1 // Copyright 2024 Google LLC. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Code generated file. DO NOT EDIT. 6 7 // Package binaryauthorization provides access to the Binary Authorization API. 8 // 9 // For product documentation, see: https://cloud.google.com/binary-authorization/ 10 // 11 // # Library status 12 // 13 // These client libraries are officially supported by Google. However, this 14 // library is considered complete and is in maintenance mode. This means 15 // that we will address critical bugs and security issues but will not add 16 // any new features. 17 // 18 // When possible, we recommend using our newer 19 // [Cloud Client Libraries for Go](https://pkg.go.dev/cloud.google.com/go) 20 // that are still actively being worked and iterated on. 21 // 22 // # Creating a client 23 // 24 // Usage example: 25 // 26 // import "google.golang.org/api/binaryauthorization/v1beta1" 27 // ... 28 // ctx := context.Background() 29 // binaryauthorizationService, err := binaryauthorization.NewService(ctx) 30 // 31 // In this example, Google Application Default Credentials are used for 32 // authentication. For information on how to create and obtain Application 33 // Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. 34 // 35 // # Other authentication options 36 // 37 // To use an API key for authentication (note: some APIs do not support API 38 // keys), use [google.golang.org/api/option.WithAPIKey]: 39 // 40 // binaryauthorizationService, err := binaryauthorization.NewService(ctx, option.WithAPIKey("AIza...")) 41 // 42 // To use an OAuth token (e.g., a user token obtained via a three-legged OAuth 43 // flow, use [google.golang.org/api/option.WithTokenSource]: 44 // 45 // config := &oauth2.Config{...} 46 // // ... 47 // token, err := config.Exchange(ctx, ...) 48 // binaryauthorizationService, err := binaryauthorization.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) 49 // 50 // See [google.golang.org/api/option.ClientOption] for details on options. 51 package binaryauthorization // import "google.golang.org/api/binaryauthorization/v1beta1" 52 53 import ( 54 "bytes" 55 "context" 56 "encoding/json" 57 "errors" 58 "fmt" 59 "io" 60 "net/http" 61 "net/url" 62 "strconv" 63 "strings" 64 65 googleapi "google.golang.org/api/googleapi" 66 internal "google.golang.org/api/internal" 67 gensupport "google.golang.org/api/internal/gensupport" 68 option "google.golang.org/api/option" 69 internaloption "google.golang.org/api/option/internaloption" 70 htransport "google.golang.org/api/transport/http" 71 ) 72 73 // Always reference these packages, just in case the auto-generated code 74 // below doesn't. 75 var _ = bytes.NewBuffer 76 var _ = strconv.Itoa 77 var _ = fmt.Sprintf 78 var _ = json.NewDecoder 79 var _ = io.Copy 80 var _ = url.Parse 81 var _ = gensupport.MarshalJSON 82 var _ = googleapi.Version 83 var _ = errors.New 84 var _ = strings.Replace 85 var _ = context.Canceled 86 var _ = internaloption.WithDefaultEndpoint 87 var _ = internal.Version 88 89 const apiId = "binaryauthorization:v1beta1" 90 const apiName = "binaryauthorization" 91 const apiVersion = "v1beta1" 92 const basePath = "https://binaryauthorization.googleapis.com/" 93 const basePathTemplate = "https://binaryauthorization.UNIVERSE_DOMAIN/" 94 const mtlsBasePath = "https://binaryauthorization.mtls.googleapis.com/" 95 96 // OAuth2 scopes used by this API. 97 const ( 98 // See, edit, configure, and delete your Google Cloud data and see the email 99 // address for your Google Account. 100 CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" 101 ) 102 103 // NewService creates a new Service. 104 func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { 105 scopesOption := internaloption.WithDefaultScopes( 106 "https://www.googleapis.com/auth/cloud-platform", 107 ) 108 // NOTE: prepend, so we don't override user-specified scopes. 109 opts = append([]option.ClientOption{scopesOption}, opts...) 110 opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) 111 opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate)) 112 opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) 113 opts = append(opts, internaloption.EnableNewAuthLibrary()) 114 client, endpoint, err := htransport.NewClient(ctx, opts...) 115 if err != nil { 116 return nil, err 117 } 118 s, err := New(client) 119 if err != nil { 120 return nil, err 121 } 122 if endpoint != "" { 123 s.BasePath = endpoint 124 } 125 return s, nil 126 } 127 128 // New creates a new Service. It uses the provided http.Client for requests. 129 // 130 // Deprecated: please use NewService instead. 131 // To provide a custom HTTP client, use option.WithHTTPClient. 132 // If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. 133 func New(client *http.Client) (*Service, error) { 134 if client == nil { 135 return nil, errors.New("client is nil") 136 } 137 s := &Service{client: client, BasePath: basePath} 138 s.Projects = NewProjectsService(s) 139 s.Systempolicy = NewSystempolicyService(s) 140 return s, nil 141 } 142 143 type Service struct { 144 client *http.Client 145 BasePath string // API endpoint base URL 146 UserAgent string // optional additional User-Agent fragment 147 148 Projects *ProjectsService 149 150 Systempolicy *SystempolicyService 151 } 152 153 func (s *Service) userAgent() string { 154 if s.UserAgent == "" { 155 return googleapi.UserAgent 156 } 157 return googleapi.UserAgent + " " + s.UserAgent 158 } 159 160 func NewProjectsService(s *Service) *ProjectsService { 161 rs := &ProjectsService{s: s} 162 rs.Attestors = NewProjectsAttestorsService(s) 163 rs.Policy = NewProjectsPolicyService(s) 164 return rs 165 } 166 167 type ProjectsService struct { 168 s *Service 169 170 Attestors *ProjectsAttestorsService 171 172 Policy *ProjectsPolicyService 173 } 174 175 func NewProjectsAttestorsService(s *Service) *ProjectsAttestorsService { 176 rs := &ProjectsAttestorsService{s: s} 177 return rs 178 } 179 180 type ProjectsAttestorsService struct { 181 s *Service 182 } 183 184 func NewProjectsPolicyService(s *Service) *ProjectsPolicyService { 185 rs := &ProjectsPolicyService{s: s} 186 return rs 187 } 188 189 type ProjectsPolicyService struct { 190 s *Service 191 } 192 193 func NewSystempolicyService(s *Service) *SystempolicyService { 194 rs := &SystempolicyService{s: s} 195 return rs 196 } 197 198 type SystempolicyService struct { 199 s *Service 200 } 201 202 // AdmissionRule: An admission rule specifies either that all container images 203 // used in a pod creation request must be attested to by one or more attestors, 204 // that all pod creations will be allowed, or that all pod creations will be 205 // denied. Images matching an admission allowlist pattern are exempted from 206 // admission rules and will never block a pod creation. 207 type AdmissionRule struct { 208 // EnforcementMode: Required. The action when a pod creation is denied by the 209 // admission rule. 210 // 211 // Possible values: 212 // "ENFORCEMENT_MODE_UNSPECIFIED" - Do not use. 213 // "ENFORCED_BLOCK_AND_AUDIT_LOG" - Enforce the admission rule by blocking 214 // the pod creation. 215 // "DRYRUN_AUDIT_LOG_ONLY" - Dryrun mode: Audit logging only. This will allow 216 // the pod creation as if the admission request had specified break-glass. 217 EnforcementMode string `json:"enforcementMode,omitempty"` 218 // EvaluationMode: Required. How this admission rule will be evaluated. 219 // 220 // Possible values: 221 // "EVALUATION_MODE_UNSPECIFIED" - Do not use. 222 // "ALWAYS_ALLOW" - This rule allows all all pod creations. 223 // "REQUIRE_ATTESTATION" - This rule allows a pod creation if all the 224 // attestors listed in `require_attestations_by` have valid attestations for 225 // all of the images in the pod spec. 226 // "ALWAYS_DENY" - This rule denies all pod creations. 227 EvaluationMode string `json:"evaluationMode,omitempty"` 228 // RequireAttestationsBy: Optional. The resource names of the attestors that 229 // must attest to a container image, in the format `projects/*/attestors/*`. 230 // Each attestor must exist before a policy can reference it. To add an 231 // attestor to a policy the principal issuing the policy change request must be 232 // able to read the attestor resource. Note: this field must be non-empty when 233 // the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must 234 // be empty. 235 RequireAttestationsBy []string `json:"requireAttestationsBy,omitempty"` 236 // ForceSendFields is a list of field names (e.g. "EnforcementMode") to 237 // unconditionally include in API requests. By default, fields with empty or 238 // default values are omitted from API requests. See 239 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 240 // details. 241 ForceSendFields []string `json:"-"` 242 // NullFields is a list of field names (e.g. "EnforcementMode") to include in 243 // API requests with the JSON null value. By default, fields with empty values 244 // are omitted from API requests. See 245 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 246 NullFields []string `json:"-"` 247 } 248 249 func (s *AdmissionRule) MarshalJSON() ([]byte, error) { 250 type NoMethod AdmissionRule 251 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 252 } 253 254 // AdmissionWhitelistPattern: An admission allowlist pattern exempts images 255 // from checks by admission rules. 256 type AdmissionWhitelistPattern struct { 257 // NamePattern: An image name pattern to allowlist, in the form 258 // `registry/path/to/image`. This supports a trailing `*` as a wildcard, but 259 // this is allowed only in text after the `registry/` part. `*` wildcard does 260 // not match `/`, i.e., `gcr.io/nginx*` matches `gcr.io/nginx@latest`, but it 261 // does not match `gcr.io/nginx/image`. This also supports a trailing `**` 262 // wildcard which matches subdirectories, i.e., `gcr.io/nginx**` matches 263 // `gcr.io/nginx/image`. 264 NamePattern string `json:"namePattern,omitempty"` 265 // ForceSendFields is a list of field names (e.g. "NamePattern") to 266 // unconditionally include in API requests. By default, fields with empty or 267 // default values are omitted from API requests. See 268 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 269 // details. 270 ForceSendFields []string `json:"-"` 271 // NullFields is a list of field names (e.g. "NamePattern") to include in API 272 // requests with the JSON null value. By default, fields with empty values are 273 // omitted from API requests. See 274 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 275 NullFields []string `json:"-"` 276 } 277 278 func (s *AdmissionWhitelistPattern) MarshalJSON() ([]byte, error) { 279 type NoMethod AdmissionWhitelistPattern 280 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 281 } 282 283 // AttestationOccurrence: Occurrence that represents a single "attestation". 284 // The authenticity of an attestation can be verified using the attached 285 // signature. If the verifier trusts the public key of the signer, then 286 // verifying the signature is sufficient to establish trust. In this 287 // circumstance, the authority to which this attestation is attached is 288 // primarily useful for lookup (how to find this attestation if you already 289 // know the authority and artifact to be verified) and intent (for which 290 // authority this attestation was intended to sign. 291 type AttestationOccurrence struct { 292 // Jwts: One or more JWTs encoding a self-contained attestation. Each JWT 293 // encodes the payload that it verifies within the JWT itself. Verifier 294 // implementation SHOULD ignore the `serialized_payload` field when verifying 295 // these JWTs. If only JWTs are present on this AttestationOccurrence, then the 296 // `serialized_payload` SHOULD be left empty. Each JWT SHOULD encode a claim 297 // specific to the `resource_uri` of this Occurrence, but this is not validated 298 // by Grafeas metadata API implementations. The JWT itself is opaque to 299 // Grafeas. 300 Jwts []*Jwt `json:"jwts,omitempty"` 301 // SerializedPayload: Required. The serialized payload that is verified by one 302 // or more `signatures`. 303 SerializedPayload string `json:"serializedPayload,omitempty"` 304 // Signatures: One or more signatures over `serialized_payload`. Verifier 305 // implementations should consider this attestation message verified if at 306 // least one `signature` verifies `serialized_payload`. See `Signature` in 307 // common.proto for more details on signature structure and verification. 308 Signatures []*Signature `json:"signatures,omitempty"` 309 // ForceSendFields is a list of field names (e.g. "Jwts") to unconditionally 310 // include in API requests. By default, fields with empty or default values are 311 // omitted from API requests. See 312 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 313 // details. 314 ForceSendFields []string `json:"-"` 315 // NullFields is a list of field names (e.g. "Jwts") to include in API requests 316 // with the JSON null value. By default, fields with empty values are omitted 317 // from API requests. See 318 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 319 NullFields []string `json:"-"` 320 } 321 322 func (s *AttestationOccurrence) MarshalJSON() ([]byte, error) { 323 type NoMethod AttestationOccurrence 324 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 325 } 326 327 // Attestor: An attestor that attests to container image artifacts. An existing 328 // attestor cannot be modified except where indicated. 329 type Attestor struct { 330 // Description: Optional. A descriptive comment. This field may be updated. The 331 // field may be displayed in chooser dialogs. 332 Description string `json:"description,omitempty"` 333 // Etag: Optional. A checksum, returned by the server, that can be sent on 334 // update requests to ensure the attestor has an up-to-date value before 335 // attempting to update it. See https://google.aip.dev/154. 336 Etag string `json:"etag,omitempty"` 337 // Name: Required. The resource name, in the format: `projects/*/attestors/*`. 338 // This field may not be updated. 339 Name string `json:"name,omitempty"` 340 // UpdateTime: Output only. Time when the attestor was last updated. 341 UpdateTime string `json:"updateTime,omitempty"` 342 // UserOwnedDrydockNote: A Drydock ATTESTATION_AUTHORITY Note, created by the 343 // user. 344 UserOwnedDrydockNote *UserOwnedDrydockNote `json:"userOwnedDrydockNote,omitempty"` 345 346 // ServerResponse contains the HTTP response code and headers from the server. 347 googleapi.ServerResponse `json:"-"` 348 // ForceSendFields is a list of field names (e.g. "Description") to 349 // unconditionally include in API requests. By default, fields with empty or 350 // default values are omitted from API requests. See 351 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 352 // details. 