1 // Copyright 2024 Google LLC. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Code generated file. DO NOT EDIT. 6 7 // Package iap provides access to the Cloud Identity-Aware Proxy API. 8 // 9 // For product documentation, see: https://cloud.google.com/iap 10 // 11 // # Library status 12 // 13 // These client libraries are officially supported by Google. However, this 14 // library is considered complete and is in maintenance mode. This means 15 // that we will address critical bugs and security issues but will not add 16 // any new features. 17 // 18 // When possible, we recommend using our newer 19 // [Cloud Client Libraries for Go](https://pkg.go.dev/cloud.google.com/go) 20 // that are still actively being worked and iterated on. 21 // 22 // # Creating a client 23 // 24 // Usage example: 25 // 26 // import "google.golang.org/api/iap/v1beta1" 27 // ... 28 // ctx := context.Background() 29 // iapService, err := iap.NewService(ctx) 30 // 31 // In this example, Google Application Default Credentials are used for 32 // authentication. For information on how to create and obtain Application 33 // Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. 34 // 35 // # Other authentication options 36 // 37 // To use an API key for authentication (note: some APIs do not support API 38 // keys), use [google.golang.org/api/option.WithAPIKey]: 39 // 40 // iapService, err := iap.NewService(ctx, option.WithAPIKey("AIza...")) 41 // 42 // To use an OAuth token (e.g., a user token obtained via a three-legged OAuth 43 // flow, use [google.golang.org/api/option.WithTokenSource]: 44 // 45 // config := &oauth2.Config{...} 46 // // ... 47 // token, err := config.Exchange(ctx, ...) 48 // iapService, err := iap.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) 49 // 50 // See [google.golang.org/api/option.ClientOption] for details on options. 51 package iap // import "google.golang.org/api/iap/v1beta1" 52 53 import ( 54 "bytes" 55 "context" 56 "encoding/json" 57 "errors" 58 "fmt" 59 "io" 60 "net/http" 61 "net/url" 62 "strconv" 63 "strings" 64 65 googleapi "google.golang.org/api/googleapi" 66 internal "google.golang.org/api/internal" 67 gensupport "google.golang.org/api/internal/gensupport" 68 option "google.golang.org/api/option" 69 internaloption "google.golang.org/api/option/internaloption" 70 htransport "google.golang.org/api/transport/http" 71 ) 72 73 // Always reference these packages, just in case the auto-generated code 74 // below doesn't. 75 var _ = bytes.NewBuffer 76 var _ = strconv.Itoa 77 var _ = fmt.Sprintf 78 var _ = json.NewDecoder 79 var _ = io.Copy 80 var _ = url.Parse 81 var _ = gensupport.MarshalJSON 82 var _ = googleapi.Version 83 var _ = errors.New 84 var _ = strings.Replace 85 var _ = context.Canceled 86 var _ = internaloption.WithDefaultEndpoint 87 var _ = internal.Version 88 89 const apiId = "iap:v1beta1" 90 const apiName = "iap" 91 const apiVersion = "v1beta1" 92 const basePath = "https://iap.googleapis.com/" 93 const basePathTemplate = "https://iap.UNIVERSE_DOMAIN/" 94 const mtlsBasePath = "https://iap.mtls.googleapis.com/" 95 96 // OAuth2 scopes used by this API. 97 const ( 98 // See, edit, configure, and delete your Google Cloud data and see the email 99 // address for your Google Account. 100 CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" 101 ) 102 103 // NewService creates a new Service. 104 func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { 105 scopesOption := internaloption.WithDefaultScopes( 106 "https://www.googleapis.com/auth/cloud-platform", 107 ) 108 // NOTE: prepend, so we don't override user-specified scopes. 109 opts = append([]option.ClientOption{scopesOption}, opts...) 110 opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) 111 opts = append(opts, internaloption.WithDefaultEndpointTemplate(basePathTemplate)) 112 opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) 113 opts = append(opts, internaloption.EnableNewAuthLibrary()) 114 client, endpoint, err := htransport.NewClient(ctx, opts...) 115 if err != nil { 116 return nil, err 117 } 118 s, err := New(client) 119 if err != nil { 120 return nil, err 121 } 122 if endpoint != "" { 123 s.BasePath = endpoint 124 } 125 return s, nil 126 } 127 128 // New creates a new Service. It uses the provided http.Client for requests. 129 // 130 // Deprecated: please use NewService instead. 131 // To provide a custom HTTP client, use option.WithHTTPClient. 132 // If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. 