diff --git a/accesscontextmanager/v1/accesscontextmanager-api.json b/accesscontextmanager/v1/accesscontextmanager-api.json index 9d4113a992b..ead653af081 100644 --- a/accesscontextmanager/v1/accesscontextmanager-api.json +++ b/accesscontextmanager/v1/accesscontextmanager-api.json @@ -1290,7 +1290,7 @@ } } }, - "revision": "20231213", + "revision": "20231218", "rootUrl": "https://accesscontextmanager.googleapis.com/", "schemas": { "AccessContextManagerOperationMetadata": { @@ -2081,7 +2081,7 @@ "type": "string" }, "supportedServices": { - "description": "List of services supported by {{vpcsvcctl_name_short}} instances.", + "description": "List of services supported by VPC Service Controls instances.", "items": { "$ref": "SupportedService" }, @@ -2405,11 +2405,11 @@ "type": "object" }, "SupportedService": { - "description": "`SupportedService` specifies {{vpcsvcctl_name_short}} supported service and its properties.", + "description": "`SupportedService` specifies VPC-SC supported service and its properties.", "id": "SupportedService", "properties": { "availableOnRestrictedVip": { - "description": "True if the service is available on the restricted VIP. Services on the restricted VIP typically either support {{vpcsvcctl_name_short}} or are core infrastructure services required for the functioning of Google Cloud.", + "description": "True if the service is available on the restricted VIP. Services on the restricted VIP typically either support VPC Service Controls or are core infrastructure services required for the functioning of Google Cloud.", "type": "boolean" }, "knownLimitations": { diff --git a/accesscontextmanager/v1/accesscontextmanager-gen.go b/accesscontextmanager/v1/accesscontextmanager-gen.go index ead4a9cdd58..fa220ed9775 100644 --- a/accesscontextmanager/v1/accesscontextmanager-gen.go +++ b/accesscontextmanager/v1/accesscontextmanager-gen.go @@ -1820,8 +1820,8 @@ type ListSupportedServicesResponse struct { // results. If the value is empty, no further results remain. NextPageToken string `json:"nextPageToken,omitempty"` - // SupportedServices: List of services supported by - // {{vpcsvcctl_name_short}} instances. + // SupportedServices: List of services supported by VPC Service Controls + // instances. SupportedServices []*SupportedService `json:"supportedServices,omitempty"` // ServerResponse contains the HTTP response code and headers from the @@ -2488,12 +2488,12 @@ func (s *Status) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } -// SupportedService: `SupportedService` specifies -// {{vpcsvcctl_name_short}} supported service and its properties. +// SupportedService: `SupportedService` specifies VPC-SC supported +// service and its properties. type SupportedService struct { // AvailableOnRestrictedVip: True if the service is available on the // restricted VIP. Services on the restricted VIP typically either - // support {{vpcsvcctl_name_short}} or are core infrastructure services + // support VPC Service Controls or are core infrastructure services // required for the functioning of Google Cloud. AvailableOnRestrictedVip bool `json:"availableOnRestrictedVip,omitempty"` diff --git a/chat/v1/chat-api.json b/chat/v1/chat-api.json index 9b1b348bf1d..10cde424ca1 100644 --- a/chat/v1/chat-api.json +++ b/chat/v1/chat-api.json @@ -338,7 +338,7 @@ "parameterOrder": [], "parameters": { "filter": { - "description": "Optional. A query filter. Requires [user authentication](https://developers.google.com/chat/api/guides/auth/users). You can filter spaces by the space type ([`space_type`](https://developers.google.com/chat/api/reference/rest/v1/spaces#spacetype)). To filter by space type, you must specify valid enum value, such as `SPACE` or `GROUP_CHAT` (the `space_type` can't be `SPACE_TYPE_UNSPECIFIED`). To query for multiple space types, use the `OR` operator. For example, the following queries are valid: ``` space_type = \"SPACE\" spaceType = \"GROUP_CHAT\" OR spaceType = \"DIRECT_MESSAGE\" ``` Invalid queries are rejected by the server with an `INVALID_ARGUMENT` error. With [app authentication](https://developers.google.com/chat/api/guides/auth/service-accounts), this field is ignored and the query always returns all spaces. But the Chat API still validates the query syntax, so invalid queries are still rejected.", + "description": "Optional. A query filter. You can filter spaces by the space type ([`space_type`](https://developers.google.com/chat/api/reference/rest/v1/spaces#spacetype)). To filter by space type, you must specify valid enum value, such as `SPACE` or `GROUP_CHAT` (the `space_type` can't be `SPACE_TYPE_UNSPECIFIED`). To query for multiple space types, use the `OR` operator. For example, the following queries are valid: ``` space_type = \"SPACE\" spaceType = \"GROUP_CHAT\" OR spaceType = \"DIRECT_MESSAGE\" ``` Invalid queries are rejected by the server with an `INVALID_ARGUMENT` error.", "location": "query", "type": "string" }, @@ -962,7 +962,7 @@ } } }, - "revision": "20231130", + "revision": "20231214", "rootUrl": "https://chat.googleapis.com/", "schemas": { "ActionParameter": { @@ -1286,7 +1286,7 @@ "type": "object" }, "CardWithId": { - "description": "A [card](https://developers.google.com/chat/api/reference/rest/v1/cards) in a Google Chat message. Only Chat apps can create cards. If your Chat app [authenticates as a user](https://developers.google.com/chat/api/guides/auth/users), the message can't contain cards.", + "description": "A [card](https://developers.google.com/chat/api/reference/rest/v1/cards) in a Google Chat message. Only Chat apps can create cards. If your Chat app [authenticates as a user](https://developers.google.com/chat/api/guides/auth/users), the message can't contain cards. [Card builder](https://addons.gsuite.google.com/uikit/builder)", "id": "CardWithId", "properties": { "card": { @@ -1822,7 +1822,7 @@ "type": "object" }, "GoogleAppsCardV1Card": { - "description": "A card interface displayed in a Google Chat message or Google Workspace Add-on. Cards support a defined layout, interactive UI elements like buttons, and rich media like images. Use cards to present detailed information, gather information from users, and guide users to take a next step. To learn how to build cards, see the following documentation: * For Google Chat apps, see [Design dynamic, interactive, and consistent UIs with cards](https://developers.google.com/chat/ui). * For Google Workspace Add-ons, see [Card-based interfaces](https://developers.google.com/apps-script/add-ons/concepts/cards). **Example: Card message for a Google Chat app** ![Example contact card](https://developers.google.com/chat/images/card_api_reference.png) To create the sample card message in Google Chat, use the following JSON: ``` { \"cardsV2\": [ { \"cardId\": \"unique-card-id\", \"card\": { \"header\": { \"title\": \"Sasha\", \"subtitle\": \"Software Engineer\", \"imageUrl\": \"https://developers.google.com/chat/images/quickstart-app-avatar.png\", \"imageType\": \"CIRCLE\", \"imageAltText\": \"Avatar for Sasha\", }, \"sections\": [ { \"header\": \"Contact Info\", \"collapsible\": true, \"uncollapsibleWidgetsCount\": 1, \"widgets\": [ { \"decoratedText\": { \"startIcon\": { \"knownIcon\": \"EMAIL\", }, \"text\": \"sasha@example.com\", } }, { \"decoratedText\": { \"startIcon\": { \"knownIcon\": \"PERSON\", }, \"text\": \"Online\", }, }, { \"decoratedText\": { \"startIcon\": { \"knownIcon\": \"PHONE\", }, \"text\": \"+1 (555) 555-1234\", } }, { \"buttonList\": { \"buttons\": [ { \"text\": \"Share\", \"onClick\": { \"openLink\": { \"url\": \"https://example.com/share\", } } }, { \"text\": \"Edit\", \"onClick\": { \"action\": { \"function\": \"goToView\", \"parameters\": [ { \"key\": \"viewType\", \"value\": \"EDIT\", } ], } } }, ], } }, ], }, ], }, } ], } ```", + "description": "A card interface displayed in a Google Chat message or Google Workspace Add-on. Cards support a defined layout, interactive UI elements like buttons, and rich media like images. Use cards to present detailed information, gather information from users, and guide users to take a next step. [Card builder](https://addons.gsuite.google.com/uikit/builder) To learn how to build cards, see the following documentation: * For Google Chat apps, see [Design dynamic, interactive, and consistent UIs with cards](https://developers.google.com/chat/ui). * For Google Workspace Add-ons, see [Card-based interfaces](https://developers.google.com/apps-script/add-ons/concepts/cards). **Example: Card message for a Google Chat app** ![Example contact card](https://developers.google.com/chat/images/card_api_reference.png) To create the sample card message in Google Chat, use the following JSON: ``` { \"cardsV2\": [ { \"cardId\": \"unique-card-id\", \"card\": { \"header\": { \"title\": \"Sasha\", \"subtitle\": \"Software Engineer\", \"imageUrl\": \"https://developers.google.com/chat/images/quickstart-app-avatar.png\", \"imageType\": \"CIRCLE\", \"imageAltText\": \"Avatar for Sasha\", }, \"sections\": [ { \"header\": \"Contact Info\", \"collapsible\": true, \"uncollapsibleWidgetsCount\": 1, \"widgets\": [ { \"decoratedText\": { \"startIcon\": { \"knownIcon\": \"EMAIL\", }, \"text\": \"sasha@example.com\", } }, { \"decoratedText\": { \"startIcon\": { \"knownIcon\": \"PERSON\", }, \"text\": \"Online\", }, }, { \"decoratedText\": { \"startIcon\": { \"knownIcon\": \"PHONE\", }, \"text\": \"+1 (555) 555-1234\", } }, { \"buttonList\": { \"buttons\": [ { \"text\": \"Share\", \"onClick\": { \"openLink\": { \"url\": \"https://example.com/share\", } } }, { \"text\": \"Edit\", \"onClick\": { \"action\": { \"function\": \"goToView\", \"parameters\": [ { \"key\": \"viewType\", \"value\": \"EDIT\", } ], } } }, ], } }, ], }, ], }, } ], } ```", "id": "GoogleAppsCardV1Card", "properties": { "cardActions": { @@ -3162,7 +3162,7 @@ "type": "array" }, "cardsV2": { - "description": "An array of [cards](https://developers.google.com/chat/api/reference/rest/v1/cards). Only Chat apps can create cards. If your Chat app [authenticates as a user](https://developers.google.com/chat/api/guides/auth/users), the messages can't contain cards. To learn about cards and how to create them, see [Design dynamic, interactive, and consistent UIs with cards](https://developers.google.com/chat/ui).", + "description": "An array of [cards](https://developers.google.com/chat/api/reference/rest/v1/cards). Only Chat apps can create cards. If your Chat app [authenticates as a user](https://developers.google.com/chat/api/guides/auth/users), the messages can't contain cards. To learn about cards and how to create them, see [Design dynamic, interactive, and consistent UIs with cards](https://developers.google.com/chat/ui). [Card builder](https://addons.gsuite.google.com/uikit/builder)", "items": { "$ref": "CardWithId" }, @@ -3220,6 +3220,10 @@ "description": "Resource name in the form `spaces/*/messages/*`. Example: `spaces/AAAAAAAAAAA/messages/BBBBBBBBBBB.BBBBBBBBBBB`", "type": "string" }, + "privateMessageViewer": { + "$ref": "User", + "description": "Immutable. Input for creating a message, otherwise output only. The user that can view the message. When set, the message is private and only visible to the specified user and the Chat app. Link previews and attachments aren't supported for private messages. Only Chat apps can send private messages. If your Chat app [authenticates as a user](https://developers.google.com/chat/api/guides/auth/users) to send a message, the message can't be private and must omit this field. For details, see [Send private messages to Google Chat users](https://developers.google.com/chat/api/guides/v1/messages/private)." + }, "quotedMessageMetadata": { "$ref": "QuotedMessageMetadata", "description": "Output only. Information about a message that's quoted by a Google Chat user in a space. Google Chat users can quote a message to reply to it.", diff --git a/chat/v1/chat-gen.go b/chat/v1/chat-gen.go index 4050d418040..3a0eb9867dc 100644 --- a/chat/v1/chat-gen.go +++ b/chat/v1/chat-gen.go @@ -838,7 +838,8 @@ func (s *CardHeader) MarshalJSON() ([]byte, error) { // Google Chat message. Only Chat apps can create cards. If your Chat // app authenticates as a user // (https://developers.google.com/chat/api/guides/auth/users), the -// message can't contain cards. +// message can't contain cards. Card builder +// (https://addons.gsuite.google.com/uikit/builder) type CardWithId struct { // Card: A card. Maximum size is 32 KB. Card *GoogleAppsCardV1Card `json:"card,omitempty"` @@ -1879,9 +1880,10 @@ func (s *GoogleAppsCardV1ButtonList) MarshalJSON() ([]byte, error) { // message or Google Workspace Add-on. Cards support a defined layout, // interactive UI elements like buttons, and rich media like images. Use // cards to present detailed information, gather information from users, -// and guide users to take a next step. To learn how to build cards, see -// the following documentation: * For Google Chat apps, see Design -// dynamic, interactive, and consistent UIs with cards +// and guide users to take a next step. Card builder +// (https://addons.gsuite.google.com/uikit/builder) To learn how to +// build cards, see the following documentation: * For Google Chat apps, +// see Design dynamic, interactive, and consistent UIs with cards // (https://developers.google.com/chat/ui). * For Google Workspace // Add-ons, see Card-based interfaces // (https://developers.google.com/apps-script/add-ons/concepts/cards). @@ -4139,7 +4141,8 @@ type Message struct { // user (https://developers.google.com/chat/api/guides/auth/users), the // messages can't contain cards. To learn about cards and how to create // them, see Design dynamic, interactive, and consistent UIs with cards - // (https://developers.google.com/chat/ui). + // (https://developers.google.com/chat/ui). Card builder + // (https://addons.gsuite.google.com/uikit/builder) CardsV2 []*CardWithId `json:"cardsV2,omitempty"` // ClientAssignedMessageId: A custom name for a Chat message assigned at @@ -4214,6 +4217,18 @@ type Message struct { // `spaces/AAAAAAAAAAA/messages/BBBBBBBBBBB.BBBBBBBBBBB` Name string `json:"name,omitempty"` + // PrivateMessageViewer: Immutable. Input for creating a message, + // otherwise output only. The user that can view the message. When set, + // the message is private and only visible to the specified user and the + // Chat app. Link previews and attachments aren't supported for private + // messages. Only Chat apps can send private messages. If your Chat app + // authenticates as a user + // (https://developers.google.com/chat/api/guides/auth/users) to send a + // message, the message can't be private and must omit this field. For + // details, see Send private messages to Google Chat users + // (https://developers.google.com/chat/api/guides/v1/messages/private). + PrivateMessageViewer *User `json:"privateMessageViewer,omitempty"` + // QuotedMessageMetadata: Output only. Information about a message // that's quoted by a Google Chat user in a space. Google Chat users can // quote a message to reply to it. @@ -6349,9 +6364,7 @@ func (r *SpacesService) List() *SpacesListCall { return c } -// Filter sets the optional parameter "filter": A query filter. Requires -// user authentication -// (https://developers.google.com/chat/api/guides/auth/users). You can +// Filter sets the optional parameter "filter": A query filter. You can // filter spaces by the space type (`space_type` // (https://developers.google.com/chat/api/reference/rest/v1/spaces#spacetype)). // To filter by space type, you must specify valid enum value, such as @@ -6360,11 +6373,7 @@ func (r *SpacesService) List() *SpacesListCall { // `OR` operator. For example, the following queries are valid: ``` // space_type = "SPACE" spaceType = "GROUP_CHAT" OR spaceType = // "DIRECT_MESSAGE" ``` Invalid queries are rejected by the server with -// an `INVALID_ARGUMENT` error. With app authentication -// (https://developers.google.com/chat/api/guides/auth/service-accounts), -// this field is ignored and the query always returns all spaces. But -// the Chat API still validates the query syntax, so invalid queries are -// still rejected. +// an `INVALID_ARGUMENT` error. func (c *SpacesListCall) Filter(filter string) *SpacesListCall { c.urlParams_.Set("filter", filter) return c @@ -6493,7 +6502,7 @@ func (c *SpacesListCall) Do(opts ...googleapi.CallOption) (*ListSpacesResponse, // "parameterOrder": [], // "parameters": { // "filter": { - // "description": "Optional. A query filter. Requires [user authentication](https://developers.google.com/chat/api/guides/auth/users). You can filter spaces by the space type ([`space_type`](https://developers.google.com/chat/api/reference/rest/v1/spaces#spacetype)). To filter by space type, you must specify valid enum value, such as `SPACE` or `GROUP_CHAT` (the `space_type` can't be `SPACE_TYPE_UNSPECIFIED`). To query for multiple space types, use the `OR` operator. For example, the following queries are valid: ``` space_type = \"SPACE\" spaceType = \"GROUP_CHAT\" OR spaceType = \"DIRECT_MESSAGE\" ``` Invalid queries are rejected by the server with an `INVALID_ARGUMENT` error. With [app authentication](https://developers.google.com/chat/api/guides/auth/service-accounts), this field is ignored and the query always returns all spaces. But the Chat API still validates the query syntax, so invalid queries are still rejected.", + // "description": "Optional. A query filter. You can filter spaces by the space type ([`space_type`](https://developers.google.com/chat/api/reference/rest/v1/spaces#spacetype)). To filter by space type, you must specify valid enum value, such as `SPACE` or `GROUP_CHAT` (the `space_type` can't be `SPACE_TYPE_UNSPECIFIED`). To query for multiple space types, use the `OR` operator. For example, the following queries are valid: ``` space_type = \"SPACE\" spaceType = \"GROUP_CHAT\" OR spaceType = \"DIRECT_MESSAGE\" ``` Invalid queries are rejected by the server with an `INVALID_ARGUMENT` error.", // "location": "query", // "type": "string" // }, diff --git a/cloudasset/v1/cloudasset-api.json b/cloudasset/v1/cloudasset-api.json index 0265b7a1572..b4fda091915 100644 --- a/cloudasset/v1/cloudasset-api.json +++ b/cloudasset/v1/cloudasset-api.json @@ -198,7 +198,7 @@ ], "parameters": { "names": { - "description": "Required. The names refer to the [full_resource_names] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types). A maximum of 20 resources' effective policies can be retrieved in a batch.", + "description": "Required. The names refer to the [full_resource_names] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types). A maximum of 20 resources' effective policies can be retrieved in a batch.", "location": "query", "repeated": true, "type": "string" @@ -763,7 +763,7 @@ ] }, "analyzeOrgPolicyGovernedAssets": { - "description": "Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom constraints and the following 10 canned constraints: * storage.uniformBucketLevelAccess * iam.disableServiceAccountKeyCreation * iam.allowedPolicyMemberDomains * compute.vmExternalIpAccess * appengine.enforceServiceAccountActAsCheck * gcp.resourceLocations * compute.trustedImageProjects * compute.skipDefaultNetworkCreation * compute.requireOsLogin * compute.disableNestedVirtualization This RPC only returns either resources of types supported by [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types), or IAM policies.", + "description": "Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom constraints and the following 10 canned constraints: * storage.uniformBucketLevelAccess * iam.disableServiceAccountKeyCreation * iam.allowedPolicyMemberDomains * compute.vmExternalIpAccess * appengine.enforceServiceAccountActAsCheck * gcp.resourceLocations * compute.trustedImageProjects * compute.skipDefaultNetworkCreation * compute.requireOsLogin * compute.disableNestedVirtualization This RPC only returns either resources of types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types) or IAM policies.", "flatPath": "v1/{v1Id}/{v1Id1}:analyzeOrgPolicyGovernedAssets", "httpMethod": "GET", "id": "cloudasset.analyzeOrgPolicyGovernedAssets", @@ -992,7 +992,7 @@ ], "parameters": { "assetTypes": { - "description": "Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types). Regular expressions are also supported. For example: * \"compute.googleapis.com.*\" snapshots IAM policies attached to asset type starts with \"compute.googleapis.com\". * \".*Instance\" snapshots IAM policies attached to asset type ends with \"Instance\". * \".*Instance.*\" snapshots IAM policies attached to asset type contains \"Instance\". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.", + "description": "Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types) Regular expressions are also supported. For example: * \"compute.googleapis.com.*\" snapshots IAM policies attached to asset type starts with \"compute.googleapis.com\". * \".*Instance\" snapshots IAM policies attached to asset type ends with \"Instance\". * \".*Instance.*\" snapshots IAM policies attached to asset type contains \"Instance\". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.", "location": "query", "repeated": true, "type": "string" @@ -1044,7 +1044,7 @@ ], "parameters": { "assetTypes": { - "description": "Optional. A list of asset types that this request searches for. If empty, it will search all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types). Regular expressions are also supported. For example: * \"compute.googleapis.com.*\" snapshots resources whose asset type starts with \"compute.googleapis.com\". * \".*Instance\" snapshots resources whose asset type ends with \"Instance\". * \".*Instance.*\" snapshots resources whose asset type contains \"Instance\". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.", + "description": "Optional. A list of asset types that this request searches for. If empty, it will search all the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types). Regular expressions are also supported. For example: * \"compute.googleapis.com.*\" snapshots resources whose asset type starts with \"compute.googleapis.com\". * \".*Instance\" snapshots resources whose asset type ends with \"Instance\". * \".*Instance.*\" snapshots resources whose asset type contains \"Instance\". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.", "location": "query", "repeated": true, "type": "string" @@ -1095,7 +1095,7 @@ } } }, - "revision": "20231201", + "revision": "20231214", "rootUrl": "https://cloudasset.googleapis.com/", "schemas": { "AccessSelector": { @@ -1501,7 +1501,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/cloudasset/v1/cloudasset-gen.go b/cloudasset/v1/cloudasset-gen.go index 7636b3c8053..34298600775 100644 --- a/cloudasset/v1/cloudasset-gen.go +++ b/cloudasset/v1/cloudasset-gen.go @@ -1064,11 +1064,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -1080,7 +1103,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. @@ -7459,7 +7487,7 @@ func (r *EffectiveIamPoliciesService) BatchGet(scope string) *EffectiveIamPolici // Names sets the optional parameter "names": Required. The names refer // to the [full_resource_names] // (https://cloud.google.com/asset-inventory/docs/resource-name-format) -// of searchable asset types +// of the asset types supported by search APIs // (https://cloud.google.com/asset-inventory/docs/supported-asset-types). // A maximum of 20 resources' effective policies can be retrieved in a // batch. @@ -7577,7 +7605,7 @@ func (c *EffectiveIamPoliciesBatchGetCall) Do(opts ...googleapi.CallOption) (*Ba // ], // "parameters": { // "names": { - // "description": "Required. The names refer to the [full_resource_names] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types). A maximum of 20 resources' effective policies can be retrieved in a batch.", + // "description": "Required. The names refer to the [full_resource_names] (https://cloud.google.com/asset-inventory/docs/resource-name-format) of the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types). A maximum of 20 resources' effective policies can be retrieved in a batch.", // "location": "query", // "repeated": true, // "type": "string" @@ -10321,9 +10349,8 @@ type V1AnalyzeOrgPolicyGovernedAssetsCall struct { // appengine.enforceServiceAccountActAsCheck * gcp.resourceLocations * // compute.trustedImageProjects * compute.skipDefaultNetworkCreation * // compute.requireOsLogin * compute.disableNestedVirtualization This RPC -// only returns either resources of types supported by searchable asset -// types -// (https://cloud.google.com/asset-inventory/docs/supported-asset-types), +// only returns either resources of types supported by search APIs +// (https://cloud.google.com/asset-inventory/docs/supported-asset-types) // or IAM policies. // // - scope: The organization to scope the request. Only organization @@ -10488,7 +10515,7 @@ func (c *V1AnalyzeOrgPolicyGovernedAssetsCall) Do(opts ...googleapi.CallOption) } return ret, nil // { - // "description": "Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom constraints and the following 10 canned constraints: * storage.uniformBucketLevelAccess * iam.disableServiceAccountKeyCreation * iam.allowedPolicyMemberDomains * compute.vmExternalIpAccess * appengine.enforceServiceAccountActAsCheck * gcp.resourceLocations * compute.trustedImageProjects * compute.skipDefaultNetworkCreation * compute.requireOsLogin * compute.disableNestedVirtualization This RPC only returns either resources of types supported by [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types), or IAM policies.", + // "description": "Analyzes organization policies governed assets (Google Cloud resources or policies) under a scope. This RPC supports custom constraints and the following 10 canned constraints: * storage.uniformBucketLevelAccess * iam.disableServiceAccountKeyCreation * iam.allowedPolicyMemberDomains * compute.vmExternalIpAccess * appengine.enforceServiceAccountActAsCheck * gcp.resourceLocations * compute.trustedImageProjects * compute.skipDefaultNetworkCreation * compute.requireOsLogin * compute.disableNestedVirtualization This RPC only returns either resources of types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types) or IAM policies.", // "flatPath": "v1/{v1Id}/{v1Id1}:analyzeOrgPolicyGovernedAssets", // "httpMethod": "GET", // "id": "cloudasset.analyzeOrgPolicyGovernedAssets", @@ -11404,8 +11431,9 @@ func (r *V1Service) SearchAllIamPolicies(scope string) *V1SearchAllIamPoliciesCa // AssetTypes sets the optional parameter "assetTypes": A list of asset // types that the IAM policies are attached to. If empty, it will search -// the IAM policies that are attached to all the searchable asset types -// (https://cloud.google.com/asset-inventory/docs/supported-asset-types). +// the IAM policies that are attached to all the asset types supported +// by search APIs +// (https://cloud.google.com/asset-inventory/docs/supported-asset-types) // Regular expressions are also supported. For example: * // "compute.googleapis.com.*" snapshots IAM policies attached to asset // type starts with "compute.googleapis.com". * ".*Instance" snapshots @@ -11604,7 +11632,7 @@ func (c *V1SearchAllIamPoliciesCall) Do(opts ...googleapi.CallOption) (*SearchAl // ], // "parameters": { // "assetTypes": { - // "description": "Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types). Regular expressions are also supported. For example: * \"compute.googleapis.com.*\" snapshots IAM policies attached to asset type starts with \"compute.googleapis.com\". * \".*Instance\" snapshots IAM policies attached to asset type ends with \"Instance\". * \".*Instance.*\" snapshots IAM policies attached to asset type contains \"Instance\". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.", + // "description": "Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types) Regular expressions are also supported. For example: * \"compute.googleapis.com.*\" snapshots IAM policies attached to asset type starts with \"compute.googleapis.com\". * \".*Instance\" snapshots IAM policies attached to asset type ends with \"Instance\". * \".*Instance.*\" snapshots IAM policies attached to asset type contains \"Instance\". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.", // "location": "query", // "repeated": true, // "type": "string" @@ -11704,7 +11732,7 @@ func (r *V1Service) SearchAllResources(scope string) *V1SearchAllResourcesCall { // AssetTypes sets the optional parameter "assetTypes": A list of asset // types that this request searches for. If empty, it will search all -// the searchable asset types +// the asset types supported by search APIs // (https://cloud.google.com/asset-inventory/docs/supported-asset-types). // Regular expressions are also supported. For example: * // "compute.googleapis.com.*" snapshots resources whose asset type @@ -11958,7 +11986,7 @@ func (c *V1SearchAllResourcesCall) Do(opts ...googleapi.CallOption) (*SearchAllR // ], // "parameters": { // "assetTypes": { - // "description": "Optional. A list of asset types that this request searches for. If empty, it will search all the [searchable asset types](https://cloud.google.com/asset-inventory/docs/supported-asset-types). Regular expressions are also supported. For example: * \"compute.googleapis.com.*\" snapshots resources whose asset type starts with \"compute.googleapis.com\". * \".*Instance\" snapshots resources whose asset type ends with \"Instance\". * \".*Instance.*\" snapshots resources whose asset type contains \"Instance\". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.", + // "description": "Optional. A list of asset types that this request searches for. If empty, it will search all the asset types [supported by search APIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types). Regular expressions are also supported. For example: * \"compute.googleapis.com.*\" snapshots resources whose asset type starts with \"compute.googleapis.com\". * \".*Instance\" snapshots resources whose asset type ends with \"Instance\". * \".*Instance.*\" snapshots resources whose asset type contains \"Instance\". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned.", // "location": "query", // "repeated": true, // "type": "string" diff --git a/cloudasset/v1beta1/cloudasset-api.json b/cloudasset/v1beta1/cloudasset-api.json index 09f3acbcfbd..d8e0898ee09 100644 --- a/cloudasset/v1beta1/cloudasset-api.json +++ b/cloudasset/v1beta1/cloudasset-api.json @@ -411,7 +411,7 @@ } } }, - "revision": "20230908", + "revision": "20231214", "rootUrl": "https://cloudasset.googleapis.com/", "schemas": { "AnalyzeIamPolicyLongrunningMetadata": { @@ -546,7 +546,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/cloudasset/v1beta1/cloudasset-gen.go b/cloudasset/v1beta1/cloudasset-gen.go index 15a2716ab53..8c06f3734a9 100644 --- a/cloudasset/v1beta1/cloudasset-gen.go +++ b/cloudasset/v1beta1/cloudasset-gen.go @@ -492,11 +492,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -508,7 +531,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/cloudasset/v1p1beta1/cloudasset-api.json b/cloudasset/v1p1beta1/cloudasset-api.json index dcc8c65eded..1633a42208b 100644 --- a/cloudasset/v1p1beta1/cloudasset-api.json +++ b/cloudasset/v1p1beta1/cloudasset-api.json @@ -207,7 +207,7 @@ } } }, - "revision": "20230908", + "revision": "20231214", "rootUrl": "https://cloudasset.googleapis.com/", "schemas": { "AnalyzeIamPolicyLongrunningMetadata": { @@ -286,7 +286,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/cloudasset/v1p1beta1/cloudasset-gen.go b/cloudasset/v1p1beta1/cloudasset-gen.go index d2449181c55..4bbc7cb37f1 100644 --- a/cloudasset/v1p1beta1/cloudasset-gen.go +++ b/cloudasset/v1p1beta1/cloudasset-gen.go @@ -335,11 +335,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -351,7 +374,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/cloudasset/v1p5beta1/cloudasset-api.json b/cloudasset/v1p5beta1/cloudasset-api.json index e2754a9adb4..5dd8ca70cb5 100644 --- a/cloudasset/v1p5beta1/cloudasset-api.json +++ b/cloudasset/v1p5beta1/cloudasset-api.json @@ -177,7 +177,7 @@ } } }, - "revision": "20230908", + "revision": "20231214", "rootUrl": "https://cloudasset.googleapis.com/", "schemas": { "AnalyzeIamPolicyLongrunningMetadata": { @@ -305,7 +305,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/cloudasset/v1p5beta1/cloudasset-gen.go b/cloudasset/v1p5beta1/cloudasset-gen.go index e5739640879..b98a5d59fa3 100644 --- a/cloudasset/v1p5beta1/cloudasset-gen.go +++ b/cloudasset/v1p5beta1/cloudasset-gen.go @@ -410,11 +410,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -426,7 +449,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/cloudasset/v1p7beta1/cloudasset-api.json b/cloudasset/v1p7beta1/cloudasset-api.json index 756c7fdbf32..159649bb180 100644 --- a/cloudasset/v1p7beta1/cloudasset-api.json +++ b/cloudasset/v1p7beta1/cloudasset-api.json @@ -167,7 +167,7 @@ } } }, - "revision": "20230908", + "revision": "20231214", "rootUrl": "https://cloudasset.googleapis.com/", "schemas": { "AnalyzeIamPolicyLongrunningMetadata": { @@ -246,7 +246,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/cloudasset/v1p7beta1/cloudasset-gen.go b/cloudasset/v1p7beta1/cloudasset-gen.go index f72ab79376d..4980aecaaea 100644 --- a/cloudasset/v1p7beta1/cloudasset-gen.go +++ b/cloudasset/v1p7beta1/cloudasset-gen.go @@ -335,11 +335,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -351,7 +374,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/connectors/v1/connectors-api.json b/connectors/v1/connectors-api.json index 8f0d1ca4ea5..0588d637da1 100644 --- a/connectors/v1/connectors-api.json +++ b/connectors/v1/connectors-api.json @@ -2349,7 +2349,7 @@ } } }, - "revision": "20231205", + "revision": "20231213", "rootUrl": "https://connectors.googleapis.com/", "schemas": { "AuditConfig": { @@ -2543,7 +2543,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, @@ -2631,13 +2631,15 @@ "LOCATION_TYPE_UNSPECIFIED", "HEADER", "PAYLOAD", - "QUERY_PARAM" + "QUERY_PARAM", + "PATH_PARAM" ], "enumDescriptions": [ "Location type unspecified.", "Request header.", "Request Payload.", - "Request query param." + "Request query param.", + "Request path param." ], "type": "string" }, @@ -3429,6 +3431,63 @@ }, "type": "object" }, + "DailyCycle": { + "description": "Time window specified for daily operations.", + "id": "DailyCycle", + "properties": { + "duration": { + "description": "Output only. Duration of the time window, set by service producer.", + "format": "google-duration", + "type": "string" + }, + "startTime": { + "$ref": "TimeOfDay", + "description": "Time within the day to start the operations." + } + }, + "type": "object" + }, + "Date": { + "description": "Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values. * A month and day, with a zero year (for example, an anniversary). * A year on its own, with a zero month and a zero day. * A year and month, with a zero day (for example, a credit card expiration date). Related types: * google.type.TimeOfDay * google.type.DateTime * google.protobuf.Timestamp", + "id": "Date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int32", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int32", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "DenyMaintenancePeriod": { + "description": "DenyMaintenancePeriod definition. Maintenance is forbidden within the deny period. The start_date must be less than the end_date.", + "id": "DenyMaintenancePeriod", + "properties": { + "endDate": { + "$ref": "Date", + "description": "Deny period end date. This can be: * A full date, with non-zero year, month and day values. * A month and day value, with a zero year. Allows recurring deny periods each year. Date matching this period will have to be before the end." + }, + "startDate": { + "$ref": "Date", + "description": "Deny period start date. This can be: * A full date, with non-zero year, month and day values. * A month and day value, with a zero year. Allows recurring deny periods each year. Date matching this period will have to be the same or after the start." + }, + "time": { + "$ref": "TimeOfDay", + "description": "Time in UTC when the Blackout period starts on start_date and ends on end_date. This can be: * Full time. * All zeros for 00:00:00 UTC" + } + }, + "type": "object" + }, "Destination": { "id": "Destination", "properties": { @@ -4542,6 +4601,129 @@ }, "type": "object" }, + "Instance": { + "description": "Instance represents the interface for SLM services to actuate the state of control plane resources. Example Instance in JSON, where consumer-project-number=123456, producer-project-id=cloud-sql: ```json Instance: { \"name\": \"projects/123456/locations/us-east1/instances/prod-instance\", \"create_time\": { \"seconds\": 1526406431, }, \"labels\": { \"env\": \"prod\", \"foo\": \"bar\" }, \"state\": READY, \"software_versions\": { \"software_update\": \"cloud-sql-09-28-2018\", }, \"maintenance_policy_names\": { \"UpdatePolicy\": \"projects/123456/locations/us-east1/maintenancePolicies/prod-update-policy\", } \"tenant_project_id\": \"cloud-sql-test-tenant\", \"producer_metadata\": { \"cloud-sql-tier\": \"basic\", \"cloud-sql-instance-size\": \"1G\", }, \"provisioned_resources\": [ { \"resource-type\": \"compute-instance\", \"resource-url\": \"https://www.googleapis.com/compute/v1/projects/cloud-sql/zones/us-east1-b/instances/vm-1\", } ], \"maintenance_schedules\": { \"csa_rollout\": { \"start_time\": { \"seconds\": 1526406431, }, \"end_time\": { \"seconds\": 1535406431, }, }, \"ncsa_rollout\": { \"start_time\": { \"seconds\": 1526406431, }, \"end_time\": { \"seconds\": 1535406431, }, } }, \"consumer_defined_name\": \"my-sql-instance1\", } ``` LINT.IfChange", + "id": "Instance", + "properties": { + "consumerDefinedName": { + "description": "consumer_defined_name is the name of the instance set by the service consumers. Generally this is different from the `name` field which reperesents the system-assigned id of the instance which the service consumers do not recognize. This is a required field for tenants onboarding to Maintenance Window notifications (go/slm-rollout-maintenance-policies#prerequisites).", + "type": "string" + }, + "createTime": { + "description": "Output only. Timestamp when the resource was created.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "instanceType": { + "description": "Optional. The instance_type of this instance of format: projects/{project_number}/locations/{location_id}/instanceTypes/{instance_type_id}. Instance Type represents a high-level tier or SKU of the service that this instance belong to. When enabled(eg: Maintenance Rollout), Rollout uses 'instance_type' along with 'software_versions' to determine whether instance needs an update or not.", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Optional. Resource labels to represent user provided metadata. Each label is a key-value pair, where both the key and the value are arbitrary strings provided by the user.", + "type": "object" + }, + "maintenancePolicyNames": { + "additionalProperties": { + "type": "string" + }, + "description": "Optional. The MaintenancePolicies that have been attached to the instance. The key must be of the type name of the oneof policy name defined in MaintenancePolicy, and the referenced policy must define the same policy type. For details, please refer to go/mr-user-guide. Should not be set if maintenance_settings.maintenance_policies is set.", + "type": "object" + }, + "maintenanceSchedules": { + "additionalProperties": { + "$ref": "MaintenanceSchedule" + }, + "description": "The MaintenanceSchedule contains the scheduling information of published maintenance schedule with same key as software_versions.", + "type": "object" + }, + "maintenanceSettings": { + "$ref": "MaintenanceSettings", + "description": "Optional. The MaintenanceSettings associated with instance." + }, + "name": { + "description": "Unique name of the resource. It uses the form: `projects/{project_number}/locations/{location_id}/instances/{instance_id}` Note: This name is passed, stored and logged across the rollout system. So use of consumer project_id or any other consumer PII in the name is strongly discouraged for wipeout (go/wipeout) compliance. See go/elysium/project_ids#storage-guidance for more details.", + "type": "string" + }, + "notificationParameters": { + "additionalProperties": { + "$ref": "NotificationParameter" + }, + "description": "Optional. notification_parameter are information that service producers may like to include that is not relevant to Rollout. This parameter will only be passed to Gamma and Cloud Logging for notification/logging purpose.", + "type": "object" + }, + "producerMetadata": { + "additionalProperties": { + "type": "string" + }, + "description": "Output only. Custom string attributes used primarily to expose producer-specific information in monitoring dashboards. See go/get-instance-metadata.", + "readOnly": true, + "type": "object" + }, + "provisionedResources": { + "description": "Output only. The list of data plane resources provisioned for this instance, e.g. compute VMs. See go/get-instance-metadata.", + "items": { + "$ref": "ProvisionedResource" + }, + "readOnly": true, + "type": "array" + }, + "slmInstanceTemplate": { + "description": "Link to the SLM instance template. Only populated when updating SLM instances via SSA's Actuation service adaptor. Service producers with custom control plane (e.g. Cloud SQL) doesn't need to populate this field. Instead they should use software_versions.", + "type": "string" + }, + "sloMetadata": { + "$ref": "SloMetadata", + "description": "Output only. SLO metadata for instance classification in the Standardized dataplane SLO platform. See go/cloud-ssa-standard-slo for feature description.", + "readOnly": true + }, + "softwareVersions": { + "additionalProperties": { + "type": "string" + }, + "description": "Software versions that are used to deploy this instance. This can be mutated by rollout services.", + "type": "object" + }, + "state": { + "description": "Output only. Current lifecycle state of the resource (e.g. if it's being created or ready to use).", + "enum": [ + "STATE_UNSPECIFIED", + "CREATING", + "READY", + "UPDATING", + "REPAIRING", + "DELETING", + "ERROR" + ], + "enumDescriptions": [ + "Unspecified state.", + "Instance is being created.", + "Instance has been created and is ready to use.", + "Instance is being updated.", + "Instance is unheathy and under repair.", + "Instance is being deleted.", + "Instance encountered an error and is in indeterministic state." + ], + "readOnly": true, + "type": "string" + }, + "tenantProjectId": { + "description": "Output only. ID of the associated GCP tenant project. See go/get-instance-metadata.", + "readOnly": true, + "type": "string" + }, + "updateTime": { + "description": "Output only. Timestamp when the resource was last modified.