1// Copyright 2021 Google LLC. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5// Code generated file. DO NOT EDIT. 6 7// Package cloudasset provides access to the Cloud Asset API. 8// 9// For product documentation, see: https://cloud.google.com/asset-inventory/docs/quickstart 10// 11// Creating a client 12// 13// Usage example: 14// 15// import "google.golang.org/api/cloudasset/v1beta1" 16// ... 17// ctx := context.Background() 18// cloudassetService, err := cloudasset.NewService(ctx) 19// 20// In this example, Google Application Default Credentials are used for authentication. 21// 22// For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. 23// 24// Other authentication options 25// 26// To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey: 27// 28// cloudassetService, err := cloudasset.NewService(ctx, option.WithAPIKey("AIza...")) 29// 30// To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource: 31// 32// config := &oauth2.Config{...} 33// // ... 34// token, err := config.Exchange(ctx, ...) 35// cloudassetService, err := cloudasset.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) 36// 37// See https://godoc.org/google.golang.org/api/option/ for details on options. 38package cloudasset // import "google.golang.org/api/cloudasset/v1beta1" 39 40import ( 41 "bytes" 42 "context" 43 "encoding/json" 44 "errors" 45 "fmt" 46 "io" 47 "net/http" 48 "net/url" 49 "strconv" 50 "strings" 51 52 googleapi "google.golang.org/api/googleapi" 53 gensupport "google.golang.org/api/internal/gensupport" 54 option "google.golang.org/api/option" 55 internaloption "google.golang.org/api/option/internaloption" 56 htransport "google.golang.org/api/transport/http" 57) 58 59// Always reference these packages, just in case the auto-generated code 60// below doesn't. 61var _ = bytes.NewBuffer 62var _ = strconv.Itoa 63var _ = fmt.Sprintf 64var _ = json.NewDecoder 65var _ = io.Copy 66var _ = url.Parse 67var _ = gensupport.MarshalJSON 68var _ = googleapi.Version 69var _ = errors.New 70var _ = strings.Replace 71var _ = context.Canceled 72var _ = internaloption.WithDefaultEndpoint 73 74const apiId = "cloudasset:v1beta1" 75const apiName = "cloudasset" 76const apiVersion = "v1beta1" 77const basePath = "https://cloudasset.googleapis.com/" 78const mtlsBasePath = "https://cloudasset.mtls.googleapis.com/" 79 80// OAuth2 scopes used by this API. 81const ( 82 // See, edit, configure, and delete your Google Cloud data and see the 83 // email address for your Google Account. 84 CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" 85) 86 87// NewService creates a new Service. 88func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { 89 scopesOption := option.WithScopes( 90 "https://www.googleapis.com/auth/cloud-platform", 91 ) 92 // NOTE: prepend, so we don't override user-specified scopes. 93 opts = append([]option.ClientOption{scopesOption}, opts...) 94 opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) 95 opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) 96 client, endpoint, err := htransport.NewClient(ctx, opts...) 97 if err != nil { 98 return nil, err 99 } 100 s, err := New(client) 101 if err != nil { 102 return nil, err 103 } 104 if endpoint != "" { 105 s.BasePath = endpoint 106 } 107 return s, nil 108} 109 110// New creates a new Service. It uses the provided http.Client for requests. 111// 112// Deprecated: please use NewService instead. 113// To provide a custom HTTP client, use option.WithHTTPClient. 114// If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. 115func New(client *http.Client) (*Service, error) { 116 if client == nil { 117 return nil, errors.New("client is nil") 118 } 119 s := &Service{client: client, BasePath: basePath} 120 s.Folders = NewFoldersService(s) 121 s.Organizations = NewOrganizationsService(s) 122 s.Projects = NewProjectsService(s) 123 return s, nil 124} 125 126type Service struct { 127 client *http.Client 128 BasePath string // API endpoint base URL 129 UserAgent string // optional additional User-Agent fragment 130 131 Folders *FoldersService 132 133 Organizations *OrganizationsService 134 135 Projects *ProjectsService 136} 137 138func (s *Service) userAgent() string { 139 if s.UserAgent == "" { 140 return googleapi.UserAgent 141 } 142 return googleapi.UserAgent + " " + s.UserAgent 143} 144 145func NewFoldersService(s *Service) *FoldersService { 146 rs := &FoldersService{s: s} 147 rs.Operations = NewFoldersOperationsService(s) 148 return rs 149} 150 151type FoldersService struct { 152 s *Service 153 154 Operations *FoldersOperationsService 155} 156 157func NewFoldersOperationsService(s *Service) *FoldersOperationsService { 158 rs := &FoldersOperationsService{s: s} 159 return rs 160} 161 162type FoldersOperationsService struct { 163 s *Service 164} 165 166func NewOrganizationsService(s *Service) *OrganizationsService { 167 rs := &OrganizationsService{s: s} 168 