133 func New(client *http.Client) (*Service, error) { 134 if client == nil { 135 return nil, errors.New("client is nil") 136 } 137 s := &Service{client: client, BasePath: basePath} 138 s.V1beta1 = NewV1beta1Service(s) 139 return s, nil 140 } 141 142 type Service struct { 143 client *http.Client 144 BasePath string // API endpoint base URL 145 UserAgent string // optional additional User-Agent fragment 146 147 V1beta1 *V1beta1Service 148 } 149 150 func (s *Service) userAgent() string { 151 if s.UserAgent == "" { 152 return googleapi.UserAgent 153 } 154 return googleapi.UserAgent + " " + s.UserAgent 155 } 156 157 func NewV1beta1Service(s *Service) *V1beta1Service { 158 rs := &V1beta1Service{s: s} 159 return rs 160 } 161 162 type V1beta1Service struct { 163 s *Service 164 } 165 166 // Binding: Associates `members`, or principals, with a `role`. 167 type Binding struct { 168 // Condition: The condition that is associated with this binding. If the 169 // condition evaluates to `true`, then this binding applies to the current 170 // request. If the condition evaluates to `false`, then this binding does not 171 // apply to the current request. However, a different role binding might grant 172 // the same role to one or more of the principals in this binding. To learn 173 // which resources support conditions in their IAM policies, see the IAM 174 // documentation 175 // (https://cloud.google.com/iam/help/conditions/resource-policies). 176 Condition *Expr `json:"condition,omitempty"` 177 // Members: Specifies the principals requesting access for a Google Cloud 178 // resource. `members` can have the following values: * `allUsers`: A special 179 // identifier that represents anyone who is on the internet; with or without a 180 // Google account. * `allAuthenticatedUsers`: A special identifier that 181 // represents anyone who is authenticated with a Google account or a service 182 // account. Does not include identities that come from external identity 183 // providers (IdPs) through identity federation. * `user:{emailid}`: An email 184 // address that represents a specific Google account. For example, 185 // `alice@example.com` . * `serviceAccount:{emailid}`: An email address that 186 // represents a Google service account. For example, 187 // `my-other-app@appspot.gserviceaccount.com`. * 188 // `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An 189 // identifier for a Kubernetes service account 190 // (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). 191 // For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * 192 // `group:{emailid}`: An email address that represents a Google group. For 193 // example, `admins@example.com`. * `domain:{domain}`: The G Suite domain 194 // (primary) that represents all the users of that domain. For example, 195 // `google.com` or `example.com`. * 196 // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/sub 197 // ject/{subject_attribute_value}`: A single identity in a workforce identity 198 // pool. * 199 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 200 // group/{group_id}`: All workforce identities in a group. * 201 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 202 // attribute.{attribute_name}/{attribute_value}`: All workforce identities with 203 // a specific attribute value. * 204 // `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/ 205 // *`: All identities in a workforce identity pool. * 206 // `principal://iam.googleapis.com/projects/{project_number}/locations/global/wo 207 // rkloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single 208 // identity in a workload identity pool. * 209 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 210 // /workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool 211 // group. * 212 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 213 // /workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value} 214 // `: All identities in a workload identity pool with a certain attribute. * 215 // `principalSet://iam.googleapis.com/projects/{project_number}/locations/global 216 // /workloadIdentityPools/{pool_id}/*`: All identities in a workload identity 217 // pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus 218 // unique identifier) representing a user that has been recently deleted. For 219 // example, `alice@example.com?uid=123456789012345678901`. If the user is 220 // recovered, this value reverts to `user:{emailid}` and the recovered user 221 // retains the role in the binding. * 222 // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus 223 // unique identifier) representing a service account that has been recently 224 // deleted. For example, 225 // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the 226 // service account is undeleted, this value reverts to 227 // `serviceAccount:{emailid}` and the undeleted service account retains the 228 // role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email 229 // address (plus unique identifier) representing a Google group that has been 230 // recently deleted. For example, 231 // `admins@example.com?uid=123456789012345678901`. If the group is recovered, 232 // this value reverts to `group:{emailid}` and the recovered group retains the 233 // role in the binding. * 234 // `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool 235 // _id}/subject/{subject_attribute_value}`: Deleted single identity in a 236 // workforce identity pool. For example, 237 // `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-po 238 // ol-id/subject/my-subject-attribute-value`. 