353 ForceSendFields []string `json:"-"` 354 // NullFields is a list of field names (e.g. "Description") to include in API 355 // requests with the JSON null value. By default, fields with empty values are 356 // omitted from API requests. See 357 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 358 NullFields []string `json:"-"` 359 } 360 361 func (s *Attestor) MarshalJSON() ([]byte, error) { 362 type NoMethod Attestor 363 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 364 } 365 366 // AttestorPublicKey: An attestor public key that will be used to verify 367 // attestations signed by this attestor. 368 type AttestorPublicKey struct { 369 // AsciiArmoredPgpPublicKey: ASCII-armored representation of a PGP public key, 370 // as the entire output by the command `gpg --export --armor foo@example.com` 371 // (either LF or CRLF line endings). When using this field, `id` should be left 372 // blank. The BinAuthz API handlers will calculate the ID and fill it in 373 // automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 374 // fingerprint, represented as upper-case hex. If `id` is provided by the 375 // caller, it will be overwritten by the API-calculated ID. 376 AsciiArmoredPgpPublicKey string `json:"asciiArmoredPgpPublicKey,omitempty"` 377 // Comment: Optional. A descriptive comment. This field may be updated. 378 Comment string `json:"comment,omitempty"` 379 // Id: The ID of this public key. Signatures verified by BinAuthz must include 380 // the ID of the public key that can be used to verify them, and that ID must 381 // match the contents of this field exactly. Additional restrictions on this 382 // field can be imposed based on which public key type is encapsulated. See the 383 // documentation on `public_key` cases below for details. 384 Id string `json:"id,omitempty"` 385 // PkixPublicKey: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` 386 // may be explicitly provided by the caller when using this type of public key, 387 // but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one 388 // will be computed based on the digest of the DER encoding of the public key. 389 PkixPublicKey *PkixPublicKey `json:"pkixPublicKey,omitempty"` 390 // ForceSendFields is a list of field names (e.g. "AsciiArmoredPgpPublicKey") 391 // to unconditionally include in API requests. By default, fields with empty or 392 // default values are omitted from API requests. See 393 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 394 // details. 395 ForceSendFields []string `json:"-"` 396 // NullFields is a list of field names (e.g. "AsciiArmoredPgpPublicKey") to 397 // include in API requests with the JSON null value. By default, fields with 398 // empty values are omitted from API requests. See 399 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 400 NullFields []string `json:"-"` 401 } 402 403 func (s *AttestorPublicKey) MarshalJSON() ([]byte, error) { 404 type NoMethod AttestorPublicKey 405 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 406 } 407 408 // Binding: Associates `members`, or principals, with a `role`. 409 type Binding struct { 410 // Condition: The condition that is associated with this binding. If the 411 // condition evaluates to `true`, then this binding applies to the current 412 // request. If the condition evaluates to `false`, then this binding does not 413 // apply to the current request. However, a different role binding might grant 414 // the same role to one or more of the principals in this binding. To learn 415 // which resources support conditions in their IAM policies, see the IAM 416 // documentation 417 // (https://cloud.google.com/iam/help/conditions/resource-policies). 418 Condition *Expr `json:"condition,omitempty"` 419 // Members: Specifies the principals requesting access for a Google Cloud 420 // resource. `members` can have the following values: * `allUsers`: A special 421 // identifier that represents anyone who is on the internet; with or without a 422 // Google account. * `allAuthenticatedUsers`: A special identifier that 423 // represents anyone who is authenticated with a Google account or a service 424 // account. Does not include identities that come from external identity 425 // providers (IdPs) through identity federation. * `user:{emailid}`: An email 426 // address that represents a specific Google account. For example, 427 // `alice@example.com` . * `serviceAccount:{emailid}`: An email address that 428 // represents a Google service account. For example, 429 // `my-other-app@appspot.gserviceaccount.com`. * 430 // `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An 431 // identifier for a Kubernetes service account 432 // (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). 433 // For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * 434 // `group:{emailid}`: An email address that represents a Google group. For 435 // example, `admins@example.com`. * `domain:{domain}`: The G Suite domain 436 // (primary) that represents all the users of that domain. For example, 437 // `google.com` or `example.com`. * 438 // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/sub 439 // ject/{subject_attribute_value}`: A single identity in a workforce identity 440 // pool. * 441 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 442 // group/{group_id}`: All workforce identities in a group. * 443 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 444 // attribute.{attribute_name}/{attribute_value}`: All workforce identities with 445 // a specific attribute value. * 446 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 447 // *`: All identities in a workforce identity pool. * 448 // `principal://iam.googleapis.com/projects/{project_number}/locations/global/wo 449 // rkloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single 450 // identity in a workload identity pool. * 451 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 452 // /workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool 453 // group. * 454 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 455 // /workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value} 456 // `: All identities in a workload identity pool with a certain attribute. * 457 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 458 // /workloadIdentityPools/{pool_id}/*`: All identities in a workload identity 459 // pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus 460 // unique identifier) representing a user that has been recently deleted. For 461 // example, `alice@example.com?uid=123456789012345678901`. If the user is 462 // recovered, this value reverts to `user:{emailid}` and the recovered user 463 // retains the role in the binding. * 464 // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus 465 // unique identifier) representing a service account that has been recently 466 // deleted. For example, 467 // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the 468 // service account is undeleted, this value reverts to 469 // `serviceAccount:{emailid}` and the undeleted service account retains the 470 // role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email 471 // address (plus unique identifier) representing a Google group that has been 472 // recently deleted. For example, 473 // `admins@example.com?uid=123456789012345678901`. If the group is recovered, 474 // this value reverts to `group:{emailid}` and the recovered group retains the 475 // role in the binding. * 476 // `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool 477 // _id}/subject/{subject_attribute_value}`: Deleted single identity in a 478 // workforce identity pool. For example, 479 // `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-po 480 // ol-id/subject/my-subject-attribute-value`. 481 Members []string `json:"members,omitempty"` 482 // Role: Role that is assigned to the list of `members`, or principals. For 483 // example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview 484 // of the IAM roles and permissions, see the IAM documentation 485 // (https://cloud.google.com/iam/docs/roles-overview). For a list of the 486 // available pre-defined roles, see here 487 // (https://cloud.google.com/iam/docs/understanding-roles). 488 Role string `json:"role,omitempty"` 489 // ForceSendFields is a list of field names (e.g. "Condition") to 490 // unconditionally include in API requests. By default, fields with empty or 491 // default values are omitted from API requests. See 492 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 493 // details. 494 ForceSendFields []string `json:"-"` 495 // NullFields is a list of field names (e.g. "Condition") to include in API 496 // requests with the JSON null value. By default, fields with empty values are 497 // omitted from API requests. See 498 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 499 NullFields []string `json:"-"` 500 } 501 502 func (s *Binding) MarshalJSON() ([]byte, error) { 503 type NoMethod Binding 504 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 505 } 506 507 // Empty: A generic empty message that you can re-use to avoid defining 508 // duplicated empty messages in your APIs. A typical example is to use it as 509 // the request or the response type of an API method. For instance: service Foo 510 // { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } 511 type Empty struct { 512 // ServerResponse contains the HTTP response code and headers from the server. 513 googleapi.ServerResponse `json:"-"` 514 } 515 516 // Expr: Represents a textual expression in the Common Expression Language 517 // (CEL) syntax. CEL is a C-like expression language. The syntax and semantics 518 // of CEL are documented at https://github.com/google/cel-spec. Example 519 // (Comparison): title: "Summary size limit" description: "Determines if a 520 // summary is less than 100 chars" expression: "document.summary.size() < 100" 521 // Example (Equality): title: "Requestor is owner" description: "Determines if 522 // requestor is the document owner" expression: "document.owner == 523 // request.auth.claims.email" Example (Logic): title: "Public documents" 524 // description: "Determine whether the document should be publicly visible" 525 // expression: "document.type != 'private' && document.type != 'internal'" 526 // Example (Data Manipulation): title: "Notification string" description: 527 // "Create a notification string with a timestamp." expression: "'New message 528 // received at ' + string(document.create_time)" The exact variables and 529 // functions that may be referenced within an expression are determined by the 530 // service that evaluates it. See the service documentation for additional 531 // information. 532 type Expr struct { 533 // Description: Optional. Description of the expression. This is a longer text 534 // which describes the expression, e.g. when hovered over it in a UI. 535 Description string `json:"description,omitempty"` 536 // Expression: Textual representation of an expression in Common Expression 537 // Language syntax. 538 Expression string `json:"expression,omitempty"` 539 // Location: Optional. String indicating the location of the expression for 540 // error reporting, e.g. a file name and a position in the file. 541 Location string `json:"location,omitempty"` 542 // Title: Optional. Title for the expression, i.e. a short string describing 543 // its purpose. This can be used e.g. in UIs which allow to enter the 544 // expression. 545 Title string `json:"title,omitempty"` 546 // ForceSendFields is a list of field names (e.g. "Description") to 547 // unconditionally include in API requests. By default, fields with empty or 548 // default values are omitted from API requests. See 549 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 550 // details. 551 ForceSendFields []string `json:"-"` 552 // NullFields is a list of field names (e.g. "Description") to include in API 553 // requests with the JSON null value. By default, fields with empty values are 554 // omitted from API requests. See 555 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 556 NullFields []string `json:"-"` 557 } 558 559 func (s *Expr) MarshalJSON() ([]byte, error) { 560 type NoMethod Expr 561 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 562 } 563 564 // IamPolicy: An Identity and Access Management (IAM) policy, which specifies 565 // access controls for Google Cloud resources. A `Policy` is a collection of 566 // `bindings`. A `binding` binds one or more `members`, or principals, to a 567 // single `role`. Principals can be user accounts, service accounts, Google 568 // groups, and domains (such as G Suite). A `role` is a named list of 569 // permissions; each `role` can be an IAM predefined role or a user-created 570 // custom role. For some types of Google Cloud resources, a `binding` can also 571 // specify a `condition`, which is a logical expression that allows access to a 572 // resource only if the expression evaluates to `true`. A condition can add 573 // constraints based on attributes of the request, the resource, or both. To 574 // learn which resources support conditions in their IAM policies, see the IAM 575 // documentation 576 // (https://cloud.google.com/iam/help/conditions/resource-policies). **JSON 577 // example:** ``` { "bindings": [ { "role": 578 // "roles/resourcemanager.organizationAdmin", "members": [ 579 // "user:mike@example.com", "group:admins@example.com", "domain:google.com", 580 // "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": 581 // "roles/resourcemanager.organizationViewer", "members": [ 582 // "user:eve@example.com" ], "condition": { "title": "expirable access", 583 // "description": "Does not grant access after Sep 2020", "expression": 584 // "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": 585 // "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - 586 // members: - user:mike@example.com - group:admins@example.com - 587 // domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com 588 // role: roles/resourcemanager.organizationAdmin - members: - 589 // user:eve@example.com role: roles/resourcemanager.organizationViewer 590 // condition: title: expirable access description: Does not grant access after 591 // Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') 592 // etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, 593 // see the IAM documentation (https://cloud.google.com/iam/docs/). 594 type IamPolicy struct { 595 // Bindings: Associates a list of `members`, or principals, with a `role`. 596 // Optionally, may specify a `condition` that determines how and when the 597 // `bindings` are applied. Each of the `bindings` must contain at least one 598 // principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; 599 // up to 250 of these principals can be Google groups. Each occurrence of a 600 // principal counts towards these limits. For example, if the `bindings` grant 601 // 50 different roles to `user:alice@example.com`, and not to any other 602 // principal, then you can add another 1,450 principals to the `bindings` in 603 // the `Policy`. 