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, "JMS": { "description": "JMS message denotes the source of the event", "id": "JMS", @@ -5231,6 +5413,124 @@ }, "type": "object" }, + "MaintenancePolicy": { + "description": "LINT.IfChange Defines policies to service maintenance events.", + "id": "MaintenancePolicy", + "properties": { + "createTime": { + "description": "Output only. The time when the resource was created.", + "format": "google-datetime", + "type": "string" + }, + "description": { + "description": "Optional. Description of what this policy is for. Create/Update methods return INVALID_ARGUMENT if the length is greater than 512.", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Optional. Resource labels to represent user provided metadata. Each label is a key-value pair, where both the key and the value are arbitrary strings provided by the user.", + "type": "object" + }, + "name": { + "description": "Required. MaintenancePolicy name using the form: `projects/{project_id}/locations/{location_id}/maintenancePolicies/{maintenance_policy_id}` where {project_id} refers to a GCP consumer project ID, {location_id} refers to a GCP region/zone, {maintenance_policy_id} must be 1-63 characters long and match the regular expression `[a-z0-9]([-a-z0-9]*[a-z0-9])?`.", + "type": "string" + }, + "state": { + "description": "Optional. The state of the policy.", + "enum": [ + "STATE_UNSPECIFIED", + "READY", + "DELETING" + ], + "enumDescriptions": [ + "Unspecified state.", + "Resource is ready to be used.", + "Resource is being deleted. It can no longer be attached to instances." + ], + "type": "string" + }, + "updatePolicy": { + "$ref": "UpdatePolicy", + "description": "Maintenance policy applicable to instance update." + }, + "updateTime": { + "description": "Output only. The time when the resource was updated.", + "format": "google-datetime", + "type": "string" + } + }, + "type": "object" + }, + "MaintenanceSchedule": { + "description": "Maintenance schedule which is exposed to customer and potentially end user, indicating published upcoming future maintenance schedule", + "id": "MaintenanceSchedule", + "properties": { + "canReschedule": { + "deprecated": true, + "description": "This field is deprecated, and will be always set to true since reschedule can happen multiple times now. This field should not be removed until all service producers remove this for their customers.", + "type": "boolean" + }, + "endTime": { + "description": "The scheduled end time for the maintenance.", + "format": "google-datetime", + "type": "string" + }, + "rolloutManagementPolicy": { + "description": "The rollout management policy this maintenance schedule is associated with. When doing reschedule update request, the reschedule should be against this given policy.", + "type": "string" + }, + "scheduleDeadlineTime": { + "description": "schedule_deadline_time is the time deadline any schedule start time cannot go beyond, including reschedule. It's normally the initial schedule start time plus maintenance window length (1 day or 1 week). Maintenance cannot be scheduled to start beyond this deadline.", + "format": "google-datetime", + "type": "string" + }, + "startTime": { + "description": "The scheduled start time for the maintenance.", + "format": "google-datetime", + "type": "string" + } + }, + "type": "object" + }, + "MaintenanceSettings": { + "description": "Maintenance settings associated with instance. Allows service producers and end users to assign settings that controls maintenance on this instance.", + "id": "MaintenanceSettings", + "properties": { + "exclude": { + "description": "Optional. Exclude instance from maintenance. When true, rollout service will not attempt maintenance on the instance. Rollout service will include the instance in reported rollout progress as not attempted.", + "type": "boolean" + }, + "isRollback": { + "description": "Optional. If the update call is triggered from rollback, set the value as true.", + "type": "boolean" + }, + "maintenancePolicies": { + "additionalProperties": { + "$ref": "MaintenancePolicy" + }, + "description": "Optional. The MaintenancePolicies that have been attached to the instance. The key must be of the type name of the oneof policy name defined in MaintenancePolicy, and the embedded policy must define the same policy type. For details, please refer to go/mr-user-guide. Should not be set if maintenance_policy_names is set. If only the name is needed, then only populate MaintenancePolicy.name.", + "type": "object" + } + }, + "type": "object" + }, + "MaintenanceWindow": { + "description": "MaintenanceWindow definition.", + "id": "MaintenanceWindow", + "properties": { + "dailyCycle": { + "$ref": "DailyCycle", + "description": "Daily cycle." + }, + "weeklyCycle": { + "$ref": "WeeklyCycle", + "description": "Weekly cycle." + } + }, + "type": "object" + }, "ManagedZone": { "description": "represents the Connector's Managed Zone resource", "id": "ManagedZone", @@ -5324,6 +5624,39 @@ }, "type": "object" }, + "NodeSloMetadata": { + "description": "Node information for custom per-node SLO implementations. SSA does not support per-node SLO, but producers can populate per-node information in SloMetadata for custom precomputations. SSA Eligibility Exporter will emit per-node metric based on this information.", + "id": "NodeSloMetadata", + "properties": { + "location": { + "description": "The location of the node, if different from instance location.", + "type": "string" + }, + "nodeId": { + "description": "The id of the node. This should be equal to SaasInstanceNode.node_id.", + "type": "string" + }, + "perSliEligibility": { + "$ref": "PerSliSloEligibility", + "description": "If present, this will override eligibility for the node coming from instance or exclusions for specified SLIs." + } + }, + "type": "object" + }, + "NotificationParameter": { + "description": "Contains notification related data.", + "id": "NotificationParameter", + "properties": { + "values": { + "description": "Optional. Array of string values. e.g. instance's replica information.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "Oauth2AuthCodeFlow": { "description": "Parameters to support Oauth 2.0 Auth Code Grant Authentication. See https://www.rfc-editor.org/rfc/rfc6749#section-1.3.1 for more details.", "id": "Oauth2AuthCodeFlow", @@ -5475,6 +5808,20 @@ }, "type": "object" }, + "PerSliSloEligibility": { + "description": "PerSliSloEligibility is a mapping from an SLI name to eligibility.", + "id": "PerSliSloEligibility", + "properties": { + "eligibilities": { + "additionalProperties": { + "$ref": "SloEligibility" + }, + "description": "An entry in the eligibilities map specifies an eligibility for a particular SLI for the given instance. The SLI key in the name must be a valid SLI name specified in the Eligibility Exporter binary flags otherwise an error will be emitted by Eligibility Exporter and the oncaller will be alerted. If an SLI has been defined in the binary flags but the eligibilities map does not contain it, the corresponding SLI time series will not be emitted by the Eligibility Exporter. This ensures a smooth rollout and compatibility between the data produced by different versions of the Eligibility Exporters. If eligibilities map contains a key for an SLI which has not been declared in the binary flags, there will be an error message emitted in the Eligibility Exporter log and the metric for the SLI in question will not be emitted.", + "type": "object" + } + }, + "type": "object" + }, "Policy": { "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time \u003c timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time \u003c timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).", "id": "Policy", @@ -5582,6 +5929,21 @@ }, "type": "object" }, + "ProvisionedResource": { + "description": "Describes provisioned dataplane resources.", + "id": "ProvisionedResource", + "properties": { + "resourceType": { + "description": "Type of the resource. This can be either a GCP resource or a custom one (e.g. another cloud provider's VM). For GCP compute resources use singular form of the names listed in GCP compute API documentation (https://cloud.google.com/compute/docs/reference/rest/v1/), prefixed with 'compute-', for example: 'compute-instance', 'compute-disk', 'compute-autoscaler'.", + "type": "string" + }, + "resourceUrl": { + "description": "URL identifying the resource, e.g. \"https://www.googleapis.com/compute/v1/projects/...)\".", + "type": "string" + } + }, + "type": "object" + }, "RefreshConnectionSchemaMetadataRequest": { "description": "Request message for ConnectorsService.RefreshConnectionSchemaMetadata.", "id": "RefreshConnectionSchemaMetadataRequest", @@ -6038,6 +6400,46 @@ }, "type": "object" }, + "Schedule": { + "description": "Configure the schedule.", + "id": "Schedule", + "properties": { + "day": { + "description": "Allows to define schedule that runs specified day of the week.", + "enum": [ + "DAY_OF_WEEK_UNSPECIFIED", + "MONDAY", + "TUESDAY", + "WEDNESDAY", + "THURSDAY", + "FRIDAY", + "SATURDAY", + "SUNDAY" + ], + "enumDescriptions": [ + "The day of the week is unspecified.", + "Monday", + "Tuesday", + "Wednesday", + "Thursday", + "Friday", + "Saturday", + "Sunday" + ], + "type": "string" + }, + "duration": { + "description": "Output only. Duration of the time window, set by service producer.", + "format": "google-duration", + "type": "string" + }, + "startTime": { + "$ref": "TimeOfDay", + "description": "Time within the window to start the operations." + } + }, + "type": "object" + }, "Secret": { "description": "Secret provides a reference to entries in Secret Manager.", "id": "Secret", @@ -6091,6 +6493,43 @@ }, "type": "object" }, + "SloEligibility": { + "description": "SloEligibility is a tuple containing eligibility value: true if an instance is eligible for SLO calculation or false if it should be excluded from all SLO-related calculations along with a user-defined reason.", + "id": "SloEligibility", + "properties": { + "eligible": { + "description": "Whether an instance is eligible or ineligible.", + "type": "boolean" + }, + "reason": { + "description": "User-defined reason for the current value of instance eligibility. Usually, this can be directly mapped to the internal state. An empty reason is allowed.", + "type": "string" + } + }, + "type": "object" + }, + "SloMetadata": { + "description": "SloMetadata contains resources required for proper SLO classification of the instance.", + "id": "SloMetadata", + "properties": { + "nodes": { + "description": "Optional. List of nodes. Some producers need to use per-node metadata to calculate SLO. This field allows such producers to publish per-node SLO meta data, which will be consumed by SSA Eligibility Exporter and published in the form of per node metric to Monarch.", + "items": { + "$ref": "NodeSloMetadata" + }, + "type": "array" + }, + "perSliEligibility": { + "$ref": "PerSliSloEligibility", + "description": "Optional. Multiple per-instance SLI eligibilities which apply for individual SLIs." + }, + "tier": { + "description": "Name of the SLO tier the Instance belongs to. This name will be expected to match the tiers specified in the service SLO configuration. Field is mandatory and must not be empty.", + "type": "string" + } + }, + "type": "object" + }, "Source": { "description": "Source to extract the backend from.", "id": "Source", @@ -6359,6 +6798,71 @@ }, "type": "object" }, + "TimeOfDay": { + "description": "Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`.", + "id": "TimeOfDay", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int32", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int32", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int32", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "UpdatePolicy": { + "description": "Maintenance policy applicable to instance updates.", + "id": "UpdatePolicy", + "properties": { + "channel": { + "description": "Optional. Relative scheduling channel applied to resource.", + "enum": [ + "UPDATE_CHANNEL_UNSPECIFIED", + "EARLIER", + "LATER", + "WEEK1", + "WEEK2", + "WEEK5" + ], + "enumDescriptions": [ + "Unspecified channel.", + "Early channel within a customer project.", + "Later channel within a customer project.", + "! ! The follow channels can ONLY be used if you adopt the new MW system! ! ! NOTE: all WEEK channels are assumed to be under a weekly window. ! There is currently no dedicated channel definitions for Daily windows. ! If you use Daily window, the system will assume a 1d (24Hours) advanced ! notification period b/w EARLY and LATER. ! We may consider support more flexible daily channel specifications in ! the future. WEEK1 == EARLIER with minimum 7d advanced notification. {7d, 14d} The system will treat them equally and will use WEEK1 whenever it can. New customers are encouraged to use this channel annotation.", + "WEEK2 == LATER with minimum 14d advanced notification {14d, 21d}.", + "WEEK5 == 40d support. minimum 35d advanced notification {35d, 42d}." + ], + "type": "string" + }, + "denyMaintenancePeriods": { + "description": "Deny Maintenance Period that is applied to resource to indicate when maintenance is forbidden. The protocol supports zero-to-many such periods, but the current SLM Rollout implementation only supports zero-to-one.", + "items": { + "$ref": "DenyMaintenancePeriod" + }, + "type": "array" + }, + "window": { + "$ref": "MaintenanceWindow", + "description": "Optional. Maintenance window that is applied to resources covered by this policy." + } + }, + "type": "object" + }, "UserPassword": { "description": "Parameters to support Username and Password Authentication.", "id": "UserPassword", @@ -6373,6 +6877,20 @@ } }, "type": "object" + }, + "WeeklyCycle": { + "description": "Time window specified for weekly operations.", + "id": "WeeklyCycle", + "properties": { + "schedule": { + "description": "User can specify multiple windows in a week. Minimum of 1 window.", + "items": { + "$ref": "Schedule" + }, + "type": "array" + } + }, + "type": "object" } }, "servicePath": "", diff --git a/connectors/v1/connectors-gen.go b/connectors/v1/connectors-gen.go index fc0b91dcc3f..2b3537bb743 100644 --- a/connectors/v1/connectors-gen.go +++ b/connectors/v1/connectors-gen.go @@ -638,11 +638,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -654,7 +677,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. @@ -764,6 +792,7 @@ type ConfigVariableTemplate struct { // "HEADER" - Request header. // "PAYLOAD" - Request Payload. // "QUERY_PARAM" - Request query param. + // "PATH_PARAM" - Request path param. LocationType string `json:"locationType,omitempty"` // Required: Flag represents that this `ConfigVariable` must be provided @@ -1569,6 +1598,129 @@ func (s *CustomConnectorVersion) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// DailyCycle: Time window specified for daily operations. +type DailyCycle struct { + // Duration: Output only. Duration of the time window, set by service + // producer. + Duration string `json:"duration,omitempty"` + + // StartTime: Time within the day to start the operations. + StartTime *TimeOfDay `json:"startTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Duration") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Duration") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *DailyCycle) MarshalJSON() ([]byte, error) { + type NoMethod DailyCycle + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// Date: Represents a whole or partial calendar date, such as a +// birthday. The time of day and time zone are either specified +// elsewhere or are insignificant. The date is relative to the Gregorian +// Calendar. This can represent one of the following: * A full date, +// with non-zero year, month, and day values. * A month and day, with a +// zero year (for example, an anniversary). * A year on its own, with a +// zero month and a zero day. * A year and month, with a zero day (for +// example, a credit card expiration date). Related types: * +// google.type.TimeOfDay * google.type.DateTime * +// google.protobuf.Timestamp +type Date struct { + // Day: Day of a month. Must be from 1 to 31 and valid for the year and + // month, or 0 to specify a year by itself or a year and month where the + // day isn't significant. + Day int64 `json:"day,omitempty"` + + // Month: Month of a year. Must be from 1 to 12, or 0 to specify a year + // without a month and day. + Month int64 `json:"month,omitempty"` + + // Year: Year of the date. Must be from 1 to 9999, or 0 to specify a + // date without a year. + Year int64 `json:"year,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Day") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Day") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *Date) MarshalJSON() ([]byte, error) { + type NoMethod Date + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// DenyMaintenancePeriod: DenyMaintenancePeriod definition. Maintenance +// is forbidden within the deny period. The start_date must be less than +// the end_date. +type DenyMaintenancePeriod struct { + // EndDate: Deny period end date. This can be: * A full date, with + // non-zero year, month and day values. * A month and day value, with a + // zero year. Allows recurring deny periods each year. Date matching + // this period will have to be before the end. + EndDate *Date `json:"endDate,omitempty"` + + // StartDate: Deny period start date. This can be: * A full date, with + // non-zero year, month and day values. * A month and day value, with a + // zero year. Allows recurring deny periods each year. Date matching + // this period will have to be the same or after the start. + StartDate *Date `json:"startDate,omitempty"` + + // Time: Time in UTC when the Blackout period starts on start_date and + // ends on end_date. This can be: * Full time. * All zeros for 00:00:00 + // UTC + Time *TimeOfDay `json:"time,omitempty"` + + // ForceSendFields is a list of field names (e.g. "EndDate") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "EndDate") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *DenyMaintenancePeriod) MarshalJSON() ([]byte, error) { + type NoMethod DenyMaintenancePeriod + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + type Destination struct { // Host: For publicly routable host. Host string `json:"host,omitempty"` @@ -2848,6 +3000,155 @@ func (s *InputParameter) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// Instance: Instance represents the interface for SLM services to +// actuate the state of control plane resources. Example Instance in +// JSON, where consumer-project-number=123456, +// producer-project-id=cloud-sql: ```json Instance: { "name": +// "projects/123456/locations/us-east1/instances/prod-instance", +// "create_time": { "seconds": 1526406431, }, "labels": { "env": "prod", +// "foo": "bar" }, "state": READY, "software_versions": { +// "software_update": "cloud-sql-09-28-2018", }, +// "maintenance_policy_names": { "UpdatePolicy": +// "projects/123456/locations/us-east1/maintenancePolicies/prod-update-po +// licy", } "tenant_project_id": "cloud-sql-test-tenant", +// "producer_metadata": { "cloud-sql-tier": "basic", +// "cloud-sql-instance-size": "1G", }, "provisioned_resources": [ { +// "resource-type": "compute-instance", "resource-url": +// "https://www.googleapis.com/compute/v1/projects/cloud-sql/zones/us-eas +// t1-b/instances/vm-1", } ], "maintenance_schedules": { "csa_rollout": +// { "start_time": { "seconds": 1526406431, }, "end_time": { "seconds": +// 1535406431, }, }, "ncsa_rollout": { "start_time": { "seconds": +// 1526406431, }, "end_time": { "seconds": 1535406431, }, } }, +// "consumer_defined_name": "my-sql-instance1", } ``` LINT.IfChange +type Instance struct { + // ConsumerDefinedName: consumer_defined_name is the name of the + // instance set by the service consumers. Generally this is different + // from the `name` field which reperesents the system-assigned id of the + // instance which the service consumers do not recognize. This is a + // required field for tenants onboarding to Maintenance Window + // notifications (go/slm-rollout-maintenance-policies#prerequisites). + ConsumerDefinedName string `json:"consumerDefinedName,omitempty"` + + // CreateTime: Output only. Timestamp when the resource was created. + CreateTime string `json:"createTime,omitempty"` + + // InstanceType: Optional. The instance_type