rs.Operations = NewOrganizationsOperationsService(s) 169 return rs 170} 171 172type OrganizationsService struct { 173 s *Service 174 175 Operations *OrganizationsOperationsService 176} 177 178func NewOrganizationsOperationsService(s *Service) *OrganizationsOperationsService { 179 rs := &OrganizationsOperationsService{s: s} 180 return rs 181} 182 183type OrganizationsOperationsService struct { 184 s *Service 185} 186 187func NewProjectsService(s *Service) *ProjectsService { 188 rs := &ProjectsService{s: s} 189 rs.Operations = NewProjectsOperationsService(s) 190 return rs 191} 192 193type ProjectsService struct { 194 s *Service 195 196 Operations *ProjectsOperationsService 197} 198 199func NewProjectsOperationsService(s *Service) *ProjectsOperationsService { 200 rs := &ProjectsOperationsService{s: s} 201 return rs 202} 203 204type ProjectsOperationsService struct { 205 s *Service 206} 207 208// AnalyzeIamPolicyLongrunningMetadata: Represents the metadata of the 209// longrunning operation for the AnalyzeIamPolicyLongrunning rpc. 210type AnalyzeIamPolicyLongrunningMetadata struct { 211 // CreateTime: Output only. The time the operation was created. 212 CreateTime string `json:"createTime,omitempty"` 213 214 // ForceSendFields is a list of field names (e.g. "CreateTime") to 215 // unconditionally include in API requests. By default, fields with 216 // empty or default values are omitted from API requests. However, any 217 // non-pointer, non-interface field appearing in ForceSendFields will be 218 // sent to the server regardless of whether the field is empty or not. 219 // This may be used to include empty fields in Patch requests. 220 ForceSendFields []string `json:"-"` 221 222 // NullFields is a list of field names (e.g. "CreateTime") to include in 223 // API requests with the JSON null value. By default, fields with empty 224 // values are omitted from API requests. However, any field with an 225 // empty value appearing in NullFields will be sent to the server as 226 // null. It is an error if a field in this list has a non-empty value. 227 // This may be used to include null fields in Patch requests. 228 NullFields []string `json:"-"` 229} 230 231func (s *AnalyzeIamPolicyLongrunningMetadata) MarshalJSON() ([]byte, error) { 232 type NoMethod AnalyzeIamPolicyLongrunningMetadata 233 raw := NoMethod(*s) 234 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 235} 236 237// AnalyzeIamPolicyLongrunningResponse: A response message for 238// AssetService.AnalyzeIamPolicyLongrunning. 239type AnalyzeIamPolicyLongrunningResponse struct { 240} 241 242// Asset: An asset in Google Cloud. An asset can be any resource in the 243// Google Cloud resource hierarchy 244// (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 245// a resource outside the Google Cloud resource hierarchy (such as 246// Google Kubernetes Engine clusters and objects), or a policy (e.g. 247// Cloud IAM policy). See Supported asset types 248// (https://cloud.google.com/asset-inventory/docs/supported-asset-types) 249// for more information. 250type Asset struct { 251 // AccessLevel: Please also refer to the access level user guide 252 // (https://cloud.google.com/access-context-manager/docs/overview#access-levels). 253 AccessLevel *GoogleIdentityAccesscontextmanagerV1AccessLevel `json:"accessLevel,omitempty"` 254 255 // AccessPolicy: Please also refer to the access policy user guide 256 // (https://cloud.google.com/access-context-manager/docs/overview#access-policies). 257 AccessPolicy *GoogleIdentityAccesscontextmanagerV1AccessPolicy `json:"accessPolicy,omitempty"` 258 259 // AssetType: The type of the asset. Example: 260 // `compute.googleapis.com/Disk` See Supported asset types 261 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) 262 // for more information. 263 AssetType string `json:"assetType,omitempty"` 264 265 // IamPolicy: A representation of the Cloud IAM policy set on a Google 266 // Cloud resource. There can be a maximum of one Cloud IAM policy set on 267 // any given resource. In addition, Cloud IAM policies inherit their 268 // granted access scope from any policies set on parent resources in the 269 // resource hierarchy. Therefore, the effectively policy is the union of 270 // both the policy set on this resource and each policy set on all of 271 // the resource's ancestry resource levels in the hierarchy. See this 272 // topic (https://cloud.google.com/iam/docs/policies#inheritance) for 273 // more information. 274 IamPolicy *Policy `json:"iamPolicy,omitempty"` 275 276 // Name: The full name of the asset. Example: 277 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instance 278 // s/instance1` See Resource names 279 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) 280 // for more information. 281 Name string `json:"name,omitempty"` 282 283 // OrgPolicy: A representation of an organization policy 284 // (https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). 