1"""Generated message classes for iamassist version v1alpha2. 2 3""" 4# NOTE: This file is autogenerated and should not be edited by hand. 5 6from __future__ import absolute_import 7 8from apitools.base.protorpclite import messages as _messages 9from apitools.base.py import encoding 10from apitools.base.py import extra_types 11 12 13package = 'iamassist' 14 15 16class GoogleIamAssistV1alpha2AccessTuple(_messages.Message): 17 r"""AccessTuple defines information required for checking an access attempt. 18 In other words, this is the tuple given to `CheckAccess`. 19 20 Fields: 21 conditionContext: OPTIONAL: The Cloud IAM condition context under which 22 defines the kind of access being explained. ExplainAccess would explain 23 if and why the principal has the queried permission on the resource 24 specified in full_resource_name under this context 25 fullResourceName: REQUIRED: A full resource name according to go/resource- 26 names. This is the full resource name of the resource that access is 27 checked against. 28 permission: REQUIRED: The Cloud IAM permission under which defines the 29 kind of access being explained. Example: "resourcemanager.projects.get" 30 would explain if and why the principal has the 31 resourcemanager.projects.get permission on the resource specified in 32 full_resource_name declared in this structure. See 33 https://cloud.google.com/iam/docs/testing-permissions 34 principal: REQUIRED: The principal on behalf of who the access is 35 explained for. The format is the one of the principal's email addresses 36 associated with its gaia account. It must be an account that can appear 37 as an actor. For example groups are not supported. Currently, service 38 accounts are partially supported. 39 """ 40 41 conditionContext = _messages.MessageField('GoogleRpcContextAttributeContext', 1) 42 fullResourceName = _messages.StringField(2) 43 permission = _messages.StringField(3) 44 principal = _messages.StringField(4) 45 46 47class GoogleIamAssistV1alpha2CheckAccessRequest(_messages.Message): 48 r"""CheckAccessRequest is the request for CheckAccess 49 50 Messages: 51 PolicyOverlayValue: Mapping from full resource names to simulated 52 policies. 53 54 Fields: 55 accessTuple: Required. The tuple to check access for. 56 policyOverlay: Mapping from full resource names to simulated policies. 57 """ 58 59 @encoding.MapUnrecognizedFields('additionalProperties') 60 class PolicyOverlayValue(_messages.Message): 61 r"""Mapping from full resource names to simulated policies. 62 63 Messages: 64 AdditionalProperty: An additional property for a PolicyOverlayValue 65 object. 66 67 Fields: 68 additionalProperties: Additional properties of type PolicyOverlayValue 69 """ 70 71 class AdditionalProperty(_messages.Message): 72 r"""An additional property for a PolicyOverlayValue object. 73 74 Fields: 75 key: Name of the additional property. 76 value: A GoogleIamV1Policy attribute. 77 """ 78 79 key = _messages.StringField(1) 80 value = _messages.MessageField('GoogleIamV1Policy', 2) 81 82 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 83 84 accessTuple = _messages.MessageField('GoogleIamAssistV1alpha2AccessTuple', 1) 85 policyOverlay = _messages.MessageField('PolicyOverlayValue', 2) 86 87 88class GoogleIamAssistV1alpha2CheckAccessResponse(_messages.Message): 89 r"""CheckAccessResponse is the response from CheckAccess. 90 91 Enums: 92 AccessValueValuesEnum: Reflects whether the probed access was granted, 93 denied or ultimately could not be decided from the caller's point of 94 view. 95 96 Fields: 97 access: Reflects whether the probed access was granted, denied or 98 ultimately could not be decided from the caller's point of view. 99 """ 100 101 class AccessValueValuesEnum(_messages.Enum): 102 r"""Reflects whether the probed access was granted, denied or ultimately 103 could not be decided from the caller's point of view. 104 105 Values: 106 ACCESS_STATE_UNSPECIFIED: Reserved 107 GRANTED: The access is granted due to one or multiple bindings found. 108 NOT_GRANTED: The access is not granted by the policy. 109 UNKNOWN_CONDITIONAL: At least one binding was found but it is 110 conditional. undecided, undetermined ,uncertain, open, tentative, 111 contingent 112 UNKNOWN_INFO_DENIED: Indicating that lack of access to the underlying 113 information causes the result to be undetermined. This can be due to 114 1) The caller has no access to the policy. In this case 115 ExplainedPolicy will have not policy set. 2) The caller has no 116 access to some of the items referenced in the policy. In this case 117 the policy in ExplainedPolicy will be set but the explanations 118 field will contain at least one inconclusive element. 119 """ 120 ACCESS_STATE_UNSPECIFIED = 0 121 GRANTED = 1 122 NOT_GRANTED = 2 123 UNKNOWN_CONDITIONAL = 3 124 UNKNOWN_INFO_DENIED = 4 125 126 access = _messages.EnumField('AccessValueValuesEnum', 1) 127 128 129class GoogleIamAssistV1alpha2LogsMetadata(_messages.Message): 130 r"""Metatdata about the logs used for replay. 131 132 Fields: 133 differenceCount: Number of analyzed log entries with a difference between 134 baseline and simulated policies. 135 newestTime: Timestamp of newest log entry queried. 136 oldestTime: Timestamp of oldest log entry queried. 137 replayErrorCount: Number of logs with error during replay. 138 uniqueLogCount: Number of unique log entries analyzed. 139 """ 140 141 differenceCount = _messages.IntegerField(1, variant=_messages.Variant.INT32) 142 newestTime = _messages.StringField(2) 143 oldestTime = _messages.StringField(3) 144 replayErrorCount = _messages.IntegerField(4, variant=_messages.Variant.INT32) 145 uniqueLogCount = _messages.IntegerField(5, variant=_messages.Variant.INT32) 146 147 148class GoogleIamAssistV1alpha2ReplayDiff(_messages.Message): 149 r"""The differences found between baseline and simulated policies for a 150 single access tuple. 151 152 Fields: 153 accessDiff: The difference in AccessState between replays. 154 accessTuple: The access tuple with a difference between replays. 155 lastAccessTime: Newest Timestamp at which access_tuple was seen. 156 """ 157 158 accessDiff = _messages.MessageField('GoogleIamAssistV1alpha2ReplayDiffAccessStateDiff', 1) 159 accessTuple = _messages.MessageField('GoogleIamAssistV1alpha2AccessTuple', 2) 160 lastAccessTime = _messages.StringField(3) 161 162 163class GoogleIamAssistV1alpha2ReplayDiffAccessStateDiff(_messages.Message): 164 r"""Container for AccessState of baseline and simulated policies. 165 166 Enums: 167 BaselineValueValuesEnum: The access state when replayed against the 168 baseline policies. 169 SimulatedValueValuesEnum: The access state when replayed against the 170 simulated policies. 171 172 Fields: 173 baseline: The access state when replayed against the baseline policies. 174 simulated: The access state when replayed against the simulated policies. 175 """ 176 177 class BaselineValueValuesEnum(_messages.Enum): 178 r"""The access state when replayed against the baseline policies. 179 180 Values: 181 ACCESS_STATE_UNSPECIFIED: Reserved 182 GRANTED: The access is granted due to one or multiple bindings found. 183 NOT_GRANTED: The access is not granted by the policy. 184 UNKNOWN_CONDITIONAL: At least one binding was found but it is 185 conditional. undecided, undetermined ,uncertain, open, tentative, 186 contingent 187 UNKNOWN_INFO_DENIED: Indicating that lack of access to the underlying 188 information causes the result to be undetermined. This can be due to 189 1) The caller has no access to the policy. In this case 190 ExplainedPolicy will have not policy set. 2) The caller has no 191 access to some of the items referenced in the policy. In this case 192 the policy in ExplainedPolicy will be set but the explanations 193 field will contain at least one inconclusive element. 194 """ 195 ACCESS_STATE_UNSPECIFIED = 0 196 GRANTED = 1 197 NOT_GRANTED = 2 198 UNKNOWN_CONDITIONAL = 3 199 UNKNOWN_INFO_DENIED = 4 200 201 class SimulatedValueValuesEnum(_messages.Enum): 202 r"""The access state when replayed against the simulated policies. 203 204 Values: 205 ACCESS_STATE_UNSPECIFIED: Reserved 206 GRANTED: The access is granted due to one or multiple bindings found. 207 NOT_GRANTED: The access is not granted by the policy. 208 UNKNOWN_CONDITIONAL: At least one binding was found but it is 209 conditional. undecided, undetermined ,uncertain, open, tentative, 210 contingent 211 UNKNOWN_INFO_DENIED: Indicating that lack of access to the underlying 212 information causes the result to be undetermined. This can be due to 213 1) The caller has no access to the policy. In this case 214 ExplainedPolicy will have not policy set. 2) The caller has no 215 access to some of the items referenced in the policy. In this case 216 the policy in ExplainedPolicy will be set but the explanations 217 field will contain at least one inconclusive element. 218 """ 219 ACCESS_STATE_UNSPECIFIED = 0 220 GRANTED = 1 221 NOT_GRANTED = 2 222 UNKNOWN_CONDITIONAL = 3 223 UNKNOWN_INFO_DENIED = 4 224 225 baseline = _messages.EnumField('BaselineValueValuesEnum', 1) 226 simulated = _messages.EnumField('SimulatedValueValuesEnum', 2) 227 228 229class GoogleIamAssistV1alpha2ReplayError(_messages.Message): 230 r"""A GoogleIamAssistV1alpha2ReplayError object. 231 232 Enums: 233 CodeValueValuesEnum: Specific error code indicating what went wrong. 234 235 Fields: 236 accessTuple: The access tuple with a error during replay. 237 code: Specific error code indicating what went wrong. 238 lastAccessTime: Newest Timestamp at which access_tuple was seen. 239 """ 240 241 class CodeValueValuesEnum(_messages.Enum): 242 r"""Specific error code indicating what went wrong. 243 244 Values: 245 ERROR_CODE_UNSPECIFIED: Reserved 246 INVALID_ACCESS_TUPLE: An invalid AccessTuple was provided. This can be 247 caused by 1) An invalidly formatted principal, resource, or 248 permission. 2) Providing a permission that is not relevant to the 249 provided resource type, e.g. permission buckets.list on a VM instance. 250 PERMISSION_DENIED: Caller does not have permission to retrieve this 251 resource's IAM policy. 252 UNKNOWN_CONDITIONAL: Both the baseline and the simulated Access State 253 were UNKNOWN_CONDITIONAL. 