of this instance of format: + // projects/{project_number}/locations/{location_id}/instanceTypes/{insta + // nce_type_id}. Instance Type represents a high-level tier or SKU of + // the service that this instance belong to. When enabled(eg: + // Maintenance Rollout), Rollout uses 'instance_type' along with + // 'software_versions' to determine whether instance needs an update or + // not. + InstanceType string `json:"instanceType,omitempty"` + + // Labels: Optional. Resource labels to represent user provided + // metadata. Each label is a key-value pair, where both the key and the + // value are arbitrary strings provided by the user. + Labels map[string]string `json:"labels,omitempty"` + + // MaintenancePolicyNames: Optional. The MaintenancePolicies that have + // been attached to the instance. The key must be of the type name of + // the oneof policy name defined in MaintenancePolicy, and the + // referenced policy must define the same policy type. For details, + // please refer to go/mr-user-guide. Should not be set if + // maintenance_settings.maintenance_policies is set. + MaintenancePolicyNames map[string]string `json:"maintenancePolicyNames,omitempty"` + + // MaintenanceSchedules: The MaintenanceSchedule contains the scheduling + // information of published maintenance schedule with same key as + // software_versions. + MaintenanceSchedules map[string]MaintenanceSchedule `json:"maintenanceSchedules,omitempty"` + + // MaintenanceSettings: Optional. The MaintenanceSettings associated + // with instance. + MaintenanceSettings *MaintenanceSettings `json:"maintenanceSettings,omitempty"` + + // Name: Unique name of the resource. It uses the form: + // `projects/{project_number}/locations/{location_id}/instances/{instance + // _id}` Note: This name is passed, stored and logged across the rollout + // system. So use of consumer project_id or any other consumer PII in + // the name is strongly discouraged for wipeout (go/wipeout) compliance. + // See go/elysium/project_ids#storage-guidance for more details. + Name string `json:"name,omitempty"` + + // NotificationParameters: Optional. notification_parameter are + // information that service producers may like to include that is not + // relevant to Rollout. This parameter will only be passed to Gamma and + // Cloud Logging for notification/logging purpose. + NotificationParameters map[string]NotificationParameter `json:"notificationParameters,omitempty"` + + // ProducerMetadata: Output only. Custom string attributes used + // primarily to expose producer-specific information in monitoring + // dashboards. See go/get-instance-metadata. + ProducerMetadata map[string]string `json:"producerMetadata,omitempty"` + + // ProvisionedResources: Output only. The list of data plane resources + // provisioned for this instance, e.g. compute VMs. See + // go/get-instance-metadata. + ProvisionedResources []*ProvisionedResource `json:"provisionedResources,omitempty"` + + // SlmInstanceTemplate: Link to the SLM instance template. Only + // populated when updating SLM instances via SSA's Actuation service + // adaptor. Service producers with custom control plane (e.g. Cloud SQL) + // doesn't need to populate this field. Instead they should use + // software_versions. + SlmInstanceTemplate string `json:"slmInstanceTemplate,omitempty"` + + // SloMetadata: Output only. SLO metadata for instance classification in + // the Standardized dataplane SLO platform. See + // go/cloud-ssa-standard-slo for feature description. + SloMetadata *SloMetadata `json:"sloMetadata,omitempty"` + + // SoftwareVersions: Software versions that are used to deploy this + // instance. This can be mutated by rollout services. + SoftwareVersions map[string]string `json:"softwareVersions,omitempty"` + + // State: Output only. Current lifecycle state of the resource (e.g. if + // it's being created or ready to use). + // + // Possible values: + // "STATE_UNSPECIFIED" - Unspecified state. + // "CREATING" - Instance is being created. + // "READY" - Instance has been created and is ready to use. + // "UPDATING" - Instance is being updated. + // "REPAIRING" - Instance is unheathy and under repair. + // "DELETING" - Instance is being deleted. + // "ERROR" - Instance encountered an error and is in indeterministic + // state. + State string `json:"state,omitempty"` + + // TenantProjectId: Output only. ID of the associated GCP tenant + // project. See go/get-instance-metadata. + TenantProjectId string `json:"tenantProjectId,omitempty"` + + // UpdateTime: Output only. Timestamp when the resource was last + // modified. + UpdateTime string `json:"updateTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "ConsumerDefinedName") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "ConsumerDefinedName") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *Instance) MarshalJSON() ([]byte, error) { + type NoMethod Instance + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // JMS: JMS message denotes the source of the event type JMS struct { // Name: Optional. Name of the JMS source. i.e. queueName or topicName @@ -3792,6 +4093,196 @@ func (s *LogicalExpression) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// MaintenancePolicy: LINT.IfChange Defines policies to service +// maintenance events. +type MaintenancePolicy struct { + // CreateTime: Output only. The time when the resource was created. + CreateTime string `json:"createTime,omitempty"` + + // Description: Optional. Description of what this policy is for. + // Create/Update methods return INVALID_ARGUMENT if the length is + // greater than 512. + Description string `json:"description,omitempty"` + + // Labels: Optional. Resource labels to represent user provided + // metadata. Each label is a key-value pair, where both the key and the + // value are arbitrary strings provided by the user. + Labels map[string]string `json:"labels,omitempty"` + + // Name: Required. MaintenancePolicy name using the form: + // `projects/{project_id}/locations/{location_id}/maintenancePolicies/{ma + // intenance_policy_id}` where {project_id} refers to a GCP consumer + // project ID, {location_id} refers to a GCP region/zone, + // {maintenance_policy_id} must be 1-63 characters long and match the + // regular expression `[a-z0-9]([-a-z0-9]*[a-z0-9])?`. + Name string `json:"name,omitempty"` + + // State: Optional. The state of the policy. + // + // Possible values: + // "STATE_UNSPECIFIED" - Unspecified state. + // "READY" - Resource is ready to be used. + // "DELETING" - Resource is being deleted. It can no longer be + // attached to instances. + State string `json:"state,omitempty"` + + // UpdatePolicy: Maintenance policy applicable to instance update. + UpdatePolicy *UpdatePolicy `json:"updatePolicy,omitempty"` + + // UpdateTime: Output only. The time when the resource was updated. + UpdateTime string `json:"updateTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *MaintenancePolicy) MarshalJSON() ([]byte, error) { + type NoMethod MaintenancePolicy + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// MaintenanceSchedule: Maintenance schedule which is exposed to +// customer and potentially end user, indicating published upcoming +// future maintenance schedule +type MaintenanceSchedule struct { + // CanReschedule: This field is deprecated, and will be always set to + // true since reschedule can happen multiple times now. This field + // should not be removed until all service producers remove this for + // their customers. + CanReschedule bool `json:"canReschedule,omitempty"` + + // EndTime: The scheduled end time for the maintenance. + EndTime string `json:"endTime,omitempty"` + + // RolloutManagementPolicy: The rollout management policy this + // maintenance schedule is associated with. When doing reschedule update + // request, the reschedule should be against this given policy. + RolloutManagementPolicy string `json:"rolloutManagementPolicy,omitempty"` + + // ScheduleDeadlineTime: schedule_deadline_time is the time deadline any + // schedule start time cannot go beyond, including reschedule. It's + // normally the initial schedule start time plus maintenance window + // length (1 day or 1 week). Maintenance cannot be scheduled to start + // beyond this deadline. + ScheduleDeadlineTime string `json:"scheduleDeadlineTime,omitempty"` + + // StartTime: The scheduled start time for the maintenance. + StartTime string `json:"startTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CanReschedule") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CanReschedule") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *MaintenanceSchedule) MarshalJSON() ([]byte, error) { + type NoMethod MaintenanceSchedule + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// MaintenanceSettings: Maintenance settings associated with instance. +// Allows service producers and end users to assign settings that +// controls maintenance on this instance. +type MaintenanceSettings struct { + // Exclude: Optional. Exclude instance from maintenance. When true, + // rollout service will not attempt maintenance on the instance. Rollout + // service will include the instance in reported rollout progress as not + // attempted. + Exclude bool `json:"exclude,omitempty"` + + // IsRollback: Optional. If the update call is triggered from rollback, + // set the value as true. + IsRollback bool `json:"isRollback,omitempty"` + + // MaintenancePolicies: Optional. The MaintenancePolicies that have been + // attached to the instance. The key must be of the type name of the + // oneof policy name defined in MaintenancePolicy, and the embedded + // policy must define the same policy type. For details, please refer to + // go/mr-user-guide. Should not be set if maintenance_policy_names is + // set. If only the name is needed, then only populate + // MaintenancePolicy.name. + MaintenancePolicies map[string]MaintenancePolicy `json:"maintenancePolicies,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Exclude") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Exclude") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *MaintenanceSettings) MarshalJSON() ([]byte, error) { + type NoMethod MaintenanceSettings + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// MaintenanceWindow: MaintenanceWindow definition. +type MaintenanceWindow struct { + // DailyCycle: Daily cycle. + DailyCycle *DailyCycle `json:"dailyCycle,omitempty"` + + // WeeklyCycle: Weekly cycle. + WeeklyCycle *WeeklyCycle `json:"weeklyCycle,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DailyCycle") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DailyCycle") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *MaintenanceWindow) MarshalJSON() ([]byte, error) { + type NoMethod MaintenanceWindow + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // ManagedZone: represents the Connector's Managed Zone resource type ManagedZone struct { // CreateTime: Output only. Created time. @@ -3915,6 +4406,76 @@ func (s *NodeConfig) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// NodeSloMetadata: Node information for custom per-node SLO +// implementations. SSA does not support per-node SLO, but producers can +// populate per-node information in SloMetadata for custom +// precomputations. SSA Eligibility Exporter will emit per-node metric +// based on this information. +type NodeSloMetadata struct { + // Location: The location of the node, if different from instance + // location. + Location string `json:"location,omitempty"` + + // NodeId: The id of the node. This should be equal to + // SaasInstanceNode.node_id. + NodeId string `json:"nodeId,omitempty"` + + // PerSliEligibility: If present, this will override eligibility for the + // node coming from instance or exclusions for specified SLIs. + PerSliEligibility *PerSliSloEligibility `json:"perSliEligibility,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Location") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Location") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *NodeSloMetadata) MarshalJSON() ([]byte, error) { + type NoMethod NodeSloMetadata + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// NotificationParameter: Contains notification related data. +type NotificationParameter struct { + // Values: Optional. Array of string values. e.g. instance's replica + // information. + Values []string `json:"values,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Values") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Values") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *NotificationParameter) MarshalJSON() ([]byte, error) { + type NoMethod NotificationParameter + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Oauth2AuthCodeFlow: Parameters to support Oauth 2.0 Auth Code Grant // Authentication. See // https://www.rfc-editor.org/rfc/rfc6749#section-1.3.1 for more @@ -4154,6 +4715,47 @@ func (s *OperationMetadata) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// PerSliSloEligibility: PerSliSloEligibility is a mapping from an SLI +// name to eligibility. +type PerSliSloEligibility struct { + // Eligibilities: An entry in the eligibilities map specifies an + // eligibility for a particular SLI for the given instance. The SLI key + // in the name must be a valid SLI name specified in the Eligibility + // Exporter binary flags otherwise an error will be emitted by + // Eligibility Exporter and the oncaller will be alerted. If an SLI has + // been defined in the binary flags but the eligibilities map does not + // contain it, the corresponding SLI time series will not be emitted by + // the Eligibility Exporter. This ensures a smooth rollout and + // compatibility between the data produced by different versions of the + // Eligibility Exporters. If eligibilities map contains a key for an SLI + // which has not been declared in the binary flags, there will be an + // error message emitted in the Eligibility Exporter log and the metric + // for the SLI in question will not be emitted. + Eligibilities map[string]SloEligibility `json:"eligibilities,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Eligibilities") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Eligibilities") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *PerSliSloEligibility) MarshalJSON() ([]byte, error) { + type NoMethod PerSliSloEligibility + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Policy: An Identity and Access Management (IAM) policy, which // specifies access controls for Google Cloud resources. A `Policy` is a // collection of `bindings`. A `binding` binds one or more `members`, or @@ -4336,6 +4938,44 @@ func (s *Provider) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// ProvisionedResource: Describes provisioned dataplane resources. +type ProvisionedResource struct { + // ResourceType: Type of the resource. This can be either a GCP resource + // or a custom one (e.g. another cloud provider's VM). For GCP compute + // resources use singular form of the names listed in GCP compute API + // documentation + // (https://cloud.google.com/compute/docs/reference/rest/v1/), prefixed + // with 'compute-', for example: 'compute-instance', 'compute-disk', + // 'compute-autoscaler'. + ResourceType string `json:"resourceType,omitempty"` + + // ResourceUrl: URL identifying the resource, e.g. + // "https://www.googleapis.com/compute/v1/projects/...)". + ResourceUrl string `json:"resourceUrl,omitempty"` + + // ForceSendFields is a list of field names (e.g. "ResourceType") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "ResourceType") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *ProvisionedResource) MarshalJSON() ([]byte, error) { + type NoMethod ProvisionedResource + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // RefreshConnectionSchemaMetadataRequest: Request message for // ConnectorsService.RefreshConnectionSchemaMetadata. type RefreshConnectionSchemaMetadataRequest struct { @@ -4806,6 +5446,51 @@ func (s *RuntimeEntitySchema) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// Schedule: Configure the schedule. +type Schedule struct { + // Day: Allows to define schedule that runs specified day of the week. + // + // Possible values: + // "DAY_OF_WEEK_UNSPECIFIED" - The day of the week is unspecified. + // "MONDAY" - Monday + // "TUESDAY" - Tuesday + // "WEDNESDAY" - Wednesday + // "THURSDAY" - Thursday + // "FRIDAY" - Friday + // "SATURDAY" - Saturday + // "SUNDAY" - Sunday + Day string `json:"day,omitempty"` + + // Duration: Output only. Duration of the time window, set by service + // producer. + Duration string `json:"duration,omitempty"` + + // StartTime: Time within the window to start the operations. + StartTime *TimeOfDay `json:"startTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Day") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Day") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *Schedule) MarshalJSON() ([]byte, error) { + type NoMethod Schedule + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Secret: Secret provides a reference to entries in Secret Manager. type Secret struct { // SecretVersion: The resource name of the secret version in the format, @@ -4915,6 +5600,84 @@ func (s *Settings) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// SloEligibility: SloEligibility is a tuple containing eligibility +// value: true if an instance is eligible for SLO calculation or false +// if it should be excluded from all SLO-related calculations along with +// a user-defined reason. +type SloEligibility struct { + // Eligible: Whether an instance is eligible or ineligible. + Eligible bool `json:"eligible,omitempty"` + + // Reason: User-defined reason for the current value of instance + // eligibility. Usually, this can be directly mapped to the internal + // state. An empty reason is allowed. + Reason string `json:"reason,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Eligible") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Eligible") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *SloEligibility) MarshalJSON() ([]byte, error) { + type NoMethod SloEligibility + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// SloMetadata: SloMetadata contains resources required for proper SLO +// classification of the instance. +type SloMetadata struct { + // Nodes: Optional. List of nodes. Some producers need to use per-node + // metadata to calculate SLO. This field allows such producers to + // publish per-node SLO meta data, which will be consumed by SSA + // Eligibility Exporter and published in the form of per node metric to + // Monarch. + Nodes []*NodeSloMetadata `json:"nodes,omitempty"` + + // PerSliEligibility: Optional. Multiple per-instance SLI eligibilities + // which apply for individual SLIs. + PerSliEligibility *PerSliSloEligibility `json:"perSliEligibility,omitempty"` + + // Tier: Name of the SLO tier the Instance belongs to. This name will be + // expected to match the tiers specified in the service SLO + // configuration. Field is mandatory and must not be empty. + Tier string `json:"tier,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Nodes") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Nodes") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *SloMetadata) MarshalJSON() ([]byte, error) { + type NoMethod SloMetadata + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Source: Source to extract the backend from. type Source struct { // FieldId: Field identifier. For example config vaiable name. @@ -5268,6 +6031,107 @@ func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// TimeOfDay: Represents a time of day. The date and time zone are +// either not significant or are specified elsewhere. An API may choose +// to allow leap seconds. Related types are google.type.Date and +// `google.protobuf.Timestamp`. +type TimeOfDay struct { + // Hours: Hours of day in 24 hour format. Should be from 0 to 23. An API + // may choose to allow the value "24:00:00" for scenarios like business + // closing time. + Hours int64 `json:"hours,omitempty"` + + // Minutes: Minutes of hour of day. Must be from 0 to 59. + Minutes int64 `json:"minutes,omitempty"` + + // Nanos: Fractions of seconds in nanoseconds. Must be from 0 to + // 999,999,999. + Nanos int64 `json:"nanos,omitempty"` + + // Seconds: Seconds of minutes of the time. Must normally be from 0 to + // 59. An API may allow the value 60 if it allows leap-seconds. + Seconds int64 `json:"seconds,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Hours") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Hours") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *TimeOfDay) MarshalJSON() ([]byte, error) { + type NoMethod TimeOfDay + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// UpdatePolicy: Maintenance policy applicable to instance updates. +type UpdatePolicy struct { + // Channel: Optional. Relative scheduling channel applied to resource. + // + // Possible values: + // "UPDATE_CHANNEL_UNSPECIFIED" - Unspecified channel. + // "EARLIER" - Early channel within a customer project. + // "LATER" - Later channel within a customer