1 // Copyright 2024 Google LLC. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Code generated file. DO NOT EDIT. 6 7 // Package cloudasset provides access to the Cloud Asset API. 8 // 9 // For product documentation, see: https://cloud.google.com/asset-inventory/docs/quickstart 10 // 11 // # Library status 12 // 13 // These client libraries are officially supported by Google. However, this 14 // library is considered complete and is in maintenance mode. This means 15 // that we will address critical bugs and security issues but will not add 16 // any new features. 17 // 18 // When possible, we recommend using our newer 19 // [Cloud Client Libraries for Go](https://pkg.go.dev/cloud.google.com/go) 20 // that are still actively being worked and iterated on. 21 // 22 // # Creating a client 23 // 24 // Usage example: 25 // 26 // import "google.golang.org/api/cloudasset/v1p1beta1" 27 // ... 28 // ctx := context.Background() 29 // cloudassetService, err := cloudasset.NewService(ctx) 30 // 31 // In this example, Google Application Default Credentials are used for 32 // authentication. For information on how to create and obtain Application 33 // Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. 34 // 35 // # Other authentication options 36 // 37 // To use an API key for authentication (note: some APIs do not support API 38 // keys), use [google.golang.org/api/option.WithAPIKey]: 39 // 40 // cloudassetService, err := cloudasset.NewService(ctx, option.WithAPIKey("AIza...")) 41 // 42 // To use an OAuth token (e.g., a user token obtained via a three-legged OAuth 43 // flow, use [google.golang.org/api/option.WithTokenSource]: 44 // 45 // config := &oauth2.Config{...} 46 // // ... 47 // token, err := config.Exchange(ctx, ...) 48 // cloudassetService, err := cloudasset.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) 49 // 50 // See [google.golang.org/api/option.ClientOption] for details on options. 51 package cloudasset // import "google.golang.org/api/cloudasset/v1p1beta1" 52 53 import ( 54 "bytes" 55 "context" 56 "encoding/json" 57 "errors" 58 "fmt" 59 "io" 60 "net/http" 61 "net/url" 62 "strconv" 63 "strings" 64 65 googleapi "google.golang.org/api/googleapi" 66 internal "google.golang.org/api/internal" 67 gensupport "google.golang.org/api/internal/gensupport" 68 option "google.golang.org/api/option" 69 internaloption "google.golang.org/api/option/internaloption" 70 htransport "google.golang.org/api/transport/http" 71 ) 72 73 // Always reference these packages, just in case the auto-generated code 74 // below doesn't. 75 var _ = bytes.NewBuffer 76 var _ = strconv.Itoa 77 var _ = fmt.Sprintf 78 var _ = json.NewDecoder 79 var _ = io.Copy 80 var _ = url.Parse 81 var _ = gensupport.MarshalJSON 82 var _ = googleapi.Version 83 var _ = errors.New 84 var _ = strings.Replace 85 var _ = context.Canceled 86 var _ = internaloption.WithDefaultEndpoint 87 var _ = internal.Version 88 89 const apiId = "cloudasset:v1p1beta1" 90 const apiName = "cloudasset" 91 const apiVersion = "v1p1beta1" 92 const basePath = "https://cloudasset.googleapis.com/" 93 const basePathTemplate = "https://cloudasset.UNIVERSE_DOMAIN/" 94 const mtlsBasePath = "https://cloudasset.mtls.googleapis.com/" 95 96 // OAuth2 scopes used by this API. 97 const ( 98 // See, edit, configure, and delete your Google Cloud data and see the email 99 // address for your Google Account. 100 CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" 101 ) 102 103 // NewService creates a new Service. 104 func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { 105 scopesOption := internaloption.WithDefaultScopes( 106 "https://www.googleapis.com/auth/cloud-platform", 107 ) 108 // NOTE: prepend, so we don't override user-specified scopes. 109 opts = append([]option.ClientOption{scopesOption}, opts...) 110 opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) 111 opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate)) 112 opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) 113 opts = append(opts, internaloption.EnableNewAuthLibrary()) 114 client, endpoint, err := htransport.NewClient(ctx, opts...) 115 if err != nil { 116 return nil, err 117 } 118 s, err := New(client) 119 if err != nil { 120 return nil, err 121 } 122 if endpoint != "" { 123 s.BasePath = endpoint 124 } 125 return s, nil 126 } 127 128 // New creates a new Service. It uses the provided http.Client for requests. 129 // 130 // Deprecated: please use NewService instead. 131 // To provide a custom HTTP client, use option.WithHTTPClient. 132 // If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. 133 func New(client *http.Client) (*Service, error) { 134 if client == nil { 135 return nil, errors.New("client is nil") 136 } 137 s := &Service{client: client, BasePath: basePath} 138 s.IamPolicies = NewIamPoliciesService(s) 139 s.Resources = NewResourcesService(s) 140 return s, nil 141 } 142 143 type Service struct { 144 client *http.Client 145 BasePath string // API endpoint base URL 146 UserAgent string // optional additional User-Agent fragment 147 148 IamPolicies *IamPoliciesService 149 150 Resources *ResourcesService 151 } 152 153 func (s *Service) userAgent() string { 154 if s.UserAgent == "" { 155 return googleapi.UserAgent 156 } 157 return googleapi.UserAgent + " " + s.UserAgent 158 } 159 160 func NewIamPoliciesService(s *Service) *IamPoliciesService { 161 rs := &IamPoliciesService{s: s} 162 return rs 163 } 164 165 type IamPoliciesService struct { 166 s *Service 167 } 168 169 func NewResourcesService(s *Service) *ResourcesService { 170 rs := &ResourcesService{s: s} 171 return rs 172 } 173 174 type ResourcesService struct { 175 s *Service 176 } 177 178 // AnalyzeIamPolicyLongrunningMetadata: Represents the metadata of the 179 // longrunning operation for the AnalyzeIamPolicyLongrunning RPC. 180 type AnalyzeIamPolicyLongrunningMetadata struct { 181 // CreateTime: Output only. The time the operation was created. 182 CreateTime string `json:"createTime,omitempty"` 183 // ForceSendFields is a list of field names (e.g. "CreateTime") to 184 // unconditionally include in API requests. By default, fields with empty or 185 // default values are omitted from API requests. See 186 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 187 // details. 188 ForceSendFields []string `json:"-"` 189 // NullFields is a list of field names (e.g. "CreateTime") to include in API 190 // requests with the JSON null value. By default, fields with empty values are 191 // omitted from API requests. See 192 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 193 NullFields []string `json:"-"` 194 } 195 196 func (s *AnalyzeIamPolicyLongrunningMetadata) MarshalJSON() ([]byte, error) { 197 type NoMethod AnalyzeIamPolicyLongrunningMetadata 198 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 199 } 200 201 // AnalyzeIamPolicyLongrunningResponse: A response message for 202 // AssetService.AnalyzeIamPolicyLongrunning. 203 type AnalyzeIamPolicyLongrunningResponse struct { 204 } 205 206 // AuditConfig: Specifies the audit configuration for a service. The 207 // configuration determines which permission types are logged, and what 208 // identities, if any, are exempted from logging. An AuditConfig must have one 209 // or more AuditLogConfigs. If there are AuditConfigs for both `allServices` 210 // and a specific service, the union of the two AuditConfigs is used for that 211 // service: the log_types specified in each AuditConfig are enabled, and the 212 // exempted_members in each AuditLogConfig are exempted. Example Policy with 213 // multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", 214 // "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ 215 // "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": 216 // "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", 217 // "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": 218 // "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For 219 // sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 220 // logging. It also exempts `jose@example.com` from DATA_READ logging, and 221 // `aliya@example.com` from DATA_WRITE logging. 222 type AuditConfig struct { 223 // AuditLogConfigs: The configuration for logging of each type of permission. 224 AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"` 225 // Service: Specifies a service that will be enabled for audit logging. For 226 // example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` 227 // is a special value that covers all services. 228 Service string `json:"service,omitempty"` 229 // ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to 230 // unconditionally include in API requests. By default, fields with empty or 231 // default values are omitted from API requests. See 232 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 233 // details. 234 ForceSendFields []string `json:"-"` 235 // NullFields is a list of field names (e.g. "AuditLogConfigs") to include in 236 // API requests with the JSON null value. By default, fields with empty values 237 // are omitted from API requests. See 238 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 239 NullFields []string `json:"-"` 240 } 241 242 func (s *AuditConfig) MarshalJSON() ([]byte, error) { 243 type NoMethod AuditConfig 244 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 245 } 246 247 // AuditLogConfig: Provides the configuration for logging a type of 248 // permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", 249 // "exempted_members": [ "user:jose@example.com" ] }, { "log_type": 250 // "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while 251 // exempting jose@example.com from DATA_READ logging. 252 type AuditLogConfig struct { 253 // ExemptedMembers: Specifies the identities that do not cause logging for this 254 // type of permission. Follows the same format of Binding.members. 255 ExemptedMembers []string `json:"exemptedMembers,omitempty"` 256 // LogType: The log type that this config enables. 257 // 258 // Possible values: 259 // "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this. 260 // "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy 261 // "DATA_WRITE" - Data writes. Example: CloudSQL Users create 262 // "DATA_READ" - Data reads. Example: CloudSQL Users list 263 LogType string `json:"logType,omitempty"` 264 // ForceSendFields is a list of field names (e.g. "ExemptedMembers") to 265 // unconditionally include in API requests. By default, fields with empty or 266 // default values are omitted from API requests. See 267 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 268 // details. 269 ForceSendFields []string `json:"-"` 270 // NullFields is a list of field names (e.g. "ExemptedMembers") to include in 271 // API requests with the JSON null value. By default, fields with empty values 272 // are omitted from API requests. See 273 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 274 NullFields []string `json:"-"` 275 } 276 277 func (s *AuditLogConfig) MarshalJSON() ([]byte, error) { 278 type NoMethod AuditLogConfig 279 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 280 } 281 282 // Binding: Associates `members`, or principals, with a `role`. 283 type Binding struct { 284 // Condition: The condition that is associated with this binding. If the 285 // condition evaluates to `true`, then this binding applies to the current 286 // request. If the condition evaluates to `false`, then this binding does not 287 // apply to the current request. However, a different role binding might grant 288 // the same role to one or more of the principals in this binding. To learn 289 // which resources support conditions in their IAM policies, see the IAM 290 // documentation 291 // (https://cloud.google.com/iam/help/conditions/resource-policies). 292 Condition *Expr `json:"condition,omitempty"` 293 // Members: Specifies the principals requesting access for a Google Cloud 294 // resource. `members` can have the following values: * `allUsers`: A special 295 // identifier that represents anyone who is on the internet; with or without a 296 // Google account. * `allAuthenticatedUsers`: A special identifier that 297 // represents anyone who is authenticated with a Google account or a service 298 // account. Does not include identities that come from external identity 299 // providers (IdPs) through identity federation. * `user:{emailid}`: An email 300 // address that represents a specific Google account. For example, 301 // `alice@example.com` . * `serviceAccount:{emailid}`: An email address that 302 // represents a Google service account. For example, 303 // `my-other-app@appspot.gserviceaccount.com`. * 304 // `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An 305 // identifier for a Kubernetes service account 306 // (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). 307 // For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * 308 // `group:{emailid}`: An email address that represents a Google group. For 309 // example, `admins@example.com`. * `domain:{domain}`: The G Suite domain 310 // (primary) that represents all the users of that domain. For example, 311 // `google.com` or `example.com`. * 312 // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/sub 313 // ject/{subject_attribute_value}`: A single identity in a workforce identity 314 // pool. * 315 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 316 // group/{group_id}`: All workforce identities in a group. * 317 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 318 // attribute.{attribute_name}/{attribute_value}`: All workforce identities with 319 // a specific attribute value. * 320 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 321 // *`: All identities in a workforce identity pool. * 322 // `principal://iam.googleapis.com/projects/{project_number}/locations/global/wo 323 // rkloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single 324 // identity in a workload identity pool. * 325 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 326 // /workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool 327 // group. * 328 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 329 // /workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value} 330 // `: All identities in a workload identity pool with a certain attribute. * 331 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 332 // /workloadIdentityPools/{pool_id}/*`: All identities in a workload identity 333 // pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus 334 // unique identifier) representing a user that has been recently deleted. For 335 // example, `alice@example.com?uid=123456789012345678901`. If the user is 336 // recovered, this value reverts to `user:{emailid}` and the recovered user 337 // retains the role in the binding. * 338 // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus 339 // unique identifier) representing a service account that has been recently 340 // deleted. For example, 341 // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the 342 // service account is undeleted, this value reverts to 343 // `serviceAccount:{emailid}` and the undeleted service account retains the 344 // role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email 345 // address (plus unique identifier) representing a Google group that has been 346 // recently deleted. For example, 347 // `admins@example.com?uid=123456789012345678901`. If the group is recovered, 348 // this value reverts to `group:{emailid}` and the recovered group retains the 349 // role in the binding. * 350 // `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool 351 // _id}/subject/{subject_attribute_value}`: Deleted single identity in a 352 // workforce identity pool. For example, 353 // `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-po 354 // ol-id/subject/my-subject-attribute-value`. 355 Members []string `json:"members,omitempty"` 356 // Role: Role that is assigned to the list of `members`, or principals. For 357 // example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview 358 // of the IAM roles and permissions, see the IAM documentation 359 // (https://cloud.google.com/iam/docs/roles-overview). For a list of the 360 // available pre-defined roles, see here 361 // (https://cloud.google.com/iam/docs/understanding-roles). 362 Role string `json:"role,omitempty"` 363 // ForceSendFields is a list of field names (e.g. "Condition") to 364 // unconditionally include in API requests. By default, fields with empty or 365 // default values are omitted from API requests. See 366 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 367 // details. 