254 UNKNOWN_INFO_DENIED: Both the baseline and the simulated Access State 255 were UNKNOWN_INFO_DENIED. 256 """ 257 ERROR_CODE_UNSPECIFIED = 0 258 INVALID_ACCESS_TUPLE = 1 259 PERMISSION_DENIED = 2 260 UNKNOWN_CONDITIONAL = 3 261 UNKNOWN_INFO_DENIED = 4 262 263 accessTuple = _messages.MessageField('GoogleIamAssistV1alpha2AccessTuple', 1) 264 code = _messages.EnumField('CodeValueValuesEnum', 2) 265 lastAccessTime = _messages.StringField(3) 266 267 268class GoogleIamAssistV1alpha2ReplayOperationMetadata(_messages.Message): 269 r"""Metadata about a ReplayAccessLogs operation. 270 271 Fields: 272 startTime: Time when the request was received. 273 """ 274 275 startTime = _messages.StringField(1) 276 277 278class GoogleIamAssistV1alpha2ReplayRecentAccessesRequest(_messages.Message): 279 r"""Request for recent accesses replay. 280 281 Messages: 282 PolicyOverlayValue: Required. Mapping from full resource names to 283 simulated policies. 284 285 Fields: 286 policyOverlay: Required. Mapping from full resource names to simulated 287 policies. 288 """ 289 290 @encoding.MapUnrecognizedFields('additionalProperties') 291 class PolicyOverlayValue(_messages.Message): 292 r"""Required. Mapping from full resource names to simulated policies. 293 294 Messages: 295 AdditionalProperty: An additional property for a PolicyOverlayValue 296 object. 297 298 Fields: 299 additionalProperties: Additional properties of type PolicyOverlayValue 300 """ 301 302 class AdditionalProperty(_messages.Message): 303 r"""An additional property for a PolicyOverlayValue object. 304 305 Fields: 306 key: Name of the additional property. 307 value: A GoogleIamV1Policy attribute. 308 """ 309 310 key = _messages.StringField(1) 311 value = _messages.MessageField('GoogleIamV1Policy', 2) 312 313 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 314 315 policyOverlay = _messages.MessageField('PolicyOverlayValue', 1) 316 317 318class GoogleIamAssistV1alpha2ReplayRecentAccessesResponse(_messages.Message): 319 r"""Result of a ReplayRecentAccesses. 320 321 Fields: 322 diffs: List of differences found during replay. 323 errors: List of errors encountered during replay. 324 logsMetadata: Metadata about the replayed logs. 325 """ 326 327 diffs = _messages.MessageField('GoogleIamAssistV1alpha2ReplayDiff', 1, repeated=True) 328 errors = _messages.MessageField('GoogleIamAssistV1alpha2ReplayError', 2, repeated=True) 329 logsMetadata = _messages.MessageField('GoogleIamAssistV1alpha2LogsMetadata', 3) 330 331 332class GoogleIamAssistV1alpha3AccessStateDiff(_messages.Message): 333 r"""Container for ExplainedAccess of baseline and simulated policies. For 334 both baseline and simulated, the ExplainedAccess.policies are filtered to 335 only include the UNKNOWN infromation. If the AccessState is known, e.g. 336 GRANTED or NOT_GRANTED, the policy list will be empty. Only policies with an 337 AccessState of UNKNOWN are included. 338 339 Enums: 340 AccessChangeValueValuesEnum: A single value interpretation of the 341 difference between baseline and simulated. 342 343 Fields: 344 accessChange: A single value interpretation of the difference between 345 baseline and simulated. 346 baseline: The explained access when replayed against the baseline 347 policies. 348 simulated: The explained access when replayed against the simulated 349 policies. 350 """ 351 352 class AccessChangeValueValuesEnum(_messages.Enum): 353 r"""A single value interpretation of the difference between baseline and 354 simulated. 355 356 Values: 357 ACCESS_CHANGE_TYPE_UNSPECIFIED: Reserved 358 NO_CHANGE: The two ExplainedAccesses are equal. This includes the case 359 where both baseline and simulated are UNKNOWN, but the unknown 360 information is equivalent. 361 UNKNOWN_CHANGE: The baseline and simulated accesses are both UNKNOWN, 362 but the unknown information differs between them. 363 ACCESS_REVOKED: The baseline access state is GRANTED and the simulated 364 access state is NOT_GRANTED 365 ACCESS_GAINED: The baseline access state is NOT_GRANTED and the 366 simulated access state is GRANTED. 367 ACCESS_MAYBE_REVOKED: The baseline access state is GRANTED and the 368 simulated access state is UNKNOWN. 369 ACCESS_MAYBE_GRANTED: The baseline state is NOT_GRANTED and the 370 simulated state is UNKNOWN. 371 """ 372 ACCESS_CHANGE_TYPE_UNSPECIFIED = 0 373 NO_CHANGE = 1 374 UNKNOWN_CHANGE = 2 375 ACCESS_REVOKED = 3 376 ACCESS_GAINED = 4 377 ACCESS_MAYBE_REVOKED = 5 378 ACCESS_MAYBE_GRANTED = 6 379 380 accessChange = _messages.EnumField('AccessChangeValueValuesEnum', 1) 381 baseline = _messages.MessageField('GoogleIamAssistV1alpha3ExplainedAccess', 2) 382 simulated = _messages.MessageField('GoogleIamAssistV1alpha3ExplainedAccess', 3) 383 384 385class GoogleIamAssistV1alpha3AccessTuple(_messages.Message): 386 r"""Information about the member, resource, and permission to check. 387 388 Fields: 389 fullResourceName: Required. The full resource name that identifies the 390 resource. For example, `//compute.googleapis.com/projects/my- 391 project/zones/us-central1-a/instances/my-instance`. For examples of 392 full resource names for Google Cloud services, see 393 https://cloud.google.com/iam/help/troubleshooter/full-resource-names. 394 permission: Required. The IAM permission to check for the specified member 395 and resource. For a complete list of IAM permissions, see 396 https://cloud.google.com/iam/help/permissions/reference. For a complete 397 list of predefined IAM roles and the permissions in each role, see 398 https://cloud.google.com/iam/help/roles/reference. 399 principal: Required. The member, or principal, whose access you want to 400 check, in the form of the email address that represents that member. For 401 example, `alice@example.com` or `my-service-account@my- 402 project.iam.gserviceaccount.com`. The member must be a Google Account 403 or a service account. Other types of members are not supported. 404 """ 405 406 fullResourceName = _messages.StringField(1) 407 permission = _messages.StringField(2) 408 principal = _messages.StringField(3) 409 410 411class GoogleIamAssistV1alpha3BindingExplanation(_messages.Message): 412 r"""Details about how a binding in a policy affects a member's ability to 413 use a permission. 414 415 Enums: 416 AccessValueValuesEnum: Required. Indicates whether _this binding_ provides 417 the specified permission to the specified member for the specified 418 resource. This field does _not_ indicate whether the member actually 419 has the permission for the resource. There might be another binding that 420 overrides this binding. To determine whether the member actually has the 421 permission, use the `access` field in the TroubleshootIamPolicyResponse. 422 RelevanceValueValuesEnum: The relevance of this binding to the overall 423 determination for the entire policy. 424 RolePermissionValueValuesEnum: Indicates whether the role granted by this 425 binding contains the specified permission. 426 RolePermissionRelevanceValueValuesEnum: The relevance of the permission's 427 existence, or nonexistence, in the role to the overall determination for 428 the entire policy. 429 430 Messages: 431 MembershipsValue: Indicates whether each member in the binding includes 432 the member specified in the request, either directly or indirectly. Each 433 key identifies a member in the binding, and each value indicates whether 434 the member in the binding includes the member in the request. For 435 example, suppose that a binding includes the following members: * 436 `user:alice@example.com` * `group:product-eng@example.com` You want to 437 troubleshoot access for `user:bob@example.com`. This user is a member of 438 the group `group:product-eng@example.com`. For the first member in the 439 binding, the key is `user:alice@example.com`, and the `membership` field 440 in the value is set to `MEMBERSHIP_NOT_INCLUDED`. For the second member 441 in the binding, the key is `group:product-eng@example.com`, and the 442 `membership` field in the value is set to `MEMBERSHIP_INCLUDED`. 443 444 Fields: 445 access: Required. Indicates whether _this binding_ provides the specified 446 permission to the specified member for the specified resource. This 447 field does _not_ indicate whether the member actually has the permission 448 for the resource. There might be another binding that overrides this 449 binding. To determine whether the member actually has the permission, 450 use the `access` field in the TroubleshootIamPolicyResponse. 451 condition: A condition expression that prevents access unless the 452 expression evaluates to `true`. To learn about IAM Conditions, see 453 http://cloud.google.com/iam/help/conditions/overview. 454 memberships: Indicates whether each member in the binding includes the 455 member specified in the request, either directly or indirectly. Each key 456 identifies a member in the binding, and each value indicates whether the 457 member in the binding includes the member in the request. For example, 458 suppose that a binding includes the following members: * 459 `user:alice@example.com` * `group:product-eng@example.com` You want to 460 troubleshoot access for `user:bob@example.com`. This user is a member of 461 the group `group:product-eng@example.com`. For the first member in the 462 binding, the key is `user:alice@example.com`, and the `membership` field 463 in the value is set to `MEMBERSHIP_NOT_INCLUDED`. For the second member 464 in the binding, the key is `group:product-eng@example.com`, and the 465 `membership` field in the value is set to `MEMBERSHIP_INCLUDED`. 466 relevance: The relevance of this binding to the overall determination for 467 the entire policy. 468 role: The role that this binding grants. For example, 469 `roles/compute.serviceAgent`. For a complete list of predefined IAM 470 roles, as well as the permissions in each role, see 471 https://cloud.google.com/iam/help/roles/reference. 472 rolePermission: Indicates whether the role granted by this binding 473 contains the specified permission. 474 rolePermissionRelevance: The relevance of the permission's existence, or 475 nonexistence, in the role to the overall determination for the entire 476 policy. 