1 // Copyright 2024 Google LLC. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Code generated file. DO NOT EDIT. 6 7 // Package cloudasset provides access to the Cloud Asset API. 8 // 9 // For product documentation, see: https://cloud.google.com/asset-inventory/docs/quickstart 10 // 11 // # Library status 12 // 13 // These client libraries are officially supported by Google. However, this 14 // library is considered complete and is in maintenance mode. This means 15 // that we will address critical bugs and security issues but will not add 16 // any new features. 17 // 18 // When possible, we recommend using our newer 19 // [Cloud Client Libraries for Go](https://pkg.go.dev/cloud.google.com/go) 20 // that are still actively being worked and iterated on. 21 // 22 // # Creating a client 23 // 24 // Usage example: 25 // 26 // import "google.golang.org/api/cloudasset/v1p7beta1" 27 // ... 28 // ctx := context.Background() 29 // cloudassetService, err := cloudasset.NewService(ctx) 30 // 31 // In this example, Google Application Default Credentials are used for 32 // authentication. For information on how to create and obtain Application 33 // Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. 34 // 35 // # Other authentication options 36 // 37 // To use an API key for authentication (note: some APIs do not support API 38 // keys), use [google.golang.org/api/option.WithAPIKey]: 39 // 40 // cloudassetService, err := cloudasset.NewService(ctx, option.WithAPIKey("AIza...")) 41 // 42 // To use an OAuth token (e.g., a user token obtained via a three-legged OAuth 43 // flow, use [google.golang.org/api/option.WithTokenSource]: 44 // 45 // config := &oauth2.Config{...} 46 // // ... 47 // token, err := config.Exchange(ctx, ...) 48 // cloudassetService, err := cloudasset.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) 49 // 50 // See [google.golang.org/api/option.ClientOption] for details on options. 51 package cloudasset // import "google.golang.org/api/cloudasset/v1p7beta1" 52 53 import ( 54 "bytes" 55 "context" 56 "encoding/json" 57 "errors" 58 "fmt" 59 "io" 60 "net/http" 61 "net/url" 62 "strconv" 63 "strings" 64 65 googleapi "google.golang.org/api/googleapi" 66 internal "google.golang.org/api/internal" 67 gensupport "google.golang.org/api/internal/gensupport" 68 option "google.golang.org/api/option" 69 internaloption "google.golang.org/api/option/internaloption" 70 htransport "google.golang.org/api/transport/http" 71 ) 72 73 // Always reference these packages, just in case the auto-generated code 74 // below doesn't. 75 var _ = bytes.NewBuffer 76 var _ = strconv.Itoa 77 var _ = fmt.Sprintf 78 var _ = json.NewDecoder 79 var _ = io.Copy 80 var _ = url.Parse 81 var _ = gensupport.MarshalJSON 82 var _ = googleapi.Version 83 var _ = errors.New 84 var _ = strings.Replace 85 var _ = context.Canceled 86 var _ = internaloption.WithDefaultEndpoint 87 var _ = internal.Version 88 89 const apiId = "cloudasset:v1p7beta1" 90 const apiName = "cloudasset" 91 const apiVersion = "v1p7beta1" 92 const basePath = "https://cloudasset.googleapis.com/" 93 const basePathTemplate = "https://cloudasset.UNIVERSE_DOMAIN/" 94 const mtlsBasePath = "https://cloudasset.mtls.googleapis.com/" 95 96 // OAuth2 scopes used by this API. 97 const ( 98 // See, edit, configure, and delete your Google Cloud data and see the email 99 // address for your Google Account. 100 CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" 101 ) 102 103 // NewService creates a new Service. 104 func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { 105 scopesOption := internaloption.WithDefaultScopes( 106 "https://www.googleapis.com/auth/cloud-platform", 107 ) 108 // NOTE: prepend, so we don't override user-specified scopes. 109 opts = append([]option.ClientOption{scopesOption}, opts...) 110 opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) 111 opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate)) 112 opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) 113 opts = append(opts, internaloption.EnableNewAuthLibrary()) 114 client, endpoint, err := htransport.NewClient(ctx, opts...) 115 if err != nil { 116 return nil, err 117 } 118 s, err := New(client) 119 if err != nil { 120 return nil, err 121 } 122 if endpoint != "" { 123 s.BasePath = endpoint 124 } 125 return s, nil 126 } 127 128 // New creates a new Service. It uses the provided http.Client for requests. 129 // 130 // Deprecated: please use NewService instead. 131 // To provide a custom HTTP client, use option.WithHTTPClient. 132 // If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. 133 func New(client *http.Client) (*Service, error) { 134 if client == nil { 135 return nil, errors.New("client is nil") 136 } 137 s := &Service{client: client, BasePath: basePath} 138 s.Operations = NewOperationsService(s) 139 s.V1p7beta1 = NewV1p7beta1Service(s) 140 return s, nil 141 } 142 143 type Service struct { 144 client *http.Client 145 BasePath string // API endpoint base URL 146 UserAgent string // optional additional User-Agent fragment 147 148 Operations *OperationsService 149 150 V1p7beta1 *V1p7beta1Service 151 } 152 153 func (s *Service) userAgent() string { 154 if s.UserAgent == "" { 155 return googleapi.UserAgent 156 } 157 return googleapi.UserAgent + " " + s.UserAgent 158 } 159 160 func NewOperationsService(s *Service) *OperationsService { 161 rs := &OperationsService{s: s} 162 return rs 163 } 164 165 type OperationsService struct { 166 s *Service 167 } 168 169 func NewV1p7beta1Service(s *Service) *V1p7beta1Service { 170 rs := &V1p7beta1Service{s: s} 171 return rs 172 } 173 174 type V1p7beta1Service struct { 175 s *Service 176 } 177 178 // AnalyzeIamPolicyLongrunningMetadata: Represents the metadata of the 179 // longrunning operation for the AnalyzeIamPolicyLongrunning RPC. 180 type AnalyzeIamPolicyLongrunningMetadata struct { 181 // CreateTime: Output only. The time the operation was created. 182 CreateTime string `json:"createTime,omitempty"` 183 // ForceSendFields is a list of field names (e.g. "CreateTime") to 184 // unconditionally include in API requests. By default, fields with empty or 185 // default values are omitted from API requests. See 186 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 187 // details. 188 ForceSendFields []string `json:"-"` 189 // NullFields is a list of field names (e.g. "CreateTime") to include in API 190 // requests with the JSON null value. By default, fields with empty values are 191 // omitted from API requests. See 192 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 193 NullFields []string `json:"-"` 194 } 195 196 func (s *AnalyzeIamPolicyLongrunningMetadata) MarshalJSON() ([]byte, error) { 197 type NoMethod AnalyzeIamPolicyLongrunningMetadata 198 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 199 } 200 201 // AnalyzeIamPolicyLongrunningResponse: A response message for 202 // AssetService.AnalyzeIamPolicyLongrunning. 203 type AnalyzeIamPolicyLongrunningResponse struct { 204 } 205 206 // AuditConfig: Specifies the audit configuration for a service. The 207 // configuration determines which permission types are logged, and what 208 // identities, if any, are exempted from logging. An AuditConfig must have one 209 // or more AuditLogConfigs. If there are AuditConfigs for both `allServices` 210 // and a specific service, the union of the two AuditConfigs is used for that 211 // service: the log_types specified in each AuditConfig are enabled, and the 212 // exempted_members in each AuditLogConfig are exempted. Example Policy with 213 // multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", 214 // "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ 215 // "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": 216 // "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", 217 // "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": 218 // "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For 219 // sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 220 // logging. It also exempts `jose@example.com` from DATA_READ logging, and 221 // `aliya@example.com` from DATA_WRITE logging. 222 type AuditConfig struct { 223 // AuditLogConfigs: The configuration for logging of each type of permission. 224 AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"` 225 // Service: Specifies a service that will be enabled for audit logging. For 226 // example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` 227 // is a special value that covers all services. 228 Service string `json:"service,omitempty"` 229 // ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to 230 // unconditionally include in API requests. By default, fields with empty or 231 // default values are omitted from API requests. See 232 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 233 // details. 234 ForceSendFields []string `json:"-"` 235 // NullFields is a list of field names (e.g. "AuditLogConfigs") to include in 236 // API requests with the JSON null value. By default, fields with empty values 237 // are omitted from API requests. See 238 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 239 NullFields []string `json:"-"` 240 } 241 242 func (s *AuditConfig) MarshalJSON() ([]byte, error) { 243 type NoMethod AuditConfig 244 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 245 } 246 247 // AuditLogConfig: Provides the configuration for logging a type of 248 // permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", 249 // "exempted_members": [ "user:jose@example.com" ] }, { "log_type": 250 // "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while 251 // exempting jose@example.com from DATA_READ logging. 252 type AuditLogConfig struct { 253 // ExemptedMembers: Specifies the identities that do not cause logging for this 254 // type of permission. Follows the same format of Binding.members. 255 ExemptedMembers []string `json:"exemptedMembers,omitempty"` 256 // LogType: The log type that this config enables. 257 // 258 // Possible values: 259 // "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this. 260 // "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy 261 // "DATA_WRITE" - Data writes. Example: CloudSQL Users create 262 // "DATA_READ" - Data reads. Example: CloudSQL Users list 263 LogType string `json:"logType,omitempty"` 264 // ForceSendFields is a list of field names (e.g. "ExemptedMembers") to 265 // unconditionally include in API requests. By default, fields with empty or 266 // default values are omitted from API requests. See 267 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 268 // details. 269 ForceSendFields []string `json:"-"` 270 // NullFields is a list of field names (e.g. "ExemptedMembers") to include in 271 // API requests with the JSON null value. By default, fields with empty values 272 // are omitted from API requests. See 273 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 274 NullFields []string `json:"-"` 275 } 276 277 func (s *AuditLogConfig) MarshalJSON() ([]byte, error) { 278 type NoMethod AuditLogConfig 279 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 280 } 281 282 // Binding: Associates `members`, or principals, with a `role`. 283 type Binding struct { 284 // Condition: The condition that is associated with this binding. If the 285 // condition evaluates to `true`, then this binding applies to the current 286 // request. If the condition evaluates to `false`, then this binding does not 287 // apply to the current request. However, a different role binding might grant 288 // the same role to one or more of the principals in this binding. To learn 289 // which resources support conditions in their IAM policies, see the IAM 290 // documentation 291 // (https://cloud.google.com/iam/help/conditions/resource-policies). 292 Condition *Expr `json:"condition,omitempty"` 293 // Members: Specifies the principals requesting access for a Google Cloud 294 // resource. `members` can have the following values: * `allUsers`: A special 295 // identifier that represents anyone who is on the internet; with or without a 296 // Google account. * `allAuthenticatedUsers`: A special identifier that 297 // represents anyone who is authenticated with a Google account or a service 298 // account. Does not include identities that come from external identity 299 // providers (IdPs) through identity federation. * `user:{emailid}`: An email 300 // address that represents a specific Google account. For example, 301 // `alice@example.com` . * `serviceAccount:{emailid}`: An email address that 302 // represents a Google service account. For example, 303 // `my-other-app@appspot.gserviceaccount.com`. * 304 // `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An 305 // identifier for a Kubernetes service account 306 // (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). 307 // For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * 308 // `group:{emailid}`: An email address that represents a Google group. For 309 // example, `admins@example.com`. * `domain:{domain}`: The G Suite domain 310 // (primary) that represents all the users of that domain. For example, 311 // `google.com` or `example.com`. * 312 // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/sub 313 // ject/{subject_attribute_value}`: A single identity in a workforce identity 314 // pool. * 315 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 316 // group/{group_id}`: All workforce identities in a group. * 317 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 318 // attribute.{attribute_name}/{attribute_value}`: All workforce identities with 319 // a specific attribute value. * 320 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 321 // *`: All identities in a workforce identity pool. * 322 // `principal://iam.googleapis.com/projects/{project_number}/locations/global/wo 323 // rkloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single 324 // identity in a workload identity pool. * 325 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 326 // /workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool 327 // group. * 328 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 329 // /workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value} 330 // `: All identities in a workload identity pool with a certain attribute. * 331 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 332 // /workloadIdentityPools/{pool_id}/*`: All identities in a workload identity 333 // pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus 334 // unique identifier) representing a user that has been recently deleted. For 335 // example, `alice@example.com?uid=123456789012345678901`. If the user is 336 // recovered, this value reverts to `user:{emailid}` and the recovered user 337 // retains the role in the binding. * 338 // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus 339 // unique identifier) representing a service account that has been recently 340 // deleted. For example, 341 // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the 342 // service account is undeleted, this value reverts to 343 // `serviceAccount:{emailid}` and the undeleted service account retains the 344 // role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email 345 // address (plus unique identifier) representing a Google group that has been 346 // recently deleted. For example, 347 // `admins@example.com?uid=123456789012345678901`. If the group is recovered, 348 // this value reverts to `group:{emailid}` and the recovered group retains the 349 // role in the binding. * 350 // `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool 351 // _id}/subject/{subject_attribute_value}`: Deleted single identity in a 352 // workforce identity pool. For example, 353 // `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-po 354 // ol-id/subject/my-subject-attribute-value`. 355 Members []string `json:"members,omitempty"` 356 // Role: Role that is assigned to the list of `members`, or principals. For 357 // example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview 358 // of the IAM roles and permissions, see the IAM documentation 359 // (https://cloud.google.com/iam/docs/roles-overview). For a list of the 360 // available pre-defined roles, see here 361 // (https://cloud.google.com/iam/docs/understanding-roles). 362 Role string `json:"role,omitempty"` 363 // ForceSendFields is a list of field names (e.g. "Condition") to 364 // unconditionally include in API requests. By default, fields with empty or 365 // default values are omitted from API requests. See 366 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 367 // details. 