368 ForceSendFields []string `json:"-"` 369 // NullFields is a list of field names (e.g. "Condition") to include in API 370 // requests with the JSON null value. By default, fields with empty values are 371 // omitted from API requests. See 372 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 373 NullFields []string `json:"-"` 374 } 375 376 func (s *Binding) MarshalJSON() ([]byte, error) { 377 type NoMethod Binding 378 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 379 } 380 381 // Explanation: Explanation about the IAM policy search result. 382 type Explanation struct { 383 // MatchedPermissions: The map from roles to their included permission matching 384 // the permission query (e.g. containing `policy.role.permissions:`). Example 385 // role string: "roles/compute.instanceAdmin". The roles can also be found in 386 // the returned `policy` bindings. Note that the map is populated only if 387 // requesting with a permission query. 388 MatchedPermissions map[string]Permissions `json:"matchedPermissions,omitempty"` 389 // ForceSendFields is a list of field names (e.g. "MatchedPermissions") to 390 // unconditionally include in API requests. By default, fields with empty or 391 // default values are omitted from API requests. See 392 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 393 // details. 394 ForceSendFields []string `json:"-"` 395 // NullFields is a list of field names (e.g. "MatchedPermissions") to include 396 // in API requests with the JSON null value. By default, fields with empty 397 // values are omitted from API requests. See 398 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 399 NullFields []string `json:"-"` 400 } 401 402 func (s *Explanation) MarshalJSON() ([]byte, error) { 403 type NoMethod Explanation 404 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 405 } 406 407 // Expr: Represents a textual expression in the Common Expression Language 408 // (CEL) syntax. CEL is a C-like expression language. The syntax and semantics 409 // of CEL are documented at https://github.com/google/cel-spec. Example 410 // (Comparison): title: "Summary size limit" description: "Determines if a 411 // summary is less than 100 chars" expression: "document.summary.size() < 100" 412 // Example (Equality): title: "Requestor is owner" description: "Determines if 413 // requestor is the document owner" expression: "document.owner == 414 // request.auth.claims.email" Example (Logic): title: "Public documents" 415 // description: "Determine whether the document should be publicly visible" 416 // expression: "document.type != 'private' && document.type != 'internal'" 417 // Example (Data Manipulation): title: "Notification string" description: 418 // "Create a notification string with a timestamp." expression: "'New message 419 // received at ' + string(document.create_time)" The exact variables and 420 // functions that may be referenced within an expression are determined by the 421 // service that evaluates it. See the service documentation for additional 422 // information. 423 type Expr struct { 424 // Description: Optional. Description of the expression. This is a longer text 425 // which describes the expression, e.g. when hovered over it in a UI. 426 Description string `json:"description,omitempty"` 427 // Expression: Textual representation of an expression in Common Expression 428 // Language syntax. 429 Expression string `json:"expression,omitempty"` 430 // Location: Optional. String indicating the location of the expression for 431 // error reporting, e.g. a file name and a position in the file. 432 Location string `json:"location,omitempty"` 433 // Title: Optional. Title for the expression, i.e. a short string describing 434 // its purpose. This can be used e.g. in UIs which allow to enter the 435 // expression. 436 Title string `json:"title,omitempty"` 437 // ForceSendFields is a list of field names (e.g. "Description") to 438 // unconditionally include in API requests. By default, fields with empty or 439 // default values are omitted from API requests. See 440 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 441 // details. 442 ForceSendFields []string `json:"-"` 443 // NullFields is a list of field names (e.g. "Description") to include in API 444 // requests with the JSON null value. By default, fields with empty values are 445 // omitted from API requests. See 446 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 447 NullFields []string `json:"-"` 448 } 449 450 func (s *Expr) MarshalJSON() ([]byte, error) { 451 type NoMethod Expr 452 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 453 } 454 455 // GoogleCloudAssetV1p7beta1Asset: An asset in Google Cloud. An asset can be 456 // any resource in the Google Cloud resource hierarchy 457 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 458 // a resource outside the Google Cloud resource hierarchy (such as Google 459 // Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See 460 // Supported asset types 461 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 462 // more information. 463 type GoogleCloudAssetV1p7beta1Asset struct { 464 // AccessLevel: Please also refer to the access level user guide 465 // (https://cloud.google.com/access-context-manager/docs/overview#access-levels). 466 AccessLevel *GoogleIdentityAccesscontextmanagerV1AccessLevel `json:"accessLevel,omitempty"` 467 // AccessPolicy: Please also refer to the access policy user guide 468 // (https://cloud.google.com/access-context-manager/docs/overview#access-policies). 469 AccessPolicy *GoogleIdentityAccesscontextmanagerV1AccessPolicy `json:"accessPolicy,omitempty"` 470 // Ancestors: The ancestry path of an asset in Google Cloud resource hierarchy 471 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 472 // represented as a list of relative resource names. An ancestry path starts 473 // with the closest ancestor in the hierarchy and ends at root. If the asset is 474 // a project, folder, or organization, the ancestry path starts from the asset 475 // itself. Example: `["projects/123456789", "folders/5432", 476 // "organizations/1234"]` 477 Ancestors []string `json:"ancestors,omitempty"` 478 // AssetType: The type of the asset. Example: `compute.googleapis.com/Disk` See 479 // Supported asset types 480 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 481 // more information. 482 AssetType string `json:"assetType,omitempty"` 483 // IamPolicy: A representation of the IAM policy set on a Google Cloud 484 // resource. There can be a maximum of one IAM policy set on any given 485 // resource. In addition, IAM policies inherit their granted access scope from 486 // any policies set on parent resources in the resource hierarchy. Therefore, 487 // the effectively policy is the union of both the policy set on this resource 488 // and each policy set on all of the resource's ancestry resource levels in the 489 // hierarchy. See this topic 490 // (https://cloud.google.com/iam/help/allow-policies/inheritance) for more 491 // information. 492 IamPolicy *Policy `json:"iamPolicy,omitempty"` 493 // Name: The full name of the asset. Example: 494 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/insta 495 // nce1` See Resource names 496 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) for 497 // more information. 498 Name string `json:"name,omitempty"` 499 // OrgPolicy: A representation of an organization policy 500 // (https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). 501 // There can be more than one organization policy with different constraints 502 // set on a given resource. 503 OrgPolicy []*GoogleCloudOrgpolicyV1Policy `json:"orgPolicy,omitempty"` 504 // RelatedAssets: The related assets of the asset of one relationship type. One 505 // asset only represents one type of relationship. 506 RelatedAssets *GoogleCloudAssetV1p7beta1RelatedAssets `json:"relatedAssets,omitempty"` 507 // Resource: A representation of the resource. 508 Resource *GoogleCloudAssetV1p7beta1Resource `json:"resource,omitempty"` 509 // ServicePerimeter: Please also refer to the service perimeter user guide 510 // (https://cloud.google.com/vpc-service-controls/docs/overview). 511 ServicePerimeter *GoogleIdentityAccesscontextmanagerV1ServicePerimeter `json:"servicePerimeter,omitempty"` 512 // UpdateTime: The last update timestamp of an asset. update_time is updated 513 // when create/update/delete operation is performed. 514 UpdateTime string `json:"updateTime,omitempty"` 515 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 516 // unconditionally include in API requests. By default, fields with empty or 517 // default values are omitted from API requests. See 518 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 519 // details. 520 ForceSendFields []string `json:"-"` 521 // NullFields is a list of field names (e.g. "AccessLevel") to include in API 522 // requests with the JSON null value. By default, fields with empty values are 523 // omitted from API requests. See 524 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 525 NullFields []string `json:"-"` 526 } 527 528 func (s *GoogleCloudAssetV1p7beta1Asset) MarshalJSON() ([]byte, error) { 529 type NoMethod GoogleCloudAssetV1p7beta1Asset 530 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 531 } 532 533 // GoogleCloudAssetV1p7beta1RelatedAsset: An asset identify in Google Cloud 534 // which contains its name, type and ancestors. An asset can be any resource in 535 // the Google Cloud resource hierarchy 536 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 537 // a resource outside the Google Cloud resource hierarchy (such as Google 538 // Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See 539 // Supported asset types 540 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 541 // more information. 542 type GoogleCloudAssetV1p7beta1RelatedAsset struct { 543 // Ancestors: The ancestors of an asset in Google Cloud resource hierarchy 544 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 545 // represented as a list of relative resource names. An ancestry path starts 546 // with the closest ancestor in the hierarchy and ends at root. Example: 547 // `["projects/123456789", "folders/5432", "organizations/1234"]` 548 Ancestors []string `json:"ancestors,omitempty"` 549 // Asset: The full name of the asset. Example: 550 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/insta 551 // nce1` See Resource names 552 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) for 553 // more information. 554 Asset string `json:"asset,omitempty"` 555 // AssetType: The type of the asset. Example: `compute.googleapis.com/Disk` See 556 // Supported asset types 557 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 558 // more information. 559 AssetType string `json:"assetType,omitempty"` 560 // ForceSendFields is a list of field names (e.g. "Ancestors") to 561 // unconditionally include in API requests. By default, fields with empty or 562 // default values are omitted from API requests. See 563 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 564 // details. 565 ForceSendFields []string `json:"-"` 566 // NullFields is a list of field names (e.g. "Ancestors") to include in API 567 // requests with the JSON null value. By default, fields with empty values are 568 // omitted from API requests. See 569 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 570 NullFields []string `json:"-"` 571 } 572 573 func (s *GoogleCloudAssetV1p7beta1RelatedAsset) MarshalJSON() ([]byte, error) { 574 type NoMethod GoogleCloudAssetV1p7beta1RelatedAsset 575 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 576 } 577 578 // GoogleCloudAssetV1p7beta1RelatedAssets: The detailed related assets with the 579 // `relationship_type`. 580 type GoogleCloudAssetV1p7beta1RelatedAssets struct { 581 // Assets: The peer resources of the relationship. 582 Assets []*GoogleCloudAssetV1p7beta1RelatedAsset `json:"assets,omitempty"` 583 // RelationshipAttributes: The detailed relation attributes. 584 RelationshipAttributes *GoogleCloudAssetV1p7beta1RelationshipAttributes `json:"relationshipAttributes,omitempty"` 585 // ForceSendFields is a list of field names (e.g. "Assets") to unconditionally 586 // include in API requests. By default, fields with empty or default values are 587 // omitted from API requests. See 588 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 589 // details. 590 ForceSendFields []string `json:"-"` 591 // NullFields is a list of field names (e.g. "Assets") to include in API 592 // requests with the JSON null value. By default, fields with empty values are 593 // omitted from API requests. See 594 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 595 NullFields []string `json:"-"` 596 } 597 598 func (s *GoogleCloudAssetV1p7beta1RelatedAssets) MarshalJSON() ([]byte, error) { 599 type NoMethod GoogleCloudAssetV1p7beta1RelatedAssets 600 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 601 } 602 603 // GoogleCloudAssetV1p7beta1RelationshipAttributes: The relationship attributes 604 // which include `type`, `source_resource_type`, `target_resource_type` and 605 // `action`. 606 type GoogleCloudAssetV1p7beta1RelationshipAttributes struct { 607 // Action: The detail of the relationship, e.g. `contains`, `attaches` 608 Action string `json:"action,omitempty"` 609 // SourceResourceType: The source asset type. Example: 610 // `compute.googleapis.com/Instance` 611 SourceResourceType string `json:"sourceResourceType,omitempty"` 612 // TargetResourceType: The target asset type. Example: 613 // `compute.googleapis.com/Disk` 614 TargetResourceType string `json:"targetResourceType,omitempty"` 615 // Type: The unique identifier of the relationship type. Example: 616 // `INSTANCE_TO_INSTANCEGROUP` 617 Type string `json:"type,omitempty"` 618 // ForceSendFields is a list of field names (e.g. "Action") to unconditionally 619 // include in API requests. By default, fields with empty or default values are 620 // omitted from API requests. See 621 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 622 // details. 623 ForceSendFields []string `json:"-"` 624 // NullFields is a list of field names (e.g. "Action") to include in API 625 // requests with the JSON null value. By default, fields with empty values are 626 // omitted from API requests. See 627 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 628 NullFields []string `json:"-"` 629 } 630 631 func (s *GoogleCloudAssetV1p7beta1RelationshipAttributes) MarshalJSON() ([]byte, error) { 632 type NoMethod GoogleCloudAssetV1p7beta1RelationshipAttributes 633 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 634 } 635 636 // GoogleCloudAssetV1p7beta1Resource: A representation of a Google Cloud 637 // resource. 638 type GoogleCloudAssetV1p7beta1Resource struct { 639 // Data: The content of the resource, in which some sensitive fields are 640 // removed and may not be present. 641 Data googleapi.RawMessage `json:"data,omitempty"` 642 // DiscoveryDocumentUri: The URL of the discovery document containing the 643 // resource's JSON schema. Example: 644 // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is 645 // unspecified for resources that do not have an API based on a discovery 646 // document, such as Cloud Bigtable. 647 DiscoveryDocumentUri string `json:"discoveryDocumentUri,omitempty"` 648 // DiscoveryName: The JSON schema name listed in the discovery document. 649 // Example: `Project` This value is unspecified for resources that do not have 650 // an API based on a discovery document, such as Cloud Bigtable. 651 DiscoveryName string `json:"discoveryName,omitempty"` 652 // Location: The location of the resource in Google Cloud, such as its zone and 653 // region. For more information, see https://cloud.google.com/about/locations/. 654 Location string `json:"location,omitempty"` 655 // Parent: The full name of the immediate parent of this resource. See Resource 656 // Names 657 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) for 658 // more information. For Google Cloud assets, this value is the parent resource 659 // defined in the IAM policy hierarchy 660 // (https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: 661 // `//cloudresourcemanager.googleapis.com/projects/my_project_123` For 662 // third-party assets, this field may be set differently. 