285 // There can be more than one organization policy with different 286 // constraints set on a given resource. 287 OrgPolicy []*GoogleCloudOrgpolicyV1Policy `json:"orgPolicy,omitempty"` 288 289 // Resource: A representation of the resource. 290 Resource *Resource `json:"resource,omitempty"` 291 292 // ServicePerimeter: Please also refer to the service perimeter user 293 // guide (https://cloud.google.com/vpc-service-controls/docs/overview). 294 ServicePerimeter *GoogleIdentityAccesscontextmanagerV1ServicePerimeter `json:"servicePerimeter,omitempty"` 295 296 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 297 // unconditionally include in API requests. By default, fields with 298 // empty or default values are omitted from API requests. However, any 299 // non-pointer, non-interface field appearing in ForceSendFields will be 300 // sent to the server regardless of whether the field is empty or not. 301 // This may be used to include empty fields in Patch requests. 302 ForceSendFields []string `json:"-"` 303 304 // NullFields is a list of field names (e.g. "AccessLevel") to include 305 // in API requests with the JSON null value. By default, fields with 306 // empty values are omitted from API requests. However, any field with 307 // an empty value appearing in NullFields will be sent to the server as 308 // null. It is an error if a field in this list has a non-empty value. 309 // This may be used to include null fields in Patch requests. 310 NullFields []string `json:"-"` 311} 312 313func (s *Asset) MarshalJSON() ([]byte, error) { 314 type NoMethod Asset 315 raw := NoMethod(*s) 316 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 317} 318 319// AuditConfig: Specifies the audit configuration for a service. The 320// configuration determines which permission types are logged, and what 321// identities, if any, are exempted from logging. An AuditConfig must 322// have one or more AuditLogConfigs. If there are AuditConfigs for both 323// `allServices` and a specific service, the union of the two 324// AuditConfigs is used for that service: the log_types specified in 325// each AuditConfig are enabled, and the exempted_members in each 326// AuditLogConfig are exempted. Example Policy with multiple 327// AuditConfigs: { "audit_configs": [ { "service": "allServices", 328// "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": 329// [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { 330// "log_type": "ADMIN_READ" } ] }, { "service": 331// "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": 332// "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ 333// "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy 334// enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts 335// jose@example.com from DATA_READ logging, and aliya@example.com from 336// DATA_WRITE logging. 337type AuditConfig struct { 338 // AuditLogConfigs: The configuration for logging of each type of 339 // permission. 340 AuditLogConfigs []*AuditLogConfig `json:"auditLogConfigs,omitempty"` 341 342 // Service: Specifies a service that will be enabled for audit logging. 343 // For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 344 // `allServices` is a special value that covers all services. 345 Service string `json:"service,omitempty"` 346 347 // ForceSendFields is a list of field names (e.g. "AuditLogConfigs") to 348 // unconditionally include in API requests. By default, fields with 349 // empty or default values are omitted from API requests. However, any 350 // non-pointer, non-interface field appearing in ForceSendFields will be 351 // sent to the server regardless of whether the field is empty or not. 352 // This may be used to include empty fields in Patch requests. 353 ForceSendFields []string `json:"-"` 354 355 // NullFields is a list of field names (e.g. "AuditLogConfigs") to 356 // include in API requests with the JSON null value. By default, fields 357 // with empty values are omitted from API requests. However, any field 358 // with an empty value appearing in NullFields will be sent to the 359 // server as null. It is an error if a field in this list has a 360 // non-empty value. This may be used to include null fields in Patch 361 // requests. 362 NullFields []string `json:"-"` 363} 364 365func (s *AuditConfig) MarshalJSON() ([]byte, error) { 366 type NoMethod AuditConfig 367 raw := NoMethod(*s) 368 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 369} 370 371// AuditLogConfig: Provides the configuration for logging a type of 372// permissions. Example: { "audit_log_configs": [ { "log_type": 373// "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { 374// "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 375// 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ 376// logging. 