1// Copyright 2021 Google LLC.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5// Code generated file. DO NOT EDIT.
6
7// Package iam provides access to the Identity and Access Management (IAM) API.
8//
9// For product documentation, see: https://cloud.google.com/iam/
10//
11// Creating a client
12//
13// Usage example:
14//
15//   import "google.golang.org/api/iam/v1"
16//   ...
17//   ctx := context.Background()
18//   iamService, err := iam.NewService(ctx)
19//
20// In this example, Google Application Default Credentials are used for authentication.
21//
22// For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.
23//
24// Other authentication options
25//
26// To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey:
27//
28//   iamService, err := iam.NewService(ctx, option.WithAPIKey("AIza..."))
29//
30// To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource:
31//
32//   config := &oauth2.Config{...}
33//   // ...
34//   token, err := config.Exchange(ctx, ...)
35//   iamService, err := iam.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))
36//
37// See https://godoc.org/google.golang.org/api/option/ for details on options.
38package iam // import "google.golang.org/api/iam/v1"
39
40import (
41	"bytes"
42	"context"
43	"encoding/json"
44	"errors"
45	"fmt"
46	"io"
47	"net/http"
48	"net/url"
49	"strconv"
50	"strings"
51
52	googleapi "google.golang.org/api/googleapi"
53	gensupport "google.golang.org/api/internal/gensupport"
54	option "google.golang.org/api/option"
55	internaloption "google.golang.org/api/option/internaloption"
56	htransport "google.golang.org/api/transport/http"
57)
58
59// Always reference these packages, just in case the auto-generated code
60// below doesn't.
61var _ = bytes.NewBuffer
62var _ = strconv.Itoa
63var _ = fmt.Sprintf
64var _ = json.NewDecoder
65var _ = io.Copy
66var _ = url.Parse
67var _ = gensupport.MarshalJSON
68var _ = googleapi.Version
69var _ = errors.New
70var _ = strings.Replace
71var _ = context.Canceled
72var _ = internaloption.WithDefaultEndpoint
73
74const apiId = "iam:v1"
75const apiName = "iam"
76const apiVersion = "v1"
77const basePath = "https://iam.googleapis.com/"
78const mtlsBasePath = "https://iam.mtls.googleapis.com/"
79
80// OAuth2 scopes used by this API.
81const (
82	// See, edit, configure, and delete your Google Cloud data and see the
83	// email address for your Google Account.
84	CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
85)
86
87// NewService creates a new Service.
88func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) {
89	scopesOption := option.WithScopes(
90		"https://www.googleapis.com/auth/cloud-platform",
91	)
92	// NOTE: prepend, so we don't override user-specified scopes.
93	opts = append([]option.ClientOption{scopesOption}, opts...)
94	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
95	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
96	client, endpoint, err := htransport.NewClient(ctx, opts...)
97	if err != nil {
98		return nil, err
99	}
100	s, err := New(client)
101	if err != nil {
102		return nil, err
103	}
104	if endpoint != "" {
105		s.BasePath = endpoint
106	}
107	return s, nil
108}
109
110// New creates a new Service. It uses the provided http.Client for requests.
111//
112// Deprecated: please use NewService instead.
113// To provide a custom HTTP client, use option.WithHTTPClient.
114// If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.
115func New(client *http.Client) (*Service, error) {
116	if client == nil {
117		return nil, errors.New("client is nil")
118	}
119	s := &Service{client: client, BasePath: basePath}
120	s.IamPolicies = NewIamPoliciesService(s)
121	s.Organizations = NewOrganizationsService(s)
122	s.Permissions = NewPermissionsService(s)
123	s.Projects = NewProjectsService(s)
124	s.Roles = NewRolesService(s)
125	return s, nil
126}
127
128type Service struct {
129	client    *http.Client
130	BasePath  string // API endpoint base URL
131	UserAgent string // optional additional User-Agent fragment
132
133	IamPolicies *IamPoliciesService
134
135	Organizations *OrganizationsService
136
137	Permissions *PermissionsService
138
139	Projects *ProjectsService
140
141	Roles *RolesService
142}
143
144func (s *Service) userAgent() string {
145	if s.UserAgent == "" {
146		return googleapi.UserAgent
147	}
148	return googleapi.UserAgent + " " + s.UserAgent
149}
150
151func NewIamPoliciesService(s *Service) *IamPoliciesService {
152	rs := &IamPoliciesService{s: s}
153	return rs
154}
155
156type IamPoliciesService struct {
157	s *Service
158}
159
160func NewOrganizationsService(s *Service) *OrganizationsService {
161	rs := &OrganizationsService{s: s}
162	rs.Roles = NewOrganizationsRolesService(s)
163	return rs
164}
165
166type OrganizationsService struct {
167	s *Service
168
169	Roles *OrganizationsRolesService
170}
171
172func NewOrganizationsRolesService(s *Service) *OrganizationsRolesService {
173	rs := &OrganizationsRolesService{s: s}
174	return rs
175}
176
177type OrganizationsRolesService struct {
178	s *Service
179}
180
181func NewPermissionsService(s *Service) *PermissionsService {
182	rs := &PermissionsService{s: s}
183	return rs
184}
185
186type PermissionsService struct {
187	s *Service
188}
189
190func NewProjectsService(s *Service) *ProjectsService {
191	rs := &ProjectsService{s: s}
192	rs.Locations = NewProjectsLocationsService(s)
193	rs.Roles = NewProjectsRolesService(s)
194	rs.ServiceAccounts = NewProjectsServiceAccountsService(s)
195	return rs
196}
197
198type ProjectsService struct {
199	s *Service
200
201	Locations *ProjectsLocationsService
202
203	Roles *ProjectsRolesService
204
205	ServiceAccounts *ProjectsServiceAccountsService
206}
207
208func NewProjectsLocationsService(s *Service) *ProjectsLocationsService {
209	rs := &ProjectsLocationsService{s: s}
210	rs.WorkloadIdentityPools = NewProjectsLocationsWorkloadIdentityPoolsService(s)
211	return rs
212}
213
214type ProjectsLocationsService struct {
215	s *Service
216
217	WorkloadIdentityPools *ProjectsLocationsWorkloadIdentityPoolsService
218}
219
220func NewProjectsLocationsWorkloadIdentityPoolsService(s *Service) *ProjectsLocationsWorkloadIdentityPoolsService {
221	rs := &ProjectsLocationsWorkloadIdentityPoolsService{s: s}
222	rs.Operations = NewProjectsLocationsWorkloadIdentityPoolsOperationsService(s)
223	rs.Providers = NewProjectsLocationsWorkloadIdentityPoolsProvidersService(s)
224	return rs
225}
226
227type ProjectsLocationsWorkloadIdentityPoolsService struct {
228	s *Service
229
230	Operations *ProjectsLocationsWorkloadIdentityPoolsOperationsService
231
232	Providers *ProjectsLocationsWorkloadIdentityPoolsProvidersService
233}
234
235func NewProjectsLocationsWorkloadIdentityPoolsOperationsService(s *Service) *ProjectsLocationsWorkloadIdentityPoolsOperationsService {
236	rs := &ProjectsLocationsWorkloadIdentityPoolsOperationsService{s: s}
237	return rs
238}
239
240type ProjectsLocationsWorkloadIdentityPoolsOperationsService struct {
241	s *Service
242}
243
244func NewProjectsLocationsWorkloadIdentityPoolsProvidersService(s *Service) *ProjectsLocationsWorkloadIdentityPoolsProvidersService {
245	rs := &ProjectsLocationsWorkloadIdentityPoolsProvidersService{s: s}
246	rs.Operations = NewProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService(s)
247	return rs
248}
249
250type ProjectsLocationsWorkloadIdentityPoolsProvidersService struct {
251	s *Service
252
253	Operations *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService
254}
255
256func NewProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService(s *Service) *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService {
257	rs := &ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService{s: s}
258	return rs
259}
260
261type ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService struct {
262	s *Service
263}
264
265func NewProjectsRolesService(s *Service) *ProjectsRolesService {
266	rs := &ProjectsRolesService{s: s}
267	return rs
268}
269
270type ProjectsRolesService struct {
271	s *Service
272}
273
274func NewProjectsServiceAccountsService(s *Service) *ProjectsServiceAccountsService {
275	rs := &ProjectsServiceAccountsService{s: s}
276	rs.Keys = NewProjectsServiceAccountsKeysService(s)
277	return rs
278}
279
280type ProjectsServiceAccountsService struct {
281	s *Service
282
283	Keys *ProjectsServiceAccountsKeysService
284}
285
286func NewProjectsServiceAccountsKeysService(s *Service) *ProjectsServiceAccountsKeysService {
287	rs := &ProjectsServiceAccountsKeysService{s: s}
288	return rs
289}
290
291type ProjectsServiceAccountsKeysService struct {
292	s *Service
293}
294
295func NewRolesService(s *Service) *RolesService {
296	rs := &RolesService{s: s}
297	return rs
298}
299
300type RolesService struct {
301	s *Service
302}
303
304// AdminAuditData: Audit log information specific to Cloud IAM admin
305// APIs. This message is serialized as an `Any` type in the
306// `ServiceData` message of an `AuditLog` message.
307type AdminAuditData struct {
308	// PermissionDelta: The permission_delta when when creating or updating
309	// a Role.
310	PermissionDelta *PermissionDelta `json:"permissionDelta,omitempty"`
311
312	// ForceSendFields is a list of field names (e.g. "PermissionDelta") to
313	// unconditionally include in API requests. By default, fields with
314	// empty or default values are omitted from API requests. However, any
315	// non-pointer, non-interface field appearing in ForceSendFields will be
316	// sent to the server regardless of whether the field is empty or not.
317	// This may be used to include empty fields in Patch requests.
318	ForceSendFields []string `json:"-"`
319
320	// NullFields is a list of field names (e.g. "PermissionDelta") to
321	// include in API requests with the JSON null value. By default, fields
322	// with empty values are omitted from API requests. However, any field
323	// with an empty value appearing in NullFields will be sent to the
324	// server as null. It is an error if a field in this list has a
325	// non-empty value. This may be used to include null fields in Patch
326	// requests.
327	NullFields []string `json:"-"`
328}
329
330func (s *AdminAuditData) MarshalJSON() ([]byte, error) {
331	type NoMethod AdminAuditData
332	raw := NoMethod(*s)
333	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
334}
335
336// AuditConfig: Specifies the audit configuration for a service. The
337// configuration determines which permission types are logged, and what
338// identities, if any, are exempted from logging. An AuditConfig must
339// have one or more AuditLogConfigs. If there are AuditConfigs for both
340// `allServices` and a specific service, the union of the two
341// AuditConfigs is used for that service: the log_types specified in
342// each AuditConfig are enabled, and the exempted_members in each
343// AuditLogConfig are exempted. Example Policy with multiple
344// AuditConfigs: { "audit_configs": [ { "service": "allServices",
345// "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members":
346// [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, {
347// "log_type": "ADMIN_READ" } ] }, { "service":
348// "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type":
349// "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [
350// "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy
351// enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts
352// jose@example.com from DATA_READ logging, and aliya@example.com from
353// DATA_WRITE logging.
354type AuditConfig struct {
355	// AuditLogConfigs: The configuration for logging of each type of
356	// permission.
357	AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"`
358
359	// Service: Specifies a service that will be enabled for audit logging.
360	// For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
361	// `allServices` is a special value that covers all services.
362	Service string `json:"service,omitempty"`
363
364	// ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to
365	// unconditionally include in API requests. By default, fields with
366	// empty or default values are omitted from API requests. However, any
367	// non-pointer, non-interface field appearing in ForceSendFields will be
368	// sent to the server regardless of whether the field is empty or not.
369	// This may be used to include empty fields in Patch requests.
370	ForceSendFields []string `json:"-"`
371
372	// NullFields is a list of field names (e.g. "AuditLogConfigs") to
373	// include in API requests with the JSON null value. By default, fields
374	// with empty values are omitted from API requests. However, any field
375	// with an empty value appearing in NullFields will be sent to the
376	// server as null. It is an error if a field in this list has a
377	// non-empty value. This may be used to include null fields in Patch
378	// requests.
379	NullFields []string `json:"-"`
380}
381
382func (s *AuditConfig) MarshalJSON() ([]byte, error) {
383	type NoMethod AuditConfig
384	raw := NoMethod(*s)
385	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
386}
387
388// AuditData: Audit log information specific to Cloud IAM. This message
389// is serialized as an `Any` type in the `ServiceData` message of an
390// `AuditLog` message.
391type AuditData struct {
392	// PolicyDelta: Policy delta between the original policy and the newly
393	// set policy.
394	PolicyDelta *PolicyDelta `json:"policyDelta,omitempty"`
395
396	// ForceSendFields is a list of field names (e.g. "PolicyDelta") to
397	// unconditionally include in API requests. By default, fields with
398	// empty or default values are omitted from API requests. However, any
399	// non-pointer, non-interface field appearing in ForceSendFields will be
400	// sent to the server regardless of whether the field is empty or not.
401	// This may be used to include empty fields in Patch requests.
402	ForceSendFields []string `json:"-"`
403
404	// NullFields is a list of field names (e.g. "PolicyDelta") to include
405	// in API requests with the JSON null value. By default, fields with
406	// empty values are omitted from API requests. However, any field with
407	// an empty value appearing in NullFields will be sent to the server as
408	// null. It is an error if a field in this list has a non-empty value.
409	// This may be used to include null fields in Patch requests.
410	NullFields []string `json:"-"`
411}
412
413func (s *AuditData) MarshalJSON() ([]byte, error) {
414	type NoMethod AuditData
415	raw := NoMethod(*s)
416	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
417}
418
419// AuditLogConfig: Provides the configuration for logging a type of
420// permissions. Example: { "audit_log_configs": [ { "log_type":
421// "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, {
422// "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and
423// 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ
424// logging.
425type AuditLogConfig struct {
426	// ExemptedMembers: Specifies the identities that do not cause logging
427	// for this type of permission. Follows the same format of
428	// Binding.members.
429	ExemptedMembers []string `json:"exemptedMembers,omitempty"`
430
431	// LogType: The log type that this config enables.
432	//
433	// Possible values:
434	//   "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this.
435	//   "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy
436	//   "DATA_WRITE" - Data writes. Example: CloudSQL Users create
437	//   "DATA_READ" - Data reads. Example: CloudSQL Users list
438	LogType string `json:"logType,omitempty"`
439
440	// ForceSendFields is a list of field names (e.g. "ExemptedMembers") to
441	// unconditionally include in API requests. By default, fields with
442	// empty or default values are omitted from API requests. However, any
443	// non-pointer, non-interface field appearing in ForceSendFields will be
444	// sent to the server regardless of whether the field is empty or not.
445	// This may be used to include empty fields in Patch requests.
446	ForceSendFields []string `json:"-"`
447
448	// NullFields is a list of field names (e.g. "ExemptedMembers") to
449	// include in API requests with the JSON null value. By default, fields
450	// with empty values are omitted from API requests. However, any field
451	// with an empty value appearing in NullFields will be sent to the
452	// server as null. It is an error if a field in this list has a
453	// non-empty value. This may be used to include null fields in Patch
454	// requests.
455	NullFields []string `json:"-"`
456}
457
458func (s *AuditLogConfig) MarshalJSON() ([]byte, error) {
459	type NoMethod AuditLogConfig
460	raw := NoMethod(*s)
461	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
462}
463
464// AuditableService: Contains information about an auditable service.
465type AuditableService struct {
466	// Name: Public name of the service. For example, the service name for
467	// Cloud IAM is 'iam.googleapis.com'.
468	Name string `json:"name,omitempty"`
469
470	// ForceSendFields is a list of field names (e.g. "Name") to
471	// unconditionally include in API requests. By default, fields with
472	// empty or default values are omitted from API requests. However, any
473	// non-pointer, non-interface field appearing in ForceSendFields will be
474	// sent to the server regardless of whether the field is empty or not.
475	// This may be used to include empty fields in Patch requests.
476	ForceSendFields []string `json:"-"`
477
478	// NullFields is a list of field names (e.g. "Name") to include in API
479	// requests with the JSON null value. By default, fields with empty
480	// values are omitted from API requests. However, any field with an
481	// empty value appearing in NullFields will be sent to the server as
482	// null. It is an error if a field in this list has a non-empty value.
483	// This may be used to include null fields in Patch requests.
484	NullFields []string `json:"-"`
485}
486
487func (s *AuditableService) MarshalJSON() ([]byte, error) {
488	type NoMethod AuditableService
489	raw := NoMethod(*s)
490	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
491}
492
493// Aws: Represents an Amazon Web Services identity provider.
494type Aws struct {
495	// AccountId: Required. The AWS account ID.
496	AccountId string `json:"accountId,omitempty"`
497
498	// ForceSendFields is a list of field names (e.g. "AccountId") to
499	// unconditionally include in API requests. By default, fields with
500	// empty or default values are omitted from API requests. However, any
501	// non-pointer, non-interface field appearing in ForceSendFields will be
502	// sent to the server regardless of whether the field is empty or not.
503	// This may be used to include empty fields in Patch requests.
504	ForceSendFields []string `json:"-"`
505
506	// NullFields is a list of field names (e.g. "AccountId") to include in
507	// API requests with the JSON null value. By default, fields with empty
508	// values are omitted from API requests. However, any field with an
509	// empty value appearing in NullFields will be sent to the server as
510	// null. It is an error if a field in this list has a non-empty value.
511	// This may be used to include null fields in Patch requests.
512	NullFields []string `json:"-"`
513}
514
515func (s *Aws) MarshalJSON() ([]byte, error) {
516	type NoMethod Aws
517	raw := NoMethod(*s)
518	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
519}
520
521// Binding: Associates `members` with a `role`.
522type Binding struct {
523	// Condition: The condition that is associated with this binding. If the
524	// condition evaluates to `true`, then this binding applies to the
525	// current request. If the condition evaluates to `false`, then this
526	// binding does not apply to the current request. However, a different
527	// role binding might grant the same role to one or more of the members
528	// in this binding. To learn which resources support conditions in their
529	// IAM policies, see the IAM documentation
530	// (https://cloud.google.com/iam/help/conditions/resource-policies).
531	Condition *Expr `json:"condition,omitempty"`
532
533	// Members: Specifies the identities requesting access for a Cloud
534	// Platform resource. `members` can have the following values: *
535	// `allUsers`: A special identifier that represents anyone who is on the
536	// internet; with or without a Google account. *
537	// `allAuthenticatedUsers`: A special identifier that represents anyone
538	// who is authenticated with a Google account or a service account. *
539	// `user:{emailid}`: An email address that represents a specific Google
540	// account. For example, `alice@example.com` . *
541	// `serviceAccount:{emailid}`: An email address that represents a
542	// service account. For example,
543	// `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An
544	// email address that represents a Google group. For example,
545	// `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An
546	// email address (plus unique identifier) representing a user that has
547	// been recently deleted. For example,
548	// `alice@example.com?uid=123456789012345678901`. If the user is
549	// recovered, this value reverts to `user:{emailid}` and the recovered
550	// user retains the role in the binding. *
551	// `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address
552	// (plus unique identifier) representing a service account that has been
553	// recently deleted. For example,
554	// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
555	// If the service account is undeleted, this value reverts to
556	// `serviceAccount:{emailid}` and the undeleted service account retains
557	// the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`:
558	// An email address (plus unique identifier) representing a Google group
559	// that has been recently deleted. For example,
560	// `admins@example.com?uid=123456789012345678901`. If the group is
561	// recovered, this value reverts to `group:{emailid}` and the recovered
562	// group retains the role in the binding. * `domain:{domain}`: The G
563	// Suite domain (primary) that represents all the users of that domain.
564	// For example, `google.com` or `example.com`.
565	Members []string `json:"members,omitempty"`
566
567	// Role: Role that is assigned to `members`. For example,
568	// `roles/viewer`, `roles/editor`, or `roles/owner`.
569	Role string `json:"role,omitempty"`
570
571	// ForceSendFields is a list of field names (e.g. "Condition") to
572	// unconditionally include in API requests. By default, fields with
573	// empty or default values are omitted from API requests. However, any
574	// non-pointer, non-interface field appearing in ForceSendFields will be
575	// sent to the server regardless of whether the field is empty or not.
576	// This may be used to include empty fields in Patch requests.
577	ForceSendFields []string `json:"-"`
578
579	// NullFields is a list of field names (e.g. "Condition") to include in
580	// API requests with the JSON null value. By default, fields with empty
581	// values are omitted from API requests. However, any field with an
582	// empty value appearing in NullFields will be sent to the server as
583	// null. It is an error if a field in this list has a non-empty value.
584	// This may be used to include null fields in Patch requests.
585	NullFields []string `json:"-"`
586}
587
588func (s *Binding) MarshalJSON() ([]byte, error) {
589	type NoMethod Binding
590	raw := NoMethod(*s)
591	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
592}
593
594// BindingDelta: One delta entry for Binding. Each individual change
595// (only one member in each entry) to a binding will be a separate
596// entry.
597type BindingDelta struct {
598	// Action: The action that was performed on a Binding. Required
599	//
600	// Possible values:
601	//   "ACTION_UNSPECIFIED" - Unspecified.
602	//   "ADD" - Addition of a Binding.
603	//   "REMOVE" - Removal of a Binding.
604	Action string `json:"action,omitempty"`
605
606	// Condition: The condition that is associated with this binding.
607	Condition *Expr `json:"condition,omitempty"`
608
609	// Member: A single identity requesting access for a Cloud Platform
610	// resource. Follows the same format of Binding.members. Required
611	Member string `json:"member,omitempty"`
612
613	// Role: Role that is assigned to `members`. For example,
614	// `roles/viewer`, `roles/editor`, or `roles/owner`. Required
615	Role string `json:"role,omitempty"`
616
617	// ForceSendFields is a list of field names (e.g. "Action") to
618	// unconditionally include in API requests. By default, fields with
619	// empty or default values are omitted from API requests. However, any
620	// non-pointer, non-interface field appearing in ForceSendFields will be
621	// sent to the server regardless of whether the field is empty or not.
622	// This may be used to include empty fields in Patch requests.
623	ForceSendFields []string `json:"-"`
624
625	// NullFields is a list of field names (e.g. "Action") to include in API
626	// requests with the JSON null value. By default, fields with empty
627	// values are omitted from API requests. However, any field with an
628	// empty value appearing in NullFields will be sent to the server as
629	// null. It is an error if a field in this list has a non-empty value.
630	// This may be used to include null fields in Patch requests.
631	NullFields []string `json:"-"`
632}
633
634func (s *BindingDelta) MarshalJSON() ([]byte, error) {
635	type NoMethod BindingDelta
636	raw := NoMethod(*s)
637	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
638}
639
640// CreateRoleRequest: The request to create a new role.
641type CreateRoleRequest struct {
642	// Role: The Role resource to create.
643	Role *Role `json:"role,omitempty"`
644
645	// RoleId: The role ID to use for this role. A role ID may contain
646	// alphanumeric characters, underscores (`_`), and periods (`.`). It
647	// must contain a minimum of 3 characters and a maximum of 64
648	// characters.
649	RoleId string `json:"roleId,omitempty"`
650
651	// ForceSendFields is a list of field names (e.g. "Role") to
652	// unconditionally include in API requests. By default, fields with
653	// empty or default values are omitted from API requests. However, any
654	// non-pointer, non-interface field appearing in ForceSendFields will be
655	// sent to the server regardless of whether the field is empty or not.
656	// This may be used to include empty fields in Patch requests.
657	ForceSendFields []string `json:"-"`
658
659	// NullFields is a list of field names (e.g. "Role") to include in API
660	// requests with the JSON null value. By default, fields with empty
661	// values are omitted from API requests. However, any field with an
662	// empty value appearing in NullFields will be sent to the server as
663	// null. It is an error if a field in this list has a non-empty value.
664	// This may be used to include null fields in Patch requests.
665	NullFields []string `json:"-"`
666}
667
668func (s *CreateRoleRequest) MarshalJSON() ([]byte, error) {
669	type NoMethod CreateRoleRequest
670	raw := NoMethod(*s)
671	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
672}
673
674// CreateServiceAccountKeyRequest: The service account key create
675// request.
676type CreateServiceAccountKeyRequest struct {
677	// KeyAlgorithm: Which type of key and algorithm to use for the key. The
678	// default is currently a 2K RSA key. However this may change in the
679	// future.
680	//
681	// Possible values:
682	//   "KEY_ALG_UNSPECIFIED" - An unspecified key algorithm.
683	//   "KEY_ALG_RSA_1024" - 1k RSA Key.
684	//   "KEY_ALG_RSA_2048" - 2k RSA Key.
685	KeyAlgorithm string `json:"keyAlgorithm,omitempty"`
686
687	// PrivateKeyType: The output format of the private key. The default
688	// value is `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google
689	// Credentials File format.
690	//
691	// Possible values:
692	//   "TYPE_UNSPECIFIED" - Unspecified. Equivalent to
693	// `TYPE_GOOGLE_CREDENTIALS_FILE`.
694	//   "TYPE_PKCS12_FILE" - PKCS12 format. The password for the PKCS12
695	// file is `notasecret`. For more information, see
696	// https://tools.ietf.org/html/rfc7292.
697	//   "TYPE_GOOGLE_CREDENTIALS_FILE" - Google Credentials File format.
698	PrivateKeyType string `json:"privateKeyType,omitempty"`
699
700	// ForceSendFields is a list of field names (e.g. "KeyAlgorithm") to
701	// unconditionally include in API requests. By default, fields with
702	// empty or default values are omitted from API requests. However, any
703	// non-pointer, non-interface field appearing in ForceSendFields will be
704	// sent to the server regardless of whether the field is empty or not.
705	// This may be used to include empty fields in Patch requests.
706	ForceSendFields []string `json:"-"`
707
708	// NullFields is a list of field names (e.g. "KeyAlgorithm") to include
709	// in API requests with the JSON null value. By default, fields with
710	// empty values are omitted from API requests. However, any field with
711	// an empty value appearing in NullFields will be sent to the server as
712	// null. It is an error if a field in this list has a non-empty value.
713	// This may be used to include null fields in Patch requests.
714	NullFields []string `json:"-"`
715}
716
717func (s *CreateServiceAccountKeyRequest) MarshalJSON() ([]byte, error) {
718	type NoMethod CreateServiceAccountKeyRequest
719	raw := NoMethod(*s)
720	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
721}
722
723// CreateServiceAccountRequest: The service account create request.
724type CreateServiceAccountRequest struct {
725	// AccountId: Required. The account id that is used to generate the
726	// service account email address and a stable unique id. It is unique
727	// within a project, must be 6-30 characters long, and match the regular
728	// expression `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
729	AccountId string `json:"accountId,omitempty"`
730
731	// ServiceAccount: The ServiceAccount resource to create. Currently,
732	// only the following values are user assignable: `display_name` and
733	// `description`.
734	ServiceAccount *ServiceAccount `json:"serviceAccount,omitempty"`
735
736	// ForceSendFields is a list of field names (e.g. "AccountId") to
737	// unconditionally include in API requests. By default, fields with
738	// empty or default values are omitted from API requests. However, any
739	// non-pointer, non-interface field appearing in ForceSendFields will be
740	// sent to the server regardless of whether the field is empty or not.
741	// This may be used to include empty fields in Patch requests.
742	ForceSendFields []string `json:"-"`
743
744	// NullFields is a list of field names (e.g. "AccountId") to include in
745	// API requests with the JSON null value. By default, fields with empty
746	// values are omitted from API requests. However, any field with an
747	// empty value appearing in NullFields will be sent to the server as
748	// null. It is an error if a field in this list has a non-empty value.
749	// This may be used to include null fields in Patch requests.
750	NullFields []string `json:"-"`
751}
752
753func (s *CreateServiceAccountRequest) MarshalJSON() ([]byte, error) {
754	type NoMethod CreateServiceAccountRequest
755	raw := NoMethod(*s)
756	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
757}
758
759// DisableServiceAccountKeyRequest: The service account key disable
760// request.
761type DisableServiceAccountKeyRequest struct {
762}
763
764// DisableServiceAccountRequest: The service account disable request.
765type DisableServiceAccountRequest struct {
766}
767
768// Empty: A generic empty message that you can re-use to avoid defining
769// duplicated empty messages in your APIs. A typical example is to use
770// it as the request or the response type of an API method. For
771// instance: service Foo { rpc Bar(google.protobuf.Empty) returns
772// (google.protobuf.Empty); } The JSON representation for `Empty` is
773// empty JSON object `{}`.
774type Empty struct {
775	// ServerResponse contains the HTTP response code and headers from the
776	// server.
777	googleapi.ServerResponse `json:"-"`
778}
779
780// EnableServiceAccountKeyRequest: The service account key enable
781// request.
782type EnableServiceAccountKeyRequest struct {
783}
784
785// EnableServiceAccountRequest: The service account enable request.
786type EnableServiceAccountRequest struct {
787}
788
789// Expr: Represents a textual expression in the Common Expression
790// Language (CEL) syntax. CEL is a C-like expression language. The
791// syntax and semantics of CEL are documented at
792// https://github.com/google/cel-spec. Example (Comparison): title:
793// "Summary size limit" description: "Determines if a summary is less
794// than 100 chars" expression: "document.summary.size() < 100" Example
795// (Equality): title: "Requestor is owner" description: "Determines if
796// requestor is the document owner" expression: "document.owner ==
797// request.auth.claims.email" Example (Logic): title: "Public documents"
798// description: "Determine whether the document should be publicly
799// visible" expression: "document.type != 'private' && document.type !=
800// 'internal'" Example (Data Manipulation): title: "Notification string"
801// description: "Create a notification string with a timestamp."
802// expression: "'New message received at ' +
803// string(document.create_time)" The exact variables and functions that
804// may be referenced within an expression are determined by the service
805// that evaluates it. See the service documentation for additional
806// information.
807type Expr struct {
808	// Description: Optional. Description of the expression. This is a
809	// longer text which describes the expression, e.g. when hovered over it
810	// in a UI.
811	Description string `json:"description,omitempty"`
812
813	// Expression: Textual representation of an expression in Common
814	// Expression Language syntax.
815	Expression string `json:"expression,omitempty"`
816
817	// Location: Optional. String indicating the location of the expression
818	// for error reporting, e.g. a file name and a position in the file.
819	Location string `json:"location,omitempty"`
820
821	// Title: Optional. Title for the expression, i.e. a short string
822	// describing its purpose. This can be used e.g. in UIs which allow to
823	// enter the expression.
824	Title string `json:"title,omitempty"`
825
826	// ForceSendFields is a list of field names (e.g. "Description") to
827	// unconditionally include in API requests. By default, fields with
828	// empty or default values are omitted from API requests. However, any
829	// non-pointer, non-interface field appearing in ForceSendFields will be
830	// sent to the server regardless of whether the field is empty or not.
831	// This may be used to include empty fields in Patch requests.
832	ForceSendFields []string `json:"-"`
833
834	// NullFields is a list of field names (e.g. "Description") to include
835	// in API requests with the JSON null value. By default, fields with
836	// empty values are omitted from API requests. However, any field with
837	// an empty value appearing in NullFields will be sent to the server as
838	// null. It is an error if a field in this list has a non-empty value.
839	// This may be used to include null fields in Patch requests.
840	NullFields []string `json:"-"`
841}
842
843func (s *Expr) MarshalJSON() ([]byte, error) {
844	type NoMethod Expr
845	raw := NoMethod(*s)
846	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
847}
848
849// LintPolicyRequest: The request to lint a Cloud IAM policy object.
850type LintPolicyRequest struct {
851	// Condition: google.iam.v1.Binding.condition object to be linted.
852	Condition *Expr `json:"condition,omitempty"`
853
854	// FullResourceName: The full resource name of the policy this lint
855	// request is about. The name follows the Google Cloud Platform (GCP)
856	// resource format. For example, a GCP project with ID `my-project` will
857	// be named `//cloudresourcemanager.googleapis.com/projects/my-project`.
858	// The resource name is not used to read the policy instance from the
859	// Cloud IAM database. The candidate policy for lint has to be provided
860	// in the same request object.
861	FullResourceName string `json:"fullResourceName,omitempty"`
862
863	// ForceSendFields is a list of field names (e.g. "Condition") to
864	// unconditionally include in API requests. By default, fields with
865	// empty or default values are omitted from API requests. However, any
866	// non-pointer, non-interface field appearing in ForceSendFields will be
867	// sent to the server regardless of whether the field is empty or not.
868	// This may be used to include empty fields in Patch requests.
869	ForceSendFields []string `json:"-"`
870
871	// NullFields is a list of field names (e.g. "Condition") to include in
872	// API requests with the JSON null value. By default, fields with empty
873	// values are omitted from API requests. However, any field with an
874	// empty value appearing in NullFields will be sent to the server as
875	// null. It is an error if a field in this list has a non-empty value.
876	// This may be used to include null fields in Patch requests.
877	NullFields []string `json:"-"`
878}
879
880func (s *LintPolicyRequest) MarshalJSON() ([]byte, error) {
881	type NoMethod LintPolicyRequest
882	raw := NoMethod(*s)
883	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
884}
885
886// LintPolicyResponse: The response of a lint operation. An empty
887// response indicates the operation was able to fully execute and no
888// lint issue was found.
889type LintPolicyResponse struct {
890	// LintResults: List of lint results sorted by `severity` in descending
891	// order.
892	LintResults []*LintResult `json:"lintResults,omitempty"`
893
894	// ServerResponse contains the HTTP response code and headers from the
895	// server.
896	googleapi.ServerResponse `json:"-"`
897
898	// ForceSendFields is a list of field names (e.g. "LintResults") to
899	// unconditionally include in API requests. By default, fields with
900	// empty or default values are omitted from API requests. However, any
901	// non-pointer, non-interface field appearing in ForceSendFields will be
902	// sent to the server regardless of whether the field is empty or not.
903	// This may be used to include empty fields in Patch requests.
904	ForceSendFields []string `json:"-"`
905
906	// NullFields is a list of field names (e.g. "LintResults") to include
907	// in API requests with the JSON null value. By default, fields with
908	// empty values are omitted from API requests. However, any field with
909	// an empty value appearing in NullFields will be sent to the server as
910	// null. It is an error if a field in this list has a non-empty value.
911	// This may be used to include null fields in Patch requests.
912	NullFields []string `json:"-"`
913}
914
915func (s *LintPolicyResponse) MarshalJSON() ([]byte, error) {
916	type NoMethod LintPolicyResponse
917	raw := NoMethod(*s)
918	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
919}
920
921// LintResult: Structured response of a single validation unit.
922type LintResult struct {
923	// DebugMessage: Human readable debug message associated with the issue.
924	DebugMessage string `json:"debugMessage,omitempty"`
925
926	// FieldName: The name of the field for which this lint result is about.
927	// For nested messages `field_name` consists of names of the embedded
928	// fields separated by period character. The top-level qualifier is the
929	// input object to lint in the request. For example, the `field_name`
930	// value `condition.expression` identifies a lint result for the
931	// `expression` field of the provided condition.
932	FieldName string `json:"fieldName,omitempty"`
933
934	// Level: The validation unit level.
935	//
936	// Possible values:
937	//   "LEVEL_UNSPECIFIED" - Level is unspecified.
938	//   "CONDITION" - A validation unit which operates on an individual
939	// condition within a binding.
940	Level string `json:"level,omitempty"`
941
942	// LocationOffset: 0-based character position of problematic construct
943	// within the object identified by `field_name`. Currently, this is
944	// populated only for condition expression.
945	LocationOffset int64 `json:"locationOffset,omitempty"`
946
947	// Severity: The validation unit severity.
948	//
949	// Possible values:
950	//   "SEVERITY_UNSPECIFIED" - Severity is unspecified.
951	//   "ERROR" - A validation unit returns an error only for critical
952	// issues. If an attempt is made to set the problematic policy without
953	// rectifying the critical issue, it causes the `setPolicy` operation to
954	// fail.
955	//   "WARNING" - Any issue which is severe enough but does not cause an
956	// error. For example, suspicious constructs in the input object will
957	// not necessarily fail `setPolicy`, but there is a high likelihood that
958	// they won't behave as expected during policy evaluation in
959	// `checkPolicy`. This includes the following common scenarios: -
960	// Unsatisfiable condition: Expired timestamp in date/time condition. -
961	// Ineffective condition: Condition on a pair which is granted
962	// unconditionally in another binding of the same policy.
963	//   "NOTICE" - Reserved for the issues that are not severe as
964	// `ERROR`/`WARNING`, but need special handling. For instance, messages
965	// about skipped validation units are issued as `NOTICE`.
966	//   "INFO" - Any informative statement which is not severe enough to
967	// raise `ERROR`/`WARNING`/`NOTICE`, like auto-correction
968	// recommendations on the input content. Note that current version of
969	// the linter does not utilize `INFO`.
970	//   "DEPRECATED" - Deprecated severity level.
971	Severity string `json:"severity,omitempty"`
972
973	// ValidationUnitName: The validation unit name, for instance
974	// "lintValidationUnits/ConditionComplexityCheck".
975	ValidationUnitName string `json:"validationUnitName,omitempty"`
976
977	// ForceSendFields is a list of field names (e.g. "DebugMessage") to
978	// unconditionally include in API requests. By default, fields with
979	// empty or default values are omitted from API requests. However, any
980	// non-pointer, non-interface field appearing in ForceSendFields will be
981	// sent to the server regardless of whether the field is empty or not.
982	// This may be used to include empty fields in Patch requests.
983	ForceSendFields []string `json:"-"`
984
985	// NullFields is a list of field names (e.g. "DebugMessage") to include
986	// in API requests with the JSON null value. By default, fields with
987	// empty values are omitted from API requests. However, any field with
988	// an empty value appearing in NullFields will be sent to the server as
989	// null. It is an error if a field in this list has a non-empty value.
990	// This may be used to include null fields in Patch requests.
991	NullFields []string `json:"-"`
992}
993
994func (s *LintResult) MarshalJSON() ([]byte, error) {
995	type NoMethod LintResult
996	raw := NoMethod(*s)
997	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
998}
999
1000// ListRolesResponse: The response containing the roles defined under a
1001// resource.
1002type ListRolesResponse struct {
1003	// NextPageToken: To retrieve the next page of results, set
1004	// `ListRolesRequest.page_token` to this value.
1005	NextPageToken string `json:"nextPageToken,omitempty"`
1006
1007	// Roles: The Roles defined on this resource.
1008	Roles []*Role `json:"roles,omitempty"`
1009
1010	// ServerResponse contains the HTTP response code and headers from the
1011	// server.
1012	googleapi.ServerResponse `json:"-"`
1013
1014	// ForceSendFields is a list of field names (e.g. "NextPageToken") to
1015	// unconditionally include in API requests. By default, fields with
1016	// empty or default values are omitted from API requests. However, any
1017	// non-pointer, non-interface field appearing in ForceSendFields will be
1018	// sent to the server regardless of whether the field is empty or not.
1019	// This may be used to include empty fields in Patch requests.
1020	ForceSendFields []string `json:"-"`
1021
1022	// NullFields is a list of field names (e.g. "NextPageToken") to include
1023	// in API requests with the JSON null value. By default, fields with
1024	// empty values are omitted from API requests. However, any field with
1025	// an empty value appearing in NullFields will be sent to the server as
1026	// null. It is an error if a field in this list has a non-empty value.
1027	// This may be used to include null fields in Patch requests.
1028	NullFields []string `json:"-"`
1029}
1030
1031func (s *ListRolesResponse) MarshalJSON() ([]byte, error) {
1032	type NoMethod ListRolesResponse
1033	raw := NoMethod(*s)
1034	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1035}
1036
1037// ListServiceAccountKeysResponse: The service account keys list
1038// response.
1039type ListServiceAccountKeysResponse struct {
1040	// Keys: The public keys for the service account.
1041	Keys []*ServiceAccountKey `json:"keys,omitempty"`
1042
1043	// ServerResponse contains the HTTP response code and headers from the
1044	// server.
1045	googleapi.ServerResponse `json:"-"`
1046
1047	// ForceSendFields is a list of field names (e.g. "Keys") to
1048	// unconditionally include in API requests. By default, fields with
1049	// empty or default values are omitted from API requests. However, any
1050	// non-pointer, non-interface field appearing in ForceSendFields will be
1051	// sent to the server regardless of whether the field is empty or not.
1052	// This may be used to include empty fields in Patch requests.
1053	ForceSendFields []string `json:"-"`
1054
1055	// NullFields is a list of field names (e.g. "Keys") to include in API
1056	// requests with the JSON null value. By default, fields with empty
1057	// values are omitted from API requests. However, any field with an
1058	// empty value appearing in NullFields will be sent to the server as
1059	// null. It is an error if a field in this list has a non-empty value.
1060	// This may be used to include null fields in Patch requests.
1061	NullFields []string `json:"-"`
1062}
1063
1064func (s *ListServiceAccountKeysResponse) MarshalJSON() ([]byte, error) {
1065	type NoMethod ListServiceAccountKeysResponse
1066	raw := NoMethod(*s)
1067	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1068}
1069
1070// ListServiceAccountsResponse: The service account list response.
1071type ListServiceAccountsResponse struct {
1072	// Accounts: The list of matching service accounts.
1073	Accounts []*ServiceAccount `json:"accounts,omitempty"`
1074
1075	// NextPageToken: To retrieve the next page of results, set
1076	// ListServiceAccountsRequest.page_token to this value.
1077	NextPageToken string `json:"nextPageToken,omitempty"`
1078
1079	// ServerResponse contains the HTTP response code and headers from the
1080	// server.
1081	googleapi.ServerResponse `json:"-"`
1082
1083	// ForceSendFields is a list of field names (e.g. "Accounts") to
1084	// unconditionally include in API requests. By default, fields with
1085	// empty or default values are omitted from API requests. However, any
1086	// non-pointer, non-interface field appearing in ForceSendFields will be
1087	// sent to the server regardless of whether the field is empty or not.
1088	// This may be used to include empty fields in Patch requests.
1089	ForceSendFields []string `json:"-"`
1090
1091	// NullFields is a list of field names (e.g. "Accounts") to include in
1092	// API requests with the JSON null value. By default, fields with empty
1093	// values are omitted from API requests. However, any field with an
1094	// empty value appearing in NullFields will be sent to the server as
1095	// null. It is an error if a field in this list has a non-empty value.
1096	// This may be used to include null fields in Patch requests.
1097	NullFields []string `json:"-"`
1098}
1099
1100func (s *ListServiceAccountsResponse) MarshalJSON() ([]byte, error) {
1101	type NoMethod ListServiceAccountsResponse
1102	raw := NoMethod(*s)
1103	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1104}
1105
1106// ListWorkloadIdentityPoolProvidersResponse: Response message for
1107// ListWorkloadIdentityPoolProviders.
1108type ListWorkloadIdentityPoolProvidersResponse struct {
1109	// NextPageToken: A token, which can be sent as `page_token` to retrieve
1110	// the next page. If this field is omitted, there are no subsequent
1111	// pages.
1112	NextPageToken string `json:"nextPageToken,omitempty"`
1113
1114	// WorkloadIdentityPoolProviders: A list of providers.
1115	WorkloadIdentityPoolProviders []*WorkloadIdentityPoolProvider `json:"workloadIdentityPoolProviders,omitempty"`
1116
1117	// ServerResponse contains the HTTP response code and headers from the
1118	// server.
1119	googleapi.ServerResponse `json:"-"`
1120
1121	// ForceSendFields is a list of field names (e.g. "NextPageToken") to
1122	// unconditionally include in API requests. By default, fields with
1123	// empty or default values are omitted from API requests. However, any
1124	// non-pointer, non-interface field appearing in ForceSendFields will be
1125	// sent to the server regardless of whether the field is empty or not.
1126	// This may be used to include empty fields in Patch requests.
1127	ForceSendFields []string `json:"-"`
1128
1129	// NullFields is a list of field names (e.g. "NextPageToken") to include
1130	// in API requests with the JSON null value. By default, fields with
1131	// empty values are omitted from API requests. However, any field with
1132	// an empty value appearing in NullFields will be sent to the server as
1133	// null. It is an error if a field in this list has a non-empty value.
1134	// This may be used to include null fields in Patch requests.
1135	NullFields []string `json:"-"`
1136}
1137
1138func (s *ListWorkloadIdentityPoolProvidersResponse) MarshalJSON() ([]byte, error) {
1139	type NoMethod ListWorkloadIdentityPoolProvidersResponse
1140	raw := NoMethod(*s)
1141	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1142}
1143
1144// ListWorkloadIdentityPoolsResponse: Response message for
1145// ListWorkloadIdentityPools.
1146type ListWorkloadIdentityPoolsResponse struct {
1147	// NextPageToken: A token, which can be sent as `page_token` to retrieve
1148	// the next page. If this field is omitted, there are no subsequent
1149	// pages.
1150	NextPageToken string `json:"nextPageToken,omitempty"`
1151
1152	// WorkloadIdentityPools: A list of pools.
1153	WorkloadIdentityPools []*WorkloadIdentityPool `json:"workloadIdentityPools,omitempty"`
1154
1155	// ServerResponse contains the HTTP response code and headers from the
1156	// server.
1157	googleapi.ServerResponse `json:"-"`
1158
1159	// ForceSendFields is a list of field names (e.g. "NextPageToken") to
1160	// unconditionally include in API requests. By default, fields with
1161	// empty or default values are omitted from API requests. However, any
1162	// non-pointer, non-interface field appearing in ForceSendFields will be
1163	// sent to the server regardless of whether the field is empty or not.
1164	// This may be used to include empty fields in Patch requests.
1165	ForceSendFields []string `json:"-"`
1166
1167	// NullFields is a list of field names (e.g. "NextPageToken") to include
1168	// in API requests with the JSON null value. By default, fields with
1169	// empty values are omitted from API requests. However, any field with
1170	// an empty value appearing in NullFields will be sent to the server as
1171	// null. It is an error if a field in this list has a non-empty value.
1172	// This may be used to include null fields in Patch requests.
1173	NullFields []string `json:"-"`
1174}
1175
1176func (s *ListWorkloadIdentityPoolsResponse) MarshalJSON() ([]byte, error) {
1177	type NoMethod ListWorkloadIdentityPoolsResponse
1178	raw := NoMethod(*s)
1179	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1180}
1181
1182// Oidc: Represents an OpenId Connect 1.0 identity provider.
1183type Oidc struct {
1184	// AllowedAudiences: Acceptable values for the `aud` field (audience) in
1185	// the OIDC token. Token exchange requests are rejected if the token
1186	// audience does not match one of the configured values. Each audience
1187	// may be at most 256 characters. A maximum of 10 audiences may be
1188	// configured. If this list is empty, the OIDC token audience must be
1189	// equal to the full canonical resource name of the
1190	// WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For
1191	// example: ```
1192	// //iam.googleapis.com/projects//locations//workloadIdentityPools//provi
1193	// ders/
1194	// https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/
1195	// ```
1196	AllowedAudiences []string `json:"allowedAudiences,omitempty"`
1197
1198	// IssuerUri: Required. The OIDC issuer URL. Must be an HTTPS endpoint.
1199	IssuerUri string `json:"issuerUri,omitempty"`
1200
1201	// ForceSendFields is a list of field names (e.g. "AllowedAudiences") to
1202	// unconditionally include in API requests. By default, fields with
1203	// empty or default values are omitted from API requests. However, any
1204	// non-pointer, non-interface field appearing in ForceSendFields will be
1205	// sent to the server regardless of whether the field is empty or not.
1206	// This may be used to include empty fields in Patch requests.
1207	ForceSendFields []string `json:"-"`
1208
1209	// NullFields is a list of field names (e.g. "AllowedAudiences") to
1210	// include in API requests with the JSON null value. By default, fields
1211	// with empty values are omitted from API requests. However, any field
1212	// with an empty value appearing in NullFields will be sent to the
1213	// server as null. It is an error if a field in this list has a
1214	// non-empty value. This may be used to include null fields in Patch
1215	// requests.
1216	NullFields []string `json:"-"`
1217}
1218
1219func (s *Oidc) MarshalJSON() ([]byte, error) {
1220	type NoMethod Oidc
1221	raw := NoMethod(*s)
1222	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1223}
1224
1225// Operation: This resource represents a long-running operation that is
1226// the result of a network API call.
1227type Operation struct {
1228	// Done: If the value is `false`, it means the operation is still in
1229	// progress. If `true`, the operation is completed, and either `error`
1230	// or `response` is available.
1231	Done bool `json:"done,omitempty"`
1232
1233	// Error: The error result of the operation in case of failure or
1234	// cancellation.
1235	Error *Status `json:"error,omitempty"`
1236
1237	// Metadata: Service-specific metadata associated with the operation. It
1238	// typically contains progress information and common metadata such as
1239	// create time. Some services might not provide such metadata. Any
1240	// method that returns a long-running operation should document the
1241	// metadata type, if any.
1242	Metadata googleapi.RawMessage `json:"metadata,omitempty"`
1243
1244	// Name: The server-assigned name, which is only unique within the same
1245	// service that originally returns it. If you use the default HTTP
1246	// mapping, the `name` should be a resource name ending with
1247	// `operations/{unique_id}`.
1248	Name string `json:"name,omitempty"`
1249
1250	// Response: The normal response of the operation in case of success. If
1251	// the original method returns no data on success, such as `Delete`, the
1252	// response is `google.protobuf.Empty`. If the original method is
1253	// standard `Get`/`Create`/`Update`, the response should be the
1254	// resource. For other methods, the response should have the type
1255	// `XxxResponse`, where `Xxx` is the original method name. For example,
1256	// if the original method name is `TakeSnapshot()`, the inferred
1257	// response type is `TakeSnapshotResponse`.
1258	Response googleapi.RawMessage `json:"response,omitempty"`
1259
1260	// ServerResponse contains the HTTP response code and headers from the
1261	// server.
1262	googleapi.ServerResponse `json:"-"`
1263
1264	// ForceSendFields is a list of field names (e.g. "Done") to
1265	// unconditionally include in API requests. By default, fields with
1266	// empty or default values are omitted from API requests. However, any
1267	// non-pointer, non-interface field appearing in ForceSendFields will be
1268	// sent to the server regardless of whether the field is empty or not.
1269	// This may be used to include empty fields in Patch requests.
1270	ForceSendFields []string `json:"-"`
1271
1272	// NullFields is a list of field names (e.g. "Done") to include in API
1273	// requests with the JSON null value. By default, fields with empty
1274	// values are omitted from API requests. However, any field with an
1275	// empty value appearing in NullFields will be sent to the server as
1276	// null. It is an error if a field in this list has a non-empty value.
1277	// This may be used to include null fields in Patch requests.
1278	NullFields []string `json:"-"`
1279}
1280
1281func (s *Operation) MarshalJSON() ([]byte, error) {
1282	type NoMethod Operation
1283	raw := NoMethod(*s)
1284	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1285}
1286
1287// PatchServiceAccountRequest: The request for PatchServiceAccount. You
1288// can patch only the `display_name` and `description` fields. You must
1289// use the `update_mask` field to specify which of these fields you want
1290// to patch. Only the fields specified in the request are guaranteed to
1291// be returned in the response. Other fields may be empty in the
1292// response.
1293type PatchServiceAccountRequest struct {
1294	ServiceAccount *ServiceAccount `json:"serviceAccount,omitempty"`
1295
1296	UpdateMask string `json:"updateMask,omitempty"`
1297
1298	// ForceSendFields is a list of field names (e.g. "ServiceAccount") to
1299	// unconditionally include in API requests. By default, fields with
1300	// empty or default values are omitted from API requests. However, any
1301	// non-pointer, non-interface field appearing in ForceSendFields will be
1302	// sent to the server regardless of whether the field is empty or not.
1303	// This may be used to include empty fields in Patch requests.
1304	ForceSendFields []string `json:"-"`
1305
1306	// NullFields is a list of field names (e.g. "ServiceAccount") to
1307	// include in API requests with the JSON null value. By default, fields
1308	// with empty values are omitted from API requests. However, any field
1309	// with an empty value appearing in NullFields will be sent to the
1310	// server as null. It is an error if a field in this list has a
1311	// non-empty value. This may be used to include null fields in Patch
1312	// requests.
1313	NullFields []string `json:"-"`
1314}
1315
1316func (s *PatchServiceAccountRequest) MarshalJSON() ([]byte, error) {
1317	type NoMethod PatchServiceAccountRequest
1318	raw := NoMethod(*s)
1319	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1320}
1321
1322// Permission: A permission which can be included by a role.
1323type Permission struct {
1324	// ApiDisabled: The service API associated with the permission is not
1325	// enabled.
1326	ApiDisabled bool `json:"apiDisabled,omitempty"`
1327
1328	// CustomRolesSupportLevel: The current custom role support level.
1329	//
1330	// Possible values:
1331	//   "SUPPORTED" - Default state. Permission is fully supported for
1332	// custom role use.
1333	//   "TESTING" - Permission is being tested to check custom role
1334	// compatibility.
1335	//   "NOT_SUPPORTED" - Permission is not supported for custom role use.
1336	CustomRolesSupportLevel string `json:"customRolesSupportLevel,omitempty"`
1337
1338	// Description: A brief description of what this Permission is used for.
1339	// This permission can ONLY be used in predefined roles.
1340	Description string `json:"description,omitempty"`
1341
1342	// Name: The name of this Permission.
1343	Name string `json:"name,omitempty"`
1344
1345	OnlyInPredefinedRoles bool `json:"onlyInPredefinedRoles,omitempty"`
1346
1347	// PrimaryPermission: The preferred name for this permission. If
1348	// present, then this permission is an alias of, and equivalent to, the
1349	// listed primary_permission.
1350	PrimaryPermission string `json:"primaryPermission,omitempty"`
1351
1352	// Stage: The current launch stage of the permission.
1353	//
1354	// Possible values:
1355	//   "ALPHA" - The permission is currently in an alpha phase.
1356	//   "BETA" - The permission is currently in a beta phase.
1357	//   "GA" - The permission is generally available.
1358	//   "DEPRECATED" - The permission is being deprecated.
