1// Copyright 2021 Google LLC.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5// Code generated file. DO NOT EDIT.
6
7// Package iam provides access to the Identity and Access Management (IAM) API.
8//
9// For product documentation, see: https://cloud.google.com/iam/
10//
11// Creating a client
12//
13// Usage example:
14//
15//   import "google.golang.org/api/iam/v1"
16//   ...
17//   ctx := context.Background()
18//   iamService, err := iam.NewService(ctx)
19//
20// In this example, Google Application Default Credentials are used for authentication.
21//
22// For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials.
23//
24// Other authentication options
25//
26// To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey:
27//
28//   iamService, err := iam.NewService(ctx, option.WithAPIKey("AIza..."))
29//
30// To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource:
31//
32//   config := &oauth2.Config{...}
33//   // ...
34//   token, err := config.Exchange(ctx, ...)
35//   iamService, err := iam.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token)))
36//
37// See https://godoc.org/google.golang.org/api/option/ for details on options.
38package iam // import "google.golang.org/api/iam/v1"
39
40import (
41	"bytes"
42	"context"
43	"encoding/json"
44	"errors"
45	"fmt"
46	"io"
47	"net/http"
48	"net/url"
49	"strconv"
50	"strings"
51
52	googleapi "google.golang.org/api/googleapi"
53	gensupport "google.golang.org/api/internal/gensupport"
54	option "google.golang.org/api/option"
55	internaloption "google.golang.org/api/option/internaloption"
56	htransport "google.golang.org/api/transport/http"
57)
58
59// Always reference these packages, just in case the auto-generated code
60// below doesn't.
61var _ = bytes.NewBuffer
62var _ = strconv.Itoa
63var _ = fmt.Sprintf
64var _ = json.NewDecoder
65var _ = io.Copy
66var _ = url.Parse
67var _ = gensupport.MarshalJSON
68var _ = googleapi.Version
69var _ = errors.New
70var _ = strings.Replace
71var _ = context.Canceled
72var _ = internaloption.WithDefaultEndpoint
73
74const apiId = "iam:v1"
75const apiName = "iam"
76const apiVersion = "v1"
77const basePath = "https://iam.googleapis.com/"
78const mtlsBasePath = "https://iam.mtls.googleapis.com/"
79
80// OAuth2 scopes used by this API.
81const (
82	// See, edit, configure, and delete your Google Cloud data and see the
83	// email address for your Google Account.
84	CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform"
85)
86
87// NewService creates a new Service.
88func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) {
89	scopesOption := option.WithScopes(
90		"https://www.googleapis.com/auth/cloud-platform",
91	)
92	// NOTE: prepend, so we don't override user-specified scopes.
93	opts = append([]option.ClientOption{scopesOption}, opts...)
94	opts = append(opts, internaloption.WithDefaultEndpoint(basePath))
95	opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath))
96	client, endpoint, err := htransport.NewClient(ctx, opts...)
97	if err != nil {
98		return nil, err
99	}
100	s, err := New(client)
101	if err != nil {
102		return nil, err
103	}
104	if endpoint != "" {
105		s.BasePath = endpoint
106	}
107	return s, nil
108}
109
110// New creates a new Service. It uses the provided http.Client for requests.
111//
112// Deprecated: please use NewService instead.
113// To provide a custom HTTP client, use option.WithHTTPClient.
114// If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead.
115func New(client *http.Client) (*Service, error) {
116	if client == nil {
117		return nil, errors.New("client is nil")
118	}
119	s := &Service{client: client, BasePath: basePath}
120	s.IamPolicies = NewIamPoliciesService(s)
121	s.Locations = NewLocationsService(s)
122	s.Organizations = NewOrganizationsService(s)
123	s.Permissions = NewPermissionsService(s)
124	s.Projects = NewProjectsService(s)
125	s.Roles = NewRolesService(s)
126	return s, nil
127}
128
129type Service struct {
130	client    *http.Client
131	BasePath  string // API endpoint base URL
132	UserAgent string // optional additional User-Agent fragment
133
134	IamPolicies *IamPoliciesService
135
136	Locations *LocationsService
137
138	Organizations *OrganizationsService
139
140	Permissions *PermissionsService
141
142	Projects *ProjectsService
143
144	Roles *RolesService
145}
146
147func (s *Service) userAgent() string {
148	if s.UserAgent == "" {
149		return googleapi.UserAgent
150	}
151	return googleapi.UserAgent + " " + s.UserAgent
152}
153
154func NewIamPoliciesService(s *Service) *IamPoliciesService {
155	rs := &IamPoliciesService{s: s}
156	return rs
157}
158
159type IamPoliciesService struct {
160	s *Service
161}
162
163func NewLocationsService(s *Service) *LocationsService {
164	rs := &LocationsService{s: s}
165	rs.WorkforcePools = NewLocationsWorkforcePoolsService(s)
166	return rs
167}
168
169type LocationsService struct {
170	s *Service
171
172	WorkforcePools *LocationsWorkforcePoolsService
173}
174
175func NewLocationsWorkforcePoolsService(s *Service) *LocationsWorkforcePoolsService {
176	rs := &LocationsWorkforcePoolsService{s: s}
177	rs.Operations = NewLocationsWorkforcePoolsOperationsService(s)
178	rs.Providers = NewLocationsWorkforcePoolsProvidersService(s)
179	return rs
180}
181
182type LocationsWorkforcePoolsService struct {
183	s *Service
184
185	Operations *LocationsWorkforcePoolsOperationsService
186
187	Providers *LocationsWorkforcePoolsProvidersService
188}
189
190func NewLocationsWorkforcePoolsOperationsService(s *Service) *LocationsWorkforcePoolsOperationsService {
191	rs := &LocationsWorkforcePoolsOperationsService{s: s}
192	return rs
193}
194
195type LocationsWorkforcePoolsOperationsService struct {
196	s *Service
197}
198
199func NewLocationsWorkforcePoolsProvidersService(s *Service) *LocationsWorkforcePoolsProvidersService {
200	rs := &LocationsWorkforcePoolsProvidersService{s: s}
201	rs.Operations = NewLocationsWorkforcePoolsProvidersOperationsService(s)
202	return rs
203}
204
205type LocationsWorkforcePoolsProvidersService struct {
206	s *Service
207
208	Operations *LocationsWorkforcePoolsProvidersOperationsService
209}
210
211func NewLocationsWorkforcePoolsProvidersOperationsService(s *Service) *LocationsWorkforcePoolsProvidersOperationsService {
212	rs := &LocationsWorkforcePoolsProvidersOperationsService{s: s}
213	return rs
214}
215
216type LocationsWorkforcePoolsProvidersOperationsService struct {
217	s *Service
218}
219
220func NewOrganizationsService(s *Service) *OrganizationsService {
221	rs := &OrganizationsService{s: s}
222	rs.Roles = NewOrganizationsRolesService(s)
223	return rs
224}
225
226type OrganizationsService struct {
227	s *Service
228
229	Roles *OrganizationsRolesService
230}
231
232func NewOrganizationsRolesService(s *Service) *OrganizationsRolesService {
233	rs := &OrganizationsRolesService{s: s}
234	return rs
235}
236
237type OrganizationsRolesService struct {
238	s *Service
239}
240
241func NewPermissionsService(s *Service) *PermissionsService {
242	rs := &PermissionsService{s: s}
243	return rs
244}
245
246type PermissionsService struct {
247	s *Service
248}
249
250func NewProjectsService(s *Service) *ProjectsService {
251	rs := &ProjectsService{s: s}
252	rs.Locations = NewProjectsLocationsService(s)
253	rs.Roles = NewProjectsRolesService(s)
254	rs.ServiceAccounts = NewProjectsServiceAccountsService(s)
255	return rs
256}
257
258type ProjectsService struct {
259	s *Service
260
261	Locations *ProjectsLocationsService
262
263	Roles *ProjectsRolesService
264
265	ServiceAccounts *ProjectsServiceAccountsService
266}
267
268func NewProjectsLocationsService(s *Service) *ProjectsLocationsService {
269	rs := &ProjectsLocationsService{s: s}
270	rs.WorkloadIdentityPools = NewProjectsLocationsWorkloadIdentityPoolsService(s)
271	return rs
272}
273
274type ProjectsLocationsService struct {
275	s *Service
276
277	WorkloadIdentityPools *ProjectsLocationsWorkloadIdentityPoolsService
278}
279
280func NewProjectsLocationsWorkloadIdentityPoolsService(s *Service) *ProjectsLocationsWorkloadIdentityPoolsService {
281	rs := &ProjectsLocationsWorkloadIdentityPoolsService{s: s}
282	rs.Operations = NewProjectsLocationsWorkloadIdentityPoolsOperationsService(s)
283	rs.Providers = NewProjectsLocationsWorkloadIdentityPoolsProvidersService(s)
284	return rs
285}
286
287type ProjectsLocationsWorkloadIdentityPoolsService struct {
288	s *Service
289
290	Operations *ProjectsLocationsWorkloadIdentityPoolsOperationsService
291
292	Providers *ProjectsLocationsWorkloadIdentityPoolsProvidersService
293}
294
295func NewProjectsLocationsWorkloadIdentityPoolsOperationsService(s *Service) *ProjectsLocationsWorkloadIdentityPoolsOperationsService {
296	rs := &ProjectsLocationsWorkloadIdentityPoolsOperationsService{s: s}
297	return rs
298}
299
300type ProjectsLocationsWorkloadIdentityPoolsOperationsService struct {
301	s *Service
302}
303
304func NewProjectsLocationsWorkloadIdentityPoolsProvidersService(s *Service) *ProjectsLocationsWorkloadIdentityPoolsProvidersService {
305	rs := &ProjectsLocationsWorkloadIdentityPoolsProvidersService{s: s}
306	rs.Operations = NewProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService(s)
307	return rs
308}
309
310type ProjectsLocationsWorkloadIdentityPoolsProvidersService struct {
311	s *Service
312
313	Operations *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService
314}
315
316func NewProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService(s *Service) *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService {
317	rs := &ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService{s: s}
318	return rs
319}
320
321type ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService struct {
322	s *Service
323}
324
325func NewProjectsRolesService(s *Service) *ProjectsRolesService {
326	rs := &ProjectsRolesService{s: s}
327	return rs
328}
329
330type ProjectsRolesService struct {
331	s *Service
332}
333
334func NewProjectsServiceAccountsService(s *Service) *ProjectsServiceAccountsService {
335	rs := &ProjectsServiceAccountsService{s: s}
336	rs.Keys = NewProjectsServiceAccountsKeysService(s)
337	return rs
338}
339
340type ProjectsServiceAccountsService struct {
341	s *Service
342
343	Keys *ProjectsServiceAccountsKeysService
344}
345
346func NewProjectsServiceAccountsKeysService(s *Service) *ProjectsServiceAccountsKeysService {
347	rs := &ProjectsServiceAccountsKeysService{s: s}
348	return rs
349}
350
351type ProjectsServiceAccountsKeysService struct {
352	s *Service
353}
354
355func NewRolesService(s *Service) *RolesService {
356	rs := &RolesService{s: s}
357	return rs
358}
359
360type RolesService struct {
361	s *Service
362}
363
364// AdminAuditData: Audit log information specific to Cloud IAM admin
365// APIs. This message is serialized as an `Any` type in the
366// `ServiceData` message of an `AuditLog` message.
367type AdminAuditData struct {
368	// PermissionDelta: The permission_delta when when creating or updating
369	// a Role.
370	PermissionDelta *PermissionDelta `json:"permissionDelta,omitempty"`
371
372	// ForceSendFields is a list of field names (e.g. "PermissionDelta") to
373	// unconditionally include in API requests. By default, fields with
374	// empty or default values are omitted from API requests. However, any
375	// non-pointer, non-interface field appearing in ForceSendFields will be
376	// sent to the server regardless of whether the field is empty or not.
377	// This may be used to include empty fields in Patch requests.
378	ForceSendFields []string `json:"-"`
379
380	// NullFields is a list of field names (e.g. "PermissionDelta") to
381	// include in API requests with the JSON null value. By default, fields
382	// with empty values are omitted from API requests. However, any field
383	// with an empty value appearing in NullFields will be sent to the
384	// server as null. It is an error if a field in this list has a
385	// non-empty value. This may be used to include null fields in Patch
386	// requests.
387	NullFields []string `json:"-"`
388}
389
390func (s *AdminAuditData) MarshalJSON() ([]byte, error) {
391	type NoMethod AdminAuditData
392	raw := NoMethod(*s)
393	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
394}
395
396// AuditConfig: Specifies the audit configuration for a service. The
397// configuration determines which permission types are logged, and what
398// identities, if any, are exempted from logging. An AuditConfig must
399// have one or more AuditLogConfigs. If there are AuditConfigs for both
400// `allServices` and a specific service, the union of the two
401// AuditConfigs is used for that service: the log_types specified in
402// each AuditConfig are enabled, and the exempted_members in each
403// AuditLogConfig are exempted. Example Policy with multiple
404// AuditConfigs: { "audit_configs": [ { "service": "allServices",
405// "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members":
406// [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, {
407// "log_type": "ADMIN_READ" } ] }, { "service":
408// "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type":
409// "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [
410// "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy
411// enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts
412// jose@example.com from DATA_READ logging, and aliya@example.com from
413// DATA_WRITE logging.
414type AuditConfig struct {
415	// AuditLogConfigs: The configuration for logging of each type of
416	// permission.
417	AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"`
418
419	// Service: Specifies a service that will be enabled for audit logging.
420	// For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
421	// `allServices` is a special value that covers all services.
422	Service string `json:"service,omitempty"`
423
424	// ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to
425	// unconditionally include in API requests. By default, fields with
426	// empty or default values are omitted from API requests. However, any
427	// non-pointer, non-interface field appearing in ForceSendFields will be
428	// sent to the server regardless of whether the field is empty or not.
429	// This may be used to include empty fields in Patch requests.
430	ForceSendFields []string `json:"-"`
431
432	// NullFields is a list of field names (e.g. "AuditLogConfigs") to
433	// include in API requests with the JSON null value. By default, fields
434	// with empty values are omitted from API requests. However, any field
435	// with an empty value appearing in NullFields will be sent to the
436	// server as null. It is an error if a field in this list has a
437	// non-empty value. This may be used to include null fields in Patch
438	// requests.
439	NullFields []string `json:"-"`
440}
441
442func (s *AuditConfig) MarshalJSON() ([]byte, error) {
443	type NoMethod AuditConfig
444	raw := NoMethod(*s)
445	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
446}
447
448// AuditData: Audit log information specific to Cloud IAM. This message
449// is serialized as an `Any` type in the `ServiceData` message of an
450// `AuditLog` message.
451type AuditData struct {
452	// PolicyDelta: Policy delta between the original policy and the newly
453	// set policy.
454	PolicyDelta *PolicyDelta `json:"policyDelta,omitempty"`
455
456	// ForceSendFields is a list of field names (e.g. "PolicyDelta") to
457	// unconditionally include in API requests. By default, fields with
458	// empty or default values are omitted from API requests. However, any
459	// non-pointer, non-interface field appearing in ForceSendFields will be
460	// sent to the server regardless of whether the field is empty or not.
461	// This may be used to include empty fields in Patch requests.
462	ForceSendFields []string `json:"-"`
463
464	// NullFields is a list of field names (e.g. "PolicyDelta") to include
465	// in API requests with the JSON null value. By default, fields with
466	// empty values are omitted from API requests. However, any field with
467	// an empty value appearing in NullFields will be sent to the server as
468	// null. It is an error if a field in this list has a non-empty value.
469	// This may be used to include null fields in Patch requests.
470	NullFields []string `json:"-"`
471}
472
473func (s *AuditData) MarshalJSON() ([]byte, error) {
474	type NoMethod AuditData
475	raw := NoMethod(*s)
476	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
477}
478
479// AuditLogConfig: Provides the configuration for logging a type of
480// permissions. Example: { "audit_log_configs": [ { "log_type":
481// "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, {
482// "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and
483// 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ
484// logging.
485type AuditLogConfig struct {
486	// ExemptedMembers: Specifies the identities that do not cause logging
487	// for this type of permission. Follows the same format of
488	// Binding.members.
489	ExemptedMembers []string `json:"exemptedMembers,omitempty"`
490
491	// LogType: The log type that this config enables.
492	//
493	// Possible values:
494	//   "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this.
495	//   "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy
496	//   "DATA_WRITE" - Data writes. Example: CloudSQL Users create
497	//   "DATA_READ" - Data reads. Example: CloudSQL Users list
498	LogType string `json:"logType,omitempty"`
499
500	// ForceSendFields is a list of field names (e.g. "ExemptedMembers") to
501	// unconditionally include in API requests. By default, fields with
502	// empty or default values are omitted from API requests. However, any
503	// non-pointer, non-interface field appearing in ForceSendFields will be
504	// sent to the server regardless of whether the field is empty or not.
505	// This may be used to include empty fields in Patch requests.
506	ForceSendFields []string `json:"-"`
507
508	// NullFields is a list of field names (e.g. "ExemptedMembers") to
509	// include in API requests with the JSON null value. By default, fields
510	// with empty values are omitted from API requests. However, any field
511	// with an empty value appearing in NullFields will be sent to the
512	// server as null. It is an error if a field in this list has a
513	// non-empty value. This may be used to include null fields in Patch
514	// requests.
515	NullFields []string `json:"-"`
516}
517
518func (s *AuditLogConfig) MarshalJSON() ([]byte, error) {
519	type NoMethod AuditLogConfig
520	raw := NoMethod(*s)
521	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
522}
523
524// AuditableService: Contains information about an auditable service.
525type AuditableService struct {
526	// Name: Public name of the service. For example, the service name for
527	// Cloud IAM is 'iam.googleapis.com'.
528	Name string `json:"name,omitempty"`
529
530	// ForceSendFields is a list of field names (e.g. "Name") to
531	// unconditionally include in API requests. By default, fields with
532	// empty or default values are omitted from API requests. However, any
533	// non-pointer, non-interface field appearing in ForceSendFields will be
534	// sent to the server regardless of whether the field is empty or not.
535	// This may be used to include empty fields in Patch requests.
536	ForceSendFields []string `json:"-"`
537
538	// NullFields is a list of field names (e.g. "Name") to include in API
539	// requests with the JSON null value. By default, fields with empty
540	// values are omitted from API requests. However, any field with an
541	// empty value appearing in NullFields will be sent to the server as
542	// null. It is an error if a field in this list has a non-empty value.
543	// This may be used to include null fields in Patch requests.
544	NullFields []string `json:"-"`
545}
546
547func (s *AuditableService) MarshalJSON() ([]byte, error) {
548	type NoMethod AuditableService
549	raw := NoMethod(*s)
550	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
551}
552
553// Aws: Represents an Amazon Web Services identity provider.
554type Aws struct {
555	// AccountId: Required. The AWS account ID.
556	AccountId string `json:"accountId,omitempty"`
557
558	// ForceSendFields is a list of field names (e.g. "AccountId") to
559	// unconditionally include in API requests. By default, fields with
560	// empty or default values are omitted from API requests. However, any
561	// non-pointer, non-interface field appearing in ForceSendFields will be
562	// sent to the server regardless of whether the field is empty or not.
563	// This may be used to include empty fields in Patch requests.
564	ForceSendFields []string `json:"-"`
565
566	// NullFields is a list of field names (e.g. "AccountId") to include in
567	// API requests with the JSON null value. By default, fields with empty
568	// values are omitted from API requests. However, any field with an
569	// empty value appearing in NullFields will be sent to the server as
570	// null. It is an error if a field in this list has a non-empty value.
571	// This may be used to include null fields in Patch requests.
572	NullFields []string `json:"-"`
573}
574
575func (s *Aws) MarshalJSON() ([]byte, error) {
576	type NoMethod Aws
577	raw := NoMethod(*s)
578	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
579}
580
581// Binding: Associates `members`, or principals, with a `role`.
582type Binding struct {
583	// Condition: The condition that is associated with this binding. If the
584	// condition evaluates to `true`, then this binding applies to the
585	// current request. If the condition evaluates to `false`, then this
586	// binding does not apply to the current request. However, a different
587	// role binding might grant the same role to one or more of the
588	// principals in this binding. To learn which resources support
589	// conditions in their IAM policies, see the IAM documentation
590	// (https://cloud.google.com/iam/help/conditions/resource-policies).
591	Condition *Expr `json:"condition,omitempty"`
592
593	// Members: Specifies the principals requesting access for a Cloud
594	// Platform resource. `members` can have the following values: *
595	// `allUsers`: A special identifier that represents anyone who is on the
596	// internet; with or without a Google account. *
597	// `allAuthenticatedUsers`: A special identifier that represents anyone
598	// who is authenticated with a Google account or a service account. *
599	// `user:{emailid}`: An email address that represents a specific Google
600	// account. For example, `alice@example.com` . *
601	// `serviceAccount:{emailid}`: An email address that represents a
602	// service account. For example,
603	// `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An
604	// email address that represents a Google group. For example,
605	// `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An
606	// email address (plus unique identifier) representing a user that has
607	// been recently deleted. For example,
608	// `alice@example.com?uid=123456789012345678901`. If the user is
609	// recovered, this value reverts to `user:{emailid}` and the recovered
610	// user retains the role in the binding. *
611	// `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address
612	// (plus unique identifier) representing a service account that has been
613	// recently deleted. For example,
614	// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.
615	// If the service account is undeleted, this value reverts to
616	// `serviceAccount:{emailid}` and the undeleted service account retains
617	// the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`:
618	// An email address (plus unique identifier) representing a Google group
619	// that has been recently deleted. For example,
620	// `admins@example.com?uid=123456789012345678901`. If the group is
621	// recovered, this value reverts to `group:{emailid}` and the recovered
622	// group retains the role in the binding. * `domain:{domain}`: The G
623	// Suite domain (primary) that represents all the users of that domain.
624	// For example, `google.com` or `example.com`.
625	Members []string `json:"members,omitempty"`
626
627	// Role: Role that is assigned to the list of `members`, or principals.
628	// For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
629	Role string `json:"role,omitempty"`
630
631	// ForceSendFields is a list of field names (e.g. "Condition") to
632	// unconditionally include in API requests. By default, fields with
633	// empty or default values are omitted from API requests. However, any
634	// non-pointer, non-interface field appearing in ForceSendFields will be
635	// sent to the server regardless of whether the field is empty or not.
636	// This may be used to include empty fields in Patch requests.
637	ForceSendFields []string `json:"-"`
638
639	// NullFields is a list of field names (e.g. "Condition") to include in
640	// API requests with the JSON null value. By default, fields with empty
641	// values are omitted from API requests. However, any field with an
642	// empty value appearing in NullFields will be sent to the server as
643	// null. It is an error if a field in this list has a non-empty value.
644	// This may be used to include null fields in Patch requests.
645	NullFields []string `json:"-"`
646}
647
648func (s *Binding) MarshalJSON() ([]byte, error) {
649	type NoMethod Binding
650	raw := NoMethod(*s)
651	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
652}
653
654// BindingDelta: One delta entry for Binding. Each individual change
655// (only one member in each entry) to a binding will be a separate
656// entry.
657type BindingDelta struct {
658	// Action: The action that was performed on a Binding. Required
659	//
660	// Possible values:
661	//   "ACTION_UNSPECIFIED" - Unspecified.
662	//   "ADD" - Addition of a Binding.
663	//   "REMOVE" - Removal of a Binding.
664	Action string `json:"action,omitempty"`
665
666	// Condition: The condition that is associated with this binding.
667	Condition *Expr `json:"condition,omitempty"`
668
669	// Member: A single identity requesting access for a Cloud Platform
670	// resource. Follows the same format of Binding.members. Required
671	Member string `json:"member,omitempty"`
672
673	// Role: Role that is assigned to `members`. For example,
674	// `roles/viewer`, `roles/editor`, or `roles/owner`. Required
675	Role string `json:"role,omitempty"`
676
677	// ForceSendFields is a list of field names (e.g. "Action") to
678	// unconditionally include in API requests. By default, fields with
679	// empty or default values are omitted from API requests. However, any
680	// non-pointer, non-interface field appearing in ForceSendFields will be
681	// sent to the server regardless of whether the field is empty or not.
682	// This may be used to include empty fields in Patch requests.
683	ForceSendFields []string `json:"-"`
684
685	// NullFields is a list of field names (e.g. "Action") to include in API
686	// requests with the JSON null value. By default, fields with empty
687	// values are omitted from API requests. However, any field with an
688	// empty value appearing in NullFields will be sent to the server as
689	// null. It is an error if a field in this list has a non-empty value.
690	// This may be used to include null fields in Patch requests.
691	NullFields []string `json:"-"`
692}
693
694func (s *BindingDelta) MarshalJSON() ([]byte, error) {
695	type NoMethod BindingDelta
696	raw := NoMethod(*s)
697	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
698}
699
700// CreateRoleRequest: The request to create a new role.
701type CreateRoleRequest struct {
702	// Role: The Role resource to create.
703	Role *Role `json:"role,omitempty"`
704
705	// RoleId: The role ID to use for this role. A role ID may contain
706	// alphanumeric characters, underscores (`_`), and periods (`.`). It
707	// must contain a minimum of 3 characters and a maximum of 64
708	// characters.
709	RoleId string `json:"roleId,omitempty"`
710
711	// ForceSendFields is a list of field names (e.g. "Role") to
712	// unconditionally include in API requests. By default, fields with
713	// empty or default values are omitted from API requests. However, any
714	// non-pointer, non-interface field appearing in ForceSendFields will be
715	// sent to the server regardless of whether the field is empty or not.
716	// This may be used to include empty fields in Patch requests.
717	ForceSendFields []string `json:"-"`
718
719	// NullFields is a list of field names (e.g. "Role") to include in API
720	// requests with the JSON null value. By default, fields with empty
721	// values are omitted from API requests. However, any field with an
722	// empty value appearing in NullFields will be sent to the server as
723	// null. It is an error if a field in this list has a non-empty value.
724	// This may be used to include null fields in Patch requests.
725	NullFields []string `json:"-"`
726}
727
728func (s *CreateRoleRequest) MarshalJSON() ([]byte, error) {
729	type NoMethod CreateRoleRequest
730	raw := NoMethod(*s)
731	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
732}
733
734// CreateServiceAccountKeyRequest: The service account key create
735// request.
736type CreateServiceAccountKeyRequest struct {
737	// KeyAlgorithm: Which type of key and algorithm to use for the key. The
738	// default is currently a 2K RSA key. However this may change in the
739	// future.
740	//
741	// Possible values:
742	//   "KEY_ALG_UNSPECIFIED" - An unspecified key algorithm.
743	//   "KEY_ALG_RSA_1024" - 1k RSA Key.
744	//   "KEY_ALG_RSA_2048" - 2k RSA Key.
745	KeyAlgorithm string `json:"keyAlgorithm,omitempty"`
746
747	// PrivateKeyType: The output format of the private key. The default
748	// value is `TYPE_GOOGLE_CREDENTIALS_FILE`, which is the Google
749	// Credentials File format.
750	//
751	// Possible values:
752	//   "TYPE_UNSPECIFIED" - Unspecified. Equivalent to
753	// `TYPE_GOOGLE_CREDENTIALS_FILE`.
754	//   "TYPE_PKCS12_FILE" - PKCS12 format. The password for the PKCS12
755	// file is `notasecret`. For more information, see
756	// https://tools.ietf.org/html/rfc7292.
757	//   "TYPE_GOOGLE_CREDENTIALS_FILE" - Google Credentials File format.
758	PrivateKeyType string `json:"privateKeyType,omitempty"`
759
760	// ForceSendFields is a list of field names (e.g. "KeyAlgorithm") to
761	// unconditionally include in API requests. By default, fields with
762	// empty or default values are omitted from API requests. However, any
763	// non-pointer, non-interface field appearing in ForceSendFields will be
764	// sent to the server regardless of whether the field is empty or not.
765	// This may be used to include empty fields in Patch requests.
766	ForceSendFields []string `json:"-"`
767
768	// NullFields is a list of field names (e.g. "KeyAlgorithm") to include
769	// in API requests with the JSON null value. By default, fields with
770	// empty values are omitted from API requests. However, any field with
771	// an empty value appearing in NullFields will be sent to the server as
772	// null. It is an error if a field in this list has a non-empty value.
773	// This may be used to include null fields in Patch requests.
774	NullFields []string `json:"-"`
775}
776
777func (s *CreateServiceAccountKeyRequest) MarshalJSON() ([]byte, error) {
778	type NoMethod CreateServiceAccountKeyRequest
779	raw := NoMethod(*s)
780	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
781}
782
783// CreateServiceAccountRequest: The service account create request.
784type CreateServiceAccountRequest struct {
785	// AccountId: Required. The account id that is used to generate the
786	// service account email address and a stable unique id. It is unique
787	// within a project, must be 6-30 characters long, and match the regular
788	// expression `[a-z]([-a-z0-9]*[a-z0-9])` to comply with RFC1035.
789	AccountId string `json:"accountId,omitempty"`
790
791	// ServiceAccount: The ServiceAccount resource to create. Currently,
792	// only the following values are user assignable: `display_name` and
793	// `description`.
794	ServiceAccount *ServiceAccount `json:"serviceAccount,omitempty"`
795
796	// ForceSendFields is a list of field names (e.g. "AccountId") to
797	// unconditionally include in API requests. By default, fields with
798	// empty or default values are omitted from API requests. However, any
799	// non-pointer, non-interface field appearing in ForceSendFields will be
800	// sent to the server regardless of whether the field is empty or not.
801	// This may be used to include empty fields in Patch requests.
802	ForceSendFields []string `json:"-"`
803
804	// NullFields is a list of field names (e.g. "AccountId") to include in
805	// API requests with the JSON null value. By default, fields with empty
806	// values are omitted from API requests. However, any field with an
807	// empty value appearing in NullFields will be sent to the server as
808	// null. It is an error if a field in this list has a non-empty value.
809	// This may be used to include null fields in Patch requests.
810	NullFields []string `json:"-"`
811}
812
813func (s *CreateServiceAccountRequest) MarshalJSON() ([]byte, error) {
814	type NoMethod CreateServiceAccountRequest
815	raw := NoMethod(*s)
816	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
817}
818
819// DisableServiceAccountKeyRequest: The service account key disable
820// request.
821type DisableServiceAccountKeyRequest struct {
822}
823
824// DisableServiceAccountRequest: The service account disable request.
825type DisableServiceAccountRequest struct {
826}
827
828// Empty: A generic empty message that you can re-use to avoid defining
829// duplicated empty messages in your APIs. A typical example is to use
830// it as the request or the response type of an API method. For
831// instance: service Foo { rpc Bar(google.protobuf.Empty) returns
832// (google.protobuf.Empty); } The JSON representation for `Empty` is
833// empty JSON object `{}`.
834type Empty struct {
835	// ServerResponse contains the HTTP response code and headers from the
836	// server.
837	googleapi.ServerResponse `json:"-"`
838}
839
840// EnableServiceAccountKeyRequest: The service account key enable
841// request.
842type EnableServiceAccountKeyRequest struct {
843}
844
845// EnableServiceAccountRequest: The service account enable request.
846type EnableServiceAccountRequest struct {
847}
848
849// Expr: Represents a textual expression in the Common Expression
850// Language (CEL) syntax. CEL is a C-like expression language. The
851// syntax and semantics of CEL are documented at
852// https://github.com/google/cel-spec. Example (Comparison): title:
853// "Summary size limit" description: "Determines if a summary is less
854// than 100 chars" expression: "document.summary.size() < 100" Example
855// (Equality): title: "Requestor is owner" description: "Determines if
856// requestor is the document owner" expression: "document.owner ==
857// request.auth.claims.email" Example (Logic): title: "Public documents"
858// description: "Determine whether the document should be publicly
859// visible" expression: "document.type != 'private' && document.type !=
860// 'internal'" Example (Data Manipulation): title: "Notification string"
861// description: "Create a notification string with a timestamp."
862// expression: "'New message received at ' +
863// string(document.create_time)" The exact variables and functions that
864// may be referenced within an expression are determined by the service
865// that evaluates it. See the service documentation for additional
866// information.
867type Expr struct {
868	// Description: Optional. Description of the expression. This is a
869	// longer text which describes the expression, e.g. when hovered over it
870	// in a UI.
871	Description string `json:"description,omitempty"`
872
873	// Expression: Textual representation of an expression in Common
874	// Expression Language syntax.
875	Expression string `json:"expression,omitempty"`
876
877	// Location: Optional. String indicating the location of the expression
878	// for error reporting, e.g. a file name and a position in the file.
879	Location string `json:"location,omitempty"`
880
881	// Title: Optional. Title for the expression, i.e. a short string
882	// describing its purpose. This can be used e.g. in UIs which allow to
883	// enter the expression.
884	Title string `json:"title,omitempty"`
885
886	// ForceSendFields is a list of field names (e.g. "Description") to
887	// unconditionally include in API requests. By default, fields with
888	// empty or default values are omitted from API requests. However, any
889	// non-pointer, non-interface field appearing in ForceSendFields will be
890	// sent to the server regardless of whether the field is empty or not.
891	// This may be used to include empty fields in Patch requests.
892	ForceSendFields []string `json:"-"`
893
894	// NullFields is a list of field names (e.g. "Description") to include
895	// in API requests with the JSON null value. By default, fields with
896	// empty values are omitted from API requests. However, any field with
897	// an empty value appearing in NullFields will be sent to the server as
898	// null. It is an error if a field in this list has a non-empty value.
899	// This may be used to include null fields in Patch requests.
900	NullFields []string `json:"-"`
901}
902
903func (s *Expr) MarshalJSON() ([]byte, error) {
904	type NoMethod Expr
905	raw := NoMethod(*s)
906	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
907}
908
909// LintPolicyRequest: The request to lint a Cloud IAM policy object.
910type LintPolicyRequest struct {
911	// Condition: google.iam.v1.Binding.condition object to be linted.
912	Condition *Expr `json:"condition,omitempty"`
913
914	// FullResourceName: The full resource name of the policy this lint
915	// request is about. The name follows the Google Cloud Platform (GCP)
916	// resource format. For example, a GCP project with ID `my-project` will
917	// be named `//cloudresourcemanager.googleapis.com/projects/my-project`.
918	// The resource name is not used to read the policy instance from the
919	// Cloud IAM database. The candidate policy for lint has to be provided
920	// in the same request object.
921	FullResourceName string `json:"fullResourceName,omitempty"`
922
923	// ForceSendFields is a list of field names (e.g. "Condition") to
924	// unconditionally include in API requests. By default, fields with
925	// empty or default values are omitted from API requests. However, any
926	// non-pointer, non-interface field appearing in ForceSendFields will be
927	// sent to the server regardless of whether the field is empty or not.
928	// This may be used to include empty fields in Patch requests.
929	ForceSendFields []string `json:"-"`
930
931	// NullFields is a list of field names (e.g. "Condition") to include in
932	// API requests with the JSON null value. By default, fields with empty
933	// values are omitted from API requests. However, any field with an
934	// empty value appearing in NullFields will be sent to the server as
935	// null. It is an error if a field in this list has a non-empty value.
936	// This may be used to include null fields in Patch requests.
937	NullFields []string `json:"-"`
938}
939
940func (s *LintPolicyRequest) MarshalJSON() ([]byte, error) {
941	type NoMethod LintPolicyRequest
942	raw := NoMethod(*s)
943	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
944}
945
946// LintPolicyResponse: The response of a lint operation. An empty
947// response indicates the operation was able to fully execute and no
948// lint issue was found.
949type LintPolicyResponse struct {
950	// LintResults: List of lint results sorted by `severity` in descending
951	// order.
952	LintResults []*LintResult `json:"lintResults,omitempty"`
953
954	// ServerResponse contains the HTTP response code and headers from the
955	// server.
956	googleapi.ServerResponse `json:"-"`
957
958	// ForceSendFields is a list of field names (e.g. "LintResults") to
959	// unconditionally include in API requests. By default, fields with
960	// empty or default values are omitted from API requests. However, any
961	// non-pointer, non-interface field appearing in ForceSendFields will be
962	// sent to the server regardless of whether the field is empty or not.
963	// This may be used to include empty fields in Patch requests.
964	ForceSendFields []string `json:"-"`
965
966	// NullFields is a list of field names (e.g. "LintResults") to include
967	// in API requests with the JSON null value. By default, fields with
968	// empty values are omitted from API requests. However, any field with
969	// an empty value appearing in NullFields will be sent to the server as
970	// null. It is an error if a field in this list has a non-empty value.
971	// This may be used to include null fields in Patch requests.
972	NullFields []string `json:"-"`
973}
974
975func (s *LintPolicyResponse) MarshalJSON() ([]byte, error) {
976	type NoMethod LintPolicyResponse
977	raw := NoMethod(*s)
978	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
979}
980
981// LintResult: Structured response of a single validation unit.
982type LintResult struct {
983	// DebugMessage: Human readable debug message associated with the issue.
984	DebugMessage string `json:"debugMessage,omitempty"`
985
986	// FieldName: The name of the field for which this lint result is about.
987	// For nested messages `field_name` consists of names of the embedded
988	// fields separated by period character. The top-level qualifier is the
989	// input object to lint in the request. For example, the `field_name`
990	// value `condition.expression` identifies a lint result for the
991	// `expression` field of the provided condition.
992	FieldName string `json:"fieldName,omitempty"`
993
994	// Level: The validation unit level.
995	//
996	// Possible values:
997	//   "LEVEL_UNSPECIFIED" - Level is unspecified.
998	//   "CONDITION" - A validation unit which operates on an individual
999	// condition within a binding.
1000	Level string `json:"level,omitempty"`
1001
1002	// LocationOffset: 0-based character position of problematic construct
1003	// within the object identified by `field_name`. Currently, this is
1004	// populated only for condition expression.
1005	LocationOffset int64 `json:"locationOffset,omitempty"`
1006
1007	// Severity: The validation unit severity.
1008	//
1009	// Possible values:
1010	//   "SEVERITY_UNSPECIFIED" - Severity is unspecified.
1011	//   "ERROR" - A validation unit returns an error only for critical
1012	// issues. If an attempt is made to set the problematic policy without
1013	// rectifying the critical issue, it causes the `setPolicy` operation to
1014	// fail.
1015	//   "WARNING" - Any issue which is severe enough but does not cause an
1016	// error. For example, suspicious constructs in the input object will
1017	// not necessarily fail `setPolicy`, but there is a high likelihood that
1018	// they won't behave as expected during policy evaluation in
1019	// `checkPolicy`. This includes the following common scenarios: -
1020	// Unsatisfiable condition: Expired timestamp in date/time condition. -
1021	// Ineffective condition: Condition on a pair which is granted
1022	// unconditionally in another binding of the same policy.
1023	//   "NOTICE" - Reserved for the issues that are not severe as
1024	// `ERROR`/`WARNING`, but need special handling. For instance, messages
1025	// about skipped validation units are issued as `NOTICE`.
1026	//   "INFO" - Any informative statement which is not severe enough to
1027	// raise `ERROR`/`WARNING`/`NOTICE`, like auto-correction
1028	// recommendations on the input content. Note that current version of
1029	// the linter does not utilize `INFO`.
1030	//   "DEPRECATED" - Deprecated severity level.
1031	Severity string `json:"severity,omitempty"`
1032
1033	// ValidationUnitName: The validation unit name, for instance
1034	// "lintValidationUnits/ConditionComplexityCheck".
1035	ValidationUnitName string `json:"validationUnitName,omitempty"`
1036
1037	// ForceSendFields is a list of field names (e.g. "DebugMessage") to
1038	// unconditionally include in API requests. By default, fields with
1039	// empty or default values are omitted from API requests. However, any
1040	// non-pointer, non-interface field appearing in ForceSendFields will be
1041	// sent to the server regardless of whether the field is empty or not.
1042	// This may be used to include empty fields in Patch requests.
1043	ForceSendFields []string `json:"-"`
1044
1045	// NullFields is a list of field names (e.g. "DebugMessage") to include
1046	// in API requests with the JSON null value. By default, fields with
1047	// empty values are omitted from API requests. However, any field with
1048	// an empty value appearing in NullFields will be sent to the server as
1049	// null. It is an error if a field in this list has a non-empty value.
1050	// This may be used to include null fields in Patch requests.
1051	NullFields []string `json:"-"`
1052}
1053
1054func (s *LintResult) MarshalJSON() ([]byte, error) {
1055	type NoMethod LintResult
1056	raw := NoMethod(*s)
1057	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1058}
1059
1060// ListRolesResponse: The response containing the roles defined under a
1061// resource.
1062type ListRolesResponse struct {
1063	// NextPageToken: To retrieve the next page of results, set
1064	// `ListRolesRequest.page_token` to this value.
1065	NextPageToken string `json:"nextPageToken,omitempty"`
1066
1067	// Roles: The Roles defined on this resource.
1068	Roles []*Role `json:"roles,omitempty"`
1069
1070	// ServerResponse contains the HTTP response code and headers from the
1071	// server.
1072	googleapi.ServerResponse `json:"-"`
1073
1074	// ForceSendFields is a list of field names (e.g. "NextPageToken") to
1075	// unconditionally include in API requests. By default, fields with
1076	// empty or default values are omitted from API requests. However, any
1077	// non-pointer, non-interface field appearing in ForceSendFields will be
1078	// sent to the server regardless of whether the field is empty or not.
1079	// This may be used to include empty fields in Patch requests.
1080	ForceSendFields []string `json:"-"`
1081
1082	// NullFields is a list of field names (e.g. "NextPageToken") to include
1083	// in API requests with the JSON null value. By default, fields with
1084	// empty values are omitted from API requests. However, any field with
1085	// an empty value appearing in NullFields will be sent to the server as
1086	// null. It is an error if a field in this list has a non-empty value.
1087	// This may be used to include null fields in Patch requests.
1088	NullFields []string `json:"-"`
1089}
1090
1091func (s *ListRolesResponse) MarshalJSON() ([]byte, error) {
1092	type NoMethod ListRolesResponse
1093	raw := NoMethod(*s)
1094	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1095}
1096
1097// ListServiceAccountKeysResponse: The service account keys list
1098// response.
1099type ListServiceAccountKeysResponse struct {
1100	// Keys: The public keys for the service account.
1101	Keys []*ServiceAccountKey `json:"keys,omitempty"`
1102
1103	// ServerResponse contains the HTTP response code and headers from the
1104	// server.
1105	googleapi.ServerResponse `json:"-"`
1106
1107	// ForceSendFields is a list of field names (e.g. "Keys") to
1108	// unconditionally include in API requests. By default, fields with
1109	// empty or default values are omitted from API requests. However, any
1110	// non-pointer, non-interface field appearing in ForceSendFields will be
1111	// sent to the server regardless of whether the field is empty or not.
1112	// This may be used to include empty fields in Patch requests.
1113	ForceSendFields []string `json:"-"`
1114
1115	// NullFields is a list of field names (e.g. "Keys") to include in API
1116	// requests with the JSON null value. By default, fields with empty
1117	// values are omitted from API requests. However, any field with an
1118	// empty value appearing in NullFields will be sent to the server as
1119	// null. It is an error if a field in this list has a non-empty value.
1120	// This may be used to include null fields in Patch requests.
1121	NullFields []string `json:"-"`
1122}
1123
1124func (s *ListServiceAccountKeysResponse) MarshalJSON() ([]byte, error) {
1125	type NoMethod ListServiceAccountKeysResponse
1126	raw := NoMethod(*s)
1127	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1128}
1129
1130// ListServiceAccountsResponse: The service account list response.
1131type ListServiceAccountsResponse struct {
1132	// Accounts: The list of matching service accounts.
1133	Accounts []*ServiceAccount `json:"accounts,omitempty"`
1134
1135	// NextPageToken: To retrieve the next page of results, set
1136	// ListServiceAccountsRequest.page_token to this value.
1137	NextPageToken string `json:"nextPageToken,omitempty"`
1138
1139	// ServerResponse contains the HTTP response code and headers from the
1140	// server.
1141	googleapi.ServerResponse `json:"-"`
1142
1143	// ForceSendFields is a list of field names (e.g. "Accounts") to
1144	// unconditionally include in API requests. By default, fields with
1145	// empty or default values are omitted from API requests. However, any
1146	// non-pointer, non-interface field appearing in ForceSendFields will be
1147	// sent to the server regardless of whether the field is empty or not.
1148	// This may be used to include empty fields in Patch requests.
1149	ForceSendFields []string `json:"-"`
1150
1151	// NullFields is a list of field names (e.g. "Accounts") to include in
1152	// API requests with the JSON null value. By default, fields with empty
1153	// values are omitted from API requests. However, any field with an
1154	// empty value appearing in NullFields will be sent to the server as
1155	// null. It is an error if a field in this list has a non-empty value.
1156	// This may be used to include null fields in Patch requests.
1157	NullFields []string `json:"-"`
1158}
1159
1160func (s *ListServiceAccountsResponse) MarshalJSON() ([]byte, error) {
1161	type NoMethod ListServiceAccountsResponse
1162	raw := NoMethod(*s)
1163	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1164}
1165
1166// ListWorkloadIdentityPoolProvidersResponse: Response message for
1167// ListWorkloadIdentityPoolProviders.
1168type ListWorkloadIdentityPoolProvidersResponse struct {
1169	// NextPageToken: A token, which can be sent as `page_token` to retrieve
1170	// the next page. If this field is omitted, there are no subsequent
1171	// pages.
1172	NextPageToken string `json:"nextPageToken,omitempty"`
1173
1174	// WorkloadIdentityPoolProviders: A list of providers.
1175	WorkloadIdentityPoolProviders []*WorkloadIdentityPoolProvider `json:"workloadIdentityPoolProviders,omitempty"`
1176
1177	// ServerResponse contains the HTTP response code and headers from the
1178	// server.
1179	googleapi.ServerResponse `json:"-"`
1180
1181	// ForceSendFields is a list of field names (e.g. "NextPageToken") to
1182	// unconditionally include in API requests. By default, fields with
1183	// empty or default values are omitted from API requests. However, any
1184	// non-pointer, non-interface field appearing in ForceSendFields will be
1185	// sent to the server regardless of whether the field is empty or not.
1186	// This may be used to include empty fields in Patch requests.
1187	ForceSendFields []string `json:"-"`
1188
1189	// NullFields is a list of field names (e.g. "NextPageToken") to include
1190	// in API requests with the JSON null value. By default, fields with
1191	// empty values are omitted from API requests. However, any field with
1192	// an empty value appearing in NullFields will be sent to the server as
1193	// null. It is an error if a field in this list has a non-empty value.
1194	// This may be used to include null fields in Patch requests.
1195	NullFields []string `json:"-"`
1196}
1197
1198func (s *ListWorkloadIdentityPoolProvidersResponse) MarshalJSON() ([]byte, error) {
1199	type NoMethod ListWorkloadIdentityPoolProvidersResponse
1200	raw := NoMethod(*s)
1201	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1202}
1203
1204// ListWorkloadIdentityPoolsResponse: Response message for
1205// ListWorkloadIdentityPools.
1206type ListWorkloadIdentityPoolsResponse struct {
1207	// NextPageToken: A token, which can be sent as `page_token` to retrieve
1208	// the next page. If this field is omitted, there are no subsequent
1209	// pages.
1210	NextPageToken string `json:"nextPageToken,omitempty"`
1211
1212	// WorkloadIdentityPools: A list of pools.
1213	WorkloadIdentityPools []*WorkloadIdentityPool `json:"workloadIdentityPools,omitempty"`
1214
1215	// ServerResponse contains the HTTP response code and headers from the
1216	// server.
1217	googleapi.ServerResponse `json:"-"`
1218
1219	// ForceSendFields is a list of field names (e.g. "NextPageToken") to
1220	// unconditionally include in API requests. By default, fields with
1221	// empty or default values are omitted from API requests. However, any
1222	// non-pointer, non-interface field appearing in ForceSendFields will be
1223	// sent to the server regardless of whether the field is empty or not.
1224	// This may be used to include empty fields in Patch requests.
1225	ForceSendFields []string `json:"-"`
1226
1227	// NullFields is a list of field names (e.g. "NextPageToken") to include
1228	// in API requests with the JSON null value. By default, fields with
1229	// empty values are omitted from API requests. However, any field with
1230	// an empty value appearing in NullFields will be sent to the server as
1231	// null. It is an error if a field in this list has a non-empty value.
1232	// This may be used to include null fields in Patch requests.
1233	NullFields []string `json:"-"`
1234}
1235
1236func (s *ListWorkloadIdentityPoolsResponse) MarshalJSON() ([]byte, error) {
1237	type NoMethod ListWorkloadIdentityPoolsResponse
1238	raw := NoMethod(*s)
1239	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1240}
1241
1242// Oidc: Represents an OpenId Connect 1.0 identity provider.
1243type Oidc struct {
1244	// AllowedAudiences: Acceptable values for the `aud` field (audience) in
1245	// the OIDC token. Token exchange requests are rejected if the token
1246	// audience does not match one of the configured values. Each audience
1247	// may be at most 256 characters. A maximum of 10 audiences may be
1248	// configured. If this list is empty, the OIDC token audience must be
1249	// equal to the full canonical resource name of the
1250	// WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For
1251	// example: ```
1252	// //iam.googleapis.com/projects//locations//workloadIdentityPools//provi
1253	// ders/
1254	// https://iam.googleapis.com/projects//locations//workloadIdentityPools//providers/
1255	// ```
1256	AllowedAudiences []string `json:"allowedAudiences,omitempty"`
1257
1258	// IssuerUri: Required. The OIDC issuer URL. Must be an HTTPS endpoint.
1259	IssuerUri string `json:"issuerUri,omitempty"`
1260
1261	// ForceSendFields is a list of field names (e.g. "AllowedAudiences") to
1262	// unconditionally include in API requests. By default, fields with
1263	// empty or default values are omitted from API requests. However, any
1264	// non-pointer, non-interface field appearing in ForceSendFields will be
1265	// sent to the server regardless of whether the field is empty or not.
1266	// This may be used to include empty fields in Patch requests.
1267	ForceSendFields []string `json:"-"`
1268
1269	// NullFields is a list of field names (e.g. "AllowedAudiences") to
1270	// include in API requests with the JSON null value. By default, fields
1271	// with empty values are omitted from API requests. However, any field
1272	// with an empty value appearing in NullFields will be sent to the
1273	// server as null. It is an error if a field in this list has a
1274	// non-empty value. This may be used to include null fields in Patch
1275	// requests.
1276	NullFields []string `json:"-"`
1277}
1278
1279func (s *Oidc) MarshalJSON() ([]byte, error) {
1280	type NoMethod Oidc
1281	raw := NoMethod(*s)
1282	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1283}
1284
1285// Operation: This resource represents a long-running operation that is
1286// the result of a network API call.
1287type Operation struct {
1288	// Done: If the value is `false`, it means the operation is still in
1289	// progress. If `true`, the operation is completed, and either `error`
1290	// or `response` is available.
1291	Done bool `json:"done,omitempty"`
1292
1293	// Error: The error result of the operation in case of failure or
1294	// cancellation.
1295	Error *Status `json:"error,omitempty"`
1296
1297	// Metadata: Service-specific metadata associated with the operation. It
1298	// typically contains progress information and common metadata such as
1299	// create time. Some services might not provide such metadata. Any
1300	// method that returns a long-running operation should document the
1301	// metadata type, if any.
1302	Metadata googleapi.RawMessage `json:"metadata,omitempty"`
1303
1304	// Name: The server-assigned name, which is only unique within the same
1305	// service that originally returns it. If you use the default HTTP
1306	// mapping, the `name` should be a resource name ending with
1307	// `operations/{unique_id}`.
1308	Name string `json:"name,omitempty"`
1309
1310	// Response: The normal response of the operation in case of success. If
1311	// the original method returns no data on success, such as `Delete`, the
1312	// response is `google.protobuf.Empty`. If the original method is
1313	// standard `Get`/`Create`/`Update`, the response should be the
1314	// resource. For other methods, the response should have the type
1315	// `XxxResponse`, where `Xxx` is the original method name. For example,
1316	// if the original method name is `TakeSnapshot()`, the inferred
1317	// response type is `TakeSnapshotResponse`.
1318	Response googleapi.RawMessage `json:"response,omitempty"`
1319
1320	// ServerResponse contains the HTTP response code and headers from the
1321	// server.
1322	googleapi.ServerResponse `json:"-"`
1323
1324	// ForceSendFields is a list of field names (e.g. "Done") to
1325	// unconditionally include in API requests. By default, fields with
1326	// empty or default values are omitted from API requests. However, any
1327	// non-pointer, non-interface field appearing in ForceSendFields will be
1328	// sent to the server regardless of whether the field is empty or not.
1329	// This may be used to include empty fields in Patch requests.
1330	ForceSendFields []string `json:"-"`
1331
1332	// NullFields is a list of field names (e.g. "Done") to include in API
1333	// requests with the JSON null value. By default, fields with empty
1334	// values are omitted from API requests. However, any field with an
1335	// empty value appearing in NullFields will be sent to the server as
1336	// null. It is an error if a field in this list has a non-empty value.
1337	// This may be used to include null fields in Patch requests.
1338	NullFields []string `json:"-"`
1339}
1340
1341func (s *Operation) MarshalJSON() ([]byte, error) {
1342	type NoMethod Operation
1343	raw := NoMethod(*s)
1344	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1345}
1346
1347// PatchServiceAccountRequest: The request for PatchServiceAccount. You
1348// can patch only the `display_name` and `description` fields. You must
1349// use the `update_mask` field to specify which of these fields you want
1350// to patch. Only the fields specified in the request are guaranteed to
1351// be returned in the response. Other fields may be empty in the
1352// response.
1353type PatchServiceAccountRequest struct {
1354	ServiceAccount *ServiceAccount `json:"serviceAccount,omitempty"`
1355
1356	UpdateMask string `json:"updateMask,omitempty"`
1357
1358	// ForceSendFields is a list of field names (e.g. "ServiceAccount") to
1359	// unconditionally include in API requests. By default, fields with
1360	// empty or default values are omitted from API requests. However, any
1361	// non-pointer, non-interface field appearing in ForceSendFields will be
1362	// sent to the server regardless of whether the field is empty or not.
1363	// This may be used to include empty fields in Patch requests.
1364	ForceSendFields []string `json:"-"`
1365
1366	// NullFields is a list of field names (e.g. "ServiceAccount") to
1367	// include in API requests with the JSON null value. By default, fields
1368	// with empty values are omitted from API requests. However, any field
1369	// with an empty value appearing in NullFields will be sent to the
1370	// server as null. It is an error if a field in this list has a
1371	// non-empty value. This may be used to include null fields in Patch
1372	// requests.
1373	NullFields []string `json:"-"`
1374}
1375
1376func (s *PatchServiceAccountRequest) MarshalJSON() ([]byte, error) {
1377	type NoMethod PatchServiceAccountRequest
1378	raw := NoMethod(*s)
1379	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1380}
1381
1382// Permission: A permission which can be included by a role.
1383type Permission struct {
1384	// ApiDisabled: The service API associated with the permission is not
1385	// enabled.
1386	ApiDisabled bool `json:"apiDisabled,omitempty"`
1387
1388	// CustomRolesSupportLevel: The current custom role support level.
1389	//
1390	// Possible values:
1391	//   "SUPPORTED" - Default state. Permission is fully supported for
1392	// custom role use.
1393	//   "TESTING" - Permission is being tested to check custom role
1394	// compatibility.
1395	//   "NOT_SUPPORTED" - Permission is not supported for custom role use.
1396	CustomRolesSupportLevel string `json:"customRolesSupportLevel,omitempty"`
1397
1398	// Description: A brief description of what this Permission is used for.
1399	// This permission can ONLY be used in predefined roles.
1400	Description string `json:"description,omitempty"`
1401
1402	// Name: The name of this Permission.
1403	Name string `json:"name,omitempty"`
1404
1405	OnlyInPredefinedRoles bool `json:"onlyInPredefinedRoles,omitempty"`
1406
1407	// PrimaryPermission: The preferred name for this permission. If
1408	// present, then this permission is an alias of, and equivalent to, the
1409	// listed primary_permission.
1410	PrimaryPermission string `json:"primaryPermission,omitempty"`
1411
1412	// Stage: The current launch stage of the permission.
1413	//
1414	// Possible values:
1415	//   "ALPHA" - The permission is currently in an alpha phase.