239 Members []string `json:"members,omitempty"` 240 // Role: Role that is assigned to the list of `members`, or principals. For 241 // example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview 242 // of the IAM roles and permissions, see the IAM documentation 243 // (https://cloud.google.com/iam/docs/roles-overview). For a list of the 244 // available pre-defined roles, see here 245 // (https://cloud.google.com/iam/docs/understanding-roles). 246 Role string `json:"role,omitempty"` 247 // ForceSendFields is a list of field names (e.g. "Condition") to 248 // unconditionally include in API requests. By default, fields with empty or 249 // default values are omitted from API requests. See 250 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 251 // details. 252 ForceSendFields []string `json:"-"` 253 // NullFields is a list of field names (e.g. "Condition") to include in API 254 // requests with the JSON null value. By default, fields with empty values are 255 // omitted from API requests. See 256 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 257 NullFields []string `json:"-"` 258 } 259 260 func (s *Binding) MarshalJSON() ([]byte, error) { 261 type NoMethod Binding 262 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 263 } 264 265 // Expr: Represents a textual expression in the Common Expression Language 266 // (CEL) syntax. CEL is a C-like expression language. The syntax and semantics 267 // of CEL are documented at https://github.com/google/cel-spec. Example 268 // (Comparison): title: "Summary size limit" description: "Determines if a 269 // summary is less than 100 chars" expression: "document.summary.size() < 100" 270 // Example (Equality): title: "Requestor is owner" description: "Determines if 271 // requestor is the document owner" expression: "document.owner == 272 // request.auth.claims.email" Example (Logic): title: "Public documents" 273 // description: "Determine whether the document should be publicly visible" 274 // expression: "document.type != 'private' && document.type != 'internal'" 275 // Example (Data Manipulation): title: "Notification string" description: 276 // "Create a notification string with a timestamp." expression: "'New message 277 // received at ' + string(document.create_time)" The exact variables and 278 // functions that may be referenced within an expression are determined by the 279 // service that evaluates it. See the service documentation for additional 280 // information. 281 type Expr struct { 282 // Description: Optional. Description of the expression. This is a longer text 283 // which describes the expression, e.g. when hovered over it in a UI. 284 Description string `json:"description,omitempty"` 285 // Expression: Textual representation of an expression in Common Expression 286 // Language syntax. 287 Expression string `json:"expression,omitempty"` 288 // Location: Optional. String indicating the location of the expression for 289 // error reporting, e.g. a file name and a position in the file. 290 Location string `json:"location,omitempty"` 291 // Title: Optional. Title for the expression, i.e. a short string describing 292 // its purpose. This can be used e.g. in UIs which allow to enter the 293 // expression. 294 Title string `json:"title,omitempty"` 295 // ForceSendFields is a list of field names (e.g. "Description") to 296 // unconditionally include in API requests. By default, fields with empty or 297 // default values are omitted from API requests. See 298 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 299 // details. 300 ForceSendFields []string `json:"-"` 301 // NullFields is a list of field names (e.g. "Description") to include in API 302 // requests with the JSON null value. By default, fields with empty values are 303 // omitted from API requests. See 304 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 305 NullFields []string `json:"-"` 306 } 307 308 func (s *Expr) MarshalJSON() ([]byte, error) { 309 type NoMethod Expr 310 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 311 } 312 313 // GetIamPolicyRequest: Request message for `GetIamPolicy` method. 314 type GetIamPolicyRequest struct { 315 // Options: OPTIONAL: A `GetPolicyOptions` object for specifying options to 316 // `GetIamPolicy`. 