1 // Copyright 2024 Google LLC. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Code generated file. DO NOT EDIT. 6 7 // Package cloudasset provides access to the Cloud Asset API. 8 // 9 // For product documentation, see: https://cloud.google.com/asset-inventory/docs/quickstart 10 // 11 // # Library status 12 // 13 // These client libraries are officially supported by Google. However, this 14 // library is considered complete and is in maintenance mode. This means 15 // that we will address critical bugs and security issues but will not add 16 // any new features. 17 // 18 // When possible, we recommend using our newer 19 // [Cloud Client Libraries for Go](https://pkg.go.dev/cloud.google.com/go) 20 // that are still actively being worked and iterated on. 21 // 22 // # Creating a client 23 // 24 // Usage example: 25 // 26 // import "google.golang.org/api/cloudasset/v1p5beta1" 27 // ... 28 // ctx := context.Background() 29 // cloudassetService, err := cloudasset.NewService(ctx) 30 // 31 // In this example, Google Application Default Credentials are used for 32 // authentication. For information on how to create and obtain Application 33 // Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. 34 // 35 // # Other authentication options 36 // 37 // To use an API key for authentication (note: some APIs do not support API 38 // keys), use [google.golang.org/api/option.WithAPIKey]: 39 // 40 // cloudassetService, err := cloudasset.NewService(ctx, option.WithAPIKey("AIza...")) 41 // 42 // To use an OAuth token (e.g., a user token obtained via a three-legged OAuth 43 // flow, use [google.golang.org/api/option.WithTokenSource]: 44 // 45 // config := &oauth2.Config{...} 46 // // ... 47 // token, err := config.Exchange(ctx, ...) 48 // cloudassetService, err := cloudasset.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) 49 // 50 // See [google.golang.org/api/option.ClientOption] for details on options. 51 package cloudasset // import "google.golang.org/api/cloudasset/v1p5beta1" 52 53 import ( 54 "bytes" 55 "context" 56 "encoding/json" 57 "errors" 58 "fmt" 59 "io" 60 "net/http" 61 "net/url" 62 "strconv" 63 "strings" 64 65 googleapi "google.golang.org/api/googleapi" 66 internal "google.golang.org/api/internal" 67 gensupport "google.golang.org/api/internal/gensupport" 68 option "google.golang.org/api/option" 69 internaloption "google.golang.org/api/option/internaloption" 70 htransport "google.golang.org/api/transport/http" 71 ) 72 73 // Always reference these packages, just in case the auto-generated code 74 // below doesn't. 75 var _ = bytes.NewBuffer 76 var _ = strconv.Itoa 77 var _ = fmt.Sprintf 78 var _ = json.NewDecoder 79 var _ = io.Copy 80 var _ = url.Parse 81 var _ = gensupport.MarshalJSON 82 var _ = googleapi.Version 83 var _ = errors.New 84 var _ = strings.Replace 85 var _ = context.Canceled 86 var _ = internaloption.WithDefaultEndpoint 87 var _ = internal.Version 88 89 const apiId = "cloudasset:v1p5beta1" 90 const apiName = "cloudasset" 91 const apiVersion = "v1p5beta1" 92 const basePath = "https://cloudasset.googleapis.com/" 93 const basePathTemplate = "https://cloudasset.UNIVERSE_DOMAIN/" 94 const mtlsBasePath = "https://cloudasset.mtls.googleapis.com/" 95 96 // OAuth2 scopes used by this API. 97 const ( 98 // See, edit, configure, and delete your Google Cloud data and see the email 99 // address for your Google Account. 100 CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" 101 ) 102 103 // NewService creates a new Service. 104 func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { 105 scopesOption := internaloption.WithDefaultScopes( 106 "https://www.googleapis.com/auth/cloud-platform", 107 ) 108 // NOTE: prepend, so we don't override user-specified scopes. 109 opts = append([]option.ClientOption{scopesOption}, opts...) 110 opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) 111 opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate)) 112 opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) 113 opts = append(opts, internaloption.EnableNewAuthLibrary()) 114 client, endpoint, err := htransport.NewClient(ctx, opts...) 115 if err != nil { 116 return nil, err 117 } 118 s, err := New(client) 119 if err != nil { 120 return nil, err 121 } 122 if endpoint != "" { 123 s.BasePath = endpoint 124 } 125 return s, nil 126 } 127 128 // New creates a new Service. It uses the provided http.Client for requests. 129 // 130 // Deprecated: please use NewService instead. 131 // To provide a custom HTTP client, use option.WithHTTPClient. 132 // If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. 133 func New(client *http.Client) (*Service, error) { 134 if client == nil { 135 return nil, errors.New("client is nil") 136 } 137 s := &Service{client: client, BasePath: basePath} 138 s.Assets = NewAssetsService(s) 139 return s, nil 140 } 141 142 type Service struct { 143 client *http.Client 144 BasePath string // API endpoint base URL 145 UserAgent string // optional additional User-Agent fragment 146 147 Assets *AssetsService 148 } 149 150 func (s *Service) userAgent() string { 151 if s.UserAgent == "" { 152 return googleapi.UserAgent 153 } 154 return googleapi.UserAgent + " " + s.UserAgent 155 } 156 157 func NewAssetsService(s *Service) *AssetsService { 158 rs := &AssetsService{s: s} 159 return rs 160 } 161 162 type AssetsService struct { 163 s *Service 164 } 165 166 // AnalyzeIamPolicyLongrunningMetadata: Represents the metadata of the 167 // longrunning operation for the AnalyzeIamPolicyLongrunning RPC. 168 type AnalyzeIamPolicyLongrunningMetadata struct { 169 // CreateTime: Output only. The time the operation was created. 170 CreateTime string `json:"createTime,omitempty"` 171 // ForceSendFields is a list of field names (e.g. "CreateTime") to 172 // unconditionally include in API requests. By default, fields with empty or 173 // default values are omitted from API requests. See 174 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 175 // details. 176 ForceSendFields []string `json:"-"` 177 // NullFields is a list of field names (e.g. "CreateTime") to include in API 178 // requests with the JSON null value. By default, fields with empty values are 179 // omitted from API requests. See 180 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 181 NullFields []string `json:"-"` 182 } 183 184 func (s *AnalyzeIamPolicyLongrunningMetadata) MarshalJSON() ([]byte, error) { 185 type NoMethod AnalyzeIamPolicyLongrunningMetadata 186 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 187 } 188 189 // AnalyzeIamPolicyLongrunningResponse: A response message for 190 // AssetService.AnalyzeIamPolicyLongrunning. 191 type AnalyzeIamPolicyLongrunningResponse struct { 192 } 193 194 // Asset: An asset in Google Cloud. An asset can be any resource in the Google 195 // Cloud resource hierarchy 196 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 197 // a resource outside the Google Cloud resource hierarchy (such as Google 198 // Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See 199 // Supported asset types 200 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 201 // more information. 202 type Asset struct { 203 // AccessLevel: Please also refer to the access level user guide 204 // (https://cloud.google.com/access-context-manager/docs/overview#access-levels). 205 AccessLevel *GoogleIdentityAccesscontextmanagerV1AccessLevel `json:"accessLevel,omitempty"` 206 // AccessPolicy: Please also refer to the access policy user guide 207 // (https://cloud.google.com/access-context-manager/docs/overview#access-policies). 208 AccessPolicy *GoogleIdentityAccesscontextmanagerV1AccessPolicy `json:"accessPolicy,omitempty"` 209 // Ancestors: The ancestry path of an asset in Google Cloud resource hierarchy 210 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 211 // represented as a list of relative resource names. An ancestry path starts 212 // with the closest ancestor in the hierarchy and ends at root. If the asset is 213 // a project, folder, or organization, the ancestry path starts from the asset 214 // itself. Example: `["projects/123456789", "folders/5432", 215 // "organizations/1234"]` 216 Ancestors []string `json:"ancestors,omitempty"` 217 // AssetType: The type of the asset. Example: `compute.googleapis.com/Disk` See 218 // Supported asset types 219 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 220 // more information. 221 AssetType string `json:"assetType,omitempty"` 222 // IamPolicy: A representation of the IAM policy set on a Google Cloud 223 // resource. There can be a maximum of one IAM policy set on any given 224 // resource. In addition, IAM policies inherit their granted access scope from 225 // any policies set on parent resources in the resource hierarchy. Therefore, 226 // the effectively policy is the union of both the policy set on this resource 227 // and each policy set on all of the resource's ancestry resource levels in the 228 // hierarchy. See this topic 229 // (https://cloud.google.com/iam/help/allow-policies/inheritance) for more 230 // information. 231 IamPolicy *Policy `json:"iamPolicy,omitempty"` 232 // Name: The full name of the asset. Example: 233 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/insta 234 // nce1` See Resource names 235 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) for 236 // more information. 237 Name string `json:"name,omitempty"` 238 // OrgPolicy: A representation of an organization policy 239 // (https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). 240 // There can be more than one organization policy with different constraints 241 // set on a given resource. 242 OrgPolicy []*GoogleCloudOrgpolicyV1Policy `json:"orgPolicy,omitempty"` 243 // Resource: A representation of the resource. 244 Resource *Resource `json:"resource,omitempty"` 245 // ServicePerimeter: Please also refer to the service perimeter user guide 246 // (https://cloud.google.com/vpc-service-controls/docs/overview). 247 ServicePerimeter *GoogleIdentityAccesscontextmanagerV1ServicePerimeter `json:"servicePerimeter,omitempty"` 248 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 249 // unconditionally include in API requests. By default, fields with empty or 250 // default values are omitted from API requests. See 251 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 252 // details. 253 ForceSendFields []string `json:"-"` 254 // NullFields is a list of field names (e.g. "AccessLevel") to include in API 255 // requests with the JSON null value. By default, fields with empty values are 256 // omitted from API requests. See 257 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 258 NullFields []string `json:"-"` 259 } 260 261 func (s *Asset) MarshalJSON() ([]byte, error) { 262 type NoMethod Asset 263 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 264 } 265 266 // AuditConfig: Specifies the audit configuration for a service. The 267 // configuration determines which permission types are logged, and what 268 // identities, if any, are exempted from logging. An AuditConfig must have one 269 // or more AuditLogConfigs. If there are AuditConfigs for both `allServices` 270 // and a specific service, the union of the two AuditConfigs is used for that 271 // service: the log_types specified in each AuditConfig are enabled, and the 272 // exempted_members in each AuditLogConfig are exempted. Example Policy with 273 // multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", 274 // "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ 275 // "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": 276 // "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", 277 // "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": 278 // "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For 279 // sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 280 // logging. It also exempts `jose@example.com` from DATA_READ logging, and 281 // `aliya@example.com` from DATA_WRITE logging. 282 type AuditConfig struct { 283 // AuditLogConfigs: The configuration for logging of each type of permission. 284 AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"` 285 // Service: Specifies a service that will be enabled for audit logging. For 286 // example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` 287 // is a special value that covers all services. 288 Service string `json:"service,omitempty"` 289 // ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to 290 // unconditionally include in API requests. By default, fields with empty or 291 // default values are omitted from API requests. See 292 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 293 // details. 294 ForceSendFields []string `json:"-"` 295 // NullFields is a list of field names (e.g. "AuditLogConfigs") to include in 296 // API requests with the JSON null value. By default, fields with empty values 297 // are omitted from API requests. See 298 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 299 NullFields []string `json:"-"` 300 } 301 302 func (s *AuditConfig) MarshalJSON() ([]byte, error) { 303 type NoMethod AuditConfig 304 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 305 } 306 307 // AuditLogConfig: Provides the configuration for logging a type of 308 // permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", 309 // "exempted_members": [ "user:jose@example.com" ] }, { "log_type": 310 // "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while 311 // exempting jose@example.com from DATA_READ logging. 312 type AuditLogConfig struct { 313 // ExemptedMembers: Specifies the identities that do not cause logging for this 314 // type of permission. Follows the same format of Binding.members. 315 ExemptedMembers []string `json:"exemptedMembers,omitempty"` 316 // LogType: The log type that this config enables. 317 // 318 // Possible values: 319 // "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this. 320 // "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy 321 // "DATA_WRITE" - Data writes. Example: CloudSQL Users create 322 // "DATA_READ" - Data reads. Example: CloudSQL Users list 323 LogType string `json:"logType,omitempty"` 324 // ForceSendFields is a list of field names (e.g. "ExemptedMembers") to 325 // unconditionally include in API requests. By default, fields with empty or 326 // default values are omitted from API requests. See 327 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 328 // details. 329 ForceSendFields []string `json:"-"` 330 // NullFields is a list of field names (e.g. "ExemptedMembers") to include in 331 // API requests with the JSON null value. By default, fields with empty values 332 // are omitted from API requests. See 333 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 334 NullFields []string `json:"-"` 335 } 336 337 func (s *AuditLogConfig) MarshalJSON() ([]byte, error) { 338 type NoMethod AuditLogConfig 339 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 340 } 341 342 // Binding: Associates `members`, or principals, with a `role`. 343 type Binding struct { 344 // Condition: The condition that is associated with this binding. If the 345 // condition evaluates to `true`, then this binding applies to the current 346 // request. If the condition evaluates to `false`, then this binding does not 347 // apply to the current request. However, a different role binding might grant 348 // the same role to one or more of the principals in this binding. To learn 349 // which resources support conditions in their IAM policies, see the IAM 350 // documentation 351 // (https://cloud.google.com/iam/help/conditions/resource-policies). 