feat: Automated regeneration of IAM client (#10873)

Auto-created at 2024-03-12 01:30:11 +0000 using the toys pull request generator.

clients/iam/lib/google_api/iam/v1/metadata.ex

@@ -20,7 +20,7 @@ defmodule GoogleApi.IAM.V1 do
   API client metadata for GoogleApi.IAM.V1.
   """
 
-  @discovery_revision "20221013"
+  @discovery_revision "20240307"
 
   def discovery_revision(), do: @discovery_revision
 end

clients/iam/lib/google_api/iam/v1/model/access_restrictions.ex

@@ -0,0 +1,49 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTE: This file is auto generated by the elixir code generator program.
+# Do not edit this file manually.
+
+defmodule GoogleApi.IAM.V1.Model.AccessRestrictions do
+  @moduledoc """
+  Access related restrictions on the workforce pool.
+
+  ## Attributes
+
+  *   `allowedServices` (*type:* `list(GoogleApi.IAM.V1.Model.ServiceConfig.t)`, *default:* `nil`) - Optional. Immutable. Services allowed for web sign-in with the workforce pool. If not set by default there are no restrictions.
+  *   `disableProgrammaticSignin` (*type:* `boolean()`, *default:* `nil`) - Optional. Disable programmatic sign-in by disabling token issue via the Security Token API endpoint. See [Security Token Service API] (https://cloud.google.com/iam/docs/reference/sts/rest).
+  """
+
+  use GoogleApi.Gax.ModelBase
+
+  @type t :: %__MODULE__{
+          :allowedServices => list(GoogleApi.IAM.V1.Model.ServiceConfig.t()) | nil,
+          :disableProgrammaticSignin => boolean() | nil
+        }
+
+  field(:allowedServices, as: GoogleApi.IAM.V1.Model.ServiceConfig, type: :list)
+  field(:disableProgrammaticSignin)
+end
+
+defimpl Poison.Decoder, for: GoogleApi.IAM.V1.Model.AccessRestrictions do
+  def decode(value, options) do
+    GoogleApi.IAM.V1.Model.AccessRestrictions.decode(value, options)
+  end
+end
+
+defimpl Poison.Encoder, for: GoogleApi.IAM.V1.Model.AccessRestrictions do
+  def encode(value, options) do
+    GoogleApi.Gax.ModelBase.encode(value, options)
+  end
+end

clients/iam/lib/google_api/iam/v1/model/binding.ex

@@ -22,8 +22,8 @@ defmodule GoogleApi.IAM.V1.Model.Binding do
   ## Attributes
 
   *   `condition` (*type:* `GoogleApi.IAM.V1.Model.Expr.t`, *default:* `nil`) - The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
-  *   `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `[email protected]` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `[email protected]`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `[email protected]`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. 
-  *   `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
+  *   `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `[email protected]` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `[email protected]`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `[email protected]`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `[email protected]?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
+  *   `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).
   """
 
   use GoogleApi.Gax.ModelBase

clients/iam/lib/google_api/iam/v1/model/get_iam_policy_request.ex

@@ -0,0 +1,46 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTE: This file is auto generated by the elixir code generator program.
+# Do not edit this file manually.
+
+defmodule GoogleApi.IAM.V1.Model.GetIamPolicyRequest do
+  @moduledoc """
+  Request message for `GetIamPolicy` method.
+
+  ## Attributes
+
+  *   `options` (*type:* `GoogleApi.IAM.V1.Model.GetPolicyOptions.t`, *default:* `nil`) - OPTIONAL: A `GetPolicyOptions` object for specifying options to `GetIamPolicy`.
+  """
+
+  use GoogleApi.Gax.ModelBase
+
+  @type t :: %__MODULE__{
+          :options => GoogleApi.IAM.V1.Model.GetPolicyOptions.t() | nil
+        }
+
+  field(:options, as: GoogleApi.IAM.V1.Model.GetPolicyOptions)
+end
+
+defimpl Poison.Decoder, for: GoogleApi.IAM.V1.Model.GetIamPolicyRequest do
+  def decode(value, options) do
+    GoogleApi.IAM.V1.Model.GetIamPolicyRequest.decode(value, options)
+  end
+end
+
+defimpl Poison.Encoder, for: GoogleApi.IAM.V1.Model.GetIamPolicyRequest do
+  def encode(value, options) do
+    GoogleApi.Gax.ModelBase.encode(value, options)
+  end
+end