377type AuditLogConfig struct { 378 // ExemptedMembers: Specifies the identities that do not cause logging 379 // for this type of permission. Follows the same format of 380 // Binding.members. 381 ExemptedMembers []string `json:"exemptedMembers,omitempty"` 382 383 // LogType: The log type that this config enables. 384 // 385 // Possible values: 386 // "LOG_TYPE_UNSPECIFIED" - Default case. Should never be this. 387 // "ADMIN_READ" - Admin reads. Example: CloudIAM getIamPolicy 388 // "DATA_WRITE" - Data writes. Example: CloudSQL Users create 389 // "DATA_READ" - Data reads. Example: CloudSQL Users list 390 LogType string `json:"logType,omitempty"` 391 392 // ForceSendFields is a list of field names (e.g. "ExemptedMembers") to 393 // unconditionally include in API requests. By default, fields with 394 // empty or default values are omitted from API requests. However, any 395 // non-pointer, non-interface field appearing in ForceSendFields will be 396 // sent to the server regardless of whether the field is empty or not. 397 // This may be used to include empty fields in Patch requests. 398 ForceSendFields []string `json:"-"` 399 400 // NullFields is a list of field names (e.g. "ExemptedMembers") to 401 // include in API requests with the JSON null value. By default, fields 402 // with empty values are omitted from API requests. However, any field 403 // with an empty value appearing in NullFields will be sent to the 404 // server as null. It is an error if a field in this list has a 405 // non-empty value. This may be used to include null fields in Patch 406 // requests. 407 NullFields []string `json:"-"` 408} 409 410func (s *AuditLogConfig) MarshalJSON() ([]byte, error) { 411 type NoMethod AuditLogConfig 412 raw := NoMethod(*s) 413 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 414} 415 416// BatchGetAssetsHistoryResponse: Batch get assets history response. 417type BatchGetAssetsHistoryResponse struct { 418 // Assets: A list of assets with valid time windows. 419 Assets []*TemporalAsset `json:"assets,omitempty"` 420 421 // ServerResponse contains the HTTP response code and headers from the 422 // server. 423 googleapi.ServerResponse `json:"-"` 424 425 // ForceSendFields is a list of field names (e.g. "Assets") to 426 // unconditionally include in API requests. By default, fields with 427 // empty or default values are omitted from API requests. However, any 428 // non-pointer, non-interface field appearing in ForceSendFields will be 429 // sent to the server regardless of whether the field is empty or not. 430 // This may be used to include empty fields in Patch requests. 431 ForceSendFields []string `json:"-"` 432 433 // NullFields is a list of field names (e.g. "Assets") to include in API 434 // requests with the JSON null value. By default, fields with empty 435 // values are omitted from API requests. However, any field with an 436 // empty value appearing in NullFields will be sent to the server as 437 // null. It is an error if a field in this list has a non-empty value. 438 // This may be used to include null fields in Patch requests. 439 NullFields []string `json:"-"` 440} 441 442func (s *BatchGetAssetsHistoryResponse) MarshalJSON() ([]byte, error) { 443 type NoMethod BatchGetAssetsHistoryResponse 444 raw := NoMethod(*s) 445 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 446} 447 448// Binding: Associates `members`, or principals, with a `role`. 449type Binding struct { 450 // Condition: The condition that is associated with this binding. If the 451 // condition evaluates to `true`, then this binding applies to the 452 // current request. If the condition evaluates to `false`, then this 453 // binding does not apply to the current request. However, a different 454 // role binding might grant the same role to one or more of the 455 // principals in this binding. To learn which resources support 456 // conditions in their IAM policies, see the IAM documentation 457 // (https://cloud.google.com/iam/help/conditions/resource-policies). 458 Condition *Expr `json:"condition,omitempty"` 459 460 // Members: Specifies the principals requesting access for a Cloud 461 // Platform resource. `members` can have the following values: * 462 // `allUsers`: A special identifier that represents anyone who is on the 463 // internet; with or without a Google account. * 464 // `allAuthenticatedUsers`: A special identifier that represents anyone 465 // who is authenticated with a Google account or a service account. * 466 // `user:{emailid}`: An email address that represents a specific Google 467 // account. For example, `alice@example.com` . * 468 // `serviceAccount:{emailid}`: An email address that represents a 469 // service account. For example, 470 // `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An 471 // email address that represents a Google group. For example, 472 // `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An 473 // email address (plus unique identifier) representing a user that has 474 // been recently deleted. For example, 475 // `alice@example.com?uid=123456789012345678901`. If the user is 476 // recovered, this value reverts to `user:{emailid}` and the recovered 477 // user retains the role in the binding. * 478 // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address 479 // (plus unique identifier) representing a service account that has been 480 // recently deleted. For example, 481 // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. 