477 """ 478 479 class AccessValueValuesEnum(_messages.Enum): 480 r"""Required. Indicates whether _this binding_ provides the specified 481 permission to the specified member for the specified resource. This field 482 does _not_ indicate whether the member actually has the permission for the 483 resource. There might be another binding that overrides this binding. To 484 determine whether the member actually has the permission, use the `access` 485 field in the TroubleshootIamPolicyResponse. 486 487 Values: 488 ACCESS_STATE_UNSPECIFIED: Reserved for future use. 489 GRANTED: The member has the permission. 490 NOT_GRANTED: The member does not have the permission. 491 UNKNOWN_CONDITIONAL: The member has the permission only if a condition 492 expression evaluates to `true`. 493 UNKNOWN_INFO_DENIED: The sender of the request does not have access to 494 all of the policies that Policy Troubleshooter needs to evaluate. 495 """ 496 ACCESS_STATE_UNSPECIFIED = 0 497 GRANTED = 1 498 NOT_GRANTED = 2 499 UNKNOWN_CONDITIONAL = 3 500 UNKNOWN_INFO_DENIED = 4 501 502 class RelevanceValueValuesEnum(_messages.Enum): 503 r"""The relevance of this binding to the overall determination for the 504 entire policy. 505 506 Values: 507 HEURISTIC_RELEVANCE_UNSPECIFIED: Reserved for future use. 508 NORMAL: The data point has a limited effect on the result. Changing the 509 data point is unlikely to affect the overall determination. 510 HIGH: The data point has a strong effect on the result. Changing the 511 data point is likely to affect the overall determination. 512 """ 513 HEURISTIC_RELEVANCE_UNSPECIFIED = 0 514 NORMAL = 1 515 HIGH = 2 516 517 class RolePermissionRelevanceValueValuesEnum(_messages.Enum): 518 r"""The relevance of the permission's existence, or nonexistence, in the 519 role to the overall determination for the entire policy. 520 521 Values: 522 HEURISTIC_RELEVANCE_UNSPECIFIED: Reserved for future use. 523 NORMAL: The data point has a limited effect on the result. Changing the 524 data point is unlikely to affect the overall determination. 525 HIGH: The data point has a strong effect on the result. Changing the 526 data point is likely to affect the overall determination. 527 """ 528 HEURISTIC_RELEVANCE_UNSPECIFIED = 0 529 NORMAL = 1 530 HIGH = 2 531 532 class RolePermissionValueValuesEnum(_messages.Enum): 533 r"""Indicates whether the role granted by this binding contains the 534 specified permission. 535 536 Values: 537 ROLE_PERMISSION_UNSPECIFIED: Reserved for future use. 538 ROLE_PERMISSION_INCLUDED: The permission is included in the role. 539 ROLE_PERMISSION_NOT_INCLUDED: The permission is not included in the 540 role. 541 ROLE_PERMISSION_UNKNOWN_INFO_DENIED: The sender of the request is not 542 allowed to access the binding. 543 """ 544 ROLE_PERMISSION_UNSPECIFIED = 0 545 ROLE_PERMISSION_INCLUDED = 1 546 ROLE_PERMISSION_NOT_INCLUDED = 2 547 ROLE_PERMISSION_UNKNOWN_INFO_DENIED = 3 548 549 @encoding.MapUnrecognizedFields('additionalProperties') 550 class MembershipsValue(_messages.Message): 551 r"""Indicates whether each member in the binding includes the member 552 specified in the request, either directly or indirectly. Each key 553 identifies a member in the binding, and each value indicates whether the 554 member in the binding includes the member in the request. For example, 555 suppose that a binding includes the following members: * 556 `user:alice@example.com` * `group:product-eng@example.com` You want to 557 troubleshoot access for `user:bob@example.com`. This user is a member of 558 the group `group:product-eng@example.com`. For the first member in the 559 binding, the key is `user:alice@example.com`, and the `membership` field 560 in the value is set to `MEMBERSHIP_NOT_INCLUDED`. For the second member 561 in the binding, the key is `group:product-eng@example.com`, and the 562 `membership` field in the value is set to `MEMBERSHIP_INCLUDED`. 563 564 Messages: 565 AdditionalProperty: An additional property for a MembershipsValue 566 object. 567 568 Fields: 569 additionalProperties: Additional properties of type MembershipsValue 570 """ 571 572 class AdditionalProperty(_messages.Message): 573 r"""An additional property for a MembershipsValue object. 574 575 Fields: 576 key: Name of the additional property. 577 value: A GoogleIamAssistV1alpha3BindingExplanationAnnotatedMembership 578 attribute. 579 """ 580 581 key = _messages.StringField(1) 582 value = _messages.MessageField('GoogleIamAssistV1alpha3BindingExplanationAnnotatedMembership', 2) 583 584 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 585 586 access = _messages.EnumField('AccessValueValuesEnum', 1) 587 condition = _messages.MessageField('GoogleTypeExpr', 2) 588 memberships = _messages.MessageField('MembershipsValue', 3) 589 relevance = _messages.EnumField('RelevanceValueValuesEnum', 4) 590 role = _messages.StringField(5) 591 rolePermission = _messages.EnumField('RolePermissionValueValuesEnum', 6) 592 rolePermissionRelevance = _messages.EnumField('RolePermissionRelevanceValueValuesEnum', 7) 593 594 595class GoogleIamAssistV1alpha3BindingExplanationAnnotatedMembership(_messages.Message): 596 r"""Details about whether the binding includes the member. 597 598 Enums: 599 MembershipValueValuesEnum: Indicates whether the binding includes the 600 member. 601 RelevanceValueValuesEnum: The relevance of the member's status to the 602 overall determination for the binding. 603 604 Fields: 605 membership: Indicates whether the binding includes the member. 606 relevance: The relevance of the member's status to the overall 607 determination for the binding. 608 """ 609 610 class MembershipValueValuesEnum(_messages.Enum): 611 r"""Indicates whether the binding includes the member. 612 613 Values: 614 MEMBERSHIP_UNSPECIFIED: Reserved for future use. 615 MEMBERSHIP_INCLUDED: The binding includes the member. The member can be 616 included directly or indirectly. For example: * A member is included 617 directly if that member is listed in the binding. * A member is 618 included indirectly if that member is in a Google group or G Suite 619 domain that is listed in the binding. 620 MEMBERSHIP_NOT_INCLUDED: The binding does not include the member. 621 MEMBERSHIP_UNKNOWN_INFO_DENIED: The sender of the request is not allowed 622 to access the binding. 623 MEMBERSHIP_UNKNOWN_UNSUPPORTED: The member is an unsupported type. Only 624 Google Accounts and service accounts are supported. 625 """ 626 MEMBERSHIP_UNSPECIFIED = 0 627 MEMBERSHIP_INCLUDED = 1 628 MEMBERSHIP_NOT_INCLUDED = 2 629 MEMBERSHIP_UNKNOWN_INFO_DENIED = 3 630 MEMBERSHIP_UNKNOWN_UNSUPPORTED = 4 631 632 class RelevanceValueValuesEnum(_messages.Enum): 633 r"""The relevance of the member's status to the overall determination for 634 the binding. 635 636 Values: 637 HEURISTIC_RELEVANCE_UNSPECIFIED: Reserved for future use. 638 NORMAL: The data point has a limited effect on the result. Changing the 639 data point is unlikely to affect the overall determination. 640 HIGH: The data point has a strong effect on the result. Changing the 641 data point is likely to affect the overall determination. 642 """ 643 HEURISTIC_RELEVANCE_UNSPECIFIED = 0 644 NORMAL = 1 645 HIGH = 2 646 647 membership = _messages.EnumField('MembershipValueValuesEnum', 1) 648 relevance = _messages.EnumField('RelevanceValueValuesEnum', 2) 649 650 651class GoogleIamAssistV1alpha3ExplainedAccess(_messages.Message): 652 r"""Details about how the set of Explained Policies resulted in the Access 653 State. 654 655 Enums: 656 AccessStateValueValuesEnum: The overall access state for the included set 657 of policies. 658 659 Fields: 660 accessState: The overall access state for the included set of policies. 661 errors: The list of problems encountered when explaining this access. This 662 list provides the reason why UNKNOWN information in `policies` was 663 unknown. 664 policies: The set of policies contributing to the listed AccessState. An 665 ExplainedPolicy with UNKNOWN_INFO_DENIED and nothing else means the user 666 did not have permission to get one or more policies. 667 """ 668 669 class AccessStateValueValuesEnum(_messages.Enum): 670 r"""The overall access state for the included set of policies. 671 672 Values: 673 ACCESS_STATE_UNSPECIFIED: Reserved for future use. 674 GRANTED: The member has the permission. 675 NOT_GRANTED: The member does not have the permission. 676 UNKNOWN_CONDITIONAL: The member has the permission only if a condition 677 expression evaluates to `true`. 678 UNKNOWN_INFO_DENIED: The sender of the request does not have access to 679 all of the policies that Policy Troubleshooter needs to evaluate. 680 """ 681 ACCESS_STATE_UNSPECIFIED = 0 682 GRANTED = 1 683 NOT_GRANTED = 2 684 UNKNOWN_CONDITIONAL = 3 685 UNKNOWN_INFO_DENIED = 4 686 687 accessState = _messages.EnumField('AccessStateValueValuesEnum', 1) 688 errors = _messages.MessageField('GoogleRpcStatus', 2, repeated=True) 689 policies = _messages.MessageField('GoogleIamAssistV1alpha3ExplainedPolicy', 3, repeated=True) 690 691 692class GoogleIamAssistV1alpha3ExplainedPolicy(_messages.Message): 693 r"""Details about how a specific IAM Policy contributed to the access check. 694 695 Enums: 696 AccessValueValuesEnum: Indicates whether _this policy_ provides the 697 specified permission to the specified member for the specified resource. 698 This field does _not_ indicate whether the member actually has the 699 permission for the resource. There might be another policy that 700 overrides this policy. To determine whether the member actually has the 701 permission, use the `access` field in the TroubleshootIamPolicyResponse. 702 RelevanceValueValuesEnum: The relevance of this policy to the overall 703 determination in the TroubleshootIamPolicyResponse. If the sender of 704 the request does not have access to the policy, this field is omitted. 705 706 Fields: 707 access: Indicates whether _this policy_ provides the specified permission 708 to the specified member for the specified resource. This field does 709 _not_ indicate whether the member actually has the permission for the 710 resource. There might be another policy that overrides this policy. To 711 determine whether the member actually has the permission, use the 712 `access` field in the TroubleshootIamPolicyResponse. 