1// Copyright 2021 Google LLC. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5// Code generated file. DO NOT EDIT. 6 7// Package cloudasset provides access to the Cloud Asset API. 8// 9// For product documentation, see: https://cloud.google.com/asset-inventory/docs/quickstart 10// 11// Creating a client 12// 13// Usage example: 14// 15// import "google.golang.org/api/cloudasset/v1p5beta1" 16// ... 17// ctx := context.Background() 18// cloudassetService, err := cloudasset.NewService(ctx) 19// 20// In this example, Google Application Default Credentials are used for authentication. 21// 22// For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. 23// 24// Other authentication options 25// 26// To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey: 27// 28// cloudassetService, err := cloudasset.NewService(ctx, option.WithAPIKey("AIza...")) 29// 30// To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource: 31// 32// config := &oauth2.Config{...} 33// // ... 34// token, err := config.Exchange(ctx, ...) 35// cloudassetService, err := cloudasset.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) 36// 37// See https://godoc.org/google.golang.org/api/option/ for details on options. 38package cloudasset // import "google.golang.org/api/cloudasset/v1p5beta1" 39 40import ( 41 "bytes" 42 "context" 43 "encoding/json" 44 "errors" 45 "fmt" 46 "io" 47 "net/http" 48 "net/url" 49 "strconv" 50 "strings" 51 52 googleapi "google.golang.org/api/googleapi" 53 gensupport "google.golang.org/api/internal/gensupport" 54 option "google.golang.org/api/option" 55 internaloption "google.golang.org/api/option/internaloption" 56 htransport "google.golang.org/api/transport/http" 57) 58 59// Always reference these packages, just in case the auto-generated code 60// below doesn't. 61var _ = bytes.NewBuffer 62var _ = strconv.Itoa 63var _ = fmt.Sprintf 64var _ = json.NewDecoder 65var _ = io.Copy 66var _ = url.Parse 67var _ = gensupport.MarshalJSON 68var _ = googleapi.Version 69var _ = errors.New 70var _ = strings.Replace 71var _ = context.Canceled 72var _ = internaloption.WithDefaultEndpoint 73 74const apiId = "cloudasset:v1p5beta1" 75const apiName = "cloudasset" 76const apiVersion = "v1p5beta1" 77const basePath = "https://cloudasset.googleapis.com/" 78const mtlsBasePath = "https://cloudasset.mtls.googleapis.com/" 79 80// OAuth2 scopes used by this API. 81const ( 82 // See, edit, configure, and delete your Google Cloud data and see the 83 // email address for your Google Account. 84 CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" 85) 86 87// NewService creates a new Service. 88func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { 89 scopesOption := option.WithScopes( 90 "https://www.googleapis.com/auth/cloud-platform", 91 ) 92 // NOTE: prepend, so we don't override user-specified scopes. 93 opts = append([]option.ClientOption{scopesOption}, opts...) 94 opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) 95 opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) 96 client, endpoint, err := htransport.NewClient(ctx, opts...) 97 if err != nil { 98 return nil, err 99 } 100 s, err := New(client) 101 if err != nil { 102 return nil, err 103 } 104 if endpoint != "" { 105 s.BasePath = endpoint 106 } 107 return s, nil 108} 109 110// New creates a new Service. It uses the provided http.Client for requests. 111// 112// Deprecated: please use NewService instead. 113// To provide a custom HTTP client, use option.WithHTTPClient. 114// If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. 115func New(client *http.Client) (*Service, error) { 116 if client == nil { 117 return nil, errors.New("client is nil") 118 } 119 s := &Service{client: client, BasePath: basePath} 120 s.Assets = NewAssetsService(s) 121 return s, nil 122} 123 124type Service struct { 125 client *http.Client 126 BasePath string // API endpoint base URL 127 UserAgent string // optional additional User-Agent fragment 128 129 Assets *AssetsService 130} 131 132func (s *Service) userAgent() string { 133 if s.UserAgent == "" { 134 return googleapi.UserAgent 135 } 136 return googleapi.UserAgent + " " + s.UserAgent 137} 138 139func NewAssetsService(s *Service) *AssetsService { 140 rs := &AssetsService{s: s} 141 return rs 142} 143 144type AssetsService struct { 145 s *Service 146} 147 148// AnalyzeIamPolicyLongrunningMetadata: Represents the metadata of the 149// longrunning operation for the AnalyzeIamPolicyLongrunning rpc. 150type AnalyzeIamPolicyLongrunningMetadata struct { 151 // CreateTime: Output only. The time the operation was created. 152 CreateTime string `json:"createTime,omitempty"` 153 154 // ForceSendFields is a list of field names (e.g. "CreateTime") to 155 // unconditionally include in API requests. By default, fields with 156 // empty or default values are omitted from API requests. However, any 157 // non-pointer, non-interface field appearing in ForceSendFields will be 158 // sent to the server regardless of whether the field is empty or not. 159 // This may be used to include empty fields in Patch requests. 160 ForceSendFields []string `json:"-"` 161 162 // NullFields is a list of field names (e.g. "CreateTime") to include in 163 // API requests with the JSON null value. By default, fields with empty 164 // values are omitted from API requests. However, any field with an 165 // empty value appearing in NullFields will be sent to the server as 166 // null. It is an error if a field in this list has a non-empty value. 167 // This may be used to include null fields in Patch requests. 168 NullFields []string `json:"-"` 169} 170 171func (s *AnalyzeIamPolicyLongrunningMetadata) MarshalJSON() ([]byte, error) { 172 type NoMethod AnalyzeIamPolicyLongrunningMetadata 173 raw := NoMethod(*s) 174 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 175} 176 177// AnalyzeIamPolicyLongrunningResponse: A response message for 178// AssetService.AnalyzeIamPolicyLongrunning. 179type AnalyzeIamPolicyLongrunningResponse struct { 180} 181 182// Asset: An asset in Google Cloud. An asset can be any resource in the 183// Google Cloud resource hierarchy 184// (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 185// a resource outside the Google Cloud resource hierarchy (such as 186// Google Kubernetes Engine clusters and objects), or a policy (e.g. 187// Cloud IAM policy). See Supported asset types 188// (https://cloud.google.com/asset-inventory/docs/supported-asset-types) 189// for more information. 190type Asset struct { 191 // AccessLevel: Please also refer to the access level user guide 192 // (https://cloud.google.com/access-context-manager/docs/overview#access-levels). 193 AccessLevel *GoogleIdentityAccesscontextmanagerV1AccessLevel `json:"accessLevel,omitempty"` 194 195 // AccessPolicy: Please also refer to the access policy user guide 196 // (https://cloud.google.com/access-context-manager/docs/overview#access-policies). 197 AccessPolicy *GoogleIdentityAccesscontextmanagerV1AccessPolicy `json:"accessPolicy,omitempty"` 198 199 // Ancestors: The ancestry path of an asset in Google Cloud resource 200 // hierarchy 201 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 202 // represented as a list of relative resource names. An ancestry path 203 // starts with the closest ancestor in the hierarchy and ends at root. 204 // If the asset is a project, folder, or organization, the ancestry path 205 // starts from the asset itself. Example: `["projects/123456789", 206 // "folders/5432", "organizations/1234"]` 207 Ancestors []string `json:"ancestors,omitempty"` 208 209 // AssetType: The type of the asset. Example: 210 // `compute.googleapis.com/Disk` See Supported asset types 211 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) 212 // for more information. 213 AssetType string `json:"assetType,omitempty"` 214 215 // IamPolicy: A representation of the Cloud IAM policy set on a Google 216 // Cloud resource. There can be a maximum of one Cloud IAM policy set on 217 // any given resource. In addition, Cloud IAM policies inherit their 218 // granted access scope from any policies set on parent resources in the 219 // resource hierarchy. Therefore, the effectively policy is the union of 220 // both the policy set on this resource and each policy set on all of 221 // the resource's ancestry resource levels in the hierarchy. See this 222 // topic (https://cloud.google.com/iam/docs/policies#inheritance) for 223 // more information. 224 IamPolicy *Policy `json:"iamPolicy,omitempty"` 225 226 // Name: The full name of the asset. Example: 227 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instance 228 // s/instance1` See Resource names 229 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) 230 // for more information. 231 Name string `json:"name,omitempty"` 232 233 // OrgPolicy: A representation of an organization policy 234 // (https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). 235 // There can be more than one organization policy with different 236 // constraints set on a given resource. 237 OrgPolicy []*GoogleCloudOrgpolicyV1Policy `json:"orgPolicy,omitempty"` 238 239 // Resource: A representation of the resource. 240 Resource *Resource `json:"resource,omitempty"` 241 242 // ServicePerimeter: Please also refer to the service perimeter user 243 // guide (https://cloud.google.com/vpc-service-controls/docs/overview). 244 ServicePerimeter *GoogleIdentityAccesscontextmanagerV1ServicePerimeter `json:"servicePerimeter,omitempty"` 245 246 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 247 // unconditionally include in API requests. By default, fields with 248 // empty or default values are omitted from API requests. However, any 249 // non-pointer, non-interface field appearing in ForceSendFields will be 250 // sent to the server regardless of whether the field is empty or not. 251 // This may be used to include empty fields in Patch requests. 252 ForceSendFields []string `json:"-"` 253 254 // NullFields is a list of field names (e.g. "AccessLevel") to include 255 // in API requests with the JSON null value. By default, fields with 256 // empty values are omitted from API requests. However, any field with 257 // an empty value appearing in NullFields will be sent to the server as 258 // null. It is an error if a field in this list has a non-empty value. 259 // This may be used to include null fields in Patch requests. 260 NullFields []string `json:"-"` 261} 262 263func (s *Asset) MarshalJSON() ([]byte, error) { 264 type NoMethod Asset 265 raw := NoMethod(*s) 266 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 267} 268 269// AuditConfig: Specifies the audit configuration for a service. The 270// configuration determines which permission types are logged, and what 271// identities, if any, are exempted from logging. An AuditConfig must 272// have one or more AuditLogConfigs. If there are AuditConfigs for both 273// `allServices` and a specific service, the union of the two 274// AuditConfigs is used for that service: the log_types specified in 275// each AuditConfig are enabled, and the exempted_members in each 276// AuditLogConfig are exempted. Example Policy with multiple 277// AuditConfigs: { "audit_configs": [ { "service": "allServices", 278// "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": 279// [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { 280// "log_type": "ADMIN_READ" } ] }, { "service": 281// "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": 282// "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ 283// "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy 284// enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts 285// jose@example.com from DATA_READ logging, and aliya@example.com from 286// DATA_WRITE logging. 287type AuditConfig struct { 288 // AuditLogConfigs: The configuration for logging of each type of 289 // permission. 290 AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"` 291 292 // Service: Specifies a service that will be enabled for audit logging. 293 // For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 294 // `allServices` is a special value that covers all services. 295 Service string `json:"service,omitempty"` 296 297 // ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to 298 // unconditionally include in API requests. By default, fields with 299 // empty or default values are omitted from API requests. However, any 300 // non-pointer, non-interface field appearing in ForceSendFields will be 301 // sent to the server regardless of whether the field is empty or not. 302 // This may be used to include empty fields in Patch requests. 303 ForceSendFields []string `json:"-"` 304 305 // NullFields is a list of field names (e.g. "AuditLogConfigs") to 306 // include in API requests with the JSON null value. By default, fields 307 // with empty values are omitted from API requests. However, any field 308 // with an empty value appearing in NullFields will be sent to the 309 // server as null. It is an error if a field in this list has a 310 // non-empty value. This may be used to include null fields in Patch 311 // requests. 312 NullFields []string `json:"-"` 313} 314 315func (s *AuditConfig) MarshalJSON() ([]byte, error) { 316 type NoMethod AuditConfig 317 raw := NoMethod(*s) 318 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 319} 320 321// AuditLogConfig: Provides the configuration for logging a type of 322// permissions. Example: { "audit_log_configs": [ { "log_type": 323// "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { 324// "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 325// 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ 326// logging. 327type AuditLogConfig struct { 328 // ExemptedMembers: Specifies the identities that do not cause logging 329 // for this type of permission. Follows the same format of 330 // Binding.members. 331 ExemptedMembers []string `json:"exemptedMembers,omitempty"` 332 333 // LogType: The log type that this config enables. 334 // 335 // Possible values: 336 // "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this. 337 // "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy 338 // "DATA_WRITE" - Data writes. Example: CloudSQL Users create 339 // "DATA_READ" - Data reads. Example: CloudSQL Users list 340 LogType string `json:"logType,omitempty"` 341 342 // ForceSendFields is a list of field names (e.g. "ExemptedMembers") to 343 // unconditionally include in API requests. By default, fields with 344 // empty or default values are omitted from API requests. However, any 345 // non-pointer, non-interface field appearing in ForceSendFields will be 346 // sent to the server regardless of whether the field is empty or not. 347 // This may be used to include empty fields in Patch requests. 348 ForceSendFields []string `json:"-"` 349 350 // NullFields is a list of field names (e.g. "ExemptedMembers") to 351 // include in API requests with the JSON null value. By default, fields 352 // with empty values are omitted from API requests. However, any field 353 // with an empty value appearing in NullFields will be sent to the 354 // server as null. It is an error if a field in this list has a 355 // non-empty value. This may be used to include null fields in Patch 356 // requests. 357 NullFields []string `json:"-"` 358} 359 360func (s *AuditLogConfig) MarshalJSON() ([]byte, error) { 361 type NoMethod AuditLogConfig 362 raw := NoMethod(*s) 363 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 364} 365 366// Binding: Associates `members` with a `role`. 367type Binding struct { 368 // Condition: The condition that is associated with this binding. If the 369 // condition evaluates to `true`, then this binding applies to the 370 // current request. If the condition evaluates to `false`, then this 371 // binding does not apply to the current request. However, a different 372 // role binding might grant the same role to one or more of the members 373 // in this binding. To learn which resources support conditions in their 374 // IAM policies, see the IAM documentation 375 // (https://cloud.google.com/iam/help/conditions/resource-policies). 