1 // Copyright 2024 Google LLC. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Code generated file. DO NOT EDIT. 6 7 // Package iam provides access to the Identity and Access Management (IAM) API. 8 // 9 // For product documentation, see: https://cloud.google.com/iam/ 10 // 11 // # Library status 12 // 13 // These client libraries are officially supported by Google. However, this 14 // library is considered complete and is in maintenance mode. This means 15 // that we will address critical bugs and security issues but will not add 16 // any new features. 17 // 18 // When possible, we recommend using our newer 19 // [Cloud Client Libraries for Go](https://pkg.go.dev/cloud.google.com/go) 20 // that are still actively being worked and iterated on. 21 // 22 // # Creating a client 23 // 24 // Usage example: 25 // 26 // import "google.golang.org/api/iam/v2" 27 // ... 28 // ctx := context.Background() 29 // iamService, err := iam.NewService(ctx) 30 // 31 // In this example, Google Application Default Credentials are used for 32 // authentication. For information on how to create and obtain Application 33 // Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. 34 // 35 // # Other authentication options 36 // 37 // To use an API key for authentication (note: some APIs do not support API 38 // keys), use [google.golang.org/api/option.WithAPIKey]: 39 // 40 // iamService, err := iam.NewService(ctx, option.WithAPIKey("AIza...")) 41 // 42 // To use an OAuth token (e.g., a user token obtained via a three-legged OAuth 43 // flow, use [google.golang.org/api/option.WithTokenSource]: 44 // 45 // config := &oauth2.Config{...} 46 // // ... 47 // token, err := config.Exchange(ctx, ...) 48 // iamService, err := iam.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) 49 // 50 // See [google.golang.org/api/option.ClientOption] for details on options. 51 package iam // import "google.golang.org/api/iam/v2" 52 53 import ( 54 "bytes" 55 "context" 56 "encoding/json" 57 "errors" 58 "fmt" 59 "io" 60 "net/http" 61 "net/url" 62 "strconv" 63 "strings" 64 65 googleapi "google.golang.org/api/googleapi" 66 internal "google.golang.org/api/internal" 67 gensupport "google.golang.org/api/internal/gensupport" 68 option "google.golang.org/api/option" 69 internaloption "google.golang.org/api/option/internaloption" 70 htransport "google.golang.org/api/transport/http" 71 ) 72 73 // Always reference these packages, just in case the auto-generated code 74 // below doesn't. 75 var _ = bytes.NewBuffer 76 var _ = strconv.Itoa 77 var _ = fmt.Sprintf 78 var _ = json.NewDecoder 79 var _ = io.Copy 80 var _ = url.Parse 81 var _ = gensupport.MarshalJSON 82 var _ = googleapi.Version 83 var _ = errors.New 84 var _ = strings.Replace 85 var _ = context.Canceled 86 var _ = internaloption.WithDefaultEndpoint 87 var _ = internal.Version 88 89 const apiId = "iam:v2" 90 const apiName = "iam" 91 const apiVersion = "v2" 92 const basePath = "https://iam.googleapis.com/" 93 const basePathTemplate = "https://iam.UNIVERSE_DOMAIN/" 94 const mtlsBasePath = "https://iam.mtls.googleapis.com/" 95 96 // OAuth2 scopes used by this API. 97 const ( 98 // See, edit, configure, and delete your Google Cloud data and see the email 99 // address for your Google Account. 100 CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" 101 ) 102 103 // NewService creates a new Service. 104 func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { 105 scopesOption := internaloption.WithDefaultScopes( 106 "https://www.googleapis.com/auth/cloud-platform", 107 ) 108 // NOTE: prepend, so we don't override user-specified scopes. 109 opts = append([]option.ClientOption{scopesOption}, opts...) 110 opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) 111 opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate)) 112 opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) 113 opts = append(opts, internaloption.EnableNewAuthLibrary()) 114 client, endpoint, err := htransport.NewClient(ctx, opts...) 115 if err != nil { 116 return nil, err 117 } 118 s, err := New(client) 119 if err != nil { 120 return nil, err 121 } 122 if endpoint != "" { 123 s.BasePath = endpoint 124 } 125 return s, nil 126 } 127 128 // New creates a new Service. It uses the provided http.Client for requests. 129 // 130 // Deprecated: please use NewService instead. 131 // To provide a custom HTTP client, use option.WithHTTPClient. 132 // If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. 133 func New(client *http.Client) (*Service, error) { 134 if client == nil { 135 return nil, errors.New("client is nil") 136 } 137 s := &Service{client: client, BasePath: basePath} 138 s.Policies = NewPoliciesService(s) 139 return s, nil 140 } 141 142 type Service struct { 143 client *http.Client 144 BasePath string // API endpoint base URL 145 UserAgent string // optional additional User-Agent fragment 146 147 Policies *PoliciesService 148 } 149 150 func (s *Service) userAgent() string { 151 if s.UserAgent == "" { 152 return googleapi.UserAgent 153 } 154 return googleapi.UserAgent + " " + s.UserAgent 155 } 156 157 func NewPoliciesService(s *Service) *PoliciesService { 158 rs := &PoliciesService{s: s} 159 rs.Operations = NewPoliciesOperationsService(s) 160 return rs 161 } 162 163 type PoliciesService struct { 164 s *Service 165 166 Operations *PoliciesOperationsService 167 } 168 169 func NewPoliciesOperationsService(s *Service) *PoliciesOperationsService { 170 rs := &PoliciesOperationsService{s: s} 171 return rs 172 } 173 174 type PoliciesOperationsService struct { 175 s *Service 176 } 177 178 // CloudControl2SharedOperationsReconciliationOperationMetadata: Operation 179 // metadata returned by the CLH during resource state reconciliation. 180 type CloudControl2SharedOperationsReconciliationOperationMetadata struct { 181 // DeleteResource: DEPRECATED. Use exclusive_action instead. 182 DeleteResource bool `json:"deleteResource,omitempty"` 183 // ExclusiveAction: Excluisive action returned by the CLH. 184 // 185 // Possible values: 186 // "UNKNOWN_REPAIR_ACTION" - Unknown repair action. 187 // "DELETE" - The resource has to be deleted. When using this bit, the CLH 188 // should fail the operation. DEPRECATED. Instead use DELETE_RESOURCE 189 // OperationSignal in SideChannel. 190 // "RETRY" - This resource could not be repaired but the repair should be 191 // tried again at a later time. This can happen if there is a dependency that 192 // needs to be resolved first- e.g. if a parent resource must be repaired 193 // before a child resource. 194 ExclusiveAction string `json:"exclusiveAction,omitempty"` 195 // ForceSendFields is a list of field names (e.g. "DeleteResource") to 196 // unconditionally include in API requests. By default, fields with empty or 197 // default values are omitted from API requests. See 198 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 199 // details. 200 ForceSendFields []string `json:"-"` 201 // NullFields is a list of field names (e.g. "DeleteResource") to include in 202 // API requests with the JSON null value. By default, fields with empty values 203 // are omitted from API requests. See 204 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 205 NullFields []string `json:"-"` 206 } 207 208 func (s *CloudControl2SharedOperationsReconciliationOperationMetadata) MarshalJSON() ([]byte, error) { 209 type NoMethod CloudControl2SharedOperationsReconciliationOperationMetadata 210 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 211 } 212 213 // GoogleCloudCommonOperationMetadata: Represents the metadata of the 214 // long-running operation. 215 type GoogleCloudCommonOperationMetadata struct { 216 // ApiVersion: Output only. API version used to start the operation. 217 ApiVersion string `json:"apiVersion,omitempty"` 218 // CancelRequested: Output only. Identifies whether the user has requested 219 // cancellation of the operation. Operations that have been cancelled 220 // successfully have Operation.error value with a google.rpc.Status.code of 1, 221 // corresponding to `Code.CANCELLED`. 