713 bindingExplanations: Details about how each binding in the policy affects 714 the member's ability, or inability, to use the permission for the 715 resource. If the sender of the request does not have access to the 716 policy, this field is omitted. 717 fullResourceName: The full resource name that identifies the resource. For 718 example, `//compute.googleapis.com/projects/my-project/zones/us- 719 central1-a/instances/my-instance`. If the sender of the request does 720 not have access to the policy, this field is omitted. For examples of 721 full resource names for Google Cloud services, see 722 https://cloud.google.com/iam/help/troubleshooter/full-resource-names. 723 policy: The IAM policy attached to the resource. If the sender of the 724 request does not have access to the policy, this field is empty. 725 relevance: The relevance of this policy to the overall determination in 726 the TroubleshootIamPolicyResponse. If the sender of the request does 727 not have access to the policy, this field is omitted. 728 """ 729 730 class AccessValueValuesEnum(_messages.Enum): 731 r"""Indicates whether _this policy_ provides the specified permission to 732 the specified member for the specified resource. This field does _not_ 733 indicate whether the member actually has the permission for the resource. 734 There might be another policy that overrides this policy. To determine 735 whether the member actually has the permission, use the `access` field in 736 the TroubleshootIamPolicyResponse. 737 738 Values: 739 ACCESS_STATE_UNSPECIFIED: Reserved for future use. 740 GRANTED: The member has the permission. 741 NOT_GRANTED: The member does not have the permission. 742 UNKNOWN_CONDITIONAL: The member has the permission only if a condition 743 expression evaluates to `true`. 744 UNKNOWN_INFO_DENIED: The sender of the request does not have access to 745 all of the policies that Policy Troubleshooter needs to evaluate. 746 """ 747 ACCESS_STATE_UNSPECIFIED = 0 748 GRANTED = 1 749 NOT_GRANTED = 2 750 UNKNOWN_CONDITIONAL = 3 751 UNKNOWN_INFO_DENIED = 4 752 753 class RelevanceValueValuesEnum(_messages.Enum): 754 r"""The relevance of this policy to the overall determination in the 755 TroubleshootIamPolicyResponse. If the sender of the request does not have 756 access to the policy, this field is omitted. 757 758 Values: 759 HEURISTIC_RELEVANCE_UNSPECIFIED: Reserved for future use. 760 NORMAL: The data point has a limited effect on the result. Changing the 761 data point is unlikely to affect the overall determination. 762 HIGH: The data point has a strong effect on the result. Changing the 763 data point is likely to affect the overall determination. 764 """ 765 HEURISTIC_RELEVANCE_UNSPECIFIED = 0 766 NORMAL = 1 767 HIGH = 2 768 769 access = _messages.EnumField('AccessValueValuesEnum', 1) 770 bindingExplanations = _messages.MessageField('GoogleIamAssistV1alpha3BindingExplanation', 2, repeated=True) 771 fullResourceName = _messages.StringField(3) 772 policy = _messages.MessageField('GoogleIamV1Policy', 4) 773 relevance = _messages.EnumField('RelevanceValueValuesEnum', 5) 774 775 776class GoogleIamAssistV1alpha3Replay(_messages.Message): 777 r"""A Replay of Accesses against a simulated state. 778 779 Enums: 780 StateValueValuesEnum: Output only. The current state of the replay. 781 https://aip.dev/216 782 783 Fields: 784 config: Required. The configuration used for the replay. 785 diffs: Output only. The ReplayResults that resulted in diffs being found. 786 errors: Output only. The ReplayResults that resulted in an error. 787 logsMetadata: Output only. Metadata about the replayed log entries. 788 name: The resource name of the replay. The replay id is randomly generated 789 on creation. Format: replays/{replay}. 790 state: Output only. The current state of the replay. https://aip.dev/216 791 """ 792 793 class StateValueValuesEnum(_messages.Enum): 794 r"""Output only. The current state of the replay. https://aip.dev/216 795 796 Values: 797 STATE_UNSPECIFIED: Reserved. 798 PENDING: Replay has not started yet. 799 RUNNING: Replay is currently running. 800 SUCCEEDED: Replay has successfully completed. 801 FAILED: Replay has finished with an error. 802 """ 803 STATE_UNSPECIFIED = 0 804 PENDING = 1 805 RUNNING = 2 806 SUCCEEDED = 3 807 FAILED = 4 808 809 config = _messages.MessageField('GoogleIamAssistV1alpha3ReplayConfig', 1) 810 diffs = _messages.MessageField('GoogleIamAssistV1alpha3ReplayResult', 2, repeated=True) 811 errors = _messages.MessageField('GoogleIamAssistV1alpha3ReplayResult', 3, repeated=True) 812 logsMetadata = _messages.MessageField('GoogleIamAssistV1alpha3ReplayLogsMetadata', 4) 813 name = _messages.StringField(5) 814 state = _messages.EnumField('StateValueValuesEnum', 6) 815 816 817class GoogleIamAssistV1alpha3ReplayConfig(_messages.Message): 818 r"""The configuration used for the replay. 819 820 Enums: 821 LogSourceValueValuesEnum: The logs to use as input for the replay. 822 823 Messages: 824 PolicyOverlayValue: The policy overlay used during the replay. Keys are 825 full resource names and the values are the policies to apply on these 826 resources in the simulated state. 827 828 Fields: 829 logSource: The logs to use as input for the replay. 830 policyOverlay: The policy overlay used during the replay. Keys are full 831 resource names and the values are the policies to apply on these 832 resources in the simulated state. 833 """ 834 835 class LogSourceValueValuesEnum(_messages.Enum): 836 r"""The logs to use as input for the replay. 837 838 Values: 839 LOG_SOURCE_UNSPECIFIED: An unspecified log source. Replay will default 840 to using RECENT_ACCESSES. 841 RECENT_ACCESSES: Retrieves the 5000 most recent accesses from the last 842 90 days from an internal log source. Note that the log freshness 843 (i.e. the date of the newest log entry) may be up to 7 days stale. In 844 other words, an access attempt that only occurred within the past 7 845 days may not be captured by the replay. 846 """ 847 LOG_SOURCE_UNSPECIFIED = 0 848 RECENT_ACCESSES = 1 849 850 @encoding.MapUnrecognizedFields('additionalProperties') 851 class PolicyOverlayValue(_messages.Message): 852 r"""The policy overlay used during the replay. Keys are full resource 853 names and the values are the policies to apply on these resources in the 854 simulated state. 855 856 Messages: 857 AdditionalProperty: An additional property for a PolicyOverlayValue 858 object. 859 860 Fields: 861 additionalProperties: Additional properties of type PolicyOverlayValue 862 """ 863 864 class AdditionalProperty(_messages.Message): 865 r"""An additional property for a PolicyOverlayValue object. 866 867 Fields: 868 key: Name of the additional property. 869 value: A GoogleIamV1Policy attribute. 870 """ 871 872 key = _messages.StringField(1) 873 value = _messages.MessageField('GoogleIamV1Policy', 2) 874 875 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 876 877 logSource = _messages.EnumField('LogSourceValueValuesEnum', 1) 878 policyOverlay = _messages.MessageField('PolicyOverlayValue', 2) 879 880 881class GoogleIamAssistV1alpha3ReplayDiff(_messages.Message): 882 r"""A successful replay of an AccessTuple that resulted in a difference 883 between baseline and simulated. 884 885 Fields: 886 accessDiff: The difference in AccessState between replays. 887 """ 888 889 accessDiff = _messages.MessageField('GoogleIamAssistV1alpha3AccessStateDiff', 1) 890 891 892class GoogleIamAssistV1alpha3ReplayLogsMetadata(_messages.Message): 893 r"""Metadata about the replayed log entries. 894 895 Fields: 896 differenceCount: Number of replayed log entries with a difference between 897 baseline and simulated policies. 898 errorCount: Number of log entries with an error during replay. 899 logCount: Number of log entries replayed. log_count == unchanged_count + 900 difference_count + error_count 901 newestDate: Date of newest log entry replayed. 902 oldestDate: Date of oldest log entry replayed. 903 unchangedCount: Number of replayed log entries with no difference between 904 baseline and simulated 905 """ 906 907 differenceCount = _messages.IntegerField(1, variant=_messages.Variant.INT32) 908 errorCount = _messages.IntegerField(2, variant=_messages.Variant.INT32) 909 logCount = _messages.IntegerField(3, variant=_messages.Variant.INT32) 910 newestDate = _messages.MessageField('GoogleTypeDate', 4) 911 oldestDate = _messages.MessageField('GoogleTypeDate', 5) 912 unchangedCount = _messages.IntegerField(6, variant=_messages.Variant.INT32) 913 914 915class GoogleIamAssistV1alpha3ReplayOperationMetadata(_messages.Message): 916 r"""Metadata about a ReplayAccessLogs operation. 917 918 Fields: 919 startTime: Time when the request was received. 920 """ 921 922 startTime = _messages.StringField(1) 923 924 925class GoogleIamAssistV1alpha3ReplayResult(_messages.Message): 926 r"""The result of replaying a single access tuple against a simulated state. 927 928 Fields: 929 accessTuple: The access replayed. 930 diff: The tuple was successfully replayed and had a difference. 931 error: The tuple was not successfully replayed. 932 lastSeenDate: The late date this access was seen in the logs. 933 name: The resource name of the replay result. Format: 934 replays/{replay}/results/{replay_result} 935 parent: The replay the access tuple was included in. 936 """ 937 938 accessTuple = _messages.MessageField('GoogleIamAssistV1alpha3AccessTuple', 1) 939 diff = _messages.MessageField('GoogleIamAssistV1alpha3ReplayDiff', 2) 940 error = _messages.MessageField('GoogleRpcStatus', 3) 941 lastSeenDate = _messages.MessageField('GoogleTypeDate', 4) 942 name = _messages.StringField(5) 943 parent = _messages.StringField(6) 944 945 946class GoogleIamV1AuditConfig(_messages.Message): 947 r"""Specifies the audit configuration for a service. The configuration 948 determines which permission types are logged, and what identities, if any, 949 are exempted from logging. An AuditConfig must have one or more 950 AuditLogConfigs. If there are AuditConfigs for both `allServices` and a 951 specific service, the union of the two AuditConfigs is used for that 952 service: the log_types specified in each AuditConfig are enabled, and the 953 exempted_members in each AuditLogConfig are exempted. Example Policy with 954 multiple AuditConfigs: { "audit_configs": [ { 955 "service": "allServices" "audit_log_configs": [ { 956 "log_type": "DATA_READ", "exempted_members": [ 957 "user:jose@example.com" ] }, { 958 "log_type": "DATA_WRITE", }, { 959 "log_type": "ADMIN_READ", } ] }, { 960 "service": "sampleservice.googleapis.com" "audit_log_configs": [ 961 { "log_type": "DATA_READ", }, { 962 "log_type": "DATA_WRITE", "exempted_members": [ 963 "user:aliya@example.com" ] } ] } 964 ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and 965 ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, 966 and aliya@example.com from DATA_WRITE logging. 