diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/api/organizations.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/api/organizations.ex index 95fbc0396b..41ceeaf8c2 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/api/organizations.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/api/organizations.ex @@ -537,7 +537,7 @@ defmodule GoogleApi.CloudResourceManager.V1.Api.Organizations do end @doc """ - Searches Organization resources that are visible to the user and satisfy the specified filter. This method returns Organizations in an unspecified order. New Organizations do not necessarily appear at the end of the results. Search will only return organizations on which the user has the permission `resourcemanager.organizations.get` + Searches Organization resources that are visible to the user and satisfy the specified filter. This method returns Organizations in an unspecified order. New Organizations do not necessarily appear at the end of the results. Search will only return organizations on which the user has the permission `resourcemanager.organizations.get` or has super admin privileges. ## Parameters diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/api/projects.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/api/projects.ex index a19932eaaa..2a3ae29649 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/api/projects.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/api/projects.ex @@ -790,7 +790,7 @@ defmodule GoogleApi.CloudResourceManager.V1.Api.Projects do end @doc """ - Sets the IAM access control policy for the specified Project. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. NOTE: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. For additional information about `resource` (e.g. my-project-id) structure and identification, see [Resource Names](https://cloud.google.com/apis/design/resource_names). The following constraints apply when using `setIamPolicy()`: + Project does not support `allUsers` and `allAuthenticatedUsers` as `members` in a `Binding` of a `Policy`. + The owner role can be granted to a `user`, `serviceAccount`, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited via Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using `setIamPolicy()`. The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + You can only grant ownership of a project to a member by using the GCP Console. Inviting a member will deliver an invitation email that they must accept. An invitation email is not generated if you are granting a role other than owner, or if both the member you are inviting and the project are part of your organization. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling `setIamPolicy()` to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible. Authorization requires the Google IAM permission `resourcemanager.projects.setIamPolicy` on the project + Sets the IAM access control policy for the specified Project. CAUTION: This method will replace the existing policy, and cannot be used to append additional IAM settings. NOTE: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles. For additional information about `resource` (e.g. my-project-id) structure and identification, see [Resource Names](https://cloud.google.com/apis/design/resource_names). The following constraints apply when using `setIamPolicy()`: + Project does not support `allUsers` and `allAuthenticatedUsers` as `members` in a `Binding` of a `Policy`. + The owner role can be granted to a `user`, `serviceAccount`, or a group that is part of an organization. For example, group@myownpersonaldomain.com could be added as an owner to a project in the myownpersonaldomain.com organization, but not the examplepetstore.com organization. + Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited via Cloud Platform console and must accept the invitation. + A user cannot be granted the owner role using `setIamPolicy()`. The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation. + You can only grant ownership of a project to a member by using the Google Cloud console. Inviting a member will deliver an invitation email that they must accept. An invitation email is not generated if you are granting a role other than owner, or if both the member you are inviting and the project are part of your organization. + If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling `setIamPolicy()` to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified. If the project is part of an organization, you can remove all owners, potentially making the organization inaccessible. Authorization requires the Google IAM permission `resourcemanager.projects.setIamPolicy` on the project ## Parameters diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/metadata.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/metadata.ex index 720f69c23d..2e962774a8 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/metadata.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/metadata.ex @@ -20,7 +20,7 @@ defmodule GoogleApi.CloudResourceManager.V1 do API client metadata for GoogleApi.CloudResourceManager.V1. """ - @discovery_revision "20221016" + @discovery_revision "20240303" def discovery_revision(), do: @discovery_revision end diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/binding.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/binding.ex index a0d9756b49..41416deb41 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/binding.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/binding.ex @@ -22,8 +22,8 @@ defmodule GoogleApi.CloudResourceManager.V1.Model.Binding do ## Attributes * `condition` (*type:* `GoogleApi.CloudResourceManager.V1.Model.Expr.t`, *default:* `nil`) - The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). - * `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. - * `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + * `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. + * `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/operation.