project. + // "WEEK1" - ! ! The follow channels can ONLY be used if you adopt the + // new MW system! ! ! NOTE: all WEEK channels are assumed to be under a + // weekly window. ! There is currently no dedicated channel definitions + // for Daily windows. ! If you use Daily window, the system will assume + // a 1d (24Hours) advanced ! notification period b/w EARLY and LATER. ! + // We may consider support more flexible daily channel specifications in + // ! the future. WEEK1 == EARLIER with minimum 7d advanced notification. + // {7d, 14d} The system will treat them equally and will use WEEK1 + // whenever it can. New customers are encouraged to use this channel + // annotation. + // "WEEK2" - WEEK2 == LATER with minimum 14d advanced notification + // {14d, 21d}. + // "WEEK5" - WEEK5 == 40d support. minimum 35d advanced notification + // {35d, 42d}. + Channel string `json:"channel,omitempty"` + + // DenyMaintenancePeriods: Deny Maintenance Period that is applied to + // resource to indicate when maintenance is forbidden. The protocol + // supports zero-to-many such periods, but the current SLM Rollout + // implementation only supports zero-to-one. + DenyMaintenancePeriods []*DenyMaintenancePeriod `json:"denyMaintenancePeriods,omitempty"` + + // Window: Optional. Maintenance window that is applied to resources + // covered by this policy. + Window *MaintenanceWindow `json:"window,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Channel") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Channel") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *UpdatePolicy) MarshalJSON() ([]byte, error) { + type NoMethod UpdatePolicy + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // UserPassword: Parameters to support Username and Password // Authentication. type UserPassword struct { @@ -5300,6 +6164,35 @@ func (s *UserPassword) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// WeeklyCycle: Time window specified for weekly operations. +type WeeklyCycle struct { + // Schedule: User can specify multiple windows in a week. Minimum of 1 + // window. + Schedule []*Schedule `json:"schedule,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Schedule") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Schedule") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *WeeklyCycle) MarshalJSON() ([]byte, error) { + type NoMethod WeeklyCycle + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // method id "connectors.projects.locations.get": type ProjectsLocationsGetCall struct { diff --git a/connectors/v2/connectors-api.json b/connectors/v2/connectors-api.json index 7d9474063cb..f1d2326fd1f 100644 --- a/connectors/v2/connectors-api.json +++ b/connectors/v2/connectors-api.json @@ -660,7 +660,7 @@ } } }, - "revision": "20231205", + "revision": "20231213", "rootUrl": "https://connectors.googleapis.com/", "schemas": { "AccessCredentials": { @@ -761,6 +761,63 @@ }, "type": "object" }, + "DailyCycle": { + "description": "Time window specified for daily operations.", + "id": "DailyCycle", + "properties": { + "duration": { + "description": "Output only. Duration of the time window, set by service producer.", + "format": "google-duration", + "type": "string" + }, + "startTime": { + "$ref": "TimeOfDay", + "description": "Time within the day to start the operations." + } + }, + "type": "object" + }, + "Date": { + "description": "Represents a whole or partial calendar date, such as a birthday. The time of day and time zone are either specified elsewhere or are insignificant. The date is relative to the Gregorian Calendar. This can represent one of the following: * A full date, with non-zero year, month, and day values. * A month and day, with a zero year (for example, an anniversary). * A year on its own, with a zero month and a zero day. * A year and month, with a zero day (for example, a credit card expiration date). Related types: * google.type.TimeOfDay * google.type.DateTime * google.protobuf.Timestamp", + "id": "Date", + "properties": { + "day": { + "description": "Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.", + "format": "int32", + "type": "integer" + }, + "month": { + "description": "Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.", + "format": "int32", + "type": "integer" + }, + "year": { + "description": "Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "DenyMaintenancePeriod": { + "description": "DenyMaintenancePeriod definition. Maintenance is forbidden within the deny period. The start_date must be less than the end_date.", + "id": "DenyMaintenancePeriod", + "properties": { + "endDate": { + "$ref": "Date", + "description": "Deny period end date. This can be: * A full date, with non-zero year, month and day values. * A month and day value, with a zero year. Allows recurring deny periods each year. Date matching this period will have to be before the end." + }, + "startDate": { + "$ref": "Date", + "description": "Deny period start date. This can be: * A full date, with non-zero year, month and day values. * A month and day value, with a zero year. Allows recurring deny periods each year. Date matching this period will have to be the same or after the start." + }, + "time": { + "$ref": "TimeOfDay", + "description": "Time in UTC when the Blackout period starts on start_date and ends on end_date. This can be: * Full time. * All zeros for 00:00:00 UTC" + } + }, + "type": "object" + }, "Empty": { "description": "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }", "id": "Empty", @@ -1254,6 +1311,129 @@ }, "type": "object" }, + "Instance": { + "description": "Instance represents the interface for SLM services to actuate the state of control plane resources. Example Instance in JSON, where consumer-project-number=123456, producer-project-id=cloud-sql: ```json Instance: { \"name\": \"projects/123456/locations/us-east1/instances/prod-instance\", \"create_time\": { \"seconds\": 1526406431, }, \"labels\": { \"env\": \"prod\", \"foo\": \"bar\" }, \"state\": READY, \"software_versions\": { \"software_update\": \"cloud-sql-09-28-2018\", }, \"maintenance_policy_names\": { \"UpdatePolicy\": \"projects/123456/locations/us-east1/maintenancePolicies/prod-update-policy\", } \"tenant_project_id\": \"cloud-sql-test-tenant\", \"producer_metadata\": { \"cloud-sql-tier\": \"basic\", \"cloud-sql-instance-size\": \"1G\", }, \"provisioned_resources\": [ { \"resource-type\": \"compute-instance\", \"resource-url\": \"https://www.googleapis.com/compute/v1/projects/cloud-sql/zones/us-east1-b/instances/vm-1\", } ], \"maintenance_schedules\": { \"csa_rollout\": { \"start_time\": { \"seconds\": 1526406431, }, \"end_time\": { \"seconds\": 1535406431, }, }, \"ncsa_rollout\": { \"start_time\": { \"seconds\": 1526406431, }, \"end_time\": { \"seconds\": 1535406431, }, } }, \"consumer_defined_name\": \"my-sql-instance1\", } ``` LINT.IfChange", + "id": "Instance", + "properties": { + "consumerDefinedName": { + "description": "consumer_defined_name is the name of the instance set by the service consumers. Generally this is different from the `name` field which reperesents the system-assigned id of the instance which the service consumers do not recognize. This is a required field for tenants onboarding to Maintenance Window notifications (go/slm-rollout-maintenance-policies#prerequisites).", + "type": "string" + }, + "createTime": { + "description": "Output only. Timestamp when the resource was created.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + }, + "instanceType": { + "description": "Optional. The instance_type of this instance of format: projects/{project_number}/locations/{location_id}/instanceTypes/{instance_type_id}. Instance Type represents a high-level tier or SKU of the service that this instance belong to. When enabled(eg: Maintenance Rollout), Rollout uses 'instance_type' along with 'software_versions' to determine whether instance needs an update or not.", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Optional. Resource labels to represent user provided metadata. Each label is a key-value pair, where both the key and the value are arbitrary strings provided by the user.", + "type": "object" + }, + "maintenancePolicyNames": { + "additionalProperties": { + "type": "string" + }, + "description": "Optional. The MaintenancePolicies that have been attached to the instance. The key must be of the type name of the oneof policy name defined in MaintenancePolicy, and the referenced policy must define the same policy type. For details, please refer to go/mr-user-guide. Should not be set if maintenance_settings.maintenance_policies is set.", + "type": "object" + }, + "maintenanceSchedules": { + "additionalProperties": { + "$ref": "MaintenanceSchedule" + }, + "description": "The MaintenanceSchedule contains the scheduling information of published maintenance schedule with same key as software_versions.", + "type": "object" + }, + "maintenanceSettings": { + "$ref": "MaintenanceSettings", + "description": "Optional. The MaintenanceSettings associated with instance." + }, + "name": { + "description": "Unique name of the resource. It uses the form: `projects/{project_number}/locations/{location_id}/instances/{instance_id}` Note: This name is passed, stored and logged across the rollout system. So use of consumer project_id or any other consumer PII in the name is strongly discouraged for wipeout (go/wipeout) compliance. See go/elysium/project_ids#storage-guidance for more details.", + "type": "string" + }, + "notificationParameters": { + "additionalProperties": { + "$ref": "NotificationParameter" + }, + "description": "Optional. notification_parameter are information that service producers may like to include that is not relevant to Rollout. This parameter will only be passed to Gamma and Cloud Logging for notification/logging purpose.", + "type": "object" + }, + "producerMetadata": { + "additionalProperties": { + "type": "string" + }, + "description": "Output only. Custom string attributes used primarily to expose producer-specific information in monitoring dashboards. See go/get-instance-metadata.", + "readOnly": true, + "type": "object" + }, + "provisionedResources": { + "description": "Output only. The list of data plane resources provisioned for this instance, e.g. compute VMs. See go/get-instance-metadata.", + "items": { + "$ref": "ProvisionedResource" + }, + "readOnly": true, + "type": "array" + }, + "slmInstanceTemplate": { + "description": "Link to the SLM instance template. Only populated when updating SLM instances via SSA's Actuation service adaptor. Service producers with custom control plane (e.g. Cloud SQL) doesn't need to populate this field. Instead they should use software_versions.", + "type": "string" + }, + "sloMetadata": { + "$ref": "SloMetadata", + "description": "Output only. SLO metadata for instance classification in the Standardized dataplane SLO platform. See go/cloud-ssa-standard-slo for feature description.", + "readOnly": true + }, + "softwareVersions": { + "additionalProperties": { + "type": "string" + }, + "description": "Software versions that are used to deploy this instance. This can be mutated by rollout services.", + "type": "object" + }, + "state": { + "description": "Output only. Current lifecycle state of the resource (e.g. if it's being created or ready to use).", + "enum": [ + "STATE_UNSPECIFIED", + "CREATING", + "READY", + "UPDATING", + "REPAIRING", + "DELETING", + "ERROR" + ], + "enumDescriptions": [ + "Unspecified state.", + "Instance is being created.", + "Instance has been created and is ready to use.", + "Instance is being updated.", + "Instance is unheathy and under repair.", + "Instance is being deleted.", + "Instance encountered an error and is in indeterministic state." + ], + "readOnly": true, + "type": "string" + }, + "tenantProjectId": { + "description": "Output only. ID of the associated GCP tenant project. See go/get-instance-metadata.", + "readOnly": true, + "type": "string" + }, + "updateTime": { + "description": "Output only. Timestamp when the resource was last modified.", + "format": "google-datetime", + "readOnly": true, + "type": "string" + } + }, + "type": "object" + }, "JsonSchema": { "description": "JsonSchema representation of schema metadata", "id": "JsonSchema", @@ -1526,6 +1706,186 @@ }, "type": "object" }, + "MaintenancePolicy": { + "description": "LINT.IfChange Defines policies to service maintenance events.", + "id": "MaintenancePolicy", + "properties": { + "createTime": { + "description": "Output only. The time when the resource was created.", + "format": "google-datetime", + "type": "string" + }, + "description": { + "description": "Optional. Description of what this policy is for. Create/Update methods return INVALID_ARGUMENT if the length is greater than 512.", + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Optional. Resource labels to represent user provided metadata. Each label is a key-value pair, where both the key and the value are arbitrary strings provided by the user.", + "type": "object" + }, + "name": { + "description": "Required. MaintenancePolicy name using the form: `projects/{project_id}/locations/{location_id}/maintenancePolicies/{maintenance_policy_id}` where {project_id} refers to a GCP consumer project ID, {location_id} refers to a GCP region/zone, {maintenance_policy_id} must be 1-63 characters long and match the regular expression `[a-z0-9]([-a-z0-9]*[a-z0-9])?`.", + "type": "string" + }, + "state": { + "description": "Optional. The state of the policy.", + "enum": [ + "STATE_UNSPECIFIED", + "READY", + "DELETING" + ], + "enumDescriptions": [ + "Unspecified state.", + "Resource is ready to be used.", + "Resource is being deleted. It can no longer be attached to instances." + ], + "type": "string" + }, + "updatePolicy": { + "$ref": "UpdatePolicy", + "description": "Maintenance policy applicable to instance update." + }, + "updateTime": { + "description": "Output only. The time when the resource was updated.", + "format": "google-datetime", + "type": "string" + } + }, + "type": "object" + }, + "MaintenanceSchedule": { + "description": "Maintenance schedule which is exposed to customer and potentially end user, indicating published upcoming future maintenance schedule", + "id": "MaintenanceSchedule", + "properties": { + "canReschedule": { + "deprecated": true, + "description": "This field is deprecated, and will be always set to true since reschedule can happen multiple times now. This field should not be removed until all service producers remove this for their customers.", + "type": "boolean" + }, + "endTime": { + "description": "The scheduled end time for the maintenance.", + "format": "google-datetime", + "type": "string" + }, + "rolloutManagementPolicy": { + "description": "The rollout management policy this maintenance schedule is associated with. When doing reschedule update request, the reschedule should be against this given policy.", + "type": "string" + }, + "scheduleDeadlineTime": { + "description": "schedule_deadline_time is the time deadline any schedule start time cannot go beyond, including reschedule. It's normally the initial schedule start time plus maintenance window length (1 day or 1 week). Maintenance cannot be scheduled to start beyond this deadline.", + "format": "google-datetime", + "type": "string" + }, + "startTime": { + "description": "The scheduled start time for the maintenance.", + "format": "google-datetime", + "type": "string" + } + }, + "type": "object" + }, + "MaintenanceSettings": { + "description": "Maintenance settings associated with instance. Allows service producers and end users to assign settings that controls maintenance on this instance.", + "id": "MaintenanceSettings", + "properties": { + "exclude": { + "description": "Optional. Exclude instance from maintenance. When true, rollout service will not attempt maintenance on the instance. Rollout service will include the instance in reported rollout progress as not attempted.", + "type": "boolean" + }, + "isRollback": { + "description": "Optional. If the update call is triggered from rollback, set the value as true.", + "type": "boolean" + }, + "maintenancePolicies": { + "additionalProperties": { + "$ref": "MaintenancePolicy" + }, + "description": "Optional. The MaintenancePolicies that have been attached to the instance. The key must be of the type name of the oneof policy name defined in MaintenancePolicy, and the embedded policy must define the same policy type. For details, please refer to go/mr-user-guide. Should not be set if maintenance_policy_names is set. If only the name is needed, then only populate MaintenancePolicy.name.", + "type": "object" + } + }, + "type": "object" + }, + "MaintenanceWindow": { + "description": "MaintenanceWindow definition.", + "id": "MaintenanceWindow", + "properties": { + "dailyCycle": { + "$ref": "DailyCycle", + "description": "Daily cycle." + }, + "weeklyCycle": { + "$ref": "WeeklyCycle", + "description": "Weekly cycle." + } + }, + "type": "object" + }, + "NodeSloMetadata": { + "description": "Node information for custom per-node SLO implementations. SSA does not support per-node SLO, but producers can populate per-node information in SloMetadata for custom precomputations. SSA Eligibility Exporter will emit per-node metric based on this information.", + "id": "NodeSloMetadata", + "properties": { + "location": { + "description": "The location of the node, if different from instance location.", + "type": "string" + }, + "nodeId": { + "description": "The id of the node. This should be equal to SaasInstanceNode.node_id.", + "type": "string" + }, + "perSliEligibility": { + "$ref": "PerSliSloEligibility", + "description": "If present, this will override eligibility for the node coming from instance or exclusions for specified SLIs." + } + }, + "type": "object" + }, + "NotificationParameter": { + "description": "Contains notification related data.", + "id": "NotificationParameter", + "properties": { + "values": { + "description": "Optional. Array of string values. e.g. instance's replica information.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "PerSliSloEligibility": { + "description": "PerSliSloEligibility is a mapping from an SLI name to eligibility.", + "id": "PerSliSloEligibility", + "properties": { + "eligibilities": { + "additionalProperties": { + "$ref": "SloEligibility" + }, + "description": "An entry in the eligibilities map specifies an eligibility for a particular SLI for the given instance. The SLI key in the name must be a valid SLI name specified in the Eligibility Exporter binary flags otherwise an error will be emitted by Eligibility Exporter and the oncaller will be alerted. If an SLI has been defined in the binary flags but the eligibilities map does not contain it, the corresponding SLI time series will not be emitted by the Eligibility Exporter. This ensures a smooth rollout and compatibility between the data produced by different versions of the Eligibility Exporters. If eligibilities map contains a key for an SLI which has not been declared in the binary flags, there will be an error message emitted in the Eligibility Exporter log and the metric for the SLI in question will not be emitted.", + "type": "object" + } + }, + "type": "object" + }, + "ProvisionedResource": { + "description": "Describes provisioned dataplane resources.", + "id": "ProvisionedResource", + "properties": { + "resourceType": { + "description": "Type of the resource. This can be either a GCP resource or a custom one (e.g. another cloud provider's VM). For GCP compute resources use singular form of the names listed in GCP compute API documentation (https://cloud.google.com/compute/docs/reference/rest/v1/), prefixed with 'compute-', for example: 'compute-instance', 'compute-disk', 'compute-autoscaler'.", + "type": "string" + }, + "resourceUrl": { + "description": "URL identifying the resource, e.g. \"https://www.googleapis.com/compute/v1/projects/...)