368 ForceSendFields []string `json:"-"` 369 // NullFields is a list of field names (e.g. "Condition") to include in API 370 // requests with the JSON null value. By default, fields with empty values are 371 // omitted from API requests. See 372 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 373 NullFields []string `json:"-"` 374 } 375 376 func (s *Binding) MarshalJSON() ([]byte, error) { 377 type NoMethod Binding 378 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 379 } 380 381 // Expr: Represents a textual expression in the Common Expression Language 382 // (CEL) syntax. CEL is a C-like expression language. The syntax and semantics 383 // of CEL are documented at https://github.com/google/cel-spec. Example 384 // (Comparison): title: "Summary size limit" description: "Determines if a 385 // summary is less than 100 chars" expression: "document.summary.size() < 100" 386 // Example (Equality): title: "Requestor is owner" description: "Determines if 387 // requestor is the document owner" expression: "document.owner == 388 // request.auth.claims.email" Example (Logic): title: "Public documents" 389 // description: "Determine whether the document should be publicly visible" 390 // expression: "document.type != 'private' && document.type != 'internal'" 391 // Example (Data Manipulation): title: "Notification string" description: 392 // "Create a notification string with a timestamp." expression: "'New message 393 // received at ' + string(document.create_time)" The exact variables and 394 // functions that may be referenced within an expression are determined by the 395 // service that evaluates it. See the service documentation for additional 396 // information. 397 type Expr struct { 398 // Description: Optional. Description of the expression. This is a longer text 399 // which describes the expression, e.g. when hovered over it in a UI. 400 Description string `json:"description,omitempty"` 401 // Expression: Textual representation of an expression in Common Expression 402 // Language syntax. 403 Expression string `json:"expression,omitempty"` 404 // Location: Optional. String indicating the location of the expression for 405 // error reporting, e.g. a file name and a position in the file. 406 Location string `json:"location,omitempty"` 407 // Title: Optional. Title for the expression, i.e. a short string describing 408 // its purpose. This can be used e.g. in UIs which allow to enter the 409 // expression. 410 Title string `json:"title,omitempty"` 411 // ForceSendFields is a list of field names (e.g. "Description") to 412 // unconditionally include in API requests. By default, fields with empty or 413 // default values are omitted from API requests. See 414 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 415 // details. 416 ForceSendFields []string `json:"-"` 417 // NullFields is a list of field names (e.g. "Description") to include in API 418 // requests with the JSON null value. By default, fields with empty values are 419 // omitted from API requests. See 420 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 421 NullFields []string `json:"-"` 422 } 423 424 func (s *Expr) MarshalJSON() ([]byte, error) { 425 type NoMethod Expr 426 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 427 } 428 429 // GoogleCloudAssetV1p7beta1Asset: An asset in Google Cloud. An asset can be 430 // any resource in the Google Cloud resource hierarchy 431 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 432 // a resource outside the Google Cloud resource hierarchy (such as Google 433 // Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See 434 // Supported asset types 435 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 436 // more information. 437 type GoogleCloudAssetV1p7beta1Asset struct { 438 // AccessLevel: Please also refer to the access level user guide 439 // (https://cloud.google.com/access-context-manager/docs/overview#access-levels). 440 AccessLevel *GoogleIdentityAccesscontextmanagerV1AccessLevel `json:"accessLevel,omitempty"` 441 // AccessPolicy: Please also refer to the access policy user guide 442 // (https://cloud.google.com/access-context-manager/docs/overview#access-policies). 443 AccessPolicy *GoogleIdentityAccesscontextmanagerV1AccessPolicy `json:"accessPolicy,omitempty"` 444 // Ancestors: The ancestry path of an asset in Google Cloud resource hierarchy 445 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 446 // represented as a list of relative resource names. An ancestry path starts 447 // with the closest ancestor in the hierarchy and ends at root. If the asset is 448 // a project, folder, or organization, the ancestry path starts from the asset 449 // itself. Example: `["projects/123456789", "folders/5432", 450 // "organizations/1234"]` 451 Ancestors []string `json:"ancestors,omitempty"` 452 // AssetType: The type of the asset. Example: `compute.googleapis.com/Disk` See 453 // Supported asset types 454 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 455 // more information. 456 AssetType string `json:"assetType,omitempty"` 457 // IamPolicy: A representation of the IAM policy set on a Google Cloud 458 // resource. There can be a maximum of one IAM policy set on any given 459 // resource. In addition, IAM policies inherit their granted access scope from 460 // any policies set on parent resources in the resource hierarchy. Therefore, 461 // the effectively policy is the union of both the policy set on this resource 462 // and each policy set on all of the resource's ancestry resource levels in the 463 // hierarchy. See this topic 464 // (https://cloud.google.com/iam/help/allow-policies/inheritance) for more 465 // information. 466 IamPolicy *Policy `json:"iamPolicy,omitempty"` 467 // Name: The full name of the asset. Example: 468 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/insta 469 // nce1` See Resource names 470 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) for 471 // more information. 472 Name string `json:"name,omitempty"` 473 // OrgPolicy: A representation of an organization policy 474 // (https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). 475 // There can be more than one organization policy with different constraints 476 // set on a given resource. 477 OrgPolicy []*GoogleCloudOrgpolicyV1Policy `json:"orgPolicy,omitempty"` 478 // RelatedAssets: The related assets of the asset of one relationship type. One 479 // asset only represents one type of relationship. 480 RelatedAssets *GoogleCloudAssetV1p7beta1RelatedAssets `json:"relatedAssets,omitempty"` 481 // Resource: A representation of the resource. 482 Resource *GoogleCloudAssetV1p7beta1Resource `json:"resource,omitempty"` 483 // ServicePerimeter: Please also refer to the service perimeter user guide 484 // (https://cloud.google.com/vpc-service-controls/docs/overview). 485 ServicePerimeter *GoogleIdentityAccesscontextmanagerV1ServicePerimeter `json:"servicePerimeter,omitempty"` 486 // UpdateTime: The last update timestamp of an asset. update_time is updated 487 // when create/update/delete operation is performed. 488 UpdateTime string `json:"updateTime,omitempty"` 489 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 490 // unconditionally include in API requests. By default, fields with empty or 491 // default values are omitted from API requests. See 492 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 493 // details. 494 ForceSendFields []string `json:"-"` 495 // NullFields is a list of field names (e.g. "AccessLevel") to include in API 496 // requests with the JSON null value. By default, fields with empty values are 497 // omitted from API requests. See 498 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 499 NullFields []string `json:"-"` 500 } 501 502 func (s *GoogleCloudAssetV1p7beta1Asset) MarshalJSON() ([]byte, error) { 503 type NoMethod GoogleCloudAssetV1p7beta1Asset 504 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 505 } 506 507 // GoogleCloudAssetV1p7beta1BigQueryDestination: A BigQuery destination for 508 // exporting assets to. 509 type GoogleCloudAssetV1p7beta1BigQueryDestination struct { 510 // Dataset: Required. The BigQuery dataset in format 511 // "projects/projectId/datasets/datasetId", to which the snapshot result should 512 // be exported. If this dataset does not exist, the export call returns an 513 // INVALID_ARGUMENT error. 514 Dataset string `json:"dataset,omitempty"` 515 // Force: If the destination table already exists and this flag is `TRUE`, the 516 // table will be overwritten by the contents of assets snapshot. If the flag is 517 // `FALSE` or unset and the destination table already exists, the export call 518 // returns an INVALID_ARGUMEMT error. 519 Force bool `json:"force,omitempty"` 520 // PartitionSpec: [partition_spec] determines whether to export to partitioned 521 // table(s) and how to partition the data. If [partition_spec] is unset or 522 // [partition_spec.partition_key] is unset or `PARTITION_KEY_UNSPECIFIED`, the 523 // snapshot results will be exported to non-partitioned table(s). [force] will 524 // decide whether to overwrite existing table(s). If [partition_spec] is 525 // specified. First, the snapshot results will be written to partitioned 526 // table(s) with two additional timestamp columns, readTime and requestTime, 527 // one of which will be the partition key. Secondly, in the case when any 528 // destination table already exists, it will first try to update existing 529 // table's schema as necessary by appending additional columns. Then, if 530 // [force] is `TRUE`, the corresponding partition will be overwritten by the 531 // snapshot results (data in different partitions will remain intact); if 532 // [force] is unset or `FALSE`, it will append the data. An error will be 533 // returned if the schema update or data appension fails. 534 PartitionSpec *GoogleCloudAssetV1p7beta1PartitionSpec `json:"partitionSpec,omitempty"` 535 // SeparateTablesPerAssetType: If this flag is `TRUE`, the snapshot results 536 // will be written to one or multiple tables, each of which contains results of 537 // one asset type. The [force] and [partition_spec] fields will apply to each 538 // of them. Field [table] will be concatenated with "_" and the asset type 539 // names (see 540 // https://cloud.google.com/asset-inventory/docs/supported-asset-types for 541 // supported asset types) to construct per-asset-type table names, in which all 542 // non-alphanumeric characters like "." and "/" will be substituted by "_". 543 // Example: if field [table] is "mytable" and snapshot results contain 544 // "storage.googleapis.com/Bucket" assets, the corresponding table name will be 545 // "mytable_storage_googleapis_com_Bucket". If any of these tables does not 546 // exist, a new table with the concatenated name will be created. When 547 // [content_type] in the ExportAssetsRequest is `RESOURCE`, the schema of each 548 // table will include RECORD-type columns mapped to the nested fields in the 549 // Asset.resource.data field of that asset type (up to the 15 nested level 550 // BigQuery supports 551 // (https://cloud.google.com/bigquery/docs/nested-repeated#limitations)). The 552 // fields in >15 nested levels will be stored in JSON format string as a child 553 // column of its parent RECORD column. If error occurs when exporting to any 554 // table, the whole export call will return an error but the export results 555 // that already succeed will persist. Example: if exporting to table_type_A 556 // succeeds when exporting to table_type_B fails during one export call, the 557 // results in table_type_A will persist and there will not be partial results 558 // persisting in a table. 559 SeparateTablesPerAssetType bool `json:"separateTablesPerAssetType,omitempty"` 560 // Table: Required. The BigQuery table to which the snapshot result should be 561 // written. If this table does not exist, a new table with the given name will 562 // be created. 563 Table string `json:"table,omitempty"` 564 // ForceSendFields is a list of field names (e.g. "Dataset") to unconditionally 565 // include in API requests. By default, fields with empty or default values are 566 // omitted from API requests. See 567 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 568 // details. 569 ForceSendFields []string `json:"-"` 570 // NullFields is a list of field names (e.g. "Dataset") to include in API 571 // requests with the JSON null value. By default, fields with empty values are 572 // omitted from API requests. See 573 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 574 NullFields []string `json:"-"` 575 } 576 577 func (s *GoogleCloudAssetV1p7beta1BigQueryDestination) MarshalJSON() ([]byte, error) { 578 type NoMethod GoogleCloudAssetV1p7beta1BigQueryDestination 579 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 580 } 581 582 // GoogleCloudAssetV1p7beta1ExportAssetsRequest: Export asset request. 583 type GoogleCloudAssetV1p7beta1ExportAssetsRequest struct { 584 // AssetTypes: A list of asset types to take a snapshot for. For example: 585 // "compute.googleapis.com/Disk". Regular expressions are also supported. For 586 // example: * "compute.googleapis.com.*" snapshots resources whose asset type 587 // starts with "compute.googleapis.com". * ".*Instance" snapshots resources 588 // whose asset type ends with "Instance". * ".*Instance.*" snapshots resources 589 // whose asset type contains "Instance". See RE2 590 // (https://github.com/google/re2/wiki/Syntax) for all supported regular 591 // expression syntax. If the regular expression does not match any supported 592 // asset type, an INVALID_ARGUMENT error will be returned. If specified, only 593 // matching assets will be returned, otherwise, it will snapshot all asset 594 // types. See Introduction to Cloud Asset Inventory 595 // (https://cloud.google.com/asset-inventory/docs/overview) for all supported 596 // asset types. 597 AssetTypes []string `json:"assetTypes,omitempty"` 598 // ContentType: Asset content type. If not specified, no content but the asset 599 // name will be returned. 600 // 601 // Possible values: 602 // "CONTENT_TYPE_UNSPECIFIED" - Unspecified content type. 603 // "RESOURCE" - Resource metadata. 604 // "IAM_POLICY" - The actual IAM policy set on a resource. 605 // "ORG_POLICY" - The organization policy set on an asset. 606 // "ACCESS_POLICY" - The Access Context Manager policy set on an asset. 607 // "RELATIONSHIP" - The related resources. 608 ContentType string `json:"contentType,omitempty"` 609 // OutputConfig: Required. Output configuration indicating where the results 610 // will be output to. 611 OutputConfig *GoogleCloudAssetV1p7beta1OutputConfig `json:"outputConfig,omitempty"` 612 // ReadTime: Timestamp to take an asset snapshot. This can only be set to a 613 // timestamp between the current time and the current time minus 35 days 614 // (inclusive). If not specified, the current time will be used. Due to delays 615 // in resource data collection and indexing, there is a volatile window during 616 // which running the same query may get different results. 617 ReadTime string `json:"readTime,omitempty"` 618 // RelationshipTypes: A list of relationship types to export, for example: 619 // `INSTANCE_TO_INSTANCEGROUP`. This field should only be specified if 620 // content_type=RELATIONSHIP. If specified, it will snapshot [asset_types]' 621 // specified relationships, or give errors if any relationship_types' supported 622 // types are not in [asset_types]. If not specified, it will snapshot all 623 // [asset_types]' supported relationships. An unspecified [asset_types] field 624 // means all supported asset_types. See Introduction to Cloud Asset Inventory 625 // (https://cloud.google.com/asset-inventory/docs/overview) for all supported 626 // asset types and relationship types. 627 RelationshipTypes []string `json:"relationshipTypes,omitempty"` 628 // ForceSendFields is a list of field names (e.g. "AssetTypes") to 629 // unconditionally include in API requests. By default, fields with empty or 630 // default values are omitted from API requests. See 631 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 632 // details. 633 ForceSendFields []string `json:"-"` 634 // NullFields is a list of field names (e.g. "AssetTypes") to include in API 635 // requests with the JSON null value. By default, fields with empty values are 636 // omitted from API requests. See 637 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 638 NullFields []string `json:"-"` 639 } 640 641 func (s *GoogleCloudAssetV1p7beta1ExportAssetsRequest) MarshalJSON() ([]byte, error) { 642 type NoMethod GoogleCloudAssetV1p7beta1ExportAssetsRequest 643 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 644 } 645 646 // GoogleCloudAssetV1p7beta1GcsDestination: A Cloud Storage location. 647 type GoogleCloudAssetV1p7beta1GcsDestination struct { 648 // Uri: The URI of the Cloud Storage object. It's the same URI that is used by 649 // gsutil. Example: "gs://bucket_name/object_name". See Viewing and Editing 650 // Object Metadata 651 // (https://cloud.google.com/storage/docs/viewing-editing-metadata) for more 652 // information. 