1416	//   "BETA" - The permission is currently in a beta phase.
1417	//   "GA" - The permission is generally available.
1418	//   "DEPRECATED" - The permission is being deprecated.
1419	Stage string `json:"stage,omitempty"`
1420
1421	// Title: The title of this Permission.
1422	Title string `json:"title,omitempty"`
1423
1424	// ForceSendFields is a list of field names (e.g. "ApiDisabled") to
1425	// unconditionally include in API requests. By default, fields with
1426	// empty or default values are omitted from API requests. However, any
1427	// non-pointer, non-interface field appearing in ForceSendFields will be
1428	// sent to the server regardless of whether the field is empty or not.
1429	// This may be used to include empty fields in Patch requests.
1430	ForceSendFields []string `json:"-"`
1431
1432	// NullFields is a list of field names (e.g. "ApiDisabled") to include
1433	// in API requests with the JSON null value. By default, fields with
1434	// empty values are omitted from API requests. However, any field with
1435	// an empty value appearing in NullFields will be sent to the server as
1436	// null. It is an error if a field in this list has a non-empty value.
1437	// This may be used to include null fields in Patch requests.
1438	NullFields []string `json:"-"`
1439}
1440
1441func (s *Permission) MarshalJSON() ([]byte, error) {
1442	type NoMethod Permission
1443	raw := NoMethod(*s)
1444	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1445}
1446
1447// PermissionDelta: A PermissionDelta message to record the
1448// added_permissions and removed_permissions inside a role.
1449type PermissionDelta struct {
1450	// AddedPermissions: Added permissions.
1451	AddedPermissions []string `json:"addedPermissions,omitempty"`
1452
1453	// RemovedPermissions: Removed permissions.
1454	RemovedPermissions []string `json:"removedPermissions,omitempty"`
1455
1456	// ForceSendFields is a list of field names (e.g. "AddedPermissions") to
1457	// unconditionally include in API requests. By default, fields with
1458	// empty or default values are omitted from API requests. However, any
1459	// non-pointer, non-interface field appearing in ForceSendFields will be
1460	// sent to the server regardless of whether the field is empty or not.
1461	// This may be used to include empty fields in Patch requests.
1462	ForceSendFields []string `json:"-"`
1463
1464	// NullFields is a list of field names (e.g. "AddedPermissions") to
1465	// include in API requests with the JSON null value. By default, fields
1466	// with empty values are omitted from API requests. However, any field
1467	// with an empty value appearing in NullFields will be sent to the
1468	// server as null. It is an error if a field in this list has a
1469	// non-empty value. This may be used to include null fields in Patch
1470	// requests.
1471	NullFields []string `json:"-"`
1472}
1473
1474func (s *PermissionDelta) MarshalJSON() ([]byte, error) {
1475	type NoMethod PermissionDelta
1476	raw := NoMethod(*s)
1477	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1478}
1479
1480// Policy: An Identity and Access Management (IAM) policy, which
1481// specifies access controls for Google Cloud resources. A `Policy` is a
1482// collection of `bindings`. A `binding` binds one or more `members`, or
1483// principals, to a single `role`. Principals can be user accounts,
1484// service accounts, Google groups, and domains (such as G Suite). A
1485// `role` is a named list of permissions; each `role` can be an IAM
1486// predefined role or a user-created custom role. For some types of
1487// Google Cloud resources, a `binding` can also specify a `condition`,
1488// which is a logical expression that allows access to a resource only
1489// if the expression evaluates to `true`. A condition can add
1490// constraints based on attributes of the request, the resource, or
1491// both. To learn which resources support conditions in their IAM
1492// policies, see the IAM documentation
1493// (https://cloud.google.com/iam/help/conditions/resource-policies).
1494// **JSON example:** { "bindings": [ { "role":
1495// "roles/resourcemanager.organizationAdmin", "members": [
1496// "user:mike@example.com", "group:admins@example.com",
1497// "domain:google.com",
1498// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, {
1499// "role": "roles/resourcemanager.organizationViewer", "members": [
1500// "user:eve@example.com" ], "condition": { "title": "expirable access",
1501// "description": "Does not grant access after Sep 2020", "expression":
1502// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ],
1503// "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: -
1504// members: - user:mike@example.com - group:admins@example.com -
1505// domain:google.com -
1506// serviceAccount:my-project-id@appspot.gserviceaccount.com role:
1507// roles/resourcemanager.organizationAdmin - members: -
1508// user:eve@example.com role: roles/resourcemanager.organizationViewer
1509// condition: title: expirable access description: Does not grant access
1510// after Sep 2020 expression: request.time <
1511// timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3
1512// For a description of IAM and its features, see the IAM documentation
1513// (https://cloud.google.com/iam/docs/).
1514type Policy struct {
1515	// AuditConfigs: Specifies cloud audit logging configuration for this
1516	// policy.
1517	AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"`
1518
1519	// Bindings: Associates a list of `members`, or principals, with a
1520	// `role`. Optionally, may specify a `condition` that determines how and
1521	// when the `bindings` are applied. Each of the `bindings` must contain
1522	// at least one principal. The `bindings` in a `Policy` can refer to up
1523	// to 1,500 principals; up to 250 of these principals can be Google
1524	// groups. Each occurrence of a principal counts towards these limits.
1525	// For example, if the `bindings` grant 50 different roles to
1526	// `user:alice@example.com`, and not to any other principal, then you
1527	// can add another 1,450 principals to the `bindings` in the `Policy`.
1528	Bindings []*Binding `json:"bindings,omitempty"`
1529
1530	// Etag: `etag` is used for optimistic concurrency control as a way to
1531	// help prevent simultaneous updates of a policy from overwriting each
1532	// other. It is strongly suggested that systems make use of the `etag`
1533	// in the read-modify-write cycle to perform policy updates in order to
1534	// avoid race conditions: An `etag` is returned in the response to
1535	// `getIamPolicy`, and systems are expected to put that etag in the
1536	// request to `setIamPolicy` to ensure that their change will be applied
1537	// to the same version of the policy. **Important:** If you use IAM
1538	// Conditions, you must include the `etag` field whenever you call
1539	// `setIamPolicy`. If you omit this field, then IAM allows you to
1540	// overwrite a version `3` policy with a version `1` policy, and all of
1541	// the conditions in the version `3` policy are lost.
1542	Etag string `json:"etag,omitempty"`
1543
1544	// Version: Specifies the format of the policy. Valid values are `0`,
1545	// `1`, and `3`. Requests that specify an invalid value are rejected.
1546	// Any operation that affects conditional role bindings must specify
1547	// version `3`. This requirement applies to the following operations: *
1548	// Getting a policy that includes a conditional role binding * Adding a
1549	// conditional role binding to a policy * Changing a conditional role
1550	// binding in a policy * Removing any role binding, with or without a
1551	// condition, from a policy that includes conditions **Important:** If
1552	// you use IAM Conditions, you must include the `etag` field whenever
1553	// you call `setIamPolicy`. If you omit this field, then IAM allows you
1554	// to overwrite a version `3` policy with a version `1` policy, and all
1555	// of the conditions in the version `3` policy are lost. If a policy
1556	// does not include any conditions, operations on that policy may
1557	// specify any valid version or leave the field unset. To learn which
1558	// resources support conditions in their IAM policies, see the IAM
1559	// documentation
1560	// (https://cloud.google.com/iam/help/conditions/resource-policies).
1561	Version int64 `json:"version,omitempty"`
1562
1563	// ServerResponse contains the HTTP response code and headers from the
1564	// server.
1565	googleapi.ServerResponse `json:"-"`
1566
1567	// ForceSendFields is a list of field names (e.g. "AuditConfigs") to
1568	// unconditionally include in API requests. By default, fields with
1569	// empty or default values are omitted from API requests. However, any
1570	// non-pointer, non-interface field appearing in ForceSendFields will be
1571	// sent to the server regardless of whether the field is empty or not.
1572	// This may be used to include empty fields in Patch requests.
1573	ForceSendFields []string `json:"-"`
1574
1575	// NullFields is a list of field names (e.g. "AuditConfigs") to include
1576	// in API requests with the JSON null value. By default, fields with
1577	// empty values are omitted from API requests. However, any field with
1578	// an empty value appearing in NullFields will be sent to the server as
1579	// null. It is an error if a field in this list has a non-empty value.
1580	// This may be used to include null fields in Patch requests.
1581	NullFields []string `json:"-"`
1582}
1583
1584func (s *Policy) MarshalJSON() ([]byte, error) {
1585	type NoMethod Policy
1586	raw := NoMethod(*s)
1587	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1588}
1589
1590// PolicyDelta: The difference delta between two policies.
1591type PolicyDelta struct {
1592	// BindingDeltas: The delta for Bindings between two policies.
1593	BindingDeltas []*BindingDelta `json:"bindingDeltas,omitempty"`
1594
1595	// ForceSendFields is a list of field names (e.g. "BindingDeltas") to
1596	// unconditionally include in API requests. By default, fields with
1597	// empty or default values are omitted from API requests. However, any
1598	// non-pointer, non-interface field appearing in ForceSendFields will be
1599	// sent to the server regardless of whether the field is empty or not.
1600	// This may be used to include empty fields in Patch requests.
1601	ForceSendFields []string `json:"-"`
1602
1603	// NullFields is a list of field names (e.g. "BindingDeltas") to include
1604	// in API requests with the JSON null value. By default, fields with
1605	// empty values are omitted from API requests. However, any field with
1606	// an empty value appearing in NullFields will be sent to the server as
1607	// null. It is an error if a field in this list has a non-empty value.
1608	// This may be used to include null fields in Patch requests.
1609	NullFields []string `json:"-"`
1610}
1611
1612func (s *PolicyDelta) MarshalJSON() ([]byte, error) {
1613	type NoMethod PolicyDelta
1614	raw := NoMethod(*s)
1615	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1616}
1617
1618// QueryAuditableServicesRequest: A request to get the list of auditable
1619// services for a resource.
1620type QueryAuditableServicesRequest struct {
1621	// FullResourceName: Required. The full resource name to query from the
1622	// list of auditable services. The name follows the Google Cloud
1623	// Platform resource format. For example, a Cloud Platform project with
1624	// id `my-project` will be named
1625	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
1626	FullResourceName string `json:"fullResourceName,omitempty"`
1627
1628	// ForceSendFields is a list of field names (e.g. "FullResourceName") to
1629	// unconditionally include in API requests. By default, fields with
1630	// empty or default values are omitted from API requests. However, any
1631	// non-pointer, non-interface field appearing in ForceSendFields will be
1632	// sent to the server regardless of whether the field is empty or not.
1633	// This may be used to include empty fields in Patch requests.
1634	ForceSendFields []string `json:"-"`
1635
1636	// NullFields is a list of field names (e.g. "FullResourceName") to
1637	// include in API requests with the JSON null value. By default, fields
1638	// with empty values are omitted from API requests. However, any field
1639	// with an empty value appearing in NullFields will be sent to the
1640	// server as null. It is an error if a field in this list has a
1641	// non-empty value. This may be used to include null fields in Patch
1642	// requests.
1643	NullFields []string `json:"-"`
1644}
1645
1646func (s *QueryAuditableServicesRequest) MarshalJSON() ([]byte, error) {
1647	type NoMethod QueryAuditableServicesRequest
1648	raw := NoMethod(*s)
1649	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1650}
1651
1652// QueryAuditableServicesResponse: A response containing a list of
1653// auditable services for a resource.
1654type QueryAuditableServicesResponse struct {
1655	// Services: The auditable services for a resource.
1656	Services []*AuditableService `json:"services,omitempty"`
1657
1658	// ServerResponse contains the HTTP response code and headers from the
1659	// server.
1660	googleapi.ServerResponse `json:"-"`
1661
1662	// ForceSendFields is a list of field names (e.g. "Services") to
1663	// unconditionally include in API requests. By default, fields with
1664	// empty or default values are omitted from API requests. However, any
1665	// non-pointer, non-interface field appearing in ForceSendFields will be
1666	// sent to the server regardless of whether the field is empty or not.
1667	// This may be used to include empty fields in Patch requests.
1668	ForceSendFields []string `json:"-"`
1669
1670	// NullFields is a list of field names (e.g. "Services") to include in
1671	// API requests with the JSON null value. By default, fields with empty
1672	// values are omitted from API requests. However, any field with an
1673	// empty value appearing in NullFields will be sent to the server as
1674	// null. It is an error if a field in this list has a non-empty value.
1675	// This may be used to include null fields in Patch requests.
1676	NullFields []string `json:"-"`
1677}
1678
1679func (s *QueryAuditableServicesResponse) MarshalJSON() ([]byte, error) {
1680	type NoMethod QueryAuditableServicesResponse
1681	raw := NoMethod(*s)
1682	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1683}
1684
1685// QueryGrantableRolesRequest: The grantable role query request.
1686type QueryGrantableRolesRequest struct {
1687	// FullResourceName: Required. The full resource name to query from the
1688	// list of grantable roles. The name follows the Google Cloud Platform
1689	// resource format. For example, a Cloud Platform project with id
1690	// `my-project` will be named
1691	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
1692	FullResourceName string `json:"fullResourceName,omitempty"`
1693
1694	// PageSize: Optional limit on the number of roles to include in the
1695	// response. The default is 300, and the maximum is 1,000.
1696	PageSize int64 `json:"pageSize,omitempty"`
1697
1698	// PageToken: Optional pagination token returned in an earlier
1699	// QueryGrantableRolesResponse.
1700	PageToken string `json:"pageToken,omitempty"`
1701
1702	// Possible values:
1703	//   "BASIC" - Omits the `included_permissions` field. This is the
1704	// default value.
1705	//   "FULL" - Returns all fields.
1706	View string `json:"view,omitempty"`
1707
1708	// ForceSendFields is a list of field names (e.g. "FullResourceName") to
1709	// unconditionally include in API requests. By default, fields with
1710	// empty or default values are omitted from API requests. However, any
1711	// non-pointer, non-interface field appearing in ForceSendFields will be
1712	// sent to the server regardless of whether the field is empty or not.
1713	// This may be used to include empty fields in Patch requests.
1714	ForceSendFields []string `json:"-"`
1715
1716	// NullFields is a list of field names (e.g. "FullResourceName") to
1717	// include in API requests with the JSON null value. By default, fields
1718	// with empty values are omitted from API requests. However, any field
1719	// with an empty value appearing in NullFields will be sent to the
1720	// server as null. It is an error if a field in this list has a
1721	// non-empty value. This may be used to include null fields in Patch
1722	// requests.
1723	NullFields []string `json:"-"`
1724}
1725
1726func (s *QueryGrantableRolesRequest) MarshalJSON() ([]byte, error) {
1727	type NoMethod QueryGrantableRolesRequest
1728	raw := NoMethod(*s)
1729	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1730}
1731
1732// QueryGrantableRolesResponse: The grantable role query response.
1733type QueryGrantableRolesResponse struct {
1734	// NextPageToken: To retrieve the next page of results, set
1735	// `QueryGrantableRolesRequest.page_token` to this value.
1736	NextPageToken string `json:"nextPageToken,omitempty"`
1737
1738	// Roles: The list of matching roles.
1739	Roles []*Role `json:"roles,omitempty"`
1740
1741	// ServerResponse contains the HTTP response code and headers from the
1742	// server.
1743	googleapi.ServerResponse `json:"-"`
1744
1745	// ForceSendFields is a list of field names (e.g. "NextPageToken") to
1746	// unconditionally include in API requests. By default, fields with
1747	// empty or default values are omitted from API requests. However, any
1748	// non-pointer, non-interface field appearing in ForceSendFields will be
1749	// sent to the server regardless of whether the field is empty or not.
1750	// This may be used to include empty fields in Patch requests.
1751	ForceSendFields []string `json:"-"`
1752
1753	// NullFields is a list of field names (e.g. "NextPageToken") to include
1754	// in API requests with the JSON null value. By default, fields with
1755	// empty values are omitted from API requests. However, any field with
1756	// an empty value appearing in NullFields will be sent to the server as
1757	// null. It is an error if a field in this list has a non-empty value.
1758	// This may be used to include null fields in Patch requests.
1759	NullFields []string `json:"-"`
1760}
1761
1762func (s *QueryGrantableRolesResponse) MarshalJSON() ([]byte, error) {
1763	type NoMethod QueryGrantableRolesResponse
1764	raw := NoMethod(*s)
1765	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1766}
1767
1768// QueryTestablePermissionsRequest: A request to get permissions which
1769// can be tested on a resource.
1770type QueryTestablePermissionsRequest struct {
1771	// FullResourceName: Required. The full resource name to query from the
1772	// list of testable permissions. The name follows the Google Cloud
1773	// Platform resource format. For example, a Cloud Platform project with
1774	// id `my-project` will be named
1775	// `//cloudresourcemanager.googleapis.com/projects/my-project`.
1776	FullResourceName string `json:"fullResourceName,omitempty"`
1777
1778	// PageSize: Optional limit on the number of permissions to include in
1779	// the response. The default is 100, and the maximum is 1,000.
1780	PageSize int64 `json:"pageSize,omitempty"`
1781
1782	// PageToken: Optional pagination token returned in an earlier
1783	// QueryTestablePermissionsRequest.
1784	PageToken string `json:"pageToken,omitempty"`
1785
1786	// ForceSendFields is a list of field names (e.g. "FullResourceName") to
1787	// unconditionally include in API requests. By default, fields with
1788	// empty or default values are omitted from API requests. However, any
1789	// non-pointer, non-interface field appearing in ForceSendFields will be
1790	// sent to the server regardless of whether the field is empty or not.
1791	// This may be used to include empty fields in Patch requests.
1792	ForceSendFields []string `json:"-"`
1793
1794	// NullFields is a list of field names (e.g. "FullResourceName") to
1795	// include in API requests with the JSON null value. By default, fields
1796	// with empty values are omitted from API requests. However, any field
1797	// with an empty value appearing in NullFields will be sent to the
1798	// server as null. It is an error if a field in this list has a
1799	// non-empty value. This may be used to include null fields in Patch
1800	// requests.
1801	NullFields []string `json:"-"`
1802}
1803
1804func (s *QueryTestablePermissionsRequest) MarshalJSON() ([]byte, error) {
1805	type NoMethod QueryTestablePermissionsRequest
1806	raw := NoMethod(*s)
1807	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1808}
1809
1810// QueryTestablePermissionsResponse: The response containing permissions
1811// which can be tested on a resource.
1812type QueryTestablePermissionsResponse struct {
1813	// NextPageToken: To retrieve the next page of results, set
1814	// `QueryTestableRolesRequest.page_token` to this value.
1815	NextPageToken string `json:"nextPageToken,omitempty"`
1816
1817	// Permissions: The Permissions testable on the requested resource.
1818	Permissions []*Permission `json:"permissions,omitempty"`
1819
1820	// ServerResponse contains the HTTP response code and headers from the
1821	// server.
1822	googleapi.ServerResponse `json:"-"`
1823
1824	// ForceSendFields is a list of field names (e.g. "NextPageToken") to
1825	// unconditionally include in API requests. By default, fields with
1826	// empty or default values are omitted from API requests. However, any
1827	// non-pointer, non-interface field appearing in ForceSendFields will be
1828	// sent to the server regardless of whether the field is empty or not.
1829	// This may be used to include empty fields in Patch requests.
1830	ForceSendFields []string `json:"-"`
1831
1832	// NullFields is a list of field names (e.g. "NextPageToken") to include
1833	// in API requests with the JSON null value. By default, fields with
1834	// empty values are omitted from API requests. However, any field with
1835	// an empty value appearing in NullFields will be sent to the server as
1836	// null. It is an error if a field in this list has a non-empty value.
1837	// This may be used to include null fields in Patch requests.
1838	NullFields []string `json:"-"`
1839}
1840
1841func (s *QueryTestablePermissionsResponse) MarshalJSON() ([]byte, error) {
1842	type NoMethod QueryTestablePermissionsResponse
1843	raw := NoMethod(*s)
1844	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1845}
1846
1847// Role: A role in the Identity and Access Management API.
1848type Role struct {
1849	// Deleted: The current deleted state of the role. This field is read
1850	// only. It will be ignored in calls to CreateRole and UpdateRole.
1851	Deleted bool `json:"deleted,omitempty"`
1852
1853	// Description: Optional. A human-readable description for the role.
1854	Description string `json:"description,omitempty"`
1855
1856	// Etag: Used to perform a consistent read-modify-write.
1857	Etag string `json:"etag,omitempty"`
1858
1859	// IncludedPermissions: The names of the permissions this role grants
1860	// when bound in an IAM policy.
1861	IncludedPermissions []string `json:"includedPermissions,omitempty"`
1862
1863	// Name: The name of the role. When Role is used in CreateRole, the role
1864	// name must not be set. When Role is used in output and other input
1865	// such as UpdateRole, the role name is the complete path, e.g.,
1866	// roles/logging.viewer for predefined roles and
1867	// organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom
1868	// roles.
1869	Name string `json:"name,omitempty"`
1870
1871	// Stage: The current launch stage of the role. If the `ALPHA` launch
1872	// stage has been selected for a role, the `stage` field will not be
1873	// included in the returned definition for the role.
1874	//
1875	// Possible values:
1876	//   "ALPHA" - The user has indicated this role is currently in an Alpha
1877	// phase. If this launch stage is selected, the `stage` field will not
1878	// be included when requesting the definition for a given role.
1879	//   "BETA" - The user has indicated this role is currently in a Beta
1880	// phase.
1881	//   "GA" - The user has indicated this role is generally available.
1882	//   "DEPRECATED" - The user has indicated this role is being
1883	// deprecated.
1884	//   "DISABLED" - This role is disabled and will not contribute
1885	// permissions to any principals it is granted to in policies.
1886	//   "EAP" - The user has indicated this role is currently in an EAP
1887	// phase.
1888	Stage string `json:"stage,omitempty"`
1889
1890	// Title: Optional. A human-readable title for the role. Typically this
1891	// is limited to 100 UTF-8 bytes.
1892	Title string `json:"title,omitempty"`
1893
1894	// ServerResponse contains the HTTP response code and headers from the
1895	// server.
1896	googleapi.ServerResponse `json:"-"`
1897
1898	// ForceSendFields is a list of field names (e.g. "Deleted") to
1899	// unconditionally include in API requests. By default, fields with
1900	// empty or default values are omitted from API requests. However, any
1901	// non-pointer, non-interface field appearing in ForceSendFields will be
1902	// sent to the server regardless of whether the field is empty or not.
1903	// This may be used to include empty fields in Patch requests.
1904	ForceSendFields []string `json:"-"`
1905
1906	// NullFields is a list of field names (e.g. "Deleted") to include in
1907	// API requests with the JSON null value. By default, fields with empty
1908	// values are omitted from API requests. However, any field with an
1909	// empty value appearing in NullFields will be sent to the server as
1910	// null. It is an error if a field in this list has a non-empty value.
1911	// This may be used to include null fields in Patch requests.
1912	NullFields []string `json:"-"`
1913}
1914
1915func (s *Role) MarshalJSON() ([]byte, error) {
1916	type NoMethod Role
1917	raw := NoMethod(*s)
1918	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
1919}
1920
1921// ServiceAccount: An IAM service account. A service account is an
1922// account for an application or a virtual machine (VM) instance, not a
1923// person. You can use a service account to call Google APIs. To learn
1924// more, read the overview of service accounts
1925// (https://cloud.google.com/iam/help/service-accounts/overview). When
1926// you create a service account, you specify the project ID that owns
1927// the service account, as well as a name that must be unique within the
1928// project. IAM uses these values to create an email address that
1929// identifies the service account.
1930type ServiceAccount struct {
1931	// Description: Optional. A user-specified, human-readable description
1932	// of the service account. The maximum length is 256 UTF-8 bytes.
1933	Description string `json:"description,omitempty"`
1934
1935	// Disabled: Output only. Whether the service account is disabled.
1936	Disabled bool `json:"disabled,omitempty"`
1937
1938	// DisplayName: Optional. A user-specified, human-readable name for the
1939	// service account. The maximum length is 100 UTF-8 bytes.
1940	DisplayName string `json:"displayName,omitempty"`
1941
1942	// Email: Output only. The email address of the service account.
1943	Email string `json:"email,omitempty"`
1944
1945	// Etag: Deprecated. Do not use.
1946	Etag string `json:"etag,omitempty"`
1947
1948	// Name: The resource name of the service account. Use one of the
1949	// following formats: *
1950	// `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` *
1951	// `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an
1952	// alternative, you can use the `-` wildcard character instead of the
1953	// project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` *
1954	// `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using
1955	// the `-` wildcard character, because it can cause response messages to
1956	// contain misleading error codes. For example, if you try to get the
1957	// service account `projects/-/serviceAccounts/fake@example.com`, which
1958	// does not exist, the response contains an HTTP `403 Forbidden` error
1959	// instead of a `404 Not Found` error.
1960	Name string `json:"name,omitempty"`
1961
1962	// Oauth2ClientId: Output only. The OAuth 2.0 client ID for the service
1963	// account.
1964	Oauth2ClientId string `json:"oauth2ClientId,omitempty"`
1965
1966	// ProjectId: Output only. The ID of the project that owns the service
1967	// account.
1968	ProjectId string `json:"projectId,omitempty"`
1969
1970	// UniqueId: Output only. The unique, stable numeric ID for the service
1971	// account. Each service account retains its unique ID even if you
1972	// delete the service account. For example, if you delete a service
1973	// account, then create a new service account with the same name, the
1974	// new service account has a different unique ID than the deleted
1975	// service account.
1976	UniqueId string `json:"uniqueId,omitempty"`
1977
1978	// ServerResponse contains the HTTP response code and headers from the
1979	// server.
1980	googleapi.ServerResponse `json:"-"`
1981
1982	// ForceSendFields is a list of field names (e.g. "Description") to
1983	// unconditionally include in API requests. By default, fields with
1984	// empty or default values are omitted from API requests. However, any
1985	// non-pointer, non-interface field appearing in ForceSendFields will be
1986	// sent to the server regardless of whether the field is empty or not.
1987	// This may be used to include empty fields in Patch requests.
1988	ForceSendFields []string `json:"-"`
1989
1990	// NullFields is a list of field names (e.g. "Description") to include
1991	// in API requests with the JSON null value. By default, fields with
1992	// empty values are omitted from API requests. However, any field with
1993	// an empty value appearing in NullFields will be sent to the server as
1994	// null. It is an error if a field in this list has a non-empty value.
1995	// This may be used to include null fields in Patch requests.
1996	NullFields []string `json:"-"`
1997}
1998
1999func (s *ServiceAccount) MarshalJSON() ([]byte, error) {
2000	type NoMethod ServiceAccount
2001	raw := NoMethod(*s)
2002	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2003}
2004
2005// ServiceAccountKey: Represents a service account key. A service
2006// account has two sets of key-pairs: user-managed, and system-managed.
2007// User-managed key-pairs can be created and deleted by users. Users are
2008// responsible for rotating these keys periodically to ensure security
2009// of their service accounts. Users retain the private key of these
2010// key-pairs, and Google retains ONLY the public key. System-managed
2011// keys are automatically rotated by Google, and are used for signing
2012// for a maximum of two weeks. The rotation process is probabilistic,
2013// and usage of the new key will gradually ramp up and down over the
2014// key's lifetime. If you cache the public key set for a service
2015// account, we recommend that you update the cache every 15 minutes.
2016// User-managed keys can be added and removed at any time, so it is
2017// important to update the cache frequently. For Google-managed keys,
2018// Google will publish a key at least 6 hours before it is first used
2019// for signing and will keep publishing it for at least 6 hours after it
2020// was last used for signing. Public keys for all service accounts are
2021// also published at the OAuth2 Service Account API.
2022type ServiceAccountKey struct {
2023	// Disabled: The key status.
2024	Disabled bool `json:"disabled,omitempty"`
2025
2026	// KeyAlgorithm: Specifies the algorithm (and possibly key size) for the
2027	// key.
2028	//
2029	// Possible values:
2030	//   "KEY_ALG_UNSPECIFIED" - An unspecified key algorithm.
2031	//   "KEY_ALG_RSA_1024" - 1k RSA Key.
2032	//   "KEY_ALG_RSA_2048" - 2k RSA Key.
2033	KeyAlgorithm string `json:"keyAlgorithm,omitempty"`
2034
2035	// KeyOrigin: The key origin.
2036	//
2037	// Possible values:
2038	//   "ORIGIN_UNSPECIFIED" - Unspecified key origin.
2039	//   "USER_PROVIDED" - Key is provided by user.
2040	//   "GOOGLE_PROVIDED" - Key is provided by Google.
2041	KeyOrigin string `json:"keyOrigin,omitempty"`
2042
2043	// KeyType: The key type.
2044	//
2045	// Possible values:
2046	//   "KEY_TYPE_UNSPECIFIED" - Unspecified key type. The presence of this
2047	// in the message will immediately result in an error.
2048	//   "USER_MANAGED" - User-managed keys (managed and rotated by the
2049	// user).
2050	//   "SYSTEM_MANAGED" - System-managed keys (managed and rotated by
2051	// Google).
2052	KeyType string `json:"keyType,omitempty"`
2053
2054	// Name: The resource name of the service account key in the following
2055	// format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.
2056	Name string `json:"name,omitempty"`
2057
2058	// PrivateKeyData: The private key data. Only provided in
2059	// `CreateServiceAccountKey` responses. Make sure to keep the private
2060	// key data secure because it allows for the assertion of the service
2061	// account identity. When base64 decoded, the private key data can be
2062	// used to authenticate with Google API client libraries and with gcloud
2063	// auth activate-service-account.
2064	PrivateKeyData string `json:"privateKeyData,omitempty"`
2065
2066	// PrivateKeyType: The output format for the private key. Only provided
2067	// in `CreateServiceAccountKey` responses, not in `GetServiceAccountKey`
2068	// or `ListServiceAccountKey` responses. Google never exposes
2069	// system-managed private keys, and never retains user-managed private
2070	// keys.
2071	//
2072	// Possible values:
2073	//   "TYPE_UNSPECIFIED" - Unspecified. Equivalent to
2074	// `TYPE_GOOGLE_CREDENTIALS_FILE`.
2075	//   "TYPE_PKCS12_FILE" - PKCS12 format. The password for the PKCS12
2076	// file is `notasecret`. For more information, see
2077	// https://tools.ietf.org/html/rfc7292.
2078	//   "TYPE_GOOGLE_CREDENTIALS_FILE" - Google Credentials File format.
2079	PrivateKeyType string `json:"privateKeyType,omitempty"`
2080
2081	// PublicKeyData: The public key data. Only provided in
2082	// `GetServiceAccountKey` responses.
2083	PublicKeyData string `json:"publicKeyData,omitempty"`
2084
2085	// ValidAfterTime: The key can be used after this timestamp.
2086	ValidAfterTime string `json:"validAfterTime,omitempty"`
2087
2088	// ValidBeforeTime: The key can be used before this timestamp. For
2089	// system-managed key pairs, this timestamp is the end time for the
2090	// private key signing operation. The public key could still be used for
2091	// verification for a few hours after this time.
2092	ValidBeforeTime string `json:"validBeforeTime,omitempty"`
2093
2094	// ServerResponse contains the HTTP response code and headers from the
2095	// server.
2096	googleapi.ServerResponse `json:"-"`
2097
2098	// ForceSendFields is a list of field names (e.g. "Disabled") to
2099	// unconditionally include in API requests. By default, fields with
2100	// empty or default values are omitted from API requests. However, any
2101	// non-pointer, non-interface field appearing in ForceSendFields will be
2102	// sent to the server regardless of whether the field is empty or not.
2103	// This may be used to include empty fields in Patch requests.
2104	ForceSendFields []string `json:"-"`
2105
2106	// NullFields is a list of field names (e.g. "Disabled") to include in
2107	// API requests with the JSON null value. By default, fields with empty
2108	// values are omitted from API requests. However, any field with an
2109	// empty value appearing in NullFields will be sent to the server as
2110	// null. It is an error if a field in this list has a non-empty value.
2111	// This may be used to include null fields in Patch requests.
2112	NullFields []string `json:"-"`
2113}
2114
2115func (s *ServiceAccountKey) MarshalJSON() ([]byte, error) {
2116	type NoMethod ServiceAccountKey
2117	raw := NoMethod(*s)
2118	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2119}
2120
2121// SetIamPolicyRequest: Request message for `SetIamPolicy` method.
2122type SetIamPolicyRequest struct {
2123	// Policy: REQUIRED: The complete policy to be applied to the
2124	// `resource`. The size of the policy is limited to a few 10s of KB. An
2125	// empty policy is a valid policy but certain Cloud Platform services
2126	// (such as Projects) might reject them.
2127	Policy *Policy `json:"policy,omitempty"`
2128
2129	// UpdateMask: OPTIONAL: A FieldMask specifying which fields of the
2130	// policy to modify. Only the fields in the mask will be modified. If no
2131	// mask is provided, the following default mask is used: `paths:
2132	// "bindings, etag"
2133	UpdateMask string `json:"updateMask,omitempty"`
2134
2135	// ForceSendFields is a list of field names (e.g. "Policy") to
2136	// unconditionally include in API requests. By default, fields with
2137	// empty or default values are omitted from API requests. However, any
2138	// non-pointer, non-interface field appearing in ForceSendFields will be
2139	// sent to the server regardless of whether the field is empty or not.
2140	// This may be used to include empty fields in Patch requests.
2141	ForceSendFields []string `json:"-"`
2142
2143	// NullFields is a list of field names (e.g. "Policy") to include in API
2144	// requests with the JSON null value. By default, fields with empty
2145	// values are omitted from API requests. However, any field with an
2146	// empty value appearing in NullFields will be sent to the server as
2147	// null. It is an error if a field in this list has a non-empty value.
2148	// This may be used to include null fields in Patch requests.
2149	NullFields []string `json:"-"`
2150}
2151
2152func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error) {
2153	type NoMethod SetIamPolicyRequest
2154	raw := NoMethod(*s)
2155	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2156}
2157
2158// SignBlobRequest: Deprecated. Migrate to Service Account Credentials
2159// API (https://cloud.google.com/iam/help/credentials/migrate-api). The
2160// service account sign blob request.
2161type SignBlobRequest struct {
2162	// BytesToSign: Required. Deprecated. Migrate to Service Account
2163	// Credentials API
2164	// (https://cloud.google.com/iam/help/credentials/migrate-api). The
2165	// bytes to sign.
2166	BytesToSign string `json:"bytesToSign,omitempty"`
2167
2168	// ForceSendFields is a list of field names (e.g. "BytesToSign") to
2169	// unconditionally include in API requests. By default, fields with
2170	// empty or default values are omitted from API requests. However, any
2171	// non-pointer, non-interface field appearing in ForceSendFields will be
2172	// sent to the server regardless of whether the field is empty or not.
2173	// This may be used to include empty fields in Patch requests.
2174	ForceSendFields []string `json:"-"`
2175
2176	// NullFields is a list of field names (e.g. "BytesToSign") to include
2177	// in API requests with the JSON null value. By default, fields with
2178	// empty values are omitted from API requests. However, any field with
2179	// an empty value appearing in NullFields will be sent to the server as
2180	// null. It is an error if a field in this list has a non-empty value.
2181	// This may be used to include null fields in Patch requests.
2182	NullFields []string `json:"-"`
2183}
2184
2185func (s *SignBlobRequest) MarshalJSON() ([]byte, error) {
2186	type NoMethod SignBlobRequest
2187	raw := NoMethod(*s)
2188	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2189}
2190
2191// SignBlobResponse: Deprecated. Migrate to Service Account Credentials
2192// API (https://cloud.google.com/iam/help/credentials/migrate-api). The
2193// service account sign blob response.
2194type SignBlobResponse struct {
2195	// KeyId: Deprecated. Migrate to Service Account Credentials API
2196	// (https://cloud.google.com/iam/help/credentials/migrate-api). The id
2197	// of the key used to sign the blob.
2198	KeyId string `json:"keyId,omitempty"`
2199
2200	// Signature: Deprecated. Migrate to Service Account Credentials API
2201	// (https://cloud.google.com/iam/help/credentials/migrate-api). The
2202	// signed blob.
2203	Signature string `json:"signature,omitempty"`
2204
2205	// ServerResponse contains the HTTP response code and headers from the
2206	// server.
2207	googleapi.ServerResponse `json:"-"`
2208
2209	// ForceSendFields is a list of field names (e.g. "KeyId") to
2210	// unconditionally include in API requests. By default, fields with
2211	// empty or default values are omitted from API requests. However, any
2212	// non-pointer, non-interface field appearing in ForceSendFields will be
2213	// sent to the server regardless of whether the field is empty or not.
2214	// This may be used to include empty fields in Patch requests.
2215	ForceSendFields []string `json:"-"`
2216
2217	// NullFields is a list of field names (e.g. "KeyId") to include in API
2218	// requests with the JSON null value. By default, fields with empty
2219	// values are omitted from API requests. However, any field with an
2220	// empty value appearing in NullFields will be sent to the server as
2221	// null. It is an error if a field in this list has a non-empty value.
2222	// This may be used to include null fields in Patch requests.
2223	NullFields []string `json:"-"`
2224}
2225
2226func (s *SignBlobResponse) MarshalJSON() ([]byte, error) {
2227	type NoMethod SignBlobResponse
2228	raw := NoMethod(*s)
2229	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2230}
2231
2232// SignJwtRequest: Deprecated. Migrate to Service Account Credentials
2233// API (https://cloud.google.com/iam/help/credentials/migrate-api). The
2234// service account sign JWT request.
2235type SignJwtRequest struct {
2236	// Payload: Required. Deprecated. Migrate to Service Account Credentials
2237	// API (https://cloud.google.com/iam/help/credentials/migrate-api). The
2238	// JWT payload to sign. Must be a serialized JSON object that contains a
2239	// JWT Claims Set. For example: `{"sub": "user@example.com", "iat":
2240	// 313435}` If the JWT Claims Set contains an expiration time (`exp`)
2241	// claim, it must be an integer timestamp that is not in the past and no
2242	// more than 12 hours in the future. If the JWT Claims Set does not
2243	// contain an expiration time (`exp`) claim, this claim is added
2244	// automatically, with a timestamp that is 1 hour in the future.
2245	Payload string `json:"payload,omitempty"`
2246
2247	// ForceSendFields is a list of field names (e.g. "Payload") to
2248	// unconditionally include in API requests. By default, fields with
2249	// empty or default values are omitted from API requests. However, any
2250	// non-pointer, non-interface field appearing in ForceSendFields will be
2251	// sent to the server regardless of whether the field is empty or not.
2252	// This may be used to include empty fields in Patch requests.
2253	ForceSendFields []string `json:"-"`
2254
2255	// NullFields is a list of field names (e.g. "Payload") to include in
2256	// API requests with the JSON null value. By default, fields with empty
2257	// values are omitted from API requests. However, any field with an
2258	// empty value appearing in NullFields will be sent to the server as
2259	// null. It is an error if a field in this list has a non-empty value.
2260	// This may be used to include null fields in Patch requests.
2261	NullFields []string `json:"-"`
2262}
2263
2264func (s *SignJwtRequest) MarshalJSON() ([]byte, error) {
2265	type NoMethod SignJwtRequest
2266	raw := NoMethod(*s)
2267	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2268}
2269
2270// SignJwtResponse: Deprecated. Migrate to Service Account Credentials
2271// API (https://cloud.google.com/iam/help/credentials/migrate-api). The
2272// service account sign JWT response.
2273type SignJwtResponse struct {
2274	// KeyId: Deprecated. Migrate to Service Account Credentials API
2275	// (https://cloud.google.com/iam/help/credentials/migrate-api). The id
2276	// of the key used to sign the JWT.
2277	KeyId string `json:"keyId,omitempty"`
2278
2279	// SignedJwt: Deprecated. Migrate to Service Account Credentials API
2280	// (https://cloud.google.com/iam/help/credentials/migrate-api). The
2281	// signed JWT.
2282	SignedJwt string `json:"signedJwt,omitempty"`
2283
2284	// ServerResponse contains the HTTP response code and headers from the
2285	// server.
2286	googleapi.ServerResponse `json:"-"`
2287
2288	// ForceSendFields is a list of field names (e.g. "KeyId") to
2289	// unconditionally include in API requests. By default, fields with
2290	// empty or default values are omitted from API requests. However, any
2291	// non-pointer, non-interface field appearing in ForceSendFields will be
2292	// sent to the server regardless of whether the field is empty or not.
2293	// This may be used to include empty fields in Patch requests.
2294	ForceSendFields []string `json:"-"`
2295
2296	// NullFields is a list of field names (e.g. "KeyId") to include in API
2297	// requests with the JSON null value. By default, fields with empty
2298	// values are omitted from API requests. However, any field with an
2299	// empty value appearing in NullFields will be sent to the server as
2300	// null. It is an error if a field in this list has a non-empty value.
2301	// This may be used to include null fields in Patch requests.
2302	NullFields []string `json:"-"`
2303}
2304
2305func (s *SignJwtResponse) MarshalJSON() ([]byte, error) {
2306	type NoMethod SignJwtResponse
2307	raw := NoMethod(*s)
2308	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2309}
2310
2311// Status: The `Status` type defines a logical error model that is
2312// suitable for different programming environments, including REST APIs
2313// and RPC APIs. It is used by gRPC (https://github.com/grpc). Each
2314// `Status` message contains three pieces of data: error code, error
2315// message, and error details. You can find out more about this error
2316// model and how to work with it in the API Design Guide
2317// (https://cloud.google.com/apis/design/errors).
2318type Status struct {
2319	// Code: The status code, which should be an enum value of
2320	// google.rpc.Code.
2321	Code int64 `json:"code,omitempty"`
2322
2323	// Details: A list of messages that carry the error details. There is a
2324	// common set of message types for APIs to use.
2325	Details []googleapi.RawMessage `json:"details,omitempty"`
2326
2327	// Message: A developer-facing error message, which should be in
2328	// English. Any user-facing error message should be localized and sent
2329	// in the google.rpc.Status.details field, or localized by the client.
2330	Message string `json:"message,omitempty"`
2331
2332	// ForceSendFields is a list of field names (e.g. "Code") to
2333	// unconditionally include in API requests. By default, fields with
2334	// empty or default values are omitted from API requests. However, any
2335	// non-pointer, non-interface field appearing in ForceSendFields will be
2336	// sent to the server regardless of whether the field is empty or not.
2337	// This may be used to include empty fields in Patch requests.
2338	ForceSendFields []string `json:"-"`
2339
2340	// NullFields is a list of field names (e.g. "Code") to include in API
2341	// requests with the JSON null value. By default, fields with empty
2342	// values are omitted from API requests. However, any field with an
2343	// empty value appearing in NullFields will be sent to the server as
2344	// null. It is an error if a field in this list has a non-empty value.
2345	// This may be used to include null fields in Patch requests.
2346	NullFields []string `json:"-"`
2347}
2348
2349func (s *Status) MarshalJSON() ([]byte, error) {
2350	type NoMethod Status
2351	raw := NoMethod(*s)
2352	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2353}
2354
2355// TestIamPermissionsRequest: Request message for `TestIamPermissions`
2356// method.
2357type TestIamPermissionsRequest struct {
2358	// Permissions: The set of permissions to check for the `resource`.
2359	// Permissions with wildcards (such as '*' or 'storage.*') are not
2360	// allowed. For more information see IAM Overview
2361	// (https://cloud.google.com/iam/docs/overview#permissions).
2362	Permissions []string `json:"permissions,omitempty"`
2363
2364	// ForceSendFields is a list of field names (e.g. "Permissions") to
2365	// unconditionally include in API requests. By default, fields with
2366	// empty or default values are omitted from API requests. However, any
2367	// non-pointer, non-interface field appearing in ForceSendFields will be
2368	// sent to the server regardless of whether the field is empty or not.
2369	// This may be used to include empty fields in Patch requests.
2370	ForceSendFields []string `json:"-"`
2371
2372	// NullFields is a list of field names (e.g. "Permissions") to include
2373	// in API requests with the JSON null value. By default, fields with
2374	// empty values are omitted from API requests. However, any field with
2375	// an empty value appearing in NullFields will be sent to the server as
2376	// null. It is an error if a field in this list has a non-empty value.
2377	// This may be used to include null fields in Patch requests.
2378	NullFields []string `json:"-"`
2379}
2380
2381func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error) {
2382	type NoMethod TestIamPermissionsRequest
2383	raw := NoMethod(*s)
2384	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2385}
2386
2387// TestIamPermissionsResponse: Response message for `TestIamPermissions`
2388// method.
2389type TestIamPermissionsResponse struct {
2390	// Permissions: A subset of `TestPermissionsRequest.permissions` that
2391	// the caller is allowed.
2392	Permissions []string `json:"permissions,omitempty"`
2393
2394	// ServerResponse contains the HTTP response code and headers from the
2395	// server.
2396	googleapi.ServerResponse `json:"-"`
2397
2398	// ForceSendFields is a list of field names (e.g. "Permissions") to
2399	// unconditionally include in API requests. By default, fields with
2400	// empty or default values are omitted from API requests. However, any
2401	// non-pointer, non-interface field appearing in ForceSendFields will be
2402	// sent to the server regardless of whether the field is empty or not.
2403	// This may be used to include empty fields in Patch requests.
2404	ForceSendFields []string `json:"-"`
2405
2406	// NullFields is a list of field names (e.g. "Permissions") to include
2407	// in API requests with the JSON null value. By default, fields with
2408	// empty values are omitted from API requests. However, any field with
2409	// an empty value appearing in NullFields will be sent to the server as
2410	// null. It is an error if a field in this list has a non-empty value.
2411	// This may be used to include null fields in Patch requests.
2412	NullFields []string `json:"-"`
2413}
2414
2415func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) {
2416	type NoMethod TestIamPermissionsResponse
2417	raw := NoMethod(*s)
2418	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2419}
2420
2421// UndeleteRoleRequest: The request to undelete an existing role.
2422type UndeleteRoleRequest struct {
2423	// Etag: Used to perform a consistent read-modify-write.
2424	Etag string `json:"etag,omitempty"`
2425
2426	// ForceSendFields is a list of field names (e.g. "Etag") to
2427	// unconditionally include in API requests. By default, fields with
2428	// empty or default values are omitted from API requests. However, any
2429	// non-pointer, non-interface field appearing in ForceSendFields will be
2430	// sent to the server regardless of whether the field is empty or not.
2431	// This may be used to include empty fields in Patch requests.
2432	ForceSendFields []string `json:"-"`
2433
2434	// NullFields is a list of field names (e.g. "Etag") to include in API
2435	// requests with the JSON null value. By default, fields with empty
2436	// values are omitted from API requests. However, any field with an
2437	// empty value appearing in NullFields will be sent to the server as
2438	// null. It is an error if a field in this list has a non-empty value.
2439	// This may be used to include null fields in Patch requests.
2440	NullFields []string `json:"-"`
2441}
2442
2443func (s *UndeleteRoleRequest) MarshalJSON() ([]byte, error) {
2444	type NoMethod UndeleteRoleRequest
2445	raw := NoMethod(*s)
2446	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2447}
2448
2449// UndeleteServiceAccountRequest: The service account undelete request.
2450type UndeleteServiceAccountRequest struct {
2451}
2452
2453type UndeleteServiceAccountResponse struct {
2454	// RestoredAccount: Metadata for the restored service account.
2455	RestoredAccount *ServiceAccount `json:"restoredAccount,omitempty"`
2456
2457	// ServerResponse contains the HTTP response code and headers from the
2458	// server.
2459	googleapi.ServerResponse `json:"-"`
2460
2461	// ForceSendFields is a list of field names (e.g. "RestoredAccount") to
2462	// unconditionally include in API requests. By default, fields with
2463	// empty or default values are omitted from API requests. However, any
2464	// non-pointer, non-interface field appearing in ForceSendFields will be
2465	// sent to the server regardless of whether the field is empty or not.
2466	// This may be used to include empty fields in Patch requests.
2467	ForceSendFields []string `json:"-"`
2468
2469	// NullFields is a list of field names (e.g. "RestoredAccount") to
2470	// include in API requests with the JSON null value. By default, fields
2471	// with empty values are omitted from API requests. However, any field
2472	// with an empty value appearing in NullFields will be sent to the
2473	// server as null. It is an error if a field in this list has a
2474	// non-empty value. This may be used to include null fields in Patch
2475	// requests.
2476	NullFields []string `json:"-"`
2477}
2478
2479func (s *UndeleteServiceAccountResponse) MarshalJSON() ([]byte, error) {
2480	type NoMethod UndeleteServiceAccountResponse
2481	raw := NoMethod(*s)
2482	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2483}
2484
2485// UndeleteWorkloadIdentityPoolProviderRequest: Request message for
2486// UndeleteWorkloadIdentityPoolProvider.
2487type UndeleteWorkloadIdentityPoolProviderRequest struct {
2488}
2489
2490// UndeleteWorkloadIdentityPoolRequest: Request message for
2491// UndeleteWorkloadIdentityPool.
2492type UndeleteWorkloadIdentityPoolRequest struct {
2493}
2494
2495// UploadServiceAccountKeyRequest: The service account key upload
2496// request.
2497type UploadServiceAccountKeyRequest struct {
2498	// PublicKeyData: A field that allows clients to upload their own public
2499	// key. If set, use this public key data to create a service account key
2500	// for given service account. Please note, the expected format for this
2501	// field is X509_PEM.
2502	PublicKeyData string `json:"publicKeyData,omitempty"`
2503
2504	// ForceSendFields is a list of field names (e.g. "PublicKeyData") to
2505	// unconditionally include in API requests. By default, fields with
2506	// empty or default values are omitted from API requests. However, any
2507	// non-pointer, non-interface field appearing in ForceSendFields will be
2508	// sent to the server regardless of whether the field is empty or not.
2509	// This may be used to include empty fields in Patch requests.
2510	ForceSendFields []string `json:"-"`
2511
2512	// NullFields is a list of field names (e.g. "PublicKeyData") to include
2513	// in API requests with the JSON null value. By default, fields with
2514	// empty values are omitted from API requests. However, any field with
2515	// an empty value appearing in NullFields will be sent to the server as
2516	// null. It is an error if a field in this list has a non-empty value.
2517	// This may be used to include null fields in Patch requests.
2518	NullFields []string `json:"-"`
2519}
2520
2521func (s *UploadServiceAccountKeyRequest) MarshalJSON() ([]byte, error) {
2522	type NoMethod UploadServiceAccountKeyRequest
2523	raw := NoMethod(*s)
2524	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2525}
2526
2527// WorkloadIdentityPool: Represents a collection of external workload
2528// identities. You can define IAM policies to grant these identities
2529// access to Google Cloud resources.
2530type WorkloadIdentityPool struct {
2531	// Description: A description of the pool. Cannot exceed 256 characters.
2532	Description string `json:"description,omitempty"`
2533
2534	// Disabled: Whether the pool is disabled. You cannot use a disabled
2535	// pool to exchange tokens, or use existing tokens to access resources.
2536	// If the pool is re-enabled, existing tokens grant access again.
2537	Disabled bool `json:"disabled,omitempty"`
2538
2539	// DisplayName: A display name for the pool. Cannot exceed 32
2540	// characters.
2541	DisplayName string `json:"displayName,omitempty"`
2542
2543	// Name: Output only. The resource name of the pool.
2544	Name string `json:"name,omitempty"`
2545
2546	// State: Output only. The state of the pool.
2547	//
2548	// Possible values:
2549	//   "STATE_UNSPECIFIED" - State unspecified.
2550	//   "ACTIVE" - The pool is active, and may be used in Google Cloud
2551	// policies.
2552	//   "DELETED" - The pool is soft-deleted. Soft-deleted pools are
2553	// permanently deleted after approximately 30 days. You can restore a
2554	// soft-deleted pool using UndeleteWorkloadIdentityPool. You cannot
2555	// reuse the ID of a soft-deleted pool until it is permanently deleted.
2556	// While a pool is deleted, you cannot use it to exchange tokens, or use
2557	// existing tokens to access resources. If the pool is undeleted,
2558	// existing tokens grant access again.
2559	State string `json:"state,omitempty"`
2560
2561	// ServerResponse contains the HTTP response code and headers from the
2562	// server.
2563	googleapi.ServerResponse `json:"-"`
2564
2565	// ForceSendFields is a list of field names (e.g. "Description") to
2566	// unconditionally include in API requests. By default, fields with
2567	// empty or default values are omitted from API requests. However, any
2568	// non-pointer, non-interface field appearing in ForceSendFields will be
2569	// sent to the server regardless of whether the field is empty or not.
2570	// This may be used to include empty fields in Patch requests.
2571	ForceSendFields []string `json:"-"`
2572
2573	// NullFields is a list of field names (e.g. "Description") to include
2574	// in API requests with the JSON null value. By default, fields with
2575	// empty values are omitted from API requests. However, any field with
2576	// an empty value appearing in NullFields will be sent to the server as
2577	// null. It is an error if a field in this list has a non-empty value.
2578	// This may be used to include null fields in Patch requests.
2579	NullFields []string `json:"-"`
2580}
2581
2582func (s *WorkloadIdentityPool) MarshalJSON() ([]byte, error) {
2583	type NoMethod WorkloadIdentityPool
2584	raw := NoMethod(*s)
2585	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2586}
2587
2588// WorkloadIdentityPoolProvider: A configuration for an external
2589// identity provider.
2590type WorkloadIdentityPoolProvider struct {
2591	// AttributeCondition: A Common Expression Language
2592	// (https://opensource.google/projects/cel) expression, in plain text,
2593	// to restrict what otherwise valid authentication credentials issued by
2594	// the provider should not be accepted. The expression must output a
2595	// boolean representing whether to allow the federation. The following
2596	// keywords may be referenced in the expressions: * `assertion`: JSON
2597	// representing the authentication credential issued by the provider. *
2598	// `google`: The Google attributes mapped from the assertion in the
2599	// `attribute_mappings`. * `attribute`: The custom attributes mapped
2600	// from the assertion in the `attribute_mappings`. The maximum length of
2601	// the attribute condition expression is 4096 characters. If
2602	// unspecified, all valid authentication credential are accepted. The
2603	// following example shows how to only allow credentials with a mapped
2604	// `google.groups` value of `admins`: ``` "'admins' in google.groups"
2605	// ```
2606	AttributeCondition string `json:"attributeCondition,omitempty"`
2607
2608	// AttributeMapping: Maps attributes from authentication credentials
2609	// issued by an external identity provider to Google Cloud attributes,
2610	// such as `subject` and `segment`. Each key must be a string specifying
2611	// the Google Cloud IAM attribute to map to. The following keys are
2612	// supported: * `google.subject`: The principal IAM is authenticating.
2613	// You can reference this value in IAM bindings. This is also the
2614	// subject that appears in Cloud Logging logs. Cannot exceed 127
2615	// characters. * `google.groups`: Groups the external identity belongs
2616	// to. You can grant groups access to resources using an IAM
2617	// `principalSet` binding; access applies to all members of the group.
2618	// You can also provide custom attributes by specifying
2619	// `attribute.{custom_attribute}`, where `{custom_attribute}` is the
2620	// name of the custom attribute to be mapped. You can define a maximum
2621	// of 50 custom attributes. The maximum length of a mapped attribute key
2622	// is 100 characters, and the key may only contain the characters
2623	// [a-z0-9_]. You can reference these attributes in IAM policies to
2624	// define fine-grained access for a workload to Google Cloud resources.
2625	// For example: * `google.subject`:
2626	// `principal://iam.googleapis.com/projects/{project}/locations/{location
2627	// }/workloadIdentityPools/{pool}/subject/{value}` * `google.groups`:
2628	// `principalSet://iam.googleapis.com/projects/{project}/locations/{locat
2629	// ion}/workloadIdentityPools/{pool}/group/{value}` *
2630	// `attribute.{custom_attribute}`:
2631	// `principalSet://iam.googleapis.com/projects/{project}/locations/{locat
2632	// ion}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}
2633	// ` Each value must be a [Common Expression Language]
2634	// (https://opensource.google/projects/cel) function that maps an
2635	// identity provider credential to the normalized attribute specified by
2636	// the corresponding map key. You can use the `assertion` keyword in the
2637	// expression to access a JSON representation of the authentication
2638	// credential issued by the provider. The maximum length of an attribute
2639	// mapping expression is 2048 characters. When evaluated, the total size
2640	// of all mapped attributes must not exceed 8KB. For AWS providers, if
2641	// no attribute mapping is defined, the following default mapping
2642	// applies: ``` { "google.subject":"assertion.arn",
2643	// "attribute.aws_role": "assertion.arn.contains('assumed-role')" " ?