\".", + "type": "string" + } + }, + "type": "object" + }, "Query": { "description": "A wrapper around the SQL query statement. This is needed so that the JSON representation of ExecuteSqlQueryRequest has the following format: `{\"query\":\"select *\"}`.", "id": "Query", @@ -1902,6 +2262,110 @@ }, "type": "object" }, + "Schedule": { + "description": "Configure the schedule.", + "id": "Schedule", + "properties": { + "day": { + "description": "Allows to define schedule that runs specified day of the week.", + "enum": [ + "DAY_OF_WEEK_UNSPECIFIED", + "MONDAY", + "TUESDAY", + "WEDNESDAY", + "THURSDAY", + "FRIDAY", + "SATURDAY", + "SUNDAY" + ], + "enumDescriptions": [ + "The day of the week is unspecified.", + "Monday", + "Tuesday", + "Wednesday", + "Thursday", + "Friday", + "Saturday", + "Sunday" + ], + "type": "string" + }, + "duration": { + "description": "Output only. Duration of the time window, set by service producer.", + "format": "google-duration", + "type": "string" + }, + "startTime": { + "$ref": "TimeOfDay", + "description": "Time within the window to start the operations." + } + }, + "type": "object" + }, + "SloEligibility": { + "description": "SloEligibility is a tuple containing eligibility value: true if an instance is eligible for SLO calculation or false if it should be excluded from all SLO-related calculations along with a user-defined reason.", + "id": "SloEligibility", + "properties": { + "eligible": { + "description": "Whether an instance is eligible or ineligible.", + "type": "boolean" + }, + "reason": { + "description": "User-defined reason for the current value of instance eligibility. Usually, this can be directly mapped to the internal state. An empty reason is allowed.", + "type": "string" + } + }, + "type": "object" + }, + "SloMetadata": { + "description": "SloMetadata contains resources required for proper SLO classification of the instance.", + "id": "SloMetadata", + "properties": { + "nodes": { + "description": "Optional. List of nodes. Some producers need to use per-node metadata to calculate SLO. This field allows such producers to publish per-node SLO meta data, which will be consumed by SSA Eligibility Exporter and published in the form of per node metric to Monarch.", + "items": { + "$ref": "NodeSloMetadata" + }, + "type": "array" + }, + "perSliEligibility": { + "$ref": "PerSliSloEligibility", + "description": "Optional. Multiple per-instance SLI eligibilities which apply for individual SLIs." + }, + "tier": { + "description": "Name of the SLO tier the Instance belongs to. This name will be expected to match the tiers specified in the service SLO configuration. Field is mandatory and must not be empty.", + "type": "string" + } + }, + "type": "object" + }, + "TimeOfDay": { + "description": "Represents a time of day. The date and time zone are either not significant or are specified elsewhere. An API may choose to allow leap seconds. Related types are google.type.Date and `google.protobuf.Timestamp`.", + "id": "TimeOfDay", + "properties": { + "hours": { + "description": "Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.", + "format": "int32", + "type": "integer" + }, + "minutes": { + "description": "Minutes of hour of day. Must be from 0 to 59.", + "format": "int32", + "type": "integer" + }, + "nanos": { + "description": "Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.", + "format": "int32", + "type": "integer" + }, + "seconds": { + "description": "Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, "UpdateEntitiesWithConditionsResponse": { "description": "Response message for EntityService.UpdateEntitiesWithConditions", "id": "UpdateEntitiesWithConditionsResponse", @@ -1916,6 +2380,58 @@ } }, "type": "object" + }, + "UpdatePolicy": { + "description": "Maintenance policy applicable to instance updates.", + "id": "UpdatePolicy", + "properties": { + "channel": { + "description": "Optional. Relative scheduling channel applied to resource.", + "enum": [ + "UPDATE_CHANNEL_UNSPECIFIED", + "EARLIER", + "LATER", + "WEEK1", + "WEEK2", + "WEEK5" + ], + "enumDescriptions": [ + "Unspecified channel.", + "Early channel within a customer project.", + "Later channel within a customer project.", + "! ! The follow channels can ONLY be used if you adopt the new MW system! ! ! NOTE: all WEEK channels are assumed to be under a weekly window. ! There is currently no dedicated channel definitions for Daily windows. ! If you use Daily window, the system will assume a 1d (24Hours) advanced ! notification period b/w EARLY and LATER. ! We may consider support more flexible daily channel specifications in ! the future. WEEK1 == EARLIER with minimum 7d advanced notification. {7d, 14d} The system will treat them equally and will use WEEK1 whenever it can. New customers are encouraged to use this channel annotation.", + "WEEK2 == LATER with minimum 14d advanced notification {14d, 21d}.", + "WEEK5 == 40d support. minimum 35d advanced notification {35d, 42d}." + ], + "type": "string" + }, + "denyMaintenancePeriods": { + "description": "Deny Maintenance Period that is applied to resource to indicate when maintenance is forbidden. The protocol supports zero-to-many such periods, but the current SLM Rollout implementation only supports zero-to-one.", + "items": { + "$ref": "DenyMaintenancePeriod" + }, + "type": "array" + }, + "window": { + "$ref": "MaintenanceWindow", + "description": "Optional. Maintenance window that is applied to resources covered by this policy." + } + }, + "type": "object" + }, + "WeeklyCycle": { + "description": "Time window specified for weekly operations.", + "id": "WeeklyCycle", + "properties": { + "schedule": { + "description": "User can specify multiple windows in a week. Minimum of 1 window.", + "items": { + "$ref": "Schedule" + }, + "type": "array" + } + }, + "type": "object" } }, "servicePath": "", diff --git a/connectors/v2/connectors-gen.go b/connectors/v2/connectors-gen.go index 1be199195dc..87a2331781f 100644 --- a/connectors/v2/connectors-gen.go +++ b/connectors/v2/connectors-gen.go @@ -392,6 +392,129 @@ func (s *CheckStatusResponse) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// DailyCycle: Time window specified for daily operations. +type DailyCycle struct { + // Duration: Output only. Duration of the time window, set by service + // producer. + Duration string `json:"duration,omitempty"` + + // StartTime: Time within the day to start the operations. + StartTime *TimeOfDay `json:"startTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Duration") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Duration") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *DailyCycle) MarshalJSON() ([]byte, error) { + type NoMethod DailyCycle + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// Date: Represents a whole or partial calendar date, such as a +// birthday. The time of day and time zone are either specified +// elsewhere or are insignificant. The date is relative to the Gregorian +// Calendar. This can represent one of the following: * A full date, +// with non-zero year, month, and day values. * A month and day, with a +// zero year (for example, an anniversary). * A year on its own, with a +// zero month and a zero day. * A year and month, with a zero day (for +// example, a credit card expiration date). Related types: * +// google.type.TimeOfDay * google.type.DateTime * +// google.protobuf.Timestamp +type Date struct { + // Day: Day of a month. Must be from 1 to 31 and valid for the year and + // month, or 0 to specify a year by itself or a year and month where the + // day isn't significant. + Day int64 `json:"day,omitempty"` + + // Month: Month of a year. Must be from 1 to 12, or 0 to specify a year + // without a month and day. + Month int64 `json:"month,omitempty"` + + // Year: Year of the date. Must be from 1 to 9999, or 0 to specify a + // date without a year. + Year int64 `json:"year,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Day") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Day") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *Date) MarshalJSON() ([]byte, error) { + type NoMethod Date + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// DenyMaintenancePeriod: DenyMaintenancePeriod definition. Maintenance +// is forbidden within the deny period. The start_date must be less than +// the end_date. +type DenyMaintenancePeriod struct { + // EndDate: Deny period end date. This can be: * A full date, with + // non-zero year, month and day values. * A month and day value, with a + // zero year. Allows recurring deny periods each year. Date matching + // this period will have to be before the end. + EndDate *Date `json:"endDate,omitempty"` + + // StartDate: Deny period start date. This can be: * A full date, with + // non-zero year, month and day values. * A month and day value, with a + // zero year. Allows recurring deny periods each year. Date matching + // this period will have to be the same or after the start. + StartDate *Date `json:"startDate,omitempty"` + + // Time: Time in UTC when the Blackout period starts on start_date and + // ends on end_date. This can be: * Full time. * All zeros for 00:00:00 + // UTC + Time *TimeOfDay `json:"time,omitempty"` + + // ForceSendFields is a list of field names (e.g. "EndDate") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "EndDate") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *DenyMaintenancePeriod) MarshalJSON() ([]byte, error) { + type NoMethod DenyMaintenancePeriod + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Empty: A generic empty message that you can re-use to avoid defining // duplicated empty messages in your APIs. A typical example is to use // it as the request or the response type of an API method. For @@ -862,6 +985,155 @@ func (s *InputParameter) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// Instance: Instance represents the interface for SLM services to +// actuate the state of control plane resources. Example Instance in +// JSON, where consumer-project-number=123456, +// producer-project-id=cloud-sql: ```json Instance: { "name": +// "projects/123456/locations/us-east1/instances/prod-instance", +// "create_time": { "seconds": 1526406431, }, "labels": { "env": "prod", +// "foo": "bar" }, "state": READY, "software_versions": { +// "software_update": "cloud-sql-09-28-2018", }, +// "maintenance_policy_names": { "UpdatePolicy": +// "projects/123456/locations/us-east1/maintenancePolicies/prod-update-po +// licy", } "tenant_project_id": "cloud-sql-test-tenant", +// "producer_metadata": { "cloud-sql-tier": "basic", +// "cloud-sql-instance-size": "1G", }, "provisioned_resources": [ { +// "resource-type": "compute-instance", "resource-url": +// "https://www.googleapis.com/compute/v1/projects/cloud-sql/zones/us-eas +// t1-b/instances/vm-1", } ], "maintenance_schedules": { "csa_rollout": +// { "start_time": { "seconds": 1526406431, }, "end_time": { "seconds": +// 1535406431, }, }, "ncsa_rollout": { "start_time": { "seconds": +// 1526406431, }, "end_time": { "seconds": 1535406431, }, } }, +// "consumer_defined_name": "my-sql-instance1", } ``` LINT.IfChange +type Instance struct { + // ConsumerDefinedName: consumer_defined_name is the name of the + // instance set by the service consumers. Generally this is different + // from the `name` field which reperesents the system-assigned id of the + // instance which the service consumers do not recognize. This is a + // required field for tenants onboarding to Maintenance Window + // notifications (go/slm-rollout-maintenance-policies#prerequisites). + ConsumerDefinedName string `json:"consumerDefinedName,omitempty"` + + // CreateTime: Output only. Timestamp when the resource was created. + CreateTime string `json:"createTime,omitempty"` + + // InstanceType: Optional. The instance_type of this instance of format: + // projects/{project_number}/locations/{location_id}/instanceTypes/{insta + // nce_type_id}. Instance Type represents a high-level tier or SKU of + // the service that this instance belong to. When enabled(eg: + // Maintenance Rollout), Rollout uses 'instance_type' along with + // 'software_versions' to determine whether instance needs an update or + // not. + InstanceType string `json:"instanceType,omitempty"` + + // Labels: Optional. Resource labels to represent user provided + // metadata. Each label is a key-value pair, where both the key and the + // value are arbitrary strings provided by the user. + Labels map[string]string `json:"labels,omitempty"` + + // MaintenancePolicyNames: Optional. The MaintenancePolicies that have + // been attached to the instance. The key must be of the type name of + // the oneof policy name defined in MaintenancePolicy, and the + // referenced policy must define the same policy type. For details, + // please refer to go/mr-user-guide. Should not be set if + // maintenance_settings.maintenance_policies is set. + MaintenancePolicyNames map[string]string `json:"maintenancePolicyNames,omitempty"` + + // MaintenanceSchedules: The MaintenanceSchedule contains the scheduling + // information of published maintenance schedule with same key as + // software_versions. + MaintenanceSchedules map[string]MaintenanceSchedule `json:"maintenanceSchedules,omitempty"` + + // MaintenanceSettings: Optional. The MaintenanceSettings associated + // with instance. + MaintenanceSettings *MaintenanceSettings `json:"maintenanceSettings,omitempty"` + + // Name: Unique name of the resource. It uses the form: + // `projects/{project_number}/locations/{location_id}/instances/{instance + // _id}` Note: This name is passed, stored and logged across the rollout + // system. So use of consumer project_id or any other consumer PII in + // the name is strongly discouraged for wipeout (go/wipeout) compliance. + // See go/elysium/project_ids#storage-guidance for more details. + Name string `json:"name,omitempty"` + + // NotificationParameters: Optional. notification_parameter are + // information that service producers may like to include that is not + // relevant to Rollout. This parameter will only be passed to Gamma and + // Cloud Logging for notification/logging purpose. + NotificationParameters map[string]NotificationParameter `json:"notificationParameters,omitempty"` + + // ProducerMetadata: Output only. Custom string attributes used + // primarily to expose producer-specific information in monitoring + // dashboards. See go/get-instance-metadata. + ProducerMetadata map[string]string `json:"producerMetadata,omitempty"` + + // ProvisionedResources: Output only. The list of data plane resources + // provisioned for this instance, e.g. compute VMs. See + // go/get-instance-metadata. + ProvisionedResources []*ProvisionedResource `json:"provisionedResources,omitempty"` + + // SlmInstanceTemplate: Link to the SLM instance template. Only + // populated when updating SLM instances via SSA's Actuation service + // adaptor. Service producers with custom control plane (e.g. Cloud SQL) + // doesn't need to populate this field. Instead they should use + // software_versions. + SlmInstanceTemplate string `json:"slmInstanceTemplate,omitempty"` + + // SloMetadata: Output only. SLO metadata for instance classification in + // the Standardized dataplane SLO platform. See + // go/cloud-ssa-standard-slo for feature description. + SloMetadata *SloMetadata `json:"sloMetadata,omitempty"` + + // SoftwareVersions: Software versions that are used to deploy this + // instance. This can be mutated by rollout services. + SoftwareVersions map[string]string `json:"softwareVersions,omitempty"` + + // State: Output only. Current lifecycle state of the resource (e.g. if + // it's being created or ready to use). + // + // Possible values: + // "STATE_UNSPECIFIED" - Unspecified state. + // "CREATING" - Instance is being created. + // "READY" - Instance has been created and is ready to use. + // "UPDATING" - Instance is being updated. + // "REPAIRING" - Instance is unheathy and under repair. + // "DELETING" - Instance is being deleted. + // "ERROR" - Instance encountered an error and is in indeterministic + // state. + State string `json:"state,omitempty"` + + // TenantProjectId: Output only. ID of the associated GCP tenant + // project. See go/get-instance-metadata. + TenantProjectId string `json:"tenantProjectId,omitempty"` + + // UpdateTime: Output only. Timestamp when the resource was last + // modified. + UpdateTime string `json:"updateTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "ConsumerDefinedName") + // to unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "ConsumerDefinedName") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *Instance) MarshalJSON() ([]byte, error) { + type NoMethod Instance + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // JsonSchema: JsonSchema representation of schema metadata type JsonSchema struct { // AdditionalDetails: Additional details apart from standard json schema @@ -1087,6 +1359,345 @@ func (s *ListEntityTypesResponse) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// MaintenancePolicy: LINT.IfChange Defines policies to service +// maintenance events. +type MaintenancePolicy struct { + // CreateTime: Output only. The time when the resource was created. + CreateTime string `json:"createTime,omitempty"` + + // Description: Optional. Description of what this policy is for. + // Create/Update methods return INVALID_ARGUMENT if the length is + // greater than 512. + Description string `json:"description,omitempty"` + + // Labels: Optional. Resource labels to represent user provided + // metadata. Each label is a key-value pair, where both the key and the + // value are arbitrary strings provided by the user. + Labels map[string]string `json:"labels,omitempty"` + + // Name: Required. MaintenancePolicy name using the form: + // `projects/{project_id}/locations/{location_id}/maintenancePolicies/{ma + // intenance_policy_id}` where {project_id} refers to a GCP consumer + // project ID, {location_id} refers to a GCP region/zone, + // {maintenance_policy_id} must be 1-63 characters long and match the + // regular expression `[a-z0-9]([-a-z0-9]*[a-z0-9])?`. + Name string `json:"name,omitempty"` + + // State: Optional. The state of the policy. + // + // Possible values: + // "STATE_UNSPECIFIED" - Unspecified state. + // "READY" - Resource is ready to be used. + // "DELETING" - Resource is being deleted. It can no longer be + // attached to instances. + State string `json:"state,omitempty"` + + // UpdatePolicy: Maintenance policy applicable to instance update. + UpdatePolicy *UpdatePolicy `json:"updatePolicy,omitempty"` + + // UpdateTime: Output only. The time when the resource was updated. + UpdateTime string `json:"updateTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CreateTime") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CreateTime") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *MaintenancePolicy) MarshalJSON() ([]byte, error) { + type NoMethod MaintenancePolicy + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// MaintenanceSchedule: Maintenance schedule which is exposed to +// customer and potentially end user, indicating published upcoming +// future maintenance schedule +type MaintenanceSchedule struct { + // CanReschedule: This field is deprecated, and will be always set to + // true since reschedule can happen multiple times now. This field + // should not be removed until all service producers remove this for + // their customers. + CanReschedule bool `json:"canReschedule,omitempty"` + + // EndTime: The scheduled end time for the maintenance. + EndTime string `json:"endTime,omitempty"` + + // RolloutManagementPolicy: The rollout management policy this + // maintenance schedule is associated with. When doing reschedule update + // request, the reschedule should be against this given policy. + RolloutManagementPolicy string `json:"rolloutManagementPolicy,omitempty"` + + // ScheduleDeadlineTime: schedule_deadline_time is the time deadline any + // schedule start time cannot go beyond, including reschedule. It's + // normally the initial schedule start time plus maintenance window + // length (1 day or 1 week). Maintenance cannot be scheduled to start + // beyond this deadline. + ScheduleDeadlineTime string `json:"scheduleDeadlineTime,omitempty"` + + // StartTime: The scheduled start time for the maintenance. + StartTime string `json:"startTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "CanReschedule") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "CanReschedule") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *MaintenanceSchedule) MarshalJSON() ([]byte, error) { + type NoMethod MaintenanceSchedule + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// MaintenanceSettings: Maintenance settings associated with instance. +// Allows service producers and end users to assign settings that +// controls maintenance on this instance. +type MaintenanceSettings struct { + // Exclude: Optional. Exclude instance from maintenance. When true, + // rollout service will not attempt maintenance on the instance. Rollout + // service will include the instance in reported rollout progress as not + // attempted. + Exclude bool `json:"exclude,omitempty"` + + // IsRollback: Optional. If the update call is triggered from rollback, + // set the value as true. + IsRollback bool `json:"isRollback,omitempty"` + + // MaintenancePolicies: Optional. The MaintenancePolicies that have been + // attached to the instance. The key must be of the type name of the + // oneof policy name defined in MaintenancePolicy, and the embedded + // policy must define the same policy type. For details, please refer to + // go/mr-user-guide. Should not be set if maintenance_policy_names is + // set. If only the name is needed, then only populate + // MaintenancePolicy.name. + MaintenancePolicies map[string]MaintenancePolicy `json:"maintenancePolicies,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Exclude") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Exclude") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *MaintenanceSettings) MarshalJSON() ([]byte, error) { + type NoMethod MaintenanceSettings + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// MaintenanceWindow: MaintenanceWindow definition. +type MaintenanceWindow struct { + // DailyCycle: Daily cycle. + DailyCycle *DailyCycle `json:"dailyCycle,omitempty"` + + // WeeklyCycle: Weekly cycle. + WeeklyCycle *WeeklyCycle `json:"weeklyCycle,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DailyCycle") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DailyCycle") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *MaintenanceWindow) MarshalJSON() ([]byte, error) { + type NoMethod MaintenanceWindow + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// NodeSloMetadata: Node information for custom per-node SLO +// implementations. SSA does not support per-node SLO, but producers can +// populate per-node information in SloMetadata for custom +// precomputations. SSA Eligibility Exporter will emit per-node metric +// based on this information. +type NodeSloMetadata struct { + // Location: The location of the node, if different from instance + // location. + Location string `json:"location,omitempty"` + + // NodeId: The id of the node. This should be equal to + // SaasInstanceNode.node_id. + NodeId string `json:"nodeId,omitempty"` + + // PerSliEligibility: If present, this will override eligibility for the + // node coming from instance or exclusions for specified SLIs. + PerSliEligibility *PerSliSloEligibility `json:"perSliEligibility,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Location") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Location") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *NodeSloMetadata) MarshalJSON() ([]byte, error) { + type NoMethod NodeSloMetadata + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// NotificationParameter: Contains notification related data. +type NotificationParameter struct { + // Values: Optional. Array of string values. e.g. instance's replica + // information. + Values []string `json:"values,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Values") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Values") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *NotificationParameter) MarshalJSON() ([]byte, error) { + type NoMethod NotificationParameter + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// PerSliSloEligibility: PerSliSloEligibility is a mapping from an SLI +// name to eligibility. +type PerSliSloEligibility struct { + // Eligibilities: An entry in the eligibilities map specifies an + // eligibility for a particular SLI for the given instance. The SLI key + // in the name must be a valid SLI name specified in the Eligibility + // Exporter binary flags otherwise an error will be emitted by + // Eligibility Exporter and the oncaller will be alerted. If an SLI has + // been defined in the binary flags but the eligibilities map does not + // contain it, the corresponding SLI time series will not be emitted by + // the Eligibility Exporter. This ensures a smooth rollout and + // compatibility between the data produced by different versions of the + // Eligibility Exporters. If eligibilities map contains a key for an SLI + // which has not been declared in the binary flags, there will be an + // error message emitted in the Eligibility Exporter log and the metric + // for the SLI in question will not be emitted. + Eligibilities map[string]SloEligibility `json:"eligibilities,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Eligibilities") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Eligibilities") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *PerSliSloEligibility) MarshalJSON() ([]byte, error) { + type NoMethod PerSliSloEligibility + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// ProvisionedResource: Describes provisioned dataplane resources. +type ProvisionedResource struct { + // ResourceType: Type of the resource. This can be either a GCP resource + // or a custom one (e.g. another cloud provider's VM). For GCP compute + // resources use singular form of the names listed in GCP compute API + // documentation + // (https://cloud.google.com/compute/docs/reference/rest/v1/), prefixed + // with 'compute-', for example: 'compute-instance', 'compute-disk', + // 'compute-autoscaler'. + ResourceType string `json:"resourceType,omitempty"` + + // ResourceUrl: URL identifying the resource, e.g. + // "https://www.googleapis.com/compute/v1/projects/...)". + ResourceUrl string `json:"resourceUrl,omitempty"` + + // ForceSendFields is a list of field names (e.g. "ResourceType") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "ResourceType") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *ProvisionedResource) MarshalJSON() ([]byte, error) { + type NoMethod ProvisionedResource + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // Query: A wrapper around the SQL query statement. This is needed so // that the JSON representation of ExecuteSqlQueryRequest has the // following format: `{"query":"select *"}`. @@ -1359,6 +1970,173 @@ func (s *ResultMetadata) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// Schedule: Configure the schedule. +type Schedule struct { + // Day: Allows to define schedule that runs specified day of the week. + // + // Possible values: + // "DAY_OF_WEEK_UNSPECIFIED" - The day of the week is unspecified. + // "MONDAY" - Monday + // "TUESDAY" - Tuesday + // "WEDNESDAY" - Wednesday + // "THURSDAY" - Thursday + // "FRIDAY" - Friday + // "SATURDAY" - Saturday + // "SUNDAY" - Sunday + Day string `json:"day,omitempty"` + + // Duration: Output only. Duration of the time window, set by service + // producer. + Duration string `json:"duration,omitempty"` + + // StartTime: Time within the window to start the operations. + StartTime *TimeOfDay `json:"startTime,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Day") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Day") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *Schedule) MarshalJSON() ([]byte, error) { + type NoMethod Schedule + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// SloEligibility: SloEligibility is a tuple containing eligibility +// value: true if an instance is eligible for SLO calculation or false +// if it should be excluded from all SLO-related calculations along with +// a user-defined reason. +type SloEligibility struct { + // Eligible: Whether an instance is eligible or ineligible. + Eligible bool `json:"eligible,omitempty"` + + // Reason: User-defined reason for the current value of instance + // eligibility. Usually, this can be directly mapped to the internal + // state. An empty reason is allowed. + Reason string `json:"reason,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Eligible") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Eligible") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *SloEligibility) MarshalJSON() ([]byte, error) { + type NoMethod SloEligibility + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// SloMetadata: SloMetadata contains resources required for proper SLO +// classification of the instance. +type SloMetadata struct { + // Nodes: Optional. List of nodes. Some producers need to use per-node + // metadata to calculate SLO. This field allows such producers to + // publish per-node SLO meta data, which will be consumed by SSA + // Eligibility Exporter and published in the form of per node metric to + // Monarch. + Nodes []*NodeSloMetadata `json:"nodes,omitempty"` + + // PerSliEligibility: Optional. Multiple per-instance SLI eligibilities + // which apply for individual SLIs. + PerSliEligibility *PerSliSloEligibility `json:"perSliEligibility,omitempty"` + + // Tier: Name of the SLO tier the Instance belongs to. This name will be + // expected to match the tiers specified in the service SLO + // configuration. Field is mandatory and must not be empty. + Tier string `json:"tier,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Nodes") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Nodes") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *SloMetadata) MarshalJSON() ([]byte, error) { + type NoMethod SloMetadata + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// TimeOfDay: Represents a time of day. The date and time zone are +// either not significant or are specified elsewhere. An API may choose +// to allow leap seconds. Related types are google.type.Date and +// `google.protobuf.Timestamp`. +type TimeOfDay struct { + // Hours: Hours of day in 24 hour format. Should be from 0 to 23. An API + // may choose to allow the value "24:00:00" for scenarios like business + // closing time. + Hours int64 `json:"hours,omitempty"` + + // Minutes: Minutes of hour of day. Must be from 0 to 59. + Minutes int64 `json:"minutes,omitempty"` + + // Nanos: Fractions of seconds in nanoseconds. Must be from 0 to + // 999,999,999. + Nanos int64 `json:"nanos,omitempty"` + + // Seconds: Seconds of minutes of the time. Must normally be from 0 to + // 59. An API may allow the value 60 if it allows leap-seconds. + Seconds int64 `json:"seconds,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Hours") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Hours") to include in API + // requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *TimeOfDay) MarshalJSON() ([]byte, error) { + type NoMethod TimeOfDay + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // UpdateEntitiesWithConditionsResponse: Response message for // EntityService.UpdateEntitiesWithConditions type UpdateEntitiesWithConditionsResponse struct { @@ -1392,6 +2170,92 @@ func (s *UpdateEntitiesWithConditionsResponse) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// UpdatePolicy: Maintenance policy applicable to instance updates. +type UpdatePolicy struct { + // Channel: Optional. Relative scheduling channel applied to resource. + // + // Possible values: + // "UPDATE_CHANNEL_UNSPECIFIED" - Unspecified channel. + // "EARLIER" - Early channel within a customer project. + // "LATER" - Later channel within a customer project. + // "WEEK1" - ! ! The follow channels can ONLY be used if you adopt the + // new MW system! ! ! NOTE: all WEEK channels are assumed to be under a + // weekly window. ! There is currently no dedicated channel definitions + // for Daily windows. ! If you use Daily window, the system will assume + // a 1d (24Hours) advanced ! notification period b/w EARLY and LATER. ! + // We may consider support more flexible daily channel specifications in + // ! the future. WEEK1 == EARLIER with minimum 7d advanced notification. + // {7d, 14d} The system will treat them equally and will use WEEK1 + // whenever it can. New customers are encouraged to use this channel + // annotation. + // "WEEK2" - WEEK2 == LATER with minimum 14d advanced notification + // {14d, 21d}. + // "WEEK5" - WEEK5 == 40d support. minimum 35d advanced notification + // {35d, 42d}. + Channel string `json:"channel,omitempty"` + + // DenyMaintenancePeriods: Deny Maintenance Period that is applied to + // resource to indicate when maintenance is forbidden. The protocol + // supports zero-to-many such periods, but the current SLM Rollout + // implementation only supports zero-to-one. + DenyMaintenancePeriods []*DenyMaintenancePeriod `json:"denyMaintenancePeriods,omitempty"` + + // Window: Optional. Maintenance window that is applied to resources + // covered by this policy. + Window *MaintenanceWindow `json:"window,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Channel") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Channel") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *UpdatePolicy) MarshalJSON() ([]byte, error) { + type NoMethod UpdatePolicy + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +// WeeklyCycle: Time window specified for weekly operations. +type WeeklyCycle struct { + // Schedule: User can specify multiple windows in a week. Minimum of 1 + // window. + Schedule []*Schedule `json:"schedule,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Schedule") to + // unconditionally include in API requests. By default, fields with + // empty or default values are omitted from API requests. However, any + // non-pointer, non-interface field appearing in ForceSendFields will be + // sent to the server regardless of whether the field is empty or not. + // This may be used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Schedule") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *WeeklyCycle) MarshalJSON() ([]byte, error) { + type NoMethod WeeklyCycle + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // method id "connectors.projects.locations.connections.checkReadiness": type ProjectsLocationsConnectionsCheckReadinessCall struct { diff --git a/datamigration/v1beta1/datamigration-api.json b/datamigration/v1beta1/datamigration-api.json index 7befd082b74..6465350056d 100644 --- a/datamigration/v1beta1/datamigration-api.json +++ b/datamigration/v1beta1/datamigration-api.json @@ -1049,7 +1049,7 @@ } } }, - "revision": "20231011", + "revision": "20231214", "rootUrl": "https://datamigration.googleapis.com/", "schemas": { "AuditConfig": { @@ -1109,7 +1109,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/datamigration/v1beta1/datamigration-gen.go b/datamigration/v1beta1/datamigration-gen.go index 36e7cd919b0..9deb1ac8626 100644 --- a/datamigration/v1beta1/datamigration-gen.go +++ b/datamigration/v1beta1/datamigration-gen.go @@ -337,11 +337,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -353,7 +376,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/deploymentmanager/v2/deploymentmanager-api.json b/deploymentmanager/v2/deploymentmanager-api.json index e266ad0d066..cd7337183e9 100644 --- a/deploymentmanager/v2/deploymentmanager-api.json +++ b/deploymentmanager/v2/deploymentmanager-api.json @@ -988,7 +988,7 @@ } } }, - "revision": "20230921", + "revision": "20231214", "rootUrl": "https://deploymentmanager.googleapis.com/", "schemas": { "AuditConfig": { @@ -1048,7 +1048,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/deploymentmanager/v2/deploymentmanager-gen.go b/deploymentmanager/v2/deploymentmanager-gen.go index 48c7637f0b1..ba3c1c8b520 100644 --- a/deploymentmanager/v2/deploymentmanager-gen.go +++ b/deploymentmanager/v2/deploymentmanager-gen.go @@ -357,11 +357,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -373,7 +396,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/iap/v1beta1/iap-api.json b/iap/v1beta1/iap-api.json index 451bab73f53..a8725027255 100644 --- a/iap/v1beta1/iap-api.json +++ b/iap/v1beta1/iap-api.json @@ -194,7 +194,7 @@ } } }, - "revision": "20230901", + "revision": "20231215", "rootUrl": "https://iap.googleapis.com/", "schemas": { "Binding": { @@ -206,7 +206,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/iap/v1beta1/iap-gen.go b/iap/v1beta1/iap-gen.go index b0eaa653d8f..2a79dfc7d9b 100644 --- a/iap/v1beta1/iap-gen.go +++ b/iap/v1beta1/iap-gen.go @@ -192,11 +192,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -208,7 +231,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/metastore/v1/metastore-api.json b/metastore/v1/metastore-api.json index b8d4864a528..fc4b179238e 100644 --- a/metastore/v1/metastore-api.json +++ b/metastore/v1/metastore-api.json @@ -1367,7 +1367,7 @@ } } }, - "revision": "20231205", + "revision": "20231214", "rootUrl": "https://metastore.googleapis.com/", "schemas": { "AlterMetadataResourceLocationRequest": { @@ -1580,7 +1580,7 @@ "description": "The condition that is associated with this binding.If the condition evaluates to true, then this binding applies to the current request.If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. members can have the following values: allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. members can have the following values: allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}: A single identity in a workforce identity pool. principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}: All workforce identities in a group. principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}: All workforce identities with a specific attribute value. principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*: All identities in a workforce identity pool. principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}: A single identity in a workload identity pool. principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}: A workload identity pool group. principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}: All identities in a workload identity pool with a certain attribute. principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*: All identities in a workload identity pool. deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding. deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}: Deleted single identity in a workforce identity pool. For example, deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value.", "items": { "type": "string" }, diff --git a/metastore/v1/metastore-gen.go b/metastore/v1/metastore-gen.go index 685af6422c8..b441b481b19 100644 --- a/metastore/v1/metastore-gen.go +++ b/metastore/v1/metastore-gen.go @@ -593,7 +593,30 @@ type Binding struct { // group:{emailid}: An email address that represents a Google group. For // example, admins@example.com. domain:{domain}: The G Suite domain // (primary) that represents all the users of that domain. For example, - // google.com or example.com. deleted:user:{emailid}?uid={uniqueid}: An + // google.com or example.com. + // principal://iam.googleapis.com/locations/global/workforcePools/{pool_i + // d}/subject/{subject_attribute_value}: A single identity in a + // workforce identity pool. + // principalSet://iam.googleapis.com/locations/global/workforcePools/{poo + // l_id}/group/{group_id}: All workforce identities in a group. + // principalSet://iam.googleapis.com/locations/global/workforcePools/{poo + // l_id}/attribute.{attribute_name}/{attribute_value}: All workforce + // identities with a specific attribute value. + // principalSet://iam.googleapis.com/locations/global/workforcePools/{poo + // l_id}/*: All identities in a workforce identity pool. + // principal://iam.googleapis.com/projects/{project_number}/locations/glo + // bal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}: + // A single identity in a workload identity pool. + // principalSet://iam.googleapis.com/projects/{project_number}/locations/ + // global/workloadIdentityPools/{pool_id}/group/{group_id}: A workload + // identity pool group. + // principalSet://iam.googleapis.com/projects/{project_number}/locations/ + // global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{att + // ribute_value}: All identities in a workload identity pool with a + // certain attribute. + // principalSet://iam.googleapis.com/projects/{project_number}/locations/ + // global/workloadIdentityPools/{pool_id}/*: All identities in a + // workload identity pool. deleted:user:{emailid}?uid={uniqueid}: An // email address (plus unique identifier) representing a user that has // been recently deleted. For example, // alice@example.com?uid=123456789012345678901. If the user is @@ -611,6 +634,11 @@ type Binding struct { // admins@example.com?uid=123456789012345678901. If the group is // recovered, this value reverts to group:{emailid} and the recovered // group retains the role in the binding. + // deleted:principal://iam.googleapis.com/locations/global/workforcePools + // /{pool_id}/subject/{subject_attribute_value}: Deleted single identity + // in a workforce identity pool. For example, + // deleted:principal://iam.googleapis.com/locations/global/workforcePools + // /my-pool-id/subject/my-subject-attribute-value. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of members, or principals. diff --git a/metastore/v1alpha/metastore-api.json b/metastore/v1alpha/metastore-api.json index a9ed229d9e1..367fab76d99 100644 --- a/metastore/v1alpha/metastore-api.json +++ b/metastore/v1alpha/metastore-api.json @@ -1607,7 +1607,7 @@ } } }, - "revision": "20231205", + "revision": "20231214", "rootUrl": "https://metastore.googleapis.com/", "schemas": { "AlterMetadataResourceLocationRequest": { @@ -1822,7 +1822,7 @@ "description": "The condition that is associated with this binding.If the condition evaluates to true, then this binding applies to the current request.If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. members can have the following values: allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. members can have the following values: allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}: A single identity in a workforce identity pool. principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}: All workforce identities in a group. principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}: All workforce identities with a specific attribute value. principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*: All identities in a workforce identity pool. principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}: A single identity in a workload identity pool. principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}: A workload identity pool group. principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}: All identities in a workload identity pool with a certain attribute. principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*: All identities in a workload identity pool. deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding. deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}: Deleted single identity in a workforce identity pool. For example, deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value.", "items": { "type": "string" }, diff --git a/metastore/v1alpha/metastore-gen.go b/metastore/v1alpha/metastore-gen.go index c6916410a9e..1256b2e43cb 100644 --- a/metastore/v1alpha/metastore-gen.go +++ b/metastore/v1alpha/metastore-gen.go @@ -618,7 +618,30 @@ type Binding struct { // group:{emailid}: An email address that represents a Google group. For // example, admins@example.com. domain:{domain}: The G Suite domain // (primary) that represents all the users of that domain. For example, - // google.com or example.com. deleted:user:{emailid}?uid={uniqueid}: An + // google.com or example.com. + // principal://iam.googleapis.com/locations/global/workforcePools/{pool_i + // d}/subject/{subject_attribute_value}: A single identity in a + // workforce identity pool. + // principalSet://iam.googleapis.com/locations/global/workforcePools/{poo + // l_id}/group/{group_id}: All workforce identities in a group. + // principalSet://iam.googleapis.com/locations/global/workforcePools/{poo + // l_id}/attribute.