317 Options *GetPolicyOptions `json:"options,omitempty"` 318 // ForceSendFields is a list of field names (e.g. "Options") to unconditionally 319 // include in API requests. By default, fields with empty or default values are 320 // omitted from API requests. See 321 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 322 // details. 323 ForceSendFields []string `json:"-"` 324 // NullFields is a list of field names (e.g. "Options") to include in API 325 // requests with the JSON null value. By default, fields with empty values are 326 // omitted from API requests. See 327 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 328 NullFields []string `json:"-"` 329 } 330 331 func (s *GetIamPolicyRequest) MarshalJSON() ([]byte, error) { 332 type NoMethod GetIamPolicyRequest 333 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 334 } 335 336 // GetPolicyOptions: Encapsulates settings provided to GetIamPolicy. 337 type GetPolicyOptions struct { 338 // RequestedPolicyVersion: Optional. The maximum policy version that will be 339 // used to format the policy. Valid values are 0, 1, and 3. Requests specifying 340 // an invalid value will be rejected. Requests for policies with any 341 // conditional role bindings must specify version 3. Policies with no 342 // conditional role bindings may specify any valid value or leave the field 343 // unset. The policy in the response might use the policy version that you 344 // specified, or it might use a lower policy version. For example, if you 345 // specify version 3, but the policy has no conditional role bindings, the 346 // response uses version 1. To learn which resources support conditions in 347 // their IAM policies, see the IAM documentation 348 // (https://cloud.google.com/iam/help/conditions/resource-policies). 349 RequestedPolicyVersion int64 `json:"requestedPolicyVersion,omitempty"` 350 // ForceSendFields is a list of field names (e.g. "RequestedPolicyVersion") to 351 // unconditionally include in API requests. By default, fields with empty or 352 // default values are omitted from API requests. See 353 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 354 // details. 355 ForceSendFields []string `json:"-"` 356 // NullFields is a list of field names (e.g. "RequestedPolicyVersion") to 357 // include in API requests with the JSON null value. By default, fields with 358 // empty values are omitted from API requests. See 359 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 360 NullFields []string `json:"-"` 361 } 362 363 func (s *GetPolicyOptions) MarshalJSON() ([]byte, error) { 364 type NoMethod GetPolicyOptions 365 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 366 } 367 368 // Policy: An Identity and Access Management (IAM) policy, which specifies 369 // access controls for Google Cloud resources. A `Policy` is a collection of 370 // `bindings`. A `binding` binds one or more `members`, or principals, to a 371 // single `role`. Principals can be user accounts, service accounts, Google 372 // groups, and domains (such as G Suite). A `role` is a named list of 373 // permissions; each `role` can be an IAM predefined role or a user-created 374 // custom role. For some types of Google Cloud resources, a `binding` can also 375 // specify a `condition`, which is a logical expression that allows access to a 376 // resource only if the expression evaluates to `true`. A condition can add 377 // constraints based on attributes of the request, the resource, or both. To 378 // learn which resources support conditions in their IAM policies, see the IAM 379 // documentation 380 // (https://cloud.google.com/iam/help/conditions/resource-policies). **JSON 381 // example:** ``` { "bindings": [ { "role": 382 // "roles/resourcemanager.organizationAdmin", "members": [ 383 // "user:mike@example.com", "group:admins@example.com", "domain:google.com", 384 // "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": 385 // "roles/resourcemanager.organizationViewer", "members": [ 386 // "user:eve@example.com" ], "condition": { "title": "expirable access", 387 // "description": "Does not grant access after Sep 2020", "expression": 388 // "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": 389 // "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - 390 // members: - user:mike@example.com - group:admins@example.com - 391 // domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com 392 // role: roles/resourcemanager.organizationAdmin - members: - 393 // user:eve@example.com role: roles/resourcemanager.organizationViewer 394 // condition: title: expirable access description: Does not grant access after 395 // Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') 396 // etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, 397 // see the IAM documentation (https://cloud.google.com/iam/docs/). 