352 Condition *Expr `json:"condition,omitempty"` 353 // Members: Specifies the principals requesting access for a Google Cloud 354 // resource. `members` can have the following values: * `allUsers`: A special 355 // identifier that represents anyone who is on the internet; with or without a 356 // Google account. * `allAuthenticatedUsers`: A special identifier that 357 // represents anyone who is authenticated with a Google account or a service 358 // account. Does not include identities that come from external identity 359 // providers (IdPs) through identity federation. * `user:{emailid}`: An email 360 // address that represents a specific Google account. For example, 361 // `alice@example.com` . * `serviceAccount:{emailid}`: An email address that 362 // represents a Google service account. For example, 363 // `my-other-app@appspot.gserviceaccount.com`. * 364 // `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An 365 // identifier for a Kubernetes service account 366 // (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). 367 // For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * 368 // `group:{emailid}`: An email address that represents a Google group. For 369 // example, `admins@example.com`. * `domain:{domain}`: The G Suite domain 370 // (primary) that represents all the users of that domain. For example, 371 // `google.com` or `example.com`. * 372 // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/sub 373 // ject/{subject_attribute_value}`: A single identity in a workforce identity 374 // pool. * 375 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 376 // group/{group_id}`: All workforce identities in a group. * 377 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 378 // attribute.{attribute_name}/{attribute_value}`: All workforce identities with 379 // a specific attribute value. * 380 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 381 // *`: All identities in a workforce identity pool. * 382 // `principal://iam.googleapis.com/projects/{project_number}/locations/global/wo 383 // rkloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single 384 // identity in a workload identity pool. * 385 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 386 // /workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool 387 // group. * 388 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 389 // /workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value} 390 // `: All identities in a workload identity pool with a certain attribute. * 391 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 392 // /workloadIdentityPools/{pool_id}/*`: All identities in a workload identity 393 // pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus 394 // unique identifier) representing a user that has been recently deleted. For 395 // example, `alice@example.com?uid=123456789012345678901`. If the user is 396 // recovered, this value reverts to `user:{emailid}` and the recovered user 397 // retains the role in the binding. * 398 // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus 399 // unique identifier) representing a service account that has been recently 400 // deleted. For example, 401 // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the 402 // service account is undeleted, this value reverts to 403 // `serviceAccount:{emailid}` and the undeleted service account retains the 404 // role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email 405 // address (plus unique identifier) representing a Google group that has been 406 // recently deleted. For example, 407 // `admins@example.com?uid=123456789012345678901`. If the group is recovered, 408 // this value reverts to `group:{emailid}` and the recovered group retains the 409 // role in the binding. * 410 // `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool 411 // _id}/subject/{subject_attribute_value}`: Deleted single identity in a 412 // workforce identity pool. For example, 413 // `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-po 414 // ol-id/subject/my-subject-attribute-value`. 415 Members []string `json:"members,omitempty"` 416 // Role: Role that is assigned to the list of `members`, or principals. For 417 // example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview 418 // of the IAM roles and permissions, see the IAM documentation 419 // (https://cloud.google.com/iam/docs/roles-overview). For a list of the 420 // available pre-defined roles, see here 421 // (https://cloud.google.com/iam/docs/understanding-roles). 422 Role string `json:"role,omitempty"` 423 // ForceSendFields is a list of field names (e.g. "Condition") to 424 // unconditionally include in API requests. By default, fields with empty or 425 // default values are omitted from API requests. See 426 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 427 // details. 428 ForceSendFields []string `json:"-"` 429 // NullFields is a list of field names (e.g. "Condition") to include in API 430 // requests with the JSON null value. By default, fields with empty values are 431 // omitted from API requests. See 432 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 433 NullFields []string `json:"-"` 434 } 435 436 func (s *Binding) MarshalJSON() ([]byte, error) { 437 type NoMethod Binding 438 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 439 } 440 441 // Expr: Represents a textual expression in the Common Expression Language 442 // (CEL) syntax. CEL is a C-like expression language. The syntax and semantics 443 // of CEL are documented at https://github.com/google/cel-spec. Example 444 // (Comparison): title: "Summary size limit" description: "Determines if a 445 // summary is less than 100 chars" expression: "document.summary.size() < 100" 446 // Example (Equality): title: "Requestor is owner" description: "Determines if 447 // requestor is the document owner" expression: "document.owner == 448 // request.auth.claims.email" Example (Logic): title: "Public documents" 449 // description: "Determine whether the document should be publicly visible" 450 // expression: "document.type != 'private' && document.type != 'internal'" 451 // Example (Data Manipulation): title: "Notification string" description: 452 // "Create a notification string with a timestamp." expression: "'New message 453 // received at ' + string(document.create_time)" The exact variables and 454 // functions that may be referenced within an expression are determined by the 455 // service that evaluates it. See the service documentation for additional 456 // information. 457 type Expr struct { 458 // Description: Optional. Description of the expression. This is a longer text 459 // which describes the expression, e.g. when hovered over it in a UI. 460 Description string `json:"description,omitempty"` 461 // Expression: Textual representation of an expression in Common Expression 462 // Language syntax. 463 Expression string `json:"expression,omitempty"` 464 // Location: Optional. String indicating the location of the expression for 465 // error reporting, e.g. a file name and a position in the file. 466 Location string `json:"location,omitempty"` 467 // Title: Optional. Title for the expression, i.e. a short string describing 468 // its purpose. This can be used e.g. in UIs which allow to enter the 469 // expression. 470 Title string `json:"title,omitempty"` 471 // ForceSendFields is a list of field names (e.g. "Description") to 472 // unconditionally include in API requests. By default, fields with empty or 473 // default values are omitted from API requests. See 474 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 475 // details. 476 ForceSendFields []string `json:"-"` 477 // NullFields is a list of field names (e.g. "Description") to include in API 478 // requests with the JSON null value. By default, fields with empty values are 479 // omitted from API requests. See 480 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 481 NullFields []string `json:"-"` 482 } 483 484 func (s *Expr) MarshalJSON() ([]byte, error) { 485 type NoMethod Expr 486 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 487 } 488 489 // GoogleCloudAssetV1p7beta1Asset: An asset in Google Cloud. An asset can be 490 // any resource in the Google Cloud resource hierarchy 491 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 492 // a resource outside the Google Cloud resource hierarchy (such as Google 493 // Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See 494 // Supported asset types 495 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 496 // more information. 497 type GoogleCloudAssetV1p7beta1Asset struct { 498 // AccessLevel: Please also refer to the access level user guide 499 // (https://cloud.google.com/access-context-manager/docs/overview#access-levels). 500 AccessLevel *GoogleIdentityAccesscontextmanagerV1AccessLevel `json:"accessLevel,omitempty"` 501 // AccessPolicy: Please also refer to the access policy user guide 502 // (https://cloud.google.com/access-context-manager/docs/overview#access-policies). 503 AccessPolicy *GoogleIdentityAccesscontextmanagerV1AccessPolicy `json:"accessPolicy,omitempty"` 504 // Ancestors: The ancestry path of an asset in Google Cloud resource hierarchy 505 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 506 // represented as a list of relative resource names. An ancestry path starts 507 // with the closest ancestor in the hierarchy and ends at root. If the asset is 508 // a project, folder, or organization, the ancestry path starts from the asset 509 // itself. Example: `["projects/123456789", "folders/5432", 510 // "organizations/1234"]` 511 Ancestors []string `json:"ancestors,omitempty"` 512 // AssetType: The type of the asset. Example: `compute.googleapis.com/Disk` See 513 // Supported asset types 514 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 515 // more information. 516 AssetType string `json:"assetType,omitempty"` 517 // IamPolicy: A representation of the IAM policy set on a Google Cloud 518 // resource. There can be a maximum of one IAM policy set on any given 519 // resource. In addition, IAM policies inherit their granted access scope from 520 // any policies set on parent resources in the resource hierarchy. Therefore, 521 // the effectively policy is the union of both the policy set on this resource 522 // and each policy set on all of the resource's ancestry resource levels in the 523 // hierarchy. See this topic 524 // (https://cloud.google.com/iam/help/allow-policies/inheritance) for more 525 // information. 526 IamPolicy *Policy `json:"iamPolicy,omitempty"` 527 // Name: The full name of the asset. Example: 528 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/insta 529 // nce1` See Resource names 530 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) for 531 // more information. 532 Name string `json:"name,omitempty"` 533 // OrgPolicy: A representation of an organization policy 534 // (https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). 535 // There can be more than one organization policy with different constraints 536 // set on a given resource. 537 OrgPolicy []*GoogleCloudOrgpolicyV1Policy `json:"orgPolicy,omitempty"` 538 // RelatedAssets: The related assets of the asset of one relationship type. One 539 // asset only represents one type of relationship. 540 RelatedAssets *GoogleCloudAssetV1p7beta1RelatedAssets `json:"relatedAssets,omitempty"` 541 // Resource: A representation of the resource. 542 Resource *GoogleCloudAssetV1p7beta1Resource `json:"resource,omitempty"` 543 // ServicePerimeter: Please also refer to the service perimeter user guide 544 // (https://cloud.google.com/vpc-service-controls/docs/overview). 545 ServicePerimeter *GoogleIdentityAccesscontextmanagerV1ServicePerimeter `json:"servicePerimeter,omitempty"` 546 // UpdateTime: The last update timestamp of an asset. update_time is updated 547 // when create/update/delete operation is performed. 548 UpdateTime string `json:"updateTime,omitempty"` 549 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 550 // unconditionally include in API requests. By default, fields with empty or 551 // default values are omitted from API requests. See 552 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 553 // details. 554 ForceSendFields []string `json:"-"` 555 // NullFields is a list of field names (e.g. "AccessLevel") to include in API 556 // requests with the JSON null value. By default, fields with empty values are 557 // omitted from API requests. See 558 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 559 NullFields []string `json:"-"` 560 } 561 562 func (s *GoogleCloudAssetV1p7beta1Asset) MarshalJSON() ([]byte, error) { 563 type NoMethod GoogleCloudAssetV1p7beta1Asset 564 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 565 } 566 567 // GoogleCloudAssetV1p7beta1RelatedAsset: An asset identify in Google Cloud 568 // which contains its name, type and ancestors. An asset can be any resource in 569 // the Google Cloud resource hierarchy 570 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 571 // a resource outside the Google Cloud resource hierarchy (such as Google 572 // Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See 573 // Supported asset types 574 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 575 // more information. 576 type GoogleCloudAssetV1p7beta1RelatedAsset struct { 577 // Ancestors: The ancestors of an asset in Google Cloud resource hierarchy 578 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 579 // represented as a list of relative resource names. An ancestry path starts 580 // with the closest ancestor in the hierarchy and ends at root. Example: 581 // `["projects/123456789", "folders/5432", "organizations/1234"]` 582 Ancestors []string `json:"ancestors,omitempty"` 583 // Asset: The full name of the asset. Example: 584 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/insta 585 // nce1` See Resource names 586 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) for 587 // more information. 588 Asset string `json:"asset,omitempty"` 589 // AssetType: The type of the asset. Example: `compute.googleapis.com/Disk` See 590 // Supported asset types 591 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 592 // more information. 593 AssetType string `json:"assetType,omitempty"` 594 // ForceSendFields is a list of field names (e.g. "Ancestors") to 595 // unconditionally include in API requests. By default, fields with empty or 596 // default values are omitted from API requests. See 597 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 598 // details. 599 ForceSendFields []string `json:"-"` 600 // NullFields is a list of field names (e.g. "Ancestors") to include in API 601 // requests with the JSON null value. By default, fields with empty values are 602 // omitted from API requests. See 603 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 604 NullFields []string `json:"-"` 605 } 606 607 func (s *GoogleCloudAssetV1p7beta1RelatedAsset) MarshalJSON() ([]byte, error) { 608 type NoMethod GoogleCloudAssetV1p7beta1RelatedAsset 609 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 610 } 611 612 // GoogleCloudAssetV1p7beta1RelatedAssets: The detailed related assets with the 613 // `relationship_type`. 614 type GoogleCloudAssetV1p7beta1RelatedAssets struct { 615 // Assets: The peer resources of the relationship. 