{attribute_name}/{attribute_value}: All workforce + // identities with a specific attribute value. + // principalSet://iam.googleapis.com/locations/global/workforcePools/{poo + // l_id}/*: All identities in a workforce identity pool. + // principal://iam.googleapis.com/projects/{project_number}/locations/glo + // bal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}: + // A single identity in a workload identity pool. + // principalSet://iam.googleapis.com/projects/{project_number}/locations/ + // global/workloadIdentityPools/{pool_id}/group/{group_id}: A workload + // identity pool group. + // principalSet://iam.googleapis.com/projects/{project_number}/locations/ + // global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{att + // ribute_value}: All identities in a workload identity pool with a + // certain attribute. + // principalSet://iam.googleapis.com/projects/{project_number}/locations/ + // global/workloadIdentityPools/{pool_id}/*: All identities in a + // workload identity pool. deleted:user:{emailid}?uid={uniqueid}: An // email address (plus unique identifier) representing a user that has // been recently deleted. For example, // alice@example.com?uid=123456789012345678901. If the user is @@ -636,6 +659,11 @@ type Binding struct { // admins@example.com?uid=123456789012345678901. If the group is // recovered, this value reverts to group:{emailid} and the recovered // group retains the role in the binding. + // deleted:principal://iam.googleapis.com/locations/global/workforcePools + // /{pool_id}/subject/{subject_attribute_value}: Deleted single identity + // in a workforce identity pool. For example, + // deleted:principal://iam.googleapis.com/locations/global/workforcePools + // /my-pool-id/subject/my-subject-attribute-value. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of members, or principals. diff --git a/metastore/v1beta/metastore-api.json b/metastore/v1beta/metastore-api.json index 1a4c279e9be..49fa308168d 100644 --- a/metastore/v1beta/metastore-api.json +++ b/metastore/v1beta/metastore-api.json @@ -1607,7 +1607,7 @@ } } }, - "revision": "20231205", + "revision": "20231214", "rootUrl": "https://metastore.googleapis.com/", "schemas": { "AlterMetadataResourceLocationRequest": { @@ -1822,7 +1822,7 @@ "description": "The condition that is associated with this binding.If the condition evaluates to true, then this binding applies to the current request.If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding.To learn which resources support conditions in their IAM policies, see the IAM documentation (https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. members can have the following values: allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. members can have the following values: allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account (https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}: A single identity in a workforce identity pool. principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}: All workforce identities in a group. principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}: All workforce identities with a specific attribute value. principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*: All identities in a workforce identity pool. principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}: A single identity in a workload identity pool. principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}: A workload identity pool group. principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}: All identities in a workload identity pool with a certain attribute. principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*: All identities in a workload identity pool. deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding. deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}: Deleted single identity in a workforce identity pool. For example, deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value.", "items": { "type": "string" }, diff --git a/metastore/v1beta/metastore-gen.go b/metastore/v1beta/metastore-gen.go index abba5a3242c..d64aa18af50 100644 --- a/metastore/v1beta/metastore-gen.go +++ b/metastore/v1beta/metastore-gen.go @@ -618,7 +618,30 @@ type Binding struct { // group:{emailid}: An email address that represents a Google group. For // example, admins@example.com. domain:{domain}: The G Suite domain // (primary) that represents all the users of that domain. For example, - // google.com or example.com. deleted:user:{emailid}?uid={uniqueid}: An + // google.com or example.com. + // principal://iam.googleapis.com/locations/global/workforcePools/{pool_i + // d}/subject/{subject_attribute_value}: A single identity in a + // workforce identity pool. + // principalSet://iam.googleapis.com/locations/global/workforcePools/{poo + // l_id}/group/{group_id}: All workforce identities in a group. + // principalSet://iam.googleapis.com/locations/global/workforcePools/{poo + // l_id}/attribute.{attribute_name}/{attribute_value}: All workforce + // identities with a specific attribute value. + // principalSet://iam.googleapis.com/locations/global/workforcePools/{poo + // l_id}/*: All identities in a workforce identity pool. + // principal://iam.googleapis.com/projects/{project_number}/locations/glo + // bal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}: + // A single identity in a workload identity pool. + // principalSet://iam.googleapis.com/projects/{project_number}/locations/ + // global/workloadIdentityPools/{pool_id}/group/{group_id}: A workload + // identity pool group. + // principalSet://iam.googleapis.com/projects/{project_number}/locations/ + // global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{att + // ribute_value}: All identities in a workload identity pool with a + // certain attribute. + // principalSet://iam.googleapis.com/projects/{project_number}/locations/ + // global/workloadIdentityPools/{pool_id}/*: All identities in a + // workload identity pool. deleted:user:{emailid}?uid={uniqueid}: An // email address (plus unique identifier) representing a user that has // been recently deleted. For example, // alice@example.com?uid=123456789012345678901. If the user is @@ -636,6 +659,11 @@ type Binding struct { // admins@example.com?uid=123456789012345678901. If the group is // recovered, this value reverts to group:{emailid} and the recovered // group retains the role in the binding. + // deleted:principal://iam.googleapis.com/locations/global/workforcePools + // /{pool_id}/subject/{subject_attribute_value}: Deleted single identity + // in a workforce identity pool. For example, + // deleted:principal://iam.googleapis.com/locations/global/workforcePools + // /my-pool-id/subject/my-subject-attribute-value. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of members, or principals. diff --git a/notebooks/v1/notebooks-api.json b/notebooks/v1/notebooks-api.json index 1e46816451f..d8233e53d0b 100644 --- a/notebooks/v1/notebooks-api.json +++ b/notebooks/v1/notebooks-api.json @@ -2008,7 +2008,7 @@ } } }, - "revision": "20231019", + "revision": "20231213", "rootUrl": "https://notebooks.googleapis.com/", "schemas": { "AcceleratorConfig": { @@ -2066,7 +2066,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/notebooks/v1/notebooks-gen.go b/notebooks/v1/notebooks-gen.go index 0211b6b432b..43d04c02867 100644 --- a/notebooks/v1/notebooks-gen.go +++ b/notebooks/v1/notebooks-gen.go @@ -329,11 +329,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -345,7 +368,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/notebooks/v2/notebooks-api.json b/notebooks/v2/notebooks-api.json index e8b84acbe69..7283d4962a9 100644 --- a/notebooks/v2/notebooks-api.json +++ b/notebooks/v2/notebooks-api.json @@ -848,7 +848,7 @@ } } }, - "revision": "20231203", + "revision": "20231213", "rootUrl": "https://notebooks.googleapis.com/", "schemas": { "AcceleratorConfig": { @@ -902,7 +902,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/notebooks/v2/notebooks-gen.go b/notebooks/v2/notebooks-gen.go index 0368c309933..169eb66bda0 100644 --- a/notebooks/v2/notebooks-gen.go +++ b/notebooks/v2/notebooks-gen.go @@ -280,11 +280,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -296,7 +319,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/pubsub/v1/pubsub-api.json b/pubsub/v1/pubsub-api.json index ec1d3181985..4e215cce112 100644 --- a/pubsub/v1/pubsub-api.json +++ b/pubsub/v1/pubsub-api.json @@ -1573,7 +1573,7 @@ } } }, - "revision": "20231205", + "revision": "20231212", "rootUrl": "https://pubsub.googleapis.com/", "schemas": { "AcknowledgeRequest": { @@ -1658,7 +1658,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/pubsub/v1/pubsub-gen.go b/pubsub/v1/pubsub-gen.go index 4015ce22a0d..9122dc290c4 100644 --- a/pubsub/v1/pubsub-gen.go +++ b/pubsub/v1/pubsub-gen.go @@ -419,11 +419,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -435,7 +458,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/pubsub/v1beta2/pubsub-api.json b/pubsub/v1beta2/pubsub-api.json index 2fc7e7b28c3..f0b9575dca9 100644 --- a/pubsub/v1beta2/pubsub-api.json +++ b/pubsub/v1beta2/pubsub-api.json @@ -731,7 +731,7 @@ } } }, - "revision": "20230830", + "revision": "20231212", "rootUrl": "https://pubsub.googleapis.com/", "schemas": { "AcknowledgeRequest": { @@ -757,7 +757,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/pubsub/v1beta2/pubsub-gen.go b/pubsub/v1beta2/pubsub-gen.go index 14969d296ec..7aaf03e094e 100644 --- a/pubsub/v1beta2/pubsub-gen.go +++ b/pubsub/v1beta2/pubsub-gen.go @@ -269,11 +269,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -285,7 +308,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/secretmanager/v1/secretmanager-api.json b/secretmanager/v1/secretmanager-api.json index a4bc8f7e308..3295621600b 100644 --- a/secretmanager/v1/secretmanager-api.json +++ b/secretmanager/v1/secretmanager-api.json @@ -643,7 +643,7 @@ } } }, - "revision": "20230804", + "revision": "20231215", "rootUrl": "https://secretmanager.googleapis.com/", "schemas": { "AccessSecretVersionResponse": { @@ -752,7 +752,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/secretmanager/v1/secretmanager-gen.go b/secretmanager/v1/secretmanager-gen.go index fc91a7ea2d1..2865f57245e 100644 --- a/secretmanager/v1/secretmanager-gen.go +++ b/secretmanager/v1/secretmanager-gen.go @@ -461,11 +461,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -477,7 +500,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/secretmanager/v1beta1/secretmanager-api.json b/secretmanager/v1beta1/secretmanager-api.json index d25aa4a2d98..90a74a18fa0 100644 --- a/secretmanager/v1beta1/secretmanager-api.json +++ b/secretmanager/v1beta1/secretmanager-api.json @@ -628,7 +628,7 @@ } } }, - "revision": "20230804", + "revision": "20231215", "rootUrl": "https://secretmanager.googleapis.com/", "schemas": { "AccessSecretVersionResponse": { @@ -720,7 +720,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/secretmanager/v1beta1/secretmanager-gen.go b/secretmanager/v1beta1/secretmanager-gen.go index f81afcb8fa1..374b14f5ed9 100644 --- a/secretmanager/v1beta1/secretmanager-gen.go +++ b/secretmanager/v1beta1/secretmanager-gen.go @@ -396,11 +396,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -412,7 +435,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/sourcerepo/v1/sourcerepo-api.json b/sourcerepo/v1/sourcerepo-api.json index e1f7acd0b9d..c896620fca3 100644 --- a/sourcerepo/v1/sourcerepo-api.json +++ b/sourcerepo/v1/sourcerepo-api.json @@ -450,7 +450,7 @@ } } }, - "revision": "20230806", + "revision": "20231218", "rootUrl": "https://sourcerepo.googleapis.com/", "schemas": { "AuditConfig": { @@ -510,7 +510,7 @@ "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { - "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.", + "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, diff --git a/sourcerepo/v1/sourcerepo-gen.go b/sourcerepo/v1/sourcerepo-gen.go index 71a93372bec..d054282c599 100644 --- a/sourcerepo/v1/sourcerepo-gen.go +++ b/sourcerepo/v1/sourcerepo-gen.go @@ -318,11 +318,34 @@ type Binding struct { // For example, `admins@example.com`. * `domain:{domain}`: The G Suite // domain (primary) that represents all the users of that domain. For // example, `google.com` or `example.com`. * - // `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus - // unique identifier) representing a user that has been recently - // deleted. For example, `alice@example.com?uid=123456789012345678901`. - // If the user is recovered, this value reverts to `user:{emailid}` and - // the recovered user retains the role in the binding. * + // `principal://iam.googleapis.com/locations/global/workforcePools/{pool_ + // id}/subject/{subject_attribute_value}`: A single identity in a + // workforce identity pool. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/group/{group_id}`: All workforce identities in a group. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/attribute.{attribute_name}/{attribute_value}`: All workforce + // identities with a specific attribute value. * + // `principalSet://iam.googleapis.com/locations/global/workforcePools/{po + // ol_id}/*`: All identities in a workforce identity pool. * + // `principal://iam.googleapis.com/projects/{project_number}/locations/gl + // obal/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value} + // `: A single identity in a workload identity pool. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload + // identity pool group. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{at + // tribute_value}`: All identities in a workload identity pool with a + // certain attribute. * + // `principalSet://iam.googleapis.com/projects/{project_number}/locations + // /global/workloadIdentityPools/{pool_id}/*`: All identities in a + // workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An + // email address (plus unique identifier) representing a user that has + // been recently deleted. For example, + // `alice@example.com?uid=123456789012345678901`. If the user is + // recovered, this value reverts to `user:{emailid}` and the recovered + // user retains the role in the binding. * // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address // (plus unique identifier) representing a service account that has been // recently deleted. For example, @@ -334,7 +357,12 @@ type Binding struct { // that has been recently deleted. For example, // `admins@example.com?uid=123456789012345678901`. If the group is // recovered, this value reverts to `group:{emailid}` and the recovered - // group retains the role in the binding. + // group retains the role in the binding. * + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/{pool_id}/subject/{subject_attribute_value}`: Deleted single + // identity in a workforce identity pool. For example, + // `deleted:principal://iam.googleapis.com/locations/global/workforcePool + // s/my-pool-id/subject/my-subject-attribute-value`. Members []string `json:"members,omitempty"` // Role: Role that is assigned to the list of `members`, or principals. diff --git a/vision/v1/vision-api.json b/vision/v1/vision-api.json index cd1bee7b8fb..59618b9cf36 100644 --- a/vision/v1/vision-api.json +++ b/vision/v1/vision-api.json @@ -1282,7 +1282,7 @@ } } }, - "revision": "20231206", + "revision": "20231219", "rootUrl": "https://vision.googleapis.com/", "schemas": { "AddProductToProductSetRequest": { @@ -3343,7 +3343,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", @@ -4757,7 +4757,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", @@ -6249,7 +6249,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", @@ -7808,7 +7808,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", @@ -9085,7 +9085,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", diff --git a/vision/v1/vision-gen.go b/vision/v1/vision-gen.go index 2b321c12b13..145f6355639 100644 --- a/vision/v1/vision-gen.go +++ b/vision/v1/vision-gen.go @@ -3684,6 +3684,8 @@ type GoogleCloudVisionV1p1beta1SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. @@ -5984,6 +5986,8 @@ type GoogleCloudVisionV1p2beta1SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. @@ -8420,6 +8424,8 @@ type GoogleCloudVisionV1p3beta1SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. @@ -11005,6 +11011,8 @@ type GoogleCloudVisionV1p4beta1SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. @@ -13403,6 +13411,8 @@ type SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. diff --git a/vision/v1p1beta1/vision-api.json b/vision/v1p1beta1/vision-api.json index 6b5801839ea..ed138c80eee 100644 --- a/vision/v1p1beta1/vision-api.json +++ b/vision/v1p1beta1/vision-api.json @@ -449,7 +449,7 @@ } } }, - "revision": "20231206", + "revision": "20231219", "rootUrl": "https://vision.googleapis.com/", "schemas": { "AnnotateFileResponse": { @@ -2607,7 +2607,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", @@ -4051,7 +4051,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", @@ -5543,7 +5543,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", @@ -7102,7 +7102,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", @@ -8078,7 +8078,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", diff --git a/vision/v1p1beta1/vision-gen.go b/vision/v1p1beta1/vision-gen.go index fd05abdbec8..a2f57e916b8 100644 --- a/vision/v1p1beta1/vision-gen.go +++ b/vision/v1p1beta1/vision-gen.go @@ -3790,6 +3790,8 @@ type GoogleCloudVisionV1p1beta1SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. @@ -6161,6 +6163,8 @@ type GoogleCloudVisionV1p2beta1SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. @@ -8597,6 +8601,8 @@ type GoogleCloudVisionV1p3beta1SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. @@ -11182,6 +11188,8 @@ type GoogleCloudVisionV1p4beta1SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. @@ -12885,6 +12893,8 @@ type SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. diff --git a/vision/v1p2beta1/vision-api.json b/vision/v1p2beta1/vision-api.json index 2ea3c44255e..fd09813177e 100644 --- a/vision/v1p2beta1/vision-api.json +++ b/vision/v1p2beta1/vision-api.json @@ -449,7 +449,7 @@ } } }, - "revision": "20231206", + "revision": "20231219", "rootUrl": "https://vision.googleapis.com/", "schemas": { "AnnotateFileResponse": { @@ -2226,7 +2226,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", @@ -4021,7 +4021,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", @@ -5543,7 +5543,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", @@ -7102,7 +7102,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", @@ -8078,7 +8078,7 @@ "type": "string" }, "violence": { - "description": "Likelihood that this image contains violent content.", + "description": "Likelihood that this image contains violent content. Violent content may include death, serious harm, or injury to individuals or groups of individuals.", "enum": [ "UNKNOWN", "VERY_UNLIKELY", diff --git a/vision/v1p2beta1/vision-gen.go b/vision/v1p2beta1/vision-gen.go index 24e158b108e..ae6acfc48c0 100644 --- a/vision/v1p2beta1/vision-gen.go +++ b/vision/v1p2beta1/vision-gen.go @@ -3070,6 +3070,8 @@ type GoogleCloudVisionV1p1beta1SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. @@ -6090,6 +6092,8 @@ type GoogleCloudVisionV1p2beta1SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. @@ -8597,6 +8601,8 @@ type GoogleCloudVisionV1p3beta1SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. @@ -11182,6 +11188,8 @@ type GoogleCloudVisionV1p4beta1SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood. @@ -12885,6 +12893,8 @@ type SafeSearchAnnotation struct { Spoof string `json:"spoof,omitempty"` // Violence: Likelihood that this image contains violent content. + // Violent content may include death, serious harm, or injury to + // individuals or groups of individuals. // // Possible values: // "UNKNOWN" - Unknown likelihood.