653 Uri string `json:"uri,omitempty"` 654 // UriPrefix: The URI prefix of all generated Cloud Storage objects. Example: 655 // "gs://bucket_name/object_name_prefix". Each object URI is in format: 656 // "gs://bucket_name/object_name_prefix/{ASSET_TYPE}/{SHARD_NUMBER} and only 657 // contains assets for that type. starts from 0. Example: 658 // "gs://bucket_name/object_name_prefix/compute.googleapis.com/Disk/0" is the 659 // first shard of output objects containing all compute.googleapis.com/Disk 660 // assets. An INVALID_ARGUMENT error will be returned if file with the same 661 // name "gs://bucket_name/object_name_prefix" already exists. 662 UriPrefix string `json:"uriPrefix,omitempty"` 663 // ForceSendFields is a list of field names (e.g. "Uri") to unconditionally 664 // include in API requests. By default, fields with empty or default values are 665 // omitted from API requests. See 666 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 667 // details. 668 ForceSendFields []string `json:"-"` 669 // NullFields is a list of field names (e.g. "Uri") to include in API requests 670 // with the JSON null value. By default, fields with empty values are omitted 671 // from API requests. See 672 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 673 NullFields []string `json:"-"` 674 } 675 676 func (s *GoogleCloudAssetV1p7beta1GcsDestination) MarshalJSON() ([]byte, error) { 677 type NoMethod GoogleCloudAssetV1p7beta1GcsDestination 678 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 679 } 680 681 // GoogleCloudAssetV1p7beta1OutputConfig: Output configuration for export 682 // assets destination. 683 type GoogleCloudAssetV1p7beta1OutputConfig struct { 684 // BigqueryDestination: Destination on BigQuery. The output table stores the 685 // fields in asset proto as columns in BigQuery. 686 BigqueryDestination *GoogleCloudAssetV1p7beta1BigQueryDestination `json:"bigqueryDestination,omitempty"` 687 // GcsDestination: Destination on Cloud Storage. 688 GcsDestination *GoogleCloudAssetV1p7beta1GcsDestination `json:"gcsDestination,omitempty"` 689 // ForceSendFields is a list of field names (e.g. "BigqueryDestination") to 690 // unconditionally include in API requests. By default, fields with empty or 691 // default values are omitted from API requests. See 692 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 693 // details. 694 ForceSendFields []string `json:"-"` 695 // NullFields is a list of field names (e.g. "BigqueryDestination") to include 696 // in API requests with the JSON null value. By default, fields with empty 697 // values are omitted from API requests. See 698 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 699 NullFields []string `json:"-"` 700 } 701 702 func (s *GoogleCloudAssetV1p7beta1OutputConfig) MarshalJSON() ([]byte, error) { 703 type NoMethod GoogleCloudAssetV1p7beta1OutputConfig 704 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 705 } 706 707 // GoogleCloudAssetV1p7beta1PartitionSpec: Specifications of BigQuery 708 // partitioned table as export destination. 709 type GoogleCloudAssetV1p7beta1PartitionSpec struct { 710 // PartitionKey: The partition key for BigQuery partitioned table. 711 // 712 // Possible values: 713 // "PARTITION_KEY_UNSPECIFIED" - Unspecified partition key. If used, it means 714 // using non-partitioned table. 715 // "READ_TIME" - The time when the snapshot is taken. If specified as 716 // partition key, the result table(s) is partitoned by the additional timestamp 717 // column, readTime. If [read_time] in ExportAssetsRequest is specified, the 718 // readTime column's value will be the same as it. Otherwise, its value will be 719 // the current time that is used to take the snapshot. 720 // "REQUEST_TIME" - The time when the request is received and started to be 721 // processed. If specified as partition key, the result table(s) is partitoned 722 // by the requestTime column, an additional timestamp column representing when 723 // the request was received. 724 PartitionKey string `json:"partitionKey,omitempty"` 725 // ForceSendFields is a list of field names (e.g. "PartitionKey") to 726 // unconditionally include in API requests. By default, fields with empty or 727 // default values are omitted from API requests. See 728 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 729 // details. 730 ForceSendFields []string `json:"-"` 731 // NullFields is a list of field names (e.g. "PartitionKey") to include in API 732 // requests with the JSON null value. By default, fields with empty values are 733 // omitted from API requests. See 734 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 735 NullFields []string `json:"-"` 736 } 737 738 func (s *GoogleCloudAssetV1p7beta1PartitionSpec) MarshalJSON() ([]byte, error) { 739 type NoMethod GoogleCloudAssetV1p7beta1PartitionSpec 740 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 741 } 742 743 // GoogleCloudAssetV1p7beta1RelatedAsset: An asset identify in Google Cloud 744 // which contains its name, type and ancestors. An asset can be any resource in 745 // the Google Cloud resource hierarchy 746 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 747 // a resource outside the Google Cloud resource hierarchy (such as Google 748 // Kubernetes Engine clusters and objects), or a policy (e.g. IAM policy). See 749 // Supported asset types 750 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 751 // more information. 752 type GoogleCloudAssetV1p7beta1RelatedAsset struct { 753 // Ancestors: The ancestors of an asset in Google Cloud resource hierarchy 754 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 755 // represented as a list of relative resource names. An ancestry path starts 756 // with the closest ancestor in the hierarchy and ends at root. Example: 757 // `["projects/123456789", "folders/5432", "organizations/1234"]` 758 Ancestors []string `json:"ancestors,omitempty"` 759 // Asset: The full name of the asset. Example: 760 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/insta 761 // nce1` See Resource names 762 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) for 763 // more information. 764 Asset string `json:"asset,omitempty"` 765 // AssetType: The type of the asset. Example: `compute.googleapis.com/Disk` See 766 // Supported asset types 767 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) for 768 // more information. 769 AssetType string `json:"assetType,omitempty"` 770 // ForceSendFields is a list of field names (e.g. "Ancestors") to 771 // unconditionally include in API requests. By default, fields with empty or 772 // default values are omitted from API requests. See 773 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 774 // details. 775 ForceSendFields []string `json:"-"` 776 // NullFields is a list of field names (e.g. "Ancestors") to include in API 777 // requests with the JSON null value. By default, fields with empty values are 778 // omitted from API requests. See 779 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 780 NullFields []string `json:"-"` 781 } 782 783 func (s *GoogleCloudAssetV1p7beta1RelatedAsset) MarshalJSON() ([]byte, error) { 784 type NoMethod GoogleCloudAssetV1p7beta1RelatedAsset 785 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 786 } 787 788 // GoogleCloudAssetV1p7beta1RelatedAssets: The detailed related assets with the 789 // `relationship_type`. 790 type GoogleCloudAssetV1p7beta1RelatedAssets struct { 791 // Assets: The peer resources of the relationship. 792 Assets []*GoogleCloudAssetV1p7beta1RelatedAsset `json:"assets,omitempty"` 793 // RelationshipAttributes: The detailed relation attributes. 794 RelationshipAttributes *GoogleCloudAssetV1p7beta1RelationshipAttributes `json:"relationshipAttributes,omitempty"` 795 // ForceSendFields is a list of field names (e.g. "Assets") to unconditionally 796 // include in API requests. By default, fields with empty or default values are 797 // omitted from API requests. See 798 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 799 // details. 800 ForceSendFields []string `json:"-"` 801 // NullFields is a list of field names (e.g. "Assets") to include in API 802 // requests with the JSON null value. By default, fields with empty values are 803 // omitted from API requests. See 804 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 805 NullFields []string `json:"-"` 806 } 807 808 func (s *GoogleCloudAssetV1p7beta1RelatedAssets) MarshalJSON() ([]byte, error) { 809 type NoMethod GoogleCloudAssetV1p7beta1RelatedAssets 810 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 811 } 812 813 // GoogleCloudAssetV1p7beta1RelationshipAttributes: The relationship attributes 814 // which include `type`, `source_resource_type`, `target_resource_type` and 815 // `action`. 816 type GoogleCloudAssetV1p7beta1RelationshipAttributes struct { 817 // Action: The detail of the relationship, e.g. `contains`, `attaches` 818 Action string `json:"action,omitempty"` 819 // SourceResourceType: The source asset type. Example: 820 // `compute.googleapis.com/Instance` 821 SourceResourceType string `json:"sourceResourceType,omitempty"` 822 // TargetResourceType: The target asset type. Example: 823 // `compute.googleapis.com/Disk` 824 TargetResourceType string `json:"targetResourceType,omitempty"` 825 // Type: The unique identifier of the relationship type. Example: 826 // `INSTANCE_TO_INSTANCEGROUP` 827 Type string `json:"type,omitempty"` 828 // ForceSendFields is a list of field names (e.g. "Action") to unconditionally 829 // include in API requests. By default, fields with empty or default values are 830 // omitted from API requests. See 831 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 832 // details. 833 ForceSendFields []string `json:"-"` 834 // NullFields is a list of field names (e.g. "Action") to include in API 835 // requests with the JSON null value. By default, fields with empty values are 836 // omitted from API requests. See 837 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 838 NullFields []string `json:"-"` 839 } 840 841 func (s *GoogleCloudAssetV1p7beta1RelationshipAttributes) MarshalJSON() ([]byte, error) { 842 type NoMethod GoogleCloudAssetV1p7beta1RelationshipAttributes 843 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 844 } 845 846 // GoogleCloudAssetV1p7beta1Resource: A representation of a Google Cloud 847 // resource. 848 type GoogleCloudAssetV1p7beta1Resource struct { 849 // Data: The content of the resource, in which some sensitive fields are 850 // removed and may not be present. 851 Data googleapi.RawMessage `json:"data,omitempty"` 852 // DiscoveryDocumentUri: The URL of the discovery document containing the 853 // resource's JSON schema. Example: 854 // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This value is 855 // unspecified for resources that do not have an API based on a discovery 856 // document, such as Cloud Bigtable. 857 DiscoveryDocumentUri string `json:"discoveryDocumentUri,omitempty"` 858 // DiscoveryName: The JSON schema name listed in the discovery document. 859 // Example: `Project` This value is unspecified for resources that do not have 860 // an API based on a discovery document, such as Cloud Bigtable. 861 DiscoveryName string `json:"discoveryName,omitempty"` 862 // Location: The location of the resource in Google Cloud, such as its zone and 863 // region. For more information, see https://cloud.google.com/about/locations/. 864 Location string `json:"location,omitempty"` 865 // Parent: The full name of the immediate parent of this resource. See Resource 866 // Names 867 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) for 868 // more information. For Google Cloud assets, this value is the parent resource 869 // defined in the IAM policy hierarchy 870 // (https://cloud.google.com/iam/docs/overview#policy_hierarchy). Example: 871 // `//cloudresourcemanager.googleapis.com/projects/my_project_123` For 872 // third-party assets, this field may be set differently. 873 Parent string `json:"parent,omitempty"` 874 // ResourceUrl: The REST URL for accessing the resource. An HTTP `GET` request 875 // using this URL returns the resource itself. Example: 876 // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-123` 877 // This value is unspecified for resources without a REST API. 878 ResourceUrl string `json:"resourceUrl,omitempty"` 879 // Version: The API version. Example: `v1` 880 Version string `json:"version,omitempty"` 881 // ForceSendFields is a list of field names (e.g. "Data") to unconditionally 882 // include in API requests. By default, fields with empty or default values are 883 // omitted from API requests. See 884 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 885 // details. 886 ForceSendFields []string `json:"-"` 887 // NullFields is a list of field names (e.g. "Data") to include in API requests 888 // with the JSON null value. By default, fields with empty values are omitted 889 // from API requests. See 890 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 891 NullFields []string `json:"-"` 892 } 893 894 func (s *GoogleCloudAssetV1p7beta1Resource) MarshalJSON() ([]byte, error) { 895 type NoMethod GoogleCloudAssetV1p7beta1Resource 896 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 897 } 898 899 // GoogleCloudOrgpolicyV1BooleanPolicy: Used in `policy_type` to specify how 900 // `boolean_policy` will behave at this resource. 901 type GoogleCloudOrgpolicyV1BooleanPolicy struct { 902 // Enforced: If `true`, then the `Policy` is enforced. If `false`, then any 903 // configuration is acceptable. Suppose you have a `Constraint` 904 // `constraints/compute.disableSerialPortAccess` with `constraint_default` set 905 // to `ALLOW`. A `Policy` for that `Constraint` exhibits the following 906 // behavior: - If the `Policy` at this resource has enforced set to `false`, 907 // serial port connection attempts will be allowed. - If the `Policy` at this 908 // resource has enforced set to `true`, serial port connection attempts will be 909 // refused. - If the `Policy` at this resource is `RestoreDefault`, serial port 910 // connection attempts will be allowed. - If no `Policy` is set at this 911 // resource or anywhere higher in the resource hierarchy, serial port 912 // connection attempts will be allowed. - If no `Policy` is set at this 913 // resource, but one exists higher in the resource hierarchy, the behavior is 914 // as if the`Policy` were set at this resource. The following examples 915 // demonstrate the different possible layerings: Example 1 (nearest 916 // `Constraint` wins): `organizations/foo` has a `Policy` with: {enforced: 917 // false} `projects/bar` has no `Policy` set. The constraint at `projects/bar` 918 // and `organizations/foo` will not be enforced. Example 2 (enforcement gets 919 // replaced): `organizations/foo` has a `Policy` with: {enforced: false} 920 // `projects/bar` has a `Policy` with: {enforced: true} The constraint at 921 // `organizations/foo` is not enforced. The constraint at `projects/bar` is 922 // enforced. Example 3 (RestoreDefault): `organizations/foo` has a `Policy` 923 // with: {enforced: true} `projects/bar` has a `Policy` with: {RestoreDefault: 924 // {}} The constraint at `organizations/foo` is enforced. The constraint at 925 // `projects/bar` is not enforced, because `constraint_default` for the 926 // `Constraint` is `ALLOW`. 927 Enforced bool `json:"enforced,omitempty"` 928 // ForceSendFields is a list of field names (e.g. "Enforced") to 929 // unconditionally include in API requests. By default, fields with empty or 930 // default values are omitted from API requests. See 931 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 932 // details. 933 ForceSendFields []string `json:"-"` 934 // NullFields is a list of field names (e.g. "Enforced") to include in API 935 // requests with the JSON null value. By default, fields with empty values are 936 // omitted from API requests. See 937 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 938 NullFields []string `json:"-"` 939 } 940 941 func (s *GoogleCloudOrgpolicyV1BooleanPolicy) MarshalJSON() ([]byte, error) { 942 type NoMethod GoogleCloudOrgpolicyV1BooleanPolicy 943 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 944 } 945 946 // GoogleCloudOrgpolicyV1ListPolicy: Used in `policy_type` to specify how 947 // `list_policy` behaves at this resource. `ListPolicy` can define specific 948 // values and subtrees of Cloud Resource Manager resource hierarchy 949 // (`Organizations`, `Folders`, `Projects`) that are allowed or denied by 950 // setting the `allowed_values` and `denied_values` fields. This is achieved by 951 // using the `under:` and optional `is:` prefixes. The `under:` prefix is used 952 // to denote resource subtree values. The `is:` prefix is used to denote 953 // specific values, and is required only if the value contains a ":". Values 954 // prefixed with "is:" are treated the same as values with no prefix. Ancestry 955 // subtrees must be in one of the following formats: - "projects/", e.g. 956 // "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - 957 // "organizations/", e.g. "organizations/1234" The `supports_under` field of 958 // the associated `Constraint` defines whether ancestry prefixes can be used. 959 // You can set `allowed_values` and `denied_values` in the same `Policy` if 960 // `all_values` is `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to 961 // allow or deny all values. If `all_values` is set to either `ALLOW` or 962 // `DENY`, `allowed_values` and `denied_values` must be unset. 