604 Bindings []*Binding `json:"bindings,omitempty"` 605 // Etag: `etag` is used for optimistic concurrency control as a way to help 606 // prevent simultaneous updates of a policy from overwriting each other. It is 607 // strongly suggested that systems make use of the `etag` in the 608 // read-modify-write cycle to perform policy updates in order to avoid race 609 // conditions: An `etag` is returned in the response to `getIamPolicy`, and 610 // systems are expected to put that etag in the request to `setIamPolicy` to 611 // ensure that their change will be applied to the same version of the policy. 612 // **Important:** If you use IAM Conditions, you must include the `etag` field 613 // whenever you call `setIamPolicy`. If you omit this field, then IAM allows 614 // you to overwrite a version `3` policy with a version `1` policy, and all of 615 // the conditions in the version `3` policy are lost. 616 Etag string `json:"etag,omitempty"` 617 // Version: Specifies the format of the policy. Valid values are `0`, `1`, and 618 // `3`. Requests that specify an invalid value are rejected. Any operation that 619 // affects conditional role bindings must specify version `3`. This requirement 620 // applies to the following operations: * Getting a policy that includes a 621 // conditional role binding * Adding a conditional role binding to a policy * 622 // Changing a conditional role binding in a policy * Removing any role binding, 623 // with or without a condition, from a policy that includes conditions 624 // **Important:** If you use IAM Conditions, you must include the `etag` field 625 // whenever you call `setIamPolicy`. If you omit this field, then IAM allows 626 // you to overwrite a version `3` policy with a version `1` policy, and all of 627 // the conditions in the version `3` policy are lost. If a policy does not 628 // include any conditions, operations on that policy may specify any valid 629 // version or leave the field unset. To learn which resources support 630 // conditions in their IAM policies, see the IAM documentation 631 // (https://cloud.google.com/iam/help/conditions/resource-policies). 632 Version int64 `json:"version,omitempty"` 633 634 // ServerResponse contains the HTTP response code and headers from the server. 635 googleapi.ServerResponse `json:"-"` 636 // ForceSendFields is a list of field names (e.g. "Bindings") to 637 // unconditionally include in API requests. By default, fields with empty or 638 // default values are omitted from API requests. See 639 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 640 // details. 641 ForceSendFields []string `json:"-"` 642 // NullFields is a list of field names (e.g. "Bindings") to include in API 643 // requests with the JSON null value. By default, fields with empty values are 644 // omitted from API requests. See 645 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 646 NullFields []string `json:"-"` 647 } 648 649 func (s *IamPolicy) MarshalJSON() ([]byte, error) { 650 type NoMethod IamPolicy 651 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 652 } 653 654 type Jwt struct { 655 // CompactJwt: The compact encoding of a JWS, which is always three base64 656 // encoded strings joined by periods. For details, see: 657 // https://tools.ietf.org/html/rfc7515.html#section-3.1 658 CompactJwt string `json:"compactJwt,omitempty"` 659 // ForceSendFields is a list of field names (e.g. "CompactJwt") to 660 // unconditionally include in API requests. By default, fields with empty or 661 // default values are omitted from API requests. See 662 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 663 // details. 664 ForceSendFields []string `json:"-"` 665 // NullFields is a list of field names (e.g. "CompactJwt") to include in API 666 // requests with the JSON null value. By default, fields with empty values are 667 // omitted from API requests. See 668 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 669 NullFields []string `json:"-"` 670 } 671 672 func (s *Jwt) MarshalJSON() ([]byte, error) { 673 type NoMethod Jwt 674 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 675 } 676 677 // ListAttestorsResponse: Response message for 678 // BinauthzManagementService.ListAttestors. 679 type ListAttestorsResponse struct { 680 // Attestors: The list of attestors. 681 Attestors []*Attestor `json:"attestors,omitempty"` 682 // NextPageToken: A token to retrieve the next page of results. Pass this value 683 // in the ListAttestorsRequest.page_token field in the subsequent call to the 684 // `ListAttestors` method to retrieve the next page of results. 685 NextPageToken string `json:"nextPageToken,omitempty"` 686 687 // ServerResponse contains the HTTP response code and headers from the server. 688 googleapi.ServerResponse `json:"-"` 689 // ForceSendFields is a list of field names (e.g. "Attestors") to 690 // unconditionally include in API requests. By default, fields with empty or 691 // default values are omitted from API requests. See 692 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 693 // details. 694 ForceSendFields []string `json:"-"` 695 // NullFields is a list of field names (e.g. "Attestors") to include in API 696 // requests with the JSON null value. By default, fields with empty values are 697 // omitted from API requests. See 698 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 699 NullFields []string `json:"-"` 700 } 701 702 func (s *ListAttestorsResponse) MarshalJSON() ([]byte, error) { 703 type NoMethod ListAttestorsResponse 704 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 705 } 706 707 // PkixPublicKey: A public key in the PkixPublicKey format (see 708 // https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public 709 // keys of this type are typically textually encoded using the PEM format. 710 type PkixPublicKey struct { 711 // PublicKeyPem: A PEM-encoded public key, as described in 712 // https://tools.ietf.org/html/rfc7468#section-13 713 PublicKeyPem string `json:"publicKeyPem,omitempty"` 714 // SignatureAlgorithm: The signature algorithm used to verify a message against 715 // a signature using this key. These signature algorithm must match the 716 // structure and any object identifiers encoded in `public_key_pem` (i.e. this 717 // algorithm must match that of the public key). 718 // 719 // Possible values: 720 // "SIGNATURE_ALGORITHM_UNSPECIFIED" - Not specified. 721 // "RSA_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 digest. 722 // "RSA_SIGN_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 digest. 723 // "RSA_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 digest. 724 // "RSA_SIGN_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 digest. 725 // "RSA_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 digest. 726 // "RSA_SIGN_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 digest. 727 // "RSA_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 digest. 728 // "RSA_SIGN_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 digest. 729 // "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit key and a 730 // SHA256 digest. 731 // "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit key and a 732 // SHA256 digest. 733 // "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a 734 // SHA256 digest. 735 // "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit key and a 736 // SHA512 digest. 737 // "ECDSA_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 digest. 738 // "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 739 // digest. 740 // "ECDSA_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 digest. 741 // "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 742 // digest. 743 // "ECDSA_P521_SHA512" - ECDSA on the NIST P-521 curve with a SHA512 digest. 744 // "EC_SIGN_P521_SHA512" - ECDSA on the NIST P-521 curve with a SHA512 745 // digest. 746 SignatureAlgorithm string `json:"signatureAlgorithm,omitempty"` 747 // ForceSendFields is a list of field names (e.g. "PublicKeyPem") to 748 // unconditionally include in API requests. By default, fields with empty or 749 // default values are omitted from API requests. See 750 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 751 // details. 752 ForceSendFields []string `json:"-"` 753 // NullFields is a list of field names (e.g. "PublicKeyPem") to include in API 754 // requests with the JSON null value. By default, fields with empty values are 755 // omitted from API requests. See 756 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 757 NullFields []string `json:"-"` 758 } 759 760 func (s *PkixPublicKey) MarshalJSON() ([]byte, error) { 761 type NoMethod PkixPublicKey 762 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 763 } 764 765 // Policy: A policy for Binary Authorization. 766 type Policy struct { 767 // AdmissionWhitelistPatterns: Optional. Admission policy allowlisting. A 768 // matching admission request will always be permitted. This feature is 769 // typically used to exclude Google or third-party infrastructure images from 770 // Binary Authorization policies. 771 AdmissionWhitelistPatterns []*AdmissionWhitelistPattern `json:"admissionWhitelistPatterns,omitempty"` 772 // ClusterAdmissionRules: Optional. Per-cluster admission rules. Cluster spec 773 // format: `location.clusterId`. There can be at most one admission rule per 774 // cluster spec. A `location` is either a compute zone (e.g. us-central1-a) or 775 // a region (e.g. us-central1). For `clusterId` syntax restrictions see 776 // https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters. 777 ClusterAdmissionRules map[string]AdmissionRule `json:"clusterAdmissionRules,omitempty"` 778 // DefaultAdmissionRule: Required. Default admission rule for a cluster without 779 // a per-cluster, per- kubernetes-service-account, or 780 // per-istio-service-identity admission rule. 781 DefaultAdmissionRule *AdmissionRule `json:"defaultAdmissionRule,omitempty"` 782 // Description: Optional. A descriptive comment. 783 Description string `json:"description,omitempty"` 784 // Etag: Optional. A checksum, returned by the server, that can be sent on 785 // update requests to ensure the policy has an up-to-date value before 786 // attempting to update it. See https://google.aip.dev/154. 787 Etag string `json:"etag,omitempty"` 788 // GlobalPolicyEvaluationMode: Optional. Controls the evaluation of a 789 // Google-maintained global admission policy for common system-level images. 790 // Images not covered by the global policy will be subject to the project 791 // admission policy. This setting has no effect when specified inside a global 792 // admission policy. 793 // 794 // Possible values: 795 // "GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED" - Not specified: DISABLE is 796 // assumed. 797 // "ENABLE" - Enables system policy evaluation. 798 // "DISABLE" - Disables system policy evaluation. 799 GlobalPolicyEvaluationMode string `json:"globalPolicyEvaluationMode,omitempty"` 800 // IstioServiceIdentityAdmissionRules: Optional. Per-istio-service-identity 801 // admission rules. Istio service identity spec format: `spiffe:///ns//sa/` or 802 // `/ns//sa/` e.g. `spiffe://example.com/ns/test-ns/sa/default` 803 IstioServiceIdentityAdmissionRules map[string]AdmissionRule `json:"istioServiceIdentityAdmissionRules,omitempty"` 804 // KubernetesNamespaceAdmissionRules: Optional. Per-kubernetes-namespace 805 // admission rules. K8s namespace spec format: `[a-z.-]+`, e.g. 806 // `some-namespace` 807 KubernetesNamespaceAdmissionRules map[string]AdmissionRule `json:"kubernetesNamespaceAdmissionRules,omitempty"` 808 // KubernetesServiceAccountAdmissionRules: Optional. 809 // Per-kubernetes-service-account admission rules. Service account spec format: 810 // `namespace:serviceaccount`. e.g. `test-ns:default` 811 KubernetesServiceAccountAdmissionRules map[string]AdmissionRule `json:"kubernetesServiceAccountAdmissionRules,omitempty"` 812 // Name: Output only. The resource name, in the format `projects/*/policy`. 813 // There is at most one policy per project. 814 Name string `json:"name,omitempty"` 815 // UpdateTime: Output only. Time when the policy was last updated. 816 UpdateTime string `json:"updateTime,omitempty"` 817 818 // ServerResponse contains the HTTP response code and headers from the server. 819 googleapi.ServerResponse `json:"-"` 820 // ForceSendFields is a list of field names (e.g. "AdmissionWhitelistPatterns") 821 // to unconditionally include in API requests. By default, fields with empty or 822 // default values are omitted from API requests. See 823 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 824 // details. 825 ForceSendFields []string `json:"-"` 826 // NullFields is a list of field names (e.g. "AdmissionWhitelistPatterns") to 827 // include in API requests with the JSON null value. By default, fields with 828 // empty values are omitted from API requests. See 829 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 830 NullFields []string `json:"-"` 831 } 832 833 func (s *Policy) MarshalJSON() ([]byte, error) { 834 type NoMethod Policy 835 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 836 } 837 838 // SetIamPolicyRequest: Request message for `SetIamPolicy` method. 839 type SetIamPolicyRequest struct { 840 // Policy: REQUIRED: The complete policy to be applied to the `resource`. The 841 // size of the policy is limited to a few 10s of KB. An empty policy is a valid 842 // policy but certain Google Cloud services (such as Projects) might reject 843 // them. 844 Policy *IamPolicy `json:"policy,omitempty"` 845 // ForceSendFields is a list of field names (e.g. "Policy") to unconditionally 846 // include in API requests. By default, fields with empty or default values are 847 // omitted from API requests. See 848 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 849 // details. 850 ForceSendFields []string `json:"-"` 851 // NullFields is a list of field names (e.g. "Policy") to include in API 852 // requests with the JSON null value. By default, fields with empty values are 853 // omitted from API requests. See 854 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 855 NullFields []string `json:"-"` 856 } 857 858 func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error) { 859 type NoMethod SetIamPolicyRequest 860 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 861 } 862 863 // Signature: Verifiers (e.g. Kritis implementations) MUST verify signatures 864 // with respect to the trust anchors defined in policy (e.g. a Kritis policy). 