663 Parent string `json:"parent,omitempty"` 664 // ResourceUrl: The REST URL for accessing the resource. An HTTP `GET` request 665 // using this URL returns the resource itself. Example: 666 // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` 667 // This value is unspecified for resources without a REST API. 668 ResourceUrl string `json:"resourceUrl,omitempty"` 669 // Version: The API version. Example: `v1` 670 Version string `json:"version,omitempty"` 671 // ForceSendFields is a list of field names (e.g. "Data") to unconditionally 672 // include in API requests. By default, fields with empty or default values are 673 // omitted from API requests. See 674 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 675 // details. 676 ForceSendFields []string `json:"-"` 677 // NullFields is a list of field names (e.g. "Data") to include in API requests 678 // with the JSON null value. By default, fields with empty values are omitted 679 // from API requests. See 680 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 681 NullFields []string `json:"-"` 682 } 683 684 func (s *GoogleCloudAssetV1p7beta1Resource) MarshalJSON() ([]byte, error) { 685 type NoMethod GoogleCloudAssetV1p7beta1Resource 686 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 687 } 688 689 // GoogleCloudOrgpolicyV1BooleanPolicy: Used in `policy_type` to specify how 690 // `boolean_policy` will behave at this resource. 691 type GoogleCloudOrgpolicyV1BooleanPolicy struct { 692 // Enforced: If `true`, then the `Policy` is enforced. If `false`, then any 693 // configuration is acceptable. Suppose you have a `Constraint` 694 // `constraints/compute.disableSerialPortAccess` with `constraint_default` set 695 // to `ALLOW`. A `Policy` for that `Constraint` exhibits the following 696 // behavior: - If the `Policy` at this resource has enforced set to `false`, 697 // serial port connection attempts will be allowed. - If the `Policy` at this 698 // resource has enforced set to `true`, serial port connection attempts will be 699 // refused. - If the `Policy` at this resource is `RestoreDefault`, serial port 700 // connection attempts will be allowed. - If no `Policy` is set at this 701 // resource or anywhere higher in the resource hierarchy, serial port 702 // connection attempts will be allowed. - If no `Policy` is set at this 703 // resource, but one exists higher in the resource hierarchy, the behavior is 704 // as if the`Policy` were set at this resource. The following examples 705 // demonstrate the different possible layerings: Example 1 (nearest 706 // `Constraint` wins): `organizations/foo` has a `Policy` with: {enforced: 707 // false} `projects/bar` has no `Policy` set. The constraint at `projects/bar` 708 // and `organizations/foo` will not be enforced. Example 2 (enforcement gets 709 // replaced): `organizations/foo` has a `Policy` with: {enforced: false} 710 // `projects/bar` has a `Policy` with: {enforced: true} The constraint at 711 // `organizations/foo` is not enforced. The constraint at `projects/bar` is 712 // enforced. Example 3 (RestoreDefault): `organizations/foo` has a `Policy` 713 // with: {enforced: true} `projects/bar` has a `Policy` with: {RestoreDefault: 714 // {}} The constraint at `organizations/foo` is enforced. The constraint at 715 // `projects/bar` is not enforced, because `constraint_default` for the 716 // `Constraint` is `ALLOW`. 717 Enforced bool `json:"enforced,omitempty"` 718 // ForceSendFields is a list of field names (e.g. "Enforced") to 719 // unconditionally include in API requests. By default, fields with empty or 720 // default values are omitted from API requests. See 721 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 722 // details. 723 ForceSendFields []string `json:"-"` 724 // NullFields is a list of field names (e.g. "Enforced") to include in API 725 // requests with the JSON null value. By default, fields with empty values are 726 // omitted from API requests. See 727 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 728 NullFields []string `json:"-"` 729 } 730 731 func (s *GoogleCloudOrgpolicyV1BooleanPolicy) MarshalJSON() ([]byte, error) { 732 type NoMethod GoogleCloudOrgpolicyV1BooleanPolicy 733 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 734 } 735 736 // GoogleCloudOrgpolicyV1ListPolicy: Used in `policy_type` to specify how 737 // `list_policy` behaves at this resource. `ListPolicy` can define specific 738 // values and subtrees of Cloud Resource Manager resource hierarchy 739 // (`Organizations`, `Folders`, `Projects`) that are allowed or denied by 740 // setting the `allowed_values` and `denied_values` fields. This is achieved by 741 // using the `under:` and optional `is:` prefixes. The `under:` prefix is used 742 // to denote resource subtree values. The `is:` prefix is used to denote 743 // specific values, and is required only if the value contains a ":". Values 744 // prefixed with "is:" are treated the same as values with no prefix. Ancestry 745 // subtrees must be in one of the following formats: - "projects/", e.g. 746 // "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - 747 // "organizations/", e.g. "organizations/1234" The `supports_under` field of 748 // the associated `Constraint` defines whether ancestry prefixes can be used. 749 // You can set `allowed_values` and `denied_values` in the same `Policy` if 750 // `all_values` is `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to 751 // allow or deny all values. If `all_values` is set to either `ALLOW` or 752 // `DENY`, `allowed_values` and `denied_values` must be unset. 753 type GoogleCloudOrgpolicyV1ListPolicy struct { 754 // AllValues: The policy all_values state. 755 // 756 // Possible values: 757 // "ALL_VALUES_UNSPECIFIED" - Indicates that allowed_values or denied_values 758 // must be set. 759 // "ALLOW" - A policy with this set allows all values. 760 // "DENY" - A policy with this set denies all values. 761 AllValues string `json:"allValues,omitempty"` 762 // AllowedValues: List of values allowed at this resource. Can only be set if 763 // `all_values` is set to `ALL_VALUES_UNSPECIFIED`. 764 AllowedValues []string `json:"allowedValues,omitempty"` 765 // DeniedValues: List of values denied at this resource. Can only be set if 766 // `all_values` is set to `ALL_VALUES_UNSPECIFIED`. 767 DeniedValues []string `json:"deniedValues,omitempty"` 768 // InheritFromParent: Determines the inheritance behavior for this `Policy`. By 769 // default, a `ListPolicy` set at a resource supersedes any `Policy` set 770 // anywhere up the resource hierarchy. However, if `inherit_from_parent` is set 771 // to `true`, then the values from the effective `Policy` of the parent 772 // resource are inherited, meaning the values set in this `Policy` are added to 773 // the values inherited up the hierarchy. Setting `Policy` hierarchies that 774 // inherit both allowed values and denied values isn't recommended in most 775 // circumstances to keep the configuration simple and understandable. However, 776 // it is possible to set a `Policy` with `allowed_values` set that inherits a 777 // `Policy` with `denied_values` set. In this case, the values that are allowed 778 // must be in `allowed_values` and not present in `denied_values`. For example, 779 // suppose you have a `Constraint` `constraints/serviceuser.services`, which 780 // has a `constraint_type` of `list_constraint`, and with `constraint_default` 781 // set to `ALLOW`. Suppose that at the Organization level, a `Policy` is 782 // applied that restricts the allowed API activations to {`E1`, `E2`}. Then, if 783 // a `Policy` is applied to a project below the Organization that has 784 // `inherit_from_parent` set to `false` and field all_values set to DENY, then 785 // an attempt to activate any API will be denied. The following examples 786 // demonstrate different possible layerings for `projects/bar` parented by 787 // `organizations/foo`: Example 1 (no inherited values): `organizations/foo` 788 // has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} 789 // `projects/bar` has `inherit_from_parent` `false` and values: 790 // {allowed_values: "E3" allowed_values: "E4"} The accepted values at 791 // `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` 792 // are `E3`, and `E4`. Example 2 (inherited values): `organizations/foo` has a 793 // `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} 794 // `projects/bar` has a `Policy` with values: {value: "E3" value: "E4" 795 // inherit_from_parent: true} The accepted values at `organizations/foo` are 796 // `E1`, `E2`. The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and 797 // `E4`. Example 3 (inheriting both allowed and denied values): 798 // `organizations/foo` has a `Policy` with values: {allowed_values: "E1" 799 // allowed_values: "E2"} `projects/bar` has a `Policy` with: {denied_values: 800 // "E1"} The accepted values at `organizations/foo` are `E1`, `E2`. The value 801 // accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): 802 // `organizations/foo` has a `Policy` with values: {allowed_values: "E1" 803 // allowed_values:"E2"} `projects/bar` has a `Policy` with values: 804 // {RestoreDefault: {}} The accepted values at `organizations/foo` are `E1`, 805 // `E2`. The accepted values at `projects/bar` are either all or none depending 806 // on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). 807 // Example 5 (no policy inherits parent policy): `organizations/foo` has no 808 // `Policy` set. `projects/bar` has no `Policy` set. The accepted values at 809 // both levels are either all or none depending on the value of 810 // `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 811 // (ListConstraint allowing all): `organizations/foo` has a `Policy` with 812 // values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a 813 // `Policy` with: {all: ALLOW} The accepted values at `organizations/foo` are 814 // `E1`, E2`. Any value is accepted at `projects/bar`. Example 7 815 // (ListConstraint allowing none): `organizations/foo` has a `Policy` with 816 // values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a 817 // `Policy` with: {all: DENY} The accepted values at `organizations/foo` are 818 // `E1`, E2`. No value is accepted at `projects/bar`. Example 10 (allowed and 819 // denied subtrees of Resource Manager hierarchy): Given the following resource 820 // hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` has a 821 // `Policy` with values: {allowed_values: "under:organizations/O1"} 822 // `projects/bar` has a `Policy` with: {allowed_values: "under:projects/P3"} 823 // {denied_values: "under:folders/F2"} The accepted values at 824 // `organizations/foo` are `organizations/O1`, `folders/F1`, `folders/F2`, 825 // `projects/P1`, `projects/P2`, `projects/P3`. The accepted values at 826 // `projects/bar` are `organizations/O1`, `folders/F1`, `projects/P1`. 827 InheritFromParent bool `json:"inheritFromParent,omitempty"` 828 // SuggestedValue: Optional. The Google Cloud Console will try to default to a 829 // configuration that matches the value specified in this `Policy`. If 830 // `suggested_value` is not set, it will inherit the value specified higher in 831 // the hierarchy, unless `inherit_from_parent` is `false`. 832 SuggestedValue string `json:"suggestedValue,omitempty"` 833 // ForceSendFields is a list of field names (e.g. "AllValues") to 834 // unconditionally include in API requests. By default, fields with empty or 835 // default values are omitted from API requests. See 836 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 837 // details. 838 ForceSendFields []string `json:"-"` 839 // NullFields is a list of field names (e.g. "AllValues") to include in API 840 // requests with the JSON null value. By default, fields with empty values are 841 // omitted from API requests. See 842 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 843 NullFields []string `json:"-"` 844 } 845 846 func (s *GoogleCloudOrgpolicyV1ListPolicy) MarshalJSON() ([]byte, error) { 847 type NoMethod GoogleCloudOrgpolicyV1ListPolicy 848 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 849 } 850 851 // GoogleCloudOrgpolicyV1Policy: Defines a Cloud Organization `Policy` which is 852 // used to specify `Constraints` for configurations of Cloud Platform 853 // resources. 854 type GoogleCloudOrgpolicyV1Policy struct { 855 // BooleanPolicy: For boolean `Constraints`, whether to enforce the 856 // `Constraint` or not. 857 BooleanPolicy *GoogleCloudOrgpolicyV1BooleanPolicy `json:"booleanPolicy,omitempty"` 858 // Constraint: The name of the `Constraint` the `Policy` is configuring, for 859 // example, `constraints/serviceuser.services`. A list of available constraints 860 // (/resource-manager/docs/organization-policy/org-policy-constraints) is 861 // available. Immutable after creation. 862 Constraint string `json:"constraint,omitempty"` 863 // Etag: An opaque tag indicating the current version of the `Policy`, used for 864 // concurrency control. When the `Policy` is returned from either a `GetPolicy` 865 // or a `ListOrgPolicy` request, this `etag` indicates the version of the 866 // current `Policy` to use when executing a read-modify-write loop. When the 867 // `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be 868 // unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` 869 // value that was returned from a `GetOrgPolicy` request as part of a 870 // read-modify-write loop for concurrency control. Not setting the `etag`in a 871 // `SetOrgPolicy` request will result in an unconditional write of the 872 // `Policy`. 873 Etag string `json:"etag,omitempty"` 874 // ListPolicy: List of values either allowed or disallowed. 875 ListPolicy *GoogleCloudOrgpolicyV1ListPolicy `json:"listPolicy,omitempty"` 876 // RestoreDefault: Restores the default behavior of the constraint; independent 877 // of `Constraint` type. 878 RestoreDefault *GoogleCloudOrgpolicyV1RestoreDefault `json:"restoreDefault,omitempty"` 879 // UpdateTime: The time stamp the `Policy` was previously updated. This is set 880 // by the server, not specified by the caller, and represents the last time a 881 // call to `SetOrgPolicy` was made for that `Policy`. Any value set by the 882 // client will be ignored. 883 UpdateTime string `json:"updateTime,omitempty"` 884 // Version: Version of the `Policy`. Default version is 0; 885 Version int64 `json:"version,omitempty"` 886 // ForceSendFields is a list of field names (e.g. "BooleanPolicy") to 887 // unconditionally include in API requests. By default, fields with empty or 888 // default values are omitted from API requests. See 889 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 890 // details. 891 ForceSendFields []string `json:"-"` 892 // NullFields is a list of field names (e.g. "BooleanPolicy") to include in API 893 // requests with the JSON null value. By default, fields with empty values are 894 // omitted from API requests. See 895 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 896 NullFields []string `json:"-"` 897 } 898 899 func (s *GoogleCloudOrgpolicyV1Policy) MarshalJSON() ([]byte, error) { 900 type NoMethod GoogleCloudOrgpolicyV1Policy 901 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 902 } 903 904 // GoogleCloudOrgpolicyV1RestoreDefault: Ignores policies set above this 905 // resource and restores the `constraint_default` enforcement behavior of the 906 // specific `Constraint` at this resource. Suppose that `constraint_default` is 907 // set to `ALLOW` for the `Constraint` `constraints/serviceuser.services`. 908 // Suppose that organization foo.com sets a `Policy` at their Organization 909 // resource node that restricts the allowed service activations to deny all 910 // service activations. They could then set a `Policy` with the `policy_type` 911 // `restore_default` on several experimental projects, restoring the 912 // `constraint_default` enforcement of the `Constraint` for only those 913 // projects, allowing those projects to have all services activated. 914 type GoogleCloudOrgpolicyV1RestoreDefault struct { 915 } 916 917 // GoogleIdentityAccesscontextmanagerV1AccessLevel: An `AccessLevel` is a label 918 // that can be applied to requests to Google Cloud services, along with a list 919 // of requirements necessary for the label to be applied. 920 type GoogleIdentityAccesscontextmanagerV1AccessLevel struct { 921 // Basic: A `BasicLevel` composed of `Conditions`. 922 Basic *GoogleIdentityAccesscontextmanagerV1BasicLevel `json:"basic,omitempty"` 923 // Custom: A `CustomLevel` written in the Common Expression Language. 924 Custom *GoogleIdentityAccesscontextmanagerV1CustomLevel `json:"custom,omitempty"` 925 // Description: Description of the `AccessLevel` and its use. Does not affect 926 // behavior. 