]+/roles/[^/]+$",
// "required": true,
// "type": "string"
// }
// },
// "path": "v1/{+name}:undelete",
// "request": {
// "$ref": "UndeleteRoleRequest"
// },
// "response": {
// "$ref": "Role"
// },
// "scopes": [
// "https://www.googleapis.com/auth/cloud-platform"
// ]
// }
}
// method id "iam.permissions.queryTestablePermissions":
type PermissionsQueryTestablePermissionsCall struct {
s *Service
querytestablepermissionsrequest *QueryTestablePermissionsRequest
urlParams_ gensupport.URLParams
ctx_ context.Context
header_ http.Header
}
// QueryTestablePermissions: Lists every permission that you can test on
// a resource. A permission is testable if you can check whether a
// member has that permission on the resource.
func (r *PermissionsService) QueryTestablePermissions(querytestablepermissionsrequest *QueryTestablePermissionsRequest) *PermissionsQueryTestablePermissionsCall {
c := &PermissionsQueryTestablePermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.querytestablepermissionsrequest = querytestablepermissionsrequest
return c
}
// Fields allows partial responses to be retrieved. See
// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
// for more information.
func (c *PermissionsQueryTestablePermissionsCall) Fields(s ...googleapi.Field) *PermissionsQueryTestablePermissionsCall {
c.urlParams_.Set("fields", googleapi.CombineFields(s))
return c
}
// Context sets the context to be used in this call's Do method. Any
// pending HTTP request will be aborted if the provided context is
// canceled.
func (c *PermissionsQueryTestablePermissionsCall) Context(ctx context.Context) *PermissionsQueryTestablePermissionsCall {
c.ctx_ = ctx
return c
}
// Header returns an http.Header that can be modified by the caller to
// add HTTP headers to the request.
func (c *PermissionsQueryTestablePermissionsCall) Header() http.Header {
if c.header_ == nil {
c.header_ = make(http.Header)
}
return c.header_
}
func (c *PermissionsQueryTestablePermissionsCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20200926")
for k, v := range c.header_ {
reqHeaders[k] = v
}
reqHeaders.Set("User-Agent", c.s.userAgent())
var body io.Reader = nil
body, err := googleapi.WithoutDataWrapper.JSONReader(c.querytestablepermissionsrequest)
if err != nil {
return nil, err
}
reqHeaders.Set("Content-Type", "application/json")
c.urlParams_.Set("alt", alt)
c.urlParams_.Set("prettyPrint", "false")
urls := googleapi.ResolveRelative(c.s.BasePath, "v1/permissions:queryTestablePermissions")
urls += "?" + c.urlParams_.Encode()
req, err := http.NewRequest("POST", urls, body)
if err != nil {
return nil, err
}
req.Header = reqHeaders
return gensupport.SendRequest(c.ctx_, c.s.client, req)
}
// Do executes the "iam.permissions.queryTestablePermissions" call.
// Exactly one of *QueryTestablePermissionsResponse or error will be
// non-nil. Any non-2xx status code is an error. Response headers are in
// either *QueryTestablePermissionsResponse.ServerResponse.Header or (if
// a response was returned at all) in error.(*googleapi.Error).Header.
// Use googleapi.IsNotModified to check whether the returned error was
// because http.StatusNotModified was returned.
func (c *PermissionsQueryTestablePermissionsCall) Do(opts ...googleapi.CallOption) (*QueryTestablePermissionsResponse, error) {
gensupport.SetOptions(c.urlParams_, opts...)
res, err := c.doRequest("json")
if res != nil && res.StatusCode == http.StatusNotModified {
if res.Body != nil {
res.Body.Close()
}
return nil, &googleapi.Error{
Code: res.StatusCode,
Header: res.Header,
}
}
if err != nil {
return nil, err
}
defer googleapi.CloseBody(res)
if err := googleapi.CheckResponse(res); err != nil {
return nil, err
}
ret := &QueryTestablePermissionsResponse{
ServerResponse: googleapi.ServerResponse{
Header: res.Header,
HTTPStatusCode: res.StatusCode,
},
}
target := &ret
if err := gensupport.DecodeResponse(target, res); err != nil {
return nil, err
}
return ret, nil
// {
// "description": "Lists every permission that you can test on a resource. A permission is testable if you can check whether a member has that permission on the resource.",
// "flatPath": "v1/permissions:queryTestablePermissions",
// "httpMethod": "POST",
// "id": "iam.permissions.queryTestablePermissions",
// "parameterOrder": [],
// "parameters": {},
// "path": "v1/permissions:queryTestablePermissions",
// "request": {
// "$ref": "QueryTestablePermissionsRequest"
// },
// "response": {
// "$ref": "QueryTestablePermissionsResponse"
// },
// "scopes": [
// "https://www.googleapis.com/auth/cloud-platform"
// ]
// }