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/operation.ex index 0496b7b3bb..ebceddc5a3 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/operation.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/operation.ex @@ -25,7 +25,7 @@ defmodule GoogleApi.CloudResourceManager.V1.Model.Operation do * `error` (*type:* `GoogleApi.CloudResourceManager.V1.Model.Status.t`, *default:* `nil`) - The error result of the operation in case of failure or cancellation. * `metadata` (*type:* `map()`, *default:* `nil`) - Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. * `name` (*type:* `String.t`, *default:* `nil`) - The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`. - * `response` (*type:* `map()`, *default:* `nil`) - The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. + * `response` (*type:* `map()`, *default:* `nil`) - The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/organization.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/organization.ex index 12f2e660a0..3f88fda9f6 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/organization.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/organization.ex @@ -22,7 +22,7 @@ defmodule GoogleApi.CloudResourceManager.V1.Model.Organization do ## Attributes * `creationTime` (*type:* `DateTime.t`, *default:* `nil`) - Timestamp when the Organization was created. Assigned by the server. - * `displayName` (*type:* `String.t`, *default:* `nil`) - A human-readable string that refers to the Organization in the GCP Console UI. This string is set by the server and cannot be changed. The string will be set to the primary domain (for example, "google.com") of the G Suite customer that owns the organization. + * `displayName` (*type:* `String.t`, *default:* `nil`) - A human-readable string that refers to the Organization in the Google Cloud console. This string is set by the server and cannot be changed. The string will be set to the primary domain (for example, "google.com") of the G Suite customer that owns the organization. * `lifecycleState` (*type:* `String.t`, *default:* `nil`) - The organization's current lifecycle state. Assigned by the server. * `name` (*type:* `String.t`, *default:* `nil`) - Output only. The resource name of the organization. This is the organization's relative path in the API. Its format is "organizations/[organization_id]". For example, "organizations/1234". * `owner` (*type:* `GoogleApi.CloudResourceManager.V1.Model.OrganizationOwner.t`, *default:* `nil`) - The owner of this Organization. The owner should be specified on creation. Once set, it cannot be changed. This field is required. diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/policy.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/policy.ex index bd30f7e770..c3429c0b9a 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/policy.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/policy.ex @@ -17,7 +17,7 @@ defmodule GoogleApi.CloudResourceManager.V1.Model.Policy do @moduledoc """ - An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). + An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). ## Attributes diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/project.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/project.ex index 5d07ef7da7..3b773648df 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/project.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v1/model/project.ex @@ -28,6 +28,7 @@ defmodule GoogleApi.CloudResourceManager.V1.Model.Project do * `parent` (*type:* `GoogleApi.CloudResourceManager.V1.Model.ResourceId.t`, *default:* `nil`) - An optional reference to a parent Resource. Supported parent types include "organization" and "folder". Once set, the parent cannot be cleared. The `parent` can be set on creation or using the `UpdateProject` method; the end user must have the `resourcemanager.projects.create` permission on the parent. * `projectId` (*type:* `String.t`, *default:* `nil`) - The unique, user-assigned ID of the Project. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited. Example: `tokyo-rain-123` Read-only after creation. * `projectNumber` (*type:* `String.t`, *default:* `nil`) - The number uniquely identifying the project. Example: `415104041262` Read-only. + * `tags` (*type:* `map()`, *default:* `nil`) - Optional. Input only. Immutable. Tag keys/values directly bound to this project. Each item in the map must be expressed as " : ". For example: "123/environment" : "production", "123/costCenter" : "marketing" """ use GoogleApi.Gax.ModelBase @@ -39,7 +40,8 @@ defmodule GoogleApi.CloudResourceManager.V1.Model.Project do :name => String.t() | nil, :parent => GoogleApi.CloudResourceManager.V1.Model.ResourceId.t() | nil, :projectId => String.t() | nil, - :projectNumber => String.t() | nil + :projectNumber => String.t() | nil, + :tags => map() | nil } field(:createTime, as: DateTime) @@ -49,6 +51,7 @@ defmodule GoogleApi.CloudResourceManager.V1.Model.Project do field(:parent, as: GoogleApi.CloudResourceManager.V1.Model.ResourceId) field(:projectId) field(:projectNumber) + field(:tags, type: :map) end defimpl Poison.Decoder, for: GoogleApi.CloudResourceManager.V1.Model.Project do diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/metadata.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/metadata.ex index a69c9d70bd..7049c84236 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/metadata.