927 Description string `json:"description,omitempty"` 928 // Name: Resource name for the `AccessLevel`. Format: 929 // `accessPolicies/{access_policy}/accessLevels/{access_level}`. The 930 // `access_level` component must begin with a letter, followed by alphanumeric 931 // characters or `_`. Its maximum length is 50 characters. After you create an 932 // `AccessLevel`, you cannot change its `name`. 933 Name string `json:"name,omitempty"` 934 // Title: Human readable title. Must be unique within the Policy. 935 Title string `json:"title,omitempty"` 936 // ForceSendFields is a list of field names (e.g. "Basic") to unconditionally 937 // include in API requests. By default, fields with empty or default values are 938 // omitted from API requests. See 939 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 940 // details. 941 ForceSendFields []string `json:"-"` 942 // NullFields is a list of field names (e.g. "Basic") to include in API 943 // requests with the JSON null value. By default, fields with empty values are 944 // omitted from API requests. See 945 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 946 NullFields []string `json:"-"` 947 } 948 949 func (s *GoogleIdentityAccesscontextmanagerV1AccessLevel) MarshalJSON() ([]byte, error) { 950 type NoMethod GoogleIdentityAccesscontextmanagerV1AccessLevel 951 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 952 } 953 954 // GoogleIdentityAccesscontextmanagerV1AccessPolicy: `AccessPolicy` is a 955 // container for `AccessLevels` (which define the necessary attributes to use 956 // Google Cloud services) and `ServicePerimeters` (which define regions of 957 // services able to freely pass data within a perimeter). An access policy is 958 // globally visible within an organization, and the restrictions it specifies 959 // apply to all projects within an organization. 960 type GoogleIdentityAccesscontextmanagerV1AccessPolicy struct { 961 // Etag: Output only. An opaque identifier for the current version of the 962 // `AccessPolicy`. This will always be a strongly validated etag, meaning that 963 // two Access Polices will be identical if and only if their etags are 964 // identical. Clients should not expect this to be in any specific format. 965 Etag string `json:"etag,omitempty"` 966 // Name: Output only. Resource name of the `AccessPolicy`. Format: 967 // `accessPolicies/{access_policy}` 968 Name string `json:"name,omitempty"` 969 // Parent: Required. The parent of this `AccessPolicy` in the Cloud Resource 970 // Hierarchy. Currently immutable once created. Format: 971 // `organizations/{organization_id}` 972 Parent string `json:"parent,omitempty"` 973 // Scopes: The scopes of the AccessPolicy. Scopes define which resources a 974 // policy can restrict and where its resources can be referenced. For example, 975 // policy A with `scopes=["folders/123"]` has the following behavior: - 976 // ServicePerimeter can only restrict projects within `folders/123`. - 977 // ServicePerimeter within policy A can only reference access levels defined 978 // within policy A. - Only one policy can include a given scope; thus, 979 // attempting to create a second policy which includes `folders/123` will 980 // result in an error. If no scopes are provided, then any resource within the 981 // organization can be restricted. Scopes cannot be modified after a policy is 982 // created. Policies can only have a single scope. Format: list of 983 // `folders/{folder_number}` or `projects/{project_number}` 984 Scopes []string `json:"scopes,omitempty"` 985 // Title: Required. Human readable title. Does not affect behavior. 986 Title string `json:"title,omitempty"` 987 // ForceSendFields is a list of field names (e.g. "Etag") to unconditionally 988 // include in API requests. By default, fields with empty or default values are 989 // omitted from API requests. See 990 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 991 // details. 992 ForceSendFields []string `json:"-"` 993 // NullFields is a list of field names (e.g. "Etag") to include in API requests 994 // with the JSON null value. By default, fields with empty values are omitted 995 // from API requests. See 996 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 997 NullFields []string `json:"-"` 998 } 999 1000 func (s *GoogleIdentityAccesscontextmanagerV1AccessPolicy) MarshalJSON() ([]byte, error) { 1001 type NoMethod GoogleIdentityAccesscontextmanagerV1AccessPolicy 1002 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1003 } 1004 1005 // GoogleIdentityAccesscontextmanagerV1ApiOperation: Identification for an API 1006 // Operation. 1007 type GoogleIdentityAccesscontextmanagerV1ApiOperation struct { 1008 // MethodSelectors: API methods or permissions to allow. Method or permission 1009 // must belong to the service specified by `service_name` field. A single 1010 // MethodSelector entry with `*` specified for the `method` field will allow 1011 // all methods AND permissions for the service specified in `service_name`. 1012 MethodSelectors []*GoogleIdentityAccesscontextmanagerV1MethodSelector `json:"methodSelectors,omitempty"` 1013 // ServiceName: The name of the API whose methods or permissions the 1014 // IngressPolicy or EgressPolicy want to allow. A single ApiOperation with 1015 // `service_name` field set to `*` will allow all methods AND permissions for 1016 // all services. 1017 ServiceName string `json:"serviceName,omitempty"` 1018 // ForceSendFields is a list of field names (e.g. "MethodSelectors") to 1019 // unconditionally include in API requests. By default, fields with empty or 1020 // default values are omitted from API requests. See 1021 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1022 // details. 1023 ForceSendFields []string `json:"-"` 1024 // NullFields is a list of field names (e.g. "MethodSelectors") to include in 1025 // API requests with the JSON null value. By default, fields with empty values 1026 // are omitted from API requests. See 1027 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1028 NullFields []string `json:"-"` 1029 } 1030 1031 func (s *GoogleIdentityAccesscontextmanagerV1ApiOperation) MarshalJSON() ([]byte, error) { 1032 type NoMethod GoogleIdentityAccesscontextmanagerV1ApiOperation 1033 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1034 } 1035 1036 // GoogleIdentityAccesscontextmanagerV1BasicLevel: `BasicLevel` is an 1037 // `AccessLevel` using a set of recommended features. 1038 type GoogleIdentityAccesscontextmanagerV1BasicLevel struct { 1039 // CombiningFunction: How the `conditions` list should be combined to determine 1040 // if a request is granted this `AccessLevel`. If AND is used, each `Condition` 1041 // in `conditions` must be satisfied for the `AccessLevel` to be applied. If OR 1042 // is used, at least one `Condition` in `conditions` must be satisfied for the 1043 // `AccessLevel` to be applied. Default behavior is AND. 1044 // 1045 // Possible values: 1046 // "AND" - All `Conditions` must be true for the `BasicLevel` to be true. 1047 // "OR" - If at least one `Condition` is true, then the `BasicLevel` is true. 1048 CombiningFunction string `json:"combiningFunction,omitempty"` 1049 // Conditions: Required. A list of requirements for the `AccessLevel` to be 1050 // granted. 1051 Conditions []*GoogleIdentityAccesscontextmanagerV1Condition `json:"conditions,omitempty"` 1052 // ForceSendFields is a list of field names (e.g. "CombiningFunction") to 1053 // unconditionally include in API requests. By default, fields with empty or 1054 // default values are omitted from API requests. See 1055 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1056 // details. 1057 ForceSendFields []string `json:"-"` 1058 // NullFields is a list of field names (e.g. "CombiningFunction") to include in 1059 // API requests with the JSON null value. By default, fields with empty values 1060 // are omitted from API requests. See 1061 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1062 NullFields []string `json:"-"` 1063 } 1064 1065 func (s *GoogleIdentityAccesscontextmanagerV1BasicLevel) MarshalJSON() ([]byte, error) { 1066 type NoMethod GoogleIdentityAccesscontextmanagerV1BasicLevel 1067 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1068 } 1069 1070 // GoogleIdentityAccesscontextmanagerV1Condition: A condition necessary for an 1071 // `AccessLevel` to be granted. The Condition is an AND over its fields. So a 1072 // Condition is true if: 1) the request IP is from one of the listed 1073 // subnetworks AND 2) the originating device complies with the listed device 1074 // policy AND 3) all listed access levels are granted AND 4) the request was 1075 // sent at a time allowed by the DateTimeRestriction. 1076 type GoogleIdentityAccesscontextmanagerV1Condition struct { 1077 // DevicePolicy: Device specific restrictions, all restrictions must hold for 1078 // the Condition to be true. If not specified, all devices are allowed. 1079 DevicePolicy *GoogleIdentityAccesscontextmanagerV1DevicePolicy `json:"devicePolicy,omitempty"` 1080 // IpSubnetworks: CIDR block IP subnetwork specification. May be IPv4 or IPv6. 1081 // Note that for a CIDR IP address block, the specified IP address portion must 1082 // be properly truncated (i.e. all the host bits must be zero) or the input is 1083 // considered malformed. For example, "192.0.2.0/24" is accepted but 1084 // "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted 1085 // whereas "2001:db8::1/32" is not. The originating IP of a request must be in 1086 // one of the listed subnets in order for this Condition to be true. If empty, 1087 // all IP addresses are allowed. 1088 IpSubnetworks []string `json:"ipSubnetworks,omitempty"` 1089 // Members: The request must be made by one of the provided user or service 1090 // accounts. Groups are not supported. Syntax: `user:{emailid}` 1091 // `serviceAccount:{emailid}` If not specified, a request may come from any 1092 // user. 1093 Members []string `json:"members,omitempty"` 1094 // Negate: Whether to negate the Condition. If true, the Condition becomes a 1095 // NAND over its non-empty fields. Any non-empty field criteria evaluating to 1096 // false will result in the Condition to be satisfied. Defaults to false. 1097 Negate bool `json:"negate,omitempty"` 1098 // Regions: The request must originate from one of the provided 1099 // countries/regions. Must be valid ISO 3166-1 alpha-2 codes. 1100 Regions []string `json:"regions,omitempty"` 1101 // RequiredAccessLevels: A list of other access levels defined in the same 1102 // `Policy`, referenced by resource name. Referencing an `AccessLevel` which 1103 // does not exist is an error. All access levels listed must be granted for the 1104 // Condition to be true. Example: 1105 // "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME" 1106 RequiredAccessLevels []string `json:"requiredAccessLevels,omitempty"` 1107 // VpcNetworkSources: The request must originate from one of the provided VPC 1108 // networks in Google Cloud. Cannot specify this field together with 1109 // `ip_subnetworks`. 1110 VpcNetworkSources []*GoogleIdentityAccesscontextmanagerV1VpcNetworkSource `json:"vpcNetworkSources,omitempty"` 1111 // ForceSendFields is a list of field names (e.g. "DevicePolicy") to 1112 // unconditionally include in API requests. By default, fields with empty or 1113 // default values are omitted from API requests. See 1114 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1115 // details. 1116 ForceSendFields []string `json:"-"` 1117 // NullFields is a list of field names (e.g. "DevicePolicy") to include in API 1118 // requests with the JSON null value. By default, fields with empty values are 1119 // omitted from API requests. See 1120 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1121 NullFields []string `json:"-"` 1122 } 1123 1124 func (s *GoogleIdentityAccesscontextmanagerV1Condition) MarshalJSON() ([]byte, error) { 1125 type NoMethod GoogleIdentityAccesscontextmanagerV1Condition 1126 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1127 } 1128 1129 // GoogleIdentityAccesscontextmanagerV1CustomLevel: `CustomLevel` is an 1130 // `AccessLevel` using the Cloud Common Expression Language to represent the 1131 // necessary conditions for the level to apply to a request. See CEL spec at: 1132 // https://github.com/google/cel-spec 1133 type GoogleIdentityAccesscontextmanagerV1CustomLevel struct { 1134 // Expr: Required. A Cloud CEL expression evaluating to a boolean. 1135 Expr *Expr `json:"expr,omitempty"` 1136 // ForceSendFields is a list of field names (e.g. "Expr") to unconditionally 1137 // include in API requests. By default, fields with empty or default values are 1138 // omitted from API requests. See 1139 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1140 // details. 1141 ForceSendFields []string `json:"-"` 1142 // NullFields is a list of field names (e.g. "Expr") to include in API requests 1143 // with the JSON null value. By default, fields with empty values are omitted 1144 // from API requests. See 1145 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1146 NullFields []string `json:"-"` 1147 } 1148 1149 func (s *GoogleIdentityAccesscontextmanagerV1CustomLevel) MarshalJSON() ([]byte, error) { 1150 type NoMethod GoogleIdentityAccesscontextmanagerV1CustomLevel 1151 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1152 } 1153 1154 // GoogleIdentityAccesscontextmanagerV1DevicePolicy: `DevicePolicy` specifies 1155 // device specific restrictions necessary to acquire a given access level. A 1156 // `DevicePolicy` specifies requirements for requests from devices to be 1157 // granted access levels, it does not do any enforcement on the device. 1158 // `DevicePolicy` acts as an AND over all specified fields, and each repeated 1159 // field is an OR over its elements. Any unset fields are ignored. For example, 1160 // if the proto is { os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, 1161 // encryption_status: ENCRYPTED}, then the DevicePolicy will be true for 1162 // requests originating from encrypted Linux desktops and encrypted Windows 1163 // desktops. 1164 type GoogleIdentityAccesscontextmanagerV1DevicePolicy struct { 1165 // AllowedDeviceManagementLevels: Allowed device management levels, an empty 1166 // list allows all management levels. 1167 // 1168 // Possible values: 1169 // "MANAGEMENT_UNSPECIFIED" - The device's management level is not specified 1170 // or not known. 1171 // "NONE" - The device is not managed. 1172 // "BASIC" - Basic management is enabled, which is generally limited to 1173 // monitoring and wiping the corporate account. 1174 // "COMPLETE" - Complete device management. This includes more thorough 1175 // monitoring and the ability to directly manage the device (such as remote 1176 // wiping). This can be enabled through the Android Enterprise Platform. 1177 AllowedDeviceManagementLevels []string `json:"allowedDeviceManagementLevels,omitempty"` 1178 // AllowedEncryptionStatuses: Allowed encryptions statuses, an empty list 1179 // allows all statuses. 1180 // 1181 // Possible values: 1182 // "ENCRYPTION_UNSPECIFIED" - The encryption status of the device is not 1183 // specified or not known. 1184 // "ENCRYPTION_UNSUPPORTED" - The device does not support encryption. 1185 // "UNENCRYPTED" - The device supports encryption, but is currently 1186 // unencrypted. 1187 // "ENCRYPTED" - The device is encrypted. 1188 AllowedEncryptionStatuses []string `json:"allowedEncryptionStatuses,omitempty"` 1189 // OsConstraints: Allowed OS versions, an empty list allows all types and all 1190 // versions. 1191 OsConstraints []*GoogleIdentityAccesscontextmanagerV1OsConstraint `json:"osConstraints,omitempty"` 1192 // RequireAdminApproval: Whether the device needs to be approved by the 1193 // customer admin. 1194 RequireAdminApproval bool `json:"requireAdminApproval,omitempty"` 1195 // RequireCorpOwned: Whether the device needs to be corp owned. 1196 RequireCorpOwned bool `json:"requireCorpOwned,omitempty"` 1197 // RequireScreenlock: Whether or not screenlock is required for the 1198 // DevicePolicy to be true. Defaults to `false`. 1199 RequireScreenlock bool `json:"requireScreenlock,omitempty"` 1200 // ForceSendFields is a list of field names (e.g. 1201 // "AllowedDeviceManagementLevels") to unconditionally include in API requests. 1202 // By default, fields with empty or default values are omitted from API 1203 // requests. See https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields 1204 // for more details. 