865 // Typically this means that the verifier has been configured with a map from 866 // `public_key_id` to public key material (and any required parameters, e.g. 867 // signing algorithm). In particular, verification implementations MUST NOT 868 // treat the signature `public_key_id` as anything more than a key lookup hint. 869 // The `public_key_id` DOES NOT validate or authenticate a public key; it only 870 // provides a mechanism for quickly selecting a public key ALREADY CONFIGURED 871 // on the verifier through a trusted channel. Verification implementations MUST 872 // reject signatures in any of the following circumstances: * The 873 // `public_key_id` is not recognized by the verifier. * The public key that 874 // `public_key_id` refers to does not verify the signature with respect to the 875 // payload. The `signature` contents SHOULD NOT be "attached" (where the 876 // payload is included with the serialized `signature` bytes). Verifiers MUST 877 // ignore any "attached" payload and only verify signatures with respect to 878 // explicitly provided payload (e.g. a `payload` field on the proto message 879 // that holds this Signature, or the canonical serialization of the proto 880 // message that holds this signature). 881 type Signature struct { 882 // PublicKeyId: The identifier for the public key that verifies this signature. 883 // * The `public_key_id` is required. * The `public_key_id` SHOULD be an 884 // RFC3986 conformant URI. * When possible, the `public_key_id` SHOULD be an 885 // immutable reference, such as a cryptographic digest. Examples of valid 886 // `public_key_id`s: OpenPGP V4 public key fingerprint: * 887 // "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See 888 // https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more 889 // details on this scheme. RFC6920 digest-named SubjectPublicKeyInfo (digest of 890 // the DER serialization): * 891 // "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * 892 // "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a127158 893 // 9a5" 894 PublicKeyId string `json:"publicKeyId,omitempty"` 895 // Signature: The content of the signature, an opaque bytestring. The payload 896 // that this signature verifies MUST be unambiguously provided with the 897 // Signature during verification. A wrapper message might provide the payload 898 // explicitly. Alternatively, a message might have a canonical serialization 899 // that can always be unambiguously computed to derive the payload. 900 Signature string `json:"signature,omitempty"` 901 // ForceSendFields is a list of field names (e.g. "PublicKeyId") to 902 // unconditionally include in API requests. By default, fields with empty or 903 // default values are omitted from API requests. See 904 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 905 // details. 906 ForceSendFields []string `json:"-"` 907 // NullFields is a list of field names (e.g. "PublicKeyId") to include in API 908 // requests with the JSON null value. By default, fields with empty values are 909 // omitted from API requests. See 910 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 911 NullFields []string `json:"-"` 912 } 913 914 func (s *Signature) MarshalJSON() ([]byte, error) { 915 type NoMethod Signature 916 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 917 } 918 919 // TestIamPermissionsRequest: Request message for `TestIamPermissions` method. 920 type TestIamPermissionsRequest struct { 921 // Permissions: The set of permissions to check for the `resource`. Permissions 922 // with wildcards (such as `*` or `storage.*`) are not allowed. For more 923 // information see IAM Overview 924 // (https://cloud.google.com/iam/docs/overview#permissions). 925 Permissions []string `json:"permissions,omitempty"` 926 // ForceSendFields is a list of field names (e.g. "Permissions") to 927 // unconditionally include in API requests. By default, fields with empty or 928 // default values are omitted from API requests. See 929 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 930 // details. 931 ForceSendFields []string `json:"-"` 932 // NullFields is a list of field names (e.g. "Permissions") to include in API 933 // requests with the JSON null value. By default, fields with empty values are 934 // omitted from API requests. See 935 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 936 NullFields []string `json:"-"` 937 } 938 939 func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error) { 940 type NoMethod TestIamPermissionsRequest 941 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 942 } 943 944 // TestIamPermissionsResponse: Response message for `TestIamPermissions` 945 // method. 946 type TestIamPermissionsResponse struct { 947 // Permissions: A subset of `TestPermissionsRequest.permissions` that the 948 // caller is allowed. 949 Permissions []string `json:"permissions,omitempty"` 950 951 // ServerResponse contains the HTTP response code and headers from the server. 952 googleapi.ServerResponse `json:"-"` 953 // ForceSendFields is a list of field names (e.g. "Permissions") to 954 // unconditionally include in API requests. By default, fields with empty or 955 // default values are omitted from API requests. See 956 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 957 // details. 958 ForceSendFields []string `json:"-"` 959 // NullFields is a list of field names (e.g. "Permissions") to include in API 960 // requests with the JSON null value. By default, fields with empty values are 961 // omitted from API requests. See 962 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 963 NullFields []string `json:"-"` 964 } 965 966 func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) { 967 type NoMethod TestIamPermissionsResponse 968 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 969 } 970 971 // UserOwnedDrydockNote: An user owned drydock note references a Drydock 972 // ATTESTATION_AUTHORITY Note created by the user. 973 type UserOwnedDrydockNote struct { 974 // DelegationServiceAccountEmail: Output only. This field will contain the 975 // service account email address that this Attestor will use as the principal 976 // when querying Container Analysis. Attestor administrators must grant this 977 // service account the IAM role needed to read attestations from the 978 // note_reference in Container Analysis 979 // (`containeranalysis.notes.occurrences.viewer`). This email address is fixed 980 // for the lifetime of the Attestor, but callers should not make any other 981 // assumptions about the service account email; future versions may use an 982 // email based on a different naming pattern. 983 DelegationServiceAccountEmail string `json:"delegationServiceAccountEmail,omitempty"` 984 // NoteReference: Required. The Drydock resource name of a 985 // ATTESTATION_AUTHORITY Note, created by the user, in the format: 986 // `projects/*/notes/*` (or the legacy `providers/*/notes/*`). This field may 987 // not be updated. An attestation by this attestor is stored as a Drydock 988 // ATTESTATION_AUTHORITY Occurrence that names a container image and that links 989 // to this Note. Drydock is an external dependency. 990 NoteReference string `json:"noteReference,omitempty"` 991 // PublicKeys: Optional. Public keys that verify attestations signed by this 992 // attestor. This field may be updated. If this field is non-empty, one of the 993 // specified public keys must verify that an attestation was signed by this 994 // attestor for the image specified in the admission request. If this field is 995 // empty, this attestor always returns that no valid attestations exist. 996 PublicKeys []*AttestorPublicKey `json:"publicKeys,omitempty"` 997 // ForceSendFields is a list of field names (e.g. 998 // "DelegationServiceAccountEmail") to unconditionally include in API requests. 999 // By default, fields with empty or default values are omitted from API 1000 // requests. See https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields 1001 // for more details. 1002 ForceSendFields []string `json:"-"` 1003 // NullFields is a list of field names (e.g. "DelegationServiceAccountEmail") 1004 // to include in API requests with the JSON null value. By default, fields with 1005 // empty values are omitted from API requests. See 1006 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1007 NullFields []string `json:"-"` 1008 } 1009 1010 func (s *UserOwnedDrydockNote) MarshalJSON() ([]byte, error) { 1011 type NoMethod UserOwnedDrydockNote 1012 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1013 } 1014 1015 // ValidateAttestationOccurrenceRequest: Request message for 1016 // ValidationHelperV1.ValidateAttestationOccurrence. 1017 type ValidateAttestationOccurrenceRequest struct { 1018 // Attestation: Required. An AttestationOccurrence to be checked that it can be 1019 // verified by the `Attestor`. It does not have to be an existing entity in 1020 // Container Analysis. It must otherwise be a valid `AttestationOccurrence`. 1021 Attestation *AttestationOccurrence `json:"attestation,omitempty"` 1022 // OccurrenceNote: Required. The resource name of the Note to which the 1023 // containing Occurrence is associated. 1024 OccurrenceNote string `json:"occurrenceNote,omitempty"` 1025 // OccurrenceResourceUri: Required. The URI of the artifact (e.g. container 1026 // image) that is the subject of the containing Occurrence. 1027 OccurrenceResourceUri string `json:"occurrenceResourceUri,omitempty"` 1028 // ForceSendFields is a list of field names (e.g. "Attestation") to 1029 // unconditionally include in API requests. By default, fields with empty or 1030 // default values are omitted from API requests. See 1031 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1032 // details. 1033 ForceSendFields []string `json:"-"` 1034 // NullFields is a list of field names (e.g. "Attestation") to include in API 1035 // requests with the JSON null value. By default, fields with empty values are 1036 // omitted from API requests. See 1037 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1038 NullFields []string `json:"-"` 1039 } 1040 1041 func (s *ValidateAttestationOccurrenceRequest) MarshalJSON() ([]byte, error) { 1042 type NoMethod ValidateAttestationOccurrenceRequest 1043 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1044 } 1045 1046 // ValidateAttestationOccurrenceResponse: Response message for 1047 // ValidationHelperV1.ValidateAttestationOccurrence. 1048 type ValidateAttestationOccurrenceResponse struct { 1049 // DenialReason: The reason for denial if the Attestation couldn't be 1050 // validated. 1051 DenialReason string `json:"denialReason,omitempty"` 1052 // Result: The result of the Attestation validation. 1053 // 1054 // Possible values: 1055 // "RESULT_UNSPECIFIED" - Unspecified. 1056 // "VERIFIED" - The Attestation was able to verified by the Attestor. 1057 // "ATTESTATION_NOT_VERIFIABLE" - The Attestation was not able to verified by 1058 // the Attestor. 1059 Result string `json:"result,omitempty"` 1060 1061 // ServerResponse contains the HTTP response code and headers from the server. 1062 googleapi.ServerResponse `json:"-"` 1063 // ForceSendFields is a list of field names (e.g. "DenialReason") to 1064 // unconditionally include in API requests. By default, fields with empty or 1065 // default values are omitted from API requests. See 1066 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1067 // details. 1068 ForceSendFields []string `json:"-"` 1069 // NullFields is a list of field names (e.g. "DenialReason") to include in API 1070 // requests with the JSON null value. By default, fields with empty values are 1071 // omitted from API requests. See 1072 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1073 NullFields []string `json:"-"` 1074 } 1075 1076 func (s *ValidateAttestationOccurrenceResponse) MarshalJSON() ([]byte, error) { 1077 type NoMethod ValidateAttestationOccurrenceResponse 1078 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1079 } 1080 1081 type ProjectsGetPolicyCall struct { 1082 s *Service 1083 name string 1084 urlParams_ gensupport.URLParams 1085 ifNoneMatch_ string 1086 ctx_ context.Context 1087 header_ http.Header 1088 } 1089 1090 // GetPolicy: A policy specifies the attestors that must attest to a container 1091 // image, before the project is allowed to deploy that image. There is at most 1092 // one policy per project. All image admission requests are permitted if a 1093 // project has no policy. Gets the policy for this project. Returns a default 1094 // policy if the project does not have one. 1095 // 1096 // - name: The resource name of the policy to retrieve, in the format 1097 // `projects/*/policy`. 1098 func (r *ProjectsService) GetPolicy(name string) *ProjectsGetPolicyCall { 1099 c := &ProjectsGetPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1100 c.name = name 1101 return c 1102 } 1103 1104 // Fields allows partial responses to be retrieved. See 1105 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1106 // details. 1107 func (c *ProjectsGetPolicyCall) Fields(s ...googleapi.Field) *ProjectsGetPolicyCall { 1108 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1109 return c 1110 } 1111 1112 // IfNoneMatch sets an optional parameter which makes the operation fail if the 1113 // object's ETag matches the given value. This is useful for getting updates 1114 // only after the object has changed since the last request. 1115 func (c *ProjectsGetPolicyCall) IfNoneMatch(entityTag string) *ProjectsGetPolicyCall { 1116 c.ifNoneMatch_ = entityTag 1117 return c 1118 } 1119 1120 // Context sets the context to be used in this call's Do method. 1121 func (c *ProjectsGetPolicyCall) Context(ctx context.Context) *ProjectsGetPolicyCall { 1122 c.ctx_ = ctx 1123 return c 1124 } 1125 1126 // Header returns a http.Header that can be modified by the caller to add 1127 // headers to the request. 1128 func (c *ProjectsGetPolicyCall) Header() http.Header { 1129 if c.header_ == nil { 1130 c.header_ = make(http.Header) 1131 } 1132 return c.header_ 1133 } 1134 1135 func (c *ProjectsGetPolicyCall) doRequest(alt string) (*http.Response, error) { 1136 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 1137 if c.ifNoneMatch_ != "" { 1138 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1139 } 1140 var body io.Reader = nil 1141 c.urlParams_.Set("alt", alt) 1142 c.urlParams_.Set("prettyPrint", "false") 1143 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 1144 urls += "?" + c.urlParams_.Encode() 1145 req, err := http.NewRequest("GET", urls, body) 1146 if err != nil { 1147 return nil, err 1148 } 1149 req.Header = reqHeaders 1150 googleapi.Expand(req.URL, map[string]string{ 1151 "name": c.name, 1152 }) 1153 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1154 } 1155 1156 // Do executes the "binaryauthorization.projects.getPolicy" call. 1157 // Any non-2xx status code is an error. Response headers are in either 1158 // *Policy.ServerResponse.Header or (if a response was returned at all) in 1159 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 1160 // whether the returned error was because http.StatusNotModified was returned. 