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/metadata.ex @@ -20,7 +20,7 @@ defmodule GoogleApi.CloudResourceManager.V2 do API client metadata for GoogleApi.CloudResourceManager.V2. """ - @discovery_revision "20221016" + @discovery_revision "20240303" def discovery_revision(), do: @discovery_revision end diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/binding.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/binding.ex index 8871ab3ed9..6d8f2ef8b3 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/binding.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/binding.ex @@ -22,8 +22,8 @@ defmodule GoogleApi.CloudResourceManager.V2.Model.Binding do ## Attributes * `condition` (*type:* `GoogleApi.CloudResourceManager.V2.Model.Expr.t`, *default:* `nil`) - The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). - * `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. - * `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + * `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. + * `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/folder.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/folder.ex index 7afdc72780..437ef6cea7 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/folder.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/folder.ex @@ -26,6 +26,7 @@ defmodule GoogleApi.CloudResourceManager.V2.Model.Folder do * `lifecycleState` (*type:* `String.t`, *default:* `nil`) - Output only. The lifecycle state of the folder. Updates to the lifecycle_state must be performed via DeleteFolder and UndeleteFolder. * `name` (*type:* `String.t`, *default:* `nil`) - Output only. The resource name of the Folder. Its format is `folders/{folder_id}`, for example: "folders/1234". * `parent` (*type:* `String.t`, *default:* `nil`) - Required. The Folder's parent's resource name. Updates to the folder's parent must be performed via MoveFolder. + * `tags` (*type:* `map()`, *default:* `nil`) - Optional. Input only. Immutable. Tag keys/values directly bound to this folder. Each item in the map must be expressed as " : ". For example: "123/environment" : "production", "123/costCenter" : "marketing" """ use GoogleApi.Gax.ModelBase @@ -35,7 +36,8 @@ defmodule GoogleApi.CloudResourceManager.V2.Model.Folder do :displayName => String.t() | nil, :lifecycleState => String.t() | nil, :name => String.t() | nil, - :parent => String.t() | nil + :parent => String.t() | nil, + :tags => map() | nil } field(:createTime, as: DateTime) @@ -43,6 +45,7 @@ defmodule GoogleApi.CloudResourceManager.V2.Model.Folder do field(:lifecycleState) field(:name) field(:parent) + field(:tags, type: :map) end defimpl Poison.Decoder, for: GoogleApi.CloudResourceManager.V2.Model.Folder do diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/operation.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/operation.ex index a1c8e478fa..9331ca2ede 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/operation.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/operation.ex @@ -25,7 +25,7 @@ defmodule GoogleApi.CloudResourceManager.V2.Model.Operation do * `error` (*type:* `GoogleApi.CloudResourceManager.V2.Model.Status.t`, *default:* `nil`) - The error result of the operation in case of failure or cancellation. * `metadata` (*type:* `map()`, *default:* `nil`) - Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. * `name` (*type:* `String.t`, *default:* `nil`) - The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`. - * `response` (*type:* `map()`, *default:* `nil`) - The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. + * `response` (*type:* `map()`, *default:* `nil`) - The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/policy.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/policy.ex index 22376cd7b2..418a6d4145 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/policy.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v2/model/policy.ex @@ -17,7 +17,7 @@ defmodule GoogleApi.CloudResourceManager.V2.Model.Policy do @moduledoc """ - An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). + An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). ## Attributes diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/folders.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/folders.ex index 2d158b0f71..68d5a7d669 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/folders.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/folders.ex @@ -301,7 +301,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Api.Folders do * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). * `:pageSize` (*type:* `integer()`) - Optional. The maximum number of folders to return in the response. The server can return fewer folders than requested. If unspecified, server picks an appropriate default. * `:pageToken` (*type:* `String.t`) - Optional. A pagination token returned from a previous call to `ListFolders` that indicates where this listing should continue from. - * `:parent` (*type:* `String.t`) - Required. The resource name of the organization or folder whose folders are being listed. Must be of the form `folders/{folder_id}` or `organizations/{org_id}`. Access to this method is controlled by checking the `resourcemanager.folders.list` permission on the `parent`. + * `:parent` (*type:* `String.t`) - Required. The name of the parent resource whose folders are being listed. Only children of this parent resource are listed; descendants are not listed. If the parent is a folder, use the value `folders/{folder_id}`. If the parent is an organization, use the value `organizations/{org_id}`. Access to this method is controlled by checking the `resourcemanager.folders.list` permission on the `parent`. * `:showDeleted` (*type:* `boolean()`) - Optional. Controls whether folders in the DELETE_REQUESTED state should be returned. Defaults to false. * `opts` (*type:* `keyword()`) - Call options diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/organizations.