398 type Policy struct { 399 // Bindings: Associates a list of `members`, or principals, with a `role`. 400 // Optionally, may specify a `condition` that determines how and when the 401 // `bindings` are applied. Each of the `bindings` must contain at least one 402 // principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; 403 // up to 250 of these principals can be Google groups. Each occurrence of a 404 // principal counts towards these limits. For example, if the `bindings` grant 405 // 50 different roles to `user:alice@example.com`, and not to any other 406 // principal, then you can add another 1,450 principals to the `bindings` in 407 // the `Policy`. 408 Bindings []*Binding `json:"bindings,omitempty"` 409 // Etag: `etag` is used for optimistic concurrency control as a way to help 410 // prevent simultaneous updates of a policy from overwriting each other. It is 411 // strongly suggested that systems make use of the `etag` in the 412 // read-modify-write cycle to perform policy updates in order to avoid race 413 // conditions: An `etag` is returned in the response to `getIamPolicy`, and 414 // systems are expected to put that etag in the request to `setIamPolicy` to 415 // ensure that their change will be applied to the same version of the policy. 416 // **Important:** If you use IAM Conditions, you must include the `etag` field 417 // whenever you call `setIamPolicy`. If you omit this field, then IAM allows 418 // you to overwrite a version `3` policy with a version `1` policy, and all of 419 // the conditions in the version `3` policy are lost. 420 Etag string `json:"etag,omitempty"` 421 // Version: Specifies the format of the policy. Valid values are `0`, `1`, and 422 // `3`. Requests that specify an invalid value are rejected. Any operation that 423 // affects conditional role bindings must specify version `3`. This requirement 424 // applies to the following operations: * Getting a policy that includes a 425 // conditional role binding * Adding a conditional role binding to a policy * 426 // Changing a conditional role binding in a policy * Removing any role binding, 427 // with or without a condition, from a policy that includes conditions 428 // **Important:** If you use IAM Conditions, you must include the `etag` field 429 // whenever you call `setIamPolicy`. If you omit this field, then IAM allows 430 // you to overwrite a version `3` policy with a version `1` policy, and all of 431 // the conditions in the version `3` policy are lost. If a policy does not 432 // include any conditions, operations on that policy may specify any valid 433 // version or leave the field unset. To learn which resources support 434 // conditions in their IAM policies, see the IAM documentation 435 // (https://cloud.google.com/iam/help/conditions/resource-policies). 436 Version int64 `json:"version,omitempty"` 437 438 // ServerResponse contains the HTTP response code and headers from the server. 439 googleapi.ServerResponse `json:"-"` 440 // ForceSendFields is a list of field names (e.g. "Bindings") to 441 // unconditionally include in API requests. By default, fields with empty or 442 // default values are omitted from API requests. See 443 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 444 // details. 445 ForceSendFields []string `json:"-"` 446 // NullFields is a list of field names (e.g. "Bindings") to include in API 447 // requests with the JSON null value. By default, fields with empty values are 448 // omitted from API requests. See 449 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 450 NullFields []string `json:"-"` 451 } 452 453 func (s *Policy) MarshalJSON() ([]byte, error) { 454 type NoMethod Policy 455 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 456 } 457 458 // SetIamPolicyRequest: Request message for `SetIamPolicy` method. 459 type SetIamPolicyRequest struct { 460 // Policy: REQUIRED: The complete policy to be applied to the `resource`. The 461 // size of the policy is limited to a few 10s of KB. An empty policy is a valid 462 // policy but certain Google Cloud services (such as Projects) might reject 463 // them. 464 Policy *Policy `json:"policy,omitempty"` 465 // ForceSendFields is a list of field names (e.g. "Policy") to unconditionally 466 // include in API requests. By default, fields with empty or default values are 467 // omitted from API requests. See 468 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 469 // details. 