1205 ForceSendFields []string `json:"-"` 1206 // NullFields is a list of field names (e.g. "AllowedDeviceManagementLevels") 1207 // to include in API requests with the JSON null value. By default, fields with 1208 // empty values are omitted from API requests. See 1209 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1210 NullFields []string `json:"-"` 1211 } 1212 1213 func (s *GoogleIdentityAccesscontextmanagerV1DevicePolicy) MarshalJSON() ([]byte, error) { 1214 type NoMethod GoogleIdentityAccesscontextmanagerV1DevicePolicy 1215 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1216 } 1217 1218 // GoogleIdentityAccesscontextmanagerV1EgressFrom: Defines the conditions under 1219 // which an EgressPolicy matches a request. Conditions based on information 1220 // about the source of the request. Note that if the destination of the request 1221 // is also protected by a ServicePerimeter, then that ServicePerimeter must 1222 // have an IngressPolicy which allows access in order for this request to 1223 // succeed. 1224 type GoogleIdentityAccesscontextmanagerV1EgressFrom struct { 1225 // Identities: A list of identities that are allowed access through 1226 // [EgressPolicy]. Identities can be an individual user, service account, 1227 // Google group, or third-party identity. The `v1` identities that have the 1228 // prefix `user`, `group`, `serviceAccount`, `principal`, and `principalSet` in 1229 // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. 1230 Identities []string `json:"identities,omitempty"` 1231 // IdentityType: Specifies the type of identities that are allowed access to 1232 // outside the perimeter. If left unspecified, then members of `identities` 1233 // field will be allowed access. 1234 // 1235 // Possible values: 1236 // "IDENTITY_TYPE_UNSPECIFIED" - No blanket identity group specified. 1237 // "ANY_IDENTITY" - Authorize access from all identities outside the 1238 // perimeter. 1239 // "ANY_USER_ACCOUNT" - Authorize access from all human users outside the 1240 // perimeter. 1241 // "ANY_SERVICE_ACCOUNT" - Authorize access from all service accounts outside 1242 // the perimeter. 1243 IdentityType string `json:"identityType,omitempty"` 1244 // SourceRestriction: Whether to enforce traffic restrictions based on 1245 // `sources` field. If the `sources` fields is non-empty, then this field must 1246 // be set to `SOURCE_RESTRICTION_ENABLED`. 1247 // 1248 // Possible values: 1249 // "SOURCE_RESTRICTION_UNSPECIFIED" - Enforcement preference unspecified, 1250 // will not enforce traffic restrictions based on `sources` in EgressFrom. 1251 // "SOURCE_RESTRICTION_ENABLED" - Enforcement preference enabled, traffic 1252 // restrictions will be enforced based on `sources` in EgressFrom. 1253 // "SOURCE_RESTRICTION_DISABLED" - Enforcement preference disabled, will not 1254 // enforce traffic restrictions based on `sources` in EgressFrom. 1255 SourceRestriction string `json:"sourceRestriction,omitempty"` 1256 // Sources: Sources that this EgressPolicy authorizes access from. If this 1257 // field is not empty, then `source_restriction` must be set to 1258 // `SOURCE_RESTRICTION_ENABLED`. 1259 Sources []*GoogleIdentityAccesscontextmanagerV1EgressSource `json:"sources,omitempty"` 1260 // ForceSendFields is a list of field names (e.g. "Identities") to 1261 // unconditionally include in API requests. By default, fields with empty or 1262 // default values are omitted from API requests. See 1263 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1264 // details. 1265 ForceSendFields []string `json:"-"` 1266 // NullFields is a list of field names (e.g. "Identities") to include in API 1267 // requests with the JSON null value. By default, fields with empty values are 1268 // omitted from API requests. See 1269 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1270 NullFields []string `json:"-"` 1271 } 1272 1273 func (s *GoogleIdentityAccesscontextmanagerV1EgressFrom) MarshalJSON() ([]byte, error) { 1274 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressFrom 1275 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1276 } 1277 1278 // GoogleIdentityAccesscontextmanagerV1EgressPolicy: Policy for egress from 1279 // perimeter. EgressPolicies match requests based on `egress_from` and 1280 // `egress_to` stanzas. For an EgressPolicy to match, both `egress_from` and 1281 // `egress_to` stanzas must be matched. If an EgressPolicy matches a request, 1282 // the request is allowed to span the ServicePerimeter boundary. For example, 1283 // an EgressPolicy can be used to allow VMs on networks within the 1284 // ServicePerimeter to access a defined set of projects outside the perimeter 1285 // in certain contexts (e.g. to read data from a Cloud Storage bucket or query 1286 // against a BigQuery dataset). EgressPolicies are concerned with the 1287 // *resources* that a request relates as well as the API services and API 1288 // actions being used. They do not related to the direction of data movement. 1289 // More detailed documentation for this concept can be found in the 1290 // descriptions of EgressFrom and EgressTo. 1291 type GoogleIdentityAccesscontextmanagerV1EgressPolicy struct { 1292 // EgressFrom: Defines conditions on the source of a request causing this 1293 // EgressPolicy to apply. 1294 EgressFrom *GoogleIdentityAccesscontextmanagerV1EgressFrom `json:"egressFrom,omitempty"` 1295 // EgressTo: Defines the conditions on the ApiOperation and destination 1296 // resources that cause this EgressPolicy to apply. 1297 EgressTo *GoogleIdentityAccesscontextmanagerV1EgressTo `json:"egressTo,omitempty"` 1298 // ForceSendFields is a list of field names (e.g. "EgressFrom") to 1299 // unconditionally include in API requests. By default, fields with empty or 1300 // default values are omitted from API requests. See 1301 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1302 // details. 1303 ForceSendFields []string `json:"-"` 1304 // NullFields is a list of field names (e.g. "EgressFrom") to include in API 1305 // requests with the JSON null value. By default, fields with empty values are 1306 // omitted from API requests. See 1307 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1308 NullFields []string `json:"-"` 1309 } 1310 1311 func (s *GoogleIdentityAccesscontextmanagerV1EgressPolicy) MarshalJSON() ([]byte, error) { 1312 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressPolicy 1313 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1314 } 1315 1316 // GoogleIdentityAccesscontextmanagerV1EgressSource: The source that 1317 // EgressPolicy authorizes access from inside the ServicePerimeter to somewhere 1318 // outside the ServicePerimeter boundaries. 1319 type GoogleIdentityAccesscontextmanagerV1EgressSource struct { 1320 // AccessLevel: An AccessLevel resource name that allows protected resources 1321 // inside the ServicePerimeters to access outside the ServicePerimeter 1322 // boundaries. AccessLevels listed must be in the same policy as this 1323 // ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. 1324 // If an AccessLevel name is not specified, only resources within the perimeter 1325 // can be accessed through Google Cloud calls with request origins within the 1326 // perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a 1327 // single `*` is specified for `access_level`, then all EgressSources will be 1328 // allowed. 1329 AccessLevel string `json:"accessLevel,omitempty"` 1330 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 1331 // unconditionally include in API requests. By default, fields with empty or 1332 // default values are omitted from API requests. See 1333 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1334 // details. 1335 ForceSendFields []string `json:"-"` 1336 // NullFields is a list of field names (e.g. "AccessLevel") to include in API 1337 // requests with the JSON null value. By default, fields with empty values are 1338 // omitted from API requests. See 1339 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1340 NullFields []string `json:"-"` 1341 } 1342 1343 func (s *GoogleIdentityAccesscontextmanagerV1EgressSource) MarshalJSON() ([]byte, error) { 1344 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressSource 1345 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1346 } 1347 1348 // GoogleIdentityAccesscontextmanagerV1EgressTo: Defines the conditions under 1349 // which an EgressPolicy matches a request. Conditions are based on information 1350 // about the ApiOperation intended to be performed on the `resources` 1351 // specified. Note that if the destination of the request is also protected by 1352 // a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy 1353 // which allows access in order for this request to succeed. The request must 1354 // match `operations` AND `resources` fields in order to be allowed egress out 1355 // of the perimeter. 1356 type GoogleIdentityAccesscontextmanagerV1EgressTo struct { 1357 // ExternalResources: A list of external resources that are allowed to be 1358 // accessed. Only AWS and Azure resources are supported. For Amazon S3, the 1359 // supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and 1360 // s3n://BUCKET_NAME. For Azure Storage, the supported format is 1361 // azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if 1362 // it contains an external resource in this list (Example: s3://bucket/path). 1363 // Currently '*' is not allowed. 1364 ExternalResources []string `json:"externalResources,omitempty"` 1365 // Operations: A list of ApiOperations allowed to be performed by the sources 1366 // specified in the corresponding EgressFrom. A request matches if it uses an 1367 // operation/service in this list. 1368 Operations []*GoogleIdentityAccesscontextmanagerV1ApiOperation `json:"operations,omitempty"` 1369 // Resources: A list of resources, currently only projects in the form 1370 // `projects/`, that are allowed to be accessed by sources defined in the 1371 // corresponding EgressFrom. A request matches if it contains a resource in 1372 // this list. If `*` is specified for `resources`, then this EgressTo rule will 1373 // authorize access to all resources outside the perimeter. 1374 Resources []string `json:"resources,omitempty"` 1375 // ForceSendFields is a list of field names (e.g. "ExternalResources") to 1376 // unconditionally include in API requests. By default, fields with empty or 1377 // default values are omitted from API requests. See 1378 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1379 // details. 1380 ForceSendFields []string `json:"-"` 1381 // NullFields is a list of field names (e.g. "ExternalResources") to include in 1382 // API requests with the JSON null value. By default, fields with empty values 1383 // are omitted from API requests. See 1384 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1385 NullFields []string `json:"-"` 1386 } 1387 1388 func (s *GoogleIdentityAccesscontextmanagerV1EgressTo) MarshalJSON() ([]byte, error) { 1389 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressTo 1390 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1391 } 1392 1393 // GoogleIdentityAccesscontextmanagerV1IngressFrom: Defines the conditions 1394 // under which an IngressPolicy matches a request. Conditions are based on 1395 // information about the source of the request. The request must satisfy what 1396 // is defined in `sources` AND identity related fields in order to match. 1397 type GoogleIdentityAccesscontextmanagerV1IngressFrom struct { 1398 // Identities: A list of identities that are allowed access through 1399 // [IngressPolicy]. Identities can be an individual user, service account, 1400 // Google group, or third-party identity. The `v1` identities that have the 1401 // prefix `user`, `group`, `serviceAccount`, `principal`, and `principalSet` in 1402 // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. 1403 Identities []string `json:"identities,omitempty"` 1404 // IdentityType: Specifies the type of identities that are allowed access from 1405 // outside the perimeter. If left unspecified, then members of `identities` 1406 // field will be allowed access. 1407 // 1408 // Possible values: 1409 // "IDENTITY_TYPE_UNSPECIFIED" - No blanket identity group specified. 1410 // "ANY_IDENTITY" - Authorize access from all identities outside the 1411 // perimeter. 1412 // "ANY_USER_ACCOUNT" - Authorize access from all human users outside the 1413 // perimeter. 1414 // "ANY_SERVICE_ACCOUNT" - Authorize access from all service accounts outside 1415 // the perimeter. 1416 IdentityType string `json:"identityType,omitempty"` 1417 // Sources: Sources that this IngressPolicy authorizes access from. 1418 Sources []*GoogleIdentityAccesscontextmanagerV1IngressSource `json:"sources,omitempty"` 1419 // ForceSendFields is a list of field names (e.g. "Identities") to 1420 // unconditionally include in API requests. By default, fields with empty or 1421 // default values are omitted from API requests. See 1422 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1423 // details. 1424 ForceSendFields []string `json:"-"` 1425 // NullFields is a list of field names (e.g. "Identities") to include in API 1426 // requests with the JSON null value. By default, fields with empty values are 1427 // omitted from API requests. See 1428 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1429 NullFields []string `json:"-"` 1430 } 1431 1432 func (s *GoogleIdentityAccesscontextmanagerV1IngressFrom) MarshalJSON() ([]byte, error) { 1433 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressFrom 1434 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1435 } 1436 1437 // GoogleIdentityAccesscontextmanagerV1IngressPolicy: Policy for ingress into 1438 // ServicePerimeter. IngressPolicies match requests based on `ingress_from` and 1439 // `ingress_to` stanzas. For an ingress policy to match, both the 1440 // `ingress_from` and `ingress_to` stanzas must be matched. If an IngressPolicy 1441 // matches a request, the request is allowed through the perimeter boundary 1442 // from outside the perimeter. For example, access from the internet can be 1443 // allowed either based on an AccessLevel or, for traffic hosted on Google 1444 // Cloud, the project of the source network. For access from private networks, 1445 // using the project of the hosting network is required. Individual ingress 1446 // policies can be limited by restricting which services and/or actions they 1447 // match using the `ingress_to` field. 1448 type GoogleIdentityAccesscontextmanagerV1IngressPolicy struct { 1449 // IngressFrom: Defines the conditions on the source of a request causing this 1450 // IngressPolicy to apply. 1451 IngressFrom *GoogleIdentityAccesscontextmanagerV1IngressFrom `json:"ingressFrom,omitempty"` 1452 // IngressTo: Defines the conditions on the ApiOperation and request 1453 // destination that cause this IngressPolicy to apply. 1454 IngressTo *GoogleIdentityAccesscontextmanagerV1IngressTo `json:"ingressTo,omitempty"` 1455 // ForceSendFields is a list of field names (e.g. "IngressFrom") to 1456 // unconditionally include in API requests. By default, fields with empty or 1457 // default values are omitted from API requests. See 1458 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1459 // details. 1460 ForceSendFields []string `json:"-"` 1461 // NullFields is a list of field names (e.g. "IngressFrom") to include in API 1462 // requests with the JSON null value. By default, fields with empty values are 1463 // omitted from API requests. See 1464 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1465 NullFields []string `json:"-"` 1466 } 1467 1468 func (s *GoogleIdentityAccesscontextmanagerV1IngressPolicy) MarshalJSON() ([]byte, error) { 1469 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressPolicy 1470 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1471 } 1472 1473 // GoogleIdentityAccesscontextmanagerV1IngressSource: The source that 1474 // IngressPolicy authorizes access from. 1475 type GoogleIdentityAccesscontextmanagerV1IngressSource struct { 1476 // AccessLevel: An AccessLevel resource name that allow resources within the 1477 // ServicePerimeters to be accessed from the internet. AccessLevels listed must 1478 // be in the same policy as this ServicePerimeter. Referencing a nonexistent 1479 // AccessLevel will cause an error. If no AccessLevel names are listed, 1480 // resources within the perimeter can only be accessed via Google Cloud calls 1481 // with request origins within the perimeter. Example: 1482 // `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is 1483 // specified for `access_level`, then all IngressSources will be allowed. 