222 CancelRequested bool `json:"cancelRequested,omitempty"` 223 // CreateTime: Output only. The time the operation was created. 224 CreateTime string `json:"createTime,omitempty"` 225 // EndTime: Output only. The time the operation finished running. 226 EndTime string `json:"endTime,omitempty"` 227 // StatusDetail: Output only. Human-readable status of the operation, if any. 228 StatusDetail string `json:"statusDetail,omitempty"` 229 // Target: Output only. Server-defined resource path for the target of the 230 // operation. 231 Target string `json:"target,omitempty"` 232 // Verb: Output only. Name of the verb executed by the operation. 233 Verb string `json:"verb,omitempty"` 234 // ForceSendFields is a list of field names (e.g. "ApiVersion") to 235 // unconditionally include in API requests. By default, fields with empty or 236 // default values are omitted from API requests. See 237 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 238 // details. 239 ForceSendFields []string `json:"-"` 240 // NullFields is a list of field names (e.g. "ApiVersion") to include in API 241 // requests with the JSON null value. By default, fields with empty values are 242 // omitted from API requests. See 243 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 244 NullFields []string `json:"-"` 245 } 246 247 func (s *GoogleCloudCommonOperationMetadata) MarshalJSON() ([]byte, error) { 248 type NoMethod GoogleCloudCommonOperationMetadata 249 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 250 } 251 252 // GoogleIamAdminV1AuditData: Audit log information specific to Cloud IAM admin 253 // APIs. This message is serialized as an `Any` type in the `ServiceData` 254 // message of an `AuditLog` message. 255 type GoogleIamAdminV1AuditData struct { 256 // PermissionDelta: The permission_delta when when creating or updating a Role. 257 PermissionDelta *GoogleIamAdminV1AuditDataPermissionDelta `json:"permissionDelta,omitempty"` 258 // ForceSendFields is a list of field names (e.g. "PermissionDelta") to 259 // unconditionally include in API requests. By default, fields with empty or 260 // default values are omitted from API requests. See 261 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 262 // details. 263 ForceSendFields []string `json:"-"` 264 // NullFields is a list of field names (e.g. "PermissionDelta") to include in 265 // API requests with the JSON null value. By default, fields with empty values 266 // are omitted from API requests. See 267 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 268 NullFields []string `json:"-"` 269 } 270 271 func (s *GoogleIamAdminV1AuditData) MarshalJSON() ([]byte, error) { 272 type NoMethod GoogleIamAdminV1AuditData 273 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 274 } 275 276 // GoogleIamAdminV1AuditDataPermissionDelta: A PermissionDelta message to 277 // record the added_permissions and removed_permissions inside a role. 278 type GoogleIamAdminV1AuditDataPermissionDelta struct { 279 // AddedPermissions: Added permissions. 280 AddedPermissions []string `json:"addedPermissions,omitempty"` 281 // RemovedPermissions: Removed permissions. 282 RemovedPermissions []string `json:"removedPermissions,omitempty"` 283 // ForceSendFields is a list of field names (e.g. "AddedPermissions") to 284 // unconditionally include in API requests. By default, fields with empty or 285 // default values are omitted from API requests. See 286 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 287 // details. 288 ForceSendFields []string `json:"-"` 289 // NullFields is a list of field names (e.g. "AddedPermissions") to include in 290 // API requests with the JSON null value. By default, fields with empty values 291 // are omitted from API requests. See 292 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 293 NullFields []string `json:"-"` 294 } 295 296 func (s *GoogleIamAdminV1AuditDataPermissionDelta) MarshalJSON() ([]byte, error) { 297 type NoMethod GoogleIamAdminV1AuditDataPermissionDelta 298 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 299 } 300 301 // GoogleIamV1BindingDelta: One delta entry for Binding. Each individual change 302 // (only one member in each entry) to a binding will be a separate entry. 303 type GoogleIamV1BindingDelta struct { 304 // Action: The action that was performed on a Binding. Required 305 // 306 // Possible values: 307 // "ACTION_UNSPECIFIED" - Unspecified. 308 // "ADD" - Addition of a Binding. 309 // "REMOVE" - Removal of a Binding. 310 Action string `json:"action,omitempty"` 311 // Condition: The condition that is associated with this binding. 312 Condition *GoogleTypeExpr `json:"condition,omitempty"` 313 // Member: A single identity requesting access for a Google Cloud resource. 314 // Follows the same format of Binding.members. Required 315 Member string `json:"member,omitempty"` 316 // Role: Role that is assigned to `members`. For example, `roles/viewer`, 317 // `roles/editor`, or `roles/owner`. Required 318 Role string `json:"role,omitempty"` 319 // ForceSendFields is a list of field names (e.g. "Action") to unconditionally 320 // include in API requests. By default, fields with empty or default values are 321 // omitted from API requests. See 322 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 323 // details. 324 ForceSendFields []string `json:"-"` 325 // NullFields is a list of field names (e.g. "Action") to include in API 326 // requests with the JSON null value. By default, fields with empty values are 327 // omitted from API requests. See 328 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 329 NullFields []string `json:"-"` 330 } 331 332 func (s *GoogleIamV1BindingDelta) MarshalJSON() ([]byte, error) { 333 type NoMethod GoogleIamV1BindingDelta 334 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 335 } 336 337 // GoogleIamV1LoggingAuditData: Audit log information specific to Cloud IAM. 338 // This message is serialized as an `Any` type in the `ServiceData` message of 339 // an `AuditLog` message. 340 type GoogleIamV1LoggingAuditData struct { 341 // PolicyDelta: Policy delta between the original policy and the newly set 342 // policy. 343 PolicyDelta *GoogleIamV1PolicyDelta `json:"policyDelta,omitempty"` 344 // ForceSendFields is a list of field names (e.g. "PolicyDelta") to 345 // unconditionally include in API requests. By default, fields with empty or 346 // default values are omitted from API requests. See 347 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 348 // details. 349 ForceSendFields []string `json:"-"` 350 // NullFields is a list of field names (e.g. "PolicyDelta") to include in API 351 // requests with the JSON null value. By default, fields with empty values are 352 // omitted from API requests. See 353 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 354 NullFields []string `json:"-"` 355 } 356 357 func (s *GoogleIamV1LoggingAuditData) MarshalJSON() ([]byte, error) { 358 type NoMethod GoogleIamV1LoggingAuditData 359 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 360 } 361 362 // GoogleIamV1PolicyDelta: The difference delta between two policies. 363 type GoogleIamV1PolicyDelta struct { 364 // BindingDeltas: The delta for Bindings between two policies. 365 BindingDeltas []*GoogleIamV1BindingDelta `json:"bindingDeltas,omitempty"` 366 // ForceSendFields is a list of field names (e.g. "BindingDeltas") to 367 // unconditionally include in API requests. By default, fields with empty or 368 // default values are omitted from API requests. See 369 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 370 // details. 371 ForceSendFields []string `json:"-"` 372 // NullFields is a list of field names (e.g. "BindingDeltas") to include in API 373 // requests with the JSON null value. By default, fields with empty values are 374 // omitted from API requests. See 375 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 376 NullFields []string `json:"-"` 377 } 378 379 func (s *GoogleIamV1PolicyDelta) MarshalJSON() ([]byte, error) { 380 type NoMethod GoogleIamV1PolicyDelta 381 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 382 } 383 384 // GoogleIamV1betaWorkloadIdentityPoolOperationMetadata: Metadata for 385 // long-running WorkloadIdentityPool operations. 