470 ForceSendFields []string `json:"-"` 471 // NullFields is a list of field names (e.g. "Policy") to include in API 472 // requests with the JSON null value. By default, fields with empty values are 473 // omitted from API requests. See 474 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 475 NullFields []string `json:"-"` 476 } 477 478 func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error) { 479 type NoMethod SetIamPolicyRequest 480 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 481 } 482 483 // TestIamPermissionsRequest: Request message for `TestIamPermissions` method. 484 type TestIamPermissionsRequest struct { 485 // Permissions: The set of permissions to check for the `resource`. Permissions 486 // with wildcards (such as `*` or `storage.*`) are not allowed. For more 487 // information see IAM Overview 488 // (https://cloud.google.com/iam/docs/overview#permissions). 489 Permissions []string `json:"permissions,omitempty"` 490 // ForceSendFields is a list of field names (e.g. "Permissions") to 491 // unconditionally include in API requests. By default, fields with empty or 492 // default values are omitted from API requests. See 493 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 494 // details. 495 ForceSendFields []string `json:"-"` 496 // NullFields is a list of field names (e.g. "Permissions") to include in API 497 // requests with the JSON null value. By default, fields with empty values are 498 // omitted from API requests. See 499 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 500 NullFields []string `json:"-"` 501 } 502 503 func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error) { 504 type NoMethod TestIamPermissionsRequest 505 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 506 } 507 508 // TestIamPermissionsResponse: Response message for `TestIamPermissions` 509 // method. 510 type TestIamPermissionsResponse struct { 511 // Permissions: A subset of `TestPermissionsRequest.permissions` that the 512 // caller is allowed. 513 Permissions []string `json:"permissions,omitempty"` 514 515 // ServerResponse contains the HTTP response code and headers from the server. 516 googleapi.ServerResponse `json:"-"` 517 // ForceSendFields is a list of field names (e.g. "Permissions") to 518 // unconditionally include in API requests. By default, fields with empty or 519 // default values are omitted from API requests. See 520 // https://pkg.go.dev/google.golang.org/api#hdr-ForceSendFields for more 521 // details. 522 ForceSendFields []string `json:"-"` 523 // NullFields is a list of field names (e.g. "Permissions") to include in API 524 // requests with the JSON null value. By default, fields with empty values are 525 // omitted from API requests. See 526 // https://pkg.go.dev/google.golang.org/api#hdr-NullFields for more details. 527 NullFields []string `json:"-"` 528 } 529 530 func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) { 531 type NoMethod TestIamPermissionsResponse 532 return gensupport.MarshalJSON(NoMethod(*s), s.ForceSendFields, s.NullFields) 533 } 534 535 type V1beta1GetIamPolicyCall struct { 536 s *Service 537 resource string 538 getiampolicyrequest *GetIamPolicyRequest 539 urlParams_ gensupport.URLParams 540 ctx_ context.Context 541 header_ http.Header 542 } 543 544 // GetIamPolicy: Gets the access control policy for an Identity-Aware Proxy 545 // protected resource. More information about managing access via IAP can be 546 // found at: 547 // https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api 548 // 549 // - resource: REQUIRED: The resource for which the policy is being requested. 550 // See Resource names (https://cloud.google.com/apis/design/resource_names) 551 // for the appropriate value for this field. 552 func (r *V1beta1Service) GetIamPolicy(resource string, getiampolicyrequest *GetIamPolicyRequest) *V1beta1GetIamPolicyCall { 553 c := &V1beta1GetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 554 c.resource = resource 555 c.getiampolicyrequest = getiampolicyrequest 556 return c 557 } 558 559 // Fields allows partial responses to be retrieved. See 560 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 561 // details. 562 func (c *V1beta1GetIamPolicyCall) Fields(s ...googleapi.Field) *V1beta1GetIamPolicyCall { 563 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 564 return c 565 } 566 567 // Context sets the context to be used in this call's Do method. 568 func (c *V1beta1GetIamPolicyCall) Context(ctx context.Context) *V1beta1GetIamPolicyCall { 569 c.ctx_ = ctx 570 return c 571 } 572 573 // Header returns a http.Header that can be modified by the caller to add 574 // headers to the request. 