963 type GoogleCloudOrgpolicyV1ListPolicy struct { 964 // AllValues: The policy all_values state. 965 // 966 // Possible values: 967 // "ALL_VALUES_UNSPECIFIED" - Indicates that allowed_values or denied_values 968 // must be set. 969 // "ALLOW" - A policy with this set allows all values. 970 // "DENY" - A policy with this set denies all values. 971 AllValues string `json:"allValues,omitempty"` 972 // AllowedValues: List of values allowed at this resource. Can only be set if 973 // `all_values` is set to `ALL_VALUES_UNSPECIFIED`. 974 AllowedValues []string `json:"allowedValues,omitempty"` 975 // DeniedValues: List of values denied at this resource. Can only be set if 976 // `all_values` is set to `ALL_VALUES_UNSPECIFIED`. 977 DeniedValues []string `json:"deniedValues,omitempty"` 978 // InheritFromParent: Determines the inheritance behavior for this `Policy`. By 979 // default, a `ListPolicy` set at a resource supersedes any `Policy` set 980 // anywhere up the resource hierarchy. However, if `inherit_from_parent` is set 981 // to `true`, then the values from the effective `Policy` of the parent 982 // resource are inherited, meaning the values set in this `Policy` are added to 983 // the values inherited up the hierarchy. Setting `Policy` hierarchies that 984 // inherit both allowed values and denied values isn't recommended in most 985 // circumstances to keep the configuration simple and understandable. However, 986 // it is possible to set a `Policy` with `allowed_values` set that inherits a 987 // `Policy` with `denied_values` set. In this case, the values that are allowed 988 // must be in `allowed_values` and not present in `denied_values`. For example, 989 // suppose you have a `Constraint` `constraints/serviceuser.services`, which 990 // has a `constraint_type` of `list_constraint`, and with `constraint_default` 991 // set to `ALLOW`. Suppose that at the Organization level, a `Policy` is 992 // applied that restricts the allowed API activations to {`E1`, `E2`}. Then, if 993 // a `Policy` is applied to a project below the Organization that has 994 // `inherit_from_parent` set to `false` and field all_values set to DENY, then 995 // an attempt to activate any API will be denied. The following examples 996 // demonstrate different possible layerings for `projects/bar` parented by 997 // `organizations/foo`: Example 1 (no inherited values): `organizations/foo` 998 // has a `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} 999 // `projects/bar` has `inherit_from_parent` `false` and values: 1000 // {allowed_values: "E3" allowed_values: "E4"} The accepted values at 1001 // `organizations/foo` are `E1`, `E2`. The accepted values at `projects/bar` 1002 // are `E3`, and `E4`. Example 2 (inherited values): `organizations/foo` has a 1003 // `Policy` with values: {allowed_values: "E1" allowed_values:"E2"} 1004 // `projects/bar` has a `Policy` with values: {value: "E3" value: "E4" 1005 // inherit_from_parent: true} The accepted values at `organizations/foo` are 1006 // `E1`, `E2`. The accepted values at `projects/bar` are `E1`, `E2`, `E3`, and 1007 // `E4`. Example 3 (inheriting both allowed and denied values): 1008 // `organizations/foo` has a `Policy` with values: {allowed_values: "E1" 1009 // allowed_values: "E2"} `projects/bar` has a `Policy` with: {denied_values: 1010 // "E1"} The accepted values at `organizations/foo` are `E1`, `E2`. The value 1011 // accepted at `projects/bar` is `E2`. Example 4 (RestoreDefault): 1012 // `organizations/foo` has a `Policy` with values: {allowed_values: "E1" 1013 // allowed_values:"E2"} `projects/bar` has a `Policy` with values: 1014 // {RestoreDefault: {}} The accepted values at `organizations/foo` are `E1`, 1015 // `E2`. The accepted values at `projects/bar` are either all or none depending 1016 // on the value of `constraint_default` (if `ALLOW`, all; if `DENY`, none). 1017 // Example 5 (no policy inherits parent policy): `organizations/foo` has no 1018 // `Policy` set. `projects/bar` has no `Policy` set. The accepted values at 1019 // both levels are either all or none depending on the value of 1020 // `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 1021 // (ListConstraint allowing all): `organizations/foo` has a `Policy` with 1022 // values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a 1023 // `Policy` with: {all: ALLOW} The accepted values at `organizations/foo` are 1024 // `E1`, E2`. Any value is accepted at `projects/bar`. Example 7 1025 // (ListConstraint allowing none): `organizations/foo` has a `Policy` with 1026 // values: {allowed_values: "E1" allowed_values: "E2"} `projects/bar` has a 1027 // `Policy` with: {all: DENY} The accepted values at `organizations/foo` are 1028 // `E1`, E2`. No value is accepted at `projects/bar`. Example 10 (allowed and 1029 // denied subtrees of Resource Manager hierarchy): Given the following resource 1030 // hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` has a 1031 // `Policy` with values: {allowed_values: "under:organizations/O1"} 1032 // `projects/bar` has a `Policy` with: {allowed_values: "under:projects/P3"} 1033 // {denied_values: "under:folders/F2"} The accepted values at 1034 // `organizations/foo` are `organizations/O1`, `folders/F1`, `folders/F2`, 1035 // `projects/P1`, `projects/P2`, `projects/P3`. The accepted values at 1036 // `projects/bar` are `organizations/O1`, `folders/F1`, `projects/P1`. 1037 InheritFromParent bool `json:"inheritFromParent,omitempty"` 1038 // SuggestedValue: Optional. The Google Cloud Console will try to default to a 1039 // configuration that matches the value specified in this `Policy`. If 1040 // `suggested_value` is not set, it will inherit the value specified higher in 1041 // the hierarchy, unless `inherit_from_parent` is `false`. 1042 SuggestedValue string `json:"suggestedValue,omitempty"` 1043 // ForceSendFields is a list of field names (e.g. "AllValues") to 1044 // unconditionally include in API requests. By default, fields with empty or 1045 // default values are omitted from API requests. See 1046 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1047 // details. 1048 ForceSendFields []string `json:"-"` 1049 // NullFields is a list of field names (e.g. "AllValues") to include in API 1050 // requests with the JSON null value. By default, fields with empty values are 1051 // omitted from API requests. See 1052 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1053 NullFields []string `json:"-"` 1054 } 1055 1056 func (s *GoogleCloudOrgpolicyV1ListPolicy) MarshalJSON() ([]byte, error) { 1057 type NoMethod GoogleCloudOrgpolicyV1ListPolicy 1058 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1059 } 1060 1061 // GoogleCloudOrgpolicyV1Policy: Defines a Cloud Organization `Policy` which is 1062 // used to specify `Constraints` for configurations of Cloud Platform 1063 // resources. 1064 type GoogleCloudOrgpolicyV1Policy struct { 1065 // BooleanPolicy: For boolean `Constraints`, whether to enforce the 1066 // `Constraint` or not. 1067 BooleanPolicy *GoogleCloudOrgpolicyV1BooleanPolicy `json:"booleanPolicy,omitempty"` 1068 // Constraint: The name of the `Constraint` the `Policy` is configuring, for 1069 // example, `constraints/serviceuser.services`. A list of available constraints 1070 // (/resource-manager/docs/organization-policy/org-policy-constraints) is 1071 // available. Immutable after creation. 1072 Constraint string `json:"constraint,omitempty"` 1073 // Etag: An opaque tag indicating the current version of the `Policy`, used for 1074 // concurrency control. When the `Policy` is returned from either a `GetPolicy` 1075 // or a `ListOrgPolicy` request, this `etag` indicates the version of the 1076 // current `Policy` to use when executing a read-modify-write loop. When the 1077 // `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be 1078 // unset. When the `Policy` is used in a `SetOrgPolicy` method, use the `etag` 1079 // value that was returned from a `GetOrgPolicy` request as part of a 1080 // read-modify-write loop for concurrency control. Not setting the `etag`in a 1081 // `SetOrgPolicy` request will result in an unconditional write of the 1082 // `Policy`. 1083 Etag string `json:"etag,omitempty"` 1084 // ListPolicy: List of values either allowed or disallowed. 1085 ListPolicy *GoogleCloudOrgpolicyV1ListPolicy `json:"listPolicy,omitempty"` 1086 // RestoreDefault: Restores the default behavior of the constraint; independent 1087 // of `Constraint` type. 1088 RestoreDefault *GoogleCloudOrgpolicyV1RestoreDefault `json:"restoreDefault,omitempty"` 1089 // UpdateTime: The time stamp the `Policy` was previously updated. This is set 1090 // by the server, not specified by the caller, and represents the last time a 1091 // call to `SetOrgPolicy` was made for that `Policy`. Any value set by the 1092 // client will be ignored. 1093 UpdateTime string `json:"updateTime,omitempty"` 1094 // Version: Version of the `Policy`. Default version is 0; 1095 Version int64 `json:"version,omitempty"` 1096 // ForceSendFields is a list of field names (e.g. "BooleanPolicy") to 1097 // unconditionally include in API requests. By default, fields with empty or 1098 // default values are omitted from API requests. See 1099 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1100 // details. 1101 ForceSendFields []string `json:"-"` 1102 // NullFields is a list of field names (e.g. "BooleanPolicy") to include in API 1103 // requests with the JSON null value. By default, fields with empty values are 1104 // omitted from API requests. See 1105 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1106 NullFields []string `json:"-"` 1107 } 1108 1109 func (s *GoogleCloudOrgpolicyV1Policy) MarshalJSON() ([]byte, error) { 1110 type NoMethod GoogleCloudOrgpolicyV1Policy 1111 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1112 } 1113 1114 // GoogleCloudOrgpolicyV1RestoreDefault: Ignores policies set above this 1115 // resource and restores the `constraint_default` enforcement behavior of the 1116 // specific `Constraint` at this resource. Suppose that `constraint_default` is 1117 // set to `ALLOW` for the `Constraint` `constraints/serviceuser.services`. 1118 // Suppose that organization foo.com sets a `Policy` at their Organization 1119 // resource node that restricts the allowed service activations to deny all 1120 // service activations. They could then set a `Policy` with the `policy_type` 1121 // `restore_default` on several experimental projects, restoring the 1122 // `constraint_default` enforcement of the `Constraint` for only those 1123 // projects, allowing those projects to have all services activated. 1124 type GoogleCloudOrgpolicyV1RestoreDefault struct { 1125 } 1126 1127 // GoogleIdentityAccesscontextmanagerV1AccessLevel: An `AccessLevel` is a label 1128 // that can be applied to requests to Google Cloud services, along with a list 1129 // of requirements necessary for the label to be applied. 1130 type GoogleIdentityAccesscontextmanagerV1AccessLevel struct { 1131 // Basic: A `BasicLevel` composed of `Conditions`. 1132 Basic *GoogleIdentityAccesscontextmanagerV1BasicLevel `json:"basic,omitempty"` 1133 // Custom: A `CustomLevel` written in the Common Expression Language. 1134 Custom *GoogleIdentityAccesscontextmanagerV1CustomLevel `json:"custom,omitempty"` 1135 // Description: Description of the `AccessLevel` and its use. Does not affect 1136 // behavior. 1137 Description string `json:"description,omitempty"` 1138 // Name: Resource name for the `AccessLevel`. Format: 1139 // `accessPolicies/{access_policy}/accessLevels/{access_level}`. The 1140 // `access_level` component must begin with a letter, followed by alphanumeric 1141 // characters or `_`. Its maximum length is 50 characters. After you create an 1142 // `AccessLevel`, you cannot change its `name`. 1143 Name string `json:"name,omitempty"` 1144 // Title: Human readable title. Must be unique within the Policy. 1145 Title string `json:"title,omitempty"` 1146 // ForceSendFields is a list of field names (e.g. "Basic") to unconditionally 1147 // include in API requests. By default, fields with empty or default values are 1148 // omitted from API requests. See 1149 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1150 // details. 1151 ForceSendFields []string `json:"-"` 1152 // NullFields is a list of field names (e.g. "Basic") to include in API 1153 // requests with the JSON null value. By default, fields with empty values are 1154 // omitted from API requests. See 1155 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1156 NullFields []string `json:"-"` 1157 } 1158 1159 func (s *GoogleIdentityAccesscontextmanagerV1AccessLevel) MarshalJSON() ([]byte, error) { 1160 type NoMethod GoogleIdentityAccesscontextmanagerV1AccessLevel 1161 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1162 } 1163 1164 // GoogleIdentityAccesscontextmanagerV1AccessPolicy: `AccessPolicy` is a 1165 // container for `AccessLevels` (which define the necessary attributes to use 1166 // Google Cloud services) and `ServicePerimeters` (which define regions of 1167 // services able to freely pass data within a perimeter). An access policy is 1168 // globally visible within an organization, and the restrictions it specifies 1169 // apply to all projects within an organization. 1170 type GoogleIdentityAccesscontextmanagerV1AccessPolicy struct { 1171 // Etag: Output only. An opaque identifier for the current version of the 1172 // `AccessPolicy`. This will always be a strongly validated etag, meaning that 1173 // two Access Polices will be identical if and only if their etags are 1174 // identical. Clients should not expect this to be in any specific format. 1175 Etag string `json:"etag,omitempty"` 1176 // Name: Output only. Resource name of the `AccessPolicy`. Format: 1177 // `accessPolicies/{access_policy}` 1178 Name string `json:"name,omitempty"` 1179 // Parent: Required. The parent of this `AccessPolicy` in the Cloud Resource 1180 // Hierarchy. Currently immutable once created. Format: 1181 // `organizations/{organization_id}` 1182 Parent string `json:"parent,omitempty"` 1183 // Scopes: The scopes of the AccessPolicy. Scopes define which resources a 1184 // policy can restrict and where its resources can be referenced. For example, 1185 // policy A with `scopes=["folders/123"]` has the following behavior: - 1186 // ServicePerimeter can only restrict projects within `folders/123`. - 1187 // ServicePerimeter within policy A can only reference access levels defined 1188 // within policy A. - Only one policy can include a given scope; thus, 1189 // attempting to create a second policy which includes `folders/123` will 1190 // result in an error. If no scopes are provided, then any resource within the 1191 // organization can be restricted. Scopes cannot be modified after a policy is 1192 // created. Policies can only have a single scope. Format: list of 1193 // `folders/{folder_number}` or `projects/{project_number}` 1194 Scopes []string `json:"scopes,omitempty"` 1195 // Title: Required. Human readable title. Does not affect behavior. 1196 Title string `json:"title,omitempty"` 1197 // ForceSendFields is a list of field names (e.g. "Etag") to unconditionally 1198 // include in API requests. By default, fields with empty or default values are 1199 // omitted from API requests. See 1200 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1201 // details. 1202 ForceSendFields []string `json:"-"` 1203 // NullFields is a list of field names (e.g. "Etag") to include in API requests 1204 // with the JSON null value. By default, fields with empty values are omitted 1205 // from API requests. See 1206 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1207 NullFields []string `json:"-"` 1208 } 1209 1210 func (s *GoogleIdentityAccesscontextmanagerV1AccessPolicy) MarshalJSON() ([]byte, error) { 1211 type NoMethod GoogleIdentityAccesscontextmanagerV1AccessPolicy 1212 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1213 } 1214 1215 // GoogleIdentityAccesscontextmanagerV1ApiOperation: Identification for an API 1216 // Operation. 1217 type GoogleIdentityAccesscontextmanagerV1ApiOperation struct { 1218 // MethodSelectors: API methods or permissions to allow. Method or permission 1219 // must belong to the service specified by `service_name` field. A single 1220 // MethodSelector entry with `*` specified for the `method` field will allow 1221 // all methods AND permissions for the service specified in `service_name`. 