376 Condition *Expr `json:"condition,omitempty"` 377 378 // Members: Specifies the identities requesting access for a Cloud 379 // Platform resource. `members` can have the following values: * 380 // `allUsers`: A special identifier that represents anyone who is on the 381 // internet; with or without a Google account. * 382 // `allAuthenticatedUsers`: A special identifier that represents anyone 383 // who is authenticated with a Google account or a service account. * 384 // `user:{emailid}`: An email address that represents a specific Google 385 // account. For example, `alice@example.com` . * 386 // `serviceAccount:{emailid}`: An email address that represents a 387 // service account. For example, 388 // `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An 389 // email address that represents a Google group. For example, 390 // `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An 391 // email address (plus unique identifier) representing a user that has 392 // been recently deleted. For example, 393 // `alice@example.com?uid=123456789012345678901`. If the user is 394 // recovered, this value reverts to `user:{emailid}` and the recovered 395 // user retains the role in the binding. * 396 // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address 397 // (plus unique identifier) representing a service account that has been 398 // recently deleted. For example, 399 // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. 400 // If the service account is undeleted, this value reverts to 401 // `serviceAccount:{emailid}` and the undeleted service account retains 402 // the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: 403 // An email address (plus unique identifier) representing a Google group 404 // that has been recently deleted. For example, 405 // `admins@example.com?uid=123456789012345678901`. If the group is 406 // recovered, this value reverts to `group:{emailid}` and the recovered 407 // group retains the role in the binding. * `domain:{domain}`: The G 408 // Suite domain (primary) that represents all the users of that domain. 409 // For example, `google.com` or `example.com`. 410 Members []string `json:"members,omitempty"` 411 412 // Role: Role that is assigned to `members`. For example, 413 // `roles/viewer`, `roles/editor`, or `roles/owner`. 414 Role string `json:"role,omitempty"` 415 416 // ForceSendFields is a list of field names (e.g. "Condition") to 417 // unconditionally include in API requests. By default, fields with 418 // empty or default values are omitted from API requests. However, any 419 // non-pointer, non-interface field appearing in ForceSendFields will be 420 // sent to the server regardless of whether the field is empty or not. 421 // This may be used to include empty fields in Patch requests. 422 ForceSendFields []string `json:"-"` 423 424 // NullFields is a list of field names (e.g. "Condition") to include in 425 // API requests with the JSON null value. By default, fields with empty 426 // values are omitted from API requests. However, any field with an 427 // empty value appearing in NullFields will be sent to the server as 428 // null. It is an error if a field in this list has a non-empty value. 429 // This may be used to include null fields in Patch requests. 430 NullFields []string `json:"-"` 431} 432 433func (s *Binding) MarshalJSON() ([]byte, error) { 434 type NoMethod Binding 435 raw := NoMethod(*s) 436 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 437} 438 439// Expr: Represents a textual expression in the Common Expression 440// Language (CEL) syntax. CEL is a C-like expression language. The 441// syntax and semantics of CEL are documented at 442// https://github.com/google/cel-spec. Example (Comparison): title: 443// "Summary size limit" description: "Determines if a summary is less 444// than 100 chars" expression: "document.summary.size() < 100" Example 445// (Equality): title: "Requestor is owner" description: "Determines if 446// requestor is the document owner" expression: "document.owner == 447// request.auth.claims.email" Example (Logic): title: "Public documents" 448// description: "Determine whether the document should be publicly 449// visible" expression: "document.type != 'private' && document.type != 450// 'internal'" Example (Data Manipulation): title: "Notification string" 451// description: "Create a notification string with a timestamp." 452// expression: "'New message received at ' + 453// string(document.create_time)" The exact variables and functions that 454// may be referenced within an expression are determined by the service 455// that evaluates it. See the service documentation for additional 456// information. 457type Expr struct { 458 // Description: Optional. Description of the expression. This is a 459 // longer text which describes the expression, e.g. when hovered over it 460 // in a UI. 461 Description string `json:"description,omitempty"` 462 463 // Expression: Textual representation of an expression in Common 464 // Expression Language syntax. 465 Expression string `json:"expression,omitempty"` 466 467 // Location: Optional. String indicating the location of the expression 468 // for error reporting, e.g. a file name and a position in the file. 469 Location string `json:"location,omitempty"` 470 471 // Title: Optional. Title for the expression, i.e. a short string 472 // describing its purpose. This can be used e.g. in UIs which allow to 473 // enter the expression. 474 Title string `json:"title,omitempty"` 475 476 // ForceSendFields is a list of field names (e.g. "Description") to 477 // unconditionally include in API requests. By default, fields with 478 // empty or default values are omitted from API requests. However, any 479 // non-pointer, non-interface field appearing in ForceSendFields will be 480 // sent to the server regardless of whether the field is empty or not. 481 // This may be used to include empty fields in Patch requests. 482 ForceSendFields []string `json:"-"` 483 484 // NullFields is a list of field names (e.g. "Description") to include 485 // in API requests with the JSON null value. By default, fields with 486 // empty values are omitted from API requests. However, any field with 487 // an empty value appearing in NullFields will be sent to the server as 488 // null. It is an error if a field in this list has a non-empty value. 489 // This may be used to include null fields in Patch requests. 490 NullFields []string `json:"-"` 491} 492 493func (s *Expr) MarshalJSON() ([]byte, error) { 494 type NoMethod Expr 495 raw := NoMethod(*s) 496 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 497} 498 499// GoogleCloudAssetV1p7beta1Asset: An asset in Google Cloud. An asset 500// can be any resource in the Google Cloud resource hierarchy 501// (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 502// a resource outside the Google Cloud resource hierarchy (such as 503// Google Kubernetes Engine clusters and objects), or a policy (e.g. 504// Cloud IAM policy). See Supported asset types 505// (https://cloud.google.com/asset-inventory/docs/supported-asset-types) 506// for more information. 507type GoogleCloudAssetV1p7beta1Asset struct { 508 // AccessLevel: Please also refer to the access level user guide 509 // (https://cloud.google.com/access-context-manager/docs/overview#access-levels). 510 AccessLevel *GoogleIdentityAccesscontextmanagerV1AccessLevel `json:"accessLevel,omitempty"` 511 512 // AccessPolicy: Please also refer to the access policy user guide 513 // (https://cloud.google.com/access-context-manager/docs/overview#access-policies). 514 AccessPolicy *GoogleIdentityAccesscontextmanagerV1AccessPolicy `json:"accessPolicy,omitempty"` 515 516 // Ancestors: The ancestry path of an asset in Google Cloud resource 517 // hierarchy 518 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 519 // represented as a list of relative resource names. An ancestry path 520 // starts with the closest ancestor in the hierarchy and ends at root. 521 // If the asset is a project, folder, or organization, the ancestry path 522 // starts from the asset itself. Example: `["projects/123456789", 523 // "folders/5432", "organizations/1234"]` 524 Ancestors []string `json:"ancestors,omitempty"` 525 526 // AssetType: The type of the asset. Example: 527 // `compute.googleapis.com/Disk` See Supported asset types 528 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) 529 // for more information. 530 AssetType string `json:"assetType,omitempty"` 531 532 // IamPolicy: A representation of the Cloud IAM policy set on a Google 533 // Cloud resource. There can be a maximum of one Cloud IAM policy set on 534 // any given resource. In addition, Cloud IAM policies inherit their 535 // granted access scope from any policies set on parent resources in the 536 // resource hierarchy. Therefore, the effectively policy is the union of 537 // both the policy set on this resource and each policy set on all of 538 // the resource's ancestry resource levels in the hierarchy. See this 539 // topic (https://cloud.google.com/iam/docs/policies#inheritance) for 540 // more information. 541 IamPolicy *Policy `json:"iamPolicy,omitempty"` 542 543 // Name: The full name of the asset. Example: 544 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instance 545 // s/instance1` See Resource names 546 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) 547 // for more information. 548 Name string `json:"name,omitempty"` 549 550 // OrgPolicy: A representation of an organization policy 551 // (https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). 552 // There can be more than one organization policy with different 553 // constraints set on a given resource. 554 OrgPolicy []*GoogleCloudOrgpolicyV1Policy `json:"orgPolicy,omitempty"` 555 556 // RelatedAssets: The related assets of the asset of one relationship 557 // type. One asset only represents one type of relationship. 558 RelatedAssets *GoogleCloudAssetV1p7beta1RelatedAssets `json:"relatedAssets,omitempty"` 559 560 // Resource: A representation of the resource. 561 Resource *GoogleCloudAssetV1p7beta1Resource `json:"resource,omitempty"` 562 563 // ServicePerimeter: Please also refer to the service perimeter user 564 // guide (https://cloud.google.com/vpc-service-controls/docs/overview). 565 ServicePerimeter *GoogleIdentityAccesscontextmanagerV1ServicePerimeter `json:"servicePerimeter,omitempty"` 566 567 // UpdateTime: The last update timestamp of an asset. update_time is 568 // updated when create/update/delete operation is performed. 569 UpdateTime string `json:"updateTime,omitempty"` 570 571 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 572 // unconditionally include in API requests. By default, fields with 573 // empty or default values are omitted from API requests. However, any 574 // non-pointer, non-interface field appearing in ForceSendFields will be 575 // sent to the server regardless of whether the field is empty or not. 576 // This may be used to include empty fields in Patch requests. 577 ForceSendFields []string `json:"-"` 578 579 // NullFields is a list of field names (e.g. "AccessLevel") to include 580 // in API requests with the JSON null value. By default, fields with 581 // empty values are omitted from API requests. However, any field with 582 // an empty value appearing in NullFields will be sent to the server as 583 // null. It is an error if a field in this list has a non-empty value. 584 // This may be used to include null fields in Patch requests. 585 NullFields []string `json:"-"` 586} 587 588func (s *GoogleCloudAssetV1p7beta1Asset) MarshalJSON() ([]byte, error) { 589 type NoMethod GoogleCloudAssetV1p7beta1Asset 590 raw := NoMethod(*s) 591 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 592} 593 594// GoogleCloudAssetV1p7beta1RelatedAsset: An asset identify in Google 595// Cloud which contains its name, type and ancestors. An asset can be 596// any resource in the Google Cloud resource hierarchy 597// (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 598// a resource outside the Google Cloud resource hierarchy (such as 599// Google Kubernetes Engine clusters and objects), or a policy (e.g. 600// Cloud IAM policy). See Supported asset types 601// (https://cloud.google.com/asset-inventory/docs/supported-asset-types) 602// for more information. 603type GoogleCloudAssetV1p7beta1RelatedAsset struct { 604 // Ancestors: The ancestors of an asset in Google Cloud resource 605 // hierarchy 606 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 607 // represented as a list of relative resource names. An ancestry path 608 // starts with the closest ancestor in the hierarchy and ends at root. 609 // Example: `["projects/123456789", "folders/5432", 610 // "organizations/1234"]` 611 Ancestors []string `json:"ancestors,omitempty"` 612 613 // Asset: The full name of the asset. Example: 614 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instance 615 // s/instance1` See Resource names 616 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) 617 // for more information. 618 Asset string `json:"asset,omitempty"` 619 620 // AssetType: The type of the asset. Example: 621 // `compute.googleapis.com/Disk` See Supported asset types 622 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) 623 // for more information. 624 AssetType string `json:"assetType,omitempty"` 625 626 // ForceSendFields is a list of field names (e.g. "Ancestors") to 627 // unconditionally include in API requests. By default, fields with 628 // empty or default values are omitted from API requests. However, any 629 // non-pointer, non-interface field appearing in ForceSendFields will be 630 // sent to the server regardless of whether the field is empty or not. 631 // This may be used to include empty fields in Patch requests. 632 ForceSendFields []string `json:"-"` 633 634 // NullFields is a list of field names (e.g. "Ancestors") to include in 635 // API requests with the JSON null value. By default, fields with empty 636 // values are omitted from API requests. However, any field with an 637 // empty value appearing in NullFields will be sent to the server as 638 // null. It is an error if a field in this list has a non-empty value. 639 // This may be used to include null fields in Patch requests. 640 NullFields []string `json:"-"` 641} 642 643func (s *GoogleCloudAssetV1p7beta1RelatedAsset) MarshalJSON() ([]byte, error) { 644 type NoMethod GoogleCloudAssetV1p7beta1RelatedAsset 645 raw := NoMethod(*s) 646 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 647} 648 649// GoogleCloudAssetV1p7beta1RelatedAssets: The detailed related assets 650// with the `relationship_type`. 651type GoogleCloudAssetV1p7beta1RelatedAssets struct { 652 // Assets: The peer resources of the relationship. 653 Assets []*GoogleCloudAssetV1p7beta1RelatedAsset `json:"assets,omitempty"` 654 655 // RelationshipAttributes: The detailed relation attributes. 656 RelationshipAttributes *GoogleCloudAssetV1p7beta1RelationshipAttributes `json:"relationshipAttributes,omitempty"` 657 658 // ForceSendFields is a list of field names (e.g. "Assets") to 659 // unconditionally include in API requests. By default, fields with 660 // empty or default values are omitted from API requests. However, any 661 // non-pointer, non-interface field appearing in ForceSendFields will be 662 // sent to the server regardless of whether the field is empty or not. 663 // This may be used to include empty fields in Patch requests. 664 ForceSendFields []string `json:"-"` 665 666 // NullFields is a list of field names (e.g. "Assets") to include in API 667 // requests with the JSON null value. By default, fields with empty 668 // values are omitted from API requests. However, any field with an 669 // empty value appearing in NullFields will be sent to the server as 670 // null. It is an error if a field in this list has a non-empty value. 671 // This may be used to include null fields in Patch requests. 672 NullFields []string `json:"-"` 673} 674 675func (s *GoogleCloudAssetV1p7beta1RelatedAssets) MarshalJSON() ([]byte, error) { 676 type NoMethod GoogleCloudAssetV1p7beta1RelatedAssets 677 raw := NoMethod(*s) 678 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 679} 680 681// GoogleCloudAssetV1p7beta1RelationshipAttributes: The relationship 682// attributes which include `type`, `source_resource_type`, 683// `target_resource_type` and `action`. 