616 Assets []*GoogleCloudAssetV1p7beta1RelatedAsset `json:"assets,omitempty"` 617 // RelationshipAttributes: The detailed relation attributes. 618 RelationshipAttributes *GoogleCloudAssetV1p7beta1RelationshipAttributes `json:"relationshipAttributes,omitempty"` 619 // ForceSendFields is a list of field names (e.g. "Assets") to unconditionally 620 // include in API requests. By default, fields with empty or default values are 621 // omitted from API requests. See 622 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 623 // details. 624 ForceSendFields []string `json:"-"` 625 // NullFields is a list of field names (e.g. "Assets") to include in API 626 // requests with the JSON null value. By default, fields with empty values are 627 // omitted from API requests. See 628 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 629 NullFields []string `json:"-"` 630 } 631 632 func (s *GoogleCloudAssetV1p7beta1RelatedAssets) MarshalJSON() ([]byte, error) { 633 type NoMethod GoogleCloudAssetV1p7beta1RelatedAssets 634 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 635 } 636 637 // GoogleCloudAssetV1p7beta1RelationshipAttributes: The relationship attributes 638 // which include `type`, `source_resource_type`, `target_resource_type` and 639 // `action`. 640 type GoogleCloudAssetV1p7beta1RelationshipAttributes struct { 641 // Action: The detail of the relationship, e.g. `contains`, `attaches` 642 Action string `json:"action,omitempty"` 643 // SourceResourceType: The source asset type. Example: 644 // `compute.googleapis.com/Instance` 645 SourceResourceType string `json:"sourceResourceType,omitempty"` 646 // TargetResourceType: The target asset type. Example: 647 // `compute.googleapis.com/Disk` 648 TargetResourceType string `json:"targetResourceType,omitempty"` 649 // Type: The unique identifier of the relationship type. Example: 650 // `INSTANCE_TO_INSTANCEGROUP` 651 Type string `json:"type,omitempty"` 652 // ForceSendFields is a list of field names (e.g. "Action") to unconditionally 653 // include in API requests. By default, fields with empty or default values are 654 // omitted from API requests. See 655 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 656 // details. 657 ForceSendFields []string `json:"-"` 658 // NullFields is a list of field names (e.g. "Action") to include in API 659 // requests with the JSON null value. By default, fields with empty values are 660 // omitted from API requests. See 661 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 662 NullFields []string `json:"-"` 663 } 664 665 func (s *GoogleCloudAssetV1p7beta1RelationshipAttributes) MarshalJSON() ([]byte, error) { 666 type NoMethod GoogleCloudAssetV1p7beta1RelationshipAttributes 667 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 668 } 669 670 // GoogleCloudAssetV1p7beta1Resource: A representation of a Google Cloud 671 // resource. 672 type GoogleCloudAssetV1p7beta1Resource struct { 673 // Data: The content of the resource, in which some sensitive fields are 674 // removed and may not be present. 675 Data googleapi.RawMessage `json:"data,omitempty"` 676 // DiscoveryDocumentUri: The URL of the discovery document containing the 677 // resource's JSON schema. Example: 678 // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is 679 // unspecified for resources that do not have an API based on a discovery 680 // document, such as Cloud Bigtable. 681 DiscoveryDocumentUri string `json:"discoveryDocumentUri,omitempty"` 682 // DiscoveryName: The JSON schema name listed in the discovery document. 683 // Example: `Project` This value is unspecified for resources that do not have 684 // an API based on a discovery document, such as Cloud Bigtable. 685 DiscoveryName string `json:"discoveryName,omitempty"` 686 // Location: The location of the resource in Google Cloud, such as its zone and 687 // region. For more information, see https://cloud.google.com/about/locations/. 688 Location string `json:"location,omitempty"` 689 // Parent: The full name of the immediate parent of this resource. See Resource 690 // Names 691 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) for 692 // more information. For Google Cloud assets, this value is the parent resource 693 // defined in the IAM policy hierarchy 694 // (https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: 695 // `//cloudresourcemanager.googleapis.com/projects/my_project_123` For 696 // third-party assets, this field may be set differently. 697 Parent string `json:"parent,omitempty"` 698 // ResourceUrl: The REST URL for accessing the resource. An HTTP `GET` request 699 // using this URL returns the resource itself. Example: 700 // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` 701 // This value is unspecified for resources without a REST API. 702 ResourceUrl string `json:"resourceUrl,omitempty"` 703 // Version: The API version. Example: `v1` 704 Version string `json:"version,omitempty"` 705 // ForceSendFields is a list of field names (e.g. "Data") to unconditionally 706 // include in API requests. By default, fields with empty or default values are 707 // omitted from API requests. See 708 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 709 // details. 710 ForceSendFields []string `json:"-"` 711 // NullFields is a list of field names (e.g. "Data") to include in API requests 712 // with the JSON null value. By default, fields with empty values are omitted 713 // from API requests. See 714 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 715 NullFields []string `json:"-"` 716 } 717 718 func (s *GoogleCloudAssetV1p7beta1Resource) MarshalJSON() ([]byte, error) { 719 type NoMethod GoogleCloudAssetV1p7beta1Resource 720 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 721 } 722 723 // GoogleCloudOrgpolicyV1BooleanPolicy: Used in `policy_type` to specify how 724 // `boolean_policy` will behave at this resource. 725 type GoogleCloudOrgpolicyV1BooleanPolicy struct { 726 // Enforced: If `true`, then the `Policy` is enforced. If `false`, then any 727 // configuration is acceptable. Suppose you have a `Constraint` 728 // `constraints/compute.disableSerialPortAccess` with `constraint_default` set 729 // to `ALLOW`. A `Policy` for that `Constraint` exhibits the following 730 // behavior: - If the `Policy` at this resource has enforced set to `false`, 731 // serial port connection attempts will be allowed. - If the `Policy` at this 732 // resource has enforced set to `true`, serial port connection attempts will be 733 // refused. - If the `Policy` at this resource is `RestoreDefault`, serial port 734 // connection attempts will be allowed. - If no `Policy` is set at this 735 // resource or anywhere higher in the resource hierarchy, serial port 736 // connection attempts will be allowed. - If no `Policy` is set at this 737 // resource, but one exists higher in the resource hierarchy, the behavior is 738 // as if the`Policy` were set at this resource. The following examples 739 // demonstrate the different possible layerings: Example 1 (nearest 740 // `Constraint` wins): `organizations/foo` has a `Policy` with: {enforced: 741 // false} `projects/bar` has no `Policy` set. The constraint at `projects/bar` 742 // and `organizations/foo` will not be enforced. Example 2 (enforcement gets 743 // replaced): `organizations/foo` has a `Policy` with: {enforced: false} 744 // `projects/bar` has a `Policy` with: {enforced: true} The constraint at 745 // `organizations/foo` is not enforced. The constraint at `projects/bar` is 746 // enforced. Example 3 (RestoreDefault): `organizations/foo` has a `Policy` 747 // with: {enforced: true} `projects/bar` has a `Policy` with: {RestoreDefault: 748 // {}} The constraint at `organizations/foo` is enforced. The constraint at 749 // `projects/bar` is not enforced, because `constraint_default` for the 750 // `Constraint` is `ALLOW`. 751 Enforced bool `json:"enforced,omitempty"` 752 // ForceSendFields is a list of field names (e.g. "Enforced") to 753 // unconditionally include in API requests. By default, fields with empty or 754 // default values are omitted from API requests. See 755 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 756 // details. 757 ForceSendFields []string `json:"-"` 758 // NullFields is a list of field names (e.g. "Enforced") to include in API 759 // requests with the JSON null value. By default, fields with empty values are 760 // omitted from API requests. See 761 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 762 NullFields []string `json:"-"` 763 } 764 765 func (s *GoogleCloudOrgpolicyV1BooleanPolicy) MarshalJSON() ([]byte, error) { 766 type NoMethod GoogleCloudOrgpolicyV1BooleanPolicy 767 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 768 } 769 770 // GoogleCloudOrgpolicyV1ListPolicy: Used in `policy_type` to specify how 771 // `list_policy` behaves at this resource. `ListPolicy` can define specific 772 // values and subtrees of Cloud Resource Manager resource hierarchy 773 // (`Organizations`, `Folders`, `Projects`) that are allowed or denied by 774 // setting the `allowed_values` and `denied_values` fields. This is achieved by 775 // using the `under:` and optional `is:` prefixes. The `under:` prefix is used 776 // to denote resource subtree values. The `is:` prefix is used to denote 777 // specific values, and is required only if the value contains a ":". Values 778 // prefixed with "is:" are treated the same as values with no prefix. Ancestry 779 // subtrees must be in one of the following formats: - "projects/", e.g. 780 // "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - 781 // "organizations/", e.g. "organizations/1234" The `supports_under` field of 782 // the associated `Constraint` defines whether ancestry prefixes can be used. 783 // You can set `allowed_values` and `denied_values` in the same `Policy` if 784 // `all_values` is `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to 785 // allow or deny all values. If `all_values` is set to either `ALLOW` or 786 // `DENY`, `allowed_values` and `denied_values` must be unset. 787 type GoogleCloudOrgpolicyV1ListPolicy struct { 788 // AllValues: The policy all_values state. 789 // 790 // Possible values: 791 // "ALL_VALUES_UNSPECIFIED" - Indicates that allowed_values or denied_values 792 // must be set. 793 // "ALLOW" - A policy with this set allows all values. 794 // "DENY" - A policy with this set denies all values. 795 AllValues string `json:"allValues,omitempty"` 796 // AllowedValues: List of values allowed at this resource. Can only be set if 797 // `all_values` is set to `ALL_VALUES_UNSPECIFIED`. 798 AllowedValues []string `json:"allowedValues,omitempty"` 799 // DeniedValues: List of values denied at this resource. Can only be set if 800 // `all_values` is set to `ALL_VALUES_UNSPECIFIED`. 801 DeniedValues []string `json:"deniedValues,omitempty"` 802 // InheritFromParent: Determines the inheritance behavior for this `Policy`. By 803 // default, a `ListPolicy` set at a resource supersedes any `Policy` set 804 // anywhere up the resource hierarchy. However, if `inherit_from_parent` is set 805 // to `true`, then the values from the effective `Policy` of the parent 806 // resource are inherited, meaning the values set in this `Policy` are added to 807 // the values inherited up the hierarchy. Setting `Policy` hierarchies that 808 // inherit both allowed values and denied values isn't recommended in most 809 // circumstances to keep the configuration simple and understandable. However, 810 // it is possible to set a `Policy` with `allowed_values` set that inherits a 811 // `Policy` with `denied_values` set. In this case, the values that are allowed 812 // must be in `allowed_values` and not present in `denied_values`. For example, 813 // suppose you have a `Constraint` `constraints/serviceuser.services`, which 814 // has a `constraint_type` of `list_constraint`, and with `constraint_default` 815 // set to `ALLOW`. Suppose that at the Organization level, a `Policy` is 816 // applied that restricts the allowed API activations to {`E1`, `E2`}. Then, if 817 // a `Policy` is applied to a project below the Organization that has 818 // `inherit_from_parent` set to `false` and field all_values set to DENY, then 819 // an attempt to activate any API will be denied. The following examples 820 // demonstrate different possible layerings for `projects/bar` parented by 821 // `organizations/foo`: Example 1 (no inherited values): `organizations/foo` 822 // has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} 823 // `projects/bar` has `inherit_from_parent` `false` and values: 824 // {allowed_values: "E3" allowed_values: "E4"} The accepted values at 825 // `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` 826 // are `E3`, and `E4`. Example 2 (inherited values): `organizations/foo` has a 827 // `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} 828 // `projects/bar` has a `Policy` with values: {value: "E3" value: "E4" 829 // inherit_from_parent: true} The accepted values at `organizations/foo` are 830 // `E1`, `E2`. The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and 831 // `E4`. Example 3 (inheriting both allowed and denied values): 832 // `organizations/foo` has a `Policy` with values: {allowed_values: "E1" 833 // allowed_values: "E2"} `projects/bar` has a `Policy` with: {denied_values: 834 // "E1"} The accepted values at `organizations/foo` are `E1`, `E2`. The value 835 // accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): 836 // `organizations/foo` has a `Policy` with values: {allowed_values: "E1" 837 // allowed_values:"E2"} `projects/bar` has a `Policy` with values: 838 // {RestoreDefault: {}} The accepted values at `organizations/foo` are `E1`, 839 // `E2`. The accepted values at `projects/bar` are either all or none depending 840 // on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). 841 // Example 5 (no policy inherits parent policy): `organizations/foo` has no 842 // `Policy` set. `projects/bar` has no `Policy` set. The accepted values at 843 // both levels are either all or none depending on the value of 844 // `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 845 // (ListConstraint allowing all): `organizations/foo` has a `Policy` with 846 // values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a 847 // `Policy` with: {all: ALLOW} The accepted values at `organizations/foo` are 848 // `E1`, E2`. Any value is accepted at `projects/bar`. Example 7 849 // (ListConstraint allowing none): `organizations/foo` has a `Policy` with 850 // values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a 851 // `Policy` with: {all: DENY} The accepted values at `organizations/foo` are 852 // `E1`, E2`. No value is accepted at `projects/bar`. Example 10 (allowed and 853 // denied subtrees of Resource Manager hierarchy): Given the following resource 854 // hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` has a 855 // `Policy` with values: {allowed_values: "under:organizations/O1"} 856 // `projects/bar` has a `Policy` with: {allowed_values: "under:projects/P3"} 857 // {denied_values: "under:folders/F2"} The accepted values at 858 // `organizations/foo` are `organizations/O1`, `folders/F1`, `folders/F2`, 859 // `projects/P1`, `projects/P2`, `projects/P3`. The accepted values at 860 // `projects/bar` are `organizations/O1`, `folders/F1`, `projects/P1`. 