967 968 Fields: 969 auditLogConfigs: The configuration for logging of each type of permission. 970 service: Specifies a service that will be enabled for audit logging. For 971 example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 972 `allServices` is a special value that covers all services. 973 """ 974 975 auditLogConfigs = _messages.MessageField('GoogleIamV1AuditLogConfig', 1, repeated=True) 976 service = _messages.StringField(2) 977 978 979class GoogleIamV1AuditLogConfig(_messages.Message): 980 r"""Provides the configuration for logging a type of permissions. Example: 981 { "audit_log_configs": [ { "log_type": "DATA_READ", 982 "exempted_members": [ "user:jose@example.com" ] 983 }, { "log_type": "DATA_WRITE", } ] } 984 This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 985 jose@example.com from DATA_READ logging. 986 987 Enums: 988 LogTypeValueValuesEnum: The log type that this config enables. 989 990 Fields: 991 exemptedMembers: Specifies the identities that do not cause logging for 992 this type of permission. Follows the same format of Binding.members. 993 logType: The log type that this config enables. 994 """ 995 996 class LogTypeValueValuesEnum(_messages.Enum): 997 r"""The log type that this config enables. 998 999 Values: 1000 LOG_TYPE_UNSPECIFIED: Default case. Should never be this. 1001 ADMIN_READ: Admin reads. Example: CloudIAM getIamPolicy 1002 DATA_WRITE: Data writes. Example: CloudSQL Users create 1003 DATA_READ: Data reads. Example: CloudSQL Users list 1004 """ 1005 LOG_TYPE_UNSPECIFIED = 0 1006 ADMIN_READ = 1 1007 DATA_WRITE = 2 1008 DATA_READ = 3 1009 1010 exemptedMembers = _messages.StringField(1, repeated=True) 1011 logType = _messages.EnumField('LogTypeValueValuesEnum', 2) 1012 1013 1014class GoogleIamV1Binding(_messages.Message): 1015 r"""Associates `members` with a `role`. 1016 1017 Fields: 1018 condition: The condition that is associated with this binding. NOTE: An 1019 unsatisfied condition will not allow user access via current binding. 1020 Different bindings, including their conditions, are examined 1021 independently. 1022 members: Specifies the identities requesting access for a Cloud Platform 1023 resource. `members` can have the following values: * `allUsers`: A 1024 special identifier that represents anyone who is on the internet; 1025 with or without a Google account. * `allAuthenticatedUsers`: A special 1026 identifier that represents anyone who is authenticated with a Google 1027 account or a service account. * `user:{emailid}`: An email address that 1028 represents a specific Google account. For example, 1029 `alice@example.com` . * `serviceAccount:{emailid}`: An email address 1030 that represents a service account. For example, `my-other- 1031 app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address 1032 that represents a Google group. For example, `admins@example.com`. * 1033 `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique 1034 identifier) representing a user that has been recently deleted. For 1035 example, `alice@example.com?uid=123456789012345678901`. If the user is 1036 recovered, this value reverts to `user:{emailid}` and the recovered user 1037 retains the role in the binding. * 1038 `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address 1039 (plus unique identifier) representing a service account that has been 1040 recently deleted. For example, `my-other- 1041 app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the 1042 service account is undeleted, this value reverts to 1043 `serviceAccount:{emailid}` and the undeleted service account retains the 1044 role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An 1045 email address (plus unique identifier) representing a Google group 1046 that has been recently deleted. For example, 1047 `admins@example.com?uid=123456789012345678901`. If the group is 1048 recovered, this value reverts to `group:{emailid}` and the recovered 1049 group retains the role in the binding. * `domain:{domain}`: The G 1050 Suite domain (primary) that represents all the users of that domain. 1051 For example, `google.com` or `example.com`. 1052 role: Role that is assigned to `members`. For example, `roles/viewer`, 1053 `roles/editor`, or `roles/owner`. 1054 """ 1055 1056 condition = _messages.MessageField('GoogleTypeExpr', 1) 1057 members = _messages.StringField(2, repeated=True) 1058 role = _messages.StringField(3) 1059 1060 1061class GoogleIamV1Policy(_messages.Message): 1062 r"""An Identity and Access Management (IAM) policy, which specifies access 1063 controls for Google Cloud resources. A `Policy` is a collection of 1064 `bindings`. A `binding` binds one or more `members` to a single `role`. 1065 Members can be user accounts, service accounts, Google groups, and domains 1066 (such as G Suite). A `role` is a named list of permissions; each `role` can 1067 be an IAM predefined role or a user-created custom role. Optionally, a 1068 `binding` can specify a `condition`, which is a logical expression that 1069 allows access to a resource only if the expression evaluates to `true`. A 1070 condition can add constraints based on attributes of the request, the 1071 resource, or both. **JSON example:** { "bindings": [ { 1072 "role": "roles/resourcemanager.organizationAdmin", "members": [ 1073 "user:mike@example.com", "group:admins@example.com", 1074 "domain:google.com", "serviceAccount:my-project- 1075 id@appspot.gserviceaccount.com" ] }, { 1076 "role": "roles/resourcemanager.organizationViewer", "members": 1077 ["user:eve@example.com"], "condition": { "title": 1078 "expirable access", "description": "Does not grant access after 1079 Sep 2020", "expression": "request.time < 1080 timestamp('2020-10-01T00:00:00.000Z')", } } ], 1081 "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** 1082 bindings: - members: - user:mike@example.com - 1083 group:admins@example.com - domain:google.com - 1084 serviceAccount:my-project-id@appspot.gserviceaccount.com role: 1085 roles/resourcemanager.organizationAdmin - members: - 1086 user:eve@example.com role: roles/resourcemanager.organizationViewer 1087 condition: title: expirable access description: Does not 1088 grant access after Sep 2020 expression: request.time < 1089 timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - 1090 version: 3 For a description of IAM and its features, see the [IAM 1091 documentation](https://cloud.google.com/iam/docs/). 1092 1093 Fields: 1094 auditConfigs: Specifies cloud audit logging configuration for this policy. 1095 bindings: Associates a list of `members` to a `role`. Optionally, may 1096 specify a `condition` that determines how and when the `bindings` are 1097 applied. Each of the `bindings` must contain at least one member. 1098 etag: `etag` is used for optimistic concurrency control as a way to help 1099 prevent simultaneous updates of a policy from overwriting each other. It 1100 is strongly suggested that systems make use of the `etag` in the read- 1101 modify-write cycle to perform policy updates in order to avoid race 1102 conditions: An `etag` is returned in the response to `getIamPolicy`, and 1103 systems are expected to put that etag in the request to `setIamPolicy` 1104 to ensure that their change will be applied to the same version of the 1105 policy. **Important:** If you use IAM Conditions, you must include the 1106 `etag` field whenever you call `setIamPolicy`. If you omit this field, 1107 then IAM allows you to overwrite a version `3` policy with a version `1` 1108 policy, and all of the conditions in the version `3` policy are lost. 1109 version: Specifies the format of the policy. Valid values are `0`, `1`, 1110 and `3`. Requests that specify an invalid value are rejected. Any 1111 operation that affects conditional role bindings must specify version 1112 `3`. This requirement applies to the following operations: * Getting a 1113 policy that includes a conditional role binding * Adding a conditional 1114 role binding to a policy * Changing a conditional role binding in a 1115 policy * Removing any role binding, with or without a condition, from a 1116 policy that includes conditions **Important:** If you use IAM 1117 Conditions, you must include the `etag` field whenever you call 1118 `setIamPolicy`. If you omit this field, then IAM allows you to overwrite 1119 a version `3` policy with a version `1` policy, and all of the 1120 conditions in the version `3` policy are lost. If a policy does not 1121 include any conditions, operations on that policy may specify any valid 1122 version or leave the field unset. 1123 """ 1124 1125 auditConfigs = _messages.MessageField('GoogleIamV1AuditConfig', 1, repeated=True) 1126 bindings = _messages.MessageField('GoogleIamV1Binding', 2, repeated=True) 1127 etag = _messages.BytesField(3) 1128 version = _messages.IntegerField(4, variant=_messages.Variant.INT32) 1129 1130 1131class GoogleLongrunningOperation(_messages.Message): 1132 r"""This resource represents a long-running operation that is the result of 1133 a network API call. 1134 1135 Messages: 1136 MetadataValue: Service-specific metadata associated with the operation. 1137 It typically contains progress information and common metadata such as 1138 create time. Some services might not provide such metadata. Any method 1139 that returns a long-running operation should document the metadata type, 1140 if any. 1141 ResponseValue: The normal response of the operation in case of success. 