482 // If the service account is undeleted, this value reverts to 483 // `serviceAccount:{emailid}` and the undeleted service account retains 484 // the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: 485 // An email address (plus unique identifier) representing a Google group 486 // that has been recently deleted. For example, 487 // `admins@example.com?uid=123456789012345678901`. If the group is 488 // recovered, this value reverts to `group:{emailid}` and the recovered 489 // group retains the role in the binding. * `domain:{domain}`: The G 490 // Suite domain (primary) that represents all the users of that domain. 491 // For example, `google.com` or `example.com`. 492 Members []string `json:"members,omitempty"` 493 494 // Role: Role that is assigned to the list of `members`, or principals. 495 // For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 496 Role string `json:"role,omitempty"` 497 498 // ForceSendFields is a list of field names (e.g. "Condition") to 499 // unconditionally include in API requests. By default, fields with 500 // empty or default values are omitted from API requests. However, any 501 // non-pointer, non-interface field appearing in ForceSendFields will be 502 // sent to the server regardless of whether the field is empty or not. 503 // This may be used to include empty fields in Patch requests. 504 ForceSendFields []string `json:"-"` 505 506 // NullFields is a list of field names (e.g. "Condition") to include in 507 // API requests with the JSON null value. By default, fields with empty 508 // values are omitted from API requests. However, any field with an 509 // empty value appearing in NullFields will be sent to the server as 510 // null. It is an error if a field in this list has a non-empty value. 511 // This may be used to include null fields in Patch requests. 512 NullFields []string `json:"-"` 513} 514 515func (s *Binding) MarshalJSON() ([]byte, error) { 516 type NoMethod Binding 517 raw := NoMethod(*s) 518 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 519} 520 521// ExportAssetsRequest: Export asset request. 522type ExportAssetsRequest struct { 523 // AssetTypes: A list of asset types of which to take a snapshot for. 524 // For example: "google.compute.Disk". If specified, only matching 525 // assets will be returned. See Introduction to Cloud Asset Inventory 526 // (https://cloud.google.com/resource-manager/docs/cloud-asset-inventory/overview) 527 // for all supported asset types. 528 AssetTypes []string `json:"assetTypes,omitempty"` 529 530 // ContentType: Asset content type. If not specified, no content but the 531 // asset name will be returned. 532 // 533 // Possible values: 534 // "CONTENT_TYPE_UNSPECIFIED" - Unspecified content type. 535 // "RESOURCE" - Resource metadata. 536 // "IAM_POLICY" - The actual IAM policy set on a resource. 537 ContentType string `json:"contentType,omitempty"` 538 539 // OutputConfig: Required. Output configuration indicating where the 540 // results will be output to. All results will be in newline delimited 541 // JSON format. 542 OutputConfig *OutputConfig `json:"outputConfig,omitempty"` 543 544 // ReadTime: Timestamp to take an asset snapshot. This can only be set 545 // to a timestamp between 2018-10-02 UTC (inclusive) and the current 546 // time. If not specified, the current time will be used. Due to delays 547 // in resource data collection and indexing, there is a volatile window 548 // during which running the same query may get different results. 549 ReadTime string `json:"readTime,omitempty"` 550 551 // ForceSendFields is a list of field names (e.g. "AssetTypes") to 552 // unconditionally include in API requests. By default, fields with 553 // empty or default values are omitted from API requests. However, any 554 // non-pointer, non-interface field appearing in ForceSendFields will be 555 // sent to the server regardless of whether the field is empty or not. 556 // This may be used to include empty fields in Patch requests. 557 ForceSendFields []string `json:"-"` 558 559 // NullFields is a list of field names (e.g. "AssetTypes") to include in 560 // API requests with the JSON null value. By default, fields with empty 561 // values are omitted from API requests. However, any field with an 562 // empty value appearing in NullFields will be sent to the server as 563 // null. It is an error if a field in this list has a non-empty value. 