386 type GoogleIamV1betaWorkloadIdentityPoolOperationMetadata struct { 387 } 388 389 // GoogleIamV2DenyRule: A deny rule in an IAM deny policy. 390 type GoogleIamV2DenyRule struct { 391 // DenialCondition: The condition that determines whether this deny rule 392 // applies to a request. If the condition expression evaluates to `true`, then 393 // the deny rule is applied; otherwise, the deny rule is not applied. Each deny 394 // rule is evaluated independently. If this deny rule does not apply to a 395 // request, other deny rules might still apply. The condition can use CEL 396 // functions that evaluate resource tags 397 // (https://cloud.google.com/iam/help/conditions/resource-tags). Other 398 // functions and operators are not supported. 399 DenialCondition *GoogleTypeExpr `json:"denialCondition,omitempty"` 400 // DeniedPermissions: The permissions that are explicitly denied by this rule. 401 // Each permission uses the format `{service_fqdn}/{resource}.{verb}`, where 402 // `{service_fqdn}` is the fully qualified domain name for the service. For 403 // example, `iam.googleapis.com/roles.list`. 404 DeniedPermissions []string `json:"deniedPermissions,omitempty"` 405 // DeniedPrincipals: The identities that are prevented from using one or more 406 // permissions on Google Cloud resources. This field can contain the following 407 // values: * `principal://goog/subject/{email_id}`: A specific Google Account. 408 // Includes Gmail, Cloud Identity, and Google Workspace user accounts. For 409 // example, `principal://goog/subject/alice@example.com`. * 410 // `principal://iam.googleapis.com/projects/-/serviceAccounts/{service_account_i 411 // d}`: A Google Cloud service account. For example, 412 // `principal://iam.googleapis.com/projects/-/serviceAccounts/my-service-account 413 // @iam.gserviceaccount.com`. * `principalSet://goog/group/{group_id}`: A 414 // Google group. For example, `principalSet://goog/group/admins@example.com`. * 415 // `principalSet://goog/public:all`: A special identifier that represents any 416 // principal that is on the internet, even if they do not have a Google Account 417 // or are not logged in. * 418 // `principalSet://goog/cloudIdentityCustomerId/{customer_id}`: All of the 419 // principals associated with the specified Google Workspace or Cloud Identity 420 // customer ID. For example, 421 // `principalSet://goog/cloudIdentityCustomerId/C01Abc35`. * 422 // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/sub 423 // ject/{subject_attribute_value}`: A single identity in a workforce identity 424 // pool. * 425 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 426 // group/{group_id}`: All workforce identities in a group. * 427 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 428 // attribute.{attribute_name}/{attribute_value}`: All workforce identities with 429 // a specific attribute value. * 430 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 431 // *`: All identities in a workforce identity pool. * 432 // `principal://iam.googleapis.com/projects/{project_number}/locations/global/wo 433 // rkloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single 434 // identity in a workload identity pool. * 435 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 436 // /workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool 437 // group. * 438 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 439 // /workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value} 440 // `: All identities in a workload identity pool with a certain attribute. * 441 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 442 // /workloadIdentityPools/{pool_id}/*`: All identities in a workload identity 443 // pool. * `deleted:principal://goog/subject/{email_id}?uid={uid}`: A specific 444 // Google Account that was deleted recently. For example, 445 // `deleted:principal://goog/subject/alice@example.com?uid=1234567890`. If the 446 // Google Account is recovered, this identifier reverts to the standard 447 // identifier for a Google Account. * 448 // `deleted:principalSet://goog/group/{group_id}?uid={uid}`: A Google group 449 // that was deleted recently. For example, 450 // `deleted:principalSet://goog/group/admins@example.com?uid=1234567890`. If 451 // the Google group is restored, this identifier reverts to the standard 452 // identifier for a Google group. * 453 // `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/{service_a 454 // ccount_id}?uid={uid}`: A Google Cloud service account that was deleted 455 // recently. For example, 456 // `deleted:principal://iam.googleapis.com/projects/-/serviceAccounts/my-service 457 // -account@iam.gserviceaccount.com?uid=1234567890`. If the service account is 458 // undeleted, this identifier reverts to the standard identifier for a service 459 // account. * 460 // `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool 461 // _id}/subject/{subject_attribute_value}`: Deleted single identity in a 462 // workforce identity pool. For example, 463 // `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-po 464 // ol-id/subject/my-subject-attribute-value`. 465 DeniedPrincipals []string `json:"deniedPrincipals,omitempty"` 466 // ExceptionPermissions: Specifies the permissions that this rule excludes from 467 // the set of denied permissions given by `denied_permissions`. If a permission 468 // appears in `denied_permissions` _and_ in `exception_permissions` then it 469 // will _not_ be denied. The excluded permissions can be specified using the 470 // same syntax as `denied_permissions`. 471 ExceptionPermissions []string `json:"exceptionPermissions,omitempty"` 472 // ExceptionPrincipals: The identities that are excluded from the deny rule, 473 // even if they are listed in the `denied_principals`. For example, you could 474 // add a Google group to the `denied_principals`, then exclude specific users 475 // who belong to that group. This field can contain the same values as the 476 // `denied_principals` field, excluding `principalSet://goog/public:all`, which 477 // represents all users on the internet. 478 ExceptionPrincipals []string `json:"exceptionPrincipals,omitempty"` 479 // ForceSendFields is a list of field names (e.g. "DenialCondition") to 480 // unconditionally include in API requests. By default, fields with empty or 481 // default values are omitted from API requests. See 482 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 483 // details. 484 ForceSendFields []string `json:"-"` 485 // NullFields is a list of field names (e.g. "DenialCondition") to include in 486 // API requests with the JSON null value. By default, fields with empty values 487 // are omitted from API requests. See 488 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 489 NullFields []string `json:"-"` 490 } 491 492 func (s *GoogleIamV2DenyRule) MarshalJSON() ([]byte, error) { 493 type NoMethod GoogleIamV2DenyRule 494 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 495 } 496 497 // GoogleIamV2ListPoliciesResponse: Response message for `ListPolicies`. 498 type GoogleIamV2ListPoliciesResponse struct { 499 // NextPageToken: A page token that you can use in a ListPoliciesRequest to 500 // retrieve the next page. If this field is omitted, there are no additional 501 // pages. 502 NextPageToken string `json:"nextPageToken,omitempty"` 503 // Policies: Metadata for the policies that are attached to the resource. 504 Policies []*GoogleIamV2Policy `json:"policies,omitempty"` 505 506 // ServerResponse contains the HTTP response code and headers from the server. 507 googleapi.ServerResponse `json:"-"` 508 // ForceSendFields is a list of field names (e.g. "NextPageToken") to 509 // unconditionally include in API requests. By default, fields with empty or 510 // default values are omitted from API requests. See 511 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 512 // details. 