1484 AccessLevel string `json:"accessLevel,omitempty"` 1485 // Resource: A Google Cloud resource that is allowed to ingress the perimeter. 1486 // Requests from these resources will be allowed to access perimeter data. 1487 // Currently only projects and VPCs are allowed. Project format: 1488 // `projects/{project_number}` VPC network format: 1489 // `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`. The 1490 // project may be in any Google Cloud organization, not just the organization 1491 // that the perimeter is defined in. `*` is not allowed, the case of allowing 1492 // all Google Cloud resources only is not supported. 1493 Resource string `json:"resource,omitempty"` 1494 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 1495 // unconditionally include in API requests. By default, fields with empty or 1496 // default values are omitted from API requests. See 1497 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1498 // details. 1499 ForceSendFields []string `json:"-"` 1500 // NullFields is a list of field names (e.g. "AccessLevel") to include in API 1501 // requests with the JSON null value. By default, fields with empty values are 1502 // omitted from API requests. See 1503 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1504 NullFields []string `json:"-"` 1505 } 1506 1507 func (s *GoogleIdentityAccesscontextmanagerV1IngressSource) MarshalJSON() ([]byte, error) { 1508 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressSource 1509 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1510 } 1511 1512 // GoogleIdentityAccesscontextmanagerV1IngressTo: Defines the conditions under 1513 // which an IngressPolicy matches a request. Conditions are based on 1514 // information about the ApiOperation intended to be performed on the target 1515 // resource of the request. The request must satisfy what is defined in 1516 // `operations` AND `resources` in order to match. 1517 type GoogleIdentityAccesscontextmanagerV1IngressTo struct { 1518 // Operations: A list of ApiOperations allowed to be performed by the sources 1519 // specified in corresponding IngressFrom in this ServicePerimeter. 1520 Operations []*GoogleIdentityAccesscontextmanagerV1ApiOperation `json:"operations,omitempty"` 1521 // Resources: A list of resources, currently only projects in the form 1522 // `projects/`, protected by this ServicePerimeter that are allowed to be 1523 // accessed by sources defined in the corresponding IngressFrom. If a single 1524 // `*` is specified, then access to all resources inside the perimeter are 1525 // allowed. 1526 Resources []string `json:"resources,omitempty"` 1527 // ForceSendFields is a list of field names (e.g. "Operations") to 1528 // unconditionally include in API requests. By default, fields with empty or 1529 // default values are omitted from API requests. See 1530 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1531 // details. 1532 ForceSendFields []string `json:"-"` 1533 // NullFields is a list of field names (e.g. "Operations") to include in API 1534 // requests with the JSON null value. By default, fields with empty values are 1535 // omitted from API requests. See 1536 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1537 NullFields []string `json:"-"` 1538 } 1539 1540 func (s *GoogleIdentityAccesscontextmanagerV1IngressTo) MarshalJSON() ([]byte, error) { 1541 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressTo 1542 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1543 } 1544 1545 // GoogleIdentityAccesscontextmanagerV1MethodSelector: An allowed method or 1546 // permission of a service specified in ApiOperation. 1547 type GoogleIdentityAccesscontextmanagerV1MethodSelector struct { 1548 // Method: A valid method name for the corresponding `service_name` in 1549 // ApiOperation. If `*` is used as the value for the `method`, then ALL methods 1550 // and permissions are allowed. 1551 Method string `json:"method,omitempty"` 1552 // Permission: A valid Cloud IAM permission for the corresponding 1553 // `service_name` in ApiOperation. 1554 Permission string `json:"permission,omitempty"` 1555 // ForceSendFields is a list of field names (e.g. "Method") to unconditionally 1556 // include in API requests. By default, fields with empty or default values are 1557 // omitted from API requests. See 1558 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1559 // details. 1560 ForceSendFields []string `json:"-"` 1561 // NullFields is a list of field names (e.g. "Method") to include in API 1562 // requests with the JSON null value. By default, fields with empty values are 1563 // omitted from API requests. See 1564 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1565 NullFields []string `json:"-"` 1566 } 1567 1568 func (s *GoogleIdentityAccesscontextmanagerV1MethodSelector) MarshalJSON() ([]byte, error) { 1569 type NoMethod GoogleIdentityAccesscontextmanagerV1MethodSelector 1570 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1571 } 1572 1573 // GoogleIdentityAccesscontextmanagerV1OsConstraint: A restriction on the OS 1574 // type and version of devices making requests. 1575 type GoogleIdentityAccesscontextmanagerV1OsConstraint struct { 1576 // MinimumVersion: The minimum allowed OS version. If not set, any version of 1577 // this OS satisfies the constraint. Format: "major.minor.patch". Examples: 1578 // "10.5.301", "9.2.1". 1579 MinimumVersion string `json:"minimumVersion,omitempty"` 1580 // OsType: Required. The allowed OS type. 1581 // 1582 // Possible values: 1583 // "OS_UNSPECIFIED" - The operating system of the device is not specified or 1584 // not known. 1585 // "DESKTOP_MAC" - A desktop Mac operating system. 1586 // "DESKTOP_WINDOWS" - A desktop Windows operating system. 1587 // "DESKTOP_LINUX" - A desktop Linux operating system. 1588 // "DESKTOP_CHROME_OS" - A desktop ChromeOS operating system. 1589 // "ANDROID" - An Android operating system. 1590 // "IOS" - An iOS operating system. 1591 OsType string `json:"osType,omitempty"` 1592 // RequireVerifiedChromeOs: Only allows requests from devices with a verified 1593 // Chrome OS. Verifications includes requirements that the device is 1594 // enterprise-managed, conformant to domain policies, and the caller has 1595 // permission to call the API targeted by the request. 1596 RequireVerifiedChromeOs bool `json:"requireVerifiedChromeOs,omitempty"` 1597 // ForceSendFields is a list of field names (e.g. "MinimumVersion") to 1598 // unconditionally include in API requests. By default, fields with empty or 1599 // default values are omitted from API requests. See 1600 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1601 // details. 1602 ForceSendFields []string `json:"-"` 1603 // NullFields is a list of field names (e.g. "MinimumVersion") to include in 1604 // API requests with the JSON null value. By default, fields with empty values 1605 // are omitted from API requests. See 1606 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1607 NullFields []string `json:"-"` 1608 } 1609 1610 func (s *GoogleIdentityAccesscontextmanagerV1OsConstraint) MarshalJSON() ([]byte, error) { 1611 type NoMethod GoogleIdentityAccesscontextmanagerV1OsConstraint 1612 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1613 } 1614 1615 // GoogleIdentityAccesscontextmanagerV1ServicePerimeter: `ServicePerimeter` 1616 // describes a set of Google Cloud resources which can freely import and export 1617 // data amongst themselves, but not export outside of the `ServicePerimeter`. 1618 // If a request with a source within this `ServicePerimeter` has a target 1619 // outside of the `ServicePerimeter`, the request will be blocked. Otherwise 1620 // the request is allowed. There are two types of Service Perimeter - Regular 1621 // and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud 1622 // project or VPC network can only belong to a single regular Service 1623 // Perimeter. Service Perimeter Bridges can contain only Google Cloud projects 1624 // as members, a single Google Cloud project may belong to multiple Service 1625 // Perimeter Bridges. 1626 type GoogleIdentityAccesscontextmanagerV1ServicePerimeter struct { 1627 // Description: Description of the `ServicePerimeter` and its use. Does not 1628 // affect behavior. 1629 Description string `json:"description,omitempty"` 1630 // Name: Resource name for the `ServicePerimeter`. Format: 1631 // `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The 1632 // `service_perimeter` component must begin with a letter, followed by 1633 // alphanumeric characters or `_`. After you create a `ServicePerimeter`, you 1634 // cannot change its `name`. 1635 Name string `json:"name,omitempty"` 1636 // PerimeterType: Perimeter type indicator. A single project or VPC network is 1637 // allowed to be a member of single regular perimeter, but multiple service 1638 // perimeter bridges. A project cannot be a included in a perimeter bridge 1639 // without being included in regular perimeter. For perimeter bridges, the 1640 // restricted service list as well as access level lists must be empty. 1641 // 1642 // Possible values: 1643 // "PERIMETER_TYPE_REGULAR" - Regular Perimeter. When no value is specified, 1644 // the perimeter uses this type. 1645 // "PERIMETER_TYPE_BRIDGE" - Perimeter Bridge. 1646 PerimeterType string `json:"perimeterType,omitempty"` 1647 // Spec: Proposed (or dry run) ServicePerimeter configuration. This 1648 // configuration allows to specify and test ServicePerimeter configuration 1649 // without enforcing actual access restrictions. Only allowed to be set when 1650 // the "use_explicit_dry_run_spec" flag is set. 1651 Spec *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig `json:"spec,omitempty"` 1652 // Status: Current ServicePerimeter configuration. Specifies sets of resources, 1653 // restricted services and access levels that determine perimeter content and 1654 // boundaries. 1655 Status *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig `json:"status,omitempty"` 1656 // Title: Human readable title. Must be unique within the Policy. 1657 Title string `json:"title,omitempty"` 1658 // UseExplicitDryRunSpec: Use explicit dry run spec flag. Ordinarily, a dry-run 1659 // spec implicitly exists for all Service Perimeters, and that spec is 1660 // identical to the status for those Service Perimeters. When this flag is set, 1661 // it inhibits the generation of the implicit spec, thereby allowing the user 1662 // to explicitly provide a configuration ("spec") to use in a dry-run version 1663 // of the Service Perimeter. This allows the user to test changes to the 1664 // enforced config ("status") without actually enforcing them. This testing is 1665 // done through analyzing the differences between currently enforced and 1666 // suggested restrictions. use_explicit_dry_run_spec must bet set to True if 1667 // any of the fields in the spec are set to non-default values. 1668 UseExplicitDryRunSpec bool `json:"useExplicitDryRunSpec,omitempty"` 1669 // ForceSendFields is a list of field names (e.g. "Description") to 1670 // unconditionally include in API requests. By default, fields with empty or 1671 // default values are omitted from API requests. See 1672 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1673 // details. 1674 ForceSendFields []string `json:"-"` 1675 // NullFields is a list of field names (e.g. "Description") to include in API 1676 // requests with the JSON null value. By default, fields with empty values are 1677 // omitted from API requests. See 1678 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1679 NullFields []string `json:"-"` 1680 } 1681 1682 func (s *GoogleIdentityAccesscontextmanagerV1ServicePerimeter) MarshalJSON() ([]byte, error) { 1683 type NoMethod GoogleIdentityAccesscontextmanagerV1ServicePerimeter 1684 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1685 } 1686 1687 // GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig: 1688 // `ServicePerimeterConfig` specifies a set of Google Cloud resources that 1689 // describe specific Service Perimeter configuration. 1690 type GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig struct { 1691 // AccessLevels: A list of `AccessLevel` resource names that allow resources 1692 // within the `ServicePerimeter` to be accessed from the internet. 1693 // `AccessLevels` listed must be in the same policy as this `ServicePerimeter`. 1694 // Referencing a nonexistent `AccessLevel` is a syntax error. If no 1695 // `AccessLevel` names are listed, resources within the perimeter can only be 1696 // accessed via Google Cloud calls with request origins within the perimeter. 1697 // Example: "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL". For Service 1698 // Perimeter Bridge, must be empty. 1699 AccessLevels []string `json:"accessLevels,omitempty"` 1700 // EgressPolicies: List of EgressPolicies to apply to the perimeter. A 1701 // perimeter may have multiple EgressPolicies, each of which is evaluated 1702 // separately. Access is granted if any EgressPolicy grants it. Must be empty 1703 // for a perimeter bridge. 1704 EgressPolicies []*GoogleIdentityAccesscontextmanagerV1EgressPolicy `json:"egressPolicies,omitempty"` 1705 // IngressPolicies: List of IngressPolicies to apply to the perimeter. A 1706 // perimeter may have multiple IngressPolicies, each of which is evaluated 1707 // separately. Access is granted if any Ingress Policy grants it. Must be empty 1708 // for a perimeter bridge. 1709 IngressPolicies []*GoogleIdentityAccesscontextmanagerV1IngressPolicy `json:"ingressPolicies,omitempty"` 1710 // Resources: A list of Google Cloud resources that are inside of the service 1711 // perimeter. Currently only projects and VPCs are allowed. Project format: 1712 // `projects/{project_number}` VPC network format: 1713 // `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`. 1714 Resources []string `json:"resources,omitempty"` 1715 // RestrictedServices: Google Cloud services that are subject to the Service 1716 // Perimeter restrictions. For example, if `storage.googleapis.com` is 1717 // specified, access to the storage buckets inside the perimeter must meet the 1718 // perimeter's access restrictions. 1719 RestrictedServices []string `json:"restrictedServices,omitempty"` 1720 // VpcAccessibleServices: Configuration for APIs allowed within Perimeter. 1721 VpcAccessibleServices *GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices `json:"vpcAccessibleServices,omitempty"` 1722 // ForceSendFields is a list of field names (e.g. "AccessLevels") to 1723 // unconditionally include in API requests. By default, fields with empty or 1724 // default values are omitted from API requests. See 1725 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1726 // details. 1727 ForceSendFields []string `json:"-"` 1728 // NullFields is a list of field names (e.g. "AccessLevels") to include in API 1729 // requests with the JSON null value. By default, fields with empty values are 1730 // omitted from API requests. See 1731 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1732 NullFields []string `json:"-"` 1733 } 1734 1735 func (s *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig) MarshalJSON() ([]byte, error) { 1736 type NoMethod GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig 1737 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1738 } 1739 1740 // GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices: Specifies how 1741 // APIs are allowed to communicate within the Service Perimeter. 1742 type GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices struct { 1743 // AllowedServices: The list of APIs usable within the Service Perimeter. Must 1744 // be empty unless 'enable_restriction' is True. You can specify a list of 1745 // individual services, as well as include the 'RESTRICTED-SERVICES' value, 1746 // which automatically includes all of the services protected by the perimeter. 1747 AllowedServices []string `json:"allowedServices,omitempty"` 1748 // EnableRestriction: Whether to restrict API calls within the Service 1749 // Perimeter to the list of APIs specified in 'allowed_services'. 1750 EnableRestriction bool `json:"enableRestriction,omitempty"` 1751 // ForceSendFields is a list of field names (e.g. "AllowedServices") to 1752 // unconditionally include in API requests. By default, fields with empty or 1753 // default values are omitted from API requests. See 1754 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1755 // details. 