564 // This may be used to include null fields in Patch requests. 565 NullFields []string `json:"-"` 566} 567 568func (s *ExportAssetsRequest) MarshalJSON() ([]byte, error) { 569 type NoMethod ExportAssetsRequest 570 raw := NoMethod(*s) 571 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 572} 573 574// Expr: Represents a textual expression in the Common Expression 575// Language (CEL) syntax. CEL is a C-like expression language. The 576// syntax and semantics of CEL are documented at 577// https://github.com/google/cel-spec. Example (Comparison): title: 578// "Summary size limit" description: "Determines if a summary is less 579// than 100 chars" expression: "document.summary.size() < 100" Example 580// (Equality): title: "Requestor is owner" description: "Determines if 581// requestor is the document owner" expression: "document.owner == 582// request.auth.claims.email" Example (Logic): title: "Public documents" 583// description: "Determine whether the document should be publicly 584// visible" expression: "document.type != 'private' && document.type != 585// 'internal'" Example (Data Manipulation): title: "Notification string" 586// description: "Create a notification string with a timestamp." 587// expression: "'New message received at ' + 588// string(document.create_time)" The exact variables and functions that 589// may be referenced within an expression are determined by the service 590// that evaluates it. See the service documentation for additional 591// information. 592type Expr struct { 593 // Description: Optional. Description of the expression. This is a 594 // longer text which describes the expression, e.g. when hovered over it 595 // in a UI. 596 Description string `json:"description,omitempty"` 597 598 // Expression: Textual representation of an expression in Common 599 // Expression Language syntax. 600 Expression string `json:"expression,omitempty"` 601 602 // Location: Optional. String indicating the location of the expression 603 // for error reporting, e.g. a file name and a position in the file. 604 Location string `json:"location,omitempty"` 605 606 // Title: Optional. Title for the expression, i.e. a short string 607 // describing its purpose. This can be used e.g. in UIs which allow to 608 // enter the expression. 609 Title string `json:"title,omitempty"` 610 611 // ForceSendFields is a list of field names (e.g. "Description") to 612 // unconditionally include in API requests. By default, fields with 613 // empty or default values are omitted from API requests. However, any 614 // non-pointer, non-interface field appearing in ForceSendFields will be 615 // sent to the server regardless of whether the field is empty or not. 616 // This may be used to include empty fields in Patch requests. 617 ForceSendFields []string `json:"-"` 618 619 // NullFields is a list of field names (e.g. "Description") to include 620 // in API requests with the JSON null value. By default, fields with 621 // empty values are omitted from API requests. However, any field with 622 // an empty value appearing in NullFields will be sent to the server as 623 // null. It is an error if a field in this list has a non-empty value. 624 // This may be used to include null fields in Patch requests. 625 NullFields []string `json:"-"` 626} 627 628func (s *Expr) MarshalJSON() ([]byte, error) { 629 type NoMethod Expr 630 raw := NoMethod(*s) 631 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 632} 633 634// GcsDestination: A Cloud Storage location. 635type GcsDestination struct { 636 // Uri: The uri of the Cloud Storage object. It's the same uri that is 637 // used by gsutil. For example: "gs://bucket_name/object_name". See 638 // Viewing and Editing Object Metadata 639 // (https://cloud.google.com/storage/docs/viewing-editing-metadata) for 640 // more information. 641 Uri string `json:"uri,omitempty"` 642 643 // UriPrefix: The uri prefix of all generated Cloud Storage objects. For 644 // example: "gs://bucket_name/object_name_prefix". Each object uri is in 645 // format: "gs://bucket_name/object_name_prefix// and only contains 646 // assets for that type. starts from 0. For example: 647 // "gs://bucket_name/object_name_prefix/google.compute.disk/0" is the 648 // first shard of output objects containing all google.compute.disk 649 // assets. An INVALID_ARGUMENT error will be returned if file with the 650 // same name "gs://bucket_name/object_name_prefix" already exists. 651 UriPrefix string `json:"uriPrefix,omitempty"` 652 653 // ForceSendFields is a list of field names (e.g. "Uri") to 654 // unconditionally include in API requests. By default, fields with 655 // empty or default values are omitted from API requests. However, any 656 // non-pointer, non-interface field appearing in ForceSendFields will be 657 // sent to the server regardless of whether the field is empty or not. 658 // This may be used to include empty fields in Patch requests. 