513 ForceSendFields []string `json:"-"` 514 // NullFields is a list of field names (e.g. "NextPageToken") to include in API 515 // requests with the JSON null value. By default, fields with empty values are 516 // omitted from API requests. See 517 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 518 NullFields []string `json:"-"` 519 } 520 521 func (s *GoogleIamV2ListPoliciesResponse) MarshalJSON() ([]byte, error) { 522 type NoMethod GoogleIamV2ListPoliciesResponse 523 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 524 } 525 526 // GoogleIamV2Policy: Data for an IAM policy. 527 type GoogleIamV2Policy struct { 528 // Annotations: A key-value map to store arbitrary metadata for the `Policy`. 529 // Keys can be up to 63 characters. Values can be up to 255 characters. 530 Annotations map[string]string `json:"annotations,omitempty"` 531 // CreateTime: Output only. The time when the `Policy` was created. 532 CreateTime string `json:"createTime,omitempty"` 533 // DeleteTime: Output only. The time when the `Policy` was deleted. Empty if 534 // the policy is not deleted. 535 DeleteTime string `json:"deleteTime,omitempty"` 536 // DisplayName: A user-specified description of the `Policy`. This value can be 537 // up to 63 characters. 538 DisplayName string `json:"displayName,omitempty"` 539 // Etag: An opaque tag that identifies the current version of the `Policy`. IAM 540 // uses this value to help manage concurrent updates, so they do not cause one 541 // update to be overwritten by another. If this field is present in a 542 // CreatePolicyRequest, the value is ignored. 543 Etag string `json:"etag,omitempty"` 544 // Kind: Output only. The kind of the `Policy`. Always contains the value 545 // `DenyPolicy`. 546 Kind string `json:"kind,omitempty"` 547 // Name: Immutable. The resource name of the `Policy`, which must be unique. 548 // Format: `policies/{attachment_point}/denypolicies/{policy_id}` The 549 // attachment point is identified by its URL-encoded full resource name, which 550 // means that the forward-slash character, `/`, must be written as `%2F`. For 551 // example, 552 // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denypol 553 // icies/my-deny-policy`. For organizations and folders, use the numeric ID in 554 // the full resource name. For projects, requests can use the alphanumeric or 555 // the numeric ID. Responses always contain the numeric ID. 556 Name string `json:"name,omitempty"` 557 // Rules: A list of rules that specify the behavior of the `Policy`. All of the 558 // rules should be of the `kind` specified in the `Policy`. 559 Rules []*GoogleIamV2PolicyRule `json:"rules,omitempty"` 560 // Uid: Immutable. The globally unique ID of the `Policy`. Assigned 561 // automatically when the `Policy` is created. 562 Uid string `json:"uid,omitempty"` 563 // UpdateTime: Output only. The time when the `Policy` was last updated. 564 UpdateTime string `json:"updateTime,omitempty"` 565 566 // ServerResponse contains the HTTP response code and headers from the server. 567 googleapi.ServerResponse `json:"-"` 568 // ForceSendFields is a list of field names (e.g. "Annotations") to 569 // unconditionally include in API requests. By default, fields with empty or 570 // default values are omitted from API requests. See 571 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 572 // details. 573 ForceSendFields []string `json:"-"` 574 // NullFields is a list of field names (e.g. "Annotations") to include in API 575 // requests with the JSON null value. By default, fields with empty values are 576 // omitted from API requests. See 577 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 578 NullFields []string `json:"-"` 579 } 580 581 func (s *GoogleIamV2Policy) MarshalJSON() ([]byte, error) { 582 type NoMethod GoogleIamV2Policy 583 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 584 } 585 586 // GoogleIamV2PolicyOperationMetadata: Metadata for long-running `Policy` 587 // operations. 588 type GoogleIamV2PolicyOperationMetadata struct { 589 // CreateTime: Timestamp when the `google.longrunning.Operation` was created. 590 CreateTime string `json:"createTime,omitempty"` 591 // ForceSendFields is a list of field names (e.g. "CreateTime") to 592 // unconditionally include in API requests. By default, fields with empty or 593 // default values are omitted from API requests. See 594 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 595 // details. 596 ForceSendFields []string `json:"-"` 597 // NullFields is a list of field names (e.g. "CreateTime") to include in API 598 // requests with the JSON null value. By default, fields with empty values are 599 // omitted from API requests. See 600 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 601 NullFields []string `json:"-"` 602 } 603 604 func (s *GoogleIamV2PolicyOperationMetadata) MarshalJSON() ([]byte, error) { 605 type NoMethod GoogleIamV2PolicyOperationMetadata 606 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 607 } 608 609 // GoogleIamV2PolicyRule: A single rule in a `Policy`. 610 type GoogleIamV2PolicyRule struct { 611 // DenyRule: A rule for a deny policy. 612 DenyRule *GoogleIamV2DenyRule `json:"denyRule,omitempty"` 613 // Description: A user-specified description of the rule. This value can be up 614 // to 256 characters. 615 Description string `json:"description,omitempty"` 616 // ForceSendFields is a list of field names (e.g. "DenyRule") to 617 // unconditionally include in API requests. By default, fields with empty or 618 // default values are omitted from API requests. See 619 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 620 // details. 621 ForceSendFields []string `json:"-"` 622 // NullFields is a list of field names (e.g. "DenyRule") to include in API 623 // requests with the JSON null value. By default, fields with empty values are 624 // omitted from API requests. See 625 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 626 NullFields []string `json:"-"` 627 } 628 629 func (s *GoogleIamV2PolicyRule) MarshalJSON() ([]byte, error) { 630 type NoMethod GoogleIamV2PolicyRule 631 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 632 } 633 634 // GoogleLongrunningOperation: This resource represents a long-running 635 // operation that is the result of a network API call. 636 type GoogleLongrunningOperation struct { 637 // Done: If the value is `false`, it means the operation is still in progress. 638 // If `true`, the operation is completed, and either `error` or `response` is 639 // available. 640 Done bool `json:"done,omitempty"` 641 // Error: The error result of the operation in case of failure or cancellation. 642 Error *GoogleRpcStatus `json:"error,omitempty"` 643 // Metadata: Service-specific metadata associated with the operation. It 644 // typically contains progress information and common metadata such as create 645 // time. Some services might not provide such metadata. Any method that returns 646 // a long-running operation should document the metadata type, if any. 647 Metadata googleapi.RawMessage `json:"metadata,omitempty"` 648 // Name: The server-assigned name, which is only unique within the same service 649 // that originally returns it. If you use the default HTTP mapping, the `name` 650 // should be a resource name ending with `operations/{unique_id}`. 651 Name string `json:"name,omitempty"` 652 // Response: The normal, successful response of the operation. If the original 653 // method returns no data on success, such as `Delete`, the response is 654 // `google.protobuf.Empty`. If the original method is standard 655 // `Get`/`Create`/`Update`, the response should be the resource. For other 656 // methods, the response should have the type `XxxResponse`, where `Xxx` is the 657 // original method name. For example, if the original method name is 658 // `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. 659 Response googleapi.RawMessage `json:"response,omitempty"` 660 661 // ServerResponse contains the HTTP response code and headers from the server. 