1161 func (c *ProjectsGetPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 1162 gensupport.SetOptions(c.urlParams_, opts...) 1163 res, err := c.doRequest("json") 1164 if res != nil && res.StatusCode == http.StatusNotModified { 1165 if res.Body != nil { 1166 res.Body.Close() 1167 } 1168 return nil, gensupport.WrapError(&googleapi.Error{ 1169 Code: res.StatusCode, 1170 Header: res.Header, 1171 }) 1172 } 1173 if err != nil { 1174 return nil, err 1175 } 1176 defer googleapi.CloseBody(res) 1177 if err := googleapi.CheckResponse(res); err != nil { 1178 return nil, gensupport.WrapError(err) 1179 } 1180 ret := &Policy{ 1181 ServerResponse: googleapi.ServerResponse{ 1182 Header: res.Header, 1183 HTTPStatusCode: res.StatusCode, 1184 }, 1185 } 1186 target := &ret 1187 if err := gensupport.DecodeResponse(target, res); err != nil { 1188 return nil, err 1189 } 1190 return ret, nil 1191 } 1192 1193 type ProjectsUpdatePolicyCall struct { 1194 s *Service 1195 name string 1196 policy *Policy 1197 urlParams_ gensupport.URLParams 1198 ctx_ context.Context 1199 header_ http.Header 1200 } 1201 1202 // UpdatePolicy: Creates or updates a project's policy, and returns a copy of 1203 // the new policy. A policy is always updated as a whole, to avoid race 1204 // conditions with concurrent policy enforcement (or management!) requests. 1205 // Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the 1206 // request is malformed. 1207 // 1208 // - name: Output only. The resource name, in the format `projects/*/policy`. 1209 // There is at most one policy per project. 1210 func (r *ProjectsService) UpdatePolicy(name string, policy *Policy) *ProjectsUpdatePolicyCall { 1211 c := &ProjectsUpdatePolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1212 c.name = name 1213 c.policy = policy 1214 return c 1215 } 1216 1217 // Fields allows partial responses to be retrieved. See 1218 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1219 // details. 1220 func (c *ProjectsUpdatePolicyCall) Fields(s ...googleapi.Field) *ProjectsUpdatePolicyCall { 1221 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1222 return c 1223 } 1224 1225 // Context sets the context to be used in this call's Do method. 1226 func (c *ProjectsUpdatePolicyCall) Context(ctx context.Context) *ProjectsUpdatePolicyCall { 1227 c.ctx_ = ctx 1228 return c 1229 } 1230 1231 // Header returns a http.Header that can be modified by the caller to add 1232 // headers to the request. 1233 func (c *ProjectsUpdatePolicyCall) Header() http.Header { 1234 if c.header_ == nil { 1235 c.header_ = make(http.Header) 1236 } 1237 return c.header_ 1238 } 1239 1240 func (c *ProjectsUpdatePolicyCall) doRequest(alt string) (*http.Response, error) { 1241 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 1242 var body io.Reader = nil 1243 body, err := googleapi.WithoutDataWrapper.JSONReader(c.policy) 1244 if err != nil { 1245 return nil, err 1246 } 1247 c.urlParams_.Set("alt", alt) 1248 c.urlParams_.Set("prettyPrint", "false") 1249 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 1250 urls += "?" + c.urlParams_.Encode() 1251 req, err := http.NewRequest("PUT", urls, body) 1252 if err != nil { 1253 return nil, err 1254 } 1255 req.Header = reqHeaders 1256 googleapi.Expand(req.URL, map[string]string{ 1257 "name": c.name, 1258 }) 1259 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1260 } 1261 1262 // Do executes the "binaryauthorization.projects.updatePolicy" call. 1263 // Any non-2xx status code is an error. Response headers are in either 1264 // *Policy.ServerResponse.Header or (if a response was returned at all) in 1265 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 1266 // whether the returned error was because http.StatusNotModified was returned. 1267 func (c *ProjectsUpdatePolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 1268 gensupport.SetOptions(c.urlParams_, opts...) 1269 res, err := c.doRequest("json") 1270 if res != nil && res.StatusCode == http.StatusNotModified { 1271 if res.Body != nil { 1272 res.Body.Close() 1273 } 1274 return nil, gensupport.WrapError(&googleapi.Error{ 1275 Code: res.StatusCode, 1276 Header: res.Header, 1277 }) 1278 } 1279 if err != nil { 1280 return nil, err 1281 } 1282 defer googleapi.CloseBody(res) 1283 if err := googleapi.CheckResponse(res); err != nil { 1284 return nil, gensupport.WrapError(err) 1285 } 1286 ret := &Policy{ 1287 ServerResponse: googleapi.ServerResponse{ 1288 Header: res.Header, 1289 HTTPStatusCode: res.StatusCode, 1290 }, 1291 } 1292 target := &ret 1293 if err := gensupport.DecodeResponse(target, res); err != nil { 1294 return nil, err 1295 } 1296 return ret, nil 1297 } 1298 1299 type ProjectsAttestorsCreateCall struct { 1300 s *Service 1301 parent string 1302 attestor *Attestor 1303 urlParams_ gensupport.URLParams 1304 ctx_ context.Context 1305 header_ http.Header 1306 } 1307 1308 // Create: Creates an attestor, and returns a copy of the new attestor. Returns 1309 // NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is 1310 // malformed, ALREADY_EXISTS if the attestor already exists. 1311 // 1312 // - parent: The parent of this attestor. 1313 func (r *ProjectsAttestorsService) Create(parent string, attestor *Attestor) *ProjectsAttestorsCreateCall { 1314 c := &ProjectsAttestorsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1315 c.parent = parent 1316 c.attestor = attestor 1317 return c 1318 } 1319 1320 // AttestorId sets the optional parameter "attestorId": Required. The attestors 1321 // ID. 1322 func (c *ProjectsAttestorsCreateCall) AttestorId(attestorId string) *ProjectsAttestorsCreateCall { 1323 c.urlParams_.Set("attestorId", attestorId) 1324 return c 1325 } 1326 1327 // Fields allows partial responses to be retrieved. See 1328 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1329 // details. 1330 func (c *ProjectsAttestorsCreateCall) Fields(s ...googleapi.Field) *ProjectsAttestorsCreateCall { 1331 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1332 return c 1333 } 1334 1335 // Context sets the context to be used in this call's Do method. 1336 func (c *ProjectsAttestorsCreateCall) Context(ctx context.Context) *ProjectsAttestorsCreateCall { 1337 c.ctx_ = ctx 1338 return c 1339 } 1340 1341 // Header returns a http.Header that can be modified by the caller to add 1342 // headers to the request. 1343 func (c *ProjectsAttestorsCreateCall) Header() http.Header { 1344 if c.header_ == nil { 1345 c.header_ = make(http.Header) 1346 } 1347 return c.header_ 1348 } 1349 1350 func (c *ProjectsAttestorsCreateCall) doRequest(alt string) (*http.Response, error) { 1351 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 1352 var body io.Reader = nil 1353 body, err := googleapi.WithoutDataWrapper.JSONReader(c.attestor) 1354 if err != nil { 1355 return nil, err 1356 } 1357 c.urlParams_.Set("alt", alt) 1358 c.urlParams_.Set("prettyPrint", "false") 1359 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+parent}/attestors") 1360 urls += "?" + c.urlParams_.Encode() 1361 req, err := http.NewRequest("POST", urls, body) 1362 if err != nil { 1363 return nil, err 1364 } 1365 req.Header = reqHeaders 1366 googleapi.Expand(req.URL, map[string]string{ 1367 "parent": c.parent, 1368 }) 1369 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1370 } 1371 1372 // Do executes the "binaryauthorization.projects.attestors.create" call. 1373 // Any non-2xx status code is an error. Response headers are in either 1374 // *Attestor.ServerResponse.Header or (if a response was returned at all) in 1375 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 1376 // whether the returned error was because http.StatusNotModified was returned. 1377 func (c *ProjectsAttestorsCreateCall) Do(opts ...googleapi.CallOption) (*Attestor, error) { 1378 gensupport.SetOptions(c.urlParams_, opts...) 1379 res, err := c.doRequest("json") 1380 if res != nil && res.StatusCode == http.StatusNotModified { 1381 if res.Body != nil { 1382 res.Body.Close() 1383 } 1384 return nil, gensupport.WrapError(&googleapi.Error{ 1385 Code: res.StatusCode, 1386 Header: res.Header, 1387 }) 1388 } 1389 if err != nil { 1390 return nil, err 1391 } 1392 defer googleapi.CloseBody(res) 1393 if err := googleapi.CheckResponse(res); err != nil { 1394 return nil, gensupport.WrapError(err) 1395 } 1396 ret := &Attestor{ 1397 ServerResponse: googleapi.ServerResponse{ 1398 Header: res.Header, 1399 HTTPStatusCode: res.StatusCode, 1400 }, 1401 } 1402 target := &ret 1403 if err := gensupport.DecodeResponse(target, res); err != nil { 1404 return nil, err 1405 } 1406 return ret, nil 1407 } 1408 1409 type ProjectsAttestorsDeleteCall struct { 1410 s *Service 1411 name string 1412 urlParams_ gensupport.URLParams 1413 ctx_ context.Context 1414 header_ http.Header 1415 } 1416 1417 // Delete: Deletes an attestor. Returns NOT_FOUND if the attestor does not 1418 // exist. 1419 // 1420 // - name: The name of the attestors to delete, in the format 1421 // `projects/*/attestors/*`. 1422 func (r *ProjectsAttestorsService) Delete(name string) *ProjectsAttestorsDeleteCall { 1423 c := &ProjectsAttestorsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1424 c.name = name 1425 return c 1426 } 1427 1428 // Fields allows partial responses to be retrieved. See 1429 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1430 // details. 1431 func (c *ProjectsAttestorsDeleteCall) Fields(s ...googleapi.Field) *ProjectsAttestorsDeleteCall { 1432 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1433 return c 1434 } 1435 1436 // Context sets the context to be used in this call's Do method. 1437 func (c *ProjectsAttestorsDeleteCall) Context(ctx context.Context) *ProjectsAttestorsDeleteCall { 1438 c.ctx_ = ctx 1439 return c 1440 } 1441 1442 // Header returns a http.Header that can be modified by the caller to add 1443 // headers to the request. 1444 func (c *ProjectsAttestorsDeleteCall) Header() http.Header { 1445 if c.header_ == nil { 1446 c.header_ = make(http.Header) 1447 } 1448 return c.header_ 1449 } 1450 1451 func (c *ProjectsAttestorsDeleteCall) doRequest(alt string) (*http.Response, error) { 1452 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 1453 var body io.Reader = nil 1454 c.urlParams_.Set("alt", alt) 1455 c.urlParams_.Set("prettyPrint", "false") 1456 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 1457 urls += "?" + c.urlParams_.Encode() 1458 req, err := http.NewRequest("DELETE", urls, body) 1459 if err != nil { 1460 return nil, err 1461 } 1462 req.Header = reqHeaders 1463 googleapi.Expand(req.URL, map[string]string{ 1464 "name": c.name, 1465 }) 1466 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1467 } 1468 1469 // Do executes the "binaryauthorization.projects.attestors.delete" call. 1470 // Any non-2xx status code is an error. Response headers are in either 1471 // *Empty.ServerResponse.Header or (if a response was returned at all) in 1472 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 1473 // whether the returned error was because http.StatusNotModified was returned. 1474 func (c *ProjectsAttestorsDeleteCall) Do(opts ...googleapi.CallOption) (*Empty, error) { 1475 gensupport.SetOptions(c.urlParams_, opts...) 1476 res, err := c.doRequest("json") 1477 if res != nil && res.StatusCode == http.StatusNotModified { 1478 if res.Body != nil { 1479 res.Body.Close() 1480 } 1481 return nil, gensupport.WrapError(&googleapi.Error{ 1482 Code: res.StatusCode, 1483 Header: res.Header, 1484 }) 1485 } 1486 if err != nil { 1487 return nil, err 1488 } 1489 defer googleapi.CloseBody(res) 1490 if err := googleapi.CheckResponse(res); err != nil { 1491 return nil, gensupport.WrapError(err) 1492 } 1493 ret := &Empty{ 1494 ServerResponse: googleapi.ServerResponse{ 1495 Header: res.Header, 1496 HTTPStatusCode: res.StatusCode, 1497 }, 1498 } 1499 target := &ret 1500 if err := gensupport.DecodeResponse(target, res); err != nil { 1501 return nil, err 1502 } 1503 return ret, nil 1504 } 1505 1506 type ProjectsAttestorsGetCall struct { 1507 s *Service 1508 name string 1509 urlParams_ gensupport.URLParams 1510 ifNoneMatch_ string 1511 ctx_ context.Context 1512 header_ http.Header 1513 } 1514 1515 // Get: Gets an attestor. Returns NOT_FOUND if the attestor does not exist. 1516 // 1517 // - name: The name of the attestor to retrieve, in the format 1518 // `projects/*/attestors/*`. 1519 func (r *ProjectsAttestorsService) Get(name string) *ProjectsAttestorsGetCall { 1520 c := &ProjectsAttestorsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1521 c.name = name 1522 return c 1523 } 1524 1525 // Fields allows partial responses to be retrieved. See 1526 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1527 // details. 1528 func (c *ProjectsAttestorsGetCall) Fields(s ...googleapi.Field) *ProjectsAttestorsGetCall { 1529 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1530 return c 1531 } 1532 1533 // IfNoneMatch sets an optional parameter which makes the operation fail if the 1534 // object's ETag matches the given value. This is useful for getting updates 1535 // only after the object has changed since the last request. 1536 func (c *ProjectsAttestorsGetCall) IfNoneMatch(entityTag string) *ProjectsAttestorsGetCall { 1537 c.ifNoneMatch_ = entityTag 1538 return c 1539 } 1540 1541 // Context sets the context to be used in this call's Do method. 1542 func (c *ProjectsAttestorsGetCall) Context(ctx context.Context) *ProjectsAttestorsGetCall { 1543 c.ctx_ = ctx 1544 return c 1545 } 1546 1547 // Header returns a http.Header that can be modified by the caller to add 1548 // headers to the request. 1549 func (c *ProjectsAttestorsGetCall) Header() http.Header { 1550 if c.header_ == nil { 1551 c.header_ = make(http.Header) 1552 } 1553 return c.header_ 1554 } 1555 1556 func (c *ProjectsAttestorsGetCall) doRequest(alt string) (*http.Response, error) { 1557 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 1558 if c.ifNoneMatch_ != "" { 1559 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1560 } 1561 var body io.Reader = nil 1562 c.urlParams_.Set("alt", alt) 1563 c.urlParams_.Set("prettyPrint", "false") 1564 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 1565 urls += "?" + c.urlParams_.Encode() 1566 req, err := http.NewRequest("GET", urls, body) 1567 if err != nil { 1568 return nil, err 1569 } 1570 req.Header = reqHeaders 1571 googleapi.Expand(req.URL, map[string]string{ 1572 "name": c.name, 1573 }) 1574 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1575 } 1576 1577 // Do executes the "binaryauthorization.projects.attestors.get" call. 1578 // Any non-2xx status code is an error. Response headers are in either 1579 // *Attestor.ServerResponse.Header or (if a response was returned at all) in 1580 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 1581 // whether the returned error was because http.StatusNotModified was returned. 