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/organizations.ex index 20a1d16e87..90c41b29f2 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/organizations.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/organizations.ex @@ -168,7 +168,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Api.Organizations do end @doc """ - Searches organization resources that are visible to the user and satisfy the specified filter. This method returns organizations in an unspecified order. New organizations do not necessarily appear at the end of the results, and may take a small amount of time to appear. Search will only return organizations on which the user has the permission `resourcemanager.organizations.get` + Searches organization resources that are visible to the user and satisfy the specified filter. This method returns organizations in an unspecified order. New organizations do not necessarily appear at the end of the results, and may take a small amount of time to appear. Search will only return organizations on which the user has the permission `resourcemanager.organizations.get` or has super admin privileges. ## Parameters diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/projects.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/projects.ex index 88a6b340cb..5b87c0a185 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/projects.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/projects.ex @@ -306,7 +306,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Api.Projects do * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). * `:pageSize` (*type:* `integer()`) - Optional. The maximum number of projects to return in the response. The server can return fewer projects than requested. If unspecified, server picks an appropriate default. * `:pageToken` (*type:* `String.t`) - Optional. A pagination token returned from a previous call to ListProjects that indicates from where listing should continue. - * `:parent` (*type:* `String.t`) - Required. The name of the parent resource to list projects under. For example, setting this field to 'folders/1234' would list all projects directly under that folder. + * `:parent` (*type:* `String.t`) - Required. The name of the parent resource whose projects are being listed. Only children of this parent resource are listed; descendants are not listed. If the parent is a folder, use the value `folders/{folder_id}`. If the parent is an organization, use the value `organizations/{org_id}`. * `:showDeleted` (*type:* `boolean()`) - Optional. Indicate that projects in the `DELETE_REQUESTED` state should also be returned. Normally only `ACTIVE` projects are returned. * `opts` (*type:* `keyword()`) - Call options @@ -490,7 +490,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Api.Projects do end @doc """ - Search for projects that the caller has both `resourcemanager.projects.get` permission on, and also satisfy the specified query. This method returns projects in an unspecified order. This method is eventually consistent with project mutations; this means that a newly created project may not appear in the results or recent updates to an existing project may not be reflected in the results. To retrieve the latest state of a project, use the GetProject method. + Search for projects that the caller has the `resourcemanager.projects.get` permission on, and also satisfy the specified query. This method returns projects in an unspecified order. This method is eventually consistent with project mutations; this means that a newly created project may not appear in the results or recent updates to an existing project may not be reflected in the results. To retrieve the latest state of a project, use the GetProject method. ## Parameters diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/tag_keys.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/tag_keys.ex index be8ca06a2e..677ea3b32b 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/tag_keys.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/tag_keys.ex @@ -292,6 +292,65 @@ defmodule GoogleApi.CloudResourceManager.V3.Api.TagKeys do |> Response.decode(opts ++ [struct: %GoogleApi.CloudResourceManager.V3.Model.Policy{}]) end + @doc """ + Retrieves a TagKey by its namespaced name. This method will return `PERMISSION_DENIED` if the key does not exist or the user does not have permission to view it. + + ## Parameters + + * `connection` (*type:* `GoogleApi.CloudResourceManager.V3.Connection.t`) - Connection to server + * `optional_params` (*type:* `keyword()`) - Optional parameters + * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. + * `:access_token` (*type:* `String.t`) - OAuth access token. + * `:alt` (*type:* `String.t`) - Data format for response. + * `:callback` (*type:* `String.t`) - JSONP + * `:fields` (*type:* `String.t`) - Selector specifying which fields to include in a partial response. + * `:key` (*type:* `String.t`) - API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. + * `:oauth_token` (*type:* `String.t`) - OAuth 2.0 token for the current user. + * `:prettyPrint` (*type:* `boolean()`) - Returns response with indentations and line breaks. + * `:quotaUser` (*type:* `String.t`) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. + * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). + * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). + * `:name` (*type:* `String.t`) - Required. A namespaced tag key name in the format `{parentId}/{tagKeyShort}`, such as `42/foo` for a key with short name "foo" under the organization with ID 42 or `r2-d2/bar` for a key with short name "bar" under the project `r2-d2`. + * `opts` (*type:* `keyword()`) - Call