684type GoogleCloudAssetV1p7beta1RelationshipAttributes struct { 685 // Action: The detail of the relationship, e.g. `contains`, `attaches` 686 Action string `json:"action,omitempty"` 687 688 // SourceResourceType: The source asset type. Example: 689 // `compute.googleapis.com/Instance` 690 SourceResourceType string `json:"sourceResourceType,omitempty"` 691 692 // TargetResourceType: The target asset type. Example: 693 // `compute.googleapis.com/Disk` 694 TargetResourceType string `json:"targetResourceType,omitempty"` 695 696 // Type: The unique identifier of the relationship type. Example: 697 // `INSTANCE_TO_INSTANCEGROUP` 698 Type string `json:"type,omitempty"` 699 700 // ForceSendFields is a list of field names (e.g. "Action") to 701 // unconditionally include in API requests. By default, fields with 702 // empty or default values are omitted from API requests. However, any 703 // non-pointer, non-interface field appearing in ForceSendFields will be 704 // sent to the server regardless of whether the field is empty or not. 705 // This may be used to include empty fields in Patch requests. 706 ForceSendFields []string `json:"-"` 707 708 // NullFields is a list of field names (e.g. "Action") to include in API 709 // requests with the JSON null value. By default, fields with empty 710 // values are omitted from API requests. However, any field with an 711 // empty value appearing in NullFields will be sent to the server as 712 // null. It is an error if a field in this list has a non-empty value. 713 // This may be used to include null fields in Patch requests. 714 NullFields []string `json:"-"` 715} 716 717func (s *GoogleCloudAssetV1p7beta1RelationshipAttributes) MarshalJSON() ([]byte, error) { 718 type NoMethod GoogleCloudAssetV1p7beta1RelationshipAttributes 719 raw := NoMethod(*s) 720 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 721} 722 723// GoogleCloudAssetV1p7beta1Resource: A representation of a Google Cloud 724// resource. 725type GoogleCloudAssetV1p7beta1Resource struct { 726 // Data: The content of the resource, in which some sensitive fields are 727 // removed and may not be present. 728 Data googleapi.RawMessage `json:"data,omitempty"` 729 730 // DiscoveryDocumentUri: The URL of the discovery document containing 731 // the resource's JSON schema. Example: 732 // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This 733 // value is unspecified for resources that do not have an API based on a 734 // discovery document, such as Cloud Bigtable. 735 DiscoveryDocumentUri string `json:"discoveryDocumentUri,omitempty"` 736 737 // DiscoveryName: The JSON schema name listed in the discovery document. 738 // Example: `Project` This value is unspecified for resources that do 739 // not have an API based on a discovery document, such as Cloud 740 // Bigtable. 741 DiscoveryName string `json:"discoveryName,omitempty"` 742 743 // Location: The location of the resource in Google Cloud, such as its 744 // zone and region. For more information, see 745 // https://cloud.google.com/about/locations/. 746 Location string `json:"location,omitempty"` 747 748 // Parent: The full name of the immediate parent of this resource. See 749 // Resource Names 750 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) 751 // for more information. For Google Cloud assets, this value is the 752 // parent resource defined in the Cloud IAM policy hierarchy 753 // (https://cloud.google.com/iam/docs/overview#policy_hierarchy). 754 // Example: 755 // `//cloudresourcemanager.googleapis.com/projects/my_project_123` For 756 // third-party assets, this field may be set differently. 757 Parent string `json:"parent,omitempty"` 758 759 // ResourceUrl: The REST URL for accessing the resource. An HTTP `GET` 760 // request using this URL returns the resource itself. Example: 761 // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-12 762 // 3` This value is unspecified for resources without a REST API. 763 ResourceUrl string `json:"resourceUrl,omitempty"` 764 765 // Version: The API version. Example: `v1` 766 Version string `json:"version,omitempty"` 767 768 // ForceSendFields is a list of field names (e.g. "Data") to 769 // unconditionally include in API requests. By default, fields with 770 // empty or default values are omitted from API requests. However, any 771 // non-pointer, non-interface field appearing in ForceSendFields will be 772 // sent to the server regardless of whether the field is empty or not. 773 // This may be used to include empty fields in Patch requests. 774 ForceSendFields []string `json:"-"` 775 776 // NullFields is a list of field names (e.g. "Data") to include in API 777 // requests with the JSON null value. By default, fields with empty 778 // values are omitted from API requests. However, any field with an 779 // empty value appearing in NullFields will be sent to the server as 780 // null. It is an error if a field in this list has a non-empty value. 781 // This may be used to include null fields in Patch requests. 782 NullFields []string `json:"-"` 783} 784 785func (s *GoogleCloudAssetV1p7beta1Resource) MarshalJSON() ([]byte, error) { 786 type NoMethod GoogleCloudAssetV1p7beta1Resource 787 raw := NoMethod(*s) 788 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 789} 790 791// GoogleCloudOrgpolicyV1BooleanPolicy: Used in `policy_type` to specify 792// how `boolean_policy` will behave at this resource. 793type GoogleCloudOrgpolicyV1BooleanPolicy struct { 794 // Enforced: If `true`, then the `Policy` is enforced. If `false`, then 795 // any configuration is acceptable. Suppose you have a `Constraint` 796 // `constraints/compute.disableSerialPortAccess` with 797 // `constraint_default` set to `ALLOW`. A `Policy` for that `Constraint` 798 // exhibits the following behavior: - If the `Policy` at this resource 799 // has enforced set to `false`, serial port connection attempts will be 800 // allowed. - If the `Policy` at this resource has enforced set to 801 // `true`, serial port connection attempts will be refused. - If the 802 // `Policy` at this resource is `RestoreDefault`, serial port connection 803 // attempts will be allowed. - If no `Policy` is set at this resource or 804 // anywhere higher in the resource hierarchy, serial port connection 805 // attempts will be allowed. - If no `Policy` is set at this resource, 806 // but one exists higher in the resource hierarchy, the behavior is as 807 // if the`Policy` were set at this resource. The following examples 808 // demonstrate the different possible layerings: Example 1 (nearest 809 // `Constraint` wins): `organizations/foo` has a `Policy` with: 810 // {enforced: false} `projects/bar` has no `Policy` set. The constraint 811 // at `projects/bar` and `organizations/foo` will not be enforced. 812 // Example 2 (enforcement gets replaced): `organizations/foo` has a 813 // `Policy` with: {enforced: false} `projects/bar` has a `Policy` with: 814 // {enforced: true} The constraint at `organizations/foo` is not 815 // enforced. The constraint at `projects/bar` is enforced. Example 3 816 // (RestoreDefault): `organizations/foo` has a `Policy` with: {enforced: 817 // true} `projects/bar` has a `Policy` with: {RestoreDefault: {}} The 818 // constraint at `organizations/foo` is enforced. The constraint at 819 // `projects/bar` is not enforced, because `constraint_default` for the 820 // `Constraint` is `ALLOW`. 821 Enforced bool `json:"enforced,omitempty"` 822 823 // ForceSendFields is a list of field names (e.g. "Enforced") to 824 // unconditionally include in API requests. By default, fields with 825 // empty or default values are omitted from API requests. However, any 826 // non-pointer, non-interface field appearing in ForceSendFields will be 827 // sent to the server regardless of whether the field is empty or not. 828 // This may be used to include empty fields in Patch requests. 829 ForceSendFields []string `json:"-"` 830 831 // NullFields is a list of field names (e.g. "Enforced") to include in 832 // API requests with the JSON null value. By default, fields with empty 833 // values are omitted from API requests. However, any field with an 834 // empty value appearing in NullFields will be sent to the server as 835 // null. It is an error if a field in this list has a non-empty value. 836 // This may be used to include null fields in Patch requests. 837 NullFields []string `json:"-"` 838} 839 840func (s *GoogleCloudOrgpolicyV1BooleanPolicy) MarshalJSON() ([]byte, error) { 841 type NoMethod GoogleCloudOrgpolicyV1BooleanPolicy 842 raw := NoMethod(*s) 843 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 844} 845 846// GoogleCloudOrgpolicyV1ListPolicy: Used in `policy_type` to specify 847// how `list_policy` behaves at this resource. `ListPolicy` can define 848// specific values and subtrees of Cloud Resource Manager resource 849// hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed 850// or denied by setting the `allowed_values` and `denied_values` fields. 851// This is achieved by using the `under:` and optional `is:` prefixes. 852// The `under:` prefix is used to denote resource subtree values. The 853// `is:` prefix is used to denote specific values, and is required only 854// if the value contains a ":". Values prefixed with "is:" are treated 855// the same as values with no prefix. Ancestry subtrees must be in one 856// of the following formats: - "projects/", e.g. 857// "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - 858// "organizations/", e.g. "organizations/1234" The `supports_under` 859// field of the associated `Constraint` defines whether ancestry 860// prefixes can be used. You can set `allowed_values` and 861// `denied_values` in the same `Policy` if `all_values` is 862// `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny 863// all values. If `all_values` is set to either `ALLOW` or `DENY`, 864// `allowed_values` and `denied_values` must be unset. 865type GoogleCloudOrgpolicyV1ListPolicy struct { 866 // AllValues: The policy all_values state. 867 // 868 // Possible values: 869 // "ALL_VALUES_UNSPECIFIED" - Indicates that allowed_values or 870 // denied_values must be set. 871 // "ALLOW" - A policy with this set allows all values. 872 // "DENY" - A policy with this set denies all values. 873 AllValues string `json:"allValues,omitempty"` 874 875 // AllowedValues: List of values allowed at this resource. Can only be 876 // set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. 877 AllowedValues []string `json:"allowedValues,omitempty"` 878 879 // DeniedValues: List of values denied at this resource. Can only be set 880 // if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. 881 DeniedValues []string `json:"deniedValues,omitempty"` 882 883 // InheritFromParent: Determines the inheritance behavior for this 884 // `Policy`. By default, a `ListPolicy` set at a resource supersedes any 885 // `Policy` set anywhere up the resource hierarchy. However, if 886 // `inherit_from_parent` is set to `true`, then the values from the 887 // effective `Policy` of the parent resource are inherited, meaning the 888 // values set in this `Policy` are added to the values inherited up the 889 // hierarchy. Setting `Policy` hierarchies that inherit both allowed 890 // values and denied values isn't recommended in most circumstances to 891 // keep the configuration simple and understandable. However, it is 892 // possible to set a `Policy` with `allowed_values` set that inherits a 893 // `Policy` with `denied_values` set. In this case, the values that are 894 // allowed must be in `allowed_values` and not present in 895 // `denied_values`. For example, suppose you have a `Constraint` 896 // `constraints/serviceuser.services`, which has a `constraint_type` of 897 // `list_constraint`, and with `constraint_default` set to `ALLOW`. 898 // Suppose that at the Organization level, a `Policy` is applied that 899 // restricts the allowed API activations to {`E1`, `E2`}. Then, if a 900 // `Policy` is applied to a project below the Organization that has 901 // `inherit_from_parent` set to `false` and field all_values set to 902 // DENY, then an attempt to activate any API will be denied. The 903 // following examples demonstrate different possible layerings for 904 // `projects/bar` parented by `organizations/foo`: Example 1 (no 905 // inherited values): `organizations/foo` has a `Policy` with values: 906 // {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has 907 // `inherit_from_parent` `false` and values: {allowed_values: "E3" 908 // allowed_values: "E4"} The accepted values at `organizations/foo` are 909 // `E1`, `E2`. The accepted values at `projects/bar` are `E3`, and `E4`. 910 // Example 2 (inherited values): `organizations/foo` has a `Policy` with 911 // values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has 912 // a `Policy` with values: {value: "E3" value: "E4" inherit_from_parent: 913 // true} The accepted values at `organizations/foo` are `E1`, `E2`. The 914 // accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. 915 // Example 3 (inheriting both allowed and denied values): 916 // `organizations/foo` has a `Policy` with values: {allowed_values: "E1" 917 // allowed_values: "E2"} `projects/bar` has a `Policy` with: 918 // {denied_values: "E1"} The accepted values at `organizations/foo` are 919 // `E1`, `E2`. The value accepted at `projects/bar` is `E2`. Example 4 920 // (RestoreDefault): `organizations/foo` has a `Policy` with values: 921 // {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a 922 // `Policy` with values: {RestoreDefault: {}} The accepted values at 923 // `organizations/foo` are `E1`, `E2`. The accepted values at 924 // `projects/bar` are either all or none depending on the value of 925 // `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 5 926 // (no policy inherits parent policy): `organizations/foo` has no 927 // `Policy` set. `projects/bar` has no `Policy` set. The accepted values 928 // at both levels are either all or none depending on the value of 929 // `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 930 // (ListConstraint allowing all): `organizations/foo` has a `Policy` 931 // with values: {allowed_values: "E1" allowed_values: "E2"} 932 // `projects/bar` has a `Policy` with: {all: ALLOW} The accepted values 933 // at `organizations/foo` are `E1`, E2`. Any value is accepted at 934 // `projects/bar`. Example 7 (ListConstraint allowing none): 935 // `organizations/foo` has a `Policy` with values: {allowed_values: "E1" 936 // allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: DENY} 937 // The accepted values at `organizations/foo` are `E1`, E2`. No value is 938 // accepted at `projects/bar`. Example 10 (allowed and denied subtrees 939 // of Resource Manager hierarchy): Given the following resource 940 // hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` 941 // has a `Policy` with values: {allowed_values: 942 // "under:organizations/O1"} `projects/bar` has a `Policy` with: 943 // {allowed_values: "under:projects/P3"} {denied_values: 944 // "under:folders/F2"} The accepted values at `organizations/foo` are 945 // `organizations/O1`, `folders/F1`, `folders/F2`, `projects/P1`, 946 // `projects/P2`, `projects/P3`. The accepted values at `projects/bar` 947 // are `organizations/O1`, `folders/F1`, `projects/P1`. 948 InheritFromParent bool `json:"inheritFromParent,omitempty"` 949 950 // SuggestedValue: Optional. The Google Cloud Console will try to 951 // default to a configuration that matches the value specified in this 952 // `Policy`. If `suggested_value` is not set, it will inherit the value 953 // specified higher in the hierarchy, unless `inherit_from_parent` is 954 // `false`. 955 SuggestedValue string `json:"suggestedValue,omitempty"` 956 957 // ForceSendFields is a list of field names (e.g. "AllValues") to 958 // unconditionally include in API requests. By default, fields with 959 // empty or default values are omitted from API requests. However, any 960 // non-pointer, non-interface field appearing in ForceSendFields will be 961 // sent to the server regardless of whether the field is empty or not. 962 // This may be used to include empty fields in Patch requests. 