2644	// assertion.arn.extract('{account_arn}assumed-role/')" " +
2645	// 'assumed-role/'" " +
2646	// assertion.arn.extract('assumed-role/{role_name}/')" " :
2647	// assertion.arn", } ``` If any custom attribute mappings are defined,
2648	// they must include a mapping to the `google.subject` attribute. For
2649	// OIDC providers, you must supply a custom mapping, which must include
2650	// the `google.subject` attribute. For example, the following maps the
2651	// `sub` claim of the incoming credential to the `subject` attribute on
2652	// a Google token: ``` {"google.subject": "assertion.sub"} ```
2653	AttributeMapping map[string]string `json:"attributeMapping,omitempty"`
2654
2655	// Aws: An Amazon Web Services identity provider.
2656	Aws *Aws `json:"aws,omitempty"`
2657
2658	// Description: A description for the provider. Cannot exceed 256
2659	// characters.
2660	Description string `json:"description,omitempty"`
2661
2662	// Disabled: Whether the provider is disabled. You cannot use a disabled
2663	// provider to exchange tokens. However, existing tokens still grant
2664	// access.
2665	Disabled bool `json:"disabled,omitempty"`
2666
2667	// DisplayName: A display name for the provider. Cannot exceed 32
2668	// characters.
2669	DisplayName string `json:"displayName,omitempty"`
2670
2671	// Name: Output only. The resource name of the provider.
2672	Name string `json:"name,omitempty"`
2673
2674	// Oidc: An OpenId Connect 1.0 identity provider.
2675	Oidc *Oidc `json:"oidc,omitempty"`
2676
2677	// State: Output only. The state of the provider.
2678	//
2679	// Possible values:
2680	//   "STATE_UNSPECIFIED" - State unspecified.
2681	//   "ACTIVE" - The provider is active, and may be used to validate
2682	// authentication credentials.
2683	//   "DELETED" - The provider is soft-deleted. Soft-deleted providers
2684	// are permanently deleted after approximately 30 days. You can restore
2685	// a soft-deleted provider using UndeleteWorkloadIdentityPoolProvider.
2686	// You cannot reuse the ID of a soft-deleted provider until it is
2687	// permanently deleted.
2688	State string `json:"state,omitempty"`
2689
2690	// ServerResponse contains the HTTP response code and headers from the
2691	// server.
2692	googleapi.ServerResponse `json:"-"`
2693
2694	// ForceSendFields is a list of field names (e.g. "AttributeCondition")
2695	// to unconditionally include in API requests. By default, fields with
2696	// empty or default values are omitted from API requests. However, any
2697	// non-pointer, non-interface field appearing in ForceSendFields will be
2698	// sent to the server regardless of whether the field is empty or not.
2699	// This may be used to include empty fields in Patch requests.
2700	ForceSendFields []string `json:"-"`
2701
2702	// NullFields is a list of field names (e.g. "AttributeCondition") to
2703	// include in API requests with the JSON null value. By default, fields
2704	// with empty values are omitted from API requests. However, any field
2705	// with an empty value appearing in NullFields will be sent to the
2706	// server as null. It is an error if a field in this list has a
2707	// non-empty value. This may be used to include null fields in Patch
2708	// requests.
2709	NullFields []string `json:"-"`
2710}
2711
2712func (s *WorkloadIdentityPoolProvider) MarshalJSON() ([]byte, error) {
2713	type NoMethod WorkloadIdentityPoolProvider
2714	raw := NoMethod(*s)
2715	return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields)
2716}
2717
2718// method id "iam.iamPolicies.lintPolicy":
2719
2720type IamPoliciesLintPolicyCall struct {
2721	s                 *Service
2722	lintpolicyrequest *LintPolicyRequest
2723	urlParams_        gensupport.URLParams
2724	ctx_              context.Context
2725	header_           http.Header
2726}
2727
2728// LintPolicy: Lints, or validates, an IAM policy. Currently checks the
2729// google.iam.v1.Binding.condition field, which contains a condition
2730// expression for a role binding. Successful calls to this method always
2731// return an HTTP `200 OK` status code, even if the linter detects an
2732// issue in the IAM policy.
2733func (r *IamPoliciesService) LintPolicy(lintpolicyrequest *LintPolicyRequest) *IamPoliciesLintPolicyCall {
2734	c := &IamPoliciesLintPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
2735	c.lintpolicyrequest = lintpolicyrequest
2736	return c
2737}
2738
2739// Fields allows partial responses to be retrieved. See
2740// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
2741// for more information.
2742func (c *IamPoliciesLintPolicyCall) Fields(s ...googleapi.Field) *IamPoliciesLintPolicyCall {
2743	c.urlParams_.Set("fields", googleapi.CombineFields(s))
2744	return c
2745}
2746
2747// Context sets the context to be used in this call's Do method. Any
2748// pending HTTP request will be aborted if the provided context is
2749// canceled.
2750func (c *IamPoliciesLintPolicyCall) Context(ctx context.Context) *IamPoliciesLintPolicyCall {
2751	c.ctx_ = ctx
2752	return c
2753}
2754
2755// Header returns an http.Header that can be modified by the caller to
2756// add HTTP headers to the request.
2757func (c *IamPoliciesLintPolicyCall) Header() http.Header {
2758	if c.header_ == nil {
2759		c.header_ = make(http.Header)
2760	}
2761	return c.header_
2762}
2763
2764func (c *IamPoliciesLintPolicyCall) doRequest(alt string) (*http.Response, error) {
2765	reqHeaders := make(http.Header)
2766	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
2767	for k, v := range c.header_ {
2768		reqHeaders[k] = v
2769	}
2770	reqHeaders.Set("User-Agent", c.s.userAgent())
2771	var body io.Reader = nil
2772	body, err := googleapi.WithoutDataWrapper.JSONReader(c.lintpolicyrequest)
2773	if err != nil {
2774		return nil, err
2775	}
2776	reqHeaders.Set("Content-Type", "application/json")
2777	c.urlParams_.Set("alt", alt)
2778	c.urlParams_.Set("prettyPrint", "false")
2779	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/iamPolicies:lintPolicy")
2780	urls += "?" + c.urlParams_.Encode()
2781	req, err := http.NewRequest("POST", urls, body)
2782	if err != nil {
2783		return nil, err
2784	}
2785	req.Header = reqHeaders
2786	return gensupport.SendRequest(c.ctx_, c.s.client, req)
2787}
2788
2789// Do executes the "iam.iamPolicies.lintPolicy" call.
2790// Exactly one of *LintPolicyResponse or error will be non-nil. Any
2791// non-2xx status code is an error. Response headers are in either
2792// *LintPolicyResponse.ServerResponse.Header or (if a response was
2793// returned at all) in error.(*googleapi.Error).Header. Use
2794// googleapi.IsNotModified to check whether the returned error was
2795// because http.StatusNotModified was returned.
2796func (c *IamPoliciesLintPolicyCall) Do(opts ...googleapi.CallOption) (*LintPolicyResponse, error) {
2797	gensupport.SetOptions(c.urlParams_, opts...)
2798	res, err := c.doRequest("json")
2799	if res != nil && res.StatusCode == http.StatusNotModified {
2800		if res.Body != nil {
2801			res.Body.Close()
2802		}
2803		return nil, &googleapi.Error{
2804			Code:   res.StatusCode,
2805			Header: res.Header,
2806		}
2807	}
2808	if err != nil {
2809		return nil, err
2810	}
2811	defer googleapi.CloseBody(res)
2812	if err := googleapi.CheckResponse(res); err != nil {
2813		return nil, err
2814	}
2815	ret := &LintPolicyResponse{
2816		ServerResponse: googleapi.ServerResponse{
2817			Header:         res.Header,
2818			HTTPStatusCode: res.StatusCode,
2819		},
2820	}
2821	target := &ret
2822	if err := gensupport.DecodeResponse(target, res); err != nil {
2823		return nil, err
2824	}
2825	return ret, nil
2826	// {
2827	//   "description": "Lints, or validates, an IAM policy. Currently checks the google.iam.v1.Binding.condition field, which contains a condition expression for a role binding. Successful calls to this method always return an HTTP `200 OK` status code, even if the linter detects an issue in the IAM policy.",
2828	//   "flatPath": "v1/iamPolicies:lintPolicy",
2829	//   "httpMethod": "POST",
2830	//   "id": "iam.iamPolicies.lintPolicy",
2831	//   "parameterOrder": [],
2832	//   "parameters": {},
2833	//   "path": "v1/iamPolicies:lintPolicy",
2834	//   "request": {
2835	//     "$ref": "LintPolicyRequest"
2836	//   },
2837	//   "response": {
2838	//     "$ref": "LintPolicyResponse"
2839	//   },
2840	//   "scopes": [
2841	//     "https://www.googleapis.com/auth/cloud-platform"
2842	//   ]
2843	// }
2844
2845}
2846
2847// method id "iam.iamPolicies.queryAuditableServices":
2848
2849type IamPoliciesQueryAuditableServicesCall struct {
2850	s                             *Service
2851	queryauditableservicesrequest *QueryAuditableServicesRequest
2852	urlParams_                    gensupport.URLParams
2853	ctx_                          context.Context
2854	header_                       http.Header
2855}
2856
2857// QueryAuditableServices: Returns a list of services that allow you to
2858// opt into audit logs that are not generated by default. To learn more
2859// about audit logs, see the Logging documentation
2860// (https://cloud.google.com/logging/docs/audit).
2861func (r *IamPoliciesService) QueryAuditableServices(queryauditableservicesrequest *QueryAuditableServicesRequest) *IamPoliciesQueryAuditableServicesCall {
2862	c := &IamPoliciesQueryAuditableServicesCall{s: r.s, urlParams_: make(gensupport.URLParams)}
2863	c.queryauditableservicesrequest = queryauditableservicesrequest
2864	return c
2865}
2866
2867// Fields allows partial responses to be retrieved. See
2868// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
2869// for more information.
2870func (c *IamPoliciesQueryAuditableServicesCall) Fields(s ...googleapi.Field) *IamPoliciesQueryAuditableServicesCall {
2871	c.urlParams_.Set("fields", googleapi.CombineFields(s))
2872	return c
2873}
2874
2875// Context sets the context to be used in this call's Do method. Any
2876// pending HTTP request will be aborted if the provided context is
2877// canceled.
2878func (c *IamPoliciesQueryAuditableServicesCall) Context(ctx context.Context) *IamPoliciesQueryAuditableServicesCall {
2879	c.ctx_ = ctx
2880	return c
2881}
2882
2883// Header returns an http.Header that can be modified by the caller to
2884// add HTTP headers to the request.
2885func (c *IamPoliciesQueryAuditableServicesCall) Header() http.Header {
2886	if c.header_ == nil {
2887		c.header_ = make(http.Header)
2888	}
2889	return c.header_
2890}
2891
2892func (c *IamPoliciesQueryAuditableServicesCall) doRequest(alt string) (*http.Response, error) {
2893	reqHeaders := make(http.Header)
2894	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
2895	for k, v := range c.header_ {
2896		reqHeaders[k] = v
2897	}
2898	reqHeaders.Set("User-Agent", c.s.userAgent())
2899	var body io.Reader = nil
2900	body, err := googleapi.WithoutDataWrapper.JSONReader(c.queryauditableservicesrequest)
2901	if err != nil {
2902		return nil, err
2903	}
2904	reqHeaders.Set("Content-Type", "application/json")
2905	c.urlParams_.Set("alt", alt)
2906	c.urlParams_.Set("prettyPrint", "false")
2907	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/iamPolicies:queryAuditableServices")
2908	urls += "?" + c.urlParams_.Encode()
2909	req, err := http.NewRequest("POST", urls, body)
2910	if err != nil {
2911		return nil, err
2912	}
2913	req.Header = reqHeaders
2914	return gensupport.SendRequest(c.ctx_, c.s.client, req)
2915}
2916
2917// Do executes the "iam.iamPolicies.queryAuditableServices" call.
2918// Exactly one of *QueryAuditableServicesResponse or error will be
2919// non-nil. Any non-2xx status code is an error. Response headers are in
2920// either *QueryAuditableServicesResponse.ServerResponse.Header or (if a
2921// response was returned at all) in error.(*googleapi.Error).Header. Use
2922// googleapi.IsNotModified to check whether the returned error was
2923// because http.StatusNotModified was returned.
2924func (c *IamPoliciesQueryAuditableServicesCall) Do(opts ...googleapi.CallOption) (*QueryAuditableServicesResponse, error) {
2925	gensupport.SetOptions(c.urlParams_, opts...)
2926	res, err := c.doRequest("json")
2927	if res != nil && res.StatusCode == http.StatusNotModified {
2928		if res.Body != nil {
2929			res.Body.Close()
2930		}
2931		return nil, &googleapi.Error{
2932			Code:   res.StatusCode,
2933			Header: res.Header,
2934		}
2935	}
2936	if err != nil {
2937		return nil, err
2938	}
2939	defer googleapi.CloseBody(res)
2940	if err := googleapi.CheckResponse(res); err != nil {
2941		return nil, err
2942	}
2943	ret := &QueryAuditableServicesResponse{
2944		ServerResponse: googleapi.ServerResponse{
2945			Header:         res.Header,
2946			HTTPStatusCode: res.StatusCode,
2947		},
2948	}
2949	target := &ret
2950	if err := gensupport.DecodeResponse(target, res); err != nil {
2951		return nil, err
2952	}
2953	return ret, nil
2954	// {
2955	//   "description": "Returns a list of services that allow you to opt into audit logs that are not generated by default. To learn more about audit logs, see the [Logging documentation](https://cloud.google.com/logging/docs/audit).",
2956	//   "flatPath": "v1/iamPolicies:queryAuditableServices",
2957	//   "httpMethod": "POST",
2958	//   "id": "iam.iamPolicies.queryAuditableServices",
2959	//   "parameterOrder": [],
2960	//   "parameters": {},
2961	//   "path": "v1/iamPolicies:queryAuditableServices",
2962	//   "request": {
2963	//     "$ref": "QueryAuditableServicesRequest"
2964	//   },
2965	//   "response": {
2966	//     "$ref": "QueryAuditableServicesResponse"
2967	//   },
2968	//   "scopes": [
2969	//     "https://www.googleapis.com/auth/cloud-platform"
2970	//   ]
2971	// }
2972
2973}
2974
2975// method id "iam.locations.workforcePools.operations.get":
2976
2977type LocationsWorkforcePoolsOperationsGetCall struct {
2978	s            *Service
2979	name         string
2980	urlParams_   gensupport.URLParams
2981	ifNoneMatch_ string
2982	ctx_         context.Context
2983	header_      http.Header
2984}
2985
2986// Get: Gets the latest state of a long-running operation. Clients can
2987// use this method to poll the operation result at intervals as
2988// recommended by the API service.
2989//
2990// - name: The name of the operation resource.
2991func (r *LocationsWorkforcePoolsOperationsService) Get(name string) *LocationsWorkforcePoolsOperationsGetCall {
2992	c := &LocationsWorkforcePoolsOperationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
2993	c.name = name
2994	return c
2995}
2996
2997// Fields allows partial responses to be retrieved. See
2998// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
2999// for more information.
3000func (c *LocationsWorkforcePoolsOperationsGetCall) Fields(s ...googleapi.Field) *LocationsWorkforcePoolsOperationsGetCall {
3001	c.urlParams_.Set("fields", googleapi.CombineFields(s))
3002	return c
3003}
3004
3005// IfNoneMatch sets the optional parameter which makes the operation
3006// fail if the object's ETag matches the given value. This is useful for
3007// getting updates only after the object has changed since the last
3008// request. Use googleapi.IsNotModified to check whether the response
3009// error from Do is the result of In-None-Match.
3010func (c *LocationsWorkforcePoolsOperationsGetCall) IfNoneMatch(entityTag string) *LocationsWorkforcePoolsOperationsGetCall {
3011	c.ifNoneMatch_ = entityTag
3012	return c
3013}
3014
3015// Context sets the context to be used in this call's Do method. Any
3016// pending HTTP request will be aborted if the provided context is
3017// canceled.
3018func (c *LocationsWorkforcePoolsOperationsGetCall) Context(ctx context.Context) *LocationsWorkforcePoolsOperationsGetCall {
3019	c.ctx_ = ctx
3020	return c
3021}
3022
3023// Header returns an http.Header that can be modified by the caller to
3024// add HTTP headers to the request.
3025func (c *LocationsWorkforcePoolsOperationsGetCall) Header() http.Header {
3026	if c.header_ == nil {
3027		c.header_ = make(http.Header)
3028	}
3029	return c.header_
3030}
3031
3032func (c *LocationsWorkforcePoolsOperationsGetCall) doRequest(alt string) (*http.Response, error) {
3033	reqHeaders := make(http.Header)
3034	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
3035	for k, v := range c.header_ {
3036		reqHeaders[k] = v
3037	}
3038	reqHeaders.Set("User-Agent", c.s.userAgent())
3039	if c.ifNoneMatch_ != "" {
3040		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
3041	}
3042	var body io.Reader = nil
3043	c.urlParams_.Set("alt", alt)
3044	c.urlParams_.Set("prettyPrint", "false")
3045	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
3046	urls += "?" + c.urlParams_.Encode()
3047	req, err := http.NewRequest("GET", urls, body)
3048	if err != nil {
3049		return nil, err
3050	}
3051	req.Header = reqHeaders
3052	googleapi.Expand(req.URL, map[string]string{
3053		"name": c.name,
3054	})
3055	return gensupport.SendRequest(c.ctx_, c.s.client, req)
3056}
3057
3058// Do executes the "iam.locations.workforcePools.operations.get" call.
3059// Exactly one of *Operation or error will be non-nil. Any non-2xx
3060// status code is an error. Response headers are in either
3061// *Operation.ServerResponse.Header or (if a response was returned at
3062// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
3063// to check whether the returned error was because
3064// http.StatusNotModified was returned.
3065func (c *LocationsWorkforcePoolsOperationsGetCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
3066	gensupport.SetOptions(c.urlParams_, opts...)
3067	res, err := c.doRequest("json")
3068	if res != nil && res.StatusCode == http.StatusNotModified {
3069		if res.Body != nil {
3070			res.Body.Close()
3071		}
3072		return nil, &googleapi.Error{
3073			Code:   res.StatusCode,
3074			Header: res.Header,
3075		}
3076	}
3077	if err != nil {
3078		return nil, err
3079	}
3080	defer googleapi.CloseBody(res)
3081	if err := googleapi.CheckResponse(res); err != nil {
3082		return nil, err
3083	}
3084	ret := &Operation{
3085		ServerResponse: googleapi.ServerResponse{
3086			Header:         res.Header,
3087			HTTPStatusCode: res.StatusCode,
3088		},
3089	}
3090	target := &ret
3091	if err := gensupport.DecodeResponse(target, res); err != nil {
3092		return nil, err
3093	}
3094	return ret, nil
3095	// {
3096	//   "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.",
3097	//   "flatPath": "v1/locations/{locationsId}/workforcePools/{workforcePoolsId}/operations/{operationsId}",
3098	//   "httpMethod": "GET",
3099	//   "id": "iam.locations.workforcePools.operations.get",
3100	//   "parameterOrder": [
3101	//     "name"
3102	//   ],
3103	//   "parameters": {
3104	//     "name": {
3105	//       "description": "The name of the operation resource.",
3106	//       "location": "path",
3107	//       "pattern": "^locations/[^/]+/workforcePools/[^/]+/operations/[^/]+$",
3108	//       "required": true,
3109	//       "type": "string"
3110	//     }
3111	//   },
3112	//   "path": "v1/{+name}",
3113	//   "response": {
3114	//     "$ref": "Operation"
3115	//   },
3116	//   "scopes": [
3117	//     "https://www.googleapis.com/auth/cloud-platform"
3118	//   ]
3119	// }
3120
3121}
3122
3123// method id "iam.locations.workforcePools.providers.operations.get":
3124
3125type LocationsWorkforcePoolsProvidersOperationsGetCall struct {
3126	s            *Service
3127	name         string
3128	urlParams_   gensupport.URLParams
3129	ifNoneMatch_ string
3130	ctx_         context.Context
3131	header_      http.Header
3132}
3133
3134// Get: Gets the latest state of a long-running operation. Clients can
3135// use this method to poll the operation result at intervals as
3136// recommended by the API service.
3137//
3138// - name: The name of the operation resource.
3139func (r *LocationsWorkforcePoolsProvidersOperationsService) Get(name string) *LocationsWorkforcePoolsProvidersOperationsGetCall {
3140	c := &LocationsWorkforcePoolsProvidersOperationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
3141	c.name = name
3142	return c
3143}
3144
3145// Fields allows partial responses to be retrieved. See
3146// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
3147// for more information.
3148func (c *LocationsWorkforcePoolsProvidersOperationsGetCall) Fields(s ...googleapi.Field) *LocationsWorkforcePoolsProvidersOperationsGetCall {
3149	c.urlParams_.Set("fields", googleapi.CombineFields(s))
3150	return c
3151}
3152
3153// IfNoneMatch sets the optional parameter which makes the operation
3154// fail if the object's ETag matches the given value. This is useful for
3155// getting updates only after the object has changed since the last
3156// request. Use googleapi.IsNotModified to check whether the response
3157// error from Do is the result of In-None-Match.
3158func (c *LocationsWorkforcePoolsProvidersOperationsGetCall) IfNoneMatch(entityTag string) *LocationsWorkforcePoolsProvidersOperationsGetCall {
3159	c.ifNoneMatch_ = entityTag
3160	return c
3161}
3162
3163// Context sets the context to be used in this call's Do method. Any
3164// pending HTTP request will be aborted if the provided context is
3165// canceled.
3166func (c *LocationsWorkforcePoolsProvidersOperationsGetCall) Context(ctx context.Context) *LocationsWorkforcePoolsProvidersOperationsGetCall {
3167	c.ctx_ = ctx
3168	return c
3169}
3170
3171// Header returns an http.Header that can be modified by the caller to
3172// add HTTP headers to the request.
3173func (c *LocationsWorkforcePoolsProvidersOperationsGetCall) Header() http.Header {
3174	if c.header_ == nil {
3175		c.header_ = make(http.Header)
3176	}
3177	return c.header_
3178}
3179
3180func (c *LocationsWorkforcePoolsProvidersOperationsGetCall) doRequest(alt string) (*http.Response, error) {
3181	reqHeaders := make(http.Header)
3182	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
3183	for k, v := range c.header_ {
3184		reqHeaders[k] = v
3185	}
3186	reqHeaders.Set("User-Agent", c.s.userAgent())
3187	if c.ifNoneMatch_ != "" {
3188		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
3189	}
3190	var body io.Reader = nil
3191	c.urlParams_.Set("alt", alt)
3192	c.urlParams_.Set("prettyPrint", "false")
3193	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
3194	urls += "?" + c.urlParams_.Encode()
3195	req, err := http.NewRequest("GET", urls, body)
3196	if err != nil {
3197		return nil, err
3198	}
3199	req.Header = reqHeaders
3200	googleapi.Expand(req.URL, map[string]string{
3201		"name": c.name,
3202	})
3203	return gensupport.SendRequest(c.ctx_, c.s.client, req)
3204}
3205
3206// Do executes the "iam.locations.workforcePools.providers.operations.get" call.
3207// Exactly one of *Operation or error will be non-nil. Any non-2xx
3208// status code is an error. Response headers are in either
3209// *Operation.ServerResponse.Header or (if a response was returned at
3210// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
3211// to check whether the returned error was because
3212// http.StatusNotModified was returned.
3213func (c *LocationsWorkforcePoolsProvidersOperationsGetCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
3214	gensupport.SetOptions(c.urlParams_, opts...)
3215	res, err := c.doRequest("json")
3216	if res != nil && res.StatusCode == http.StatusNotModified {
3217		if res.Body != nil {
3218			res.Body.Close()
3219		}
3220		return nil, &googleapi.Error{
3221			Code:   res.StatusCode,
3222			Header: res.Header,
3223		}
3224	}
3225	if err != nil {
3226		return nil, err
3227	}
3228	defer googleapi.CloseBody(res)
3229	if err := googleapi.CheckResponse(res); err != nil {
3230		return nil, err
3231	}
3232	ret := &Operation{
3233		ServerResponse: googleapi.ServerResponse{
3234			Header:         res.Header,
3235			HTTPStatusCode: res.StatusCode,
3236		},
3237	}
3238	target := &ret
3239	if err := gensupport.DecodeResponse(target, res); err != nil {
3240		return nil, err
3241	}
3242	return ret, nil
3243	// {
3244	//   "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.",
3245	//   "flatPath": "v1/locations/{locationsId}/workforcePools/{workforcePoolsId}/providers/{providersId}/operations/{operationsId}",
3246	//   "httpMethod": "GET",
3247	//   "id": "iam.locations.workforcePools.providers.operations.get",
3248	//   "parameterOrder": [
3249	//     "name"
3250	//   ],
3251	//   "parameters": {
3252	//     "name": {
3253	//       "description": "The name of the operation resource.",
3254	//       "location": "path",
3255	//       "pattern": "^locations/[^/]+/workforcePools/[^/]+/providers/[^/]+/operations/[^/]+$",
3256	//       "required": true,
3257	//       "type": "string"
3258	//     }
3259	//   },
3260	//   "path": "v1/{+name}",
3261	//   "response": {
3262	//     "$ref": "Operation"
3263	//   },
3264	//   "scopes": [
3265	//     "https://www.googleapis.com/auth/cloud-platform"
3266	//   ]
3267	// }
3268
3269}
3270
3271// method id "iam.organizations.roles.create":
3272
3273type OrganizationsRolesCreateCall struct {
3274	s                 *Service
3275	parent            string
3276	createrolerequest *CreateRoleRequest
3277	urlParams_        gensupport.URLParams
3278	ctx_              context.Context
3279	header_           http.Header
3280}
3281
3282// Create: Creates a new custom Role.
3283//
3284// - parent: The `parent` parameter's value depends on the target
3285//   resource for the request, namely `projects`
3286//   (/iam/reference/rest/v1/projects.roles) or `organizations`
3287//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
3288//   `parent` value format is described below: *
3289//   `projects.roles.create()`
3290//   (/iam/reference/rest/v1/projects.roles/create):
3291//   `projects/{PROJECT_ID}`. This method creates project-level custom
3292//   roles (/iam/docs/understanding-custom-roles). Example request URL:
3293//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` *
3294//   `organizations.roles.create()`
3295//   (/iam/reference/rest/v1/organizations.roles/create):
3296//   `organizations/{ORGANIZATION_ID}`. This method creates
3297//   organization-level custom roles
3298//   (/iam/docs/understanding-custom-roles). Example request URL:
3299//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
3300//   ` Note: Wildcard (*) values are invalid; you must specify a
3301//   complete project ID or organization ID.
3302func (r *OrganizationsRolesService) Create(parent string, createrolerequest *CreateRoleRequest) *OrganizationsRolesCreateCall {
3303	c := &OrganizationsRolesCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
3304	c.parent = parent
3305	c.createrolerequest = createrolerequest
3306	return c
3307}
3308
3309// Fields allows partial responses to be retrieved. See
3310// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
3311// for more information.
3312func (c *OrganizationsRolesCreateCall) Fields(s ...googleapi.Field) *OrganizationsRolesCreateCall {
3313	c.urlParams_.Set("fields", googleapi.CombineFields(s))
3314	return c
3315}
3316
3317// Context sets the context to be used in this call's Do method. Any
3318// pending HTTP request will be aborted if the provided context is
3319// canceled.
3320func (c *OrganizationsRolesCreateCall) Context(ctx context.Context) *OrganizationsRolesCreateCall {
3321	c.ctx_ = ctx
3322	return c
3323}
3324
3325// Header returns an http.Header that can be modified by the caller to
3326// add HTTP headers to the request.
3327func (c *OrganizationsRolesCreateCall) Header() http.Header {
3328	if c.header_ == nil {
3329		c.header_ = make(http.Header)
3330	}
3331	return c.header_
3332}
3333
3334func (c *OrganizationsRolesCreateCall) doRequest(alt string) (*http.Response, error) {
3335	reqHeaders := make(http.Header)
3336	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
3337	for k, v := range c.header_ {
3338		reqHeaders[k] = v
3339	}
3340	reqHeaders.Set("User-Agent", c.s.userAgent())
3341	var body io.Reader = nil
3342	body, err := googleapi.WithoutDataWrapper.JSONReader(c.createrolerequest)
3343	if err != nil {
3344		return nil, err
3345	}
3346	reqHeaders.Set("Content-Type", "application/json")
3347	c.urlParams_.Set("alt", alt)
3348	c.urlParams_.Set("prettyPrint", "false")
3349	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/roles")
3350	urls += "?" + c.urlParams_.Encode()
3351	req, err := http.NewRequest("POST", urls, body)
3352	if err != nil {
3353		return nil, err
3354	}
3355	req.Header = reqHeaders
3356	googleapi.Expand(req.URL, map[string]string{
3357		"parent": c.parent,
3358	})
3359	return gensupport.SendRequest(c.ctx_, c.s.client, req)
3360}
3361
3362// Do executes the "iam.organizations.roles.create" call.
3363// Exactly one of *Role or error will be non-nil. Any non-2xx status
3364// code is an error. Response headers are in either
3365// *Role.ServerResponse.Header or (if a response was returned at all) in
3366// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
3367// whether the returned error was because http.StatusNotModified was
3368// returned.
3369func (c *OrganizationsRolesCreateCall) Do(opts ...googleapi.CallOption) (*Role, error) {
3370	gensupport.SetOptions(c.urlParams_, opts...)
3371	res, err := c.doRequest("json")
3372	if res != nil && res.StatusCode == http.StatusNotModified {
3373		if res.Body != nil {
3374			res.Body.Close()
3375		}
3376		return nil, &googleapi.Error{
3377			Code:   res.StatusCode,
3378			Header: res.Header,
3379		}
3380	}
3381	if err != nil {
3382		return nil, err
3383	}
3384	defer googleapi.CloseBody(res)
3385	if err := googleapi.CheckResponse(res); err != nil {
3386		return nil, err
3387	}
3388	ret := &Role{
3389		ServerResponse: googleapi.ServerResponse{
3390			Header:         res.Header,
3391			HTTPStatusCode: res.StatusCode,
3392		},
3393	}
3394	target := &ret
3395	if err := gensupport.DecodeResponse(target, res); err != nil {
3396		return nil, err
3397	}
3398	return ret, nil
3399	// {
3400	//   "description": "Creates a new custom Role.",
3401	//   "flatPath": "v1/organizations/{organizationsId}/roles",
3402	//   "httpMethod": "POST",
3403	//   "id": "iam.organizations.roles.create",
3404	//   "parameterOrder": [
3405	//     "parent"
3406	//   ],
3407	//   "parameters": {
3408	//     "parent": {
3409	//       "description": "The `parent` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create): `projects/{PROJECT_ID}`. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/create): `organizations/{ORGANIZATION_ID}`. This method creates organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
3410	//       "location": "path",
3411	//       "pattern": "^organizations/[^/]+$",
3412	//       "required": true,
3413	//       "type": "string"
3414	//     }
3415	//   },
3416	//   "path": "v1/{+parent}/roles",
3417	//   "request": {
3418	//     "$ref": "CreateRoleRequest"
3419	//   },
3420	//   "response": {
3421	//     "$ref": "Role"
3422	//   },
3423	//   "scopes": [
3424	//     "https://www.googleapis.com/auth/cloud-platform"
3425	//   ]
3426	// }
3427
3428}
3429
3430// method id "iam.organizations.roles.delete":
3431
3432type OrganizationsRolesDeleteCall struct {
3433	s          *Service
3434	name       string
3435	urlParams_ gensupport.URLParams
3436	ctx_       context.Context
3437	header_    http.Header
3438}
3439
3440// Delete: Deletes a custom Role. When you delete a custom role, the
3441// following changes occur immediately: * You cannot bind a principal to
3442// the custom role in an IAM Policy. * Existing bindings to the custom
3443// role are not changed, but they have no effect. * By default, the
3444// response from ListRoles does not include the custom role. You have 7
3445// days to undelete the custom role. After 7 days, the following changes
3446// occur: * The custom role is permanently deleted and cannot be
3447// recovered. * If an IAM policy contains a binding to the custom role,
3448// the binding is permanently removed.
3449//
3450// - name: The `name` parameter's value depends on the target resource
3451//   for the request, namely `projects`
3452//   (/iam/reference/rest/v1/projects.roles) or `organizations`
3453//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
3454//   `name` value format is described below: * `projects.roles.delete()`
3455//   (/iam/reference/rest/v1/projects.roles/delete):
3456//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes
3457//   only custom roles (/iam/docs/understanding-custom-roles) that have
3458//   been created at the project level. Example request URL:
3459//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
3460//   OLE_ID}` * `organizations.roles.delete()`
3461//   (/iam/reference/rest/v1/organizations.roles/delete):
3462//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
3463//   method deletes only custom roles
3464//   (/iam/docs/understanding-custom-roles) that have been created at
3465//   the organization level. Example request URL:
3466//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
3467//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
3468//   specify a complete project ID or organization ID.
3469func (r *OrganizationsRolesService) Delete(name string) *OrganizationsRolesDeleteCall {
3470	c := &OrganizationsRolesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
3471	c.name = name
3472	return c
3473}
3474
3475// Etag sets the optional parameter "etag": Used to perform a consistent
3476// read-modify-write.
3477func (c *OrganizationsRolesDeleteCall) Etag(etag string) *OrganizationsRolesDeleteCall {
3478	c.urlParams_.Set("etag", etag)
3479	return c
3480}
3481
3482// Fields allows partial responses to be retrieved. See
3483// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
3484// for more information.
3485func (c *OrganizationsRolesDeleteCall) Fields(s ...googleapi.Field) *OrganizationsRolesDeleteCall {
3486	c.urlParams_.Set("fields", googleapi.CombineFields(s))
3487	return c
3488}
3489
3490// Context sets the context to be used in this call's Do method. Any
3491// pending HTTP request will be aborted if the provided context is
3492// canceled.
3493func (c *OrganizationsRolesDeleteCall) Context(ctx context.Context) *OrganizationsRolesDeleteCall {
3494	c.ctx_ = ctx
3495	return c
3496}
3497
3498// Header returns an http.Header that can be modified by the caller to
3499// add HTTP headers to the request.
3500func (c *OrganizationsRolesDeleteCall) Header() http.Header {
3501	if c.header_ == nil {
3502		c.header_ = make(http.Header)
3503	}
3504	return c.header_
3505}
3506
3507func (c *OrganizationsRolesDeleteCall) doRequest(alt string) (*http.Response, error) {
3508	reqHeaders := make(http.Header)
3509	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
3510	for k, v := range c.header_ {
3511		reqHeaders[k] = v
3512	}
3513	reqHeaders.Set("User-Agent", c.s.userAgent())
3514	var body io.Reader = nil
3515	c.urlParams_.Set("alt", alt)
3516	c.urlParams_.Set("prettyPrint", "false")
3517	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
3518	urls += "?" + c.urlParams_.Encode()
3519	req, err := http.NewRequest("DELETE", urls, body)
3520	if err != nil {
3521		return nil, err
3522	}
3523	req.Header = reqHeaders
3524	googleapi.Expand(req.URL, map[string]string{
3525		"name": c.name,
3526	})
3527	return gensupport.SendRequest(c.ctx_, c.s.client, req)
3528}
3529
3530// Do executes the "iam.organizations.roles.delete" call.
3531// Exactly one of *Role or error will be non-nil. Any non-2xx status
3532// code is an error. Response headers are in either
3533// *Role.ServerResponse.Header or (if a response was returned at all) in
3534// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
3535// whether the returned error was because http.StatusNotModified was
3536// returned.
3537func (c *OrganizationsRolesDeleteCall) Do(opts ...googleapi.CallOption) (*Role, error) {
3538	gensupport.SetOptions(c.urlParams_, opts...)
3539	res, err := c.doRequest("json")
3540	if res != nil && res.StatusCode == http.StatusNotModified {
3541		if res.Body != nil {
3542			res.Body.Close()
3543		}
3544		return nil, &googleapi.Error{
3545			Code:   res.StatusCode,
3546			Header: res.Header,
3547		}
3548	}
3549	if err != nil {
3550		return nil, err
3551	}
3552	defer googleapi.CloseBody(res)
3553	if err := googleapi.CheckResponse(res); err != nil {
3554		return nil, err
3555	}
3556	ret := &Role{
3557		ServerResponse: googleapi.ServerResponse{
3558			Header:         res.Header,
3559			HTTPStatusCode: res.StatusCode,
3560		},
3561	}
3562	target := &ret
3563	if err := gensupport.DecodeResponse(target, res); err != nil {
3564		return nil, err
3565	}
3566	return ret, nil
3567	// {
3568	//   "description": "Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a principal to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.",
3569	//   "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}",
3570	//   "httpMethod": "DELETE",
3571	//   "id": "iam.organizations.roles.delete",
3572	//   "parameterOrder": [
3573	//     "name"
3574	//   ],
3575	//   "parameters": {
3576	//     "etag": {
3577	//       "description": "Used to perform a consistent read-modify-write.",
3578	//       "format": "byte",
3579	//       "location": "query",
3580	//       "type": "string"
3581	//     },
3582	//     "name": {
3583	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/delete): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
3584	//       "location": "path",
3585	//       "pattern": "^organizations/[^/]+/roles/[^/]+$",
3586	//       "required": true,
3587	//       "type": "string"
3588	//     }
3589	//   },
3590	//   "path": "v1/{+name}",
3591	//   "response": {
3592	//     "$ref": "Role"
3593	//   },
3594	//   "scopes": [
3595	//     "https://www.googleapis.com/auth/cloud-platform"
3596	//   ]
3597	// }
3598
3599}
3600
3601// method id "iam.organizations.roles.get":
3602
3603type OrganizationsRolesGetCall struct {
3604	s            *Service
3605	name         string
3606	urlParams_   gensupport.URLParams
3607	ifNoneMatch_ string
3608	ctx_         context.Context
3609	header_      http.Header
3610}
3611
3612// Get: Gets the definition of a Role.
3613//
3614// - name: The `name` parameter's value depends on the target resource
3615//   for the request, namely `roles` (/iam/reference/rest/v1/roles),
3616//   `projects` (/iam/reference/rest/v1/projects.roles), or
3617//   `organizations` (/iam/reference/rest/v1/organizations.roles). Each
3618//   resource type's `name` value format is described below: *
3619//   `roles.get()` (/iam/reference/rest/v1/roles/get):
3620//   `roles/{ROLE_NAME}`. This method returns results from all
3621//   predefined roles (/iam/docs/understanding-roles#predefined_roles)
3622//   in Cloud IAM. Example request URL:
3623//   `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` *
3624//   `projects.roles.get()` (/iam/reference/rest/v1/projects.roles/get):
3625//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns
3626//   only custom roles (/iam/docs/understanding-custom-roles) that have
3627//   been created at the project level. Example request URL:
3628//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
3629//   OLE_ID}` * `organizations.roles.get()`
3630//   (/iam/reference/rest/v1/organizations.roles/get):
3631//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
3632//   method returns only custom roles
3633//   (/iam/docs/understanding-custom-roles) that have been created at
3634//   the organization level. Example request URL:
3635//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
3636//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
3637//   specify a complete project ID or organization ID.
3638func (r *OrganizationsRolesService) Get(name string) *OrganizationsRolesGetCall {
3639	c := &OrganizationsRolesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
3640	c.name = name
3641	return c
3642}
3643
3644// Fields allows partial responses to be retrieved. See
3645// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
3646// for more information.
3647func (c *OrganizationsRolesGetCall) Fields(s ...googleapi.Field) *OrganizationsRolesGetCall {
3648	c.urlParams_.Set("fields", googleapi.CombineFields(s))
3649	return c
3650}
3651
3652// IfNoneMatch sets the optional parameter which makes the operation
3653// fail if the object's ETag matches the given value. This is useful for
3654// getting updates only after the object has changed since the last
3655// request. Use googleapi.IsNotModified to check whether the response
3656// error from Do is the result of In-None-Match.
3657func (c *OrganizationsRolesGetCall) IfNoneMatch(entityTag string) *OrganizationsRolesGetCall {
3658	c.ifNoneMatch_ = entityTag
3659	return c
3660}
3661
3662// Context sets the context to be used in this call's Do method. Any
3663// pending HTTP request will be aborted if the provided context is
3664// canceled.
3665func (c *OrganizationsRolesGetCall) Context(ctx context.Context) *OrganizationsRolesGetCall {
3666	c.ctx_ = ctx
3667	return c
3668}
3669
3670// Header returns an http.Header that can be modified by the caller to
3671// add HTTP headers to the request.
3672func (c *OrganizationsRolesGetCall) Header() http.Header {
3673	if c.header_ == nil {
3674		c.header_ = make(http.Header)
3675	}
3676	return c.header_
3677}
3678
3679func (c *OrganizationsRolesGetCall) doRequest(alt string) (*http.Response, error) {
3680	reqHeaders := make(http.Header)
3681	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
3682	for k, v := range c.header_ {
3683		reqHeaders[k] = v
3684	}
3685	reqHeaders.Set("User-Agent", c.s.userAgent())
3686	if c.ifNoneMatch_ != "" {
3687		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
3688	}
3689	var body io.Reader = nil
3690	c.urlParams_.Set("alt", alt)
3691	c.urlParams_.Set("prettyPrint", "false")
3692	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
3693	urls += "?" + c.urlParams_.Encode()
3694	req, err := http.NewRequest("GET", urls, body)
3695	if err != nil {
3696		return nil, err
3697	}
3698	req.Header = reqHeaders
3699	googleapi.Expand(req.URL, map[string]string{
3700		"name": c.name,
3701	})
3702	return gensupport.SendRequest(c.ctx_, c.s.client, req)
3703}
3704
3705// Do executes the "iam.organizations.roles.get" call.
3706// Exactly one of *Role or error will be non-nil. Any non-2xx status
3707// code is an error. Response headers are in either
3708// *Role.ServerResponse.Header or (if a response was returned at all) in
3709// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
3710// whether the returned error was because http.StatusNotModified was
3711// returned.
3712func (c *OrganizationsRolesGetCall) Do(opts ...googleapi.CallOption) (*Role, error) {
3713	gensupport.SetOptions(c.urlParams_, opts...)
3714	res, err := c.doRequest("json")
3715	if res != nil && res.StatusCode == http.StatusNotModified {
3716		if res.Body != nil {
3717			res.Body.Close()
3718		}
3719		return nil, &googleapi.Error{
3720			Code:   res.StatusCode,
3721			Header: res.Header,
3722		}
3723	}
3724	if err != nil {
3725		return nil, err
3726	}
3727	defer googleapi.CloseBody(res)
3728	if err := googleapi.CheckResponse(res); err != nil {
3729		return nil, err
3730	}
3731	ret := &Role{
3732		ServerResponse: googleapi.ServerResponse{
3733			Header:         res.Header,
3734			HTTPStatusCode: res.StatusCode,
3735		},
3736	}
3737	target := &ret
3738	if err := gensupport.DecodeResponse(target, res); err != nil {
3739		return nil, err
3740	}
3741	return ret, nil
3742	// {
3743	//   "description": "Gets the definition of a Role.",
3744	//   "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}",
3745	//   "httpMethod": "GET",
3746	//   "id": "iam.organizations.roles.get",
3747	//   "parameterOrder": [
3748	//     "name"
3749	//   ],
3750	//   "parameters": {
3751	//     "name": {
3752	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`. This method returns results from all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
3753	//       "location": "path",
3754	//       "pattern": "^organizations/[^/]+/roles/[^/]+$",
3755	//       "required": true,
3756	//       "type": "string"
3757	//     }
3758	//   },
3759	//   "path": "v1/{+name}",
3760	//   "response": {
3761	//     "$ref": "Role"
3762	//   },
3763	//   "scopes": [
3764	//     "https://www.googleapis.com/auth/cloud-platform"
3765	//   ]
3766	// }
3767
3768}
3769
3770// method id "iam.organizations.roles.list":
3771
3772type OrganizationsRolesListCall struct {
3773	s            *Service
3774	parent       string
3775	urlParams_   gensupport.URLParams
3776	ifNoneMatch_ string
3777	ctx_         context.Context
3778	header_      http.Header
3779}
3780
3781// List: Lists every predefined Role that IAM supports, or every custom
3782// role that is defined for an organization or project.
3783//
3784// - parent: The `parent` parameter's value depends on the target
3785//   resource for the request, namely `roles`
3786//   (/iam/reference/rest/v1/roles), `projects`
3787//   (/iam/reference/rest/v1/projects.roles), or `organizations`
3788//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
3789//   `parent` value format is described below: * `roles.list()`
3790//   (/iam/reference/rest/v1/roles/list): An empty string. This method
3791//   doesn't require a resource; it simply returns all predefined roles
3792//   (/iam/docs/understanding-roles#predefined_roles) in Cloud IAM.
3793//   Example request URL: `https://iam.googleapis.com/v1/roles` *
3794//   `projects.roles.list()`
3795//   (/iam/reference/rest/v1/projects.roles/list):
3796//   `projects/{PROJECT_ID}`. This method lists all project-level custom
3797//   roles (/iam/docs/understanding-custom-roles). Example request URL:
3798//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` *
3799//   `organizations.roles.list()`
3800//   (/iam/reference/rest/v1/organizations.roles/list):
3801//   `organizations/{ORGANIZATION_ID}`. This method lists all
3802//   organization-level custom roles
3803//   (/iam/docs/understanding-custom-roles). Example request URL:
3804//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
3805//   ` Note: Wildcard (*) values are invalid; you must specify a
3806//   complete project ID or organization ID.
3807func (r *OrganizationsRolesService) List(parent string) *OrganizationsRolesListCall {
3808	c := &OrganizationsRolesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
3809	c.parent = parent
3810	return c
3811}
3812
3813// PageSize sets the optional parameter "pageSize": Optional limit on
3814// the number of roles to include in the response. The default is 300,
3815// and the maximum is 1,000.
3816func (c *OrganizationsRolesListCall) PageSize(pageSize int64) *OrganizationsRolesListCall {
3817	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
3818	return c
3819}
3820
3821// PageToken sets the optional parameter "pageToken": Optional
3822// pagination token returned in an earlier ListRolesResponse.
3823func (c *OrganizationsRolesListCall) PageToken(pageToken string) *OrganizationsRolesListCall {
3824	c.urlParams_.Set("pageToken", pageToken)
3825	return c
3826}
3827
3828// ShowDeleted sets the optional parameter "showDeleted": Include Roles
3829// that have been deleted.
3830func (c *OrganizationsRolesListCall) ShowDeleted(showDeleted bool) *OrganizationsRolesListCall {
3831	c.urlParams_.Set("showDeleted", fmt.Sprint(showDeleted))
3832	return c
3833}
3834
3835// View sets the optional parameter "view": Optional view for the
3836// returned Role objects. When `FULL` is specified, the
3837// `includedPermissions` field is returned, which includes a list of all
3838// permissions in the role. The default value is `BASIC`, which does not
3839// return the `includedPermissions` field.
3840//
3841// Possible values:
3842//   "BASIC" - Omits the `included_permissions` field. This is the
3843// default value.
3844//   "FULL" - Returns all fields.
3845func (c *OrganizationsRolesListCall) View(view string) *OrganizationsRolesListCall {
3846	c.urlParams_.Set("view", view)
3847	return c
3848}
3849
3850// Fields allows partial responses to be retrieved. See
3851// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
3852// for more information.
3853func (c *OrganizationsRolesListCall) Fields(s ...googleapi.Field) *OrganizationsRolesListCall {
3854	c.urlParams_.Set("fields", googleapi.CombineFields(s))
3855	return c
3856}
3857
3858// IfNoneMatch sets the optional parameter which makes the operation
3859// fail if the object's ETag matches the given value. This is useful for
3860// getting updates only after the object has changed since the last
3861// request. Use googleapi.IsNotModified to check whether the response
3862// error from Do is the result of In-None-Match.
3863func (c *OrganizationsRolesListCall) IfNoneMatch(entityTag string) *OrganizationsRolesListCall {
3864	c.ifNoneMatch_ = entityTag
3865	return c
3866}
3867
3868// Context sets the context to be used in this call's Do method. Any
3869// pending HTTP request will be aborted if the provided context is
3870// canceled.
3871func (c *OrganizationsRolesListCall) Context(ctx context.Context) *OrganizationsRolesListCall {
3872	c.ctx_ = ctx
3873	return c
3874}
3875
3876// Header returns an http.Header that can be modified by the caller to
3877// add HTTP headers to the request.
3878func (c *OrganizationsRolesListCall) Header() http.Header {
3879	if c.header_ == nil {
3880		c.header_ = make(http.Header)
3881	}
3882	return c.header_
3883}
3884
3885func (c *OrganizationsRolesListCall) doRequest(alt string) (*http.Response, error) {
3886	reqHeaders := make(http.Header)
3887	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
3888	for k, v := range c.header_ {
3889		reqHeaders[k] = v
3890	}
3891	reqHeaders.Set("User-Agent", c.s.userAgent())
3892	if c.ifNoneMatch_ != "" {
3893		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
3894	}
3895	var body io.Reader = nil
3896	c.urlParams_.Set("alt", alt)
3897	c.urlParams_.Set("prettyPrint", "false")
3898	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/roles")
3899	urls += "?" + c.urlParams_.Encode()
3900	req, err := http.NewRequest("GET", urls, body)
3901	if err != nil {
3902		return nil, err
3903	}
3904	req.Header = reqHeaders
3905	googleapi.Expand(req.URL, map[string]string{
3906		"parent": c.parent,
3907	})
3908	return gensupport.SendRequest(c.ctx_, c.s.client, req)
3909}
3910
3911// Do executes the "iam.organizations.roles.list" call.
3912// Exactly one of *ListRolesResponse or error will be non-nil. Any
3913// non-2xx status code is an error. Response headers are in either
3914// *ListRolesResponse.ServerResponse.Header or (if a response was
3915// returned at all) in error.(*googleapi.Error).Header. Use
3916// googleapi.IsNotModified to check whether the returned error was
3917// because http.StatusNotModified was returned.
3918func (c *OrganizationsRolesListCall) Do(opts ...googleapi.CallOption) (*ListRolesResponse, error) {
3919	gensupport.SetOptions(c.urlParams_, opts...)
3920	res, err := c.doRequest("json")
3921	if res != nil && res.StatusCode == http.StatusNotModified {
3922		if res.Body != nil {
3923			res.Body.Close()
3924		}
3925		return nil, &googleapi.Error{
3926			Code:   res.StatusCode,
3927			Header: res.Header,
3928		}
3929	}
3930	if err != nil {
3931		return nil, err
3932	}
3933	defer googleapi.CloseBody(res)
3934	if err := googleapi.CheckResponse(res); err != nil {
3935		return nil, err
3936	}
3937	ret := &ListRolesResponse{
3938		ServerResponse: googleapi.ServerResponse{
3939			Header:         res.Header,
3940			HTTPStatusCode: res.StatusCode,
3941		},
3942	}
3943	target := &ret
3944	if err := gensupport.DecodeResponse(target, res); err != nil {
3945		return nil, err
3946	}
3947	return ret, nil
3948	// {
3949	//   "description": "Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.",
3950	//   "flatPath": "v1/organizations/{organizationsId}/roles",
3951	//   "httpMethod": "GET",
3952	//   "id": "iam.organizations.roles.list",
3953	//   "parameterOrder": [
3954	//     "parent"
3955	//   ],
3956	//   "parameters": {
3957	//     "pageSize": {
3958	//       "description": "Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.",
3959	//       "format": "int32",
3960	//       "location": "query",
3961	//       "type": "integer"
3962	//     },
3963	//     "pageToken": {
3964	//       "description": "Optional pagination token returned in an earlier ListRolesResponse.",
3965	//       "location": "query",
3966	//       "type": "string"
3967	//     },
3968	//     "parent": {
3969	//       "description": "The `parent` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. This method doesn't require a resource; it simply returns all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list): `projects/{PROJECT_ID}`. This method lists all project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list): `organizations/{ORGANIZATION_ID}`. This method lists all organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
3970	//       "location": "path",
3971	//       "pattern": "^organizations/[^/]+$",
3972	//       "required": true,
3973	//       "type": "string"
3974	//     },
3975	//     "showDeleted": {
3976	//       "description": "Include Roles that have been deleted.",
3977	//       "location": "query",
3978	//       "type": "boolean"
3979	//     },
3980	//     "view": {
3981	//       "description": "Optional view for the returned Role objects. When `FULL` is specified, the `includedPermissions` field is returned, which includes a list of all permissions in the role. The default value is `BASIC`, which does not return the `includedPermissions` field.",
3982	//       "enum": [
3983	//         "BASIC",
3984	//         "FULL"
3985	//       ],
3986	//       "enumDescriptions": [
3987	//         "Omits the `included_permissions` field. This is the default value.",
3988	//         "Returns all fields."
3989	//       ],
3990	//       "location": "query",
3991	//       "type": "string"
3992	//     }
3993	//   },
3994	//   "path": "v1/{+parent}/roles",
3995	//   "response": {
3996	//     "$ref": "ListRolesResponse"
3997	//   },
3998	//   "scopes": [
3999	//     "https://www.googleapis.com/auth/cloud-platform"
4000	//   ]
4001	// }
4002
4003}
4004
4005// Pages invokes f for each page of results.
4006// A non-nil error returned from f will halt the iteration.
4007// The provided context supersedes any context provided to the Context method.
4008func (c *OrganizationsRolesListCall) Pages(ctx context.Context, f func(*ListRolesResponse) error) error {
4009	c.ctx_ = ctx
4010	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
4011	for {
4012		x, err := c.Do()
4013		if err != nil {
4014			return err
4015		}
4016		if err := f(x); err != nil {
4017			return err
4018		}
4019		if x.NextPageToken == "" {
4020			return nil
4021		}
4022		c.PageToken(x.NextPageToken)
4023	}
4024}
4025
4026// method id "iam.organizations.roles.patch":
4027
4028type OrganizationsRolesPatchCall struct {
4029	s          *Service
4030	name       string
4031	role       *Role
4032	urlParams_ gensupport.URLParams
4033	ctx_       context.Context
4034	header_    http.Header
4035}
4036
4037// Patch: Updates the definition of a custom Role.
4038//
4039// - name: The `name` parameter's value depends on the target resource
4040//   for the request, namely `projects`
4041//   (/iam/reference/rest/v1/projects.roles) or `organizations`
4042//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
4043//   `name` value format is described below: * `projects.roles.patch()`
4044//   (/iam/reference/rest/v1/projects.roles/patch):
4045//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates
4046//   only custom roles (/iam/docs/understanding-custom-roles) that have
4047//   been created at the project level. Example request URL:
4048//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
4049//   OLE_ID}` * `organizations.roles.patch()`
4050//   (/iam/reference/rest/v1/organizations.roles/patch):
4051//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
4052//   method updates only custom roles
4053//   (/iam/docs/understanding-custom-roles) that have been created at
4054//   the organization level. Example request URL:
4055//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
4056//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
4057//   specify a complete project ID or organization ID.
4058func (r *OrganizationsRolesService) Patch(name string, role *Role) *OrganizationsRolesPatchCall {
4059	c := &OrganizationsRolesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4060	c.name = name
4061	c.role = role
4062	return c
4063}
4064
4065// UpdateMask sets the optional parameter "updateMask": A mask
4066// describing which fields in the Role have changed.
4067func (c *OrganizationsRolesPatchCall) UpdateMask(updateMask string) *OrganizationsRolesPatchCall {
4068	c.urlParams_.Set("updateMask", updateMask)
4069	return c
4070}
4071
4072// Fields allows partial responses to be retrieved. See
4073// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4074// for more information.
4075func (c *OrganizationsRolesPatchCall) Fields(s ...googleapi.Field) *OrganizationsRolesPatchCall {
4076	c.urlParams_.Set("fields", googleapi.CombineFields(s))
4077	return c
4078}
4079
4080// Context sets the context to be used in this call's Do method. Any
4081// pending HTTP request will be aborted if the provided context is
4082// canceled.