1582 func (c *ProjectsAttestorsGetCall) Do(opts ...googleapi.CallOption) (*Attestor, error) { 1583 gensupport.SetOptions(c.urlParams_, opts...) 1584 res, err := c.doRequest("json") 1585 if res != nil && res.StatusCode == http.StatusNotModified { 1586 if res.Body != nil { 1587 res.Body.Close() 1588 } 1589 return nil, gensupport.WrapError(&googleapi.Error{ 1590 Code: res.StatusCode, 1591 Header: res.Header, 1592 }) 1593 } 1594 if err != nil { 1595 return nil, err 1596 } 1597 defer googleapi.CloseBody(res) 1598 if err := googleapi.CheckResponse(res); err != nil { 1599 return nil, gensupport.WrapError(err) 1600 } 1601 ret := &Attestor{ 1602 ServerResponse: googleapi.ServerResponse{ 1603 Header: res.Header, 1604 HTTPStatusCode: res.StatusCode, 1605 }, 1606 } 1607 target := &ret 1608 if err := gensupport.DecodeResponse(target, res); err != nil { 1609 return nil, err 1610 } 1611 return ret, nil 1612 } 1613 1614 type ProjectsAttestorsGetIamPolicyCall struct { 1615 s *Service 1616 resource string 1617 urlParams_ gensupport.URLParams 1618 ifNoneMatch_ string 1619 ctx_ context.Context 1620 header_ http.Header 1621 } 1622 1623 // GetIamPolicy: Gets the access control policy for a resource. Returns an 1624 // empty policy if the resource exists and does not have a policy set. 1625 // 1626 // - resource: REQUIRED: The resource for which the policy is being requested. 1627 // See Resource names (https://cloud.google.com/apis/design/resource_names) 1628 // for the appropriate value for this field. 1629 func (r *ProjectsAttestorsService) GetIamPolicy(resource string) *ProjectsAttestorsGetIamPolicyCall { 1630 c := &ProjectsAttestorsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1631 c.resource = resource 1632 return c 1633 } 1634 1635 // OptionsRequestedPolicyVersion sets the optional parameter 1636 // "options.requestedPolicyVersion": The maximum policy version that will be 1637 // used to format the policy. Valid values are 0, 1, and 3. Requests specifying 1638 // an invalid value will be rejected. Requests for policies with any 1639 // conditional role bindings must specify version 3. Policies with no 1640 // conditional role bindings may specify any valid value or leave the field 1641 // unset. The policy in the response might use the policy version that you 1642 // specified, or it might use a lower policy version. For example, if you 1643 // specify version 3, but the policy has no conditional role bindings, the 1644 // response uses version 1. To learn which resources support conditions in 1645 // their IAM policies, see the IAM documentation 1646 // (https://cloud.google.com/iam/help/conditions/resource-policies). 1647 func (c *ProjectsAttestorsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsAttestorsGetIamPolicyCall { 1648 c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion)) 1649 return c 1650 } 1651 1652 // Fields allows partial responses to be retrieved. See 1653 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1654 // details. 1655 func (c *ProjectsAttestorsGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsAttestorsGetIamPolicyCall { 1656 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1657 return c 1658 } 1659 1660 // IfNoneMatch sets an optional parameter which makes the operation fail if the 1661 // object's ETag matches the given value. This is useful for getting updates 1662 // only after the object has changed since the last request. 1663 func (c *ProjectsAttestorsGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsAttestorsGetIamPolicyCall { 1664 c.ifNoneMatch_ = entityTag 1665 return c 1666 } 1667 1668 // Context sets the context to be used in this call's Do method. 1669 func (c *ProjectsAttestorsGetIamPolicyCall) Context(ctx context.Context) *ProjectsAttestorsGetIamPolicyCall { 1670 c.ctx_ = ctx 1671 return c 1672 } 1673 1674 // Header returns a http.Header that can be modified by the caller to add 1675 // headers to the request. 1676 func (c *ProjectsAttestorsGetIamPolicyCall) Header() http.Header { 1677 if c.header_ == nil { 1678 c.header_ = make(http.Header) 1679 } 1680 return c.header_ 1681 } 1682 1683 func (c *ProjectsAttestorsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 1684 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 1685 if c.ifNoneMatch_ != "" { 1686 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1687 } 1688 var body io.Reader = nil 1689 c.urlParams_.Set("alt", alt) 1690 c.urlParams_.Set("prettyPrint", "false") 1691 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:getIamPolicy") 1692 urls += "?" + c.urlParams_.Encode() 1693 req, err := http.NewRequest("GET", urls, body) 1694 if err != nil { 1695 return nil, err 1696 } 1697 req.Header = reqHeaders 1698 googleapi.Expand(req.URL, map[string]string{ 1699 "resource": c.resource, 1700 }) 1701 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1702 } 1703 1704 // Do executes the "binaryauthorization.projects.attestors.getIamPolicy" call. 1705 // Any non-2xx status code is an error. Response headers are in either 1706 // *IamPolicy.ServerResponse.Header or (if a response was returned at all) in 1707 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 1708 // whether the returned error was because http.StatusNotModified was returned. 1709 func (c *ProjectsAttestorsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 1710 gensupport.SetOptions(c.urlParams_, opts...) 1711 res, err := c.doRequest("json") 1712 if res != nil && res.StatusCode == http.StatusNotModified { 1713 if res.Body != nil { 1714 res.Body.Close() 1715 } 1716 return nil, gensupport.WrapError(&googleapi.Error{ 1717 Code: res.StatusCode, 1718 Header: res.Header, 1719 }) 1720 } 1721 if err != nil { 1722 return nil, err 1723 } 1724 defer googleapi.CloseBody(res) 1725 if err := googleapi.CheckResponse(res); err != nil { 1726 return nil, gensupport.WrapError(err) 1727 } 1728 ret := &IamPolicy{ 1729 ServerResponse: googleapi.ServerResponse{ 1730 Header: res.Header, 1731 HTTPStatusCode: res.StatusCode, 1732 }, 1733 } 1734 target := &ret 1735 if err := gensupport.DecodeResponse(target, res); err != nil { 1736 return nil, err 1737 } 1738 return ret, nil 1739 } 1740 1741 type ProjectsAttestorsListCall struct { 1742 s *Service 1743 parent string 1744 urlParams_ gensupport.URLParams 1745 ifNoneMatch_ string 1746 ctx_ context.Context 1747 header_ http.Header 1748 } 1749 1750 // List: Lists attestors. Returns INVALID_ARGUMENT if the project does not 1751 // exist. 1752 // 1753 // - parent: The resource name of the project associated with the attestors, in 1754 // the format `projects/*`. 1755 func (r *ProjectsAttestorsService) List(parent string) *ProjectsAttestorsListCall { 1756 c := &ProjectsAttestorsListCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1757 c.parent = parent 1758 return c 1759 } 1760 1761 // PageSize sets the optional parameter "pageSize": Requested page size. The 1762 // server may return fewer results than requested. If unspecified, the server 1763 // will pick an appropriate default. 1764 func (c *ProjectsAttestorsListCall) PageSize(pageSize int64) *ProjectsAttestorsListCall { 1765 c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) 1766 return c 1767 } 1768 1769 // PageToken sets the optional parameter "pageToken": A token identifying a 1770 // page of results the server should return. Typically, this is the value of 1771 // ListAttestorsResponse.next_page_token returned from the previous call to the 1772 // `ListAttestors` method. 1773 func (c *ProjectsAttestorsListCall) PageToken(pageToken string) *ProjectsAttestorsListCall { 1774 c.urlParams_.Set("pageToken", pageToken) 1775 return c 1776 } 1777 1778 // Fields allows partial responses to be retrieved. See 1779 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1780 // details. 1781 func (c *ProjectsAttestorsListCall) Fields(s ...googleapi.Field) *ProjectsAttestorsListCall { 1782 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1783 return c 1784 } 1785 1786 // IfNoneMatch sets an optional parameter which makes the operation fail if the 1787 // object's ETag matches the given value. This is useful for getting updates 1788 // only after the object has changed since the last request. 1789 func (c *ProjectsAttestorsListCall) IfNoneMatch(entityTag string) *ProjectsAttestorsListCall { 1790 c.ifNoneMatch_ = entityTag 1791 return c 1792 } 1793 1794 // Context sets the context to be used in this call's Do method. 1795 func (c *ProjectsAttestorsListCall) Context(ctx context.Context) *ProjectsAttestorsListCall { 1796 c.ctx_ = ctx 1797 return c 1798 } 1799 1800 // Header returns a http.Header that can be modified by the caller to add 1801 // headers to the request. 1802 func (c *ProjectsAttestorsListCall) Header() http.Header { 1803 if c.header_ == nil { 1804 c.header_ = make(http.Header) 1805 } 1806 return c.header_ 1807 } 1808 1809 func (c *ProjectsAttestorsListCall) doRequest(alt string) (*http.Response, error) { 1810 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 1811 if c.ifNoneMatch_ != "" { 1812 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1813 } 1814 var body io.Reader = nil 1815 c.urlParams_.Set("alt", alt) 1816 c.urlParams_.Set("prettyPrint", "false") 1817 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+parent}/attestors") 1818 urls += "?" + c.urlParams_.Encode() 1819 req, err := http.NewRequest("GET", urls, body) 1820 if err != nil { 1821 return nil, err 1822 } 1823 req.Header = reqHeaders 1824 googleapi.Expand(req.URL, map[string]string{ 1825 "parent": c.parent, 1826 }) 1827 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1828 } 1829 1830 // Do executes the "binaryauthorization.projects.attestors.list" call. 1831 // Any non-2xx status code is an error. Response headers are in either 1832 // *ListAttestorsResponse.ServerResponse.Header or (if a response was returned 1833 // at all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 1834 // check whether the returned error was because http.StatusNotModified was 1835 // returned. 1836 func (c *ProjectsAttestorsListCall) Do(opts ...googleapi.CallOption) (*ListAttestorsResponse, error) { 1837 gensupport.SetOptions(c.urlParams_, opts...) 1838 res, err := c.doRequest("json") 1839 if res != nil && res.StatusCode == http.StatusNotModified { 1840 if res.Body != nil { 1841 res.Body.Close() 1842 } 1843 return nil, gensupport.WrapError(&googleapi.Error{ 1844 Code: res.StatusCode, 1845 Header: res.Header, 1846 }) 1847 } 1848 if err != nil { 1849 return nil, err 1850 } 1851 defer googleapi.CloseBody(res) 1852 if err := googleapi.CheckResponse(res); err != nil { 1853 return nil, gensupport.WrapError(err) 1854 } 1855 ret := &ListAttestorsResponse{ 1856 ServerResponse: googleapi.ServerResponse{ 1857 Header: res.Header, 1858 HTTPStatusCode: res.StatusCode, 1859 }, 1860 } 1861 target := &ret 1862 if err := gensupport.DecodeResponse(target, res); err != nil { 1863 return nil, err 1864 } 1865 return ret, nil 1866 } 1867 1868 // Pages invokes f for each page of results. 1869 // A non-nil error returned from f will halt the iteration. 1870 // The provided context supersedes any context provided to the Context method. 1871 func (c *ProjectsAttestorsListCall) Pages(ctx context.Context, f func(*ListAttestorsResponse) error) error { 1872 c.ctx_ = ctx 1873 defer c.PageToken(c.urlParams_.Get("pageToken")) 1874 for { 1875 x, err := c.Do() 1876 if err != nil { 1877 return err 1878 } 1879 if err := f(x); err != nil { 1880 return err 1881 } 1882 if x.NextPageToken == "" { 1883 return nil 1884 } 1885 c.PageToken(x.NextPageToken) 1886 } 1887 } 1888 1889 type ProjectsAttestorsSetIamPolicyCall struct { 1890 s *Service 1891 resource string 1892 setiampolicyrequest *SetIamPolicyRequest 1893 urlParams_ gensupport.URLParams 1894 ctx_ context.Context 1895 header_ http.Header 1896 } 1897 1898 // SetIamPolicy: Sets the access control policy on the specified resource. 1899 // Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, 1900 // and `PERMISSION_DENIED` errors. 1901 // 1902 // - resource: REQUIRED: The resource for which the policy is being specified. 1903 // See Resource names (https://cloud.google.com/apis/design/resource_names) 1904 // for the appropriate value for this field. 1905 func (r *ProjectsAttestorsService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsAttestorsSetIamPolicyCall { 1906 c := &ProjectsAttestorsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1907 c.resource = resource 1908 c.setiampolicyrequest = setiampolicyrequest 1909 return c 1910 } 1911 1912 // Fields allows partial responses to be retrieved. See 1913 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1914 // details. 1915 func (c *ProjectsAttestorsSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsAttestorsSetIamPolicyCall { 1916 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1917 return c 1918 } 1919 1920 // Context sets the context to be used in this call's Do method. 1921 func (c *ProjectsAttestorsSetIamPolicyCall) Context(ctx context.Context) *ProjectsAttestorsSetIamPolicyCall { 1922 c.ctx_ = ctx 1923 return c 1924 } 1925 1926 // Header returns a http.Header that can be modified by the caller to add 1927 // headers to the request. 1928 func (c *ProjectsAttestorsSetIamPolicyCall) Header() http.Header { 1929 if c.header_ == nil { 1930 c.header_ = make(http.Header) 1931 } 1932 return c.header_ 1933 } 1934 1935 func (c *ProjectsAttestorsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 1936 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 1937 var body io.Reader = nil 1938 body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest) 1939 if err != nil { 1940 return nil, err 1941 } 1942 c.urlParams_.Set("alt", alt) 1943 c.urlParams_.Set("prettyPrint", "false") 1944 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:setIamPolicy") 1945 urls += "?" + c.urlParams_.Encode() 1946 req, err := http.NewRequest("POST", urls, body) 1947 if err != nil { 1948 return nil, err 1949 } 1950 req.Header = reqHeaders 1951 googleapi.Expand(req.URL, map[string]string{ 1952 "resource": c.resource, 1953 }) 1954 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1955 } 1956 1957 // Do executes the "binaryauthorization.projects.attestors.setIamPolicy" call. 1958 // Any non-2xx status code is an error. Response headers are in either 1959 // *IamPolicy.ServerResponse.Header or (if a response was returned at all) in 1960 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 1961 // whether the returned error was because http.StatusNotModified was returned. 