1222 MethodSelectors []*GoogleIdentityAccesscontextmanagerV1MethodSelector `json:"methodSelectors,omitempty"` 1223 // ServiceName: The name of the API whose methods or permissions the 1224 // IngressPolicy or EgressPolicy want to allow. A single ApiOperation with 1225 // `service_name` field set to `*` will allow all methods AND permissions for 1226 // all services. 1227 ServiceName string `json:"serviceName,omitempty"` 1228 // ForceSendFields is a list of field names (e.g. "MethodSelectors") to 1229 // unconditionally include in API requests. By default, fields with empty or 1230 // default values are omitted from API requests. See 1231 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1232 // details. 1233 ForceSendFields []string `json:"-"` 1234 // NullFields is a list of field names (e.g. "MethodSelectors") to include in 1235 // API requests with the JSON null value. By default, fields with empty values 1236 // are omitted from API requests. See 1237 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1238 NullFields []string `json:"-"` 1239 } 1240 1241 func (s *GoogleIdentityAccesscontextmanagerV1ApiOperation) MarshalJSON() ([]byte, error) { 1242 type NoMethod GoogleIdentityAccesscontextmanagerV1ApiOperation 1243 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1244 } 1245 1246 // GoogleIdentityAccesscontextmanagerV1BasicLevel: `BasicLevel` is an 1247 // `AccessLevel` using a set of recommended features. 1248 type GoogleIdentityAccesscontextmanagerV1BasicLevel struct { 1249 // CombiningFunction: How the `conditions` list should be combined to determine 1250 // if a request is granted this `AccessLevel`. If AND is used, each `Condition` 1251 // in `conditions` must be satisfied for the `AccessLevel` to be applied. If OR 1252 // is used, at least one `Condition` in `conditions` must be satisfied for the 1253 // `AccessLevel` to be applied. Default behavior is AND. 1254 // 1255 // Possible values: 1256 // "AND" - All `Conditions` must be true for the `BasicLevel` to be true. 1257 // "OR" - If at least one `Condition` is true, then the `BasicLevel` is true. 1258 CombiningFunction string `json:"combiningFunction,omitempty"` 1259 // Conditions: Required. A list of requirements for the `AccessLevel` to be 1260 // granted. 1261 Conditions []*GoogleIdentityAccesscontextmanagerV1Condition `json:"conditions,omitempty"` 1262 // ForceSendFields is a list of field names (e.g. "CombiningFunction") to 1263 // unconditionally include in API requests. By default, fields with empty or 1264 // default values are omitted from API requests. See 1265 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1266 // details. 1267 ForceSendFields []string `json:"-"` 1268 // NullFields is a list of field names (e.g. "CombiningFunction") to include in 1269 // API requests with the JSON null value. By default, fields with empty values 1270 // are omitted from API requests. See 1271 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1272 NullFields []string `json:"-"` 1273 } 1274 1275 func (s *GoogleIdentityAccesscontextmanagerV1BasicLevel) MarshalJSON() ([]byte, error) { 1276 type NoMethod GoogleIdentityAccesscontextmanagerV1BasicLevel 1277 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1278 } 1279 1280 // GoogleIdentityAccesscontextmanagerV1Condition: A condition necessary for an 1281 // `AccessLevel` to be granted. The Condition is an AND over its fields. So a 1282 // Condition is true if: 1) the request IP is from one of the listed 1283 // subnetworks AND 2) the originating device complies with the listed device 1284 // policy AND 3) all listed access levels are granted AND 4) the request was 1285 // sent at a time allowed by the DateTimeRestriction. 1286 type GoogleIdentityAccesscontextmanagerV1Condition struct { 1287 // DevicePolicy: Device specific restrictions, all restrictions must hold for 1288 // the Condition to be true. If not specified, all devices are allowed. 1289 DevicePolicy *GoogleIdentityAccesscontextmanagerV1DevicePolicy `json:"devicePolicy,omitempty"` 1290 // IpSubnetworks: CIDR block IP subnetwork specification. May be IPv4 or IPv6. 1291 // Note that for a CIDR IP address block, the specified IP address portion must 1292 // be properly truncated (i.e. all the host bits must be zero) or the input is 1293 // considered malformed. For example, "192.0.2.0/24" is accepted but 1294 // "192.0.2.1/24" is not. Similarly, for IPv6, "2001:db8::/32" is accepted 1295 // whereas "2001:db8::1/32" is not. The originating IP of a request must be in 1296 // one of the listed subnets in order for this Condition to be true. If empty, 1297 // all IP addresses are allowed. 1298 IpSubnetworks []string `json:"ipSubnetworks,omitempty"` 1299 // Members: The request must be made by one of the provided user or service 1300 // accounts. Groups are not supported. Syntax: `user:{emailid}` 1301 // `serviceAccount:{emailid}` If not specified, a request may come from any 1302 // user. 1303 Members []string `json:"members,omitempty"` 1304 // Negate: Whether to negate the Condition. If true, the Condition becomes a 1305 // NAND over its non-empty fields. Any non-empty field criteria evaluating to 1306 // false will result in the Condition to be satisfied. Defaults to false. 1307 Negate bool `json:"negate,omitempty"` 1308 // Regions: The request must originate from one of the provided 1309 // countries/regions. Must be valid ISO 3166-1 alpha-2 codes. 1310 Regions []string `json:"regions,omitempty"` 1311 // RequiredAccessLevels: A list of other access levels defined in the same 1312 // `Policy`, referenced by resource name. Referencing an `AccessLevel` which 1313 // does not exist is an error. All access levels listed must be granted for the 1314 // Condition to be true. Example: 1315 // "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME" 1316 RequiredAccessLevels []string `json:"requiredAccessLevels,omitempty"` 1317 // VpcNetworkSources: The request must originate from one of the provided VPC 1318 // networks in Google Cloud. Cannot specify this field together with 1319 // `ip_subnetworks`. 1320 VpcNetworkSources []*GoogleIdentityAccesscontextmanagerV1VpcNetworkSource `json:"vpcNetworkSources,omitempty"` 1321 // ForceSendFields is a list of field names (e.g. "DevicePolicy") to 1322 // unconditionally include in API requests. By default, fields with empty or 1323 // default values are omitted from API requests. See 1324 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1325 // details. 1326 ForceSendFields []string `json:"-"` 1327 // NullFields is a list of field names (e.g. "DevicePolicy") to include in API 1328 // requests with the JSON null value. By default, fields with empty values are 1329 // omitted from API requests. See 1330 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1331 NullFields []string `json:"-"` 1332 } 1333 1334 func (s *GoogleIdentityAccesscontextmanagerV1Condition) MarshalJSON() ([]byte, error) { 1335 type NoMethod GoogleIdentityAccesscontextmanagerV1Condition 1336 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1337 } 1338 1339 // GoogleIdentityAccesscontextmanagerV1CustomLevel: `CustomLevel` is an 1340 // `AccessLevel` using the Cloud Common Expression Language to represent the 1341 // necessary conditions for the level to apply to a request. See CEL spec at: 1342 // https://github.com/google/cel-spec 1343 type GoogleIdentityAccesscontextmanagerV1CustomLevel struct { 1344 // Expr: Required. A Cloud CEL expression evaluating to a boolean. 1345 Expr *Expr `json:"expr,omitempty"` 1346 // ForceSendFields is a list of field names (e.g. "Expr") to unconditionally 1347 // include in API requests. By default, fields with empty or default values are 1348 // omitted from API requests. See 1349 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1350 // details. 1351 ForceSendFields []string `json:"-"` 1352 // NullFields is a list of field names (e.g. "Expr") to include in API requests 1353 // with the JSON null value. By default, fields with empty values are omitted 1354 // from API requests. See 1355 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1356 NullFields []string `json:"-"` 1357 } 1358 1359 func (s *GoogleIdentityAccesscontextmanagerV1CustomLevel) MarshalJSON() ([]byte, error) { 1360 type NoMethod GoogleIdentityAccesscontextmanagerV1CustomLevel 1361 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1362 } 1363 1364 // GoogleIdentityAccesscontextmanagerV1DevicePolicy: `DevicePolicy` specifies 1365 // device specific restrictions necessary to acquire a given access level. A 1366 // `DevicePolicy` specifies requirements for requests from devices to be 1367 // granted access levels, it does not do any enforcement on the device. 1368 // `DevicePolicy` acts as an AND over all specified fields, and each repeated 1369 // field is an OR over its elements. Any unset fields are ignored. For example, 1370 // if the proto is { os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, 1371 // encryption_status: ENCRYPTED}, then the DevicePolicy will be true for 1372 // requests originating from encrypted Linux desktops and encrypted Windows 1373 // desktops. 1374 type GoogleIdentityAccesscontextmanagerV1DevicePolicy struct { 1375 // AllowedDeviceManagementLevels: Allowed device management levels, an empty 1376 // list allows all management levels. 1377 // 1378 // Possible values: 1379 // "MANAGEMENT_UNSPECIFIED" - The device's management level is not specified 1380 // or not known. 1381 // "NONE" - The device is not managed. 1382 // "BASIC" - Basic management is enabled, which is generally limited to 1383 // monitoring and wiping the corporate account. 1384 // "COMPLETE" - Complete device management. This includes more thorough 1385 // monitoring and the ability to directly manage the device (such as remote 1386 // wiping). This can be enabled through the Android Enterprise Platform. 1387 AllowedDeviceManagementLevels []string `json:"allowedDeviceManagementLevels,omitempty"` 1388 // AllowedEncryptionStatuses: Allowed encryptions statuses, an empty list 1389 // allows all statuses. 1390 // 1391 // Possible values: 1392 // "ENCRYPTION_UNSPECIFIED" - The encryption status of the device is not 1393 // specified or not known. 1394 // "ENCRYPTION_UNSUPPORTED" - The device does not support encryption. 1395 // "UNENCRYPTED" - The device supports encryption, but is currently 1396 // unencrypted. 1397 // "ENCRYPTED" - The device is encrypted. 1398 AllowedEncryptionStatuses []string `json:"allowedEncryptionStatuses,omitempty"` 1399 // OsConstraints: Allowed OS versions, an empty list allows all types and all 1400 // versions. 1401 OsConstraints []*GoogleIdentityAccesscontextmanagerV1OsConstraint `json:"osConstraints,omitempty"` 1402 // RequireAdminApproval: Whether the device needs to be approved by the 1403 // customer admin. 1404 RequireAdminApproval bool `json:"requireAdminApproval,omitempty"` 1405 // RequireCorpOwned: Whether the device needs to be corp owned. 1406 RequireCorpOwned bool `json:"requireCorpOwned,omitempty"` 1407 // RequireScreenlock: Whether or not screenlock is required for the 1408 // DevicePolicy to be true. Defaults to `false`. 1409 RequireScreenlock bool `json:"requireScreenlock,omitempty"` 1410 // ForceSendFields is a list of field names (e.g. 1411 // "AllowedDeviceManagementLevels") to unconditionally include in API requests. 1412 // By default, fields with empty or default values are omitted from API 1413 // requests. See https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields 1414 // for more details. 1415 ForceSendFields []string `json:"-"` 1416 // NullFields is a list of field names (e.g. "AllowedDeviceManagementLevels") 1417 // to include in API requests with the JSON null value. By default, fields with 1418 // empty values are omitted from API requests. See 1419 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1420 NullFields []string `json:"-"` 1421 } 1422 1423 func (s *GoogleIdentityAccesscontextmanagerV1DevicePolicy) MarshalJSON() ([]byte, error) { 1424 type NoMethod GoogleIdentityAccesscontextmanagerV1DevicePolicy 1425 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1426 } 1427 1428 // GoogleIdentityAccesscontextmanagerV1EgressFrom: Defines the conditions under 1429 // which an EgressPolicy matches a request. Conditions based on information 1430 // about the source of the request. Note that if the destination of the request 1431 // is also protected by a ServicePerimeter, then that ServicePerimeter must 1432 // have an IngressPolicy which allows access in order for this request to 1433 // succeed. 1434 type GoogleIdentityAccesscontextmanagerV1EgressFrom struct { 1435 // Identities: A list of identities that are allowed access through 1436 // [EgressPolicy]. Identities can be an individual user, service account, 1437 // Google group, or third-party identity. The `v1` identities that have the 1438 // prefix `user`, `group`, `serviceAccount`, `principal`, and `principalSet` in 1439 // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. 1440 Identities []string `json:"identities,omitempty"` 1441 // IdentityType: Specifies the type of identities that are allowed access to 1442 // outside the perimeter. If left unspecified, then members of `identities` 1443 // field will be allowed access. 1444 // 1445 // Possible values: 1446 // "IDENTITY_TYPE_UNSPECIFIED" - No blanket identity group specified. 1447 // "ANY_IDENTITY" - Authorize access from all identities outside the 1448 // perimeter. 1449 // "ANY_USER_ACCOUNT" - Authorize access from all human users outside the 1450 // perimeter. 1451 // "ANY_SERVICE_ACCOUNT" - Authorize access from all service accounts outside 1452 // the perimeter. 1453 IdentityType string `json:"identityType,omitempty"` 1454 // SourceRestriction: Whether to enforce traffic restrictions based on 1455 // `sources` field. If the `sources` fields is non-empty, then this field must 1456 // be set to `SOURCE_RESTRICTION_ENABLED`. 1457 // 1458 // Possible values: 1459 // "SOURCE_RESTRICTION_UNSPECIFIED" - Enforcement preference unspecified, 1460 // will not enforce traffic restrictions based on `sources` in EgressFrom. 1461 // "SOURCE_RESTRICTION_ENABLED" - Enforcement preference enabled, traffic 1462 // restrictions will be enforced based on `sources` in EgressFrom. 1463 // "SOURCE_RESTRICTION_DISABLED" - Enforcement preference disabled, will not 1464 // enforce traffic restrictions based on `sources` in EgressFrom. 1465 SourceRestriction string `json:"sourceRestriction,omitempty"` 1466 // Sources: Sources that this EgressPolicy authorizes access from. If this 1467 // field is not empty, then `source_restriction` must be set to 1468 // `SOURCE_RESTRICTION_ENABLED`. 1469 Sources []*GoogleIdentityAccesscontextmanagerV1EgressSource `json:"sources,omitempty"` 1470 // ForceSendFields is a list of field names (e.g. "Identities") to 1471 // unconditionally include in API requests. By default, fields with empty or 1472 // default values are omitted from API requests. See 1473 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1474 // details. 1475 ForceSendFields []string `json:"-"` 1476 // NullFields is a list of field names (e.g. "Identities") to include in API 1477 // requests with the JSON null value. By default, fields with empty values are 1478 // omitted from API requests. See 1479 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1480 NullFields []string `json:"-"` 1481 } 1482 1483 func (s *GoogleIdentityAccesscontextmanagerV1EgressFrom) MarshalJSON() ([]byte, error) { 1484 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressFrom 1485 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1486 } 1487 1488 // GoogleIdentityAccesscontextmanagerV1EgressPolicy: Policy for egress from 1489 // perimeter. EgressPolicies match requests based on `egress_from` and 1490 // `egress_to` stanzas. For an EgressPolicy to match, both `egress_from` and 1491 // `egress_to` stanzas must be matched. If an EgressPolicy matches a request, 1492 // the request is allowed to span the ServicePerimeter boundary. For example, 1493 // an EgressPolicy can be used to allow VMs on networks within the 1494 // ServicePerimeter to access a defined set of projects outside the perimeter 1495 // in certain contexts (e.g. to read data from a Cloud Storage bucket or query 1496 // against a BigQuery dataset). EgressPolicies are concerned with the 1497 // *resources* that a request relates as well as the API services and API 1498 // actions being used. They do not related to the direction of data movement. 1499 // More detailed documentation for this concept can be found in the 1500 // descriptions of EgressFrom and EgressTo. 1501 type GoogleIdentityAccesscontextmanagerV1EgressPolicy struct { 1502 // EgressFrom: Defines conditions on the source of a request causing this 1503 // EgressPolicy to apply. 