1359	Stage string `json:"stage,omitempty"`
1360
1361	// Title: The title of this Permission.
1362	Title string `json:"title,omitempty"`
1363
1364	// ForceSendFields is a list of field names (e.g. "ApiDisabled") to
1365	// unconditionally include in API requests. By default, fields with
1366	// empty or default values are omitted from API requests. However, any
1367	// non-pointer, non-interface field appearing in ForceSendFields will be
1368	// sent to the server regardless of whether the field is empty or not.
1369	// This may be used to include empty fields in Patch requests.
1370	ForceSendFields []string `json:"-"`
1371
1372	// NullFields is a list of field names (e.g. "ApiDisabled") to include
1373	// in API requests with the JSON null value. By default, fields with
1374	// empty values are omitted from API requests. However, any field with
1375	// an empty value appearing in NullFields will be sent to the server as
1376	// null. It is an error if a field in this list has a non-empty value.
1377	// This may be used to include null fields in Patch requests.
1378	NullFields []string `json:"-"`
1379}
1380
1381func (s *Permission) MarshalJSON() ([]byte, error) {
1382	type NoMethod Permission
1383	raw := NoMethod(*s)
1384	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1385}
1386
1387// PermissionDelta: A PermissionDelta message to record the
1388// added_permissions and removed_permissions inside a role.
1389type PermissionDelta struct {
1390	// AddedPermissions: Added permissions.
1391	AddedPermissions []string `json:"addedPermissions,omitempty"`
1392
1393	// RemovedPermissions: Removed permissions.
1394	RemovedPermissions []string `json:"removedPermissions,omitempty"`
1395
1396	// ForceSendFields is a list of field names (e.g. "AddedPermissions") to
1397	// unconditionally include in API requests. By default, fields with
1398	// empty or default values are omitted from API requests. However, any
1399	// non-pointer, non-interface field appearing in ForceSendFields will be
1400	// sent to the server regardless of whether the field is empty or not.
1401	// This may be used to include empty fields in Patch requests.
1402	ForceSendFields []string `json:"-"`
1403
1404	// NullFields is a list of field names (e.g. "AddedPermissions") to
1405	// include in API requests with the JSON null value. By default, fields
1406	// with empty values are omitted from API requests. However, any field
1407	// with an empty value appearing in NullFields will be sent to the
1408	// server as null. It is an error if a field in this list has a
1409	// non-empty value. This may be used to include null fields in Patch
1410	// requests.
1411	NullFields []string `json:"-"`
1412}
1413
1414func (s *PermissionDelta) MarshalJSON() ([]byte, error) {
1415	type NoMethod PermissionDelta
1416	raw := NoMethod(*s)
1417	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1418}
1419
1420// Policy: An Identity and Access Management (IAM) policy, which
1421// specifies access controls for Google Cloud resources. A `Policy` is a
1422// collection of `bindings`. A `binding` binds one or more `members` to
1423// a single `role`. Members can be user accounts, service accounts,
1424// Google groups, and domains (such as G Suite). A `role` is a named
1425// list of permissions; each `role` can be an IAM predefined role or a
1426// user-created custom role. For some types of Google Cloud resources, a
1427// `binding` can also specify a `condition`, which is a logical
1428// expression that allows access to a resource only if the expression
1429// evaluates to `true`. A condition can add constraints based on
1430// attributes of the request, the resource, or both. To learn which
1431// resources support conditions in their IAM policies, see the IAM
1432// documentation
1433// (https://cloud.google.com/iam/help/conditions/resource-policies).
1434// **JSON example:** { "bindings": [ { "role":
1435// "roles/resourcemanager.organizationAdmin", "members": [
1436// "user:mike@example.com", "group:admins@example.com",
1437// "domain:google.com",
1438// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, {
1439// "role": "roles/resourcemanager.organizationViewer", "members": [
1440// "user:eve@example.com" ], "condition": { "title": "expirable access",
1441// "description": "Does not grant access after Sep 2020", "expression":
1442// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ],
1443// "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: -
1444// members: - user:mike@example.com - group:admins@example.com -
1445// domain:google.com -
1446// serviceAccount:my-project-id@appspot.gserviceaccount.com role:
1447// roles/resourcemanager.organizationAdmin - members: -
1448// user:eve@example.com role: roles/resourcemanager.organizationViewer
1449// condition: title: expirable access description: Does not grant access
1450// after Sep 2020 expression: request.time <
1451// timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3
1452// For a description of IAM and its features, see the IAM documentation
1453// (https://cloud.google.com/iam/docs/).
1454type Policy struct {
1455	// AuditConfigs: Specifies cloud audit logging configuration for this
1456	// policy.
1457	AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"`
1458
1459	// Bindings: Associates a list of `members` to a `role`. Optionally, may
1460	// specify a `condition` that determines how and when the `bindings` are
1461	// applied. Each of the `bindings` must contain at least one member.
1462	Bindings []*Binding `json:"bindings,omitempty"`
1463
1464	// Etag: `etag` is used for optimistic concurrency control as a way to
1465	// help prevent simultaneous updates of a policy from overwriting each
1466	// other. It is strongly suggested that systems make use of the `etag`
1467	// in the read-modify-write cycle to perform policy updates in order to
1468	// avoid race conditions: An `etag` is returned in the response to
1469	// `getIamPolicy`, and systems are expected to put that etag in the
1470	// request to `setIamPolicy` to ensure that their change will be applied
1471	// to the same version of the policy. **Important:** If you use IAM
1472	// Conditions, you must include the `etag` field whenever you call
1473	// `setIamPolicy`. If you omit this field, then IAM allows you to
1474	// overwrite a version `3` policy with a version `1` policy, and all of
1475	// the conditions in the version `3` policy are lost.
1476	Etag string `json:"etag,omitempty"`
1477
1478	// Version: Specifies the format of the policy. Valid values are `0`,
1479	// `1`, and `3`. Requests that specify an invalid value are rejected.
1480	// Any operation that affects conditional role bindings must specify
1481	// version `3`. This requirement applies to the following operations: *
1482	// Getting a policy that includes a conditional role binding * Adding a
1483	// conditional role binding to a policy * Changing a conditional role
1484	// binding in a policy * Removing any role binding, with or without a
1485	// condition, from a policy that includes conditions **Important:** If
1486	// you use IAM Conditions, you must include the `etag` field whenever
1487	// you call `setIamPolicy`. If you omit this field, then IAM allows you
1488	// to overwrite a version `3` policy with a version `1` policy, and all
1489	// of the conditions in the version `3` policy are lost. If a policy
1490	// does not include any conditions, operations on that policy may
1491	// specify any valid version or leave the field unset. To learn which
1492	// resources support conditions in their IAM policies, see the IAM
1493	// documentation
1494	// (https://cloud.google.com/iam/help/conditions/resource-policies).
1495	Version int64 `json:"version,omitempty"`
1496
1497	// ServerResponse contains the HTTP response code and headers from the
1498	// server.
1499	googleapi.ServerResponse `json:"-"`
1500
1501	// ForceSendFields is a list of field names (e.g. "AuditConfigs") to
1502	// unconditionally include in API requests. By default, fields with
1503	// empty or default values are omitted from API requests. However, any
1504	// non-pointer, non-interface field appearing in ForceSendFields will be
1505	// sent to the server regardless of whether the field is empty or not.
1506	// This may be used to include empty fields in Patch requests.
1507	ForceSendFields []string `json:"-"`
1508
1509	// NullFields is a list of field names (e.g. "AuditConfigs") to include
1510	// in API requests with the JSON null value. By default, fields with
1511	// empty values are omitted from API requests. However, any field with
1512	// an empty value appearing in NullFields will be sent to the server as
1513	// null. It is an error if a field in this list has a non-empty value.
1514	// This may be used to include null fields in Patch requests.
1515	NullFields []string `json:"-"`
1516}
1517
1518func (s *Policy) MarshalJSON() ([]byte, error) {
1519	type NoMethod Policy
1520	raw := NoMethod(*s)
1521	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1522}
1523
1524// PolicyDelta: The difference delta between two policies.
1525type PolicyDelta struct {
1526	// BindingDeltas: The delta for Bindings between two policies.
1527	BindingDeltas []*BindingDelta `json:"bindingDeltas,omitempty"`
1528
1529	// ForceSendFields is a list of field names (e.g. "BindingDeltas") to
1530	// unconditionally include in API requests. By default, fields with
1531	// empty or default values are omitted from API requests. However, any
1532	// non-pointer, non-interface field appearing in ForceSendFields will be
1533	// sent to the server regardless of whether the field is empty or not.
1534	// This may be used to include empty fields in Patch requests.
1535	ForceSendFields []string `json:"-"`
1536
1537	// NullFields is a list of field names (e.g. "BindingDeltas") to include
1538	// in API requests with the JSON null value. By default, fields with
1539	// empty values are omitted from API requests. However, any field with
1540	// an empty value appearing in NullFields will be sent to the server as
1541	// null. It is an error if a field in this list has a non-empty value.
1542	// This may be used to include null fields in Patch requests.
1543	NullFields []string `json:"-"`
1544}
1545
1546func (s *PolicyDelta) MarshalJSON() ([]byte, error) {
1547	type NoMethod PolicyDelta
1548	raw := NoMethod(*s)
1549	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1550}
1551
1552// QueryAuditableServicesRequest: A request to get the list of auditable
1553// services for a resource.
1554type QueryAuditableServicesRequest struct {
1555	// FullResourceName: Required. The full resource name to query from the
1556	// list of auditable services. The name follows the Google Cloud
1557	// Platform resource format. For example, a Cloud Platform project with
1558	// id `my-project` will be named
1559	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
1560	FullResourceName string `json:"fullResourceName,omitempty"`
1561
1562	// ForceSendFields is a list of field names (e.g. "FullResourceName") to
1563	// unconditionally include in API requests. By default, fields with
1564	// empty or default values are omitted from API requests. However, any
1565	// non-pointer, non-interface field appearing in ForceSendFields will be
1566	// sent to the server regardless of whether the field is empty or not.
1567	// This may be used to include empty fields in Patch requests.
1568	ForceSendFields []string `json:"-"`
1569
1570	// NullFields is a list of field names (e.g. "FullResourceName") to
1571	// include in API requests with the JSON null value. By default, fields
1572	// with empty values are omitted from API requests. However, any field
1573	// with an empty value appearing in NullFields will be sent to the
1574	// server as null. It is an error if a field in this list has a
1575	// non-empty value. This may be used to include null fields in Patch
1576	// requests.
1577	NullFields []string `json:"-"`
1578}
1579
1580func (s *QueryAuditableServicesRequest) MarshalJSON() ([]byte, error) {
1581	type NoMethod QueryAuditableServicesRequest
1582	raw := NoMethod(*s)
1583	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1584}
1585
1586// QueryAuditableServicesResponse: A response containing a list of
1587// auditable services for a resource.
1588type QueryAuditableServicesResponse struct {
1589	// Services: The auditable services for a resource.
1590	Services []*AuditableService `json:"services,omitempty"`
1591
1592	// ServerResponse contains the HTTP response code and headers from the
1593	// server.
1594	googleapi.ServerResponse `json:"-"`
1595
1596	// ForceSendFields is a list of field names (e.g. "Services") to
1597	// unconditionally include in API requests. By default, fields with
1598	// empty or default values are omitted from API requests. However, any
1599	// non-pointer, non-interface field appearing in ForceSendFields will be
1600	// sent to the server regardless of whether the field is empty or not.
1601	// This may be used to include empty fields in Patch requests.
1602	ForceSendFields []string `json:"-"`
1603
1604	// NullFields is a list of field names (e.g. "Services") to include in
1605	// API requests with the JSON null value. By default, fields with empty
1606	// values are omitted from API requests. However, any field with an
1607	// empty value appearing in NullFields will be sent to the server as
1608	// null. It is an error if a field in this list has a non-empty value.
1609	// This may be used to include null fields in Patch requests.
1610	NullFields []string `json:"-"`
1611}
1612
1613func (s *QueryAuditableServicesResponse) MarshalJSON() ([]byte, error) {
1614	type NoMethod QueryAuditableServicesResponse
1615	raw := NoMethod(*s)
1616	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1617}
1618
1619// QueryGrantableRolesRequest: The grantable role query request.
1620type QueryGrantableRolesRequest struct {
1621	// FullResourceName: Required. The full resource name to query from the
1622	// list of grantable roles. The name follows the Google Cloud Platform
1623	// resource format. For example, a Cloud Platform project with id
1624	// `my-project` will be named
1625	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
1626	FullResourceName string `json:"fullResourceName,omitempty"`
1627
1628	// PageSize: Optional limit on the number of roles to include in the
1629	// response. The default is 300, and the maximum is 1,000.
1630	PageSize int64 `json:"pageSize,omitempty"`
1631
1632	// PageToken: Optional pagination token returned in an earlier
1633	// QueryGrantableRolesResponse.
1634	PageToken string `json:"pageToken,omitempty"`
1635
1636	// Possible values:
1637	//   "BASIC" - Omits the `included_permissions` field. This is the
1638	// default value.
1639	//   "FULL" - Returns all fields.
1640	View string `json:"view,omitempty"`
1641
1642	// ForceSendFields is a list of field names (e.g. "FullResourceName") to
1643	// unconditionally include in API requests. By default, fields with
1644	// empty or default values are omitted from API requests. However, any
1645	// non-pointer, non-interface field appearing in ForceSendFields will be
1646	// sent to the server regardless of whether the field is empty or not.
1647	// This may be used to include empty fields in Patch requests.
1648	ForceSendFields []string `json:"-"`
1649
1650	// NullFields is a list of field names (e.g. "FullResourceName") to
1651	// include in API requests with the JSON null value. By default, fields
1652	// with empty values are omitted from API requests. However, any field
1653	// with an empty value appearing in NullFields will be sent to the
1654	// server as null. It is an error if a field in this list has a
1655	// non-empty value. This may be used to include null fields in Patch
1656	// requests.
1657	NullFields []string `json:"-"`
1658}
1659
1660func (s *QueryGrantableRolesRequest) MarshalJSON() ([]byte, error) {
1661	type NoMethod QueryGrantableRolesRequest
1662	raw := NoMethod(*s)
1663	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1664}
1665
1666// QueryGrantableRolesResponse: The grantable role query response.
1667type QueryGrantableRolesResponse struct {
1668	// NextPageToken: To retrieve the next page of results, set
1669	// `QueryGrantableRolesRequest.page_token` to this value.
1670	NextPageToken string `json:"nextPageToken,omitempty"`
1671
1672	// Roles: The list of matching roles.
1673	Roles []*Role `json:"roles,omitempty"`
1674
1675	// ServerResponse contains the HTTP response code and headers from the
1676	// server.
1677	googleapi.ServerResponse `json:"-"`
1678
1679	// ForceSendFields is a list of field names (e.g. "NextPageToken") to
1680	// unconditionally include in API requests. By default, fields with
1681	// empty or default values are omitted from API requests. However, any
1682	// non-pointer, non-interface field appearing in ForceSendFields will be
1683	// sent to the server regardless of whether the field is empty or not.
1684	// This may be used to include empty fields in Patch requests.
1685	ForceSendFields []string `json:"-"`
1686
1687	// NullFields is a list of field names (e.g. "NextPageToken") to include
1688	// in API requests with the JSON null value. By default, fields with
1689	// empty values are omitted from API requests. However, any field with
1690	// an empty value appearing in NullFields will be sent to the server as
1691	// null. It is an error if a field in this list has a non-empty value.
1692	// This may be used to include null fields in Patch requests.
1693	NullFields []string `json:"-"`
1694}
1695
1696func (s *QueryGrantableRolesResponse) MarshalJSON() ([]byte, error) {
1697	type NoMethod QueryGrantableRolesResponse
1698	raw := NoMethod(*s)
1699	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1700}
1701
1702// QueryTestablePermissionsRequest: A request to get permissions which
1703// can be tested on a resource.
1704type QueryTestablePermissionsRequest struct {
1705	// FullResourceName: Required. The full resource name to query from the
1706	// list of testable permissions. The name follows the Google Cloud
1707	// Platform resource format. For example, a Cloud Platform project with
1708	// id `my-project` will be named
1709	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
1710	FullResourceName string `json:"fullResourceName,omitempty"`
1711
1712	// PageSize: Optional limit on the number of permissions to include in
1713	// the response. The default is 100, and the maximum is 1,000.
1714	PageSize int64 `json:"pageSize,omitempty"`
1715
1716	// PageToken: Optional pagination token returned in an earlier
1717	// QueryTestablePermissionsRequest.
1718	PageToken string `json:"pageToken,omitempty"`
1719
1720	// ForceSendFields is a list of field names (e.g. "FullResourceName") to
1721	// unconditionally include in API requests. By default, fields with
1722	// empty or default values are omitted from API requests. However, any
1723	// non-pointer, non-interface field appearing in ForceSendFields will be
1724	// sent to the server regardless of whether the field is empty or not.
1725	// This may be used to include empty fields in Patch requests.
1726	ForceSendFields []string `json:"-"`
1727
1728	// NullFields is a list of field names (e.g. "FullResourceName") to
1729	// include in API requests with the JSON null value. By default, fields
1730	// with empty values are omitted from API requests. However, any field
1731	// with an empty value appearing in NullFields will be sent to the
1732	// server as null. It is an error if a field in this list has a
1733	// non-empty value. This may be used to include null fields in Patch
1734	// requests.
1735	NullFields []string `json:"-"`
1736}
1737
1738func (s *QueryTestablePermissionsRequest) MarshalJSON() ([]byte, error) {
1739	type NoMethod QueryTestablePermissionsRequest
1740	raw := NoMethod(*s)
1741	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1742}
1743
1744// QueryTestablePermissionsResponse: The response containing permissions
1745// which can be tested on a resource.
1746type QueryTestablePermissionsResponse struct {
1747	// NextPageToken: To retrieve the next page of results, set
1748	// `QueryTestableRolesRequest.page_token` to this value.
1749	NextPageToken string `json:"nextPageToken,omitempty"`
1750
1751	// Permissions: The Permissions testable on the requested resource.
1752	Permissions []*Permission `json:"permissions,omitempty"`
1753
1754	// ServerResponse contains the HTTP response code and headers from the
1755	// server.
1756	googleapi.ServerResponse `json:"-"`
1757
1758	// ForceSendFields is a list of field names (e.g. "NextPageToken") to
1759	// unconditionally include in API requests. By default, fields with
1760	// empty or default values are omitted from API requests. However, any
1761	// non-pointer, non-interface field appearing in ForceSendFields will be
1762	// sent to the server regardless of whether the field is empty or not.
1763	// This may be used to include empty fields in Patch requests.
1764	ForceSendFields []string `json:"-"`
1765
1766	// NullFields is a list of field names (e.g. "NextPageToken") to include
1767	// in API requests with the JSON null value. By default, fields with
1768	// empty values are omitted from API requests. However, any field with
1769	// an empty value appearing in NullFields will be sent to the server as
1770	// null. It is an error if a field in this list has a non-empty value.
1771	// This may be used to include null fields in Patch requests.
1772	NullFields []string `json:"-"`
1773}
1774
1775func (s *QueryTestablePermissionsResponse) MarshalJSON() ([]byte, error) {
1776	type NoMethod QueryTestablePermissionsResponse
1777	raw := NoMethod(*s)
1778	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1779}
1780
1781// Role: A role in the Identity and Access Management API.
1782type Role struct {
1783	// Deleted: The current deleted state of the role. This field is read
1784	// only. It will be ignored in calls to CreateRole and UpdateRole.
1785	Deleted bool `json:"deleted,omitempty"`
1786
1787	// Description: Optional. A human-readable description for the role.
1788	Description string `json:"description,omitempty"`
1789
1790	// Etag: Used to perform a consistent read-modify-write.
1791	Etag string `json:"etag,omitempty"`
1792
1793	// IncludedPermissions: The names of the permissions this role grants
1794	// when bound in an IAM policy.
1795	IncludedPermissions []string `json:"includedPermissions,omitempty"`
1796
1797	// Name: The name of the role. When Role is used in CreateRole, the role
1798	// name must not be set. When Role is used in output and other input
1799	// such as UpdateRole, the role name is the complete path, e.g.,
1800	// roles/logging.viewer for predefined roles and
1801	// organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom
1802	// roles.
1803	Name string `json:"name,omitempty"`
1804
1805	// Stage: The current launch stage of the role. If the `ALPHA` launch
1806	// stage has been selected for a role, the `stage` field will not be
1807	// included in the returned definition for the role.
1808	//
1809	// Possible values:
1810	//   "ALPHA" - The user has indicated this role is currently in an Alpha
1811	// phase. If this launch stage is selected, the `stage` field will not
1812	// be included when requesting the definition for a given role.
1813	//   "BETA" - The user has indicated this role is currently in a Beta
1814	// phase.
1815	//   "GA" - The user has indicated this role is generally available.
1816	//   "DEPRECATED" - The user has indicated this role is being
1817	// deprecated.
1818	//   "DISABLED" - This role is disabled and will not contribute
1819	// permissions to any members it is granted to in policies.
1820	//   "EAP" - The user has indicated this role is currently in an EAP
1821	// phase.
1822	Stage string `json:"stage,omitempty"`
1823
1824	// Title: Optional. A human-readable title for the role. Typically this
1825	// is limited to 100 UTF-8 bytes.
1826	Title string `json:"title,omitempty"`
1827
1828	// ServerResponse contains the HTTP response code and headers from the
1829	// server.
1830	googleapi.ServerResponse `json:"-"`
1831
1832	// ForceSendFields is a list of field names (e.g. "Deleted") to
1833	// unconditionally include in API requests. By default, fields with
1834	// empty or default values are omitted from API requests. However, any
1835	// non-pointer, non-interface field appearing in ForceSendFields will be
1836	// sent to the server regardless of whether the field is empty or not.
1837	// This may be used to include empty fields in Patch requests.
1838	ForceSendFields []string `json:"-"`
1839
1840	// NullFields is a list of field names (e.g. "Deleted") to include in
1841	// API requests with the JSON null value. By default, fields with empty
1842	// values are omitted from API requests. However, any field with an
1843	// empty value appearing in NullFields will be sent to the server as
1844	// null. It is an error if a field in this list has a non-empty value.
1845	// This may be used to include null fields in Patch requests.
1846	NullFields []string `json:"-"`
1847}
1848
1849func (s *Role) MarshalJSON() ([]byte, error) {
1850	type NoMethod Role
1851	raw := NoMethod(*s)
1852	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1853}
1854
1855// ServiceAccount: An IAM service account. A service account is an
1856// account for an application or a virtual machine (VM) instance, not a
1857// person. You can use a service account to call Google APIs. To learn
1858// more, read the overview of service accounts
1859// (https://cloud.google.com/iam/help/service-accounts/overview). When
1860// you create a service account, you specify the project ID that owns
1861// the service account, as well as a name that must be unique within the
1862// project. IAM uses these values to create an email address that
1863// identifies the service account.
1864type ServiceAccount struct {
1865	// Description: Optional. A user-specified, human-readable description
1866	// of the service account. The maximum length is 256 UTF-8 bytes.
1867	Description string `json:"description,omitempty"`
1868
1869	// Disabled: Output only. Whether the service account is disabled.
1870	Disabled bool `json:"disabled,omitempty"`
1871
1872	// DisplayName: Optional. A user-specified, human-readable name for the
1873	// service account. The maximum length is 100 UTF-8 bytes.
1874	DisplayName string `json:"displayName,omitempty"`
1875
1876	// Email: Output only. The email address of the service account.
1877	Email string `json:"email,omitempty"`
1878
1879	// Etag: Deprecated. Do not use.
1880	Etag string `json:"etag,omitempty"`
1881
1882	// Name: The resource name of the service account. Use one of the
1883	// following formats: *
1884	// `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` *
1885	// `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an
1886	// alternative, you can use the `-` wildcard character instead of the
1887	// project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` *
1888	// `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using
1889	// the `-` wildcard character, because it can cause response messages to
1890	// contain misleading error codes. For example, if you try to get the
1891	// service account `projects/-/serviceAccounts/fake@example.com`, which
1892	// does not exist, the response contains an HTTP `403 Forbidden` error
1893	// instead of a `404 Not Found` error.
1894	Name string `json:"name,omitempty"`
1895
1896	// Oauth2ClientId: Output only. The OAuth 2.0 client ID for the service
1897	// account.
1898	Oauth2ClientId string `json:"oauth2ClientId,omitempty"`
1899
1900	// ProjectId: Output only. The ID of the project that owns the service
1901	// account.
1902	ProjectId string `json:"projectId,omitempty"`
1903
1904	// UniqueId: Output only. The unique, stable numeric ID for the service
1905	// account. Each service account retains its unique ID even if you
1906	// delete the service account. For example, if you delete a service
1907	// account, then create a new service account with the same name, the
1908	// new service account has a different unique ID than the deleted
1909	// service account.
1910	UniqueId string `json:"uniqueId,omitempty"`
1911
1912	// ServerResponse contains the HTTP response code and headers from the
1913	// server.
1914	googleapi.ServerResponse `json:"-"`
1915
1916	// ForceSendFields is a list of field names (e.g. "Description") to
1917	// unconditionally include in API requests. By default, fields with
1918	// empty or default values are omitted from API requests. However, any
1919	// non-pointer, non-interface field appearing in ForceSendFields will be
1920	// sent to the server regardless of whether the field is empty or not.
1921	// This may be used to include empty fields in Patch requests.
1922	ForceSendFields []string `json:"-"`
1923
1924	// NullFields is a list of field names (e.g. "Description") to include
1925	// in API requests with the JSON null value. By default, fields with
1926	// empty values are omitted from API requests. However, any field with
1927	// an empty value appearing in NullFields will be sent to the server as
1928	// null. It is an error if a field in this list has a non-empty value.
1929	// This may be used to include null fields in Patch requests.
1930	NullFields []string `json:"-"`
1931}
1932
1933func (s *ServiceAccount) MarshalJSON() ([]byte, error) {
1934	type NoMethod ServiceAccount
1935	raw := NoMethod(*s)
1936	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1937}
1938
1939// ServiceAccountKey: Represents a service account key. A service
1940// account has two sets of key-pairs: user-managed, and system-managed.
1941// User-managed key-pairs can be created and deleted by users. Users are
1942// responsible for rotating these keys periodically to ensure security
1943// of their service accounts. Users retain the private key of these
1944// key-pairs, and Google retains ONLY the public key. System-managed
1945// keys are automatically rotated by Google, and are used for signing
1946// for a maximum of two weeks. The rotation process is probabilistic,
1947// and usage of the new key will gradually ramp up and down over the
1948// key's lifetime. If you cache the public key set for a service
1949// account, we recommend that you update the cache every 15 minutes.
1950// User-managed keys can be added and removed at any time, so it is
1951// important to update the cache frequently. For Google-managed keys,
1952// Google will publish a key at least 6 hours before it is first used
1953// for signing and will keep publishing it for at least 6 hours after it
1954// was last used for signing. Public keys for all service accounts are
1955// also published at the OAuth2 Service Account API.
1956type ServiceAccountKey struct {
1957	// Disabled: The key status.
1958	Disabled bool `json:"disabled,omitempty"`
1959
1960	// KeyAlgorithm: Specifies the algorithm (and possibly key size) for the
1961	// key.
1962	//
1963	// Possible values:
1964	//   "KEY_ALG_UNSPECIFIED" - An unspecified key algorithm.
1965	//   "KEY_ALG_RSA_1024" - 1k RSA Key.
1966	//   "KEY_ALG_RSA_2048" - 2k RSA Key.
1967	KeyAlgorithm string `json:"keyAlgorithm,omitempty"`
1968
1969	// KeyOrigin: The key origin.
1970	//
1971	// Possible values:
1972	//   "ORIGIN_UNSPECIFIED" - Unspecified key origin.
1973	//   "USER_PROVIDED" - Key is provided by user.
1974	//   "GOOGLE_PROVIDED" - Key is provided by Google.
1975	KeyOrigin string `json:"keyOrigin,omitempty"`
1976
1977	// KeyType: The key type.
1978	//
1979	// Possible values:
1980	//   "KEY_TYPE_UNSPECIFIED" - Unspecified key type. The presence of this
1981	// in the message will immediately result in an error.
1982	//   "USER_MANAGED" - User-managed keys (managed and rotated by the
1983	// user).
1984	//   "SYSTEM_MANAGED" - System-managed keys (managed and rotated by
1985	// Google).
1986	KeyType string `json:"keyType,omitempty"`
1987
1988	// Name: The resource name of the service account key in the following
1989	// format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
1990	Name string `json:"name,omitempty"`
1991
1992	// PrivateKeyData: The private key data. Only provided in
1993	// `CreateServiceAccountKey` responses. Make sure to keep the private
1994	// key data secure because it allows for the assertion of the service
1995	// account identity. When base64 decoded, the private key data can be
1996	// used to authenticate with Google API client libraries and with gcloud
1997	// auth activate-service-account.
1998	PrivateKeyData string `json:"privateKeyData,omitempty"`
1999
2000	// PrivateKeyType: The output format for the private key. Only provided
2001	// in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey`
2002	// or `ListServiceAccountKey` responses. Google never exposes
2003	// system-managed private keys, and never retains user-managed private
2004	// keys.
2005	//
2006	// Possible values:
2007	//   "TYPE_UNSPECIFIED" - Unspecified. Equivalent to
2008	// `TYPE_GOOGLE_CREDENTIALS_FILE`.
2009	//   "TYPE_PKCS12_FILE" - PKCS12 format. The password for the PKCS12
2010	// file is `notasecret`. For more information, see
2011	// https://tools.ietf.org/html/rfc7292.
2012	//   "TYPE_GOOGLE_CREDENTIALS_FILE" - Google Credentials File format.
2013	PrivateKeyType string `json:"privateKeyType,omitempty"`
2014
2015	// PublicKeyData: The public key data. Only provided in
2016	// `GetServiceAccountKey` responses.
2017	PublicKeyData string `json:"publicKeyData,omitempty"`
2018
2019	// ValidAfterTime: The key can be used after this timestamp.
2020	ValidAfterTime string `json:"validAfterTime,omitempty"`
2021
2022	// ValidBeforeTime: The key can be used before this timestamp. For
2023	// system-managed key pairs, this timestamp is the end time for the
2024	// private key signing operation. The public key could still be used for
2025	// verification for a few hours after this time.
2026	ValidBeforeTime string `json:"validBeforeTime,omitempty"`
2027
2028	// ServerResponse contains the HTTP response code and headers from the
2029	// server.
2030	googleapi.ServerResponse `json:"-"`
2031
2032	// ForceSendFields is a list of field names (e.g. "Disabled") to
2033	// unconditionally include in API requests. By default, fields with
2034	// empty or default values are omitted from API requests. However, any
2035	// non-pointer, non-interface field appearing in ForceSendFields will be
2036	// sent to the server regardless of whether the field is empty or not.
2037	// This may be used to include empty fields in Patch requests.
2038	ForceSendFields []string `json:"-"`
2039
2040	// NullFields is a list of field names (e.g. "Disabled") to include in
2041	// API requests with the JSON null value. By default, fields with empty
2042	// values are omitted from API requests. However, any field with an
2043	// empty value appearing in NullFields will be sent to the server as
2044	// null. It is an error if a field in this list has a non-empty value.
2045	// This may be used to include null fields in Patch requests.
2046	NullFields []string `json:"-"`
2047}
2048
2049func (s *ServiceAccountKey) MarshalJSON() ([]byte, error) {
2050	type NoMethod ServiceAccountKey
2051	raw := NoMethod(*s)
2052	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2053}
2054
2055// SetIamPolicyRequest: Request message for `SetIamPolicy` method.
2056type SetIamPolicyRequest struct {
2057	// Policy: REQUIRED: The complete policy to be applied to the
2058	// `resource`. The size of the policy is limited to a few 10s of KB. An
2059	// empty policy is a valid policy but certain Cloud Platform services
2060	// (such as Projects) might reject them.
2061	Policy *Policy `json:"policy,omitempty"`
2062
2063	// UpdateMask: OPTIONAL: A FieldMask specifying which fields of the
2064	// policy to modify. Only the fields in the mask will be modified. If no
2065	// mask is provided, the following default mask is used: `paths:
2066	// "bindings, etag"
2067	UpdateMask string `json:"updateMask,omitempty"`
2068
2069	// ForceSendFields is a list of field names (e.g. "Policy") to
2070	// unconditionally include in API requests. By default, fields with
2071	// empty or default values are omitted from API requests. However, any
2072	// non-pointer, non-interface field appearing in ForceSendFields will be
2073	// sent to the server regardless of whether the field is empty or not.
2074	// This may be used to include empty fields in Patch requests.
2075	ForceSendFields []string `json:"-"`
2076
2077	// NullFields is a list of field names (e.g. "Policy") to include in API
2078	// requests with the JSON null value. By default, fields with empty
2079	// values are omitted from API requests. However, any field with an
2080	// empty value appearing in NullFields will be sent to the server as
2081	// null. It is an error if a field in this list has a non-empty value.
2082	// This may be used to include null fields in Patch requests.
2083	NullFields []string `json:"-"`
2084}
2085
2086func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error) {
2087	type NoMethod SetIamPolicyRequest
2088	raw := NoMethod(*s)
2089	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2090}
2091
2092// SignBlobRequest: Deprecated. Migrate to Service Account Credentials
2093// API (https://cloud.google.com/iam/help/credentials/migrate-api). The
2094// service account sign blob request.
2095type SignBlobRequest struct {
2096	// BytesToSign: Required. Deprecated. Migrate to Service Account
2097	// Credentials API
2098	// (https://cloud.google.com/iam/help/credentials/migrate-api). The
2099	// bytes to sign.
2100	BytesToSign string `json:"bytesToSign,omitempty"`
2101
2102	// ForceSendFields is a list of field names (e.g. "BytesToSign") to
2103	// unconditionally include in API requests. By default, fields with
2104	// empty or default values are omitted from API requests. However, any
2105	// non-pointer, non-interface field appearing in ForceSendFields will be
2106	// sent to the server regardless of whether the field is empty or not.
2107	// This may be used to include empty fields in Patch requests.
2108	ForceSendFields []string `json:"-"`
2109
2110	// NullFields is a list of field names (e.g. "BytesToSign") to include
2111	// in API requests with the JSON null value. By default, fields with
2112	// empty values are omitted from API requests. However, any field with
2113	// an empty value appearing in NullFields will be sent to the server as
2114	// null. It is an error if a field in this list has a non-empty value.
2115	// This may be used to include null fields in Patch requests.
2116	NullFields []string `json:"-"`
2117}
2118
2119func (s *SignBlobRequest) MarshalJSON() ([]byte, error) {
2120	type NoMethod SignBlobRequest
2121	raw := NoMethod(*s)
2122	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2123}
2124
2125// SignBlobResponse: Deprecated. Migrate to Service Account Credentials
2126// API (https://cloud.google.com/iam/help/credentials/migrate-api). The
2127// service account sign blob response.
2128type SignBlobResponse struct {
2129	// KeyId: Deprecated. Migrate to Service Account Credentials API
2130	// (https://cloud.google.com/iam/help/credentials/migrate-api). The id
2131	// of the key used to sign the blob.
2132	KeyId string `json:"keyId,omitempty"`
2133
2134	// Signature: Deprecated. Migrate to Service Account Credentials API
2135	// (https://cloud.google.com/iam/help/credentials/migrate-api). The
2136	// signed blob.
2137	Signature string `json:"signature,omitempty"`
2138
2139	// ServerResponse contains the HTTP response code and headers from the
2140	// server.
2141	googleapi.ServerResponse `json:"-"`
2142
2143	// ForceSendFields is a list of field names (e.g. "KeyId") to
2144	// unconditionally include in API requests. By default, fields with
2145	// empty or default values are omitted from API requests. However, any
2146	// non-pointer, non-interface field appearing in ForceSendFields will be
2147	// sent to the server regardless of whether the field is empty or not.
2148	// This may be used to include empty fields in Patch requests.
2149	ForceSendFields []string `json:"-"`
2150
2151	// NullFields is a list of field names (e.g. "KeyId") to include in API
2152	// requests with the JSON null value. By default, fields with empty
2153	// values are omitted from API requests. However, any field with an
2154	// empty value appearing in NullFields will be sent to the server as
2155	// null. It is an error if a field in this list has a non-empty value.
2156	// This may be used to include null fields in Patch requests.
2157	NullFields []string `json:"-"`
2158}
2159
2160func (s *SignBlobResponse) MarshalJSON() ([]byte, error) {
2161	type NoMethod SignBlobResponse
2162	raw := NoMethod(*s)
2163	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2164}
2165
2166// SignJwtRequest: Deprecated. Migrate to Service Account Credentials
2167// API (https://cloud.google.com/iam/help/credentials/migrate-api). The
2168// service account sign JWT request.
2169type SignJwtRequest struct {
2170	// Payload: Required. Deprecated. Migrate to Service Account Credentials
2171	// API (https://cloud.google.com/iam/help/credentials/migrate-api). The
2172	// JWT payload to sign. Must be a serialized JSON object that contains a
2173	// JWT Claims Set. For example: `{"sub": "user@example.com", "iat":
2174	// 313435}` If the JWT Claims Set contains an expiration time (`exp`)
2175	// claim, it must be an integer timestamp that is not in the past and no
2176	// more than 12 hours in the future. If the JWT Claims Set does not
2177	// contain an expiration time (`exp`) claim, this claim is added
2178	// automatically, with a timestamp that is 1 hour in the future.
2179	Payload string `json:"payload,omitempty"`
2180
2181	// ForceSendFields is a list of field names (e.g. "Payload") to
2182	// unconditionally include in API requests. By default, fields with
2183	// empty or default values are omitted from API requests. However, any
2184	// non-pointer, non-interface field appearing in ForceSendFields will be
2185	// sent to the server regardless of whether the field is empty or not.
2186	// This may be used to include empty fields in Patch requests.
2187	ForceSendFields []string `json:"-"`
2188
2189	// NullFields is a list of field names (e.g. "Payload") to include in
2190	// API requests with the JSON null value. By default, fields with empty
2191	// values are omitted from API requests. However, any field with an
2192	// empty value appearing in NullFields will be sent to the server as
2193	// null. It is an error if a field in this list has a non-empty value.
2194	// This may be used to include null fields in Patch requests.
2195	NullFields []string `json:"-"`
2196}
2197
2198func (s *SignJwtRequest) MarshalJSON() ([]byte, error) {
2199	type NoMethod SignJwtRequest
2200	raw := NoMethod(*s)
2201	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2202}
2203
2204// SignJwtResponse: Deprecated. Migrate to Service Account Credentials
2205// API (https://cloud.google.com/iam/help/credentials/migrate-api). The
2206// service account sign JWT response.
2207type SignJwtResponse struct {
2208	// KeyId: Deprecated. Migrate to Service Account Credentials API
2209	// (https://cloud.google.com/iam/help/credentials/migrate-api). The id
2210	// of the key used to sign the JWT.
2211	KeyId string `json:"keyId,omitempty"`
2212
2213	// SignedJwt: Deprecated. Migrate to Service Account Credentials API
2214	// (https://cloud.google.com/iam/help/credentials/migrate-api). The
2215	// signed JWT.
2216	SignedJwt string `json:"signedJwt,omitempty"`
2217
2218	// ServerResponse contains the HTTP response code and headers from the
2219	// server.
2220	googleapi.ServerResponse `json:"-"`
2221
2222	// ForceSendFields is a list of field names (e.g. "KeyId") to
2223	// unconditionally include in API requests. By default, fields with
2224	// empty or default values are omitted from API requests. However, any
2225	// non-pointer, non-interface field appearing in ForceSendFields will be
2226	// sent to the server regardless of whether the field is empty or not.
2227	// This may be used to include empty fields in Patch requests.
2228	ForceSendFields []string `json:"-"`
2229
2230	// NullFields is a list of field names (e.g. "KeyId") to include in API
2231	// requests with the JSON null value. By default, fields with empty
2232	// values are omitted from API requests. However, any field with an
2233	// empty value appearing in NullFields will be sent to the server as
2234	// null. It is an error if a field in this list has a non-empty value.
2235	// This may be used to include null fields in Patch requests.
2236	NullFields []string `json:"-"`
2237}
2238
2239func (s *SignJwtResponse) MarshalJSON() ([]byte, error) {
2240	type NoMethod SignJwtResponse
2241	raw := NoMethod(*s)
2242	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2243}
2244
2245// Status: The `Status` type defines a logical error model that is
2246// suitable for different programming environments, including REST APIs
2247// and RPC APIs. It is used by gRPC (https://github.com/grpc). Each
2248// `Status` message contains three pieces of data: error code, error
2249// message, and error details. You can find out more about this error
2250// model and how to work with it in the API Design Guide
2251// (https://cloud.google.com/apis/design/errors).
2252type Status struct {
2253	// Code: The status code, which should be an enum value of
2254	// google.rpc.Code.
2255	Code int64 `json:"code,omitempty"`
2256
2257	// Details: A list of messages that carry the error details. There is a
2258	// common set of message types for APIs to use.
2259	Details []googleapi.RawMessage `json:"details,omitempty"`
2260
2261	// Message: A developer-facing error message, which should be in
2262	// English. Any user-facing error message should be localized and sent
2263	// in the google.rpc.Status.details field, or localized by the client.
2264	Message string `json:"message,omitempty"`
2265
2266	// ForceSendFields is a list of field names (e.g. "Code") to
2267	// unconditionally include in API requests. By default, fields with
2268	// empty or default values are omitted from API requests. However, any
2269	// non-pointer, non-interface field appearing in ForceSendFields will be
2270	// sent to the server regardless of whether the field is empty or not.
2271	// This may be used to include empty fields in Patch requests.
2272	ForceSendFields []string `json:"-"`
2273
2274	// NullFields is a list of field names (e.g. "Code") to include in API
2275	// requests with the JSON null value. By default, fields with empty
2276	// values are omitted from API requests. However, any field with an
2277	// empty value appearing in NullFields will be sent to the server as
2278	// null. It is an error if a field in this list has a non-empty value.
2279	// This may be used to include null fields in Patch requests.
2280	NullFields []string `json:"-"`
2281}
2282
2283func (s *Status) MarshalJSON() ([]byte, error) {
2284	type NoMethod Status
2285	raw := NoMethod(*s)
2286	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2287}
2288
2289// TestIamPermissionsRequest: Request message for `TestIamPermissions`
2290// method.
2291type TestIamPermissionsRequest struct {
2292	// Permissions: The set of permissions to check for the `resource`.
2293	// Permissions with wildcards (such as '*' or 'storage.*') are not
2294	// allowed. For more information see IAM Overview
2295	// (https://cloud.google.com/iam/docs/overview#permissions).
2296	Permissions []string `json:"permissions,omitempty"`
2297
2298	// ForceSendFields is a list of field names (e.g. "Permissions") to
2299	// unconditionally include in API requests. By default, fields with
2300	// empty or default values are omitted from API requests. However, any
2301	// non-pointer, non-interface field appearing in ForceSendFields will be
2302	// sent to the server regardless of whether the field is empty or not.
2303	// This may be used to include empty fields in Patch requests.
2304	ForceSendFields []string `json:"-"`
2305
2306	// NullFields is a list of field names (e.g. "Permissions") to include
2307	// in API requests with the JSON null value. By default, fields with
2308	// empty values are omitted from API requests. However, any field with
2309	// an empty value appearing in NullFields will be sent to the server as
2310	// null. It is an error if a field in this list has a non-empty value.
2311	// This may be used to include null fields in Patch requests.
2312	NullFields []string `json:"-"`
2313}
2314
2315func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error) {
2316	type NoMethod TestIamPermissionsRequest
2317	raw := NoMethod(*s)
2318	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2319}
2320
2321// TestIamPermissionsResponse: Response message for `TestIamPermissions`
2322// method.
2323type TestIamPermissionsResponse struct {
2324	// Permissions: A subset of `TestPermissionsRequest.permissions` that
2325	// the caller is allowed.
2326	Permissions []string `json:"permissions,omitempty"`
2327
2328	// ServerResponse contains the HTTP response code and headers from the
2329	// server.
2330	googleapi.ServerResponse `json:"-"`
2331
2332	// ForceSendFields is a list of field names (e.g. "Permissions") to
2333	// unconditionally include in API requests. By default, fields with
2334	// empty or default values are omitted from API requests. However, any
2335	// non-pointer, non-interface field appearing in ForceSendFields will be
2336	// sent to the server regardless of whether the field is empty or not.
2337	// This may be used to include empty fields in Patch requests.
2338	ForceSendFields []string `json:"-"`
2339
2340	// NullFields is a list of field names (e.g. "Permissions") to include
2341	// in API requests with the JSON null value. By default, fields with
2342	// empty values are omitted from API requests. However, any field with
2343	// an empty value appearing in NullFields will be sent to the server as
2344	// null. It is an error if a field in this list has a non-empty value.
2345	// This may be used to include null fields in Patch requests.
2346	NullFields []string `json:"-"`
2347}
2348
2349func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) {
2350	type NoMethod TestIamPermissionsResponse
2351	raw := NoMethod(*s)
2352	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2353}
2354
2355// UndeleteRoleRequest: The request to undelete an existing role.
2356type UndeleteRoleRequest struct {
2357	// Etag: Used to perform a consistent read-modify-write.
2358	Etag string `json:"etag,omitempty"`
2359
2360	// ForceSendFields is a list of field names (e.g. "Etag") to
2361	// unconditionally include in API requests. By default, fields with
2362	// empty or default values are omitted from API requests. However, any
2363	// non-pointer, non-interface field appearing in ForceSendFields will be
2364	// sent to the server regardless of whether the field is empty or not.
2365	// This may be used to include empty fields in Patch requests.
2366	ForceSendFields []string `json:"-"`
2367
2368	// NullFields is a list of field names (e.g. "Etag") to include in API
2369	// requests with the JSON null value. By default, fields with empty
2370	// values are omitted from API requests. However, any field with an
2371	// empty value appearing in NullFields will be sent to the server as
2372	// null. It is an error if a field in this list has a non-empty value.
2373	// This may be used to include null fields in Patch requests.
2374	NullFields []string `json:"-"`
2375}
2376
2377func (s *UndeleteRoleRequest) MarshalJSON() ([]byte, error) {
2378	type NoMethod UndeleteRoleRequest
2379	raw := NoMethod(*s)
2380	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2381}
2382
2383// UndeleteServiceAccountRequest: The service account undelete request.
2384type UndeleteServiceAccountRequest struct {
2385}
2386
2387type UndeleteServiceAccountResponse struct {
2388	// RestoredAccount: Metadata for the restored service account.
2389	RestoredAccount *ServiceAccount `json:"restoredAccount,omitempty"`
2390
2391	// ServerResponse contains the HTTP response code and headers from the
2392	// server.
2393	googleapi.ServerResponse `json:"-"`
2394
2395	// ForceSendFields is a list of field names (e.g. "RestoredAccount") to
2396	// unconditionally include in API requests. By default, fields with
2397	// empty or default values are omitted from API requests. However, any
2398	// non-pointer, non-interface field appearing in ForceSendFields will be
2399	// sent to the server regardless of whether the field is empty or not.
2400	// This may be used to include empty fields in Patch requests.
2401	ForceSendFields []string `json:"-"`
2402
2403	// NullFields is a list of field names (e.g. "RestoredAccount") to
2404	// include in API requests with the JSON null value. By default, fields
2405	// with empty values are omitted from API requests. However, any field
2406	// with an empty value appearing in NullFields will be sent to the
2407	// server as null. It is an error if a field in this list has a
2408	// non-empty value. This may be used to include null fields in Patch
2409	// requests.
2410	NullFields []string `json:"-"`
2411}
2412
2413func (s *UndeleteServiceAccountResponse) MarshalJSON() ([]byte, error) {
2414	type NoMethod UndeleteServiceAccountResponse
2415	raw := NoMethod(*s)
2416	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2417}
2418
2419// UndeleteWorkloadIdentityPoolProviderRequest: Request message for
2420// UndeleteWorkloadIdentityPoolProvider.
2421type UndeleteWorkloadIdentityPoolProviderRequest struct {
2422}
2423
2424// UndeleteWorkloadIdentityPoolRequest: Request message for
2425// UndeleteWorkloadIdentityPool.
2426type UndeleteWorkloadIdentityPoolRequest struct {
2427}
2428
2429// UploadServiceAccountKeyRequest: The service account key upload
2430// request.
2431type UploadServiceAccountKeyRequest struct {
2432	// PublicKeyData: A field that allows clients to upload their own public
2433	// key. If set, use this public key data to create a service account key
2434	// for given service account. Please note, the expected format for this
2435	// field is X509_PEM.
2436	PublicKeyData string `json:"publicKeyData,omitempty"`
2437
2438	// ForceSendFields is a list of field names (e.g. "PublicKeyData") to
2439	// unconditionally include in API requests. By default, fields with
2440	// empty or default values are omitted from API requests. However, any
2441	// non-pointer, non-interface field appearing in ForceSendFields will be
2442	// sent to the server regardless of whether the field is empty or not.
2443	// This may be used to include empty fields in Patch requests.
2444	ForceSendFields []string `json:"-"`
2445
2446	// NullFields is a list of field names (e.g. "PublicKeyData") to include
2447	// in API requests with the JSON null value. By default, fields with
2448	// empty values are omitted from API requests. However, any field with
2449	// an empty value appearing in NullFields will be sent to the server as
2450	// null. It is an error if a field in this list has a non-empty value.
2451	// This may be used to include null fields in Patch requests.
2452	NullFields []string `json:"-"`
2453}
2454
2455func (s *UploadServiceAccountKeyRequest) MarshalJSON() ([]byte, error) {
2456	type NoMethod UploadServiceAccountKeyRequest
2457	raw := NoMethod(*s)
2458	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2459}
2460
2461// WorkloadIdentityPool: Represents a collection of external workload
2462// identities. You can define IAM policies to grant these identities
2463// access to Google Cloud resources.
2464type WorkloadIdentityPool struct {
2465	// Description: A description of the pool. Cannot exceed 256 characters.
2466	Description string `json:"description,omitempty"`
2467
2468	// Disabled: Whether the pool is disabled. You cannot use a disabled
2469	// pool to exchange tokens, or use existing tokens to access resources.
2470	// If the pool is re-enabled, existing tokens grant access again.
2471	Disabled bool `json:"disabled,omitempty"`
2472
2473	// DisplayName: A display name for the pool. Cannot exceed 32
2474	// characters.
2475	DisplayName string `json:"displayName,omitempty"`
2476
2477	// Name: Output only. The resource name of the pool.
2478	Name string `json:"name,omitempty"`
2479
2480	// State: Output only. The state of the pool.
2481	//
2482	// Possible values:
2483	//   "STATE_UNSPECIFIED" - State unspecified.
2484	//   "ACTIVE" - The pool is active, and may be used in Google Cloud
2485	// policies.
2486	//   "DELETED" - The pool is soft-deleted. Soft-deleted pools are
2487	// permanently deleted after approximately 30 days. You can restore a
2488	// soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot
2489	// reuse the ID of a soft-deleted pool until it is permanently deleted.
2490	// While a pool is deleted, you cannot use it to exchange tokens, or use
2491	// existing tokens to access resources. If the pool is undeleted,
2492	// existing tokens grant access again.
2493	State string `json:"state,omitempty"`
2494
2495	// ServerResponse contains the HTTP response code and headers from the
2496	// server.
2497	googleapi.ServerResponse `json:"-"`
2498
2499	// ForceSendFields is a list of field names (e.g. "Description") to
2500	// unconditionally include in API requests. By default, fields with
2501	// empty or default values are omitted from API requests. However, any
2502	// non-pointer, non-interface field appearing in ForceSendFields will be
2503	// sent to the server regardless of whether the field is empty or not.
2504	// This may be used to include empty fields in Patch requests.
2505	ForceSendFields []string `json:"-"`
2506
2507	// NullFields is a list of field names (e.g. "Description") to include
2508	// in API requests with the JSON null value. By default, fields with
2509	// empty values are omitted from API requests. However, any field with
2510	// an empty value appearing in NullFields will be sent to the server as
2511	// null. It is an error if a field in this list has a non-empty value.
2512	// This may be used to include null fields in Patch requests.
2513	NullFields []string `json:"-"`
2514}
2515
2516func (s *WorkloadIdentityPool) MarshalJSON() ([]byte, error) {
2517	type NoMethod WorkloadIdentityPool
2518	raw := NoMethod(*s)
2519	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2520}
2521
2522// WorkloadIdentityPoolProvider: A configuration for an external
2523// identity provider.
2524type WorkloadIdentityPoolProvider struct {
2525	// AttributeCondition: A Common Expression Language
2526	// (https://opensource.google/projects/cel) expression, in plain text,
2527	// to restrict what otherwise valid authentication credentials issued by
2528	// the provider should not be accepted. The expression must output a
2529	// boolean representing whether to allow the federation. The following
2530	// keywords may be referenced in the expressions: * `assertion`: JSON
2531	// representing the authentication credential issued by the provider. *
2532	// `google`: The Google attributes mapped from the assertion in the
2533	// `attribute_mappings`. * `attribute`: The custom attributes mapped
2534	// from the assertion in the `attribute_mappings`. The maximum length of
2535	// the attribute condition expression is 4096 characters. If
2536	// unspecified, all valid authentication credential are accepted. The
2537	// following example shows how to only allow credentials with a mapped
2538	// `google.groups` value of `admins`: ``` "'admins' in google.groups"
2539	// ```
2540	AttributeCondition string `json:"attributeCondition,omitempty"`
2541
2542	// AttributeMapping: Maps attributes from authentication credentials
2543	// issued by an external identity provider to Google Cloud attributes,
2544	// such as `subject` and `segment`. Each key must be a string specifying
2545	// the Google Cloud IAM attribute to map to. The following keys are
2546	// supported: * `google.subject`: The principal IAM is authenticating.
2547	// You can reference this value in IAM bindings. This is also the
2548	// subject that appears in Cloud Logging logs. Cannot exceed 127
2549	// characters. * `google.groups`: Groups the external identity belongs
2550	// to. You can grant groups access to resources using an IAM
2551	// `principalSet` binding; access applies to all members of the group.