1142 If the original method returns no data on success, such as `Delete`, the 1143 response is `google.protobuf.Empty`. If the original method is standard 1144 `Get`/`Create`/`Update`, the response should be the resource. For other 1145 methods, the response should have the type `XxxResponse`, where `Xxx` is 1146 the original method name. For example, if the original method name is 1147 `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. 1148 1149 Fields: 1150 done: If the value is `false`, it means the operation is still in 1151 progress. If `true`, the operation is completed, and either `error` or 1152 `response` is available. 1153 error: The error result of the operation in case of failure or 1154 cancellation. 1155 metadata: Service-specific metadata associated with the operation. It 1156 typically contains progress information and common metadata such as 1157 create time. Some services might not provide such metadata. Any method 1158 that returns a long-running operation should document the metadata type, 1159 if any. 1160 name: The server-assigned name, which is only unique within the same 1161 service that originally returns it. If you use the default HTTP mapping, 1162 the `name` should be a resource name ending with 1163 `operations/{unique_id}`. 1164 response: The normal response of the operation in case of success. If the 1165 original method returns no data on success, such as `Delete`, the 1166 response is `google.protobuf.Empty`. If the original method is standard 1167 `Get`/`Create`/`Update`, the response should be the resource. For other 1168 methods, the response should have the type `XxxResponse`, where `Xxx` is 1169 the original method name. For example, if the original method name is 1170 `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. 1171 """ 1172 1173 @encoding.MapUnrecognizedFields('additionalProperties') 1174 class MetadataValue(_messages.Message): 1175 r"""Service-specific metadata associated with the operation. It typically 1176 contains progress information and common metadata such as create time. 1177 Some services might not provide such metadata. Any method that returns a 1178 long-running operation should document the metadata type, if any. 1179 1180 Messages: 1181 AdditionalProperty: An additional property for a MetadataValue object. 1182 1183 Fields: 1184 additionalProperties: Properties of the object. Contains field @type 1185 with type URL. 1186 """ 1187 1188 class AdditionalProperty(_messages.Message): 1189 r"""An additional property for a MetadataValue object. 1190 1191 Fields: 1192 key: Name of the additional property. 1193 value: A extra_types.JsonValue attribute. 1194 """ 1195 1196 key = _messages.StringField(1) 1197 value = _messages.MessageField('extra_types.JsonValue', 2) 1198 1199 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 1200 1201 @encoding.MapUnrecognizedFields('additionalProperties') 1202 class ResponseValue(_messages.Message): 1203 r"""The normal response of the operation in case of success. If the 1204 original method returns no data on success, such as `Delete`, the response 1205 is `google.protobuf.Empty`. If the original method is standard 1206 `Get`/`Create`/`Update`, the response should be the resource. For other 1207 methods, the response should have the type `XxxResponse`, where `Xxx` is 1208 the original method name. For example, if the original method name is 1209 `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. 1210 1211 Messages: 1212 AdditionalProperty: An additional property for a ResponseValue object. 1213 1214 Fields: 1215 additionalProperties: Properties of the object. Contains field @type 1216 with type URL. 1217 """ 1218 1219 class AdditionalProperty(_messages.Message): 1220 r"""An additional property for a ResponseValue object. 1221 1222 Fields: 1223 key: Name of the additional property. 1224 value: A extra_types.JsonValue attribute. 1225 """ 1226 1227 key = _messages.StringField(1) 1228 value = _messages.MessageField('extra_types.JsonValue', 2) 1229 1230 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 1231 1232 done = _messages.BooleanField(1) 1233 error = _messages.MessageField('GoogleRpcStatus', 2) 1234 metadata = _messages.MessageField('MetadataValue', 3) 1235 name = _messages.StringField(4) 1236 response = _messages.MessageField('ResponseValue', 5) 1237 1238 1239class GoogleRpcContextAttributeContext(_messages.Message): 1240 r"""This message defines the standard attribute vocabulary for Google APIs. 1241 An attribute is a piece of metadata that describes an activity on a network 1242 service. For example, the size of an HTTP request, or the status code of an 1243 HTTP response. Each attribute has a type and a name, which is logically 1244 defined as a proto message field in `AttributeContext`. The field type 1245 becomes the attribute type, and the field path becomes the attribute name. 1246 For example, the attribute `source.ip` maps to field 1247 `AttributeContext.source.ip`. This message definition is guaranteed not to 1248 have any wire breaking change. So you can use it directly for passing 1249 attributes across different systems. NOTE: Different system may generate 1250 different subset of attributes. Please verify the system specification 1251 before relying on an attribute generated a system. 1252 1253 Fields: 1254 api: Represents an API operation that is involved to a network activity. 1255 destination: The destination of a network activity, such as accepting a 1256 TCP connection. In a multi hop network activity, the destination 1257 represents the receiver of the last hop. 1258 origin: The origin of a network activity. In a multi hop network activity, 1259 the origin represents the sender of the first hop. For the first hop, 1260 the `source` and the `origin` must have the same content. 1261 request: Represents a network request, such as an HTTP request. 1262 resource: Represents a target resource that is involved with a network 1263 activity. If multiple resources are involved with an activity, this must 1264 be the primary one. 1265 response: Represents a network response, such as an HTTP response. 1266 source: The source of a network activity, such as starting a TCP 1267 connection. In a multi hop network activity, the source represents the 1268 sender of the last hop. 1269 """ 1270 1271 api = _messages.MessageField('GoogleRpcContextAttributeContextApi', 1) 1272 destination = _messages.MessageField('GoogleRpcContextAttributeContextPeer', 2) 1273 origin = _messages.MessageField('GoogleRpcContextAttributeContextPeer', 3) 1274 request = _messages.MessageField('GoogleRpcContextAttributeContextRequest', 4) 1275 resource = _messages.MessageField('GoogleRpcContextAttributeContextResource', 5) 1276 response = _messages.MessageField('GoogleRpcContextAttributeContextResponse', 6) 1277 source = _messages.MessageField('GoogleRpcContextAttributeContextPeer', 7) 1278 1279 1280class GoogleRpcContextAttributeContextApi(_messages.Message): 1281 r"""This message defines attributes associated with API operations, such as 1282 a network API request. The terminology is based on the conventions used by 1283 Google APIs, Istio, and OpenAPI. 1284 1285 Fields: 1286 operation: The API operation name. For gRPC requests, it is the fully 1287 qualified API method name, such as "google.pubsub.v1.Publisher.Publish". 1288 For OpenAPI requests, it is the `operationId`, such as "getPet". 1289 protocol: The API protocol used for sending the request, such as "http", 1290 "https", "grpc", or "internal". 1291 service: The API service name. It is a logical identifier for a networked 1292 API, such as "pubsub.googleapis.com". The naming syntax depends on the 1293 API management system being used for handling the request. 1294 version: The API version associated with the API operation above, such as 1295 "v1" or "v1alpha1". 1296 """ 1297 1298 operation = _messages.StringField(1) 1299 protocol = _messages.StringField(2) 1300 service = _messages.StringField(3) 1301 version = _messages.StringField(4) 1302 1303 1304class GoogleRpcContextAttributeContextAuth(_messages.Message): 1305 r"""This message defines request authentication attributes. Terminology is 1306 based on the JSON Web Token (JWT) standard, but the terms also correlate to 1307 concepts in other standards. 1308 1309 Messages: 1310 ClaimsValue: Structured claims presented with the credential. JWTs include 1311 `{key: value}` pairs for standard and private claims. The following is a 1312 subset of the standard required and optional claims that would typically 1313 be presented for a Google-based JWT: {'iss': 'accounts.google.com', 1314 'sub': '113289723416554971153', 'aud': ['123456789012', 1315 'pubsub.googleapis.com'], 'azp': 1316 '123456789012.apps.googleusercontent.com', 'email': 1317 'jsmith@example.com', 'iat': 1353601026, 'exp': 1353604926} 1318 SAML assertions are similarly specified, but with an identity provider 1319 dependent structure. 1320 1321 Fields: 1322 accessLevels: A list of access level resource names that allow resources 1323 to be accessed by authenticated requester. It is part of Secure GCP 1324 processing for the incoming request. An access level string has the 1325 format: "//{api_service_name}/accessPolicies/{policy_id}/accessLevels/{s 1326 hort_name}" Example: "//accesscontextmanager.googleapis.com/accessPolic 1327 ies/MY_POLICY_ID/accessLevels/MY_LEVEL" 1328 audiences: The intended audience(s) for this authentication information. 1329 Reflects the audience (`aud`) claim within a JWT. The audience value(s) 1330 depends on the `issuer`, but typically include one or more of the 1331 following pieces of information: * The services intended to receive 1332 the credential such as ["pubsub.googleapis.com", 1333 "storage.googleapis.com"] * A set of service-based scopes. For example, 1334 ["https://www.googleapis.com/auth/cloud-platform"] * The client id of 1335 an app, such as the Firebase project id for JWTs from Firebase Auth. 1336 Consult the documentation for the credential issuer to determine the 1337 information provided. 