clients/iam/lib/google_api/iam/v1/model/get_policy_options.ex

@@ -0,0 +1,46 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTE: This file is auto generated by the elixir code generator program.
+# Do not edit this file manually.
+
+defmodule GoogleApi.IAM.V1.Model.GetPolicyOptions do
+  @moduledoc """
+  Encapsulates settings provided to GetIamPolicy.
+
+  ## Attributes
+
+  *   `requestedPolicyVersion` (*type:* `integer()`, *default:* `nil`) - Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
+  """
+
+  use GoogleApi.Gax.ModelBase
+
+  @type t :: %__MODULE__{
+          :requestedPolicyVersion => integer() | nil
+        }
+
+  field(:requestedPolicyVersion)
+end
+
+defimpl Poison.Decoder, for: GoogleApi.IAM.V1.Model.GetPolicyOptions do
+  def decode(value, options) do
+    GoogleApi.IAM.V1.Model.GetPolicyOptions.decode(value, options)
+  end
+end
+
+defimpl Poison.Encoder, for: GoogleApi.IAM.V1.Model.GetPolicyOptions do
+  def encode(value, options) do
+    GoogleApi.Gax.ModelBase.encode(value, options)
+  end
+end

clients/iam/lib/google_api/iam/v1/model/google_iam_admin_v1_workforce_pool_provider_oidc.ex

@@ -0,0 +1,67 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTE: This file is auto generated by the elixir code generator program.
+# Do not edit this file manually.
+
+defmodule GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidc do
+  @moduledoc """
+  Represents an OpenId Connect 1.0 identity provider.
+
+  ## Attributes
+
+  *   `clientId` (*type:* `String.t`, *default:* `nil`) - Required. The client ID. Must match the audience claim of the JWT issued by the identity provider.
+  *   `clientSecret` (*type:* `GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret.t`, *default:* `nil`) - The optional client secret. Required to enable Authorization Code flow for web sign-in.
+  *   `issuerUri` (*type:* `String.t`, *default:* `nil`) - Required. The OIDC issuer URI. Must be a valid URI using the 'https' scheme.
+  *   `jwksJson` (*type:* `String.t`, *default:* `nil`) - OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the `jwks_uri` from the discovery document(fetched from the .well-known path of the `issuer_uri`) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: { "keys": [ { "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" } ] }
+  *   `webSsoConfig` (*type:* `GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig.t`, *default:* `nil`) - Required. Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.
+  """
+
+  use GoogleApi.Gax.ModelBase
+
+  @type t :: %__MODULE__{
+          :clientId => String.t() | nil,
+          :clientSecret =>
+            GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret.t() | nil,
+          :issuerUri => String.t() | nil,
+          :jwksJson => String.t() | nil,
+          :webSsoConfig =>
+            GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig.t() | nil
+        }
+
+  field(:clientId)
+
+  field(:clientSecret,
+    as: GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret
+  )
+
+  field(:issuerUri)
+  field(:jwksJson)
+
+  field(:webSsoConfig,
+    as: GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig
+  )
+end
+
+defimpl Poison.Decoder, for: GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidc do
+  def decode(value, options) do
+    GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidc.decode(value, options)
+  end
+end
+
+defimpl Poison.Encoder, for: GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidc do
+  def encode(value, options) do
+    GoogleApi.Gax.ModelBase.encode(value, options)
+  end
+end

clients/iam/lib/google_api/iam/v1/model/google_iam_admin_v1_workforce_pool_provider_oidc_client_secret.ex

@@ -0,0 +1,55 @@
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTE: This file is auto generated by the elixir code generator program.
+# Do not edit this file manually.
+
+defmodule GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret do
+  @moduledoc """
+  Representation of a client secret configured for the OIDC provider.
+
+  ## Attributes
+
+  *   `value` (*type:* `GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue.t`, *default:* `nil`) - The value of the client secret.
+  """
+
+  use GoogleApi.Gax.ModelBase
+
+  @type t :: %__MODULE__{
+          :value =>
+            GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue.t()
+            | nil
+        }
+
+  field(:value,
+    as: GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidcClientSecretValue
+  )
+end
+
+defimpl Poison.Decoder,
+  for: GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret do
+  def decode(value, options) do
+    GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret.decode(
+      value,
+      options
+    )
+  end
+end
+
+defimpl Poison.Encoder,
+  for: GoogleApi.IAM.V1.Model.GoogleIamAdminV1WorkforcePoolProviderOidcClientSecret do
+  def encode(value, options) do
+    GoogleApi.Gax.ModelBase.encode(value, options)
+  end
+end