1504 EgressFrom *GoogleIdentityAccesscontextmanagerV1EgressFrom `json:"egressFrom,omitempty"` 1505 // EgressTo: Defines the conditions on the ApiOperation and destination 1506 // resources that cause this EgressPolicy to apply. 1507 EgressTo *GoogleIdentityAccesscontextmanagerV1EgressTo `json:"egressTo,omitempty"` 1508 // ForceSendFields is a list of field names (e.g. "EgressFrom") to 1509 // unconditionally include in API requests. By default, fields with empty or 1510 // default values are omitted from API requests. See 1511 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1512 // details. 1513 ForceSendFields []string `json:"-"` 1514 // NullFields is a list of field names (e.g. "EgressFrom") to include in API 1515 // requests with the JSON null value. By default, fields with empty values are 1516 // omitted from API requests. See 1517 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1518 NullFields []string `json:"-"` 1519 } 1520 1521 func (s *GoogleIdentityAccesscontextmanagerV1EgressPolicy) MarshalJSON() ([]byte, error) { 1522 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressPolicy 1523 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1524 } 1525 1526 // GoogleIdentityAccesscontextmanagerV1EgressSource: The source that 1527 // EgressPolicy authorizes access from inside the ServicePerimeter to somewhere 1528 // outside the ServicePerimeter boundaries. 1529 type GoogleIdentityAccesscontextmanagerV1EgressSource struct { 1530 // AccessLevel: An AccessLevel resource name that allows protected resources 1531 // inside the ServicePerimeters to access outside the ServicePerimeter 1532 // boundaries. AccessLevels listed must be in the same policy as this 1533 // ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. 1534 // If an AccessLevel name is not specified, only resources within the perimeter 1535 // can be accessed through Google Cloud calls with request origins within the 1536 // perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a 1537 // single `*` is specified for `access_level`, then all EgressSources will be 1538 // allowed. 1539 AccessLevel string `json:"accessLevel,omitempty"` 1540 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 1541 // unconditionally include in API requests. By default, fields with empty or 1542 // default values are omitted from API requests. See 1543 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1544 // details. 1545 ForceSendFields []string `json:"-"` 1546 // NullFields is a list of field names (e.g. "AccessLevel") to include in API 1547 // requests with the JSON null value. By default, fields with empty values are 1548 // omitted from API requests. See 1549 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1550 NullFields []string `json:"-"` 1551 } 1552 1553 func (s *GoogleIdentityAccesscontextmanagerV1EgressSource) MarshalJSON() ([]byte, error) { 1554 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressSource 1555 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1556 } 1557 1558 // GoogleIdentityAccesscontextmanagerV1EgressTo: Defines the conditions under 1559 // which an EgressPolicy matches a request. Conditions are based on information 1560 // about the ApiOperation intended to be performed on the `resources` 1561 // specified. Note that if the destination of the request is also protected by 1562 // a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy 1563 // which allows access in order for this request to succeed. The request must 1564 // match `operations` AND `resources` fields in order to be allowed egress out 1565 // of the perimeter. 1566 type GoogleIdentityAccesscontextmanagerV1EgressTo struct { 1567 // ExternalResources: A list of external resources that are allowed to be 1568 // accessed. Only AWS and Azure resources are supported. For Amazon S3, the 1569 // supported formats are s3://BUCKET_NAME, s3a://BUCKET_NAME, and 1570 // s3n://BUCKET_NAME. For Azure Storage, the supported format is 1571 // azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if 1572 // it contains an external resource in this list (Example: s3://bucket/path). 1573 // Currently '*' is not allowed. 1574 ExternalResources []string `json:"externalResources,omitempty"` 1575 // Operations: A list of ApiOperations allowed to be performed by the sources 1576 // specified in the corresponding EgressFrom. A request matches if it uses an 1577 // operation/service in this list. 1578 Operations []*GoogleIdentityAccesscontextmanagerV1ApiOperation `json:"operations,omitempty"` 1579 // Resources: A list of resources, currently only projects in the form 1580 // `projects/`, that are allowed to be accessed by sources defined in the 1581 // corresponding EgressFrom. A request matches if it contains a resource in 1582 // this list. If `*` is specified for `resources`, then this EgressTo rule will 1583 // authorize access to all resources outside the perimeter. 1584 Resources []string `json:"resources,omitempty"` 1585 // ForceSendFields is a list of field names (e.g. "ExternalResources") to 1586 // unconditionally include in API requests. By default, fields with empty or 1587 // default values are omitted from API requests. See 1588 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1589 // details. 1590 ForceSendFields []string `json:"-"` 1591 // NullFields is a list of field names (e.g. "ExternalResources") to include in 1592 // API requests with the JSON null value. By default, fields with empty values 1593 // are omitted from API requests. See 1594 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1595 NullFields []string `json:"-"` 1596 } 1597 1598 func (s *GoogleIdentityAccesscontextmanagerV1EgressTo) MarshalJSON() ([]byte, error) { 1599 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressTo 1600 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1601 } 1602 1603 // GoogleIdentityAccesscontextmanagerV1IngressFrom: Defines the conditions 1604 // under which an IngressPolicy matches a request. Conditions are based on 1605 // information about the source of the request. The request must satisfy what 1606 // is defined in `sources` AND identity related fields in order to match. 1607 type GoogleIdentityAccesscontextmanagerV1IngressFrom struct { 1608 // Identities: A list of identities that are allowed access through 1609 // [IngressPolicy]. Identities can be an individual user, service account, 1610 // Google group, or third-party identity. The `v1` identities that have the 1611 // prefix `user`, `group`, `serviceAccount`, `principal`, and `principalSet` in 1612 // https://cloud.google.com/iam/docs/principal-identifiers#v1 are supported. 1613 Identities []string `json:"identities,omitempty"` 1614 // IdentityType: Specifies the type of identities that are allowed access from 1615 // outside the perimeter. If left unspecified, then members of `identities` 1616 // field will be allowed access. 1617 // 1618 // Possible values: 1619 // "IDENTITY_TYPE_UNSPECIFIED" - No blanket identity group specified. 1620 // "ANY_IDENTITY" - Authorize access from all identities outside the 1621 // perimeter. 1622 // "ANY_USER_ACCOUNT" - Authorize access from all human users outside the 1623 // perimeter. 1624 // "ANY_SERVICE_ACCOUNT" - Authorize access from all service accounts outside 1625 // the perimeter. 1626 IdentityType string `json:"identityType,omitempty"` 1627 // Sources: Sources that this IngressPolicy authorizes access from. 1628 Sources []*GoogleIdentityAccesscontextmanagerV1IngressSource `json:"sources,omitempty"` 1629 // ForceSendFields is a list of field names (e.g. "Identities") to 1630 // unconditionally include in API requests. By default, fields with empty or 1631 // default values are omitted from API requests. See 1632 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1633 // details. 1634 ForceSendFields []string `json:"-"` 1635 // NullFields is a list of field names (e.g. "Identities") to include in API 1636 // requests with the JSON null value. By default, fields with empty values are 1637 // omitted from API requests. See 1638 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1639 NullFields []string `json:"-"` 1640 } 1641 1642 func (s *GoogleIdentityAccesscontextmanagerV1IngressFrom) MarshalJSON() ([]byte, error) { 1643 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressFrom 1644 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1645 } 1646 1647 // GoogleIdentityAccesscontextmanagerV1IngressPolicy: Policy for ingress into 1648 // ServicePerimeter. IngressPolicies match requests based on `ingress_from` and 1649 // `ingress_to` stanzas. For an ingress policy to match, both the 1650 // `ingress_from` and `ingress_to` stanzas must be matched. If an IngressPolicy 1651 // matches a request, the request is allowed through the perimeter boundary 1652 // from outside the perimeter. For example, access from the internet can be 1653 // allowed either based on an AccessLevel or, for traffic hosted on Google 1654 // Cloud, the project of the source network. For access from private networks, 1655 // using the project of the hosting network is required. Individual ingress 1656 // policies can be limited by restricting which services and/or actions they 1657 // match using the `ingress_to` field. 1658 type GoogleIdentityAccesscontextmanagerV1IngressPolicy struct { 1659 // IngressFrom: Defines the conditions on the source of a request causing this 1660 // IngressPolicy to apply. 1661 IngressFrom *GoogleIdentityAccesscontextmanagerV1IngressFrom `json:"ingressFrom,omitempty"` 1662 // IngressTo: Defines the conditions on the ApiOperation and request 1663 // destination that cause this IngressPolicy to apply. 1664 IngressTo *GoogleIdentityAccesscontextmanagerV1IngressTo `json:"ingressTo,omitempty"` 1665 // ForceSendFields is a list of field names (e.g. "IngressFrom") to 1666 // unconditionally include in API requests. By default, fields with empty or 1667 // default values are omitted from API requests. See 1668 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1669 // details. 1670 ForceSendFields []string `json:"-"` 1671 // NullFields is a list of field names (e.g. "IngressFrom") to include in API 1672 // requests with the JSON null value. By default, fields with empty values are 1673 // omitted from API requests. See 1674 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1675 NullFields []string `json:"-"` 1676 } 1677 1678 func (s *GoogleIdentityAccesscontextmanagerV1IngressPolicy) MarshalJSON() ([]byte, error) { 1679 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressPolicy 1680 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1681 } 1682 1683 // GoogleIdentityAccesscontextmanagerV1IngressSource: The source that 1684 // IngressPolicy authorizes access from. 1685 type GoogleIdentityAccesscontextmanagerV1IngressSource struct { 1686 // AccessLevel: An AccessLevel resource name that allow resources within the 1687 // ServicePerimeters to be accessed from the internet. AccessLevels listed must 1688 // be in the same policy as this ServicePerimeter. Referencing a nonexistent 1689 // AccessLevel will cause an error. If no AccessLevel names are listed, 1690 // resources within the perimeter can only be accessed via Google Cloud calls 1691 // with request origins within the perimeter. Example: 1692 // `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is 1693 // specified for `access_level`, then all IngressSources will be allowed. 1694 AccessLevel string `json:"accessLevel,omitempty"` 1695 // Resource: A Google Cloud resource that is allowed to ingress the perimeter. 1696 // Requests from these resources will be allowed to access perimeter data. 1697 // Currently only projects and VPCs are allowed. Project format: 1698 // `projects/{project_number}` VPC network format: 1699 // `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`. The 1700 // project may be in any Google Cloud organization, not just the organization 1701 // that the perimeter is defined in. `*` is not allowed, the case of allowing 1702 // all Google Cloud resources only is not supported. 1703 Resource string `json:"resource,omitempty"` 1704 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 1705 // unconditionally include in API requests. By default, fields with empty or 1706 // default values are omitted from API requests. See 1707 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1708 // details. 1709 ForceSendFields []string `json:"-"` 1710 // NullFields is a list of field names (e.g. "AccessLevel") to include in API 1711 // requests with the JSON null value. By default, fields with empty values are 1712 // omitted from API requests. See 1713 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1714 NullFields []string `json:"-"` 1715 } 1716 1717 func (s *GoogleIdentityAccesscontextmanagerV1IngressSource) MarshalJSON() ([]byte, error) { 1718 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressSource 1719 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1720 } 1721 1722 // GoogleIdentityAccesscontextmanagerV1IngressTo: Defines the conditions under 1723 // which an IngressPolicy matches a request. Conditions are based on 1724 // information about the ApiOperation intended to be performed on the target 1725 // resource of the request. The request must satisfy what is defined in 1726 // `operations` AND `resources` in order to match. 1727 type GoogleIdentityAccesscontextmanagerV1IngressTo struct { 1728 // Operations: A list of ApiOperations allowed to be performed by the sources 1729 // specified in corresponding IngressFrom in this ServicePerimeter. 1730 Operations []*GoogleIdentityAccesscontextmanagerV1ApiOperation `json:"operations,omitempty"` 1731 // Resources: A list of resources, currently only projects in the form 1732 // `projects/`, protected by this ServicePerimeter that are allowed to be 1733 // accessed by sources defined in the corresponding IngressFrom. If a single 1734 // `*` is specified, then access to all resources inside the perimeter are 1735 // allowed. 1736 Resources []string `json:"resources,omitempty"` 1737 // ForceSendFields is a list of field names (e.g. "Operations") to 1738 // unconditionally include in API requests. By default, fields with empty or 1739 // default values are omitted from API requests. See 1740 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1741 // details. 1742 ForceSendFields []string `json:"-"` 1743 // NullFields is a list of field names (e.g. "Operations") to include in API 1744 // requests with the JSON null value. By default, fields with empty values are 1745 // omitted from API requests. See 1746 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1747 NullFields []string `json:"-"` 1748 } 1749 1750 func (s *GoogleIdentityAccesscontextmanagerV1IngressTo) MarshalJSON() ([]byte, error) { 1751 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressTo 1752 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1753 } 1754 1755 // GoogleIdentityAccesscontextmanagerV1MethodSelector: An allowed method or 1756 // permission of a service specified in ApiOperation. 1757 type GoogleIdentityAccesscontextmanagerV1MethodSelector struct { 1758 // Method: A valid method name for the corresponding `service_name` in 1759 // ApiOperation. If `*` is used as the value for the `method`, then ALL methods 1760 // and permissions are allowed. 1761 Method string `json:"method,omitempty"` 1762 // Permission: A valid Cloud IAM permission for the corresponding 1763 // `service_name` in ApiOperation. 1764 Permission string `json:"permission,omitempty"` 1765 // ForceSendFields is a list of field names (e.g. "Method") to unconditionally 1766 // include in API requests. By default, fields with empty or default values are 1767 // omitted from API requests. See 1768 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1769 // details. 1770 ForceSendFields []string `json:"-"` 1771 // NullFields is a list of field names (e.g. "Method") to include in API 1772 // requests with the JSON null value. By default, fields with empty values are 1773 // omitted from API requests. See 1774 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1775 NullFields []string `json:"-"` 1776 } 1777 1778 func (s *GoogleIdentityAccesscontextmanagerV1MethodSelector) MarshalJSON() ([]byte, error) { 1779 type NoMethod GoogleIdentityAccesscontextmanagerV1MethodSelector 1780 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1781 } 1782 1783 // GoogleIdentityAccesscontextmanagerV1OsConstraint: A restriction on the OS 1784 // type and version of devices making requests. 1785 type GoogleIdentityAccesscontextmanagerV1OsConstraint struct { 1786 // MinimumVersion: The minimum allowed OS version. If not set, any version of 1787 // this OS satisfies the constraint. Format: "major.minor.patch". Examples: 1788 // "10.5.301", "9.2.1". 