4083func (c *OrganizationsRolesPatchCall) Context(ctx context.Context) *OrganizationsRolesPatchCall {
4084	c.ctx_ = ctx
4085	return c
4086}
4087
4088// Header returns an http.Header that can be modified by the caller to
4089// add HTTP headers to the request.
4090func (c *OrganizationsRolesPatchCall) Header() http.Header {
4091	if c.header_ == nil {
4092		c.header_ = make(http.Header)
4093	}
4094	return c.header_
4095}
4096
4097func (c *OrganizationsRolesPatchCall) doRequest(alt string) (*http.Response, error) {
4098	reqHeaders := make(http.Header)
4099	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
4100	for k, v := range c.header_ {
4101		reqHeaders[k] = v
4102	}
4103	reqHeaders.Set("User-Agent", c.s.userAgent())
4104	var body io.Reader = nil
4105	body, err := googleapi.WithoutDataWrapper.JSONReader(c.role)
4106	if err != nil {
4107		return nil, err
4108	}
4109	reqHeaders.Set("Content-Type", "application/json")
4110	c.urlParams_.Set("alt", alt)
4111	c.urlParams_.Set("prettyPrint", "false")
4112	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
4113	urls += "?" + c.urlParams_.Encode()
4114	req, err := http.NewRequest("PATCH", urls, body)
4115	if err != nil {
4116		return nil, err
4117	}
4118	req.Header = reqHeaders
4119	googleapi.Expand(req.URL, map[string]string{
4120		"name": c.name,
4121	})
4122	return gensupport.SendRequest(c.ctx_, c.s.client, req)
4123}
4124
4125// Do executes the "iam.organizations.roles.patch" call.
4126// Exactly one of *Role or error will be non-nil. Any non-2xx status
4127// code is an error. Response headers are in either
4128// *Role.ServerResponse.Header or (if a response was returned at all) in
4129// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
4130// whether the returned error was because http.StatusNotModified was
4131// returned.
4132func (c *OrganizationsRolesPatchCall) Do(opts ...googleapi.CallOption) (*Role, error) {
4133	gensupport.SetOptions(c.urlParams_, opts...)
4134	res, err := c.doRequest("json")
4135	if res != nil && res.StatusCode == http.StatusNotModified {
4136		if res.Body != nil {
4137			res.Body.Close()
4138		}
4139		return nil, &googleapi.Error{
4140			Code:   res.StatusCode,
4141			Header: res.Header,
4142		}
4143	}
4144	if err != nil {
4145		return nil, err
4146	}
4147	defer googleapi.CloseBody(res)
4148	if err := googleapi.CheckResponse(res); err != nil {
4149		return nil, err
4150	}
4151	ret := &Role{
4152		ServerResponse: googleapi.ServerResponse{
4153			Header:         res.Header,
4154			HTTPStatusCode: res.StatusCode,
4155		},
4156	}
4157	target := &ret
4158	if err := gensupport.DecodeResponse(target, res); err != nil {
4159		return nil, err
4160	}
4161	return ret, nil
4162	// {
4163	//   "description": "Updates the definition of a custom Role.",
4164	//   "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}",
4165	//   "httpMethod": "PATCH",
4166	//   "id": "iam.organizations.roles.patch",
4167	//   "parameterOrder": [
4168	//     "name"
4169	//   ],
4170	//   "parameters": {
4171	//     "name": {
4172	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
4173	//       "location": "path",
4174	//       "pattern": "^organizations/[^/]+/roles/[^/]+$",
4175	//       "required": true,
4176	//       "type": "string"
4177	//     },
4178	//     "updateMask": {
4179	//       "description": "A mask describing which fields in the Role have changed.",
4180	//       "format": "google-fieldmask",
4181	//       "location": "query",
4182	//       "type": "string"
4183	//     }
4184	//   },
4185	//   "path": "v1/{+name}",
4186	//   "request": {
4187	//     "$ref": "Role"
4188	//   },
4189	//   "response": {
4190	//     "$ref": "Role"
4191	//   },
4192	//   "scopes": [
4193	//     "https://www.googleapis.com/auth/cloud-platform"
4194	//   ]
4195	// }
4196
4197}
4198
4199// method id "iam.organizations.roles.undelete":
4200
4201type OrganizationsRolesUndeleteCall struct {
4202	s                   *Service
4203	name                string
4204	undeleterolerequest *UndeleteRoleRequest
4205	urlParams_          gensupport.URLParams
4206	ctx_                context.Context
4207	header_             http.Header
4208}
4209
4210// Undelete: Undeletes a custom Role.
4211//
4212// - name: The `name` parameter's value depends on the target resource
4213//   for the request, namely `projects`
4214//   (/iam/reference/rest/v1/projects.roles) or `organizations`
4215//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
4216//   `name` value format is described below: *
4217//   `projects.roles.undelete()`
4218//   (/iam/reference/rest/v1/projects.roles/undelete):
4219//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method
4220//   undeletes only custom roles (/iam/docs/understanding-custom-roles)
4221//   that have been created at the project level. Example request URL:
4222//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
4223//   OLE_ID}` * `organizations.roles.undelete()`
4224//   (/iam/reference/rest/v1/organizations.roles/undelete):
4225//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
4226//   method undeletes only custom roles
4227//   (/iam/docs/understanding-custom-roles) that have been created at
4228//   the organization level. Example request URL:
4229//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
4230//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
4231//   specify a complete project ID or organization ID.
4232func (r *OrganizationsRolesService) Undelete(name string, undeleterolerequest *UndeleteRoleRequest) *OrganizationsRolesUndeleteCall {
4233	c := &OrganizationsRolesUndeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4234	c.name = name
4235	c.undeleterolerequest = undeleterolerequest
4236	return c
4237}
4238
4239// Fields allows partial responses to be retrieved. See
4240// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4241// for more information.
4242func (c *OrganizationsRolesUndeleteCall) Fields(s ...googleapi.Field) *OrganizationsRolesUndeleteCall {
4243	c.urlParams_.Set("fields", googleapi.CombineFields(s))
4244	return c
4245}
4246
4247// Context sets the context to be used in this call's Do method. Any
4248// pending HTTP request will be aborted if the provided context is
4249// canceled.
4250func (c *OrganizationsRolesUndeleteCall) Context(ctx context.Context) *OrganizationsRolesUndeleteCall {
4251	c.ctx_ = ctx
4252	return c
4253}
4254
4255// Header returns an http.Header that can be modified by the caller to
4256// add HTTP headers to the request.
4257func (c *OrganizationsRolesUndeleteCall) Header() http.Header {
4258	if c.header_ == nil {
4259		c.header_ = make(http.Header)
4260	}
4261	return c.header_
4262}
4263
4264func (c *OrganizationsRolesUndeleteCall) doRequest(alt string) (*http.Response, error) {
4265	reqHeaders := make(http.Header)
4266	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
4267	for k, v := range c.header_ {
4268		reqHeaders[k] = v
4269	}
4270	reqHeaders.Set("User-Agent", c.s.userAgent())
4271	var body io.Reader = nil
4272	body, err := googleapi.WithoutDataWrapper.JSONReader(c.undeleterolerequest)
4273	if err != nil {
4274		return nil, err
4275	}
4276	reqHeaders.Set("Content-Type", "application/json")
4277	c.urlParams_.Set("alt", alt)
4278	c.urlParams_.Set("prettyPrint", "false")
4279	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:undelete")
4280	urls += "?" + c.urlParams_.Encode()
4281	req, err := http.NewRequest("POST", urls, body)
4282	if err != nil {
4283		return nil, err
4284	}
4285	req.Header = reqHeaders
4286	googleapi.Expand(req.URL, map[string]string{
4287		"name": c.name,
4288	})
4289	return gensupport.SendRequest(c.ctx_, c.s.client, req)
4290}
4291
4292// Do executes the "iam.organizations.roles.undelete" call.
4293// Exactly one of *Role or error will be non-nil. Any non-2xx status
4294// code is an error. Response headers are in either
4295// *Role.ServerResponse.Header or (if a response was returned at all) in
4296// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
4297// whether the returned error was because http.StatusNotModified was
4298// returned.
4299func (c *OrganizationsRolesUndeleteCall) Do(opts ...googleapi.CallOption) (*Role, error) {
4300	gensupport.SetOptions(c.urlParams_, opts...)
4301	res, err := c.doRequest("json")
4302	if res != nil && res.StatusCode == http.StatusNotModified {
4303		if res.Body != nil {
4304			res.Body.Close()
4305		}
4306		return nil, &googleapi.Error{
4307			Code:   res.StatusCode,
4308			Header: res.Header,
4309		}
4310	}
4311	if err != nil {
4312		return nil, err
4313	}
4314	defer googleapi.CloseBody(res)
4315	if err := googleapi.CheckResponse(res); err != nil {
4316		return nil, err
4317	}
4318	ret := &Role{
4319		ServerResponse: googleapi.ServerResponse{
4320			Header:         res.Header,
4321			HTTPStatusCode: res.StatusCode,
4322		},
4323	}
4324	target := &ret
4325	if err := gensupport.DecodeResponse(target, res); err != nil {
4326		return nil, err
4327	}
4328	return ret, nil
4329	// {
4330	//   "description": "Undeletes a custom Role.",
4331	//   "flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}:undelete",
4332	//   "httpMethod": "POST",
4333	//   "id": "iam.organizations.roles.undelete",
4334	//   "parameterOrder": [
4335	//     "name"
4336	//   ],
4337	//   "parameters": {
4338	//     "name": {
4339	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations.roles/undelete): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
4340	//       "location": "path",
4341	//       "pattern": "^organizations/[^/]+/roles/[^/]+$",
4342	//       "required": true,
4343	//       "type": "string"
4344	//     }
4345	//   },
4346	//   "path": "v1/{+name}:undelete",
4347	//   "request": {
4348	//     "$ref": "UndeleteRoleRequest"
4349	//   },
4350	//   "response": {
4351	//     "$ref": "Role"
4352	//   },
4353	//   "scopes": [
4354	//     "https://www.googleapis.com/auth/cloud-platform"
4355	//   ]
4356	// }
4357
4358}
4359
4360// method id "iam.permissions.queryTestablePermissions":
4361
4362type PermissionsQueryTestablePermissionsCall struct {
4363	s                               *Service
4364	querytestablepermissionsrequest *QueryTestablePermissionsRequest
4365	urlParams_                      gensupport.URLParams
4366	ctx_                            context.Context
4367	header_                         http.Header
4368}
4369
4370// QueryTestablePermissions: Lists every permission that you can test on
4371// a resource. A permission is testable if you can check whether a
4372// principal has that permission on the resource.
4373func (r *PermissionsService) QueryTestablePermissions(querytestablepermissionsrequest *QueryTestablePermissionsRequest) *PermissionsQueryTestablePermissionsCall {
4374	c := &PermissionsQueryTestablePermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4375	c.querytestablepermissionsrequest = querytestablepermissionsrequest
4376	return c
4377}
4378
4379// Fields allows partial responses to be retrieved. See
4380// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4381// for more information.
4382func (c *PermissionsQueryTestablePermissionsCall) Fields(s ...googleapi.Field) *PermissionsQueryTestablePermissionsCall {
4383	c.urlParams_.Set("fields", googleapi.CombineFields(s))
4384	return c
4385}
4386
4387// Context sets the context to be used in this call's Do method. Any
4388// pending HTTP request will be aborted if the provided context is
4389// canceled.
4390func (c *PermissionsQueryTestablePermissionsCall) Context(ctx context.Context) *PermissionsQueryTestablePermissionsCall {
4391	c.ctx_ = ctx
4392	return c
4393}
4394
4395// Header returns an http.Header that can be modified by the caller to
4396// add HTTP headers to the request.
4397func (c *PermissionsQueryTestablePermissionsCall) Header() http.Header {
4398	if c.header_ == nil {
4399		c.header_ = make(http.Header)
4400	}
4401	return c.header_
4402}
4403
4404func (c *PermissionsQueryTestablePermissionsCall) doRequest(alt string) (*http.Response, error) {
4405	reqHeaders := make(http.Header)
4406	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
4407	for k, v := range c.header_ {
4408		reqHeaders[k] = v
4409	}
4410	reqHeaders.Set("User-Agent", c.s.userAgent())
4411	var body io.Reader = nil
4412	body, err := googleapi.WithoutDataWrapper.JSONReader(c.querytestablepermissionsrequest)
4413	if err != nil {
4414		return nil, err
4415	}
4416	reqHeaders.Set("Content-Type", "application/json")
4417	c.urlParams_.Set("alt", alt)
4418	c.urlParams_.Set("prettyPrint", "false")
4419	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/permissions:queryTestablePermissions")
4420	urls += "?" + c.urlParams_.Encode()
4421	req, err := http.NewRequest("POST", urls, body)
4422	if err != nil {
4423		return nil, err
4424	}
4425	req.Header = reqHeaders
4426	return gensupport.SendRequest(c.ctx_, c.s.client, req)
4427}
4428
4429// Do executes the "iam.permissions.queryTestablePermissions" call.
4430// Exactly one of *QueryTestablePermissionsResponse or error will be
4431// non-nil. Any non-2xx status code is an error. Response headers are in
4432// either *QueryTestablePermissionsResponse.ServerResponse.Header or (if
4433// a response was returned at all) in error.(*googleapi.Error).Header.
4434// Use googleapi.IsNotModified to check whether the returned error was
4435// because http.StatusNotModified was returned.
4436func (c *PermissionsQueryTestablePermissionsCall) Do(opts ...googleapi.CallOption) (*QueryTestablePermissionsResponse, error) {
4437	gensupport.SetOptions(c.urlParams_, opts...)
4438	res, err := c.doRequest("json")
4439	if res != nil && res.StatusCode == http.StatusNotModified {
4440		if res.Body != nil {
4441			res.Body.Close()
4442		}
4443		return nil, &googleapi.Error{
4444			Code:   res.StatusCode,
4445			Header: res.Header,
4446		}
4447	}
4448	if err != nil {
4449		return nil, err
4450	}
4451	defer googleapi.CloseBody(res)
4452	if err := googleapi.CheckResponse(res); err != nil {
4453		return nil, err
4454	}
4455	ret := &QueryTestablePermissionsResponse{
4456		ServerResponse: googleapi.ServerResponse{
4457			Header:         res.Header,
4458			HTTPStatusCode: res.StatusCode,
4459		},
4460	}
4461	target := &ret
4462	if err := gensupport.DecodeResponse(target, res); err != nil {
4463		return nil, err
4464	}
4465	return ret, nil
4466	// {
4467	//   "description": "Lists every permission that you can test on a resource. A permission is testable if you can check whether a principal has that permission on the resource.",
4468	//   "flatPath": "v1/permissions:queryTestablePermissions",
4469	//   "httpMethod": "POST",
4470	//   "id": "iam.permissions.queryTestablePermissions",
4471	//   "parameterOrder": [],
4472	//   "parameters": {},
4473	//   "path": "v1/permissions:queryTestablePermissions",
4474	//   "request": {
4475	//     "$ref": "QueryTestablePermissionsRequest"
4476	//   },
4477	//   "response": {
4478	//     "$ref": "QueryTestablePermissionsResponse"
4479	//   },
4480	//   "scopes": [
4481	//     "https://www.googleapis.com/auth/cloud-platform"
4482	//   ]
4483	// }
4484
4485}
4486
4487// Pages invokes f for each page of results.
4488// A non-nil error returned from f will halt the iteration.
4489// The provided context supersedes any context provided to the Context method.
4490func (c *PermissionsQueryTestablePermissionsCall) Pages(ctx context.Context, f func(*QueryTestablePermissionsResponse) error) error {
4491	c.ctx_ = ctx
4492	defer func(pt string) { c.querytestablepermissionsrequest.PageToken = pt }(c.querytestablepermissionsrequest.PageToken) // reset paging to original point
4493	for {
4494		x, err := c.Do()
4495		if err != nil {
4496			return err
4497		}
4498		if err := f(x); err != nil {
4499			return err
4500		}
4501		if x.NextPageToken == "" {
4502			return nil
4503		}
4504		c.querytestablepermissionsrequest.PageToken = x.NextPageToken
4505	}
4506}
4507
4508// method id "iam.projects.locations.workloadIdentityPools.create":
4509
4510type ProjectsLocationsWorkloadIdentityPoolsCreateCall struct {
4511	s                    *Service
4512	parent               string
4513	workloadidentitypool *WorkloadIdentityPool
4514	urlParams_           gensupport.URLParams
4515	ctx_                 context.Context
4516	header_              http.Header
4517}
4518
4519// Create: Creates a new WorkloadIdentityPool. You cannot reuse the name
4520// of a deleted pool until 30 days after deletion.
4521//
4522// - parent: The parent resource to create the pool in. The only
4523//   supported location is `global`.
4524func (r *ProjectsLocationsWorkloadIdentityPoolsService) Create(parent string, workloadidentitypool *WorkloadIdentityPool) *ProjectsLocationsWorkloadIdentityPoolsCreateCall {
4525	c := &ProjectsLocationsWorkloadIdentityPoolsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4526	c.parent = parent
4527	c.workloadidentitypool = workloadidentitypool
4528	return c
4529}
4530
4531// WorkloadIdentityPoolId sets the optional parameter
4532// "workloadIdentityPoolId": Required. The ID to use for the pool, which
4533// becomes the final component of the resource name. This value should
4534// be 4-32 characters, and may contain the characters [a-z0-9-]. The
4535// prefix `gcp-` is reserved for use by Google, and may not be
4536// specified.
4537func (c *ProjectsLocationsWorkloadIdentityPoolsCreateCall) WorkloadIdentityPoolId(workloadIdentityPoolId string) *ProjectsLocationsWorkloadIdentityPoolsCreateCall {
4538	c.urlParams_.Set("workloadIdentityPoolId", workloadIdentityPoolId)
4539	return c
4540}
4541
4542// Fields allows partial responses to be retrieved. See
4543// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4544// for more information.
4545func (c *ProjectsLocationsWorkloadIdentityPoolsCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsCreateCall {
4546	c.urlParams_.Set("fields", googleapi.CombineFields(s))
4547	return c
4548}
4549
4550// Context sets the context to be used in this call's Do method. Any
4551// pending HTTP request will be aborted if the provided context is
4552// canceled.
4553func (c *ProjectsLocationsWorkloadIdentityPoolsCreateCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsCreateCall {
4554	c.ctx_ = ctx
4555	return c
4556}
4557
4558// Header returns an http.Header that can be modified by the caller to
4559// add HTTP headers to the request.
4560func (c *ProjectsLocationsWorkloadIdentityPoolsCreateCall) Header() http.Header {
4561	if c.header_ == nil {
4562		c.header_ = make(http.Header)
4563	}
4564	return c.header_
4565}
4566
4567func (c *ProjectsLocationsWorkloadIdentityPoolsCreateCall) doRequest(alt string) (*http.Response, error) {
4568	reqHeaders := make(http.Header)
4569	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
4570	for k, v := range c.header_ {
4571		reqHeaders[k] = v
4572	}
4573	reqHeaders.Set("User-Agent", c.s.userAgent())
4574	var body io.Reader = nil
4575	body, err := googleapi.WithoutDataWrapper.JSONReader(c.workloadidentitypool)
4576	if err != nil {
4577		return nil, err
4578	}
4579	reqHeaders.Set("Content-Type", "application/json")
4580	c.urlParams_.Set("alt", alt)
4581	c.urlParams_.Set("prettyPrint", "false")
4582	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/workloadIdentityPools")
4583	urls += "?" + c.urlParams_.Encode()
4584	req, err := http.NewRequest("POST", urls, body)
4585	if err != nil {
4586		return nil, err
4587	}
4588	req.Header = reqHeaders
4589	googleapi.Expand(req.URL, map[string]string{
4590		"parent": c.parent,
4591	})
4592	return gensupport.SendRequest(c.ctx_, c.s.client, req)
4593}
4594
4595// Do executes the "iam.projects.locations.workloadIdentityPools.create" call.
4596// Exactly one of *Operation or error will be non-nil. Any non-2xx
4597// status code is an error. Response headers are in either
4598// *Operation.ServerResponse.Header or (if a response was returned at
4599// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
4600// to check whether the returned error was because
4601// http.StatusNotModified was returned.
4602func (c *ProjectsLocationsWorkloadIdentityPoolsCreateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
4603	gensupport.SetOptions(c.urlParams_, opts...)
4604	res, err := c.doRequest("json")
4605	if res != nil && res.StatusCode == http.StatusNotModified {
4606		if res.Body != nil {
4607			res.Body.Close()
4608		}
4609		return nil, &googleapi.Error{
4610			Code:   res.StatusCode,
4611			Header: res.Header,
4612		}
4613	}
4614	if err != nil {
4615		return nil, err
4616	}
4617	defer googleapi.CloseBody(res)
4618	if err := googleapi.CheckResponse(res); err != nil {
4619		return nil, err
4620	}
4621	ret := &Operation{
4622		ServerResponse: googleapi.ServerResponse{
4623			Header:         res.Header,
4624			HTTPStatusCode: res.StatusCode,
4625		},
4626	}
4627	target := &ret
4628	if err := gensupport.DecodeResponse(target, res); err != nil {
4629		return nil, err
4630	}
4631	return ret, nil
4632	// {
4633	//   "description": "Creates a new WorkloadIdentityPool. You cannot reuse the name of a deleted pool until 30 days after deletion.",
4634	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools",
4635	//   "httpMethod": "POST",
4636	//   "id": "iam.projects.locations.workloadIdentityPools.create",
4637	//   "parameterOrder": [
4638	//     "parent"
4639	//   ],
4640	//   "parameters": {
4641	//     "parent": {
4642	//       "description": "Required. The parent resource to create the pool in. The only supported location is `global`.",
4643	//       "location": "path",
4644	//       "pattern": "^projects/[^/]+/locations/[^/]+$",
4645	//       "required": true,
4646	//       "type": "string"
4647	//     },
4648	//     "workloadIdentityPoolId": {
4649	//       "description": "Required. The ID to use for the pool, which becomes the final component of the resource name. This value should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.",
4650	//       "location": "query",
4651	//       "type": "string"
4652	//     }
4653	//   },
4654	//   "path": "v1/{+parent}/workloadIdentityPools",
4655	//   "request": {
4656	//     "$ref": "WorkloadIdentityPool"
4657	//   },
4658	//   "response": {
4659	//     "$ref": "Operation"
4660	//   },
4661	//   "scopes": [
4662	//     "https://www.googleapis.com/auth/cloud-platform"
4663	//   ]
4664	// }
4665
4666}
4667
4668// method id "iam.projects.locations.workloadIdentityPools.delete":
4669
4670type ProjectsLocationsWorkloadIdentityPoolsDeleteCall struct {
4671	s          *Service
4672	name       string
4673	urlParams_ gensupport.URLParams
4674	ctx_       context.Context
4675	header_    http.Header
4676}
4677
4678// Delete: Deletes a WorkloadIdentityPool. You cannot use a deleted pool
4679// to exchange external credentials for Google Cloud credentials.
4680// However, deletion does not revoke credentials that have already been
4681// issued. Credentials issued for a deleted pool do not grant access to
4682// resources. If the pool is undeleted, and the credentials are not
4683// expired, they grant access again. You can undelete a pool for 30
4684// days. After 30 days, deletion is permanent. You cannot update deleted
4685// pools. However, you can view and list them.
4686//
4687// - name: The name of the pool to delete.
4688func (r *ProjectsLocationsWorkloadIdentityPoolsService) Delete(name string) *ProjectsLocationsWorkloadIdentityPoolsDeleteCall {
4689	c := &ProjectsLocationsWorkloadIdentityPoolsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4690	c.name = name
4691	return c
4692}
4693
4694// Fields allows partial responses to be retrieved. See
4695// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4696// for more information.
4697func (c *ProjectsLocationsWorkloadIdentityPoolsDeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsDeleteCall {
4698	c.urlParams_.Set("fields", googleapi.CombineFields(s))
4699	return c
4700}
4701
4702// Context sets the context to be used in this call's Do method. Any
4703// pending HTTP request will be aborted if the provided context is
4704// canceled.
4705func (c *ProjectsLocationsWorkloadIdentityPoolsDeleteCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsDeleteCall {
4706	c.ctx_ = ctx
4707	return c
4708}
4709
4710// Header returns an http.Header that can be modified by the caller to
4711// add HTTP headers to the request.
4712func (c *ProjectsLocationsWorkloadIdentityPoolsDeleteCall) Header() http.Header {
4713	if c.header_ == nil {
4714		c.header_ = make(http.Header)
4715	}
4716	return c.header_
4717}
4718
4719func (c *ProjectsLocationsWorkloadIdentityPoolsDeleteCall) doRequest(alt string) (*http.Response, error) {
4720	reqHeaders := make(http.Header)
4721	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
4722	for k, v := range c.header_ {
4723		reqHeaders[k] = v
4724	}
4725	reqHeaders.Set("User-Agent", c.s.userAgent())
4726	var body io.Reader = nil
4727	c.urlParams_.Set("alt", alt)
4728	c.urlParams_.Set("prettyPrint", "false")
4729	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
4730	urls += "?" + c.urlParams_.Encode()
4731	req, err := http.NewRequest("DELETE", urls, body)
4732	if err != nil {
4733		return nil, err
4734	}
4735	req.Header = reqHeaders
4736	googleapi.Expand(req.URL, map[string]string{
4737		"name": c.name,
4738	})
4739	return gensupport.SendRequest(c.ctx_, c.s.client, req)
4740}
4741
4742// Do executes the "iam.projects.locations.workloadIdentityPools.delete" call.
4743// Exactly one of *Operation or error will be non-nil. Any non-2xx
4744// status code is an error. Response headers are in either
4745// *Operation.ServerResponse.Header or (if a response was returned at
4746// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
4747// to check whether the returned error was because
4748// http.StatusNotModified was returned.
4749func (c *ProjectsLocationsWorkloadIdentityPoolsDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
4750	gensupport.SetOptions(c.urlParams_, opts...)
4751	res, err := c.doRequest("json")
4752	if res != nil && res.StatusCode == http.StatusNotModified {
4753		if res.Body != nil {
4754			res.Body.Close()
4755		}
4756		return nil, &googleapi.Error{
4757			Code:   res.StatusCode,
4758			Header: res.Header,
4759		}
4760	}
4761	if err != nil {
4762		return nil, err
4763	}
4764	defer googleapi.CloseBody(res)
4765	if err := googleapi.CheckResponse(res); err != nil {
4766		return nil, err
4767	}
4768	ret := &Operation{
4769		ServerResponse: googleapi.ServerResponse{
4770			Header:         res.Header,
4771			HTTPStatusCode: res.StatusCode,
4772		},
4773	}
4774	target := &ret
4775	if err := gensupport.DecodeResponse(target, res); err != nil {
4776		return nil, err
4777	}
4778	return ret, nil
4779	// {
4780	//   "description": "Deletes a WorkloadIdentityPool. You cannot use a deleted pool to exchange external credentials for Google Cloud credentials. However, deletion does not revoke credentials that have already been issued. Credentials issued for a deleted pool do not grant access to resources. If the pool is undeleted, and the credentials are not expired, they grant access again. You can undelete a pool for 30 days. After 30 days, deletion is permanent. You cannot update deleted pools. However, you can view and list them.",
4781	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}",
4782	//   "httpMethod": "DELETE",
4783	//   "id": "iam.projects.locations.workloadIdentityPools.delete",
4784	//   "parameterOrder": [
4785	//     "name"
4786	//   ],
4787	//   "parameters": {
4788	//     "name": {
4789	//       "description": "Required. The name of the pool to delete.",
4790	//       "location": "path",
4791	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+$",
4792	//       "required": true,
4793	//       "type": "string"
4794	//     }
4795	//   },
4796	//   "path": "v1/{+name}",
4797	//   "response": {
4798	//     "$ref": "Operation"
4799	//   },
4800	//   "scopes": [
4801	//     "https://www.googleapis.com/auth/cloud-platform"
4802	//   ]
4803	// }
4804
4805}
4806
4807// method id "iam.projects.locations.workloadIdentityPools.get":
4808
4809type ProjectsLocationsWorkloadIdentityPoolsGetCall struct {
4810	s            *Service
4811	name         string
4812	urlParams_   gensupport.URLParams
4813	ifNoneMatch_ string
4814	ctx_         context.Context
4815	header_      http.Header
4816}
4817
4818// Get: Gets an individual WorkloadIdentityPool.
4819//
4820// - name: The name of the pool to retrieve.
4821func (r *ProjectsLocationsWorkloadIdentityPoolsService) Get(name string) *ProjectsLocationsWorkloadIdentityPoolsGetCall {
4822	c := &ProjectsLocationsWorkloadIdentityPoolsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4823	c.name = name
4824	return c
4825}
4826
4827// Fields allows partial responses to be retrieved. See
4828// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4829// for more information.
4830func (c *ProjectsLocationsWorkloadIdentityPoolsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsGetCall {
4831	c.urlParams_.Set("fields", googleapi.CombineFields(s))
4832	return c
4833}
4834
4835// IfNoneMatch sets the optional parameter which makes the operation
4836// fail if the object's ETag matches the given value. This is useful for
4837// getting updates only after the object has changed since the last
4838// request. Use googleapi.IsNotModified to check whether the response
4839// error from Do is the result of In-None-Match.
4840func (c *ProjectsLocationsWorkloadIdentityPoolsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsWorkloadIdentityPoolsGetCall {
4841	c.ifNoneMatch_ = entityTag
4842	return c
4843}
4844
4845// Context sets the context to be used in this call's Do method. Any
4846// pending HTTP request will be aborted if the provided context is
4847// canceled.
4848func (c *ProjectsLocationsWorkloadIdentityPoolsGetCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsGetCall {
4849	c.ctx_ = ctx
4850	return c
4851}
4852
4853// Header returns an http.Header that can be modified by the caller to
4854// add HTTP headers to the request.
4855func (c *ProjectsLocationsWorkloadIdentityPoolsGetCall) Header() http.Header {
4856	if c.header_ == nil {
4857		c.header_ = make(http.Header)
4858	}
4859	return c.header_
4860}
4861
4862func (c *ProjectsLocationsWorkloadIdentityPoolsGetCall) doRequest(alt string) (*http.Response, error) {
4863	reqHeaders := make(http.Header)
4864	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
4865	for k, v := range c.header_ {
4866		reqHeaders[k] = v
4867	}
4868	reqHeaders.Set("User-Agent", c.s.userAgent())
4869	if c.ifNoneMatch_ != "" {
4870		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
4871	}
4872	var body io.Reader = nil
4873	c.urlParams_.Set("alt", alt)
4874	c.urlParams_.Set("prettyPrint", "false")
4875	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
4876	urls += "?" + c.urlParams_.Encode()
4877	req, err := http.NewRequest("GET", urls, body)
4878	if err != nil {
4879		return nil, err
4880	}
4881	req.Header = reqHeaders
4882	googleapi.Expand(req.URL, map[string]string{
4883		"name": c.name,
4884	})
4885	return gensupport.SendRequest(c.ctx_, c.s.client, req)
4886}
4887
4888// Do executes the "iam.projects.locations.workloadIdentityPools.get" call.
4889// Exactly one of *WorkloadIdentityPool or error will be non-nil. Any
4890// non-2xx status code is an error. Response headers are in either
4891// *WorkloadIdentityPool.ServerResponse.Header or (if a response was
4892// returned at all) in error.(*googleapi.Error).Header. Use
4893// googleapi.IsNotModified to check whether the returned error was
4894// because http.StatusNotModified was returned.
4895func (c *ProjectsLocationsWorkloadIdentityPoolsGetCall) Do(opts ...googleapi.CallOption) (*WorkloadIdentityPool, error) {
4896	gensupport.SetOptions(c.urlParams_, opts...)
4897	res, err := c.doRequest("json")
4898	if res != nil && res.StatusCode == http.StatusNotModified {
4899		if res.Body != nil {
4900			res.Body.Close()
4901		}
4902		return nil, &googleapi.Error{
4903			Code:   res.StatusCode,
4904			Header: res.Header,
4905		}
4906	}
4907	if err != nil {
4908		return nil, err
4909	}
4910	defer googleapi.CloseBody(res)
4911	if err := googleapi.CheckResponse(res); err != nil {
4912		return nil, err
4913	}
4914	ret := &WorkloadIdentityPool{
4915		ServerResponse: googleapi.ServerResponse{
4916			Header:         res.Header,
4917			HTTPStatusCode: res.StatusCode,
4918		},
4919	}
4920	target := &ret
4921	if err := gensupport.DecodeResponse(target, res); err != nil {
4922		return nil, err
4923	}
4924	return ret, nil
4925	// {
4926	//   "description": "Gets an individual WorkloadIdentityPool.",
4927	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}",
4928	//   "httpMethod": "GET",
4929	//   "id": "iam.projects.locations.workloadIdentityPools.get",
4930	//   "parameterOrder": [
4931	//     "name"
4932	//   ],
4933	//   "parameters": {
4934	//     "name": {
4935	//       "description": "Required. The name of the pool to retrieve.",
4936	//       "location": "path",
4937	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+$",
4938	//       "required": true,
4939	//       "type": "string"
4940	//     }
4941	//   },
4942	//   "path": "v1/{+name}",
4943	//   "response": {
4944	//     "$ref": "WorkloadIdentityPool"
4945	//   },
4946	//   "scopes": [
4947	//     "https://www.googleapis.com/auth/cloud-platform"
4948	//   ]
4949	// }
4950
4951}
4952
4953// method id "iam.projects.locations.workloadIdentityPools.list":
4954
4955type ProjectsLocationsWorkloadIdentityPoolsListCall struct {
4956	s            *Service
4957	parent       string
4958	urlParams_   gensupport.URLParams
4959	ifNoneMatch_ string
4960	ctx_         context.Context
4961	header_      http.Header
4962}
4963
4964// List: Lists all non-deleted WorkloadIdentityPools in a project. If
4965// `show_deleted` is set to `true`, then deleted pools are also listed.
4966//
4967// - parent: The parent resource to list pools for.
4968func (r *ProjectsLocationsWorkloadIdentityPoolsService) List(parent string) *ProjectsLocationsWorkloadIdentityPoolsListCall {
4969	c := &ProjectsLocationsWorkloadIdentityPoolsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
4970	c.parent = parent
4971	return c
4972}
4973
4974// PageSize sets the optional parameter "pageSize": The maximum number
4975// of pools to return. If unspecified, at most 50 pools are returned.
4976// The maximum value is 1000; values above are 1000 truncated to 1000.
4977func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) PageSize(pageSize int64) *ProjectsLocationsWorkloadIdentityPoolsListCall {
4978	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
4979	return c
4980}
4981
4982// PageToken sets the optional parameter "pageToken": A page token,
4983// received from a previous `ListWorkloadIdentityPools` call. Provide
4984// this to retrieve the subsequent page.
4985func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) PageToken(pageToken string) *ProjectsLocationsWorkloadIdentityPoolsListCall {
4986	c.urlParams_.Set("pageToken", pageToken)
4987	return c
4988}
4989
4990// ShowDeleted sets the optional parameter "showDeleted": Whether to
4991// return soft-deleted pools.
4992func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) ShowDeleted(showDeleted bool) *ProjectsLocationsWorkloadIdentityPoolsListCall {
4993	c.urlParams_.Set("showDeleted", fmt.Sprint(showDeleted))
4994	return c
4995}
4996
4997// Fields allows partial responses to be retrieved. See
4998// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
4999// for more information.
5000func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsListCall {
5001	c.urlParams_.Set("fields", googleapi.CombineFields(s))
5002	return c
5003}
5004
5005// IfNoneMatch sets the optional parameter which makes the operation
5006// fail if the object's ETag matches the given value. This is useful for
5007// getting updates only after the object has changed since the last
5008// request. Use googleapi.IsNotModified to check whether the response
5009// error from Do is the result of In-None-Match.
5010func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) IfNoneMatch(entityTag string) *ProjectsLocationsWorkloadIdentityPoolsListCall {
5011	c.ifNoneMatch_ = entityTag
5012	return c
5013}
5014
5015// Context sets the context to be used in this call's Do method. Any
5016// pending HTTP request will be aborted if the provided context is
5017// canceled.
5018func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsListCall {
5019	c.ctx_ = ctx
5020	return c
5021}
5022
5023// Header returns an http.Header that can be modified by the caller to
5024// add HTTP headers to the request.
5025func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) Header() http.Header {
5026	if c.header_ == nil {
5027		c.header_ = make(http.Header)
5028	}
5029	return c.header_
5030}
5031
5032func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) doRequest(alt string) (*http.Response, error) {
5033	reqHeaders := make(http.Header)
5034	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
5035	for k, v := range c.header_ {
5036		reqHeaders[k] = v
5037	}
5038	reqHeaders.Set("User-Agent", c.s.userAgent())
5039	if c.ifNoneMatch_ != "" {
5040		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
5041	}
5042	var body io.Reader = nil
5043	c.urlParams_.Set("alt", alt)
5044	c.urlParams_.Set("prettyPrint", "false")
5045	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/workloadIdentityPools")
5046	urls += "?" + c.urlParams_.Encode()
5047	req, err := http.NewRequest("GET", urls, body)
5048	if err != nil {
5049		return nil, err
5050	}
5051	req.Header = reqHeaders
5052	googleapi.Expand(req.URL, map[string]string{
5053		"parent": c.parent,
5054	})
5055	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5056}
5057
5058// Do executes the "iam.projects.locations.workloadIdentityPools.list" call.
5059// Exactly one of *ListWorkloadIdentityPoolsResponse or error will be
5060// non-nil. Any non-2xx status code is an error. Response headers are in
5061// either *ListWorkloadIdentityPoolsResponse.ServerResponse.Header or
5062// (if a response was returned at all) in
5063// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
5064// whether the returned error was because http.StatusNotModified was
5065// returned.
5066func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) Do(opts ...googleapi.CallOption) (*ListWorkloadIdentityPoolsResponse, error) {
5067	gensupport.SetOptions(c.urlParams_, opts...)
5068	res, err := c.doRequest("json")
5069	if res != nil && res.StatusCode == http.StatusNotModified {
5070		if res.Body != nil {
5071			res.Body.Close()
5072		}
5073		return nil, &googleapi.Error{
5074			Code:   res.StatusCode,
5075			Header: res.Header,
5076		}
5077	}
5078	if err != nil {
5079		return nil, err
5080	}
5081	defer googleapi.CloseBody(res)
5082	if err := googleapi.CheckResponse(res); err != nil {
5083		return nil, err
5084	}
5085	ret := &ListWorkloadIdentityPoolsResponse{
5086		ServerResponse: googleapi.ServerResponse{
5087			Header:         res.Header,
5088			HTTPStatusCode: res.StatusCode,
5089		},
5090	}
5091	target := &ret
5092	if err := gensupport.DecodeResponse(target, res); err != nil {
5093		return nil, err
5094	}
5095	return ret, nil
5096	// {
5097	//   "description": "Lists all non-deleted WorkloadIdentityPools in a project. If `show_deleted` is set to `true`, then deleted pools are also listed.",
5098	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools",
5099	//   "httpMethod": "GET",
5100	//   "id": "iam.projects.locations.workloadIdentityPools.list",
5101	//   "parameterOrder": [
5102	//     "parent"
5103	//   ],
5104	//   "parameters": {
5105	//     "pageSize": {
5106	//       "description": "The maximum number of pools to return. If unspecified, at most 50 pools are returned. The maximum value is 1000; values above are 1000 truncated to 1000.",
5107	//       "format": "int32",
5108	//       "location": "query",
5109	//       "type": "integer"
5110	//     },
5111	//     "pageToken": {
5112	//       "description": "A page token, received from a previous `ListWorkloadIdentityPools` call. Provide this to retrieve the subsequent page.",
5113	//       "location": "query",
5114	//       "type": "string"
5115	//     },
5116	//     "parent": {
5117	//       "description": "Required. The parent resource to list pools for.",
5118	//       "location": "path",
5119	//       "pattern": "^projects/[^/]+/locations/[^/]+$",
5120	//       "required": true,
5121	//       "type": "string"
5122	//     },
5123	//     "showDeleted": {
5124	//       "description": "Whether to return soft-deleted pools.",
5125	//       "location": "query",
5126	//       "type": "boolean"
5127	//     }
5128	//   },
5129	//   "path": "v1/{+parent}/workloadIdentityPools",
5130	//   "response": {
5131	//     "$ref": "ListWorkloadIdentityPoolsResponse"
5132	//   },
5133	//   "scopes": [
5134	//     "https://www.googleapis.com/auth/cloud-platform"
5135	//   ]
5136	// }
5137
5138}
5139
5140// Pages invokes f for each page of results.
5141// A non-nil error returned from f will halt the iteration.
5142// The provided context supersedes any context provided to the Context method.
5143func (c *ProjectsLocationsWorkloadIdentityPoolsListCall) Pages(ctx context.Context, f func(*ListWorkloadIdentityPoolsResponse) error) error {
5144	c.ctx_ = ctx
5145	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
5146	for {
5147		x, err := c.Do()
5148		if err != nil {
5149			return err
5150		}
5151		if err := f(x); err != nil {
5152			return err
5153		}
5154		if x.NextPageToken == "" {
5155			return nil
5156		}
5157		c.PageToken(x.NextPageToken)
5158	}
5159}
5160
5161// method id "iam.projects.locations.workloadIdentityPools.patch":
5162
5163type ProjectsLocationsWorkloadIdentityPoolsPatchCall struct {
5164	s                    *Service
5165	name                 string
5166	workloadidentitypool *WorkloadIdentityPool
5167	urlParams_           gensupport.URLParams
5168	ctx_                 context.Context
5169	header_              http.Header
5170}
5171
5172// Patch: Updates an existing WorkloadIdentityPool.
5173//
5174// - name: Output only. The resource name of the pool.
5175func (r *ProjectsLocationsWorkloadIdentityPoolsService) Patch(name string, workloadidentitypool *WorkloadIdentityPool) *ProjectsLocationsWorkloadIdentityPoolsPatchCall {
5176	c := &ProjectsLocationsWorkloadIdentityPoolsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
5177	c.name = name
5178	c.workloadidentitypool = workloadidentitypool
5179	return c
5180}
5181
5182// UpdateMask sets the optional parameter "updateMask": Required. The
5183// list of fields to update.
5184func (c *ProjectsLocationsWorkloadIdentityPoolsPatchCall) UpdateMask(updateMask string) *ProjectsLocationsWorkloadIdentityPoolsPatchCall {
5185	c.urlParams_.Set("updateMask", updateMask)
5186	return c
5187}
5188
5189// Fields allows partial responses to be retrieved. See
5190// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
5191// for more information.
5192func (c *ProjectsLocationsWorkloadIdentityPoolsPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsPatchCall {
5193	c.urlParams_.Set("fields", googleapi.CombineFields(s))
5194	return c
5195}
5196
5197// Context sets the context to be used in this call's Do method. Any
5198// pending HTTP request will be aborted if the provided context is
5199// canceled.
5200func (c *ProjectsLocationsWorkloadIdentityPoolsPatchCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsPatchCall {
5201	c.ctx_ = ctx
5202	return c
5203}
5204
5205// Header returns an http.Header that can be modified by the caller to
5206// add HTTP headers to the request.
5207func (c *ProjectsLocationsWorkloadIdentityPoolsPatchCall) Header() http.Header {
5208	if c.header_ == nil {
5209		c.header_ = make(http.Header)
5210	}
5211	return c.header_
5212}
5213
5214func (c *ProjectsLocationsWorkloadIdentityPoolsPatchCall) doRequest(alt string) (*http.Response, error) {
5215	reqHeaders := make(http.Header)
5216	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
5217	for k, v := range c.header_ {
5218		reqHeaders[k] = v
5219	}
5220	reqHeaders.Set("User-Agent", c.s.userAgent())
5221	var body io.Reader = nil
5222	body, err := googleapi.WithoutDataWrapper.JSONReader(c.workloadidentitypool)
5223	if err != nil {
5224		return nil, err
5225	}
5226	reqHeaders.Set("Content-Type", "application/json")
5227	c.urlParams_.Set("alt", alt)
5228	c.urlParams_.Set("prettyPrint", "false")
5229	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
5230	urls += "?" + c.urlParams_.Encode()
5231	req, err := http.NewRequest("PATCH", urls, body)
5232	if err != nil {
5233		return nil, err
5234	}
5235	req.Header = reqHeaders
5236	googleapi.Expand(req.URL, map[string]string{
5237		"name": c.name,
5238	})
5239	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5240}
5241
5242// Do executes the "iam.projects.locations.workloadIdentityPools.patch" call.
5243// Exactly one of *Operation or error will be non-nil. Any non-2xx
5244// status code is an error. Response headers are in either
5245// *Operation.ServerResponse.Header or (if a response was returned at
5246// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
5247// to check whether the returned error was because
5248// http.StatusNotModified was returned.
5249func (c *ProjectsLocationsWorkloadIdentityPoolsPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
5250	gensupport.SetOptions(c.urlParams_, opts...)
5251	res, err := c.doRequest("json")
5252	if res != nil && res.StatusCode == http.StatusNotModified {
5253		if res.Body != nil {
5254			res.Body.Close()
5255		}
5256		return nil, &googleapi.Error{
5257			Code:   res.StatusCode,
5258			Header: res.Header,
5259		}
5260	}
5261	if err != nil {
5262		return nil, err
5263	}
5264	defer googleapi.CloseBody(res)
5265	if err := googleapi.CheckResponse(res); err != nil {
5266		return nil, err
5267	}
5268	ret := &Operation{
5269		ServerResponse: googleapi.ServerResponse{
5270			Header:         res.Header,
5271			HTTPStatusCode: res.StatusCode,
5272		},
5273	}
5274	target := &ret
5275	if err := gensupport.DecodeResponse(target, res); err != nil {
5276		return nil, err
5277	}
5278	return ret, nil
5279	// {
5280	//   "description": "Updates an existing WorkloadIdentityPool.",
5281	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}",
5282	//   "httpMethod": "PATCH",
5283	//   "id": "iam.projects.locations.workloadIdentityPools.patch",
5284	//   "parameterOrder": [
5285	//     "name"
5286	//   ],
5287	//   "parameters": {
5288	//     "name": {
5289	//       "description": "Output only. The resource name of the pool.",
5290	//       "location": "path",
5291	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+$",
5292	//       "required": true,
5293	//       "type": "string"
5294	//     },
5295	//     "updateMask": {
5296	//       "description": "Required. The list of fields to update.",
5297	//       "format": "google-fieldmask",
5298	//       "location": "query",
5299	//       "type": "string"
5300	//     }
5301	//   },
5302	//   "path": "v1/{+name}",
5303	//   "request": {
5304	//     "$ref": "WorkloadIdentityPool"
5305	//   },
5306	//   "response": {
5307	//     "$ref": "Operation"
5308	//   },
5309	//   "scopes": [
5310	//     "https://www.googleapis.com/auth/cloud-platform"
5311	//   ]
5312	// }
5313
5314}
5315
5316// method id "iam.projects.locations.workloadIdentityPools.undelete":
5317
5318type ProjectsLocationsWorkloadIdentityPoolsUndeleteCall struct {
5319	s                                   *Service
5320	name                                string
5321	undeleteworkloadidentitypoolrequest *UndeleteWorkloadIdentityPoolRequest
5322	urlParams_                          gensupport.URLParams
5323	ctx_                                context.Context
5324	header_                             http.Header
5325}
5326
5327// Undelete: Undeletes a WorkloadIdentityPool, as long as it was deleted
5328// fewer than 30 days ago.
5329//
5330// - name: The name of the pool to undelete.
5331func (r *ProjectsLocationsWorkloadIdentityPoolsService) Undelete(name string, undeleteworkloadidentitypoolrequest *UndeleteWorkloadIdentityPoolRequest) *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall {
5332	c := &ProjectsLocationsWorkloadIdentityPoolsUndeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
5333	c.name = name
5334	c.undeleteworkloadidentitypoolrequest = undeleteworkloadidentitypoolrequest
5335	return c
5336}
5337
5338// Fields allows partial responses to be retrieved. See
5339// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
5340// for more information.
5341func (c *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall {
5342	c.urlParams_.Set("fields", googleapi.CombineFields(s))
5343	return c
5344}
5345
5346// Context sets the context to be used in this call's Do method. Any
5347// pending HTTP request will be aborted if the provided context is
5348// canceled.
5349func (c *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall {
5350	c.ctx_ = ctx
5351	return c
5352}
5353
5354// Header returns an http.Header that can be modified by the caller to
5355// add HTTP headers to the request.
5356func (c *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall) Header() http.Header {
5357	if c.header_ == nil {
5358		c.header_ = make(http.Header)
5359	}
5360	return c.header_
5361}
5362
5363func (c *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall) doRequest(alt string) (*http.Response, error) {
5364	reqHeaders := make(http.Header)
5365	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
5366	for k, v := range c.header_ {
5367		reqHeaders[k] = v
5368	}
5369	reqHeaders.Set("User-Agent", c.s.userAgent())
5370	var body io.Reader = nil
5371	body, err := googleapi.WithoutDataWrapper.JSONReader(c.undeleteworkloadidentitypoolrequest)
5372	if err != nil {
5373		return nil, err
5374	}
5375	reqHeaders.Set("Content-Type", "application/json")
5376	c.urlParams_.Set("alt", alt)
5377	c.urlParams_.Set("prettyPrint", "false")
5378	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:undelete")
5379	urls += "?" + c.urlParams_.Encode()
5380	req, err := http.NewRequest("POST", urls, body)
5381	if err != nil {
5382		return nil, err
5383	}
5384	req.Header = reqHeaders
5385	googleapi.Expand(req.URL, map[string]string{
5386		"name": c.name,
5387	})
5388	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5389}
5390
5391// Do executes the "iam.projects.locations.workloadIdentityPools.undelete" call.
5392// Exactly one of *Operation or error will be non-nil. Any non-2xx
5393// status code is an error. Response headers are in either
5394// *Operation.ServerResponse.Header or (if a response was returned at
5395// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
5396// to check whether the returned error was because
5397// http.StatusNotModified was returned.
5398func (c *ProjectsLocationsWorkloadIdentityPoolsUndeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
5399	gensupport.SetOptions(c.urlParams_, opts...)
5400	res, err := c.doRequest("json")
5401	if res != nil && res.StatusCode == http.StatusNotModified {
5402		if res.Body != nil {
5403			res.Body.Close()
5404		}
5405		return nil, &googleapi.Error{
5406			Code:   res.StatusCode,
5407			Header: res.Header,
5408		}
5409	}
5410	if err != nil {
5411		return nil, err
5412	}
5413	defer googleapi.CloseBody(res)
5414	if err := googleapi.CheckResponse(res); err != nil {
5415		return nil, err
5416	}
5417	ret := &Operation{
5418		ServerResponse: googleapi.ServerResponse{
5419			Header:         res.Header,
5420			HTTPStatusCode: res.StatusCode,
5421		},
5422	}
5423	target := &ret
5424	if err := gensupport.DecodeResponse(target, res); err != nil {
5425		return nil, err
5426	}
5427	return ret, nil
5428	// {
5429	//   "description": "Undeletes a WorkloadIdentityPool, as long as it was deleted fewer than 30 days ago.",
5430	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}:undelete",
5431	//   "httpMethod": "POST",
5432	//   "id": "iam.projects.locations.workloadIdentityPools.undelete",
5433	//   "parameterOrder": [
5434	//     "name"
5435	//   ],
5436	//   "parameters": {
5437	//     "name": {
5438	//       "description": "Required. The name of the pool to undelete.",
5439	//       "location": "path",
5440	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+$",
5441	//       "required": true,
5442	//       "type": "string"
5443	//     }
5444	//   },
5445	//   "path": "v1/{+name}:undelete",
5446	//   "request": {
5447	//     "$ref": "UndeleteWorkloadIdentityPoolRequest"
5448	//   },
5449	//   "response": {
5450	//     "$ref": "Operation"
5451	//   },
5452	//   "scopes": [
5453	//     "https://www.googleapis.com/auth/cloud-platform"
5454	//   ]
5455	// }
5456
5457}
5458
5459// method id "iam.projects.locations.workloadIdentityPools.operations.get":
5460
5461type ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall struct {
5462	s            *Service
5463	name         string
5464	urlParams_   gensupport.URLParams
5465	ifNoneMatch_ string
5466	ctx_         context.Context
5467	header_      http.Header
5468}
5469
5470// Get: Gets the latest state of a long-running operation. Clients can
5471// use this method to poll the operation result at intervals as
5472// recommended by the API service.
5473//
5474// - name: The name of the operation resource.
5475func (r *ProjectsLocationsWorkloadIdentityPoolsOperationsService) Get(name string) *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall {
5476	c := &ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
5477	c.name = name
5478	return c
5479}
5480
5481// Fields allows partial responses to be retrieved. See
5482// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
5483// for more information.
5484func (c *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall {
5485	c.urlParams_.Set("fields", googleapi.CombineFields(s))
5486	return c
5487}
5488
5489// IfNoneMatch sets the optional parameter which makes the operation
5490// fail if the object's ETag matches the given value. This is useful for
5491// getting updates only after the object has changed since the last
5492// request. Use googleapi.IsNotModified to check whether the response
5493// error from Do is the result of In-None-Match.
5494func (c *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall {
5495	c.ifNoneMatch_ = entityTag
5496	return c
5497}
5498
5499// Context sets the context to be used in this call's Do method. Any
5500// pending HTTP request will be aborted if the provided context is
5501// canceled.
5502func (c *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall {
5503	c.ctx_ = ctx
5504	return c
5505}
5506
5507// Header returns an http.Header that can be modified by the caller to
5508// add HTTP headers to the request.
5509func (c *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall) Header() http.Header {
5510	if c.header_ == nil {
5511		c.header_ = make(http.Header)
5512	}
5513	return c.header_
5514}
5515
5516func (c *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall) doRequest(alt string) (*http.Response, error) {
5517	reqHeaders := make(http.Header)
5518	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
5519	for k, v := range c.header_ {
5520		reqHeaders[k] = v
5521	}
5522	reqHeaders.Set("User-Agent", c.s.userAgent())
5523	if c.ifNoneMatch_ != "" {
5524		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
5525	}
5526	var body io.Reader = nil
5527	c.urlParams_.Set("alt", alt)
5528	c.urlParams_.Set("prettyPrint", "false")
5529	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
5530	urls += "?" + c.urlParams_.Encode()
5531	req, err := http.NewRequest("GET", urls, body)
5532	if err != nil {
5533		return nil, err
5534	}
5535	req.Header = reqHeaders
5536	googleapi.Expand(req.URL, map[string]string{
5537		"name": c.name,
5538	})
5539	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5540}
5541
5542// Do executes the "iam.projects.locations.workloadIdentityPools.operations.get" call.
5543// Exactly one of *Operation or error will be non-nil. Any non-2xx
5544// status code is an error. Response headers are in either
5545// *Operation.ServerResponse.Header or (if a response was returned at
5546// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
5547// to check whether the returned error was because
5548// http.StatusNotModified was returned.
5549func (c *ProjectsLocationsWorkloadIdentityPoolsOperationsGetCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
5550	gensupport.SetOptions(c.urlParams_, opts...)
5551	res, err := c.doRequest("json")
5552	if res != nil && res.StatusCode == http.StatusNotModified {
5553		if res.Body != nil {
5554			res.Body.Close()
5555		}
5556		return nil, &googleapi.Error{
5557			Code:   res.StatusCode,
5558			Header: res.Header,
5559		}
5560	}
5561	if err != nil {
5562		return nil, err
5563	}
5564	defer googleapi.CloseBody(res)
5565	if err := googleapi.CheckResponse(res); err != nil {
5566		return nil, err
5567	}
5568	ret := &Operation{
5569		ServerResponse: googleapi.ServerResponse{
5570			Header:         res.Header,
5571			HTTPStatusCode: res.StatusCode,
5572		},
5573	}
5574	target := &ret
5575	if err := gensupport.DecodeResponse(target, res); err != nil {
5576		return nil, err
5577	}
5578	return ret, nil
5579	// {
5580	//   "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.",
5581	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/operations/{operationsId}",
5582	//   "httpMethod": "GET",
5583	//   "id": "iam.projects.locations.workloadIdentityPools.operations.get",
5584	//   "parameterOrder": [
5585	//     "name"
5586	//   ],
5587	//   "parameters": {
5588	//     "name": {
5589	//       "description": "The name of the operation resource.",
5590	//       "location": "path",
5591	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+/operations/[^/]+$",
5592	//       "required": true,
5593	//       "type": "string"
5594	//     }
5595	//   },
5596	//   "path": "v1/{+name}",
5597	//   "response": {
5598	//     "$ref": "Operation"
5599	//   },
5600	//   "scopes": [
5601	//     "https://www.googleapis.com/auth/cloud-platform"
5602	//   ]
5603	// }
5604
5605}
5606
5607// method id "iam.projects.locations.workloadIdentityPools.providers.create":
5608
5609type ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall struct {
5610	s                            *Service
5611	parent                       string
5612	workloadidentitypoolprovider *WorkloadIdentityPoolProvider
5613	urlParams_                   gensupport.URLParams
5614	ctx_                         context.Context
5615	header_                      http.Header
5616}
5617
5618// Create: Creates a new WorkloadIdentityPoolProvider in a
5619// WorkloadIdentityPool. You cannot reuse the name of a deleted provider
5620// until 30 days after deletion.