861 InheritFromParent bool `json:"inheritFromParent,omitempty"` 862 // SuggestedValue: Optional. The Google Cloud Console will try to default to a 863 // configuration that matches the value specified in this `Policy`. If 864 // `suggested_value` is not set, it will inherit the value specified higher in 865 // the hierarchy, unless `inherit_from_parent` is `false`. 866 SuggestedValue string `json:"suggestedValue,omitempty"` 867 // ForceSendFields is a list of field names (e.g. "AllValues") to 868 // unconditionally include in API requests. By default, fields with empty or 869 // default values are omitted from API requests. See 870 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 871 // details. 872 ForceSendFields []string `json:"-"` 873 // NullFields is a list of field names (e.g. "AllValues") to include in API 874 // requests with the JSON null value. By default, fields with empty values are 875 // omitted from API requests. See 876 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 877 NullFields []string `json:"-"` 878 } 879 880 func (s *GoogleCloudOrgpolicyV1ListPolicy) MarshalJSON() ([]byte, error) { 881 type NoMethod GoogleCloudOrgpolicyV1ListPolicy 882 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 883 } 884 885 // GoogleCloudOrgpolicyV1Policy: Defines a Cloud Organization `Policy` which is 886 // used to specify `Constraints` for configurations of Cloud Platform 887 // resources. 888 type GoogleCloudOrgpolicyV1Policy struct { 889 // BooleanPolicy: For boolean `Constraints`, whether to enforce the 890 // `Constraint` or not. 891 BooleanPolicy *GoogleCloudOrgpolicyV1BooleanPolicy `json:"booleanPolicy,omitempty"` 892 // Constraint: The name of the `Constraint` the `Policy` is configuring, for 893 // example, `constraints/serviceuser.services`. A list of available constraints 894 // (/resource-manager/docs/organization-policy/org-policy-constraints) is 895 // available. Immutable after creation. 896 Constraint string `json:"constraint,omitempty"` 897 // Etag: An opaque tag indicating the current version of the `Policy`, used for 898 // concurrency control. When the `Policy` is returned from either a `GetPolicy` 899 // or a `ListOrgPolicy` request, this `etag` indicates the version of the 900 // current `Policy` to use when executing a read-modify-write loop. When the 901 // `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be 902 // unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` 903 // value that was returned from a `GetOrgPolicy` request as part of a 904 // read-modify-write loop for concurrency control. Not setting the `etag`in a 905 // `SetOrgPolicy` request will result in an unconditional write of the 906 // `Policy`. 907 Etag string `json:"etag,omitempty"` 908 // ListPolicy: List of values either allowed or disallowed. 909 ListPolicy *GoogleCloudOrgpolicyV1ListPolicy `json:"listPolicy,omitempty"` 910 // RestoreDefault: Restores the default behavior of the constraint; independent 911 // of `Constraint` type. 912 RestoreDefault *GoogleCloudOrgpolicyV1RestoreDefault `json:"restoreDefault,omitempty"` 913 // UpdateTime: The time stamp the `Policy` was previously updated. This is set 914 // by the server, not specified by the caller, and represents the last time a 915 // call to `SetOrgPolicy` was made for that `Policy`. Any value set by the 916 // client will be ignored. 917 UpdateTime string `json:"updateTime,omitempty"` 918 // Version: Version of the `Policy`. Default version is 0; 919 Version int64 `json:"version,omitempty"` 920 // ForceSendFields is a list of field names (e.g. "BooleanPolicy") to 921 // unconditionally include in API requests. By default, fields with empty or 922 // default values are omitted from API requests. See 923 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 924 // details. 925 ForceSendFields []string `json:"-"` 926 // NullFields is a list of field names (e.g. "BooleanPolicy") to include in API 927 // requests with the JSON null value. By default, fields with empty values are 928 // omitted from API requests. See 929 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 930 NullFields []string `json:"-"` 931 } 932 933 func (s *GoogleCloudOrgpolicyV1Policy) MarshalJSON() ([]byte, error) { 934 type NoMethod GoogleCloudOrgpolicyV1Policy 935 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 936 } 937 938 // GoogleCloudOrgpolicyV1RestoreDefault: Ignores policies set above this 939 // resource and restores the `constraint_default` enforcement behavior of the 940 // specific `Constraint` at this resource. Suppose that `constraint_default` is 941 // set to `ALLOW` for the `Constraint` `constraints/serviceuser.services`. 942 // Suppose that organization foo.com sets a `Policy` at their Organization 943 // resource node that restricts the allowed service activations to deny all 944 // service activations. They could then set a `Policy` with the `policy_type` 945 // `restore_default` on several experimental projects, restoring the 946 // `constraint_default` enforcement of the `Constraint` for only those 947 // projects, allowing those projects to have all services activated. 948 type GoogleCloudOrgpolicyV1RestoreDefault struct { 949 } 950 951 // GoogleIdentityAccesscontextmanagerV1AccessLevel: An `AccessLevel` is a label 952 // that can be applied to requests to Google Cloud services, along with a list 953 // of requirements necessary for the label to be applied. 954 type GoogleIdentityAccesscontextmanagerV1AccessLevel struct { 955 // Basic: A `BasicLevel` composed of `Conditions`. 956 Basic *GoogleIdentityAccesscontextmanagerV1BasicLevel `json:"basic,omitempty"` 957 // Custom: A `CustomLevel` written in the Common Expression Language. 958 Custom *GoogleIdentityAccesscontextmanagerV1CustomLevel `json:"custom,omitempty"` 959 // Description: Description of the `AccessLevel` and its use. Does not affect 960 // behavior. 961 Description string `json:"description,omitempty"` 962 // Name: Resource name for the `AccessLevel`. Format: 963 // `accessPolicies/{access_policy}/accessLevels/{access_level}`. The 964 // `access_level` component must begin with a letter, followed by alphanumeric 965 // characters or `_`. Its maximum length is 50 characters. After you create an 966 // `AccessLevel`, you cannot change its `name`. 967 Name string `json:"name,omitempty"` 968 // Title: Human readable title. Must be unique within the Policy. 969 Title string `json:"title,omitempty"` 970 // ForceSendFields is a list of field names (e.g. "Basic") to unconditionally 971 // include in API requests. By default, fields with empty or default values are 972 // omitted from API requests. See 973 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 974 // details. 975 ForceSendFields []string `json:"-"` 976 // NullFields is a list of field names (e.g. "Basic") to include in API 977 // requests with the JSON null value. By default, fields with empty values are 978 // omitted from API requests. See 979 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 980 NullFields []string `json:"-"` 981 } 982 983 func (s *GoogleIdentityAccesscontextmanagerV1AccessLevel) MarshalJSON() ([]byte, error) { 984 type NoMethod GoogleIdentityAccesscontextmanagerV1AccessLevel 985 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 986 } 987 988 // GoogleIdentityAccesscontextmanagerV1AccessPolicy: `AccessPolicy` is a 989 // container for `AccessLevels` (which define the necessary attributes to use 990 // Google Cloud services) and `ServicePerimeters` (which define regions of 991 // services able to freely pass data within a perimeter). An access policy is 992 // globally visible within an organization, and the restrictions it specifies 993 // apply to all projects within an organization. 994 type GoogleIdentityAccesscontextmanagerV1AccessPolicy struct { 995 // Etag: Output only. An opaque identifier for the current version of the 996 // `AccessPolicy`. This will always be a strongly validated etag, meaning that 997 // two Access Polices will be identical if and only if their etags are 998 // identical. Clients should not expect this to be in any specific format. 999 Etag string `json:"etag,omitempty"` 1000 // Name: Output only. Resource name of the `AccessPolicy`. Format: 1001 // `accessPolicies/{access_policy}` 1002 Name string `json:"name,omitempty"` 1003 // Parent: Required. The parent of this `AccessPolicy` in the Cloud Resource 1004 // Hierarchy. Currently immutable once created. Format: 1005 // `organizations/{organization_id}` 1006 Parent string `json:"parent,omitempty"` 1007 // Scopes: The scopes of the AccessPolicy. Scopes define which resources a 1008 // policy can restrict and where its resources can be referenced. For example, 1009 // policy A with `scopes=["folders/123"]` has the following behavior: - 1010 // ServicePerimeter can only restrict projects within `folders/123`. - 1011 // ServicePerimeter within policy A can only reference access levels defined 1012 // within policy A. - Only one policy can include a given scope; thus, 1013 // attempting to create a second policy which includes `folders/123` will 1014 // result in an error. If no scopes are provided, then any resource within the 1015 // organization can be restricted. Scopes cannot be modified after a policy is 1016 // created. Policies can only have a single scope. Format: list of 1017 // `folders/{folder_number}` or `projects/{project_number}` 1018 Scopes []string `json:"scopes,omitempty"` 1019 // Title: Required. Human readable title. Does not affect behavior. 1020 Title string `json:"title,omitempty"` 1021 // ForceSendFields is a list of field names (e.g. "Etag") to unconditionally 1022 // include in API requests. By default, fields with empty or default values are 1023 // omitted from API requests. See 1024 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1025 // details. 1026 ForceSendFields []string `json:"-"` 1027 // NullFields is a list of field names (e.g. "Etag") to include in API requests 1028 // with the JSON null value. By default, fields with empty values are omitted 1029 // from API requests. See 1030 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1031 NullFields []string `json:"-"` 1032 } 1033 1034 func (s *GoogleIdentityAccesscontextmanagerV1AccessPolicy) MarshalJSON() ([]byte, error) { 1035 type NoMethod GoogleIdentityAccesscontextmanagerV1AccessPolicy 1036 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1037 } 1038 1039 // GoogleIdentityAccesscontextmanagerV1ApiOperation: Identification for an API 1040 // Operation. 1041 type GoogleIdentityAccesscontextmanagerV1ApiOperation struct { 1042 // MethodSelectors: API methods or permissions to allow. Method or permission 1043 // must belong to the service specified by `service_name` field. A single 1044 // MethodSelector entry with `*` specified for the `method` field will allow 1045 // all methods AND permissions for the service specified in `service_name`. 1046 MethodSelectors []*GoogleIdentityAccesscontextmanagerV1MethodSelector `json:"methodSelectors,omitempty"` 1047 // ServiceName: The name of the API whose methods or permissions the 1048 // IngressPolicy or EgressPolicy want to allow. A single ApiOperation with 1049 // `service_name` field set to `*` will allow all methods AND permissions for 1050 // all services. 1051 ServiceName string `json:"serviceName,omitempty"` 1052 // ForceSendFields is a list of field names (e.g. "MethodSelectors") to 1053 // unconditionally include in API requests. By default, fields with empty or 1054 // default values are omitted from API requests. See 1055 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1056 // details. 1057 ForceSendFields []string `json:"-"` 1058 // NullFields is a list of field names (e.g. "MethodSelectors") to include in 1059 // API requests with the JSON null value. By default, fields with empty values 1060 // are omitted from API requests. See 1061 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1062 NullFields []string `json:"-"` 1063 } 1064 1065 func (s *GoogleIdentityAccesscontextmanagerV1ApiOperation) MarshalJSON() ([]byte, error) { 1066 type NoMethod GoogleIdentityAccesscontextmanagerV1ApiOperation 1067 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1068 } 1069 1070 // GoogleIdentityAccesscontextmanagerV1BasicLevel: `BasicLevel` is an 1071 // `AccessLevel` using a set of recommended features. 1072 type GoogleIdentityAccesscontextmanagerV1BasicLevel struct { 1073 // CombiningFunction: How the `conditions` list should be combined to determine 1074 // if a request is granted this `AccessLevel`. If AND is used, each `Condition` 1075 // in `conditions` must be satisfied for the `AccessLevel` to be applied. If OR 1076 // is used, at least one `Condition` in `conditions` must be satisfied for the 1077 // `AccessLevel` to be applied. Default behavior is AND. 1078 // 1079 // Possible values: 1080 // "AND" - All `Conditions` must be true for the `BasicLevel` to be true. 1081 // "OR" - If at least one `Condition` is true, then the `BasicLevel` is true. 1082 CombiningFunction string `json:"combiningFunction,omitempty"` 1083 // Conditions: Required. A list of requirements for the `AccessLevel` to be 1084 // granted. 1085 Conditions []*GoogleIdentityAccesscontextmanagerV1Condition `json:"conditions,omitempty"` 1086 // ForceSendFields is a list of field names (e.g. "CombiningFunction") to 1087 // unconditionally include in API requests. By default, fields with empty or 1088 // default values are omitted from API requests. See 1089 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1090 // details. 1091 ForceSendFields []string `json:"-"` 1092 // NullFields is a list of field names (e.g. "CombiningFunction") to include in 1093 // API requests with the JSON null value. By default, fields with empty values 1094 // are omitted from API requests. See 1095 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1096 NullFields []string `json:"-"` 1097 } 1098 1099 func (s *GoogleIdentityAccesscontextmanagerV1BasicLevel) MarshalJSON() ([]byte, error) { 1100 type NoMethod GoogleIdentityAccesscontextmanagerV1BasicLevel 1101 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1102 } 1103 1104 // GoogleIdentityAccesscontextmanagerV1Condition: A condition necessary for an 1105 // `AccessLevel` to be granted. The Condition is an AND over its fields. So a 1106 // Condition is true if: 1) the request IP is from one of the listed 1107 // subnetworks AND 2) the originating device complies with the listed device 1108 // policy AND 3) all listed access levels are granted AND 4) the request was 1109 // sent at a time allowed by the DateTimeRestriction. 1110 type GoogleIdentityAccesscontextmanagerV1Condition struct { 1111 // DevicePolicy: Device specific restrictions, all restrictions must hold for 1112 // the Condition to be true. If not specified, all devices are allowed. 1113 DevicePolicy *GoogleIdentityAccesscontextmanagerV1DevicePolicy `json:"devicePolicy,omitempty"` 1114 // IpSubnetworks: CIDR block IP subnetwork specification. May be IPv4 or IPv6. 1115 // Note that for a CIDR IP address block, the specified IP address portion must 1116 // be properly truncated (i.e. all the host bits must be zero) or the input is 1117 // considered malformed. For example, "192.0.2.0/24" is accepted but 1118 // "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted 1119 // whereas "2001:db8::1/32" is not. The originating IP of a request must be in 1120 // one of the listed subnets in order for this Condition to be true. If empty, 1121 // all IP addresses are allowed. 