1789 MinimumVersion string `json:"minimumVersion,omitempty"` 1790 // OsType: Required. The allowed OS type. 1791 // 1792 // Possible values: 1793 // "OS_UNSPECIFIED" - The operating system of the device is not specified or 1794 // not known. 1795 // "DESKTOP_MAC" - A desktop Mac operating system. 1796 // "DESKTOP_WINDOWS" - A desktop Windows operating system. 1797 // "DESKTOP_LINUX" - A desktop Linux operating system. 1798 // "DESKTOP_CHROME_OS" - A desktop ChromeOS operating system. 1799 // "ANDROID" - An Android operating system. 1800 // "IOS" - An iOS operating system. 1801 OsType string `json:"osType,omitempty"` 1802 // RequireVerifiedChromeOs: Only allows requests from devices with a verified 1803 // Chrome OS. Verifications includes requirements that the device is 1804 // enterprise-managed, conformant to domain policies, and the caller has 1805 // permission to call the API targeted by the request. 1806 RequireVerifiedChromeOs bool `json:"requireVerifiedChromeOs,omitempty"` 1807 // ForceSendFields is a list of field names (e.g. "MinimumVersion") to 1808 // unconditionally include in API requests. By default, fields with empty or 1809 // default values are omitted from API requests. See 1810 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1811 // details. 1812 ForceSendFields []string `json:"-"` 1813 // NullFields is a list of field names (e.g. "MinimumVersion") to include in 1814 // API requests with the JSON null value. By default, fields with empty values 1815 // are omitted from API requests. See 1816 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1817 NullFields []string `json:"-"` 1818 } 1819 1820 func (s *GoogleIdentityAccesscontextmanagerV1OsConstraint) MarshalJSON() ([]byte, error) { 1821 type NoMethod GoogleIdentityAccesscontextmanagerV1OsConstraint 1822 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1823 } 1824 1825 // GoogleIdentityAccesscontextmanagerV1ServicePerimeter: `ServicePerimeter` 1826 // describes a set of Google Cloud resources which can freely import and export 1827 // data amongst themselves, but not export outside of the `ServicePerimeter`. 1828 // If a request with a source within this `ServicePerimeter` has a target 1829 // outside of the `ServicePerimeter`, the request will be blocked. Otherwise 1830 // the request is allowed. There are two types of Service Perimeter - Regular 1831 // and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud 1832 // project or VPC network can only belong to a single regular Service 1833 // Perimeter. Service Perimeter Bridges can contain only Google Cloud projects 1834 // as members, a single Google Cloud project may belong to multiple Service 1835 // Perimeter Bridges. 1836 type GoogleIdentityAccesscontextmanagerV1ServicePerimeter struct { 1837 // Description: Description of the `ServicePerimeter` and its use. Does not 1838 // affect behavior. 1839 Description string `json:"description,omitempty"` 1840 // Name: Resource name for the `ServicePerimeter`. Format: 1841 // `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The 1842 // `service_perimeter` component must begin with a letter, followed by 1843 // alphanumeric characters or `_`. After you create a `ServicePerimeter`, you 1844 // cannot change its `name`. 1845 Name string `json:"name,omitempty"` 1846 // PerimeterType: Perimeter type indicator. A single project or VPC network is 1847 // allowed to be a member of single regular perimeter, but multiple service 1848 // perimeter bridges. A project cannot be a included in a perimeter bridge 1849 // without being included in regular perimeter. For perimeter bridges, the 1850 // restricted service list as well as access level lists must be empty. 1851 // 1852 // Possible values: 1853 // "PERIMETER_TYPE_REGULAR" - Regular Perimeter. When no value is specified, 1854 // the perimeter uses this type. 1855 // "PERIMETER_TYPE_BRIDGE" - Perimeter Bridge. 1856 PerimeterType string `json:"perimeterType,omitempty"` 1857 // Spec: Proposed (or dry run) ServicePerimeter configuration. This 1858 // configuration allows to specify and test ServicePerimeter configuration 1859 // without enforcing actual access restrictions. Only allowed to be set when 1860 // the "use_explicit_dry_run_spec" flag is set. 1861 Spec *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig `json:"spec,omitempty"` 1862 // Status: Current ServicePerimeter configuration. Specifies sets of resources, 1863 // restricted services and access levels that determine perimeter content and 1864 // boundaries. 1865 Status *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig `json:"status,omitempty"` 1866 // Title: Human readable title. Must be unique within the Policy. 1867 Title string `json:"title,omitempty"` 1868 // UseExplicitDryRunSpec: Use explicit dry run spec flag. Ordinarily, a dry-run 1869 // spec implicitly exists for all Service Perimeters, and that spec is 1870 // identical to the status for those Service Perimeters. When this flag is set, 1871 // it inhibits the generation of the implicit spec, thereby allowing the user 1872 // to explicitly provide a configuration ("spec") to use in a dry-run version 1873 // of the Service Perimeter. This allows the user to test changes to the 1874 // enforced config ("status") without actually enforcing them. This testing is 1875 // done through analyzing the differences between currently enforced and 1876 // suggested restrictions. use_explicit_dry_run_spec must bet set to True if 1877 // any of the fields in the spec are set to non-default values. 1878 UseExplicitDryRunSpec bool `json:"useExplicitDryRunSpec,omitempty"` 1879 // ForceSendFields is a list of field names (e.g. "Description") to 1880 // unconditionally include in API requests. By default, fields with empty or 1881 // default values are omitted from API requests. See 1882 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1883 // details. 1884 ForceSendFields []string `json:"-"` 1885 // NullFields is a list of field names (e.g. "Description") to include in API 1886 // requests with the JSON null value. By default, fields with empty values are 1887 // omitted from API requests. See 1888 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1889 NullFields []string `json:"-"` 1890 } 1891 1892 func (s *GoogleIdentityAccesscontextmanagerV1ServicePerimeter) MarshalJSON() ([]byte, error) { 1893 type NoMethod GoogleIdentityAccesscontextmanagerV1ServicePerimeter 1894 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1895 } 1896 1897 // GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig: 1898 // `ServicePerimeterConfig` specifies a set of Google Cloud resources that 1899 // describe specific Service Perimeter configuration. 1900 type GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig struct { 1901 // AccessLevels: A list of `AccessLevel` resource names that allow resources 1902 // within the `ServicePerimeter` to be accessed from the internet. 1903 // `AccessLevels` listed must be in the same policy as this `ServicePerimeter`. 1904 // Referencing a nonexistent `AccessLevel` is a syntax error. If no 1905 // `AccessLevel` names are listed, resources within the perimeter can only be 1906 // accessed via Google Cloud calls with request origins within the perimeter. 1907 // Example: "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL". For Service 1908 // Perimeter Bridge, must be empty. 1909 AccessLevels []string `json:"accessLevels,omitempty"` 1910 // EgressPolicies: List of EgressPolicies to apply to the perimeter. A 1911 // perimeter may have multiple EgressPolicies, each of which is evaluated 1912 // separately. Access is granted if any EgressPolicy grants it. Must be empty 1913 // for a perimeter bridge. 1914 EgressPolicies []*GoogleIdentityAccesscontextmanagerV1EgressPolicy `json:"egressPolicies,omitempty"` 1915 // IngressPolicies: List of IngressPolicies to apply to the perimeter. A 1916 // perimeter may have multiple IngressPolicies, each of which is evaluated 1917 // separately. Access is granted if any Ingress Policy grants it. Must be empty 1918 // for a perimeter bridge. 1919 IngressPolicies []*GoogleIdentityAccesscontextmanagerV1IngressPolicy `json:"ingressPolicies,omitempty"` 1920 // Resources: A list of Google Cloud resources that are inside of the service 1921 // perimeter. Currently only projects and VPCs are allowed. Project format: 1922 // `projects/{project_number}` VPC network format: 1923 // `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`. 1924 Resources []string `json:"resources,omitempty"` 1925 // RestrictedServices: Google Cloud services that are subject to the Service 1926 // Perimeter restrictions. For example, if `storage.googleapis.com` is 1927 // specified, access to the storage buckets inside the perimeter must meet the 1928 // perimeter's access restrictions. 1929 RestrictedServices []string `json:"restrictedServices,omitempty"` 1930 // VpcAccessibleServices: Configuration for APIs allowed within Perimeter. 1931 VpcAccessibleServices *GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices `json:"vpcAccessibleServices,omitempty"` 1932 // ForceSendFields is a list of field names (e.g. "AccessLevels") to 1933 // unconditionally include in API requests. By default, fields with empty or 1934 // default values are omitted from API requests. See 1935 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1936 // details. 1937 ForceSendFields []string `json:"-"` 1938 // NullFields is a list of field names (e.g. "AccessLevels") to include in API 1939 // requests with the JSON null value. By default, fields with empty values are 1940 // omitted from API requests. See 1941 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1942 NullFields []string `json:"-"` 1943 } 1944 1945 func (s *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig) MarshalJSON() ([]byte, error) { 1946 type NoMethod GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig 1947 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1948 } 1949 1950 // GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices: Specifies how 1951 // APIs are allowed to communicate within the Service Perimeter. 1952 type GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices struct { 1953 // AllowedServices: The list of APIs usable within the Service Perimeter. Must 1954 // be empty unless 'enable_restriction' is True. You can specify a list of 1955 // individual services, as well as include the 'RESTRICTED-SERVICES' value, 1956 // which automatically includes all of the services protected by the perimeter. 1957 AllowedServices []string `json:"allowedServices,omitempty"` 1958 // EnableRestriction: Whether to restrict API calls within the Service 1959 // Perimeter to the list of APIs specified in 'allowed_services'. 1960 EnableRestriction bool `json:"enableRestriction,omitempty"` 1961 // ForceSendFields is a list of field names (e.g. "AllowedServices") to 1962 // unconditionally include in API requests. By default, fields with empty or 1963 // default values are omitted from API requests. See 1964 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1965 // details. 1966 ForceSendFields []string `json:"-"` 1967 // NullFields is a list of field names (e.g. "AllowedServices") to include in 1968 // API requests with the JSON null value. By default, fields with empty values 1969 // are omitted from API requests. See 1970 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1971 NullFields []string `json:"-"` 1972 } 1973 1974 func (s *GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices) MarshalJSON() ([]byte, error) { 1975 type NoMethod GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices 1976 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 1977 } 1978 1979 // GoogleIdentityAccesscontextmanagerV1VpcNetworkSource: The originating 1980 // network source in Google Cloud. 1981 type GoogleIdentityAccesscontextmanagerV1VpcNetworkSource struct { 1982 // VpcSubnetwork: Sub-segment ranges of a VPC network. 1983 VpcSubnetwork *GoogleIdentityAccesscontextmanagerV1VpcSubNetwork `json:"vpcSubnetwork,omitempty"` 1984 // ForceSendFields is a list of field names (e.g. "VpcSubnetwork") to 1985 // unconditionally include in API requests. By default, fields with empty or 1986 // default values are omitted from API requests. See 1987 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 1988 // details. 1989 ForceSendFields []string `json:"-"` 1990 // NullFields is a list of field names (e.g. "VpcSubnetwork") to include in API 1991 // requests with the JSON null value. By default, fields with empty values are 1992 // omitted from API requests. See 1993 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 1994 NullFields []string `json:"-"` 1995 } 1996 1997 func (s *GoogleIdentityAccesscontextmanagerV1VpcNetworkSource) MarshalJSON() ([]byte, error) { 1998 type NoMethod GoogleIdentityAccesscontextmanagerV1VpcNetworkSource 1999 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 2000 } 2001 2002 // GoogleIdentityAccesscontextmanagerV1VpcSubNetwork: Sub-segment ranges inside 2003 // of a VPC Network. 2004 type GoogleIdentityAccesscontextmanagerV1VpcSubNetwork struct { 2005 // Network: Required. Network name. If the network is not part of the 2006 // organization, the `compute.network.get` permission must be granted to the 2007 // caller. Format: 2008 // `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NETWORK_NAME 2009 // }` Example: 2010 // `//compute.googleapis.com/projects/my-project/global/networks/network-1` 2011 Network string `json:"network,omitempty"` 2012 // VpcIpSubnetworks: CIDR block IP subnetwork specification. The IP address 2013 // must be an IPv4 address and can be a public or private IP address. Note that 2014 // for a CIDR IP address block, the specified IP address portion must be 2015 // properly truncated (i.e. all the host bits must be zero) or the input is 2016 // considered malformed. For example, "192.0.2.0/24" is accepted but 2017 // "192.0.2.1/24" is not. If empty, all IP addresses are allowed. 2018 VpcIpSubnetworks []string `json:"vpcIpSubnetworks,omitempty"` 2019 // ForceSendFields is a list of field names (e.g. "Network") to unconditionally 2020 // include in API requests. By default, fields with empty or default values are 2021 // omitted from API requests. See 2022 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 2023 // details. 2024 ForceSendFields []string `json:"-"` 2025 // NullFields is a list of field names (e.g. "Network") to include in API 2026 // requests with the JSON null value. By default, fields with empty values are 2027 // omitted from API requests. See 2028 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 2029 NullFields []string `json:"-"` 2030 } 2031 2032 func (s *GoogleIdentityAccesscontextmanagerV1VpcSubNetwork) MarshalJSON() ([]byte, error) { 2033 type NoMethod GoogleIdentityAccesscontextmanagerV1VpcSubNetwork 2034 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 2035 } 2036 2037 // Operation: This resource represents a long-running operation that is the 2038 // result of a network API call. 2039 type Operation struct { 2040 // Done: If the value is `false`, it means the operation is still in progress. 2041 // If `true`, the operation is completed, and either `error` or `response` is 2042 // available. 2043 Done bool `json:"done,omitempty"` 2044 // Error: The error result of the operation in case of failure or cancellation. 2045 Error *Status `json:"error,omitempty"` 2046 // Metadata: Service-specific metadata associated with the operation. It 2047 // typically contains progress information and common metadata such as create 2048 // time. Some services might not provide such metadata. Any method that returns 2049 // a long-running operation should document the metadata type, if any. 2050 Metadata googleapi.RawMessage `json:"metadata,omitempty"` 2051 // Name: The server-assigned name, which is only unique within the same service 2052 // that originally returns it. If you use the default HTTP mapping, the `name` 2053 // should be a resource name ending with `operations/{unique_id}`. 2054 Name string `json:"name,omitempty"` 2055 // Response: The normal, successful response of the operation. If the original 2056 // method returns no data on success, such as `Delete`, the response is 2057 // `google.protobuf.Empty`. If the original method is standard 2058 // `Get`/`Create`/`Update`, the response should be the resource. For other 2059 // methods, the response should have the type `XxxResponse`, where `Xxx` is the 2060 // original method name. For example, if the original method name is 2061 // `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. 2062 Response googleapi.RawMessage `json:"response,omitempty"` 2063 2064 // ServerResponse contains the HTTP response code and headers from the server. 2065 googleapi.ServerResponse `json:"-"` 2066 // ForceSendFields is a list of field names (e.g. "Done") to unconditionally 2067 // include in API requests. By default, fields with empty or default values are 2068 // omitted from API requests. See 2069 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 2070 // details. 