575 func (c *V1beta1GetIamPolicyCall) Header() http.Header { 576 if c.header_ == nil { 577 c.header_ = make(http.Header) 578 } 579 return c.header_ 580 } 581 582 func (c *V1beta1GetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 583 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 584 var body io.Reader = nil 585 body, err := googleapi.WithoutDataWrapper.JSONReader(c.getiampolicyrequest) 586 if err != nil { 587 return nil, err 588 } 589 c.urlParams_.Set("alt", alt) 590 c.urlParams_.Set("prettyPrint", "false") 591 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:getIamPolicy") 592 urls += "?" + c.urlParams_.Encode() 593 req, err := http.NewRequest("POST", urls, body) 594 if err != nil { 595 return nil, err 596 } 597 req.Header = reqHeaders 598 googleapi.Expand(req.URL, map[string]string{ 599 "resource": c.resource, 600 }) 601 return gensupport.SendRequest(c.ctx_, c.s.client, req) 602 } 603 604 // Do executes the "iap.getIamPolicy" call. 605 // Any non-2xx status code is an error. Response headers are in either 606 // *Policy.ServerResponse.Header or (if a response was returned at all) in 607 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 608 // whether the returned error was because http.StatusNotModified was returned. 609 func (c *V1beta1GetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 610 gensupport.SetOptions(c.urlParams_, opts...) 611 res, err := c.doRequest("json") 612 if res != nil && res.StatusCode == http.StatusNotModified { 613 if res.Body != nil { 614 res.Body.Close() 615 } 616 return nil, gensupport.WrapError(&googleapi.Error{ 617 Code: res.StatusCode, 618 Header: res.Header, 619 }) 620 } 621 if err != nil { 622 return nil, err 623 } 624 defer googleapi.CloseBody(res) 625 if err := googleapi.CheckResponse(res); err != nil { 626 return nil, gensupport.WrapError(err) 627 } 628 ret := &Policy{ 629 ServerResponse: googleapi.ServerResponse{ 630 Header: res.Header, 631 HTTPStatusCode: res.StatusCode, 632 }, 633 } 634 target := &ret 635 if err := gensupport.DecodeResponse(target, res); err != nil { 636 return nil, err 637 } 638 return ret, nil 639 } 640 641 type V1beta1SetIamPolicyCall struct { 642 s *Service 643 resource string 644 setiampolicyrequest *SetIamPolicyRequest 645 urlParams_ gensupport.URLParams 646 ctx_ context.Context 647 header_ http.Header 648 } 649 650 // SetIamPolicy: Sets the access control policy for an Identity-Aware Proxy 651 // protected resource. Replaces any existing policy. More information about 652 // managing access via IAP can be found at: 653 // https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api 654 // 655 // - resource: REQUIRED: The resource for which the policy is being specified. 656 // See Resource names (https://cloud.google.com/apis/design/resource_names) 657 // for the appropriate value for this field. 658 func (r *V1beta1Service) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *V1beta1SetIamPolicyCall { 659 c := &V1beta1SetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 660 c.resource = resource 661 c.setiampolicyrequest = setiampolicyrequest 662 return c 663 } 664 665 // Fields allows partial responses to be retrieved. See 666 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 667 // details. 668 func (c *V1beta1SetIamPolicyCall) Fields(s ...googleapi.Field) *V1beta1SetIamPolicyCall { 669 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 670 return c 671 } 672 673 // Context sets the context to be used in this call's Do method. 674 func (c *V1beta1SetIamPolicyCall) Context(ctx context.Context) *V1beta1SetIamPolicyCall { 675 c.ctx_ = ctx 676 return c 677 } 678 679 // Header returns a http.Header that can be modified by the caller to add 680 // headers to the request. 681 func (c *V1beta1SetIamPolicyCall) Header() http.Header { 682 if c.header_ == nil { 683 c.header_ = make(http.Header) 684 } 685 return c.header_ 686 } 687 688 func (c *V1beta1SetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 689 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 690 var body io.Reader = nil 691 body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest) 692 if err != nil { 693 return nil, err 694 } 695 c.urlParams_.Set("alt", alt) 696 c.urlParams_.Set("prettyPrint", "false") 697 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:setIamPolicy") 698 urls += "?" + c.urlParams_.Encode() 699 req, err := http.NewRequest("POST", urls, body) 700 if err != nil { 701 return nil, err 702 } 703 req.Header = reqHeaders 704 googleapi.Expand(req.URL, map[string]string{ 705 "resource": c.resource, 706 }) 707 return gensupport.SendRequest(c.ctx_, c.s.client, req) 708 } 709 710 // Do executes the "iap.setIamPolicy" call. 711 // Any non-2xx status code is an error. Response headers are in either 712 // *Policy.ServerResponse.Header or (if a response was returned at all) in 713 // error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check 714 // whether the returned error was because http.StatusNotModified was returned. 