1122 IpSubnetworks []string `json:"ipSubnetworks,omitempty"` 1123 // Members: The request must be made by one of the provided user or service 1124 // accounts. Groups are not supported. Syntax: `user:{emailid}` 1125 // `serviceAccount:{emailid}` If not specified, a request may come from any 1126 // user. 1127 Members []string `json:"members,omitempty"` 1128 // Negate: Whether to negate the Condition. If true, the Condition becomes a 1129 // NAND over its non-empty fields. Any non-empty field criteria evaluating to 1130 // false will result in the Condition to be satisfied. Defaults to false. 1131 Negate bool `json:"negate,omitempty"` 1132 // Regions: The request must originate from one of the provided 1133 // countries/regions. Must be valid ISO 3166-1 alpha-2 codes. 1134 Regions []string `json:"regions,omitempty"` 1135 // RequiredAccessLevels: A list of other access levels defined in the same 1136 // `Policy`, referenced by resource name. Referencing an `AccessLevel` which 1137 // does not exist is an error. All access levels listed must be granted for the 1138 // Condition to be true. Example: 1139 // "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME" 1140 RequiredAccessLevels []string `json:"requiredAccessLevels,omitempty"` 1141 // VpcNetworkSources: The request must originate from one of the provided VPC 1142 // networks in Google Cloud. Cannot specify this field together with 1143 // `ip_subnetworks`. 1144 VpcNetworkSources []*GoogleIdentityAccesscontextmanagerV1VpcNetworkSource `json:"vpcNetworkSources,omitempty"` 1145 // ForceSendFields is a list of field names (e.g. "DevicePolicy") to 1146 // unconditionally include in API requests. By default, fields with empty or 1147 // default values are omitted from API requests. See 1148 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1149 // details. 1150 ForceSendFields []string `json:"-"` 1151 // NullFields is a list of field names (e.g. "DevicePolicy") to include in API 1152 // requests with the JSON null value. By default, fields with empty values are 1153 // omitted from API requests. See 1154 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1155 NullFields []string `json:"-"` 1156 } 1157 1158 func (s *GoogleIdentityAccesscontextmanagerV1Condition) MarshalJSON() ([]byte, error) { 1159 type NoMethod GoogleIdentityAccesscontextmanagerV1Condition 1160 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1161 } 1162 1163 // GoogleIdentityAccesscontextmanagerV1CustomLevel: `CustomLevel` is an 1164 // `AccessLevel` using the Cloud Common Expression Language to represent the 1165 // necessary conditions for the level to apply to a request. See CEL spec at: 1166 // https://github.com/google/cel-spec 1167 type GoogleIdentityAccesscontextmanagerV1CustomLevel struct { 1168 // Expr: Required. A Cloud CEL expression evaluating to a boolean. 1169 Expr *Expr `json:"expr,omitempty"` 1170 // ForceSendFields is a list of field names (e.g. "Expr") to unconditionally 1171 // include in API requests. By default, fields with empty or default values are 1172 // omitted from API requests. See 1173 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1174 // details. 1175 ForceSendFields []string `json:"-"` 1176 // NullFields is a list of field names (e.g. "Expr") to include in API requests 1177 // with the JSON null value. By default, fields with empty values are omitted 1178 // from API requests. See 1179 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1180 NullFields []string `json:"-"` 1181 } 1182 1183 func (s *GoogleIdentityAccesscontextmanagerV1CustomLevel) MarshalJSON() ([]byte, error) { 1184 type NoMethod GoogleIdentityAccesscontextmanagerV1CustomLevel 1185 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1186 } 1187 1188 // GoogleIdentityAccesscontextmanagerV1DevicePolicy: `DevicePolicy` specifies 1189 // device specific restrictions necessary to acquire a given access level. A 1190 // `DevicePolicy` specifies requirements for requests from devices to be 1191 // granted access levels, it does not do any enforcement on the device. 1192 // `DevicePolicy` acts as an AND over all specified fields, and each repeated 1193 // field is an OR over its elements. Any unset fields are ignored. For example, 1194 // if the proto is { os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, 1195 // encryption_status: ENCRYPTED}, then the DevicePolicy will be true for 1196 // requests originating from encrypted Linux desktops and encrypted Windows 1197 // desktops. 1198 type GoogleIdentityAccesscontextmanagerV1DevicePolicy struct { 1199 // AllowedDeviceManagementLevels: Allowed device management levels, an empty 1200 // list allows all management levels. 1201 // 1202 // Possible values: 1203 // "MANAGEMENT_UNSPECIFIED" - The device's management level is not specified 1204 // or not known. 1205 // "NONE" - The device is not managed. 1206 // "BASIC" - Basic management is enabled, which is generally limited to 1207 // monitoring and wiping the corporate account. 1208 // "COMPLETE" - Complete device management. This includes more thorough 1209 // monitoring and the ability to directly manage the device (such as remote 1210 // wiping). This can be enabled through the Android Enterprise Platform. 1211 AllowedDeviceManagementLevels []string `json:"allowedDeviceManagementLevels,omitempty"` 1212 // AllowedEncryptionStatuses: Allowed encryptions statuses, an empty list 1213 // allows all statuses. 1214 // 1215 // Possible values: 1216 // "ENCRYPTION_UNSPECIFIED" - The encryption status of the device is not 1217 // specified or not known. 1218 // "ENCRYPTION_UNSUPPORTED" - The device does not support encryption. 1219 // "UNENCRYPTED" - The device supports encryption, but is currently 1220 // unencrypted. 1221 // "ENCRYPTED" - The device is encrypted. 1222 AllowedEncryptionStatuses []string `json:"allowedEncryptionStatuses,omitempty"` 1223 // OsConstraints: Allowed OS versions, an empty list allows all types and all 1224 // versions. 1225 OsConstraints []*GoogleIdentityAccesscontextmanagerV1OsConstraint `json:"osConstraints,omitempty"` 1226 // RequireAdminApproval: Whether the device needs to be approved by the 1227 // customer admin. 1228 RequireAdminApproval bool `json:"requireAdminApproval,omitempty"` 1229 // RequireCorpOwned: Whether the device needs to be corp owned. 1230 RequireCorpOwned bool `json:"requireCorpOwned,omitempty"` 1231 // RequireScreenlock: Whether or not screenlock is required for the 1232 // DevicePolicy to be true. Defaults to `false`. 1233 RequireScreenlock bool `json:"requireScreenlock,omitempty"` 1234 // ForceSendFields is a list of field names (e.g. 1235 // "AllowedDeviceManagementLevels") to unconditionally include in API requests. 1236 // By default, fields with empty or default values are omitted from API 1237 // requests. See https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields 1238 // for more details. 1239 ForceSendFields []string `json:"-"` 1240 // NullFields is a list of field names (e.g. "AllowedDeviceManagementLevels") 1241 // to include in API requests with the JSON null value. By default, fields with 1242 // empty values are omitted from API requests. See 1243 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1244 NullFields []string `json:"-"` 1245 } 1246 1247 func (s *GoogleIdentityAccesscontextmanagerV1DevicePolicy) MarshalJSON() ([]byte, error) { 1248 type NoMethod GoogleIdentityAccesscontextmanagerV1DevicePolicy 1249 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1250 } 1251 1252 // GoogleIdentityAccesscontextmanagerV1EgressFrom: Defines the conditions under 1253 // which an EgressPolicy matches a request. Conditions based on information 1254 // about the source of the request. Note that if the destination of the request 1255 // is also protected by a ServicePerimeter, then that ServicePerimeter must 1256 // have an IngressPolicy which allows access in order for this request to 1257 // succeed. 1258 type GoogleIdentityAccesscontextmanagerV1EgressFrom struct { 1259 // Identities: A list of identities that are allowed access through 1260 // [EgressPolicy]. Identities can be an individual user, service account, 1261 // Google group, or third-party identity. The `v1` identities that have the 1262 // prefix `user`, `group`, `serviceAccount`, `principal`, and `principalSet` in 1263 // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. 1264 Identities []string `json:"identities,omitempty"` 1265 // IdentityType: Specifies the type of identities that are allowed access to 1266 // outside the perimeter. If left unspecified, then members of `identities` 1267 // field will be allowed access. 1268 // 1269 // Possible values: 1270 // "IDENTITY_TYPE_UNSPECIFIED" - No blanket identity group specified. 1271 // "ANY_IDENTITY" - Authorize access from all identities outside the 1272 // perimeter. 1273 // "ANY_USER_ACCOUNT" - Authorize access from all human users outside the 1274 // perimeter. 1275 // "ANY_SERVICE_ACCOUNT" - Authorize access from all service accounts outside 1276 // the perimeter. 1277 IdentityType string `json:"identityType,omitempty"` 1278 // SourceRestriction: Whether to enforce traffic restrictions based on 1279 // `sources` field. If the `sources` fields is non-empty, then this field must 1280 // be set to `SOURCE_RESTRICTION_ENABLED`. 1281 // 1282 // Possible values: 1283 // "SOURCE_RESTRICTION_UNSPECIFIED" - Enforcement preference unspecified, 1284 // will not enforce traffic restrictions based on `sources` in EgressFrom. 1285 // "SOURCE_RESTRICTION_ENABLED" - Enforcement preference enabled, traffic 1286 // restrictions will be enforced based on `sources` in EgressFrom. 1287 // "SOURCE_RESTRICTION_DISABLED" - Enforcement preference disabled, will not 1288 // enforce traffic restrictions based on `sources` in EgressFrom. 1289 SourceRestriction string `json:"sourceRestriction,omitempty"` 1290 // Sources: Sources that this EgressPolicy authorizes access from. If this 1291 // field is not empty, then `source_restriction` must be set to 1292 // `SOURCE_RESTRICTION_ENABLED`. 1293 Sources []*GoogleIdentityAccesscontextmanagerV1EgressSource `json:"sources,omitempty"` 1294 // ForceSendFields is a list of field names (e.g. "Identities") to 1295 // unconditionally include in API requests. By default, fields with empty or 1296 // default values are omitted from API requests. See 1297 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1298 // details. 1299 ForceSendFields []string `json:"-"` 1300 // NullFields is a list of field names (e.g. "Identities") to include in API 1301 // requests with the JSON null value. By default, fields with empty values are 1302 // omitted from API requests. See 1303 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1304 NullFields []string `json:"-"` 1305 } 1306 1307 func (s *GoogleIdentityAccesscontextmanagerV1EgressFrom) MarshalJSON() ([]byte, error) { 1308 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressFrom 1309 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1310 } 1311 1312 // GoogleIdentityAccesscontextmanagerV1EgressPolicy: Policy for egress from 1313 // perimeter. EgressPolicies match requests based on `egress_from` and 1314 // `egress_to` stanzas. For an EgressPolicy to match, both `egress_from` and 1315 // `egress_to` stanzas must be matched. If an EgressPolicy matches a request, 1316 // the request is allowed to span the ServicePerimeter boundary. For example, 1317 // an EgressPolicy can be used to allow VMs on networks within the 1318 // ServicePerimeter to access a defined set of projects outside the perimeter 1319 // in certain contexts (e.g. to read data from a Cloud Storage bucket or query 1320 // against a BigQuery dataset). EgressPolicies are concerned with the 1321 // *resources* that a request relates as well as the API services and API 1322 // actions being used. They do not related to the direction of data movement. 1323 // More detailed documentation for this concept can be found in the 1324 // descriptions of EgressFrom and EgressTo. 1325 type GoogleIdentityAccesscontextmanagerV1EgressPolicy struct { 1326 // EgressFrom: Defines conditions on the source of a request causing this 1327 // EgressPolicy to apply. 1328 EgressFrom *GoogleIdentityAccesscontextmanagerV1EgressFrom `json:"egressFrom,omitempty"` 1329 // EgressTo: Defines the conditions on the ApiOperation and destination 1330 // resources that cause this EgressPolicy to apply. 1331 EgressTo *GoogleIdentityAccesscontextmanagerV1EgressTo `json:"egressTo,omitempty"` 1332 // ForceSendFields is a list of field names (e.g. "EgressFrom") to 1333 // unconditionally include in API requests. By default, fields with empty or 1334 // default values are omitted from API requests. See 1335 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1336 // details. 1337 ForceSendFields []string `json:"-"` 1338 // NullFields is a list of field names (e.g. "EgressFrom") to include in API 1339 // requests with the JSON null value. By default, fields with empty values are 1340 // omitted from API requests. See 1341 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1342 NullFields []string `json:"-"` 1343 } 1344 1345 func (s *GoogleIdentityAccesscontextmanagerV1EgressPolicy) MarshalJSON() ([]byte, error) { 1346 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressPolicy 1347 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1348 } 1349 1350 // GoogleIdentityAccesscontextmanagerV1EgressSource: The source that 1351 // EgressPolicy authorizes access from inside the ServicePerimeter to somewhere 1352 // outside the ServicePerimeter boundaries. 1353 type GoogleIdentityAccesscontextmanagerV1EgressSource struct { 1354 // AccessLevel: An AccessLevel resource name that allows protected resources 1355 // inside the ServicePerimeters to access outside the ServicePerimeter 1356 // boundaries. AccessLevels listed must be in the same policy as this 1357 // ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. 1358 // If an AccessLevel name is not specified, only resources within the perimeter 1359 // can be accessed through Google Cloud calls with request origins within the 1360 // perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a 1361 // single `*` is specified for `access_level`, then all EgressSources will be 1362 // allowed. 1363 AccessLevel string `json:"accessLevel,omitempty"` 1364 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 1365 // unconditionally include in API requests. By default, fields with empty or 1366 // default values are omitted from API requests. See 1367 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1368 // details. 1369 ForceSendFields []string `json:"-"` 1370 // NullFields is a list of field names (e.g. "AccessLevel") to include in API 1371 // requests with the JSON null value. By default, fields with empty values are 1372 // omitted from API requests. See 1373 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1374 NullFields []string `json:"-"` 1375 } 1376 1377 func (s *GoogleIdentityAccesscontextmanagerV1EgressSource) MarshalJSON() ([]byte, error) { 1378 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressSource 1379 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1380 } 1381 1382 // GoogleIdentityAccesscontextmanagerV1EgressTo: Defines the conditions under 1383 // which an EgressPolicy matches a request. Conditions are based on information 1384 // about the ApiOperation intended to be performed on the `resources` 1385 // specified. Note that if the destination of the request is also protected by 1386 // a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy 1387 // which allows access in order for this request to succeed. The request must 1388 // match `operations` AND `resources` fields in order to be allowed egress out 1389 // of the perimeter. 