1962 func (c *ProjectsAttestorsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 1963 gensupport.SetOptions(c.urlParams_, opts...) 1964 res, err := c.doRequest("json") 1965 if res != nil && res.StatusCode == http.StatusNotModified { 1966 if res.Body != nil { 1967 res.Body.Close() 1968 } 1969 return nil, gensupport.WrapError(&googleapi.Error{ 1970 Code: res.StatusCode, 1971 Header: res.Header, 1972 }) 1973 } 1974 if err != nil { 1975 return nil, err 1976 } 1977 defer googleapi.CloseBody(res) 1978 if err := googleapi.CheckResponse(res); err != nil { 1979 return nil, gensupport.WrapError(err) 1980 } 1981 ret := &IamPolicy{ 1982 ServerResponse: googleapi.ServerResponse{ 1983 Header: res.Header, 1984 HTTPStatusCode: res.StatusCode, 1985 }, 1986 } 1987 target := &ret 1988 if err := gensupport.DecodeResponse(target, res); err != nil { 1989 return nil, err 1990 } 1991 return ret, nil 1992 } 1993 1994 type ProjectsAttestorsTestIamPermissionsCall struct { 1995 s *Service 1996 resource string 1997 testiampermissionsrequest *TestIamPermissionsRequest 1998 urlParams_ gensupport.URLParams 1999 ctx_ context.Context 2000 header_ http.Header 2001 } 2002 2003 // TestIamPermissions: Returns permissions that a caller has on the specified 2004 // resource. If the resource does not exist, this will return an empty set of 2005 // permissions, not a `NOT_FOUND` error. Note: This operation is designed to be 2006 // used for building permission-aware UIs and command-line tools, not for 2007 // authorization checking. This operation may "fail open" without warning. 2008 // 2009 // - resource: REQUIRED: The resource for which the policy detail is being 2010 // requested. See Resource names 2011 // (https://cloud.google.com/apis/design/resource_names) for the appropriate 2012 // value for this field. 2013 func (r *ProjectsAttestorsService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsAttestorsTestIamPermissionsCall { 2014 c := &ProjectsAttestorsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2015 c.resource = resource 2016 c.testiampermissionsrequest = testiampermissionsrequest 2017 return c 2018 } 2019 2020 // Fields allows partial responses to be retrieved. See 2021 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 2022 // details. 2023 func (c *ProjectsAttestorsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsAttestorsTestIamPermissionsCall { 2024 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2025 return c 2026 } 2027 2028 // Context sets the context to be used in this call's Do method. 2029 func (c *ProjectsAttestorsTestIamPermissionsCall) Context(ctx context.Context) *ProjectsAttestorsTestIamPermissionsCall { 2030 c.ctx_ = ctx 2031 return c 2032 } 2033 2034 // Header returns a http.Header that can be modified by the caller to add 2035 // headers to the request. 2036 func (c *ProjectsAttestorsTestIamPermissionsCall) Header() http.Header { 2037 if c.header_ == nil { 2038 c.header_ = make(http.Header) 2039 } 2040 return c.header_ 2041 } 2042 2043 func (c *ProjectsAttestorsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) { 2044 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 2045 var body io.Reader = nil 2046 body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest) 2047 if err != nil { 2048 return nil, err 2049 } 2050 c.urlParams_.Set("alt", alt) 2051 c.urlParams_.Set("prettyPrint", "false") 2052 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:testIamPermissions") 2053 urls += "?" + c.urlParams_.Encode() 2054 req, err := http.NewRequest("POST", urls, body) 2055 if err != nil { 2056 return nil, err 2057 } 2058 req.Header = reqHeaders 2059 googleapi.Expand(req.URL, map[string]string{ 2060 "resource": c.resource, 2061 }) 2062 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2063 } 2064 2065 // Do executes the "binaryauthorization.projects.attestors.testIamPermissions" call. 2066 // Any non-2xx status code is an error. Response headers are in either 2067 // *TestIamPermissionsResponse.ServerResponse.Header or (if a response was 2068 // returned at all) in error.(*googleapi.Error).Header. Use 2069 // googleapi.IsNotModified to check whether the returned error was because 2070 // http.StatusNotModified was returned. 2071 func (c *ProjectsAttestorsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) { 2072 gensupport.SetOptions(c.urlParams_, opts...) 2073 res, err := c.doRequest("json") 2074 if res != nil && res.StatusCode == http.StatusNotModified { 2075 if res.Body != nil { 2076 res.Body.Close() 2077 } 2078 return nil, gensupport.WrapError(&googleapi.Error{ 2079 Code: res.StatusCode, 2080 Header: res.Header, 2081 }) 2082 } 2083 if err != nil { 2084 return nil, err 2085 } 2086 defer googleapi.CloseBody(res) 2087 if err := googleapi.CheckResponse(res); err != nil { 2088 return nil, gensupport.WrapError(err) 2089 } 2090 ret := &TestIamPermissionsResponse{ 2091 ServerResponse: googleapi.ServerResponse{ 2092 Header: res.Header, 2093 HTTPStatusCode: res.StatusCode, 2094 }, 2095 } 2096 target := &ret 2097 if err := gensupport.DecodeResponse(target, res); err != nil { 2098 return nil, err 2099 } 2100 return ret, nil 2101 } 2102 2103 type ProjectsAttestorsUpdateCall struct { 2104 s *Service 2105 name string 2106 attestor *Attestor 2107 urlParams_ gensupport.URLParams 2108 ctx_ context.Context 2109 header_ http.Header 2110 } 2111 2112 // Update: Updates an attestor. Returns NOT_FOUND if the attestor does not 2113 // exist. 2114 // 2115 // - name: The resource name, in the format: `projects/*/attestors/*`. This 2116 // field may not be updated. 2117 func (r *ProjectsAttestorsService) Update(name string, attestor *Attestor) *ProjectsAttestorsUpdateCall { 2118 c := &ProjectsAttestorsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2119 c.name = name 2120 c.attestor = attestor 2121 return c 2122 } 2123 2124 // Fields allows partial responses to be retrieved. See 2125 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 2126 // details. 2127 func (c *ProjectsAttestorsUpdateCall) Fields(s ...googleapi.Field) *ProjectsAttestorsUpdateCall { 2128 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2129 return c 2130 } 2131 2132 // Context sets the context to be used in this call's Do method. 2133 func (c *ProjectsAttestorsUpdateCall) Context(ctx context.Context) *ProjectsAttestorsUpdateCall { 2134 c.ctx_ = ctx 2135 return c 2136 } 2137 2138 // Header returns a http.Header that can be modified by the caller to add 2139 // headers to the request. 2140 func (c *ProjectsAttestorsUpdateCall) Header() http.Header { 2141 if c.header_ == nil { 2142 c.header_ = make(http.Header) 2143 } 2144 return c.header_ 2145 } 2146 2147 func (c *ProjectsAttestorsUpdateCall) doRequest(alt string) (*http.Response, error) { 2148 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 2149 var body io.Reader = nil 2150 body, err := googleapi.WithoutDataWrapper.JSONReader(c.attestor) 2151 if err != nil { 2152 return nil, err 2153 } 2154 c.urlParams_.Set("alt", alt) 2155 c.urlParams_.Set("prettyPrint", "false") 2156 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 2157 urls += "?" + c.urlParams_.Encode() 2158 req, err := http.NewRequest("PUT", urls, body) 2159 if err != nil { 2160 return nil, err 2161 } 2162 req.Header = reqHeaders 2163 googleapi.Expand(req.URL, map[string]string{ 2164 "name": c.name, 2165 }) 2166 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2167 } 2168 2169 // Do executes the "binaryauthorization.projects.attestors.update" call. 2170 // Any non-2xx status code is an error. Response headers are in either 2171 // *Attestor.ServerResponse.Header or (if a response was returned at all) in 2172 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 2173 // whether the returned error was because http.StatusNotModified was returned. 2174 func (c *ProjectsAttestorsUpdateCall) Do(opts ...googleapi.CallOption) (*Attestor, error) { 2175 gensupport.SetOptions(c.urlParams_, opts...) 2176 res, err := c.doRequest("json") 2177 if res != nil && res.StatusCode == http.StatusNotModified { 2178 if res.Body != nil { 2179 res.Body.Close() 2180 } 2181 return nil, gensupport.WrapError(&googleapi.Error{ 2182 Code: res.StatusCode, 2183 Header: res.Header, 2184 }) 2185 } 2186 if err != nil { 2187 return nil, err 2188 } 2189 defer googleapi.CloseBody(res) 2190 if err := googleapi.CheckResponse(res); err != nil { 2191 return nil, gensupport.WrapError(err) 2192 } 2193 ret := &Attestor{ 2194 ServerResponse: googleapi.ServerResponse{ 2195 Header: res.Header, 2196 HTTPStatusCode: res.StatusCode, 2197 }, 2198 } 2199 target := &ret 2200 if err := gensupport.DecodeResponse(target, res); err != nil { 2201 return nil, err 2202 } 2203 return ret, nil 2204 } 2205 2206 type ProjectsAttestorsValidateAttestationOccurrenceCall struct { 2207 s *Service 2208 attestor string 2209 validateattestationoccurrencerequest *ValidateAttestationOccurrenceRequest 2210 urlParams_ gensupport.URLParams 2211 ctx_ context.Context 2212 header_ http.Header 2213 } 2214 2215 // ValidateAttestationOccurrence: Returns whether the given `Attestation` for 2216 // the given image URI was signed by the given `Attestor` 2217 // 2218 // - attestor: The resource name of the Attestor of the occurrence, in the 2219 // format `projects/*/attestors/*`. 2220 func (r *ProjectsAttestorsService) ValidateAttestationOccurrence(attestor string, validateattestationoccurrencerequest *ValidateAttestationOccurrenceRequest) *ProjectsAttestorsValidateAttestationOccurrenceCall { 2221 c := &ProjectsAttestorsValidateAttestationOccurrenceCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2222 c.attestor = attestor 2223 c.validateattestationoccurrencerequest = validateattestationoccurrencerequest 2224 return c 2225 } 2226 2227 // Fields allows partial responses to be retrieved. See 2228 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 2229 // details. 2230 func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Fields(s ...googleapi.Field) *ProjectsAttestorsValidateAttestationOccurrenceCall { 2231 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2232 return c 2233 } 2234 2235 // Context sets the context to be used in this call's Do method. 2236 func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Context(ctx context.Context) *ProjectsAttestorsValidateAttestationOccurrenceCall { 2237 c.ctx_ = ctx 2238 return c 2239 } 2240 2241 // Header returns a http.Header that can be modified by the caller to add 2242 // headers to the request. 2243 func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Header() http.Header { 2244 if c.header_ == nil { 2245 c.header_ = make(http.Header) 2246 } 2247 return c.header_ 2248 } 2249 2250 func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) doRequest(alt string) (*http.Response, error) { 2251 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 2252 var body io.Reader = nil 2253 body, err := googleapi.WithoutDataWrapper.JSONReader(c.validateattestationoccurrencerequest) 2254 if err != nil { 2255 return nil, err 2256 } 2257 c.urlParams_.Set("alt", alt) 2258 c.urlParams_.Set("prettyPrint", "false") 2259 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+attestor}:validateAttestationOccurrence") 2260 urls += "?" + c.urlParams_.Encode() 2261 req, err := http.NewRequest("POST", urls, body) 2262 if err != nil { 2263 return nil, err 2264 } 2265 req.Header = reqHeaders 2266 googleapi.Expand(req.URL, map[string]string{ 2267 "attestor": c.attestor, 2268 }) 2269 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2270 } 2271 2272 // Do executes the "binaryauthorization.projects.attestors.validateAttestationOccurrence" call. 2273 // Any non-2xx status code is an error. Response headers are in either 2274 // *ValidateAttestationOccurrenceResponse.ServerResponse.Header or (if a 2275 // response was returned at all) in error.(*googleapi.Error).Header. Use 2276 // googleapi.IsNotModified to check whether the returned error was because 2277 // http.StatusNotModified was returned. 2278 func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Do(opts ...googleapi.CallOption) (*ValidateAttestationOccurrenceResponse, error) { 2279 gensupport.SetOptions(c.urlParams_, opts...) 2280 res, err := c.doRequest("json") 2281 if res != nil && res.StatusCode == http.StatusNotModified { 2282 if res.Body != nil { 2283 res.Body.Close() 2284 } 2285 return nil, gensupport.WrapError(&googleapi.Error{ 2286 Code: res.StatusCode, 2287 Header: res.Header, 2288 }) 2289 } 2290 if err != nil { 2291 return nil, err 2292 } 2293 defer googleapi.CloseBody(res) 2294 if err := googleapi.CheckResponse(res); err != nil { 2295 return nil, gensupport.WrapError(err) 2296 } 2297 ret := &ValidateAttestationOccurrenceResponse{ 2298 ServerResponse: googleapi.ServerResponse{ 2299 Header: res.Header, 2300 HTTPStatusCode: res.StatusCode, 2301 }, 2302 } 2303 target := &ret 2304 if err := gensupport.DecodeResponse(target, res); err != nil { 2305 return nil, err 2306 } 2307 return ret, nil 2308 } 2309 2310 type ProjectsPolicyGetIamPolicyCall struct { 2311 s *Service 2312 resource string 2313 urlParams_ gensupport.URLParams 2314 ifNoneMatch_ string 2315 ctx_ context.Context 2316 header_ http.Header 2317 } 2318 2319 // GetIamPolicy: Gets the access control policy for a resource. Returns an 2320 // empty policy if the resource exists and does not have a policy set. 2321 // 2322 // - resource: REQUIRED: The resource for which the policy is being requested. 2323 // See Resource names (https://cloud.google.com/apis/design/resource_names) 2324 // for the appropriate value for this field. 2325 func (r *ProjectsPolicyService) GetIamPolicy(resource string) *ProjectsPolicyGetIamPolicyCall { 2326 c := &ProjectsPolicyGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2327 c.resource = resource 2328 return c 2329 } 2330 2331 // OptionsRequestedPolicyVersion sets the optional parameter 2332 // "options.requestedPolicyVersion": The maximum policy version that will be 2333 // used to format the policy. Valid values are 0, 1, and 3. Requests specifying 2334 // an invalid value will be rejected. Requests for policies with any 2335 // conditional role bindings must specify version 3. Policies with no 2336 // conditional role bindings may specify any valid value or leave the field 2337 // unset. The policy in the response might use the policy version that you 2338 // specified, or it might use a lower policy version. For example, if you 2339 // specify version 3, but the policy has no conditional role bindings, the 2340 // response uses version 1. To learn which resources support conditions in 2341 // their IAM policies, see the IAM documentation 2342 // (https://cloud.google.com/iam/help/conditions/resource-policies). 2343 func (c *ProjectsPolicyGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsPolicyGetIamPolicyCall { 2344 c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion)) 2345 return c 2346 } 2347 2348 // Fields allows partial responses to be retrieved. See 2349 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 2350 // details. 