2552	// You can also provide custom attributes by specifying
2553	// `attribute.{custom_attribute}`, where `{custom_attribute}` is the
2554	// name of the custom attribute to be mapped. You can define a maximum
2555	// of 50 custom attributes. The maximum length of a mapped attribute key
2556	// is 100 characters, and the key may only contain the characters
2557	// [a-z0-9_]. You can reference these attributes in IAM policies to
2558	// define fine-grained access for a workload to Google Cloud resources.
2559	// For example: * `google.subject`:
2560	// `principal://iam.googleapis.com/projects/{project}/locations/{location
2561	// }/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`:
2562	// `principalSet://iam.googleapis.com/projects/{project}/locations/{locat
2563	// ion}/workloadIdentityPools/{pool}/group/{value}` *
2564	// `attribute.{custom_attribute}`:
2565	// `principalSet://iam.googleapis.com/projects/{project}/locations/{locat
2566	// ion}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}
2567	// ` Each value must be a [Common Expression Language]
2568	// (https://opensource.google/projects/cel) function that maps an
2569	// identity provider credential to the normalized attribute specified by
2570	// the corresponding map key. You can use the `assertion` keyword in the
2571	// expression to access a JSON representation of the authentication
2572	// credential issued by the provider. The maximum length of an attribute
2573	// mapping expression is 2048 characters. When evaluated, the total size
2574	// of all mapped attributes must not exceed 8KB. For AWS providers, if
2575	// no attribute mapping is defined, the following default mapping
2576	// applies: ``` { "google.subject":"assertion.arn",
2577	// "attribute.aws_role": "assertion.arn.contains('assumed-role')" " ?
2578	// assertion.arn.extract('{account_arn}assumed-role/')" " +
2579	// 'assumed-role/'" " +
2580	// assertion.arn.extract('assumed-role/{role_name}/')" " :
2581	// assertion.arn", } ``` If any custom attribute mappings are defined,
2582	// they must include a mapping to the `google.subject` attribute. For
2583	// OIDC providers, you must supply a custom mapping, which must include
2584	// the `google.subject` attribute. For example, the following maps the
2585	// `sub` claim of the incoming credential to the `subject` attribute on
2586	// a Google token: ``` {"google.subject": "assertion.sub"} ```
2587	AttributeMapping map[string]string `json:"attributeMapping,omitempty"`
2588
2589	// Aws: An Amazon Web Services identity provider.
2590	Aws *Aws `json:"aws,omitempty"`
2591
2592	// Description: A description for the provider. Cannot exceed 256
2593	// characters.
2594	Description string `json:"description,omitempty"`
2595
2596	// Disabled: Whether the provider is disabled. You cannot use a disabled
2597	// provider to exchange tokens. However, existing tokens still grant
2598	// access.
2599	Disabled bool `json:"disabled,omitempty"`
2600
2601	// DisplayName: A display name for the provider. Cannot exceed 32
2602	// characters.
2603	DisplayName string `json:"displayName,omitempty"`
2604
2605	// Name: Output only. The resource name of the provider.
2606	Name string `json:"name,omitempty"`
2607
2608	// Oidc: An OpenId Connect 1.0 identity provider.
2609	Oidc *Oidc `json:"oidc,omitempty"`
2610
2611	// State: Output only. The state of the provider.
2612	//
2613	// Possible values:
2614	//   "STATE_UNSPECIFIED" - State unspecified.
2615	//   "ACTIVE" - The provider is active, and may be used to validate
2616	// authentication credentials.
2617	//   "DELETED" - The provider is soft-deleted. Soft-deleted providers
2618	// are permanently deleted after approximately 30 days. You can restore
2619	// a soft-deleted provider using UndeleteWorkloadIdentityPoolProvider.
2620	// You cannot reuse the ID of a soft-deleted provider until it is
2621	// permanently deleted.
2622	State string `json:"state,omitempty"`
2623
2624	// ServerResponse contains the HTTP response code and headers from the
2625	// server.
2626	googleapi.ServerResponse `json:"-"`
2627
2628	// ForceSendFields is a list of field names (e.g. "AttributeCondition")
2629	// to unconditionally include in API requests. By default, fields with
2630	// empty or default values are omitted from API requests. However, any
2631	// non-pointer, non-interface field appearing in ForceSendFields will be
2632	// sent to the server regardless of whether the field is empty or not.
2633	// This may be used to include empty fields in Patch requests.
2634	ForceSendFields []string `json:"-"`
2635
2636	// NullFields is a list of field names (e.g. "AttributeCondition") to
2637	// include in API requests with the JSON null value. By default, fields
2638	// with empty values are omitted from API requests. However, any field
2639	// with an empty value appearing in NullFields will be sent to the
2640	// server as null. It is an error if a field in this list has a
2641	// non-empty value. This may be used to include null fields in Patch
2642	// requests.
2643	NullFields []string `json:"-"`
2644}
2645
2646func (s *WorkloadIdentityPoolProvider) MarshalJSON() ([]byte, error) {
2647	type NoMethod WorkloadIdentityPoolProvider
2648	raw := NoMethod(*s)
2649	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2650}
2651
2652// method id "iam.iamPolicies.lintPolicy":
2653
2654type IamPoliciesLintPolicyCall struct {
2655	s                 *Service
2656	lintpolicyrequest *LintPolicyRequest
2657	urlParams_        gensupport.URLParams
2658	ctx_              context.Context
2659	header_           http.Header
2660}
2661
2662// LintPolicy: Lints, or validates, an IAM policy. Currently checks the
2663// google.iam.v1.Binding.condition field, which contains a condition
2664// expression for a role binding. Successful calls to this method always
2665// return an HTTP `200 OK` status code, even if the linter detects an
2666// issue in the IAM policy.
2667func (r *IamPoliciesService) LintPolicy(lintpolicyrequest *LintPolicyRequest) *IamPoliciesLintPolicyCall {
2668	c := &IamPoliciesLintPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
2669	c.lintpolicyrequest = lintpolicyrequest
2670	return c
2671}
2672
2673// Fields allows partial responses to be retrieved. See
2674// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
2675// for more information.
2676func (c *IamPoliciesLintPolicyCall) Fields(s ...googleapi.Field) *IamPoliciesLintPolicyCall {
2677	c.urlParams_.Set("fields", googleapi.CombineFields(s))
2678	return c
2679}
2680
2681// Context sets the context to be used in this call's Do method. Any
2682// pending HTTP request will be aborted if the provided context is
2683// canceled.
2684func (c *IamPoliciesLintPolicyCall) Context(ctx context.Context) *IamPoliciesLintPolicyCall {
2685	c.ctx_ = ctx
2686	return c
2687}
2688
2689// Header returns an http.Header that can be modified by the caller to
2690// add HTTP headers to the request.
2691func (c *IamPoliciesLintPolicyCall) Header() http.Header {
2692	if c.header_ == nil {
2693		c.header_ = make(http.Header)
2694	}
2695	return c.header_
2696}
2697
2698func (c *IamPoliciesLintPolicyCall) doRequest(alt string) (*http.Response, error) {
2699	reqHeaders := make(http.Header)
2700	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
2701	for k, v := range c.header_ {
2702		reqHeaders[k] = v
2703	}
2704	reqHeaders.Set("User-Agent", c.s.userAgent())
2705	var body io.Reader = nil
2706	body, err := googleapi.WithoutDataWrapper.JSONReader(c.lintpolicyrequest)
2707	if err != nil {
2708		return nil, err
2709	}
2710	reqHeaders.Set("Content-Type", "application/json")
2711	c.urlParams_.Set("alt", alt)
2712	c.urlParams_.Set("prettyPrint", "false")
2713	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/iamPolicies:lintPolicy")
2714	urls += "?" + c.urlParams_.Encode()
2715	req, err := http.NewRequest("POST", urls, body)
2716	if err != nil {
2717		return nil, err
2718	}
2719	req.Header = reqHeaders
2720	return gensupport.SendRequest(c.ctx_, c.s.client, req)
2721}
2722
2723// Do executes the "iam.iamPolicies.lintPolicy" call.
2724// Exactly one of *LintPolicyResponse or error will be non-nil. Any
2725// non-2xx status code is an error. Response headers are in either
2726// *LintPolicyResponse.ServerResponse.Header or (if a response was
2727// returned at all) in error.(*googleapi.Error).Header. Use
2728// googleapi.IsNotModified to check whether the returned error was
2729// because http.StatusNotModified was returned.
2730func (c *IamPoliciesLintPolicyCall) Do(opts ...googleapi.CallOption) (*LintPolicyResponse, error) {
2731	gensupport.SetOptions(c.urlParams_, opts...)
2732	res, err := c.doRequest("json")
2733	if res != nil && res.StatusCode == http.StatusNotModified {
2734		if res.Body != nil {
2735			res.Body.Close()
2736		}
2737		return nil, &googleapi.Error{
2738			Code:   res.StatusCode,
2739			Header: res.Header,
2740		}
2741	}
2742	if err != nil {
2743		return nil, err
2744	}
2745	defer googleapi.CloseBody(res)
2746	if err := googleapi.CheckResponse(res); err != nil {
2747		return nil, err
2748	}
2749	ret := &LintPolicyResponse{
2750		ServerResponse: googleapi.ServerResponse{
2751			Header:         res.Header,
2752			HTTPStatusCode: res.StatusCode,
2753		},
2754	}
2755	target := &ret
2756	if err := gensupport.DecodeResponse(target, res); err != nil {
2757		return nil, err
2758	}
2759	return ret, nil
2760	// {
2761	//   "description": "Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition field, which contains a condition expression for a role binding. Successful calls to this method always return an HTTP `200 OK` status code, even if the linter detects an issue in the IAM policy.",
2762	//   "flatPath": "v1/iamPolicies:lintPolicy",
2763	//   "httpMethod": "POST",
2764	//   "id": "iam.iamPolicies.lintPolicy",
2765	//   "parameterOrder": [],
2766	//   "parameters": {},
2767	//   "path": "v1/iamPolicies:lintPolicy",
2768	//   "request": {
2769	//     "$ref": "LintPolicyRequest"
2770	//   },
2771	//   "response": {
2772	//     "$ref": "LintPolicyResponse"
2773	//   },
2774	//   "scopes": [
2775	//     "https://www.googleapis.com/auth/cloud-platform"
2776	//   ]
2777	// }
2778
2779}
2780
2781// method id "iam.iamPolicies.queryAuditableServices":
2782
2783type IamPoliciesQueryAuditableServicesCall struct {
2784	s                             *Service
2785	queryauditableservicesrequest *QueryAuditableServicesRequest
2786	urlParams_                    gensupport.URLParams
2787	ctx_                          context.Context
2788	header_                       http.Header
2789}
2790
2791// QueryAuditableServices: Returns a list of services that allow you to
2792// opt into audit logs that are not generated by default. To learn more
2793// about audit logs, see the Logging documentation
2794// (https://cloud.google.com/logging/docs/audit).
2795func (r *IamPoliciesService) QueryAuditableServices(queryauditableservicesrequest *QueryAuditableServicesRequest) *IamPoliciesQueryAuditableServicesCall {
2796	c := &IamPoliciesQueryAuditableServicesCall{s: r.s, urlParams_: make(gensupport.URLParams)}
2797	c.queryauditableservicesrequest = queryauditableservicesrequest
2798	return c
2799}
2800
2801// Fields allows partial responses to be retrieved. See
2802// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
2803// for more information.
2804func (c *IamPoliciesQueryAuditableServicesCall) Fields(s ...googleapi.Field) *IamPoliciesQueryAuditableServicesCall {
2805	c.urlParams_.Set("fields", googleapi.CombineFields(s))
2806	return c
2807}
2808
2809// Context sets the context to be used in this call's Do method. Any
2810// pending HTTP request will be aborted if the provided context is
2811// canceled.
2812func (c *IamPoliciesQueryAuditableServicesCall) Context(ctx context.Context) *IamPoliciesQueryAuditableServicesCall {
2813	c.ctx_ = ctx
2814	return c
2815}
2816
2817// Header returns an http.Header that can be modified by the caller to
2818// add HTTP headers to the request.
2819func (c *IamPoliciesQueryAuditableServicesCall) Header() http.Header {
2820	if c.header_ == nil {
2821		c.header_ = make(http.Header)
2822	}
2823	return c.header_
2824}
2825
2826func (c *IamPoliciesQueryAuditableServicesCall) doRequest(alt string) (*http.Response, error) {
2827	reqHeaders := make(http.Header)
2828	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
2829	for k, v := range c.header_ {
2830		reqHeaders[k] = v
2831	}
2832	reqHeaders.Set("User-Agent", c.s.userAgent())
2833	var body io.Reader = nil
2834	body, err := googleapi.WithoutDataWrapper.JSONReader(c.queryauditableservicesrequest)
2835	if err != nil {
2836		return nil, err
2837	}
2838	reqHeaders.Set("Content-Type", "application/json")
2839	c.urlParams_.Set("alt", alt)
2840	c.urlParams_.Set("prettyPrint", "false")
2841	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/iamPolicies:queryAuditableServices")
2842	urls += "?" + c.urlParams_.Encode()
2843	req, err := http.NewRequest("POST", urls, body)
2844	if err != nil {
2845		return nil, err
2846	}
2847	req.Header = reqHeaders
2848	return gensupport.SendRequest(c.ctx_, c.s.client, req)
2849}
2850
2851// Do executes the "iam.iamPolicies.queryAuditableServices" call.
2852// Exactly one of *QueryAuditableServicesResponse or error will be
2853// non-nil. Any non-2xx status code is an error. Response headers are in
2854// either *QueryAuditableServicesResponse.ServerResponse.Header or (if a
2855// response was returned at all) in error.(*googleapi.Error).Header. Use
2856// googleapi.IsNotModified to check whether the returned error was
2857// because http.StatusNotModified was returned.
2858func (c *IamPoliciesQueryAuditableServicesCall) Do(opts ...googleapi.CallOption) (*QueryAuditableServicesResponse, error) {
2859	gensupport.SetOptions(c.urlParams_, opts...)
2860	res, err := c.doRequest("json")
2861	if res != nil && res.StatusCode == http.StatusNotModified {
2862		if res.Body != nil {
2863			res.Body.Close()
2864		}
2865		return nil, &googleapi.Error{
2866			Code:   res.StatusCode,
2867			Header: res.Header,
2868		}
2869	}
2870	if err != nil {
2871		return nil, err
2872	}
2873	defer googleapi.CloseBody(res)
2874	if err := googleapi.CheckResponse(res); err != nil {
2875		return nil, err
2876	}
2877	ret := &QueryAuditableServicesResponse{
2878		ServerResponse: googleapi.ServerResponse{
2879			Header:         res.Header,
2880			HTTPStatusCode: res.StatusCode,
2881		},
2882	}
2883	target := &ret
2884	if err := gensupport.DecodeResponse(target, res); err != nil {
2885		return nil, err
2886	}
2887	return ret, nil
2888	// {
2889	//   "description": "Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the [Logging documentation](https://cloud.google.com/logging/docs/audit).",
2890	//   "flatPath": "v1/iamPolicies:queryAuditableServices",
2891	//   "httpMethod": "POST",
2892	//   "id": "iam.iamPolicies.queryAuditableServices",
2893	//   "parameterOrder": [],
2894	//   "parameters": {},
2895	//   "path": "v1/iamPolicies:queryAuditableServices",
2896	//   "request": {
2897	//     "$ref": "QueryAuditableServicesRequest"
2898	//   },
2899	//   "response": {
2900	//     "$ref": "QueryAuditableServicesResponse"
2901	//   },
2902	//   "scopes": [
2903	//     "https://www.googleapis.com/auth/cloud-platform"
2904	//   ]
2905	// }
2906
2907}
2908
2909// method id "iam.organizations.roles.create":
2910
2911type OrganizationsRolesCreateCall struct {
2912	s                 *Service
2913	parent            string
2914	createrolerequest *CreateRoleRequest
2915	urlParams_        gensupport.URLParams
2916	ctx_              context.Context
2917	header_           http.Header
2918}
2919
2920// Create: Creates a new custom Role.
2921//
2922// - parent: The `parent` parameter's value depends on the target
2923//   resource for the request, namely `projects`
2924//   (/iam/reference/rest/v1/projects.roles) or `organizations`
2925//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
2926//   `parent` value format is described below: *
2927//   `projects.roles.create()`
2928//   (/iam/reference/rest/v1/projects.roles/create):
2929//   `projects/{PROJECT_ID}`. This method creates project-level custom
2930//   roles (/iam/docs/understanding-custom-roles). Example request URL:
2931//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` *
2932//   `organizations.roles.create()`
2933//   (/iam/reference/rest/v1/organizations.roles/create):
2934//   `organizations/{ORGANIZATION_ID}`. This method creates
2935//   organization-level custom roles
2936//   (/iam/docs/understanding-custom-roles). Example request URL:
2937//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
2938//   ` Note: Wildcard (*) values are invalid; you must specify a
2939//   complete project ID or organization ID.
2940func (r *OrganizationsRolesService) Create(parent string, createrolerequest *CreateRoleRequest) *OrganizationsRolesCreateCall {
2941	c := &OrganizationsRolesCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
2942	c.parent = parent
2943	c.createrolerequest = createrolerequest
2944	return c
2945}
2946
2947// Fields allows partial responses to be retrieved. See
2948// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
2949// for more information.
2950func (c *OrganizationsRolesCreateCall) Fields(s ...googleapi.Field) *OrganizationsRolesCreateCall {
2951	c.urlParams_.Set("fields", googleapi.CombineFields(s))
2952	return c
2953}
2954
2955// Context sets the context to be used in this call's Do method. Any
2956// pending HTTP request will be aborted if the provided context is
2957// canceled.
2958func (c *OrganizationsRolesCreateCall) Context(ctx context.Context) *OrganizationsRolesCreateCall {
2959	c.ctx_ = ctx
2960	return c
2961}
2962
2963// Header returns an http.Header that can be modified by the caller to
2964// add HTTP headers to the request.
2965func (c *OrganizationsRolesCreateCall) Header() http.Header {
2966	if c.header_ == nil {
2967		c.header_ = make(http.Header)
2968	}
2969	return c.header_
2970}
2971
2972func (c *OrganizationsRolesCreateCall) doRequest(alt string) (*http.Response, error) {
2973	reqHeaders := make(http.Header)
2974	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
2975	for k, v := range c.header_ {
2976		reqHeaders[k] = v
2977	}
2978	reqHeaders.Set("User-Agent", c.s.userAgent())
2979	var body io.Reader = nil
2980	body, err := googleapi.WithoutDataWrapper.JSONReader(c.createrolerequest)
2981	if err != nil {
2982		return nil, err
2983	}
2984	reqHeaders.Set("Content-Type", "application/json")
2985	c.urlParams_.Set("alt", alt)
2986	c.urlParams_.Set("prettyPrint", "false")
2987	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/roles")
2988	urls += "?" + c.urlParams_.Encode()
2989	req, err := http.NewRequest("POST", urls, body)
2990	if err != nil {
2991		return nil, err
2992	}
2993	req.Header = reqHeaders
2994	googleapi.Expand(req.URL, map[string]string{
2995		"parent": c.parent,
2996	})
2997	return gensupport.SendRequest(c.ctx_, c.s.client, req)
2998}
2999
3000// Do executes the "iam.organizations.roles.create" call.
3001// Exactly one of *Role or error will be non-nil. Any non-2xx status
3002// code is an error. Response headers are in either
3003// *Role.ServerResponse.Header or (if a response was returned at all) in
3004// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
3005// whether the returned error was because http.StatusNotModified was
3006// returned.
3007func (c *OrganizationsRolesCreateCall) Do(opts ...googleapi.CallOption) (*Role, error) {
3008	gensupport.SetOptions(c.urlParams_, opts...)
3009	res, err := c.doRequest("json")
3010	if res != nil && res.StatusCode == http.StatusNotModified {
3011		if res.Body != nil {
3012			res.Body.Close()
3013		}
3014		return nil, &googleapi.Error{
3015			Code:   res.StatusCode,
3016			Header: res.Header,
3017		}
3018	}
3019	if err != nil {
3020		return nil, err
3021	}
3022	defer googleapi.CloseBody(res)
3023	if err := googleapi.CheckResponse(res); err != nil {
3024		return nil, err
3025	}
3026	ret := &Role{
3027		ServerResponse: googleapi.ServerResponse{
3028			Header:         res.Header,
3029			HTTPStatusCode: res.StatusCode,
3030		},
3031	}
3032	target := &ret
3033	if err := gensupport.DecodeResponse(target, res); err != nil {
3034		return nil, err
3035	}
3036	return ret, nil
3037	// {
3038	//   "description": "Creates a new custom Role.",
3039	//   "flatPath": "v1/organizations/{organizationsId}/roles",
3040	//   "httpMethod": "POST",
3041	//   "id": "iam.organizations.roles.create",
3042	//   "parameterOrder": [
3043	//     "parent"
3044	//   ],
3045	//   "parameters": {
3046	//     "parent": {
3047	//       "description": "The `parent` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create): `projects/{PROJECT_ID}`. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/create): `organizations/{ORGANIZATION_ID}`. This method creates organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
3048	//       "location": "path",
3049	//       "pattern": "^organizations/[^/]+$",
3050	//       "required": true,
3051	//       "type": "string"
3052	//     }
3053	//   },
3054	//   "path": "v1/{+parent}/roles",
3055	//   "request": {
3056	//     "$ref": "CreateRoleRequest"
3057	//   },
3058	//   "response": {
3059	//     "$ref": "Role"
3060	//   },
3061	//   "scopes": [
3062	//     "https://www.googleapis.com/auth/cloud-platform"
3063	//   ]
3064	// }
3065
3066}
3067
3068// method id "iam.organizations.roles.delete":
3069
3070type OrganizationsRolesDeleteCall struct {
3071	s          *Service
3072	name       string
3073	urlParams_ gensupport.URLParams
3074	ctx_       context.Context
3075	header_    http.Header
3076}
3077
3078// Delete: Deletes a custom Role. When you delete a custom role, the
3079// following changes occur immediately: * You cannot bind a member to
3080// the custom role in an IAM Policy. * Existing bindings to the custom
3081// role are not changed, but they have no effect. * By default, the
3082// response from ListRoles does not include the custom role. You have 7
3083// days to undelete the custom role. After 7 days, the following changes
3084// occur: * The custom role is permanently deleted and cannot be
3085// recovered. * If an IAM policy contains a binding to the custom role,
3086// the binding is permanently removed.
3087//
3088// - name: The `name` parameter's value depends on the target resource
3089//   for the request, namely `projects`
3090//   (/iam/reference/rest/v1/projects.roles) or `organizations`
3091//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
3092//   `name` value format is described below: * `projects.roles.delete()`
3093//   (/iam/reference/rest/v1/projects.roles/delete):
3094//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes
3095//   only custom roles (/iam/docs/understanding-custom-roles) that have
3096//   been created at the project level. Example request URL:
3097//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
3098//   OLE_ID}` * `organizations.roles.delete()`
3099//   (/iam/reference/rest/v1/organizations.roles/delete):
3100//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
3101//   method deletes only custom roles
3102//   (/iam/docs/understanding-custom-roles) that have been created at
3103//   the organization level. Example request URL:
3104//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
3105//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
3106//   specify a complete project ID or organization ID.
3107func (r *OrganizationsRolesService) Delete(name string) *OrganizationsRolesDeleteCall {
3108	c := &OrganizationsRolesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
3109	c.name = name
3110	return c
3111}
3112
3113// Etag sets the optional parameter "etag": Used to perform a consistent
3114// read-modify-write.
3115func (c *OrganizationsRolesDeleteCall) Etag(etag string) *OrganizationsRolesDeleteCall {
3116	c.urlParams_.Set("etag", etag)
3117	return c
3118}
3119
3120// Fields allows partial responses to be retrieved. See
3121// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
3122// for more information.
3123func (c *OrganizationsRolesDeleteCall) Fields(s ...googleapi.Field) *OrganizationsRolesDeleteCall {
3124	c.urlParams_.Set("fields", googleapi.CombineFields(s))
3125	return c
3126}
3127
3128// Context sets the context to be used in this call's Do method. Any
3129// pending HTTP request will be aborted if the provided context is
3130// canceled.
3131func (c *OrganizationsRolesDeleteCall) Context(ctx context.Context) *OrganizationsRolesDeleteCall {
3132	c.ctx_ = ctx
3133	return c
3134}
3135
3136// Header returns an http.Header that can be modified by the caller to
3137// add HTTP headers to the request.
3138func (c *OrganizationsRolesDeleteCall) Header() http.Header {
3139	if c.header_ == nil {
3140		c.header_ = make(http.Header)
3141	}
3142	return c.header_
3143}
3144
3145func (c *OrganizationsRolesDeleteCall) doRequest(alt string) (*http.Response, error) {
3146	reqHeaders := make(http.Header)
3147	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
3148	for k, v := range c.header_ {
3149		reqHeaders[k] = v
3150	}
3151	reqHeaders.Set("User-Agent", c.s.userAgent())
3152	var body io.Reader = nil
3153	c.urlParams_.Set("alt", alt)
3154	c.urlParams_.Set("prettyPrint", "false")
3155	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
3156	urls += "?" + c.urlParams_.Encode()
3157	req, err := http.NewRequest("DELETE", urls, body)
3158	if err != nil {
3159		return nil, err
3160	}
3161	req.Header = reqHeaders
3162	googleapi.Expand(req.URL, map[string]string{
3163		"name": c.name,
3164	})
3165	return gensupport.SendRequest(c.ctx_, c.s.client, req)
3166}
3167
3168// Do executes the "iam.organizations.roles.delete" call.
3169// Exactly one of *Role or error will be non-nil. Any non-2xx status
3170// code is an error. Response headers are in either
3171// *Role.ServerResponse.Header or (if a response was returned at all) in
3172// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
3173// whether the returned error was because http.StatusNotModified was
3174// returned.
3175func (c *OrganizationsRolesDeleteCall) Do(opts ...googleapi.CallOption) (*Role, error) {
3176	gensupport.SetOptions(c.urlParams_, opts...)
3177	res, err := c.doRequest("json")
3178	if res != nil && res.StatusCode == http.StatusNotModified {
3179		if res.Body != nil {
3180			res.Body.Close()
3181		}
3182		return nil, &googleapi.Error{
3183			Code:   res.StatusCode,
3184			Header: res.Header,
3185		}
3186	}
3187	if err != nil {
3188		return nil, err
3189	}
3190	defer googleapi.CloseBody(res)
3191	if err := googleapi.CheckResponse(res); err != nil {
3192		return nil, err
3193	}
3194	ret := &Role{
3195		ServerResponse: googleapi.ServerResponse{
3196			Header:         res.Header,
3197			HTTPStatusCode: res.StatusCode,
3198		},
3199	}
3200	target := &ret
3201	if err := gensupport.DecodeResponse(target, res); err != nil {
3202		return nil, err
3203	}
3204	return ret, nil
3205	// {
3206	//   "description": "Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a member to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.",
3207	//   "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}",
3208	//   "httpMethod": "DELETE",
3209	//   "id": "iam.organizations.roles.delete",
3210	//   "parameterOrder": [
3211	//     "name"
3212	//   ],
3213	//   "parameters": {
3214	//     "etag": {
3215	//       "description": "Used to perform a consistent read-modify-write.",
3216	//       "format": "byte",
3217	//       "location": "query",
3218	//       "type": "string"
3219	//     },
3220	//     "name": {
3221	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/delete): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
3222	//       "location": "path",
3223	//       "pattern": "^organizations/[^/]+/roles/[^/]+$",
3224	//       "required": true,
3225	//       "type": "string"
3226	//     }
3227	//   },
3228	//   "path": "v1/{+name}",
3229	//   "response": {
3230	//     "$ref": "Role"
3231	//   },
3232	//   "scopes": [
3233	//     "https://www.googleapis.com/auth/cloud-platform"
3234	//   ]
3235	// }
3236
3237}
3238
3239// method id "iam.organizations.roles.get":
3240
3241type OrganizationsRolesGetCall struct {
3242	s            *Service
3243	name         string
3244	urlParams_   gensupport.URLParams
3245	ifNoneMatch_ string
3246	ctx_         context.Context
3247	header_      http.Header
3248}
3249
3250// Get: Gets the definition of a Role.
3251//
3252// - name: The `name` parameter's value depends on the target resource
3253//   for the request, namely `roles` (/iam/reference/rest/v1/roles),
3254//   `projects` (/iam/reference/rest/v1/projects.roles), or
3255//   `organizations` (/iam/reference/rest/v1/organizations.roles). Each
3256//   resource type's `name` value format is described below: *
3257//   `roles.get()` (/iam/reference/rest/v1/roles/get):
3258//   `roles/{ROLE_NAME}`. This method returns results from all
3259//   predefined roles (/iam/docs/understanding-roles#predefined_roles)
3260//   in Cloud IAM. Example request URL:
3261//   `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` *
3262//   `projects.roles.get()` (/iam/reference/rest/v1/projects.roles/get):
3263//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns
3264//   only custom roles (/iam/docs/understanding-custom-roles) that have
3265//   been created at the project level. Example request URL:
3266//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
3267//   OLE_ID}` * `organizations.roles.get()`
3268//   (/iam/reference/rest/v1/organizations.roles/get):
3269//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
3270//   method returns only custom roles
3271//   (/iam/docs/understanding-custom-roles) that have been created at
3272//   the organization level. Example request URL:
3273//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
3274//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
3275//   specify a complete project ID or organization ID.
3276func (r *OrganizationsRolesService) Get(name string) *OrganizationsRolesGetCall {
3277	c := &OrganizationsRolesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
3278	c.name = name
3279	return c
3280}
3281
3282// Fields allows partial responses to be retrieved. See
3283// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
3284// for more information.
3285func (c *OrganizationsRolesGetCall) Fields(s ...googleapi.Field) *OrganizationsRolesGetCall {
3286	c.urlParams_.Set("fields", googleapi.CombineFields(s))
3287	return c
3288}
3289
3290// IfNoneMatch sets the optional parameter which makes the operation
3291// fail if the object's ETag matches the given value. This is useful for
3292// getting updates only after the object has changed since the last
3293// request. Use googleapi.IsNotModified to check whether the response
3294// error from Do is the result of In-None-Match.
3295func (c *OrganizationsRolesGetCall) IfNoneMatch(entityTag string) *OrganizationsRolesGetCall {
3296	c.ifNoneMatch_ = entityTag
3297	return c
3298}
3299
3300// Context sets the context to be used in this call's Do method. Any
3301// pending HTTP request will be aborted if the provided context is
3302// canceled.
3303func (c *OrganizationsRolesGetCall) Context(ctx context.Context) *OrganizationsRolesGetCall {
3304	c.ctx_ = ctx
3305	return c
3306}
3307
3308// Header returns an http.Header that can be modified by the caller to
3309// add HTTP headers to the request.
3310func (c *OrganizationsRolesGetCall) Header() http.Header {
3311	if c.header_ == nil {
3312		c.header_ = make(http.Header)
3313	}
3314	return c.header_
3315}
3316
3317func (c *OrganizationsRolesGetCall) doRequest(alt string) (*http.Response, error) {
3318	reqHeaders := make(http.Header)
3319	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
3320	for k, v := range c.header_ {
3321		reqHeaders[k] = v
3322	}
3323	reqHeaders.Set("User-Agent", c.s.userAgent())
3324	if c.ifNoneMatch_ != "" {
3325		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
3326	}
3327	var body io.Reader = nil
3328	c.urlParams_.Set("alt", alt)
3329	c.urlParams_.Set("prettyPrint", "false")
3330	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
3331	urls += "?" + c.urlParams_.Encode()
3332	req, err := http.NewRequest("GET", urls, body)
3333	if err != nil {
3334		return nil, err
3335	}
3336	req.Header = reqHeaders
3337	googleapi.Expand(req.URL, map[string]string{
3338		"name": c.name,
3339	})
3340	return gensupport.SendRequest(c.ctx_, c.s.client, req)
3341}
3342
3343// Do executes the "iam.organizations.roles.get" call.
3344// Exactly one of *Role or error will be non-nil. Any non-2xx status
3345// code is an error. Response headers are in either
3346// *Role.ServerResponse.Header or (if a response was returned at all) in
3347// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
3348// whether the returned error was because http.StatusNotModified was
3349// returned.
3350func (c *OrganizationsRolesGetCall) Do(opts ...googleapi.CallOption) (*Role, error) {
3351	gensupport.SetOptions(c.urlParams_, opts...)
3352	res, err := c.doRequest("json")
3353	if res != nil && res.StatusCode == http.StatusNotModified {
3354		if res.Body != nil {
3355			res.Body.Close()
3356		}
3357		return nil, &googleapi.Error{
3358			Code:   res.StatusCode,
3359			Header: res.Header,
3360		}
3361	}
3362	if err != nil {
3363		return nil, err
3364	}
3365	defer googleapi.CloseBody(res)
3366	if err := googleapi.CheckResponse(res); err != nil {
3367		return nil, err
3368	}
3369	ret := &Role{
3370		ServerResponse: googleapi.ServerResponse{
3371			Header:         res.Header,
3372			HTTPStatusCode: res.StatusCode,
3373		},
3374	}
3375	target := &ret
3376	if err := gensupport.DecodeResponse(target, res); err != nil {
3377		return nil, err
3378	}
3379	return ret, nil
3380	// {
3381	//   "description": "Gets the definition of a Role.",
3382	//   "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}",
3383	//   "httpMethod": "GET",
3384	//   "id": "iam.organizations.roles.get",
3385	//   "parameterOrder": [
3386	//     "name"
3387	//   ],
3388	//   "parameters": {
3389	//     "name": {
3390	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`. This method returns results from all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
3391	//       "location": "path",
3392	//       "pattern": "^organizations/[^/]+/roles/[^/]+$",
3393	//       "required": true,
3394	//       "type": "string"
3395	//     }
3396	//   },
3397	//   "path": "v1/{+name}",
3398	//   "response": {
3399	//     "$ref": "Role"
3400	//   },
3401	//   "scopes": [
3402	//     "https://www.googleapis.com/auth/cloud-platform"
3403	//   ]
3404	// }
3405
3406}
3407
3408// method id "iam.organizations.roles.list":
3409
3410type OrganizationsRolesListCall struct {
3411	s            *Service
3412	parent       string
3413	urlParams_   gensupport.URLParams
3414	ifNoneMatch_ string
3415	ctx_         context.Context
3416	header_      http.Header
3417}
3418
3419// List: Lists every predefined Role that IAM supports, or every custom
3420// role that is defined for an organization or project.
3421//
3422// - parent: The `parent` parameter's value depends on the target
3423//   resource for the request, namely `roles`
3424//   (/iam/reference/rest/v1/roles), `projects`
3425//   (/iam/reference/rest/v1/projects.roles), or `organizations`
3426//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
3427//   `parent` value format is described below: * `roles.list()`
3428//   (/iam/reference/rest/v1/roles/list): An empty string. This method
3429//   doesn't require a resource; it simply returns all predefined roles
3430//   (/iam/docs/understanding-roles#predefined_roles) in Cloud IAM.
3431//   Example request URL: `https://iam.googleapis.com/v1/roles` *
3432//   `projects.roles.list()`
3433//   (/iam/reference/rest/v1/projects.roles/list):
3434//   `projects/{PROJECT_ID}`. This method lists all project-level custom
3435//   roles (/iam/docs/understanding-custom-roles). Example request URL:
3436//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` *
3437//   `organizations.roles.list()`
3438//   (/iam/reference/rest/v1/organizations.roles/list):
3439//   `organizations/{ORGANIZATION_ID}`. This method lists all
3440//   organization-level custom roles
3441//   (/iam/docs/understanding-custom-roles). Example request URL:
3442//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
3443//   ` Note: Wildcard (*) values are invalid; you must specify a
3444//   complete project ID or organization ID.
3445func (r *OrganizationsRolesService) List(parent string) *OrganizationsRolesListCall {
3446	c := &OrganizationsRolesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
3447	c.parent = parent
3448	return c
3449}
3450
3451// PageSize sets the optional parameter "pageSize": Optional limit on
3452// the number of roles to include in the response. The default is 300,
3453// and the maximum is 1,000.
3454func (c *OrganizationsRolesListCall) PageSize(pageSize int64) *OrganizationsRolesListCall {
3455	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
3456	return c
3457}
3458
3459// PageToken sets the optional parameter "pageToken": Optional
3460// pagination token returned in an earlier ListRolesResponse.
3461func (c *OrganizationsRolesListCall) PageToken(pageToken string) *OrganizationsRolesListCall {
3462	c.urlParams_.Set("pageToken", pageToken)
3463	return c
3464}
3465
3466// ShowDeleted sets the optional parameter "showDeleted": Include Roles
3467// that have been deleted.
3468func (c *OrganizationsRolesListCall) ShowDeleted(showDeleted bool) *OrganizationsRolesListCall {
3469	c.urlParams_.Set("showDeleted", fmt.Sprint(showDeleted))
3470	return c
3471}
3472
3473// View sets the optional parameter "view": Optional view for the
3474// returned Role objects. When `FULL` is specified, the
3475// `includedPermissions` field is returned, which includes a list of all
3476// permissions in the role. The default value is `BASIC`, which does not
3477// return the `includedPermissions` field.
3478//
3479// Possible values:
3480//   "BASIC" - Omits the `included_permissions` field. This is the
3481// default value.
3482//   "FULL" - Returns all fields.
3483func (c *OrganizationsRolesListCall) View(view string) *OrganizationsRolesListCall {
3484	c.urlParams_.Set("view", view)
3485	return c
3486}
3487
3488// Fields allows partial responses to be retrieved. See
3489// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
3490// for more information.
3491func (c *OrganizationsRolesListCall) Fields(s ...googleapi.Field) *OrganizationsRolesListCall {
3492	c.urlParams_.Set("fields", googleapi.CombineFields(s))
3493	return c
3494}
3495
3496// IfNoneMatch sets the optional parameter which makes the operation
3497// fail if the object's ETag matches the given value. This is useful for
3498// getting updates only after the object has changed since the last
3499// request. Use googleapi.IsNotModified to check whether the response
3500// error from Do is the result of In-None-Match.
3501func (c *OrganizationsRolesListCall) IfNoneMatch(entityTag string) *OrganizationsRolesListCall {
3502	c.ifNoneMatch_ = entityTag
3503	return c
3504}
3505
3506// Context sets the context to be used in this call's Do method. Any
3507// pending HTTP request will be aborted if the provided context is
3508// canceled.
3509func (c *OrganizationsRolesListCall) Context(ctx context.Context) *OrganizationsRolesListCall {
3510	c.ctx_ = ctx
3511	return c
3512}
3513
3514// Header returns an http.Header that can be modified by the caller to
3515// add HTTP headers to the request.
3516func (c *OrganizationsRolesListCall) Header() http.Header {
3517	if c.header_ == nil {
3518		c.header_ = make(http.Header)
3519	}
3520	return c.header_
3521}
3522
3523func (c *OrganizationsRolesListCall) doRequest(alt string) (*http.Response, error) {
3524	reqHeaders := make(http.Header)
3525	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
3526	for k, v := range c.header_ {
3527		reqHeaders[k] = v
3528	}
3529	reqHeaders.Set("User-Agent", c.s.userAgent())
3530	if c.ifNoneMatch_ != "" {
3531		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
3532	}
3533	var body io.Reader = nil
3534	c.urlParams_.Set("alt", alt)
3535	c.urlParams_.Set("prettyPrint", "false")
3536	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/roles")
3537	urls += "?" + c.urlParams_.Encode()
3538	req, err := http.NewRequest("GET", urls, body)
3539	if err != nil {
3540		return nil, err
3541	}
3542	req.Header = reqHeaders
3543	googleapi.Expand(req.URL, map[string]string{
3544		"parent": c.parent,
3545	})
3546	return gensupport.SendRequest(c.ctx_, c.s.client, req)
3547}
3548
3549// Do executes the "iam.organizations.roles.list" call.
3550// Exactly one of *ListRolesResponse or error will be non-nil. Any
3551// non-2xx status code is an error. Response headers are in either
3552// *ListRolesResponse.ServerResponse.Header or (if a response was
3553// returned at all) in error.(*googleapi.Error).Header. Use
3554// googleapi.IsNotModified to check whether the returned error was
3555// because http.StatusNotModified was returned.
3556func (c *OrganizationsRolesListCall) Do(opts ...googleapi.CallOption) (*ListRolesResponse, error) {
3557	gensupport.SetOptions(c.urlParams_, opts...)
3558	res, err := c.doRequest("json")
3559	if res != nil && res.StatusCode == http.StatusNotModified {
3560		if res.Body != nil {
3561			res.Body.Close()
3562		}
3563		return nil, &googleapi.Error{
3564			Code:   res.StatusCode,
3565			Header: res.Header,
3566		}
3567	}
3568	if err != nil {
3569		return nil, err
3570	}
3571	defer googleapi.CloseBody(res)
3572	if err := googleapi.CheckResponse(res); err != nil {
3573		return nil, err
3574	}
3575	ret := &ListRolesResponse{
3576		ServerResponse: googleapi.ServerResponse{
3577			Header:         res.Header,
3578			HTTPStatusCode: res.StatusCode,
3579		},
3580	}
3581	target := &ret
3582	if err := gensupport.DecodeResponse(target, res); err != nil {
3583		return nil, err
3584	}
3585	return ret, nil
3586	// {
3587	//   "description": "Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.",
3588	//   "flatPath": "v1/organizations/{organizationsId}/roles",
3589	//   "httpMethod": "GET",
3590	//   "id": "iam.organizations.roles.list",
3591	//   "parameterOrder": [
3592	//     "parent"
3593	//   ],
3594	//   "parameters": {
3595	//     "pageSize": {
3596	//       "description": "Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.",
3597	//       "format": "int32",
3598	//       "location": "query",
3599	//       "type": "integer"
3600	//     },
3601	//     "pageToken": {
3602	//       "description": "Optional pagination token returned in an earlier ListRolesResponse.",
3603	//       "location": "query",
3604	//       "type": "string"
3605	//     },
3606	//     "parent": {
3607	//       "description": "The `parent` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. This method doesn't require a resource; it simply returns all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list): `projects/{PROJECT_ID}`. This method lists all project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list): `organizations/{ORGANIZATION_ID}`. This method lists all organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
3608	//       "location": "path",
3609	//       "pattern": "^organizations/[^/]+$",
3610	//       "required": true,
3611	//       "type": "string"
3612	//     },
3613	//     "showDeleted": {
3614	//       "description": "Include Roles that have been deleted.",
3615	//       "location": "query",
3616	//       "type": "boolean"
3617	//     },
3618	//     "view": {
3619	//       "description": "Optional view for the returned Role objects. When `FULL` is specified, the `includedPermissions` field is returned, which includes a list of all permissions in the role. The default value is `BASIC`, which does not return the `includedPermissions` field.",
3620	//       "enum": [
3621	//         "BASIC",
3622	//         "FULL"
3623	//       ],
3624	//       "enumDescriptions": [
3625	//         "Omits the `included_permissions` field. This is the default value.",
3626	//         "Returns all fields."
3627	//       ],
3628	//       "location": "query",
3629	//       "type": "string"
3630	//     }
3631	//   },
3632	//   "path": "v1/{+parent}/roles",
3633	//   "response": {
3634	//     "$ref": "ListRolesResponse"
3635	//   },
3636	//   "scopes": [
3637	//     "https://www.googleapis.com/auth/cloud-platform"
3638	//   ]
3639	// }
3640
3641}
3642
3643// Pages invokes f for each page of results.
3644// A non-nil error returned from f will halt the iteration.
3645// The provided context supersedes any context provided to the Context method.
3646func (c *OrganizationsRolesListCall) Pages(ctx context.Context, f func(*ListRolesResponse) error) error {
3647	c.ctx_ = ctx
3648	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
3649	for {
3650		x, err := c.Do()
3651		if err != nil {
3652			return err
3653		}
3654		if err := f(x); err != nil {
3655			return err
3656		}
3657		if x.NextPageToken == "" {
3658			return nil
3659		}
3660		c.PageToken(x.NextPageToken)
3661	}
3662}
3663
3664// method id "iam.organizations.roles.patch":
3665
3666type OrganizationsRolesPatchCall struct {
3667	s          *Service
3668	name       string
3669	role       *Role
3670	urlParams_ gensupport.URLParams
3671	ctx_       context.Context
3672	header_    http.Header
3673}
3674
3675// Patch: Updates the definition of a custom Role.
3676//
3677// - name: The `name` parameter's value depends on the target resource
3678//   for the request, namely `projects`
3679//   (/iam/reference/rest/v1/projects.roles) or `organizations`
3680//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
3681//   `name` value format is described below: * `projects.roles.patch()`
3682//   (/iam/reference/rest/v1/projects.roles/patch):
3683//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates
3684//   only custom roles (/iam/docs/understanding-custom-roles) that have
3685//   been created at the project level. Example request URL:
3686//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
3687//   OLE_ID}` * `organizations.roles.patch()`
3688//   (/iam/reference/rest/v1/organizations.roles/patch):
3689//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
3690//   method updates only custom roles
3691//   (/iam/docs/understanding-custom-roles) that have been created at
3692//   the organization level. Example request URL:
3693//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
3694//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
3695//   specify a complete project ID or organization ID.
3696func (r *OrganizationsRolesService) Patch(name string, role *Role) *OrganizationsRolesPatchCall {
3697	c := &OrganizationsRolesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
3698	c.name = name
3699	c.role = role
3700	return c
3701}
3702
3703// UpdateMask sets the optional parameter "updateMask": A mask
3704// describing which fields in the Role have changed.
3705func (c *OrganizationsRolesPatchCall) UpdateMask(updateMask string) *OrganizationsRolesPatchCall {
3706	c.urlParams_.Set("updateMask", updateMask)
3707	return c
3708}
3709
3710// Fields allows partial responses to be retrieved. See
3711// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
3712// for more information.
3713func (c *OrganizationsRolesPatchCall) Fields(s ...googleapi.Field) *OrganizationsRolesPatchCall {
3714	c.urlParams_.Set("fields", googleapi.CombineFields(s))
3715	return c
3716}
3717
3718// Context sets the context to be used in this call's Do method. Any
3719// pending HTTP request will be aborted if the provided context is
3720// canceled.
3721func (c *OrganizationsRolesPatchCall) Context(ctx context.Context) *OrganizationsRolesPatchCall {
3722	c.ctx_ = ctx
3723	return c
3724}
3725
3726// Header returns an http.Header that can be modified by the caller to
3727// add HTTP headers to the request.
3728func (c *OrganizationsRolesPatchCall) Header() http.Header {
3729	if c.header_ == nil {
3730		c.header_ = make(http.Header)
3731	}
3732	return c.header_
3733}
3734
3735func (c *OrganizationsRolesPatchCall) doRequest(alt string) (*http.Response, error) {
3736	reqHeaders := make(http.Header)
3737	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
3738	for k, v := range c.header_ {
3739		reqHeaders[k] = v
3740	}
3741	reqHeaders.Set("User-Agent", c.s.userAgent())
3742	var body io.Reader = nil
3743	body, err := googleapi.WithoutDataWrapper.JSONReader(c.role)
3744	if err != nil {
3745		return nil, err
3746	}
3747	reqHeaders.Set("Content-Type", "application/json")
3748	c.urlParams_.Set("alt", alt)
3749	c.urlParams_.Set("prettyPrint", "false")
3750	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
3751	urls += "?" + c.urlParams_.Encode()
3752	req, err := http.NewRequest("PATCH", urls, body)
3753	if err != nil {
3754		return nil, err
3755	}
3756	req.Header = reqHeaders
3757	googleapi.Expand(req.URL, map[string]string{
3758		"name": c.name,
3759	})
3760	return gensupport.SendRequest(c.ctx_, c.s.client, req)
3761}
3762
3763// Do executes the "iam.organizations.roles.patch" call.
3764// Exactly one of *Role or error will be non-nil. Any non-2xx status
3765// code is an error. Response headers are in either
3766// *Role.ServerResponse.Header or (if a response was returned at all) in
3767// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
3768// whether the returned error was because http.StatusNotModified was
3769// returned.
3770func (c *OrganizationsRolesPatchCall) Do(opts ...googleapi.CallOption) (*Role, error) {
3771	gensupport.SetOptions(c.urlParams_, opts...)
3772	res, err := c.doRequest("json")
3773	if res != nil && res.StatusCode == http.StatusNotModified {
3774		if res.Body != nil {
3775			res.Body.Close()
3776		}
3777		return nil, &googleapi.Error{
3778			Code:   res.StatusCode,
3779			Header: res.Header,
3780		}
3781	}
3782	if err != nil {
3783		return nil, err
3784	}
3785	defer googleapi.CloseBody(res)
3786	if err := googleapi.CheckResponse(res); err != nil {
3787		return nil, err
3788	}
3789	ret := &Role{
3790		ServerResponse: googleapi.ServerResponse{
3791			Header:         res.Header,
3792			HTTPStatusCode: res.StatusCode,
3793		},
3794	}
3795	target := &ret
3796	if err := gensupport.DecodeResponse(target, res); err != nil {
3797		return nil, err
3798	}
3799	return ret, nil
3800	// {
3801	//   "description": "Updates the definition of a custom Role.",
3802	//   "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}",
3803	//   "httpMethod": "PATCH",
3804	//   "id": "iam.organizations.roles.patch",
3805	//   "parameterOrder": [
3806	//     "name"
3807	//   ],
3808	//   "parameters": {
3809	//     "name": {
3810	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
3811	//       "location": "path",
3812	//       "pattern": "^organizations/[^/]+/roles/[^/]+$",
3813	//       "required": true,
3814	//       "type": "string"
3815	//     },
3816	//     "updateMask": {
3817	//       "description": "A mask describing which fields in the Role have changed.",
3818	//       "format": "google-fieldmask",
3819	//       "location": "query",
3820	//       "type": "string"
3821	//     }
3822	//   },
3823	//   "path": "v1/{+name}",
3824	//   "request": {
3825	//     "$ref": "Role"
3826	//   },
3827	//   "response": {
3828	//     "$ref": "Role"
3829	//   },
3830	//   "scopes": [
3831	//     "https://www.googleapis.com/auth/cloud-platform"
3832	//   ]
3833	// }
3834
3835}
3836
3837// method id "iam.organizations.roles.undelete":
3838
3839type OrganizationsRolesUndeleteCall struct {
3840	s                   *Service
3841	name                string
3842	undeleterolerequest *UndeleteRoleRequest
3843	urlParams_          gensupport.URLParams
3844	ctx_                context.Context
3845	header_             http.Header
3846}
3847
3848// Undelete: Undeletes a custom Role.
3849//
3850// - name: The `name` parameter's value depends on the target resource
3851//   for the request, namely `projects`
3852//   (/iam/reference/rest/v1/projects.roles) or `organizations`
3853//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
3854//   `name` value format is described below: *
3855//   `projects.roles.undelete()`
3856//   (/iam/reference/rest/v1/projects.roles/undelete):
3857//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method
3858//   undeletes only custom roles (/iam/docs/understanding-custom-roles)
3859//   that have been created at the project level. Example request URL:
3860//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
3861//   OLE_ID}` * `organizations.roles.undelete()`
3862//   (/iam/reference/rest/v1/organizations.roles/undelete):
3863//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
3864//   method undeletes only custom roles
3865//   (/iam/docs/understanding-custom-roles) that have been created at
3866//   the organization level. Example request URL:
3867//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
3868//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
3869//   specify a complete project ID or organization ID.
3870func (r *OrganizationsRolesService) Undelete(name string, undeleterolerequest *UndeleteRoleRequest) *OrganizationsRolesUndeleteCall {
3871	c := &OrganizationsRolesUndeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
3872	c.name = name
3873	c.undeleterolerequest = undeleterolerequest
3874	return c
3875}
3876
3877// Fields allows partial responses to be retrieved. See
3878// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
3879// for more information.
3880func (c *OrganizationsRolesUndeleteCall) Fields(s ...googleapi.Field) *OrganizationsRolesUndeleteCall {
3881	c.urlParams_.Set("fields", googleapi.CombineFields(s))
3882	return c
3883}
3884
3885// Context sets the context to be used in this call's Do method. Any
3886// pending HTTP request will be aborted if the provided context is
3887// canceled.
3888func (c *OrganizationsRolesUndeleteCall) Context(ctx context.Context) *OrganizationsRolesUndeleteCall {
3889	c.ctx_ = ctx
3890	return c
3891}
3892
3893// Header returns an http.Header that can be modified by the caller to
3894// add HTTP headers to the request.
3895func (c *OrganizationsRolesUndeleteCall) Header() http.Header {
3896	if c.header_ == nil {
3897		c.header_ = make(http.Header)
3898	}
3899	return c.header_
3900}
3901
3902func (c *OrganizationsRolesUndeleteCall) doRequest(alt string) (*http.Response, error) {
3903	reqHeaders := make(http.Header)
3904	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
3905	for k, v := range c.header_ {
3906		reqHeaders[k] = v
3907	}
3908	reqHeaders.Set("User-Agent", c.s.userAgent())
3909	var body io.Reader = nil
3910	body, err := googleapi.WithoutDataWrapper.JSONReader(c.undeleterolerequest)
3911	if err != nil {
3912		return nil, err
3913	}
3914	reqHeaders.Set("Content-Type", "application/json")
3915	c.urlParams_.Set("alt", alt)
3916	c.urlParams_.Set("prettyPrint", "false")
3917	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:undelete")
3918	urls += "?" + c.urlParams_.Encode()
3919	req, err := http.NewRequest("POST", urls, body)
3920	if err != nil {
3921		return nil, err
3922	}
3923	req.Header = reqHeaders
3924	googleapi.Expand(req.URL, map[string]string{
3925		"name": c.name,
3926	})
3927	return gensupport.SendRequest(c.ctx_, c.s.client, req)
3928}
3929
3930// Do executes the "iam.organizations.roles.undelete" call.