1390 type GoogleIdentityAccesscontextmanagerV1EgressTo struct { 1391 // ExternalResources: A list of external resources that are allowed to be 1392 // accessed. Only AWS and Azure resources are supported. For Amazon S3, the 1393 // supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and 1394 // s3n://BUCKET_NAME. For Azure Storage, the supported format is 1395 // azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if 1396 // it contains an external resource in this list (Example: s3://bucket/path). 1397 // Currently '*' is not allowed. 1398 ExternalResources []string `json:"externalResources,omitempty"` 1399 // Operations: A list of ApiOperations allowed to be performed by the sources 1400 // specified in the corresponding EgressFrom. A request matches if it uses an 1401 // operation/service in this list. 1402 Operations []*GoogleIdentityAccesscontextmanagerV1ApiOperation `json:"operations,omitempty"` 1403 // Resources: A list of resources, currently only projects in the form 1404 // `projects/`, that are allowed to be accessed by sources defined in the 1405 // corresponding EgressFrom. A request matches if it contains a resource in 1406 // this list. If `*` is specified for `resources`, then this EgressTo rule will 1407 // authorize access to all resources outside the perimeter. 1408 Resources []string `json:"resources,omitempty"` 1409 // ForceSendFields is a list of field names (e.g. "ExternalResources") to 1410 // unconditionally include in API requests. By default, fields with empty or 1411 // default values are omitted from API requests. See 1412 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1413 // details. 1414 ForceSendFields []string `json:"-"` 1415 // NullFields is a list of field names (e.g. "ExternalResources") to include in 1416 // API requests with the JSON null value. By default, fields with empty values 1417 // are omitted from API requests. See 1418 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1419 NullFields []string `json:"-"` 1420 } 1421 1422 func (s *GoogleIdentityAccesscontextmanagerV1EgressTo) MarshalJSON() ([]byte, error) { 1423 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressTo 1424 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1425 } 1426 1427 // GoogleIdentityAccesscontextmanagerV1IngressFrom: Defines the conditions 1428 // under which an IngressPolicy matches a request. Conditions are based on 1429 // information about the source of the request. The request must satisfy what 1430 // is defined in `sources` AND identity related fields in order to match. 1431 type GoogleIdentityAccesscontextmanagerV1IngressFrom struct { 1432 // Identities: A list of identities that are allowed access through 1433 // [IngressPolicy]. Identities can be an individual user, service account, 1434 // Google group, or third-party identity. The `v1` identities that have the 1435 // prefix `user`, `group`, `serviceAccount`, `principal`, and `principalSet` in 1436 // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. 1437 Identities []string `json:"identities,omitempty"` 1438 // IdentityType: Specifies the type of identities that are allowed access from 1439 // outside the perimeter. If left unspecified, then members of `identities` 1440 // field will be allowed access. 1441 // 1442 // Possible values: 1443 // "IDENTITY_TYPE_UNSPECIFIED" - No blanket identity group specified. 1444 // "ANY_IDENTITY" - Authorize access from all identities outside the 1445 // perimeter. 1446 // "ANY_USER_ACCOUNT" - Authorize access from all human users outside the 1447 // perimeter. 1448 // "ANY_SERVICE_ACCOUNT" - Authorize access from all service accounts outside 1449 // the perimeter. 1450 IdentityType string `json:"identityType,omitempty"` 1451 // Sources: Sources that this IngressPolicy authorizes access from. 1452 Sources []*GoogleIdentityAccesscontextmanagerV1IngressSource `json:"sources,omitempty"` 1453 // ForceSendFields is a list of field names (e.g. "Identities") to 1454 // unconditionally include in API requests. By default, fields with empty or 1455 // default values are omitted from API requests. See 1456 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1457 // details. 1458 ForceSendFields []string `json:"-"` 1459 // NullFields is a list of field names (e.g. "Identities") to include in API 1460 // requests with the JSON null value. By default, fields with empty values are 1461 // omitted from API requests. See 1462 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1463 NullFields []string `json:"-"` 1464 } 1465 1466 func (s *GoogleIdentityAccesscontextmanagerV1IngressFrom) MarshalJSON() ([]byte, error) { 1467 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressFrom 1468 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1469 } 1470 1471 // GoogleIdentityAccesscontextmanagerV1IngressPolicy: Policy for ingress into 1472 // ServicePerimeter. IngressPolicies match requests based on `ingress_from` and 1473 // `ingress_to` stanzas. For an ingress policy to match, both the 1474 // `ingress_from` and `ingress_to` stanzas must be matched. If an IngressPolicy 1475 // matches a request, the request is allowed through the perimeter boundary 1476 // from outside the perimeter. For example, access from the internet can be 1477 // allowed either based on an AccessLevel or, for traffic hosted on Google 1478 // Cloud, the project of the source network. For access from private networks, 1479 // using the project of the hosting network is required. Individual ingress 1480 // policies can be limited by restricting which services and/or actions they 1481 // match using the `ingress_to` field. 1482 type GoogleIdentityAccesscontextmanagerV1IngressPolicy struct { 1483 // IngressFrom: Defines the conditions on the source of a request causing this 1484 // IngressPolicy to apply. 1485 IngressFrom *GoogleIdentityAccesscontextmanagerV1IngressFrom `json:"ingressFrom,omitempty"` 1486 // IngressTo: Defines the conditions on the ApiOperation and request 1487 // destination that cause this IngressPolicy to apply. 1488 IngressTo *GoogleIdentityAccesscontextmanagerV1IngressTo `json:"ingressTo,omitempty"` 1489 // ForceSendFields is a list of field names (e.g. "IngressFrom") to 1490 // unconditionally include in API requests. By default, fields with empty or 1491 // default values are omitted from API requests. See 1492 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1493 // details. 1494 ForceSendFields []string `json:"-"` 1495 // NullFields is a list of field names (e.g. "IngressFrom") to include in API 1496 // requests with the JSON null value. By default, fields with empty values are 1497 // omitted from API requests. See 1498 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1499 NullFields []string `json:"-"` 1500 } 1501 1502 func (s *GoogleIdentityAccesscontextmanagerV1IngressPolicy) MarshalJSON() ([]byte, error) { 1503 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressPolicy 1504 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1505 } 1506 1507 // GoogleIdentityAccesscontextmanagerV1IngressSource: The source that 1508 // IngressPolicy authorizes access from. 1509 type GoogleIdentityAccesscontextmanagerV1IngressSource struct { 1510 // AccessLevel: An AccessLevel resource name that allow resources within the 1511 // ServicePerimeters to be accessed from the internet. AccessLevels listed must 1512 // be in the same policy as this ServicePerimeter. Referencing a nonexistent 1513 // AccessLevel will cause an error. If no AccessLevel names are listed, 1514 // resources within the perimeter can only be accessed via Google Cloud calls 1515 // with request origins within the perimeter. Example: 1516 // `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is 1517 // specified for `access_level`, then all IngressSources will be allowed. 1518 AccessLevel string `json:"accessLevel,omitempty"` 1519 // Resource: A Google Cloud resource that is allowed to ingress the perimeter. 1520 // Requests from these resources will be allowed to access perimeter data. 1521 // Currently only projects and VPCs are allowed. Project format: 1522 // `projects/{project_number}` VPC network format: 1523 // `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`. The 1524 // project may be in any Google Cloud organization, not just the organization 1525 // that the perimeter is defined in. `*` is not allowed, the case of allowing 1526 // all Google Cloud resources only is not supported. 1527 Resource string `json:"resource,omitempty"` 1528 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 1529 // unconditionally include in API requests. By default, fields with empty or 1530 // default values are omitted from API requests. See 1531 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1532 // details. 1533 ForceSendFields []string `json:"-"` 1534 // NullFields is a list of field names (e.g. "AccessLevel") to include in API 1535 // requests with the JSON null value. By default, fields with empty values are 1536 // omitted from API requests. See 1537 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1538 NullFields []string `json:"-"` 1539 } 1540 1541 func (s *GoogleIdentityAccesscontextmanagerV1IngressSource) MarshalJSON() ([]byte, error) { 1542 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressSource 1543 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1544 } 1545 1546 // GoogleIdentityAccesscontextmanagerV1IngressTo: Defines the conditions under 1547 // which an IngressPolicy matches a request. Conditions are based on 1548 // information about the ApiOperation intended to be performed on the target 1549 // resource of the request. The request must satisfy what is defined in 1550 // `operations` AND `resources` in order to match. 1551 type GoogleIdentityAccesscontextmanagerV1IngressTo struct { 1552 // Operations: A list of ApiOperations allowed to be performed by the sources 1553 // specified in corresponding IngressFrom in this ServicePerimeter. 1554 Operations []*GoogleIdentityAccesscontextmanagerV1ApiOperation `json:"operations,omitempty"` 1555 // Resources: A list of resources, currently only projects in the form 1556 // `projects/`, protected by this ServicePerimeter that are allowed to be 1557 // accessed by sources defined in the corresponding IngressFrom. If a single 1558 // `*` is specified, then access to all resources inside the perimeter are 1559 // allowed. 1560 Resources []string `json:"resources,omitempty"` 1561 // ForceSendFields is a list of field names (e.g. "Operations") to 1562 // unconditionally include in API requests. By default, fields with empty or 1563 // default values are omitted from API requests. See 1564 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1565 // details. 1566 ForceSendFields []string `json:"-"` 1567 // NullFields is a list of field names (e.g. "Operations") to include in API 1568 // requests with the JSON null value. By default, fields with empty values are 1569 // omitted from API requests. See 1570 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1571 NullFields []string `json:"-"` 1572 } 1573 1574 func (s *GoogleIdentityAccesscontextmanagerV1IngressTo) MarshalJSON() ([]byte, error) { 1575 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressTo 1576 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1577 } 1578 1579 // GoogleIdentityAccesscontextmanagerV1MethodSelector: An allowed method or 1580 // permission of a service specified in ApiOperation. 1581 type GoogleIdentityAccesscontextmanagerV1MethodSelector struct { 1582 // Method: A valid method name for the corresponding `service_name` in 1583 // ApiOperation. If `*` is used as the value for the `method`, then ALL methods 1584 // and permissions are allowed. 1585 Method string `json:"method,omitempty"` 1586 // Permission: A valid Cloud IAM permission for the corresponding 1587 // `service_name` in ApiOperation. 1588 Permission string `json:"permission,omitempty"` 1589 // ForceSendFields is a list of field names (e.g. "Method") to unconditionally 1590 // include in API requests. By default, fields with empty or default values are 1591 // omitted from API requests. See 1592 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1593 // details. 1594 ForceSendFields []string `json:"-"` 1595 // NullFields is a list of field names (e.g. "Method") to include in API 1596 // requests with the JSON null value. By default, fields with empty values are 1597 // omitted from API requests. See 1598 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1599 NullFields []string `json:"-"` 1600 } 1601 1602 func (s *GoogleIdentityAccesscontextmanagerV1MethodSelector) MarshalJSON() ([]byte, error) { 1603 type NoMethod GoogleIdentityAccesscontextmanagerV1MethodSelector 1604 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1605 } 1606 1607 // GoogleIdentityAccesscontextmanagerV1OsConstraint: A restriction on the OS 1608 // type and version of devices making requests. 1609 type GoogleIdentityAccesscontextmanagerV1OsConstraint struct { 1610 // MinimumVersion: The minimum allowed OS version. If not set, any version of 1611 // this OS satisfies the constraint. Format: "major.minor.patch". Examples: 1612 // "10.5.301", "9.2.1". 1613 MinimumVersion string `json:"minimumVersion,omitempty"` 1614 // OsType: Required. The allowed OS type. 1615 // 1616 // Possible values: 1617 // "OS_UNSPECIFIED" - The operating system of the device is not specified or 1618 // not known. 1619 // "DESKTOP_MAC" - A desktop Mac operating system. 1620 // "DESKTOP_WINDOWS" - A desktop Windows operating system. 1621 // "DESKTOP_LINUX" - A desktop Linux operating system. 1622 // "DESKTOP_CHROME_OS" - A desktop ChromeOS operating system. 1623 // "ANDROID" - An Android operating system. 1624 // "IOS" - An iOS operating system. 1625 OsType string `json:"osType,omitempty"` 1626 // RequireVerifiedChromeOs: Only allows requests from devices with a verified 1627 // Chrome OS. Verifications includes requirements that the device is 1628 // enterprise-managed, conformant to domain policies, and the caller has 1629 // permission to call the API targeted by the request. 1630 RequireVerifiedChromeOs bool `json:"requireVerifiedChromeOs,omitempty"` 1631 // ForceSendFields is a list of field names (e.g. "MinimumVersion") to 1632 // unconditionally include in API requests. By default, fields with empty or 1633 // default values are omitted from API requests. See 1634 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1635 // details. 1636 ForceSendFields []string `json:"-"` 1637 // NullFields is a list of field names (e.g. "MinimumVersion") to include in 1638 // API requests with the JSON null value. By default, fields with empty values 1639 // are omitted from API requests. See 1640 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1641 NullFields []string `json:"-"` 1642 } 1643 1644 func (s *GoogleIdentityAccesscontextmanagerV1OsConstraint) MarshalJSON() ([]byte, error) { 1645 type NoMethod GoogleIdentityAccesscontextmanagerV1OsConstraint 1646 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1647 } 1648 1649 // GoogleIdentityAccesscontextmanagerV1ServicePerimeter: `ServicePerimeter` 1650 // describes a set of Google Cloud resources which can freely import and export 1651 // data amongst themselves, but not export outside of the `ServicePerimeter`. 