963 ForceSendFields []string `json:"-"` 964 965 // NullFields is a list of field names (e.g. "AllValues") to include in 966 // API requests with the JSON null value. By default, fields with empty 967 // values are omitted from API requests. However, any field with an 968 // empty value appearing in NullFields will be sent to the server as 969 // null. It is an error if a field in this list has a non-empty value. 970 // This may be used to include null fields in Patch requests. 971 NullFields []string `json:"-"` 972} 973 974func (s *GoogleCloudOrgpolicyV1ListPolicy) MarshalJSON() ([]byte, error) { 975 type NoMethod GoogleCloudOrgpolicyV1ListPolicy 976 raw := NoMethod(*s) 977 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 978} 979 980// GoogleCloudOrgpolicyV1Policy: Defines a Cloud Organization `Policy` 981// which is used to specify `Constraints` for configurations of Cloud 982// Platform resources. 983type GoogleCloudOrgpolicyV1Policy struct { 984 // BooleanPolicy: For boolean `Constraints`, whether to enforce the 985 // `Constraint` or not. 986 BooleanPolicy *GoogleCloudOrgpolicyV1BooleanPolicy `json:"booleanPolicy,omitempty"` 987 988 // Constraint: The name of the `Constraint` the `Policy` is configuring, 989 // for example, `constraints/serviceuser.services`. A list of available 990 // constraints 991 // (/resource-manager/docs/organization-policy/org-policy-constraints) 992 // is available. Immutable after creation. 993 Constraint string `json:"constraint,omitempty"` 994 995 // Etag: An opaque tag indicating the current version of the `Policy`, 996 // used for concurrency control. When the `Policy` is returned from 997 // either a `GetPolicy` or a `ListOrgPolicy` request, this `etag` 998 // indicates the version of the current `Policy` to use when executing a 999 // read-modify-write loop. When the `Policy` is returned from a 1000 // `GetEffectivePolicy` request, the `etag` will be unset. When the 1001 // `Policy` is used in a `SetOrgPolicy` method, use the `etag` value 1002 // that was returned from a `GetOrgPolicy` request as part of a 1003 // read-modify-write loop for concurrency control. Not setting the 1004 // `etag`in a `SetOrgPolicy` request will result in an unconditional 1005 // write of the `Policy`. 1006 Etag string `json:"etag,omitempty"` 1007 1008 // ListPolicy: List of values either allowed or disallowed. 1009 ListPolicy *GoogleCloudOrgpolicyV1ListPolicy `json:"listPolicy,omitempty"` 1010 1011 // RestoreDefault: Restores the default behavior of the constraint; 1012 // independent of `Constraint` type. 1013 RestoreDefault *GoogleCloudOrgpolicyV1RestoreDefault `json:"restoreDefault,omitempty"` 1014 1015 // UpdateTime: The time stamp the `Policy` was previously updated. This 1016 // is set by the server, not specified by the caller, and represents the 1017 // last time a call to `SetOrgPolicy` was made for that `Policy`. Any 1018 // value set by the client will be ignored. 1019 UpdateTime string `json:"updateTime,omitempty"` 1020 1021 // Version: Version of the `Policy`. Default version is 0; 1022 Version int64 `json:"version,omitempty"` 1023 1024 // ForceSendFields is a list of field names (e.g. "BooleanPolicy") to 1025 // unconditionally include in API requests. By default, fields with 1026 // empty or default values are omitted from API requests. However, any 1027 // non-pointer, non-interface field appearing in ForceSendFields will be 1028 // sent to the server regardless of whether the field is empty or not. 1029 // This may be used to include empty fields in Patch requests. 1030 ForceSendFields []string `json:"-"` 1031 1032 // NullFields is a list of field names (e.g. "BooleanPolicy") to include 1033 // in API requests with the JSON null value. By default, fields with 1034 // empty values are omitted from API requests. However, any field with 1035 // an empty value appearing in NullFields will be sent to the server as 1036 // null. It is an error if a field in this list has a non-empty value. 1037 // This may be used to include null fields in Patch requests. 1038 NullFields []string `json:"-"` 1039} 1040 1041func (s *GoogleCloudOrgpolicyV1Policy) MarshalJSON() ([]byte, error) { 1042 type NoMethod GoogleCloudOrgpolicyV1Policy 1043 raw := NoMethod(*s) 1044 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1045} 1046 1047// GoogleCloudOrgpolicyV1RestoreDefault: Ignores policies set above this 1048// resource and restores the `constraint_default` enforcement behavior 1049// of the specific `Constraint` at this resource. Suppose that 1050// `constraint_default` is set to `ALLOW` for the `Constraint` 1051// `constraints/serviceuser.services`. Suppose that organization foo.com 1052// sets a `Policy` at their Organization resource node that restricts 1053// the allowed service activations to deny all service activations. They 1054// could then set a `Policy` with the `policy_type` `restore_default` on 1055// several experimental projects, restoring the `constraint_default` 1056// enforcement of the `Constraint` for only those projects, allowing 1057// those projects to have all services activated. 1058type GoogleCloudOrgpolicyV1RestoreDefault struct { 1059} 1060 1061// GoogleIdentityAccesscontextmanagerV1AccessLevel: An `AccessLevel` is 1062// a label that can be applied to requests to Google Cloud services, 1063// along with a list of requirements necessary for the label to be 1064// applied. 1065type GoogleIdentityAccesscontextmanagerV1AccessLevel struct { 1066 // Basic: A `BasicLevel` composed of `Conditions`. 1067 Basic *GoogleIdentityAccesscontextmanagerV1BasicLevel `json:"basic,omitempty"` 1068 1069 // Custom: A `CustomLevel` written in the Common Expression Language. 1070 Custom *GoogleIdentityAccesscontextmanagerV1CustomLevel `json:"custom,omitempty"` 1071 1072 // Description: Description of the `AccessLevel` and its use. Does not 1073 // affect behavior. 1074 Description string `json:"description,omitempty"` 1075 1076 // Name: Required. Resource name for the Access Level. The `short_name` 1077 // component must begin with a letter and only include alphanumeric and 1078 // '_'. Format: 1079 // `accessPolicies/{access_policy}/accessLevels/{access_level}`. The 1080 // maximum length of the `access_level` component is 50 characters. 1081 Name string `json:"name,omitempty"` 1082 1083 // Title: Human readable title. Must be unique within the Policy. 1084 Title string `json:"title,omitempty"` 1085 1086 // ForceSendFields is a list of field names (e.g. "Basic") to 1087 // unconditionally include in API requests. By default, fields with 1088 // empty or default values are omitted from API requests. However, any 1089 // non-pointer, non-interface field appearing in ForceSendFields will be 1090 // sent to the server regardless of whether the field is empty or not. 1091 // This may be used to include empty fields in Patch requests. 1092 ForceSendFields []string `json:"-"` 1093 1094 // NullFields is a list of field names (e.g. "Basic") to include in API 1095 // requests with the JSON null value. By default, fields with empty 1096 // values are omitted from API requests. However, any field with an 1097 // empty value appearing in NullFields will be sent to the server as 1098 // null. It is an error if a field in this list has a non-empty value. 1099 // This may be used to include null fields in Patch requests. 1100 NullFields []string `json:"-"` 1101} 1102 1103func (s *GoogleIdentityAccesscontextmanagerV1AccessLevel) MarshalJSON() ([]byte, error) { 1104 type NoMethod GoogleIdentityAccesscontextmanagerV1AccessLevel 1105 raw := NoMethod(*s) 1106 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1107} 1108 1109// GoogleIdentityAccesscontextmanagerV1AccessPolicy: `AccessPolicy` is a 1110// container for `AccessLevels` (which define the necessary attributes 1111// to use Google Cloud services) and `ServicePerimeters` (which define 1112// regions of services able to freely pass data within a perimeter). An 1113// access policy is globally visible within an organization, and the 1114// restrictions it specifies apply to all projects within an 1115// organization. 1116type GoogleIdentityAccesscontextmanagerV1AccessPolicy struct { 1117 // Etag: Output only. An opaque identifier for the current version of 1118 // the `AccessPolicy`. This will always be a strongly validated etag, 1119 // meaning that two Access Polices will be identical if and only if 1120 // their etags are identical. Clients should not expect this to be in 1121 // any specific format. 1122 Etag string `json:"etag,omitempty"` 1123 1124 // Name: Output only. Resource name of the `AccessPolicy`. Format: 1125 // `accessPolicies/{access_policy}` 1126 Name string `json:"name,omitempty"` 1127 1128 // Parent: Required. The parent of this `AccessPolicy` in the Cloud 1129 // Resource Hierarchy. Currently immutable once created. Format: 1130 // `organizations/{organization_id}` 1131 Parent string `json:"parent,omitempty"` 1132 1133 // Title: Required. Human readable title. Does not affect behavior. 1134 Title string `json:"title,omitempty"` 1135 1136 // ForceSendFields is a list of field names (e.g. "Etag") to 1137 // unconditionally include in API requests. By default, fields with 1138 // empty or default values are omitted from API requests. However, any 1139 // non-pointer, non-interface field appearing in ForceSendFields will be 1140 // sent to the server regardless of whether the field is empty or not. 1141 // This may be used to include empty fields in Patch requests. 1142 ForceSendFields []string `json:"-"` 1143 1144 // NullFields is a list of field names (e.g. "Etag") to include in API 1145 // requests with the JSON null value. By default, fields with empty 1146 // values are omitted from API requests. However, any field with an 1147 // empty value appearing in NullFields will be sent to the server as 1148 // null. It is an error if a field in this list has a non-empty value. 1149 // This may be used to include null fields in Patch requests. 1150 NullFields []string `json:"-"` 1151} 1152 1153func (s *GoogleIdentityAccesscontextmanagerV1AccessPolicy) MarshalJSON() ([]byte, error) { 1154 type NoMethod GoogleIdentityAccesscontextmanagerV1AccessPolicy 1155 raw := NoMethod(*s) 1156 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1157} 1158 1159// GoogleIdentityAccesscontextmanagerV1ApiOperation: Identification for 1160// an API Operation. 1161type GoogleIdentityAccesscontextmanagerV1ApiOperation struct { 1162 // MethodSelectors: API methods or permissions to allow. Method or 1163 // permission must belong to the service specified by `service_name` 1164 // field. A single MethodSelector entry with `*` specified for the 1165 // `method` field will allow all methods AND permissions for the service 1166 // specified in `service_name`. 1167 MethodSelectors []*GoogleIdentityAccesscontextmanagerV1MethodSelector `json:"methodSelectors,omitempty"` 1168 1169 // ServiceName: The name of the API whose methods or permissions the 1170 // IngressPolicy or EgressPolicy want to allow. A single ApiOperation 1171 // with `service_name` field set to `*` will allow all methods AND 1172 // permissions for all services. 1173 ServiceName string `json:"serviceName,omitempty"` 1174 1175 // ForceSendFields is a list of field names (e.g. "MethodSelectors") to 1176 // unconditionally include in API requests. By default, fields with 1177 // empty or default values are omitted from API requests. However, any 1178 // non-pointer, non-interface field appearing in ForceSendFields will be 1179 // sent to the server regardless of whether the field is empty or not. 1180 // This may be used to include empty fields in Patch requests. 1181 ForceSendFields []string `json:"-"` 1182 1183 // NullFields is a list of field names (e.g. "MethodSelectors") to 1184 // include in API requests with the JSON null value. By default, fields 1185 // with empty values are omitted from API requests. However, any field 1186 // with an empty value appearing in NullFields will be sent to the 1187 // server as null. It is an error if a field in this list has a 1188 // non-empty value. This may be used to include null fields in Patch 1189 // requests. 1190 NullFields []string `json:"-"` 1191} 1192 1193func (s *GoogleIdentityAccesscontextmanagerV1ApiOperation) MarshalJSON() ([]byte, error) { 1194 type NoMethod GoogleIdentityAccesscontextmanagerV1ApiOperation 1195 raw := NoMethod(*s) 1196 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1197} 1198 1199// GoogleIdentityAccesscontextmanagerV1BasicLevel: `BasicLevel` is an 1200// `AccessLevel` using a set of recommended features. 1201type GoogleIdentityAccesscontextmanagerV1BasicLevel struct { 1202 // CombiningFunction: How the `conditions` list should be combined to 1203 // determine if a request is granted this `AccessLevel`. If AND is used, 1204 // each `Condition` in `conditions` must be satisfied for the 1205 // `AccessLevel` to be applied. If OR is used, at least one `Condition` 1206 // in `conditions` must be satisfied for the `AccessLevel` to be 1207 // applied. Default behavior is AND. 1208 // 1209 // Possible values: 1210 // "AND" - All `Conditions` must be true for the `BasicLevel` to be 1211 // true. 1212 // "OR" - If at least one `Condition` is true, then the `BasicLevel` 1213 // is true. 1214 CombiningFunction string `json:"combiningFunction,omitempty"` 1215 1216 // Conditions: Required. A list of requirements for the `AccessLevel` to 1217 // be granted. 1218 Conditions []*GoogleIdentityAccesscontextmanagerV1Condition `json:"conditions,omitempty"` 1219 1220 // ForceSendFields is a list of field names (e.g. "CombiningFunction") 1221 // to unconditionally include in API requests. By default, fields with 1222 // empty or default values are omitted from API requests. However, any 1223 // non-pointer, non-interface field appearing in ForceSendFields will be 1224 // sent to the server regardless of whether the field is empty or not. 1225 // This may be used to include empty fields in Patch requests. 1226 ForceSendFields []string `json:"-"` 1227 1228 // NullFields is a list of field names (e.g. "CombiningFunction") to 1229 // include in API requests with the JSON null value. By default, fields 1230 // with empty values are omitted from API requests. However, any field 1231 // with an empty value appearing in NullFields will be sent to the 1232 // server as null. It is an error if a field in this list has a 1233 // non-empty value. This may be used to include null fields in Patch 1234 // requests. 1235 NullFields []string `json:"-"` 1236} 1237 1238func (s *GoogleIdentityAccesscontextmanagerV1BasicLevel) MarshalJSON() ([]byte, error) { 1239 type NoMethod GoogleIdentityAccesscontextmanagerV1BasicLevel 1240 raw := NoMethod(*s) 1241 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1242} 1243 1244// GoogleIdentityAccesscontextmanagerV1Condition: A condition necessary 1245// for an `AccessLevel` to be granted. The Condition is an AND over its 1246// fields. So a Condition is true if: 1) the request IP is from one of 1247// the listed subnetworks AND 2) the originating device complies with 1248// the listed device policy AND 3) all listed access levels are granted 1249// AND 4) the request was sent at a time allowed by the 1250// DateTimeRestriction. 1251type GoogleIdentityAccesscontextmanagerV1Condition struct { 1252 // DevicePolicy: Device specific restrictions, all restrictions must 1253 // hold for the Condition to be true. If not specified, all devices are 1254 // allowed. 1255 DevicePolicy *GoogleIdentityAccesscontextmanagerV1DevicePolicy `json:"devicePolicy,omitempty"` 1256 1257 // IpSubnetworks: CIDR block IP subnetwork specification. May be IPv4 or 1258 // IPv6. Note that for a CIDR IP address block, the specified IP address 1259 // portion must be properly truncated (i.e. all the host bits must be 1260 // zero) or the input is considered malformed. For example, 1261 // "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for 1262 // IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. 1263 // The originating IP of a request must be in one of the listed subnets 1264 // in order for this Condition to be true. If empty, all IP addresses 1265 // are allowed. 