options + + ## Returns + + * `{:ok, %GoogleApi.CloudResourceManager.V3.Model.TagKey{}}` on success + * `{:error, info}` on failure + """ + @spec cloudresourcemanager_tag_keys_get_namespaced(Tesla.Env.client(), keyword(), keyword()) :: + {:ok, GoogleApi.CloudResourceManager.V3.Model.TagKey.t()} + | {:ok, Tesla.Env.t()} + | {:ok, list()} + | {:error, any()} + def cloudresourcemanager_tag_keys_get_namespaced(connection, optional_params \\ [], opts \\ []) do + optional_params_config = %{ + :"$.xgafv" => :query, + :access_token => :query, + :alt => :query, + :callback => :query, + :fields => :query, + :key => :query, + :oauth_token => :query, + :prettyPrint => :query, + :quotaUser => :query, + :uploadType => :query, + :upload_protocol => :query, + :name => :query + } + + request = + Request.new() + |> Request.method(:get) + |> Request.url("/v3/tagKeys/namespaced", %{}) + |> Request.add_optional_params(optional_params_config, optional_params) + |> Request.library_version(@library_version) + + connection + |> Connection.execute(request) + |> Response.decode(opts ++ [struct: %GoogleApi.CloudResourceManager.V3.Model.TagKey{}]) + end + @doc """ Lists all TagKeys for a parent resource. @@ -312,7 +371,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Api.TagKeys do * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). * `:pageSize` (*type:* `integer()`) - Optional. The maximum number of TagKeys to return in the response. The server allows a maximum of 300 TagKeys to return. If unspecified, the server will use 100 as the default. * `:pageToken` (*type:* `String.t`) - Optional. A pagination token returned from a previous call to `ListTagKey` that indicates where this listing should continue from. - * `:parent` (*type:* `String.t`) - Required. The resource name of the new TagKey's parent. Must be of the form `folders/{folder_id}` or `organizations/{org_id}`. + * `:parent` (*type:* `String.t`) - Required. The resource name of the TagKey's parent. Must be of the form `organizations/{org_id}` or `projects/{project_id}` or `projects/{project_number}` * `opts` (*type:* `keyword()`) - Call options ## Returns diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/tag_values.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/tag_values.ex index 54d82319a1..f67f7c51d5 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/tag_values.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/api/tag_values.ex @@ -297,6 +297,69 @@ defmodule GoogleApi.CloudResourceManager.V3.Api.TagValues do |> Response.decode(opts ++ [struct: %GoogleApi.CloudResourceManager.V3.Model.Policy{}]) end + @doc """ + Retrieves a TagValue by its namespaced name. This method will return `PERMISSION_DENIED` if the value does not exist or the user does not have permission to view it. + + ## Parameters + + * `connection` (*type:* `GoogleApi.CloudResourceManager.V3.Connection.t`) - Connection to server + * `optional_params` (*type:* `keyword()`) - Optional parameters + * `:"$.xgafv"` (*type:* `String.t`) - V1 error format. + * `:access_token` (*type:* `String.t`) - OAuth access token. + * `:alt` (*type:* `String.t`) - Data format for response. + * `:callback` (*type:* `String.t`) - JSONP + * `:fields` (*type:* `String.t`) - Selector specifying which fields to include in a partial response. + * `:key` (*type:* `String.t`) - API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. + * `:oauth_token` (*type:* `String.t`) - OAuth 2.0 token for the current user. + * `:prettyPrint` (*type:* `boolean()`) - Returns response with indentations and line breaks. + * `:quotaUser` (*type:* `String.t`) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. + * `:uploadType` (*type:* `String.t`) - Legacy upload protocol for media (e.g. "media", "multipart"). + * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). + * `:name` (*type:* `String.t`) - Required. A namespaced tag value name in the following format: `{parentId}/{tagKeyShort}/{tagValueShort}` Examples: - `42/foo/abc` for a value with short name "abc" under the key with short name "foo" under the organization with ID 42 - `r2-d2/bar/xyz` for a value with short name "xyz" under the key with short name "bar" under the project with ID "r2-d2" + * `opts` (*type:* `keyword()`) - Call options + + ## Returns + + * `{:ok, %GoogleApi.CloudResourceManager.V3.Model.TagValue{}}` on success + * `{:error, info}` on failure + """ + @spec cloudresourcemanager_tag_values_get_namespaced(Tesla.Env.client(), keyword(), keyword()) :: + {:ok, GoogleApi.CloudResourceManager.V3.Model.TagValue.t()} + | {:ok, Tesla.Env.t()} + | {:ok, list()} + | {:error, any()} + def cloudresourcemanager_tag_values_get_namespaced( + connection, + optional_params \\ [], + opts \\ [] + ) do + optional_params_config = %{ + :"$.xgafv" => :query, + :access_token => :query, + :alt => :query, + :callback => :query, + :fields => :query, + :key => :query, + :oauth_token => :query, + :prettyPrint => :query, + :quotaUser => :query, + :uploadType => :query, + :upload_protocol => :query, + :name => :query + } + + request = + Request.new() + |> Request.method(:get) + |> Request.url("/v3/tagValues/namespaced", %{}) + |> Request.add_optional_params(optional_params_config, optional_params) + |> Request.library_version(@library_version) + + connection + |> Connection.execute(request) + |> Response.decode(opts ++ [struct: %GoogleApi.CloudResourceManager.V3.Model.TagValue{}]) + end + @doc """ Lists all TagValues for a specific TagKey. @@ -317,7 +380,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Api.TagValues do * `:upload_protocol` (*type:* `String.t`) - Upload protocol for media (e.g. "raw", "multipart"). * `:pageSize` (*type:* `integer()`) - Optional. The maximum number of TagValues to return in the response. The server allows a maximum of 300 TagValues to return. If unspecified, the server will use 100 as the default. * `:pageToken` (*type:* `String.t`) - Optional. A pagination token returned from a previous call to `ListTagValues` that indicates where this listing should continue from. - * `:parent` (*type:* `String.t`) - Required. Resource name for TagKey, parent of the TagValues to be listed, in the format `tagKeys/123`. + * `:parent` (*type:* `String.t`) - Required. Resource name for the parent of the TagValues to be listed, in the format `tagKeys/123` or `tagValues/123`. * `opts` (*type:* `keyword()`) - Call options ## Returns diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/metadata.