1338 claims: Structured claims presented with the credential. JWTs include 1339 `{key: value}` pairs for standard and private claims. The following is a 1340 subset of the standard required and optional claims that would typically 1341 be presented for a Google-based JWT: {'iss': 'accounts.google.com', 1342 'sub': '113289723416554971153', 'aud': ['123456789012', 1343 'pubsub.googleapis.com'], 'azp': 1344 '123456789012.apps.googleusercontent.com', 'email': 1345 'jsmith@example.com', 'iat': 1353601026, 'exp': 1353604926} 1346 SAML assertions are similarly specified, but with an identity provider 1347 dependent structure. 1348 presenter: The authorized presenter of the credential. Reflects the 1349 optional Authorized Presenter (`azp`) claim within a JWT or the OAuth 1350 client id. For example, a Google Cloud Platform client id looks as 1351 follows: "123456789012.apps.googleusercontent.com". 1352 principal: The authenticated principal. Reflects the issuer (`iss`) and 1353 subject (`sub`) claims within a JWT. The issuer and subject should be 1354 `/` delimited, with `/` percent-encoded within the subject fragment. For 1355 Google accounts, the principal format is: 1356 "https://accounts.google.com/{id}" 1357 """ 1358 1359 @encoding.MapUnrecognizedFields('additionalProperties') 1360 class ClaimsValue(_messages.Message): 1361 r"""Structured claims presented with the credential. JWTs include `{key: 1362 value}` pairs for standard and private claims. The following is a subset 1363 of the standard required and optional claims that would typically be 1364 presented for a Google-based JWT: {'iss': 'accounts.google.com', 1365 'sub': '113289723416554971153', 'aud': ['123456789012', 1366 'pubsub.googleapis.com'], 'azp': 1367 '123456789012.apps.googleusercontent.com', 'email': 1368 'jsmith@example.com', 'iat': 1353601026, 'exp': 1353604926} SAML 1369 assertions are similarly specified, but with an identity provider 1370 dependent structure. 1371 1372 Messages: 1373 AdditionalProperty: An additional property for a ClaimsValue object. 1374 1375 Fields: 1376 additionalProperties: Properties of the object. 1377 """ 1378 1379 class AdditionalProperty(_messages.Message): 1380 r"""An additional property for a ClaimsValue object. 1381 1382 Fields: 1383 key: Name of the additional property. 1384 value: A extra_types.JsonValue attribute. 1385 """ 1386 1387 key = _messages.StringField(1) 1388 value = _messages.MessageField('extra_types.JsonValue', 2) 1389 1390 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 1391 1392 accessLevels = _messages.StringField(1, repeated=True) 1393 audiences = _messages.StringField(2, repeated=True) 1394 claims = _messages.MessageField('ClaimsValue', 3) 1395 presenter = _messages.StringField(4) 1396 principal = _messages.StringField(5) 1397 1398 1399class GoogleRpcContextAttributeContextPeer(_messages.Message): 1400 r"""This message defines attributes for a node that handles a network 1401 request. The node can be either a service or an application that sends, 1402 forwards, or receives the request. Service peers should fill in `principal` 1403 and `labels` as appropriate. 1404 1405 Messages: 1406 LabelsValue: The labels associated with the peer. 1407 1408 Fields: 1409 ip: The IP address of the peer. 1410 labels: The labels associated with the peer. 1411 port: The network port of the peer. 1412 principal: The identity of this peer. Similar to `Request.auth.principal`, 1413 but relative to the peer instead of the request. For example, the 1414 idenity associated with a load balancer that forwared the request. 1415 regionCode: The CLDR country/region code associated with the above IP 1416 address. If the IP address is private, the `region_code` should reflect 1417 the physical location where this peer is running. 1418 """ 1419 1420 @encoding.MapUnrecognizedFields('additionalProperties') 1421 class LabelsValue(_messages.Message): 1422 r"""The labels associated with the peer. 1423 1424 Messages: 1425 AdditionalProperty: An additional property for a LabelsValue object. 1426 1427 Fields: 1428 additionalProperties: Additional properties of type LabelsValue 1429 """ 1430 1431 class AdditionalProperty(_messages.Message): 1432 r"""An additional property for a LabelsValue object. 1433 1434 Fields: 1435 key: Name of the additional property. 1436 value: A string attribute. 1437 """ 1438 1439 key = _messages.StringField(1) 1440 value = _messages.StringField(2) 1441 1442 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 1443 1444 ip = _messages.StringField(1) 1445 labels = _messages.MessageField('LabelsValue', 2) 1446 port = _messages.IntegerField(3) 1447 principal = _messages.StringField(4) 1448 regionCode = _messages.StringField(5) 1449 1450 1451class GoogleRpcContextAttributeContextRequest(_messages.Message): 1452 r"""This message defines attributes for an HTTP request. If the actual 1453 request is not an HTTP request, the runtime system should try to map the 1454 actual request to an equivalent HTTP request. 1455 1456 Messages: 1457 HeadersValue: The HTTP request headers. If multiple headers share the same 1458 key, they must be merged according to the HTTP spec. All header keys 1459 must be lowercased, because HTTP header keys are case-insensitive. 1460 1461 Fields: 1462 auth: The request authentication. May be absent for unauthenticated 1463 requests. Derived from the HTTP request `Authorization` header or 1464 equivalent. 1465 headers: The HTTP request headers. If multiple headers share the same key, 1466 they must be merged according to the HTTP spec. All header keys must be 1467 lowercased, because HTTP header keys are case-insensitive. 1468 host: The HTTP request `Host` header value. 1469 id: The unique ID for a request, which can be propagated to downstream 1470 systems. The ID should have low probability of collision within a single 1471 day for a specific service. 1472 method: The HTTP request method, such as `GET`, `POST`. 1473 path: The HTTP URL path. 1474 protocol: The network protocol used with the request, such as "http/1.1", 1475 "spdy/3", "h2", "h2c", "webrtc", "tcp", "udp", "quic". See 1476 https://www.iana.org/assignments/tls-extensiontype-values/tls- 1477 extensiontype-values.xhtml#alpn-protocol-ids for details. 1478 query: The HTTP URL query in the format of `name1=value1&name2=value2`, as 1479 it appears in the first line of the HTTP request. No decoding is 1480 performed. 1481 reason: A special parameter for request reason. It is used by security 1482 systems to associate auditing information with a request. 1483 scheme: The HTTP URL scheme, such as `http` and `https`. 1484 size: The HTTP request size in bytes. If unknown, it must be -1. 1485 time: The timestamp when the `destination` service receives the first byte 1486 of the request. 1487 """ 1488 1489 @encoding.MapUnrecognizedFields('additionalProperties') 1490 class HeadersValue(_messages.Message): 1491 r"""The HTTP request headers. If multiple headers share the same key, they 1492 must be merged according to the HTTP spec. All header keys must be 1493 lowercased, because HTTP header keys are case-insensitive. 1494 1495 Messages: 1496 AdditionalProperty: An additional property for a HeadersValue object. 1497 1498 Fields: 1499 additionalProperties: Additional properties of type HeadersValue 1500 """ 1501 1502 class AdditionalProperty(_messages.Message): 1503 r"""An additional property for a HeadersValue object. 1504 1505 Fields: 1506 key: Name of the additional property. 1507 value: A string attribute. 1508 """ 1509 1510 key = _messages.StringField(1) 1511 value = _messages.StringField(2) 1512 1513 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 1514 1515 auth = _messages.MessageField('GoogleRpcContextAttributeContextAuth', 1) 1516 headers = _messages.MessageField('HeadersValue', 2) 1517 host = _messages.StringField(3) 1518 id = _messages.StringField(4) 1519 method = _messages.StringField(5) 1520 path = _messages.StringField(6) 1521 protocol = _messages.StringField(7) 1522 query = _messages.StringField(8) 1523 reason = _messages.StringField(9) 1524 scheme = _messages.StringField(10) 1525 size = _messages.IntegerField(11) 1526 time = _messages.StringField(12) 1527 1528 1529class GoogleRpcContextAttributeContextResource(_messages.Message): 1530 r"""This message defines core attributes for a resource. A resource is an 1531 addressable (named) entity provided by the destination service. For example, 1532 a file stored on a network storage service. 1533 1534 Messages: 1535 LabelsValue: The labels or tags on the resource, such as AWS resource tags 1536 and Kubernetes resource labels. 1537 1538 Fields: 1539 labels: The labels or tags on the resource, such as AWS resource tags and 1540 Kubernetes resource labels. 1541 name: The stable identifier (name) of a resource on the `service`. A 1542 resource can be logically identified as 1543 "//{resource.service}/{resource.name}". The differences between a 1544 resource name and a URI are: * Resource name is a logical identifier, 1545 independent of network protocol and API version. For example, 1546 `//pubsub.googleapis.com/projects/123/topics/news-feed`. * URI often 1547 includes protocol and version information, so it can be used 1548 directly by applications. For example, 1549 `https://pubsub.googleapis.com/v1/projects/123/topics/news-feed`. See 1550 https://cloud.google.com/apis/design/resource_names for details. 1551 service: The name of the service that this resource belongs to, such as 1552 `pubsub.googleapis.com`. The service may be different from the DNS 1553 hostname that actually serves the request. 1554 type: The type of the resource. The syntax is platform-specific because 1555 different platforms define their resources differently. For Google 1556 APIs, the type format must be "{service}/{kind}". 1557 """ 1558 1559 @encoding.MapUnrecognizedFields('additionalProperties') 1560 class LabelsValue(_messages.Message): 1561 r"""The labels or tags on the resource, such as AWS resource tags and 1562 Kubernetes resource labels. 1563 1564 Messages: 1565 AdditionalProperty: An additional property for a LabelsValue object. 1566 1567 Fields: 1568 additionalProperties: Additional properties of type LabelsValue 1569 """ 1570 1571 class AdditionalProperty(_messages.Message): 1572 r"""An additional property for a LabelsValue object. 1573 1574 Fields: 1575 key: Name of the additional property. 1576 value: A string attribute. 