1266 IpSubnetworks []string `json:"ipSubnetworks,omitempty"` 1267 1268 // Members: The request must be made by one of the provided user or 1269 // service accounts. Groups are not supported. Syntax: `user:{emailid}` 1270 // `serviceAccount:{emailid}` If not specified, a request may come from 1271 // any user. 1272 Members []string `json:"members,omitempty"` 1273 1274 // Negate: Whether to negate the Condition. If true, the Condition 1275 // becomes a NAND over its non-empty fields, each field must be false 1276 // for the Condition overall to be satisfied. Defaults to false. 1277 Negate bool `json:"negate,omitempty"` 1278 1279 // Regions: The request must originate from one of the provided 1280 // countries/regions. Must be valid ISO 3166-1 alpha-2 codes. 1281 Regions []string `json:"regions,omitempty"` 1282 1283 // RequiredAccessLevels: A list of other access levels defined in the 1284 // same `Policy`, referenced by resource name. Referencing an 1285 // `AccessLevel` which does not exist is an error. All access levels 1286 // listed must be granted for the Condition to be true. Example: 1287 // "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME" 1288 RequiredAccessLevels []string `json:"requiredAccessLevels,omitempty"` 1289 1290 // ForceSendFields is a list of field names (e.g. "DevicePolicy") to 1291 // unconditionally include in API requests. By default, fields with 1292 // empty or default values are omitted from API requests. However, any 1293 // non-pointer, non-interface field appearing in ForceSendFields will be 1294 // sent to the server regardless of whether the field is empty or not. 1295 // This may be used to include empty fields in Patch requests. 1296 ForceSendFields []string `json:"-"` 1297 1298 // NullFields is a list of field names (e.g. "DevicePolicy") to include 1299 // in API requests with the JSON null value. By default, fields with 1300 // empty values are omitted from API requests. However, any field with 1301 // an empty value appearing in NullFields will be sent to the server as 1302 // null. It is an error if a field in this list has a non-empty value. 1303 // This may be used to include null fields in Patch requests. 1304 NullFields []string `json:"-"` 1305} 1306 1307func (s *GoogleIdentityAccesscontextmanagerV1Condition) MarshalJSON() ([]byte, error) { 1308 type NoMethod GoogleIdentityAccesscontextmanagerV1Condition 1309 raw := NoMethod(*s) 1310 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1311} 1312 1313// GoogleIdentityAccesscontextmanagerV1CustomLevel: `CustomLevel` is an 1314// `AccessLevel` using the Cloud Common Expression Language to represent 1315// the necessary conditions for the level to apply to a request. See CEL 1316// spec at: https://github.com/google/cel-spec 1317type GoogleIdentityAccesscontextmanagerV1CustomLevel struct { 1318 // Expr: Required. A Cloud CEL expression evaluating to a boolean. 1319 Expr *Expr `json:"expr,omitempty"` 1320 1321 // ForceSendFields is a list of field names (e.g. "Expr") to 1322 // unconditionally include in API requests. By default, fields with 1323 // empty or default values are omitted from API requests. However, any 1324 // non-pointer, non-interface field appearing in ForceSendFields will be 1325 // sent to the server regardless of whether the field is empty or not. 1326 // This may be used to include empty fields in Patch requests. 1327 ForceSendFields []string `json:"-"` 1328 1329 // NullFields is a list of field names (e.g. "Expr") to include in API 1330 // requests with the JSON null value. By default, fields with empty 1331 // values are omitted from API requests. However, any field with an 1332 // empty value appearing in NullFields will be sent to the server as 1333 // null. It is an error if a field in this list has a non-empty value. 1334 // This may be used to include null fields in Patch requests. 1335 NullFields []string `json:"-"` 1336} 1337 1338func (s *GoogleIdentityAccesscontextmanagerV1CustomLevel) MarshalJSON() ([]byte, error) { 1339 type NoMethod GoogleIdentityAccesscontextmanagerV1CustomLevel 1340 raw := NoMethod(*s) 1341 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1342} 1343 1344// GoogleIdentityAccesscontextmanagerV1DevicePolicy: `DevicePolicy` 1345// specifies device specific restrictions necessary to acquire a given 1346// access level. A `DevicePolicy` specifies requirements for requests 1347// from devices to be granted access levels, it does not do any 1348// enforcement on the device. `DevicePolicy` acts as an AND over all 1349// specified fields, and each repeated field is an OR over its elements. 1350// Any unset fields are ignored. For example, if the proto is { os_type 1351// : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status: 1352// ENCRYPTED}, then the DevicePolicy will be true for requests 1353// originating from encrypted Linux desktops and encrypted Windows 1354// desktops. 1355type GoogleIdentityAccesscontextmanagerV1DevicePolicy struct { 1356 // AllowedDeviceManagementLevels: Allowed device management levels, an 1357 // empty list allows all management levels. 1358 // 1359 // Possible values: 1360 // "MANAGEMENT_UNSPECIFIED" - The device's management level is not 1361 // specified or not known. 1362 // "NONE" - The device is not managed. 1363 // "BASIC" - Basic management is enabled, which is generally limited 1364 // to monitoring and wiping the corporate account. 1365 // "COMPLETE" - Complete device management. This includes more 1366 // thorough monitoring and the ability to directly manage the device 1367 // (such as remote wiping). This can be enabled through the Android 1368 // Enterprise Platform. 1369 AllowedDeviceManagementLevels []string `json:"allowedDeviceManagementLevels,omitempty"` 1370 1371 // AllowedEncryptionStatuses: Allowed encryptions statuses, an empty 1372 // list allows all statuses. 1373 // 1374 // Possible values: 1375 // "ENCRYPTION_UNSPECIFIED" - The encryption status of the device is 1376 // not specified or not known. 1377 // "ENCRYPTION_UNSUPPORTED" - The device does not support encryption. 1378 // "UNENCRYPTED" - The device supports encryption, but is currently 1379 // unencrypted. 1380 // "ENCRYPTED" - The device is encrypted. 1381 AllowedEncryptionStatuses []string `json:"allowedEncryptionStatuses,omitempty"` 1382 1383 // OsConstraints: Allowed OS versions, an empty list allows all types 1384 // and all versions. 1385 OsConstraints []*GoogleIdentityAccesscontextmanagerV1OsConstraint `json:"osConstraints,omitempty"` 1386 1387 // RequireAdminApproval: Whether the device needs to be approved by the 1388 // customer admin. 1389 RequireAdminApproval bool `json:"requireAdminApproval,omitempty"` 1390 1391 // RequireCorpOwned: Whether the device needs to be corp owned. 1392 RequireCorpOwned bool `json:"requireCorpOwned,omitempty"` 1393 1394 // RequireScreenlock: Whether or not screenlock is required for the 1395 // DevicePolicy to be true. Defaults to `false`. 1396 RequireScreenlock bool `json:"requireScreenlock,omitempty"` 1397 1398 // ForceSendFields is a list of field names (e.g. 1399 // "AllowedDeviceManagementLevels") to unconditionally include in API 1400 // requests. By default, fields with empty or default values are omitted 1401 // from API requests. However, any non-pointer, non-interface field 1402 // appearing in ForceSendFields will be sent to the server regardless of 1403 // whether the field is empty or not. This may be used to include empty 1404 // fields in Patch requests. 1405 ForceSendFields []string `json:"-"` 1406 1407 // NullFields is a list of field names (e.g. 1408 // "AllowedDeviceManagementLevels") to include in API requests with the 1409 // JSON null value. By default, fields with empty values are omitted 1410 // from API requests. However, any field with an empty value appearing 1411 // in NullFields will be sent to the server as null. It is an error if a 1412 // field in this list has a non-empty value. This may be used to include 1413 // null fields in Patch requests. 1414 NullFields []string `json:"-"` 1415} 1416 1417func (s *GoogleIdentityAccesscontextmanagerV1DevicePolicy) MarshalJSON() ([]byte, error) { 1418 type NoMethod GoogleIdentityAccesscontextmanagerV1DevicePolicy 1419 raw := NoMethod(*s) 1420 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1421} 1422 1423// GoogleIdentityAccesscontextmanagerV1EgressFrom: Defines the 1424// conditions under which an EgressPolicy matches a request. Conditions 1425// based on information about the source of the request. Note that if 1426// the destination of the request is also protected by a 1427// ServicePerimeter, then that ServicePerimeter must have an 1428// IngressPolicy which allows access in order for this request to 1429// succeed. 1430type GoogleIdentityAccesscontextmanagerV1EgressFrom struct { 1431 // Identities: A list of identities that are allowed access through this 1432 // [EgressPolicy]. Should be in the format of email address. The email 1433 // address should represent individual user or service account only. 1434 Identities []string `json:"identities,omitempty"` 1435 1436 // IdentityType: Specifies the type of identities that are allowed 1437 // access to outside the perimeter. If left unspecified, then members of 1438 // `identities` field will be allowed access. 1439 // 1440 // Possible values: 1441 // "IDENTITY_TYPE_UNSPECIFIED" - No blanket identity group specified. 1442 // "ANY_IDENTITY" - Authorize access from all identities outside the 1443 // perimeter. 1444 // "ANY_USER_ACCOUNT" - Authorize access from all human users outside 1445 // the perimeter. 1446 // "ANY_SERVICE_ACCOUNT" - Authorize access from all service accounts 1447 // outside the perimeter. 1448 IdentityType string `json:"identityType,omitempty"` 1449 1450 // ForceSendFields is a list of field names (e.g. "Identities") to 1451 // unconditionally include in API requests. By default, fields with 1452 // empty or default values are omitted from API requests. However, any 1453 // non-pointer, non-interface field appearing in ForceSendFields will be 1454 // sent to the server regardless of whether the field is empty or not. 1455 // This may be used to include empty fields in Patch requests. 1456 ForceSendFields []string `json:"-"` 1457 1458 // NullFields is a list of field names (e.g. "Identities") to include in 1459 // API requests with the JSON null value. By default, fields with empty 1460 // values are omitted from API requests. However, any field with an 1461 // empty value appearing in NullFields will be sent to the server as 1462 // null. It is an error if a field in this list has a non-empty value. 1463 // This may be used to include null fields in Patch requests. 1464 NullFields []string `json:"-"` 1465} 1466 1467func (s *GoogleIdentityAccesscontextmanagerV1EgressFrom) MarshalJSON() ([]byte, error) { 1468 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressFrom 1469 raw := NoMethod(*s) 1470 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1471} 1472 1473// GoogleIdentityAccesscontextmanagerV1EgressPolicy: Policy for egress 1474// from perimeter. EgressPolicies match requests based on `egress_from` 1475// and `egress_to` stanzas. For an EgressPolicy to match, both 1476// `egress_from` and `egress_to` stanzas must be matched. If an 1477// EgressPolicy matches a request, the request is allowed to span the 1478// ServicePerimeter boundary. For example, an EgressPolicy can be used 1479// to allow VMs on networks within the ServicePerimeter to access a 1480// defined set of projects outside the perimeter in certain contexts 1481// (e.g. to read data from a Cloud Storage bucket or query against a 1482// BigQuery dataset). EgressPolicies are concerned with the *resources* 1483// that a request relates as well as the API services and API actions 1484// being used. They do not related to the direction of data movement. 1485// More detailed documentation for this concept can be found in the 1486// descriptions of EgressFrom and EgressTo. 1487type GoogleIdentityAccesscontextmanagerV1EgressPolicy struct { 1488 // EgressFrom: Defines conditions on the source of a request causing 1489 // this EgressPolicy to apply. 1490 EgressFrom *GoogleIdentityAccesscontextmanagerV1EgressFrom `json:"egressFrom,omitempty"` 1491 1492 // EgressTo: Defines the conditions on the ApiOperation and destination 1493 // resources that cause this EgressPolicy to apply. 1494 EgressTo *GoogleIdentityAccesscontextmanagerV1EgressTo `json:"egressTo,omitempty"` 1495 1496 // ForceSendFields is a list of field names (e.g. "EgressFrom") to 1497 // unconditionally include in API requests. By default, fields with 1498 // empty or default values are omitted from API requests. However, any 1499 // non-pointer, non-interface field appearing in ForceSendFields will be 1500 // sent to the server regardless of whether the field is empty or not. 1501 // This may be used to include empty fields in Patch requests. 1502 ForceSendFields []string `json:"-"` 1503 1504 // NullFields is a list of field names (e.g. "EgressFrom") to include in 1505 // API requests with the JSON null value. By default, fields with empty 1506 // values are omitted from API requests. However, any field with an 1507 // empty value appearing in NullFields will be sent to the server as 1508 // null. It is an error if a field in this list has a non-empty value. 1509 // This may be used to include null fields in Patch requests. 1510 NullFields []string `json:"-"` 1511} 1512 1513func (s *GoogleIdentityAccesscontextmanagerV1EgressPolicy) MarshalJSON() ([]byte, error) { 1514 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressPolicy 1515 raw := NoMethod(*s) 1516 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1517} 1518 1519// GoogleIdentityAccesscontextmanagerV1EgressTo: Defines the conditions 1520// under which an EgressPolicy matches a request. Conditions are based 1521// on information about the ApiOperation intended to be performed on the 1522// `resources` specified. Note that if the destination of the request is 1523// also protected by a ServicePerimeter, then that ServicePerimeter must 1524// have an IngressPolicy which allows access in order for this request 1525// to succeed. The request must match `operations` AND `resources` 1526// fields in order to be allowed egress out of the perimeter. 1527type GoogleIdentityAccesscontextmanagerV1EgressTo struct { 1528 // Operations: A list of ApiOperations allowed to be performed by the 1529 // sources specified in the corresponding EgressFrom. A request matches 1530 // if it uses an operation/service in this list. 1531 Operations []*GoogleIdentityAccesscontextmanagerV1ApiOperation `json:"operations,omitempty"` 1532 1533 // Resources: A list of resources, currently only projects in the form 1534 // `projects/`, that are allowed to be accessed by sources defined in 1535 // the corresponding EgressFrom. A request matches if it contains a 1536 // resource in this list. If `*` is specified for `resources`, then this 1537 // EgressTo rule will authorize access to all resources outside the 1538 // perimeter. 1539 Resources []string `json:"resources,omitempty"` 1540 1541 // ForceSendFields is a list of field names (e.g. "Operations") to 1542 // unconditionally include in API requests. By default, fields with 1543 // empty or default values are omitted from API requests. However, any 1544 // non-pointer, non-interface field appearing in ForceSendFields will be 1545 // sent to the server regardless of whether the field is empty or not. 1546 // This may be used to include empty fields in Patch requests. 1547 ForceSendFields []string `json:"-"` 1548 1549 // NullFields is a list of field names (e.g. "Operations") to include in 1550 // API requests with the JSON null value. By default, fields with empty 1551 // values are omitted from API requests. However, any field with an 1552 // empty value appearing in NullFields will be sent to the server as 1553 // null. It is an error if a field in this list has a non-empty value. 1554 // This may be used to include null fields in Patch requests. 