3931// Exactly one of *Role or error will be non-nil. Any non-2xx status
3932// code is an error. Response headers are in either
3933// *Role.ServerResponse.Header or (if a response was returned at all) in
3934// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
3935// whether the returned error was because http.StatusNotModified was
3936// returned.
3937func (c *OrganizationsRolesUndeleteCall) Do(opts ...googleapi.CallOption) (*Role, error) {
3938	gensupport.SetOptions(c.urlParams_, opts...)
3939	res, err := c.doRequest("json")
3940	if res != nil && res.StatusCode == http.StatusNotModified {
3941		if res.Body != nil {
3942			res.Body.Close()
3943		}
3944		return nil, &googleapi.Error{
3945			Code:   res.StatusCode,
3946			Header: res.Header,
3947		}
3948	}
3949	if err != nil {
3950		return nil, err
3951	}
3952	defer googleapi.CloseBody(res)
3953	if err := googleapi.CheckResponse(res); err != nil {
3954		return nil, err
3955	}
3956	ret := &Role{
3957		ServerResponse: googleapi.ServerResponse{
3958			Header:         res.Header,
3959			HTTPStatusCode: res.StatusCode,
3960		},
3961	}
3962	target := &ret
3963	if err := gensupport.DecodeResponse(target, res); err != nil {
3964		return nil, err
3965	}
3966	return ret, nil
3967	// {
3968	//   "description": "Undeletes a custom Role.",
3969	//   "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}:undelete",
3970	//   "httpMethod": "POST",
3971	//   "id": "iam.organizations.roles.undelete",
3972	//   "parameterOrder": [
3973	//     "name"
3974	//   ],
3975	//   "parameters": {
3976	//     "name": {
3977	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations.roles/undelete): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
3978	//       "location": "path",
3979	//       "pattern": "^organizations/[^/]+/roles/[^/]+$",
3980	//       "required": true,
3981	//       "type": "string"
3982	//     }
3983	//   },
3984	//   "path": "v1/{+name}:undelete",
3985	//   "request": {
3986	//     "$ref": "UndeleteRoleRequest"
3987	//   },
3988	//   "response": {
3989	//     "$ref": "Role"
3990	//   },
3991	//   "scopes": [
3992	//     "https://www.googleapis.com/auth/cloud-platform"
3993	//   ]
3994	// }
3995
3996}
3997
3998// method id "iam.permissions.queryTestablePermissions":
3999
4000type PermissionsQueryTestablePermissionsCall struct {
4001	s                               *Service
4002	querytestablepermissionsrequest *QueryTestablePermissionsRequest
4003	urlParams_                      gensupport.URLParams
4004	ctx_                            context.Context
4005	header_                         http.Header
4006}
4007
4008// QueryTestablePermissions: Lists every permission that you can test on
4009// a resource. A permission is testable if you can check whether a
4010// member has that permission on the resource.
4011func (r *PermissionsService) QueryTestablePermissions(querytestablepermissionsrequest *QueryTestablePermissionsRequest) *PermissionsQueryTestablePermissionsCall {
4012	c := &PermissionsQueryTestablePermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4013	c.querytestablepermissionsrequest = querytestablepermissionsrequest
4014	return c
4015}
4016
4017// Fields allows partial responses to be retrieved. See
4018// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4019// for more information.
4020func (c *PermissionsQueryTestablePermissionsCall) Fields(s ...googleapi.Field) *PermissionsQueryTestablePermissionsCall {
4021	c.urlParams_.Set("fields", googleapi.CombineFields(s))
4022	return c
4023}
4024
4025// Context sets the context to be used in this call's Do method. Any
4026// pending HTTP request will be aborted if the provided context is
4027// canceled.
4028func (c *PermissionsQueryTestablePermissionsCall) Context(ctx context.Context) *PermissionsQueryTestablePermissionsCall {
4029	c.ctx_ = ctx
4030	return c
4031}
4032
4033// Header returns an http.Header that can be modified by the caller to
4034// add HTTP headers to the request.
4035func (c *PermissionsQueryTestablePermissionsCall) Header() http.Header {
4036	if c.header_ == nil {
4037		c.header_ = make(http.Header)
4038	}
4039	return c.header_
4040}
4041
4042func (c *PermissionsQueryTestablePermissionsCall) doRequest(alt string) (*http.Response, error) {
4043	reqHeaders := make(http.Header)
4044	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
4045	for k, v := range c.header_ {
4046		reqHeaders[k] = v
4047	}
4048	reqHeaders.Set("User-Agent", c.s.userAgent())
4049	var body io.Reader = nil
4050	body, err := googleapi.WithoutDataWrapper.JSONReader(c.querytestablepermissionsrequest)
4051	if err != nil {
4052		return nil, err
4053	}
4054	reqHeaders.Set("Content-Type", "application/json")
4055	c.urlParams_.Set("alt", alt)
4056	c.urlParams_.Set("prettyPrint", "false")
4057	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/permissions:queryTestablePermissions")
4058	urls += "?" + c.urlParams_.Encode()
4059	req, err := http.NewRequest("POST", urls, body)
4060	if err != nil {
4061		return nil, err
4062	}
4063	req.Header = reqHeaders
4064	return gensupport.SendRequest(c.ctx_, c.s.client, req)
4065}
4066
4067// Do executes the "iam.permissions.queryTestablePermissions" call.
4068// Exactly one of *QueryTestablePermissionsResponse or error will be
4069// non-nil. Any non-2xx status code is an error. Response headers are in
4070// either *QueryTestablePermissionsResponse.ServerResponse.Header or (if
4071// a response was returned at all) in error.(*googleapi.Error).Header.
4072// Use googleapi.IsNotModified to check whether the returned error was
4073// because http.StatusNotModified was returned.
4074func (c *PermissionsQueryTestablePermissionsCall) Do(opts ...googleapi.CallOption) (*QueryTestablePermissionsResponse, error) {
4075	gensupport.SetOptions(c.urlParams_, opts...)
4076	res, err := c.doRequest("json")
4077	if res != nil && res.StatusCode == http.StatusNotModified {
4078		if res.Body != nil {
4079			res.Body.Close()
4080		}
4081		return nil, &googleapi.Error{
4082			Code:   res.StatusCode,
4083			Header: res.Header,
4084		}
4085	}
4086	if err != nil {
4087		return nil, err
4088	}
4089	defer googleapi.CloseBody(res)
4090	if err := googleapi.CheckResponse(res); err != nil {
4091		return nil, err
4092	}
4093	ret := &QueryTestablePermissionsResponse{
4094		ServerResponse: googleapi.ServerResponse{
4095			Header:         res.Header,
4096			HTTPStatusCode: res.StatusCode,
4097		},
4098	}
4099	target := &ret
4100	if err := gensupport.DecodeResponse(target, res); err != nil {
4101		return nil, err
4102	}
4103	return ret, nil
4104	// {
4105	//   "description": "Lists every permission that you can test on a resource. A permission is testable if you can check whether a member has that permission on the resource.",
4106	//   "flatPath": "v1/permissions:queryTestablePermissions",
4107	//   "httpMethod": "POST",
4108	//   "id": "iam.permissions.queryTestablePermissions",
4109	//   "parameterOrder": [],
4110	//   "parameters": {},
4111	//   "path": "v1/permissions:queryTestablePermissions",
4112	//   "request": {
4113	//     "$ref": "QueryTestablePermissionsRequest"
4114	//   },
4115	//   "response": {
4116	//     "$ref": "QueryTestablePermissionsResponse"
4117	//   },
4118	//   "scopes": [
4119	//     "https://www.googleapis.com/auth/cloud-platform"
4120	//   ]
4121	// }
4122
4123}
4124
4125// Pages invokes f for each page of results.
4126// A non-nil error returned from f will halt the iteration.
4127// The provided context supersedes any context provided to the Context method.
4128func (c *PermissionsQueryTestablePermissionsCall) Pages(ctx context.Context, f func(*QueryTestablePermissionsResponse) error) error {
4129	c.ctx_ = ctx
4130	defer func(pt string) { c.querytestablepermissionsrequest.PageToken = pt }(c.querytestablepermissionsrequest.PageToken) // reset paging to original point
4131	for {
4132		x, err := c.Do()
4133		if err != nil {
4134			return err
4135		}
4136		if err := f(x); err != nil {
4137			return err
4138		}
4139		if x.NextPageToken == "" {
4140			return nil
4141		}
4142		c.querytestablepermissionsrequest.PageToken = x.NextPageToken
4143	}
4144}
4145
4146// method id "iam.projects.locations.workloadIdentityPools.create":
4147
4148type ProjectsLocationsWorkloadIdentityPoolsCreateCall struct {
4149	s                    *Service
4150	parent               string
4151	workloadidentitypool *WorkloadIdentityPool
4152	urlParams_           gensupport.URLParams
4153	ctx_                 context.Context
4154	header_              http.Header
4155}
4156
4157// Create: Creates a new WorkloadIdentityPool. You cannot reuse the name
4158// of a deleted pool until 30 days after deletion.
4159//
4160// - parent: The parent resource to create the pool in. The only
4161//   supported location is `global`.
4162func (r *ProjectsLocationsWorkloadIdentityPoolsService) Create(parent string, workloadidentitypool *WorkloadIdentityPool) *ProjectsLocationsWorkloadIdentityPoolsCreateCall {
4163	c := &ProjectsLocationsWorkloadIdentityPoolsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4164	c.parent = parent
4165	c.workloadidentitypool = workloadidentitypool
4166	return c
4167}
4168
4169// WorkloadIdentityPoolId sets the optional parameter
4170// "workloadIdentityPoolId": Required. The ID to use for the pool, which
4171// becomes the final component of the resource name. This value should
4172// be 4-32 characters, and may contain the characters [a-z0-9-]. The
4173// prefix `gcp-` is reserved for use by Google, and may not be
4174// specified.
4175func (c *ProjectsLocationsWorkloadIdentityPoolsCreateCall) WorkloadIdentityPoolId(workloadIdentityPoolId string) *ProjectsLocationsWorkloadIdentityPoolsCreateCall {
4176	c.urlParams_.Set("workloadIdentityPoolId", workloadIdentityPoolId)
4177	return c
4178}
4179
4180// Fields allows partial responses to be retrieved. See
4181// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4182// for more information.
4183func (c *ProjectsLocationsWorkloadIdentityPoolsCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsCreateCall {
4184	c.urlParams_.Set("fields", googleapi.CombineFields(s))
4185	return c
4186}
4187
4188// Context sets the context to be used in this call's Do method. Any
4189// pending HTTP request will be aborted if the provided context is
4190// canceled.
4191func (c *ProjectsLocationsWorkloadIdentityPoolsCreateCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsCreateCall {
4192	c.ctx_ = ctx
4193	return c
4194}
4195
4196// Header returns an http.Header that can be modified by the caller to
4197// add HTTP headers to the request.
4198func (c *ProjectsLocationsWorkloadIdentityPoolsCreateCall) Header() http.Header {
4199	if c.header_ == nil {
4200		c.header_ = make(http.Header)
4201	}
4202	return c.header_
4203}
4204
4205func (c *ProjectsLocationsWorkloadIdentityPoolsCreateCall) doRequest(alt string) (*http.Response, error) {
4206	reqHeaders := make(http.Header)
4207	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
4208	for k, v := range c.header_ {
4209		reqHeaders[k] = v
4210	}
4211	reqHeaders.Set("User-Agent", c.s.userAgent())
4212	var body io.Reader = nil
4213	body, err := googleapi.WithoutDataWrapper.JSONReader(c.workloadidentitypool)
4214	if err != nil {
4215		return nil, err
4216	}
4217	reqHeaders.Set("Content-Type", "application/json")
4218	c.urlParams_.Set("alt", alt)
4219	c.urlParams_.Set("prettyPrint", "false")
4220	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/workloadIdentityPools")
4221	urls += "?" + c.urlParams_.Encode()
4222	req, err := http.NewRequest("POST", urls, body)
4223	if err != nil {
4224		return nil, err
4225	}
4226	req.Header = reqHeaders
4227	googleapi.Expand(req.URL, map[string]string{
4228		"parent": c.parent,
4229	})
4230	return gensupport.SendRequest(c.ctx_, c.s.client, req)
4231}
4232
4233// Do executes the "iam.projects.locations.workloadIdentityPools.create" call.
4234// Exactly one of *Operation or error will be non-nil. Any non-2xx
4235// status code is an error. Response headers are in either
4236// *Operation.ServerResponse.Header or (if a response was returned at
4237// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
4238// to check whether the returned error was because
4239// http.StatusNotModified was returned.
4240func (c *ProjectsLocationsWorkloadIdentityPoolsCreateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
4241	gensupport.SetOptions(c.urlParams_, opts...)
4242	res, err := c.doRequest("json")
4243	if res != nil && res.StatusCode == http.StatusNotModified {
4244		if res.Body != nil {
4245			res.Body.Close()
4246		}
4247		return nil, &googleapi.Error{
4248			Code:   res.StatusCode,
4249			Header: res.Header,
4250		}
4251	}
4252	if err != nil {
4253		return nil, err
4254	}
4255	defer googleapi.CloseBody(res)
4256	if err := googleapi.CheckResponse(res); err != nil {
4257		return nil, err
4258	}
4259	ret := &Operation{
4260		ServerResponse: googleapi.ServerResponse{
4261			Header:         res.Header,
4262			HTTPStatusCode: res.StatusCode,
4263		},
4264	}
4265	target := &ret
4266	if err := gensupport.DecodeResponse(target, res); err != nil {
4267		return nil, err
4268	}
4269	return ret, nil
4270	// {
4271	//   "description": "Creates a new WorkloadIdentityPool. You cannot reuse the name of a deleted pool until 30 days after deletion.",
4272	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools",
4273	//   "httpMethod": "POST",
4274	//   "id": "iam.projects.locations.workloadIdentityPools.create",
4275	//   "parameterOrder": [
4276	//     "parent"
4277	//   ],
4278	//   "parameters": {
4279	//     "parent": {
4280	//       "description": "Required. The parent resource to create the pool in. The only supported location is `global`.",
4281	//       "location": "path",
4282	//       "pattern": "^projects/[^/]+/locations/[^/]+$",
4283	//       "required": true,
4284	//       "type": "string"
4285	//     },
4286	//     "workloadIdentityPoolId": {
4287	//       "description": "Required. The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.",
4288	//       "location": "query",
4289	//       "type": "string"
4290	//     }
4291	//   },
4292	//   "path": "v1/{+parent}/workloadIdentityPools",
4293	//   "request": {
4294	//     "$ref": "WorkloadIdentityPool"
4295	//   },
4296	//   "response": {
4297	//     "$ref": "Operation"
4298	//   },
4299	//   "scopes": [
4300	//     "https://www.googleapis.com/auth/cloud-platform"
4301	//   ]
4302	// }
4303
4304}
4305
4306// method id "iam.projects.locations.workloadIdentityPools.delete":
4307
4308type ProjectsLocationsWorkloadIdentityPoolsDeleteCall struct {
4309	s          *Service
4310	name       string
4311	urlParams_ gensupport.URLParams
4312	ctx_       context.Context
4313	header_    http.Header
4314}
4315
4316// Delete: Deletes a WorkloadIdentityPool. You cannot use a deleted pool
4317// to exchange external credentials for Google Cloud credentials.
4318// However, deletion does not revoke credentials that have already been
4319// issued. Credentials issued for a deleted pool do not grant access to
4320// resources. If the pool is undeleted, and the credentials are not
4321// expired, they grant access again. You can undelete a pool for 30
4322// days. After 30 days, deletion is permanent. You cannot update deleted
4323// pools. However, you can view and list them.
4324//
4325// - name: The name of the pool to delete.
4326func (r *ProjectsLocationsWorkloadIdentityPoolsService) Delete(name string) *ProjectsLocationsWorkloadIdentityPoolsDeleteCall {
4327	c := &ProjectsLocationsWorkloadIdentityPoolsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4328	c.name = name
4329	return c
4330}
4331
4332// Fields allows partial responses to be retrieved. See
4333// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4334// for more information.
4335func (c *ProjectsLocationsWorkloadIdentityPoolsDeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsDeleteCall {
4336	c.urlParams_.Set("fields", googleapi.CombineFields(s))
4337	return c
4338}
4339
4340// Context sets the context to be used in this call's Do method. Any
4341// pending HTTP request will be aborted if the provided context is
4342// canceled.
4343func (c *ProjectsLocationsWorkloadIdentityPoolsDeleteCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsDeleteCall {
4344	c.ctx_ = ctx
4345	return c
4346}
4347
4348// Header returns an http.Header that can be modified by the caller to
4349// add HTTP headers to the request.
4350func (c *ProjectsLocationsWorkloadIdentityPoolsDeleteCall) Header() http.Header {
4351	if c.header_ == nil {
4352		c.header_ = make(http.Header)
4353	}
4354	return c.header_
4355}
4356
4357func (c *ProjectsLocationsWorkloadIdentityPoolsDeleteCall) doRequest(alt string) (*http.Response, error) {
4358	reqHeaders := make(http.Header)
4359	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
4360	for k, v := range c.header_ {
4361		reqHeaders[k] = v
4362	}
4363	reqHeaders.Set("User-Agent", c.s.userAgent())
4364	var body io.Reader = nil
4365	c.urlParams_.Set("alt", alt)
4366	c.urlParams_.Set("prettyPrint", "false")
4367	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
4368	urls += "?" + c.urlParams_.Encode()
4369	req, err := http.NewRequest("DELETE", urls, body)
4370	if err != nil {
4371		return nil, err
4372	}
4373	req.Header = reqHeaders
4374	googleapi.Expand(req.URL, map[string]string{
4375		"name": c.name,
4376	})
4377	return gensupport.SendRequest(c.ctx_, c.s.client, req)
4378}
4379
4380// Do executes the "iam.projects.locations.workloadIdentityPools.delete" call.
4381// Exactly one of *Operation or error will be non-nil. Any non-2xx
4382// status code is an error. Response headers are in either
4383// *Operation.ServerResponse.Header or (if a response was returned at
4384// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
4385// to check whether the returned error was because
4386// http.StatusNotModified was returned.
4387func (c *ProjectsLocationsWorkloadIdentityPoolsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
4388	gensupport.SetOptions(c.urlParams_, opts...)
4389	res, err := c.doRequest("json")
4390	if res != nil && res.StatusCode == http.StatusNotModified {
4391		if res.Body != nil {
4392			res.Body.Close()
4393		}
4394		return nil, &googleapi.Error{
4395			Code:   res.StatusCode,
4396			Header: res.Header,
4397		}
4398	}
4399	if err != nil {
4400		return nil, err
4401	}
4402	defer googleapi.CloseBody(res)
4403	if err := googleapi.CheckResponse(res); err != nil {
4404		return nil, err
4405	}
4406	ret := &Operation{
4407		ServerResponse: googleapi.ServerResponse{
4408			Header:         res.Header,
4409			HTTPStatusCode: res.StatusCode,
4410		},
4411	}
4412	target := &ret
4413	if err := gensupport.DecodeResponse(target, res); err != nil {
4414		return nil, err
4415	}
4416	return ret, nil
4417	// {
4418	//   "description": "Deletes a WorkloadIdentityPool. You cannot use a deleted pool to exchange external credentials for Google Cloud credentials. However, deletion does not revoke credentials that have already been issued. Credentials issued for a deleted pool do not grant access to resources. If the pool is undeleted, and the credentials are not expired, they grant access again. You can undelete a pool for 30 days. After 30 days, deletion is permanent. You cannot update deleted pools. However, you can view and list them.",
4419	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}",
4420	//   "httpMethod": "DELETE",
4421	//   "id": "iam.projects.locations.workloadIdentityPools.delete",
4422	//   "parameterOrder": [
4423	//     "name"
4424	//   ],
4425	//   "parameters": {
4426	//     "name": {
4427	//       "description": "Required. The name of the pool to delete.",
4428	//       "location": "path",
4429	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+$",
4430	//       "required": true,
4431	//       "type": "string"
4432	//     }
4433	//   },
4434	//   "path": "v1/{+name}",
4435	//   "response": {
4436	//     "$ref": "Operation"
4437	//   },
4438	//   "scopes": [
4439	//     "https://www.googleapis.com/auth/cloud-platform"
4440	//   ]
4441	// }
4442
4443}
4444
4445// method id "iam.projects.locations.workloadIdentityPools.get":
4446
4447type ProjectsLocationsWorkloadIdentityPoolsGetCall struct {
4448	s            *Service
4449	name         string
4450	urlParams_   gensupport.URLParams
4451	ifNoneMatch_ string
4452	ctx_         context.Context
4453	header_      http.Header
4454}
4455
4456// Get: Gets an individual WorkloadIdentityPool.
4457//
4458// - name: The name of the pool to retrieve.
4459func (r *ProjectsLocationsWorkloadIdentityPoolsService) Get(name string) *ProjectsLocationsWorkloadIdentityPoolsGetCall {
4460	c := &ProjectsLocationsWorkloadIdentityPoolsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4461	c.name = name
4462	return c
4463}
4464
4465// Fields allows partial responses to be retrieved. See
4466// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4467// for more information.
4468func (c *ProjectsLocationsWorkloadIdentityPoolsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsGetCall {
4469	c.urlParams_.Set("fields", googleapi.CombineFields(s))
4470	return c
4471}
4472
4473// IfNoneMatch sets the optional parameter which makes the operation
4474// fail if the object's ETag matches the given value. This is useful for
4475// getting updates only after the object has changed since the last
4476// request. Use googleapi.IsNotModified to check whether the response
4477// error from Do is the result of In-None-Match.
4478func (c *ProjectsLocationsWorkloadIdentityPoolsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsWorkloadIdentityPoolsGetCall {
4479	c.ifNoneMatch_ = entityTag
4480	return c
4481}
4482
4483// Context sets the context to be used in this call's Do method. Any
4484// pending HTTP request will be aborted if the provided context is
4485// canceled.
4486func (c *ProjectsLocationsWorkloadIdentityPoolsGetCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsGetCall {
4487	c.ctx_ = ctx
4488	return c
4489}
4490
4491// Header returns an http.Header that can be modified by the caller to
4492// add HTTP headers to the request.
4493func (c *ProjectsLocationsWorkloadIdentityPoolsGetCall) Header() http.Header {
4494	if c.header_ == nil {
4495		c.header_ = make(http.Header)
4496	}
4497	return c.header_
4498}
4499
4500func (c *ProjectsLocationsWorkloadIdentityPoolsGetCall) doRequest(alt string) (*http.Response, error) {
4501	reqHeaders := make(http.Header)
4502	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
4503	for k, v := range c.header_ {
4504		reqHeaders[k] = v
4505	}
4506	reqHeaders.Set("User-Agent", c.s.userAgent())
4507	if c.ifNoneMatch_ != "" {
4508		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
4509	}
4510	var body io.Reader = nil
4511	c.urlParams_.Set("alt", alt)
4512	c.urlParams_.Set("prettyPrint", "false")
4513	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
4514	urls += "?" + c.urlParams_.Encode()
4515	req, err := http.NewRequest("GET", urls, body)
4516	if err != nil {
4517		return nil, err
4518	}
4519	req.Header = reqHeaders
4520	googleapi.Expand(req.URL, map[string]string{
4521		"name": c.name,
4522	})
4523	return gensupport.SendRequest(c.ctx_, c.s.client, req)
4524}
4525
4526// Do executes the "iam.projects.locations.workloadIdentityPools.get" call.
4527// Exactly one of *WorkloadIdentityPool or error will be non-nil. Any
4528// non-2xx status code is an error. Response headers are in either
4529// *WorkloadIdentityPool.ServerResponse.Header or (if a response was
4530// returned at all) in error.(*googleapi.Error).Header. Use
4531// googleapi.IsNotModified to check whether the returned error was
4532// because http.StatusNotModified was returned.
4533func (c *ProjectsLocationsWorkloadIdentityPoolsGetCall) Do(opts ...googleapi.CallOption) (*WorkloadIdentityPool, error) {
4534	gensupport.SetOptions(c.urlParams_, opts...)
4535	res, err := c.doRequest("json")
4536	if res != nil && res.StatusCode == http.StatusNotModified {
4537		if res.Body != nil {
4538			res.Body.Close()
4539		}
4540		return nil, &googleapi.Error{
4541			Code:   res.StatusCode,
4542			Header: res.Header,
4543		}
4544	}
4545	if err != nil {
4546		return nil, err
4547	}
4548	defer googleapi.CloseBody(res)
4549	if err := googleapi.CheckResponse(res); err != nil {
4550		return nil, err
4551	}
4552	ret := &WorkloadIdentityPool{
4553		ServerResponse: googleapi.ServerResponse{
4554			Header:         res.Header,
4555			HTTPStatusCode: res.StatusCode,
4556		},
4557	}
4558	target := &ret
4559	if err := gensupport.DecodeResponse(target, res); err != nil {
4560		return nil, err
4561	}
4562	return ret, nil
4563	// {
4564	//   "description": "Gets an individual WorkloadIdentityPool.",
4565	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}",
4566	//   "httpMethod": "GET",
4567	//   "id": "iam.projects.locations.workloadIdentityPools.get",
4568	//   "parameterOrder": [
4569	//     "name"
4570	//   ],
4571	//   "parameters": {
4572	//     "name": {
4573	//       "description": "Required. The name of the pool to retrieve.",
4574	//       "location": "path",
4575	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+$",
4576	//       "required": true,
4577	//       "type": "string"
4578	//     }
4579	//   },
4580	//   "path": "v1/{+name}",
4581	//   "response": {
4582	//     "$ref": "WorkloadIdentityPool"
4583	//   },
4584	//   "scopes": [
4585	//     "https://www.googleapis.com/auth/cloud-platform"
4586	//   ]
4587	// }
4588
4589}
4590
4591// method id "iam.projects.locations.workloadIdentityPools.list":
4592
4593type ProjectsLocationsWorkloadIdentityPoolsListCall struct {
4594	s            *Service
4595	parent       string
4596	urlParams_   gensupport.URLParams
4597	ifNoneMatch_ string
4598	ctx_         context.Context
4599	header_      http.Header
4600}
4601
4602// List: Lists all non-deleted WorkloadIdentityPools in a project. If
4603// `show_deleted` is set to `true`, then deleted pools are also listed.
4604//
4605// - parent: The parent resource to list pools for.
4606func (r *ProjectsLocationsWorkloadIdentityPoolsService) List(parent string) *ProjectsLocationsWorkloadIdentityPoolsListCall {
4607	c := &ProjectsLocationsWorkloadIdentityPoolsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4608	c.parent = parent
4609	return c
4610}
4611
4612// PageSize sets the optional parameter "pageSize": The maximum number
4613// of pools to return. If unspecified, at most 50 pools are returned.
4614// The maximum value is 1000; values above are 1000 truncated to 1000.
4615func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) PageSize(pageSize int64) *ProjectsLocationsWorkloadIdentityPoolsListCall {
4616	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
4617	return c
4618}
4619
4620// PageToken sets the optional parameter "pageToken": A page token,
4621// received from a previous `ListWorkloadIdentityPools` call. Provide
4622// this to retrieve the subsequent page.
4623func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) PageToken(pageToken string) *ProjectsLocationsWorkloadIdentityPoolsListCall {
4624	c.urlParams_.Set("pageToken", pageToken)
4625	return c
4626}
4627
4628// ShowDeleted sets the optional parameter "showDeleted": Whether to
4629// return soft-deleted pools.
4630func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) ShowDeleted(showDeleted bool) *ProjectsLocationsWorkloadIdentityPoolsListCall {
4631	c.urlParams_.Set("showDeleted", fmt.Sprint(showDeleted))
4632	return c
4633}
4634
4635// Fields allows partial responses to be retrieved. See
4636// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4637// for more information.
4638func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsListCall {
4639	c.urlParams_.Set("fields", googleapi.CombineFields(s))
4640	return c
4641}
4642
4643// IfNoneMatch sets the optional parameter which makes the operation
4644// fail if the object's ETag matches the given value. This is useful for
4645// getting updates only after the object has changed since the last
4646// request. Use googleapi.IsNotModified to check whether the response
4647// error from Do is the result of In-None-Match.
4648func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsWorkloadIdentityPoolsListCall {
4649	c.ifNoneMatch_ = entityTag
4650	return c
4651}
4652
4653// Context sets the context to be used in this call's Do method. Any
4654// pending HTTP request will be aborted if the provided context is
4655// canceled.
4656func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsListCall {
4657	c.ctx_ = ctx
4658	return c
4659}
4660
4661// Header returns an http.Header that can be modified by the caller to
4662// add HTTP headers to the request.
4663func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) Header() http.Header {
4664	if c.header_ == nil {
4665		c.header_ = make(http.Header)
4666	}
4667	return c.header_
4668}
4669
4670func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) doRequest(alt string) (*http.Response, error) {
4671	reqHeaders := make(http.Header)
4672	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
4673	for k, v := range c.header_ {
4674		reqHeaders[k] = v
4675	}
4676	reqHeaders.Set("User-Agent", c.s.userAgent())
4677	if c.ifNoneMatch_ != "" {
4678		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
4679	}
4680	var body io.Reader = nil
4681	c.urlParams_.Set("alt", alt)
4682	c.urlParams_.Set("prettyPrint", "false")
4683	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/workloadIdentityPools")
4684	urls += "?" + c.urlParams_.Encode()
4685	req, err := http.NewRequest("GET", urls, body)
4686	if err != nil {
4687		return nil, err
4688	}
4689	req.Header = reqHeaders
4690	googleapi.Expand(req.URL, map[string]string{
4691		"parent": c.parent,
4692	})
4693	return gensupport.SendRequest(c.ctx_, c.s.client, req)
4694}
4695
4696// Do executes the "iam.projects.locations.workloadIdentityPools.list" call.
4697// Exactly one of *ListWorkloadIdentityPoolsResponse or error will be
4698// non-nil. Any non-2xx status code is an error. Response headers are in
4699// either *ListWorkloadIdentityPoolsResponse.ServerResponse.Header or
4700// (if a response was returned at all) in
4701// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
4702// whether the returned error was because http.StatusNotModified was
4703// returned.
4704func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) Do(opts ...googleapi.CallOption) (*ListWorkloadIdentityPoolsResponse, error) {
4705	gensupport.SetOptions(c.urlParams_, opts...)
4706	res, err := c.doRequest("json")
4707	if res != nil && res.StatusCode == http.StatusNotModified {
4708		if res.Body != nil {
4709			res.Body.Close()
4710		}
4711		return nil, &googleapi.Error{
4712			Code:   res.StatusCode,
4713			Header: res.Header,
4714		}
4715	}
4716	if err != nil {
4717		return nil, err
4718	}
4719	defer googleapi.CloseBody(res)
4720	if err := googleapi.CheckResponse(res); err != nil {
4721		return nil, err
4722	}
4723	ret := &ListWorkloadIdentityPoolsResponse{
4724		ServerResponse: googleapi.ServerResponse{
4725			Header:         res.Header,
4726			HTTPStatusCode: res.StatusCode,
4727		},
4728	}
4729	target := &ret
4730	if err := gensupport.DecodeResponse(target, res); err != nil {
4731		return nil, err
4732	}
4733	return ret, nil
4734	// {
4735	//   "description": "Lists all non-deleted WorkloadIdentityPools in a project. If `show_deleted` is set to `true`, then deleted pools are also listed.",
4736	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools",
4737	//   "httpMethod": "GET",
4738	//   "id": "iam.projects.locations.workloadIdentityPools.list",
4739	//   "parameterOrder": [
4740	//     "parent"
4741	//   ],
4742	//   "parameters": {
4743	//     "pageSize": {
4744	//       "description": "The maximum number of pools to return. If unspecified, at most 50 pools are returned. The maximum value is 1000; values above are 1000 truncated to 1000.",
4745	//       "format": "int32",
4746	//       "location": "query",
4747	//       "type": "integer"
4748	//     },
4749	//     "pageToken": {
4750	//       "description": "A page token, received from a previous `ListWorkloadIdentityPools` call. Provide this to retrieve the subsequent page.",
4751	//       "location": "query",
4752	//       "type": "string"
4753	//     },
4754	//     "parent": {
4755	//       "description": "Required. The parent resource to list pools for.",
4756	//       "location": "path",
4757	//       "pattern": "^projects/[^/]+/locations/[^/]+$",
4758	//       "required": true,
4759	//       "type": "string"
4760	//     },
4761	//     "showDeleted": {
4762	//       "description": "Whether to return soft-deleted pools.",
4763	//       "location": "query",
4764	//       "type": "boolean"
4765	//     }
4766	//   },
4767	//   "path": "v1/{+parent}/workloadIdentityPools",
4768	//   "response": {
4769	//     "$ref": "ListWorkloadIdentityPoolsResponse"
4770	//   },
4771	//   "scopes": [
4772	//     "https://www.googleapis.com/auth/cloud-platform"
4773	//   ]
4774	// }
4775
4776}
4777
4778// Pages invokes f for each page of results.
4779// A non-nil error returned from f will halt the iteration.
4780// The provided context supersedes any context provided to the Context method.
4781func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) Pages(ctx context.Context, f func(*ListWorkloadIdentityPoolsResponse) error) error {
4782	c.ctx_ = ctx
4783	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
4784	for {
4785		x, err := c.Do()
4786		if err != nil {
4787			return err
4788		}
4789		if err := f(x); err != nil {
4790			return err
4791		}
4792		if x.NextPageToken == "" {
4793			return nil
4794		}
4795		c.PageToken(x.NextPageToken)
4796	}
4797}
4798
4799// method id "iam.projects.locations.workloadIdentityPools.patch":
4800
4801type ProjectsLocationsWorkloadIdentityPoolsPatchCall struct {
4802	s                    *Service
4803	name                 string
4804	workloadidentitypool *WorkloadIdentityPool
4805	urlParams_           gensupport.URLParams
4806	ctx_                 context.Context
4807	header_              http.Header
4808}
4809
4810// Patch: Updates an existing WorkloadIdentityPool.
4811//
4812// - name: Output only. The resource name of the pool.
4813func (r *ProjectsLocationsWorkloadIdentityPoolsService) Patch(name string, workloadidentitypool *WorkloadIdentityPool) *ProjectsLocationsWorkloadIdentityPoolsPatchCall {
4814	c := &ProjectsLocationsWorkloadIdentityPoolsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4815	c.name = name
4816	c.workloadidentitypool = workloadidentitypool
4817	return c
4818}
4819
4820// UpdateMask sets the optional parameter "updateMask": Required. The
4821// list of fields to update.
4822func (c *ProjectsLocationsWorkloadIdentityPoolsPatchCall) UpdateMask(updateMask string) *ProjectsLocationsWorkloadIdentityPoolsPatchCall {
4823	c.urlParams_.Set("updateMask", updateMask)
4824	return c
4825}
4826
4827// Fields allows partial responses to be retrieved. See
4828// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4829// for more information.
4830func (c *ProjectsLocationsWorkloadIdentityPoolsPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsPatchCall {
4831	c.urlParams_.Set("fields", googleapi.CombineFields(s))
4832	return c
4833}
4834
4835// Context sets the context to be used in this call's Do method. Any
4836// pending HTTP request will be aborted if the provided context is
4837// canceled.
4838func (c *ProjectsLocationsWorkloadIdentityPoolsPatchCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsPatchCall {
4839	c.ctx_ = ctx
4840	return c
4841}
4842
4843// Header returns an http.Header that can be modified by the caller to
4844// add HTTP headers to the request.
4845func (c *ProjectsLocationsWorkloadIdentityPoolsPatchCall) Header() http.Header {
4846	if c.header_ == nil {
4847		c.header_ = make(http.Header)
4848	}
4849	return c.header_
4850}
4851
4852func (c *ProjectsLocationsWorkloadIdentityPoolsPatchCall) doRequest(alt string) (*http.Response, error) {
4853	reqHeaders := make(http.Header)
4854	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
4855	for k, v := range c.header_ {
4856		reqHeaders[k] = v
4857	}
4858	reqHeaders.Set("User-Agent", c.s.userAgent())
4859	var body io.Reader = nil
4860	body, err := googleapi.WithoutDataWrapper.JSONReader(c.workloadidentitypool)
4861	if err != nil {
4862		return nil, err
4863	}
4864	reqHeaders.Set("Content-Type", "application/json")
4865	c.urlParams_.Set("alt", alt)
4866	c.urlParams_.Set("prettyPrint", "false")
4867	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
4868	urls += "?" + c.urlParams_.Encode()
4869	req, err := http.NewRequest("PATCH", urls, body)
4870	if err != nil {
4871		return nil, err
4872	}
4873	req.Header = reqHeaders
4874	googleapi.Expand(req.URL, map[string]string{
4875		"name": c.name,
4876	})
4877	return gensupport.SendRequest(c.ctx_, c.s.client, req)
4878}
4879
4880// Do executes the "iam.projects.locations.workloadIdentityPools.patch" call.
4881// Exactly one of *Operation or error will be non-nil. Any non-2xx
4882// status code is an error. Response headers are in either
4883// *Operation.ServerResponse.Header or (if a response was returned at
4884// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
4885// to check whether the returned error was because
4886// http.StatusNotModified was returned.
4887func (c *ProjectsLocationsWorkloadIdentityPoolsPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
4888	gensupport.SetOptions(c.urlParams_, opts...)
4889	res, err := c.doRequest("json")
4890	if res != nil && res.StatusCode == http.StatusNotModified {
4891		if res.Body != nil {
4892			res.Body.Close()
4893		}
4894		return nil, &googleapi.Error{
4895			Code:   res.StatusCode,
4896			Header: res.Header,
4897		}
4898	}
4899	if err != nil {
4900		return nil, err
4901	}
4902	defer googleapi.CloseBody(res)
4903	if err := googleapi.CheckResponse(res); err != nil {
4904		return nil, err
4905	}
4906	ret := &Operation{
4907		ServerResponse: googleapi.ServerResponse{
4908			Header:         res.Header,
4909			HTTPStatusCode: res.StatusCode,
4910		},
4911	}
4912	target := &ret
4913	if err := gensupport.DecodeResponse(target, res); err != nil {
4914		return nil, err
4915	}
4916	return ret, nil
4917	// {
4918	//   "description": "Updates an existing WorkloadIdentityPool.",
4919	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}",
4920	//   "httpMethod": "PATCH",
4921	//   "id": "iam.projects.locations.workloadIdentityPools.patch",
4922	//   "parameterOrder": [
4923	//     "name"
4924	//   ],
4925	//   "parameters": {
4926	//     "name": {
4927	//       "description": "Output only. The resource name of the pool.",
4928	//       "location": "path",
4929	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+$",
4930	//       "required": true,
4931	//       "type": "string"
4932	//     },
4933	//     "updateMask": {
4934	//       "description": "Required. The list of fields to update.",
4935	//       "format": "google-fieldmask",
4936	//       "location": "query",
4937	//       "type": "string"
4938	//     }
4939	//   },
4940	//   "path": "v1/{+name}",
4941	//   "request": {
4942	//     "$ref": "WorkloadIdentityPool"
4943	//   },
4944	//   "response": {
4945	//     "$ref": "Operation"
4946	//   },
4947	//   "scopes": [
4948	//     "https://www.googleapis.com/auth/cloud-platform"
4949	//   ]
4950	// }
4951
4952}
4953
4954// method id "iam.projects.locations.workloadIdentityPools.undelete":
4955
4956type ProjectsLocationsWorkloadIdentityPoolsUndeleteCall struct {
4957	s                                   *Service
4958	name                                string
4959	undeleteworkloadidentitypoolrequest *UndeleteWorkloadIdentityPoolRequest
4960	urlParams_                          gensupport.URLParams
4961	ctx_                                context.Context
4962	header_                             http.Header
4963}
4964
4965// Undelete: Undeletes a WorkloadIdentityPool, as long as it was deleted
4966// fewer than 30 days ago.
4967//
4968// - name: The name of the pool to undelete.
4969func (r *ProjectsLocationsWorkloadIdentityPoolsService) Undelete(name string, undeleteworkloadidentitypoolrequest *UndeleteWorkloadIdentityPoolRequest) *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall {
4970	c := &ProjectsLocationsWorkloadIdentityPoolsUndeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4971	c.name = name
4972	c.undeleteworkloadidentitypoolrequest = undeleteworkloadidentitypoolrequest
4973	return c
4974}
4975
4976// Fields allows partial responses to be retrieved. See
4977// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4978// for more information.
4979func (c *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall {
4980	c.urlParams_.Set("fields", googleapi.CombineFields(s))
4981	return c
4982}
4983
4984// Context sets the context to be used in this call's Do method. Any
4985// pending HTTP request will be aborted if the provided context is
4986// canceled.
4987func (c *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall {
4988	c.ctx_ = ctx
4989	return c
4990}
4991
4992// Header returns an http.Header that can be modified by the caller to
4993// add HTTP headers to the request.
4994func (c *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall) Header() http.Header {
4995	if c.header_ == nil {
4996		c.header_ = make(http.Header)
4997	}
4998	return c.header_
4999}
5000
5001func (c *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall) doRequest(alt string) (*http.Response, error) {
5002	reqHeaders := make(http.Header)
5003	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
5004	for k, v := range c.header_ {
5005		reqHeaders[k] = v
5006	}
5007	reqHeaders.Set("User-Agent", c.s.userAgent())
5008	var body io.Reader = nil
5009	body, err := googleapi.WithoutDataWrapper.JSONReader(c.undeleteworkloadidentitypoolrequest)
5010	if err != nil {
5011		return nil, err
5012	}
5013	reqHeaders.Set("Content-Type", "application/json")
5014	c.urlParams_.Set("alt", alt)
5015	c.urlParams_.Set("prettyPrint", "false")
5016	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:undelete")
5017	urls += "?" + c.urlParams_.Encode()
5018	req, err := http.NewRequest("POST", urls, body)
5019	if err != nil {
5020		return nil, err
5021	}
5022	req.Header = reqHeaders
5023	googleapi.Expand(req.URL, map[string]string{
5024		"name": c.name,
5025	})
5026	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5027}
5028
5029// Do executes the "iam.projects.locations.workloadIdentityPools.undelete" call.
5030// Exactly one of *Operation or error will be non-nil. Any non-2xx
5031// status code is an error. Response headers are in either
5032// *Operation.ServerResponse.Header or (if a response was returned at
5033// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
5034// to check whether the returned error was because
5035// http.StatusNotModified was returned.
5036func (c *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
5037	gensupport.SetOptions(c.urlParams_, opts...)
5038	res, err := c.doRequest("json")
5039	if res != nil && res.StatusCode == http.StatusNotModified {
5040		if res.Body != nil {
5041			res.Body.Close()
5042		}
5043		return nil, &googleapi.Error{
5044			Code:   res.StatusCode,
5045			Header: res.Header,
5046		}
5047	}
5048	if err != nil {
5049		return nil, err
5050	}
5051	defer googleapi.CloseBody(res)
5052	if err := googleapi.CheckResponse(res); err != nil {
5053		return nil, err
5054	}
5055	ret := &Operation{
5056		ServerResponse: googleapi.ServerResponse{
5057			Header:         res.Header,
5058			HTTPStatusCode: res.StatusCode,
5059		},
5060	}
5061	target := &ret
5062	if err := gensupport.DecodeResponse(target, res); err != nil {
5063		return nil, err
5064	}
5065	return ret, nil
5066	// {
5067	//   "description": "Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days ago.",
5068	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}:undelete",
5069	//   "httpMethod": "POST",
5070	//   "id": "iam.projects.locations.workloadIdentityPools.undelete",
5071	//   "parameterOrder": [
5072	//     "name"
5073	//   ],
5074	//   "parameters": {
5075	//     "name": {
5076	//       "description": "Required. The name of the pool to undelete.",
5077	//       "location": "path",
5078	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+$",
5079	//       "required": true,
5080	//       "type": "string"
5081	//     }
5082	//   },
5083	//   "path": "v1/{+name}:undelete",
5084	//   "request": {
5085	//     "$ref": "UndeleteWorkloadIdentityPoolRequest"
5086	//   },
5087	//   "response": {
5088	//     "$ref": "Operation"
5089	//   },
5090	//   "scopes": [
5091	//     "https://www.googleapis.com/auth/cloud-platform"
5092	//   ]
5093	// }
5094
5095}
5096
5097// method id "iam.projects.locations.workloadIdentityPools.operations.get":
5098
5099type ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall struct {
5100	s            *Service
5101	name         string
5102	urlParams_   gensupport.URLParams
5103	ifNoneMatch_ string
5104	ctx_         context.Context
5105	header_      http.Header
5106}
5107
5108// Get: Gets the latest state of a long-running operation. Clients can
5109// use this method to poll the operation result at intervals as
5110// recommended by the API service.
5111//
5112// - name: The name of the operation resource.
5113func (r *ProjectsLocationsWorkloadIdentityPoolsOperationsService) Get(name string) *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall {
5114	c := &ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
5115	c.name = name
5116	return c
5117}
5118
5119// Fields allows partial responses to be retrieved. See
5120// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
5121// for more information.
5122func (c *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall {
5123	c.urlParams_.Set("fields", googleapi.CombineFields(s))
5124	return c
5125}
5126
5127// IfNoneMatch sets the optional parameter which makes the operation
5128// fail if the object's ETag matches the given value. This is useful for
5129// getting updates only after the object has changed since the last
5130// request. Use googleapi.IsNotModified to check whether the response
5131// error from Do is the result of In-None-Match.
5132func (c *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall {
5133	c.ifNoneMatch_ = entityTag
5134	return c
5135}
5136
5137// Context sets the context to be used in this call's Do method. Any
5138// pending HTTP request will be aborted if the provided context is
5139// canceled.
5140func (c *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall {
5141	c.ctx_ = ctx
5142	return c
5143}
5144
5145// Header returns an http.Header that can be modified by the caller to
5146// add HTTP headers to the request.
5147func (c *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall) Header() http.Header {
5148	if c.header_ == nil {
5149		c.header_ = make(http.Header)
5150	}
5151	return c.header_
5152}
5153
5154func (c *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall) doRequest(alt string) (*http.Response, error) {
5155	reqHeaders := make(http.Header)
5156	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
5157	for k, v := range c.header_ {
5158		reqHeaders[k] = v
5159	}
5160	reqHeaders.Set("User-Agent", c.s.userAgent())
5161	if c.ifNoneMatch_ != "" {
5162		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
5163	}
5164	var body io.Reader = nil
5165	c.urlParams_.Set("alt", alt)
5166	c.urlParams_.Set("prettyPrint", "false")
5167	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
5168	urls += "?" + c.urlParams_.Encode()
5169	req, err := http.NewRequest("GET", urls, body)
5170	if err != nil {
5171		return nil, err
5172	}
5173	req.Header = reqHeaders
5174	googleapi.Expand(req.URL, map[string]string{
5175		"name": c.name,
5176	})
5177	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5178}
5179
5180// Do executes the "iam.projects.locations.workloadIdentityPools.operations.get" call.
5181// Exactly one of *Operation or error will be non-nil. Any non-2xx
5182// status code is an error. Response headers are in either
5183// *Operation.ServerResponse.Header or (if a response was returned at
5184// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
5185// to check whether the returned error was because
5186// http.StatusNotModified was returned.
5187func (c *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
5188	gensupport.SetOptions(c.urlParams_, opts...)
5189	res, err := c.doRequest("json")
5190	if res != nil && res.StatusCode == http.StatusNotModified {
5191		if res.Body != nil {
5192			res.Body.Close()
5193		}
5194		return nil, &googleapi.Error{
5195			Code:   res.StatusCode,
5196			Header: res.Header,
5197		}
5198	}
5199	if err != nil {
5200		return nil, err
5201	}
5202	defer googleapi.CloseBody(res)
5203	if err := googleapi.CheckResponse(res); err != nil {
5204		return nil, err
5205	}
5206	ret := &Operation{
5207		ServerResponse: googleapi.ServerResponse{
5208			Header:         res.Header,
5209			HTTPStatusCode: res.StatusCode,
5210		},
5211	}
5212	target := &ret
5213	if err := gensupport.DecodeResponse(target, res); err != nil {
5214		return nil, err
5215	}
5216	return ret, nil
5217	// {
5218	//   "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.",
5219	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/operations/{operationsId}",
5220	//   "httpMethod": "GET",
5221	//   "id": "iam.projects.locations.workloadIdentityPools.operations.get",
5222	//   "parameterOrder": [
5223	//     "name"
5224	//   ],
5225	//   "parameters": {
5226	//     "name": {
5227	//       "description": "The name of the operation resource.",
5228	//       "location": "path",
5229	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+/operations/[^/]+$",
5230	//       "required": true,
5231	//       "type": "string"
5232	//     }
5233	//   },
5234	//   "path": "v1/{+name}",
5235	//   "response": {
5236	//     "$ref": "Operation"
5237	//   },
5238	//   "scopes": [
5239	//     "https://www.googleapis.com/auth/cloud-platform"
5240	//   ]
5241	// }
5242
5243}
5244
5245// method id "iam.projects.locations.workloadIdentityPools.providers.create":
5246
5247type ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall struct {
5248	s                            *Service
5249	parent                       string
5250	workloadidentitypoolprovider *WorkloadIdentityPoolProvider
5251	urlParams_                   gensupport.URLParams
5252	ctx_                         context.Context
5253	header_                      http.Header
5254}
5255
5256// Create: Creates a new WorkloadIdentityPoolProvider in a
5257// WorkloadIdentityPool. You cannot reuse the name of a deleted provider
5258// until 30 days after deletion.
5259//
5260// - parent: The pool to create this provider in.
5261func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersService) Create(parent string, workloadidentitypoolprovider *WorkloadIdentityPoolProvider) *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall {
5262	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
5263	c.parent = parent
5264	c.workloadidentitypoolprovider = workloadidentitypoolprovider
5265	return c
5266}
5267
5268// WorkloadIdentityPoolProviderId sets the optional parameter
5269// "workloadIdentityPoolProviderId": Required. The ID for the provider,
5270// which becomes the final component of the resource name. This value
5271// must be 4-32 characters, and may contain the characters [a-z0-9-].
5272// The prefix `gcp-` is reserved for use by Google, and may not be
5273// specified.
5274func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall) WorkloadIdentityPoolProviderId(workloadIdentityPoolProviderId string) *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall {
5275	c.urlParams_.Set("workloadIdentityPoolProviderId", workloadIdentityPoolProviderId)
5276	return c
5277}
5278
5279// Fields allows partial responses to be retrieved. See
5280// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
5281// for more information.
5282func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall {
5283	c.urlParams_.Set("fields", googleapi.CombineFields(s))
5284	return c
5285}
5286
5287// Context sets the context to be used in this call's Do method. Any
5288// pending HTTP request will be aborted if the provided context is
5289// canceled.
5290func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall {
5291	c.ctx_ = ctx
5292	return c
5293}
5294
5295// Header returns an http.Header that can be modified by the caller to
5296// add HTTP headers to the request.
5297func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall) Header() http.Header {
5298	if c.header_ == nil {
5299		c.header_ = make(http.Header)
5300	}
5301	return c.header_
5302}
5303
5304func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall) doRequest(alt string) (*http.Response, error) {
5305	reqHeaders := make(http.Header)
5306	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
5307	for k, v := range c.header_ {
5308		reqHeaders[k] = v
5309	}
5310	reqHeaders.Set("User-Agent", c.s.userAgent())
5311	var body io.Reader = nil
5312	body, err := googleapi.WithoutDataWrapper.JSONReader(c.workloadidentitypoolprovider)
5313	if err != nil {
5314		return nil, err
5315	}
5316	reqHeaders.Set("Content-Type", "application/json")
5317	c.urlParams_.Set("alt", alt)
5318	c.urlParams_.Set("prettyPrint", "false")
5319	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/providers")
5320	urls += "?" + c.urlParams_.Encode()
5321	req, err := http.NewRequest("POST", urls, body)
5322	if err != nil {
5323		return nil, err
5324	}
5325	req.Header = reqHeaders
5326	googleapi.Expand(req.URL, map[string]string{
5327		"parent": c.parent,
5328	})
5329	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5330}
5331
5332// Do executes the "iam.projects.locations.workloadIdentityPools.providers.create" call.
5333// Exactly one of *Operation or error will be non-nil. Any non-2xx
5334// status code is an error. Response headers are in either
5335// *Operation.ServerResponse.Header or (if a response was returned at
5336// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
5337// to check whether the returned error was because
5338// http.StatusNotModified was returned.
5339func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
5340	gensupport.SetOptions(c.urlParams_, opts...)
5341	res, err := c.doRequest("json")
5342	if res != nil && res.StatusCode == http.StatusNotModified {
5343		if res.Body != nil {
5344			res.Body.Close()
5345		}
5346		return nil, &googleapi.Error{
5347			Code:   res.StatusCode,
5348			Header: res.Header,
5349		}
5350	}
5351	if err != nil {
5352		return nil, err
5353	}
5354	defer googleapi.CloseBody(res)
5355	if err := googleapi.CheckResponse(res); err != nil {
5356		return nil, err
5357	}
5358	ret := &Operation{
5359		ServerResponse: googleapi.ServerResponse{
5360			Header:         res.Header,
5361			HTTPStatusCode: res.StatusCode,
5362		},
5363	}
5364	target := &ret
5365	if err := gensupport.DecodeResponse(target, res); err != nil {
5366		return nil, err
5367	}
5368	return ret, nil
5369	// {
5370	//   "description": "Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool. You cannot reuse the name of a deleted provider until 30 days after deletion.",
5371	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers",
5372	//   "httpMethod": "POST",
5373	//   "id": "iam.projects.locations.workloadIdentityPools.providers.create",
5374	//   "parameterOrder": [
5375	//     "parent"
5376	//   ],
5377	//   "parameters": {
5378	//     "parent": {
5379	//       "description": "Required. The pool to create this provider in.",
5380	//       "location": "path",
5381	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+$",
5382	//       "required": true,
5383	//       "type": "string"
5384	//     },
5385	//     "workloadIdentityPoolProviderId": {
5386	//       "description": "Required. The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.",
5387	//       "location": "query",
5388	//       "type": "string"
5389	//     }
5390	//   },
5391	//   "path": "v1/{+parent}/providers",
5392	//   "request": {
5393	//     "$ref": "WorkloadIdentityPoolProvider"
5394	//   },
5395	//   "response": {
5396	//     "$ref": "Operation"
5397	//   },
5398	//   "scopes": [
5399	//     "https://www.googleapis.com/auth/cloud-platform"
5400	//   ]
5401	// }
5402
5403}
5404
5405// method id "iam.projects.locations.workloadIdentityPools.providers.delete":
5406
5407type ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall struct {
5408	s          *Service
5409	name       string
5410	urlParams_ gensupport.URLParams
5411	ctx_       context.Context
5412	header_    http.Header
5413}
5414
5415// Delete: Deletes a WorkloadIdentityPoolProvider. Deleting a provider
5416// does not revoke credentials that have already been issued; they
5417// continue to grant access. You can undelete a provider for 30 days.