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/metadata.ex index 5751d3da5f..3ffdfeb5d8 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/metadata.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/metadata.ex @@ -20,7 +20,7 @@ defmodule GoogleApi.CloudResourceManager.V3 do API client metadata for GoogleApi.CloudResourceManager.V3. """ - @discovery_revision "20221016" + @discovery_revision "20240303" def discovery_revision(), do: @discovery_revision end diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/binding.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/binding.ex index cad5a7e014..e473c124dd 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/binding.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/binding.ex @@ -22,8 +22,8 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.Binding do ## Attributes * `condition` (*type:* `GoogleApi.CloudResourceManager.V3.Model.Expr.t`, *default:* `nil`) - The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). - * `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. - * `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. + * `members` (*type:* `list(String.t)`, *default:* `nil`) - Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. + * `role` (*type:* `String.t`, *default:* `nil`) - Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/effective_tag.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/effective_tag.ex index 62d5b134a1..c01313d25f 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/effective_tag.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/effective_tag.ex @@ -22,9 +22,10 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.EffectiveTag do ## Attributes * `inherited` (*type:* `boolean()`, *default:* `nil`) - Indicates the inheritance status of a tag value attached to the given resource. If the tag value is inherited from one of the resource's ancestors, inherited will be true. If false, then the tag value is directly attached to the resource, inherited will be false. - * `namespacedTagKey` (*type:* `String.t`, *default:* `nil`) - The namespaced_name of the TagKey. Now only supported in the format of `{organization_id}/{tag_key_short_name}`. Other formats will be supported when we add non-org parented tags. - * `namespacedTagValue` (*type:* `String.t`, *default:* `nil`) - Namespaced name of the TagValue. Now only supported in the format `{organization_id}/{tag_key_short_name}/{tag_value_short_name}`. Other formats will be supported when we add non-org parented tags. + * `namespacedTagKey` (*type:* `String.t`, *default:* `nil`) - The namespaced name of the TagKey. Can be in the form `{organization_id}/{tag_key_short_name}` or `{project_id}/{tag_key_short_name}` or `{project_number}/{tag_key_short_name}`. + * `namespacedTagValue` (*type:* `String.t`, *default:* `nil`) - The namespaced name of the TagValue. Can be in the form `{organization_id}/{tag_key_short_name}/{tag_value_short_name}` or `{project_id}/{tag_key_short_name}/{tag_value_short_name}` or `{project_number}/{tag_key_short_name}/{tag_value_short_name}`. * `tagKey` (*type:* `String.t`, *default:* `nil`) - The name of the TagKey, in the format `tagKeys/{id}`, such as `tagKeys/123`. + * `tagKeyParentName` (*type:* `String.t`, *default:* `nil`) - The parent name of the tag key. Must be in the format `organizations/{organization_id}` or `projects/{project_number}` * `tagValue` (*type:* `String.t`, *default:* `nil`) - Resource name for TagValue in the format `tagValues/456`. """ @@ -35,6 +36,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.EffectiveTag do :namespacedTagKey => String.t() | nil, :namespacedTagValue => String.t() | nil, :tagKey => String.t() | nil, + :tagKeyParentName => String.t() | nil, :tagValue => String.t() | nil } @@ -42,6 +44,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.EffectiveTag do field(:namespacedTagKey) field(:namespacedTagValue) field(:tagKey) + field(:tagKeyParentName) field(:tagValue) end diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/folder.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/folder.ex index f2e334dc38..7f996d7f94 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/folder.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/folder.ex @@ -28,6 +28,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.Folder do * `name` (*type:* `String.t`, *default:* `nil`) - Output only. The resource name of the folder. Its format is `folders/{folder_id}`, for example: "folders/1234". * `parent` (*type:* `String.t`, *default:* `nil`) - Required. The folder's parent's resource name. Updates to the folder's parent must be performed using MoveFolder. * `state` (*type:* `String.t`, *default:* `nil`) - Output only. The lifecycle state of the folder. Updates to the state must be performed using DeleteFolder and UndeleteFolder. + * `tags` (*type:* `map()`, *default:* `nil`) - Optional. Input only. Immutable. Tag keys/values directly bound to this folder. Each item in the map must be expressed as " : ". For example: "123/environment" : "production", "123/costCenter" : "marketing" * `updateTime` (*type:* `DateTime.t`, *default:* `nil`) - Output only. Timestamp when the folder was last modified. """ @@ -41,6 +42,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.Folder do :name => String.t() | nil, :parent => String.t() | nil, :state => String.t() | nil, + :tags => map() | nil, :updateTime => DateTime.t() | nil } @@ -51,6 +53,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.Folder do field(:name) field(:parent) field(:state) + field(:tags, type: :map) field(:updateTime, as: DateTime) end diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/operation.