1555 NullFields []string `json:"-"` 1556} 1557 1558func (s *GoogleIdentityAccesscontextmanagerV1EgressTo) MarshalJSON() ([]byte, error) { 1559 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressTo 1560 raw := NoMethod(*s) 1561 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1562} 1563 1564// GoogleIdentityAccesscontextmanagerV1IngressFrom: Defines the 1565// conditions under which an IngressPolicy matches a request. Conditions 1566// are based on information about the source of the request. The request 1567// must satisfy what is defined in `sources` AND identity related fields 1568// in order to match. 1569type GoogleIdentityAccesscontextmanagerV1IngressFrom struct { 1570 // Identities: A list of identities that are allowed access through this 1571 // ingress policy. Should be in the format of email address. The email 1572 // address should represent individual user or service account only. 1573 Identities []string `json:"identities,omitempty"` 1574 1575 // IdentityType: Specifies the type of identities that are allowed 1576 // access from outside the perimeter. If left unspecified, then members 1577 // of `identities` field will be allowed access. 1578 // 1579 // Possible values: 1580 // "IDENTITY_TYPE_UNSPECIFIED" - No blanket identity group specified. 1581 // "ANY_IDENTITY" - Authorize access from all identities outside the 1582 // perimeter. 1583 // "ANY_USER_ACCOUNT" - Authorize access from all human users outside 1584 // the perimeter. 1585 // "ANY_SERVICE_ACCOUNT" - Authorize access from all service accounts 1586 // outside the perimeter. 1587 IdentityType string `json:"identityType,omitempty"` 1588 1589 // Sources: Sources that this IngressPolicy authorizes access from. 1590 Sources []*GoogleIdentityAccesscontextmanagerV1IngressSource `json:"sources,omitempty"` 1591 1592 // ForceSendFields is a list of field names (e.g. "Identities") to 1593 // unconditionally include in API requests. By default, fields with 1594 // empty or default values are omitted from API requests. However, any 1595 // non-pointer, non-interface field appearing in ForceSendFields will be 1596 // sent to the server regardless of whether the field is empty or not. 1597 // This may be used to include empty fields in Patch requests. 1598 ForceSendFields []string `json:"-"` 1599 1600 // NullFields is a list of field names (e.g. "Identities") to include in 1601 // API requests with the JSON null value. By default, fields with empty 1602 // values are omitted from API requests. However, any field with an 1603 // empty value appearing in NullFields will be sent to the server as 1604 // null. It is an error if a field in this list has a non-empty value. 1605 // This may be used to include null fields in Patch requests. 1606 NullFields []string `json:"-"` 1607} 1608 1609func (s *GoogleIdentityAccesscontextmanagerV1IngressFrom) MarshalJSON() ([]byte, error) { 1610 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressFrom 1611 raw := NoMethod(*s) 1612 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1613} 1614 1615// GoogleIdentityAccesscontextmanagerV1IngressPolicy: Policy for ingress 1616// into ServicePerimeter. IngressPolicies match requests based on 1617// `ingress_from` and `ingress_to` stanzas. For an ingress policy to 1618// match, both the `ingress_from` and `ingress_to` stanzas must be 1619// matched. If an IngressPolicy matches a request, the request is 1620// allowed through the perimeter boundary from outside the perimeter. 1621// For example, access from the internet can be allowed either based on 1622// an AccessLevel or, for traffic hosted on Google Cloud, the project of 1623// the source network. For access from private networks, using the 1624// project of the hosting network is required. Individual ingress 1625// policies can be limited by restricting which services and/or actions 1626// they match using the `ingress_to` field. 1627type GoogleIdentityAccesscontextmanagerV1IngressPolicy struct { 1628 // IngressFrom: Defines the conditions on the source of a request 1629 // causing this IngressPolicy to apply. 1630 IngressFrom *GoogleIdentityAccesscontextmanagerV1IngressFrom `json:"ingressFrom,omitempty"` 1631 1632 // IngressTo: Defines the conditions on the ApiOperation and request 1633 // destination that cause this IngressPolicy to apply. 1634 IngressTo *GoogleIdentityAccesscontextmanagerV1IngressTo `json:"ingressTo,omitempty"` 1635 1636 // ForceSendFields is a list of field names (e.g. "IngressFrom") to 1637 // unconditionally include in API requests. By default, fields with 1638 // empty or default values are omitted from API requests. However, any 1639 // non-pointer, non-interface field appearing in ForceSendFields will be 1640 // sent to the server regardless of whether the field is empty or not. 1641 // This may be used to include empty fields in Patch requests. 1642 ForceSendFields []string `json:"-"` 1643 1644 // NullFields is a list of field names (e.g. "IngressFrom") to include 1645 // in API requests with the JSON null value. By default, fields with 1646 // empty values are omitted from API requests. However, any field with 1647 // an empty value appearing in NullFields will be sent to the server as 1648 // null. It is an error if a field in this list has a non-empty value. 1649 // This may be used to include null fields in Patch requests. 1650 NullFields []string `json:"-"` 1651} 1652 1653func (s *GoogleIdentityAccesscontextmanagerV1IngressPolicy) MarshalJSON() ([]byte, error) { 1654 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressPolicy 1655 raw := NoMethod(*s) 1656 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1657} 1658 1659// GoogleIdentityAccesscontextmanagerV1IngressSource: The source that 1660// IngressPolicy authorizes access from. 1661type GoogleIdentityAccesscontextmanagerV1IngressSource struct { 1662 // AccessLevel: An AccessLevel resource name that allow resources within 1663 // the ServicePerimeters to be accessed from the internet. AccessLevels 1664 // listed must be in the same policy as this ServicePerimeter. 1665 // Referencing a nonexistent AccessLevel will cause an error. If no 1666 // AccessLevel names are listed, resources within the perimeter can only 1667 // be accessed via Google Cloud calls with request origins within the 1668 // perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. 1669 // If a single `*` is specified for `access_level`, then all 1670 // IngressSources will be allowed. 1671 AccessLevel string `json:"accessLevel,omitempty"` 1672 1673 // Resource: A Google Cloud resource that is allowed to ingress the 1674 // perimeter. Requests from these resources will be allowed to access 1675 // perimeter data. Currently only projects are allowed. Format: 1676 // `projects/{project_number}` The project may be in any Google Cloud 1677 // organization, not just the organization that the perimeter is defined 1678 // in. `*` is not allowed, the case of allowing all Google Cloud 1679 // resources only is not supported. 1680 Resource string `json:"resource,omitempty"` 1681 1682 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 1683 // unconditionally include in API requests. By default, fields with 1684 // empty or default values are omitted from API requests. However, any 1685 // non-pointer, non-interface field appearing in ForceSendFields will be 1686 // sent to the server regardless of whether the field is empty or not. 1687 // This may be used to include empty fields in Patch requests. 1688 ForceSendFields []string `json:"-"` 1689 1690 // NullFields is a list of field names (e.g. "AccessLevel") to include 1691 // in API requests with the JSON null value. By default, fields with 1692 // empty values are omitted from API requests. However, any field with 1693 // an empty value appearing in NullFields will be sent to the server as 1694 // null. It is an error if a field in this list has a non-empty value. 1695 // This may be used to include null fields in Patch requests. 1696 NullFields []string `json:"-"` 1697} 1698 1699func (s *GoogleIdentityAccesscontextmanagerV1IngressSource) MarshalJSON() ([]byte, error) { 1700 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressSource 1701 raw := NoMethod(*s) 1702 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1703} 1704 1705// GoogleIdentityAccesscontextmanagerV1IngressTo: Defines the conditions 1706// under which an IngressPolicy matches a request. Conditions are based 1707// on information about the ApiOperation intended to be performed on the 1708// target resource of the request. The request must satisfy what is 1709// defined in `operations` AND `resources` in order to match. 1710type GoogleIdentityAccesscontextmanagerV1IngressTo struct { 1711 // Operations: A list of ApiOperations allowed to be performed by the 1712 // sources specified in corresponding IngressFrom in this 1713 // ServicePerimeter. 1714 Operations []*GoogleIdentityAccesscontextmanagerV1ApiOperation `json:"operations,omitempty"` 1715 1716 // Resources: A list of resources, currently only projects in the form 1717 // `projects/`, protected by this ServicePerimeter that are allowed to 1718 // be accessed by sources defined in the corresponding IngressFrom. If a 1719 // single `*` is specified, then access to all resources inside the 1720 // perimeter are allowed. 1721 Resources []string `json:"resources,omitempty"` 1722 1723 // ForceSendFields is a list of field names (e.g. "Operations") to 1724 // unconditionally include in API requests. By default, fields with 1725 // empty or default values are omitted from API requests. However, any 1726 // non-pointer, non-interface field appearing in ForceSendFields will be 1727 // sent to the server regardless of whether the field is empty or not. 1728 // This may be used to include empty fields in Patch requests. 1729 ForceSendFields []string `json:"-"` 1730 1731 // NullFields is a list of field names (e.g. "Operations") to include in 1732 // API requests with the JSON null value. By default, fields with empty 1733 // values are omitted from API requests. However, any field with an 1734 // empty value appearing in NullFields will be sent to the server as 1735 // null. It is an error if a field in this list has a non-empty value. 1736 // This may be used to include null fields in Patch requests. 1737 NullFields []string `json:"-"` 1738} 1739 1740func (s *GoogleIdentityAccesscontextmanagerV1IngressTo) MarshalJSON() ([]byte, error) { 1741 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressTo 1742 raw := NoMethod(*s) 1743 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1744} 1745 1746// GoogleIdentityAccesscontextmanagerV1MethodSelector: An allowed method 1747// or permission of a service specified in ApiOperation. 1748type GoogleIdentityAccesscontextmanagerV1MethodSelector struct { 1749 // Method: Value for `method` should be a valid method name for the 1750 // corresponding `service_name` in ApiOperation. If `*` used as value 1751 // for `method`, then ALL methods and permissions are allowed. 1752 Method string `json:"method,omitempty"` 1753 1754 // Permission: Value for `permission` should be a valid Cloud IAM 1755 // permission for the corresponding `service_name` in ApiOperation. 1756 Permission string `json:"permission,omitempty"` 1757 1758 // ForceSendFields is a list of field names (e.g. "Method") to 1759 // unconditionally include in API requests. By default, fields with 1760 // empty or default values are omitted from API requests. However, any 1761 // non-pointer, non-interface field appearing in ForceSendFields will be 1762 // sent to the server regardless of whether the field is empty or not. 1763 // This may be used to include empty fields in Patch requests. 1764 ForceSendFields []string `json:"-"` 1765 1766 // NullFields is a list of field names (e.g. "Method") to include in API 1767 // requests with the JSON null value. By default, fields with empty 1768 // values are omitted from API requests. However, any field with an 1769 // empty value appearing in NullFields will be sent to the server as 1770 // null. It is an error if a field in this list has a non-empty value. 1771 // This may be used to include null fields in Patch requests. 1772 NullFields []string `json:"-"` 1773} 1774 1775func (s *GoogleIdentityAccesscontextmanagerV1MethodSelector) MarshalJSON() ([]byte, error) { 1776 type NoMethod GoogleIdentityAccesscontextmanagerV1MethodSelector 1777 raw := NoMethod(*s) 1778 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1779} 1780 1781// GoogleIdentityAccesscontextmanagerV1OsConstraint: A restriction on 1782// the OS type and version of devices making requests. 1783type GoogleIdentityAccesscontextmanagerV1OsConstraint struct { 1784 // MinimumVersion: The minimum allowed OS version. If not set, any 1785 // version of this OS satisfies the constraint. Format: 1786 // "major.minor.patch". Examples: "10.5.301", "9.2.1". 1787 MinimumVersion string `json:"minimumVersion,omitempty"` 1788 1789 // OsType: Required. The allowed OS type. 1790 // 1791 // Possible values: 1792 // "OS_UNSPECIFIED" - The operating system of the device is not 1793 // specified or not known. 1794 // "DESKTOP_MAC" - A desktop Mac operating system. 1795 // "DESKTOP_WINDOWS" - A desktop Windows operating system. 1796 // "DESKTOP_LINUX" - A desktop Linux operating system. 1797 // "DESKTOP_CHROME_OS" - A desktop ChromeOS operating system. 1798 // "ANDROID" - An Android operating system. 1799 // "IOS" - An iOS operating system. 1800 OsType string `json:"osType,omitempty"` 1801 1802 // RequireVerifiedChromeOs: Only allows requests from devices with a 1803 // verified Chrome OS. Verifications includes requirements that the 1804 // device is enterprise-managed, conformant to domain policies, and the 1805 // caller has permission to call the API targeted by the request. 1806 RequireVerifiedChromeOs bool `json:"requireVerifiedChromeOs,omitempty"` 1807 1808 // ForceSendFields is a list of field names (e.g. "MinimumVersion") to 1809 // unconditionally include in API requests. By default, fields with 1810 // empty or default values are omitted from API requests. However, any 1811 // non-pointer, non-interface field appearing in ForceSendFields will be 1812 // sent to the server regardless of whether the field is empty or not. 1813 // This may be used to include empty fields in Patch requests. 1814 ForceSendFields []string `json:"-"` 1815 1816 // NullFields is a list of field names (e.g. "MinimumVersion") to 1817 // include in API requests with the JSON null value. By default, fields 1818 // with empty values are omitted from API requests. However, any field 1819 // with an empty value appearing in NullFields will be sent to the 1820 // server as null. It is an error if a field in this list has a 1821 // non-empty value. This may be used to include null fields in Patch 1822 // requests. 1823 NullFields []string `json:"-"` 1824} 1825 1826func (s *GoogleIdentityAccesscontextmanagerV1OsConstraint) MarshalJSON() ([]byte, error) { 1827 type NoMethod GoogleIdentityAccesscontextmanagerV1OsConstraint 1828 raw := NoMethod(*s) 1829 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1830} 1831 1832// GoogleIdentityAccesscontextmanagerV1ServicePerimeter: 1833// `ServicePerimeter` describes a set of Google Cloud resources which 1834// can freely import and export data amongst themselves, but not export 1835// outside of the `ServicePerimeter`. If a request with a source within 1836// this `ServicePerimeter` has a target outside of the 1837// `ServicePerimeter`, the request will be blocked. Otherwise the 1838// request is allowed. There are two types of Service Perimeter - 1839// Regular and Bridge. Regular Service Perimeters cannot overlap, a 1840// single Google Cloud project can only belong to a single regular 1841// Service Perimeter. Service Perimeter Bridges can contain only Google 1842// Cloud projects as members, a single Google Cloud project may belong 1843// to multiple Service Perimeter Bridges. 1844type GoogleIdentityAccesscontextmanagerV1ServicePerimeter struct { 1845 // Description: Description of the `ServicePerimeter` and its use. Does 1846 // not affect behavior. 