1652 // If a request with a source within this `ServicePerimeter` has a target 1653 // outside of the `ServicePerimeter`, the request will be blocked. Otherwise 1654 // the request is allowed. There are two types of Service Perimeter - Regular 1655 // and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud 1656 // project or VPC network can only belong to a single regular Service 1657 // Perimeter. Service Perimeter Bridges can contain only Google Cloud projects 1658 // as members, a single Google Cloud project may belong to multiple Service 1659 // Perimeter Bridges. 1660 type GoogleIdentityAccesscontextmanagerV1ServicePerimeter struct { 1661 // Description: Description of the `ServicePerimeter` and its use. Does not 1662 // affect behavior. 1663 Description string `json:"description,omitempty"` 1664 // Name: Resource name for the `ServicePerimeter`. Format: 1665 // `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The 1666 // `service_perimeter` component must begin with a letter, followed by 1667 // alphanumeric characters or `_`. After you create a `ServicePerimeter`, you 1668 // cannot change its `name`. 1669 Name string `json:"name,omitempty"` 1670 // PerimeterType: Perimeter type indicator. A single project or VPC network is 1671 // allowed to be a member of single regular perimeter, but multiple service 1672 // perimeter bridges. A project cannot be a included in a perimeter bridge 1673 // without being included in regular perimeter. For perimeter bridges, the 1674 // restricted service list as well as access level lists must be empty. 1675 // 1676 // Possible values: 1677 // "PERIMETER_TYPE_REGULAR" - Regular Perimeter. When no value is specified, 1678 // the perimeter uses this type. 1679 // "PERIMETER_TYPE_BRIDGE" - Perimeter Bridge. 1680 PerimeterType string `json:"perimeterType,omitempty"` 1681 // Spec: Proposed (or dry run) ServicePerimeter configuration. This 1682 // configuration allows to specify and test ServicePerimeter configuration 1683 // without enforcing actual access restrictions. Only allowed to be set when 1684 // the "use_explicit_dry_run_spec" flag is set. 1685 Spec *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig `json:"spec,omitempty"` 1686 // Status: Current ServicePerimeter configuration. Specifies sets of resources, 1687 // restricted services and access levels that determine perimeter content and 1688 // boundaries. 1689 Status *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig `json:"status,omitempty"` 1690 // Title: Human readable title. Must be unique within the Policy. 1691 Title string `json:"title,omitempty"` 1692 // UseExplicitDryRunSpec: Use explicit dry run spec flag. Ordinarily, a dry-run 1693 // spec implicitly exists for all Service Perimeters, and that spec is 1694 // identical to the status for those Service Perimeters. When this flag is set, 1695 // it inhibits the generation of the implicit spec, thereby allowing the user 1696 // to explicitly provide a configuration ("spec") to use in a dry-run version 1697 // of the Service Perimeter. This allows the user to test changes to the 1698 // enforced config ("status") without actually enforcing them. This testing is 1699 // done through analyzing the differences between currently enforced and 1700 // suggested restrictions. use_explicit_dry_run_spec must bet set to True if 1701 // any of the fields in the spec are set to non-default values. 1702 UseExplicitDryRunSpec bool `json:"useExplicitDryRunSpec,omitempty"` 1703 // ForceSendFields is a list of field names (e.g. "Description") to 1704 // unconditionally include in API requests. By default, fields with empty or 1705 // default values are omitted from API requests. See 1706 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1707 // details. 1708 ForceSendFields []string `json:"-"` 1709 // NullFields is a list of field names (e.g. "Description") to include in API 1710 // requests with the JSON null value. By default, fields with empty values are 1711 // omitted from API requests. See 1712 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1713 NullFields []string `json:"-"` 1714 } 1715 1716 func (s *GoogleIdentityAccesscontextmanagerV1ServicePerimeter) MarshalJSON() ([]byte, error) { 1717 type NoMethod GoogleIdentityAccesscontextmanagerV1ServicePerimeter 1718 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1719 } 1720 1721 // GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig: 1722 // `ServicePerimeterConfig` specifies a set of Google Cloud resources that 1723 // describe specific Service Perimeter configuration. 1724 type GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig struct { 1725 // AccessLevels: A list of `AccessLevel` resource names that allow resources 1726 // within the `ServicePerimeter` to be accessed from the internet. 1727 // `AccessLevels` listed must be in the same policy as this `ServicePerimeter`. 1728 // Referencing a nonexistent `AccessLevel` is a syntax error. If no 1729 // `AccessLevel` names are listed, resources within the perimeter can only be 1730 // accessed via Google Cloud calls with request origins within the perimeter. 1731 // Example: "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL". For Service 1732 // Perimeter Bridge, must be empty. 1733 AccessLevels []string `json:"accessLevels,omitempty"` 1734 // EgressPolicies: List of EgressPolicies to apply to the perimeter. A 1735 // perimeter may have multiple EgressPolicies, each of which is evaluated 1736 // separately. Access is granted if any EgressPolicy grants it. Must be empty 1737 // for a perimeter bridge. 1738 EgressPolicies []*GoogleIdentityAccesscontextmanagerV1EgressPolicy `json:"egressPolicies,omitempty"` 1739 // IngressPolicies: List of IngressPolicies to apply to the perimeter. A 1740 // perimeter may have multiple IngressPolicies, each of which is evaluated 1741 // separately. Access is granted if any Ingress Policy grants it. Must be empty 1742 // for a perimeter bridge. 1743 IngressPolicies []*GoogleIdentityAccesscontextmanagerV1IngressPolicy `json:"ingressPolicies,omitempty"` 1744 // Resources: A list of Google Cloud resources that are inside of the service 1745 // perimeter. Currently only projects and VPCs are allowed. Project format: 1746 // `projects/{project_number}` VPC network format: 1747 // `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`. 1748 Resources []string `json:"resources,omitempty"` 1749 // RestrictedServices: Google Cloud services that are subject to the Service 1750 // Perimeter restrictions. For example, if `storage.googleapis.com` is 1751 // specified, access to the storage buckets inside the perimeter must meet the 1752 // perimeter's access restrictions. 1753 RestrictedServices []string `json:"restrictedServices,omitempty"` 1754 // VpcAccessibleServices: Configuration for APIs allowed within Perimeter. 1755 VpcAccessibleServices *GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices `json:"vpcAccessibleServices,omitempty"` 1756 // ForceSendFields is a list of field names (e.g. "AccessLevels") to 1757 // unconditionally include in API requests. By default, fields with empty or 1758 // default values are omitted from API requests. See 1759 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1760 // details. 1761 ForceSendFields []string `json:"-"` 1762 // NullFields is a list of field names (e.g. "AccessLevels") to include in API 1763 // requests with the JSON null value. By default, fields with empty values are 1764 // omitted from API requests. See 1765 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1766 NullFields []string `json:"-"` 1767 } 1768 1769 func (s *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig) MarshalJSON() ([]byte, error) { 1770 type NoMethod GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig 1771 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1772 } 1773 1774 // GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices: Specifies how 1775 // APIs are allowed to communicate within the Service Perimeter. 1776 type GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices struct { 1777 // AllowedServices: The list of APIs usable within the Service Perimeter. Must 1778 // be empty unless 'enable_restriction' is True. You can specify a list of 1779 // individual services, as well as include the 'RESTRICTED-SERVICES' value, 1780 // which automatically includes all of the services protected by the perimeter. 1781 AllowedServices []string `json:"allowedServices,omitempty"` 1782 // EnableRestriction: Whether to restrict API calls within the Service 1783 // Perimeter to the list of APIs specified in 'allowed_services'. 1784 EnableRestriction bool `json:"enableRestriction,omitempty"` 1785 // ForceSendFields is a list of field names (e.g. "AllowedServices") to 1786 // unconditionally include in API requests. By default, fields with empty or 1787 // default values are omitted from API requests. See 1788 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1789 // details. 1790 ForceSendFields []string `json:"-"` 1791 // NullFields is a list of field names (e.g. "AllowedServices") to include in 1792 // API requests with the JSON null value. By default, fields with empty values 1793 // are omitted from API requests. See 1794 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1795 NullFields []string `json:"-"` 1796 } 1797 1798 func (s *GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices) MarshalJSON() ([]byte, error) { 1799 type NoMethod GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices 1800 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1801 } 1802 1803 // GoogleIdentityAccesscontextmanagerV1VpcNetworkSource: The originating 1804 // network source in Google Cloud. 1805 type GoogleIdentityAccesscontextmanagerV1VpcNetworkSource struct { 1806 // VpcSubnetwork: Sub-segment ranges of a VPC network. 1807 VpcSubnetwork *GoogleIdentityAccesscontextmanagerV1VpcSubNetwork `json:"vpcSubnetwork,omitempty"` 1808 // ForceSendFields is a list of field names (e.g. "VpcSubnetwork") to 1809 // unconditionally include in API requests. By default, fields with empty or 1810 // default values are omitted from API requests. See 1811 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1812 // details. 1813 ForceSendFields []string `json:"-"` 1814 // NullFields is a list of field names (e.g. "VpcSubnetwork") to include in API 1815 // requests with the JSON null value. By default, fields with empty values are 1816 // omitted from API requests. See 1817 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1818 NullFields []string `json:"-"` 1819 } 1820 1821 func (s *GoogleIdentityAccesscontextmanagerV1VpcNetworkSource) MarshalJSON() ([]byte, error) { 1822 type NoMethod GoogleIdentityAccesscontextmanagerV1VpcNetworkSource 1823 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1824 } 1825 1826 // GoogleIdentityAccesscontextmanagerV1VpcSubNetwork: Sub-segment ranges inside 1827 // of a VPC Network. 1828 type GoogleIdentityAccesscontextmanagerV1VpcSubNetwork struct { 1829 // Network: Required. Network name. If the network is not part of the 1830 // organization, the `compute.network.get` permission must be granted to the 1831 // caller. Format: 1832 // `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NETWORK_NAME 1833 // }` Example: 1834 // `//compute.googleapis.com/projects/my-project/global/networks/network-1` 1835 Network string `json:"network,omitempty"` 1836 // VpcIpSubnetworks: CIDR block IP subnetwork specification. The IP address 1837 // must be an IPv4 address and can be a public or private IP address. Note that 1838 // for a CIDR IP address block, the specified IP address portion must be 1839 // properly truncated (i.e. all the host bits must be zero) or the input is 1840 // considered malformed. For example, "192.0.2.0/24" is accepted but 1841 // "192.0.2.1/24" is not. If empty, all IP addresses are allowed. 1842 VpcIpSubnetworks []string `json:"vpcIpSubnetworks,omitempty"` 1843 // ForceSendFields is a list of field names (e.g. "Network") to unconditionally 1844 // include in API requests. By default, fields with empty or default values are 1845 // omitted from API requests. See 1846 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1847 // details. 1848 ForceSendFields []string `json:"-"` 1849 // NullFields is a list of field names (e.g. "Network") to include in API 1850 // requests with the JSON null value. By default, fields with empty values are 1851 // omitted from API requests. See 1852 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1853 NullFields []string `json:"-"` 1854 } 1855 1856 func (s *GoogleIdentityAccesscontextmanagerV1VpcSubNetwork) MarshalJSON() ([]byte, error) { 1857 type NoMethod GoogleIdentityAccesscontextmanagerV1VpcSubNetwork 1858 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1859 } 1860 1861 // ListAssetsResponse: ListAssets response. 1862 type ListAssetsResponse struct { 1863 // Assets: Assets. 1864 Assets []*Asset `json:"assets,omitempty"` 1865 // NextPageToken: Token to retrieve the next page of results. It expires 72 1866 // hours after the page token for the first page is generated. Set to empty if 1867 // there are no remaining results. 1868 NextPageToken string `json:"nextPageToken,omitempty"` 1869 // ReadTime: Time the snapshot was taken. 1870 ReadTime string `json:"readTime,omitempty"` 1871 1872 // ServerResponse contains the HTTP response code and headers from the server. 1873 googleapi.ServerResponse `json:"-"` 1874 // ForceSendFields is a list of field names (e.g. "Assets") to unconditionally 1875 // include in API requests. By default, fields with empty or default values are 1876 // omitted from API requests. See 1877 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1878 // details. 1879 ForceSendFields []string `json:"-"` 1880 // NullFields is a list of field names (e.g. "Assets") to include in API 1881 // requests with the JSON null value. By default, fields with empty values are 1882 // omitted from API requests. See 1883 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1884 NullFields []string `json:"-"` 1885 } 1886 1887 func (s *ListAssetsResponse) MarshalJSON() ([]byte, error) { 1888 type NoMethod ListAssetsResponse 1889 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1890 } 1891 1892 // Policy: An Identity and Access Management (IAM) policy, which specifies 1893 // access controls for Google Cloud resources. A `Policy` is a collection of 1894 // `bindings`. A `binding` binds one or more `members`, or principals, to a 1895 // single `role`. Principals can be user accounts, service accounts, Google 1896 // groups, and domains (such as G Suite). A `role` is a named list of 1897 // permissions; each `role` can be an IAM predefined role or a user-created 1898 // custom role. For some types of Google Cloud resources, a `binding` can also 1899 // specify a `condition`, which is a logical expression that allows access to a 1900 // resource only if the expression evaluates to `true`. A condition can add 1901 // constraints based on attributes of the request, the resource, or both. To 1902 // learn which resources support conditions in their IAM policies, see the IAM 1903 // documentation 1904 // (https://cloud.google.com/iam/help/conditions/resource-policies). **JSON 1905 // example:** ``` { "bindings": [ { "role": 1906 // "roles/resourcemanager.organizationAdmin", "members": [ 1907 // "user:mike@example.com", "group:admins@example.com", "domain:google.com", 1908 // "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": 1909 // "roles/resourcemanager.organizationViewer", "members": [ 1910 // "user:eve@example.com" ], "condition": { "title": "expirable access", 1911 // "description": "Does not grant access after Sep 2020", "expression": 1912 // "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": 1913 // "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - 1914 // members: - user:mike@example.com - group:admins@example.com - 1915 // domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com 1916 // role: roles/resourcemanager.organizationAdmin - members: - 1917 // user:eve@example.com role: roles/resourcemanager.organizationViewer 1918 // condition: title: expirable access description: Does not grant access after 1919 // Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') 1920 // etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, 1921 // see the IAM documentation (https://cloud.google.com/iam/docs/). 