2071 ForceSendFields []string `json:"-"` 2072 // NullFields is a list of field names (e.g. "Done") to include in API requests 2073 // with the JSON null value. By default, fields with empty values are omitted 2074 // from API requests. See 2075 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 2076 NullFields []string `json:"-"` 2077 } 2078 2079 func (s *Operation) MarshalJSON() ([]byte, error) { 2080 type NoMethod Operation 2081 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 2082 } 2083 2084 // Policy: An Identity and Access Management (IAM) policy, which specifies 2085 // access controls for Google Cloud resources. A `Policy` is a collection of 2086 // `bindings`. A `binding` binds one or more `members`, or principals, to a 2087 // single `role`. Principals can be user accounts, service accounts, Google 2088 // groups, and domains (such as G Suite). A `role` is a named list of 2089 // permissions; each `role` can be an IAM predefined role or a user-created 2090 // custom role. For some types of Google Cloud resources, a `binding` can also 2091 // specify a `condition`, which is a logical expression that allows access to a 2092 // resource only if the expression evaluates to `true`. A condition can add 2093 // constraints based on attributes of the request, the resource, or both. To 2094 // learn which resources support conditions in their IAM policies, see the IAM 2095 // documentation 2096 // (https://cloud.google.com/iam/help/conditions/resource-policies). **JSON 2097 // example:** ``` { "bindings": [ { "role": 2098 // "roles/resourcemanager.organizationAdmin", "members": [ 2099 // "user:mike@example.com", "group:admins@example.com", "domain:google.com", 2100 // "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": 2101 // "roles/resourcemanager.organizationViewer", "members": [ 2102 // "user:eve@example.com" ], "condition": { "title": "expirable access", 2103 // "description": "Does not grant access after Sep 2020", "expression": 2104 // "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": 2105 // "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - 2106 // members: - user:mike@example.com - group:admins@example.com - 2107 // domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com 2108 // role: roles/resourcemanager.organizationAdmin - members: - 2109 // user:eve@example.com role: roles/resourcemanager.organizationViewer 2110 // condition: title: expirable access description: Does not grant access after 2111 // Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') 2112 // etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, 2113 // see the IAM documentation (https://cloud.google.com/iam/docs/). 2114 type Policy struct { 2115 // AuditConfigs: Specifies cloud audit logging configuration for this policy. 2116 AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"` 2117 // Bindings: Associates a list of `members`, or principals, with a `role`. 2118 // Optionally, may specify a `condition` that determines how and when the 2119 // `bindings` are applied. Each of the `bindings` must contain at least one 2120 // principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; 2121 // up to 250 of these principals can be Google groups. Each occurrence of a 2122 // principal counts towards these limits. For example, if the `bindings` grant 2123 // 50 different roles to `user:alice@example.com`, and not to any other 2124 // principal, then you can add another 1,450 principals to the `bindings` in 2125 // the `Policy`. 2126 Bindings []*Binding `json:"bindings,omitempty"` 2127 // Etag: `etag` is used for optimistic concurrency control as a way to help 2128 // prevent simultaneous updates of a policy from overwriting each other. It is 2129 // strongly suggested that systems make use of the `etag` in the 2130 // read-modify-write cycle to perform policy updates in order to avoid race 2131 // conditions: An `etag` is returned in the response to `getIamPolicy`, and 2132 // systems are expected to put that etag in the request to `setIamPolicy` to 2133 // ensure that their change will be applied to the same version of the policy. 2134 // **Important:** If you use IAM Conditions, you must include the `etag` field 2135 // whenever you call `setIamPolicy`. If you omit this field, then IAM allows 2136 // you to overwrite a version `3` policy with a version `1` policy, and all of 2137 // the conditions in the version `3` policy are lost. 2138 Etag string `json:"etag,omitempty"` 2139 // Version: Specifies the format of the policy. Valid values are `0`, `1`, and 2140 // `3`. Requests that specify an invalid value are rejected. Any operation that 2141 // affects conditional role bindings must specify version `3`. This requirement 2142 // applies to the following operations: * Getting a policy that includes a 2143 // conditional role binding * Adding a conditional role binding to a policy * 2144 // Changing a conditional role binding in a policy * Removing any role binding, 2145 // with or without a condition, from a policy that includes conditions 2146 // **Important:** If you use IAM Conditions, you must include the `etag` field 2147 // whenever you call `setIamPolicy`. If you omit this field, then IAM allows 2148 // you to overwrite a version `3` policy with a version `1` policy, and all of 2149 // the conditions in the version `3` policy are lost. If a policy does not 2150 // include any conditions, operations on that policy may specify any valid 2151 // version or leave the field unset. To learn which resources support 2152 // conditions in their IAM policies, see the IAM documentation 2153 // (https://cloud.google.com/iam/help/conditions/resource-policies). 2154 Version int64 `json:"version,omitempty"` 2155 // ForceSendFields is a list of field names (e.g. "AuditConfigs") to 2156 // unconditionally include in API requests. By default, fields with empty or 2157 // default values are omitted from API requests. See 2158 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 2159 // details. 2160 ForceSendFields []string `json:"-"` 2161 // NullFields is a list of field names (e.g. "AuditConfigs") to include in API 2162 // requests with the JSON null value. By default, fields with empty values are 2163 // omitted from API requests. See 2164 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 2165 NullFields []string `json:"-"` 2166 } 2167 2168 func (s *Policy) MarshalJSON() ([]byte, error) { 2169 type NoMethod Policy 2170 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 2171 } 2172 2173 // Status: The `Status` type defines a logical error model that is suitable for 2174 // different programming environments, including REST APIs and RPC APIs. It is 2175 // used by gRPC (https://github.com/grpc). Each `Status` message contains three 2176 // pieces of data: error code, error message, and error details. You can find 2177 // out more about this error model and how to work with it in the API Design 2178 // Guide (https://cloud.google.com/apis/design/errors). 2179 type Status struct { 2180 // Code: The status code, which should be an enum value of google.rpc.Code. 2181 Code int64 `json:"code,omitempty"` 2182 // Details: A list of messages that carry the error details. There is a common 2183 // set of message types for APIs to use. 2184 Details []googleapi.RawMessage `json:"details,omitempty"` 2185 // Message: A developer-facing error message, which should be in English. Any 2186 // user-facing error message should be localized and sent in the 2187 // google.rpc.Status.details field, or localized by the client. 2188 Message string `json:"message,omitempty"` 2189 // ForceSendFields is a list of field names (e.g. "Code") to unconditionally 2190 // include in API requests. By default, fields with empty or default values are 2191 // omitted from API requests. See 2192 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 2193 // details. 2194 ForceSendFields []string `json:"-"` 2195 // NullFields is a list of field names (e.g. "Code") to include in API requests 2196 // with the JSON null value. By default, fields with empty values are omitted 2197 // from API requests. See 2198 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 2199 NullFields []string `json:"-"` 2200 } 2201 2202 func (s *Status) MarshalJSON() ([]byte, error) { 2203 type NoMethod Status 2204 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 2205 } 2206 2207 type OperationsGetCall struct { 2208 s *Service 2209 name string 2210 urlParams_ gensupport.URLParams 2211 ifNoneMatch_ string 2212 ctx_ context.Context 2213 header_ http.Header 2214 } 2215 2216 // Get: Gets the latest state of a long-running operation. Clients can use this 2217 // method to poll the operation result at intervals as recommended by the API 2218 // service. 2219 // 2220 // - name: The name of the operation resource. 2221 func (r *OperationsService) Get(name string) *OperationsGetCall { 2222 c := &OperationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2223 c.name = name 2224 return c 2225 } 2226 2227 // Fields allows partial responses to be retrieved. See 2228 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 2229 // details. 2230 func (c *OperationsGetCall) Fields(s ...googleapi.Field) *OperationsGetCall { 2231 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2232 return c 2233 } 2234 2235 // IfNoneMatch sets an optional parameter which makes the operation fail if the 2236 // object's ETag matches the given value. This is useful for getting updates 2237 // only after the object has changed since the last request. 2238 func (c *OperationsGetCall) IfNoneMatch(entityTag string) *OperationsGetCall { 2239 c.ifNoneMatch_ = entityTag 2240 return c 2241 } 2242 2243 // Context sets the context to be used in this call's Do method. 2244 func (c *OperationsGetCall) Context(ctx context.Context) *OperationsGetCall { 2245 c.ctx_ = ctx 2246 return c 2247 } 2248 2249 // Header returns a http.Header that can be modified by the caller to add 2250 // headers to the request. 2251 func (c *OperationsGetCall) Header() http.Header { 2252 if c.header_ == nil { 2253 c.header_ = make(http.Header) 2254 } 2255 return c.header_ 2256 } 2257 2258 func (c *OperationsGetCall) doRequest(alt string) (*http.Response, error) { 2259 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 2260 if c.ifNoneMatch_ != "" { 2261 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2262 } 2263 var body io.Reader = nil 2264 c.urlParams_.Set("alt", alt) 2265 c.urlParams_.Set("prettyPrint", "false") 2266 urls := googleapi.ResolveRelative(c.s.BasePath, "v1p7beta1/{+name}") 2267 urls += "?" + c.urlParams_.Encode() 2268 req, err := http.NewRequest("GET", urls, body) 2269 if err != nil { 2270 return nil, err 2271 } 2272 req.Header = reqHeaders 2273 googleapi.Expand(req.URL, map[string]string{ 2274 "name": c.name, 2275 }) 2276 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2277 } 2278 2279 // Do executes the "cloudasset.operations.get" call. 2280 // Any non-2xx status code is an error. Response headers are in either 2281 // *Operation.ServerResponse.Header or (if a response was returned at all) in 2282 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 2283 // whether the returned error was because http.StatusNotModified was returned. 2284 func (c *OperationsGetCall) Do(opts ...googleapi.CallOption) (*Operation, error) { 2285 gensupport.SetOptions(c.urlParams_, opts...) 2286 res, err := c.doRequest("json") 2287 if res != nil && res.StatusCode == http.StatusNotModified { 2288 if res.Body != nil { 2289 res.Body.Close() 2290 } 2291 return nil, gensupport.WrapError(&googleapi.Error{ 2292 Code: res.StatusCode, 2293 Header: res.Header, 2294 }) 2295 } 2296 if err != nil { 2297 return nil, err 2298 } 2299 defer googleapi.CloseBody(res) 2300 if err := googleapi.CheckResponse(res); err != nil { 2301 return nil, gensupport.WrapError(err) 2302 } 2303 ret := &Operation{ 2304 ServerResponse: googleapi.ServerResponse{ 2305 Header: res.Header, 2306 HTTPStatusCode: res.StatusCode, 2307 }, 2308 } 2309 target := &ret 2310 if err := gensupport.DecodeResponse(target, res); err != nil { 2311 return nil, err 2312 } 2313 return ret, nil 2314 } 2315 2316 type V1p7beta1ExportAssetsCall struct { 2317 s *Service 2318 parent string 2319 googlecloudassetv1p7beta1exportassetsrequest *GoogleCloudAssetV1p7beta1ExportAssetsRequest 2320 urlParams_ gensupport.URLParams 2321 ctx_ context.Context 2322 header_ http.Header 2323 } 2324 2325 // ExportAssets: Exports assets with time and resource types to a given Cloud 2326 // Storage location/BigQuery table. For Cloud Storage location destinations, 2327 // the output format is newline-delimited JSON. Each line represents a 2328 // google.cloud.asset.v1p7beta1.Asset in the JSON format; for BigQuery table 2329 // destinations, the output table stores the fields in asset proto as columns. 2330 // This API implements the google.longrunning.Operation API , which allows you 2331 // to keep track of the export. We recommend intervals of at least 2 seconds 2332 // with exponential retry to poll the export operation result. For regular-size 2333 // resource parent, the export operation usually finishes within 5 minutes. 2334 // 2335 // - parent: The relative name of the root asset. This can only be an 2336 // organization number (such as "organizations/123"), a project ID (such as 2337 // "projects/my-project-id"), or a project number (such as "projects/12345"), 2338 // or a folder number (such as "folders/123"). 2339 func (r *V1p7beta1Service) ExportAssets(parent string, googlecloudassetv1p7beta1exportassetsrequest *GoogleCloudAssetV1p7beta1ExportAssetsRequest) *V1p7beta1ExportAssetsCall { 2340 c := &V1p7beta1ExportAssetsCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2341 c.parent = parent 2342 c.googlecloudassetv1p7beta1exportassetsrequest = googlecloudassetv1p7beta1exportassetsrequest 2343 return c 2344 } 2345 2346 // Fields allows partial responses to be retrieved. See 2347 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 2348 // details. 2349 func (c *V1p7beta1ExportAssetsCall) Fields(s ...googleapi.Field) *V1p7beta1ExportAssetsCall { 2350 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2351 return c 2352 } 2353 2354 // Context sets the context to be used in this call's Do method. 2355 func (c *V1p7beta1ExportAssetsCall) Context(ctx context.Context) *V1p7beta1ExportAssetsCall { 2356 c.ctx_ = ctx 2357 return c 2358 } 2359 2360 // Header returns a http.Header that can be modified by the caller to add 2361 // headers to the request. 2362 func (c *V1p7beta1ExportAssetsCall) Header() http.Header { 2363 if c.header_ == nil { 2364 c.header_ = make(http.Header) 2365 } 2366 return c.header_ 2367 } 2368 2369 func (c *V1p7beta1ExportAssetsCall) doRequest(alt string) (*http.Response, error) { 2370 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 2371 var body io.Reader = nil 2372 body, err := googleapi.WithoutDataWrapper.JSONReader(c.googlecloudassetv1p7beta1exportassetsrequest) 2373 if err != nil { 2374 return nil, err 2375 } 2376 c.urlParams_.Set("alt", alt) 2377 c.urlParams_.Set("prettyPrint", "false") 2378 urls := googleapi.ResolveRelative(c.s.BasePath, "v1p7beta1/{+parent}:exportAssets") 2379 urls += "?" + c.urlParams_.Encode() 2380 req, err := http.NewRequest("POST", urls, body) 2381 if err != nil { 2382 return nil, err 2383 } 2384 req.Header = reqHeaders 2385 googleapi.Expand(req.URL, map[string]string{ 2386 "parent": c.parent, 2387 }) 2388 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2389 } 2390 2391 // Do executes the "cloudasset.exportAssets" call. 2392 // Any non-2xx status code is an error. Response headers are in either 2393 // *Operation.ServerResponse.Header or (if a response was returned at all) in 2394 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 2395 // whether the returned error was because http.StatusNotModified was returned. 2396 func (c *V1p7beta1ExportAssetsCall) Do(opts ...googleapi.CallOption) (*Operation, error) { 2397 gensupport.SetOptions(c.urlParams_, opts...) 2398 res, err := c.doRequest("json") 2399 if res != nil && res.StatusCode == http.StatusNotModified { 2400 if res.Body != nil { 2401 res.Body.Close() 2402 } 2403 return nil, gensupport.WrapError(&googleapi.Error{ 2404 Code: res.StatusCode, 2405 Header: res.Header, 2406 }) 2407 } 2408 if err != nil { 2409 return nil, err 2410 } 2411 defer googleapi.CloseBody(res) 2412 if err := googleapi.CheckResponse(res); err != nil { 2413 return nil, gensupport.WrapError(err) 2414 } 2415 ret := &Operation{ 2416 ServerResponse: googleapi.ServerResponse{ 2417 Header: res.Header, 2418 HTTPStatusCode: res.StatusCode, 2419 }, 2420 } 2421 target := &ret 2422 if err := gensupport.DecodeResponse(target, res); err != nil { 2423 return nil, err 2424 } 2425 return ret, nil 2426 } 2427