5418// After 30 days, deletion is permanent. You cannot update deleted
5419// providers. However, you can view and list them.
5420//
5421// - name: The name of the provider to delete.
5422func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersService) Delete(name string) *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall {
5423	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
5424	c.name = name
5425	return c
5426}
5427
5428// Fields allows partial responses to be retrieved. See
5429// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
5430// for more information.
5431func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall {
5432	c.urlParams_.Set("fields", googleapi.CombineFields(s))
5433	return c
5434}
5435
5436// Context sets the context to be used in this call's Do method. Any
5437// pending HTTP request will be aborted if the provided context is
5438// canceled.
5439func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall {
5440	c.ctx_ = ctx
5441	return c
5442}
5443
5444// Header returns an http.Header that can be modified by the caller to
5445// add HTTP headers to the request.
5446func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall) Header() http.Header {
5447	if c.header_ == nil {
5448		c.header_ = make(http.Header)
5449	}
5450	return c.header_
5451}
5452
5453func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall) doRequest(alt string) (*http.Response, error) {
5454	reqHeaders := make(http.Header)
5455	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
5456	for k, v := range c.header_ {
5457		reqHeaders[k] = v
5458	}
5459	reqHeaders.Set("User-Agent", c.s.userAgent())
5460	var body io.Reader = nil
5461	c.urlParams_.Set("alt", alt)
5462	c.urlParams_.Set("prettyPrint", "false")
5463	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
5464	urls += "?" + c.urlParams_.Encode()
5465	req, err := http.NewRequest("DELETE", urls, body)
5466	if err != nil {
5467		return nil, err
5468	}
5469	req.Header = reqHeaders
5470	googleapi.Expand(req.URL, map[string]string{
5471		"name": c.name,
5472	})
5473	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5474}
5475
5476// Do executes the "iam.projects.locations.workloadIdentityPools.providers.delete" call.
5477// Exactly one of *Operation or error will be non-nil. Any non-2xx
5478// status code is an error. Response headers are in either
5479// *Operation.ServerResponse.Header or (if a response was returned at
5480// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
5481// to check whether the returned error was because
5482// http.StatusNotModified was returned.
5483func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
5484	gensupport.SetOptions(c.urlParams_, opts...)
5485	res, err := c.doRequest("json")
5486	if res != nil && res.StatusCode == http.StatusNotModified {
5487		if res.Body != nil {
5488			res.Body.Close()
5489		}
5490		return nil, &googleapi.Error{
5491			Code:   res.StatusCode,
5492			Header: res.Header,
5493		}
5494	}
5495	if err != nil {
5496		return nil, err
5497	}
5498	defer googleapi.CloseBody(res)
5499	if err := googleapi.CheckResponse(res); err != nil {
5500		return nil, err
5501	}
5502	ret := &Operation{
5503		ServerResponse: googleapi.ServerResponse{
5504			Header:         res.Header,
5505			HTTPStatusCode: res.StatusCode,
5506		},
5507	}
5508	target := &ret
5509	if err := gensupport.DecodeResponse(target, res); err != nil {
5510		return nil, err
5511	}
5512	return ret, nil
5513	// {
5514	//   "description": "Deletes a WorkloadIdentityPoolProvider. Deleting a provider does not revoke credentials that have already been issued; they continue to grant access. You can undelete a provider for 30 days. After 30 days, deletion is permanent. You cannot update deleted providers. However, you can view and list them.",
5515	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers/{providersId}",
5516	//   "httpMethod": "DELETE",
5517	//   "id": "iam.projects.locations.workloadIdentityPools.providers.delete",
5518	//   "parameterOrder": [
5519	//     "name"
5520	//   ],
5521	//   "parameters": {
5522	//     "name": {
5523	//       "description": "Required. The name of the provider to delete.",
5524	//       "location": "path",
5525	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+/providers/[^/]+$",
5526	//       "required": true,
5527	//       "type": "string"
5528	//     }
5529	//   },
5530	//   "path": "v1/{+name}",
5531	//   "response": {
5532	//     "$ref": "Operation"
5533	//   },
5534	//   "scopes": [
5535	//     "https://www.googleapis.com/auth/cloud-platform"
5536	//   ]
5537	// }
5538
5539}
5540
5541// method id "iam.projects.locations.workloadIdentityPools.providers.get":
5542
5543type ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall struct {
5544	s            *Service
5545	name         string
5546	urlParams_   gensupport.URLParams
5547	ifNoneMatch_ string
5548	ctx_         context.Context
5549	header_      http.Header
5550}
5551
5552// Get: Gets an individual WorkloadIdentityPoolProvider.
5553//
5554// - name: The name of the provider to retrieve.
5555func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersService) Get(name string) *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall {
5556	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
5557	c.name = name
5558	return c
5559}
5560
5561// Fields allows partial responses to be retrieved. See
5562// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
5563// for more information.
5564func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall {
5565	c.urlParams_.Set("fields", googleapi.CombineFields(s))
5566	return c
5567}
5568
5569// IfNoneMatch sets the optional parameter which makes the operation
5570// fail if the object's ETag matches the given value. This is useful for
5571// getting updates only after the object has changed since the last
5572// request. Use googleapi.IsNotModified to check whether the response
5573// error from Do is the result of In-None-Match.
5574func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall {
5575	c.ifNoneMatch_ = entityTag
5576	return c
5577}
5578
5579// Context sets the context to be used in this call's Do method. Any
5580// pending HTTP request will be aborted if the provided context is
5581// canceled.
5582func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall {
5583	c.ctx_ = ctx
5584	return c
5585}
5586
5587// Header returns an http.Header that can be modified by the caller to
5588// add HTTP headers to the request.
5589func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall) Header() http.Header {
5590	if c.header_ == nil {
5591		c.header_ = make(http.Header)
5592	}
5593	return c.header_
5594}
5595
5596func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall) doRequest(alt string) (*http.Response, error) {
5597	reqHeaders := make(http.Header)
5598	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
5599	for k, v := range c.header_ {
5600		reqHeaders[k] = v
5601	}
5602	reqHeaders.Set("User-Agent", c.s.userAgent())
5603	if c.ifNoneMatch_ != "" {
5604		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
5605	}
5606	var body io.Reader = nil
5607	c.urlParams_.Set("alt", alt)
5608	c.urlParams_.Set("prettyPrint", "false")
5609	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
5610	urls += "?" + c.urlParams_.Encode()
5611	req, err := http.NewRequest("GET", urls, body)
5612	if err != nil {
5613		return nil, err
5614	}
5615	req.Header = reqHeaders
5616	googleapi.Expand(req.URL, map[string]string{
5617		"name": c.name,
5618	})
5619	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5620}
5621
5622// Do executes the "iam.projects.locations.workloadIdentityPools.providers.get" call.
5623// Exactly one of *WorkloadIdentityPoolProvider or error will be
5624// non-nil. Any non-2xx status code is an error. Response headers are in
5625// either *WorkloadIdentityPoolProvider.ServerResponse.Header or (if a
5626// response was returned at all) in error.(*googleapi.Error).Header. Use
5627// googleapi.IsNotModified to check whether the returned error was
5628// because http.StatusNotModified was returned.
5629func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall) Do(opts ...googleapi.CallOption) (*WorkloadIdentityPoolProvider, error) {
5630	gensupport.SetOptions(c.urlParams_, opts...)
5631	res, err := c.doRequest("json")
5632	if res != nil && res.StatusCode == http.StatusNotModified {
5633		if res.Body != nil {
5634			res.Body.Close()
5635		}
5636		return nil, &googleapi.Error{
5637			Code:   res.StatusCode,
5638			Header: res.Header,
5639		}
5640	}
5641	if err != nil {
5642		return nil, err
5643	}
5644	defer googleapi.CloseBody(res)
5645	if err := googleapi.CheckResponse(res); err != nil {
5646		return nil, err
5647	}
5648	ret := &WorkloadIdentityPoolProvider{
5649		ServerResponse: googleapi.ServerResponse{
5650			Header:         res.Header,
5651			HTTPStatusCode: res.StatusCode,
5652		},
5653	}
5654	target := &ret
5655	if err := gensupport.DecodeResponse(target, res); err != nil {
5656		return nil, err
5657	}
5658	return ret, nil
5659	// {
5660	//   "description": "Gets an individual WorkloadIdentityPoolProvider.",
5661	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers/{providersId}",
5662	//   "httpMethod": "GET",
5663	//   "id": "iam.projects.locations.workloadIdentityPools.providers.get",
5664	//   "parameterOrder": [
5665	//     "name"
5666	//   ],
5667	//   "parameters": {
5668	//     "name": {
5669	//       "description": "Required. The name of the provider to retrieve.",
5670	//       "location": "path",
5671	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+/providers/[^/]+$",
5672	//       "required": true,
5673	//       "type": "string"
5674	//     }
5675	//   },
5676	//   "path": "v1/{+name}",
5677	//   "response": {
5678	//     "$ref": "WorkloadIdentityPoolProvider"
5679	//   },
5680	//   "scopes": [
5681	//     "https://www.googleapis.com/auth/cloud-platform"
5682	//   ]
5683	// }
5684
5685}
5686
5687// method id "iam.projects.locations.workloadIdentityPools.providers.list":
5688
5689type ProjectsLocationsWorkloadIdentityPoolsProvidersListCall struct {
5690	s            *Service
5691	parent       string
5692	urlParams_   gensupport.URLParams
5693	ifNoneMatch_ string
5694	ctx_         context.Context
5695	header_      http.Header
5696}
5697
5698// List: Lists all non-deleted WorkloadIdentityPoolProviders in a
5699// WorkloadIdentityPool. If `show_deleted` is set to `true`, then
5700// deleted providers are also listed.
5701//
5702// - parent: The pool to list providers for.
5703func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersService) List(parent string) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
5704	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
5705	c.parent = parent
5706	return c
5707}
5708
5709// PageSize sets the optional parameter "pageSize": The maximum number
5710// of providers to return. If unspecified, at most 50 providers are
5711// returned. The maximum value is 100; values above 100 are truncated to
5712// 100.
5713func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) PageSize(pageSize int64) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
5714	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
5715	return c
5716}
5717
5718// PageToken sets the optional parameter "pageToken": A page token,
5719// received from a previous `ListWorkloadIdentityPoolProviders` call.
5720// Provide this to retrieve the subsequent page.
5721func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) PageToken(pageToken string) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
5722	c.urlParams_.Set("pageToken", pageToken)
5723	return c
5724}
5725
5726// ShowDeleted sets the optional parameter "showDeleted": Whether to
5727// return soft-deleted providers.
5728func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) ShowDeleted(showDeleted bool) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
5729	c.urlParams_.Set("showDeleted", fmt.Sprint(showDeleted))
5730	return c
5731}
5732
5733// Fields allows partial responses to be retrieved. See
5734// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
5735// for more information.
5736func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
5737	c.urlParams_.Set("fields", googleapi.CombineFields(s))
5738	return c
5739}
5740
5741// IfNoneMatch sets the optional parameter which makes the operation
5742// fail if the object's ETag matches the given value. This is useful for
5743// getting updates only after the object has changed since the last
5744// request. Use googleapi.IsNotModified to check whether the response
5745// error from Do is the result of In-None-Match.
5746func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) IfNoneMatch(entityTag string) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
5747	c.ifNoneMatch_ = entityTag
5748	return c
5749}
5750
5751// Context sets the context to be used in this call's Do method. Any
5752// pending HTTP request will be aborted if the provided context is
5753// canceled.
5754func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
5755	c.ctx_ = ctx
5756	return c
5757}
5758
5759// Header returns an http.Header that can be modified by the caller to
5760// add HTTP headers to the request.
5761func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) Header() http.Header {
5762	if c.header_ == nil {
5763		c.header_ = make(http.Header)
5764	}
5765	return c.header_
5766}
5767
5768func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) doRequest(alt string) (*http.Response, error) {
5769	reqHeaders := make(http.Header)
5770	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
5771	for k, v := range c.header_ {
5772		reqHeaders[k] = v
5773	}
5774	reqHeaders.Set("User-Agent", c.s.userAgent())
5775	if c.ifNoneMatch_ != "" {
5776		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
5777	}
5778	var body io.Reader = nil
5779	c.urlParams_.Set("alt", alt)
5780	c.urlParams_.Set("prettyPrint", "false")
5781	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/providers")
5782	urls += "?" + c.urlParams_.Encode()
5783	req, err := http.NewRequest("GET", urls, body)
5784	if err != nil {
5785		return nil, err
5786	}
5787	req.Header = reqHeaders
5788	googleapi.Expand(req.URL, map[string]string{
5789		"parent": c.parent,
5790	})
5791	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5792}
5793
5794// Do executes the "iam.projects.locations.workloadIdentityPools.providers.list" call.
5795// Exactly one of *ListWorkloadIdentityPoolProvidersResponse or error
5796// will be non-nil. Any non-2xx status code is an error. Response
5797// headers are in either
5798// *ListWorkloadIdentityPoolProvidersResponse.ServerResponse.Header or
5799// (if a response was returned at all) in
5800// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
5801// whether the returned error was because http.StatusNotModified was
5802// returned.
5803func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) Do(opts ...googleapi.CallOption) (*ListWorkloadIdentityPoolProvidersResponse, error) {
5804	gensupport.SetOptions(c.urlParams_, opts...)
5805	res, err := c.doRequest("json")
5806	if res != nil && res.StatusCode == http.StatusNotModified {
5807		if res.Body != nil {
5808			res.Body.Close()
5809		}
5810		return nil, &googleapi.Error{
5811			Code:   res.StatusCode,
5812			Header: res.Header,
5813		}
5814	}
5815	if err != nil {
5816		return nil, err
5817	}
5818	defer googleapi.CloseBody(res)
5819	if err := googleapi.CheckResponse(res); err != nil {
5820		return nil, err
5821	}
5822	ret := &ListWorkloadIdentityPoolProvidersResponse{
5823		ServerResponse: googleapi.ServerResponse{
5824			Header:         res.Header,
5825			HTTPStatusCode: res.StatusCode,
5826		},
5827	}
5828	target := &ret
5829	if err := gensupport.DecodeResponse(target, res); err != nil {
5830		return nil, err
5831	}
5832	return ret, nil
5833	// {
5834	//   "description": "Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool. If `show_deleted` is set to `true`, then deleted providers are also listed.",
5835	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers",
5836	//   "httpMethod": "GET",
5837	//   "id": "iam.projects.locations.workloadIdentityPools.providers.list",
5838	//   "parameterOrder": [
5839	//     "parent"
5840	//   ],
5841	//   "parameters": {
5842	//     "pageSize": {
5843	//       "description": "The maximum number of providers to return. If unspecified, at most 50 providers are returned. The maximum value is 100; values above 100 are truncated to 100.",
5844	//       "format": "int32",
5845	//       "location": "query",
5846	//       "type": "integer"
5847	//     },
5848	//     "pageToken": {
5849	//       "description": "A page token, received from a previous `ListWorkloadIdentityPoolProviders` call. Provide this to retrieve the subsequent page.",
5850	//       "location": "query",
5851	//       "type": "string"
5852	//     },
5853	//     "parent": {
5854	//       "description": "Required. The pool to list providers for.",
5855	//       "location": "path",
5856	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+$",
5857	//       "required": true,
5858	//       "type": "string"
5859	//     },
5860	//     "showDeleted": {
5861	//       "description": "Whether to return soft-deleted providers.",
5862	//       "location": "query",
5863	//       "type": "boolean"
5864	//     }
5865	//   },
5866	//   "path": "v1/{+parent}/providers",
5867	//   "response": {
5868	//     "$ref": "ListWorkloadIdentityPoolProvidersResponse"
5869	//   },
5870	//   "scopes": [
5871	//     "https://www.googleapis.com/auth/cloud-platform"
5872	//   ]
5873	// }
5874
5875}
5876
5877// Pages invokes f for each page of results.
5878// A non-nil error returned from f will halt the iteration.
5879// The provided context supersedes any context provided to the Context method.
5880func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) Pages(ctx context.Context, f func(*ListWorkloadIdentityPoolProvidersResponse) error) error {
5881	c.ctx_ = ctx
5882	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
5883	for {
5884		x, err := c.Do()
5885		if err != nil {
5886			return err
5887		}
5888		if err := f(x); err != nil {
5889			return err
5890		}
5891		if x.NextPageToken == "" {
5892			return nil
5893		}
5894		c.PageToken(x.NextPageToken)
5895	}
5896}
5897
5898// method id "iam.projects.locations.workloadIdentityPools.providers.patch":
5899
5900type ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall struct {
5901	s                            *Service
5902	name                         string
5903	workloadidentitypoolprovider *WorkloadIdentityPoolProvider
5904	urlParams_                   gensupport.URLParams
5905	ctx_                         context.Context
5906	header_                      http.Header
5907}
5908
5909// Patch: Updates an existing WorkloadIdentityPoolProvider.
5910//
5911// - name: Output only. The resource name of the provider.
5912func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersService) Patch(name string, workloadidentitypoolprovider *WorkloadIdentityPoolProvider) *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall {
5913	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
5914	c.name = name
5915	c.workloadidentitypoolprovider = workloadidentitypoolprovider
5916	return c
5917}
5918
5919// UpdateMask sets the optional parameter "updateMask": Required. The
5920// list of fields to update.
5921func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall) UpdateMask(updateMask string) *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall {
5922	c.urlParams_.Set("updateMask", updateMask)
5923	return c
5924}
5925
5926// Fields allows partial responses to be retrieved. See
5927// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
5928// for more information.
5929func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall {
5930	c.urlParams_.Set("fields", googleapi.CombineFields(s))
5931	return c
5932}
5933
5934// Context sets the context to be used in this call's Do method. Any
5935// pending HTTP request will be aborted if the provided context is
5936// canceled.
5937func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall {
5938	c.ctx_ = ctx
5939	return c
5940}
5941
5942// Header returns an http.Header that can be modified by the caller to
5943// add HTTP headers to the request.
5944func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall) Header() http.Header {
5945	if c.header_ == nil {
5946		c.header_ = make(http.Header)
5947	}
5948	return c.header_
5949}
5950
5951func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall) doRequest(alt string) (*http.Response, error) {
5952	reqHeaders := make(http.Header)
5953	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
5954	for k, v := range c.header_ {
5955		reqHeaders[k] = v
5956	}
5957	reqHeaders.Set("User-Agent", c.s.userAgent())
5958	var body io.Reader = nil
5959	body, err := googleapi.WithoutDataWrapper.JSONReader(c.workloadidentitypoolprovider)
5960	if err != nil {
5961		return nil, err
5962	}
5963	reqHeaders.Set("Content-Type", "application/json")
5964	c.urlParams_.Set("alt", alt)
5965	c.urlParams_.Set("prettyPrint", "false")
5966	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
5967	urls += "?" + c.urlParams_.Encode()
5968	req, err := http.NewRequest("PATCH", urls, body)
5969	if err != nil {
5970		return nil, err
5971	}
5972	req.Header = reqHeaders
5973	googleapi.Expand(req.URL, map[string]string{
5974		"name": c.name,
5975	})
5976	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5977}
5978
5979// Do executes the "iam.projects.locations.workloadIdentityPools.providers.patch" call.
5980// Exactly one of *Operation or error will be non-nil. Any non-2xx
5981// status code is an error. Response headers are in either
5982// *Operation.ServerResponse.Header or (if a response was returned at
5983// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
5984// to check whether the returned error was because
5985// http.StatusNotModified was returned.
5986func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
5987	gensupport.SetOptions(c.urlParams_, opts...)
5988	res, err := c.doRequest("json")
5989	if res != nil && res.StatusCode == http.StatusNotModified {
5990		if res.Body != nil {
5991			res.Body.Close()
5992		}
5993		return nil, &googleapi.Error{
5994			Code:   res.StatusCode,
5995			Header: res.Header,
5996		}
5997	}
5998	if err != nil {
5999		return nil, err
6000	}
6001	defer googleapi.CloseBody(res)
6002	if err := googleapi.CheckResponse(res); err != nil {
6003		return nil, err
6004	}
6005	ret := &Operation{
6006		ServerResponse: googleapi.ServerResponse{
6007			Header:         res.Header,
6008			HTTPStatusCode: res.StatusCode,
6009		},
6010	}
6011	target := &ret
6012	if err := gensupport.DecodeResponse(target, res); err != nil {
6013		return nil, err
6014	}
6015	return ret, nil
6016	// {
6017	//   "description": "Updates an existing WorkloadIdentityPoolProvider.",
6018	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers/{providersId}",
6019	//   "httpMethod": "PATCH",
6020	//   "id": "iam.projects.locations.workloadIdentityPools.providers.patch",
6021	//   "parameterOrder": [
6022	//     "name"
6023	//   ],
6024	//   "parameters": {
6025	//     "name": {
6026	//       "description": "Output only. The resource name of the provider.",
6027	//       "location": "path",
6028	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+/providers/[^/]+$",
6029	//       "required": true,
6030	//       "type": "string"
6031	//     },
6032	//     "updateMask": {
6033	//       "description": "Required. The list of fields to update.",
6034	//       "format": "google-fieldmask",
6035	//       "location": "query",
6036	//       "type": "string"
6037	//     }
6038	//   },
6039	//   "path": "v1/{+name}",
6040	//   "request": {
6041	//     "$ref": "WorkloadIdentityPoolProvider"
6042	//   },
6043	//   "response": {
6044	//     "$ref": "Operation"
6045	//   },
6046	//   "scopes": [
6047	//     "https://www.googleapis.com/auth/cloud-platform"
6048	//   ]
6049	// }
6050
6051}
6052
6053// method id "iam.projects.locations.workloadIdentityPools.providers.undelete":
6054
6055type ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall struct {
6056	s                                           *Service
6057	name                                        string
6058	undeleteworkloadidentitypoolproviderrequest *UndeleteWorkloadIdentityPoolProviderRequest
6059	urlParams_                                  gensupport.URLParams
6060	ctx_                                        context.Context
6061	header_                                     http.Header
6062}
6063
6064// Undelete: Undeletes a WorkloadIdentityPoolProvider, as long as it was
6065// deleted fewer than 30 days ago.
6066//
6067// - name: The name of the provider to undelete.
6068func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersService) Undelete(name string, undeleteworkloadidentitypoolproviderrequest *UndeleteWorkloadIdentityPoolProviderRequest) *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall {
6069	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
6070	c.name = name
6071	c.undeleteworkloadidentitypoolproviderrequest = undeleteworkloadidentitypoolproviderrequest
6072	return c
6073}
6074
6075// Fields allows partial responses to be retrieved. See
6076// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
6077// for more information.
6078func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall {
6079	c.urlParams_.Set("fields", googleapi.CombineFields(s))
6080	return c
6081}
6082
6083// Context sets the context to be used in this call's Do method. Any
6084// pending HTTP request will be aborted if the provided context is
6085// canceled.
6086func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall {
6087	c.ctx_ = ctx
6088	return c
6089}
6090
6091// Header returns an http.Header that can be modified by the caller to
6092// add HTTP headers to the request.
6093func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall) Header() http.Header {
6094	if c.header_ == nil {
6095		c.header_ = make(http.Header)
6096	}
6097	return c.header_
6098}
6099
6100func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall) doRequest(alt string) (*http.Response, error) {
6101	reqHeaders := make(http.Header)
6102	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
6103	for k, v := range c.header_ {
6104		reqHeaders[k] = v
6105	}
6106	reqHeaders.Set("User-Agent", c.s.userAgent())
6107	var body io.Reader = nil
6108	body, err := googleapi.WithoutDataWrapper.JSONReader(c.undeleteworkloadidentitypoolproviderrequest)
6109	if err != nil {
6110		return nil, err
6111	}
6112	reqHeaders.Set("Content-Type", "application/json")
6113	c.urlParams_.Set("alt", alt)
6114	c.urlParams_.Set("prettyPrint", "false")
6115	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:undelete")
6116	urls += "?" + c.urlParams_.Encode()
6117	req, err := http.NewRequest("POST", urls, body)
6118	if err != nil {
6119		return nil, err
6120	}
6121	req.Header = reqHeaders
6122	googleapi.Expand(req.URL, map[string]string{
6123		"name": c.name,
6124	})
6125	return gensupport.SendRequest(c.ctx_, c.s.client, req)
6126}
6127
6128// Do executes the "iam.projects.locations.workloadIdentityPools.providers.undelete" call.
6129// Exactly one of *Operation or error will be non-nil. Any non-2xx
6130// status code is an error. Response headers are in either
6131// *Operation.ServerResponse.Header or (if a response was returned at
6132// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
6133// to check whether the returned error was because
6134// http.StatusNotModified was returned.
6135func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
6136	gensupport.SetOptions(c.urlParams_, opts...)
6137	res, err := c.doRequest("json")
6138	if res != nil && res.StatusCode == http.StatusNotModified {
6139		if res.Body != nil {
6140			res.Body.Close()
6141		}
6142		return nil, &googleapi.Error{
6143			Code:   res.StatusCode,
6144			Header: res.Header,
6145		}
6146	}
6147	if err != nil {
6148		return nil, err
6149	}
6150	defer googleapi.CloseBody(res)
6151	if err := googleapi.CheckResponse(res); err != nil {
6152		return nil, err
6153	}
6154	ret := &Operation{
6155		ServerResponse: googleapi.ServerResponse{
6156			Header:         res.Header,
6157			HTTPStatusCode: res.StatusCode,
6158		},
6159	}
6160	target := &ret
6161	if err := gensupport.DecodeResponse(target, res); err != nil {
6162		return nil, err
6163	}
6164	return ret, nil
6165	// {
6166	//   "description": "Undeletes a WorkloadIdentityPoolProvider, as long as it was deleted fewer than 30 days ago.",
6167	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers/{providersId}:undelete",
6168	//   "httpMethod": "POST",
6169	//   "id": "iam.projects.locations.workloadIdentityPools.providers.undelete",
6170	//   "parameterOrder": [
6171	//     "name"
6172	//   ],
6173	//   "parameters": {
6174	//     "name": {
6175	//       "description": "Required. The name of the provider to undelete.",
6176	//       "location": "path",
6177	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+/providers/[^/]+$",
6178	//       "required": true,
6179	//       "type": "string"
6180	//     }
6181	//   },
6182	//   "path": "v1/{+name}:undelete",
6183	//   "request": {
6184	//     "$ref": "UndeleteWorkloadIdentityPoolProviderRequest"
6185	//   },
6186	//   "response": {
6187	//     "$ref": "Operation"
6188	//   },
6189	//   "scopes": [
6190	//     "https://www.googleapis.com/auth/cloud-platform"
6191	//   ]
6192	// }
6193
6194}
6195
6196// method id "iam.projects.locations.workloadIdentityPools.providers.operations.get":
6197
6198type ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall struct {
6199	s            *Service
6200	name         string
6201	urlParams_   gensupport.URLParams
6202	ifNoneMatch_ string
6203	ctx_         context.Context
6204	header_      http.Header
6205}
6206
6207// Get: Gets the latest state of a long-running operation. Clients can
6208// use this method to poll the operation result at intervals as
6209// recommended by the API service.
6210//
6211// - name: The name of the operation resource.
6212func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService) Get(name string) *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall {
6213	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
6214	c.name = name
6215	return c
6216}
6217
6218// Fields allows partial responses to be retrieved. See
6219// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
6220// for more information.
6221func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall {
6222	c.urlParams_.Set("fields", googleapi.CombineFields(s))
6223	return c
6224}
6225
6226// IfNoneMatch sets the optional parameter which makes the operation
6227// fail if the object's ETag matches the given value. This is useful for
6228// getting updates only after the object has changed since the last
6229// request. Use googleapi.IsNotModified to check whether the response
6230// error from Do is the result of In-None-Match.
6231func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall {
6232	c.ifNoneMatch_ = entityTag
6233	return c
6234}
6235
6236// Context sets the context to be used in this call's Do method. Any
6237// pending HTTP request will be aborted if the provided context is
6238// canceled.
6239func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall {
6240	c.ctx_ = ctx
6241	return c
6242}
6243
6244// Header returns an http.Header that can be modified by the caller to
6245// add HTTP headers to the request.
6246func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall) Header() http.Header {
6247	if c.header_ == nil {
6248		c.header_ = make(http.Header)
6249	}
6250	return c.header_
6251}
6252
6253func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall) doRequest(alt string) (*http.Response, error) {
6254	reqHeaders := make(http.Header)
6255	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
6256	for k, v := range c.header_ {
6257		reqHeaders[k] = v
6258	}
6259	reqHeaders.Set("User-Agent", c.s.userAgent())
6260	if c.ifNoneMatch_ != "" {
6261		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
6262	}
6263	var body io.Reader = nil
6264	c.urlParams_.Set("alt", alt)
6265	c.urlParams_.Set("prettyPrint", "false")
6266	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
6267	urls += "?" + c.urlParams_.Encode()
6268	req, err := http.NewRequest("GET", urls, body)
6269	if err != nil {
6270		return nil, err
6271	}
6272	req.Header = reqHeaders
6273	googleapi.Expand(req.URL, map[string]string{
6274		"name": c.name,
6275	})
6276	return gensupport.SendRequest(c.ctx_, c.s.client, req)
6277}
6278
6279// Do executes the "iam.projects.locations.workloadIdentityPools.providers.operations.get" call.
6280// Exactly one of *Operation or error will be non-nil. Any non-2xx
6281// status code is an error. Response headers are in either
6282// *Operation.ServerResponse.Header or (if a response was returned at
6283// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
6284// to check whether the returned error was because
6285// http.StatusNotModified was returned.
6286func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
6287	gensupport.SetOptions(c.urlParams_, opts...)
6288	res, err := c.doRequest("json")
6289	if res != nil && res.StatusCode == http.StatusNotModified {
6290		if res.Body != nil {
6291			res.Body.Close()
6292		}
6293		return nil, &googleapi.Error{
6294			Code:   res.StatusCode,
6295			Header: res.Header,
6296		}
6297	}
6298	if err != nil {
6299		return nil, err
6300	}
6301	defer googleapi.CloseBody(res)
6302	if err := googleapi.CheckResponse(res); err != nil {
6303		return nil, err
6304	}
6305	ret := &Operation{
6306		ServerResponse: googleapi.ServerResponse{
6307			Header:         res.Header,
6308			HTTPStatusCode: res.StatusCode,
6309		},
6310	}
6311	target := &ret
6312	if err := gensupport.DecodeResponse(target, res); err != nil {
6313		return nil, err
6314	}
6315	return ret, nil
6316	// {
6317	//   "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.",
6318	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers/{providersId}/operations/{operationsId}",
6319	//   "httpMethod": "GET",
6320	//   "id": "iam.projects.locations.workloadIdentityPools.providers.operations.get",
6321	//   "parameterOrder": [
6322	//     "name"
6323	//   ],
6324	//   "parameters": {
6325	//     "name": {
6326	//       "description": "The name of the operation resource.",
6327	//       "location": "path",
6328	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+/providers/[^/]+/operations/[^/]+$",
6329	//       "required": true,
6330	//       "type": "string"
6331	//     }
6332	//   },
6333	//   "path": "v1/{+name}",
6334	//   "response": {
6335	//     "$ref": "Operation"
6336	//   },
6337	//   "scopes": [
6338	//     "https://www.googleapis.com/auth/cloud-platform"
6339	//   ]
6340	// }
6341
6342}
6343
6344// method id "iam.projects.roles.create":
6345
6346type ProjectsRolesCreateCall struct {
6347	s                 *Service
6348	parent            string
6349	createrolerequest *CreateRoleRequest
6350	urlParams_        gensupport.URLParams
6351	ctx_              context.Context
6352	header_           http.Header
6353}
6354
6355// Create: Creates a new custom Role.
6356//
6357// - parent: The `parent` parameter's value depends on the target
6358//   resource for the request, namely `projects`
6359//   (/iam/reference/rest/v1/projects.roles) or `organizations`
6360//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
6361//   `parent` value format is described below: *
6362//   `projects.roles.create()`
6363//   (/iam/reference/rest/v1/projects.roles/create):
6364//   `projects/{PROJECT_ID}`. This method creates project-level custom
6365//   roles (/iam/docs/understanding-custom-roles). Example request URL:
6366//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` *
6367//   `organizations.roles.create()`
6368//   (/iam/reference/rest/v1/organizations.roles/create):
6369//   `organizations/{ORGANIZATION_ID}`. This method creates
6370//   organization-level custom roles
6371//   (/iam/docs/understanding-custom-roles). Example request URL:
6372//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
6373//   ` Note: Wildcard (*) values are invalid; you must specify a
6374//   complete project ID or organization ID.
6375func (r *ProjectsRolesService) Create(parent string, createrolerequest *CreateRoleRequest) *ProjectsRolesCreateCall {
6376	c := &ProjectsRolesCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
6377	c.parent = parent
6378	c.createrolerequest = createrolerequest
6379	return c
6380}
6381
6382// Fields allows partial responses to be retrieved. See
6383// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
6384// for more information.
6385func (c *ProjectsRolesCreateCall) Fields(s ...googleapi.Field) *ProjectsRolesCreateCall {
6386	c.urlParams_.Set("fields", googleapi.CombineFields(s))
6387	return c
6388}
6389
6390// Context sets the context to be used in this call's Do method. Any
6391// pending HTTP request will be aborted if the provided context is
6392// canceled.
6393func (c *ProjectsRolesCreateCall) Context(ctx context.Context) *ProjectsRolesCreateCall {
6394	c.ctx_ = ctx
6395	return c
6396}
6397
6398// Header returns an http.Header that can be modified by the caller to
6399// add HTTP headers to the request.
6400func (c *ProjectsRolesCreateCall) Header() http.Header {
6401	if c.header_ == nil {
6402		c.header_ = make(http.Header)
6403	}
6404	return c.header_
6405}
6406
6407func (c *ProjectsRolesCreateCall) doRequest(alt string) (*http.Response, error) {
6408	reqHeaders := make(http.Header)
6409	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
6410	for k, v := range c.header_ {
6411		reqHeaders[k] = v
6412	}
6413	reqHeaders.Set("User-Agent", c.s.userAgent())
6414	var body io.Reader = nil
6415	body, err := googleapi.WithoutDataWrapper.JSONReader(c.createrolerequest)
6416	if err != nil {
6417		return nil, err
6418	}
6419	reqHeaders.Set("Content-Type", "application/json")
6420	c.urlParams_.Set("alt", alt)
6421	c.urlParams_.Set("prettyPrint", "false")
6422	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/roles")
6423	urls += "?" + c.urlParams_.Encode()
6424	req, err := http.NewRequest("POST", urls, body)
6425	if err != nil {
6426		return nil, err
6427	}
6428	req.Header = reqHeaders
6429	googleapi.Expand(req.URL, map[string]string{
6430		"parent": c.parent,
6431	})
6432	return gensupport.SendRequest(c.ctx_, c.s.client, req)
6433}
6434
6435// Do executes the "iam.projects.roles.create" call.
6436// Exactly one of *Role or error will be non-nil. Any non-2xx status
6437// code is an error. Response headers are in either
6438// *Role.ServerResponse.Header or (if a response was returned at all) in
6439// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
6440// whether the returned error was because http.StatusNotModified was
6441// returned.
6442func (c *ProjectsRolesCreateCall) Do(opts ...googleapi.CallOption) (*Role, error) {
6443	gensupport.SetOptions(c.urlParams_, opts...)
6444	res, err := c.doRequest("json")
6445	if res != nil && res.StatusCode == http.StatusNotModified {
6446		if res.Body != nil {
6447			res.Body.Close()
6448		}
6449		return nil, &googleapi.Error{
6450			Code:   res.StatusCode,
6451			Header: res.Header,
6452		}
6453	}
6454	if err != nil {
6455		return nil, err
6456	}
6457	defer googleapi.CloseBody(res)
6458	if err := googleapi.CheckResponse(res); err != nil {
6459		return nil, err
6460	}
6461	ret := &Role{
6462		ServerResponse: googleapi.ServerResponse{
6463			Header:         res.Header,
6464			HTTPStatusCode: res.StatusCode,
6465		},
6466	}
6467	target := &ret
6468	if err := gensupport.DecodeResponse(target, res); err != nil {
6469		return nil, err
6470	}
6471	return ret, nil
6472	// {
6473	//   "description": "Creates a new custom Role.",
6474	//   "flatPath": "v1/projects/{projectsId}/roles",
6475	//   "httpMethod": "POST",
6476	//   "id": "iam.projects.roles.create",
6477	//   "parameterOrder": [
6478	//     "parent"
6479	//   ],
6480	//   "parameters": {
6481	//     "parent": {
6482	//       "description": "The `parent` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create): `projects/{PROJECT_ID}`. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/create): `organizations/{ORGANIZATION_ID}`. This method creates organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
6483	//       "location": "path",
6484	//       "pattern": "^projects/[^/]+$",
6485	//       "required": true,
6486	//       "type": "string"
6487	//     }
6488	//   },
6489	//   "path": "v1/{+parent}/roles",
6490	//   "request": {
6491	//     "$ref": "CreateRoleRequest"
6492	//   },
6493	//   "response": {
6494	//     "$ref": "Role"
6495	//   },
6496	//   "scopes": [
6497	//     "https://www.googleapis.com/auth/cloud-platform"
6498	//   ]
6499	// }
6500
6501}
6502
6503// method id "iam.projects.roles.delete":
6504
6505type ProjectsRolesDeleteCall struct {
6506	s          *Service
6507	name       string
6508	urlParams_ gensupport.URLParams
6509	ctx_       context.Context
6510	header_    http.Header
6511}
6512
6513// Delete: Deletes a custom Role. When you delete a custom role, the
6514// following changes occur immediately: * You cannot bind a member to
6515// the custom role in an IAM Policy. * Existing bindings to the custom
6516// role are not changed, but they have no effect. * By default, the
6517// response from ListRoles does not include the custom role. You have 7
6518// days to undelete the custom role. After 7 days, the following changes
6519// occur: * The custom role is permanently deleted and cannot be
6520// recovered. * If an IAM policy contains a binding to the custom role,
6521// the binding is permanently removed.
6522//
6523// - name: The `name` parameter's value depends on the target resource
6524//   for the request, namely `projects`
6525//   (/iam/reference/rest/v1/projects.roles) or `organizations`
6526//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
6527//   `name` value format is described below: * `projects.roles.delete()`
6528//   (/iam/reference/rest/v1/projects.roles/delete):
6529//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes
6530//   only custom roles (/iam/docs/understanding-custom-roles) that have
6531//   been created at the project level. Example request URL:
6532//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
6533//   OLE_ID}` * `organizations.roles.delete()`
6534//   (/iam/reference/rest/v1/organizations.roles/delete):
6535//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
6536//   method deletes only custom roles
6537//   (/iam/docs/understanding-custom-roles) that have been created at
6538//   the organization level. Example request URL:
6539//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
6540//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
6541//   specify a complete project ID or organization ID.
6542func (r *ProjectsRolesService) Delete(name string) *ProjectsRolesDeleteCall {
6543	c := &ProjectsRolesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
6544	c.name = name
6545	return c
6546}
6547
6548// Etag sets the optional parameter "etag": Used to perform a consistent
6549// read-modify-write.
6550func (c *ProjectsRolesDeleteCall) Etag(etag string) *ProjectsRolesDeleteCall {
6551	c.urlParams_.Set("etag", etag)
6552	return c
6553}
6554
6555// Fields allows partial responses to be retrieved. See
6556// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
6557// for more information.
6558func (c *ProjectsRolesDeleteCall) Fields(s ...googleapi.Field) *ProjectsRolesDeleteCall {
6559	c.urlParams_.Set("fields", googleapi.CombineFields(s))
6560	return c
6561}
6562
6563// Context sets the context to be used in this call's Do method. Any
6564// pending HTTP request will be aborted if the provided context is
6565// canceled.
6566func (c *ProjectsRolesDeleteCall) Context(ctx context.Context) *ProjectsRolesDeleteCall {
6567	c.ctx_ = ctx
6568	return c
6569}
6570
6571// Header returns an http.Header that can be modified by the caller to
6572// add HTTP headers to the request.
6573func (c *ProjectsRolesDeleteCall) Header() http.Header {
6574	if c.header_ == nil {
6575		c.header_ = make(http.Header)
6576	}
6577	return c.header_
6578}
6579
6580func (c *ProjectsRolesDeleteCall) doRequest(alt string) (*http.Response, error) {
6581	reqHeaders := make(http.Header)
6582	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
6583	for k, v := range c.header_ {
6584		reqHeaders[k] = v
6585	}
6586	reqHeaders.Set("User-Agent", c.s.userAgent())
6587	var body io.Reader = nil
6588	c.urlParams_.Set("alt", alt)
6589	c.urlParams_.Set("prettyPrint", "false")
6590	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
6591	urls += "?" + c.urlParams_.Encode()
6592	req, err := http.NewRequest("DELETE", urls, body)
6593	if err != nil {
6594		return nil, err
6595	}
6596	req.Header = reqHeaders
6597	googleapi.Expand(req.URL, map[string]string{
6598		"name": c.name,
6599	})
6600	return gensupport.SendRequest(c.ctx_, c.s.client, req)
6601}
6602
6603// Do executes the "iam.projects.roles.delete" call.
6604// Exactly one of *Role or error will be non-nil. Any non-2xx status
6605// code is an error. Response headers are in either
6606// *Role.ServerResponse.Header or (if a response was returned at all) in
6607// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
6608// whether the returned error was because http.StatusNotModified was
6609// returned.
6610func (c *ProjectsRolesDeleteCall) Do(opts ...googleapi.CallOption) (*Role, error) {
6611	gensupport.SetOptions(c.urlParams_, opts...)
6612	res, err := c.doRequest("json")
6613	if res != nil && res.StatusCode == http.StatusNotModified {
6614		if res.Body != nil {
6615			res.Body.Close()
6616		}
6617		return nil, &googleapi.Error{
6618			Code:   res.StatusCode,
6619			Header: res.Header,
6620		}
6621	}
6622	if err != nil {
6623		return nil, err
6624	}
6625	defer googleapi.CloseBody(res)
6626	if err := googleapi.CheckResponse(res); err != nil {
6627		return nil, err
6628	}
6629	ret := &Role{
6630		ServerResponse: googleapi.ServerResponse{
6631			Header:         res.Header,
6632			HTTPStatusCode: res.StatusCode,
6633		},
6634	}
6635	target := &ret
6636	if err := gensupport.DecodeResponse(target, res); err != nil {
6637		return nil, err
6638	}
6639	return ret, nil
6640	// {
6641	//   "description": "Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a member to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.",
6642	//   "flatPath": "v1/projects/{projectsId}/roles/{rolesId}",
6643	//   "httpMethod": "DELETE",
6644	//   "id": "iam.projects.roles.delete",
6645	//   "parameterOrder": [
6646	//     "name"
6647	//   ],
6648	//   "parameters": {
6649	//     "etag": {
6650	//       "description": "Used to perform a consistent read-modify-write.",
6651	//       "format": "byte",
6652	//       "location": "query",
6653	//       "type": "string"
6654	//     },
6655	//     "name": {
6656	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/delete): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
6657	//       "location": "path",
6658	//       "pattern": "^projects/[^/]+/roles/[^/]+$",
6659	//       "required": true,
6660	//       "type": "string"
6661	//     }
6662	//   },
6663	//   "path": "v1/{+name}",
6664	//   "response": {
6665	//     "$ref": "Role"
6666	//   },
6667	//   "scopes": [
6668	//     "https://www.googleapis.com/auth/cloud-platform"
6669	//   ]
6670	// }
6671
6672}
6673
6674// method id "iam.projects.roles.get":
6675
6676type ProjectsRolesGetCall struct {
6677	s            *Service
6678	name         string
6679	urlParams_   gensupport.URLParams
6680	ifNoneMatch_ string
6681	ctx_         context.Context
6682	header_      http.Header
6683}
6684
6685// Get: Gets the definition of a Role.
6686//
6687// - name: The `name` parameter's value depends on the target resource
6688//   for the request, namely `roles` (/iam/reference/rest/v1/roles),
6689//   `projects` (/iam/reference/rest/v1/projects.roles), or
6690//   `organizations` (/iam/reference/rest/v1/organizations.roles). Each
6691//   resource type's `name` value format is described below: *
6692//   `roles.get()` (/iam/reference/rest/v1/roles/get):
6693//   `roles/{ROLE_NAME}`. This method returns results from all
6694//   predefined roles (/iam/docs/understanding-roles#predefined_roles)
6695//   in Cloud IAM. Example request URL:
6696//   `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` *
6697//   `projects.roles.get()` (/iam/reference/rest/v1/projects.roles/get):
6698//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns
6699//   only custom roles (/iam/docs/understanding-custom-roles) that have
6700//   been created at the project level. Example request URL:
6701//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
6702//   OLE_ID}` * `organizations.roles.get()`
6703//   (/iam/reference/rest/v1/organizations.roles/get):
6704//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
6705//   method returns only custom roles
6706//   (/iam/docs/understanding-custom-roles) that have been created at
6707//   the organization level. Example request URL:
6708//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
6709//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
6710//   specify a complete project ID or organization ID.
6711func (r *ProjectsRolesService) Get(name string) *ProjectsRolesGetCall {
6712	c := &ProjectsRolesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
6713	c.name = name
6714	return c
6715}
6716
6717// Fields allows partial responses to be retrieved. See
6718// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
6719// for more information.
6720func (c *ProjectsRolesGetCall) Fields(s ...googleapi.Field) *ProjectsRolesGetCall {
6721	c.urlParams_.Set("fields", googleapi.CombineFields(s))
6722	return c
6723}
6724
6725// IfNoneMatch sets the optional parameter which makes the operation
6726// fail if the object's ETag matches the given value. This is useful for
6727// getting updates only after the object has changed since the last
6728// request. Use googleapi.IsNotModified to check whether the response
6729// error from Do is the result of In-None-Match.
6730func (c *ProjectsRolesGetCall) IfNoneMatch(entityTag string) *ProjectsRolesGetCall {
6731	c.ifNoneMatch_ = entityTag
6732	return c
6733}
6734
6735// Context sets the context to be used in this call's Do method. Any
6736// pending HTTP request will be aborted if the provided context is
6737// canceled.
6738func (c *ProjectsRolesGetCall) Context(ctx context.Context) *ProjectsRolesGetCall {
6739	c.ctx_ = ctx
6740	return c
6741}
6742
6743// Header returns an http.Header that can be modified by the caller to
6744// add HTTP headers to the request.
6745func (c *ProjectsRolesGetCall) Header() http.Header {
6746	if c.header_ == nil {
6747		c.header_ = make(http.Header)
6748	}
6749	return c.header_
6750}
6751
6752func (c *ProjectsRolesGetCall) doRequest(alt string) (*http.Response, error) {
6753	reqHeaders := make(http.Header)
6754	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
6755	for k, v := range c.header_ {
6756		reqHeaders[k] = v
6757	}
6758	reqHeaders.Set("User-Agent", c.s.userAgent())
6759	if c.ifNoneMatch_ != "" {
6760		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
6761	}
6762	var body io.Reader = nil
6763	c.urlParams_.Set("alt", alt)
6764	c.urlParams_.Set("prettyPrint", "false")
6765	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
6766	urls += "?" + c.urlParams_.Encode()
6767	req, err := http.NewRequest("GET", urls, body)
6768	if err != nil {
6769		return nil, err
6770	}
6771	req.Header = reqHeaders
6772	googleapi.Expand(req.URL, map[string]string{
6773		"name": c.name,
6774	})
6775	return gensupport.SendRequest(c.ctx_, c.s.client, req)
6776}
6777
6778// Do executes the "iam.projects.roles.get" call.
6779// Exactly one of *Role or error will be non-nil. Any non-2xx status
6780// code is an error. Response headers are in either
6781// *Role.ServerResponse.Header or (if a response was returned at all) in
6782// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
6783// whether the returned error was because http.StatusNotModified was
6784// returned.
6785func (c *ProjectsRolesGetCall) Do(opts ...googleapi.CallOption) (*Role, error) {
6786	gensupport.SetOptions(c.urlParams_, opts...)
6787	res, err := c.doRequest("json")
6788	if res != nil && res.StatusCode == http.StatusNotModified {
6789		if res.Body != nil {
6790			res.Body.Close()
6791		}
6792		return nil, &googleapi.Error{
6793			Code:   res.StatusCode,
6794			Header: res.Header,
6795		}
6796	}
6797	if err != nil {
6798		return nil, err
6799	}
6800	defer googleapi.CloseBody(res)
6801	if err := googleapi.CheckResponse(res); err != nil {
6802		return nil, err
6803	}
6804	ret := &Role{
6805		ServerResponse: googleapi.ServerResponse{
6806			Header:         res.Header,
6807			HTTPStatusCode: res.StatusCode,
6808		},
6809	}
6810	target := &ret
6811	if err := gensupport.DecodeResponse(target, res); err != nil {
6812		return nil, err
6813	}
6814	return ret, nil
6815	// {
6816	//   "description": "Gets the definition of a Role.",
6817	//   "flatPath": "v1/projects/{projectsId}/roles/{rolesId}",
6818	//   "httpMethod": "GET",
6819	//   "id": "iam.projects.roles.get",
6820	//   "parameterOrder": [
6821	//     "name"
6822	//   ],
6823	//   "parameters": {
6824	//     "name": {
6825	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`. This method returns results from all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
6826	//       "location": "path",
6827	//       "pattern": "^projects/[^/]+/roles/[^/]+$",
6828	//       "required": true,
6829	//       "type": "string"
6830	//     }
6831	//   },
6832	//   "path": "v1/{+name}",
6833	//   "response": {
6834	//     "$ref": "Role"
6835	//   },
6836	//   "scopes": [
6837	//     "https://www.googleapis.com/auth/cloud-platform"
6838	//   ]
6839	// }
6840
6841}
6842
6843// method id "iam.projects.roles.list":
6844
6845type ProjectsRolesListCall struct {
6846	s            *Service
6847	parent       string
6848	urlParams_   gensupport.URLParams
6849	ifNoneMatch_ string
6850	ctx_         context.Context
6851	header_      http.Header
6852}
6853
6854// List: Lists every predefined Role that IAM supports, or every custom
6855// role that is defined for an organization or project.
6856//
6857// - parent: The `parent` parameter's value depends on the target
6858//   resource for the request, namely `roles`
6859//   (/iam/reference/rest/v1/roles), `projects`
6860//   (/iam/reference/rest/v1/projects.roles), or `organizations`
6861//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
6862//   `parent` value format is described below: * `roles.list()`
6863//   (/iam/reference/rest/v1/roles/list): An empty string. This method
6864//   doesn't require a resource; it simply returns all predefined roles
6865//   (/iam/docs/understanding-roles#predefined_roles) in Cloud IAM.
6866//   Example request URL: `https://iam.googleapis.com/v1/roles` *
6867//   `projects.roles.list()`
6868//   (/iam/reference/rest/v1/projects.roles/list):
6869//   `projects/{PROJECT_ID}`. This method lists all project-level custom
6870//   roles (/iam/docs/understanding-custom-roles). Example request URL:
6871//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` *
6872//   `organizations.roles.list()`
6873//   (/iam/reference/rest/v1/organizations.roles/list):
6874//   `organizations/{ORGANIZATION_ID}`. This method lists all
6875//   organization-level custom roles
6876//   (/iam/docs/understanding-custom-roles). Example request URL:
6877//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
6878//   ` Note: Wildcard (*) values are invalid; you must specify a
6879//   complete project ID or organization ID.
6880func (r *ProjectsRolesService) List(parent string) *ProjectsRolesListCall {
6881	c := &ProjectsRolesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
6882	c.parent = parent
6883	return c
6884}
6885
6886// PageSize sets the optional parameter "pageSize": Optional limit on
6887// the number of roles to include in the response. The default is 300,
6888// and the maximum is 1,000.
6889func (c *ProjectsRolesListCall) PageSize(pageSize int64) *ProjectsRolesListCall {
6890	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
6891	return c
6892}
6893
6894// PageToken sets the optional parameter "pageToken": Optional
6895// pagination token returned in an earlier ListRolesResponse.
6896func (c *ProjectsRolesListCall) PageToken(pageToken string) *ProjectsRolesListCall {
6897	c.urlParams_.Set("pageToken", pageToken)
6898	return c
6899}
6900
6901// ShowDeleted sets the optional parameter "showDeleted": Include Roles
6902// that have been deleted.
6903func (c *ProjectsRolesListCall) ShowDeleted(showDeleted bool) *ProjectsRolesListCall {
6904	c.urlParams_.Set("showDeleted", fmt.Sprint(showDeleted))
6905	return c
6906}
6907
6908// View sets the optional parameter "view": Optional view for the
6909// returned Role objects. When `FULL` is specified, the
6910// `includedPermissions` field is returned, which includes a list of all
6911// permissions in the role. The default value is `BASIC`, which does not
6912// return the `includedPermissions` field.
6913//
6914// Possible values:
6915//   "BASIC" - Omits the `included_permissions` field. This is the
6916// default value.
6917//   "FULL" - Returns all fields.
6918func (c *ProjectsRolesListCall) View(view string) *ProjectsRolesListCall {
6919	c.urlParams_.Set("view", view)
6920	return c
6921}
6922
6923// Fields allows partial responses to be retrieved. See
6924// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
6925// for more information.