662 googleapi.ServerResponse `json:"-"` 663 // ForceSendFields is a list of field names (e.g. "Done") to unconditionally 664 // include in API requests. By default, fields with empty or default values are 665 // omitted from API requests. See 666 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 667 // details. 668 ForceSendFields []string `json:"-"` 669 // NullFields is a list of field names (e.g. "Done") to include in API requests 670 // with the JSON null value. By default, fields with empty values are omitted 671 // from API requests. See 672 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 673 NullFields []string `json:"-"` 674 } 675 676 func (s *GoogleLongrunningOperation) MarshalJSON() ([]byte, error) { 677 type NoMethod GoogleLongrunningOperation 678 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 679 } 680 681 // GoogleRpcStatus: The `Status` type defines a logical error model that is 682 // suitable for different programming environments, including REST APIs and RPC 683 // APIs. It is used by gRPC (https://github.com/grpc). Each `Status` message 684 // contains three pieces of data: error code, error message, and error details. 685 // You can find out more about this error model and how to work with it in the 686 // API Design Guide (https://cloud.google.com/apis/design/errors). 687 type GoogleRpcStatus struct { 688 // Code: The status code, which should be an enum value of google.rpc.Code. 689 Code int64 `json:"code,omitempty"` 690 // Details: A list of messages that carry the error details. There is a common 691 // set of message types for APIs to use. 692 Details []googleapi.RawMessage `json:"details,omitempty"` 693 // Message: A developer-facing error message, which should be in English. Any 694 // user-facing error message should be localized and sent in the 695 // google.rpc.Status.details field, or localized by the client. 696 Message string `json:"message,omitempty"` 697 // ForceSendFields is a list of field names (e.g. "Code") to unconditionally 698 // include in API requests. By default, fields with empty or default values are 699 // omitted from API requests. See 700 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 701 // details. 702 ForceSendFields []string `json:"-"` 703 // NullFields is a list of field names (e.g. "Code") to include in API requests 704 // with the JSON null value. By default, fields with empty values are omitted 705 // from API requests. See 706 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 707 NullFields []string `json:"-"` 708 } 709 710 func (s *GoogleRpcStatus) MarshalJSON() ([]byte, error) { 711 type NoMethod GoogleRpcStatus 712 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 713 } 714 715 // GoogleTypeExpr: Represents a textual expression in the Common Expression 716 // Language (CEL) syntax. CEL is a C-like expression language. The syntax and 717 // semantics of CEL are documented at https://github.com/google/cel-spec. 718 // Example (Comparison): title: "Summary size limit" description: "Determines 719 // if a summary is less than 100 chars" expression: "document.summary.size() < 720 // 100" Example (Equality): title: "Requestor is owner" description: 721 // "Determines if requestor is the document owner" expression: "document.owner 722 // == request.auth.claims.email" Example (Logic): title: "Public documents" 723 // description: "Determine whether the document should be publicly visible" 724 // expression: "document.type != 'private' && document.type != 'internal'" 725 // Example (Data Manipulation): title: "Notification string" description: 726 // "Create a notification string with a timestamp." expression: "'New message 727 // received at ' + string(document.create_time)" The exact variables and 728 // functions that may be referenced within an expression are determined by the 729 // service that evaluates it. See the service documentation for additional 730 // information. 731 type GoogleTypeExpr struct { 732 // Description: Optional. Description of the expression. This is a longer text 733 // which describes the expression, e.g. when hovered over it in a UI. 734 Description string `json:"description,omitempty"` 735 // Expression: Textual representation of an expression in Common Expression 736 // Language syntax. 737 Expression string `json:"expression,omitempty"` 738 // Location: Optional. String indicating the location of the expression for 739 // error reporting, e.g. a file name and a position in the file. 740 Location string `json:"location,omitempty"` 741 // Title: Optional. Title for the expression, i.e. a short string describing 742 // its purpose. This can be used e.g. in UIs which allow to enter the 743 // expression. 744 Title string `json:"title,omitempty"` 745 // ForceSendFields is a list of field names (e.g. "Description") to 746 // unconditionally include in API requests. By default, fields with empty or 747 // default values are omitted from API requests. See 748 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 749 // details. 750 ForceSendFields []string `json:"-"` 751 // NullFields is a list of field names (e.g. "Description") to include in API 752 // requests with the JSON null value. By default, fields with empty values are 753 // omitted from API requests. See 754 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 755 NullFields []string `json:"-"` 756 } 757 758 func (s *GoogleTypeExpr) MarshalJSON() ([]byte, error) { 759 type NoMethod GoogleTypeExpr 760 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 761 } 762 763 type PoliciesCreatePolicyCall struct { 764 s *Service 765 parent string 766 googleiamv2policy *GoogleIamV2Policy 767 urlParams_ gensupport.URLParams 768 ctx_ context.Context 769 header_ http.Header 770 } 771 772 // CreatePolicy: Creates a policy. 773 // 774 // - parent: The resource that the policy is attached to, along with the kind 775 // of policy to create. Format: `policies/{attachment_point}/denypolicies` 776 // The attachment point is identified by its URL-encoded full resource name, 777 // which means that the forward-slash character, `/`, must be written as 778 // `%2F`. For example, 779 // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denyp 780 // olicies`. For organizations and folders, use the numeric ID in the full 781 // resource name. For projects, you can use the alphanumeric or the numeric 782 // ID. 783 func (r *PoliciesService) CreatePolicy(parent string, googleiamv2policy *GoogleIamV2Policy) *PoliciesCreatePolicyCall { 784 c := &PoliciesCreatePolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 785 c.parent = parent 786 c.googleiamv2policy = googleiamv2policy 787 return c 788 } 789 790 // PolicyId sets the optional parameter "policyId": The ID to use for this 791 // policy, which will become the final component of the policy's resource name. 792 // The ID must contain 3 to 63 characters. It can contain lowercase letters and 793 // numbers, as well as dashes (`-`) and periods (`.`). The first character must 794 // be a lowercase letter. 795 func (c *PoliciesCreatePolicyCall) PolicyId(policyId string) *PoliciesCreatePolicyCall { 796 c.urlParams_.Set("policyId", policyId) 797 return c 798 } 799 800 // Fields allows partial responses to be retrieved. See 801 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 802 // details. 803 func (c *PoliciesCreatePolicyCall) Fields(s ...googleapi.Field) *PoliciesCreatePolicyCall { 804 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 805 return c 806 } 807 808 // Context sets the context to be used in this call's Do method. 809 func (c *PoliciesCreatePolicyCall) Context(ctx context.Context) *PoliciesCreatePolicyCall { 810 c.ctx_ = ctx 811 return c 812 } 813 814 // Header returns a http.Header that can be modified by the caller to add 815 // headers to the request. 