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/operation.ex index 94e3db9fce..ffd508fb16 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/operation.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/operation.ex @@ -25,7 +25,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.Operation do * `error` (*type:* `GoogleApi.CloudResourceManager.V3.Model.Status.t`, *default:* `nil`) - The error result of the operation in case of failure or cancellation. * `metadata` (*type:* `map()`, *default:* `nil`) - Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. * `name` (*type:* `String.t`, *default:* `nil`) - The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`. - * `response` (*type:* `map()`, *default:* `nil`) - The normal response of the operation in case of success. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. + * `response` (*type:* `map()`, *default:* `nil`) - The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. """ use GoogleApi.Gax.ModelBase diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/policy.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/policy.ex index ec17daea9e..b4502d5d27 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/policy.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/policy.ex @@ -17,7 +17,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.Policy do @moduledoc """ - An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). + An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). ## Attributes diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/project.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/project.ex index c138a9f893..21ea77e844 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/project.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/project.ex @@ -25,11 +25,12 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.Project do * `deleteTime` (*type:* `DateTime.t`, *default:* `nil`) - Output only. The time at which this resource was requested for deletion. * `displayName` (*type:* `String.t`, *default:* `nil`) - Optional. A user-assigned display name of the project. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point. Example: `My Project` * `etag` (*type:* `String.t`, *default:* `nil`) - Output only. A checksum computed by the server based on the current value of the Project resource. This may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding. - * `labels` (*type:* `map()`, *default:* `nil`) - Optional. The labels associated with this project. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: \\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?. Label values must be between 0 and 63 characters long and must conform to the regular expression (\\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?)?. No more than 256 labels can be associated with a given resource. Clients should store labels in a representation such as JSON that does not depend on specific characters being disallowed. Example: `"myBusinessDimension" : "businessValue"` + * `labels` (*type:* `map()`, *default:* `nil`) - Optional. The labels associated with this project. Label keys must be between 1 and 63 characters long and must conform to the following regular expression: \\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?. Label values must be between 0 and 63 characters long and must conform to the regular expression (\\[a-z\\](\\[-a-z0-9\\]*\\[a-z0-9\\])?)?. No more than 64 labels can be associated with a given resource. Clients should store labels in a representation such as JSON that does not depend on specific characters being disallowed. Example: `"myBusinessDimension" : "businessValue"` * `name` (*type:* `String.t`, *default:* `nil`) - Output only. The unique resource name of the project. It is an int64 generated number prefixed by "projects/". Example: `projects/415104041262` * `parent` (*type:* `String.t`, *default:* `nil`) - Optional. A reference to a parent Resource. eg., `organizations/123` or `folders/876`. * `projectId` (*type:* `String.t`, *default:* `nil`) - Immutable. The unique, user-assigned id of the project. It must be 6 to 30 lowercase ASCII letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited. Example: `tokyo-rain-123` * `state` (*type:* `String.t`, *default:* `nil`) - Output only. The project lifecycle state. + * `tags` (*type:* `map()`, *default:* `nil`) - Optional. Input only. Immutable. Tag keys/values directly bound to this project. Each item in the map must be expressed as " : ". For example: "123/environment" : "production", "123/costCenter" : "marketing" * `updateTime` (*type:* `DateTime.t`, *default:* `nil`) - Output only. The most recent time this resource was modified. """ @@ -45,6 +46,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.Project do :parent => String.t() | nil, :projectId => String.t() | nil, :state => String.t() | nil, + :tags => map() | nil, :updateTime => DateTime.t() | nil } @@ -57,6 +59,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.Project do field(:parent) field(:projectId) field(:state) + field(:tags, type: :map) field(:updateTime, as: DateTime) end diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/tag_binding.