1847 Description string `json:"description,omitempty"` 1848 1849 // Name: Required. Resource name for the ServicePerimeter. The 1850 // `short_name` component must begin with a letter and only include 1851 // alphanumeric and '_'. Format: 1852 // `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}` 1853 Name string `json:"name,omitempty"` 1854 1855 // PerimeterType: Perimeter type indicator. A single project is allowed 1856 // to be a member of single regular perimeter, but multiple service 1857 // perimeter bridges. A project cannot be a included in a perimeter 1858 // bridge without being included in regular perimeter. For perimeter 1859 // bridges, the restricted service list as well as access level lists 1860 // must be empty. 1861 // 1862 // Possible values: 1863 // "PERIMETER_TYPE_REGULAR" - Regular Perimeter. 1864 // "PERIMETER_TYPE_BRIDGE" - Perimeter Bridge. 1865 PerimeterType string `json:"perimeterType,omitempty"` 1866 1867 // Spec: Proposed (or dry run) ServicePerimeter configuration. This 1868 // configuration allows to specify and test ServicePerimeter 1869 // configuration without enforcing actual access restrictions. Only 1870 // allowed to be set when the "use_explicit_dry_run_spec" flag is set. 1871 Spec *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig `json:"spec,omitempty"` 1872 1873 // Status: Current ServicePerimeter configuration. Specifies sets of 1874 // resources, restricted services and access levels that determine 1875 // perimeter content and boundaries. 1876 Status *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig `json:"status,omitempty"` 1877 1878 // Title: Human readable title. Must be unique within the Policy. 1879 Title string `json:"title,omitempty"` 1880 1881 // UseExplicitDryRunSpec: Use explicit dry run spec flag. Ordinarily, a 1882 // dry-run spec implicitly exists for all Service Perimeters, and that 1883 // spec is identical to the status for those Service Perimeters. When 1884 // this flag is set, it inhibits the generation of the implicit spec, 1885 // thereby allowing the user to explicitly provide a configuration 1886 // ("spec") to use in a dry-run version of the Service Perimeter. This 1887 // allows the user to test changes to the enforced config ("status") 1888 // without actually enforcing them. This testing is done through 1889 // analyzing the differences between currently enforced and suggested 1890 // restrictions. use_explicit_dry_run_spec must bet set to True if any 1891 // of the fields in the spec are set to non-default values. 1892 UseExplicitDryRunSpec bool `json:"useExplicitDryRunSpec,omitempty"` 1893 1894 // ForceSendFields is a list of field names (e.g. "Description") to 1895 // unconditionally include in API requests. By default, fields with 1896 // empty or default values are omitted from API requests. However, any 1897 // non-pointer, non-interface field appearing in ForceSendFields will be 1898 // sent to the server regardless of whether the field is empty or not. 1899 // This may be used to include empty fields in Patch requests. 1900 ForceSendFields []string `json:"-"` 1901 1902 // NullFields is a list of field names (e.g. "Description") to include 1903 // in API requests with the JSON null value. By default, fields with 1904 // empty values are omitted from API requests. However, any field with 1905 // an empty value appearing in NullFields will be sent to the server as 1906 // null. It is an error if a field in this list has a non-empty value. 1907 // This may be used to include null fields in Patch requests. 1908 NullFields []string `json:"-"` 1909} 1910 1911func (s *GoogleIdentityAccesscontextmanagerV1ServicePerimeter) MarshalJSON() ([]byte, error) { 1912 type NoMethod GoogleIdentityAccesscontextmanagerV1ServicePerimeter 1913 raw := NoMethod(*s) 1914 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1915} 1916 1917// GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig: 1918// `ServicePerimeterConfig` specifies a set of Google Cloud resources 1919// that describe specific Service Perimeter configuration. 1920type GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig struct { 1921 // AccessLevels: A list of `AccessLevel` resource names that allow 1922 // resources within the `ServicePerimeter` to be accessed from the 1923 // internet. `AccessLevels` listed must be in the same policy as this 1924 // `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a 1925 // syntax error. If no `AccessLevel` names are listed, resources within 1926 // the perimeter can only be accessed via Google Cloud calls with 1927 // request origins within the perimeter. Example: 1928 // "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL". For Service 1929 // Perimeter Bridge, must be empty. 1930 AccessLevels []string `json:"accessLevels,omitempty"` 1931 1932 // EgressPolicies: List of EgressPolicies to apply to the perimeter. A 1933 // perimeter may have multiple EgressPolicies, each of which is 1934 // evaluated separately. Access is granted if any EgressPolicy grants 1935 // it. Must be empty for a perimeter bridge. 1936 EgressPolicies []*GoogleIdentityAccesscontextmanagerV1EgressPolicy `json:"egressPolicies,omitempty"` 1937 1938 // IngressPolicies: List of IngressPolicies to apply to the perimeter. A 1939 // perimeter may have multiple IngressPolicies, each of which is 1940 // evaluated separately. Access is granted if any Ingress Policy grants 1941 // it. Must be empty for a perimeter bridge. 1942 IngressPolicies []*GoogleIdentityAccesscontextmanagerV1IngressPolicy `json:"ingressPolicies,omitempty"` 1943 1944 // Resources: A list of Google Cloud resources that are inside of the 1945 // service perimeter. Currently only projects are allowed. Format: 1946 // `projects/{project_number}` 1947 Resources []string `json:"resources,omitempty"` 1948 1949 // RestrictedServices: Google Cloud services that are subject to the 1950 // Service Perimeter restrictions. For example, if 1951 // `storage.googleapis.com` is specified, access to the storage buckets 1952 // inside the perimeter must meet the perimeter's access restrictions. 1953 RestrictedServices []string `json:"restrictedServices,omitempty"` 1954 1955 // VpcAccessibleServices: Configuration for APIs allowed within 1956 // Perimeter. 1957 VpcAccessibleServices *GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices `json:"vpcAccessibleServices,omitempty"` 1958 1959 // ForceSendFields is a list of field names (e.g. "AccessLevels") to 1960 // unconditionally include in API requests. By default, fields with 1961 // empty or default values are omitted from API requests. However, any 1962 // non-pointer, non-interface field appearing in ForceSendFields will be 1963 // sent to the server regardless of whether the field is empty or not. 1964 // This may be used to include empty fields in Patch requests. 1965 ForceSendFields []string `json:"-"` 1966 1967 // NullFields is a list of field names (e.g. "AccessLevels") to include 1968 // in API requests with the JSON null value. By default, fields with 1969 // empty values are omitted from API requests. However, any field with 1970 // an empty value appearing in NullFields will be sent to the server as 1971 // null. It is an error if a field in this list has a non-empty value. 1972 // This may be used to include null fields in Patch requests. 1973 NullFields []string `json:"-"` 1974} 1975 1976func (s *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig) MarshalJSON() ([]byte, error) { 1977 type NoMethod GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig 1978 raw := NoMethod(*s) 1979 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1980} 1981 1982// GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices: Specifies 1983// how APIs are allowed to communicate within the Service Perimeter. 1984type GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices struct { 1985 // AllowedServices: The list of APIs usable within the Service 1986 // Perimeter. Must be empty unless 'enable_restriction' is True. You can 1987 // specify a list of individual services, as well as include the 1988 // 'RESTRICTED-SERVICES' value, which automatically includes all of the 1989 // services protected by the perimeter. 1990 AllowedServices []string `json:"allowedServices,omitempty"` 1991 1992 // EnableRestriction: Whether to restrict API calls within the Service 1993 // Perimeter to the list of APIs specified in 'allowed_services'. 1994 EnableRestriction bool `json:"enableRestriction,omitempty"` 1995 1996 // ForceSendFields is a list of field names (e.g. "AllowedServices") to 1997 // unconditionally include in API requests. By default, fields with 1998 // empty or default values are omitted from API requests. However, any 1999 // non-pointer, non-interface field appearing in ForceSendFields will be 2000 // sent to the server regardless of whether the field is empty or not. 2001 // This may be used to include empty fields in Patch requests. 2002 ForceSendFields []string `json:"-"` 2003 2004 // NullFields is a list of field names (e.g. "AllowedServices") to 2005 // include in API requests with the JSON null value. By default, fields 2006 // with empty values are omitted from API requests. However, any field 2007 // with an empty value appearing in NullFields will be sent to the 2008 // server as null. It is an error if a field in this list has a 2009 // non-empty value. This may be used to include null fields in Patch 2010 // requests. 2011 NullFields []string `json:"-"` 2012} 2013 2014func (s *GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices) MarshalJSON() ([]byte, error) { 2015 type NoMethod GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices 2016 raw := NoMethod(*s) 2017 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2018} 2019 2020// ListAssetsResponse: ListAssets response. 2021type ListAssetsResponse struct { 2022 // Assets: Assets. 2023 Assets []*Asset `json:"assets,omitempty"` 2024 2025 // NextPageToken: Token to retrieve the next page of results. It expires 2026 // 72 hours after the page token for the first page is generated. Set to 2027 // empty if there are no remaining results. 2028 NextPageToken string `json:"nextPageToken,omitempty"` 2029 2030 // ReadTime: Time the snapshot was taken. 2031 ReadTime string `json:"readTime,omitempty"` 2032 2033 // ServerResponse contains the HTTP response code and headers from the 2034 // server. 2035 googleapi.ServerResponse `json:"-"` 2036 2037 // ForceSendFields is a list of field names (e.g. "Assets") to 2038 // unconditionally include in API requests. By default, fields with 2039 // empty or default values are omitted from API requests. However, any 2040 // non-pointer, non-interface field appearing in ForceSendFields will be 2041 // sent to the server regardless of whether the field is empty or not. 2042 // This may be used to include empty fields in Patch requests. 2043 ForceSendFields []string `json:"-"` 2044 2045 // NullFields is a list of field names (e.g. "Assets") to include in API 2046 // requests with the JSON null value. By default, fields with empty 2047 // values are omitted from API requests. However, any field with an 2048 // empty value appearing in NullFields will be sent to the server as 2049 // null. It is an error if a field in this list has a non-empty value. 2050 // This may be used to include null fields in Patch requests. 2051 NullFields []string `json:"-"` 2052} 2053 2054func (s *ListAssetsResponse) MarshalJSON() ([]byte, error) { 2055 type NoMethod ListAssetsResponse 2056 raw := NoMethod(*s) 2057 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2058} 2059 2060// Policy: An Identity and Access Management (IAM) policy, which 2061// specifies access controls for Google Cloud resources. A `Policy` is a 2062// collection of `bindings`. A `binding` binds one or more `members` to 2063// a single `role`. Members can be user accounts, service accounts, 2064// Google groups, and domains (such as G Suite). A `role` is a named 2065// list of permissions; each `role` can be an IAM predefined role or a 2066// user-created custom role. For some types of Google Cloud resources, a 2067// `binding` can also specify a `condition`, which is a logical 2068// expression that allows access to a resource only if the expression 2069// evaluates to `true`. A condition can add constraints based on 2070// attributes of the request, the resource, or both. To learn which 2071// resources support conditions in their IAM policies, see the IAM 2072// documentation 2073// (https://cloud.google.com/iam/help/conditions/resource-policies). 2074// **JSON example:** { "bindings": [ { "role": 2075// "roles/resourcemanager.organizationAdmin", "members": [ 2076// "user:mike@example.com", "group:admins@example.com", 2077// "domain:google.com", 2078// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { 2079// "role": "roles/resourcemanager.organizationViewer", "members": [ 2080// "user:eve@example.com" ], "condition": { "title": "expirable access", 2081// "description": "Does not grant access after Sep 2020", "expression": 2082// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], 2083// "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - 2084// members: - user:mike@example.com - group:admins@example.com - 2085// domain:google.com - 2086// serviceAccount:my-project-id@appspot.gserviceaccount.com role: 2087// roles/resourcemanager.organizationAdmin - members: - 2088// user:eve@example.com role: roles/resourcemanager.organizationViewer 2089// condition: title: expirable access description: Does not grant access 2090// after Sep 2020 expression: request.time < 2091// timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 2092// For a description of IAM and its features, see the IAM documentation 2093// (https://cloud.google.com/iam/docs/). 2094type Policy struct { 2095 // AuditConfigs: Specifies cloud audit logging configuration for this 2096 // policy. 2097 AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"` 2098 2099 // Bindings: Associates a list of `members` to a `role`. Optionally, may 2100 // specify a `condition` that determines how and when the `bindings` are 2101 // applied. Each of the `bindings` must contain at least one member. 2102 Bindings []*Binding `json:"bindings,omitempty"` 2103 2104 // Etag: `etag` is used for optimistic concurrency control as a way to 2105 // help prevent simultaneous updates of a policy from overwriting each 2106 // other. It is strongly suggested that systems make use of the `etag` 2107 // in the read-modify-write cycle to perform policy updates in order to 2108 // avoid race conditions: An `etag` is returned in the response to 2109 // `getIamPolicy`, and systems are expected to put that etag in the 2110 // request to `setIamPolicy` to ensure that their change will be applied 2111 // to the same version of the policy. **Important:** If you use IAM 2112 // Conditions, you must include the `etag` field whenever you call 2113 // `setIamPolicy`. If you omit this field, then IAM allows you to 2114 // overwrite a version `3` policy with a version `1` policy, and all of 2115 // the conditions in the version `3` policy are lost. 2116 Etag string `json:"etag,omitempty"` 2117 2118 // Version: Specifies the format of the policy. Valid values are `0`, 2119 // `1`, and `3`. Requests that specify an invalid value are rejected. 2120 // Any operation that affects conditional role bindings must specify 2121 // version `3`. This requirement applies to the following operations: * 2122 // Getting a policy that includes a conditional role binding * Adding a 2123 // conditional role binding to a policy * Changing a conditional role 2124 // binding in a policy * Removing any role binding, with or without a 2125 // condition, from a policy that includes conditions **Important:** If 2126 // you use IAM Conditions, you must include the `etag` field whenever 2127 // you call `setIamPolicy`. If you omit this field, then IAM allows you 2128 // to overwrite a version `3` policy with a version `1` policy, and all 2129 // of the conditions in the version `3` policy are lost. If a policy 2130 // does not include any conditions, operations on that policy may 2131 // specify any valid version or leave the field unset. To learn which 2132 // resources support conditions in their IAM policies, see the IAM 2133 // documentation 2134 // (https://cloud.google.com/iam/help/conditions/resource-policies). 