816 func (c *PoliciesCreatePolicyCall) Header() http.Header { 817 if c.header_ == nil { 818 c.header_ = make(http.Header) 819 } 820 return c.header_ 821 } 822 823 func (c *PoliciesCreatePolicyCall) doRequest(alt string) (*http.Response, error) { 824 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 825 var body io.Reader = nil 826 body, err := googleapi.WithoutDataWrapper.JSONReader(c.googleiamv2policy) 827 if err != nil { 828 return nil, err 829 } 830 c.urlParams_.Set("alt", alt) 831 c.urlParams_.Set("prettyPrint", "false") 832 urls := googleapi.ResolveRelative(c.s.BasePath, "v2/{+parent}") 833 urls += "?" + c.urlParams_.Encode() 834 req, err := http.NewRequest("POST", urls, body) 835 if err != nil { 836 return nil, err 837 } 838 req.Header = reqHeaders 839 googleapi.Expand(req.URL, map[string]string{ 840 "parent": c.parent, 841 }) 842 return gensupport.SendRequest(c.ctx_, c.s.client, req) 843 } 844 845 // Do executes the "iam.policies.createPolicy" call. 846 // Any non-2xx status code is an error. Response headers are in either 847 // *GoogleLongrunningOperation.ServerResponse.Header or (if a response was 848 // returned at all) in error.(*googleapi.Error).Header. Use 849 // googleapi.IsNotModified to check whether the returned error was because 850 // http.StatusNotModified was returned. 851 func (c *PoliciesCreatePolicyCall) Do(opts ...googleapi.CallOption) (*GoogleLongrunningOperation, error) { 852 gensupport.SetOptions(c.urlParams_, opts...) 853 res, err := c.doRequest("json") 854 if res != nil && res.StatusCode == http.StatusNotModified { 855 if res.Body != nil { 856 res.Body.Close() 857 } 858 return nil, gensupport.WrapError(&googleapi.Error{ 859 Code: res.StatusCode, 860 Header: res.Header, 861 }) 862 } 863 if err != nil { 864 return nil, err 865 } 866 defer googleapi.CloseBody(res) 867 if err := googleapi.CheckResponse(res); err != nil { 868 return nil, gensupport.WrapError(err) 869 } 870 ret := &GoogleLongrunningOperation{ 871 ServerResponse: googleapi.ServerResponse{ 872 Header: res.Header, 873 HTTPStatusCode: res.StatusCode, 874 }, 875 } 876 target := &ret 877 if err := gensupport.DecodeResponse(target, res); err != nil { 878 return nil, err 879 } 880 return ret, nil 881 } 882 883 type PoliciesDeleteCall struct { 884 s *Service 885 name string 886 urlParams_ gensupport.URLParams 887 ctx_ context.Context 888 header_ http.Header 889 } 890 891 // Delete: Deletes a policy. This action is permanent. 892 // 893 // - name: The resource name of the policy to delete. Format: 894 // `policies/{attachment_point}/denypolicies/{policy_id}` Use the URL-encoded 895 // full resource name, which means that the forward-slash character, `/`, 896 // must be written as `%2F`. For example, 897 // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denyp 898 // olicies/my-policy`. For organizations and folders, use the numeric ID in 899 // the full resource name. For projects, you can use the alphanumeric or the 900 // numeric ID. 901 func (r *PoliciesService) Delete(name string) *PoliciesDeleteCall { 902 c := &PoliciesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)} 903 c.name = name 904 return c 905 } 906 907 // Etag sets the optional parameter "etag": The expected `etag` of the policy 908 // to delete. If the value does not match the value that is stored in IAM, the 909 // request fails with a `409` error code and `ABORTED` status. If you omit this 910 // field, the policy is deleted regardless of its current `etag`. 911 func (c *PoliciesDeleteCall) Etag(etag string) *PoliciesDeleteCall { 912 c.urlParams_.Set("etag", etag) 913 return c 914 } 915 916 // Fields allows partial responses to be retrieved. See 917 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 918 // details. 919 func (c *PoliciesDeleteCall) Fields(s ...googleapi.Field) *PoliciesDeleteCall { 920 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 921 return c 922 } 923 924 // Context sets the context to be used in this call's Do method. 925 func (c *PoliciesDeleteCall) Context(ctx context.Context) *PoliciesDeleteCall { 926 c.ctx_ = ctx 927 return c 928 } 929 930 // Header returns a http.Header that can be modified by the caller to add 931 // headers to the request. 932 func (c *PoliciesDeleteCall) Header() http.Header { 933 if c.header_ == nil { 934 c.header_ = make(http.Header) 935 } 936 return c.header_ 937 } 938 939 func (c *PoliciesDeleteCall) doRequest(alt string) (*http.Response, error) { 940 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 941 var body io.Reader = nil 942 c.urlParams_.Set("alt", alt) 943 c.urlParams_.Set("prettyPrint", "false") 944 urls := googleapi.ResolveRelative(c.s.BasePath, "v2/{+name}") 945 urls += "?" + c.urlParams_.Encode() 946 req, err := http.NewRequest("DELETE", urls, body) 947 if err != nil { 948 return nil, err 949 } 950 req.Header = reqHeaders 951 googleapi.Expand(req.URL, map[string]string{ 952 "name": c.name, 953 }) 954 return gensupport.SendRequest(c.ctx_, c.s.client, req) 955 } 956 957 // Do executes the "iam.policies.delete" call. 958 // Any non-2xx status code is an error. Response headers are in either 959 // *GoogleLongrunningOperation.ServerResponse.Header or (if a response was 960 // returned at all) in error.(*googleapi.Error).Header. Use 961 // googleapi.IsNotModified to check whether the returned error was because 962 // http.StatusNotModified was returned. 963 func (c *PoliciesDeleteCall) Do(opts ...googleapi.CallOption) (*GoogleLongrunningOperation, error) { 964 gensupport.SetOptions(c.urlParams_, opts...) 965 res, err := c.doRequest("json") 966 if res != nil && res.StatusCode == http.StatusNotModified { 967 if res.Body != nil { 968 res.Body.Close() 969 } 970 return nil, gensupport.WrapError(&googleapi.Error{ 971 Code: res.StatusCode, 972 Header: res.Header, 973 }) 974 } 975 if err != nil { 976 return nil, err 977 } 978 defer googleapi.CloseBody(res) 979 if err := googleapi.CheckResponse(res); err != nil { 980 return nil, gensupport.WrapError(err) 981 } 982 ret := &GoogleLongrunningOperation{ 983 ServerResponse: googleapi.ServerResponse{ 984 Header: res.Header, 985 HTTPStatusCode: res.StatusCode, 986 }, 987 } 988 target := &ret 989 if err := gensupport.DecodeResponse(target, res); err != nil { 990 return nil, err 991 } 992 return ret, nil 993 } 994 995 type PoliciesGetCall struct { 996 s *Service 997 name string 998 urlParams_ gensupport.URLParams 999 ifNoneMatch_ string 1000 ctx_ context.Context 1001 header_ http.Header 1002 } 1003 1004 // Get: Gets a policy. 1005 // 1006 // - name: The resource name of the policy to retrieve. Format: 1007 // `policies/{attachment_point}/denypolicies/{policy_id}` Use the URL-encoded 1008 // full resource name, which means that the forward-slash character, `/`, 1009 // must be written as `%2F`. For example, 1010 // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denyp 1011 // olicies/my-policy`. For organizations and folders, use the numeric ID in 1012 // the full resource name. For projects, you can use the alphanumeric or the 1013 // numeric ID. 1014 func (r *PoliciesService) Get(name string) *PoliciesGetCall { 1015 c := &PoliciesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1016 c.name = name 1017 return c 1018 } 1019 1020 // Fields allows partial responses to be retrieved. See 1021 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1022 // details. 1023 func (c *PoliciesGetCall) Fields(s ...googleapi.Field) *PoliciesGetCall { 1024 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1025 return c 1026 } 1027 1028 // IfNoneMatch sets an optional parameter which makes the operation fail if the 1029 // object's ETag matches the given value. This is useful for getting updates 1030 // only after the object has changed since the last request. 1031 func (c *PoliciesGetCall) IfNoneMatch(entityTag string) *PoliciesGetCall { 1032 c.ifNoneMatch_ = entityTag 1033 return c 1034 } 1035 1036 // Context sets the context to be used in this call's Do method. 1037 func (c *PoliciesGetCall) Context(ctx context.Context) *PoliciesGetCall { 1038 c.ctx_ = ctx 1039 return c 1040 } 1041 1042 // Header returns a http.Header that can be modified by the caller to add 1043 // headers to the request. 