5621//
5622// - parent: The pool to create this provider in.
5623func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersService) Create(parent string, workloadidentitypoolprovider *WorkloadIdentityPoolProvider) *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall {
5624	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
5625	c.parent = parent
5626	c.workloadidentitypoolprovider = workloadidentitypoolprovider
5627	return c
5628}
5629
5630// WorkloadIdentityPoolProviderId sets the optional parameter
5631// "workloadIdentityPoolProviderId": Required. The ID for the provider,
5632// which becomes the final component of the resource name. This value
5633// must be 4-32 characters, and may contain the characters [a-z0-9-].
5634// The prefix `gcp-` is reserved for use by Google, and may not be
5635// specified.
5636func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall) WorkloadIdentityPoolProviderId(workloadIdentityPoolProviderId string) *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall {
5637	c.urlParams_.Set("workloadIdentityPoolProviderId", workloadIdentityPoolProviderId)
5638	return c
5639}
5640
5641// Fields allows partial responses to be retrieved. See
5642// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
5643// for more information.
5644func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall {
5645	c.urlParams_.Set("fields", googleapi.CombineFields(s))
5646	return c
5647}
5648
5649// Context sets the context to be used in this call's Do method. Any
5650// pending HTTP request will be aborted if the provided context is
5651// canceled.
5652func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall {
5653	c.ctx_ = ctx
5654	return c
5655}
5656
5657// Header returns an http.Header that can be modified by the caller to
5658// add HTTP headers to the request.
5659func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall) Header() http.Header {
5660	if c.header_ == nil {
5661		c.header_ = make(http.Header)
5662	}
5663	return c.header_
5664}
5665
5666func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall) doRequest(alt string) (*http.Response, error) {
5667	reqHeaders := make(http.Header)
5668	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
5669	for k, v := range c.header_ {
5670		reqHeaders[k] = v
5671	}
5672	reqHeaders.Set("User-Agent", c.s.userAgent())
5673	var body io.Reader = nil
5674	body, err := googleapi.WithoutDataWrapper.JSONReader(c.workloadidentitypoolprovider)
5675	if err != nil {
5676		return nil, err
5677	}
5678	reqHeaders.Set("Content-Type", "application/json")
5679	c.urlParams_.Set("alt", alt)
5680	c.urlParams_.Set("prettyPrint", "false")
5681	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/providers")
5682	urls += "?" + c.urlParams_.Encode()
5683	req, err := http.NewRequest("POST", urls, body)
5684	if err != nil {
5685		return nil, err
5686	}
5687	req.Header = reqHeaders
5688	googleapi.Expand(req.URL, map[string]string{
5689		"parent": c.parent,
5690	})
5691	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5692}
5693
5694// Do executes the "iam.projects.locations.workloadIdentityPools.providers.create" call.
5695// Exactly one of *Operation or error will be non-nil. Any non-2xx
5696// status code is an error. Response headers are in either
5697// *Operation.ServerResponse.Header or (if a response was returned at
5698// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
5699// to check whether the returned error was because
5700// http.StatusNotModified was returned.
5701func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersCreateCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
5702	gensupport.SetOptions(c.urlParams_, opts...)
5703	res, err := c.doRequest("json")
5704	if res != nil && res.StatusCode == http.StatusNotModified {
5705		if res.Body != nil {
5706			res.Body.Close()
5707		}
5708		return nil, &googleapi.Error{
5709			Code:   res.StatusCode,
5710			Header: res.Header,
5711		}
5712	}
5713	if err != nil {
5714		return nil, err
5715	}
5716	defer googleapi.CloseBody(res)
5717	if err := googleapi.CheckResponse(res); err != nil {
5718		return nil, err
5719	}
5720	ret := &Operation{
5721		ServerResponse: googleapi.ServerResponse{
5722			Header:         res.Header,
5723			HTTPStatusCode: res.StatusCode,
5724		},
5725	}
5726	target := &ret
5727	if err := gensupport.DecodeResponse(target, res); err != nil {
5728		return nil, err
5729	}
5730	return ret, nil
5731	// {
5732	//   "description": "Creates a new WorkloadIdentityPoolProvider in a WorkloadIdentityPool. You cannot reuse the name of a deleted provider until 30 days after deletion.",
5733	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers",
5734	//   "httpMethod": "POST",
5735	//   "id": "iam.projects.locations.workloadIdentityPools.providers.create",
5736	//   "parameterOrder": [
5737	//     "parent"
5738	//   ],
5739	//   "parameters": {
5740	//     "parent": {
5741	//       "description": "Required. The pool to create this provider in.",
5742	//       "location": "path",
5743	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+$",
5744	//       "required": true,
5745	//       "type": "string"
5746	//     },
5747	//     "workloadIdentityPoolProviderId": {
5748	//       "description": "Required. The ID for the provider, which becomes the final component of the resource name. This value must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix `gcp-` is reserved for use by Google, and may not be specified.",
5749	//       "location": "query",
5750	//       "type": "string"
5751	//     }
5752	//   },
5753	//   "path": "v1/{+parent}/providers",
5754	//   "request": {
5755	//     "$ref": "WorkloadIdentityPoolProvider"
5756	//   },
5757	//   "response": {
5758	//     "$ref": "Operation"
5759	//   },
5760	//   "scopes": [
5761	//     "https://www.googleapis.com/auth/cloud-platform"
5762	//   ]
5763	// }
5764
5765}
5766
5767// method id "iam.projects.locations.workloadIdentityPools.providers.delete":
5768
5769type ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall struct {
5770	s          *Service
5771	name       string
5772	urlParams_ gensupport.URLParams
5773	ctx_       context.Context
5774	header_    http.Header
5775}
5776
5777// Delete: Deletes a WorkloadIdentityPoolProvider. Deleting a provider
5778// does not revoke credentials that have already been issued; they
5779// continue to grant access. You can undelete a provider for 30 days.
5780// After 30 days, deletion is permanent. You cannot update deleted
5781// providers. However, you can view and list them.
5782//
5783// - name: The name of the provider to delete.
5784func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersService) Delete(name string) *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall {
5785	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
5786	c.name = name
5787	return c
5788}
5789
5790// Fields allows partial responses to be retrieved. See
5791// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
5792// for more information.
5793func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall {
5794	c.urlParams_.Set("fields", googleapi.CombineFields(s))
5795	return c
5796}
5797
5798// Context sets the context to be used in this call's Do method. Any
5799// pending HTTP request will be aborted if the provided context is
5800// canceled.
5801func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall {
5802	c.ctx_ = ctx
5803	return c
5804}
5805
5806// Header returns an http.Header that can be modified by the caller to
5807// add HTTP headers to the request.
5808func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall) Header() http.Header {
5809	if c.header_ == nil {
5810		c.header_ = make(http.Header)
5811	}
5812	return c.header_
5813}
5814
5815func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall) doRequest(alt string) (*http.Response, error) {
5816	reqHeaders := make(http.Header)
5817	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
5818	for k, v := range c.header_ {
5819		reqHeaders[k] = v
5820	}
5821	reqHeaders.Set("User-Agent", c.s.userAgent())
5822	var body io.Reader = nil
5823	c.urlParams_.Set("alt", alt)
5824	c.urlParams_.Set("prettyPrint", "false")
5825	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
5826	urls += "?" + c.urlParams_.Encode()
5827	req, err := http.NewRequest("DELETE", urls, body)
5828	if err != nil {
5829		return nil, err
5830	}
5831	req.Header = reqHeaders
5832	googleapi.Expand(req.URL, map[string]string{
5833		"name": c.name,
5834	})
5835	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5836}
5837
5838// Do executes the "iam.projects.locations.workloadIdentityPools.providers.delete" call.
5839// Exactly one of *Operation or error will be non-nil. Any non-2xx
5840// status code is an error. Response headers are in either
5841// *Operation.ServerResponse.Header or (if a response was returned at
5842// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
5843// to check whether the returned error was because
5844// http.StatusNotModified was returned.
5845func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersDeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
5846	gensupport.SetOptions(c.urlParams_, opts...)
5847	res, err := c.doRequest("json")
5848	if res != nil && res.StatusCode == http.StatusNotModified {
5849		if res.Body != nil {
5850			res.Body.Close()
5851		}
5852		return nil, &googleapi.Error{
5853			Code:   res.StatusCode,
5854			Header: res.Header,
5855		}
5856	}
5857	if err != nil {
5858		return nil, err
5859	}
5860	defer googleapi.CloseBody(res)
5861	if err := googleapi.CheckResponse(res); err != nil {
5862		return nil, err
5863	}
5864	ret := &Operation{
5865		ServerResponse: googleapi.ServerResponse{
5866			Header:         res.Header,
5867			HTTPStatusCode: res.StatusCode,
5868		},
5869	}
5870	target := &ret
5871	if err := gensupport.DecodeResponse(target, res); err != nil {
5872		return nil, err
5873	}
5874	return ret, nil
5875	// {
5876	//   "description": "Deletes a WorkloadIdentityPoolProvider. Deleting a provider does not revoke credentials that have already been issued; they continue to grant access. You can undelete a provider for 30 days. After 30 days, deletion is permanent. You cannot update deleted providers. However, you can view and list them.",
5877	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers/{providersId}",
5878	//   "httpMethod": "DELETE",
5879	//   "id": "iam.projects.locations.workloadIdentityPools.providers.delete",
5880	//   "parameterOrder": [
5881	//     "name"
5882	//   ],
5883	//   "parameters": {
5884	//     "name": {
5885	//       "description": "Required. The name of the provider to delete.",
5886	//       "location": "path",
5887	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+/providers/[^/]+$",
5888	//       "required": true,
5889	//       "type": "string"
5890	//     }
5891	//   },
5892	//   "path": "v1/{+name}",
5893	//   "response": {
5894	//     "$ref": "Operation"
5895	//   },
5896	//   "scopes": [
5897	//     "https://www.googleapis.com/auth/cloud-platform"
5898	//   ]
5899	// }
5900
5901}
5902
5903// method id "iam.projects.locations.workloadIdentityPools.providers.get":
5904
5905type ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall struct {
5906	s            *Service
5907	name         string
5908	urlParams_   gensupport.URLParams
5909	ifNoneMatch_ string
5910	ctx_         context.Context
5911	header_      http.Header
5912}
5913
5914// Get: Gets an individual WorkloadIdentityPoolProvider.
5915//
5916// - name: The name of the provider to retrieve.
5917func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersService) Get(name string) *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall {
5918	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
5919	c.name = name
5920	return c
5921}
5922
5923// Fields allows partial responses to be retrieved. See
5924// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
5925// for more information.
5926func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall {
5927	c.urlParams_.Set("fields", googleapi.CombineFields(s))
5928	return c
5929}
5930
5931// IfNoneMatch sets the optional parameter which makes the operation
5932// fail if the object's ETag matches the given value. This is useful for
5933// getting updates only after the object has changed since the last
5934// request. Use googleapi.IsNotModified to check whether the response
5935// error from Do is the result of In-None-Match.
5936func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall {
5937	c.ifNoneMatch_ = entityTag
5938	return c
5939}
5940
5941// Context sets the context to be used in this call's Do method. Any
5942// pending HTTP request will be aborted if the provided context is
5943// canceled.
5944func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall {
5945	c.ctx_ = ctx
5946	return c
5947}
5948
5949// Header returns an http.Header that can be modified by the caller to
5950// add HTTP headers to the request.
5951func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall) Header() http.Header {
5952	if c.header_ == nil {
5953		c.header_ = make(http.Header)
5954	}
5955	return c.header_
5956}
5957
5958func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall) doRequest(alt string) (*http.Response, error) {
5959	reqHeaders := make(http.Header)
5960	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
5961	for k, v := range c.header_ {
5962		reqHeaders[k] = v
5963	}
5964	reqHeaders.Set("User-Agent", c.s.userAgent())
5965	if c.ifNoneMatch_ != "" {
5966		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
5967	}
5968	var body io.Reader = nil
5969	c.urlParams_.Set("alt", alt)
5970	c.urlParams_.Set("prettyPrint", "false")
5971	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
5972	urls += "?" + c.urlParams_.Encode()
5973	req, err := http.NewRequest("GET", urls, body)
5974	if err != nil {
5975		return nil, err
5976	}
5977	req.Header = reqHeaders
5978	googleapi.Expand(req.URL, map[string]string{
5979		"name": c.name,
5980	})
5981	return gensupport.SendRequest(c.ctx_, c.s.client, req)
5982}
5983
5984// Do executes the "iam.projects.locations.workloadIdentityPools.providers.get" call.
5985// Exactly one of *WorkloadIdentityPoolProvider or error will be
5986// non-nil. Any non-2xx status code is an error. Response headers are in
5987// either *WorkloadIdentityPoolProvider.ServerResponse.Header or (if a
5988// response was returned at all) in error.(*googleapi.Error).Header. Use
5989// googleapi.IsNotModified to check whether the returned error was
5990// because http.StatusNotModified was returned.
5991func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersGetCall) Do(opts ...googleapi.CallOption) (*WorkloadIdentityPoolProvider, error) {
5992	gensupport.SetOptions(c.urlParams_, opts...)
5993	res, err := c.doRequest("json")
5994	if res != nil && res.StatusCode == http.StatusNotModified {
5995		if res.Body != nil {
5996			res.Body.Close()
5997		}
5998		return nil, &googleapi.Error{
5999			Code:   res.StatusCode,
6000			Header: res.Header,
6001		}
6002	}
6003	if err != nil {
6004		return nil, err
6005	}
6006	defer googleapi.CloseBody(res)
6007	if err := googleapi.CheckResponse(res); err != nil {
6008		return nil, err
6009	}
6010	ret := &WorkloadIdentityPoolProvider{
6011		ServerResponse: googleapi.ServerResponse{
6012			Header:         res.Header,
6013			HTTPStatusCode: res.StatusCode,
6014		},
6015	}
6016	target := &ret
6017	if err := gensupport.DecodeResponse(target, res); err != nil {
6018		return nil, err
6019	}
6020	return ret, nil
6021	// {
6022	//   "description": "Gets an individual WorkloadIdentityPoolProvider.",
6023	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers/{providersId}",
6024	//   "httpMethod": "GET",
6025	//   "id": "iam.projects.locations.workloadIdentityPools.providers.get",
6026	//   "parameterOrder": [
6027	//     "name"
6028	//   ],
6029	//   "parameters": {
6030	//     "name": {
6031	//       "description": "Required. The name of the provider to retrieve.",
6032	//       "location": "path",
6033	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+/providers/[^/]+$",
6034	//       "required": true,
6035	//       "type": "string"
6036	//     }
6037	//   },
6038	//   "path": "v1/{+name}",
6039	//   "response": {
6040	//     "$ref": "WorkloadIdentityPoolProvider"
6041	//   },
6042	//   "scopes": [
6043	//     "https://www.googleapis.com/auth/cloud-platform"
6044	//   ]
6045	// }
6046
6047}
6048
6049// method id "iam.projects.locations.workloadIdentityPools.providers.list":
6050
6051type ProjectsLocationsWorkloadIdentityPoolsProvidersListCall struct {
6052	s            *Service
6053	parent       string
6054	urlParams_   gensupport.URLParams
6055	ifNoneMatch_ string
6056	ctx_         context.Context
6057	header_      http.Header
6058}
6059
6060// List: Lists all non-deleted WorkloadIdentityPoolProviders in a
6061// WorkloadIdentityPool. If `show_deleted` is set to `true`, then
6062// deleted providers are also listed.
6063//
6064// - parent: The pool to list providers for.
6065func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersService) List(parent string) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
6066	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
6067	c.parent = parent
6068	return c
6069}
6070
6071// PageSize sets the optional parameter "pageSize": The maximum number
6072// of providers to return. If unspecified, at most 50 providers are
6073// returned. The maximum value is 100; values above 100 are truncated to
6074// 100.
6075func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) PageSize(pageSize int64) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
6076	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
6077	return c
6078}
6079
6080// PageToken sets the optional parameter "pageToken": A page token,
6081// received from a previous `ListWorkloadIdentityPoolProviders` call.
6082// Provide this to retrieve the subsequent page.
6083func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) PageToken(pageToken string) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
6084	c.urlParams_.Set("pageToken", pageToken)
6085	return c
6086}
6087
6088// ShowDeleted sets the optional parameter "showDeleted": Whether to
6089// return soft-deleted providers.
6090func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) ShowDeleted(showDeleted bool) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
6091	c.urlParams_.Set("showDeleted", fmt.Sprint(showDeleted))
6092	return c
6093}
6094
6095// Fields allows partial responses to be retrieved. See
6096// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
6097// for more information.
6098func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
6099	c.urlParams_.Set("fields", googleapi.CombineFields(s))
6100	return c
6101}
6102
6103// IfNoneMatch sets the optional parameter which makes the operation
6104// fail if the object's ETag matches the given value. This is useful for
6105// getting updates only after the object has changed since the last
6106// request. Use googleapi.IsNotModified to check whether the response
6107// error from Do is the result of In-None-Match.
6108func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) IfNoneMatch(entityTag string) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
6109	c.ifNoneMatch_ = entityTag
6110	return c
6111}
6112
6113// Context sets the context to be used in this call's Do method. Any
6114// pending HTTP request will be aborted if the provided context is
6115// canceled.
6116func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall {
6117	c.ctx_ = ctx
6118	return c
6119}
6120
6121// Header returns an http.Header that can be modified by the caller to
6122// add HTTP headers to the request.
6123func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) Header() http.Header {
6124	if c.header_ == nil {
6125		c.header_ = make(http.Header)
6126	}
6127	return c.header_
6128}
6129
6130func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) doRequest(alt string) (*http.Response, error) {
6131	reqHeaders := make(http.Header)
6132	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
6133	for k, v := range c.header_ {
6134		reqHeaders[k] = v
6135	}
6136	reqHeaders.Set("User-Agent", c.s.userAgent())
6137	if c.ifNoneMatch_ != "" {
6138		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
6139	}
6140	var body io.Reader = nil
6141	c.urlParams_.Set("alt", alt)
6142	c.urlParams_.Set("prettyPrint", "false")
6143	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/providers")
6144	urls += "?" + c.urlParams_.Encode()
6145	req, err := http.NewRequest("GET", urls, body)
6146	if err != nil {
6147		return nil, err
6148	}
6149	req.Header = reqHeaders
6150	googleapi.Expand(req.URL, map[string]string{
6151		"parent": c.parent,
6152	})
6153	return gensupport.SendRequest(c.ctx_, c.s.client, req)
6154}
6155
6156// Do executes the "iam.projects.locations.workloadIdentityPools.providers.list" call.
6157// Exactly one of *ListWorkloadIdentityPoolProvidersResponse or error
6158// will be non-nil. Any non-2xx status code is an error. Response
6159// headers are in either
6160// *ListWorkloadIdentityPoolProvidersResponse.ServerResponse.Header or
6161// (if a response was returned at all) in
6162// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
6163// whether the returned error was because http.StatusNotModified was
6164// returned.
6165func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) Do(opts ...googleapi.CallOption) (*ListWorkloadIdentityPoolProvidersResponse, error) {
6166	gensupport.SetOptions(c.urlParams_, opts...)
6167	res, err := c.doRequest("json")
6168	if res != nil && res.StatusCode == http.StatusNotModified {
6169		if res.Body != nil {
6170			res.Body.Close()
6171		}
6172		return nil, &googleapi.Error{
6173			Code:   res.StatusCode,
6174			Header: res.Header,
6175		}
6176	}
6177	if err != nil {
6178		return nil, err
6179	}
6180	defer googleapi.CloseBody(res)
6181	if err := googleapi.CheckResponse(res); err != nil {
6182		return nil, err
6183	}
6184	ret := &ListWorkloadIdentityPoolProvidersResponse{
6185		ServerResponse: googleapi.ServerResponse{
6186			Header:         res.Header,
6187			HTTPStatusCode: res.StatusCode,
6188		},
6189	}
6190	target := &ret
6191	if err := gensupport.DecodeResponse(target, res); err != nil {
6192		return nil, err
6193	}
6194	return ret, nil
6195	// {
6196	//   "description": "Lists all non-deleted WorkloadIdentityPoolProviders in a WorkloadIdentityPool. If `show_deleted` is set to `true`, then deleted providers are also listed.",
6197	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers",
6198	//   "httpMethod": "GET",
6199	//   "id": "iam.projects.locations.workloadIdentityPools.providers.list",
6200	//   "parameterOrder": [
6201	//     "parent"
6202	//   ],
6203	//   "parameters": {
6204	//     "pageSize": {
6205	//       "description": "The maximum number of providers to return. If unspecified, at most 50 providers are returned. The maximum value is 100; values above 100 are truncated to 100.",
6206	//       "format": "int32",
6207	//       "location": "query",
6208	//       "type": "integer"
6209	//     },
6210	//     "pageToken": {
6211	//       "description": "A page token, received from a previous `ListWorkloadIdentityPoolProviders` call. Provide this to retrieve the subsequent page.",
6212	//       "location": "query",
6213	//       "type": "string"
6214	//     },
6215	//     "parent": {
6216	//       "description": "Required. The pool to list providers for.",
6217	//       "location": "path",
6218	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+$",
6219	//       "required": true,
6220	//       "type": "string"
6221	//     },
6222	//     "showDeleted": {
6223	//       "description": "Whether to return soft-deleted providers.",
6224	//       "location": "query",
6225	//       "type": "boolean"
6226	//     }
6227	//   },
6228	//   "path": "v1/{+parent}/providers",
6229	//   "response": {
6230	//     "$ref": "ListWorkloadIdentityPoolProvidersResponse"
6231	//   },
6232	//   "scopes": [
6233	//     "https://www.googleapis.com/auth/cloud-platform"
6234	//   ]
6235	// }
6236
6237}
6238
6239// Pages invokes f for each page of results.
6240// A non-nil error returned from f will halt the iteration.
6241// The provided context supersedes any context provided to the Context method.
6242func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersListCall) Pages(ctx context.Context, f func(*ListWorkloadIdentityPoolProvidersResponse) error) error {
6243	c.ctx_ = ctx
6244	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
6245	for {
6246		x, err := c.Do()
6247		if err != nil {
6248			return err
6249		}
6250		if err := f(x); err != nil {
6251			return err
6252		}
6253		if x.NextPageToken == "" {
6254			return nil
6255		}
6256		c.PageToken(x.NextPageToken)
6257	}
6258}
6259
6260// method id "iam.projects.locations.workloadIdentityPools.providers.patch":
6261
6262type ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall struct {
6263	s                            *Service
6264	name                         string
6265	workloadidentitypoolprovider *WorkloadIdentityPoolProvider
6266	urlParams_                   gensupport.URLParams
6267	ctx_                         context.Context
6268	header_                      http.Header
6269}
6270
6271// Patch: Updates an existing WorkloadIdentityPoolProvider.
6272//
6273// - name: Output only. The resource name of the provider.
6274func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersService) Patch(name string, workloadidentitypoolprovider *WorkloadIdentityPoolProvider) *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall {
6275	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
6276	c.name = name
6277	c.workloadidentitypoolprovider = workloadidentitypoolprovider
6278	return c
6279}
6280
6281// UpdateMask sets the optional parameter "updateMask": Required. The
6282// list of fields to update.
6283func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall) UpdateMask(updateMask string) *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall {
6284	c.urlParams_.Set("updateMask", updateMask)
6285	return c
6286}
6287
6288// Fields allows partial responses to be retrieved. See
6289// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
6290// for more information.
6291func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall {
6292	c.urlParams_.Set("fields", googleapi.CombineFields(s))
6293	return c
6294}
6295
6296// Context sets the context to be used in this call's Do method. Any
6297// pending HTTP request will be aborted if the provided context is
6298// canceled.
6299func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall {
6300	c.ctx_ = ctx
6301	return c
6302}
6303
6304// Header returns an http.Header that can be modified by the caller to
6305// add HTTP headers to the request.
6306func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall) Header() http.Header {
6307	if c.header_ == nil {
6308		c.header_ = make(http.Header)
6309	}
6310	return c.header_
6311}
6312
6313func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall) doRequest(alt string) (*http.Response, error) {
6314	reqHeaders := make(http.Header)
6315	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
6316	for k, v := range c.header_ {
6317		reqHeaders[k] = v
6318	}
6319	reqHeaders.Set("User-Agent", c.s.userAgent())
6320	var body io.Reader = nil
6321	body, err := googleapi.WithoutDataWrapper.JSONReader(c.workloadidentitypoolprovider)
6322	if err != nil {
6323		return nil, err
6324	}
6325	reqHeaders.Set("Content-Type", "application/json")
6326	c.urlParams_.Set("alt", alt)
6327	c.urlParams_.Set("prettyPrint", "false")
6328	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
6329	urls += "?" + c.urlParams_.Encode()
6330	req, err := http.NewRequest("PATCH", urls, body)
6331	if err != nil {
6332		return nil, err
6333	}
6334	req.Header = reqHeaders
6335	googleapi.Expand(req.URL, map[string]string{
6336		"name": c.name,
6337	})
6338	return gensupport.SendRequest(c.ctx_, c.s.client, req)
6339}
6340
6341// Do executes the "iam.projects.locations.workloadIdentityPools.providers.patch" call.
6342// Exactly one of *Operation or error will be non-nil. Any non-2xx
6343// status code is an error. Response headers are in either
6344// *Operation.ServerResponse.Header or (if a response was returned at
6345// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
6346// to check whether the returned error was because
6347// http.StatusNotModified was returned.
6348func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersPatchCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
6349	gensupport.SetOptions(c.urlParams_, opts...)
6350	res, err := c.doRequest("json")
6351	if res != nil && res.StatusCode == http.StatusNotModified {
6352		if res.Body != nil {
6353			res.Body.Close()
6354		}
6355		return nil, &googleapi.Error{
6356			Code:   res.StatusCode,
6357			Header: res.Header,
6358		}
6359	}
6360	if err != nil {
6361		return nil, err
6362	}
6363	defer googleapi.CloseBody(res)
6364	if err := googleapi.CheckResponse(res); err != nil {
6365		return nil, err
6366	}
6367	ret := &Operation{
6368		ServerResponse: googleapi.ServerResponse{
6369			Header:         res.Header,
6370			HTTPStatusCode: res.StatusCode,
6371		},
6372	}
6373	target := &ret
6374	if err := gensupport.DecodeResponse(target, res); err != nil {
6375		return nil, err
6376	}
6377	return ret, nil
6378	// {
6379	//   "description": "Updates an existing WorkloadIdentityPoolProvider.",
6380	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers/{providersId}",
6381	//   "httpMethod": "PATCH",
6382	//   "id": "iam.projects.locations.workloadIdentityPools.providers.patch",
6383	//   "parameterOrder": [
6384	//     "name"
6385	//   ],
6386	//   "parameters": {
6387	//     "name": {
6388	//       "description": "Output only. The resource name of the provider.",
6389	//       "location": "path",
6390	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+/providers/[^/]+$",
6391	//       "required": true,
6392	//       "type": "string"
6393	//     },
6394	//     "updateMask": {
6395	//       "description": "Required. The list of fields to update.",
6396	//       "format": "google-fieldmask",
6397	//       "location": "query",
6398	//       "type": "string"
6399	//     }
6400	//   },
6401	//   "path": "v1/{+name}",
6402	//   "request": {
6403	//     "$ref": "WorkloadIdentityPoolProvider"
6404	//   },
6405	//   "response": {
6406	//     "$ref": "Operation"
6407	//   },
6408	//   "scopes": [
6409	//     "https://www.googleapis.com/auth/cloud-platform"
6410	//   ]
6411	// }
6412
6413}
6414
6415// method id "iam.projects.locations.workloadIdentityPools.providers.undelete":
6416
6417type ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall struct {
6418	s                                           *Service
6419	name                                        string
6420	undeleteworkloadidentitypoolproviderrequest *UndeleteWorkloadIdentityPoolProviderRequest
6421	urlParams_                                  gensupport.URLParams
6422	ctx_                                        context.Context
6423	header_                                     http.Header
6424}
6425
6426// Undelete: Undeletes a WorkloadIdentityPoolProvider, as long as it was
6427// deleted fewer than 30 days ago.
6428//
6429// - name: The name of the provider to undelete.
6430func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersService) Undelete(name string, undeleteworkloadidentitypoolproviderrequest *UndeleteWorkloadIdentityPoolProviderRequest) *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall {
6431	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
6432	c.name = name
6433	c.undeleteworkloadidentitypoolproviderrequest = undeleteworkloadidentitypoolproviderrequest
6434	return c
6435}
6436
6437// Fields allows partial responses to be retrieved. See
6438// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
6439// for more information.
6440func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall {
6441	c.urlParams_.Set("fields", googleapi.CombineFields(s))
6442	return c
6443}
6444
6445// Context sets the context to be used in this call's Do method. Any
6446// pending HTTP request will be aborted if the provided context is
6447// canceled.
6448func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall {
6449	c.ctx_ = ctx
6450	return c
6451}
6452
6453// Header returns an http.Header that can be modified by the caller to
6454// add HTTP headers to the request.
6455func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall) Header() http.Header {
6456	if c.header_ == nil {
6457		c.header_ = make(http.Header)
6458	}
6459	return c.header_
6460}
6461
6462func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall) doRequest(alt string) (*http.Response, error) {
6463	reqHeaders := make(http.Header)
6464	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
6465	for k, v := range c.header_ {
6466		reqHeaders[k] = v
6467	}
6468	reqHeaders.Set("User-Agent", c.s.userAgent())
6469	var body io.Reader = nil
6470	body, err := googleapi.WithoutDataWrapper.JSONReader(c.undeleteworkloadidentitypoolproviderrequest)
6471	if err != nil {
6472		return nil, err
6473	}
6474	reqHeaders.Set("Content-Type", "application/json")
6475	c.urlParams_.Set("alt", alt)
6476	c.urlParams_.Set("prettyPrint", "false")
6477	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:undelete")
6478	urls += "?" + c.urlParams_.Encode()
6479	req, err := http.NewRequest("POST", urls, body)
6480	if err != nil {
6481		return nil, err
6482	}
6483	req.Header = reqHeaders
6484	googleapi.Expand(req.URL, map[string]string{
6485		"name": c.name,
6486	})
6487	return gensupport.SendRequest(c.ctx_, c.s.client, req)
6488}
6489
6490// Do executes the "iam.projects.locations.workloadIdentityPools.providers.undelete" call.
6491// Exactly one of *Operation or error will be non-nil. Any non-2xx
6492// status code is an error. Response headers are in either
6493// *Operation.ServerResponse.Header or (if a response was returned at
6494// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
6495// to check whether the returned error was because
6496// http.StatusNotModified was returned.
6497func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersUndeleteCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
6498	gensupport.SetOptions(c.urlParams_, opts...)
6499	res, err := c.doRequest("json")
6500	if res != nil && res.StatusCode == http.StatusNotModified {
6501		if res.Body != nil {
6502			res.Body.Close()
6503		}
6504		return nil, &googleapi.Error{
6505			Code:   res.StatusCode,
6506			Header: res.Header,
6507		}
6508	}
6509	if err != nil {
6510		return nil, err
6511	}
6512	defer googleapi.CloseBody(res)
6513	if err := googleapi.CheckResponse(res); err != nil {
6514		return nil, err
6515	}
6516	ret := &Operation{
6517		ServerResponse: googleapi.ServerResponse{
6518			Header:         res.Header,
6519			HTTPStatusCode: res.StatusCode,
6520		},
6521	}
6522	target := &ret
6523	if err := gensupport.DecodeResponse(target, res); err != nil {
6524		return nil, err
6525	}
6526	return ret, nil
6527	// {
6528	//   "description": "Undeletes a WorkloadIdentityPoolProvider, as long as it was deleted fewer than 30 days ago.",
6529	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers/{providersId}:undelete",
6530	//   "httpMethod": "POST",
6531	//   "id": "iam.projects.locations.workloadIdentityPools.providers.undelete",
6532	//   "parameterOrder": [
6533	//     "name"
6534	//   ],
6535	//   "parameters": {
6536	//     "name": {
6537	//       "description": "Required. The name of the provider to undelete.",
6538	//       "location": "path",
6539	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+/providers/[^/]+$",
6540	//       "required": true,
6541	//       "type": "string"
6542	//     }
6543	//   },
6544	//   "path": "v1/{+name}:undelete",
6545	//   "request": {
6546	//     "$ref": "UndeleteWorkloadIdentityPoolProviderRequest"
6547	//   },
6548	//   "response": {
6549	//     "$ref": "Operation"
6550	//   },
6551	//   "scopes": [
6552	//     "https://www.googleapis.com/auth/cloud-platform"
6553	//   ]
6554	// }
6555
6556}
6557
6558// method id "iam.projects.locations.workloadIdentityPools.providers.operations.get":
6559
6560type ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall struct {
6561	s            *Service
6562	name         string
6563	urlParams_   gensupport.URLParams
6564	ifNoneMatch_ string
6565	ctx_         context.Context
6566	header_      http.Header
6567}
6568
6569// Get: Gets the latest state of a long-running operation. Clients can
6570// use this method to poll the operation result at intervals as
6571// recommended by the API service.
6572//
6573// - name: The name of the operation resource.
6574func (r *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsService) Get(name string) *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall {
6575	c := &ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
6576	c.name = name
6577	return c
6578}
6579
6580// Fields allows partial responses to be retrieved. See
6581// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
6582// for more information.
6583func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall) Fields(s ...googleapi.Field) *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall {
6584	c.urlParams_.Set("fields", googleapi.CombineFields(s))
6585	return c
6586}
6587
6588// IfNoneMatch sets the optional parameter which makes the operation
6589// fail if the object's ETag matches the given value. This is useful for
6590// getting updates only after the object has changed since the last
6591// request. Use googleapi.IsNotModified to check whether the response
6592// error from Do is the result of In-None-Match.
6593func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall) IfNoneMatch(entityTag string) *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall {
6594	c.ifNoneMatch_ = entityTag
6595	return c
6596}
6597
6598// Context sets the context to be used in this call's Do method. Any
6599// pending HTTP request will be aborted if the provided context is
6600// canceled.
6601func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall) Context(ctx context.Context) *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall {
6602	c.ctx_ = ctx
6603	return c
6604}
6605
6606// Header returns an http.Header that can be modified by the caller to
6607// add HTTP headers to the request.
6608func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall) Header() http.Header {
6609	if c.header_ == nil {
6610		c.header_ = make(http.Header)
6611	}
6612	return c.header_
6613}
6614
6615func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall) doRequest(alt string) (*http.Response, error) {
6616	reqHeaders := make(http.Header)
6617	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
6618	for k, v := range c.header_ {
6619		reqHeaders[k] = v
6620	}
6621	reqHeaders.Set("User-Agent", c.s.userAgent())
6622	if c.ifNoneMatch_ != "" {
6623		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
6624	}
6625	var body io.Reader = nil
6626	c.urlParams_.Set("alt", alt)
6627	c.urlParams_.Set("prettyPrint", "false")
6628	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
6629	urls += "?" + c.urlParams_.Encode()
6630	req, err := http.NewRequest("GET", urls, body)
6631	if err != nil {
6632		return nil, err
6633	}
6634	req.Header = reqHeaders
6635	googleapi.Expand(req.URL, map[string]string{
6636		"name": c.name,
6637	})
6638	return gensupport.SendRequest(c.ctx_, c.s.client, req)
6639}
6640
6641// Do executes the "iam.projects.locations.workloadIdentityPools.providers.operations.get" call.
6642// Exactly one of *Operation or error will be non-nil. Any non-2xx
6643// status code is an error. Response headers are in either
6644// *Operation.ServerResponse.Header or (if a response was returned at
6645// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified
6646// to check whether the returned error was because
6647// http.StatusNotModified was returned.
6648func (c *ProjectsLocationsWorkloadIdentityPoolsProvidersOperationsGetCall) Do(opts ...googleapi.CallOption) (*Operation, error) {
6649	gensupport.SetOptions(c.urlParams_, opts...)
6650	res, err := c.doRequest("json")
6651	if res != nil && res.StatusCode == http.StatusNotModified {
6652		if res.Body != nil {
6653			res.Body.Close()
6654		}
6655		return nil, &googleapi.Error{
6656			Code:   res.StatusCode,
6657			Header: res.Header,
6658		}
6659	}
6660	if err != nil {
6661		return nil, err
6662	}
6663	defer googleapi.CloseBody(res)
6664	if err := googleapi.CheckResponse(res); err != nil {
6665		return nil, err
6666	}
6667	ret := &Operation{
6668		ServerResponse: googleapi.ServerResponse{
6669			Header:         res.Header,
6670			HTTPStatusCode: res.StatusCode,
6671		},
6672	}
6673	target := &ret
6674	if err := gensupport.DecodeResponse(target, res); err != nil {
6675		return nil, err
6676	}
6677	return ret, nil
6678	// {
6679	//   "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.",
6680	//   "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/workloadIdentityPools/{workloadIdentityPoolsId}/providers/{providersId}/operations/{operationsId}",
6681	//   "httpMethod": "GET",
6682	//   "id": "iam.projects.locations.workloadIdentityPools.providers.operations.get",
6683	//   "parameterOrder": [
6684	//     "name"
6685	//   ],
6686	//   "parameters": {
6687	//     "name": {
6688	//       "description": "The name of the operation resource.",
6689	//       "location": "path",
6690	//       "pattern": "^projects/[^/]+/locations/[^/]+/workloadIdentityPools/[^/]+/providers/[^/]+/operations/[^/]+$",
6691	//       "required": true,
6692	//       "type": "string"
6693	//     }
6694	//   },
6695	//   "path": "v1/{+name}",
6696	//   "response": {
6697	//     "$ref": "Operation"
6698	//   },
6699	//   "scopes": [
6700	//     "https://www.googleapis.com/auth/cloud-platform"
6701	//   ]
6702	// }
6703
6704}
6705
6706// method id "iam.projects.roles.create":
6707
6708type ProjectsRolesCreateCall struct {
6709	s                 *Service
6710	parent            string
6711	createrolerequest *CreateRoleRequest
6712	urlParams_        gensupport.URLParams
6713	ctx_              context.Context
6714	header_           http.Header
6715}
6716
6717// Create: Creates a new custom Role.
6718//
6719// - parent: The `parent` parameter's value depends on the target
6720//   resource for the request, namely `projects`
6721//   (/iam/reference/rest/v1/projects.roles) or `organizations`
6722//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
6723//   `parent` value format is described below: *
6724//   `projects.roles.create()`
6725//   (/iam/reference/rest/v1/projects.roles/create):
6726//   `projects/{PROJECT_ID}`. This method creates project-level custom
6727//   roles (/iam/docs/understanding-custom-roles). Example request URL:
6728//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` *
6729//   `organizations.roles.create()`
6730//   (/iam/reference/rest/v1/organizations.roles/create):
6731//   `organizations/{ORGANIZATION_ID}`. This method creates
6732//   organization-level custom roles
6733//   (/iam/docs/understanding-custom-roles). Example request URL:
6734//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
6735//   ` Note: Wildcard (*) values are invalid; you must specify a
6736//   complete project ID or organization ID.
6737func (r *ProjectsRolesService) Create(parent string, createrolerequest *CreateRoleRequest) *ProjectsRolesCreateCall {
6738	c := &ProjectsRolesCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
6739	c.parent = parent
6740	c.createrolerequest = createrolerequest
6741	return c
6742}
6743
6744// Fields allows partial responses to be retrieved. See
6745// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
6746// for more information.
6747func (c *ProjectsRolesCreateCall) Fields(s ...googleapi.Field) *ProjectsRolesCreateCall {
6748	c.urlParams_.Set("fields", googleapi.CombineFields(s))
6749	return c
6750}
6751
6752// Context sets the context to be used in this call's Do method. Any
6753// pending HTTP request will be aborted if the provided context is
6754// canceled.
6755func (c *ProjectsRolesCreateCall) Context(ctx context.Context) *ProjectsRolesCreateCall {
6756	c.ctx_ = ctx
6757	return c
6758}
6759
6760// Header returns an http.Header that can be modified by the caller to
6761// add HTTP headers to the request.
6762func (c *ProjectsRolesCreateCall) Header() http.Header {
6763	if c.header_ == nil {
6764		c.header_ = make(http.Header)
6765	}
6766	return c.header_
6767}
6768
6769func (c *ProjectsRolesCreateCall) doRequest(alt string) (*http.Response, error) {
6770	reqHeaders := make(http.Header)
6771	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
6772	for k, v := range c.header_ {
6773		reqHeaders[k] = v
6774	}
6775	reqHeaders.Set("User-Agent", c.s.userAgent())
6776	var body io.Reader = nil
6777	body, err := googleapi.WithoutDataWrapper.JSONReader(c.createrolerequest)
6778	if err != nil {
6779		return nil, err
6780	}
6781	reqHeaders.Set("Content-Type", "application/json")
6782	c.urlParams_.Set("alt", alt)
6783	c.urlParams_.Set("prettyPrint", "false")
6784	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/roles")
6785	urls += "?" + c.urlParams_.Encode()
6786	req, err := http.NewRequest("POST", urls, body)
6787	if err != nil {
6788		return nil, err
6789	}
6790	req.Header = reqHeaders
6791	googleapi.Expand(req.URL, map[string]string{
6792		"parent": c.parent,
6793	})
6794	return gensupport.SendRequest(c.ctx_, c.s.client, req)
6795}
6796
6797// Do executes the "iam.projects.roles.create" call.
6798// Exactly one of *Role or error will be non-nil. Any non-2xx status
6799// code is an error. Response headers are in either
6800// *Role.ServerResponse.Header or (if a response was returned at all) in
6801// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
6802// whether the returned error was because http.StatusNotModified was
6803// returned.
6804func (c *ProjectsRolesCreateCall) Do(opts ...googleapi.CallOption) (*Role, error) {
6805	gensupport.SetOptions(c.urlParams_, opts...)
6806	res, err := c.doRequest("json")
6807	if res != nil && res.StatusCode == http.StatusNotModified {
6808		if res.Body != nil {
6809			res.Body.Close()
6810		}
6811		return nil, &googleapi.Error{
6812			Code:   res.StatusCode,
6813			Header: res.Header,
6814		}
6815	}
6816	if err != nil {
6817		return nil, err
6818	}
6819	defer googleapi.CloseBody(res)
6820	if err := googleapi.CheckResponse(res); err != nil {
6821		return nil, err
6822	}
6823	ret := &Role{
6824		ServerResponse: googleapi.ServerResponse{
6825			Header:         res.Header,
6826			HTTPStatusCode: res.StatusCode,
6827		},
6828	}
6829	target := &ret
6830	if err := gensupport.DecodeResponse(target, res); err != nil {
6831		return nil, err
6832	}
6833	return ret, nil
6834	// {
6835	//   "description": "Creates a new custom Role.",
6836	//   "flatPath": "v1/projects/{projectsId}/roles",
6837	//   "httpMethod": "POST",
6838	//   "id": "iam.projects.roles.create",
6839	//   "parameterOrder": [
6840	//     "parent"
6841	//   ],
6842	//   "parameters": {
6843	//     "parent": {
6844	//       "description": "The `parent` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create): `projects/{PROJECT_ID}`. This method creates project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/create): `organizations/{ORGANIZATION_ID}`. This method creates organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
6845	//       "location": "path",
6846	//       "pattern": "^projects/[^/]+$",
6847	//       "required": true,
6848	//       "type": "string"
6849	//     }
6850	//   },
6851	//   "path": "v1/{+parent}/roles",
6852	//   "request": {
6853	//     "$ref": "CreateRoleRequest"
6854	//   },
6855	//   "response": {
6856	//     "$ref": "Role"
6857	//   },
6858	//   "scopes": [
6859	//     "https://www.googleapis.com/auth/cloud-platform"
6860	//   ]
6861	// }
6862
6863}
6864
6865// method id "iam.projects.roles.delete":
6866
6867type ProjectsRolesDeleteCall struct {
6868	s          *Service
6869	name       string
6870	urlParams_ gensupport.URLParams
6871	ctx_       context.Context
6872	header_    http.Header
6873}
6874
6875// Delete: Deletes a custom Role. When you delete a custom role, the
6876// following changes occur immediately: * You cannot bind a principal to
6877// the custom role in an IAM Policy. * Existing bindings to the custom
6878// role are not changed, but they have no effect. * By default, the
6879// response from ListRoles does not include the custom role. You have 7
6880// days to undelete the custom role. After 7 days, the following changes
6881// occur: * The custom role is permanently deleted and cannot be
6882// recovered. * If an IAM policy contains a binding to the custom role,
6883// the binding is permanently removed.
6884//
6885// - name: The `name` parameter's value depends on the target resource
6886//   for the request, namely `projects`
6887//   (/iam/reference/rest/v1/projects.roles) or `organizations`
6888//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
6889//   `name` value format is described below: * `projects.roles.delete()`
6890//   (/iam/reference/rest/v1/projects.roles/delete):
6891//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes
6892//   only custom roles (/iam/docs/understanding-custom-roles) that have
6893//   been created at the project level. Example request URL:
6894//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
6895//   OLE_ID}` * `organizations.roles.delete()`
6896//   (/iam/reference/rest/v1/organizations.roles/delete):
6897//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
6898//   method deletes only custom roles
6899//   (/iam/docs/understanding-custom-roles) that have been created at
6900//   the organization level. Example request URL:
6901//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
6902//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
6903//   specify a complete project ID or organization ID.
6904func (r *ProjectsRolesService) Delete(name string) *ProjectsRolesDeleteCall {
6905	c := &ProjectsRolesDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
6906	c.name = name
6907	return c
6908}
6909
6910// Etag sets the optional parameter "etag": Used to perform a consistent
6911// read-modify-write.
6912func (c *ProjectsRolesDeleteCall) Etag(etag string) *ProjectsRolesDeleteCall {
6913	c.urlParams_.Set("etag", etag)
6914	return c
6915}
6916
6917// Fields allows partial responses to be retrieved. See
6918// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
6919// for more information.
6920func (c *ProjectsRolesDeleteCall) Fields(s ...googleapi.Field) *ProjectsRolesDeleteCall {
6921	c.urlParams_.Set("fields", googleapi.CombineFields(s))
6922	return c
6923}
6924
6925// Context sets the context to be used in this call's Do method. Any
6926// pending HTTP request will be aborted if the provided context is
6927// canceled.
6928func (c *ProjectsRolesDeleteCall) Context(ctx context.Context) *ProjectsRolesDeleteCall {
6929	c.ctx_ = ctx
6930	return c
6931}
6932
6933// Header returns an http.Header that can be modified by the caller to
6934// add HTTP headers to the request.
6935func (c *ProjectsRolesDeleteCall) Header() http.Header {
6936	if c.header_ == nil {
6937		c.header_ = make(http.Header)
6938	}
6939	return c.header_
6940}
6941
6942func (c *ProjectsRolesDeleteCall) doRequest(alt string) (*http.Response, error) {
6943	reqHeaders := make(http.Header)
6944	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
6945	for k, v := range c.header_ {
6946		reqHeaders[k] = v
6947	}
6948	reqHeaders.Set("User-Agent", c.s.userAgent())
6949	var body io.Reader = nil
6950	c.urlParams_.Set("alt", alt)
6951	c.urlParams_.Set("prettyPrint", "false")
6952	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
6953	urls += "?" + c.urlParams_.Encode()
6954	req, err := http.NewRequest("DELETE", urls, body)
6955	if err != nil {
6956		return nil, err
6957	}
6958	req.Header = reqHeaders
6959	googleapi.Expand(req.URL, map[string]string{
6960		"name": c.name,
6961	})
6962	return gensupport.SendRequest(c.ctx_, c.s.client, req)
6963}
6964
6965// Do executes the "iam.projects.roles.delete" call.
6966// Exactly one of *Role or error will be non-nil. Any non-2xx status
6967// code is an error. Response headers are in either
6968// *Role.ServerResponse.Header or (if a response was returned at all) in
6969// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
6970// whether the returned error was because http.StatusNotModified was
6971// returned.
6972func (c *ProjectsRolesDeleteCall) Do(opts ...googleapi.CallOption) (*Role, error) {
6973	gensupport.SetOptions(c.urlParams_, opts...)
6974	res, err := c.doRequest("json")
6975	if res != nil && res.StatusCode == http.StatusNotModified {
6976		if res.Body != nil {
6977			res.Body.Close()
6978		}
6979		return nil, &googleapi.Error{
6980			Code:   res.StatusCode,
6981			Header: res.Header,
6982		}
6983	}
6984	if err != nil {
6985		return nil, err
6986	}
6987	defer googleapi.CloseBody(res)
6988	if err := googleapi.CheckResponse(res); err != nil {
6989		return nil, err
6990	}
6991	ret := &Role{
6992		ServerResponse: googleapi.ServerResponse{
6993			Header:         res.Header,
6994			HTTPStatusCode: res.StatusCode,
6995		},
6996	}
6997	target := &ret
6998	if err := gensupport.DecodeResponse(target, res); err != nil {
6999		return nil, err
7000	}
7001	return ret, nil
7002	// {
7003	//   "description": "Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a principal to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.",
7004	//   "flatPath": "v1/projects/{projectsId}/roles/{rolesId}",
7005	//   "httpMethod": "DELETE",
7006	//   "id": "iam.projects.roles.delete",
7007	//   "parameterOrder": [
7008	//     "name"
7009	//   ],
7010	//   "parameters": {
7011	//     "etag": {
7012	//       "description": "Used to perform a consistent read-modify-write.",
7013	//       "format": "byte",
7014	//       "location": "query",
7015	//       "type": "string"
7016	//     },
7017	//     "name": {
7018	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/delete): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
7019	//       "location": "path",
7020	//       "pattern": "^projects/[^/]+/roles/[^/]+$",
7021	//       "required": true,
7022	//       "type": "string"
7023	//     }
7024	//   },
7025	//   "path": "v1/{+name}",
7026	//   "response": {
7027	//     "$ref": "Role"
7028	//   },
7029	//   "scopes": [
7030	//     "https://www.googleapis.com/auth/cloud-platform"
7031	//   ]
7032	// }
7033
7034}
7035
7036// method id "iam.projects.roles.get":
7037
7038type ProjectsRolesGetCall struct {
7039	s            *Service
7040	name         string
7041	urlParams_   gensupport.URLParams
7042	ifNoneMatch_ string
7043	ctx_         context.Context
7044	header_      http.Header
7045}
7046
7047// Get: Gets the definition of a Role.
7048//
7049// - name: The `name` parameter's value depends on the target resource
7050//   for the request, namely `roles` (/iam/reference/rest/v1/roles),
7051//   `projects` (/iam/reference/rest/v1/projects.roles), or
7052//   `organizations` (/iam/reference/rest/v1/organizations.roles). Each
7053//   resource type's `name` value format is described below: *
7054//   `roles.get()` (/iam/reference/rest/v1/roles/get):
7055//   `roles/{ROLE_NAME}`. This method returns results from all
7056//   predefined roles (/iam/docs/understanding-roles#predefined_roles)
7057//   in Cloud IAM. Example request URL:
7058//   `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` *
7059//   `projects.roles.get()` (/iam/reference/rest/v1/projects.roles/get):
7060//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns
7061//   only custom roles (/iam/docs/understanding-custom-roles) that have
7062//   been created at the project level. Example request URL:
7063//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
7064//   OLE_ID}` * `organizations.roles.get()`
7065//   (/iam/reference/rest/v1/organizations.roles/get):
7066//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
7067//   method returns only custom roles
7068//   (/iam/docs/understanding-custom-roles) that have been created at
7069//   the organization level. Example request URL:
7070//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
7071//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
7072//   specify a complete project ID or organization ID.
7073func (r *ProjectsRolesService) Get(name string) *ProjectsRolesGetCall {
7074	c := &ProjectsRolesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
7075	c.name = name
7076	return c
7077}
7078
7079// Fields allows partial responses to be retrieved. See
7080// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
7081// for more information.
7082func (c *ProjectsRolesGetCall) Fields(s ...googleapi.Field) *ProjectsRolesGetCall {
7083	c.urlParams_.Set("fields", googleapi.CombineFields(s))
7084	return c
7085}
7086
7087// IfNoneMatch sets the optional parameter which makes the operation
7088// fail if the object's ETag matches the given value. This is useful for
7089// getting updates only after the object has changed since the last
7090// request. Use googleapi.IsNotModified to check whether the response
7091// error from Do is the result of In-None-Match.
7092func (c *ProjectsRolesGetCall) IfNoneMatch(entityTag string) *ProjectsRolesGetCall {
7093	c.ifNoneMatch_ = entityTag
7094	return c
7095}
7096
7097// Context sets the context to be used in this call's Do method. Any
7098// pending HTTP request will be aborted if the provided context is
7099// canceled.
7100func (c *ProjectsRolesGetCall) Context(ctx context.Context) *ProjectsRolesGetCall {
7101	c.ctx_ = ctx
7102	return c
7103}
7104
7105// Header returns an http.Header that can be modified by the caller to
7106// add HTTP headers to the request.
7107func (c *ProjectsRolesGetCall) Header() http.Header {
7108	if c.header_ == nil {
7109		c.header_ = make(http.Header)
7110	}
7111	return c.header_
7112}
7113
7114func (c *ProjectsRolesGetCall) doRequest(alt string) (*http.Response, error) {
7115	reqHeaders := make(http.Header)
7116	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
7117	for k, v := range c.header_ {
7118		reqHeaders[k] = v
7119	}
7120	reqHeaders.Set("User-Agent", c.s.userAgent())
7121	if c.ifNoneMatch_ != "" {
7122		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
7123	}
7124	var body io.Reader = nil
7125	c.urlParams_.Set("alt", alt)
7126	c.urlParams_.Set("prettyPrint", "false")
7127	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
7128	urls += "?" + c.urlParams_.Encode()
7129	req, err := http.NewRequest("GET", urls, body)
7130	if err != nil {
7131		return nil, err
7132	}
7133	req.Header = reqHeaders
7134	googleapi.Expand(req.URL, map[string]string{
7135		"name": c.name,
7136	})
7137	return gensupport.SendRequest(c.ctx_, c.s.client, req)
7138}
7139
7140// Do executes the "iam.projects.roles.get" call.
7141// Exactly one of *Role or error will be non-nil. Any non-2xx status
7142// code is an error. Response headers are in either
7143// *Role.ServerResponse.Header or (if a response was returned at all) in
7144// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
7145// whether the returned error was because http.StatusNotModified was
7146// returned.
7147func (c *ProjectsRolesGetCall) Do(opts ...googleapi.CallOption) (*Role, error) {
7148	gensupport.SetOptions(c.urlParams_, opts...)