1756 ForceSendFields []string `json:"-"` 1757 // NullFields is a list of field names (e.g. "AllowedServices") to include in 1758 // API requests with the JSON null value. By default, fields with empty values 1759 // are omitted from API requests. See 1760 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1761 NullFields []string `json:"-"` 1762 } 1763 1764 func (s *GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices) MarshalJSON() ([]byte, error) { 1765 type NoMethod GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices 1766 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1767 } 1768 1769 // GoogleIdentityAccesscontextmanagerV1VpcNetworkSource: The originating 1770 // network source in Google Cloud. 1771 type GoogleIdentityAccesscontextmanagerV1VpcNetworkSource struct { 1772 // VpcSubnetwork: Sub-segment ranges of a VPC network. 1773 VpcSubnetwork *GoogleIdentityAccesscontextmanagerV1VpcSubNetwork `json:"vpcSubnetwork,omitempty"` 1774 // ForceSendFields is a list of field names (e.g. "VpcSubnetwork") to 1775 // unconditionally include in API requests. By default, fields with empty or 1776 // default values are omitted from API requests. See 1777 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1778 // details. 1779 ForceSendFields []string `json:"-"` 1780 // NullFields is a list of field names (e.g. "VpcSubnetwork") to include in API 1781 // requests with the JSON null value. By default, fields with empty values are 1782 // omitted from API requests. See 1783 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1784 NullFields []string `json:"-"` 1785 } 1786 1787 func (s *GoogleIdentityAccesscontextmanagerV1VpcNetworkSource) MarshalJSON() ([]byte, error) { 1788 type NoMethod GoogleIdentityAccesscontextmanagerV1VpcNetworkSource 1789 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1790 } 1791 1792 // GoogleIdentityAccesscontextmanagerV1VpcSubNetwork: Sub-segment ranges inside 1793 // of a VPC Network. 1794 type GoogleIdentityAccesscontextmanagerV1VpcSubNetwork struct { 1795 // Network: Required. Network name. If the network is not part of the 1796 // organization, the `compute.network.get` permission must be granted to the 1797 // caller. Format: 1798 // `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NETWORK_NAME 1799 // }` Example: 1800 // `//compute.googleapis.com/projects/my-project/global/networks/network-1` 1801 Network string `json:"network,omitempty"` 1802 // VpcIpSubnetworks: CIDR block IP subnetwork specification. The IP address 1803 // must be an IPv4 address and can be a public or private IP address. Note that 1804 // for a CIDR IP address block, the specified IP address portion must be 1805 // properly truncated (i.e. all the host bits must be zero) or the input is 1806 // considered malformed. For example, "192.0.2.0/24" is accepted but 1807 // "192.0.2.1/24" is not. If empty, all IP addresses are allowed. 1808 VpcIpSubnetworks []string `json:"vpcIpSubnetworks,omitempty"` 1809 // ForceSendFields is a list of field names (e.g. "Network") to unconditionally 1810 // include in API requests. By default, fields with empty or default values are 1811 // omitted from API requests. See 1812 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1813 // details. 1814 ForceSendFields []string `json:"-"` 1815 // NullFields is a list of field names (e.g. "Network") to include in API 1816 // requests with the JSON null value. By default, fields with empty values are 1817 // omitted from API requests. See 1818 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1819 NullFields []string `json:"-"` 1820 } 1821 1822 func (s *GoogleIdentityAccesscontextmanagerV1VpcSubNetwork) MarshalJSON() ([]byte, error) { 1823 type NoMethod GoogleIdentityAccesscontextmanagerV1VpcSubNetwork 1824 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1825 } 1826 1827 // IamPolicySearchResult: The result for an IAM policy search. 1828 type IamPolicySearchResult struct { 1829 // Explanation: Explanation about the IAM policy search result. It contains 1830 // additional information that explains why the search result matches the 1831 // query. 1832 Explanation *Explanation `json:"explanation,omitempty"` 1833 // Policy: The IAM policy attached to the specified resource. Note that the 1834 // original IAM policy can contain multiple bindings. This only contains the 1835 // bindings that match the given query. For queries that don't contain a 1836 // constraint on policies (e.g. an empty query), this contains all the 1837 // bindings. 1838 Policy *Policy `json:"policy,omitempty"` 1839 // Project: The project that the associated Google Cloud resource belongs to, 1840 // in the form of `projects/{project_number}`. If an IAM policy is set on a 1841 // resource -- such as a Compute Engine instance or a Cloud Storage bucket -- 1842 // the project field will indicate the project that contains the resource. If 1843 // an IAM policy is set on a folder or orgnization, the project field will be 1844 // empty. 1845 Project string `json:"project,omitempty"` 1846 // Resource: The full resource name 1847 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) of 1848 // the resource associated with this IAM policy. 1849 Resource string `json:"resource,omitempty"` 1850 // ForceSendFields is a list of field names (e.g. "Explanation") to 1851 // unconditionally include in API requests. By default, fields with empty or 1852 // default values are omitted from API requests. See 1853 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1854 // details. 1855 ForceSendFields []string `json:"-"` 1856 // NullFields is a list of field names (e.g. "Explanation") to include in API 1857 // requests with the JSON null value. By default, fields with empty values are 1858 // omitted from API requests. See 1859 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1860 NullFields []string `json:"-"` 1861 } 1862 1863 func (s *IamPolicySearchResult) MarshalJSON() ([]byte, error) { 1864 type NoMethod IamPolicySearchResult 1865 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1866 } 1867 1868 // Permissions: IAM permissions. 1869 type Permissions struct { 1870 // Permissions: A list of permissions. Example permission string: 1871 // "compute.disk.get". 1872 Permissions []string `json:"permissions,omitempty"` 1873 // ForceSendFields is a list of field names (e.g. "Permissions") to 1874 // unconditionally include in API requests. By default, fields with empty or 1875 // default values are omitted from API requests. See 1876 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1877 // details. 1878 ForceSendFields []string `json:"-"` 1879 // NullFields is a list of field names (e.g. "Permissions") to include in API 1880 // requests with the JSON null value. By default, fields with empty values are 1881 // omitted from API requests. See 1882 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1883 NullFields []string `json:"-"` 1884 } 1885 1886 func (s *Permissions) MarshalJSON() ([]byte, error) { 1887 type NoMethod Permissions 1888 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1889 } 1890 1891 // Policy: An Identity and Access Management (IAM) policy, which specifies 1892 // access controls for Google Cloud resources. A `Policy` is a collection of 1893 // `bindings`. A `binding` binds one or more `members`, or principals, to a 1894 // single `role`. Principals can be user accounts, service accounts, Google 1895 // groups, and domains (such as G Suite). A `role` is a named list of 1896 // permissions; each `role` can be an IAM predefined role or a user-created 1897 // custom role. For some types of Google Cloud resources, a `binding` can also 1898 // specify a `condition`, which is a logical expression that allows access to a 1899 // resource only if the expression evaluates to `true`. A condition can add 1900 // constraints based on attributes of the request, the resource, or both. To 1901 // learn which resources support conditions in their IAM policies, see the IAM 1902 // documentation 1903 // (https://cloud.google.com/iam/help/conditions/resource-policies). **JSON 1904 // example:** ``` { "bindings": [ { "role": 1905 // "roles/resourcemanager.organizationAdmin", "members": [ 1906 // "user:mike@example.com", "group:admins@example.com", "domain:google.com", 1907 // "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": 1908 // "roles/resourcemanager.organizationViewer", "members": [ 1909 // "user:eve@example.com" ], "condition": { "title": "expirable access", 1910 // "description": "Does not grant access after Sep 2020", "expression": 1911 // "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": 1912 // "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - 1913 // members: - user:mike@example.com - group:admins@example.com - 1914 // domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com 1915 // role: roles/resourcemanager.organizationAdmin - members: - 1916 // user:eve@example.com role: roles/resourcemanager.organizationViewer 1917 // condition: title: expirable access description: Does not grant access after 1918 // Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') 1919 // etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, 1920 // see the IAM documentation (https://cloud.google.com/iam/docs/). 1921 type Policy struct { 1922 // AuditConfigs: Specifies cloud audit logging configuration for this policy. 1923 AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"` 1924 // Bindings: Associates a list of `members`, or principals, with a `role`. 1925 // Optionally, may specify a `condition` that determines how and when the 1926 // `bindings` are applied. Each of the `bindings` must contain at least one 1927 // principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; 1928 // up to 250 of these principals can be Google groups. Each occurrence of a 1929 // principal counts towards these limits. For example, if the `bindings` grant 1930 // 50 different roles to `user:alice@example.com`, and not to any other 1931 // principal, then you can add another 1,450 principals to the `bindings` in 1932 // the `Policy`. 1933 Bindings []*Binding `json:"bindings,omitempty"` 1934 // Etag: `etag` is used for optimistic concurrency control as a way to help 1935 // prevent simultaneous updates of a policy from overwriting each other. It is 1936 // strongly suggested that systems make use of the `etag` in the 1937 // read-modify-write cycle to perform policy updates in order to avoid race 1938 // conditions: An `etag` is returned in the response to `getIamPolicy`, and 1939 // systems are expected to put that etag in the request to `setIamPolicy` to 1940 // ensure that their change will be applied to the same version of the policy. 1941 // **Important:** If you use IAM Conditions, you must include the `etag` field 1942 // whenever you call `setIamPolicy`. If you omit this field, then IAM allows 1943 // you to overwrite a version `3` policy with a version `1` policy, and all of 1944 // the conditions in the version `3` policy are lost. 1945 Etag string `json:"etag,omitempty"` 1946 // Version: Specifies the format of the policy. Valid values are `0`, `1`, and 1947 // `3`. Requests that specify an invalid value are rejected. Any operation that 1948 // affects conditional role bindings must specify version `3`. This requirement 1949 // applies to the following operations: * Getting a policy that includes a 1950 // conditional role binding * Adding a conditional role binding to a policy * 1951 // Changing a conditional role binding in a policy * Removing any role binding, 1952 // with or without a condition, from a policy that includes conditions 1953 // **Important:** If you use IAM Conditions, you must include the `etag` field 1954 // whenever you call `setIamPolicy`. If you omit this field, then IAM allows 1955 // you to overwrite a version `3` policy with a version `1` policy, and all of 1956 // the conditions in the version `3` policy are lost. If a policy does not 1957 // include any conditions, operations on that policy may specify any valid 1958 // version or leave the field unset. To learn which resources support 1959 // conditions in their IAM policies, see the IAM documentation 1960 // (https://cloud.google.com/iam/help/conditions/resource-policies). 1961 Version int64 `json:"version,omitempty"` 1962 // ForceSendFields is a list of field names (e.g. "AuditConfigs") to 1963 // unconditionally include in API requests. By default, fields with empty or 1964 // default values are omitted from API requests. See 1965 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1966 // details. 1967 ForceSendFields []string `json:"-"` 1968 // NullFields is a list of field names (e.g. "AuditConfigs") to include in API 1969 // requests with the JSON null value. By default, fields with empty values are 1970 // omitted from API requests. See 1971 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1972 NullFields []string `json:"-"` 1973 } 1974 1975 func (s *Policy) MarshalJSON() ([]byte, error) { 1976 type NoMethod Policy 1977 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1978 } 1979 1980 // SearchAllIamPoliciesResponse: Search all IAM policies response. 1981 type SearchAllIamPoliciesResponse struct { 1982 // NextPageToken: Set if there are more results than those appearing in this 1983 // response; to get the next set of results, call this method again, using this 1984 // value as the `page_token`. 1985 NextPageToken string `json:"nextPageToken,omitempty"` 1986 // Results: A list of IAM policies that match the search query. Related 1987 // information such as the associated resource is returned along with the 1988 // policy. 1989 Results []*IamPolicySearchResult `json:"results,omitempty"` 1990 1991 // ServerResponse contains the HTTP response code and headers from the server. 1992 googleapi.ServerResponse `json:"-"` 1993 // ForceSendFields is a list of field names (e.g. "NextPageToken") to 1994 // unconditionally include in API requests. By default, fields with empty or 1995 // default values are omitted from API requests. See 1996 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1997 // details. 1998 ForceSendFields []string `json:"-"` 1999 // NullFields is a list of field names (e.g. "NextPageToken") to include in API 2000 // requests with the JSON null value. By default, fields with empty values are 2001 // omitted from API requests. See 2002 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 2003 NullFields []string `json:"-"` 2004 } 2005 2006 func (s *SearchAllIamPoliciesResponse) MarshalJSON() ([]byte, error) { 2007 type NoMethod SearchAllIamPoliciesResponse 2008 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 2009 } 2010 2011 // SearchAllResourcesResponse: Search all resources response. 2012 type SearchAllResourcesResponse struct { 2013 // NextPageToken: If there are more results than those appearing in this 2014 // response, then `next_page_token` is included. To get the next set of 2015 // results, call this method again using the value of `next_page_token` as 2016 // `page_token`. 2017 NextPageToken string `json:"nextPageToken,omitempty"` 2018 // Results: A list of resource that match the search query. 2019 Results []*StandardResourceMetadata `json:"results,omitempty"` 2020 2021 // ServerResponse contains the HTTP response code and headers from the server. 2022 googleapi.ServerResponse `json:"-"` 2023 // ForceSendFields is a list of field names (e.g. "NextPageToken") to 2024 // unconditionally include in API requests. By default, fields with empty or 2025 // default values are omitted from API requests. See 2026 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 2027 // details. 2028 ForceSendFields []string `json:"-"` 2029 // NullFields is a list of field names (e.g. "NextPageToken") to include in API 2030 // requests with the JSON null value. By default, fields with empty values are 2031 // omitted from API requests. See 2032 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 2033 NullFields []string `json:"-"` 2034 } 2035 2036 func (s *SearchAllResourcesResponse) MarshalJSON() ([]byte, error) { 2037 type NoMethod SearchAllResourcesResponse 2038 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 2039 } 2040 2041 // StandardResourceMetadata: The standard metadata of a cloud resource. 2042 type StandardResourceMetadata struct { 2043 // AdditionalAttributes: Additional searchable attributes of this resource. 2044 // Informational only. The exact set of attributes is subject to change. For 2045 // example: project id, DNS name etc. 2046 AdditionalAttributes []string `json:"additionalAttributes,omitempty"` 2047 // AssetType: The type of this resource. For example: 2048 // "compute.googleapis.com/Disk". 