6926func (c *ProjectsRolesListCall) Fields(s ...googleapi.Field) *ProjectsRolesListCall {
6927	c.urlParams_.Set("fields", googleapi.CombineFields(s))
6928	return c
6929}
6930
6931// IfNoneMatch sets the optional parameter which makes the operation
6932// fail if the object's ETag matches the given value. This is useful for
6933// getting updates only after the object has changed since the last
6934// request. Use googleapi.IsNotModified to check whether the response
6935// error from Do is the result of In-None-Match.
6936func (c *ProjectsRolesListCall) IfNoneMatch(entityTag string) *ProjectsRolesListCall {
6937	c.ifNoneMatch_ = entityTag
6938	return c
6939}
6940
6941// Context sets the context to be used in this call's Do method. Any
6942// pending HTTP request will be aborted if the provided context is
6943// canceled.
6944func (c *ProjectsRolesListCall) Context(ctx context.Context) *ProjectsRolesListCall {
6945	c.ctx_ = ctx
6946	return c
6947}
6948
6949// Header returns an http.Header that can be modified by the caller to
6950// add HTTP headers to the request.
6951func (c *ProjectsRolesListCall) Header() http.Header {
6952	if c.header_ == nil {
6953		c.header_ = make(http.Header)
6954	}
6955	return c.header_
6956}
6957
6958func (c *ProjectsRolesListCall) doRequest(alt string) (*http.Response, error) {
6959	reqHeaders := make(http.Header)
6960	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
6961	for k, v := range c.header_ {
6962		reqHeaders[k] = v
6963	}
6964	reqHeaders.Set("User-Agent", c.s.userAgent())
6965	if c.ifNoneMatch_ != "" {
6966		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
6967	}
6968	var body io.Reader = nil
6969	c.urlParams_.Set("alt", alt)
6970	c.urlParams_.Set("prettyPrint", "false")
6971	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/roles")
6972	urls += "?" + c.urlParams_.Encode()
6973	req, err := http.NewRequest("GET", urls, body)
6974	if err != nil {
6975		return nil, err
6976	}
6977	req.Header = reqHeaders
6978	googleapi.Expand(req.URL, map[string]string{
6979		"parent": c.parent,
6980	})
6981	return gensupport.SendRequest(c.ctx_, c.s.client, req)
6982}
6983
6984// Do executes the "iam.projects.roles.list" call.
6985// Exactly one of *ListRolesResponse or error will be non-nil. Any
6986// non-2xx status code is an error. Response headers are in either
6987// *ListRolesResponse.ServerResponse.Header or (if a response was
6988// returned at all) in error.(*googleapi.Error).Header. Use
6989// googleapi.IsNotModified to check whether the returned error was
6990// because http.StatusNotModified was returned.
6991func (c *ProjectsRolesListCall) Do(opts ...googleapi.CallOption) (*ListRolesResponse, error) {
6992	gensupport.SetOptions(c.urlParams_, opts...)
6993	res, err := c.doRequest("json")
6994	if res != nil && res.StatusCode == http.StatusNotModified {
6995		if res.Body != nil {
6996			res.Body.Close()
6997		}
6998		return nil, &googleapi.Error{
6999			Code:   res.StatusCode,
7000			Header: res.Header,
7001		}
7002	}
7003	if err != nil {
7004		return nil, err
7005	}
7006	defer googleapi.CloseBody(res)
7007	if err := googleapi.CheckResponse(res); err != nil {
7008		return nil, err
7009	}
7010	ret := &ListRolesResponse{
7011		ServerResponse: googleapi.ServerResponse{
7012			Header:         res.Header,
7013			HTTPStatusCode: res.StatusCode,
7014		},
7015	}
7016	target := &ret
7017	if err := gensupport.DecodeResponse(target, res); err != nil {
7018		return nil, err
7019	}
7020	return ret, nil
7021	// {
7022	//   "description": "Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.",
7023	//   "flatPath": "v1/projects/{projectsId}/roles",
7024	//   "httpMethod": "GET",
7025	//   "id": "iam.projects.roles.list",
7026	//   "parameterOrder": [
7027	//     "parent"
7028	//   ],
7029	//   "parameters": {
7030	//     "pageSize": {
7031	//       "description": "Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.",
7032	//       "format": "int32",
7033	//       "location": "query",
7034	//       "type": "integer"
7035	//     },
7036	//     "pageToken": {
7037	//       "description": "Optional pagination token returned in an earlier ListRolesResponse.",
7038	//       "location": "query",
7039	//       "type": "string"
7040	//     },
7041	//     "parent": {
7042	//       "description": "The `parent` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. This method doesn't require a resource; it simply returns all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list): `projects/{PROJECT_ID}`. This method lists all project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list): `organizations/{ORGANIZATION_ID}`. This method lists all organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
7043	//       "location": "path",
7044	//       "pattern": "^projects/[^/]+$",
7045	//       "required": true,
7046	//       "type": "string"
7047	//     },
7048	//     "showDeleted": {
7049	//       "description": "Include Roles that have been deleted.",
7050	//       "location": "query",
7051	//       "type": "boolean"
7052	//     },
7053	//     "view": {
7054	//       "description": "Optional view for the returned Role objects. When `FULL` is specified, the `includedPermissions` field is returned, which includes a list of all permissions in the role. The default value is `BASIC`, which does not return the `includedPermissions` field.",
7055	//       "enum": [
7056	//         "BASIC",
7057	//         "FULL"
7058	//       ],
7059	//       "enumDescriptions": [
7060	//         "Omits the `included_permissions` field. This is the default value.",
7061	//         "Returns all fields."
7062	//       ],
7063	//       "location": "query",
7064	//       "type": "string"
7065	//     }
7066	//   },
7067	//   "path": "v1/{+parent}/roles",
7068	//   "response": {
7069	//     "$ref": "ListRolesResponse"
7070	//   },
7071	//   "scopes": [
7072	//     "https://www.googleapis.com/auth/cloud-platform"
7073	//   ]
7074	// }
7075
7076}
7077
7078// Pages invokes f for each page of results.
7079// A non-nil error returned from f will halt the iteration.
7080// The provided context supersedes any context provided to the Context method.
7081func (c *ProjectsRolesListCall) Pages(ctx context.Context, f func(*ListRolesResponse) error) error {
7082	c.ctx_ = ctx
7083	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
7084	for {
7085		x, err := c.Do()
7086		if err != nil {
7087			return err
7088		}
7089		if err := f(x); err != nil {
7090			return err
7091		}
7092		if x.NextPageToken == "" {
7093			return nil
7094		}
7095		c.PageToken(x.NextPageToken)
7096	}
7097}
7098
7099// method id "iam.projects.roles.patch":
7100
7101type ProjectsRolesPatchCall struct {
7102	s          *Service
7103	name       string
7104	role       *Role
7105	urlParams_ gensupport.URLParams
7106	ctx_       context.Context
7107	header_    http.Header
7108}
7109
7110// Patch: Updates the definition of a custom Role.
7111//
7112// - name: The `name` parameter's value depends on the target resource
7113//   for the request, namely `projects`
7114//   (/iam/reference/rest/v1/projects.roles) or `organizations`
7115//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
7116//   `name` value format is described below: * `projects.roles.patch()`
7117//   (/iam/reference/rest/v1/projects.roles/patch):
7118//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates
7119//   only custom roles (/iam/docs/understanding-custom-roles) that have
7120//   been created at the project level. Example request URL:
7121//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
7122//   OLE_ID}` * `organizations.roles.patch()`
7123//   (/iam/reference/rest/v1/organizations.roles/patch):
7124//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
7125//   method updates only custom roles
7126//   (/iam/docs/understanding-custom-roles) that have been created at
7127//   the organization level. Example request URL:
7128//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
7129//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
7130//   specify a complete project ID or organization ID.
7131func (r *ProjectsRolesService) Patch(name string, role *Role) *ProjectsRolesPatchCall {
7132	c := &ProjectsRolesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
7133	c.name = name
7134	c.role = role
7135	return c
7136}
7137
7138// UpdateMask sets the optional parameter "updateMask": A mask
7139// describing which fields in the Role have changed.
7140func (c *ProjectsRolesPatchCall) UpdateMask(updateMask string) *ProjectsRolesPatchCall {
7141	c.urlParams_.Set("updateMask", updateMask)
7142	return c
7143}
7144
7145// Fields allows partial responses to be retrieved. See
7146// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
7147// for more information.
7148func (c *ProjectsRolesPatchCall) Fields(s ...googleapi.Field) *ProjectsRolesPatchCall {
7149	c.urlParams_.Set("fields", googleapi.CombineFields(s))
7150	return c
7151}
7152
7153// Context sets the context to be used in this call's Do method. Any
7154// pending HTTP request will be aborted if the provided context is
7155// canceled.
7156func (c *ProjectsRolesPatchCall) Context(ctx context.Context) *ProjectsRolesPatchCall {
7157	c.ctx_ = ctx
7158	return c
7159}
7160
7161// Header returns an http.Header that can be modified by the caller to
7162// add HTTP headers to the request.
7163func (c *ProjectsRolesPatchCall) Header() http.Header {
7164	if c.header_ == nil {
7165		c.header_ = make(http.Header)
7166	}
7167	return c.header_
7168}
7169
7170func (c *ProjectsRolesPatchCall) doRequest(alt string) (*http.Response, error) {
7171	reqHeaders := make(http.Header)
7172	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
7173	for k, v := range c.header_ {
7174		reqHeaders[k] = v
7175	}
7176	reqHeaders.Set("User-Agent", c.s.userAgent())
7177	var body io.Reader = nil
7178	body, err := googleapi.WithoutDataWrapper.JSONReader(c.role)
7179	if err != nil {
7180		return nil, err
7181	}
7182	reqHeaders.Set("Content-Type", "application/json")
7183	c.urlParams_.Set("alt", alt)
7184	c.urlParams_.Set("prettyPrint", "false")
7185	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
7186	urls += "?" + c.urlParams_.Encode()
7187	req, err := http.NewRequest("PATCH", urls, body)
7188	if err != nil {
7189		return nil, err
7190	}
7191	req.Header = reqHeaders
7192	googleapi.Expand(req.URL, map[string]string{
7193		"name": c.name,
7194	})
7195	return gensupport.SendRequest(c.ctx_, c.s.client, req)
7196}
7197
7198// Do executes the "iam.projects.roles.patch" call.
7199// Exactly one of *Role or error will be non-nil. Any non-2xx status
7200// code is an error. Response headers are in either
7201// *Role.ServerResponse.Header or (if a response was returned at all) in
7202// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
7203// whether the returned error was because http.StatusNotModified was
7204// returned.
7205func (c *ProjectsRolesPatchCall) Do(opts ...googleapi.CallOption) (*Role, error) {
7206	gensupport.SetOptions(c.urlParams_, opts...)
7207	res, err := c.doRequest("json")
7208	if res != nil && res.StatusCode == http.StatusNotModified {
7209		if res.Body != nil {
7210			res.Body.Close()
7211		}
7212		return nil, &googleapi.Error{
7213			Code:   res.StatusCode,
7214			Header: res.Header,
7215		}
7216	}
7217	if err != nil {
7218		return nil, err
7219	}
7220	defer googleapi.CloseBody(res)
7221	if err := googleapi.CheckResponse(res); err != nil {
7222		return nil, err
7223	}
7224	ret := &Role{
7225		ServerResponse: googleapi.ServerResponse{
7226			Header:         res.Header,
7227			HTTPStatusCode: res.StatusCode,
7228		},
7229	}
7230	target := &ret
7231	if err := gensupport.DecodeResponse(target, res); err != nil {
7232		return nil, err
7233	}
7234	return ret, nil
7235	// {
7236	//   "description": "Updates the definition of a custom Role.",
7237	//   "flatPath": "v1/projects/{projectsId}/roles/{rolesId}",
7238	//   "httpMethod": "PATCH",
7239	//   "id": "iam.projects.roles.patch",
7240	//   "parameterOrder": [
7241	//     "name"
7242	//   ],
7243	//   "parameters": {
7244	//     "name": {
7245	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
7246	//       "location": "path",
7247	//       "pattern": "^projects/[^/]+/roles/[^/]+$",
7248	//       "required": true,
7249	//       "type": "string"
7250	//     },
7251	//     "updateMask": {
7252	//       "description": "A mask describing which fields in the Role have changed.",
7253	//       "format": "google-fieldmask",
7254	//       "location": "query",
7255	//       "type": "string"
7256	//     }
7257	//   },
7258	//   "path": "v1/{+name}",
7259	//   "request": {
7260	//     "$ref": "Role"
7261	//   },
7262	//   "response": {
7263	//     "$ref": "Role"
7264	//   },
7265	//   "scopes": [
7266	//     "https://www.googleapis.com/auth/cloud-platform"
7267	//   ]
7268	// }
7269
7270}
7271
7272// method id "iam.projects.roles.undelete":
7273
7274type ProjectsRolesUndeleteCall struct {
7275	s                   *Service
7276	name                string
7277	undeleterolerequest *UndeleteRoleRequest
7278	urlParams_          gensupport.URLParams
7279	ctx_                context.Context
7280	header_             http.Header
7281}
7282
7283// Undelete: Undeletes a custom Role.
7284//
7285// - name: The `name` parameter's value depends on the target resource
7286//   for the request, namely `projects`
7287//   (/iam/reference/rest/v1/projects.roles) or `organizations`
7288//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
7289//   `name` value format is described below: *
7290//   `projects.roles.undelete()`
7291//   (/iam/reference/rest/v1/projects.roles/undelete):
7292//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method
7293//   undeletes only custom roles (/iam/docs/understanding-custom-roles)
7294//   that have been created at the project level. Example request URL:
7295//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
7296//   OLE_ID}` * `organizations.roles.undelete()`
7297//   (/iam/reference/rest/v1/organizations.roles/undelete):
7298//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
7299//   method undeletes only custom roles
7300//   (/iam/docs/understanding-custom-roles) that have been created at
7301//   the organization level. Example request URL:
7302//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
7303//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
7304//   specify a complete project ID or organization ID.
7305func (r *ProjectsRolesService) Undelete(name string, undeleterolerequest *UndeleteRoleRequest) *ProjectsRolesUndeleteCall {
7306	c := &ProjectsRolesUndeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
7307	c.name = name
7308	c.undeleterolerequest = undeleterolerequest
7309	return c
7310}
7311
7312// Fields allows partial responses to be retrieved. See
7313// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
7314// for more information.
7315func (c *ProjectsRolesUndeleteCall) Fields(s ...googleapi.Field) *ProjectsRolesUndeleteCall {
7316	c.urlParams_.Set("fields", googleapi.CombineFields(s))
7317	return c
7318}
7319
7320// Context sets the context to be used in this call's Do method. Any
7321// pending HTTP request will be aborted if the provided context is
7322// canceled.
7323func (c *ProjectsRolesUndeleteCall) Context(ctx context.Context) *ProjectsRolesUndeleteCall {
7324	c.ctx_ = ctx
7325	return c
7326}
7327
7328// Header returns an http.Header that can be modified by the caller to
7329// add HTTP headers to the request.
7330func (c *ProjectsRolesUndeleteCall) Header() http.Header {
7331	if c.header_ == nil {
7332		c.header_ = make(http.Header)
7333	}
7334	return c.header_
7335}
7336
7337func (c *ProjectsRolesUndeleteCall) doRequest(alt string) (*http.Response, error) {
7338	reqHeaders := make(http.Header)
7339	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
7340	for k, v := range c.header_ {
7341		reqHeaders[k] = v
7342	}
7343	reqHeaders.Set("User-Agent", c.s.userAgent())
7344	var body io.Reader = nil
7345	body, err := googleapi.WithoutDataWrapper.JSONReader(c.undeleterolerequest)
7346	if err != nil {
7347		return nil, err
7348	}
7349	reqHeaders.Set("Content-Type", "application/json")
7350	c.urlParams_.Set("alt", alt)
7351	c.urlParams_.Set("prettyPrint", "false")
7352	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:undelete")
7353	urls += "?" + c.urlParams_.Encode()
7354	req, err := http.NewRequest("POST", urls, body)
7355	if err != nil {
7356		return nil, err
7357	}
7358	req.Header = reqHeaders
7359	googleapi.Expand(req.URL, map[string]string{
7360		"name": c.name,
7361	})
7362	return gensupport.SendRequest(c.ctx_, c.s.client, req)
7363}
7364
7365// Do executes the "iam.projects.roles.undelete" call.
7366// Exactly one of *Role or error will be non-nil. Any non-2xx status
7367// code is an error. Response headers are in either
7368// *Role.ServerResponse.Header or (if a response was returned at all) in
7369// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
7370// whether the returned error was because http.StatusNotModified was
7371// returned.
7372func (c *ProjectsRolesUndeleteCall) Do(opts ...googleapi.CallOption) (*Role, error) {
7373	gensupport.SetOptions(c.urlParams_, opts...)
7374	res, err := c.doRequest("json")
7375	if res != nil && res.StatusCode == http.StatusNotModified {
7376		if res.Body != nil {
7377			res.Body.Close()
7378		}
7379		return nil, &googleapi.Error{
7380			Code:   res.StatusCode,
7381			Header: res.Header,
7382		}
7383	}
7384	if err != nil {
7385		return nil, err
7386	}
7387	defer googleapi.CloseBody(res)
7388	if err := googleapi.CheckResponse(res); err != nil {
7389		return nil, err
7390	}
7391	ret := &Role{
7392		ServerResponse: googleapi.ServerResponse{
7393			Header:         res.Header,
7394			HTTPStatusCode: res.StatusCode,
7395		},
7396	}
7397	target := &ret
7398	if err := gensupport.DecodeResponse(target, res); err != nil {
7399		return nil, err
7400	}
7401	return ret, nil
7402	// {
7403	//   "description": "Undeletes a custom Role.",
7404	//   "flatPath": "v1/projects/{projectsId}/roles/{rolesId}:undelete",
7405	//   "httpMethod": "POST",
7406	//   "id": "iam.projects.roles.undelete",
7407	//   "parameterOrder": [
7408	//     "name"
7409	//   ],
7410	//   "parameters": {
7411	//     "name": {
7412	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations.roles/undelete): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
7413	//       "location": "path",
7414	//       "pattern": "^projects/[^/]+/roles/[^/]+$",
7415	//       "required": true,
7416	//       "type": "string"
7417	//     }
7418	//   },
7419	//   "path": "v1/{+name}:undelete",
7420	//   "request": {
7421	//     "$ref": "UndeleteRoleRequest"
7422	//   },
7423	//   "response": {
7424	//     "$ref": "Role"
7425	//   },
7426	//   "scopes": [
7427	//     "https://www.googleapis.com/auth/cloud-platform"
7428	//   ]
7429	// }
7430
7431}
7432
7433// method id "iam.projects.serviceAccounts.create":
7434
7435type ProjectsServiceAccountsCreateCall struct {
7436	s                           *Service
7437	name                        string
7438	createserviceaccountrequest *CreateServiceAccountRequest
7439	urlParams_                  gensupport.URLParams
7440	ctx_                        context.Context
7441	header_                     http.Header
7442}
7443
7444// Create: Creates a ServiceAccount.
7445//
7446// - name: The resource name of the project associated with the service
7447//   accounts, such as `projects/my-project-123`.
7448func (r *ProjectsServiceAccountsService) Create(name string, createserviceaccountrequest *CreateServiceAccountRequest) *ProjectsServiceAccountsCreateCall {
7449	c := &ProjectsServiceAccountsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
7450	c.name = name
7451	c.createserviceaccountrequest = createserviceaccountrequest
7452	return c
7453}
7454
7455// Fields allows partial responses to be retrieved. See
7456// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
7457// for more information.
7458func (c *ProjectsServiceAccountsCreateCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsCreateCall {
7459	c.urlParams_.Set("fields", googleapi.CombineFields(s))
7460	return c
7461}
7462
7463// Context sets the context to be used in this call's Do method. Any
7464// pending HTTP request will be aborted if the provided context is
7465// canceled.
7466func (c *ProjectsServiceAccountsCreateCall) Context(ctx context.Context) *ProjectsServiceAccountsCreateCall {
7467	c.ctx_ = ctx
7468	return c
7469}
7470
7471// Header returns an http.Header that can be modified by the caller to
7472// add HTTP headers to the request.
7473func (c *ProjectsServiceAccountsCreateCall) Header() http.Header {
7474	if c.header_ == nil {
7475		c.header_ = make(http.Header)
7476	}
7477	return c.header_
7478}
7479
7480func (c *ProjectsServiceAccountsCreateCall) doRequest(alt string) (*http.Response, error) {
7481	reqHeaders := make(http.Header)
7482	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
7483	for k, v := range c.header_ {
7484		reqHeaders[k] = v
7485	}
7486	reqHeaders.Set("User-Agent", c.s.userAgent())
7487	var body io.Reader = nil
7488	body, err := googleapi.WithoutDataWrapper.JSONReader(c.createserviceaccountrequest)
7489	if err != nil {
7490		return nil, err
7491	}
7492	reqHeaders.Set("Content-Type", "application/json")
7493	c.urlParams_.Set("alt", alt)
7494	c.urlParams_.Set("prettyPrint", "false")
7495	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/serviceAccounts")
7496	urls += "?" + c.urlParams_.Encode()
7497	req, err := http.NewRequest("POST", urls, body)
7498	if err != nil {
7499		return nil, err
7500	}
7501	req.Header = reqHeaders
7502	googleapi.Expand(req.URL, map[string]string{
7503		"name": c.name,
7504	})
7505	return gensupport.SendRequest(c.ctx_, c.s.client, req)
7506}
7507
7508// Do executes the "iam.projects.serviceAccounts.create" call.
7509// Exactly one of *ServiceAccount or error will be non-nil. Any non-2xx
7510// status code is an error. Response headers are in either
7511// *ServiceAccount.ServerResponse.Header or (if a response was returned
7512// at all) in error.(*googleapi.Error).Header. Use
7513// googleapi.IsNotModified to check whether the returned error was
7514// because http.StatusNotModified was returned.
7515func (c *ProjectsServiceAccountsCreateCall) Do(opts ...googleapi.CallOption) (*ServiceAccount, error) {
7516	gensupport.SetOptions(c.urlParams_, opts...)
7517	res, err := c.doRequest("json")
7518	if res != nil && res.StatusCode == http.StatusNotModified {
7519		if res.Body != nil {
7520			res.Body.Close()
7521		}
7522		return nil, &googleapi.Error{
7523			Code:   res.StatusCode,
7524			Header: res.Header,
7525		}
7526	}
7527	if err != nil {
7528		return nil, err
7529	}
7530	defer googleapi.CloseBody(res)
7531	if err := googleapi.CheckResponse(res); err != nil {
7532		return nil, err
7533	}
7534	ret := &ServiceAccount{
7535		ServerResponse: googleapi.ServerResponse{
7536			Header:         res.Header,
7537			HTTPStatusCode: res.StatusCode,
7538		},
7539	}
7540	target := &ret
7541	if err := gensupport.DecodeResponse(target, res); err != nil {
7542		return nil, err
7543	}
7544	return ret, nil
7545	// {
7546	//   "description": "Creates a ServiceAccount.",
7547	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts",
7548	//   "httpMethod": "POST",
7549	//   "id": "iam.projects.serviceAccounts.create",
7550	//   "parameterOrder": [
7551	//     "name"
7552	//   ],
7553	//   "parameters": {
7554	//     "name": {
7555	//       "description": "Required. The resource name of the project associated with the service accounts, such as `projects/my-project-123`.",
7556	//       "location": "path",
7557	//       "pattern": "^projects/[^/]+$",
7558	//       "required": true,
7559	//       "type": "string"
7560	//     }
7561	//   },
7562	//   "path": "v1/{+name}/serviceAccounts",
7563	//   "request": {
7564	//     "$ref": "CreateServiceAccountRequest"
7565	//   },
7566	//   "response": {
7567	//     "$ref": "ServiceAccount"
7568	//   },
7569	//   "scopes": [
7570	//     "https://www.googleapis.com/auth/cloud-platform"
7571	//   ]
7572	// }
7573
7574}
7575
7576// method id "iam.projects.serviceAccounts.delete":
7577
7578type ProjectsServiceAccountsDeleteCall struct {
7579	s          *Service
7580	name       string
7581	urlParams_ gensupport.URLParams
7582	ctx_       context.Context
7583	header_    http.Header
7584}
7585
7586// Delete: Deletes a ServiceAccount. **Warning:** After you delete a
7587// service account, you might not be able to undelete it. If you know
7588// that you need to re-enable the service account in the future, use
7589// DisableServiceAccount instead. If you delete a service account, IAM
7590// permanently removes the service account 30 days later. Google Cloud
7591// cannot recover the service account after it is permanently removed,
7592// even if you file a support request. To help avoid unplanned outages,
7593// we recommend that you disable the service account before you delete
7594// it. Use DisableServiceAccount to disable the service account, then
7595// wait at least 24 hours and watch for unintended consequences. If
7596// there are no unintended consequences, you can delete the service
7597// account.
7598//
7599// - name: The resource name of the service account in the following
7600//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
7601//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
7602//   the account. The `ACCOUNT` value can be the `email` address or the
7603//   `unique_id` of the service account.
7604func (r *ProjectsServiceAccountsService) Delete(name string) *ProjectsServiceAccountsDeleteCall {
7605	c := &ProjectsServiceAccountsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
7606	c.name = name
7607	return c
7608}
7609
7610// Fields allows partial responses to be retrieved. See
7611// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
7612// for more information.
7613func (c *ProjectsServiceAccountsDeleteCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsDeleteCall {
7614	c.urlParams_.Set("fields", googleapi.CombineFields(s))
7615	return c
7616}
7617
7618// Context sets the context to be used in this call's Do method. Any
7619// pending HTTP request will be aborted if the provided context is
7620// canceled.
7621func (c *ProjectsServiceAccountsDeleteCall) Context(ctx context.Context) *ProjectsServiceAccountsDeleteCall {
7622	c.ctx_ = ctx
7623	return c
7624}
7625
7626// Header returns an http.Header that can be modified by the caller to
7627// add HTTP headers to the request.
7628func (c *ProjectsServiceAccountsDeleteCall) Header() http.Header {
7629	if c.header_ == nil {
7630		c.header_ = make(http.Header)
7631	}
7632	return c.header_
7633}
7634
7635func (c *ProjectsServiceAccountsDeleteCall) doRequest(alt string) (*http.Response, error) {
7636	reqHeaders := make(http.Header)
7637	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
7638	for k, v := range c.header_ {
7639		reqHeaders[k] = v
7640	}
7641	reqHeaders.Set("User-Agent", c.s.userAgent())
7642	var body io.Reader = nil
7643	c.urlParams_.Set("alt", alt)
7644	c.urlParams_.Set("prettyPrint", "false")
7645	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
7646	urls += "?" + c.urlParams_.Encode()
7647	req, err := http.NewRequest("DELETE", urls, body)
7648	if err != nil {
7649		return nil, err
7650	}
7651	req.Header = reqHeaders
7652	googleapi.Expand(req.URL, map[string]string{
7653		"name": c.name,
7654	})
7655	return gensupport.SendRequest(c.ctx_, c.s.client, req)
7656}
7657
7658// Do executes the "iam.projects.serviceAccounts.delete" call.
7659// Exactly one of *Empty or error will be non-nil. Any non-2xx status
7660// code is an error. Response headers are in either
7661// *Empty.ServerResponse.Header or (if a response was returned at all)
7662// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
7663// check whether the returned error was because http.StatusNotModified
7664// was returned.
7665func (c *ProjectsServiceAccountsDeleteCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
7666	gensupport.SetOptions(c.urlParams_, opts...)
7667	res, err := c.doRequest("json")
7668	if res != nil && res.StatusCode == http.StatusNotModified {
7669		if res.Body != nil {
7670			res.Body.Close()
7671		}
7672		return nil, &googleapi.Error{
7673			Code:   res.StatusCode,
7674			Header: res.Header,
7675		}
7676	}
7677	if err != nil {
7678		return nil, err
7679	}
7680	defer googleapi.CloseBody(res)
7681	if err := googleapi.CheckResponse(res); err != nil {
7682		return nil, err
7683	}
7684	ret := &Empty{
7685		ServerResponse: googleapi.ServerResponse{
7686			Header:         res.Header,
7687			HTTPStatusCode: res.StatusCode,
7688		},
7689	}
7690	target := &ret
7691	if err := gensupport.DecodeResponse(target, res); err != nil {
7692		return nil, err
7693	}
7694	return ret, nil
7695	// {
7696	//   "description": "Deletes a ServiceAccount. **Warning:** After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead. If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account.",
7697	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}",
7698	//   "httpMethod": "DELETE",
7699	//   "id": "iam.projects.serviceAccounts.delete",
7700	//   "parameterOrder": [
7701	//     "name"
7702	//   ],
7703	//   "parameters": {
7704	//     "name": {
7705	//       "description": "Required. The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
7706	//       "location": "path",
7707	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
7708	//       "required": true,
7709	//       "type": "string"
7710	//     }
7711	//   },
7712	//   "path": "v1/{+name}",
7713	//   "response": {
7714	//     "$ref": "Empty"
7715	//   },
7716	//   "scopes": [
7717	//     "https://www.googleapis.com/auth/cloud-platform"
7718	//   ]
7719	// }
7720
7721}
7722
7723// method id "iam.projects.serviceAccounts.disable":
7724
7725type ProjectsServiceAccountsDisableCall struct {
7726	s                            *Service
7727	name                         string
7728	disableserviceaccountrequest *DisableServiceAccountRequest
7729	urlParams_                   gensupport.URLParams
7730	ctx_                         context.Context
7731	header_                      http.Header
7732}
7733
7734// Disable: Disables a ServiceAccount immediately. If an application
7735// uses the service account to authenticate, that application can no
7736// longer call Google APIs or access Google Cloud resources. Existing
7737// access tokens for the service account are rejected, and requests for
7738// new access tokens will fail. To re-enable the service account, use
7739// EnableServiceAccount. After you re-enable the service account, its
7740// existing access tokens will be accepted, and you can request new
7741// access tokens. To help avoid unplanned outages, we recommend that you
7742// disable the service account before you delete it. Use this method to
7743// disable the service account, then wait at least 24 hours and watch
7744// for unintended consequences. If there are no unintended consequences,
7745// you can delete the service account with DeleteServiceAccount.
7746//
7747// - name: The resource name of the service account in the following
7748//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
7749//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
7750//   the account. The `ACCOUNT` value can be the `email` address or the
7751//   `unique_id` of the service account.
7752func (r *ProjectsServiceAccountsService) Disable(name string, disableserviceaccountrequest *DisableServiceAccountRequest) *ProjectsServiceAccountsDisableCall {
7753	c := &ProjectsServiceAccountsDisableCall{s: r.s, urlParams_: make(gensupport.URLParams)}
7754	c.name = name
7755	c.disableserviceaccountrequest = disableserviceaccountrequest
7756	return c
7757}
7758
7759// Fields allows partial responses to be retrieved. See
7760// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
7761// for more information.
7762func (c *ProjectsServiceAccountsDisableCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsDisableCall {
7763	c.urlParams_.Set("fields", googleapi.CombineFields(s))
7764	return c
7765}
7766
7767// Context sets the context to be used in this call's Do method. Any
7768// pending HTTP request will be aborted if the provided context is
7769// canceled.
7770func (c *ProjectsServiceAccountsDisableCall) Context(ctx context.Context) *ProjectsServiceAccountsDisableCall {
7771	c.ctx_ = ctx
7772	return c
7773}
7774
7775// Header returns an http.Header that can be modified by the caller to
7776// add HTTP headers to the request.
7777func (c *ProjectsServiceAccountsDisableCall) Header() http.Header {
7778	if c.header_ == nil {
7779		c.header_ = make(http.Header)
7780	}
7781	return c.header_
7782}
7783
7784func (c *ProjectsServiceAccountsDisableCall) doRequest(alt string) (*http.Response, error) {
7785	reqHeaders := make(http.Header)
7786	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
7787	for k, v := range c.header_ {
7788		reqHeaders[k] = v
7789	}
7790	reqHeaders.Set("User-Agent", c.s.userAgent())
7791	var body io.Reader = nil
7792	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disableserviceaccountrequest)
7793	if err != nil {
7794		return nil, err
7795	}
7796	reqHeaders.Set("Content-Type", "application/json")
7797	c.urlParams_.Set("alt", alt)
7798	c.urlParams_.Set("prettyPrint", "false")
7799	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:disable")
7800	urls += "?" + c.urlParams_.Encode()
7801	req, err := http.NewRequest("POST", urls, body)
7802	if err != nil {
7803		return nil, err
7804	}
7805	req.Header = reqHeaders
7806	googleapi.Expand(req.URL, map[string]string{
7807		"name": c.name,
7808	})
7809	return gensupport.SendRequest(c.ctx_, c.s.client, req)
7810}
7811
7812// Do executes the "iam.projects.serviceAccounts.disable" call.
7813// Exactly one of *Empty or error will be non-nil. Any non-2xx status
7814// code is an error. Response headers are in either
7815// *Empty.ServerResponse.Header or (if a response was returned at all)
7816// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
7817// check whether the returned error was because http.StatusNotModified
7818// was returned.
7819func (c *ProjectsServiceAccountsDisableCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
7820	gensupport.SetOptions(c.urlParams_, opts...)
7821	res, err := c.doRequest("json")
7822	if res != nil && res.StatusCode == http.StatusNotModified {
7823		if res.Body != nil {
7824			res.Body.Close()
7825		}
7826		return nil, &googleapi.Error{
7827			Code:   res.StatusCode,
7828			Header: res.Header,
7829		}
7830	}
7831	if err != nil {
7832		return nil, err
7833	}
7834	defer googleapi.CloseBody(res)
7835	if err := googleapi.CheckResponse(res); err != nil {
7836		return nil, err
7837	}
7838	ret := &Empty{
7839		ServerResponse: googleapi.ServerResponse{
7840			Header:         res.Header,
7841			HTTPStatusCode: res.StatusCode,
7842		},
7843	}
7844	target := &ret
7845	if err := gensupport.DecodeResponse(target, res); err != nil {
7846		return nil, err
7847	}
7848	return ret, nil
7849	// {
7850	//   "description": "Disables a ServiceAccount immediately. If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail. To re-enable the service account, use EnableServiceAccount. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account with DeleteServiceAccount.",
7851	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:disable",
7852	//   "httpMethod": "POST",
7853	//   "id": "iam.projects.serviceAccounts.disable",
7854	//   "parameterOrder": [
7855	//     "name"
7856	//   ],
7857	//   "parameters": {
7858	//     "name": {
7859	//       "description": "The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
7860	//       "location": "path",
7861	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
7862	//       "required": true,
7863	//       "type": "string"
7864	//     }
7865	//   },
7866	//   "path": "v1/{+name}:disable",
7867	//   "request": {
7868	//     "$ref": "DisableServiceAccountRequest"
7869	//   },
7870	//   "response": {
7871	//     "$ref": "Empty"
7872	//   },
7873	//   "scopes": [
7874	//     "https://www.googleapis.com/auth/cloud-platform"
7875	//   ]
7876	// }
7877
7878}
7879
7880// method id "iam.projects.serviceAccounts.enable":
7881
7882type ProjectsServiceAccountsEnableCall struct {
7883	s                           *Service
7884	name                        string
7885	enableserviceaccountrequest *EnableServiceAccountRequest
7886	urlParams_                  gensupport.URLParams
7887	ctx_                        context.Context
7888	header_                     http.Header
7889}
7890
7891// Enable: Enables a ServiceAccount that was disabled by
7892// DisableServiceAccount. If the service account is already enabled,
7893// then this method has no effect. If the service account was disabled
7894// by other means—for example, if Google disabled the service account
7895// because it was compromised—you cannot use this method to enable the
7896// service account.
7897//
7898// - name: The resource name of the service account in the following
7899//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
7900//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
7901//   the account. The `ACCOUNT` value can be the `email` address or the
7902//   `unique_id` of the service account.
7903func (r *ProjectsServiceAccountsService) Enable(name string, enableserviceaccountrequest *EnableServiceAccountRequest) *ProjectsServiceAccountsEnableCall {
7904	c := &ProjectsServiceAccountsEnableCall{s: r.s, urlParams_: make(gensupport.URLParams)}
7905	c.name = name
7906	c.enableserviceaccountrequest = enableserviceaccountrequest
7907	return c
7908}
7909
7910// Fields allows partial responses to be retrieved. See
7911// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
7912// for more information.
7913func (c *ProjectsServiceAccountsEnableCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsEnableCall {
7914	c.urlParams_.Set("fields", googleapi.CombineFields(s))
7915	return c
7916}
7917
7918// Context sets the context to be used in this call's Do method. Any
7919// pending HTTP request will be aborted if the provided context is
7920// canceled.
7921func (c *ProjectsServiceAccountsEnableCall) Context(ctx context.Context) *ProjectsServiceAccountsEnableCall {
7922	c.ctx_ = ctx
7923	return c
7924}
7925
7926// Header returns an http.Header that can be modified by the caller to
7927// add HTTP headers to the request.
7928func (c *ProjectsServiceAccountsEnableCall) Header() http.Header {
7929	if c.header_ == nil {
7930		c.header_ = make(http.Header)
7931	}
7932	return c.header_
7933}
7934
7935func (c *ProjectsServiceAccountsEnableCall) doRequest(alt string) (*http.Response, error) {
7936	reqHeaders := make(http.Header)
7937	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
7938	for k, v := range c.header_ {
7939		reqHeaders[k] = v
7940	}
7941	reqHeaders.Set("User-Agent", c.s.userAgent())
7942	var body io.Reader = nil
7943	body, err := googleapi.WithoutDataWrapper.JSONReader(c.enableserviceaccountrequest)
7944	if err != nil {
7945		return nil, err
7946	}
7947	reqHeaders.Set("Content-Type", "application/json")
7948	c.urlParams_.Set("alt", alt)
7949	c.urlParams_.Set("prettyPrint", "false")
7950	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:enable")
7951	urls += "?" + c.urlParams_.Encode()
7952	req, err := http.NewRequest("POST", urls, body)
7953	if err != nil {
7954		return nil, err
7955	}
7956	req.Header = reqHeaders
7957	googleapi.Expand(req.URL, map[string]string{
7958		"name": c.name,
7959	})
7960	return gensupport.SendRequest(c.ctx_, c.s.client, req)
7961}
7962
7963// Do executes the "iam.projects.serviceAccounts.enable" call.
7964// Exactly one of *Empty or error will be non-nil. Any non-2xx status
7965// code is an error. Response headers are in either
7966// *Empty.ServerResponse.Header or (if a response was returned at all)
7967// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
7968// check whether the returned error was because http.StatusNotModified
7969// was returned.
7970func (c *ProjectsServiceAccountsEnableCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
7971	gensupport.SetOptions(c.urlParams_, opts...)
7972	res, err := c.doRequest("json")
7973	if res != nil && res.StatusCode == http.StatusNotModified {
7974		if res.Body != nil {
7975			res.Body.Close()
7976		}
7977		return nil, &googleapi.Error{
7978			Code:   res.StatusCode,
7979			Header: res.Header,
7980		}
7981	}
7982	if err != nil {
7983		return nil, err
7984	}
7985	defer googleapi.CloseBody(res)
7986	if err := googleapi.CheckResponse(res); err != nil {
7987		return nil, err
7988	}
7989	ret := &Empty{
7990		ServerResponse: googleapi.ServerResponse{
7991			Header:         res.Header,
7992			HTTPStatusCode: res.StatusCode,
7993		},
7994	}
7995	target := &ret
7996	if err := gensupport.DecodeResponse(target, res); err != nil {
7997		return nil, err
7998	}
7999	return ret, nil
8000	// {
8001	//   "description": "Enables a ServiceAccount that was disabled by DisableServiceAccount. If the service account is already enabled, then this method has no effect. If the service account was disabled by other means—for example, if Google disabled the service account because it was compromised—you cannot use this method to enable the service account.",
8002	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:enable",
8003	//   "httpMethod": "POST",
8004	//   "id": "iam.projects.serviceAccounts.enable",
8005	//   "parameterOrder": [
8006	//     "name"
8007	//   ],
8008	//   "parameters": {
8009	//     "name": {
8010	//       "description": "The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
8011	//       "location": "path",
8012	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
8013	//       "required": true,
8014	//       "type": "string"
8015	//     }
8016	//   },
8017	//   "path": "v1/{+name}:enable",
8018	//   "request": {
8019	//     "$ref": "EnableServiceAccountRequest"
8020	//   },
8021	//   "response": {
8022	//     "$ref": "Empty"
8023	//   },
8024	//   "scopes": [
8025	//     "https://www.googleapis.com/auth/cloud-platform"
8026	//   ]
8027	// }
8028
8029}
8030
8031// method id "iam.projects.serviceAccounts.get":
8032
8033type ProjectsServiceAccountsGetCall struct {
8034	s            *Service
8035	name         string
8036	urlParams_   gensupport.URLParams
8037	ifNoneMatch_ string
8038	ctx_         context.Context
8039	header_      http.Header
8040}
8041
8042// Get: Gets a ServiceAccount.
8043//
8044// - name: The resource name of the service account in the following
8045//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
8046//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
8047//   the account. The `ACCOUNT` value can be the `email` address or the
8048//   `unique_id` of the service account.
8049func (r *ProjectsServiceAccountsService) Get(name string) *ProjectsServiceAccountsGetCall {
8050	c := &ProjectsServiceAccountsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
8051	c.name = name
8052	return c
8053}
8054
8055// Fields allows partial responses to be retrieved. See
8056// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
8057// for more information.
8058func (c *ProjectsServiceAccountsGetCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGetCall {
8059	c.urlParams_.Set("fields", googleapi.CombineFields(s))
8060	return c
8061}
8062
8063// IfNoneMatch sets the optional parameter which makes the operation
8064// fail if the object's ETag matches the given value. This is useful for
8065// getting updates only after the object has changed since the last
8066// request. Use googleapi.IsNotModified to check whether the response
8067// error from Do is the result of In-None-Match.
8068func (c *ProjectsServiceAccountsGetCall) IfNoneMatch(entityTag string) *ProjectsServiceAccountsGetCall {
8069	c.ifNoneMatch_ = entityTag
8070	return c
8071}
8072
8073// Context sets the context to be used in this call's Do method. Any
8074// pending HTTP request will be aborted if the provided context is
8075// canceled.
8076func (c *ProjectsServiceAccountsGetCall) Context(ctx context.Context) *ProjectsServiceAccountsGetCall {
8077	c.ctx_ = ctx
8078	return c
8079}
8080
8081// Header returns an http.Header that can be modified by the caller to
8082// add HTTP headers to the request.
8083func (c *ProjectsServiceAccountsGetCall) Header() http.Header {
8084	if c.header_ == nil {
8085		c.header_ = make(http.Header)
8086	}
8087	return c.header_
8088}
8089
8090func (c *ProjectsServiceAccountsGetCall) doRequest(alt string) (*http.Response, error) {
8091	reqHeaders := make(http.Header)
8092	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
8093	for k, v := range c.header_ {
8094		reqHeaders[k] = v
8095	}
8096	reqHeaders.Set("User-Agent", c.s.userAgent())
8097	if c.ifNoneMatch_ != "" {
8098		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
8099	}
8100	var body io.Reader = nil
8101	c.urlParams_.Set("alt", alt)
8102	c.urlParams_.Set("prettyPrint", "false")
8103	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
8104	urls += "?" + c.urlParams_.Encode()
8105	req, err := http.NewRequest("GET", urls, body)
8106	if err != nil {
8107		return nil, err
8108	}
8109	req.Header = reqHeaders
8110	googleapi.Expand(req.URL, map[string]string{
8111		"name": c.name,
8112	})
8113	return gensupport.SendRequest(c.ctx_, c.s.client, req)
8114}
8115
8116// Do executes the "iam.projects.serviceAccounts.get" call.
8117// Exactly one of *ServiceAccount or error will be non-nil. Any non-2xx
8118// status code is an error. Response headers are in either
8119// *ServiceAccount.ServerResponse.Header or (if a response was returned
8120// at all) in error.(*googleapi.Error).Header. Use
8121// googleapi.IsNotModified to check whether the returned error was
8122// because http.StatusNotModified was returned.
8123func (c *ProjectsServiceAccountsGetCall) Do(opts ...googleapi.CallOption) (*ServiceAccount, error) {
8124	gensupport.SetOptions(c.urlParams_, opts...)
8125	res, err := c.doRequest("json")
8126	if res != nil && res.StatusCode == http.StatusNotModified {
8127		if res.Body != nil {
8128			res.Body.Close()
8129		}
8130		return nil, &googleapi.Error{
8131			Code:   res.StatusCode,
8132			Header: res.Header,
8133		}
8134	}
8135	if err != nil {
8136		return nil, err
8137	}
8138	defer googleapi.CloseBody(res)
8139	if err := googleapi.CheckResponse(res); err != nil {
8140		return nil, err
8141	}
8142	ret := &ServiceAccount{
8143		ServerResponse: googleapi.ServerResponse{
8144			Header:         res.Header,
8145			HTTPStatusCode: res.StatusCode,
8146		},
8147	}
8148	target := &ret
8149	if err := gensupport.DecodeResponse(target, res); err != nil {
8150		return nil, err
8151	}
8152	return ret, nil
8153	// {
8154	//   "description": "Gets a ServiceAccount.",
8155	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}",
8156	//   "httpMethod": "GET",
8157	//   "id": "iam.projects.serviceAccounts.get",
8158	//   "parameterOrder": [
8159	//     "name"
8160	//   ],
8161	//   "parameters": {
8162	//     "name": {
8163	//       "description": "Required. The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
8164	//       "location": "path",
8165	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
8166	//       "required": true,
8167	//       "type": "string"
8168	//     }
8169	//   },
8170	//   "path": "v1/{+name}",
8171	//   "response": {
8172	//     "$ref": "ServiceAccount"
8173	//   },
8174	//   "scopes": [
8175	//     "https://www.googleapis.com/auth/cloud-platform"
8176	//   ]
8177	// }
8178
8179}
8180
8181// method id "iam.projects.serviceAccounts.getIamPolicy":
8182
8183type ProjectsServiceAccountsGetIamPolicyCall struct {
8184	s          *Service
8185	resource   string
8186	urlParams_ gensupport.URLParams
8187	ctx_       context.Context
8188	header_    http.Header
8189}
8190
8191// GetIamPolicy: Gets the IAM policy that is attached to a
8192// ServiceAccount. This IAM policy specifies which members have access
8193// to the service account. This method does not tell you whether the
8194// service account has been granted any roles on other resources. To
8195// check whether a service account has role grants on a resource, use
8196// the `getIamPolicy` method for that resource. For example, to view the
8197// role grants for a project, call the Resource Manager API's
8198// `projects.getIamPolicy`
8199// (https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy)
8200// method.
8201//
8202// - resource: REQUIRED: The resource for which the policy is being
8203//   requested. See the operation documentation for the appropriate
8204//   value for this field.
8205func (r *ProjectsServiceAccountsService) GetIamPolicy(resource string) *ProjectsServiceAccountsGetIamPolicyCall {
8206	c := &ProjectsServiceAccountsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
8207	c.resource = resource
8208	return c
8209}
8210
8211// OptionsRequestedPolicyVersion sets the optional parameter
8212// "options.requestedPolicyVersion": The policy format version to be
8213// returned. Valid values are 0, 1, and 3. Requests specifying an
8214// invalid value will be rejected. Requests for policies with any
8215// conditional bindings must specify version 3. Policies without any
8216// conditional bindings may specify any valid value or leave the field
8217// unset. To learn which resources support conditions in their IAM
8218// policies, see the IAM documentation
8219// (https://cloud.google.com/iam/help/conditions/resource-policies).
8220func (c *ProjectsServiceAccountsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsServiceAccountsGetIamPolicyCall {
8221	c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
8222	return c
8223}
8224
8225// Fields allows partial responses to be retrieved. See
8226// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
8227// for more information.
8228func (c *ProjectsServiceAccountsGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGetIamPolicyCall {
8229	c.urlParams_.Set("fields", googleapi.CombineFields(s))
8230	return c
8231}
8232
8233// Context sets the context to be used in this call's Do method. Any
8234// pending HTTP request will be aborted if the provided context is
8235// canceled.
8236func (c *ProjectsServiceAccountsGetIamPolicyCall) Context(ctx context.Context) *ProjectsServiceAccountsGetIamPolicyCall {
8237	c.ctx_ = ctx
8238	return c
8239}
8240
8241// Header returns an http.Header that can be modified by the caller to
8242// add HTTP headers to the request.
8243func (c *ProjectsServiceAccountsGetIamPolicyCall) Header() http.Header {
8244	if c.header_ == nil {
8245		c.header_ = make(http.Header)
8246	}
8247	return c.header_
8248}
8249
8250func (c *ProjectsServiceAccountsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
8251	reqHeaders := make(http.Header)
8252	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
8253	for k, v := range c.header_ {
8254		reqHeaders[k] = v
8255	}
8256	reqHeaders.Set("User-Agent", c.s.userAgent())
8257	var body io.Reader = nil
8258	c.urlParams_.Set("alt", alt)
8259	c.urlParams_.Set("prettyPrint", "false")
8260	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy")
8261	urls += "?" + c.urlParams_.Encode()
8262	req, err := http.NewRequest("POST", urls, body)
8263	if err != nil {
8264		return nil, err
8265	}
8266	req.Header = reqHeaders
8267	googleapi.Expand(req.URL, map[string]string{
8268		"resource": c.resource,
8269	})
8270	return gensupport.SendRequest(c.ctx_, c.s.client, req)
8271}
8272
8273// Do executes the "iam.projects.serviceAccounts.getIamPolicy" call.
8274// Exactly one of *Policy or error will be non-nil. Any non-2xx status
8275// code is an error. Response headers are in either
8276// *Policy.ServerResponse.Header or (if a response was returned at all)
8277// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
8278// check whether the returned error was because http.StatusNotModified
8279// was returned.
8280func (c *ProjectsServiceAccountsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
8281	gensupport.SetOptions(c.urlParams_, opts...)
8282	res, err := c.doRequest("json")
8283	if res != nil && res.StatusCode == http.StatusNotModified {
8284		if res.Body != nil {
8285			res.Body.Close()
8286		}
8287		return nil, &googleapi.Error{
8288			Code:   res.StatusCode,
8289			Header: res.Header,
8290		}
8291	}
8292	if err != nil {
8293		return nil, err
8294	}
8295	defer googleapi.CloseBody(res)
8296	if err := googleapi.CheckResponse(res); err != nil {
8297		return nil, err
8298	}
8299	ret := &Policy{
8300		ServerResponse: googleapi.ServerResponse{
8301			Header:         res.Header,
8302			HTTPStatusCode: res.StatusCode,
8303		},
8304	}
8305	target := &ret
8306	if err := gensupport.DecodeResponse(target, res); err != nil {
8307		return nil, err
8308	}
8309	return ret, nil
8310	// {
8311	//   "description": "Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which members have access to the service account. This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the `getIamPolicy` method for that resource. For example, to view the role grants for a project, call the Resource Manager API's [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy) method.",
8312	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:getIamPolicy",
8313	//   "httpMethod": "POST",
8314	//   "id": "iam.projects.serviceAccounts.getIamPolicy",
8315	//   "parameterOrder": [
8316	//     "resource"
8317	//   ],
8318	//   "parameters": {
8319	//     "options.requestedPolicyVersion": {
8320	//       "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
8321	//       "format": "int32",
8322	//       "location": "query",
8323	//       "type": "integer"
8324	//     },
8325	//     "resource": {
8326	//       "description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.",
8327	//       "location": "path",
8328	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
8329	//       "required": true,
8330	//       "type": "string"
8331	//     }
8332	//   },
8333	//   "path": "v1/{+resource}:getIamPolicy",
8334	//   "response": {
8335	//     "$ref": "Policy"
8336	//   },
8337	//   "scopes": [
8338	//     "https://www.googleapis.com/auth/cloud-platform"
8339	//   ]
8340	// }
8341
8342}
8343
8344// method id "iam.projects.serviceAccounts.list":
8345
8346type ProjectsServiceAccountsListCall struct {
8347	s            *Service
8348	name         string
8349	urlParams_   gensupport.URLParams
8350	ifNoneMatch_ string
8351	ctx_         context.Context
8352	header_      http.Header
8353}
8354
8355// List: Lists every ServiceAccount that belongs to a specific project.
8356//
8357// - name: The resource name of the project associated with the service
8358//   accounts, such as `projects/my-project-123`.
8359func (r *ProjectsServiceAccountsService) List(name string) *ProjectsServiceAccountsListCall {
8360	c := &ProjectsServiceAccountsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
8361	c.name = name
8362	return c
8363}
8364
8365// PageSize sets the optional parameter "pageSize": Optional limit on
8366// the number of service accounts to include in the response. Further
8367// accounts can subsequently be obtained by including the
8368// ListServiceAccountsResponse.next_page_token in a subsequent request.
8369// The default is 20, and the maximum is 100.
8370func (c *ProjectsServiceAccountsListCall) PageSize(pageSize int64) *ProjectsServiceAccountsListCall {
8371	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
8372	return c
8373}
8374
8375// PageToken sets the optional parameter "pageToken": Optional
8376// pagination token returned in an earlier
8377// ListServiceAccountsResponse.next_page_token.
8378func (c *ProjectsServiceAccountsListCall) PageToken(pageToken string) *ProjectsServiceAccountsListCall {
8379	c.urlParams_.Set("pageToken", pageToken)
8380	return c
8381}
8382
8383// Fields allows partial responses to be retrieved. See
8384// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
8385// for more information.
8386func (c *ProjectsServiceAccountsListCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsListCall {
8387	c.urlParams_.Set("fields", googleapi.CombineFields(s))
8388	return c
8389}
8390
8391// IfNoneMatch sets the optional parameter which makes the operation
8392// fail if the object's ETag matches the given value. This is useful for
8393// getting updates only after the object has changed since the last
8394// request. Use googleapi.IsNotModified to check whether the response
8395// error from Do is the result of In-None-Match.