7149	res, err := c.doRequest("json")
7150	if res != nil && res.StatusCode == http.StatusNotModified {
7151		if res.Body != nil {
7152			res.Body.Close()
7153		}
7154		return nil, &googleapi.Error{
7155			Code:   res.StatusCode,
7156			Header: res.Header,
7157		}
7158	}
7159	if err != nil {
7160		return nil, err
7161	}
7162	defer googleapi.CloseBody(res)
7163	if err := googleapi.CheckResponse(res); err != nil {
7164		return nil, err
7165	}
7166	ret := &Role{
7167		ServerResponse: googleapi.ServerResponse{
7168			Header:         res.Header,
7169			HTTPStatusCode: res.StatusCode,
7170		},
7171	}
7172	target := &ret
7173	if err := gensupport.DecodeResponse(target, res); err != nil {
7174		return nil, err
7175	}
7176	return ret, nil
7177	// {
7178	//   "description": "Gets the definition of a Role.",
7179	//   "flatPath": "v1/projects/{projectsId}/roles/{rolesId}",
7180	//   "httpMethod": "GET",
7181	//   "id": "iam.projects.roles.get",
7182	//   "parameterOrder": [
7183	//     "name"
7184	//   ],
7185	//   "parameters": {
7186	//     "name": {
7187	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`. This method returns results from all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
7188	//       "location": "path",
7189	//       "pattern": "^projects/[^/]+/roles/[^/]+$",
7190	//       "required": true,
7191	//       "type": "string"
7192	//     }
7193	//   },
7194	//   "path": "v1/{+name}",
7195	//   "response": {
7196	//     "$ref": "Role"
7197	//   },
7198	//   "scopes": [
7199	//     "https://www.googleapis.com/auth/cloud-platform"
7200	//   ]
7201	// }
7202
7203}
7204
7205// method id "iam.projects.roles.list":
7206
7207type ProjectsRolesListCall struct {
7208	s            *Service
7209	parent       string
7210	urlParams_   gensupport.URLParams
7211	ifNoneMatch_ string
7212	ctx_         context.Context
7213	header_      http.Header
7214}
7215
7216// List: Lists every predefined Role that IAM supports, or every custom
7217// role that is defined for an organization or project.
7218//
7219// - parent: The `parent` parameter's value depends on the target
7220//   resource for the request, namely `roles`
7221//   (/iam/reference/rest/v1/roles), `projects`
7222//   (/iam/reference/rest/v1/projects.roles), or `organizations`
7223//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
7224//   `parent` value format is described below: * `roles.list()`
7225//   (/iam/reference/rest/v1/roles/list): An empty string. This method
7226//   doesn't require a resource; it simply returns all predefined roles
7227//   (/iam/docs/understanding-roles#predefined_roles) in Cloud IAM.
7228//   Example request URL: `https://iam.googleapis.com/v1/roles` *
7229//   `projects.roles.list()`
7230//   (/iam/reference/rest/v1/projects.roles/list):
7231//   `projects/{PROJECT_ID}`. This method lists all project-level custom
7232//   roles (/iam/docs/understanding-custom-roles). Example request URL:
7233//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` *
7234//   `organizations.roles.list()`
7235//   (/iam/reference/rest/v1/organizations.roles/list):
7236//   `organizations/{ORGANIZATION_ID}`. This method lists all
7237//   organization-level custom roles
7238//   (/iam/docs/understanding-custom-roles). Example request URL:
7239//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
7240//   ` Note: Wildcard (*) values are invalid; you must specify a
7241//   complete project ID or organization ID.
7242func (r *ProjectsRolesService) List(parent string) *ProjectsRolesListCall {
7243	c := &ProjectsRolesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
7244	c.parent = parent
7245	return c
7246}
7247
7248// PageSize sets the optional parameter "pageSize": Optional limit on
7249// the number of roles to include in the response. The default is 300,
7250// and the maximum is 1,000.
7251func (c *ProjectsRolesListCall) PageSize(pageSize int64) *ProjectsRolesListCall {
7252	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
7253	return c
7254}
7255
7256// PageToken sets the optional parameter "pageToken": Optional
7257// pagination token returned in an earlier ListRolesResponse.
7258func (c *ProjectsRolesListCall) PageToken(pageToken string) *ProjectsRolesListCall {
7259	c.urlParams_.Set("pageToken", pageToken)
7260	return c
7261}
7262
7263// ShowDeleted sets the optional parameter "showDeleted": Include Roles
7264// that have been deleted.
7265func (c *ProjectsRolesListCall) ShowDeleted(showDeleted bool) *ProjectsRolesListCall {
7266	c.urlParams_.Set("showDeleted", fmt.Sprint(showDeleted))
7267	return c
7268}
7269
7270// View sets the optional parameter "view": Optional view for the
7271// returned Role objects. When `FULL` is specified, the
7272// `includedPermissions` field is returned, which includes a list of all
7273// permissions in the role. The default value is `BASIC`, which does not
7274// return the `includedPermissions` field.
7275//
7276// Possible values:
7277//   "BASIC" - Omits the `included_permissions` field. This is the
7278// default value.
7279//   "FULL" - Returns all fields.
7280func (c *ProjectsRolesListCall) View(view string) *ProjectsRolesListCall {
7281	c.urlParams_.Set("view", view)
7282	return c
7283}
7284
7285// Fields allows partial responses to be retrieved. See
7286// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
7287// for more information.
7288func (c *ProjectsRolesListCall) Fields(s ...googleapi.Field) *ProjectsRolesListCall {
7289	c.urlParams_.Set("fields", googleapi.CombineFields(s))
7290	return c
7291}
7292
7293// IfNoneMatch sets the optional parameter which makes the operation
7294// fail if the object's ETag matches the given value. This is useful for
7295// getting updates only after the object has changed since the last
7296// request. Use googleapi.IsNotModified to check whether the response
7297// error from Do is the result of In-None-Match.
7298func (c *ProjectsRolesListCall) IfNoneMatch(entityTag string) *ProjectsRolesListCall {
7299	c.ifNoneMatch_ = entityTag
7300	return c
7301}
7302
7303// Context sets the context to be used in this call's Do method. Any
7304// pending HTTP request will be aborted if the provided context is
7305// canceled.
7306func (c *ProjectsRolesListCall) Context(ctx context.Context) *ProjectsRolesListCall {
7307	c.ctx_ = ctx
7308	return c
7309}
7310
7311// Header returns an http.Header that can be modified by the caller to
7312// add HTTP headers to the request.
7313func (c *ProjectsRolesListCall) Header() http.Header {
7314	if c.header_ == nil {
7315		c.header_ = make(http.Header)
7316	}
7317	return c.header_
7318}
7319
7320func (c *ProjectsRolesListCall) doRequest(alt string) (*http.Response, error) {
7321	reqHeaders := make(http.Header)
7322	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
7323	for k, v := range c.header_ {
7324		reqHeaders[k] = v
7325	}
7326	reqHeaders.Set("User-Agent", c.s.userAgent())
7327	if c.ifNoneMatch_ != "" {
7328		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
7329	}
7330	var body io.Reader = nil
7331	c.urlParams_.Set("alt", alt)
7332	c.urlParams_.Set("prettyPrint", "false")
7333	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/roles")
7334	urls += "?" + c.urlParams_.Encode()
7335	req, err := http.NewRequest("GET", urls, body)
7336	if err != nil {
7337		return nil, err
7338	}
7339	req.Header = reqHeaders
7340	googleapi.Expand(req.URL, map[string]string{
7341		"parent": c.parent,
7342	})
7343	return gensupport.SendRequest(c.ctx_, c.s.client, req)
7344}
7345
7346// Do executes the "iam.projects.roles.list" call.
7347// Exactly one of *ListRolesResponse or error will be non-nil. Any
7348// non-2xx status code is an error. Response headers are in either
7349// *ListRolesResponse.ServerResponse.Header or (if a response was
7350// returned at all) in error.(*googleapi.Error).Header. Use
7351// googleapi.IsNotModified to check whether the returned error was
7352// because http.StatusNotModified was returned.
7353func (c *ProjectsRolesListCall) Do(opts ...googleapi.CallOption) (*ListRolesResponse, error) {
7354	gensupport.SetOptions(c.urlParams_, opts...)
7355	res, err := c.doRequest("json")
7356	if res != nil && res.StatusCode == http.StatusNotModified {
7357		if res.Body != nil {
7358			res.Body.Close()
7359		}
7360		return nil, &googleapi.Error{
7361			Code:   res.StatusCode,
7362			Header: res.Header,
7363		}
7364	}
7365	if err != nil {
7366		return nil, err
7367	}
7368	defer googleapi.CloseBody(res)
7369	if err := googleapi.CheckResponse(res); err != nil {
7370		return nil, err
7371	}
7372	ret := &ListRolesResponse{
7373		ServerResponse: googleapi.ServerResponse{
7374			Header:         res.Header,
7375			HTTPStatusCode: res.StatusCode,
7376		},
7377	}
7378	target := &ret
7379	if err := gensupport.DecodeResponse(target, res); err != nil {
7380		return nil, err
7381	}
7382	return ret, nil
7383	// {
7384	//   "description": "Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.",
7385	//   "flatPath": "v1/projects/{projectsId}/roles",
7386	//   "httpMethod": "GET",
7387	//   "id": "iam.projects.roles.list",
7388	//   "parameterOrder": [
7389	//     "parent"
7390	//   ],
7391	//   "parameters": {
7392	//     "pageSize": {
7393	//       "description": "Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.",
7394	//       "format": "int32",
7395	//       "location": "query",
7396	//       "type": "integer"
7397	//     },
7398	//     "pageToken": {
7399	//       "description": "Optional pagination token returned in an earlier ListRolesResponse.",
7400	//       "location": "query",
7401	//       "type": "string"
7402	//     },
7403	//     "parent": {
7404	//       "description": "The `parent` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. This method doesn't require a resource; it simply returns all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list): `projects/{PROJECT_ID}`. This method lists all project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list): `organizations/{ORGANIZATION_ID}`. This method lists all organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
7405	//       "location": "path",
7406	//       "pattern": "^projects/[^/]+$",
7407	//       "required": true,
7408	//       "type": "string"
7409	//     },
7410	//     "showDeleted": {
7411	//       "description": "Include Roles that have been deleted.",
7412	//       "location": "query",
7413	//       "type": "boolean"
7414	//     },
7415	//     "view": {
7416	//       "description": "Optional view for the returned Role objects. When `FULL` is specified, the `includedPermissions` field is returned, which includes a list of all permissions in the role. The default value is `BASIC`, which does not return the `includedPermissions` field.",
7417	//       "enum": [
7418	//         "BASIC",
7419	//         "FULL"
7420	//       ],
7421	//       "enumDescriptions": [
7422	//         "Omits the `included_permissions` field. This is the default value.",
7423	//         "Returns all fields."
7424	//       ],
7425	//       "location": "query",
7426	//       "type": "string"
7427	//     }
7428	//   },
7429	//   "path": "v1/{+parent}/roles",
7430	//   "response": {
7431	//     "$ref": "ListRolesResponse"
7432	//   },
7433	//   "scopes": [
7434	//     "https://www.googleapis.com/auth/cloud-platform"
7435	//   ]
7436	// }
7437
7438}
7439
7440// Pages invokes f for each page of results.
7441// A non-nil error returned from f will halt the iteration.
7442// The provided context supersedes any context provided to the Context method.
7443func (c *ProjectsRolesListCall) Pages(ctx context.Context, f func(*ListRolesResponse) error) error {
7444	c.ctx_ = ctx
7445	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
7446	for {
7447		x, err := c.Do()
7448		if err != nil {
7449			return err
7450		}
7451		if err := f(x); err != nil {
7452			return err
7453		}
7454		if x.NextPageToken == "" {
7455			return nil
7456		}
7457		c.PageToken(x.NextPageToken)
7458	}
7459}
7460
7461// method id "iam.projects.roles.patch":
7462
7463type ProjectsRolesPatchCall struct {
7464	s          *Service
7465	name       string
7466	role       *Role
7467	urlParams_ gensupport.URLParams
7468	ctx_       context.Context
7469	header_    http.Header
7470}
7471
7472// Patch: Updates the definition of a custom Role.
7473//
7474// - name: The `name` parameter's value depends on the target resource
7475//   for the request, namely `projects`
7476//   (/iam/reference/rest/v1/projects.roles) or `organizations`
7477//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
7478//   `name` value format is described below: * `projects.roles.patch()`
7479//   (/iam/reference/rest/v1/projects.roles/patch):
7480//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates
7481//   only custom roles (/iam/docs/understanding-custom-roles) that have
7482//   been created at the project level. Example request URL:
7483//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
7484//   OLE_ID}` * `organizations.roles.patch()`
7485//   (/iam/reference/rest/v1/organizations.roles/patch):
7486//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
7487//   method updates only custom roles
7488//   (/iam/docs/understanding-custom-roles) that have been created at
7489//   the organization level. Example request URL:
7490//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
7491//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
7492//   specify a complete project ID or organization ID.
7493func (r *ProjectsRolesService) Patch(name string, role *Role) *ProjectsRolesPatchCall {
7494	c := &ProjectsRolesPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
7495	c.name = name
7496	c.role = role
7497	return c
7498}
7499
7500// UpdateMask sets the optional parameter "updateMask": A mask
7501// describing which fields in the Role have changed.
7502func (c *ProjectsRolesPatchCall) UpdateMask(updateMask string) *ProjectsRolesPatchCall {
7503	c.urlParams_.Set("updateMask", updateMask)
7504	return c
7505}
7506
7507// Fields allows partial responses to be retrieved. See
7508// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
7509// for more information.
7510func (c *ProjectsRolesPatchCall) Fields(s ...googleapi.Field) *ProjectsRolesPatchCall {
7511	c.urlParams_.Set("fields", googleapi.CombineFields(s))
7512	return c
7513}
7514
7515// Context sets the context to be used in this call's Do method. Any
7516// pending HTTP request will be aborted if the provided context is
7517// canceled.
7518func (c *ProjectsRolesPatchCall) Context(ctx context.Context) *ProjectsRolesPatchCall {
7519	c.ctx_ = ctx
7520	return c
7521}
7522
7523// Header returns an http.Header that can be modified by the caller to
7524// add HTTP headers to the request.
7525func (c *ProjectsRolesPatchCall) Header() http.Header {
7526	if c.header_ == nil {
7527		c.header_ = make(http.Header)
7528	}
7529	return c.header_
7530}
7531
7532func (c *ProjectsRolesPatchCall) doRequest(alt string) (*http.Response, error) {
7533	reqHeaders := make(http.Header)
7534	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
7535	for k, v := range c.header_ {
7536		reqHeaders[k] = v
7537	}
7538	reqHeaders.Set("User-Agent", c.s.userAgent())
7539	var body io.Reader = nil
7540	body, err := googleapi.WithoutDataWrapper.JSONReader(c.role)
7541	if err != nil {
7542		return nil, err
7543	}
7544	reqHeaders.Set("Content-Type", "application/json")
7545	c.urlParams_.Set("alt", alt)
7546	c.urlParams_.Set("prettyPrint", "false")
7547	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
7548	urls += "?" + c.urlParams_.Encode()
7549	req, err := http.NewRequest("PATCH", urls, body)
7550	if err != nil {
7551		return nil, err
7552	}
7553	req.Header = reqHeaders
7554	googleapi.Expand(req.URL, map[string]string{
7555		"name": c.name,
7556	})
7557	return gensupport.SendRequest(c.ctx_, c.s.client, req)
7558}
7559
7560// Do executes the "iam.projects.roles.patch" call.
7561// Exactly one of *Role or error will be non-nil. Any non-2xx status
7562// code is an error. Response headers are in either
7563// *Role.ServerResponse.Header or (if a response was returned at all) in
7564// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
7565// whether the returned error was because http.StatusNotModified was
7566// returned.
7567func (c *ProjectsRolesPatchCall) Do(opts ...googleapi.CallOption) (*Role, error) {
7568	gensupport.SetOptions(c.urlParams_, opts...)
7569	res, err := c.doRequest("json")
7570	if res != nil && res.StatusCode == http.StatusNotModified {
7571		if res.Body != nil {
7572			res.Body.Close()
7573		}
7574		return nil, &googleapi.Error{
7575			Code:   res.StatusCode,
7576			Header: res.Header,
7577		}
7578	}
7579	if err != nil {
7580		return nil, err
7581	}
7582	defer googleapi.CloseBody(res)
7583	if err := googleapi.CheckResponse(res); err != nil {
7584		return nil, err
7585	}
7586	ret := &Role{
7587		ServerResponse: googleapi.ServerResponse{
7588			Header:         res.Header,
7589			HTTPStatusCode: res.StatusCode,
7590		},
7591	}
7592	target := &ret
7593	if err := gensupport.DecodeResponse(target, res); err != nil {
7594		return nil, err
7595	}
7596	return ret, nil
7597	// {
7598	//   "description": "Updates the definition of a custom Role.",
7599	//   "flatPath": "v1/projects/{projectsId}/roles/{rolesId}",
7600	//   "httpMethod": "PATCH",
7601	//   "id": "iam.projects.roles.patch",
7602	//   "parameterOrder": [
7603	//     "name"
7604	//   ],
7605	//   "parameters": {
7606	//     "name": {
7607	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
7608	//       "location": "path",
7609	//       "pattern": "^projects/[^/]+/roles/[^/]+$",
7610	//       "required": true,
7611	//       "type": "string"
7612	//     },
7613	//     "updateMask": {
7614	//       "description": "A mask describing which fields in the Role have changed.",
7615	//       "format": "google-fieldmask",
7616	//       "location": "query",
7617	//       "type": "string"
7618	//     }
7619	//   },
7620	//   "path": "v1/{+name}",
7621	//   "request": {
7622	//     "$ref": "Role"
7623	//   },
7624	//   "response": {
7625	//     "$ref": "Role"
7626	//   },
7627	//   "scopes": [
7628	//     "https://www.googleapis.com/auth/cloud-platform"
7629	//   ]
7630	// }
7631
7632}
7633
7634// method id "iam.projects.roles.undelete":
7635
7636type ProjectsRolesUndeleteCall struct {
7637	s                   *Service
7638	name                string
7639	undeleterolerequest *UndeleteRoleRequest
7640	urlParams_          gensupport.URLParams
7641	ctx_                context.Context
7642	header_             http.Header
7643}
7644
7645// Undelete: Undeletes a custom Role.
7646//
7647// - name: The `name` parameter's value depends on the target resource
7648//   for the request, namely `projects`
7649//   (/iam/reference/rest/v1/projects.roles) or `organizations`
7650//   (/iam/reference/rest/v1/organizations.roles). Each resource type's
7651//   `name` value format is described below: *
7652//   `projects.roles.undelete()`
7653//   (/iam/reference/rest/v1/projects.roles/undelete):
7654//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method
7655//   undeletes only custom roles (/iam/docs/understanding-custom-roles)
7656//   that have been created at the project level. Example request URL:
7657//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
7658//   OLE_ID}` * `organizations.roles.undelete()`
7659//   (/iam/reference/rest/v1/organizations.roles/undelete):
7660//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
7661//   method undeletes only custom roles
7662//   (/iam/docs/understanding-custom-roles) that have been created at
7663//   the organization level. Example request URL:
7664//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
7665//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
7666//   specify a complete project ID or organization ID.
7667func (r *ProjectsRolesService) Undelete(name string, undeleterolerequest *UndeleteRoleRequest) *ProjectsRolesUndeleteCall {
7668	c := &ProjectsRolesUndeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
7669	c.name = name
7670	c.undeleterolerequest = undeleterolerequest
7671	return c
7672}
7673
7674// Fields allows partial responses to be retrieved. See
7675// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
7676// for more information.
7677func (c *ProjectsRolesUndeleteCall) Fields(s ...googleapi.Field) *ProjectsRolesUndeleteCall {
7678	c.urlParams_.Set("fields", googleapi.CombineFields(s))
7679	return c
7680}
7681
7682// Context sets the context to be used in this call's Do method. Any
7683// pending HTTP request will be aborted if the provided context is
7684// canceled.
7685func (c *ProjectsRolesUndeleteCall) Context(ctx context.Context) *ProjectsRolesUndeleteCall {
7686	c.ctx_ = ctx
7687	return c
7688}
7689
7690// Header returns an http.Header that can be modified by the caller to
7691// add HTTP headers to the request.
7692func (c *ProjectsRolesUndeleteCall) Header() http.Header {
7693	if c.header_ == nil {
7694		c.header_ = make(http.Header)
7695	}
7696	return c.header_
7697}
7698
7699func (c *ProjectsRolesUndeleteCall) doRequest(alt string) (*http.Response, error) {
7700	reqHeaders := make(http.Header)
7701	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
7702	for k, v := range c.header_ {
7703		reqHeaders[k] = v
7704	}
7705	reqHeaders.Set("User-Agent", c.s.userAgent())
7706	var body io.Reader = nil
7707	body, err := googleapi.WithoutDataWrapper.JSONReader(c.undeleterolerequest)
7708	if err != nil {
7709		return nil, err
7710	}
7711	reqHeaders.Set("Content-Type", "application/json")
7712	c.urlParams_.Set("alt", alt)
7713	c.urlParams_.Set("prettyPrint", "false")
7714	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:undelete")
7715	urls += "?" + c.urlParams_.Encode()
7716	req, err := http.NewRequest("POST", urls, body)
7717	if err != nil {
7718		return nil, err
7719	}
7720	req.Header = reqHeaders
7721	googleapi.Expand(req.URL, map[string]string{
7722		"name": c.name,
7723	})
7724	return gensupport.SendRequest(c.ctx_, c.s.client, req)
7725}
7726
7727// Do executes the "iam.projects.roles.undelete" call.
7728// Exactly one of *Role or error will be non-nil. Any non-2xx status
7729// code is an error. Response headers are in either
7730// *Role.ServerResponse.Header or (if a response was returned at all) in
7731// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
7732// whether the returned error was because http.StatusNotModified was
7733// returned.
7734func (c *ProjectsRolesUndeleteCall) Do(opts ...googleapi.CallOption) (*Role, error) {
7735	gensupport.SetOptions(c.urlParams_, opts...)
7736	res, err := c.doRequest("json")
7737	if res != nil && res.StatusCode == http.StatusNotModified {
7738		if res.Body != nil {
7739			res.Body.Close()
7740		}
7741		return nil, &googleapi.Error{
7742			Code:   res.StatusCode,
7743			Header: res.Header,
7744		}
7745	}
7746	if err != nil {
7747		return nil, err
7748	}
7749	defer googleapi.CloseBody(res)
7750	if err := googleapi.CheckResponse(res); err != nil {
7751		return nil, err
7752	}
7753	ret := &Role{
7754		ServerResponse: googleapi.ServerResponse{
7755			Header:         res.Header,
7756			HTTPStatusCode: res.StatusCode,
7757		},
7758	}
7759	target := &ret
7760	if err := gensupport.DecodeResponse(target, res); err != nil {
7761		return nil, err
7762	}
7763	return ret, nil
7764	// {
7765	//   "description": "Undeletes a custom Role.",
7766	//   "flatPath": "v1/projects/{projectsId}/roles/{rolesId}:undelete",
7767	//   "httpMethod": "POST",
7768	//   "id": "iam.projects.roles.undelete",
7769	//   "parameterOrder": [
7770	//     "name"
7771	//   ],
7772	//   "parameters": {
7773	//     "name": {
7774	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`projects`](/iam/reference/rest/v1/projects.roles) or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations.roles/undelete): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
7775	//       "location": "path",
7776	//       "pattern": "^projects/[^/]+/roles/[^/]+$",
7777	//       "required": true,
7778	//       "type": "string"
7779	//     }
7780	//   },
7781	//   "path": "v1/{+name}:undelete",
7782	//   "request": {
7783	//     "$ref": "UndeleteRoleRequest"
7784	//   },
7785	//   "response": {
7786	//     "$ref": "Role"
7787	//   },
7788	//   "scopes": [
7789	//     "https://www.googleapis.com/auth/cloud-platform"
7790	//   ]
7791	// }
7792
7793}
7794
7795// method id "iam.projects.serviceAccounts.create":
7796
7797type ProjectsServiceAccountsCreateCall struct {
7798	s                           *Service
7799	name                        string
7800	createserviceaccountrequest *CreateServiceAccountRequest
7801	urlParams_                  gensupport.URLParams
7802	ctx_                        context.Context
7803	header_                     http.Header
7804}
7805
7806// Create: Creates a ServiceAccount.
7807//
7808// - name: The resource name of the project associated with the service
7809//   accounts, such as `projects/my-project-123`.
7810func (r *ProjectsServiceAccountsService) Create(name string, createserviceaccountrequest *CreateServiceAccountRequest) *ProjectsServiceAccountsCreateCall {
7811	c := &ProjectsServiceAccountsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
7812	c.name = name
7813	c.createserviceaccountrequest = createserviceaccountrequest
7814	return c
7815}
7816
7817// Fields allows partial responses to be retrieved. See
7818// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
7819// for more information.
7820func (c *ProjectsServiceAccountsCreateCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsCreateCall {
7821	c.urlParams_.Set("fields", googleapi.CombineFields(s))
7822	return c
7823}
7824
7825// Context sets the context to be used in this call's Do method. Any
7826// pending HTTP request will be aborted if the provided context is
7827// canceled.
7828func (c *ProjectsServiceAccountsCreateCall) Context(ctx context.Context) *ProjectsServiceAccountsCreateCall {
7829	c.ctx_ = ctx
7830	return c
7831}
7832
7833// Header returns an http.Header that can be modified by the caller to
7834// add HTTP headers to the request.
7835func (c *ProjectsServiceAccountsCreateCall) Header() http.Header {
7836	if c.header_ == nil {
7837		c.header_ = make(http.Header)
7838	}
7839	return c.header_
7840}
7841
7842func (c *ProjectsServiceAccountsCreateCall) doRequest(alt string) (*http.Response, error) {
7843	reqHeaders := make(http.Header)
7844	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
7845	for k, v := range c.header_ {
7846		reqHeaders[k] = v
7847	}
7848	reqHeaders.Set("User-Agent", c.s.userAgent())
7849	var body io.Reader = nil
7850	body, err := googleapi.WithoutDataWrapper.JSONReader(c.createserviceaccountrequest)
7851	if err != nil {
7852		return nil, err
7853	}
7854	reqHeaders.Set("Content-Type", "application/json")
7855	c.urlParams_.Set("alt", alt)
7856	c.urlParams_.Set("prettyPrint", "false")
7857	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/serviceAccounts")
7858	urls += "?" + c.urlParams_.Encode()
7859	req, err := http.NewRequest("POST", urls, body)
7860	if err != nil {
7861		return nil, err
7862	}
7863	req.Header = reqHeaders
7864	googleapi.Expand(req.URL, map[string]string{
7865		"name": c.name,
7866	})
7867	return gensupport.SendRequest(c.ctx_, c.s.client, req)
7868}
7869
7870// Do executes the "iam.projects.serviceAccounts.create" call.
7871// Exactly one of *ServiceAccount or error will be non-nil. Any non-2xx
7872// status code is an error. Response headers are in either
7873// *ServiceAccount.ServerResponse.Header or (if a response was returned
7874// at all) in error.(*googleapi.Error).Header. Use
7875// googleapi.IsNotModified to check whether the returned error was
7876// because http.StatusNotModified was returned.
7877func (c *ProjectsServiceAccountsCreateCall) Do(opts ...googleapi.CallOption) (*ServiceAccount, error) {
7878	gensupport.SetOptions(c.urlParams_, opts...)
7879	res, err := c.doRequest("json")
7880	if res != nil && res.StatusCode == http.StatusNotModified {
7881		if res.Body != nil {
7882			res.Body.Close()
7883		}
7884		return nil, &googleapi.Error{
7885			Code:   res.StatusCode,
7886			Header: res.Header,
7887		}
7888	}
7889	if err != nil {
7890		return nil, err
7891	}
7892	defer googleapi.CloseBody(res)
7893	if err := googleapi.CheckResponse(res); err != nil {
7894		return nil, err
7895	}
7896	ret := &ServiceAccount{
7897		ServerResponse: googleapi.ServerResponse{
7898			Header:         res.Header,
7899			HTTPStatusCode: res.StatusCode,
7900		},
7901	}
7902	target := &ret
7903	if err := gensupport.DecodeResponse(target, res); err != nil {
7904		return nil, err
7905	}
7906	return ret, nil
7907	// {
7908	//   "description": "Creates a ServiceAccount.",
7909	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts",
7910	//   "httpMethod": "POST",
7911	//   "id": "iam.projects.serviceAccounts.create",
7912	//   "parameterOrder": [
7913	//     "name"
7914	//   ],
7915	//   "parameters": {
7916	//     "name": {
7917	//       "description": "Required. The resource name of the project associated with the service accounts, such as `projects/my-project-123`.",
7918	//       "location": "path",
7919	//       "pattern": "^projects/[^/]+$",
7920	//       "required": true,
7921	//       "type": "string"
7922	//     }
7923	//   },
7924	//   "path": "v1/{+name}/serviceAccounts",
7925	//   "request": {
7926	//     "$ref": "CreateServiceAccountRequest"
7927	//   },
7928	//   "response": {
7929	//     "$ref": "ServiceAccount"
7930	//   },
7931	//   "scopes": [
7932	//     "https://www.googleapis.com/auth/cloud-platform"
7933	//   ]
7934	// }
7935
7936}
7937
7938// method id "iam.projects.serviceAccounts.delete":
7939
7940type ProjectsServiceAccountsDeleteCall struct {
7941	s          *Service
7942	name       string
7943	urlParams_ gensupport.URLParams
7944	ctx_       context.Context
7945	header_    http.Header
7946}
7947
7948// Delete: Deletes a ServiceAccount. **Warning:** After you delete a
7949// service account, you might not be able to undelete it. If you know
7950// that you need to re-enable the service account in the future, use
7951// DisableServiceAccount instead. If you delete a service account, IAM
7952// permanently removes the service account 30 days later. Google Cloud
7953// cannot recover the service account after it is permanently removed,
7954// even if you file a support request. To help avoid unplanned outages,
7955// we recommend that you disable the service account before you delete
7956// it. Use DisableServiceAccount to disable the service account, then
7957// wait at least 24 hours and watch for unintended consequences. If
7958// there are no unintended consequences, you can delete the service
7959// account.
7960//
7961// - name: The resource name of the service account in the following
7962//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
7963//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
7964//   the account. The `ACCOUNT` value can be the `email` address or the
7965//   `unique_id` of the service account.
7966func (r *ProjectsServiceAccountsService) Delete(name string) *ProjectsServiceAccountsDeleteCall {
7967	c := &ProjectsServiceAccountsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
7968	c.name = name
7969	return c
7970}
7971
7972// Fields allows partial responses to be retrieved. See
7973// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
7974// for more information.
7975func (c *ProjectsServiceAccountsDeleteCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsDeleteCall {
7976	c.urlParams_.Set("fields", googleapi.CombineFields(s))
7977	return c
7978}
7979
7980// Context sets the context to be used in this call's Do method. Any
7981// pending HTTP request will be aborted if the provided context is
7982// canceled.
7983func (c *ProjectsServiceAccountsDeleteCall) Context(ctx context.Context) *ProjectsServiceAccountsDeleteCall {
7984	c.ctx_ = ctx
7985	return c
7986}
7987
7988// Header returns an http.Header that can be modified by the caller to
7989// add HTTP headers to the request.
7990func (c *ProjectsServiceAccountsDeleteCall) Header() http.Header {
7991	if c.header_ == nil {
7992		c.header_ = make(http.Header)
7993	}
7994	return c.header_
7995}
7996
7997func (c *ProjectsServiceAccountsDeleteCall) doRequest(alt string) (*http.Response, error) {
7998	reqHeaders := make(http.Header)
7999	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
8000	for k, v := range c.header_ {
8001		reqHeaders[k] = v
8002	}
8003	reqHeaders.Set("User-Agent", c.s.userAgent())
8004	var body io.Reader = nil
8005	c.urlParams_.Set("alt", alt)
8006	c.urlParams_.Set("prettyPrint", "false")
8007	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
8008	urls += "?" + c.urlParams_.Encode()
8009	req, err := http.NewRequest("DELETE", urls, body)
8010	if err != nil {
8011		return nil, err
8012	}
8013	req.Header = reqHeaders
8014	googleapi.Expand(req.URL, map[string]string{
8015		"name": c.name,
8016	})
8017	return gensupport.SendRequest(c.ctx_, c.s.client, req)
8018}
8019
8020// Do executes the "iam.projects.serviceAccounts.delete" call.
8021// Exactly one of *Empty or error will be non-nil. Any non-2xx status
8022// code is an error. Response headers are in either
8023// *Empty.ServerResponse.Header or (if a response was returned at all)
8024// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
8025// check whether the returned error was because http.StatusNotModified
8026// was returned.
8027func (c *ProjectsServiceAccountsDeleteCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
8028	gensupport.SetOptions(c.urlParams_, opts...)
8029	res, err := c.doRequest("json")
8030	if res != nil && res.StatusCode == http.StatusNotModified {
8031		if res.Body != nil {
8032			res.Body.Close()
8033		}
8034		return nil, &googleapi.Error{
8035			Code:   res.StatusCode,
8036			Header: res.Header,
8037		}
8038	}
8039	if err != nil {
8040		return nil, err
8041	}
8042	defer googleapi.CloseBody(res)
8043	if err := googleapi.CheckResponse(res); err != nil {
8044		return nil, err
8045	}
8046	ret := &Empty{
8047		ServerResponse: googleapi.ServerResponse{
8048			Header:         res.Header,
8049			HTTPStatusCode: res.StatusCode,
8050		},
8051	}
8052	target := &ret
8053	if err := gensupport.DecodeResponse(target, res); err != nil {
8054		return nil, err
8055	}
8056	return ret, nil
8057	// {
8058	//   "description": "Deletes a ServiceAccount. **Warning:** After you delete a service account, you might not be able to undelete it. If you know that you need to re-enable the service account in the future, use DisableServiceAccount instead. If you delete a service account, IAM permanently removes the service account 30 days later. Google Cloud cannot recover the service account after it is permanently removed, even if you file a support request. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use DisableServiceAccount to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account.",
8059	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}",
8060	//   "httpMethod": "DELETE",
8061	//   "id": "iam.projects.serviceAccounts.delete",
8062	//   "parameterOrder": [
8063	//     "name"
8064	//   ],
8065	//   "parameters": {
8066	//     "name": {
8067	//       "description": "Required. The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
8068	//       "location": "path",
8069	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
8070	//       "required": true,
8071	//       "type": "string"
8072	//     }
8073	//   },
8074	//   "path": "v1/{+name}",
8075	//   "response": {
8076	//     "$ref": "Empty"
8077	//   },
8078	//   "scopes": [
8079	//     "https://www.googleapis.com/auth/cloud-platform"
8080	//   ]
8081	// }
8082
8083}
8084
8085// method id "iam.projects.serviceAccounts.disable":
8086
8087type ProjectsServiceAccountsDisableCall struct {
8088	s                            *Service
8089	name                         string
8090	disableserviceaccountrequest *DisableServiceAccountRequest
8091	urlParams_                   gensupport.URLParams
8092	ctx_                         context.Context
8093	header_                      http.Header
8094}
8095
8096// Disable: Disables a ServiceAccount immediately. If an application
8097// uses the service account to authenticate, that application can no
8098// longer call Google APIs or access Google Cloud resources. Existing
8099// access tokens for the service account are rejected, and requests for
8100// new access tokens will fail. To re-enable the service account, use
8101// EnableServiceAccount. After you re-enable the service account, its
8102// existing access tokens will be accepted, and you can request new
8103// access tokens. To help avoid unplanned outages, we recommend that you
8104// disable the service account before you delete it. Use this method to
8105// disable the service account, then wait at least 24 hours and watch
8106// for unintended consequences. If there are no unintended consequences,
8107// you can delete the service account with DeleteServiceAccount.
8108//
8109// - name: The resource name of the service account in the following
8110//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
8111//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
8112//   the account. The `ACCOUNT` value can be the `email` address or the
8113//   `unique_id` of the service account.
8114func (r *ProjectsServiceAccountsService) Disable(name string, disableserviceaccountrequest *DisableServiceAccountRequest) *ProjectsServiceAccountsDisableCall {
8115	c := &ProjectsServiceAccountsDisableCall{s: r.s, urlParams_: make(gensupport.URLParams)}
8116	c.name = name
8117	c.disableserviceaccountrequest = disableserviceaccountrequest
8118	return c
8119}
8120
8121// Fields allows partial responses to be retrieved. See
8122// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
8123// for more information.
8124func (c *ProjectsServiceAccountsDisableCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsDisableCall {
8125	c.urlParams_.Set("fields", googleapi.CombineFields(s))
8126	return c
8127}
8128
8129// Context sets the context to be used in this call's Do method. Any
8130// pending HTTP request will be aborted if the provided context is
8131// canceled.
8132func (c *ProjectsServiceAccountsDisableCall) Context(ctx context.Context) *ProjectsServiceAccountsDisableCall {
8133	c.ctx_ = ctx
8134	return c
8135}
8136
8137// Header returns an http.Header that can be modified by the caller to
8138// add HTTP headers to the request.
8139func (c *ProjectsServiceAccountsDisableCall) Header() http.Header {
8140	if c.header_ == nil {
8141		c.header_ = make(http.Header)
8142	}
8143	return c.header_
8144}
8145
8146func (c *ProjectsServiceAccountsDisableCall) doRequest(alt string) (*http.Response, error) {
8147	reqHeaders := make(http.Header)
8148	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
8149	for k, v := range c.header_ {
8150		reqHeaders[k] = v
8151	}
8152	reqHeaders.Set("User-Agent", c.s.userAgent())
8153	var body io.Reader = nil
8154	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disableserviceaccountrequest)
8155	if err != nil {
8156		return nil, err
8157	}
8158	reqHeaders.Set("Content-Type", "application/json")
8159	c.urlParams_.Set("alt", alt)
8160	c.urlParams_.Set("prettyPrint", "false")
8161	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:disable")
8162	urls += "?" + c.urlParams_.Encode()
8163	req, err := http.NewRequest("POST", urls, body)
8164	if err != nil {
8165		return nil, err
8166	}
8167	req.Header = reqHeaders
8168	googleapi.Expand(req.URL, map[string]string{
8169		"name": c.name,
8170	})
8171	return gensupport.SendRequest(c.ctx_, c.s.client, req)
8172}
8173
8174// Do executes the "iam.projects.serviceAccounts.disable" call.
8175// Exactly one of *Empty or error will be non-nil. Any non-2xx status
8176// code is an error. Response headers are in either
8177// *Empty.ServerResponse.Header or (if a response was returned at all)
8178// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
8179// check whether the returned error was because http.StatusNotModified
8180// was returned.
8181func (c *ProjectsServiceAccountsDisableCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
8182	gensupport.SetOptions(c.urlParams_, opts...)
8183	res, err := c.doRequest("json")
8184	if res != nil && res.StatusCode == http.StatusNotModified {
8185		if res.Body != nil {
8186			res.Body.Close()
8187		}
8188		return nil, &googleapi.Error{
8189			Code:   res.StatusCode,
8190			Header: res.Header,
8191		}
8192	}
8193	if err != nil {
8194		return nil, err
8195	}
8196	defer googleapi.CloseBody(res)
8197	if err := googleapi.CheckResponse(res); err != nil {
8198		return nil, err
8199	}
8200	ret := &Empty{
8201		ServerResponse: googleapi.ServerResponse{
8202			Header:         res.Header,
8203			HTTPStatusCode: res.StatusCode,
8204		},
8205	}
8206	target := &ret
8207	if err := gensupport.DecodeResponse(target, res); err != nil {
8208		return nil, err
8209	}
8210	return ret, nil
8211	// {
8212	//   "description": "Disables a ServiceAccount immediately. If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail. To re-enable the service account, use EnableServiceAccount. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens. To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account with DeleteServiceAccount.",
8213	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:disable",
8214	//   "httpMethod": "POST",
8215	//   "id": "iam.projects.serviceAccounts.disable",
8216	//   "parameterOrder": [
8217	//     "name"
8218	//   ],
8219	//   "parameters": {
8220	//     "name": {
8221	//       "description": "The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
8222	//       "location": "path",
8223	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
8224	//       "required": true,
8225	//       "type": "string"
8226	//     }
8227	//   },
8228	//   "path": "v1/{+name}:disable",
8229	//   "request": {
8230	//     "$ref": "DisableServiceAccountRequest"
8231	//   },
8232	//   "response": {
8233	//     "$ref": "Empty"
8234	//   },
8235	//   "scopes": [
8236	//     "https://www.googleapis.com/auth/cloud-platform"
8237	//   ]
8238	// }
8239
8240}
8241
8242// method id "iam.projects.serviceAccounts.enable":
8243
8244type ProjectsServiceAccountsEnableCall struct {
8245	s                           *Service
8246	name                        string
8247	enableserviceaccountrequest *EnableServiceAccountRequest
8248	urlParams_                  gensupport.URLParams
8249	ctx_                        context.Context
8250	header_                     http.Header
8251}
8252
8253// Enable: Enables a ServiceAccount that was disabled by
8254// DisableServiceAccount. If the service account is already enabled,
8255// then this method has no effect. If the service account was disabled
8256// by other means—for example, if Google disabled the service account
8257// because it was compromised—you cannot use this method to enable the
8258// service account.
8259//
8260// - name: The resource name of the service account in the following
8261//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
8262//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
8263//   the account. The `ACCOUNT` value can be the `email` address or the
8264//   `unique_id` of the service account.
8265func (r *ProjectsServiceAccountsService) Enable(name string, enableserviceaccountrequest *EnableServiceAccountRequest) *ProjectsServiceAccountsEnableCall {
8266	c := &ProjectsServiceAccountsEnableCall{s: r.s, urlParams_: make(gensupport.URLParams)}
8267	c.name = name
8268	c.enableserviceaccountrequest = enableserviceaccountrequest
8269	return c
8270}
8271
8272// Fields allows partial responses to be retrieved. See
8273// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
8274// for more information.
8275func (c *ProjectsServiceAccountsEnableCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsEnableCall {
8276	c.urlParams_.Set("fields", googleapi.CombineFields(s))
8277	return c
8278}
8279
8280// Context sets the context to be used in this call's Do method. Any
8281// pending HTTP request will be aborted if the provided context is
8282// canceled.
8283func (c *ProjectsServiceAccountsEnableCall) Context(ctx context.Context) *ProjectsServiceAccountsEnableCall {
8284	c.ctx_ = ctx
8285	return c
8286}
8287
8288// Header returns an http.Header that can be modified by the caller to
8289// add HTTP headers to the request.
8290func (c *ProjectsServiceAccountsEnableCall) Header() http.Header {
8291	if c.header_ == nil {
8292		c.header_ = make(http.Header)
8293	}
8294	return c.header_
8295}
8296
8297func (c *ProjectsServiceAccountsEnableCall) doRequest(alt string) (*http.Response, error) {
8298	reqHeaders := make(http.Header)
8299	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
8300	for k, v := range c.header_ {
8301		reqHeaders[k] = v
8302	}
8303	reqHeaders.Set("User-Agent", c.s.userAgent())
8304	var body io.Reader = nil
8305	body, err := googleapi.WithoutDataWrapper.JSONReader(c.enableserviceaccountrequest)
8306	if err != nil {
8307		return nil, err
8308	}
8309	reqHeaders.Set("Content-Type", "application/json")
8310	c.urlParams_.Set("alt", alt)
8311	c.urlParams_.Set("prettyPrint", "false")
8312	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:enable")
8313	urls += "?" + c.urlParams_.Encode()
8314	req, err := http.NewRequest("POST", urls, body)
8315	if err != nil {
8316		return nil, err
8317	}
8318	req.Header = reqHeaders
8319	googleapi.Expand(req.URL, map[string]string{
8320		"name": c.name,
8321	})
8322	return gensupport.SendRequest(c.ctx_, c.s.client, req)
8323}
8324
8325// Do executes the "iam.projects.serviceAccounts.enable" call.
8326// Exactly one of *Empty or error will be non-nil. Any non-2xx status
8327// code is an error. Response headers are in either
8328// *Empty.ServerResponse.Header or (if a response was returned at all)
8329// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
8330// check whether the returned error was because http.StatusNotModified
8331// was returned.
8332func (c *ProjectsServiceAccountsEnableCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
8333	gensupport.SetOptions(c.urlParams_, opts...)
8334	res, err := c.doRequest("json")
8335	if res != nil && res.StatusCode == http.StatusNotModified {
8336		if res.Body != nil {
8337			res.Body.Close()
8338		}
8339		return nil, &googleapi.Error{
8340			Code:   res.StatusCode,
8341			Header: res.Header,
8342		}
8343	}
8344	if err != nil {
8345		return nil, err
8346	}
8347	defer googleapi.CloseBody(res)
8348	if err := googleapi.CheckResponse(res); err != nil {
8349		return nil, err
8350	}
8351	ret := &Empty{
8352		ServerResponse: googleapi.ServerResponse{
8353			Header:         res.Header,
8354			HTTPStatusCode: res.StatusCode,
8355		},
8356	}
8357	target := &ret
8358	if err := gensupport.DecodeResponse(target, res); err != nil {
8359		return nil, err
8360	}
8361	return ret, nil
8362	// {
8363	//   "description": "Enables a ServiceAccount that was disabled by DisableServiceAccount. If the service account is already enabled, then this method has no effect. If the service account was disabled by other means—for example, if Google disabled the service account because it was compromised—you cannot use this method to enable the service account.",
8364	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:enable",
8365	//   "httpMethod": "POST",
8366	//   "id": "iam.projects.serviceAccounts.enable",
8367	//   "parameterOrder": [
8368	//     "name"
8369	//   ],
8370	//   "parameters": {
8371	//     "name": {
8372	//       "description": "The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
8373	//       "location": "path",
8374	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
8375	//       "required": true,
8376	//       "type": "string"
8377	//     }
8378	//   },
8379	//   "path": "v1/{+name}:enable",
8380	//   "request": {
8381	//     "$ref": "EnableServiceAccountRequest"
8382	//   },
8383	//   "response": {
8384	//     "$ref": "Empty"
8385	//   },
8386	//   "scopes": [
8387	//     "https://www.googleapis.com/auth/cloud-platform"
8388	//   ]
8389	// }
8390
8391}
8392
8393// method id "iam.projects.serviceAccounts.get":
8394
8395type ProjectsServiceAccountsGetCall struct {
8396	s            *Service
8397	name         string
8398	urlParams_   gensupport.URLParams
8399	ifNoneMatch_ string
8400	ctx_         context.Context
8401	header_      http.Header
8402}
8403
8404// Get: Gets a ServiceAccount.
8405//
8406// - name: The resource name of the service account in the following
8407//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
8408//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
8409//   the account. The `ACCOUNT` value can be the `email` address or the
8410//   `unique_id` of the service account.
8411func (r *ProjectsServiceAccountsService) Get(name string) *ProjectsServiceAccountsGetCall {
8412	c := &ProjectsServiceAccountsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
8413	c.name = name
8414	return c
8415}
8416
8417// Fields allows partial responses to be retrieved. See
8418// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
8419// for more information.
8420func (c *ProjectsServiceAccountsGetCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGetCall {
8421	c.urlParams_.Set("fields", googleapi.CombineFields(s))
8422	return c
8423}
8424
8425// IfNoneMatch sets the optional parameter which makes the operation
8426// fail if the object's ETag matches the given value. This is useful for
8427// getting updates only after the object has changed since the last
8428// request. Use googleapi.IsNotModified to check whether the response
8429// error from Do is the result of In-None-Match.
8430func (c *ProjectsServiceAccountsGetCall) IfNoneMatch(entityTag string) *ProjectsServiceAccountsGetCall {
8431	c.ifNoneMatch_ = entityTag
8432	return c
8433}
8434
8435// Context sets the context to be used in this call's Do method. Any
8436// pending HTTP request will be aborted if the provided context is
8437// canceled.
8438func (c *ProjectsServiceAccountsGetCall) Context(ctx context.Context) *ProjectsServiceAccountsGetCall {
8439	c.ctx_ = ctx
8440	return c
8441}
8442
8443// Header returns an http.Header that can be modified by the caller to
8444// add HTTP headers to the request.
8445func (c *ProjectsServiceAccountsGetCall) Header() http.Header {
8446	if c.header_ == nil {
8447		c.header_ = make(http.Header)
8448	}
8449	return c.header_
8450}
8451
8452func (c *ProjectsServiceAccountsGetCall) doRequest(alt string) (*http.Response, error) {
8453	reqHeaders := make(http.Header)
8454	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
8455	for k, v := range c.header_ {
8456		reqHeaders[k] = v
8457	}
8458	reqHeaders.Set("User-Agent", c.s.userAgent())
8459	if c.ifNoneMatch_ != "" {
8460		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
8461	}
8462	var body io.Reader = nil
8463	c.urlParams_.Set("alt", alt)
8464	c.urlParams_.Set("prettyPrint", "false")
8465	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
8466	urls += "?" + c.urlParams_.Encode()
8467	req, err := http.NewRequest("GET", urls, body)
8468	if err != nil {
8469		return nil, err
8470	}
8471	req.Header = reqHeaders
8472	googleapi.Expand(req.URL, map[string]string{
8473		"name": c.name,
8474	})
8475	return gensupport.SendRequest(c.ctx_, c.s.client, req)
8476}
8477
8478// Do executes the "iam.projects.serviceAccounts.get" call.
8479// Exactly one of *ServiceAccount or error will be non-nil. Any non-2xx
8480// status code is an error. Response headers are in either
8481// *ServiceAccount.ServerResponse.Header or (if a response was returned
8482// at all) in error.(*googleapi.Error).Header. Use
8483// googleapi.IsNotModified to check whether the returned error was
8484// because http.StatusNotModified was returned.
8485func (c *ProjectsServiceAccountsGetCall) Do(opts ...googleapi.CallOption) (*ServiceAccount, error) {
8486	gensupport.SetOptions(c.urlParams_, opts...)
8487	res, err := c.doRequest("json")
8488	if res != nil && res.StatusCode == http.StatusNotModified {
8489		if res.Body != nil {
8490			res.Body.Close()
8491		}
8492		return nil, &googleapi.Error{
8493			Code:   res.StatusCode,
8494			Header: res.Header,
8495		}
8496	}
8497	if err != nil {
8498		return nil, err
8499	}
8500	defer googleapi.CloseBody(res)
8501	if err := googleapi.CheckResponse(res); err != nil {
8502		return nil, err
8503	}
8504	ret := &ServiceAccount{
8505		ServerResponse: googleapi.ServerResponse{
8506			Header:         res.Header,
8507			HTTPStatusCode: res.StatusCode,
8508		},
8509	}
8510	target := &ret
8511	if err := gensupport.DecodeResponse(target, res); err != nil {
8512		return nil, err
8513	}
8514	return ret, nil
8515	// {
8516	//   "description": "Gets a ServiceAccount.",
8517	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}",
8518	//   "httpMethod": "GET",
8519	//   "id": "iam.projects.serviceAccounts.get",
8520	//   "parameterOrder": [
8521	//     "name"
8522	//   ],
8523	//   "parameters": {
8524	//     "name": {
8525	//       "description": "Required. The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
8526	//       "location": "path",
8527	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
8528	//       "required": true,
8529	//       "type": "string"
8530	//     }
8531	//   },
8532	//   "path": "v1/{+name}",
8533	//   "response": {
8534	//     "$ref": "ServiceAccount"
8535	//   },
8536	//   "scopes": [
8537	//     "https://www.googleapis.com/auth/cloud-platform"
8538	//   ]
8539	// }
8540
8541}
8542
8543// method id "iam.projects.serviceAccounts.getIamPolicy":
8544
8545type ProjectsServiceAccountsGetIamPolicyCall struct {
8546	s          *Service
8547	resource   string
8548	urlParams_ gensupport.URLParams
8549	ctx_       context.Context
8550	header_    http.Header
8551}
8552
8553// GetIamPolicy: Gets the IAM policy that is attached to a
8554// ServiceAccount. This IAM policy specifies which principals have
8555// access to the service account. This method does not tell you whether
8556// the service account has been granted any roles on other resources. To
8557// check whether a service account has role grants on a resource, use
8558// the `getIamPolicy` method for that resource. For example, to view the
8559// role grants for a project, call the Resource Manager API's
8560// `projects.getIamPolicy`
8561// (https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy)
8562// method.
8563//
8564// - resource: REQUIRED: The resource for which the policy is being
8565//   requested. See the operation documentation for the appropriate
8566//   value for this field.
8567func (r *ProjectsServiceAccountsService) GetIamPolicy(resource string) *ProjectsServiceAccountsGetIamPolicyCall {
8568	c := &ProjectsServiceAccountsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
8569	c.resource = resource
8570	return c
8571}
8572
8573// OptionsRequestedPolicyVersion sets the optional parameter
8574// "options.requestedPolicyVersion": The maximum policy version that
8575// will be used to format the policy. Valid values are 0, 1, and 3.
8576// Requests specifying an invalid value will be rejected. Requests for
8577// policies with any conditional role bindings must specify version 3.
8578// Policies with no conditional role bindings may specify any valid
8579// value or leave the field unset. The policy in the response might use
8580// the policy version that you specified, or it might use a lower policy
8581// version. For example, if you specify version 3, but the policy has no
8582// conditional role bindings, the response uses version 1. To learn
8583// which resources support conditions in their IAM policies, see the IAM
8584// documentation
8585// (https://cloud.google.com/iam/help/conditions/resource-policies).
8586func (c *ProjectsServiceAccountsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsServiceAccountsGetIamPolicyCall {
8587	c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion))
8588	return c
8589}
8590
8591// Fields allows partial responses to be retrieved. See
8592// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
8593// for more information.
8594func (c *ProjectsServiceAccountsGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsGetIamPolicyCall {
8595	c.urlParams_.Set("fields", googleapi.CombineFields(s))
8596	return c
8597}
8598
8599// Context sets the context to be used in this call's Do method. Any
8600// pending HTTP request will be aborted if the provided context is
8601// canceled.
8602func (c *ProjectsServiceAccountsGetIamPolicyCall) Context(ctx context.Context) *ProjectsServiceAccountsGetIamPolicyCall {
8603	c.ctx_ = ctx
8604	return c
8605}
8606
8607// Header returns an http.Header that can be modified by the caller to
8608// add HTTP headers to the request.
8609func (c *ProjectsServiceAccountsGetIamPolicyCall) Header() http.Header {
8610	if c.header_ == nil {
8611		c.header_ = make(http.Header)
8612	}
8613	return c.header_
8614}
8615
8616func (c *ProjectsServiceAccountsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
8617	reqHeaders := make(http.Header)
8618	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
8619	for k, v := range c.header_ {
8620		reqHeaders[k] = v
8621	}
8622	reqHeaders.Set("User-Agent", c.s.userAgent())
8623	var body io.Reader = nil
8624	c.urlParams_.Set("alt", alt)
8625	c.urlParams_.Set("prettyPrint", "false")
8626	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy")
8627	urls += "?" + c.urlParams_.Encode()
8628	req, err := http.NewRequest("POST", urls, body)
8629	if err != nil {
8630		return nil, err
8631	}
8632	req.Header = reqHeaders
8633	googleapi.Expand(req.URL, map[string]string{
8634		"resource": c.resource,
8635	})
8636	return gensupport.SendRequest(c.ctx_, c.s.client, req)
8637}
8638
8639// Do executes the "iam.projects.serviceAccounts.getIamPolicy" call.
8640// Exactly one of *Policy or error will be non-nil. Any non-2xx status
8641// code is an error. Response headers are in either
8642// *Policy.ServerResponse.Header or (if a response was returned at all)
8643// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
8644// check whether the returned error was because http.StatusNotModified
8645// was returned.
8646func (c *ProjectsServiceAccountsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
8647	gensupport.SetOptions(c.urlParams_, opts...)
8648	res, err := c.doRequest("json")
8649	if res != nil && res.StatusCode == http.StatusNotModified {
8650		if res.Body != nil {
8651			res.Body.Close()
8652		}
8653		return nil, &googleapi.Error{
8654			Code:   res.StatusCode,
8655			Header: res.Header,
8656		}
8657	}
8658	if err != nil {
8659		return nil, err
8660	}
8661	defer googleapi.CloseBody(res)
8662	if err := googleapi.CheckResponse(res); err != nil {
8663		return nil, err
8664	}
8665	ret := &Policy{
8666		ServerResponse: googleapi.ServerResponse{
8667			Header:         res.Header,
8668			HTTPStatusCode: res.StatusCode,
8669		},
8670	}
8671	target := &ret
8672	if err := gensupport.DecodeResponse(target, res); err != nil {
8673		return nil, err
8674	}
8675	return ret, nil
8676	// {
8677	//   "description": "Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which principals have access to the service account. This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the `getIamPolicy` method for that resource. For example, to view the role grants for a project, call the Resource Manager API's [`projects.getIamPolicy`](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy) method.",
8678	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:getIamPolicy",
8679	//   "httpMethod": "POST",
8680	//   "id": "iam.projects.serviceAccounts.getIamPolicy",
8681	//   "parameterOrder": [
8682	//     "resource"
8683	//   ],
8684	//   "parameters": {
8685	//     "options.requestedPolicyVersion": {
8686	//       "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).",
8687	//       "format": "int32",
8688	//       "location": "query",
8689	//       "type": "integer"
8690	//     },
8691	//     "resource": {
8692	//       "description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.",
8693	//       "location": "path",
8694	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
8695	//       "required": true,
8696	//       "type": "string"
8697	//     }
8698	//   },
8699	//   "path": "v1/{+resource}:getIamPolicy",
8700	//   "response": {
8701	//     "$ref": "Policy"
8702	//   },
8703	//   "scopes": [
8704	//     "https://www.googleapis.com/auth/cloud-platform"
8705	//   ]
8706	// }
8707
8708}
8709
8710// method id "iam.projects.serviceAccounts.list":
8711
8712type ProjectsServiceAccountsListCall struct {
8713	s            *Service
8714	name         string
8715	urlParams_   gensupport.URLParams
8716	ifNoneMatch_ string
8717	ctx_         context.Context
8718	header_      http.Header
8719}
8720
8721// List: Lists every ServiceAccount that belongs to a specific project.