2049 AssetType string `json:"assetType,omitempty"` 2050 // Description: One or more paragraphs of text description of this resource. 2051 // Maximum length could be up to 1M bytes. 2052 Description string `json:"description,omitempty"` 2053 // DisplayName: The display name of this resource. 2054 DisplayName string `json:"displayName,omitempty"` 2055 // Labels: Labels associated with this resource. See Labelling and grouping 2056 // Google Cloud resources 2057 // (https://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-google-cloud-platform-resources) 2058 // for more information. 2059 Labels map[string]string `json:"labels,omitempty"` 2060 // Location: Location can be "global", regional like "us-east1", or zonal like 2061 // "us-west1-b". 2062 Location string `json:"location,omitempty"` 2063 // Name: The full resource name. For example: 2064 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/insta 2065 // nce1`. See Resource Names 2066 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) for 2067 // more information. 2068 Name string `json:"name,omitempty"` 2069 // NetworkTags: Network tags associated with this resource. Like labels, 2070 // network tags are a type of annotations used to group Google Cloud resources. 2071 // See Labelling Google Cloud resources 2072 // (lhttps://cloud.google.com/blog/products/gcp/labelling-and-grouping-your-goog 2073 // le-cloud-platform-resources) for more information. 2074 NetworkTags []string `json:"networkTags,omitempty"` 2075 // Project: The project that this resource belongs to, in the form of 2076 // `projects/{project_number}`. 2077 Project string `json:"project,omitempty"` 2078 // ForceSendFields is a list of field names (e.g. "AdditionalAttributes") to 2079 // unconditionally include in API requests. By default, fields with empty or 2080 // default values are omitted from API requests. See 2081 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 2082 // details. 2083 ForceSendFields []string `json:"-"` 2084 // NullFields is a list of field names (e.g. "AdditionalAttributes") to include 2085 // in API requests with the JSON null value. By default, fields with empty 2086 // values are omitted from API requests. See 2087 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 2088 NullFields []string `json:"-"` 2089 } 2090 2091 func (s *StandardResourceMetadata) MarshalJSON() ([]byte, error) { 2092 type NoMethod StandardResourceMetadata 2093 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 2094 } 2095 2096 type IamPoliciesSearchAllCall struct { 2097 s *Service 2098 scope string 2099 urlParams_ gensupport.URLParams 2100 ifNoneMatch_ string 2101 ctx_ context.Context 2102 header_ http.Header 2103 } 2104 2105 // SearchAll: Searches all the IAM policies within a given accessible Resource 2106 // Manager scope (project/folder/organization). This RPC gives callers 2107 // especially administrators the ability to search all the IAM policies within 2108 // a scope, even if they don't have `.getIamPolicy` permission of all the IAM 2109 // policies. Callers should have `cloudasset.assets.searchAllIamPolicies` 2110 // permission on the requested scope, otherwise the request will be rejected. 2111 // 2112 // - scope: The relative name of an asset. The search is limited to the 2113 // resources within the `scope`. The allowed value must be: * Organization 2114 // number (such as "organizations/123") * Folder number (such as 2115 // "folders/1234") * Project number (such as "projects/12345") * Project ID 2116 // (such as "projects/abc"). 2117 func (r *IamPoliciesService) SearchAll(scope string) *IamPoliciesSearchAllCall { 2118 c := &IamPoliciesSearchAllCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2119 c.scope = scope 2120 return c 2121 } 2122 2123 // PageSize sets the optional parameter "pageSize": The page size for search 2124 // result pagination. Page size is capped at 500 even if a larger value is 2125 // given. If set to zero, server will pick an appropriate default. Returned 2126 // results may be fewer than requested. When this happens, there could be more 2127 // results as long as `next_page_token` is returned. 2128 func (c *IamPoliciesSearchAllCall) PageSize(pageSize int64) *IamPoliciesSearchAllCall { 2129 c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) 2130 return c 2131 } 2132 2133 // PageToken sets the optional parameter "pageToken": If present, retrieve the 2134 // next batch of results from the preceding call to this method. `page_token` 2135 // must be the value of `next_page_token` from the previous response. The 2136 // values of all other method parameters must be identical to those in the 2137 // previous call. 2138 func (c *IamPoliciesSearchAllCall) PageToken(pageToken string) *IamPoliciesSearchAllCall { 2139 c.urlParams_.Set("pageToken", pageToken) 2140 return c 2141 } 2142 2143 // Query sets the optional parameter "query": The query statement. Examples: * 2144 // "policy:myuser@mydomain.com" * "policy:(myuser@mydomain.com viewer)" 2145 func (c *IamPoliciesSearchAllCall) Query(query string) *IamPoliciesSearchAllCall { 2146 c.urlParams_.Set("query", query) 2147 return c 2148 } 2149 2150 // Fields allows partial responses to be retrieved. See 2151 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 2152 // details. 2153 func (c *IamPoliciesSearchAllCall) Fields(s ...googleapi.Field) *IamPoliciesSearchAllCall { 2154 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2155 return c 2156 } 2157 2158 // IfNoneMatch sets an optional parameter which makes the operation fail if the 2159 // object's ETag matches the given value. This is useful for getting updates 2160 // only after the object has changed since the last request. 2161 func (c *IamPoliciesSearchAllCall) IfNoneMatch(entityTag string) *IamPoliciesSearchAllCall { 2162 c.ifNoneMatch_ = entityTag 2163 return c 2164 } 2165 2166 // Context sets the context to be used in this call's Do method. 2167 func (c *IamPoliciesSearchAllCall) Context(ctx context.Context) *IamPoliciesSearchAllCall { 2168 c.ctx_ = ctx 2169 return c 2170 } 2171 2172 // Header returns a http.Header that can be modified by the caller to add 2173 // headers to the request. 2174 func (c *IamPoliciesSearchAllCall) Header() http.Header { 2175 if c.header_ == nil { 2176 c.header_ = make(http.Header) 2177 } 2178 return c.header_ 2179 } 2180 2181 func (c *IamPoliciesSearchAllCall) doRequest(alt string) (*http.Response, error) { 2182 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 2183 if c.ifNoneMatch_ != "" { 2184 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2185 } 2186 var body io.Reader = nil 2187 c.urlParams_.Set("alt", alt) 2188 c.urlParams_.Set("prettyPrint", "false") 2189 urls := googleapi.ResolveRelative(c.s.BasePath, "v1p1beta1/{+scope}/iamPolicies:searchAll") 2190 urls += "?" + c.urlParams_.Encode() 2191 req, err := http.NewRequest("GET", urls, body) 2192 if err != nil { 2193 return nil, err 2194 } 2195 req.Header = reqHeaders 2196 googleapi.Expand(req.URL, map[string]string{ 2197 "scope": c.scope, 2198 }) 2199 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2200 } 2201 2202 // Do executes the "cloudasset.iamPolicies.searchAll" call. 2203 // Any non-2xx status code is an error. Response headers are in either 2204 // *SearchAllIamPoliciesResponse.ServerResponse.Header or (if a response was 2205 // returned at all) in error.(*googleapi.Error).Header. Use 2206 // googleapi.IsNotModified to check whether the returned error was because 2207 // http.StatusNotModified was returned. 2208 func (c *IamPoliciesSearchAllCall) Do(opts ...googleapi.CallOption) (*SearchAllIamPoliciesResponse, error) { 2209 gensupport.SetOptions(c.urlParams_, opts...) 2210 res, err := c.doRequest("json") 2211 if res != nil && res.StatusCode == http.StatusNotModified { 2212 if res.Body != nil { 2213 res.Body.Close() 2214 } 2215 return nil, gensupport.WrapError(&googleapi.Error{ 2216 Code: res.StatusCode, 2217 Header: res.Header, 2218 }) 2219 } 2220 if err != nil { 2221 return nil, err 2222 } 2223 defer googleapi.CloseBody(res) 2224 if err := googleapi.CheckResponse(res); err != nil { 2225 return nil, gensupport.WrapError(err) 2226 } 2227 ret := &SearchAllIamPoliciesResponse{ 2228 ServerResponse: googleapi.ServerResponse{ 2229 Header: res.Header, 2230 HTTPStatusCode: res.StatusCode, 2231 }, 2232 } 2233 target := &ret 2234 if err := gensupport.DecodeResponse(target, res); err != nil { 2235 return nil, err 2236 } 2237 return ret, nil 2238 } 2239 2240 // Pages invokes f for each page of results. 2241 // A non-nil error returned from f will halt the iteration. 2242 // The provided context supersedes any context provided to the Context method. 2243 func (c *IamPoliciesSearchAllCall) Pages(ctx context.Context, f func(*SearchAllIamPoliciesResponse) error) error { 2244 c.ctx_ = ctx 2245 defer c.PageToken(c.urlParams_.Get("pageToken")) 2246 for { 2247 x, err := c.Do() 2248 if err != nil { 2249 return err 2250 } 2251 if err := f(x); err != nil { 2252 return err 2253 } 2254 if x.NextPageToken == "" { 2255 return nil 2256 } 2257 c.PageToken(x.NextPageToken) 2258 } 2259 } 2260 2261 type ResourcesSearchAllCall struct { 2262 s *Service 2263 scope string 2264 urlParams_ gensupport.URLParams 2265 ifNoneMatch_ string 2266 ctx_ context.Context 2267 header_ http.Header 2268 } 2269 2270 // SearchAll: Searches all the resources within a given accessible Resource 2271 // Manager scope (project/folder/organization). This RPC gives callers 2272 // especially administrators the ability to search all the resources within a 2273 // scope, even if they don't have `.get` permission of all the resources. 2274 // Callers should have `cloudasset.assets.searchAllResources` permission on the 2275 // requested scope, otherwise the request will be rejected. 2276 // 2277 // - scope: The relative name of an asset. The search is limited to the 2278 // resources within the `scope`. The allowed value must be: * Organization 2279 // number (such as "organizations/123") * Folder number (such as 2280 // "folders/1234") * Project number (such as "projects/12345") * Project ID 2281 // (such as "projects/abc"). 2282 func (r *ResourcesService) SearchAll(scope string) *ResourcesSearchAllCall { 2283 c := &ResourcesSearchAllCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2284 c.scope = scope 2285 return c 2286 } 2287 2288 // AssetTypes sets the optional parameter "assetTypes": A list of asset types 2289 // that this request searches for. If empty, it will search all the supported 2290 // asset types. 2291 func (c *ResourcesSearchAllCall) AssetTypes(assetTypes ...string) *ResourcesSearchAllCall { 2292 c.urlParams_.SetMulti("assetTypes", append([]string{}, assetTypes...)) 2293 return c 2294 } 2295 2296 // OrderBy sets the optional parameter "orderBy": A comma separated list of 2297 // fields specifying the sorting order of the results. The default order is 2298 // ascending. Add ` DESC` after the field name to indicate descending order. 2299 // Redundant space characters are ignored. For example, ` location DESC , name 2300 // `. 2301 func (c *ResourcesSearchAllCall) OrderBy(orderBy string) *ResourcesSearchAllCall { 2302 c.urlParams_.Set("orderBy", orderBy) 2303 return c 2304 } 2305 2306 // PageSize sets the optional parameter "pageSize": The page size for search 2307 // result pagination. Page size is capped at 500 even if a larger value is 2308 // given. If set to zero, server will pick an appropriate default. Returned 2309 // results may be fewer than requested. When this happens, there could be more 2310 // results as long as `next_page_token` is returned. 2311 func (c *ResourcesSearchAllCall) PageSize(pageSize int64) *ResourcesSearchAllCall { 2312 c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) 2313 return c 2314 } 2315 2316 // PageToken sets the optional parameter "pageToken": If present, then retrieve 2317 // the next batch of results from the preceding call to this method. 2318 // `page_token` must be the value of `next_page_token` from the previous 2319 // response. The values of all other method parameters, must be identical to 2320 // those in the previous call. 2321 func (c *ResourcesSearchAllCall) PageToken(pageToken string) *ResourcesSearchAllCall { 2322 c.urlParams_.Set("pageToken", pageToken) 2323 return c 2324 } 2325 2326 // Query sets the optional parameter "query": The query statement. 2327 func (c *ResourcesSearchAllCall) Query(query string) *ResourcesSearchAllCall { 2328 c.urlParams_.Set("query", query) 2329 return c 2330 } 2331 2332 // Fields allows partial responses to be retrieved. See 2333 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 2334 // details. 2335 func (c *ResourcesSearchAllCall) Fields(s ...googleapi.Field) *ResourcesSearchAllCall { 2336 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2337 return c 2338 } 2339 2340 // IfNoneMatch sets an optional parameter which makes the operation fail if the 2341 // object's ETag matches the given value. This is useful for getting updates 2342 // only after the object has changed since the last request. 2343 func (c *ResourcesSearchAllCall) IfNoneMatch(entityTag string) *ResourcesSearchAllCall { 2344 c.ifNoneMatch_ = entityTag 2345 return c 2346 } 2347 2348 // Context sets the context to be used in this call's Do method. 2349 func (c *ResourcesSearchAllCall) Context(ctx context.Context) *ResourcesSearchAllCall { 2350 c.ctx_ = ctx 2351 return c 2352 } 2353 2354 // Header returns a http.Header that can be modified by the caller to add 2355 // headers to the request. 2356 func (c *ResourcesSearchAllCall) Header() http.Header { 2357 if c.header_ == nil { 2358 c.header_ = make(http.Header) 2359 } 2360 return c.header_ 2361 } 2362 2363 func (c *ResourcesSearchAllCall) doRequest(alt string) (*http.Response, error) { 2364 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 2365 if c.ifNoneMatch_ != "" { 2366 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2367 } 2368 var body io.Reader = nil 2369 c.urlParams_.Set("alt", alt) 2370 c.urlParams_.Set("prettyPrint", "false") 2371 urls := googleapi.ResolveRelative(c.s.BasePath, "v1p1beta1/{+scope}/resources:searchAll") 2372 urls += "?" + c.urlParams_.Encode() 2373 req, err := http.NewRequest("GET", urls, body) 2374 if err != nil { 2375 return nil, err 2376 } 2377 req.Header = reqHeaders 2378 googleapi.Expand(req.URL, map[string]string{ 2379 "scope": c.scope, 2380 }) 2381 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2382 } 2383 2384 // Do executes the "cloudasset.resources.searchAll" call. 2385 // Any non-2xx status code is an error. Response headers are in either 2386 // *SearchAllResourcesResponse.ServerResponse.Header or (if a response was 2387 // returned at all) in error.(*googleapi.Error).Header. Use 2388 // googleapi.IsNotModified to check whether the returned error was because 2389 // http.StatusNotModified was returned. 2390 func (c *ResourcesSearchAllCall) Do(opts ...googleapi.CallOption) (*SearchAllResourcesResponse, error) { 2391 gensupport.SetOptions(c.urlParams_, opts...) 2392 res, err := c.doRequest("json") 2393 if res != nil && res.StatusCode == http.StatusNotModified { 2394 if res.Body != nil { 2395 res.Body.Close() 2396 } 2397 return nil, gensupport.WrapError(&googleapi.Error{ 2398 Code: res.StatusCode, 2399 Header: res.Header, 2400 }) 2401 } 2402 if err != nil { 2403 return nil, err 2404 } 2405 defer googleapi.CloseBody(res) 2406 if err := googleapi.CheckResponse(res); err != nil { 2407 return nil, gensupport.WrapError(err) 2408 } 2409 ret := &SearchAllResourcesResponse{ 2410 ServerResponse: googleapi.ServerResponse{ 2411 Header: res.Header, 2412 HTTPStatusCode: res.StatusCode, 2413 }, 2414 } 2415 target := &ret 2416 if err := gensupport.DecodeResponse(target, res); err != nil { 2417 return nil, err 2418 } 2419 return ret, nil 2420 } 2421 2422 // Pages invokes f for each page of results. 2423 // A non-nil error returned from f will halt the iteration. 2424 // The provided context supersedes any context provided to the Context method. 2425 func (c *ResourcesSearchAllCall) Pages(ctx context.Context, f func(*SearchAllResourcesResponse) error) error { 2426 c.ctx_ = ctx 2427 defer c.PageToken(c.urlParams_.Get("pageToken")) 2428 for { 2429 x, err := c.Do() 2430 if err != nil { 2431 return err 2432 } 2433 if err := f(x); err != nil { 2434 return err 2435 } 2436 if x.NextPageToken == "" { 2437 return nil 2438 } 2439 c.PageToken(x.NextPageToken) 2440 } 2441 } 2442