8396func (c *ProjectsServiceAccountsListCall) IfNoneMatch(entityTag string) *ProjectsServiceAccountsListCall {
8397	c.ifNoneMatch_ = entityTag
8398	return c
8399}
8400
8401// Context sets the context to be used in this call's Do method. Any
8402// pending HTTP request will be aborted if the provided context is
8403// canceled.
8404func (c *ProjectsServiceAccountsListCall) Context(ctx context.Context) *ProjectsServiceAccountsListCall {
8405	c.ctx_ = ctx
8406	return c
8407}
8408
8409// Header returns an http.Header that can be modified by the caller to
8410// add HTTP headers to the request.
8411func (c *ProjectsServiceAccountsListCall) Header() http.Header {
8412	if c.header_ == nil {
8413		c.header_ = make(http.Header)
8414	}
8415	return c.header_
8416}
8417
8418func (c *ProjectsServiceAccountsListCall) doRequest(alt string) (*http.Response, error) {
8419	reqHeaders := make(http.Header)
8420	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
8421	for k, v := range c.header_ {
8422		reqHeaders[k] = v
8423	}
8424	reqHeaders.Set("User-Agent", c.s.userAgent())
8425	if c.ifNoneMatch_ != "" {
8426		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
8427	}
8428	var body io.Reader = nil
8429	c.urlParams_.Set("alt", alt)
8430	c.urlParams_.Set("prettyPrint", "false")
8431	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/serviceAccounts")
8432	urls += "?" + c.urlParams_.Encode()
8433	req, err := http.NewRequest("GET", urls, body)
8434	if err != nil {
8435		return nil, err
8436	}
8437	req.Header = reqHeaders
8438	googleapi.Expand(req.URL, map[string]string{
8439		"name": c.name,
8440	})
8441	return gensupport.SendRequest(c.ctx_, c.s.client, req)
8442}
8443
8444// Do executes the "iam.projects.serviceAccounts.list" call.
8445// Exactly one of *ListServiceAccountsResponse or error will be non-nil.
8446// Any non-2xx status code is an error. Response headers are in either
8447// *ListServiceAccountsResponse.ServerResponse.Header or (if a response
8448// was returned at all) in error.(*googleapi.Error).Header. Use
8449// googleapi.IsNotModified to check whether the returned error was
8450// because http.StatusNotModified was returned.
8451func (c *ProjectsServiceAccountsListCall) Do(opts ...googleapi.CallOption) (*ListServiceAccountsResponse, error) {
8452	gensupport.SetOptions(c.urlParams_, opts...)
8453	res, err := c.doRequest("json")
8454	if res != nil && res.StatusCode == http.StatusNotModified {
8455		if res.Body != nil {
8456			res.Body.Close()
8457		}
8458		return nil, &googleapi.Error{
8459			Code:   res.StatusCode,
8460			Header: res.Header,
8461		}
8462	}
8463	if err != nil {
8464		return nil, err
8465	}
8466	defer googleapi.CloseBody(res)
8467	if err := googleapi.CheckResponse(res); err != nil {
8468		return nil, err
8469	}
8470	ret := &ListServiceAccountsResponse{
8471		ServerResponse: googleapi.ServerResponse{
8472			Header:         res.Header,
8473			HTTPStatusCode: res.StatusCode,
8474		},
8475	}
8476	target := &ret
8477	if err := gensupport.DecodeResponse(target, res); err != nil {
8478		return nil, err
8479	}
8480	return ret, nil
8481	// {
8482	//   "description": "Lists every ServiceAccount that belongs to a specific project.",
8483	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts",
8484	//   "httpMethod": "GET",
8485	//   "id": "iam.projects.serviceAccounts.list",
8486	//   "parameterOrder": [
8487	//     "name"
8488	//   ],
8489	//   "parameters": {
8490	//     "name": {
8491	//       "description": "Required. The resource name of the project associated with the service accounts, such as `projects/my-project-123`.",
8492	//       "location": "path",
8493	//       "pattern": "^projects/[^/]+$",
8494	//       "required": true,
8495	//       "type": "string"
8496	//     },
8497	//     "pageSize": {
8498	//       "description": "Optional limit on the number of service accounts to include in the response. Further accounts can subsequently be obtained by including the ListServiceAccountsResponse.next_page_token in a subsequent request. The default is 20, and the maximum is 100.",
8499	//       "format": "int32",
8500	//       "location": "query",
8501	//       "type": "integer"
8502	//     },
8503	//     "pageToken": {
8504	//       "description": "Optional pagination token returned in an earlier ListServiceAccountsResponse.next_page_token.",
8505	//       "location": "query",
8506	//       "type": "string"
8507	//     }
8508	//   },
8509	//   "path": "v1/{+name}/serviceAccounts",
8510	//   "response": {
8511	//     "$ref": "ListServiceAccountsResponse"
8512	//   },
8513	//   "scopes": [
8514	//     "https://www.googleapis.com/auth/cloud-platform"
8515	//   ]
8516	// }
8517
8518}
8519
8520// Pages invokes f for each page of results.
8521// A non-nil error returned from f will halt the iteration.
8522// The provided context supersedes any context provided to the Context method.
8523func (c *ProjectsServiceAccountsListCall) Pages(ctx context.Context, f func(*ListServiceAccountsResponse) error) error {
8524	c.ctx_ = ctx
8525	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
8526	for {
8527		x, err := c.Do()
8528		if err != nil {
8529			return err
8530		}
8531		if err := f(x); err != nil {
8532			return err
8533		}
8534		if x.NextPageToken == "" {
8535			return nil
8536		}
8537		c.PageToken(x.NextPageToken)
8538	}
8539}
8540
8541// method id "iam.projects.serviceAccounts.patch":
8542
8543type ProjectsServiceAccountsPatchCall struct {
8544	s                          *Service
8545	name                       string
8546	patchserviceaccountrequest *PatchServiceAccountRequest
8547	urlParams_                 gensupport.URLParams
8548	ctx_                       context.Context
8549	header_                    http.Header
8550}
8551
8552// Patch: Patches a ServiceAccount.
8553//
8554// - name: The resource name of the service account. Use one of the
8555//   following formats: *
8556//   `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` *
8557//   `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an
8558//   alternative, you can use the `-` wildcard character instead of the
8559//   project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` *
8560//   `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using
8561//   the `-` wildcard character, because it can cause response messages
8562//   to contain misleading error codes. For example, if you try to get
8563//   the service account `projects/-/serviceAccounts/fake@example.com`,
8564//   which does not exist, the response contains an HTTP `403 Forbidden`
8565//   error instead of a `404 Not Found` error.
8566func (r *ProjectsServiceAccountsService) Patch(name string, patchserviceaccountrequest *PatchServiceAccountRequest) *ProjectsServiceAccountsPatchCall {
8567	c := &ProjectsServiceAccountsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
8568	c.name = name
8569	c.patchserviceaccountrequest = patchserviceaccountrequest
8570	return c
8571}
8572
8573// Fields allows partial responses to be retrieved. See
8574// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
8575// for more information.
8576func (c *ProjectsServiceAccountsPatchCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsPatchCall {
8577	c.urlParams_.Set("fields", googleapi.CombineFields(s))
8578	return c
8579}
8580
8581// Context sets the context to be used in this call's Do method. Any
8582// pending HTTP request will be aborted if the provided context is
8583// canceled.
8584func (c *ProjectsServiceAccountsPatchCall) Context(ctx context.Context) *ProjectsServiceAccountsPatchCall {
8585	c.ctx_ = ctx
8586	return c
8587}
8588
8589// Header returns an http.Header that can be modified by the caller to
8590// add HTTP headers to the request.
8591func (c *ProjectsServiceAccountsPatchCall) Header() http.Header {
8592	if c.header_ == nil {
8593		c.header_ = make(http.Header)
8594	}
8595	return c.header_
8596}
8597
8598func (c *ProjectsServiceAccountsPatchCall) doRequest(alt string) (*http.Response, error) {
8599	reqHeaders := make(http.Header)
8600	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
8601	for k, v := range c.header_ {
8602		reqHeaders[k] = v
8603	}
8604	reqHeaders.Set("User-Agent", c.s.userAgent())
8605	var body io.Reader = nil
8606	body, err := googleapi.WithoutDataWrapper.JSONReader(c.patchserviceaccountrequest)
8607	if err != nil {
8608		return nil, err
8609	}
8610	reqHeaders.Set("Content-Type", "application/json")
8611	c.urlParams_.Set("alt", alt)
8612	c.urlParams_.Set("prettyPrint", "false")
8613	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
8614	urls += "?" + c.urlParams_.Encode()
8615	req, err := http.NewRequest("PATCH", urls, body)
8616	if err != nil {
8617		return nil, err
8618	}
8619	req.Header = reqHeaders
8620	googleapi.Expand(req.URL, map[string]string{
8621		"name": c.name,
8622	})
8623	return gensupport.SendRequest(c.ctx_, c.s.client, req)
8624}
8625
8626// Do executes the "iam.projects.serviceAccounts.patch" call.
8627// Exactly one of *ServiceAccount or error will be non-nil. Any non-2xx
8628// status code is an error. Response headers are in either
8629// *ServiceAccount.ServerResponse.Header or (if a response was returned
8630// at all) in error.(*googleapi.Error).Header. Use
8631// googleapi.IsNotModified to check whether the returned error was
8632// because http.StatusNotModified was returned.
8633func (c *ProjectsServiceAccountsPatchCall) Do(opts ...googleapi.CallOption) (*ServiceAccount, error) {
8634	gensupport.SetOptions(c.urlParams_, opts...)
8635	res, err := c.doRequest("json")
8636	if res != nil && res.StatusCode == http.StatusNotModified {
8637		if res.Body != nil {
8638			res.Body.Close()
8639		}
8640		return nil, &googleapi.Error{
8641			Code:   res.StatusCode,
8642			Header: res.Header,
8643		}
8644	}
8645	if err != nil {
8646		return nil, err
8647	}
8648	defer googleapi.CloseBody(res)
8649	if err := googleapi.CheckResponse(res); err != nil {
8650		return nil, err
8651	}
8652	ret := &ServiceAccount{
8653		ServerResponse: googleapi.ServerResponse{
8654			Header:         res.Header,
8655			HTTPStatusCode: res.StatusCode,
8656		},
8657	}
8658	target := &ret
8659	if err := gensupport.DecodeResponse(target, res); err != nil {
8660		return nil, err
8661	}
8662	return ret, nil
8663	// {
8664	//   "description": "Patches a ServiceAccount.",
8665	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}",
8666	//   "httpMethod": "PATCH",
8667	//   "id": "iam.projects.serviceAccounts.patch",
8668	//   "parameterOrder": [
8669	//     "name"
8670	//   ],
8671	//   "parameters": {
8672	//     "name": {
8673	//       "description": "The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to get the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.",
8674	//       "location": "path",
8675	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
8676	//       "required": true,
8677	//       "type": "string"
8678	//     }
8679	//   },
8680	//   "path": "v1/{+name}",
8681	//   "request": {
8682	//     "$ref": "PatchServiceAccountRequest"
8683	//   },
8684	//   "response": {
8685	//     "$ref": "ServiceAccount"
8686	//   },
8687	//   "scopes": [
8688	//     "https://www.googleapis.com/auth/cloud-platform"
8689	//   ]
8690	// }
8691
8692}
8693
8694// method id "iam.projects.serviceAccounts.setIamPolicy":
8695
8696type ProjectsServiceAccountsSetIamPolicyCall struct {
8697	s                   *Service
8698	resource            string
8699	setiampolicyrequest *SetIamPolicyRequest
8700	urlParams_          gensupport.URLParams
8701	ctx_                context.Context
8702	header_             http.Header
8703}
8704
8705// SetIamPolicy: Sets the IAM policy that is attached to a
8706// ServiceAccount. Use this method to grant or revoke access to the
8707// service account. For example, you could grant a member the ability to
8708// impersonate the service account. This method does not enable the
8709// service account to access other resources. To grant roles to a
8710// service account on a resource, follow these steps: 1. Call the
8711// resource's `getIamPolicy` method to get its current IAM policy. 2.
8712// Edit the policy so that it binds the service account to an IAM role
8713// for the resource. 3. Call the resource's `setIamPolicy` method to
8714// update its IAM policy. For detailed instructions, see Granting roles
8715// to a service account for specific resources
8716// (https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts).
8717//
8718// - resource: REQUIRED: The resource for which the policy is being
8719//   specified. See the operation documentation for the appropriate
8720//   value for this field.
8721func (r *ProjectsServiceAccountsService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsServiceAccountsSetIamPolicyCall {
8722	c := &ProjectsServiceAccountsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
8723	c.resource = resource
8724	c.setiampolicyrequest = setiampolicyrequest
8725	return c
8726}
8727
8728// Fields allows partial responses to be retrieved. See
8729// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
8730// for more information.
8731func (c *ProjectsServiceAccountsSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSetIamPolicyCall {
8732	c.urlParams_.Set("fields", googleapi.CombineFields(s))
8733	return c
8734}
8735
8736// Context sets the context to be used in this call's Do method. Any
8737// pending HTTP request will be aborted if the provided context is
8738// canceled.
8739func (c *ProjectsServiceAccountsSetIamPolicyCall) Context(ctx context.Context) *ProjectsServiceAccountsSetIamPolicyCall {
8740	c.ctx_ = ctx
8741	return c
8742}
8743
8744// Header returns an http.Header that can be modified by the caller to
8745// add HTTP headers to the request.
8746func (c *ProjectsServiceAccountsSetIamPolicyCall) Header() http.Header {
8747	if c.header_ == nil {
8748		c.header_ = make(http.Header)
8749	}
8750	return c.header_
8751}
8752
8753func (c *ProjectsServiceAccountsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
8754	reqHeaders := make(http.Header)
8755	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
8756	for k, v := range c.header_ {
8757		reqHeaders[k] = v
8758	}
8759	reqHeaders.Set("User-Agent", c.s.userAgent())
8760	var body io.Reader = nil
8761	body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest)
8762	if err != nil {
8763		return nil, err
8764	}
8765	reqHeaders.Set("Content-Type", "application/json")
8766	c.urlParams_.Set("alt", alt)
8767	c.urlParams_.Set("prettyPrint", "false")
8768	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy")
8769	urls += "?" + c.urlParams_.Encode()
8770	req, err := http.NewRequest("POST", urls, body)
8771	if err != nil {
8772		return nil, err
8773	}
8774	req.Header = reqHeaders
8775	googleapi.Expand(req.URL, map[string]string{
8776		"resource": c.resource,
8777	})
8778	return gensupport.SendRequest(c.ctx_, c.s.client, req)
8779}
8780
8781// Do executes the "iam.projects.serviceAccounts.setIamPolicy" call.
8782// Exactly one of *Policy or error will be non-nil. Any non-2xx status
8783// code is an error. Response headers are in either
8784// *Policy.ServerResponse.Header or (if a response was returned at all)
8785// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
8786// check whether the returned error was because http.StatusNotModified
8787// was returned.
8788func (c *ProjectsServiceAccountsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
8789	gensupport.SetOptions(c.urlParams_, opts...)
8790	res, err := c.doRequest("json")
8791	if res != nil && res.StatusCode == http.StatusNotModified {
8792		if res.Body != nil {
8793			res.Body.Close()
8794		}
8795		return nil, &googleapi.Error{
8796			Code:   res.StatusCode,
8797			Header: res.Header,
8798		}
8799	}
8800	if err != nil {
8801		return nil, err
8802	}
8803	defer googleapi.CloseBody(res)
8804	if err := googleapi.CheckResponse(res); err != nil {
8805		return nil, err
8806	}
8807	ret := &Policy{
8808		ServerResponse: googleapi.ServerResponse{
8809			Header:         res.Header,
8810			HTTPStatusCode: res.StatusCode,
8811		},
8812	}
8813	target := &ret
8814	if err := gensupport.DecodeResponse(target, res); err != nil {
8815		return nil, err
8816	}
8817	return ret, nil
8818	// {
8819	//   "description": "Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke access to the service account. For example, you could grant a member the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's `getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's `setIamPolicy` method to update its IAM policy. For detailed instructions, see [Granting roles to a service account for specific resources](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts).",
8820	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:setIamPolicy",
8821	//   "httpMethod": "POST",
8822	//   "id": "iam.projects.serviceAccounts.setIamPolicy",
8823	//   "parameterOrder": [
8824	//     "resource"
8825	//   ],
8826	//   "parameters": {
8827	//     "resource": {
8828	//       "description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.",
8829	//       "location": "path",
8830	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
8831	//       "required": true,
8832	//       "type": "string"
8833	//     }
8834	//   },
8835	//   "path": "v1/{+resource}:setIamPolicy",
8836	//   "request": {
8837	//     "$ref": "SetIamPolicyRequest"
8838	//   },
8839	//   "response": {
8840	//     "$ref": "Policy"
8841	//   },
8842	//   "scopes": [
8843	//     "https://www.googleapis.com/auth/cloud-platform"
8844	//   ]
8845	// }
8846
8847}
8848
8849// method id "iam.projects.serviceAccounts.signBlob":
8850
8851type ProjectsServiceAccountsSignBlobCall struct {
8852	s               *Service
8853	name            string
8854	signblobrequest *SignBlobRequest
8855	urlParams_      gensupport.URLParams
8856	ctx_            context.Context
8857	header_         http.Header
8858}
8859
8860// SignBlob: **Note:** This method is deprecated. Use the `signBlob`
8861// (https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob)
8862// method in the IAM Service Account Credentials API instead. If you
8863// currently use this method, see the migration guide
8864// (https://cloud.google.com/iam/help/credentials/migrate-api) for
8865// instructions. Signs a blob using the system-managed private key for a
8866// ServiceAccount.
8867//
8868// - name: Deprecated. Migrate to Service Account Credentials API
8869//   (https://cloud.google.com/iam/help/credentials/migrate-api). The
8870//   resource name of the service account in the following format:
8871//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a
8872//   wildcard for the `PROJECT_ID` will infer the project from the
8873//   account. The `ACCOUNT` value can be the `email` address or the
8874//   `unique_id` of the service account.
8875func (r *ProjectsServiceAccountsService) SignBlob(name string, signblobrequest *SignBlobRequest) *ProjectsServiceAccountsSignBlobCall {
8876	c := &ProjectsServiceAccountsSignBlobCall{s: r.s, urlParams_: make(gensupport.URLParams)}
8877	c.name = name
8878	c.signblobrequest = signblobrequest
8879	return c
8880}
8881
8882// Fields allows partial responses to be retrieved. See
8883// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
8884// for more information.
8885func (c *ProjectsServiceAccountsSignBlobCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignBlobCall {
8886	c.urlParams_.Set("fields", googleapi.CombineFields(s))
8887	return c
8888}
8889
8890// Context sets the context to be used in this call's Do method. Any
8891// pending HTTP request will be aborted if the provided context is
8892// canceled.
8893func (c *ProjectsServiceAccountsSignBlobCall) Context(ctx context.Context) *ProjectsServiceAccountsSignBlobCall {
8894	c.ctx_ = ctx
8895	return c
8896}
8897
8898// Header returns an http.Header that can be modified by the caller to
8899// add HTTP headers to the request.
8900func (c *ProjectsServiceAccountsSignBlobCall) Header() http.Header {
8901	if c.header_ == nil {
8902		c.header_ = make(http.Header)
8903	}
8904	return c.header_
8905}
8906
8907func (c *ProjectsServiceAccountsSignBlobCall) doRequest(alt string) (*http.Response, error) {
8908	reqHeaders := make(http.Header)
8909	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
8910	for k, v := range c.header_ {
8911		reqHeaders[k] = v
8912	}
8913	reqHeaders.Set("User-Agent", c.s.userAgent())
8914	var body io.Reader = nil
8915	body, err := googleapi.WithoutDataWrapper.JSONReader(c.signblobrequest)
8916	if err != nil {
8917		return nil, err
8918	}
8919	reqHeaders.Set("Content-Type", "application/json")
8920	c.urlParams_.Set("alt", alt)
8921	c.urlParams_.Set("prettyPrint", "false")
8922	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:signBlob")
8923	urls += "?" + c.urlParams_.Encode()
8924	req, err := http.NewRequest("POST", urls, body)
8925	if err != nil {
8926		return nil, err
8927	}
8928	req.Header = reqHeaders
8929	googleapi.Expand(req.URL, map[string]string{
8930		"name": c.name,
8931	})
8932	return gensupport.SendRequest(c.ctx_, c.s.client, req)
8933}
8934
8935// Do executes the "iam.projects.serviceAccounts.signBlob" call.
8936// Exactly one of *SignBlobResponse or error will be non-nil. Any
8937// non-2xx status code is an error. Response headers are in either
8938// *SignBlobResponse.ServerResponse.Header or (if a response was
8939// returned at all) in error.(*googleapi.Error).Header. Use
8940// googleapi.IsNotModified to check whether the returned error was
8941// because http.StatusNotModified was returned.
8942func (c *ProjectsServiceAccountsSignBlobCall) Do(opts ...googleapi.CallOption) (*SignBlobResponse, error) {
8943	gensupport.SetOptions(c.urlParams_, opts...)
8944	res, err := c.doRequest("json")
8945	if res != nil && res.StatusCode == http.StatusNotModified {
8946		if res.Body != nil {
8947			res.Body.Close()
8948		}
8949		return nil, &googleapi.Error{
8950			Code:   res.StatusCode,
8951			Header: res.Header,
8952		}
8953	}
8954	if err != nil {
8955		return nil, err
8956	}
8957	defer googleapi.CloseBody(res)
8958	if err := googleapi.CheckResponse(res); err != nil {
8959		return nil, err
8960	}
8961	ret := &SignBlobResponse{
8962		ServerResponse: googleapi.ServerResponse{
8963			Header:         res.Header,
8964			HTTPStatusCode: res.StatusCode,
8965		},
8966	}
8967	target := &ret
8968	if err := gensupport.DecodeResponse(target, res); err != nil {
8969		return nil, err
8970	}
8971	return ret, nil
8972	// {
8973	//   "description": "**Note:** This method is deprecated. Use the [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob) method in the IAM Service Account Credentials API instead. If you currently use this method, see the [migration guide](https://cloud.google.com/iam/help/credentials/migrate-api) for instructions. Signs a blob using the system-managed private key for a ServiceAccount.",
8974	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signBlob",
8975	//   "httpMethod": "POST",
8976	//   "id": "iam.projects.serviceAccounts.signBlob",
8977	//   "parameterOrder": [
8978	//     "name"
8979	//   ],
8980	//   "parameters": {
8981	//     "name": {
8982	//       "description": "Required. Deprecated. [Migrate to Service Account Credentials API](https://cloud.google.com/iam/help/credentials/migrate-api). The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
8983	//       "location": "path",
8984	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
8985	//       "required": true,
8986	//       "type": "string"
8987	//     }
8988	//   },
8989	//   "path": "v1/{+name}:signBlob",
8990	//   "request": {
8991	//     "$ref": "SignBlobRequest"
8992	//   },
8993	//   "response": {
8994	//     "$ref": "SignBlobResponse"
8995	//   },
8996	//   "scopes": [
8997	//     "https://www.googleapis.com/auth/cloud-platform"
8998	//   ]
8999	// }
9000
9001}
9002
9003// method id "iam.projects.serviceAccounts.signJwt":
9004
9005type ProjectsServiceAccountsSignJwtCall struct {
9006	s              *Service
9007	name           string
9008	signjwtrequest *SignJwtRequest
9009	urlParams_     gensupport.URLParams
9010	ctx_           context.Context
9011	header_        http.Header
9012}
9013
9014// SignJwt: **Note:** This method is deprecated. Use the `signJwt`
9015// (https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt)
9016// method in the IAM Service Account Credentials API instead. If you
9017// currently use this method, see the migration guide
9018// (https://cloud.google.com/iam/help/credentials/migrate-api) for
9019// instructions. Signs a JSON Web Token (JWT) using the system-managed
9020// private key for a ServiceAccount.
9021//
9022// - name: Deprecated. Migrate to Service Account Credentials API
9023//   (https://cloud.google.com/iam/help/credentials/migrate-api). The
9024//   resource name of the service account in the following format:
9025//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a
9026//   wildcard for the `PROJECT_ID` will infer the project from the
9027//   account. The `ACCOUNT` value can be the `email` address or the
9028//   `unique_id` of the service account.
9029func (r *ProjectsServiceAccountsService) SignJwt(name string, signjwtrequest *SignJwtRequest) *ProjectsServiceAccountsSignJwtCall {
9030	c := &ProjectsServiceAccountsSignJwtCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9031	c.name = name
9032	c.signjwtrequest = signjwtrequest
9033	return c
9034}
9035
9036// Fields allows partial responses to be retrieved. See
9037// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
9038// for more information.
9039func (c *ProjectsServiceAccountsSignJwtCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignJwtCall {
9040	c.urlParams_.Set("fields", googleapi.CombineFields(s))
9041	return c
9042}
9043
9044// Context sets the context to be used in this call's Do method. Any
9045// pending HTTP request will be aborted if the provided context is
9046// canceled.
9047func (c *ProjectsServiceAccountsSignJwtCall) Context(ctx context.Context) *ProjectsServiceAccountsSignJwtCall {
9048	c.ctx_ = ctx
9049	return c
9050}
9051
9052// Header returns an http.Header that can be modified by the caller to
9053// add HTTP headers to the request.
9054func (c *ProjectsServiceAccountsSignJwtCall) Header() http.Header {
9055	if c.header_ == nil {
9056		c.header_ = make(http.Header)
9057	}
9058	return c.header_
9059}
9060
9061func (c *ProjectsServiceAccountsSignJwtCall) doRequest(alt string) (*http.Response, error) {
9062	reqHeaders := make(http.Header)
9063	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
9064	for k, v := range c.header_ {
9065		reqHeaders[k] = v
9066	}
9067	reqHeaders.Set("User-Agent", c.s.userAgent())
9068	var body io.Reader = nil
9069	body, err := googleapi.WithoutDataWrapper.JSONReader(c.signjwtrequest)
9070	if err != nil {
9071		return nil, err
9072	}
9073	reqHeaders.Set("Content-Type", "application/json")
9074	c.urlParams_.Set("alt", alt)
9075	c.urlParams_.Set("prettyPrint", "false")
9076	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:signJwt")
9077	urls += "?" + c.urlParams_.Encode()
9078	req, err := http.NewRequest("POST", urls, body)
9079	if err != nil {
9080		return nil, err
9081	}
9082	req.Header = reqHeaders
9083	googleapi.Expand(req.URL, map[string]string{
9084		"name": c.name,
9085	})
9086	return gensupport.SendRequest(c.ctx_, c.s.client, req)
9087}
9088
9089// Do executes the "iam.projects.serviceAccounts.signJwt" call.
9090// Exactly one of *SignJwtResponse or error will be non-nil. Any non-2xx
9091// status code is an error. Response headers are in either
9092// *SignJwtResponse.ServerResponse.Header or (if a response was returned
9093// at all) in error.(*googleapi.Error).Header. Use
9094// googleapi.IsNotModified to check whether the returned error was
9095// because http.StatusNotModified was returned.
9096func (c *ProjectsServiceAccountsSignJwtCall) Do(opts ...googleapi.CallOption) (*SignJwtResponse, error) {
9097	gensupport.SetOptions(c.urlParams_, opts...)
9098	res, err := c.doRequest("json")
9099	if res != nil && res.StatusCode == http.StatusNotModified {
9100		if res.Body != nil {
9101			res.Body.Close()
9102		}
9103		return nil, &googleapi.Error{
9104			Code:   res.StatusCode,
9105			Header: res.Header,
9106		}
9107	}
9108	if err != nil {
9109		return nil, err
9110	}
9111	defer googleapi.CloseBody(res)
9112	if err := googleapi.CheckResponse(res); err != nil {
9113		return nil, err
9114	}
9115	ret := &SignJwtResponse{
9116		ServerResponse: googleapi.ServerResponse{
9117			Header:         res.Header,
9118			HTTPStatusCode: res.StatusCode,
9119		},
9120	}
9121	target := &ret
9122	if err := gensupport.DecodeResponse(target, res); err != nil {
9123		return nil, err
9124	}
9125	return ret, nil
9126	// {
9127	//   "description": "**Note:** This method is deprecated. Use the [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt) method in the IAM Service Account Credentials API instead. If you currently use this method, see the [migration guide](https://cloud.google.com/iam/help/credentials/migrate-api) for instructions. Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.",
9128	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signJwt",
9129	//   "httpMethod": "POST",
9130	//   "id": "iam.projects.serviceAccounts.signJwt",
9131	//   "parameterOrder": [
9132	//     "name"
9133	//   ],
9134	//   "parameters": {
9135	//     "name": {
9136	//       "description": "Required. Deprecated. [Migrate to Service Account Credentials API](https://cloud.google.com/iam/help/credentials/migrate-api). The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
9137	//       "location": "path",
9138	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
9139	//       "required": true,
9140	//       "type": "string"
9141	//     }
9142	//   },
9143	//   "path": "v1/{+name}:signJwt",
9144	//   "request": {
9145	//     "$ref": "SignJwtRequest"
9146	//   },
9147	//   "response": {
9148	//     "$ref": "SignJwtResponse"
9149	//   },
9150	//   "scopes": [
9151	//     "https://www.googleapis.com/auth/cloud-platform"
9152	//   ]
9153	// }
9154
9155}
9156
9157// method id "iam.projects.serviceAccounts.testIamPermissions":
9158
9159type ProjectsServiceAccountsTestIamPermissionsCall struct {
9160	s                         *Service
9161	resource                  string
9162	testiampermissionsrequest *TestIamPermissionsRequest
9163	urlParams_                gensupport.URLParams
9164	ctx_                      context.Context
9165	header_                   http.Header
9166}
9167
9168// TestIamPermissions: Tests whether the caller has the specified
9169// permissions on a ServiceAccount.
9170//
9171// - resource: REQUIRED: The resource for which the policy detail is
9172//   being requested. See the operation documentation for the
9173//   appropriate value for this field.
9174func (r *ProjectsServiceAccountsService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsServiceAccountsTestIamPermissionsCall {
9175	c := &ProjectsServiceAccountsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9176	c.resource = resource
9177	c.testiampermissionsrequest = testiampermissionsrequest
9178	return c
9179}
9180
9181// Fields allows partial responses to be retrieved. See
9182// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
9183// for more information.
9184func (c *ProjectsServiceAccountsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsTestIamPermissionsCall {
9185	c.urlParams_.Set("fields", googleapi.CombineFields(s))
9186	return c
9187}
9188
9189// Context sets the context to be used in this call's Do method. Any
9190// pending HTTP request will be aborted if the provided context is
9191// canceled.
9192func (c *ProjectsServiceAccountsTestIamPermissionsCall) Context(ctx context.Context) *ProjectsServiceAccountsTestIamPermissionsCall {
9193	c.ctx_ = ctx
9194	return c
9195}
9196
9197// Header returns an http.Header that can be modified by the caller to
9198// add HTTP headers to the request.
9199func (c *ProjectsServiceAccountsTestIamPermissionsCall) Header() http.Header {
9200	if c.header_ == nil {
9201		c.header_ = make(http.Header)
9202	}
9203	return c.header_
9204}
9205
9206func (c *ProjectsServiceAccountsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
9207	reqHeaders := make(http.Header)
9208	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
9209	for k, v := range c.header_ {
9210		reqHeaders[k] = v
9211	}
9212	reqHeaders.Set("User-Agent", c.s.userAgent())
9213	var body io.Reader = nil
9214	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest)
9215	if err != nil {
9216		return nil, err
9217	}
9218	reqHeaders.Set("Content-Type", "application/json")
9219	c.urlParams_.Set("alt", alt)
9220	c.urlParams_.Set("prettyPrint", "false")
9221	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions")
9222	urls += "?" + c.urlParams_.Encode()
9223	req, err := http.NewRequest("POST", urls, body)
9224	if err != nil {
9225		return nil, err
9226	}
9227	req.Header = reqHeaders
9228	googleapi.Expand(req.URL, map[string]string{
9229		"resource": c.resource,
9230	})
9231	return gensupport.SendRequest(c.ctx_, c.s.client, req)
9232}
9233
9234// Do executes the "iam.projects.serviceAccounts.testIamPermissions" call.
9235// Exactly one of *TestIamPermissionsResponse or error will be non-nil.
9236// Any non-2xx status code is an error. Response headers are in either
9237// *TestIamPermissionsResponse.ServerResponse.Header or (if a response
9238// was returned at all) in error.(*googleapi.Error).Header. Use
9239// googleapi.IsNotModified to check whether the returned error was
9240// because http.StatusNotModified was returned.
9241func (c *ProjectsServiceAccountsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
9242	gensupport.SetOptions(c.urlParams_, opts...)
9243	res, err := c.doRequest("json")
9244	if res != nil && res.StatusCode == http.StatusNotModified {
9245		if res.Body != nil {
9246			res.Body.Close()
9247		}
9248		return nil, &googleapi.Error{
9249			Code:   res.StatusCode,
9250			Header: res.Header,
9251		}
9252	}
9253	if err != nil {
9254		return nil, err
9255	}
9256	defer googleapi.CloseBody(res)
9257	if err := googleapi.CheckResponse(res); err != nil {
9258		return nil, err
9259	}
9260	ret := &TestIamPermissionsResponse{
9261		ServerResponse: googleapi.ServerResponse{
9262			Header:         res.Header,
9263			HTTPStatusCode: res.StatusCode,
9264		},
9265	}
9266	target := &ret
9267	if err := gensupport.DecodeResponse(target, res); err != nil {
9268		return nil, err
9269	}
9270	return ret, nil
9271	// {
9272	//   "description": "Tests whether the caller has the specified permissions on a ServiceAccount.",
9273	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:testIamPermissions",
9274	//   "httpMethod": "POST",
9275	//   "id": "iam.projects.serviceAccounts.testIamPermissions",
9276	//   "parameterOrder": [
9277	//     "resource"
9278	//   ],
9279	//   "parameters": {
9280	//     "resource": {
9281	//       "description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
9282	//       "location": "path",
9283	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
9284	//       "required": true,
9285	//       "type": "string"
9286	//     }
9287	//   },
9288	//   "path": "v1/{+resource}:testIamPermissions",
9289	//   "request": {
9290	//     "$ref": "TestIamPermissionsRequest"
9291	//   },
9292	//   "response": {
9293	//     "$ref": "TestIamPermissionsResponse"
9294	//   },
9295	//   "scopes": [
9296	//     "https://www.googleapis.com/auth/cloud-platform"
9297	//   ]
9298	// }
9299
9300}
9301
9302// method id "iam.projects.serviceAccounts.undelete":
9303
9304type ProjectsServiceAccountsUndeleteCall struct {
9305	s                             *Service
9306	name                          string
9307	undeleteserviceaccountrequest *UndeleteServiceAccountRequest
9308	urlParams_                    gensupport.URLParams
9309	ctx_                          context.Context
9310	header_                       http.Header
9311}
9312
9313// Undelete: Restores a deleted ServiceAccount. **Important:** It is not
9314// always possible to restore a deleted service account. Use this method
9315// only as a last resort. After you delete a service account, IAM
9316// permanently removes the service account 30 days later. There is no
9317// way to restore a deleted service account that has been permanently
9318// removed.
9319//
9320// - name: The resource name of the service account in the following
9321//   format:
9322//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_UNIQUE_ID}`. Using
9323//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
9324//   the account.
9325func (r *ProjectsServiceAccountsService) Undelete(name string, undeleteserviceaccountrequest *UndeleteServiceAccountRequest) *ProjectsServiceAccountsUndeleteCall {
9326	c := &ProjectsServiceAccountsUndeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9327	c.name = name
9328	c.undeleteserviceaccountrequest = undeleteserviceaccountrequest
9329	return c
9330}
9331
9332// Fields allows partial responses to be retrieved. See
9333// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
9334// for more information.
9335func (c *ProjectsServiceAccountsUndeleteCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsUndeleteCall {
9336	c.urlParams_.Set("fields", googleapi.CombineFields(s))
9337	return c
9338}
9339
9340// Context sets the context to be used in this call's Do method. Any
9341// pending HTTP request will be aborted if the provided context is
9342// canceled.
9343func (c *ProjectsServiceAccountsUndeleteCall) Context(ctx context.Context) *ProjectsServiceAccountsUndeleteCall {
9344	c.ctx_ = ctx
9345	return c
9346}
9347
9348// Header returns an http.Header that can be modified by the caller to
9349// add HTTP headers to the request.
9350func (c *ProjectsServiceAccountsUndeleteCall) Header() http.Header {
9351	if c.header_ == nil {
9352		c.header_ = make(http.Header)
9353	}
9354	return c.header_
9355}
9356
9357func (c *ProjectsServiceAccountsUndeleteCall) doRequest(alt string) (*http.Response, error) {
9358	reqHeaders := make(http.Header)
9359	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
9360	for k, v := range c.header_ {
9361		reqHeaders[k] = v
9362	}
9363	reqHeaders.Set("User-Agent", c.s.userAgent())
9364	var body io.Reader = nil
9365	body, err := googleapi.WithoutDataWrapper.JSONReader(c.undeleteserviceaccountrequest)
9366	if err != nil {
9367		return nil, err
9368	}
9369	reqHeaders.Set("Content-Type", "application/json")
9370	c.urlParams_.Set("alt", alt)
9371	c.urlParams_.Set("prettyPrint", "false")
9372	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:undelete")
9373	urls += "?" + c.urlParams_.Encode()
9374	req, err := http.NewRequest("POST", urls, body)
9375	if err != nil {
9376		return nil, err
9377	}
9378	req.Header = reqHeaders
9379	googleapi.Expand(req.URL, map[string]string{
9380		"name": c.name,
9381	})
9382	return gensupport.SendRequest(c.ctx_, c.s.client, req)
9383}
9384
9385// Do executes the "iam.projects.serviceAccounts.undelete" call.
9386// Exactly one of *UndeleteServiceAccountResponse or error will be
9387// non-nil. Any non-2xx status code is an error. Response headers are in
9388// either *UndeleteServiceAccountResponse.ServerResponse.Header or (if a
9389// response was returned at all) in error.(*googleapi.Error).Header. Use
9390// googleapi.IsNotModified to check whether the returned error was
9391// because http.StatusNotModified was returned.
9392func (c *ProjectsServiceAccountsUndeleteCall) Do(opts ...googleapi.CallOption) (*UndeleteServiceAccountResponse, error) {
9393	gensupport.SetOptions(c.urlParams_, opts...)
9394	res, err := c.doRequest("json")
9395	if res != nil && res.StatusCode == http.StatusNotModified {
9396		if res.Body != nil {
9397			res.Body.Close()
9398		}
9399		return nil, &googleapi.Error{
9400			Code:   res.StatusCode,
9401			Header: res.Header,
9402		}
9403	}
9404	if err != nil {
9405		return nil, err
9406	}
9407	defer googleapi.CloseBody(res)
9408	if err := googleapi.CheckResponse(res); err != nil {
9409		return nil, err
9410	}
9411	ret := &UndeleteServiceAccountResponse{
9412		ServerResponse: googleapi.ServerResponse{
9413			Header:         res.Header,
9414			HTTPStatusCode: res.StatusCode,
9415		},
9416	}
9417	target := &ret
9418	if err := gensupport.DecodeResponse(target, res); err != nil {
9419		return nil, err
9420	}
9421	return ret, nil
9422	// {
9423	//   "description": "Restores a deleted ServiceAccount. **Important:** It is not always possible to restore a deleted service account. Use this method only as a last resort. After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed.",
9424	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:undelete",
9425	//   "httpMethod": "POST",
9426	//   "id": "iam.projects.serviceAccounts.undelete",
9427	//   "parameterOrder": [
9428	//     "name"
9429	//   ],
9430	//   "parameters": {
9431	//     "name": {
9432	//       "description": "The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_UNIQUE_ID}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account.",
9433	//       "location": "path",
9434	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
9435	//       "required": true,
9436	//       "type": "string"
9437	//     }
9438	//   },
9439	//   "path": "v1/{+name}:undelete",
9440	//   "request": {
9441	//     "$ref": "UndeleteServiceAccountRequest"
9442	//   },
9443	//   "response": {
9444	//     "$ref": "UndeleteServiceAccountResponse"
9445	//   },
9446	//   "scopes": [
9447	//     "https://www.googleapis.com/auth/cloud-platform"
9448	//   ]
9449	// }
9450
9451}
9452
9453// method id "iam.projects.serviceAccounts.update":
9454
9455type ProjectsServiceAccountsUpdateCall struct {
9456	s              *Service
9457	name           string
9458	serviceaccount *ServiceAccount
9459	urlParams_     gensupport.URLParams
9460	ctx_           context.Context
9461	header_        http.Header
9462}
9463
9464// Update: **Note:** We are in the process of deprecating this method.
9465// Use PatchServiceAccount instead. Updates a ServiceAccount. You can
9466// update only the `display_name` and `description` fields.
9467//
9468// - name: The resource name of the service account. Use one of the
9469//   following formats: *
9470//   `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` *
9471//   `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an
9472//   alternative, you can use the `-` wildcard character instead of the
9473//   project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` *
9474//   `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using
9475//   the `-` wildcard character, because it can cause response messages
9476//   to contain misleading error codes. For example, if you try to get
9477//   the service account `projects/-/serviceAccounts/fake@example.com`,
9478//   which does not exist, the response contains an HTTP `403 Forbidden`
9479//   error instead of a `404 Not Found` error.
9480func (r *ProjectsServiceAccountsService) Update(name string, serviceaccount *ServiceAccount) *ProjectsServiceAccountsUpdateCall {
9481	c := &ProjectsServiceAccountsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9482	c.name = name
9483	c.serviceaccount = serviceaccount
9484	return c
9485}
9486
9487// Fields allows partial responses to be retrieved. See
9488// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
9489// for more information.
9490func (c *ProjectsServiceAccountsUpdateCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsUpdateCall {
9491	c.urlParams_.Set("fields", googleapi.CombineFields(s))
9492	return c
9493}
9494
9495// Context sets the context to be used in this call's Do method. Any
9496// pending HTTP request will be aborted if the provided context is
9497// canceled.
9498func (c *ProjectsServiceAccountsUpdateCall) Context(ctx context.Context) *ProjectsServiceAccountsUpdateCall {
9499	c.ctx_ = ctx
9500	return c
9501}
9502
9503// Header returns an http.Header that can be modified by the caller to
9504// add HTTP headers to the request.
9505func (c *ProjectsServiceAccountsUpdateCall) Header() http.Header {
9506	if c.header_ == nil {
9507		c.header_ = make(http.Header)
9508	}
9509	return c.header_
9510}
9511
9512func (c *ProjectsServiceAccountsUpdateCall) doRequest(alt string) (*http.Response, error) {
9513	reqHeaders := make(http.Header)
9514	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
9515	for k, v := range c.header_ {
9516		reqHeaders[k] = v
9517	}
9518	reqHeaders.Set("User-Agent", c.s.userAgent())
9519	var body io.Reader = nil
9520	body, err := googleapi.WithoutDataWrapper.JSONReader(c.serviceaccount)
9521	if err != nil {
9522		return nil, err
9523	}
9524	reqHeaders.Set("Content-Type", "application/json")
9525	c.urlParams_.Set("alt", alt)
9526	c.urlParams_.Set("prettyPrint", "false")
9527	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
9528	urls += "?" + c.urlParams_.Encode()
9529	req, err := http.NewRequest("PUT", urls, body)
9530	if err != nil {
9531		return nil, err
9532	}
9533	req.Header = reqHeaders
9534	googleapi.Expand(req.URL, map[string]string{
9535		"name": c.name,
9536	})
9537	return gensupport.SendRequest(c.ctx_, c.s.client, req)
9538}
9539
9540// Do executes the "iam.projects.serviceAccounts.update" call.
9541// Exactly one of *ServiceAccount or error will be non-nil. Any non-2xx
9542// status code is an error. Response headers are in either
9543// *ServiceAccount.ServerResponse.Header or (if a response was returned
9544// at all) in error.(*googleapi.Error).Header. Use
9545// googleapi.IsNotModified to check whether the returned error was
9546// because http.StatusNotModified was returned.
9547func (c *ProjectsServiceAccountsUpdateCall) Do(opts ...googleapi.CallOption) (*ServiceAccount, error) {
9548	gensupport.SetOptions(c.urlParams_, opts...)
9549	res, err := c.doRequest("json")
9550	if res != nil && res.StatusCode == http.StatusNotModified {
9551		if res.Body != nil {
9552			res.Body.Close()
9553		}
9554		return nil, &googleapi.Error{
9555			Code:   res.StatusCode,
9556			Header: res.Header,
9557		}
9558	}
9559	if err != nil {
9560		return nil, err
9561	}
9562	defer googleapi.CloseBody(res)
9563	if err := googleapi.CheckResponse(res); err != nil {
9564		return nil, err
9565	}
9566	ret := &ServiceAccount{
9567		ServerResponse: googleapi.ServerResponse{
9568			Header:         res.Header,
9569			HTTPStatusCode: res.StatusCode,
9570		},
9571	}
9572	target := &ret
9573	if err := gensupport.DecodeResponse(target, res); err != nil {
9574		return nil, err
9575	}
9576	return ret, nil
9577	// {
9578	//   "description": "**Note:** We are in the process of deprecating this method. Use PatchServiceAccount instead. Updates a ServiceAccount. You can update only the `display_name` and `description` fields.",
9579	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}",
9580	//   "httpMethod": "PUT",
9581	//   "id": "iam.projects.serviceAccounts.update",
9582	//   "parameterOrder": [
9583	//     "name"
9584	//   ],
9585	//   "parameters": {
9586	//     "name": {
9587	//       "description": "The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to get the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.",
9588	//       "location": "path",
9589	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
9590	//       "required": true,
9591	//       "type": "string"
9592	//     }
9593	//   },
9594	//   "path": "v1/{+name}",
9595	//   "request": {
9596	//     "$ref": "ServiceAccount"
9597	//   },
9598	//   "response": {
9599	//     "$ref": "ServiceAccount"
9600	//   },
9601	//   "scopes": [
9602	//     "https://www.googleapis.com/auth/cloud-platform"
9603	//   ]
9604	// }
9605
9606}
9607
9608// method id "iam.projects.serviceAccounts.keys.create":
9609
9610type ProjectsServiceAccountsKeysCreateCall struct {
9611	s                              *Service
9612	name                           string
9613	createserviceaccountkeyrequest *CreateServiceAccountKeyRequest
9614	urlParams_                     gensupport.URLParams
9615	ctx_                           context.Context
9616	header_                        http.Header
9617}
9618
9619// Create: Creates a ServiceAccountKey.
9620//
9621// - name: The resource name of the service account in the following
9622//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
9623//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
9624//   the account. The `ACCOUNT` value can be the `email` address or the
9625//   `unique_id` of the service account.
9626func (r *ProjectsServiceAccountsKeysService) Create(name string, createserviceaccountkeyrequest *CreateServiceAccountKeyRequest) *ProjectsServiceAccountsKeysCreateCall {
9627	c := &ProjectsServiceAccountsKeysCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9628	c.name = name
9629	c.createserviceaccountkeyrequest = createserviceaccountkeyrequest
9630	return c
9631}
9632
9633// Fields allows partial responses to be retrieved. See
9634// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
9635// for more information.
9636func (c *ProjectsServiceAccountsKeysCreateCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysCreateCall {
9637	c.urlParams_.Set("fields", googleapi.CombineFields(s))
9638	return c
9639}
9640
9641// Context sets the context to be used in this call's Do method. Any
9642// pending HTTP request will be aborted if the provided context is
9643// canceled.
9644func (c *ProjectsServiceAccountsKeysCreateCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysCreateCall {
9645	c.ctx_ = ctx
9646	return c
9647}
9648
9649// Header returns an http.Header that can be modified by the caller to
9650// add HTTP headers to the request.
9651func (c *ProjectsServiceAccountsKeysCreateCall) Header() http.Header {
9652	if c.header_ == nil {
9653		c.header_ = make(http.Header)
9654	}
9655	return c.header_
9656}
9657
9658func (c *ProjectsServiceAccountsKeysCreateCall) doRequest(alt string) (*http.Response, error) {
9659	reqHeaders := make(http.Header)
9660	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
9661	for k, v := range c.header_ {
9662		reqHeaders[k] = v
9663	}
9664	reqHeaders.Set("User-Agent", c.s.userAgent())
9665	var body io.Reader = nil
9666	body, err := googleapi.WithoutDataWrapper.JSONReader(c.createserviceaccountkeyrequest)
9667	if err != nil {
9668		return nil, err
9669	}
9670	reqHeaders.Set("Content-Type", "application/json")
9671	c.urlParams_.Set("alt", alt)
9672	c.urlParams_.Set("prettyPrint", "false")
9673	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/keys")
9674	urls += "?" + c.urlParams_.Encode()
9675	req, err := http.NewRequest("POST", urls, body)
9676	if err != nil {
9677		return nil, err
9678	}
9679	req.Header = reqHeaders
9680	googleapi.Expand(req.URL, map[string]string{
9681		"name": c.name,
9682	})
9683	return gensupport.SendRequest(c.ctx_, c.s.client, req)
9684}
9685
9686// Do executes the "iam.projects.serviceAccounts.keys.create" call.
9687// Exactly one of *ServiceAccountKey or error will be non-nil. Any
9688// non-2xx status code is an error. Response headers are in either
9689// *ServiceAccountKey.ServerResponse.Header or (if a response was
9690// returned at all) in error.(*googleapi.Error).Header. Use
9691// googleapi.IsNotModified to check whether the returned error was
9692// because http.StatusNotModified was returned.
9693func (c *ProjectsServiceAccountsKeysCreateCall) Do(opts ...googleapi.CallOption) (*ServiceAccountKey, error) {
9694	gensupport.SetOptions(c.urlParams_, opts...)
9695	res, err := c.doRequest("json")
9696	if res != nil && res.StatusCode == http.StatusNotModified {
9697		if res.Body != nil {
9698			res.Body.Close()
9699		}
9700		return nil, &googleapi.Error{
9701			Code:   res.StatusCode,
9702			Header: res.Header,
9703		}
9704	}
9705	if err != nil {
9706		return nil, err
9707	}
9708	defer googleapi.CloseBody(res)
9709	if err := googleapi.CheckResponse(res); err != nil {
9710		return nil, err
9711	}
9712	ret := &ServiceAccountKey{
9713		ServerResponse: googleapi.ServerResponse{
9714			Header:         res.Header,
9715			HTTPStatusCode: res.StatusCode,
9716		},
9717	}
9718	target := &ret
9719	if err := gensupport.DecodeResponse(target, res); err != nil {
9720		return nil, err
9721	}
9722	return ret, nil
9723	// {
9724	//   "description": "Creates a ServiceAccountKey.",
9725	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys",
9726	//   "httpMethod": "POST",
9727	//   "id": "iam.projects.serviceAccounts.keys.create",
9728	//   "parameterOrder": [
9729	//     "name"
9730	//   ],
9731	//   "parameters": {
9732	//     "name": {
9733	//       "description": "Required. The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
9734	//       "location": "path",
9735	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
9736	//       "required": true,
9737	//       "type": "string"
9738	//     }
9739	//   },
9740	//   "path": "v1/{+name}/keys",
9741	//   "request": {
9742	//     "$ref": "CreateServiceAccountKeyRequest"
9743	//   },
9744	//   "response": {
9745	//     "$ref": "ServiceAccountKey"
9746	//   },
9747	//   "scopes": [
9748	//     "https://www.googleapis.com/auth/cloud-platform"
9749	//   ]
9750	// }
9751
9752}
9753
9754// method id "iam.projects.serviceAccounts.keys.delete":
9755
9756type ProjectsServiceAccountsKeysDeleteCall struct {
9757	s          *Service
9758	name       string
9759	urlParams_ gensupport.URLParams
9760	ctx_       context.Context
9761	header_    http.Header
9762}
9763
9764// Delete: Deletes a ServiceAccountKey. Deleting a service account key
9765// does not revoke short-lived credentials that have been issued based
9766// on the service account key.
9767//
9768// - name: The resource name of the service account key in the following
9769//   format:
9770//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using
9771//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
9772//   the account. The `ACCOUNT` value can be the `email` address or the
9773//   `unique_id` of the service account.
9774func (r *ProjectsServiceAccountsKeysService) Delete(name string) *ProjectsServiceAccountsKeysDeleteCall {
9775	c := &ProjectsServiceAccountsKeysDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9776	c.name = name
9777	return c
9778}
9779
9780// Fields allows partial responses to be retrieved. See
9781// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
9782// for more information.
9783func (c *ProjectsServiceAccountsKeysDeleteCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysDeleteCall {
9784	c.urlParams_.Set("fields", googleapi.CombineFields(s))
9785	return c
9786}
9787
9788// Context sets the context to be used in this call's Do method. Any
9789// pending HTTP request will be aborted if the provided context is
9790// canceled.
9791func (c *ProjectsServiceAccountsKeysDeleteCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysDeleteCall {
9792	c.ctx_ = ctx
9793	return c
9794}
9795
9796// Header returns an http.Header that can be modified by the caller to
9797// add HTTP headers to the request.
9798func (c *ProjectsServiceAccountsKeysDeleteCall) Header() http.Header {
9799	if c.header_ == nil {
9800		c.header_ = make(http.Header)
9801	}
9802	return c.header_
9803}
9804
9805func (c *ProjectsServiceAccountsKeysDeleteCall) doRequest(alt string) (*http.Response, error) {
9806	reqHeaders := make(http.Header)
9807	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
9808	for k, v := range c.header_ {
9809		reqHeaders[k] = v
9810	}
9811	reqHeaders.Set("User-Agent", c.s.userAgent())
9812	var body io.Reader = nil
9813	c.urlParams_.Set("alt", alt)
9814	c.urlParams_.Set("prettyPrint", "false")
9815	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
9816	urls += "?" + c.urlParams_.Encode()
9817	req, err := http.NewRequest("DELETE", urls, body)
9818	if err != nil {
9819		return nil, err
9820	}
9821	req.Header = reqHeaders
9822	googleapi.Expand(req.URL, map[string]string{
9823		"name": c.name,
9824	})
9825	return gensupport.SendRequest(c.ctx_, c.s.client, req)
9826}
9827
9828// Do executes the "iam.projects.serviceAccounts.keys.delete" call.