8722//
8723// - name: The resource name of the project associated with the service
8724//   accounts, such as `projects/my-project-123`.
8725func (r *ProjectsServiceAccountsService) List(name string) *ProjectsServiceAccountsListCall {
8726	c := &ProjectsServiceAccountsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
8727	c.name = name
8728	return c
8729}
8730
8731// PageSize sets the optional parameter "pageSize": Optional limit on
8732// the number of service accounts to include in the response. Further
8733// accounts can subsequently be obtained by including the
8734// ListServiceAccountsResponse.next_page_token in a subsequent request.
8735// The default is 20, and the maximum is 100.
8736func (c *ProjectsServiceAccountsListCall) PageSize(pageSize int64) *ProjectsServiceAccountsListCall {
8737	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
8738	return c
8739}
8740
8741// PageToken sets the optional parameter "pageToken": Optional
8742// pagination token returned in an earlier
8743// ListServiceAccountsResponse.next_page_token.
8744func (c *ProjectsServiceAccountsListCall) PageToken(pageToken string) *ProjectsServiceAccountsListCall {
8745	c.urlParams_.Set("pageToken", pageToken)
8746	return c
8747}
8748
8749// Fields allows partial responses to be retrieved. See
8750// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
8751// for more information.
8752func (c *ProjectsServiceAccountsListCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsListCall {
8753	c.urlParams_.Set("fields", googleapi.CombineFields(s))
8754	return c
8755}
8756
8757// IfNoneMatch sets the optional parameter which makes the operation
8758// fail if the object's ETag matches the given value. This is useful for
8759// getting updates only after the object has changed since the last
8760// request. Use googleapi.IsNotModified to check whether the response
8761// error from Do is the result of In-None-Match.
8762func (c *ProjectsServiceAccountsListCall) IfNoneMatch(entityTag string) *ProjectsServiceAccountsListCall {
8763	c.ifNoneMatch_ = entityTag
8764	return c
8765}
8766
8767// Context sets the context to be used in this call's Do method. Any
8768// pending HTTP request will be aborted if the provided context is
8769// canceled.
8770func (c *ProjectsServiceAccountsListCall) Context(ctx context.Context) *ProjectsServiceAccountsListCall {
8771	c.ctx_ = ctx
8772	return c
8773}
8774
8775// Header returns an http.Header that can be modified by the caller to
8776// add HTTP headers to the request.
8777func (c *ProjectsServiceAccountsListCall) Header() http.Header {
8778	if c.header_ == nil {
8779		c.header_ = make(http.Header)
8780	}
8781	return c.header_
8782}
8783
8784func (c *ProjectsServiceAccountsListCall) doRequest(alt string) (*http.Response, error) {
8785	reqHeaders := make(http.Header)
8786	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
8787	for k, v := range c.header_ {
8788		reqHeaders[k] = v
8789	}
8790	reqHeaders.Set("User-Agent", c.s.userAgent())
8791	if c.ifNoneMatch_ != "" {
8792		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
8793	}
8794	var body io.Reader = nil
8795	c.urlParams_.Set("alt", alt)
8796	c.urlParams_.Set("prettyPrint", "false")
8797	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/serviceAccounts")
8798	urls += "?" + c.urlParams_.Encode()
8799	req, err := http.NewRequest("GET", urls, body)
8800	if err != nil {
8801		return nil, err
8802	}
8803	req.Header = reqHeaders
8804	googleapi.Expand(req.URL, map[string]string{
8805		"name": c.name,
8806	})
8807	return gensupport.SendRequest(c.ctx_, c.s.client, req)
8808}
8809
8810// Do executes the "iam.projects.serviceAccounts.list" call.
8811// Exactly one of *ListServiceAccountsResponse or error will be non-nil.
8812// Any non-2xx status code is an error. Response headers are in either
8813// *ListServiceAccountsResponse.ServerResponse.Header or (if a response
8814// was returned at all) in error.(*googleapi.Error).Header. Use
8815// googleapi.IsNotModified to check whether the returned error was
8816// because http.StatusNotModified was returned.
8817func (c *ProjectsServiceAccountsListCall) Do(opts ...googleapi.CallOption) (*ListServiceAccountsResponse, error) {
8818	gensupport.SetOptions(c.urlParams_, opts...)
8819	res, err := c.doRequest("json")
8820	if res != nil && res.StatusCode == http.StatusNotModified {
8821		if res.Body != nil {
8822			res.Body.Close()
8823		}
8824		return nil, &googleapi.Error{
8825			Code:   res.StatusCode,
8826			Header: res.Header,
8827		}
8828	}
8829	if err != nil {
8830		return nil, err
8831	}
8832	defer googleapi.CloseBody(res)
8833	if err := googleapi.CheckResponse(res); err != nil {
8834		return nil, err
8835	}
8836	ret := &ListServiceAccountsResponse{
8837		ServerResponse: googleapi.ServerResponse{
8838			Header:         res.Header,
8839			HTTPStatusCode: res.StatusCode,
8840		},
8841	}
8842	target := &ret
8843	if err := gensupport.DecodeResponse(target, res); err != nil {
8844		return nil, err
8845	}
8846	return ret, nil
8847	// {
8848	//   "description": "Lists every ServiceAccount that belongs to a specific project.",
8849	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts",
8850	//   "httpMethod": "GET",
8851	//   "id": "iam.projects.serviceAccounts.list",
8852	//   "parameterOrder": [
8853	//     "name"
8854	//   ],
8855	//   "parameters": {
8856	//     "name": {
8857	//       "description": "Required. The resource name of the project associated with the service accounts, such as `projects/my-project-123`.",
8858	//       "location": "path",
8859	//       "pattern": "^projects/[^/]+$",
8860	//       "required": true,
8861	//       "type": "string"
8862	//     },
8863	//     "pageSize": {
8864	//       "description": "Optional limit on the number of service accounts to include in the response. Further accounts can subsequently be obtained by including the ListServiceAccountsResponse.next_page_token in a subsequent request. The default is 20, and the maximum is 100.",
8865	//       "format": "int32",
8866	//       "location": "query",
8867	//       "type": "integer"
8868	//     },
8869	//     "pageToken": {
8870	//       "description": "Optional pagination token returned in an earlier ListServiceAccountsResponse.next_page_token.",
8871	//       "location": "query",
8872	//       "type": "string"
8873	//     }
8874	//   },
8875	//   "path": "v1/{+name}/serviceAccounts",
8876	//   "response": {
8877	//     "$ref": "ListServiceAccountsResponse"
8878	//   },
8879	//   "scopes": [
8880	//     "https://www.googleapis.com/auth/cloud-platform"
8881	//   ]
8882	// }
8883
8884}
8885
8886// Pages invokes f for each page of results.
8887// A non-nil error returned from f will halt the iteration.
8888// The provided context supersedes any context provided to the Context method.
8889func (c *ProjectsServiceAccountsListCall) Pages(ctx context.Context, f func(*ListServiceAccountsResponse) error) error {
8890	c.ctx_ = ctx
8891	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
8892	for {
8893		x, err := c.Do()
8894		if err != nil {
8895			return err
8896		}
8897		if err := f(x); err != nil {
8898			return err
8899		}
8900		if x.NextPageToken == "" {
8901			return nil
8902		}
8903		c.PageToken(x.NextPageToken)
8904	}
8905}
8906
8907// method id "iam.projects.serviceAccounts.patch":
8908
8909type ProjectsServiceAccountsPatchCall struct {
8910	s                          *Service
8911	name                       string
8912	patchserviceaccountrequest *PatchServiceAccountRequest
8913	urlParams_                 gensupport.URLParams
8914	ctx_                       context.Context
8915	header_                    http.Header
8916}
8917
8918// Patch: Patches a ServiceAccount.
8919//
8920// - name: The resource name of the service account. Use one of the
8921//   following formats: *
8922//   `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` *
8923//   `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an
8924//   alternative, you can use the `-` wildcard character instead of the
8925//   project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` *
8926//   `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using
8927//   the `-` wildcard character, because it can cause response messages
8928//   to contain misleading error codes. For example, if you try to get
8929//   the service account `projects/-/serviceAccounts/fake@example.com`,
8930//   which does not exist, the response contains an HTTP `403 Forbidden`
8931//   error instead of a `404 Not Found` error.
8932func (r *ProjectsServiceAccountsService) Patch(name string, patchserviceaccountrequest *PatchServiceAccountRequest) *ProjectsServiceAccountsPatchCall {
8933	c := &ProjectsServiceAccountsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
8934	c.name = name
8935	c.patchserviceaccountrequest = patchserviceaccountrequest
8936	return c
8937}
8938
8939// Fields allows partial responses to be retrieved. See
8940// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
8941// for more information.
8942func (c *ProjectsServiceAccountsPatchCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsPatchCall {
8943	c.urlParams_.Set("fields", googleapi.CombineFields(s))
8944	return c
8945}
8946
8947// Context sets the context to be used in this call's Do method. Any
8948// pending HTTP request will be aborted if the provided context is
8949// canceled.
8950func (c *ProjectsServiceAccountsPatchCall) Context(ctx context.Context) *ProjectsServiceAccountsPatchCall {
8951	c.ctx_ = ctx
8952	return c
8953}
8954
8955// Header returns an http.Header that can be modified by the caller to
8956// add HTTP headers to the request.
8957func (c *ProjectsServiceAccountsPatchCall) Header() http.Header {
8958	if c.header_ == nil {
8959		c.header_ = make(http.Header)
8960	}
8961	return c.header_
8962}
8963
8964func (c *ProjectsServiceAccountsPatchCall) doRequest(alt string) (*http.Response, error) {
8965	reqHeaders := make(http.Header)
8966	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
8967	for k, v := range c.header_ {
8968		reqHeaders[k] = v
8969	}
8970	reqHeaders.Set("User-Agent", c.s.userAgent())
8971	var body io.Reader = nil
8972	body, err := googleapi.WithoutDataWrapper.JSONReader(c.patchserviceaccountrequest)
8973	if err != nil {
8974		return nil, err
8975	}
8976	reqHeaders.Set("Content-Type", "application/json")
8977	c.urlParams_.Set("alt", alt)
8978	c.urlParams_.Set("prettyPrint", "false")
8979	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
8980	urls += "?" + c.urlParams_.Encode()
8981	req, err := http.NewRequest("PATCH", urls, body)
8982	if err != nil {
8983		return nil, err
8984	}
8985	req.Header = reqHeaders
8986	googleapi.Expand(req.URL, map[string]string{
8987		"name": c.name,
8988	})
8989	return gensupport.SendRequest(c.ctx_, c.s.client, req)
8990}
8991
8992// Do executes the "iam.projects.serviceAccounts.patch" call.
8993// Exactly one of *ServiceAccount or error will be non-nil. Any non-2xx
8994// status code is an error. Response headers are in either
8995// *ServiceAccount.ServerResponse.Header or (if a response was returned
8996// at all) in error.(*googleapi.Error).Header. Use
8997// googleapi.IsNotModified to check whether the returned error was
8998// because http.StatusNotModified was returned.
8999func (c *ProjectsServiceAccountsPatchCall) Do(opts ...googleapi.CallOption) (*ServiceAccount, error) {
9000	gensupport.SetOptions(c.urlParams_, opts...)
9001	res, err := c.doRequest("json")
9002	if res != nil && res.StatusCode == http.StatusNotModified {
9003		if res.Body != nil {
9004			res.Body.Close()
9005		}
9006		return nil, &googleapi.Error{
9007			Code:   res.StatusCode,
9008			Header: res.Header,
9009		}
9010	}
9011	if err != nil {
9012		return nil, err
9013	}
9014	defer googleapi.CloseBody(res)
9015	if err := googleapi.CheckResponse(res); err != nil {
9016		return nil, err
9017	}
9018	ret := &ServiceAccount{
9019		ServerResponse: googleapi.ServerResponse{
9020			Header:         res.Header,
9021			HTTPStatusCode: res.StatusCode,
9022		},
9023	}
9024	target := &ret
9025	if err := gensupport.DecodeResponse(target, res); err != nil {
9026		return nil, err
9027	}
9028	return ret, nil
9029	// {
9030	//   "description": "Patches a ServiceAccount.",
9031	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}",
9032	//   "httpMethod": "PATCH",
9033	//   "id": "iam.projects.serviceAccounts.patch",
9034	//   "parameterOrder": [
9035	//     "name"
9036	//   ],
9037	//   "parameters": {
9038	//     "name": {
9039	//       "description": "The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to get the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.",
9040	//       "location": "path",
9041	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
9042	//       "required": true,
9043	//       "type": "string"
9044	//     }
9045	//   },
9046	//   "path": "v1/{+name}",
9047	//   "request": {
9048	//     "$ref": "PatchServiceAccountRequest"
9049	//   },
9050	//   "response": {
9051	//     "$ref": "ServiceAccount"
9052	//   },
9053	//   "scopes": [
9054	//     "https://www.googleapis.com/auth/cloud-platform"
9055	//   ]
9056	// }
9057
9058}
9059
9060// method id "iam.projects.serviceAccounts.setIamPolicy":
9061
9062type ProjectsServiceAccountsSetIamPolicyCall struct {
9063	s                   *Service
9064	resource            string
9065	setiampolicyrequest *SetIamPolicyRequest
9066	urlParams_          gensupport.URLParams
9067	ctx_                context.Context
9068	header_             http.Header
9069}
9070
9071// SetIamPolicy: Sets the IAM policy that is attached to a
9072// ServiceAccount. Use this method to grant or revoke access to the
9073// service account. For example, you could grant a principal the ability
9074// to impersonate the service account. This method does not enable the
9075// service account to access other resources. To grant roles to a
9076// service account on a resource, follow these steps: 1. Call the
9077// resource's `getIamPolicy` method to get its current IAM policy. 2.
9078// Edit the policy so that it binds the service account to an IAM role
9079// for the resource. 3. Call the resource's `setIamPolicy` method to
9080// update its IAM policy. For detailed instructions, see Manage access
9081// to project, folders, and organizations
9082// (https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts)
9083// or Manage access to other resources
9084// (https://cloud.google.com/iam/help/access/manage-other-resources).
9085//
9086// - resource: REQUIRED: The resource for which the policy is being
9087//   specified. See the operation documentation for the appropriate
9088//   value for this field.
9089func (r *ProjectsServiceAccountsService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsServiceAccountsSetIamPolicyCall {
9090	c := &ProjectsServiceAccountsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9091	c.resource = resource
9092	c.setiampolicyrequest = setiampolicyrequest
9093	return c
9094}
9095
9096// Fields allows partial responses to be retrieved. See
9097// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
9098// for more information.
9099func (c *ProjectsServiceAccountsSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSetIamPolicyCall {
9100	c.urlParams_.Set("fields", googleapi.CombineFields(s))
9101	return c
9102}
9103
9104// Context sets the context to be used in this call's Do method. Any
9105// pending HTTP request will be aborted if the provided context is
9106// canceled.
9107func (c *ProjectsServiceAccountsSetIamPolicyCall) Context(ctx context.Context) *ProjectsServiceAccountsSetIamPolicyCall {
9108	c.ctx_ = ctx
9109	return c
9110}
9111
9112// Header returns an http.Header that can be modified by the caller to
9113// add HTTP headers to the request.
9114func (c *ProjectsServiceAccountsSetIamPolicyCall) Header() http.Header {
9115	if c.header_ == nil {
9116		c.header_ = make(http.Header)
9117	}
9118	return c.header_
9119}
9120
9121func (c *ProjectsServiceAccountsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
9122	reqHeaders := make(http.Header)
9123	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
9124	for k, v := range c.header_ {
9125		reqHeaders[k] = v
9126	}
9127	reqHeaders.Set("User-Agent", c.s.userAgent())
9128	var body io.Reader = nil
9129	body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest)
9130	if err != nil {
9131		return nil, err
9132	}
9133	reqHeaders.Set("Content-Type", "application/json")
9134	c.urlParams_.Set("alt", alt)
9135	c.urlParams_.Set("prettyPrint", "false")
9136	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy")
9137	urls += "?" + c.urlParams_.Encode()
9138	req, err := http.NewRequest("POST", urls, body)
9139	if err != nil {
9140		return nil, err
9141	}
9142	req.Header = reqHeaders
9143	googleapi.Expand(req.URL, map[string]string{
9144		"resource": c.resource,
9145	})
9146	return gensupport.SendRequest(c.ctx_, c.s.client, req)
9147}
9148
9149// Do executes the "iam.projects.serviceAccounts.setIamPolicy" call.
9150// Exactly one of *Policy or error will be non-nil. Any non-2xx status
9151// code is an error. Response headers are in either
9152// *Policy.ServerResponse.Header or (if a response was returned at all)
9153// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
9154// check whether the returned error was because http.StatusNotModified
9155// was returned.
9156func (c *ProjectsServiceAccountsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) {
9157	gensupport.SetOptions(c.urlParams_, opts...)
9158	res, err := c.doRequest("json")
9159	if res != nil && res.StatusCode == http.StatusNotModified {
9160		if res.Body != nil {
9161			res.Body.Close()
9162		}
9163		return nil, &googleapi.Error{
9164			Code:   res.StatusCode,
9165			Header: res.Header,
9166		}
9167	}
9168	if err != nil {
9169		return nil, err
9170	}
9171	defer googleapi.CloseBody(res)
9172	if err := googleapi.CheckResponse(res); err != nil {
9173		return nil, err
9174	}
9175	ret := &Policy{
9176		ServerResponse: googleapi.ServerResponse{
9177			Header:         res.Header,
9178			HTTPStatusCode: res.StatusCode,
9179		},
9180	}
9181	target := &ret
9182	if err := gensupport.DecodeResponse(target, res); err != nil {
9183		return nil, err
9184	}
9185	return ret, nil
9186	// {
9187	//   "description": "Sets the IAM policy that is attached to a ServiceAccount. Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account. This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps: 1. Call the resource's `getIamPolicy` method to get its current IAM policy. 2. Edit the policy so that it binds the service account to an IAM role for the resource. 3. Call the resource's `setIamPolicy` method to update its IAM policy. For detailed instructions, see [Manage access to project, folders, and organizations](https://cloud.google.com/iam/help/service-accounts/granting-access-to-service-accounts) or [Manage access to other resources](https://cloud.google.com/iam/help/access/manage-other-resources).",
9188	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:setIamPolicy",
9189	//   "httpMethod": "POST",
9190	//   "id": "iam.projects.serviceAccounts.setIamPolicy",
9191	//   "parameterOrder": [
9192	//     "resource"
9193	//   ],
9194	//   "parameters": {
9195	//     "resource": {
9196	//       "description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.",
9197	//       "location": "path",
9198	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
9199	//       "required": true,
9200	//       "type": "string"
9201	//     }
9202	//   },
9203	//   "path": "v1/{+resource}:setIamPolicy",
9204	//   "request": {
9205	//     "$ref": "SetIamPolicyRequest"
9206	//   },
9207	//   "response": {
9208	//     "$ref": "Policy"
9209	//   },
9210	//   "scopes": [
9211	//     "https://www.googleapis.com/auth/cloud-platform"
9212	//   ]
9213	// }
9214
9215}
9216
9217// method id "iam.projects.serviceAccounts.signBlob":
9218
9219type ProjectsServiceAccountsSignBlobCall struct {
9220	s               *Service
9221	name            string
9222	signblobrequest *SignBlobRequest
9223	urlParams_      gensupport.URLParams
9224	ctx_            context.Context
9225	header_         http.Header
9226}
9227
9228// SignBlob: **Note:** This method is deprecated. Use the `signBlob`
9229// (https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob)
9230// method in the IAM Service Account Credentials API instead. If you
9231// currently use this method, see the migration guide
9232// (https://cloud.google.com/iam/help/credentials/migrate-api) for
9233// instructions. Signs a blob using the system-managed private key for a
9234// ServiceAccount.
9235//
9236// - name: Deprecated. Migrate to Service Account Credentials API
9237//   (https://cloud.google.com/iam/help/credentials/migrate-api). The
9238//   resource name of the service account in the following format:
9239//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a
9240//   wildcard for the `PROJECT_ID` will infer the project from the
9241//   account. The `ACCOUNT` value can be the `email` address or the
9242//   `unique_id` of the service account.
9243func (r *ProjectsServiceAccountsService) SignBlob(name string, signblobrequest *SignBlobRequest) *ProjectsServiceAccountsSignBlobCall {
9244	c := &ProjectsServiceAccountsSignBlobCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9245	c.name = name
9246	c.signblobrequest = signblobrequest
9247	return c
9248}
9249
9250// Fields allows partial responses to be retrieved. See
9251// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
9252// for more information.
9253func (c *ProjectsServiceAccountsSignBlobCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignBlobCall {
9254	c.urlParams_.Set("fields", googleapi.CombineFields(s))
9255	return c
9256}
9257
9258// Context sets the context to be used in this call's Do method. Any
9259// pending HTTP request will be aborted if the provided context is
9260// canceled.
9261func (c *ProjectsServiceAccountsSignBlobCall) Context(ctx context.Context) *ProjectsServiceAccountsSignBlobCall {
9262	c.ctx_ = ctx
9263	return c
9264}
9265
9266// Header returns an http.Header that can be modified by the caller to
9267// add HTTP headers to the request.
9268func (c *ProjectsServiceAccountsSignBlobCall) Header() http.Header {
9269	if c.header_ == nil {
9270		c.header_ = make(http.Header)
9271	}
9272	return c.header_
9273}
9274
9275func (c *ProjectsServiceAccountsSignBlobCall) doRequest(alt string) (*http.Response, error) {
9276	reqHeaders := make(http.Header)
9277	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
9278	for k, v := range c.header_ {
9279		reqHeaders[k] = v
9280	}
9281	reqHeaders.Set("User-Agent", c.s.userAgent())
9282	var body io.Reader = nil
9283	body, err := googleapi.WithoutDataWrapper.JSONReader(c.signblobrequest)
9284	if err != nil {
9285		return nil, err
9286	}
9287	reqHeaders.Set("Content-Type", "application/json")
9288	c.urlParams_.Set("alt", alt)
9289	c.urlParams_.Set("prettyPrint", "false")
9290	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:signBlob")
9291	urls += "?" + c.urlParams_.Encode()
9292	req, err := http.NewRequest("POST", urls, body)
9293	if err != nil {
9294		return nil, err
9295	}
9296	req.Header = reqHeaders
9297	googleapi.Expand(req.URL, map[string]string{
9298		"name": c.name,
9299	})
9300	return gensupport.SendRequest(c.ctx_, c.s.client, req)
9301}
9302
9303// Do executes the "iam.projects.serviceAccounts.signBlob" call.
9304// Exactly one of *SignBlobResponse or error will be non-nil. Any
9305// non-2xx status code is an error. Response headers are in either
9306// *SignBlobResponse.ServerResponse.Header or (if a response was
9307// returned at all) in error.(*googleapi.Error).Header. Use
9308// googleapi.IsNotModified to check whether the returned error was
9309// because http.StatusNotModified was returned.
9310func (c *ProjectsServiceAccountsSignBlobCall) Do(opts ...googleapi.CallOption) (*SignBlobResponse, error) {
9311	gensupport.SetOptions(c.urlParams_, opts...)
9312	res, err := c.doRequest("json")
9313	if res != nil && res.StatusCode == http.StatusNotModified {
9314		if res.Body != nil {
9315			res.Body.Close()
9316		}
9317		return nil, &googleapi.Error{
9318			Code:   res.StatusCode,
9319			Header: res.Header,
9320		}
9321	}
9322	if err != nil {
9323		return nil, err
9324	}
9325	defer googleapi.CloseBody(res)
9326	if err := googleapi.CheckResponse(res); err != nil {
9327		return nil, err
9328	}
9329	ret := &SignBlobResponse{
9330		ServerResponse: googleapi.ServerResponse{
9331			Header:         res.Header,
9332			HTTPStatusCode: res.StatusCode,
9333		},
9334	}
9335	target := &ret
9336	if err := gensupport.DecodeResponse(target, res); err != nil {
9337		return nil, err
9338	}
9339	return ret, nil
9340	// {
9341	//   "description": "**Note:** This method is deprecated. Use the [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob) method in the IAM Service Account Credentials API instead. If you currently use this method, see the [migration guide](https://cloud.google.com/iam/help/credentials/migrate-api) for instructions. Signs a blob using the system-managed private key for a ServiceAccount.",
9342	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signBlob",
9343	//   "httpMethod": "POST",
9344	//   "id": "iam.projects.serviceAccounts.signBlob",
9345	//   "parameterOrder": [
9346	//     "name"
9347	//   ],
9348	//   "parameters": {
9349	//     "name": {
9350	//       "description": "Required. Deprecated. [Migrate to Service Account Credentials API](https://cloud.google.com/iam/help/credentials/migrate-api). The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
9351	//       "location": "path",
9352	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
9353	//       "required": true,
9354	//       "type": "string"
9355	//     }
9356	//   },
9357	//   "path": "v1/{+name}:signBlob",
9358	//   "request": {
9359	//     "$ref": "SignBlobRequest"
9360	//   },
9361	//   "response": {
9362	//     "$ref": "SignBlobResponse"
9363	//   },
9364	//   "scopes": [
9365	//     "https://www.googleapis.com/auth/cloud-platform"
9366	//   ]
9367	// }
9368
9369}
9370
9371// method id "iam.projects.serviceAccounts.signJwt":
9372
9373type ProjectsServiceAccountsSignJwtCall struct {
9374	s              *Service
9375	name           string
9376	signjwtrequest *SignJwtRequest
9377	urlParams_     gensupport.URLParams
9378	ctx_           context.Context
9379	header_        http.Header
9380}
9381
9382// SignJwt: **Note:** This method is deprecated. Use the `signJwt`
9383// (https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt)
9384// method in the IAM Service Account Credentials API instead. If you
9385// currently use this method, see the migration guide
9386// (https://cloud.google.com/iam/help/credentials/migrate-api) for
9387// instructions. Signs a JSON Web Token (JWT) using the system-managed
9388// private key for a ServiceAccount.
9389//
9390// - name: Deprecated. Migrate to Service Account Credentials API
9391//   (https://cloud.google.com/iam/help/credentials/migrate-api). The
9392//   resource name of the service account in the following format:
9393//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a
9394//   wildcard for the `PROJECT_ID` will infer the project from the
9395//   account. The `ACCOUNT` value can be the `email` address or the
9396//   `unique_id` of the service account.
9397func (r *ProjectsServiceAccountsService) SignJwt(name string, signjwtrequest *SignJwtRequest) *ProjectsServiceAccountsSignJwtCall {
9398	c := &ProjectsServiceAccountsSignJwtCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9399	c.name = name
9400	c.signjwtrequest = signjwtrequest
9401	return c
9402}
9403
9404// Fields allows partial responses to be retrieved. See
9405// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
9406// for more information.
9407func (c *ProjectsServiceAccountsSignJwtCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsSignJwtCall {
9408	c.urlParams_.Set("fields", googleapi.CombineFields(s))
9409	return c
9410}
9411
9412// Context sets the context to be used in this call's Do method. Any
9413// pending HTTP request will be aborted if the provided context is
9414// canceled.
9415func (c *ProjectsServiceAccountsSignJwtCall) Context(ctx context.Context) *ProjectsServiceAccountsSignJwtCall {
9416	c.ctx_ = ctx
9417	return c
9418}
9419
9420// Header returns an http.Header that can be modified by the caller to
9421// add HTTP headers to the request.
9422func (c *ProjectsServiceAccountsSignJwtCall) Header() http.Header {
9423	if c.header_ == nil {
9424		c.header_ = make(http.Header)
9425	}
9426	return c.header_
9427}
9428
9429func (c *ProjectsServiceAccountsSignJwtCall) doRequest(alt string) (*http.Response, error) {
9430	reqHeaders := make(http.Header)
9431	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
9432	for k, v := range c.header_ {
9433		reqHeaders[k] = v
9434	}
9435	reqHeaders.Set("User-Agent", c.s.userAgent())
9436	var body io.Reader = nil
9437	body, err := googleapi.WithoutDataWrapper.JSONReader(c.signjwtrequest)
9438	if err != nil {
9439		return nil, err
9440	}
9441	reqHeaders.Set("Content-Type", "application/json")
9442	c.urlParams_.Set("alt", alt)
9443	c.urlParams_.Set("prettyPrint", "false")
9444	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:signJwt")
9445	urls += "?" + c.urlParams_.Encode()
9446	req, err := http.NewRequest("POST", urls, body)
9447	if err != nil {
9448		return nil, err
9449	}
9450	req.Header = reqHeaders
9451	googleapi.Expand(req.URL, map[string]string{
9452		"name": c.name,
9453	})
9454	return gensupport.SendRequest(c.ctx_, c.s.client, req)
9455}
9456
9457// Do executes the "iam.projects.serviceAccounts.signJwt" call.
9458// Exactly one of *SignJwtResponse or error will be non-nil. Any non-2xx
9459// status code is an error. Response headers are in either
9460// *SignJwtResponse.ServerResponse.Header or (if a response was returned
9461// at all) in error.(*googleapi.Error).Header. Use
9462// googleapi.IsNotModified to check whether the returned error was
9463// because http.StatusNotModified was returned.
9464func (c *ProjectsServiceAccountsSignJwtCall) Do(opts ...googleapi.CallOption) (*SignJwtResponse, error) {
9465	gensupport.SetOptions(c.urlParams_, opts...)
9466	res, err := c.doRequest("json")
9467	if res != nil && res.StatusCode == http.StatusNotModified {
9468		if res.Body != nil {
9469			res.Body.Close()
9470		}
9471		return nil, &googleapi.Error{
9472			Code:   res.StatusCode,
9473			Header: res.Header,
9474		}
9475	}
9476	if err != nil {
9477		return nil, err
9478	}
9479	defer googleapi.CloseBody(res)
9480	if err := googleapi.CheckResponse(res); err != nil {
9481		return nil, err
9482	}
9483	ret := &SignJwtResponse{
9484		ServerResponse: googleapi.ServerResponse{
9485			Header:         res.Header,
9486			HTTPStatusCode: res.StatusCode,
9487		},
9488	}
9489	target := &ret
9490	if err := gensupport.DecodeResponse(target, res); err != nil {
9491		return nil, err
9492	}
9493	return ret, nil
9494	// {
9495	//   "description": "**Note:** This method is deprecated. Use the [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt) method in the IAM Service Account Credentials API instead. If you currently use this method, see the [migration guide](https://cloud.google.com/iam/help/credentials/migrate-api) for instructions. Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.",
9496	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signJwt",
9497	//   "httpMethod": "POST",
9498	//   "id": "iam.projects.serviceAccounts.signJwt",
9499	//   "parameterOrder": [
9500	//     "name"
9501	//   ],
9502	//   "parameters": {
9503	//     "name": {
9504	//       "description": "Required. Deprecated. [Migrate to Service Account Credentials API](https://cloud.google.com/iam/help/credentials/migrate-api). The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
9505	//       "location": "path",
9506	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
9507	//       "required": true,
9508	//       "type": "string"
9509	//     }
9510	//   },
9511	//   "path": "v1/{+name}:signJwt",
9512	//   "request": {
9513	//     "$ref": "SignJwtRequest"
9514	//   },
9515	//   "response": {
9516	//     "$ref": "SignJwtResponse"
9517	//   },
9518	//   "scopes": [
9519	//     "https://www.googleapis.com/auth/cloud-platform"
9520	//   ]
9521	// }
9522
9523}
9524
9525// method id "iam.projects.serviceAccounts.testIamPermissions":
9526
9527type ProjectsServiceAccountsTestIamPermissionsCall struct {
9528	s                         *Service
9529	resource                  string
9530	testiampermissionsrequest *TestIamPermissionsRequest
9531	urlParams_                gensupport.URLParams
9532	ctx_                      context.Context
9533	header_                   http.Header
9534}
9535
9536// TestIamPermissions: Tests whether the caller has the specified
9537// permissions on a ServiceAccount.
9538//
9539// - resource: REQUIRED: The resource for which the policy detail is
9540//   being requested. See the operation documentation for the
9541//   appropriate value for this field.
9542func (r *ProjectsServiceAccountsService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsServiceAccountsTestIamPermissionsCall {
9543	c := &ProjectsServiceAccountsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9544	c.resource = resource
9545	c.testiampermissionsrequest = testiampermissionsrequest
9546	return c
9547}
9548
9549// Fields allows partial responses to be retrieved. See
9550// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
9551// for more information.
9552func (c *ProjectsServiceAccountsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsTestIamPermissionsCall {
9553	c.urlParams_.Set("fields", googleapi.CombineFields(s))
9554	return c
9555}
9556
9557// Context sets the context to be used in this call's Do method. Any
9558// pending HTTP request will be aborted if the provided context is
9559// canceled.
9560func (c *ProjectsServiceAccountsTestIamPermissionsCall) Context(ctx context.Context) *ProjectsServiceAccountsTestIamPermissionsCall {
9561	c.ctx_ = ctx
9562	return c
9563}
9564
9565// Header returns an http.Header that can be modified by the caller to
9566// add HTTP headers to the request.
9567func (c *ProjectsServiceAccountsTestIamPermissionsCall) Header() http.Header {
9568	if c.header_ == nil {
9569		c.header_ = make(http.Header)
9570	}
9571	return c.header_
9572}
9573
9574func (c *ProjectsServiceAccountsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
9575	reqHeaders := make(http.Header)
9576	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
9577	for k, v := range c.header_ {
9578		reqHeaders[k] = v
9579	}
9580	reqHeaders.Set("User-Agent", c.s.userAgent())
9581	var body io.Reader = nil
9582	body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest)
9583	if err != nil {
9584		return nil, err
9585	}
9586	reqHeaders.Set("Content-Type", "application/json")
9587	c.urlParams_.Set("alt", alt)
9588	c.urlParams_.Set("prettyPrint", "false")
9589	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions")
9590	urls += "?" + c.urlParams_.Encode()
9591	req, err := http.NewRequest("POST", urls, body)
9592	if err != nil {
9593		return nil, err
9594	}
9595	req.Header = reqHeaders
9596	googleapi.Expand(req.URL, map[string]string{
9597		"resource": c.resource,
9598	})
9599	return gensupport.SendRequest(c.ctx_, c.s.client, req)
9600}
9601
9602// Do executes the "iam.projects.serviceAccounts.testIamPermissions" call.
9603// Exactly one of *TestIamPermissionsResponse or error will be non-nil.
9604// Any non-2xx status code is an error. Response headers are in either
9605// *TestIamPermissionsResponse.ServerResponse.Header or (if a response
9606// was returned at all) in error.(*googleapi.Error).Header. Use
9607// googleapi.IsNotModified to check whether the returned error was
9608// because http.StatusNotModified was returned.
9609func (c *ProjectsServiceAccountsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) {
9610	gensupport.SetOptions(c.urlParams_, opts...)
9611	res, err := c.doRequest("json")
9612	if res != nil && res.StatusCode == http.StatusNotModified {
9613		if res.Body != nil {
9614			res.Body.Close()
9615		}
9616		return nil, &googleapi.Error{
9617			Code:   res.StatusCode,
9618			Header: res.Header,
9619		}
9620	}
9621	if err != nil {
9622		return nil, err
9623	}
9624	defer googleapi.CloseBody(res)
9625	if err := googleapi.CheckResponse(res); err != nil {
9626		return nil, err
9627	}
9628	ret := &TestIamPermissionsResponse{
9629		ServerResponse: googleapi.ServerResponse{
9630			Header:         res.Header,
9631			HTTPStatusCode: res.StatusCode,
9632		},
9633	}
9634	target := &ret
9635	if err := gensupport.DecodeResponse(target, res); err != nil {
9636		return nil, err
9637	}
9638	return ret, nil
9639	// {
9640	//   "description": "Tests whether the caller has the specified permissions on a ServiceAccount.",
9641	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:testIamPermissions",
9642	//   "httpMethod": "POST",
9643	//   "id": "iam.projects.serviceAccounts.testIamPermissions",
9644	//   "parameterOrder": [
9645	//     "resource"
9646	//   ],
9647	//   "parameters": {
9648	//     "resource": {
9649	//       "description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.",
9650	//       "location": "path",
9651	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
9652	//       "required": true,
9653	//       "type": "string"
9654	//     }
9655	//   },
9656	//   "path": "v1/{+resource}:testIamPermissions",
9657	//   "request": {
9658	//     "$ref": "TestIamPermissionsRequest"
9659	//   },
9660	//   "response": {
9661	//     "$ref": "TestIamPermissionsResponse"
9662	//   },
9663	//   "scopes": [
9664	//     "https://www.googleapis.com/auth/cloud-platform"
9665	//   ]
9666	// }
9667
9668}
9669
9670// method id "iam.projects.serviceAccounts.undelete":
9671
9672type ProjectsServiceAccountsUndeleteCall struct {
9673	s                             *Service
9674	name                          string
9675	undeleteserviceaccountrequest *UndeleteServiceAccountRequest
9676	urlParams_                    gensupport.URLParams
9677	ctx_                          context.Context
9678	header_                       http.Header
9679}
9680
9681// Undelete: Restores a deleted ServiceAccount. **Important:** It is not
9682// always possible to restore a deleted service account. Use this method
9683// only as a last resort. After you delete a service account, IAM
9684// permanently removes the service account 30 days later. There is no
9685// way to restore a deleted service account that has been permanently
9686// removed.
9687//
9688// - name: The resource name of the service account in the following
9689//   format:
9690//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_UNIQUE_ID}`. Using
9691//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
9692//   the account.
9693func (r *ProjectsServiceAccountsService) Undelete(name string, undeleteserviceaccountrequest *UndeleteServiceAccountRequest) *ProjectsServiceAccountsUndeleteCall {
9694	c := &ProjectsServiceAccountsUndeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9695	c.name = name
9696	c.undeleteserviceaccountrequest = undeleteserviceaccountrequest
9697	return c
9698}
9699
9700// Fields allows partial responses to be retrieved. See
9701// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
9702// for more information.
9703func (c *ProjectsServiceAccountsUndeleteCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsUndeleteCall {
9704	c.urlParams_.Set("fields", googleapi.CombineFields(s))
9705	return c
9706}
9707
9708// Context sets the context to be used in this call's Do method. Any
9709// pending HTTP request will be aborted if the provided context is
9710// canceled.
9711func (c *ProjectsServiceAccountsUndeleteCall) Context(ctx context.Context) *ProjectsServiceAccountsUndeleteCall {
9712	c.ctx_ = ctx
9713	return c
9714}
9715
9716// Header returns an http.Header that can be modified by the caller to
9717// add HTTP headers to the request.
9718func (c *ProjectsServiceAccountsUndeleteCall) Header() http.Header {
9719	if c.header_ == nil {
9720		c.header_ = make(http.Header)
9721	}
9722	return c.header_
9723}
9724
9725func (c *ProjectsServiceAccountsUndeleteCall) doRequest(alt string) (*http.Response, error) {
9726	reqHeaders := make(http.Header)
9727	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
9728	for k, v := range c.header_ {
9729		reqHeaders[k] = v
9730	}
9731	reqHeaders.Set("User-Agent", c.s.userAgent())
9732	var body io.Reader = nil
9733	body, err := googleapi.WithoutDataWrapper.JSONReader(c.undeleteserviceaccountrequest)
9734	if err != nil {
9735		return nil, err
9736	}
9737	reqHeaders.Set("Content-Type", "application/json")
9738	c.urlParams_.Set("alt", alt)
9739	c.urlParams_.Set("prettyPrint", "false")
9740	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:undelete")
9741	urls += "?" + c.urlParams_.Encode()
9742	req, err := http.NewRequest("POST", urls, body)
9743	if err != nil {
9744		return nil, err
9745	}
9746	req.Header = reqHeaders
9747	googleapi.Expand(req.URL, map[string]string{
9748		"name": c.name,
9749	})
9750	return gensupport.SendRequest(c.ctx_, c.s.client, req)
9751}
9752
9753// Do executes the "iam.projects.serviceAccounts.undelete" call.
9754// Exactly one of *UndeleteServiceAccountResponse or error will be
9755// non-nil. Any non-2xx status code is an error. Response headers are in
9756// either *UndeleteServiceAccountResponse.ServerResponse.Header or (if a
9757// response was returned at all) in error.(*googleapi.Error).Header. Use
9758// googleapi.IsNotModified to check whether the returned error was
9759// because http.StatusNotModified was returned.
9760func (c *ProjectsServiceAccountsUndeleteCall) Do(opts ...googleapi.CallOption) (*UndeleteServiceAccountResponse, error) {
9761	gensupport.SetOptions(c.urlParams_, opts...)
9762	res, err := c.doRequest("json")
9763	if res != nil && res.StatusCode == http.StatusNotModified {
9764		if res.Body != nil {
9765			res.Body.Close()
9766		}
9767		return nil, &googleapi.Error{
9768			Code:   res.StatusCode,
9769			Header: res.Header,
9770		}
9771	}
9772	if err != nil {
9773		return nil, err
9774	}
9775	defer googleapi.CloseBody(res)
9776	if err := googleapi.CheckResponse(res); err != nil {
9777		return nil, err
9778	}
9779	ret := &UndeleteServiceAccountResponse{
9780		ServerResponse: googleapi.ServerResponse{
9781			Header:         res.Header,
9782			HTTPStatusCode: res.StatusCode,
9783		},
9784	}
9785	target := &ret
9786	if err := gensupport.DecodeResponse(target, res); err != nil {
9787		return nil, err
9788	}
9789	return ret, nil
9790	// {
9791	//   "description": "Restores a deleted ServiceAccount. **Important:** It is not always possible to restore a deleted service account. Use this method only as a last resort. After you delete a service account, IAM permanently removes the service account 30 days later. There is no way to restore a deleted service account that has been permanently removed.",
9792	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:undelete",
9793	//   "httpMethod": "POST",
9794	//   "id": "iam.projects.serviceAccounts.undelete",
9795	//   "parameterOrder": [
9796	//     "name"
9797	//   ],
9798	//   "parameters": {
9799	//     "name": {
9800	//       "description": "The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_UNIQUE_ID}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account.",
9801	//       "location": "path",
9802	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
9803	//       "required": true,
9804	//       "type": "string"
9805	//     }
9806	//   },
9807	//   "path": "v1/{+name}:undelete",
9808	//   "request": {
9809	//     "$ref": "UndeleteServiceAccountRequest"
9810	//   },
9811	//   "response": {
9812	//     "$ref": "UndeleteServiceAccountResponse"
9813	//   },
9814	//   "scopes": [
9815	//     "https://www.googleapis.com/auth/cloud-platform"
9816	//   ]
9817	// }
9818
9819}
9820
9821// method id "iam.projects.serviceAccounts.update":
9822
9823type ProjectsServiceAccountsUpdateCall struct {
9824	s              *Service
9825	name           string
9826	serviceaccount *ServiceAccount
9827	urlParams_     gensupport.URLParams
9828	ctx_           context.Context
9829	header_        http.Header
9830}
9831
9832// Update: **Note:** We are in the process of deprecating this method.
9833// Use PatchServiceAccount instead. Updates a ServiceAccount. You can
9834// update only the `display_name` and `description` fields.
9835//
9836// - name: The resource name of the service account. Use one of the
9837//   following formats: *
9838//   `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` *
9839//   `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an
9840//   alternative, you can use the `-` wildcard character instead of the
9841//   project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` *
9842//   `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using
9843//   the `-` wildcard character, because it can cause response messages
9844//   to contain misleading error codes. For example, if you try to get
9845//   the service account `projects/-/serviceAccounts/fake@example.com`,
9846//   which does not exist, the response contains an HTTP `403 Forbidden`
9847//   error instead of a `404 Not Found` error.
9848func (r *ProjectsServiceAccountsService) Update(name string, serviceaccount *ServiceAccount) *ProjectsServiceAccountsUpdateCall {
9849	c := &ProjectsServiceAccountsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9850	c.name = name
9851	c.serviceaccount = serviceaccount
9852	return c
9853}
9854
9855// Fields allows partial responses to be retrieved. See
9856// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
9857// for more information.
9858func (c *ProjectsServiceAccountsUpdateCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsUpdateCall {
9859	c.urlParams_.Set("fields", googleapi.CombineFields(s))
9860	return c
9861}
9862
9863// Context sets the context to be used in this call's Do method. Any
9864// pending HTTP request will be aborted if the provided context is
9865// canceled.
9866func (c *ProjectsServiceAccountsUpdateCall) Context(ctx context.Context) *ProjectsServiceAccountsUpdateCall {
9867	c.ctx_ = ctx
9868	return c
9869}
9870
9871// Header returns an http.Header that can be modified by the caller to
9872// add HTTP headers to the request.
9873func (c *ProjectsServiceAccountsUpdateCall) Header() http.Header {
9874	if c.header_ == nil {
9875		c.header_ = make(http.Header)
9876	}
9877	return c.header_
9878}
9879
9880func (c *ProjectsServiceAccountsUpdateCall) doRequest(alt string) (*http.Response, error) {
9881	reqHeaders := make(http.Header)
9882	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
9883	for k, v := range c.header_ {
9884		reqHeaders[k] = v
9885	}
9886	reqHeaders.Set("User-Agent", c.s.userAgent())
9887	var body io.Reader = nil
9888	body, err := googleapi.WithoutDataWrapper.JSONReader(c.serviceaccount)
9889	if err != nil {
9890		return nil, err
9891	}
9892	reqHeaders.Set("Content-Type", "application/json")
9893	c.urlParams_.Set("alt", alt)
9894	c.urlParams_.Set("prettyPrint", "false")
9895	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
9896	urls += "?" + c.urlParams_.Encode()
9897	req, err := http.NewRequest("PUT", urls, body)
9898	if err != nil {
9899		return nil, err
9900	}
9901	req.Header = reqHeaders
9902	googleapi.Expand(req.URL, map[string]string{
9903		"name": c.name,
9904	})
9905	return gensupport.SendRequest(c.ctx_, c.s.client, req)
9906}
9907
9908// Do executes the "iam.projects.serviceAccounts.update" call.
9909// Exactly one of *ServiceAccount or error will be non-nil. Any non-2xx
9910// status code is an error. Response headers are in either
9911// *ServiceAccount.ServerResponse.Header or (if a response was returned
9912// at all) in error.(*googleapi.Error).Header. Use
9913// googleapi.IsNotModified to check whether the returned error was
9914// because http.StatusNotModified was returned.
9915func (c *ProjectsServiceAccountsUpdateCall) Do(opts ...googleapi.CallOption) (*ServiceAccount, error) {
9916	gensupport.SetOptions(c.urlParams_, opts...)
9917	res, err := c.doRequest("json")
9918	if res != nil && res.StatusCode == http.StatusNotModified {
9919		if res.Body != nil {
9920			res.Body.Close()
9921		}
9922		return nil, &googleapi.Error{
9923			Code:   res.StatusCode,
9924			Header: res.Header,
9925		}
9926	}
9927	if err != nil {
9928		return nil, err
9929	}
9930	defer googleapi.CloseBody(res)
9931	if err := googleapi.CheckResponse(res); err != nil {
9932		return nil, err
9933	}
9934	ret := &ServiceAccount{
9935		ServerResponse: googleapi.ServerResponse{
9936			Header:         res.Header,
9937			HTTPStatusCode: res.StatusCode,
9938		},
9939	}
9940	target := &ret
9941	if err := gensupport.DecodeResponse(target, res); err != nil {
9942		return nil, err
9943	}
9944	return ret, nil
9945	// {
9946	//   "description": "**Note:** We are in the process of deprecating this method. Use PatchServiceAccount instead. Updates a ServiceAccount. You can update only the `display_name` and `description` fields.",
9947	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}",
9948	//   "httpMethod": "PUT",
9949	//   "id": "iam.projects.serviceAccounts.update",
9950	//   "parameterOrder": [
9951	//     "name"
9952	//   ],
9953	//   "parameters": {
9954	//     "name": {
9955	//       "description": "The resource name of the service account. Use one of the following formats: * `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` * `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the `-` wildcard character instead of the project ID: * `projects/-/serviceAccounts/{EMAIL_ADDRESS}` * `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the `-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to get the service account `projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP `403 Forbidden` error instead of a `404 Not Found` error.",
9956	//       "location": "path",
9957	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
9958	//       "required": true,
9959	//       "type": "string"
9960	//     }
9961	//   },
9962	//   "path": "v1/{+name}",
9963	//   "request": {
9964	//     "$ref": "ServiceAccount"
9965	//   },
9966	//   "response": {
9967	//     "$ref": "ServiceAccount"
9968	//   },
9969	//   "scopes": [
9970	//     "https://www.googleapis.com/auth/cloud-platform"
9971	//   ]
9972	// }
9973
9974}
9975
9976// method id "iam.projects.serviceAccounts.keys.create":
9977
9978type ProjectsServiceAccountsKeysCreateCall struct {
9979	s                              *Service
9980	name                           string
9981	createserviceaccountkeyrequest *CreateServiceAccountKeyRequest
9982	urlParams_                     gensupport.URLParams
9983	ctx_                           context.Context
9984	header_                        http.Header
9985}
9986
9987// Create: Creates a ServiceAccountKey.
9988//
9989// - name: The resource name of the service account in the following
9990//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
9991//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
9992//   the account. The `ACCOUNT` value can be the `email` address or the
9993//   `unique_id` of the service account.
9994func (r *ProjectsServiceAccountsKeysService) Create(name string, createserviceaccountkeyrequest *CreateServiceAccountKeyRequest) *ProjectsServiceAccountsKeysCreateCall {
9995	c := &ProjectsServiceAccountsKeysCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
9996	c.name = name
9997	c.createserviceaccountkeyrequest = createserviceaccountkeyrequest
9998	return c
9999}
10000
10001// Fields allows partial responses to be retrieved. See
10002// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
10003// for more information.
10004func (c *ProjectsServiceAccountsKeysCreateCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysCreateCall {
10005	c.urlParams_.Set("fields", googleapi.CombineFields(s))
10006	return c
10007}
10008
10009// Context sets the context to be used in this call's Do method. Any
10010// pending HTTP request will be aborted if the provided context is
10011// canceled.
10012func (c *ProjectsServiceAccountsKeysCreateCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysCreateCall {
10013	c.ctx_ = ctx
10014	return c
10015}
10016
10017// Header returns an http.Header that can be modified by the caller to
10018// add HTTP headers to the request.
10019func (c *ProjectsServiceAccountsKeysCreateCall) Header() http.Header {
10020	if c.header_ == nil {
10021		c.header_ = make(http.Header)
10022	}
10023	return c.header_
10024}
10025
10026func (c *ProjectsServiceAccountsKeysCreateCall) doRequest(alt string) (*http.Response, error) {
10027	reqHeaders := make(http.Header)
10028	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
10029	for k, v := range c.header_ {
10030		reqHeaders[k] = v
10031	}
10032	reqHeaders.Set("User-Agent", c.s.userAgent())
10033	var body io.Reader = nil
10034	body, err := googleapi.WithoutDataWrapper.JSONReader(c.createserviceaccountkeyrequest)
10035	if err != nil {
10036		return nil, err
10037	}
10038	reqHeaders.Set("Content-Type", "application/json")
10039	c.urlParams_.Set("alt", alt)
10040	c.urlParams_.Set("prettyPrint", "false")
10041	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/keys")
10042	urls += "?" + c.urlParams_.Encode()
10043	req, err := http.NewRequest("POST", urls, body)
10044	if err != nil {
10045		return nil, err
10046	}
10047	req.Header = reqHeaders
10048	googleapi.Expand(req.URL, map[string]string{
10049		"name": c.name,
10050	})
10051	return gensupport.SendRequest(c.ctx_, c.s.client, req)
10052}
10053
10054// Do executes the "iam.projects.serviceAccounts.keys.create" call.
10055// Exactly one of *ServiceAccountKey or error will be non-nil. Any
10056// non-2xx status code is an error. Response headers are in either
10057// *ServiceAccountKey.ServerResponse.Header or (if a response was
10058// returned at all) in error.(*googleapi.Error).Header. Use
10059// googleapi.IsNotModified to check whether the returned error was
10060// because http.StatusNotModified was returned.
10061func (c *ProjectsServiceAccountsKeysCreateCall) Do(opts ...googleapi.CallOption) (*ServiceAccountKey, error) {
10062	gensupport.SetOptions(c.urlParams_, opts...)
10063	res, err := c.doRequest("json")
10064	if res != nil && res.StatusCode == http.StatusNotModified {
10065		if res.Body != nil {
10066			res.Body.Close()
10067		}
10068		return nil, &googleapi.Error{
10069			Code:   res.StatusCode,
10070			Header: res.Header,
10071		}
10072	}
10073	if err != nil {
10074		return nil, err
10075	}
10076	defer googleapi.CloseBody(res)
10077	if err := googleapi.CheckResponse(res); err != nil {
10078		return nil, err
10079	}
10080	ret := &ServiceAccountKey{
10081		ServerResponse: googleapi.ServerResponse{
10082			Header:         res.Header,
10083			HTTPStatusCode: res.StatusCode,
10084		},
10085	}
10086	target := &ret
10087	if err := gensupport.DecodeResponse(target, res); err != nil {
10088		return nil, err
10089	}
10090	return ret, nil
10091	// {
10092	//   "description": "Creates a ServiceAccountKey.",
10093	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys",
10094	//   "httpMethod": "POST",
10095	//   "id": "iam.projects.serviceAccounts.keys.create",
10096	//   "parameterOrder": [
10097	//     "name"
10098	//   ],
10099	//   "parameters": {
10100	//     "name": {
10101	//       "description": "Required. The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
10102	//       "location": "path",
10103	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
10104	//       "required": true,
10105	//       "type": "string"
10106	//     }
10107	//   },
10108	//   "path": "v1/{+name}/keys",
10109	//   "request": {
10110	//     "$ref": "CreateServiceAccountKeyRequest"
10111	//   },
10112	//   "response": {
10113	//     "$ref": "ServiceAccountKey"
10114	//   },
10115	//   "scopes": [
10116	//     "https://www.googleapis.com/auth/cloud-platform"
10117	//   ]
10118	// }
10119
10120}
10121
10122// method id "iam.projects.serviceAccounts.keys.delete":
10123
10124type ProjectsServiceAccountsKeysDeleteCall struct {
10125	s          *Service
10126	name       string
10127	urlParams_ gensupport.URLParams
10128	ctx_       context.Context
10129	header_    http.Header
10130}
10131
10132// Delete: Deletes a ServiceAccountKey. Deleting a service account key
10133// does not revoke short-lived credentials that have been issued based
10134// on the service account key.
10135//
10136// - name: The resource name of the service account key in the following
10137//   format:
10138//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using
10139//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
10140//   the account. The `ACCOUNT` value can be the `email` address or the
10141//   `unique_id` of the service account.
10142func (r *ProjectsServiceAccountsKeysService) Delete(name string) *ProjectsServiceAccountsKeysDeleteCall {
10143	c := &ProjectsServiceAccountsKeysDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
10144	c.name = name
10145	return c
10146}
10147
10148// Fields allows partial responses to be retrieved. See
10149// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
10150// for more information.
10151func (c *ProjectsServiceAccountsKeysDeleteCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysDeleteCall {
10152	c.urlParams_.Set("fields", googleapi.CombineFields(s))
10153	return c
10154}
10155
10156// Context sets the context to be used in this call's Do method. Any
10157// pending HTTP request will be aborted if the provided context is
10158// canceled.