715 func (c *V1beta1SetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 716 gensupport.SetOptions(c.urlParams_, opts...) 717 res, err := c.doRequest("json") 718 if res != nil && res.StatusCode == http.StatusNotModified { 719 if res.Body != nil { 720 res.Body.Close() 721 } 722 return nil, gensupport.WrapError(&googleapi.Error{ 723 Code: res.StatusCode, 724 Header: res.Header, 725 }) 726 } 727 if err != nil { 728 return nil, err 729 } 730 defer googleapi.CloseBody(res) 731 if err := googleapi.CheckResponse(res); err != nil { 732 return nil, gensupport.WrapError(err) 733 } 734 ret := &Policy{ 735 ServerResponse: googleapi.ServerResponse{ 736 Header: res.Header, 737 HTTPStatusCode: res.StatusCode, 738 }, 739 } 740 target := &ret 741 if err := gensupport.DecodeResponse(target, res); err != nil { 742 return nil, err 743 } 744 return ret, nil 745 } 746 747 type V1beta1TestIamPermissionsCall struct { 748 s *Service 749 resource string 750 testiampermissionsrequest *TestIamPermissionsRequest 751 urlParams_ gensupport.URLParams 752 ctx_ context.Context 753 header_ http.Header 754 } 755 756 // TestIamPermissions: Returns permissions that a caller has on the 757 // Identity-Aware Proxy protected resource. If the resource does not exist or 758 // the caller does not have Identity-Aware Proxy permissions a 759 // [google.rpc.Code.PERMISSION_DENIED] will be returned. More information about 760 // managing access via IAP can be found at: 761 // https://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api 762 // 763 // - resource: REQUIRED: The resource for which the policy detail is being 764 // requested. See Resource names 765 // (https://cloud.google.com/apis/design/resource_names) for the appropriate 766 // value for this field. 767 func (r *V1beta1Service) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *V1beta1TestIamPermissionsCall { 768 c := &V1beta1TestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)} 769 c.resource = resource 770 c.testiampermissionsrequest = testiampermissionsrequest 771 return c 772 } 773 774 // Fields allows partial responses to be retrieved. See 775 // https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more 776 // details. 777 func (c *V1beta1TestIamPermissionsCall) Fields(s ...googleapi.Field) *V1beta1TestIamPermissionsCall { 778 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 779 return c 780 } 781 782 // Context sets the context to be used in this call's Do method. 783 func (c *V1beta1TestIamPermissionsCall) Context(ctx context.Context) *V1beta1TestIamPermissionsCall { 784 c.ctx_ = ctx 785 return c 786 } 787 788 // Header returns a http.Header that can be modified by the caller to add 789 // headers to the request. 790 func (c *V1beta1TestIamPermissionsCall) Header() http.Header { 791 if c.header_ == nil { 792 c.header_ = make(http.Header) 793 } 794 return c.header_ 795 } 796 797 func (c *V1beta1TestIamPermissionsCall) doRequest(alt string) (*http.Response, error) { 798 reqHeaders := gensupport.SetHeaders(c.s.userAgent(), "application/json", c.header_) 799 var body io.Reader = nil 800 body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest) 801 if err != nil { 802 return nil, err 803 } 804 c.urlParams_.Set("alt", alt) 805 c.urlParams_.Set("prettyPrint", "false") 806 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:testIamPermissions") 807 urls += "?" + c.urlParams_.Encode() 808 req, err := http.NewRequest("POST", urls, body) 809 if err != nil { 810 return nil, err 811 } 812 req.Header = reqHeaders 813 googleapi.Expand(req.URL, map[string]string{ 814 "resource": c.resource, 815 }) 816 return gensupport.SendRequest(c.ctx_, c.s.client, req) 817 } 818 819 // Do executes the "iap.testIamPermissions" call. 820 // Any non-2xx status code is an error. Response headers are in either 821 // *TestIamPermissionsResponse.ServerResponse.Header or (if a response was 822 // returned at all) in error.(*googleapi.Error).Header. Use 823 // googleapi.IsNotModified to check whether the returned error was because 824 // http.StatusNotModified was returned. 825 func (c *V1beta1TestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) { 826 gensupport.SetOptions(c.urlParams_, opts...) 827 res, err := c.doRequest("json") 828 if res != nil && res.StatusCode == http.StatusNotModified { 829 if res.Body != nil { 830 res.Body.Close() 831 } 832 return nil, gensupport.WrapError(&googleapi.Error{ 833 Code: res.StatusCode, 834 Header: res.Header, 835 }) 836 } 837 if err != nil { 838 return nil, err 839 } 840 defer googleapi.CloseBody(res) 841 if err := googleapi.CheckResponse(res); err != nil { 842 return nil, gensupport.WrapError(err) 843 } 844 ret := &TestIamPermissionsResponse{ 845 ServerResponse: googleapi.ServerResponse{ 846 Header: res.Header, 847 HTTPStatusCode: res.StatusCode, 848 }, 849 } 850 target := &ret 851 if err := gensupport.DecodeResponse(target, res); err != nil { 852 return nil, err 853 } 854 return ret, nil 855 } 856