659 ForceSendFields []string `json:"-"` 660 661 // NullFields is a list of field names (e.g. "Uri") to include in API 662 // requests with the JSON null value. By default, fields with empty 663 // values are omitted from API requests. However, any field with an 664 // empty value appearing in NullFields will be sent to the server as 665 // null. It is an error if a field in this list has a non-empty value. 666 // This may be used to include null fields in Patch requests. 667 NullFields []string `json:"-"` 668} 669 670func (s *GcsDestination) MarshalJSON() ([]byte, error) { 671 type NoMethod GcsDestination 672 raw := NoMethod(*s) 673 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 674} 675 676// GoogleCloudAssetV1p7beta1Asset: An asset in Google Cloud. An asset 677// can be any resource in the Google Cloud resource hierarchy 678// (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 679// a resource outside the Google Cloud resource hierarchy (such as 680// Google Kubernetes Engine clusters and objects), or a policy (e.g. 681// Cloud IAM policy). See Supported asset types 682// (https://cloud.google.com/asset-inventory/docs/supported-asset-types) 683// for more information. 684type GoogleCloudAssetV1p7beta1Asset struct { 685 // AccessLevel: Please also refer to the access level user guide 686 // (https://cloud.google.com/access-context-manager/docs/overview#access-levels). 687 AccessLevel *GoogleIdentityAccesscontextmanagerV1AccessLevel `json:"accessLevel,omitempty"` 688 689 // AccessPolicy: Please also refer to the access policy user guide 690 // (https://cloud.google.com/access-context-manager/docs/overview#access-policies). 691 AccessPolicy *GoogleIdentityAccesscontextmanagerV1AccessPolicy `json:"accessPolicy,omitempty"` 692 693 // Ancestors: The ancestry path of an asset in Google Cloud resource 694 // hierarchy 695 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 696 // represented as a list of relative resource names. An ancestry path 697 // starts with the closest ancestor in the hierarchy and ends at root. 698 // If the asset is a project, folder, or organization, the ancestry path 699 // starts from the asset itself. Example: `["projects/123456789", 700 // "folders/5432", "organizations/1234"]` 701 Ancestors []string `json:"ancestors,omitempty"` 702 703 // AssetType: The type of the asset. Example: 704 // `compute.googleapis.com/Disk` See Supported asset types 705 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) 706 // for more information. 707 AssetType string `json:"assetType,omitempty"` 708 709 // IamPolicy: A representation of the Cloud IAM policy set on a Google 710 // Cloud resource. There can be a maximum of one Cloud IAM policy set on 711 // any given resource. In addition, Cloud IAM policies inherit their 712 // granted access scope from any policies set on parent resources in the 713 // resource hierarchy. Therefore, the effectively policy is the union of 714 // both the policy set on this resource and each policy set on all of 715 // the resource's ancestry resource levels in the hierarchy. See this 716 // topic (https://cloud.google.com/iam/docs/policies#inheritance) for 717 // more information. 718 IamPolicy *Policy `json:"iamPolicy,omitempty"` 719 720 // Name: The full name of the asset. Example: 721 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instance 722 // s/instance1` See Resource names 723 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) 724 // for more information. 725 Name string `json:"name,omitempty"` 726 727 // OrgPolicy: A representation of an organization policy 728 // (https://cloud.google.com/resource-manager/docs/organization-policy/overview#organization_policy). 729 // There can be more than one organization policy with different 730 // constraints set on a given resource. 731 OrgPolicy []*GoogleCloudOrgpolicyV1Policy `json:"orgPolicy,omitempty"` 732 733 // RelatedAssets: The related assets of the asset of one relationship 734 // type. One asset only represents one type of relationship. 735 RelatedAssets *GoogleCloudAssetV1p7beta1RelatedAssets `json:"relatedAssets,omitempty"` 736 737 // Resource: A representation of the resource. 738 Resource *GoogleCloudAssetV1p7beta1Resource `json:"resource,omitempty"` 739 740 // ServicePerimeter: Please also refer to the service perimeter user 741 // guide (https://cloud.google.com/vpc-service-controls/docs/overview). 742 ServicePerimeter *GoogleIdentityAccesscontextmanagerV1ServicePerimeter `json:"servicePerimeter,omitempty"` 743 744 // UpdateTime: The last update timestamp of an asset. update_time is 745 // updated when create/update/delete operation is performed. 