1577 """ 1578 1579 key = _messages.StringField(1) 1580 value = _messages.StringField(2) 1581 1582 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 1583 1584 labels = _messages.MessageField('LabelsValue', 1) 1585 name = _messages.StringField(2) 1586 service = _messages.StringField(3) 1587 type = _messages.StringField(4) 1588 1589 1590class GoogleRpcContextAttributeContextResponse(_messages.Message): 1591 r"""This message defines attributes for a typical network response. It 1592 generally models semantics of an HTTP response. 1593 1594 Messages: 1595 HeadersValue: The HTTP response headers. If multiple headers share the 1596 same key, they must be merged according to HTTP spec. All header keys 1597 must be lowercased, because HTTP header keys are case-insensitive. 1598 1599 Fields: 1600 code: The HTTP response status code, such as `200` and `404`. 1601 headers: The HTTP response headers. If multiple headers share the same 1602 key, they must be merged according to HTTP spec. All header keys must be 1603 lowercased, because HTTP header keys are case-insensitive. 1604 size: The HTTP response size in bytes. If unknown, it must be -1. 1605 time: The timestamp when the `destination` service generates the first 1606 byte of the response. 1607 """ 1608 1609 @encoding.MapUnrecognizedFields('additionalProperties') 1610 class HeadersValue(_messages.Message): 1611 r"""The HTTP response headers. If multiple headers share the same key, 1612 they must be merged according to HTTP spec. All header keys must be 1613 lowercased, because HTTP header keys are case-insensitive. 1614 1615 Messages: 1616 AdditionalProperty: An additional property for a HeadersValue object. 1617 1618 Fields: 1619 additionalProperties: Additional properties of type HeadersValue 1620 """ 1621 1622 class AdditionalProperty(_messages.Message): 1623 r"""An additional property for a HeadersValue object. 1624 1625 Fields: 1626 key: Name of the additional property. 1627 value: A string attribute. 1628 """ 1629 1630 key = _messages.StringField(1) 1631 value = _messages.StringField(2) 1632 1633 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 1634 1635 code = _messages.IntegerField(1) 1636 headers = _messages.MessageField('HeadersValue', 2) 1637 size = _messages.IntegerField(3) 1638 time = _messages.StringField(4) 1639 1640 1641class GoogleRpcStatus(_messages.Message): 1642 r"""The `Status` type defines a logical error model that is suitable for 1643 different programming environments, including REST APIs and RPC APIs. It is 1644 used by [gRPC](https://github.com/grpc). Each `Status` message contains 1645 three pieces of data: error code, error message, and error details. You can 1646 find out more about this error model and how to work with it in the [API 1647 Design Guide](https://cloud.google.com/apis/design/errors). 1648 1649 Messages: 1650 DetailsValueListEntry: A DetailsValueListEntry object. 1651 1652 Fields: 1653 code: The status code, which should be an enum value of google.rpc.Code. 1654 details: A list of messages that carry the error details. There is a 1655 common set of message types for APIs to use. 1656 message: A developer-facing error message, which should be in English. Any 1657 user-facing error message should be localized and sent in the 1658 google.rpc.Status.details field, or localized by the client. 1659 """ 1660 1661 @encoding.MapUnrecognizedFields('additionalProperties') 1662 class DetailsValueListEntry(_messages.Message): 1663 r"""A DetailsValueListEntry object. 1664 1665 Messages: 1666 AdditionalProperty: An additional property for a DetailsValueListEntry 1667 object. 1668 1669 Fields: 1670 additionalProperties: Properties of the object. Contains field @type 1671 with type URL. 1672 """ 1673 1674 class AdditionalProperty(_messages.Message): 1675 r"""An additional property for a DetailsValueListEntry object. 1676 1677 Fields: 1678 key: Name of the additional property. 1679 value: A extra_types.JsonValue attribute. 1680 """ 1681 1682 key = _messages.StringField(1) 1683 value = _messages.MessageField('extra_types.JsonValue', 2) 1684 1685 additionalProperties = _messages.MessageField('AdditionalProperty', 1, repeated=True) 1686 1687 code = _messages.IntegerField(1, variant=_messages.Variant.INT32) 1688 details = _messages.MessageField('DetailsValueListEntry', 2, repeated=True) 1689 message = _messages.StringField(3) 1690 1691 1692class GoogleTypeDate(_messages.Message): 1693 r"""Represents a whole or partial calendar date, e.g. a birthday. The time 1694 of day and time zone are either specified elsewhere or are not significant. 1695 The date is relative to the Proleptic Gregorian Calendar. This can 1696 represent: * A full date, with non-zero year, month and day values * A 1697 month and day value, with a zero year, e.g. an anniversary * A year on its 1698 own, with zero month and day values * A year and month value, with a zero 1699 day, e.g. a credit card expiration date Related types are 1700 google.type.TimeOfDay and `google.protobuf.Timestamp`. 1701 1702 Fields: 1703 day: Day of month. Must be from 1 to 31 and valid for the year and month, 1704 or 0 if specifying a year by itself or a year and month where the day is 1705 not significant. 1706 month: Month of year. Must be from 1 to 12, or 0 if specifying a year 1707 without a month and day. 1708 year: Year of date. Must be from 1 to 9999, or 0 if specifying a date 1709 without a year. 1710 """ 1711 1712 day = _messages.IntegerField(1, variant=_messages.Variant.INT32) 1713 month = _messages.IntegerField(2, variant=_messages.Variant.INT32) 1714 year = _messages.IntegerField(3, variant=_messages.Variant.INT32) 1715 1716 1717class GoogleTypeExpr(_messages.Message): 1718 r"""Represents a textual expression in the Common Expression Language (CEL) 1719 syntax. CEL is a C-like expression language. The syntax and semantics of CEL 1720 are documented at https://github.com/google/cel-spec. Example (Comparison): 1721 title: "Summary size limit" description: "Determines if a summary is 1722 less than 100 chars" expression: "document.summary.size() < 100" 1723 Example (Equality): title: "Requestor is owner" description: 1724 "Determines if requestor is the document owner" expression: 1725 "document.owner == request.auth.claims.email" Example (Logic): title: 1726 "Public documents" description: "Determine whether the document should 1727 be publicly visible" expression: "document.type != 'private' && 1728 document.type != 'internal'" Example (Data Manipulation): title: 1729 "Notification string" description: "Create a notification string with a 1730 timestamp." expression: "'New message received at ' + 1731 string(document.create_time)" The exact variables and functions that may be 1732 referenced within an expression are determined by the service that evaluates 1733 it. See the service documentation for additional information. 1734 1735 Fields: 1736 description: Optional. Description of the expression. This is a longer 1737 text which describes the expression, e.g. when hovered over it in a UI. 1738 expression: Textual representation of an expression in Common Expression 1739 Language syntax. 1740 location: Optional. String indicating the location of the expression for 1741 error reporting, e.g. a file name and a position in the file. 1742 title: Optional. Title for the expression, i.e. a short string describing 1743 its purpose. This can be used e.g. in UIs which allow to enter the 1744 expression. 1745 """ 1746 1747 description = _messages.StringField(1) 1748 expression = _messages.StringField(2) 1749 location = _messages.StringField(3) 1750 title = _messages.StringField(4) 1751 1752 1753class StandardQueryParameters(_messages.Message): 1754 r"""Query parameters accepted by all methods. 1755 1756 Enums: 1757 FXgafvValueValuesEnum: V1 error format. 1758 AltValueValuesEnum: Data format for response. 1759 1760 Fields: 1761 f__xgafv: V1 error format. 1762 access_token: OAuth access token. 1763 alt: Data format for response. 1764 callback: JSONP 1765 fields: Selector specifying which fields to include in a partial response. 1766 key: API key. Your API key identifies your project and provides you with 1767 API access, quota, and reports. Required unless you provide an OAuth 2.0 1768 token. 1769 oauth_token: OAuth 2.0 token for the current user. 1770 prettyPrint: Returns response with indentations and line breaks. 1771 quotaUser: Available to use for quota purposes for server-side 1772 applications. Can be any arbitrary string assigned to a user, but should 1773 not exceed 40 characters. 1774 trace: A tracing token of the form "token:<tokenid>" to include in api 1775 requests. 1776 uploadType: Legacy upload protocol for media (e.g. "media", "multipart"). 1777 upload_protocol: Upload protocol for media (e.g. "raw", "multipart"). 1778 """ 1779 1780 class AltValueValuesEnum(_messages.Enum): 1781 r"""Data format for response. 1782 1783 Values: 1784 json: Responses with Content-Type of application/json 1785 media: Media download with context-dependent Content-Type 1786 proto: Responses with Content-Type of application/x-protobuf 1787 """ 1788 json = 0 1789 media = 1 1790 proto = 2 1791 1792 class FXgafvValueValuesEnum(_messages.Enum): 1793 r"""V1 error format. 1794 1795 Values: 1796 _1: v1 error format 1797 _2: v2 error format 1798 """ 1799 _1 = 0 1800 _2 = 1 1801 1802 f__xgafv = _messages.EnumField('FXgafvValueValuesEnum', 1) 1803 access_token = _messages.StringField(2) 1804 alt = _messages.EnumField('AltValueValuesEnum', 3, default='json') 1805 callback = _messages.StringField(4) 1806 fields = _messages.StringField(5) 1807 key = _messages.StringField(6) 1808 oauth_token = _messages.StringField(7) 1809 prettyPrint = _messages.BooleanField(8, default=True) 1810 quotaUser = _messages.StringField(9) 1811 trace = _messages.StringField(10) 1812 uploadType = _messages.StringField(11) 1813 upload_protocol = _messages.StringField(12) 1814 1815 1816encoding.AddCustomJsonFieldMapping( 1817 StandardQueryParameters, 'f__xgafv', '$.xgafv') 1818encoding.AddCustomJsonEnumMapping( 1819 StandardQueryParameters.FXgafvValueValuesEnum, '_1', '1') 1820encoding.AddCustomJsonEnumMapping( 1821 StandardQueryParameters.FXgafvValueValuesEnum, '_2', '2') 1822