10159func (c *ProjectsServiceAccountsKeysDeleteCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysDeleteCall {
10160	c.ctx_ = ctx
10161	return c
10162}
10163
10164// Header returns an http.Header that can be modified by the caller to
10165// add HTTP headers to the request.
10166func (c *ProjectsServiceAccountsKeysDeleteCall) Header() http.Header {
10167	if c.header_ == nil {
10168		c.header_ = make(http.Header)
10169	}
10170	return c.header_
10171}
10172
10173func (c *ProjectsServiceAccountsKeysDeleteCall) doRequest(alt string) (*http.Response, error) {
10174	reqHeaders := make(http.Header)
10175	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
10176	for k, v := range c.header_ {
10177		reqHeaders[k] = v
10178	}
10179	reqHeaders.Set("User-Agent", c.s.userAgent())
10180	var body io.Reader = nil
10181	c.urlParams_.Set("alt", alt)
10182	c.urlParams_.Set("prettyPrint", "false")
10183	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
10184	urls += "?" + c.urlParams_.Encode()
10185	req, err := http.NewRequest("DELETE", urls, body)
10186	if err != nil {
10187		return nil, err
10188	}
10189	req.Header = reqHeaders
10190	googleapi.Expand(req.URL, map[string]string{
10191		"name": c.name,
10192	})
10193	return gensupport.SendRequest(c.ctx_, c.s.client, req)
10194}
10195
10196// Do executes the "iam.projects.serviceAccounts.keys.delete" call.
10197// Exactly one of *Empty or error will be non-nil. Any non-2xx status
10198// code is an error. Response headers are in either
10199// *Empty.ServerResponse.Header or (if a response was returned at all)
10200// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
10201// check whether the returned error was because http.StatusNotModified
10202// was returned.
10203func (c *ProjectsServiceAccountsKeysDeleteCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
10204	gensupport.SetOptions(c.urlParams_, opts...)
10205	res, err := c.doRequest("json")
10206	if res != nil && res.StatusCode == http.StatusNotModified {
10207		if res.Body != nil {
10208			res.Body.Close()
10209		}
10210		return nil, &googleapi.Error{
10211			Code:   res.StatusCode,
10212			Header: res.Header,
10213		}
10214	}
10215	if err != nil {
10216		return nil, err
10217	}
10218	defer googleapi.CloseBody(res)
10219	if err := googleapi.CheckResponse(res); err != nil {
10220		return nil, err
10221	}
10222	ret := &Empty{
10223		ServerResponse: googleapi.ServerResponse{
10224			Header:         res.Header,
10225			HTTPStatusCode: res.StatusCode,
10226		},
10227	}
10228	target := &ret
10229	if err := gensupport.DecodeResponse(target, res); err != nil {
10230		return nil, err
10231	}
10232	return ret, nil
10233	// {
10234	//   "description": "Deletes a ServiceAccountKey. Deleting a service account key does not revoke short-lived credentials that have been issued based on the service account key.",
10235	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}",
10236	//   "httpMethod": "DELETE",
10237	//   "id": "iam.projects.serviceAccounts.keys.delete",
10238	//   "parameterOrder": [
10239	//     "name"
10240	//   ],
10241	//   "parameters": {
10242	//     "name": {
10243	//       "description": "Required. The resource name of the service account key in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
10244	//       "location": "path",
10245	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$",
10246	//       "required": true,
10247	//       "type": "string"
10248	//     }
10249	//   },
10250	//   "path": "v1/{+name}",
10251	//   "response": {
10252	//     "$ref": "Empty"
10253	//   },
10254	//   "scopes": [
10255	//     "https://www.googleapis.com/auth/cloud-platform"
10256	//   ]
10257	// }
10258
10259}
10260
10261// method id "iam.projects.serviceAccounts.keys.disable":
10262
10263type ProjectsServiceAccountsKeysDisableCall struct {
10264	s                               *Service
10265	name                            string
10266	disableserviceaccountkeyrequest *DisableServiceAccountKeyRequest
10267	urlParams_                      gensupport.URLParams
10268	ctx_                            context.Context
10269	header_                         http.Header
10270}
10271
10272// Disable: Disable a ServiceAccountKey. A disabled service account key
10273// can be enabled through EnableServiceAccountKey.
10274//
10275// - name: The resource name of the service account key in the following
10276//   format:
10277//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using
10278//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
10279//   the account. The `ACCOUNT` value can be the `email` address or the
10280//   `unique_id` of the service account.
10281func (r *ProjectsServiceAccountsKeysService) Disable(name string, disableserviceaccountkeyrequest *DisableServiceAccountKeyRequest) *ProjectsServiceAccountsKeysDisableCall {
10282	c := &ProjectsServiceAccountsKeysDisableCall{s: r.s, urlParams_: make(gensupport.URLParams)}
10283	c.name = name
10284	c.disableserviceaccountkeyrequest = disableserviceaccountkeyrequest
10285	return c
10286}
10287
10288// Fields allows partial responses to be retrieved. See
10289// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
10290// for more information.
10291func (c *ProjectsServiceAccountsKeysDisableCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysDisableCall {
10292	c.urlParams_.Set("fields", googleapi.CombineFields(s))
10293	return c
10294}
10295
10296// Context sets the context to be used in this call's Do method. Any
10297// pending HTTP request will be aborted if the provided context is
10298// canceled.
10299func (c *ProjectsServiceAccountsKeysDisableCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysDisableCall {
10300	c.ctx_ = ctx
10301	return c
10302}
10303
10304// Header returns an http.Header that can be modified by the caller to
10305// add HTTP headers to the request.
10306func (c *ProjectsServiceAccountsKeysDisableCall) Header() http.Header {
10307	if c.header_ == nil {
10308		c.header_ = make(http.Header)
10309	}
10310	return c.header_
10311}
10312
10313func (c *ProjectsServiceAccountsKeysDisableCall) doRequest(alt string) (*http.Response, error) {
10314	reqHeaders := make(http.Header)
10315	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
10316	for k, v := range c.header_ {
10317		reqHeaders[k] = v
10318	}
10319	reqHeaders.Set("User-Agent", c.s.userAgent())
10320	var body io.Reader = nil
10321	body, err := googleapi.WithoutDataWrapper.JSONReader(c.disableserviceaccountkeyrequest)
10322	if err != nil {
10323		return nil, err
10324	}
10325	reqHeaders.Set("Content-Type", "application/json")
10326	c.urlParams_.Set("alt", alt)
10327	c.urlParams_.Set("prettyPrint", "false")
10328	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:disable")
10329	urls += "?" + c.urlParams_.Encode()
10330	req, err := http.NewRequest("POST", urls, body)
10331	if err != nil {
10332		return nil, err
10333	}
10334	req.Header = reqHeaders
10335	googleapi.Expand(req.URL, map[string]string{
10336		"name": c.name,
10337	})
10338	return gensupport.SendRequest(c.ctx_, c.s.client, req)
10339}
10340
10341// Do executes the "iam.projects.serviceAccounts.keys.disable" call.
10342// Exactly one of *Empty or error will be non-nil. Any non-2xx status
10343// code is an error. Response headers are in either
10344// *Empty.ServerResponse.Header or (if a response was returned at all)
10345// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
10346// check whether the returned error was because http.StatusNotModified
10347// was returned.
10348func (c *ProjectsServiceAccountsKeysDisableCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
10349	gensupport.SetOptions(c.urlParams_, opts...)
10350	res, err := c.doRequest("json")
10351	if res != nil && res.StatusCode == http.StatusNotModified {
10352		if res.Body != nil {
10353			res.Body.Close()
10354		}
10355		return nil, &googleapi.Error{
10356			Code:   res.StatusCode,
10357			Header: res.Header,
10358		}
10359	}
10360	if err != nil {
10361		return nil, err
10362	}
10363	defer googleapi.CloseBody(res)
10364	if err := googleapi.CheckResponse(res); err != nil {
10365		return nil, err
10366	}
10367	ret := &Empty{
10368		ServerResponse: googleapi.ServerResponse{
10369			Header:         res.Header,
10370			HTTPStatusCode: res.StatusCode,
10371		},
10372	}
10373	target := &ret
10374	if err := gensupport.DecodeResponse(target, res); err != nil {
10375		return nil, err
10376	}
10377	return ret, nil
10378	// {
10379	//   "description": "Disable a ServiceAccountKey. A disabled service account key can be enabled through EnableServiceAccountKey.",
10380	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}:disable",
10381	//   "httpMethod": "POST",
10382	//   "id": "iam.projects.serviceAccounts.keys.disable",
10383	//   "parameterOrder": [
10384	//     "name"
10385	//   ],
10386	//   "parameters": {
10387	//     "name": {
10388	//       "description": "Required. The resource name of the service account key in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
10389	//       "location": "path",
10390	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$",
10391	//       "required": true,
10392	//       "type": "string"
10393	//     }
10394	//   },
10395	//   "path": "v1/{+name}:disable",
10396	//   "request": {
10397	//     "$ref": "DisableServiceAccountKeyRequest"
10398	//   },
10399	//   "response": {
10400	//     "$ref": "Empty"
10401	//   },
10402	//   "scopes": [
10403	//     "https://www.googleapis.com/auth/cloud-platform"
10404	//   ]
10405	// }
10406
10407}
10408
10409// method id "iam.projects.serviceAccounts.keys.enable":
10410
10411type ProjectsServiceAccountsKeysEnableCall struct {
10412	s                              *Service
10413	name                           string
10414	enableserviceaccountkeyrequest *EnableServiceAccountKeyRequest
10415	urlParams_                     gensupport.URLParams
10416	ctx_                           context.Context
10417	header_                        http.Header
10418}
10419
10420// Enable: Enable a ServiceAccountKey.
10421//
10422// - name: The resource name of the service account key in the following
10423//   format:
10424//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using
10425//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
10426//   the account. The `ACCOUNT` value can be the `email` address or the
10427//   `unique_id` of the service account.
10428func (r *ProjectsServiceAccountsKeysService) Enable(name string, enableserviceaccountkeyrequest *EnableServiceAccountKeyRequest) *ProjectsServiceAccountsKeysEnableCall {
10429	c := &ProjectsServiceAccountsKeysEnableCall{s: r.s, urlParams_: make(gensupport.URLParams)}
10430	c.name = name
10431	c.enableserviceaccountkeyrequest = enableserviceaccountkeyrequest
10432	return c
10433}
10434
10435// Fields allows partial responses to be retrieved. See
10436// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
10437// for more information.
10438func (c *ProjectsServiceAccountsKeysEnableCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysEnableCall {
10439	c.urlParams_.Set("fields", googleapi.CombineFields(s))
10440	return c
10441}
10442
10443// Context sets the context to be used in this call's Do method. Any
10444// pending HTTP request will be aborted if the provided context is
10445// canceled.
10446func (c *ProjectsServiceAccountsKeysEnableCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysEnableCall {
10447	c.ctx_ = ctx
10448	return c
10449}
10450
10451// Header returns an http.Header that can be modified by the caller to
10452// add HTTP headers to the request.
10453func (c *ProjectsServiceAccountsKeysEnableCall) Header() http.Header {
10454	if c.header_ == nil {
10455		c.header_ = make(http.Header)
10456	}
10457	return c.header_
10458}
10459
10460func (c *ProjectsServiceAccountsKeysEnableCall) doRequest(alt string) (*http.Response, error) {
10461	reqHeaders := make(http.Header)
10462	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
10463	for k, v := range c.header_ {
10464		reqHeaders[k] = v
10465	}
10466	reqHeaders.Set("User-Agent", c.s.userAgent())
10467	var body io.Reader = nil
10468	body, err := googleapi.WithoutDataWrapper.JSONReader(c.enableserviceaccountkeyrequest)
10469	if err != nil {
10470		return nil, err
10471	}
10472	reqHeaders.Set("Content-Type", "application/json")
10473	c.urlParams_.Set("alt", alt)
10474	c.urlParams_.Set("prettyPrint", "false")
10475	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}:enable")
10476	urls += "?" + c.urlParams_.Encode()
10477	req, err := http.NewRequest("POST", urls, body)
10478	if err != nil {
10479		return nil, err
10480	}
10481	req.Header = reqHeaders
10482	googleapi.Expand(req.URL, map[string]string{
10483		"name": c.name,
10484	})
10485	return gensupport.SendRequest(c.ctx_, c.s.client, req)
10486}
10487
10488// Do executes the "iam.projects.serviceAccounts.keys.enable" call.
10489// Exactly one of *Empty or error will be non-nil. Any non-2xx status
10490// code is an error. Response headers are in either
10491// *Empty.ServerResponse.Header or (if a response was returned at all)
10492// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to
10493// check whether the returned error was because http.StatusNotModified
10494// was returned.
10495func (c *ProjectsServiceAccountsKeysEnableCall) Do(opts ...googleapi.CallOption) (*Empty, error) {
10496	gensupport.SetOptions(c.urlParams_, opts...)
10497	res, err := c.doRequest("json")
10498	if res != nil && res.StatusCode == http.StatusNotModified {
10499		if res.Body != nil {
10500			res.Body.Close()
10501		}
10502		return nil, &googleapi.Error{
10503			Code:   res.StatusCode,
10504			Header: res.Header,
10505		}
10506	}
10507	if err != nil {
10508		return nil, err
10509	}
10510	defer googleapi.CloseBody(res)
10511	if err := googleapi.CheckResponse(res); err != nil {
10512		return nil, err
10513	}
10514	ret := &Empty{
10515		ServerResponse: googleapi.ServerResponse{
10516			Header:         res.Header,
10517			HTTPStatusCode: res.StatusCode,
10518		},
10519	}
10520	target := &ret
10521	if err := gensupport.DecodeResponse(target, res); err != nil {
10522		return nil, err
10523	}
10524	return ret, nil
10525	// {
10526	//   "description": "Enable a ServiceAccountKey.",
10527	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}:enable",
10528	//   "httpMethod": "POST",
10529	//   "id": "iam.projects.serviceAccounts.keys.enable",
10530	//   "parameterOrder": [
10531	//     "name"
10532	//   ],
10533	//   "parameters": {
10534	//     "name": {
10535	//       "description": "Required. The resource name of the service account key in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
10536	//       "location": "path",
10537	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$",
10538	//       "required": true,
10539	//       "type": "string"
10540	//     }
10541	//   },
10542	//   "path": "v1/{+name}:enable",
10543	//   "request": {
10544	//     "$ref": "EnableServiceAccountKeyRequest"
10545	//   },
10546	//   "response": {
10547	//     "$ref": "Empty"
10548	//   },
10549	//   "scopes": [
10550	//     "https://www.googleapis.com/auth/cloud-platform"
10551	//   ]
10552	// }
10553
10554}
10555
10556// method id "iam.projects.serviceAccounts.keys.get":
10557
10558type ProjectsServiceAccountsKeysGetCall struct {
10559	s            *Service
10560	name         string
10561	urlParams_   gensupport.URLParams
10562	ifNoneMatch_ string
10563	ctx_         context.Context
10564	header_      http.Header
10565}
10566
10567// Get: Gets a ServiceAccountKey.
10568//
10569// - name: The resource name of the service account key in the following
10570//   format:
10571//   `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using
10572//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
10573//   the account. The `ACCOUNT` value can be the `email` address or the
10574//   `unique_id` of the service account.
10575func (r *ProjectsServiceAccountsKeysService) Get(name string) *ProjectsServiceAccountsKeysGetCall {
10576	c := &ProjectsServiceAccountsKeysGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
10577	c.name = name
10578	return c
10579}
10580
10581// PublicKeyType sets the optional parameter "publicKeyType": The output
10582// format of the public key requested. X509_PEM is the default output
10583// format.
10584//
10585// Possible values:
10586//   "TYPE_NONE" - Unspecified. Returns nothing here.
10587//   "TYPE_X509_PEM_FILE" - X509 PEM format.
10588//   "TYPE_RAW_PUBLIC_KEY" - Raw public key.
10589func (c *ProjectsServiceAccountsKeysGetCall) PublicKeyType(publicKeyType string) *ProjectsServiceAccountsKeysGetCall {
10590	c.urlParams_.Set("publicKeyType", publicKeyType)
10591	return c
10592}
10593
10594// Fields allows partial responses to be retrieved. See
10595// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
10596// for more information.
10597func (c *ProjectsServiceAccountsKeysGetCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysGetCall {
10598	c.urlParams_.Set("fields", googleapi.CombineFields(s))
10599	return c
10600}
10601
10602// IfNoneMatch sets the optional parameter which makes the operation
10603// fail if the object's ETag matches the given value. This is useful for
10604// getting updates only after the object has changed since the last
10605// request. Use googleapi.IsNotModified to check whether the response
10606// error from Do is the result of In-None-Match.
10607func (c *ProjectsServiceAccountsKeysGetCall) IfNoneMatch(entityTag string) *ProjectsServiceAccountsKeysGetCall {
10608	c.ifNoneMatch_ = entityTag
10609	return c
10610}
10611
10612// Context sets the context to be used in this call's Do method. Any
10613// pending HTTP request will be aborted if the provided context is
10614// canceled.
10615func (c *ProjectsServiceAccountsKeysGetCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysGetCall {
10616	c.ctx_ = ctx
10617	return c
10618}
10619
10620// Header returns an http.Header that can be modified by the caller to
10621// add HTTP headers to the request.
10622func (c *ProjectsServiceAccountsKeysGetCall) Header() http.Header {
10623	if c.header_ == nil {
10624		c.header_ = make(http.Header)
10625	}
10626	return c.header_
10627}
10628
10629func (c *ProjectsServiceAccountsKeysGetCall) doRequest(alt string) (*http.Response, error) {
10630	reqHeaders := make(http.Header)
10631	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
10632	for k, v := range c.header_ {
10633		reqHeaders[k] = v
10634	}
10635	reqHeaders.Set("User-Agent", c.s.userAgent())
10636	if c.ifNoneMatch_ != "" {
10637		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
10638	}
10639	var body io.Reader = nil
10640	c.urlParams_.Set("alt", alt)
10641	c.urlParams_.Set("prettyPrint", "false")
10642	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
10643	urls += "?" + c.urlParams_.Encode()
10644	req, err := http.NewRequest("GET", urls, body)
10645	if err != nil {
10646		return nil, err
10647	}
10648	req.Header = reqHeaders
10649	googleapi.Expand(req.URL, map[string]string{
10650		"name": c.name,
10651	})
10652	return gensupport.SendRequest(c.ctx_, c.s.client, req)
10653}
10654
10655// Do executes the "iam.projects.serviceAccounts.keys.get" call.
10656// Exactly one of *ServiceAccountKey or error will be non-nil. Any
10657// non-2xx status code is an error. Response headers are in either
10658// *ServiceAccountKey.ServerResponse.Header or (if a response was
10659// returned at all) in error.(*googleapi.Error).Header. Use
10660// googleapi.IsNotModified to check whether the returned error was
10661// because http.StatusNotModified was returned.
10662func (c *ProjectsServiceAccountsKeysGetCall) Do(opts ...googleapi.CallOption) (*ServiceAccountKey, error) {
10663	gensupport.SetOptions(c.urlParams_, opts...)
10664	res, err := c.doRequest("json")
10665	if res != nil && res.StatusCode == http.StatusNotModified {
10666		if res.Body != nil {
10667			res.Body.Close()
10668		}
10669		return nil, &googleapi.Error{
10670			Code:   res.StatusCode,
10671			Header: res.Header,
10672		}
10673	}
10674	if err != nil {
10675		return nil, err
10676	}
10677	defer googleapi.CloseBody(res)
10678	if err := googleapi.CheckResponse(res); err != nil {
10679		return nil, err
10680	}
10681	ret := &ServiceAccountKey{
10682		ServerResponse: googleapi.ServerResponse{
10683			Header:         res.Header,
10684			HTTPStatusCode: res.StatusCode,
10685		},
10686	}
10687	target := &ret
10688	if err := gensupport.DecodeResponse(target, res); err != nil {
10689		return nil, err
10690	}
10691	return ret, nil
10692	// {
10693	//   "description": "Gets a ServiceAccountKey.",
10694	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}",
10695	//   "httpMethod": "GET",
10696	//   "id": "iam.projects.serviceAccounts.keys.get",
10697	//   "parameterOrder": [
10698	//     "name"
10699	//   ],
10700	//   "parameters": {
10701	//     "name": {
10702	//       "description": "Required. The resource name of the service account key in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
10703	//       "location": "path",
10704	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$",
10705	//       "required": true,
10706	//       "type": "string"
10707	//     },
10708	//     "publicKeyType": {
10709	//       "description": "The output format of the public key requested. X509_PEM is the default output format.",
10710	//       "enum": [
10711	//         "TYPE_NONE",
10712	//         "TYPE_X509_PEM_FILE",
10713	//         "TYPE_RAW_PUBLIC_KEY"
10714	//       ],
10715	//       "enumDescriptions": [
10716	//         "Unspecified. Returns nothing here.",
10717	//         "X509 PEM format.",
10718	//         "Raw public key."
10719	//       ],
10720	//       "location": "query",
10721	//       "type": "string"
10722	//     }
10723	//   },
10724	//   "path": "v1/{+name}",
10725	//   "response": {
10726	//     "$ref": "ServiceAccountKey"
10727	//   },
10728	//   "scopes": [
10729	//     "https://www.googleapis.com/auth/cloud-platform"
10730	//   ]
10731	// }
10732
10733}
10734
10735// method id "iam.projects.serviceAccounts.keys.list":
10736
10737type ProjectsServiceAccountsKeysListCall struct {
10738	s            *Service
10739	name         string
10740	urlParams_   gensupport.URLParams
10741	ifNoneMatch_ string
10742	ctx_         context.Context
10743	header_      http.Header
10744}
10745
10746// List: Lists every ServiceAccountKey for a service account.
10747//
10748// - name: The resource name of the service account in the following
10749//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
10750//   `-` as a wildcard for the `PROJECT_ID`, will infer the project from
10751//   the account. The `ACCOUNT` value can be the `email` address or the
10752//   `unique_id` of the service account.
10753func (r *ProjectsServiceAccountsKeysService) List(name string) *ProjectsServiceAccountsKeysListCall {
10754	c := &ProjectsServiceAccountsKeysListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
10755	c.name = name
10756	return c
10757}
10758
10759// KeyTypes sets the optional parameter "keyTypes": Filters the types of
10760// keys the user wants to include in the list response. Duplicate key
10761// types are not allowed. If no key type is provided, all keys are
10762// returned.
10763//
10764// Possible values:
10765//   "KEY_TYPE_UNSPECIFIED" - Unspecified key type. The presence of this
10766// in the message will immediately result in an error.
10767//   "USER_MANAGED" - User-managed keys (managed and rotated by the
10768// user).
10769//   "SYSTEM_MANAGED" - System-managed keys (managed and rotated by
10770// Google).
10771func (c *ProjectsServiceAccountsKeysListCall) KeyTypes(keyTypes ...string) *ProjectsServiceAccountsKeysListCall {
10772	c.urlParams_.SetMulti("keyTypes", append([]string{}, keyTypes...))
10773	return c
10774}
10775
10776// Fields allows partial responses to be retrieved. See
10777// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
10778// for more information.
10779func (c *ProjectsServiceAccountsKeysListCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysListCall {
10780	c.urlParams_.Set("fields", googleapi.CombineFields(s))
10781	return c
10782}
10783
10784// IfNoneMatch sets the optional parameter which makes the operation
10785// fail if the object's ETag matches the given value. This is useful for
10786// getting updates only after the object has changed since the last
10787// request. Use googleapi.IsNotModified to check whether the response
10788// error from Do is the result of In-None-Match.
10789func (c *ProjectsServiceAccountsKeysListCall) IfNoneMatch(entityTag string) *ProjectsServiceAccountsKeysListCall {
10790	c.ifNoneMatch_ = entityTag
10791	return c
10792}
10793
10794// Context sets the context to be used in this call's Do method. Any
10795// pending HTTP request will be aborted if the provided context is
10796// canceled.
10797func (c *ProjectsServiceAccountsKeysListCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysListCall {
10798	c.ctx_ = ctx
10799	return c
10800}
10801
10802// Header returns an http.Header that can be modified by the caller to
10803// add HTTP headers to the request.
10804func (c *ProjectsServiceAccountsKeysListCall) Header() http.Header {
10805	if c.header_ == nil {
10806		c.header_ = make(http.Header)
10807	}
10808	return c.header_
10809}
10810
10811func (c *ProjectsServiceAccountsKeysListCall) doRequest(alt string) (*http.Response, error) {
10812	reqHeaders := make(http.Header)
10813	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
10814	for k, v := range c.header_ {
10815		reqHeaders[k] = v
10816	}
10817	reqHeaders.Set("User-Agent", c.s.userAgent())
10818	if c.ifNoneMatch_ != "" {
10819		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
10820	}
10821	var body io.Reader = nil
10822	c.urlParams_.Set("alt", alt)
10823	c.urlParams_.Set("prettyPrint", "false")
10824	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/keys")
10825	urls += "?" + c.urlParams_.Encode()
10826	req, err := http.NewRequest("GET", urls, body)
10827	if err != nil {
10828		return nil, err
10829	}
10830	req.Header = reqHeaders
10831	googleapi.Expand(req.URL, map[string]string{
10832		"name": c.name,
10833	})
10834	return gensupport.SendRequest(c.ctx_, c.s.client, req)
10835}
10836
10837// Do executes the "iam.projects.serviceAccounts.keys.list" call.
10838// Exactly one of *ListServiceAccountKeysResponse or error will be
10839// non-nil. Any non-2xx status code is an error. Response headers are in
10840// either *ListServiceAccountKeysResponse.ServerResponse.Header or (if a
10841// response was returned at all) in error.(*googleapi.Error).Header. Use
10842// googleapi.IsNotModified to check whether the returned error was
10843// because http.StatusNotModified was returned.
10844func (c *ProjectsServiceAccountsKeysListCall) Do(opts ...googleapi.CallOption) (*ListServiceAccountKeysResponse, error) {
10845	gensupport.SetOptions(c.urlParams_, opts...)
10846	res, err := c.doRequest("json")
10847	if res != nil && res.StatusCode == http.StatusNotModified {
10848		if res.Body != nil {
10849			res.Body.Close()
10850		}
10851		return nil, &googleapi.Error{
10852			Code:   res.StatusCode,
10853			Header: res.Header,
10854		}
10855	}
10856	if err != nil {
10857		return nil, err
10858	}
10859	defer googleapi.CloseBody(res)
10860	if err := googleapi.CheckResponse(res); err != nil {
10861		return nil, err
10862	}
10863	ret := &ListServiceAccountKeysResponse{
10864		ServerResponse: googleapi.ServerResponse{
10865			Header:         res.Header,
10866			HTTPStatusCode: res.StatusCode,
10867		},
10868	}
10869	target := &ret
10870	if err := gensupport.DecodeResponse(target, res); err != nil {
10871		return nil, err
10872	}
10873	return ret, nil
10874	// {
10875	//   "description": "Lists every ServiceAccountKey for a service account.",
10876	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys",
10877	//   "httpMethod": "GET",
10878	//   "id": "iam.projects.serviceAccounts.keys.list",
10879	//   "parameterOrder": [
10880	//     "name"
10881	//   ],
10882	//   "parameters": {
10883	//     "keyTypes": {
10884	//       "description": "Filters the types of keys the user wants to include in the list response. Duplicate key types are not allowed. If no key type is provided, all keys are returned.",
10885	//       "enum": [
10886	//         "KEY_TYPE_UNSPECIFIED",
10887	//         "USER_MANAGED",
10888	//         "SYSTEM_MANAGED"
10889	//       ],
10890	//       "enumDescriptions": [
10891	//         "Unspecified key type. The presence of this in the message will immediately result in an error.",
10892	//         "User-managed keys (managed and rotated by the user).",
10893	//         "System-managed keys (managed and rotated by Google)."
10894	//       ],
10895	//       "location": "query",
10896	//       "repeated": true,
10897	//       "type": "string"
10898	//     },
10899	//     "name": {
10900	//       "description": "Required. The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID`, will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
10901	//       "location": "path",
10902	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
10903	//       "required": true,
10904	//       "type": "string"
10905	//     }
10906	//   },
10907	//   "path": "v1/{+name}/keys",
10908	//   "response": {
10909	//     "$ref": "ListServiceAccountKeysResponse"
10910	//   },
10911	//   "scopes": [
10912	//     "https://www.googleapis.com/auth/cloud-platform"
10913	//   ]
10914	// }
10915
10916}
10917
10918// method id "iam.projects.serviceAccounts.keys.upload":
10919
10920type ProjectsServiceAccountsKeysUploadCall struct {
10921	s                              *Service
10922	name                           string
10923	uploadserviceaccountkeyrequest *UploadServiceAccountKeyRequest
10924	urlParams_                     gensupport.URLParams
10925	ctx_                           context.Context
10926	header_                        http.Header
10927}
10928
10929// Upload: Creates a ServiceAccountKey, using a public key that you
10930// provide.
10931//
10932// - name: The resource name of the service account in the following
10933//   format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using
10934//   `-` as a wildcard for the `PROJECT_ID` will infer the project from
10935//   the account. The `ACCOUNT` value can be the `email` address or the
10936//   `unique_id` of the service account.
10937func (r *ProjectsServiceAccountsKeysService) Upload(name string, uploadserviceaccountkeyrequest *UploadServiceAccountKeyRequest) *ProjectsServiceAccountsKeysUploadCall {
10938	c := &ProjectsServiceAccountsKeysUploadCall{s: r.s, urlParams_: make(gensupport.URLParams)}
10939	c.name = name
10940	c.uploadserviceaccountkeyrequest = uploadserviceaccountkeyrequest
10941	return c
10942}
10943
10944// Fields allows partial responses to be retrieved. See
10945// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
10946// for more information.
10947func (c *ProjectsServiceAccountsKeysUploadCall) Fields(s ...googleapi.Field) *ProjectsServiceAccountsKeysUploadCall {
10948	c.urlParams_.Set("fields", googleapi.CombineFields(s))
10949	return c
10950}
10951
10952// Context sets the context to be used in this call's Do method. Any
10953// pending HTTP request will be aborted if the provided context is
10954// canceled.
10955func (c *ProjectsServiceAccountsKeysUploadCall) Context(ctx context.Context) *ProjectsServiceAccountsKeysUploadCall {
10956	c.ctx_ = ctx
10957	return c
10958}
10959
10960// Header returns an http.Header that can be modified by the caller to
10961// add HTTP headers to the request.
10962func (c *ProjectsServiceAccountsKeysUploadCall) Header() http.Header {
10963	if c.header_ == nil {
10964		c.header_ = make(http.Header)
10965	}
10966	return c.header_
10967}
10968
10969func (c *ProjectsServiceAccountsKeysUploadCall) doRequest(alt string) (*http.Response, error) {
10970	reqHeaders := make(http.Header)
10971	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
10972	for k, v := range c.header_ {
10973		reqHeaders[k] = v
10974	}
10975	reqHeaders.Set("User-Agent", c.s.userAgent())
10976	var body io.Reader = nil
10977	body, err := googleapi.WithoutDataWrapper.JSONReader(c.uploadserviceaccountkeyrequest)
10978	if err != nil {
10979		return nil, err
10980	}
10981	reqHeaders.Set("Content-Type", "application/json")
10982	c.urlParams_.Set("alt", alt)
10983	c.urlParams_.Set("prettyPrint", "false")
10984	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}/keys:upload")
10985	urls += "?" + c.urlParams_.Encode()
10986	req, err := http.NewRequest("POST", urls, body)
10987	if err != nil {
10988		return nil, err
10989	}
10990	req.Header = reqHeaders
10991	googleapi.Expand(req.URL, map[string]string{
10992		"name": c.name,
10993	})
10994	return gensupport.SendRequest(c.ctx_, c.s.client, req)
10995}
10996
10997// Do executes the "iam.projects.serviceAccounts.keys.upload" call.
10998// Exactly one of *ServiceAccountKey or error will be non-nil. Any
10999// non-2xx status code is an error. Response headers are in either
11000// *ServiceAccountKey.ServerResponse.Header or (if a response was
11001// returned at all) in error.(*googleapi.Error).Header. Use
11002// googleapi.IsNotModified to check whether the returned error was
11003// because http.StatusNotModified was returned.
11004func (c *ProjectsServiceAccountsKeysUploadCall) Do(opts ...googleapi.CallOption) (*ServiceAccountKey, error) {
11005	gensupport.SetOptions(c.urlParams_, opts...)
11006	res, err := c.doRequest("json")
11007	if res != nil && res.StatusCode == http.StatusNotModified {
11008		if res.Body != nil {
11009			res.Body.Close()
11010		}
11011		return nil, &googleapi.Error{
11012			Code:   res.StatusCode,
11013			Header: res.Header,
11014		}
11015	}
11016	if err != nil {
11017		return nil, err
11018	}
11019	defer googleapi.CloseBody(res)
11020	if err := googleapi.CheckResponse(res); err != nil {
11021		return nil, err
11022	}
11023	ret := &ServiceAccountKey{
11024		ServerResponse: googleapi.ServerResponse{
11025			Header:         res.Header,
11026			HTTPStatusCode: res.StatusCode,
11027		},
11028	}
11029	target := &ret
11030	if err := gensupport.DecodeResponse(target, res); err != nil {
11031		return nil, err
11032	}
11033	return ret, nil
11034	// {
11035	//   "description": "Creates a ServiceAccountKey, using a public key that you provide.",
11036	//   "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys:upload",
11037	//   "httpMethod": "POST",
11038	//   "id": "iam.projects.serviceAccounts.keys.upload",
11039	//   "parameterOrder": [
11040	//     "name"
11041	//   ],
11042	//   "parameters": {
11043	//     "name": {
11044	//       "description": "The resource name of the service account in the following format: `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}`. Using `-` as a wildcard for the `PROJECT_ID` will infer the project from the account. The `ACCOUNT` value can be the `email` address or the `unique_id` of the service account.",
11045	//       "location": "path",
11046	//       "pattern": "^projects/[^/]+/serviceAccounts/[^/]+$",
11047	//       "required": true,
11048	//       "type": "string"
11049	//     }
11050	//   },
11051	//   "path": "v1/{+name}/keys:upload",
11052	//   "request": {
11053	//     "$ref": "UploadServiceAccountKeyRequest"
11054	//   },
11055	//   "response": {
11056	//     "$ref": "ServiceAccountKey"
11057	//   },
11058	//   "scopes": [
11059	//     "https://www.googleapis.com/auth/cloud-platform"
11060	//   ]
11061	// }
11062
11063}
11064
11065// method id "iam.roles.get":
11066
11067type RolesGetCall struct {
11068	s            *Service
11069	name         string
11070	urlParams_   gensupport.URLParams
11071	ifNoneMatch_ string
11072	ctx_         context.Context
11073	header_      http.Header
11074}
11075
11076// Get: Gets the definition of a Role.
11077//
11078// - name: The `name` parameter's value depends on the target resource
11079//   for the request, namely `roles` (/iam/reference/rest/v1/roles),
11080//   `projects` (/iam/reference/rest/v1/projects.roles), or
11081//   `organizations` (/iam/reference/rest/v1/organizations.roles). Each
11082//   resource type's `name` value format is described below: *
11083//   `roles.get()` (/iam/reference/rest/v1/roles/get):
11084//   `roles/{ROLE_NAME}`. This method returns results from all
11085//   predefined roles (/iam/docs/understanding-roles#predefined_roles)
11086//   in Cloud IAM. Example request URL:
11087//   `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` *
11088//   `projects.roles.get()` (/iam/reference/rest/v1/projects.roles/get):
11089//   `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns
11090//   only custom roles (/iam/docs/understanding-custom-roles) that have
11091//   been created at the project level. Example request URL:
11092//   `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_R
11093//   OLE_ID}` * `organizations.roles.get()`
11094//   (/iam/reference/rest/v1/organizations.roles/get):
11095//   `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This
11096//   method returns only custom roles
11097//   (/iam/docs/understanding-custom-roles) that have been created at
11098//   the organization level. Example request URL:
11099//   `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles
11100//   /{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must
11101//   specify a complete project ID or organization ID.
11102func (r *RolesService) Get(name string) *RolesGetCall {
11103	c := &RolesGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
11104	c.name = name
11105	return c
11106}
11107
11108// Fields allows partial responses to be retrieved. See
11109// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
11110// for more information.
11111func (c *RolesGetCall) Fields(s ...googleapi.Field) *RolesGetCall {
11112	c.urlParams_.Set("fields", googleapi.CombineFields(s))
11113	return c
11114}
11115
11116// IfNoneMatch sets the optional parameter which makes the operation
11117// fail if the object's ETag matches the given value. This is useful for
11118// getting updates only after the object has changed since the last
11119// request. Use googleapi.IsNotModified to check whether the response
11120// error from Do is the result of In-None-Match.
11121func (c *RolesGetCall) IfNoneMatch(entityTag string) *RolesGetCall {
11122	c.ifNoneMatch_ = entityTag
11123	return c
11124}
11125
11126// Context sets the context to be used in this call's Do method. Any
11127// pending HTTP request will be aborted if the provided context is
11128// canceled.
11129func (c *RolesGetCall) Context(ctx context.Context) *RolesGetCall {
11130	c.ctx_ = ctx
11131	return c
11132}
11133
11134// Header returns an http.Header that can be modified by the caller to
11135// add HTTP headers to the request.
11136func (c *RolesGetCall) Header() http.Header {
11137	if c.header_ == nil {
11138		c.header_ = make(http.Header)
11139	}
11140	return c.header_
11141}
11142
11143func (c *RolesGetCall) doRequest(alt string) (*http.Response, error) {
11144	reqHeaders := make(http.Header)
11145	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
11146	for k, v := range c.header_ {
11147		reqHeaders[k] = v
11148	}
11149	reqHeaders.Set("User-Agent", c.s.userAgent())
11150	if c.ifNoneMatch_ != "" {
11151		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
11152	}
11153	var body io.Reader = nil
11154	c.urlParams_.Set("alt", alt)
11155	c.urlParams_.Set("prettyPrint", "false")
11156	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}")
11157	urls += "?" + c.urlParams_.Encode()
11158	req, err := http.NewRequest("GET", urls, body)
11159	if err != nil {
11160		return nil, err
11161	}
11162	req.Header = reqHeaders
11163	googleapi.Expand(req.URL, map[string]string{
11164		"name": c.name,
11165	})
11166	return gensupport.SendRequest(c.ctx_, c.s.client, req)
11167}
11168
11169// Do executes the "iam.roles.get" call.
11170// Exactly one of *Role or error will be non-nil. Any non-2xx status
11171// code is an error. Response headers are in either
11172// *Role.ServerResponse.Header or (if a response was returned at all) in
11173// error.(*googleapi.Error).Header. Use googleapi.IsNotModified to check
11174// whether the returned error was because http.StatusNotModified was
11175// returned.
11176func (c *RolesGetCall) Do(opts ...googleapi.CallOption) (*Role, error) {
11177	gensupport.SetOptions(c.urlParams_, opts...)
11178	res, err := c.doRequest("json")
11179	if res != nil && res.StatusCode == http.StatusNotModified {
11180		if res.Body != nil {
11181			res.Body.Close()
11182		}
11183		return nil, &googleapi.Error{
11184			Code:   res.StatusCode,
11185			Header: res.Header,
11186		}
11187	}
11188	if err != nil {
11189		return nil, err
11190	}
11191	defer googleapi.CloseBody(res)
11192	if err := googleapi.CheckResponse(res); err != nil {
11193		return nil, err
11194	}
11195	ret := &Role{
11196		ServerResponse: googleapi.ServerResponse{
11197			Header:         res.Header,
11198			HTTPStatusCode: res.StatusCode,
11199		},
11200	}
11201	target := &ret
11202	if err := gensupport.DecodeResponse(target, res); err != nil {
11203		return nil, err
11204	}
11205	return ret, nil
11206	// {
11207	//   "description": "Gets the definition of a Role.",
11208	//   "flatPath": "v1/roles/{rolesId}",
11209	//   "httpMethod": "GET",
11210	//   "id": "iam.roles.get",
11211	//   "parameterOrder": [
11212	//     "name"
11213	//   ],
11214	//   "parameters": {
11215	//     "name": {
11216	//       "description": "The `name` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`. This method returns results from all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
11217	//       "location": "path",
11218	//       "pattern": "^roles/[^/]+$",
11219	//       "required": true,
11220	//       "type": "string"
11221	//     }
11222	//   },
11223	//   "path": "v1/{+name}",
11224	//   "response": {
11225	//     "$ref": "Role"
11226	//   },
11227	//   "scopes": [
11228	//     "https://www.googleapis.com/auth/cloud-platform"
11229	//   ]
11230	// }
11231
11232}
11233
11234// method id "iam.roles.list":
11235
11236type RolesListCall struct {
11237	s            *Service
11238	urlParams_   gensupport.URLParams
11239	ifNoneMatch_ string
11240	ctx_         context.Context
11241	header_      http.Header
11242}
11243
11244// List: Lists every predefined Role that IAM supports, or every custom
11245// role that is defined for an organization or project.
11246func (r *RolesService) List() *RolesListCall {
11247	c := &RolesListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
11248	return c
11249}
11250
11251// PageSize sets the optional parameter "pageSize": Optional limit on
11252// the number of roles to include in the response. The default is 300,
11253// and the maximum is 1,000.
11254func (c *RolesListCall) PageSize(pageSize int64) *RolesListCall {
11255	c.urlParams_.Set("pageSize", fmt.Sprint(pageSize))
11256	return c
11257}
11258
11259// PageToken sets the optional parameter "pageToken": Optional
11260// pagination token returned in an earlier ListRolesResponse.
11261func (c *RolesListCall) PageToken(pageToken string) *RolesListCall {
11262	c.urlParams_.Set("pageToken", pageToken)
11263	return c
11264}
11265
11266// Parent sets the optional parameter "parent": The `parent` parameter's
11267// value depends on the target resource for the request, namely `roles`
11268// (/iam/reference/rest/v1/roles), `projects`
11269// (/iam/reference/rest/v1/projects.roles), or `organizations`
11270// (/iam/reference/rest/v1/organizations.roles). Each resource type's
11271// `parent` value format is described below: * `roles.list()`
11272// (/iam/reference/rest/v1/roles/list): An empty string. This method
11273// doesn't require a resource; it simply returns all predefined roles
11274// (/iam/docs/understanding-roles#predefined_roles) in Cloud IAM.
11275// Example request URL: `https://iam.googleapis.com/v1/roles` *
11276// `projects.roles.list()` (/iam/reference/rest/v1/projects.roles/list):
11277// `projects/{PROJECT_ID}`. This method lists all project-level custom
11278// roles (/iam/docs/understanding-custom-roles). Example request URL:
11279// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` *
11280// `organizations.roles.list()`
11281// (/iam/reference/rest/v1/organizations.roles/list):
11282// `organizations/{ORGANIZATION_ID}`. This method lists all
11283// organization-level custom roles
11284// (/iam/docs/understanding-custom-roles). Example request URL:
11285// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`
11286// Note: Wildcard (*) values are invalid; you must specify a complete
11287// project ID or organization ID.
11288func (c *RolesListCall) Parent(parent string) *RolesListCall {
11289	c.urlParams_.Set("parent", parent)
11290	return c
11291}
11292
11293// ShowDeleted sets the optional parameter "showDeleted": Include Roles
11294// that have been deleted.
11295func (c *RolesListCall) ShowDeleted(showDeleted bool) *RolesListCall {
11296	c.urlParams_.Set("showDeleted", fmt.Sprint(showDeleted))
11297	return c
11298}
11299
11300// View sets the optional parameter "view": Optional view for the
11301// returned Role objects. When `FULL` is specified, the
11302// `includedPermissions` field is returned, which includes a list of all
11303// permissions in the role. The default value is `BASIC`, which does not
11304// return the `includedPermissions` field.
11305//
11306// Possible values:
11307//   "BASIC" - Omits the `included_permissions` field. This is the
11308// default value.
11309//   "FULL" - Returns all fields.
11310func (c *RolesListCall) View(view string) *RolesListCall {
11311	c.urlParams_.Set("view", view)
11312	return c
11313}
11314
11315// Fields allows partial responses to be retrieved. See
11316// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
11317// for more information.
11318func (c *RolesListCall) Fields(s ...googleapi.Field) *RolesListCall {
11319	c.urlParams_.Set("fields", googleapi.CombineFields(s))
11320	return c
11321}
11322
11323// IfNoneMatch sets the optional parameter which makes the operation
11324// fail if the object's ETag matches the given value. This is useful for
11325// getting updates only after the object has changed since the last
11326// request. Use googleapi.IsNotModified to check whether the response
11327// error from Do is the result of In-None-Match.
11328func (c *RolesListCall) IfNoneMatch(entityTag string) *RolesListCall {
11329	c.ifNoneMatch_ = entityTag
11330	return c
11331}
11332
11333// Context sets the context to be used in this call's Do method. Any
11334// pending HTTP request will be aborted if the provided context is
11335// canceled.
11336func (c *RolesListCall) Context(ctx context.Context) *RolesListCall {
11337	c.ctx_ = ctx
11338	return c
11339}
11340
11341// Header returns an http.Header that can be modified by the caller to
11342// add HTTP headers to the request.
11343func (c *RolesListCall) Header() http.Header {
11344	if c.header_ == nil {
11345		c.header_ = make(http.Header)
11346	}
11347	return c.header_
11348}
11349
11350func (c *RolesListCall) doRequest(alt string) (*http.Response, error) {
11351	reqHeaders := make(http.Header)
11352	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
11353	for k, v := range c.header_ {
11354		reqHeaders[k] = v
11355	}
11356	reqHeaders.Set("User-Agent", c.s.userAgent())
11357	if c.ifNoneMatch_ != "" {
11358		reqHeaders.Set("If-None-Match", c.ifNoneMatch_)
11359	}
11360	var body io.Reader = nil
11361	c.urlParams_.Set("alt", alt)
11362	c.urlParams_.Set("prettyPrint", "false")
11363	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/roles")
11364	urls += "?" + c.urlParams_.Encode()
11365	req, err := http.NewRequest("GET", urls, body)
11366	if err != nil {
11367		return nil, err
11368	}
11369	req.Header = reqHeaders
11370	return gensupport.SendRequest(c.ctx_, c.s.client, req)
11371}
11372
11373// Do executes the "iam.roles.list" call.
11374// Exactly one of *ListRolesResponse or error will be non-nil. Any
11375// non-2xx status code is an error. Response headers are in either
11376// *ListRolesResponse.ServerResponse.Header or (if a response was
11377// returned at all) in error.(*googleapi.Error).Header. Use
11378// googleapi.IsNotModified to check whether the returned error was
11379// because http.StatusNotModified was returned.
11380func (c *RolesListCall) Do(opts ...googleapi.CallOption) (*ListRolesResponse, error) {
11381	gensupport.SetOptions(c.urlParams_, opts...)
11382	res, err := c.doRequest("json")
11383	if res != nil && res.StatusCode == http.StatusNotModified {
11384		if res.Body != nil {
11385			res.Body.Close()
11386		}
11387		return nil, &googleapi.Error{
11388			Code:   res.StatusCode,
11389			Header: res.Header,
11390		}
11391	}
11392	if err != nil {
11393		return nil, err
11394	}
11395	defer googleapi.CloseBody(res)
11396	if err := googleapi.CheckResponse(res); err != nil {
11397		return nil, err
11398	}
11399	ret := &ListRolesResponse{
11400		ServerResponse: googleapi.ServerResponse{
11401			Header:         res.Header,
11402			HTTPStatusCode: res.StatusCode,
11403		},
11404	}
11405	target := &ret
11406	if err := gensupport.DecodeResponse(target, res); err != nil {
11407		return nil, err
11408	}
11409	return ret, nil
11410	// {
11411	//   "description": "Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.",
11412	//   "flatPath": "v1/roles",
11413	//   "httpMethod": "GET",
11414	//   "id": "iam.roles.list",
11415	//   "parameterOrder": [],
11416	//   "parameters": {
11417	//     "pageSize": {
11418	//       "description": "Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.",
11419	//       "format": "int32",
11420	//       "location": "query",
11421	//       "type": "integer"
11422	//     },
11423	//     "pageToken": {
11424	//       "description": "Optional pagination token returned in an earlier ListRolesResponse.",
11425	//       "location": "query",
11426	//       "type": "string"
11427	//     },
11428	//     "parent": {
11429	//       "description": "The `parent` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. This method doesn't require a resource; it simply returns all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list): `projects/{PROJECT_ID}`. This method lists all project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list): `organizations/{ORGANIZATION_ID}`. This method lists all organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.",
11430	//       "location": "query",
11431	//       "type": "string"
11432	//     },
11433	//     "showDeleted": {
11434	//       "description": "Include Roles that have been deleted.",
11435	//       "location": "query",
11436	//       "type": "boolean"
11437	//     },
11438	//     "view": {
11439	//       "description": "Optional view for the returned Role objects. When `FULL` is specified, the `includedPermissions` field is returned, which includes a list of all permissions in the role. The default value is `BASIC`, which does not return the `includedPermissions` field.",
11440	//       "enum": [
11441	//         "BASIC",
11442	//         "FULL"
11443	//       ],
11444	//       "enumDescriptions": [
11445	//         "Omits the `included_permissions` field. This is the default value.",
11446	//         "Returns all fields."
11447	//       ],
11448	//       "location": "query",
11449	//       "type": "string"
11450	//     }
11451	//   },
11452	//   "path": "v1/roles",
11453	//   "response": {
11454	//     "$ref": "ListRolesResponse"
11455	//   },
11456	//   "scopes": [
11457	//     "https://www.googleapis.com/auth/cloud-platform"
11458	//   ]
11459	// }
11460
11461}
11462
11463// Pages invokes f for each page of results.
11464// A non-nil error returned from f will halt the iteration.
11465// The provided context supersedes any context provided to the Context method.
11466func (c *RolesListCall) Pages(ctx context.Context, f func(*ListRolesResponse) error) error {
11467	c.ctx_ = ctx
11468	defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point
11469	for {
11470		x, err := c.Do()
11471		if err != nil {
11472			return err
11473		}
11474		if err := f(x); err != nil {
11475			return err
11476		}
11477		if x.NextPageToken == "" {
11478			return nil
11479		}
11480		c.PageToken(x.NextPageToken)
11481	}
11482}
11483
11484// method id "iam.roles.queryGrantableRoles":
11485
11486type RolesQueryGrantableRolesCall struct {
11487	s                          *Service
11488	querygrantablerolesrequest *QueryGrantableRolesRequest
11489	urlParams_                 gensupport.URLParams
11490	ctx_                       context.Context
11491	header_                    http.Header
11492}
11493
11494// QueryGrantableRoles: Lists roles that can be granted on a Google
11495// Cloud resource. A role is grantable if the IAM policy for the
11496// resource can contain bindings to the role.
11497func (r *RolesService) QueryGrantableRoles(querygrantablerolesrequest *QueryGrantableRolesRequest) *RolesQueryGrantableRolesCall {
11498	c := &RolesQueryGrantableRolesCall{s: r.s, urlParams_: make(gensupport.URLParams)}
11499	c.querygrantablerolesrequest = querygrantablerolesrequest
11500	return c
11501}
11502
11503// Fields allows partial responses to be retrieved. See
11504// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse
11505// for more information.
11506func (c *RolesQueryGrantableRolesCall) Fields(s ...googleapi.Field) *RolesQueryGrantableRolesCall {
11507	c.urlParams_.Set("fields", googleapi.CombineFields(s))
11508	return c
11509}
11510
11511// Context sets the context to be used in this call's Do method. Any
11512// pending HTTP request will be aborted if the provided context is
11513// canceled.
11514func (c *RolesQueryGrantableRolesCall) Context(ctx context.Context) *RolesQueryGrantableRolesCall {
11515	c.ctx_ = ctx
11516	return c
11517}
11518
11519// Header returns an http.Header that can be modified by the caller to
11520// add HTTP headers to the request.
11521func (c *RolesQueryGrantableRolesCall) Header() http.Header {
11522	if c.header_ == nil {
11523		c.header_ = make(http.Header)
11524	}
11525	return c.header_
11526}
11527
11528func (c *RolesQueryGrantableRolesCall) doRequest(alt string) (*http.Response, error) {
11529	reqHeaders := make(http.Header)
11530	reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201")
11531	for k, v := range c.header_ {
11532		reqHeaders[k] = v
11533	}
11534	reqHeaders.Set("User-Agent", c.s.userAgent())
11535	var body io.Reader = nil
11536	body, err := googleapi.WithoutDataWrapper.JSONReader(c.querygrantablerolesrequest)
11537	if err != nil {
11538		return nil, err
11539	}
11540	reqHeaders.Set("Content-Type", "application/json")
11541	c.urlParams_.Set("alt", alt)
11542	c.urlParams_.Set("prettyPrint", "false")
11543	urls := googleapi.ResolveRelative(c.s.BasePath, "v1/roles:queryGrantableRoles")
11544	urls += "?" + c.urlParams_.Encode()
11545	req, err := http.NewRequest("POST", urls, body)
11546	if err != nil {
11547		return nil, err
11548	}
11549	req.Header = reqHeaders
11550	return gensupport.SendRequest(c.ctx_, c.s.client, req)
11551}
11552
11553// Do executes the "iam.roles.queryGrantableRoles" call.
11554// Exactly one of *QueryGrantableRolesResponse or error will be non-nil.
11555// Any non-2xx status code is an error. Response headers are in either
11556// *QueryGrantableRolesResponse.ServerResponse.Header or (if a response
11557// was returned at all) in error.(*googleapi.Error).Header. Use
11558// googleapi.IsNotModified to check whether the returned error was
11559// because http.StatusNotModified was returned.
11560func (c *RolesQueryGrantableRolesCall) Do(opts ...googleapi.CallOption) (*QueryGrantableRolesResponse, error) {
11561	gensupport.SetOptions(c.urlParams_, opts...)
11562	res, err := c.doRequest("json")
11563	if res != nil && res.StatusCode == http.StatusNotModified {
11564		if res.Body != nil {
11565			res.Body.Close()
11566		}
11567		return nil, &googleapi.Error{
11568			Code:   res.StatusCode,
11569			Header: res.Header,
11570		}
11571	}
11572	if err != nil {
11573		return nil, err
11574	}
11575	defer googleapi.CloseBody(res)
11576	if err := googleapi.CheckResponse(res); err != nil {
11577		return nil, err
11578	}
11579	ret := &QueryGrantableRolesResponse{
11580		ServerResponse: googleapi.ServerResponse{
11581			Header:         res.Header,
11582			HTTPStatusCode: res.StatusCode,
11583		},
11584	}
11585	target := &ret
11586	if err := gensupport.DecodeResponse(target, res); err != nil {
11587		return nil, err
11588	}
11589	return ret, nil
11590	// {
11591	//   "description": "Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.",
11592	//   "flatPath": "v1/roles:queryGrantableRoles",
11593	//   "httpMethod": "POST",
11594	//   "id": "iam.roles.queryGrantableRoles",
11595	//   "parameterOrder": [],
11596	//   "parameters": {},
11597	//   "path": "v1/roles:queryGrantableRoles",
11598	//   "request": {
11599	//     "$ref": "QueryGrantableRolesRequest"
11600	//   },
11601	//   "response": {
11602	//     "$ref": "QueryGrantableRolesResponse"
11603	//   },
11604	//   "scopes": [
11605	//     "https://www.googleapis.com/auth/cloud-platform"
11606	//   ]
11607	// }
11608
11609}
11610
11611// Pages invokes f for each page of results.
11612// A non-nil error returned from f will halt the iteration.
11613// The provided context supersedes any context provided to the Context method.
11614func (c *RolesQueryGrantableRolesCall) Pages(ctx context.Context, f func(*QueryGrantableRolesResponse) error) error {
11615	c.ctx_ = ctx
11616	defer func(pt string) { c.querygrantablerolesrequest.PageToken = pt }(c.querygrantablerolesrequest.PageToken) // reset paging to original point
11617	for {
11618		x, err := c.Do()
11619		if err != nil {
11620			return err
11621		}
11622		if err := f(x); err != nil {
11623			return err
11624		}
11625		if x.NextPageToken == "" {
11626			return nil
11627		}
11628		c.querygrantablerolesrequest.PageToken = x.NextPageToken
11629	}
11630}
11631