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/tag_binding.ex index a60fa721d6..148c8a2dd6 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/tag_binding.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/tag_binding.ex @@ -24,6 +24,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.TagBinding do * `name` (*type:* `String.t`, *default:* `nil`) - Output only. The name of the TagBinding. This is a String of the form: `tagBindings/{full-resource-name}/{tag-value-name}` (e.g. `tagBindings/%2F%2Fcloudresourcemanager.googleapis.com%2Fprojects%2F123/tagValues/456`). * `parent` (*type:* `String.t`, *default:* `nil`) - The full resource name of the resource the TagValue is bound to. E.g. `//cloudresourcemanager.googleapis.com/projects/123` * `tagValue` (*type:* `String.t`, *default:* `nil`) - The TagValue of the TagBinding. Must be of the form `tagValues/456`. + * `tagValueNamespacedName` (*type:* `String.t`, *default:* `nil`) - The namespaced name for the TagValue of the TagBinding. Must be in the format `{parent_id}/{tag_key_short_name}/{short_name}`. For methods that support TagValue namespaced name, only one of tag_value_namespaced_name or tag_value may be filled. Requests with both fields will be rejected. """ use GoogleApi.Gax.ModelBase @@ -31,12 +32,14 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.TagBinding do @type t :: %__MODULE__{ :name => String.t() | nil, :parent => String.t() | nil, - :tagValue => String.t() | nil + :tagValue => String.t() | nil, + :tagValueNamespacedName => String.t() | nil } field(:name) field(:parent) field(:tagValue) + field(:tagValueNamespacedName) end defimpl Poison.Decoder, for: GoogleApi.CloudResourceManager.V3.Model.TagBinding do diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/tag_key.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/tag_key.ex index aa01adff42..eb37639fa1 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/tag_key.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/tag_key.ex @@ -26,7 +26,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.TagKey do * `etag` (*type:* `String.t`, *default:* `nil`) - Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagKeyRequest for details. * `name` (*type:* `String.t`, *default:* `nil`) - Immutable. The resource name for a TagKey. Must be in the format `tagKeys/{tag_key_id}`, where `tag_key_id` is the generated numeric id for the TagKey. * `namespacedName` (*type:* `String.t`, *default:* `nil`) - Output only. Immutable. Namespaced name of the TagKey. - * `parent` (*type:* `String.t`, *default:* `nil`) - Immutable. The resource name of the new TagKey's parent. Must be of the form `organizations/{org_id}`. + * `parent` (*type:* `String.t`, *default:* `nil`) - Immutable. The resource name of the TagKey's parent. A TagKey can be parented by an Organization or a Project. For a TagKey parented by an Organization, its parent must be in the form `organizations/{org_id}`. For a TagKey parented by a Project, its parent can be in the form `projects/{project_id}` or `projects/{project_number}`. * `purpose` (*type:* `String.t`, *default:* `nil`) - Optional. A purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. A purpose does not grant a policy engine exclusive rights to the Tag, and it may be referenced by other policy engines. A purpose cannot be changed once set. * `purposeData` (*type:* `map()`, *default:* `nil`) - Optional. Purpose data corresponds to the policy system that the tag is intended for. See documentation for `Purpose` for formatting of this field. Purpose data cannot be changed once set. * `shortName` (*type:* `String.t`, *default:* `nil`) - Required. Immutable. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace. The short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. diff --git a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/tag_value.ex b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/tag_value.ex index 60b8a219cf..427c3d45ed 100644 --- a/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/tag_value.ex +++ b/clients/cloud_resource_manager/lib/google_api/cloud_resource_manager/v3/model/tag_value.ex @@ -25,7 +25,7 @@ defmodule GoogleApi.CloudResourceManager.V3.Model.TagValue do * `description` (*type:* `String.t`, *default:* `nil`) - Optional. User-assigned description of the TagValue. Must not exceed 256 characters. Read-write. * `etag` (*type:* `String.t`, *default:* `nil`) - Optional. Entity tag which users can pass to prevent race conditions. This field is always set in server responses. See UpdateTagValueRequest for details. * `name` (*type:* `String.t`, *default:* `nil`) - Immutable. Resource name for TagValue in the format `tagValues/456`. - * `namespacedName` (*type:* `String.t`, *default:* `nil`) - Output only. Namespaced name of the TagValue. Now only supported in the format `{organization_id}/{tag_key_short_name}/{short_name}`. Other formats will be supported when we add non-org parented tags. + * `namespacedName` (*type:* `String.t`, *default:* `nil`) - Output only. The namespaced name of the TagValue. Can be in the form `{organization_id}/{tag_key_short_name}/{tag_value_short_name}` or `{project_id}/{tag_key_short_name}/{tag_value_short_name}` or `{project_number}/{tag_key_short_name}/{tag_value_short_name}`. * `parent` (*type:* `String.t`, *default:* `nil`) - Immutable. The resource name of the new TagValue's parent TagKey. Must be of the form `tagKeys/{tag_key_id}`. * `shortName` (*type:* `String.t`, *default:* `nil`) - Required. Immutable. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey. The short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. * `updateTime` (*type:* `DateTime.t`, *default:* `nil`) - Output only. Update time.