2135 Version int64 `json:"version,omitempty"` 2136 2137 // ForceSendFields is a list of field names (e.g. "AuditConfigs") to 2138 // unconditionally include in API requests. By default, fields with 2139 // empty or default values are omitted from API requests. However, any 2140 // non-pointer, non-interface field appearing in ForceSendFields will be 2141 // sent to the server regardless of whether the field is empty or not. 2142 // This may be used to include empty fields in Patch requests. 2143 ForceSendFields []string `json:"-"` 2144 2145 // NullFields is a list of field names (e.g. "AuditConfigs") to include 2146 // in API requests with the JSON null value. By default, fields with 2147 // empty values are omitted from API requests. However, any field with 2148 // an empty value appearing in NullFields will be sent to the server as 2149 // null. It is an error if a field in this list has a non-empty value. 2150 // This may be used to include null fields in Patch requests. 2151 NullFields []string `json:"-"` 2152} 2153 2154func (s *Policy) MarshalJSON() ([]byte, error) { 2155 type NoMethod Policy 2156 raw := NoMethod(*s) 2157 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2158} 2159 2160// Resource: A representation of a Google Cloud resource. 2161type Resource struct { 2162 // Data: The content of the resource, in which some sensitive fields are 2163 // removed and may not be present. 2164 Data googleapi.RawMessage `json:"data,omitempty"` 2165 2166 // DiscoveryDocumentUri: The URL of the discovery document containing 2167 // the resource's JSON schema. Example: 2168 // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This 2169 // value is unspecified for resources that do not have an API based on a 2170 // discovery document, such as Cloud Bigtable. 2171 DiscoveryDocumentUri string `json:"discoveryDocumentUri,omitempty"` 2172 2173 // DiscoveryName: The JSON schema name listed in the discovery document. 2174 // Example: `Project` This value is unspecified for resources that do 2175 // not have an API based on a discovery document, such as Cloud 2176 // Bigtable. 2177 DiscoveryName string `json:"discoveryName,omitempty"` 2178 2179 // Parent: The full name of the immediate parent of this resource. See 2180 // Resource Names 2181 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) 2182 // for more information. For Google Cloud assets, this value is the 2183 // parent resource defined in the Cloud IAM policy hierarchy 2184 // (https://cloud.google.com/iam/docs/overview#policy_hierarchy). 2185 // Example: 2186 // `//cloudresourcemanager.googleapis.com/projects/my_project_123` For 2187 // third-party assets, this field may be set differently. 2188 Parent string `json:"parent,omitempty"` 2189 2190 // ResourceUrl: The REST URL for accessing the resource. An HTTP `GET` 2191 // request using this URL returns the resource itself. Example: 2192 // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-12 2193 // 3` This value is unspecified for resources without a REST API. 2194 ResourceUrl string `json:"resourceUrl,omitempty"` 2195 2196 // Version: The API version. Example: "v1". 2197 Version string `json:"version,omitempty"` 2198 2199 // ForceSendFields is a list of field names (e.g. "Data") to 2200 // unconditionally include in API requests. By default, fields with 2201 // empty or default values are omitted from API requests. However, any 2202 // non-pointer, non-interface field appearing in ForceSendFields will be 2203 // sent to the server regardless of whether the field is empty or not. 2204 // This may be used to include empty fields in Patch requests. 2205 ForceSendFields []string `json:"-"` 2206 2207 // NullFields is a list of field names (e.g. "Data") to include in API 2208 // requests with the JSON null value. By default, fields with empty 2209 // values are omitted from API requests. However, any field with an 2210 // empty value appearing in NullFields will be sent to the server as 2211 // null. It is an error if a field in this list has a non-empty value. 2212 // This may be used to include null fields in Patch requests. 2213 NullFields []string `json:"-"` 2214} 2215 2216func (s *Resource) MarshalJSON() ([]byte, error) { 2217 type NoMethod Resource 2218 raw := NoMethod(*s) 2219 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2220} 2221 2222// method id "cloudasset.assets.list": 2223 2224type AssetsListCall struct { 2225 s *Service 2226 parent string 2227 urlParams_ gensupport.URLParams 2228 ifNoneMatch_ string 2229 ctx_ context.Context 2230 header_ http.Header 2231} 2232 2233// List: Lists assets with time and resource types and returns paged 2234// results in response. 2235// 2236// - parent: Name of the organization or project the assets belong to. 2237// Format: "organizations/[organization-number]" (such as 2238// "organizations/123"), "projects/[project-id]" (such as 2239// "projects/my-project-id"), or "projects/[project-number]" (such as 2240// "projects/12345"). 2241func (r *AssetsService) List(parent string) *AssetsListCall { 2242 c := &AssetsListCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2243 c.parent = parent 2244 return c 2245} 2246 2247// AssetTypes sets the optional parameter "assetTypes": A list of asset 2248// types to take a snapshot for. For example: 2249// "compute.googleapis.com/Disk". Regular expression is also supported. 2250// For example: * "compute.googleapis.com.*" snapshots resources whose 2251// asset type starts with "compute.googleapis.com". * ".*Instance" 2252// snapshots resources whose asset type ends with "Instance". * 2253// ".*Instance.*" snapshots resources whose asset type contains 2254// "Instance". See RE2 (https://github.com/google/re2/wiki/Syntax) for 2255// all supported regular expression syntax. If the regular expression 2256// does not match any supported asset type, an INVALID_ARGUMENT error 2257// will be returned. If specified, only matching assets will be 2258// returned, otherwise, it will snapshot all asset types. See 2259// Introduction to Cloud Asset Inventory 2260// (https://cloud.google.com/asset-inventory/docs/overview) for all 2261// supported asset types. 2262func (c *AssetsListCall) AssetTypes(assetTypes ...string) *AssetsListCall { 2263 c.urlParams_.SetMulti("assetTypes", append([]string{}, assetTypes...)) 2264 return c 2265} 2266 2267// ContentType sets the optional parameter "contentType": Asset content 2268// type. If not specified, no content but the asset name will be 2269// returned. 2270// 2271// Possible values: 2272// "CONTENT_TYPE_UNSPECIFIED" - Unspecified content type. 2273// "RESOURCE" - Resource metadata. 2274// "IAM_POLICY" - The actual IAM policy set on a resource. 2275// "ORG_POLICY" - The Cloud Organization Policy set on an asset. 2276// "ACCESS_POLICY" - The Cloud Access context mananger Policy set on 2277// an asset. 2278func (c *AssetsListCall) ContentType(contentType string) *AssetsListCall { 2279 c.urlParams_.Set("contentType", contentType) 2280 return c 2281} 2282 2283// PageSize sets the optional parameter "pageSize": The maximum number 2284// of assets to be returned in a single response. Default is 100, 2285// minimum is 1, and maximum is 1000. 2286func (c *AssetsListCall) PageSize(pageSize int64) *AssetsListCall { 2287 c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) 2288 return c 2289} 2290 2291// PageToken sets the optional parameter "pageToken": The 2292// `next_page_token` returned from the previous `ListAssetsResponse`, or 2293// unspecified for the first `ListAssetsRequest`. It is a continuation 2294// of a prior `ListAssets` call, and the API should return the next page 2295// of assets. 2296func (c *AssetsListCall) PageToken(pageToken string) *AssetsListCall { 2297 c.urlParams_.Set("pageToken", pageToken) 2298 return c 2299} 2300 2301// ReadTime sets the optional parameter "readTime": Timestamp to take an 2302// asset snapshot. This can only be set to a timestamp between the 2303// current time and the current time minus 35 days (inclusive). If not 2304// specified, the current time will be used. Due to delays in resource 2305// data collection and indexing, there is a volatile window during which 2306// running the same query may get different results. 2307func (c *AssetsListCall) ReadTime(readTime string) *AssetsListCall { 2308 c.urlParams_.Set("readTime", readTime) 2309 return c 2310} 2311 2312// Fields allows partial responses to be retrieved. See 2313// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2314// for more information. 2315func (c *AssetsListCall) Fields(s ...googleapi.Field) *AssetsListCall { 2316 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2317 return c 2318} 2319 2320// IfNoneMatch sets the optional parameter which makes the operation 2321// fail if the object's ETag matches the given value. This is useful for 2322// getting updates only after the object has changed since the last 2323// request. Use googleapi.IsNotModified to check whether the response 2324// error from Do is the result of In-None-Match. 2325func (c *AssetsListCall) IfNoneMatch(entityTag string) *AssetsListCall { 2326 c.ifNoneMatch_ = entityTag 2327 return c 2328} 2329 2330// Context sets the context to be used in this call's Do method. Any 2331// pending HTTP request will be aborted if the provided context is 2332// canceled. 2333func (c *AssetsListCall) Context(ctx context.Context) *AssetsListCall { 2334 c.ctx_ = ctx 2335 return c 2336} 2337 2338// Header returns an http.Header that can be modified by the caller to 2339// add HTTP headers to the request. 2340func (c *AssetsListCall) Header() http.Header { 2341 if c.header_ == nil { 2342 c.header_ = make(http.Header) 2343 } 2344 return c.header_ 2345} 2346 2347func (c *AssetsListCall) doRequest(alt string) (*http.Response, error) { 2348 reqHeaders := make(http.Header) 2349 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915") 2350 for k, v := range c.header_ { 2351 reqHeaders[k] = v 2352 } 2353 reqHeaders.Set("User-Agent", c.s.userAgent()) 2354 if c.ifNoneMatch_ != "" { 2355 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2356 } 2357 var body io.Reader = nil 2358 c.urlParams_.Set("alt", alt) 2359 c.urlParams_.Set("prettyPrint", "false") 2360 urls := googleapi.ResolveRelative(c.s.BasePath, "v1p5beta1/{+parent}/assets") 2361 urls += "?" + c.urlParams_.Encode() 2362 req, err := http.NewRequest("GET", urls, body) 2363 if err != nil { 2364 return nil, err 2365 } 2366 req.Header = reqHeaders 2367 googleapi.Expand(req.URL, map[string]string{ 2368 "parent": c.parent, 2369 }) 2370 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2371} 2372 2373// Do executes the "cloudasset.assets.list" call. 2374// Exactly one of *ListAssetsResponse or error will be non-nil. Any 2375// non-2xx status code is an error. Response headers are in either 2376// *ListAssetsResponse.ServerResponse.Header or (if a response was 2377// returned at all) in error.(*googleapi.Error).Header. Use 2378// googleapi.IsNotModified to check whether the returned error was 2379// because http.StatusNotModified was returned. 2380func (c *AssetsListCall) Do(opts ...googleapi.CallOption) (*ListAssetsResponse, error) { 2381 gensupport.SetOptions(c.urlParams_, opts...) 2382 res, err := c.doRequest("json") 2383 if res != nil && res.StatusCode == http.StatusNotModified { 2384 if res.Body != nil { 2385 res.Body.Close() 2386 } 2387 return nil, &googleapi.Error{ 2388 Code: res.StatusCode, 2389 Header: res.Header, 2390 } 2391 } 2392 if err != nil { 2393 return nil, err 2394 } 2395 defer googleapi.CloseBody(res) 2396 if err := googleapi.CheckResponse(res); err != nil { 2397 return nil, err 2398 } 2399 ret := &ListAssetsResponse{ 2400 ServerResponse: googleapi.ServerResponse{ 2401 Header: res.Header, 2402 HTTPStatusCode: res.StatusCode, 2403 }, 2404 } 2405 target := &ret 2406 if err := gensupport.DecodeResponse(target, res); err != nil { 2407 return nil, err 2408 } 2409 return ret, nil 2410 // { 2411 // "description": "Lists assets with time and resource types and returns paged results in response.", 2412 // "flatPath": "v1p5beta1/{v1p5beta1Id}/{v1p5beta1Id1}/assets", 2413 // "httpMethod": "GET", 2414 // "id": "cloudasset.assets.list", 2415 // "parameterOrder": [ 2416 // "parent" 2417 // ], 2418 // "parameters": { 2419 // "assetTypes": { 2420 // "description": "A list of asset types to take a snapshot for. For example: \"compute.googleapis.com/Disk\". Regular expression is also supported. For example: * \"compute.googleapis.com.*\" snapshots resources whose asset type starts with \"compute.googleapis.com\". * \".*Instance\" snapshots resources whose asset type ends with \"Instance\". * \".*Instance.*\" snapshots resources whose asset type contains \"Instance\". See [RE2](https://github.com/google/re2/wiki/Syntax) for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. If specified, only matching assets will be returned, otherwise, it will snapshot all asset types. See [Introduction to Cloud Asset Inventory](https://cloud.google.com/asset-inventory/docs/overview) for all supported asset types.", 2421 // "location": "query", 2422 // "repeated": true, 2423 // "type": "string" 2424 // }, 2425 // "contentType": { 2426 // "description": "Asset content type. If not specified, no content but the asset name will be returned.", 2427 // "enum": [ 2428 // "CONTENT_TYPE_UNSPECIFIED", 2429 // "RESOURCE", 2430 // "IAM_POLICY", 2431 // "ORG_POLICY", 2432 // "ACCESS_POLICY" 2433 // ], 2434 // "enumDescriptions": [ 2435 // "Unspecified content type.", 2436 // "Resource metadata.", 2437 // "The actual IAM policy set on a resource.", 2438 // "The Cloud Organization Policy set on an asset.", 2439 // "The Cloud Access context mananger Policy set on an asset." 2440 // ], 2441 // "location": "query", 2442 // "type": "string" 2443 // }, 2444 // "pageSize": { 2445 // "description": "The maximum number of assets to be returned in a single response. Default is 100, minimum is 1, and maximum is 1000.", 2446 // "format": "int32", 2447 // "location": "query", 2448 // "type": "integer" 2449 // }, 2450 // "pageToken": { 2451 // "description": "The `next_page_token` returned from the previous `ListAssetsResponse`, or unspecified for the first `ListAssetsRequest`. It is a continuation of a prior `ListAssets` call, and the API should return the next page of assets.", 2452 // "location": "query", 2453 // "type": "string" 2454 // }, 2455 // "parent": { 2456 // "description": "Required. Name of the organization or project the assets belong to. Format: \"organizations/[organization-number]\" (such as \"organizations/123\"), \"projects/[project-id]\" (such as \"projects/my-project-id\"), or \"projects/[project-number]\" (such as \"projects/12345\").", 2457 // "location": "path", 2458 // "pattern": "^[^/]+/[^/]+$", 2459 // "required": true, 2460 // "type": "string" 2461 // }, 2462 // "readTime": { 2463 // "description": "Timestamp to take an asset snapshot. This can only be set to a timestamp between the current time and the current time minus 35 days (inclusive). If not specified, the current time will be used. Due to delays in resource data collection and indexing, there is a volatile window during which running the same query may get different results.", 2464 // "format": "google-datetime", 2465 // "location": "query", 2466 // "type": "string" 2467 // } 2468 // }, 2469 // "path": "v1p5beta1/{+parent}/assets", 2470 // "response": { 2471 // "$ref": "ListAssetsResponse" 2472 // }, 2473 // "scopes": [ 2474 // "https://www.googleapis.com/auth/cloud-platform" 2475 // ] 2476 // } 2477 2478} 2479 2480// Pages invokes f for each page of results. 2481// A non-nil error returned from f will halt the iteration. 2482// The provided context supersedes any context provided to the Context method. 2483func (c *AssetsListCall) Pages(ctx context.Context, f func(*ListAssetsResponse) error) error { 2484 c.ctx_ = ctx 2485 defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point 2486 for { 2487 x, err := c.Do() 2488 if err != nil { 2489 return err 2490 } 2491 if err := f(x); err != nil { 2492 return err 2493 } 2494 if x.NextPageToken == "" { 2495 return nil 2496 } 2497 c.PageToken(x.NextPageToken) 2498 } 2499} 2500