1044 func (c *PoliciesGetCall) Header() http.Header { 1045 if c.header_ == nil { 1046 c.header_ = make(http.Header) 1047 } 1048 return c.header_ 1049 } 1050 1051 func (c *PoliciesGetCall) doRequest(alt string) (*http.Response, error) { 1052 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 1053 if c.ifNoneMatch_ != "" { 1054 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1055 } 1056 var body io.Reader = nil 1057 c.urlParams_.Set("alt", alt) 1058 c.urlParams_.Set("prettyPrint", "false") 1059 urls := googleapi.ResolveRelative(c.s.BasePath, "v2/{+name}") 1060 urls += "?" + c.urlParams_.Encode() 1061 req, err := http.NewRequest("GET", urls, body) 1062 if err != nil { 1063 return nil, err 1064 } 1065 req.Header = reqHeaders 1066 googleapi.Expand(req.URL, map[string]string{ 1067 "name": c.name, 1068 }) 1069 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1070 } 1071 1072 // Do executes the "iam.policies.get" call. 1073 // Any non-2xx status code is an error. Response headers are in either 1074 // *GoogleIamV2Policy.ServerResponse.Header or (if a response was returned at 1075 // all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 1076 // check whether the returned error was because http.StatusNotModified was 1077 // returned. 1078 func (c *PoliciesGetCall) Do(opts ...googleapi.CallOption) (*GoogleIamV2Policy, error) { 1079 gensupport.SetOptions(c.urlParams_, opts...) 1080 res, err := c.doRequest("json") 1081 if res != nil && res.StatusCode == http.StatusNotModified { 1082 if res.Body != nil { 1083 res.Body.Close() 1084 } 1085 return nil, gensupport.WrapError(&googleapi.Error{ 1086 Code: res.StatusCode, 1087 Header: res.Header, 1088 }) 1089 } 1090 if err != nil { 1091 return nil, err 1092 } 1093 defer googleapi.CloseBody(res) 1094 if err := googleapi.CheckResponse(res); err != nil { 1095 return nil, gensupport.WrapError(err) 1096 } 1097 ret := &GoogleIamV2Policy{ 1098 ServerResponse: googleapi.ServerResponse{ 1099 Header: res.Header, 1100 HTTPStatusCode: res.StatusCode, 1101 }, 1102 } 1103 target := &ret 1104 if err := gensupport.DecodeResponse(target, res); err != nil { 1105 return nil, err 1106 } 1107 return ret, nil 1108 } 1109 1110 type PoliciesListPoliciesCall struct { 1111 s *Service 1112 parent string 1113 urlParams_ gensupport.URLParams 1114 ifNoneMatch_ string 1115 ctx_ context.Context 1116 header_ http.Header 1117 } 1118 1119 // ListPolicies: Retrieves the policies of the specified kind that are attached 1120 // to a resource. The response lists only policy metadata. In particular, 1121 // policy rules are omitted. 1122 // 1123 // - parent: The resource that the policy is attached to, along with the kind 1124 // of policy to list. Format: `policies/{attachment_point}/denypolicies` The 1125 // attachment point is identified by its URL-encoded full resource name, 1126 // which means that the forward-slash character, `/`, must be written as 1127 // `%2F`. For example, 1128 // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denyp 1129 // olicies`. For organizations and folders, use the numeric ID in the full 1130 // resource name. For projects, you can use the alphanumeric or the numeric 1131 // ID. 1132 func (r *PoliciesService) ListPolicies(parent string) *PoliciesListPoliciesCall { 1133 c := &PoliciesListPoliciesCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1134 c.parent = parent 1135 return c 1136 } 1137 1138 // PageSize sets the optional parameter "pageSize": The maximum number of 1139 // policies to return. IAM ignores this value and uses the value 1000. 1140 func (c *PoliciesListPoliciesCall) PageSize(pageSize int64) *PoliciesListPoliciesCall { 1141 c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) 1142 return c 1143 } 1144 1145 // PageToken sets the optional parameter "pageToken": A page token received in 1146 // a ListPoliciesResponse. Provide this token to retrieve the next page. 1147 func (c *PoliciesListPoliciesCall) PageToken(pageToken string) *PoliciesListPoliciesCall { 1148 c.urlParams_.Set("pageToken", pageToken) 1149 return c 1150 } 1151 1152 // Fields allows partial responses to be retrieved. See 1153 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1154 // details. 1155 func (c *PoliciesListPoliciesCall) Fields(s ...googleapi.Field) *PoliciesListPoliciesCall { 1156 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1157 return c 1158 } 1159 1160 // IfNoneMatch sets an optional parameter which makes the operation fail if the 1161 // object's ETag matches the given value. This is useful for getting updates 1162 // only after the object has changed since the last request. 1163 func (c *PoliciesListPoliciesCall) IfNoneMatch(entityTag string) *PoliciesListPoliciesCall { 1164 c.ifNoneMatch_ = entityTag 1165 return c 1166 } 1167 1168 // Context sets the context to be used in this call's Do method. 1169 func (c *PoliciesListPoliciesCall) Context(ctx context.Context) *PoliciesListPoliciesCall { 1170 c.ctx_ = ctx 1171 return c 1172 } 1173 1174 // Header returns a http.Header that can be modified by the caller to add 1175 // headers to the request. 1176 func (c *PoliciesListPoliciesCall) Header() http.Header { 1177 if c.header_ == nil { 1178 c.header_ = make(http.Header) 1179 } 1180 return c.header_ 1181 } 1182 1183 func (c *PoliciesListPoliciesCall) doRequest(alt string) (*http.Response, error) { 1184 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 1185 if c.ifNoneMatch_ != "" { 1186 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1187 } 1188 var body io.Reader = nil 1189 c.urlParams_.Set("alt", alt) 1190 c.urlParams_.Set("prettyPrint", "false") 1191 urls := googleapi.ResolveRelative(c.s.BasePath, "v2/{+parent}") 1192 urls += "?" + c.urlParams_.Encode() 1193 req, err := http.NewRequest("GET", urls, body) 1194 if err != nil { 1195 return nil, err 1196 } 1197 req.Header = reqHeaders 1198 googleapi.Expand(req.URL, map[string]string{ 1199 "parent": c.parent, 1200 }) 1201 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1202 } 1203 1204 // Do executes the "iam.policies.listPolicies" call. 1205 // Any non-2xx status code is an error. Response headers are in either 1206 // *GoogleIamV2ListPoliciesResponse.ServerResponse.Header or (if a response was 1207 // returned at all) in error.(*googleapi.Error).Header. Use 1208 // googleapi.IsNotModified to check whether the returned error was because 1209 // http.StatusNotModified was returned. 1210 func (c *PoliciesListPoliciesCall) Do(opts ...googleapi.CallOption) (*GoogleIamV2ListPoliciesResponse, error) { 1211 gensupport.SetOptions(c.urlParams_, opts...) 1212 res, err := c.doRequest("json") 1213 if res != nil && res.StatusCode == http.StatusNotModified { 1214 if res.Body != nil { 1215 res.Body.Close() 1216 } 1217 return nil, gensupport.WrapError(&googleapi.Error{ 1218 Code: res.StatusCode, 1219 Header: res.Header, 1220 }) 1221 } 1222 if err != nil { 1223 return nil, err 1224 } 1225 defer googleapi.CloseBody(res) 1226 if err := googleapi.CheckResponse(res); err != nil { 1227 return nil, gensupport.WrapError(err) 1228 } 1229 ret := &GoogleIamV2ListPoliciesResponse{ 1230 ServerResponse: googleapi.ServerResponse{ 1231 Header: res.Header, 1232 HTTPStatusCode: res.StatusCode, 1233 }, 1234 } 1235 target := &ret 1236 if err := gensupport.DecodeResponse(target, res); err != nil { 1237 return nil, err 1238 } 1239 return ret, nil 1240 } 1241 1242 // Pages invokes f for each page of results. 1243 // A non-nil error returned from f will halt the iteration. 1244 // The provided context supersedes any context provided to the Context method. 1245 func (c *PoliciesListPoliciesCall) Pages(ctx context.Context, f func(*GoogleIamV2ListPoliciesResponse) error) error { 1246 c.ctx_ = ctx 1247 defer c.PageToken(c.urlParams_.Get("pageToken")) 1248 for { 1249 x, err := c.Do() 1250 if err != nil { 1251 return err 1252 } 1253 if err := f(x); err != nil { 1254 return err 1255 } 1256 if x.NextPageToken == "" { 1257 return nil 1258 } 1259 c.PageToken(x.NextPageToken) 1260 } 1261 } 1262 1263 type PoliciesUpdateCall struct { 1264 s *Service 1265 name string 1266 googleiamv2policy *GoogleIamV2Policy 1267 urlParams_ gensupport.URLParams 1268 ctx_ context.Context 1269 header_ http.Header 1270 } 1271 1272 // Update: Updates the specified policy. You can update only the rules and the 1273 // display name for the policy. To update a policy, you should use a 1274 // read-modify-write loop: 1. Use GetPolicy to read the current version of the 1275 // policy. 