9829// Exactly one of *Empty or error will be non-nil. Any non-2xx status
9830// code is an error. Response headers are in either
9831// *Empty.ServerResponse.Header or (if a response was returned at all)
9832// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
9833// check whether the returned error was because http.StatusNotModified
9834// was returned.
9835func (c *ProjectsServiceAccountsKeysDeleteCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
9836	gensupport.SetOptions(c.urlParams_, opts...)
9837	res, err := c.doRequest("json")
9838	if res != nil && res.StatusCode == http.StatusNotModified {
9839		if res.Body != nil {
9840			res.Body.Close()
9841		}
9842		return nil, &googleapi.Error{
9843			Code:   res.StatusCode,
9844			Header: res.Header,
9845		}
9846	}
9847	if err != nil {
9848		return nil, err
9849	}
9850	defer googleapi.CloseBody(res)
9851	if err := googleapi.CheckResponse(res); err != nil {
9852		return nil, err
9853	}
9854	ret := &Empty{
9855		ServerResponse: googleapi.ServerResponse{
9856			Header:         res.Header,
9857			HTTPStatusCode: res.StatusCode,
9858		},
9859	}
9860	target := &ret
9861	if err := gensupport.DecodeResponse(target, res); err != nil {
9862		return nil, err
9863	}
9864	return ret, nil
9865	// {
9866	//   "description": "Deletes a ServiceAccountKey. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.",
9867	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}",
9868	//   "httpMethod": "DELETE",
9869	//   "id": "iam.projects.serviceAccounts.keys.delete",
9870	//   "parameterOrder": [
9871	//     "name"
9872	//   ],
9873	//   "parameters": {
9874	//     "name": {
9875	//       "description": "Required. The resource name of the service account key in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
9876	//       "location": "path",
9877	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$",
9878	//       "required": true,
9879	//       "type": "string"
9880	//     }
9881	//   },
9882	//   "path": "v1/{+name}",
9883	//   "response": {
9884	//     "$ref": "Empty"
9885	//   },
9886	//   "scopes": [
9887	//     "https://www.googleapis.com/auth/cloud-platform"
9888	//   ]
9889	// }
9890
9891}
9892
9893// method id "iam.projects.serviceAccounts.keys.disable":
9894
9895type ProjectsServiceAccountsKeysDisableCall struct {
9896	s                               *Service
9897	name                            string
9898	disableserviceaccountkeyrequest *DisableServiceAccountKeyRequest
9899	urlParams_                      gensupport.URLParams
9900	ctx_                            context.Context
9901	header_                         http.Header
9902}
9903
9904// Disable: Disable a ServiceAccountKey. A disabled service account key
9905// can be enabled through EnableServiceAccountKey. The API is currently
9906// in preview phase.
9907//
9908// - name: The resource name of the service account key in the following
9909//   format:
9910//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using
9911//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
9912//   the account. The `ACCOUNT` value can be the `email` address or the
9913//   `unique_id` of the service account.
9914func (r *ProjectsServiceAccountsKeysService) Disable(name string, disableserviceaccountkeyrequest *DisableServiceAccountKeyRequest) *ProjectsServiceAccountsKeysDisableCall {
9915	c := &ProjectsServiceAccountsKeysDisableCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9916	c.name = name
9917	c.disableserviceaccountkeyrequest = disableserviceaccountkeyrequest
9918	return c
9919}
9920
9921// Fields allows partial responses to be retrieved. See
9922// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
9923// for more information.
9924func (c *ProjectsServiceAccountsKeysDisableCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysDisableCall {
9925	c.urlParams_.Set("fields", googleapi.CombineFields(s))
9926	return c
9927}
9928
9929// Context sets the context to be used in this call's Do method. Any
9930// pending HTTP request will be aborted if the provided context is
9931// canceled.
9932func (c *ProjectsServiceAccountsKeysDisableCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysDisableCall {
9933	c.ctx_ = ctx
9934	return c
9935}
9936
9937// Header returns an http.Header that can be modified by the caller to
9938// add HTTP headers to the request.
9939func (c *ProjectsServiceAccountsKeysDisableCall) Header() http.Header {
9940	if c.header_ == nil {
9941		c.header_ = make(http.Header)
9942	}
9943	return c.header_
9944}
9945
9946func (c *ProjectsServiceAccountsKeysDisableCall) doRequest(alt string) (*http.Response, error) {
9947	reqHeaders := make(http.Header)
9948	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
9949	for k, v := range c.header_ {
9950		reqHeaders[k] = v
9951	}
9952	reqHeaders.Set("User-Agent", c.s.userAgent())
9953	var body io.Reader = nil
9954	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disableserviceaccountkeyrequest)
9955	if err != nil {
9956		return nil, err
9957	}
9958	reqHeaders.Set("Content-Type", "application/json")
9959	c.urlParams_.Set("alt", alt)
9960	c.urlParams_.Set("prettyPrint", "false")
9961	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:disable")
9962	urls += "?" + c.urlParams_.Encode()
9963	req, err := http.NewRequest("POST", urls, body)
9964	if err != nil {
9965		return nil, err
9966	}
9967	req.Header = reqHeaders
9968	googleapi.Expand(req.URL, map[string]string{
9969		"name": c.name,
9970	})
9971	return gensupport.SendRequest(c.ctx_, c.s.client, req)
9972}
9973
9974// Do executes the "iam.projects.serviceAccounts.keys.disable" call.
9975// Exactly one of *Empty or error will be non-nil. Any non-2xx status
9976// code is an error. Response headers are in either
9977// *Empty.ServerResponse.Header or (if a response was returned at all)
9978// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
9979// check whether the returned error was because http.StatusNotModified
9980// was returned.
9981func (c *ProjectsServiceAccountsKeysDisableCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
9982	gensupport.SetOptions(c.urlParams_, opts...)
9983	res, err := c.doRequest("json")
9984	if res != nil && res.StatusCode == http.StatusNotModified {
9985		if res.Body != nil {
9986			res.Body.Close()
9987		}
9988		return nil, &googleapi.Error{
9989			Code:   res.StatusCode,
9990			Header: res.Header,
9991		}
9992	}
9993	if err != nil {
9994		return nil, err
9995	}
9996	defer googleapi.CloseBody(res)
9997	if err := googleapi.CheckResponse(res); err != nil {
9998		return nil, err
9999	}
10000	ret := &Empty{
10001		ServerResponse: googleapi.ServerResponse{
10002			Header:         res.Header,
10003			HTTPStatusCode: res.StatusCode,
10004		},
10005	}
10006	target := &ret
10007	if err := gensupport.DecodeResponse(target, res); err != nil {
10008		return nil, err
10009	}
10010	return ret, nil
10011	// {
10012	//   "description": "Disable a ServiceAccountKey. A disabled service account key can be enabled through EnableServiceAccountKey. The API is currently in preview phase.",
10013	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}:disable",
10014	//   "httpMethod": "POST",
10015	//   "id": "iam.projects.serviceAccounts.keys.disable",
10016	//   "parameterOrder": [
10017	//     "name"
10018	//   ],
10019	//   "parameters": {
10020	//     "name": {
10021	//       "description": "Required. The resource name of the service account key in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
10022	//       "location": "path",
10023	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$",
10024	//       "required": true,
10025	//       "type": "string"
10026	//     }
10027	//   },
10028	//   "path": "v1/{+name}:disable",
10029	//   "request": {
10030	//     "$ref": "DisableServiceAccountKeyRequest"
10031	//   },
10032	//   "response": {
10033	//     "$ref": "Empty"
10034	//   },
10035	//   "scopes": [
10036	//     "https://www.googleapis.com/auth/cloud-platform"
10037	//   ]
10038	// }
10039
10040}
10041
10042// method id "iam.projects.serviceAccounts.keys.enable":
10043
10044type ProjectsServiceAccountsKeysEnableCall struct {
10045	s                              *Service
10046	name                           string
10047	enableserviceaccountkeyrequest *EnableServiceAccountKeyRequest
10048	urlParams_                     gensupport.URLParams
10049	ctx_                           context.Context
10050	header_                        http.Header
10051}
10052
10053// Enable: Enable a ServiceAccountKey. The API is currently in preview
10054// phase.
10055//
10056// - name: The resource name of the service account key in the following
10057//   format:
10058//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using
10059//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
10060//   the account. The `ACCOUNT` value can be the `email` address or the
10061//   `unique_id` of the service account.
10062func (r *ProjectsServiceAccountsKeysService) Enable(name string, enableserviceaccountkeyrequest *EnableServiceAccountKeyRequest) *ProjectsServiceAccountsKeysEnableCall {
10063	c := &ProjectsServiceAccountsKeysEnableCall{s: r.s, urlParams_: make(gensupport.URLParams)}
10064	c.name = name
10065	c.enableserviceaccountkeyrequest = enableserviceaccountkeyrequest
10066	return c
10067}
10068
10069// Fields allows partial responses to be retrieved. See
10070// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
10071// for more information.
10072func (c *ProjectsServiceAccountsKeysEnableCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysEnableCall {
10073	c.urlParams_.Set("fields", googleapi.CombineFields(s))
10074	return c
10075}
10076
10077// Context sets the context to be used in this call's Do method. Any
10078// pending HTTP request will be aborted if the provided context is
10079// canceled.
10080func (c *ProjectsServiceAccountsKeysEnableCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysEnableCall {
10081	c.ctx_ = ctx
10082	return c
10083}
10084
10085// Header returns an http.Header that can be modified by the caller to
10086// add HTTP headers to the request.
10087func (c *ProjectsServiceAccountsKeysEnableCall) Header() http.Header {
10088	if c.header_ == nil {
10089		c.header_ = make(http.Header)
10090	}
10091	return c.header_
10092}
10093
10094func (c *ProjectsServiceAccountsKeysEnableCall) doRequest(alt string) (*http.Response, error) {
10095	reqHeaders := make(http.Header)
10096	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
10097	for k, v := range c.header_ {
10098		reqHeaders[k] = v
10099	}
10100	reqHeaders.Set("User-Agent", c.s.userAgent())
10101	var body io.Reader = nil
10102	body, err := googleapi.WithoutDataWrapper.JSONReader(c.enableserviceaccountkeyrequest)
10103	if err != nil {
10104		return nil, err
10105	}
10106	reqHeaders.Set("Content-Type", "application/json")
10107	c.urlParams_.Set("alt", alt)
10108	c.urlParams_.Set("prettyPrint", "false")
10109	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:enable")
10110	urls += "?" + c.urlParams_.Encode()
10111	req, err := http.NewRequest("POST", urls, body)
10112	if err != nil {
10113		return nil, err
10114	}
10115	req.Header = reqHeaders
10116	googleapi.Expand(req.URL, map[string]string{
10117		"name": c.name,
10118	})
10119	return gensupport.SendRequest(c.ctx_, c.s.client, req)
10120}
10121
10122// Do executes the "iam.projects.serviceAccounts.keys.enable" call.
10123// Exactly one of *Empty or error will be non-nil. Any non-2xx status
10124// code is an error. Response headers are in either
10125// *Empty.ServerResponse.Header or (if a response was returned at all)
10126// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
10127// check whether the returned error was because http.StatusNotModified
10128// was returned.
10129func (c *ProjectsServiceAccountsKeysEnableCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
10130	gensupport.SetOptions(c.urlParams_, opts...)
10131	res, err := c.doRequest("json")
10132	if res != nil && res.StatusCode == http.StatusNotModified {
10133		if res.Body != nil {
10134			res.Body.Close()
10135		}
10136		return nil, &googleapi.Error{
10137			Code:   res.StatusCode,
10138			Header: res.Header,
10139		}
10140	}
10141	if err != nil {
10142		return nil, err
10143	}
10144	defer googleapi.CloseBody(res)
10145	if err := googleapi.CheckResponse(res); err != nil {
10146		return nil, err
10147	}
10148	ret := &Empty{
10149		ServerResponse: googleapi.ServerResponse{
10150			Header:         res.Header,
10151			HTTPStatusCode: res.StatusCode,
10152		},
10153	}
10154	target := &ret
10155	if err := gensupport.DecodeResponse(target, res); err != nil {
10156		return nil, err
10157	}
10158	return ret, nil
10159	// {
10160	//   "description": "Enable a ServiceAccountKey. The API is currently in preview phase.",
10161	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}:enable",
10162	//   "httpMethod": "POST",
10163	//   "id": "iam.projects.serviceAccounts.keys.enable",
10164	//   "parameterOrder": [
10165	//     "name"
10166	//   ],
10167	//   "parameters": {
10168	//     "name": {
10169	//       "description": "Required. The resource name of the service account key in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
10170	//       "location": "path",
10171	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$",
10172	//       "required": true,
10173	//       "type": "string"
10174	//     }
10175	//   },
10176	//   "path": "v1/{+name}:enable",
10177	//   "request": {
10178	//     "$ref": "EnableServiceAccountKeyRequest"
10179	//   },
10180	//   "response": {
10181	//     "$ref": "Empty"
10182	//   },
10183	//   "scopes": [
10184	//     "https://www.googleapis.com/auth/cloud-platform"
10185	//   ]
10186	// }
10187
10188}
10189
10190// method id "iam.projects.serviceAccounts.keys.get":
10191
10192type ProjectsServiceAccountsKeysGetCall struct {
10193	s            *Service
10194	name         string
10195	urlParams_   gensupport.URLParams
10196	ifNoneMatch_ string
10197	ctx_         context.Context
10198	header_      http.Header
10199}
10200
10201// Get: Gets a ServiceAccountKey.
10202//
10203// - name: The resource name of the service account key in the following
10204//   format:
10205//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using
10206//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
10207//   the account. The `ACCOUNT` value can be the `email` address or the
10208//   `unique_id` of the service account.
10209func (r *ProjectsServiceAccountsKeysService) Get(name string) *ProjectsServiceAccountsKeysGetCall {
10210	c := &ProjectsServiceAccountsKeysGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
10211	c.name = name
10212	return c
10213}
10214
10215// PublicKeyType sets the optional parameter "publicKeyType": The output
10216// format of the public key requested. X509_PEM is the default output
10217// format.
10218//
10219// Possible values:
10220//   "TYPE_NONE" - Unspecified. Returns nothing here.
10221//   "TYPE_X509_PEM_FILE" - X509 PEM format.
10222//   "TYPE_RAW_PUBLIC_KEY" - Raw public key.
10223func (c *ProjectsServiceAccountsKeysGetCall) PublicKeyType(publicKeyType string) *ProjectsServiceAccountsKeysGetCall {
10224	c.urlParams_.Set("publicKeyType", publicKeyType)
10225	return c
10226}
10227
10228// Fields allows partial responses to be retrieved. See
10229// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
10230// for more information.
10231func (c *ProjectsServiceAccountsKeysGetCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysGetCall {
10232	c.urlParams_.Set("fields", googleapi.CombineFields(s))
10233	return c
10234}
10235
10236// IfNoneMatch sets the optional parameter which makes the operation
10237// fail if the object's ETag matches the given value. This is useful for
10238// getting updates only after the object has changed since the last
10239// request. Use googleapi.IsNotModified to check whether the response
10240// error from Do is the result of In-None-Match.
10241func (c *ProjectsServiceAccountsKeysGetCall) IfNoneMatch(entityTag string) *ProjectsServiceAccountsKeysGetCall {
10242	c.ifNoneMatch_ = entityTag
10243	return c
10244}
10245
10246// Context sets the context to be used in this call's Do method. Any
10247// pending HTTP request will be aborted if the provided context is
10248// canceled.
10249func (c *ProjectsServiceAccountsKeysGetCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysGetCall {
10250	c.ctx_ = ctx
10251	return c
10252}
10253
10254// Header returns an http.Header that can be modified by the caller to
10255// add HTTP headers to the request.
10256func (c *ProjectsServiceAccountsKeysGetCall) Header() http.Header {
10257	if c.header_ == nil {
10258		c.header_ = make(http.Header)
10259	}
10260	return c.header_
10261}
10262
10263func (c *ProjectsServiceAccountsKeysGetCall) doRequest(alt string) (*http.Response, error) {
10264	reqHeaders := make(http.Header)
10265	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
10266	for k, v := range c.header_ {
10267		reqHeaders[k] = v
10268	}
10269	reqHeaders.Set("User-Agent", c.s.userAgent())
10270	if c.ifNoneMatch_ != "" {
10271		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
10272	}
10273	var body io.Reader = nil
10274	c.urlParams_.Set("alt", alt)
10275	c.urlParams_.Set("prettyPrint", "false")
10276	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
10277	urls += "?" + c.urlParams_.Encode()
10278	req, err := http.NewRequest("GET", urls, body)
10279	if err != nil {
10280		return nil, err
10281	}
10282	req.Header = reqHeaders
10283	googleapi.Expand(req.URL, map[string]string{
10284		"name": c.name,
10285	})
10286	return gensupport.SendRequest(c.ctx_, c.s.client, req)
10287}
10288
10289// Do executes the "iam.projects.serviceAccounts.keys.get" call.
10290// Exactly one of *ServiceAccountKey or error will be non-nil. Any
10291// non-2xx status code is an error. Response headers are in either
10292// *ServiceAccountKey.ServerResponse.Header or (if a response was
10293// returned at all) in error.(*googleapi.Error).Header. Use
10294// googleapi.IsNotModified to check whether the returned error was
10295// because http.StatusNotModified was returned.
10296func (c *ProjectsServiceAccountsKeysGetCall) Do(opts ...googleapi.CallOption) (*ServiceAccountKey, error) {
10297	gensupport.SetOptions(c.urlParams_, opts...)
10298	res, err := c.doRequest("json")
10299	if res != nil && res.StatusCode == http.StatusNotModified {
10300		if res.Body != nil {
10301			res.Body.Close()
10302		}
10303		return nil, &googleapi.Error{
10304			Code:   res.StatusCode,
10305			Header: res.Header,
10306		}
10307	}
10308	if err != nil {
10309		return nil, err
10310	}
10311	defer googleapi.CloseBody(res)
10312	if err := googleapi.CheckResponse(res); err != nil {
10313		return nil, err
10314	}
10315	ret := &ServiceAccountKey{
10316		ServerResponse: googleapi.ServerResponse{
10317			Header:         res.Header,
10318			HTTPStatusCode: res.StatusCode,
10319		},
10320	}
10321	target := &ret
10322	if err := gensupport.DecodeResponse(target, res); err != nil {
10323		return nil, err
10324	}
10325	return ret, nil
10326	// {
10327	//   "description": "Gets a ServiceAccountKey.",
10328	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}",
10329	//   "httpMethod": "GET",
10330	//   "id": "iam.projects.serviceAccounts.keys.get",
10331	//   "parameterOrder": [
10332	//     "name"
10333	//   ],
10334	//   "parameters": {
10335	//     "name": {
10336	//       "description": "Required. The resource name of the service account key in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
10337	//       "location": "path",
10338	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$",
10339	//       "required": true,
10340	//       "type": "string"
10341	//     },
10342	//     "publicKeyType": {
10343	//       "description": "The output format of the public key requested. X509_PEM is the default output format.",
10344	//       "enum": [
10345	//         "TYPE_NONE",
10346	//         "TYPE_X509_PEM_FILE",
10347	//         "TYPE_RAW_PUBLIC_KEY"
10348	//       ],
10349	//       "enumDescriptions": [
10350	//         "Unspecified. Returns nothing here.",
10351	//         "X509 PEM format.",
10352	//         "Raw public key."
10353	//       ],
10354	//       "location": "query",
10355	//       "type": "string"
10356	//     }
10357	//   },
10358	//   "path": "v1/{+name}",
10359	//   "response": {
10360	//     "$ref": "ServiceAccountKey"
10361	//   },
10362	//   "scopes": [
10363	//     "https://www.googleapis.com/auth/cloud-platform"
10364	//   ]
10365	// }
10366
10367}
10368
10369// method id "iam.projects.serviceAccounts.keys.list":
10370
10371type ProjectsServiceAccountsKeysListCall struct {
10372	s            *Service
10373	name         string
10374	urlParams_   gensupport.URLParams
10375	ifNoneMatch_ string
10376	ctx_         context.Context
10377	header_      http.Header
10378}
10379
10380// List: Lists every ServiceAccountKey for a service account.
10381//
10382// - name: The resource name of the service account in the following
10383//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
10384//   `-` as a wildcard for the `PROJECT_ID`, will infer the project from
10385//   the account. The `ACCOUNT` value can be the `email` address or the
10386//   `unique_id` of the service account.
10387func (r *ProjectsServiceAccountsKeysService) List(name string) *ProjectsServiceAccountsKeysListCall {
10388	c := &ProjectsServiceAccountsKeysListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
10389	c.name = name
10390	return c
10391}
10392
10393// KeyTypes sets the optional parameter "keyTypes": Filters the types of
10394// keys the user wants to include in the list response. Duplicate key
10395// types are not allowed. If no key type is provided, all keys are
10396// returned.
10397//
10398// Possible values:
10399//   "KEY_TYPE_UNSPECIFIED" - Unspecified key type. The presence of this
10400// in the message will immediately result in an error.
10401//   "USER_MANAGED" - User-managed keys (managed and rotated by the
10402// user).
10403//   "SYSTEM_MANAGED" - System-managed keys (managed and rotated by
10404// Google).
10405func (c *ProjectsServiceAccountsKeysListCall) KeyTypes(keyTypes ...string) *ProjectsServiceAccountsKeysListCall {
10406	c.urlParams_.SetMulti("keyTypes", append([]string{}, keyTypes...))
10407	return c
10408}
10409
10410// Fields allows partial responses to be retrieved. See
10411// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
10412// for more information.
10413func (c *ProjectsServiceAccountsKeysListCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysListCall {
10414	c.urlParams_.Set("fields", googleapi.CombineFields(s))
10415	return c
10416}
10417
10418// IfNoneMatch sets the optional parameter which makes the operation
10419// fail if the object's ETag matches the given value. This is useful for
10420// getting updates only after the object has changed since the last
10421// request. Use googleapi.IsNotModified to check whether the response
10422// error from Do is the result of In-None-Match.
10423func (c *ProjectsServiceAccountsKeysListCall) IfNoneMatch(entityTag string) *ProjectsServiceAccountsKeysListCall {
10424	c.ifNoneMatch_ = entityTag
10425	return c
10426}
10427
10428// Context sets the context to be used in this call's Do method. Any
10429// pending HTTP request will be aborted if the provided context is
10430// canceled.
10431func (c *ProjectsServiceAccountsKeysListCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysListCall {
10432	c.ctx_ = ctx
10433	return c
10434}
10435
10436// Header returns an http.Header that can be modified by the caller to
10437// add HTTP headers to the request.
10438func (c *ProjectsServiceAccountsKeysListCall) Header() http.Header {
10439	if c.header_ == nil {
10440		c.header_ = make(http.Header)
10441	}
10442	return c.header_
10443}
10444
10445func (c *ProjectsServiceAccountsKeysListCall) doRequest(alt string) (*http.Response, error) {
10446	reqHeaders := make(http.Header)
10447	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
10448	for k, v := range c.header_ {
10449		reqHeaders[k] = v
10450	}
10451	reqHeaders.Set("User-Agent", c.s.userAgent())
10452	if c.ifNoneMatch_ != "" {
10453		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
10454	}
10455	var body io.Reader = nil
10456	c.urlParams_.Set("alt", alt)
10457	c.urlParams_.Set("prettyPrint", "false")
10458	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/keys")
10459	urls += "?" + c.urlParams_.Encode()
10460	req, err := http.NewRequest("GET", urls, body)
10461	if err != nil {
10462		return nil, err
10463	}
10464	req.Header = reqHeaders
10465	googleapi.Expand(req.URL, map[string]string{
10466		"name": c.name,
10467	})
10468	return gensupport.SendRequest(c.ctx_, c.s.client, req)
10469}
10470
10471// Do executes the "iam.projects.serviceAccounts.keys.list" call.
10472// Exactly one of *ListServiceAccountKeysResponse or error will be
10473// non-nil. Any non-2xx status code is an error. Response headers are in
10474// either *ListServiceAccountKeysResponse.ServerResponse.Header or (if a
10475// response was returned at all) in error.(*googleapi.Error).Header. Use
10476// googleapi.IsNotModified to check whether the returned error was
10477// because http.StatusNotModified was returned.
10478func (c *ProjectsServiceAccountsKeysListCall) Do(opts ...googleapi.CallOption) (*ListServiceAccountKeysResponse, error) {
10479	gensupport.SetOptions(c.urlParams_, opts...)
10480	res, err := c.doRequest("json")
10481	if res != nil && res.StatusCode == http.StatusNotModified {
10482		if res.Body != nil {
10483			res.Body.Close()
10484		}
10485		return nil, &googleapi.Error{
10486			Code:   res.StatusCode,
10487			Header: res.Header,
10488		}
10489	}
10490	if err != nil {
10491		return nil, err
10492	}
10493	defer googleapi.CloseBody(res)
10494	if err := googleapi.CheckResponse(res); err != nil {
10495		return nil, err
10496	}
10497	ret := &ListServiceAccountKeysResponse{
10498		ServerResponse: googleapi.ServerResponse{
10499			Header:         res.Header,
10500			HTTPStatusCode: res.StatusCode,
10501		},
10502	}
10503	target := &ret
10504	if err := gensupport.DecodeResponse(target, res); err != nil {
10505		return nil, err
10506	}
10507	return ret, nil
10508	// {
10509	//   "description": "Lists every ServiceAccountKey for a service account.",
10510	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys",
10511	//   "httpMethod": "GET",
10512	//   "id": "iam.projects.serviceAccounts.keys.list",
10513	//   "parameterOrder": [
10514	//     "name"
10515	//   ],
10516	//   "parameters": {
10517	//     "keyTypes": {
10518	//       "description": "Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned.",
10519	//       "enum": [
10520	//         "KEY_TYPE_UNSPECIFIED",
10521	//         "USER_MANAGED",
10522	//         "SYSTEM_MANAGED"
10523	//       ],
10524	//       "enumDescriptions": [
10525	//         "Unspecified key type. The presence of this in the message will immediately result in an error.",
10526	//         "User-managed keys (managed and rotated by the user).",
10527	//         "System-managed keys (managed and rotated by Google)."
10528	//       ],
10529	//       "location": "query",
10530	//       "repeated": true,
10531	//       "type": "string"
10532	//     },
10533	//     "name": {
10534	//       "description": "Required. The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID`, will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
10535	//       "location": "path",
10536	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
10537	//       "required": true,
10538	//       "type": "string"
10539	//     }
10540	//   },
10541	//   "path": "v1/{+name}/keys",
10542	//   "response": {
10543	//     "$ref": "ListServiceAccountKeysResponse"
10544	//   },
10545	//   "scopes": [
10546	//     "https://www.googleapis.com/auth/cloud-platform"
10547	//   ]
10548	// }
10549
10550}
10551
10552// method id "iam.projects.serviceAccounts.keys.upload":
10553
10554type ProjectsServiceAccountsKeysUploadCall struct {
10555	s                              *Service
10556	name                           string
10557	uploadserviceaccountkeyrequest *UploadServiceAccountKeyRequest
10558	urlParams_                     gensupport.URLParams
10559	ctx_                           context.Context
10560	header_                        http.Header
10561}
10562
10563// Upload: Creates a ServiceAccountKey, using a public key that you
10564// provide.
10565//
10566// - name: The resource name of the service account in the following
10567//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
10568//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
10569//   the account. The `ACCOUNT` value can be the `email` address or the
10570//   `unique_id` of the service account.
10571func (r *ProjectsServiceAccountsKeysService) Upload(name string, uploadserviceaccountkeyrequest *UploadServiceAccountKeyRequest) *ProjectsServiceAccountsKeysUploadCall {
10572	c := &ProjectsServiceAccountsKeysUploadCall{s: r.s, urlParams_: make(gensupport.URLParams)}
10573	c.name = name
10574	c.uploadserviceaccountkeyrequest = uploadserviceaccountkeyrequest
10575	return c
10576}
10577
10578// Fields allows partial responses to be retrieved. See
10579// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
10580// for more information.
10581func (c *ProjectsServiceAccountsKeysUploadCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysUploadCall {
10582	c.urlParams_.Set("fields", googleapi.CombineFields(s))
10583	return c
10584}
10585
10586// Context sets the context to be used in this call's Do method. Any
10587// pending HTTP request will be aborted if the provided context is
10588// canceled.
10589func (c *ProjectsServiceAccountsKeysUploadCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysUploadCall {
10590	c.ctx_ = ctx
10591	return c
10592}
10593
10594// Header returns an http.Header that can be modified by the caller to
10595// add HTTP headers to the request.
10596func (c *ProjectsServiceAccountsKeysUploadCall) Header() http.Header {
10597	if c.header_ == nil {
10598		c.header_ = make(http.Header)
10599	}
10600	return c.header_
10601}
10602
10603func (c *ProjectsServiceAccountsKeysUploadCall) doRequest(alt string) (*http.Response, error) {
10604	reqHeaders := make(http.Header)
10605	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
10606	for k, v := range c.header_ {
10607		reqHeaders[k] = v
10608	}
10609	reqHeaders.Set("User-Agent", c.s.userAgent())
10610	var body io.Reader = nil
10611	body, err := googleapi.WithoutDataWrapper.JSONReader(c.uploadserviceaccountkeyrequest)
10612	if err != nil {
10613		return nil, err
10614	}
10615	reqHeaders.Set("Content-Type", "application/json")
10616	c.urlParams_.Set("alt", alt)
10617	c.urlParams_.Set("prettyPrint", "false")
10618	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/keys:upload")
10619	urls += "?" + c.urlParams_.Encode()
10620	req, err := http.NewRequest("POST", urls, body)
10621	if err != nil {
10622		return nil, err
10623	}
10624	req.Header = reqHeaders
10625	googleapi.Expand(req.URL, map[string]string{
10626		"name": c.name,
10627	})
10628	return gensupport.SendRequest(c.ctx_, c.s.client, req)
10629}
10630
10631// Do executes the "iam.projects.serviceAccounts.keys.upload" call.
10632// Exactly one of *ServiceAccountKey or error will be non-nil. Any
10633// non-2xx status code is an error. Response headers are in either
10634// *ServiceAccountKey.ServerResponse.Header or (if a response was
10635// returned at all) in error.(*googleapi.Error).Header. Use
10636// googleapi.IsNotModified to check whether the returned error was
10637// because http.StatusNotModified was returned.
10638func (c *ProjectsServiceAccountsKeysUploadCall) Do(opts ...googleapi.CallOption) (*ServiceAccountKey, error) {
10639	gensupport.SetOptions(c.urlParams_, opts...)
10640	res, err := c.doRequest("json")
10641	if res != nil && res.StatusCode == http.StatusNotModified {
10642		if res.Body != nil {
10643			res.Body.Close()
10644		}
10645		return nil, &googleapi.Error{
10646			Code:   res.StatusCode,
10647			Header: res.Header,
10648		}
10649	}
10650	if err != nil {
10651		return nil, err
10652	}
10653	defer googleapi.CloseBody(res)
10654	if err := googleapi.CheckResponse(res); err != nil {
10655		return nil, err
10656	}
10657	ret := &ServiceAccountKey{
10658		ServerResponse: googleapi.ServerResponse{
10659			Header:         res.Header,
10660			HTTPStatusCode: res.StatusCode,
10661		},
10662	}
10663	target := &ret
10664	if err := gensupport.DecodeResponse(target, res); err != nil {
10665		return nil, err
10666	}
10667	return ret, nil
10668	// {
10669	//   "description": "Creates a ServiceAccountKey, using a public key that you provide.",
10670	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys:upload",
10671	//   "httpMethod": "POST",
10672	//   "id": "iam.projects.serviceAccounts.keys.upload",
10673	//   "parameterOrder": [
10674	//     "name"
10675	//   ],
10676	//   "parameters": {
10677	//     "name": {
10678	//       "description": "The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
10679	//       "location": "path",
10680	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
10681	//       "required": true,
10682	//       "type": "string"
10683	//     }
10684	//   },
10685	//   "path": "v1/{+name}/keys:upload",
10686	//   "request": {
10687	//     "$ref": "UploadServiceAccountKeyRequest"
10688	//   },
10689	//   "response": {
10690	//     "$ref": "ServiceAccountKey"
10691	//   },
10692	//   "scopes": [
10693	//     "https://www.googleapis.com/auth/cloud-platform"
10694	//   ]
10695	// }
10696
10697}
10698
10699// method id "iam.roles.get":
10700
10701type RolesGetCall struct {
10702	s            *Service
10703	name         string
10704	urlParams_   gensupport.URLParams
10705	ifNoneMatch_ string
10706	ctx_         context.Context
10707	header_      http.Header
10708}
10709
10710// Get: Gets the definition of a Role.
10711//
10712// - name: The `name` parameter's value depends on the target resource
10713//   for the request, namely `roles` (/iam/reference/rest/v1/roles),
10714//   `projects` (/iam/reference/rest/v1/projects.roles), or
10715//   `organizations` (/iam/reference/rest/v1/organizations.roles). Each
10716//   resource type's `name` value format is described below: *
10717//   `roles.get()` (/iam/reference/rest/v1/roles/get):
10718//   `roles/{ROLE_NAME}`. This method returns results from all
10719//   predefined roles (/iam/docs/understanding-roles#predefined_roles)
10720//   in Cloud IAM. Example request URL:
10721//   `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` *
10722//   `projects.roles.get()` (/iam/reference/rest/v1/projects.roles/get):
10723//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns
10724//   only custom roles (/iam/docs/understanding-custom-roles) that have
10725//   been created at the project level. Example request URL:
10726//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
10727//   OLE_ID}` * `organizations.roles.get()`
10728//   (/iam/reference/rest/v1/organizations.roles/get):
10729//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
10730//   method returns only custom roles
10731//   (/iam/docs/understanding-custom-roles) that have been created at
10732//   the organization level. Example request URL:
10733//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
10734//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
10735//   specify a complete project ID or organization ID.
10736func (r *RolesService) Get(name string) *RolesGetCall {
10737	c := &RolesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
10738	c.name = name
10739	return c
10740}
10741
10742// Fields allows partial responses to be retrieved. See
10743// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
10744// for more information.
10745func (c *RolesGetCall) Fields(s ...googleapi.Field) *RolesGetCall {
10746	c.urlParams_.Set("fields", googleapi.CombineFields(s))
10747	return c
10748}
10749
10750// IfNoneMatch sets the optional parameter which makes the operation
10751// fail if the object's ETag matches the given value. This is useful for
10752// getting updates only after the object has changed since the last
10753// request. Use googleapi.IsNotModified to check whether the response
10754// error from Do is the result of In-None-Match.
10755func (c *RolesGetCall) IfNoneMatch(entityTag string) *RolesGetCall {
10756	c.ifNoneMatch_ = entityTag
10757	return c
10758}
10759
10760// Context sets the context to be used in this call's Do method. Any
10761// pending HTTP request will be aborted if the provided context is
10762// canceled.
10763func (c *RolesGetCall) Context(ctx context.Context) *RolesGetCall {
10764	c.ctx_ = ctx
10765	return c
10766}
10767
10768// Header returns an http.Header that can be modified by the caller to
10769// add HTTP headers to the request.
10770func (c *RolesGetCall) Header() http.Header {
10771	if c.header_ == nil {
10772		c.header_ = make(http.Header)
10773	}
10774	return c.header_
10775}
10776
10777func (c *RolesGetCall) doRequest(alt string) (*http.Response, error) {
10778	reqHeaders := make(http.Header)
10779	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
10780	for k, v := range c.header_ {
10781		reqHeaders[k] = v
10782	}
10783	reqHeaders.Set("User-Agent", c.s.userAgent())
10784	if c.ifNoneMatch_ != "" {
10785		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
10786	}
10787	var body io.Reader = nil
10788	c.urlParams_.Set("alt", alt)
10789	c.urlParams_.Set("prettyPrint", "false")
10790	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
10791	urls += "?" + c.urlParams_.Encode()
10792	req, err := http.NewRequest("GET", urls, body)
10793	if err != nil {
10794		return nil, err
10795	}
10796	req.Header = reqHeaders
10797	googleapi.Expand(req.URL, map[string]string{
10798		"name": c.name,
10799	})
10800	return gensupport.SendRequest(c.ctx_, c.s.client, req)
10801}
10802
10803// Do executes the "iam.roles.get" call.
10804// Exactly one of *Role or error will be non-nil. Any non-2xx status
10805// code is an error. Response headers are in either
10806// *Role.ServerResponse.Header or (if a response was returned at all) in
10807// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
10808// whether the returned error was because http.StatusNotModified was
10809// returned.
10810func (c *RolesGetCall) Do(opts ...googleapi.CallOption) (*Role, error) {
10811	gensupport.SetOptions(c.urlParams_, opts...)
10812	res, err := c.doRequest("json")
10813	if res != nil && res.StatusCode == http.StatusNotModified {
10814		if res.Body != nil {
10815			res.Body.Close()
10816		}
10817		return nil, &googleapi.Error{
10818			Code:   res.StatusCode,
10819			Header: res.Header,
10820		}
10821	}
10822	if err != nil {
10823		return nil, err
10824	}
10825	defer googleapi.CloseBody(res)
10826	if err := googleapi.CheckResponse(res); err != nil {
10827		return nil, err
10828	}
10829	ret := &Role{
10830		ServerResponse: googleapi.ServerResponse{
10831			Header:         res.Header,
10832			HTTPStatusCode: res.StatusCode,
10833		},
10834	}
10835	target := &ret
10836	if err := gensupport.DecodeResponse(target, res); err != nil {
10837		return nil, err
10838	}
10839	return ret, nil
10840	// {
10841	//   "description": "Gets the definition of a Role.",
10842	//   "flatPath": "v1/roles/{rolesId}",
10843	//   "httpMethod": "GET",
10844	//   "id": "iam.roles.get",
10845	//   "parameterOrder": [
10846	//     "name"
10847	//   ],
10848	//   "parameters": {
10849	//     "name": {
10850	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`. This method returns results from all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
10851	//       "location": "path",
10852	//       "pattern": "^roles/[^/]+$",
10853	//       "required": true,
10854	//       "type": "string"
10855	//     }
10856	//   },
10857	//   "path": "v1/{+name}",
10858	//   "response": {
10859	//     "$ref": "Role"
10860	//   },
10861	//   "scopes": [
10862	//     "https://www.googleapis.com/auth/cloud-platform"
10863	//   ]
10864	// }
10865
10866}
10867
10868// method id "iam.roles.list":
10869
10870type RolesListCall struct {
10871	s            *Service
10872	urlParams_   gensupport.URLParams
10873	ifNoneMatch_ string
10874	ctx_         context.Context
10875	header_      http.Header
10876}
10877
10878// List: Lists every predefined Role that IAM supports, or every custom
10879// role that is defined for an organization or project.
10880func (r *RolesService) List() *RolesListCall {
10881	c := &RolesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
10882	return c
10883}
10884
10885// PageSize sets the optional parameter "pageSize": Optional limit on
10886// the number of roles to include in the response. The default is 300,
10887// and the maximum is 1,000.
10888func (c *RolesListCall) PageSize(pageSize int64) *RolesListCall {
10889	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
10890	return c
10891}
10892
10893// PageToken sets the optional parameter "pageToken": Optional
10894// pagination token returned in an earlier ListRolesResponse.
10895func (c *RolesListCall) PageToken(pageToken string) *RolesListCall {
10896	c.urlParams_.Set("pageToken", pageToken)
10897	return c
10898}
10899
10900// Parent sets the optional parameter "parent": The `parent` parameter's
10901// value depends on the target resource for the request, namely `roles`
10902// (/iam/reference/rest/v1/roles), `projects`
10903// (/iam/reference/rest/v1/projects.roles), or `organizations`
10904// (/iam/reference/rest/v1/organizations.roles). Each resource type's
10905// `parent` value format is described below: * `roles.list()`
10906// (/iam/reference/rest/v1/roles/list): An empty string. This method
10907// doesn't require a resource; it simply returns all predefined roles
10908// (/iam/docs/understanding-roles#predefined_roles) in Cloud IAM.
10909// Example request URL: `https://iam.googleapis.com/v1/roles` *
10910// `projects.roles.list()` (/iam/reference/rest/v1/projects.roles/list):
10911// `projects/{PROJECT_ID}`. This method lists all project-level custom
10912// roles (/iam/docs/understanding-custom-roles). Example request URL:
10913// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` *
10914// `organizations.roles.list()`
10915// (/iam/reference/rest/v1/organizations.roles/list):
10916// `organizations/{ORGANIZATION_ID}`. This method lists all
10917// organization-level custom roles
10918// (/iam/docs/understanding-custom-roles). Example request URL:
10919// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`
10920// Note: Wildcard (*) values are invalid; you must specify a complete
10921// project ID or organization ID.
10922func (c *RolesListCall) Parent(parent string) *RolesListCall {
10923	c.urlParams_.Set("parent", parent)
10924	return c
10925}
10926
10927// ShowDeleted sets the optional parameter "showDeleted": Include Roles
10928// that have been deleted.
10929func (c *RolesListCall) ShowDeleted(showDeleted bool) *RolesListCall {
10930	c.urlParams_.Set("showDeleted", fmt.Sprint(showDeleted))
10931	return c
10932}
10933
10934// View sets the optional parameter "view": Optional view for the
10935// returned Role objects. When `FULL` is specified, the
10936// `includedPermissions` field is returned, which includes a list of all
10937// permissions in the role. The default value is `BASIC`, which does not
10938// return the `includedPermissions` field.
10939//
10940// Possible values:
10941//   "BASIC" - Omits the `included_permissions` field. This is the
10942// default value.
10943//   "FULL" - Returns all fields.
10944func (c *RolesListCall) View(view string) *RolesListCall {
10945	c.urlParams_.Set("view", view)
10946	return c
10947}
10948
10949// Fields allows partial responses to be retrieved. See
10950// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
10951// for more information.
10952func (c *RolesListCall) Fields(s ...googleapi.Field) *RolesListCall {
10953	c.urlParams_.Set("fields", googleapi.CombineFields(s))
10954	return c
10955}
10956
10957// IfNoneMatch sets the optional parameter which makes the operation
10958// fail if the object's ETag matches the given value. This is useful for
10959// getting updates only after the object has changed since the last
10960// request. Use googleapi.IsNotModified to check whether the response
10961// error from Do is the result of In-None-Match.
10962func (c *RolesListCall) IfNoneMatch(entityTag string) *RolesListCall {
10963	c.ifNoneMatch_ = entityTag
10964	return c
10965}
10966
10967// Context sets the context to be used in this call's Do method. Any
10968// pending HTTP request will be aborted if the provided context is
10969// canceled.
10970func (c *RolesListCall) Context(ctx context.Context) *RolesListCall {
10971	c.ctx_ = ctx
10972	return c
10973}
10974
10975// Header returns an http.Header that can be modified by the caller to
10976// add HTTP headers to the request.
10977func (c *RolesListCall) Header() http.Header {
10978	if c.header_ == nil {
10979		c.header_ = make(http.Header)
10980	}
10981	return c.header_
10982}
10983
10984func (c *RolesListCall) doRequest(alt string) (*http.Response, error) {
10985	reqHeaders := make(http.Header)
10986	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
10987	for k, v := range c.header_ {
10988		reqHeaders[k] = v
10989	}
10990	reqHeaders.Set("User-Agent", c.s.userAgent())
10991	if c.ifNoneMatch_ != "" {
10992		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
10993	}
10994	var body io.Reader = nil
10995	c.urlParams_.Set("alt", alt)
10996	c.urlParams_.Set("prettyPrint", "false")
10997	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/roles")
10998	urls += "?" + c.urlParams_.Encode()
10999	req, err := http.NewRequest("GET", urls, body)
11000	if err != nil {
11001		return nil, err
11002	}
11003	req.Header = reqHeaders
11004	return gensupport.SendRequest(c.ctx_, c.s.client, req)
11005}
11006
11007// Do executes the "iam.roles.list" call.
11008// Exactly one of *ListRolesResponse or error will be non-nil. Any
11009// non-2xx status code is an error. Response headers are in either
11010// *ListRolesResponse.ServerResponse.Header or (if a response was
11011// returned at all) in error.(*googleapi.Error).Header. Use
11012// googleapi.IsNotModified to check whether the returned error was
11013// because http.StatusNotModified was returned.
11014func (c *RolesListCall) Do(opts ...googleapi.CallOption) (*ListRolesResponse, error) {
11015	gensupport.SetOptions(c.urlParams_, opts...)
11016	res, err := c.doRequest("json")
11017	if res != nil && res.StatusCode == http.StatusNotModified {
11018		if res.Body != nil {
11019			res.Body.Close()
11020		}
11021		return nil, &googleapi.Error{
11022			Code:   res.StatusCode,
11023			Header: res.Header,
11024		}
11025	}
11026	if err != nil {
11027		return nil, err
11028	}
11029	defer googleapi.CloseBody(res)
11030	if err := googleapi.CheckResponse(res); err != nil {
11031		return nil, err
11032	}
11033	ret := &ListRolesResponse{
11034		ServerResponse: googleapi.ServerResponse{
11035			Header:         res.Header,
11036			HTTPStatusCode: res.StatusCode,
11037		},
11038	}
11039	target := &ret
11040	if err := gensupport.DecodeResponse(target, res); err != nil {
11041		return nil, err
11042	}
11043	return ret, nil
11044	// {
11045	//   "description": "Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.",
11046	//   "flatPath": "v1/roles",
11047	//   "httpMethod": "GET",
11048	//   "id": "iam.roles.list",
11049	//   "parameterOrder": [],
11050	//   "parameters": {
11051	//     "pageSize": {
11052	//       "description": "Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.",
11053	//       "format": "int32",
11054	//       "location": "query",
11055	//       "type": "integer"
11056	//     },
11057	//     "pageToken": {
11058	//       "description": "Optional pagination token returned in an earlier ListRolesResponse.",
11059	//       "location": "query",
11060	//       "type": "string"
11061	//     },
11062	//     "parent": {
11063	//       "description": "The `parent` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. This method doesn't require a resource; it simply returns all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list): `projects/{PROJECT_ID}`. This method lists all project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list): `organizations/{ORGANIZATION_ID}`. This method lists all organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
11064	//       "location": "query",
11065	//       "type": "string"
11066	//     },
11067	//     "showDeleted": {
11068	//       "description": "Include Roles that have been deleted.",
11069	//       "location": "query",
11070	//       "type": "boolean"
11071	//     },
11072	//     "view": {
11073	//       "description": "Optional view for the returned Role objects. When `FULL` is specified, the `includedPermissions` field is returned, which includes a list of all permissions in the role. The default value is `BASIC`, which does not return the `includedPermissions` field.",
11074	//       "enum": [
11075	//         "BASIC",
11076	//         "FULL"
11077	//       ],
11078	//       "enumDescriptions": [
11079	//         "Omits the `included_permissions` field. This is the default value.",
11080	//         "Returns all fields."
11081	//       ],
11082	//       "location": "query",
11083	//       "type": "string"
11084	//     }
11085	//   },
11086	//   "path": "v1/roles",
11087	//   "response": {
11088	//     "$ref": "ListRolesResponse"
11089	//   },
11090	//   "scopes": [
11091	//     "https://www.googleapis.com/auth/cloud-platform"
11092	//   ]
11093	// }
11094
11095}
11096
11097// Pages invokes f for each page of results.
11098// A non-nil error returned from f will halt the iteration.
11099// The provided context supersedes any context provided to the Context method.
11100func (c *RolesListCall) Pages(ctx context.Context, f func(*ListRolesResponse) error) error {
11101	c.ctx_ = ctx
11102	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
11103	for {
11104		x, err := c.Do()
11105		if err != nil {
11106			return err
11107		}
11108		if err := f(x); err != nil {
11109			return err
11110		}
11111		if x.NextPageToken == "" {
11112			return nil
11113		}
11114		c.PageToken(x.NextPageToken)
11115	}
11116}
11117
11118// method id "iam.roles.queryGrantableRoles":
11119
11120type RolesQueryGrantableRolesCall struct {
11121	s                          *Service
11122	querygrantablerolesrequest *QueryGrantableRolesRequest
11123	urlParams_                 gensupport.URLParams
11124	ctx_                       context.Context
11125	header_                    http.Header
11126}
11127
11128// QueryGrantableRoles: Lists roles that can be granted on a Google
11129// Cloud resource. A role is grantable if the IAM policy for the
11130// resource can contain bindings to the role.
11131func (r *RolesService) QueryGrantableRoles(querygrantablerolesrequest *QueryGrantableRolesRequest) *RolesQueryGrantableRolesCall {
11132	c := &RolesQueryGrantableRolesCall{s: r.s, urlParams_: make(gensupport.URLParams)}
11133	c.querygrantablerolesrequest = querygrantablerolesrequest
11134	return c
11135}
11136
11137// Fields allows partial responses to be retrieved. See
11138// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
11139// for more information.
11140func (c *RolesQueryGrantableRolesCall) Fields(s ...googleapi.Field) *RolesQueryGrantableRolesCall {
11141	c.urlParams_.Set("fields", googleapi.CombineFields(s))
11142	return c
11143}
11144
11145// Context sets the context to be used in this call's Do method. Any
11146// pending HTTP request will be aborted if the provided context is
11147// canceled.
11148func (c *RolesQueryGrantableRolesCall) Context(ctx context.Context) *RolesQueryGrantableRolesCall {
11149	c.ctx_ = ctx
11150	return c
11151}
11152
11153// Header returns an http.Header that can be modified by the caller to
11154// add HTTP headers to the request.
11155func (c *RolesQueryGrantableRolesCall) Header() http.Header {
11156	if c.header_ == nil {
11157		c.header_ = make(http.Header)
11158	}
11159	return c.header_
11160}
11161
11162func (c *RolesQueryGrantableRolesCall) doRequest(alt string) (*http.Response, error) {
11163	reqHeaders := make(http.Header)
11164	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210915")
11165	for k, v := range c.header_ {
11166		reqHeaders[k] = v
11167	}
11168	reqHeaders.Set("User-Agent", c.s.userAgent())
11169	var body io.Reader = nil
11170	body, err := googleapi.WithoutDataWrapper.JSONReader(c.querygrantablerolesrequest)
11171	if err != nil {
11172		return nil, err
11173	}
11174	reqHeaders.Set("Content-Type", "application/json")
11175	c.urlParams_.Set("alt", alt)
11176	c.urlParams_.Set("prettyPrint", "false")
11177	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/roles:queryGrantableRoles")
11178	urls += "?" + c.urlParams_.Encode()
11179	req, err := http.NewRequest("POST", urls, body)
11180	if err != nil {
11181		return nil, err
11182	}
11183	req.Header = reqHeaders
11184	return gensupport.SendRequest(c.ctx_, c.s.client, req)
11185}
11186
11187// Do executes the "iam.roles.queryGrantableRoles" call.
11188// Exactly one of *QueryGrantableRolesResponse or error will be non-nil.
11189// Any non-2xx status code is an error. Response headers are in either
11190// *QueryGrantableRolesResponse.ServerResponse.Header or (if a response
11191// was returned at all) in error.(*googleapi.Error).Header. Use
11192// googleapi.IsNotModified to check whether the returned error was
11193// because http.StatusNotModified was returned.
11194func (c *RolesQueryGrantableRolesCall) Do(opts ...googleapi.CallOption) (*QueryGrantableRolesResponse, error) {
11195	gensupport.SetOptions(c.urlParams_, opts...)
11196	res, err := c.doRequest("json")
11197	if res != nil && res.StatusCode == http.StatusNotModified {
11198		if res.Body != nil {
11199			res.Body.Close()
11200		}
11201		return nil, &googleapi.Error{
11202			Code:   res.StatusCode,
11203			Header: res.Header,
11204		}
11205	}
11206	if err != nil {
11207		return nil, err
11208	}
11209	defer googleapi.CloseBody(res)
11210	if err := googleapi.CheckResponse(res); err != nil {
11211		return nil, err
11212	}
11213	ret := &QueryGrantableRolesResponse{
11214		ServerResponse: googleapi.ServerResponse{
11215			Header:         res.Header,
11216			HTTPStatusCode: res.StatusCode,
11217		},
11218	}
11219	target := &ret
11220	if err := gensupport.DecodeResponse(target, res); err != nil {
11221		return nil, err
11222	}
11223	return ret, nil
11224	// {
11225	//   "description": "Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.",
11226	//   "flatPath": "v1/roles:queryGrantableRoles",
11227	//   "httpMethod": "POST",
11228	//   "id": "iam.roles.queryGrantableRoles",
11229	//   "parameterOrder": [],
11230	//   "parameters": {},
11231	//   "path": "v1/roles:queryGrantableRoles",
11232	//   "request": {
11233	//     "$ref": "QueryGrantableRolesRequest"
11234	//   },
11235	//   "response": {
11236	//     "$ref": "QueryGrantableRolesResponse"
11237	//   },
11238	//   "scopes": [
11239	//     "https://www.googleapis.com/auth/cloud-platform"
11240	//   ]
11241	// }
11242
11243}
11244
11245// Pages invokes f for each page of results.
11246// A non-nil error returned from f will halt the iteration.
11247// The provided context supersedes any context provided to the Context method.
11248func (c *RolesQueryGrantableRolesCall) Pages(ctx context.Context, f func(*QueryGrantableRolesResponse) error) error {
11249	c.ctx_ = ctx
11250	defer func(pt string) { c.querygrantablerolesrequest.PageToken = pt }(c.querygrantablerolesrequest.PageToken) // reset paging to original point
11251	for {
11252		x, err := c.Do()
11253		if err != nil {
11254			return err
11255		}
11256		if err := f(x); err != nil {
11257			return err
11258		}
11259		if x.NextPageToken == "" {
11260			return nil
11261		}
11262		c.querygrantablerolesrequest.PageToken = x.NextPageToken
11263	}
11264}
11265