1922 type Policy struct { 1923 // AuditConfigs: Specifies cloud audit logging configuration for this policy. 1924 AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"` 1925 // Bindings: Associates a list of `members`, or principals, with a `role`. 1926 // Optionally, may specify a `condition` that determines how and when the 1927 // `bindings` are applied. Each of the `bindings` must contain at least one 1928 // principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; 1929 // up to 250 of these principals can be Google groups. Each occurrence of a 1930 // principal counts towards these limits. For example, if the `bindings` grant 1931 // 50 different roles to `user:alice@example.com`, and not to any other 1932 // principal, then you can add another 1,450 principals to the `bindings` in 1933 // the `Policy`. 1934 Bindings []*Binding `json:"bindings,omitempty"` 1935 // Etag: `etag` is used for optimistic concurrency control as a way to help 1936 // prevent simultaneous updates of a policy from overwriting each other. It is 1937 // strongly suggested that systems make use of the `etag` in the 1938 // read-modify-write cycle to perform policy updates in order to avoid race 1939 // conditions: An `etag` is returned in the response to `getIamPolicy`, and 1940 // systems are expected to put that etag in the request to `setIamPolicy` to 1941 // ensure that their change will be applied to the same version of the policy. 1942 // **Important:** If you use IAM Conditions, you must include the `etag` field 1943 // whenever you call `setIamPolicy`. If you omit this field, then IAM allows 1944 // you to overwrite a version `3` policy with a version `1` policy, and all of 1945 // the conditions in the version `3` policy are lost. 1946 Etag string `json:"etag,omitempty"` 1947 // Version: Specifies the format of the policy. Valid values are `0`, `1`, and 1948 // `3`. Requests that specify an invalid value are rejected. Any operation that 1949 // affects conditional role bindings must specify version `3`. This requirement 1950 // applies to the following operations: * Getting a policy that includes a 1951 // conditional role binding * Adding a conditional role binding to a policy * 1952 // Changing a conditional role binding in a policy * Removing any role binding, 1953 // with or without a condition, from a policy that includes conditions 1954 // **Important:** If you use IAM Conditions, you must include the `etag` field 1955 // whenever you call `setIamPolicy`. If you omit this field, then IAM allows 1956 // you to overwrite a version `3` policy with a version `1` policy, and all of 1957 // the conditions in the version `3` policy are lost. If a policy does not 1958 // include any conditions, operations on that policy may specify any valid 1959 // version or leave the field unset. To learn which resources support 1960 // conditions in their IAM policies, see the IAM documentation 1961 // (https://cloud.google.com/iam/help/conditions/resource-policies). 1962 Version int64 `json:"version,omitempty"` 1963 // ForceSendFields is a list of field names (e.g. "AuditConfigs") to 1964 // unconditionally include in API requests. By default, fields with empty or 1965 // default values are omitted from API requests. See 1966 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1967 // details. 1968 ForceSendFields []string `json:"-"` 1969 // NullFields is a list of field names (e.g. "AuditConfigs") to include in API 1970 // requests with the JSON null value. By default, fields with empty values are 1971 // omitted from API requests. See 1972 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1973 NullFields []string `json:"-"` 1974 } 1975 1976 func (s *Policy) MarshalJSON() ([]byte, error) { 1977 type NoMethod Policy 1978 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1979 } 1980 1981 // Resource: A representation of a Google Cloud resource. 1982 type Resource struct { 1983 // Data: The content of the resource, in which some sensitive fields are 1984 // removed and may not be present. 1985 Data googleapi.RawMessage `json:"data,omitempty"` 1986 // DiscoveryDocumentUri: The URL of the discovery document containing the 1987 // resource's JSON schema. Example: 1988 // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is 1989 // unspecified for resources that do not have an API based on a discovery 1990 // document, such as Cloud Bigtable. 1991 DiscoveryDocumentUri string `json:"discoveryDocumentUri,omitempty"` 1992 // DiscoveryName: The JSON schema name listed in the discovery document. 1993 // Example: `Project` This value is unspecified for resources that do not have 1994 // an API based on a discovery document, such as Cloud Bigtable. 1995 DiscoveryName string `json:"discoveryName,omitempty"` 1996 // Parent: The full name of the immediate parent of this resource. See Resource 1997 // Names 1998 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) for 1999 // more information. For Google Cloud assets, this value is the parent resource 2000 // defined in the IAM policy hierarchy 2001 // (https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: 2002 // `//cloudresourcemanager.googleapis.com/projects/my_project_123` For 2003 // third-party assets, this field may be set differently. 2004 Parent string `json:"parent,omitempty"` 2005 // ResourceUrl: The REST URL for accessing the resource. An HTTP `GET` request 2006 // using this URL returns the resource itself. Example: 2007 // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` 2008 // This value is unspecified for resources without a REST API. 2009 ResourceUrl string `json:"resourceUrl,omitempty"` 2010 // Version: The API version. Example: "v1". 2011 Version string `json:"version,omitempty"` 2012 // ForceSendFields is a list of field names (e.g. "Data") to unconditionally 2013 // include in API requests. By default, fields with empty or default values are 2014 // omitted from API requests. See 2015 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 2016 // details. 2017 ForceSendFields []string `json:"-"` 2018 // NullFields is a list of field names (e.g. "Data") to include in API requests 2019 // with the JSON null value. By default, fields with empty values are omitted 2020 // from API requests. See 2021 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 2022 NullFields []string `json:"-"` 2023 } 2024 2025 func (s *Resource) MarshalJSON() ([]byte, error) { 2026 type NoMethod Resource 2027 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 2028 } 2029 2030 type AssetsListCall struct { 2031 s *Service 2032 parent string 2033 urlParams_ gensupport.URLParams 2034 ifNoneMatch_ string 2035 ctx_ context.Context 2036 header_ http.Header 2037 } 2038 2039 // List: Lists assets with time and resource types and returns paged results in 2040 // response. 2041 // 2042 // - parent: Name of the organization or project the assets belong to. Format: 2043 // "organizations/[organization-number]" (such as "organizations/123"), 2044 // "projects/[project-id]" (such as "projects/my-project-id"), or 2045 // "projects/[project-number]" (such as "projects/12345"). 2046 func (r *AssetsService) List(parent string) *AssetsListCall { 2047 c := &AssetsListCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2048 c.parent = parent 2049 return c 2050 } 2051 2052 // AssetTypes sets the optional parameter "assetTypes": A list of asset types 2053 // to take a snapshot for. For example: "compute.googleapis.com/Disk". Regular 2054 // expression is also supported. For example: * "compute.googleapis.com.*" 2055 // snapshots resources whose asset type starts with "compute.googleapis.com". * 2056 // ".*Instance" snapshots resources whose asset type ends with "Instance". * 2057 // ".*Instance.*" snapshots resources whose asset type contains "Instance". See 2058 // RE2 (https://github.com/google/re2/wiki/Syntax) for all supported regular 2059 // expression syntax. If the regular expression does not match any supported 2060 // asset type, an INVALID_ARGUMENT error will be returned. If specified, only 2061 // matching assets will be returned, otherwise, it will snapshot all asset 2062 // types. See Introduction to Cloud Asset Inventory 2063 // (https://cloud.google.com/asset-inventory/docs/overview) for all supported 2064 // asset types. 2065 func (c *AssetsListCall) AssetTypes(assetTypes ...string) *AssetsListCall { 2066 c.urlParams_.SetMulti("assetTypes", append([]string{}, assetTypes...)) 2067 return c 2068 } 2069 2070 // ContentType sets the optional parameter "contentType": Asset content type. 2071 // If not specified, no content but the asset name will be returned. 2072 // 2073 // Possible values: 2074 // 2075 // "CONTENT_TYPE_UNSPECIFIED" - Unspecified content type. 2076 // "RESOURCE" - Resource metadata. 2077 // "IAM_POLICY" - The actual IAM policy set on a resource. 2078 // "ORG_POLICY" - The organization policy set on an asset. 2079 // "ACCESS_POLICY" - The Access Context Manager policy set on an asset. 2080 func (c *AssetsListCall) ContentType(contentType string) *AssetsListCall { 2081 c.urlParams_.Set("contentType", contentType) 2082 return c 2083 } 2084 2085 // PageSize sets the optional parameter "pageSize": The maximum number of 2086 // assets to be returned in a single response. Default is 100, minimum is 1, 2087 // and maximum is 1000. 2088 func (c *AssetsListCall) PageSize(pageSize int64) *AssetsListCall { 2089 c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) 2090 return c 2091 } 2092 2093 // PageToken sets the optional parameter "pageToken": The `next_page_token` 2094 // returned from the previous `ListAssetsResponse`, or unspecified for the 2095 // first `ListAssetsRequest`. It is a continuation of a prior `ListAssets` 2096 // call, and the API should return the next page of assets. 2097 func (c *AssetsListCall) PageToken(pageToken string) *AssetsListCall { 2098 c.urlParams_.Set("pageToken", pageToken) 2099 return c 2100 } 2101 2102 // ReadTime sets the optional parameter "readTime": Timestamp to take an asset 2103 // snapshot. This can only be set to a timestamp between the current time and 2104 // the current time minus 35 days (inclusive). If not specified, the current 2105 // time will be used. Due to delays in resource data collection and indexing, 2106 // there is a volatile window during which running the same query may get 2107 // different results. 2108 func (c *AssetsListCall) ReadTime(readTime string) *AssetsListCall { 2109 c.urlParams_.Set("readTime", readTime) 2110 return c 2111 } 2112 2113 // Fields allows partial responses to be retrieved. See 2114 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 2115 // details. 2116 func (c *AssetsListCall) Fields(s ...googleapi.Field) *AssetsListCall { 2117 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2118 return c 2119 } 2120 2121 // IfNoneMatch sets an optional parameter which makes the operation fail if the 2122 // object's ETag matches the given value. This is useful for getting updates 2123 // only after the object has changed since the last request. 2124 func (c *AssetsListCall) IfNoneMatch(entityTag string) *AssetsListCall { 2125 c.ifNoneMatch_ = entityTag 2126 return c 2127 } 2128 2129 // Context sets the context to be used in this call's Do method. 2130 func (c *AssetsListCall) Context(ctx context.Context) *AssetsListCall { 2131 c.ctx_ = ctx 2132 return c 2133 } 2134 2135 // Header returns a http.Header that can be modified by the caller to add 2136 // headers to the request. 2137 func (c *AssetsListCall) Header() http.Header { 2138 if c.header_ == nil { 2139 c.header_ = make(http.Header) 2140 } 2141 return c.header_ 2142 } 2143 2144 func (c *AssetsListCall) doRequest(alt string) (*http.Response, error) { 2145 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 2146 if c.ifNoneMatch_ != "" { 2147 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2148 } 2149 var body io.Reader = nil 2150 c.urlParams_.Set("alt", alt) 2151 c.urlParams_.Set("prettyPrint", "false") 2152 urls := googleapi.ResolveRelative(c.s.BasePath, "v1p5beta1/{+parent}/assets") 2153 urls += "?" + c.urlParams_.Encode() 2154 req, err := http.NewRequest("GET", urls, body) 2155 if err != nil { 2156 return nil, err 2157 } 2158 req.Header = reqHeaders 2159 googleapi.Expand(req.URL, map[string]string{ 2160 "parent": c.parent, 2161 }) 2162 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2163 } 2164 2165 // Do executes the "cloudasset.assets.list" call. 2166 // Any non-2xx status code is an error. Response headers are in either 2167 // *ListAssetsResponse.ServerResponse.Header or (if a response was returned at 2168 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 2169 // check whether the returned error was because http.StatusNotModified was 2170 // returned. 2171 func (c *AssetsListCall) Do(opts ...googleapi.CallOption) (*ListAssetsResponse, error) { 2172 gensupport.SetOptions(c.urlParams_, opts...) 2173 res, err := c.doRequest("json") 2174 if res != nil && res.StatusCode == http.StatusNotModified { 2175 if res.Body != nil { 2176 res.Body.Close() 2177 } 2178 return nil, gensupport.WrapError(&googleapi.Error{ 2179 Code: res.StatusCode, 2180 Header: res.Header, 2181 }) 2182 } 2183 if err != nil { 2184 return nil, err 2185 } 2186 defer googleapi.CloseBody(res) 2187 if err := googleapi.CheckResponse(res); err != nil { 2188 return nil, gensupport.WrapError(err) 2189 } 2190 ret := &ListAssetsResponse{ 2191 ServerResponse: googleapi.ServerResponse{ 2192 Header: res.Header, 2193 HTTPStatusCode: res.StatusCode, 2194 }, 2195 } 2196 target := &ret 2197 if err := gensupport.DecodeResponse(target, res); err != nil { 2198 return nil, err 2199 } 2200 return ret, nil 2201 } 2202 2203 // Pages invokes f for each page of results. 2204 // A non-nil error returned from f will halt the iteration. 2205 // The provided context supersedes any context provided to the Context method. 2206 func (c *AssetsListCall) Pages(ctx context.Context, f func(*ListAssetsResponse) error) error { 2207 c.ctx_ = ctx 2208 defer c.PageToken(c.urlParams_.Get("pageToken")) 2209 for { 2210 x, err := c.Do() 2211 if err != nil { 2212 return err 2213 } 2214 if err := f(x); err != nil { 2215 return err 2216 } 2217 if x.NextPageToken == "" { 2218 return nil 2219 } 2220 c.PageToken(x.NextPageToken) 2221 } 2222 } 2223