2351 func (c *ProjectsPolicyGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsPolicyGetIamPolicyCall { 2352 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2353 return c 2354 } 2355 2356 // IfNoneMatch sets an optional parameter which makes the operation fail if the 2357 // object's ETag matches the given value. This is useful for getting updates 2358 // only after the object has changed since the last request. 2359 func (c *ProjectsPolicyGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsPolicyGetIamPolicyCall { 2360 c.ifNoneMatch_ = entityTag 2361 return c 2362 } 2363 2364 // Context sets the context to be used in this call's Do method. 2365 func (c *ProjectsPolicyGetIamPolicyCall) Context(ctx context.Context) *ProjectsPolicyGetIamPolicyCall { 2366 c.ctx_ = ctx 2367 return c 2368 } 2369 2370 // Header returns a http.Header that can be modified by the caller to add 2371 // headers to the request. 2372 func (c *ProjectsPolicyGetIamPolicyCall) Header() http.Header { 2373 if c.header_ == nil { 2374 c.header_ = make(http.Header) 2375 } 2376 return c.header_ 2377 } 2378 2379 func (c *ProjectsPolicyGetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 2380 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 2381 if c.ifNoneMatch_ != "" { 2382 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2383 } 2384 var body io.Reader = nil 2385 c.urlParams_.Set("alt", alt) 2386 c.urlParams_.Set("prettyPrint", "false") 2387 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:getIamPolicy") 2388 urls += "?" + c.urlParams_.Encode() 2389 req, err := http.NewRequest("GET", urls, body) 2390 if err != nil { 2391 return nil, err 2392 } 2393 req.Header = reqHeaders 2394 googleapi.Expand(req.URL, map[string]string{ 2395 "resource": c.resource, 2396 }) 2397 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2398 } 2399 2400 // Do executes the "binaryauthorization.projects.policy.getIamPolicy" call. 2401 // Any non-2xx status code is an error. Response headers are in either 2402 // *IamPolicy.ServerResponse.Header or (if a response was returned at all) in 2403 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 2404 // whether the returned error was because http.StatusNotModified was returned. 2405 func (c *ProjectsPolicyGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 2406 gensupport.SetOptions(c.urlParams_, opts...) 2407 res, err := c.doRequest("json") 2408 if res != nil && res.StatusCode == http.StatusNotModified { 2409 if res.Body != nil { 2410 res.Body.Close() 2411 } 2412 return nil, gensupport.WrapError(&googleapi.Error{ 2413 Code: res.StatusCode, 2414 Header: res.Header, 2415 }) 2416 } 2417 if err != nil { 2418 return nil, err 2419 } 2420 defer googleapi.CloseBody(res) 2421 if err := googleapi.CheckResponse(res); err != nil { 2422 return nil, gensupport.WrapError(err) 2423 } 2424 ret := &IamPolicy{ 2425 ServerResponse: googleapi.ServerResponse{ 2426 Header: res.Header, 2427 HTTPStatusCode: res.StatusCode, 2428 }, 2429 } 2430 target := &ret 2431 if err := gensupport.DecodeResponse(target, res); err != nil { 2432 return nil, err 2433 } 2434 return ret, nil 2435 } 2436 2437 type ProjectsPolicySetIamPolicyCall struct { 2438 s *Service 2439 resource string 2440 setiampolicyrequest *SetIamPolicyRequest 2441 urlParams_ gensupport.URLParams 2442 ctx_ context.Context 2443 header_ http.Header 2444 } 2445 2446 // SetIamPolicy: Sets the access control policy on the specified resource. 2447 // Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, 2448 // and `PERMISSION_DENIED` errors. 2449 // 2450 // - resource: REQUIRED: The resource for which the policy is being specified. 2451 // See Resource names (https://cloud.google.com/apis/design/resource_names) 2452 // for the appropriate value for this field. 2453 func (r *ProjectsPolicyService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsPolicySetIamPolicyCall { 2454 c := &ProjectsPolicySetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2455 c.resource = resource 2456 c.setiampolicyrequest = setiampolicyrequest 2457 return c 2458 } 2459 2460 // Fields allows partial responses to be retrieved. See 2461 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 2462 // details. 2463 func (c *ProjectsPolicySetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsPolicySetIamPolicyCall { 2464 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2465 return c 2466 } 2467 2468 // Context sets the context to be used in this call's Do method. 2469 func (c *ProjectsPolicySetIamPolicyCall) Context(ctx context.Context) *ProjectsPolicySetIamPolicyCall { 2470 c.ctx_ = ctx 2471 return c 2472 } 2473 2474 // Header returns a http.Header that can be modified by the caller to add 2475 // headers to the request. 2476 func (c *ProjectsPolicySetIamPolicyCall) Header() http.Header { 2477 if c.header_ == nil { 2478 c.header_ = make(http.Header) 2479 } 2480 return c.header_ 2481 } 2482 2483 func (c *ProjectsPolicySetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 2484 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 2485 var body io.Reader = nil 2486 body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest) 2487 if err != nil { 2488 return nil, err 2489 } 2490 c.urlParams_.Set("alt", alt) 2491 c.urlParams_.Set("prettyPrint", "false") 2492 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:setIamPolicy") 2493 urls += "?" + c.urlParams_.Encode() 2494 req, err := http.NewRequest("POST", urls, body) 2495 if err != nil { 2496 return nil, err 2497 } 2498 req.Header = reqHeaders 2499 googleapi.Expand(req.URL, map[string]string{ 2500 "resource": c.resource, 2501 }) 2502 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2503 } 2504 2505 // Do executes the "binaryauthorization.projects.policy.setIamPolicy" call. 2506 // Any non-2xx status code is an error. Response headers are in either 2507 // *IamPolicy.ServerResponse.Header or (if a response was returned at all) in 2508 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 2509 // whether the returned error was because http.StatusNotModified was returned. 2510 func (c *ProjectsPolicySetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 2511 gensupport.SetOptions(c.urlParams_, opts...) 2512 res, err := c.doRequest("json") 2513 if res != nil && res.StatusCode == http.StatusNotModified { 2514 if res.Body != nil { 2515 res.Body.Close() 2516 } 2517 return nil, gensupport.WrapError(&googleapi.Error{ 2518 Code: res.StatusCode, 2519 Header: res.Header, 2520 }) 2521 } 2522 if err != nil { 2523 return nil, err 2524 } 2525 defer googleapi.CloseBody(res) 2526 if err := googleapi.CheckResponse(res); err != nil { 2527 return nil, gensupport.WrapError(err) 2528 } 2529 ret := &IamPolicy{ 2530 ServerResponse: googleapi.ServerResponse{ 2531 Header: res.Header, 2532 HTTPStatusCode: res.StatusCode, 2533 }, 2534 } 2535 target := &ret 2536 if err := gensupport.DecodeResponse(target, res); err != nil { 2537 return nil, err 2538 } 2539 return ret, nil 2540 } 2541 2542 type ProjectsPolicyTestIamPermissionsCall struct { 2543 s *Service 2544 resource string 2545 testiampermissionsrequest *TestIamPermissionsRequest 2546 urlParams_ gensupport.URLParams 2547 ctx_ context.Context 2548 header_ http.Header 2549 } 2550 2551 // TestIamPermissions: Returns permissions that a caller has on the specified 2552 // resource. If the resource does not exist, this will return an empty set of 2553 // permissions, not a `NOT_FOUND` error. Note: This operation is designed to be 2554 // used for building permission-aware UIs and command-line tools, not for 2555 // authorization checking. This operation may "fail open" without warning. 2556 // 2557 // - resource: REQUIRED: The resource for which the policy detail is being 2558 // requested. See Resource names 2559 // (https://cloud.google.com/apis/design/resource_names) for the appropriate 2560 // value for this field. 2561 func (r *ProjectsPolicyService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsPolicyTestIamPermissionsCall { 2562 c := &ProjectsPolicyTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2563 c.resource = resource 2564 c.testiampermissionsrequest = testiampermissionsrequest 2565 return c 2566 } 2567 2568 // Fields allows partial responses to be retrieved. See 2569 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 2570 // details. 2571 func (c *ProjectsPolicyTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsPolicyTestIamPermissionsCall { 2572 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2573 return c 2574 } 2575 2576 // Context sets the context to be used in this call's Do method. 2577 func (c *ProjectsPolicyTestIamPermissionsCall) Context(ctx context.Context) *ProjectsPolicyTestIamPermissionsCall { 2578 c.ctx_ = ctx 2579 return c 2580 } 2581 2582 // Header returns a http.Header that can be modified by the caller to add 2583 // headers to the request. 2584 func (c *ProjectsPolicyTestIamPermissionsCall) Header() http.Header { 2585 if c.header_ == nil { 2586 c.header_ = make(http.Header) 2587 } 2588 return c.header_ 2589 } 2590 2591 func (c *ProjectsPolicyTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) { 2592 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 2593 var body io.Reader = nil 2594 body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest) 2595 if err != nil { 2596 return nil, err 2597 } 2598 c.urlParams_.Set("alt", alt) 2599 c.urlParams_.Set("prettyPrint", "false") 2600 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:testIamPermissions") 2601 urls += "?" + c.urlParams_.Encode() 2602 req, err := http.NewRequest("POST", urls, body) 2603 if err != nil { 2604 return nil, err 2605 } 2606 req.Header = reqHeaders 2607 googleapi.Expand(req.URL, map[string]string{ 2608 "resource": c.resource, 2609 }) 2610 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2611 } 2612 2613 // Do executes the "binaryauthorization.projects.policy.testIamPermissions" call. 2614 // Any non-2xx status code is an error. Response headers are in either 2615 // *TestIamPermissionsResponse.ServerResponse.Header or (if a response was 2616 // returned at all) in error.(*googleapi.Error).Header. Use 2617 // googleapi.IsNotModified to check whether the returned error was because 2618 // http.StatusNotModified was returned. 2619 func (c *ProjectsPolicyTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) { 2620 gensupport.SetOptions(c.urlParams_, opts...) 2621 res, err := c.doRequest("json") 2622 if res != nil && res.StatusCode == http.StatusNotModified { 2623 if res.Body != nil { 2624 res.Body.Close() 2625 } 2626 return nil, gensupport.WrapError(&googleapi.Error{ 2627 Code: res.StatusCode, 2628 Header: res.Header, 2629 }) 2630 } 2631 if err != nil { 2632 return nil, err 2633 } 2634 defer googleapi.CloseBody(res) 2635 if err := googleapi.CheckResponse(res); err != nil { 2636 return nil, gensupport.WrapError(err) 2637 } 2638 ret := &TestIamPermissionsResponse{ 2639 ServerResponse: googleapi.ServerResponse{ 2640 Header: res.Header, 2641 HTTPStatusCode: res.StatusCode, 2642 }, 2643 } 2644 target := &ret 2645 if err := gensupport.DecodeResponse(target, res); err != nil { 2646 return nil, err 2647 } 2648 return ret, nil 2649 } 2650 2651 type SystempolicyGetPolicyCall struct { 2652 s *Service 2653 name string 2654 urlParams_ gensupport.URLParams 2655 ifNoneMatch_ string 2656 ctx_ context.Context 2657 header_ http.Header 2658 } 2659 2660 // GetPolicy: Gets the current system policy in the specified location. 2661 // 2662 // - name: The resource name, in the format `locations/*/policy`. Note that the 2663 // system policy is not associated with a project. 2664 func (r *SystempolicyService) GetPolicy(name string) *SystempolicyGetPolicyCall { 2665 c := &SystempolicyGetPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2666 c.name = name 2667 return c 2668 } 2669 2670 // Fields allows partial responses to be retrieved. See 2671 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 2672 // details. 2673 func (c *SystempolicyGetPolicyCall) Fields(s ...googleapi.Field) *SystempolicyGetPolicyCall { 2674 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2675 return c 2676 } 2677 2678 // IfNoneMatch sets an optional parameter which makes the operation fail if the 2679 // object's ETag matches the given value. This is useful for getting updates 2680 // only after the object has changed since the last request. 2681 func (c *SystempolicyGetPolicyCall) IfNoneMatch(entityTag string) *SystempolicyGetPolicyCall { 2682 c.ifNoneMatch_ = entityTag 2683 return c 2684 } 2685 2686 // Context sets the context to be used in this call's Do method. 2687 func (c *SystempolicyGetPolicyCall) Context(ctx context.Context) *SystempolicyGetPolicyCall { 2688 c.ctx_ = ctx 2689 return c 2690 } 2691 2692 // Header returns a http.Header that can be modified by the caller to add 2693 // headers to the request. 2694 func (c *SystempolicyGetPolicyCall) Header() http.Header { 2695 if c.header_ == nil { 2696 c.header_ = make(http.Header) 2697 } 2698 return c.header_ 2699 } 2700 2701 func (c *SystempolicyGetPolicyCall) doRequest(alt string) (*http.Response, error) { 2702 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 2703 if c.ifNoneMatch_ != "" { 2704 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2705 } 2706 var body io.Reader = nil 2707 c.urlParams_.Set("alt", alt) 2708 c.urlParams_.Set("prettyPrint", "false") 2709 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 2710 urls += "?" + c.urlParams_.Encode() 2711 req, err := http.NewRequest("GET", urls, body) 2712 if err != nil { 2713 return nil, err 2714 } 2715 req.Header = reqHeaders 2716 googleapi.Expand(req.URL, map[string]string{ 2717 "name": c.name, 2718 }) 2719 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2720 } 2721 2722 // Do executes the "binaryauthorization.systempolicy.getPolicy" call. 2723 // Any non-2xx status code is an error. Response headers are in either 2724 // *Policy.ServerResponse.Header or (if a response was returned at all) in 2725 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 2726 // whether the returned error was because http.StatusNotModified was returned. 2727 func (c *SystempolicyGetPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 2728 gensupport.SetOptions(c.urlParams_, opts...) 2729 res, err := c.doRequest("json") 2730 if res != nil && res.StatusCode == http.StatusNotModified { 2731 if res.Body != nil { 2732 res.Body.Close() 2733 } 2734 return nil, gensupport.WrapError(&googleapi.Error{ 2735 Code: res.StatusCode, 2736 Header: res.Header, 2737 }) 2738 } 2739 if err != nil { 2740 return nil, err 2741 } 2742 defer googleapi.CloseBody(res) 2743 if err := googleapi.CheckResponse(res); err != nil { 2744 return nil, gensupport.WrapError(err) 2745 } 2746 ret := &Policy{ 2747 ServerResponse: googleapi.ServerResponse{ 2748 Header: res.Header, 2749 HTTPStatusCode: res.StatusCode, 2750 }, 2751 } 2752 target := &ret 2753 if err := gensupport.DecodeResponse(target, res); err != nil { 2754 return nil, err 2755 } 2756 return ret, nil 2757 } 2758