2. Modify the policy as needed. 3. Use `UpdatePolicy` to write the 1276 // updated policy. This pattern helps prevent conflicts between concurrent 1277 // updates. 1278 // 1279 // - name: Immutable. The resource name of the `Policy`, which must be unique. 1280 // Format: `policies/{attachment_point}/denypolicies/{policy_id}` The 1281 // attachment point is identified by its URL-encoded full resource name, 1282 // which means that the forward-slash character, `/`, must be written as 1283 // `%2F`. For example, 1284 // `policies/cloudresourcemanager.googleapis.com%2Fprojects%2Fmy-project/denyp 1285 // olicies/my-deny-policy`. For organizations and folders, use the numeric ID 1286 // in the full resource name. For projects, requests can use the alphanumeric 1287 // or the numeric ID. Responses always contain the numeric ID. 1288 func (r *PoliciesService) Update(name string, googleiamv2policy *GoogleIamV2Policy) *PoliciesUpdateCall { 1289 c := &PoliciesUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1290 c.name = name 1291 c.googleiamv2policy = googleiamv2policy 1292 return c 1293 } 1294 1295 // Fields allows partial responses to be retrieved. See 1296 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1297 // details. 1298 func (c *PoliciesUpdateCall) Fields(s ...googleapi.Field) *PoliciesUpdateCall { 1299 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1300 return c 1301 } 1302 1303 // Context sets the context to be used in this call's Do method. 1304 func (c *PoliciesUpdateCall) Context(ctx context.Context) *PoliciesUpdateCall { 1305 c.ctx_ = ctx 1306 return c 1307 } 1308 1309 // Header returns a http.Header that can be modified by the caller to add 1310 // headers to the request. 1311 func (c *PoliciesUpdateCall) Header() http.Header { 1312 if c.header_ == nil { 1313 c.header_ = make(http.Header) 1314 } 1315 return c.header_ 1316 } 1317 1318 func (c *PoliciesUpdateCall) doRequest(alt string) (*http.Response, error) { 1319 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 1320 var body io.Reader = nil 1321 body, err := googleapi.WithoutDataWrapper.JSONReader(c.googleiamv2policy) 1322 if err != nil { 1323 return nil, err 1324 } 1325 c.urlParams_.Set("alt", alt) 1326 c.urlParams_.Set("prettyPrint", "false") 1327 urls := googleapi.ResolveRelative(c.s.BasePath, "v2/{+name}") 1328 urls += "?" + c.urlParams_.Encode() 1329 req, err := http.NewRequest("PUT", urls, body) 1330 if err != nil { 1331 return nil, err 1332 } 1333 req.Header = reqHeaders 1334 googleapi.Expand(req.URL, map[string]string{ 1335 "name": c.name, 1336 }) 1337 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1338 } 1339 1340 // Do executes the "iam.policies.update" call. 1341 // Any non-2xx status code is an error. Response headers are in either 1342 // *GoogleLongrunningOperation.ServerResponse.Header or (if a response was 1343 // returned at all) in error.(*googleapi.Error).Header. Use 1344 // googleapi.IsNotModified to check whether the returned error was because 1345 // http.StatusNotModified was returned. 1346 func (c *PoliciesUpdateCall) Do(opts ...googleapi.CallOption) (*GoogleLongrunningOperation, error) { 1347 gensupport.SetOptions(c.urlParams_, opts...) 1348 res, err := c.doRequest("json") 1349 if res != nil && res.StatusCode == http.StatusNotModified { 1350 if res.Body != nil { 1351 res.Body.Close() 1352 } 1353 return nil, gensupport.WrapError(&googleapi.Error{ 1354 Code: res.StatusCode, 1355 Header: res.Header, 1356 }) 1357 } 1358 if err != nil { 1359 return nil, err 1360 } 1361 defer googleapi.CloseBody(res) 1362 if err := googleapi.CheckResponse(res); err != nil { 1363 return nil, gensupport.WrapError(err) 1364 } 1365 ret := &GoogleLongrunningOperation{ 1366 ServerResponse: googleapi.ServerResponse{ 1367 Header: res.Header, 1368 HTTPStatusCode: res.StatusCode, 1369 }, 1370 } 1371 target := &ret 1372 if err := gensupport.DecodeResponse(target, res); err != nil { 1373 return nil, err 1374 } 1375 return ret, nil 1376 } 1377 1378 type PoliciesOperationsGetCall struct { 1379 s *Service 1380 name string 1381 urlParams_ gensupport.URLParams 1382 ifNoneMatch_ string 1383 ctx_ context.Context 1384 header_ http.Header 1385 } 1386 1387 // Get: Gets the latest state of a long-running operation. Clients can use this 1388 // method to poll the operation result at intervals as recommended by the API 1389 // service. 1390 // 1391 // - name: The name of the operation resource. 1392 func (r *PoliciesOperationsService) Get(name string) *PoliciesOperationsGetCall { 1393 c := &PoliciesOperationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1394 c.name = name 1395 return c 1396 } 1397 1398 // Fields allows partial responses to be retrieved. See 1399 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 1400 // details. 1401 func (c *PoliciesOperationsGetCall) Fields(s ...googleapi.Field) *PoliciesOperationsGetCall { 1402 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1403 return c 1404 } 1405 1406 // IfNoneMatch sets an optional parameter which makes the operation fail if the 1407 // object's ETag matches the given value. This is useful for getting updates 1408 // only after the object has changed since the last request. 1409 func (c *PoliciesOperationsGetCall) IfNoneMatch(entityTag string) *PoliciesOperationsGetCall { 1410 c.ifNoneMatch_ = entityTag 1411 return c 1412 } 1413 1414 // Context sets the context to be used in this call's Do method. 1415 func (c *PoliciesOperationsGetCall) Context(ctx context.Context) *PoliciesOperationsGetCall { 1416 c.ctx_ = ctx 1417 return c 1418 } 1419 1420 // Header returns a http.Header that can be modified by the caller to add 1421 // headers to the request. 1422 func (c *PoliciesOperationsGetCall) Header() http.Header { 1423 if c.header_ == nil { 1424 c.header_ = make(http.Header) 1425 } 1426 return c.header_ 1427 } 1428 1429 func (c *PoliciesOperationsGetCall) doRequest(alt string) (*http.Response, error) { 1430 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "", c.header_) 1431 if c.ifNoneMatch_ != "" { 1432 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1433 } 1434 var body io.Reader = nil 1435 c.urlParams_.Set("alt", alt) 1436 c.urlParams_.Set("prettyPrint", "false") 1437 urls := googleapi.ResolveRelative(c.s.BasePath, "v2/{+name}") 1438 urls += "?" + c.urlParams_.Encode() 1439 req, err := http.NewRequest("GET", urls, body) 1440 if err != nil { 1441 return nil, err 1442 } 1443 req.Header = reqHeaders 1444 googleapi.Expand(req.URL, map[string]string{ 1445 "name": c.name, 1446 }) 1447 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1448 } 1449 1450 // Do executes the "iam.policies.operations.get" call. 1451 // Any non-2xx status code is an error. Response headers are in either 1452 // *GoogleLongrunningOperation.ServerResponse.Header or (if a response was 1453 // returned at all) in error.(*googleapi.Error).Header. Use 1454 // googleapi.IsNotModified to check whether the returned error was because 1455 // http.StatusNotModified was returned. 1456 func (c *PoliciesOperationsGetCall) Do(opts ...googleapi.CallOption) (*GoogleLongrunningOperation, error) { 1457 gensupport.SetOptions(c.urlParams_, opts...) 1458 res, err := c.doRequest("json") 1459 if res != nil && res.StatusCode == http.StatusNotModified { 1460 if res.Body != nil { 1461 res.Body.Close() 1462 } 1463 return nil, gensupport.WrapError(&googleapi.Error{ 1464 Code: res.StatusCode, 1465 Header: res.Header, 1466 }) 1467 } 1468 if err != nil { 1469 return nil, err 1470 } 1471 defer googleapi.CloseBody(res) 1472 if err := googleapi.CheckResponse(res); err != nil { 1473 return nil, gensupport.WrapError(err) 1474 } 1475 ret := &GoogleLongrunningOperation{ 1476 ServerResponse: googleapi.ServerResponse{ 1477 Header: res.Header, 1478 HTTPStatusCode: res.StatusCode, 1479 }, 1480 } 1481 target := &ret 1482 if err := gensupport.DecodeResponse(target, res); err != nil { 1483 return nil, err 1484 } 1485 return ret, nil 1486 } 1487