746 UpdateTime string `json:"updateTime,omitempty"` 747 748 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 749 // unconditionally include in API requests. By default, fields with 750 // empty or default values are omitted from API requests. However, any 751 // non-pointer, non-interface field appearing in ForceSendFields will be 752 // sent to the server regardless of whether the field is empty or not. 753 // This may be used to include empty fields in Patch requests. 754 ForceSendFields []string `json:"-"` 755 756 // NullFields is a list of field names (e.g. "AccessLevel") to include 757 // in API requests with the JSON null value. By default, fields with 758 // empty values are omitted from API requests. However, any field with 759 // an empty value appearing in NullFields will be sent to the server as 760 // null. It is an error if a field in this list has a non-empty value. 761 // This may be used to include null fields in Patch requests. 762 NullFields []string `json:"-"` 763} 764 765func (s *GoogleCloudAssetV1p7beta1Asset) MarshalJSON() ([]byte, error) { 766 type NoMethod GoogleCloudAssetV1p7beta1Asset 767 raw := NoMethod(*s) 768 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 769} 770 771// GoogleCloudAssetV1p7beta1RelatedAsset: An asset identify in Google 772// Cloud which contains its name, type and ancestors. An asset can be 773// any resource in the Google Cloud resource hierarchy 774// (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 775// a resource outside the Google Cloud resource hierarchy (such as 776// Google Kubernetes Engine clusters and objects), or a policy (e.g. 777// Cloud IAM policy). See Supported asset types 778// (https://cloud.google.com/asset-inventory/docs/supported-asset-types) 779// for more information. 780type GoogleCloudAssetV1p7beta1RelatedAsset struct { 781 // Ancestors: The ancestors of an asset in Google Cloud resource 782 // hierarchy 783 // (https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy), 784 // represented as a list of relative resource names. An ancestry path 785 // starts with the closest ancestor in the hierarchy and ends at root. 786 // Example: `["projects/123456789", "folders/5432", 787 // "organizations/1234"]` 788 Ancestors []string `json:"ancestors,omitempty"` 789 790 // Asset: The full name of the asset. Example: 791 // `//compute.googleapis.com/projects/my_project_123/zones/zone1/instance 792 // s/instance1` See Resource names 793 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) 794 // for more information. 795 Asset string `json:"asset,omitempty"` 796 797 // AssetType: The type of the asset. Example: 798 // `compute.googleapis.com/Disk` See Supported asset types 799 // (https://cloud.google.com/asset-inventory/docs/supported-asset-types) 800 // for more information. 801 AssetType string `json:"assetType,omitempty"` 802 803 // ForceSendFields is a list of field names (e.g. "Ancestors") to 804 // unconditionally include in API requests. By default, fields with 805 // empty or default values are omitted from API requests. However, any 806 // non-pointer, non-interface field appearing in ForceSendFields will be 807 // sent to the server regardless of whether the field is empty or not. 808 // This may be used to include empty fields in Patch requests. 809 ForceSendFields []string `json:"-"` 810 811 // NullFields is a list of field names (e.g. "Ancestors") to include in 812 // API requests with the JSON null value. By default, fields with empty 813 // values are omitted from API requests. However, any field with an 814 // empty value appearing in NullFields will be sent to the server as 815 // null. It is an error if a field in this list has a non-empty value. 816 // This may be used to include null fields in Patch requests. 817 NullFields []string `json:"-"` 818} 819 820func (s *GoogleCloudAssetV1p7beta1RelatedAsset) MarshalJSON() ([]byte, error) { 821 type NoMethod GoogleCloudAssetV1p7beta1RelatedAsset 822 raw := NoMethod(*s) 823 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 824} 825 826// GoogleCloudAssetV1p7beta1RelatedAssets: The detailed related assets 827// with the `relationship_type`. 828type GoogleCloudAssetV1p7beta1RelatedAssets struct { 829 // Assets: The peer resources of the relationship. 830 Assets []*GoogleCloudAssetV1p7beta1RelatedAsset `json:"assets,omitempty"` 831 832 // RelationshipAttributes: The detailed relation attributes. 833 RelationshipAttributes *GoogleCloudAssetV1p7beta1RelationshipAttributes `json:"relationshipAttributes,omitempty"` 834 835 // ForceSendFields is a list of field names (e.g. "Assets") to 836 // unconditionally include in API requests. By default, fields with 837 // empty or default values are omitted from API requests. However, any 838 // non-pointer, non-interface field appearing in ForceSendFields will be 839 // sent to the server regardless of whether the field is empty or not. 840 // This may be used to include empty fields in Patch requests. 841 ForceSendFields []string `json:"-"` 842 843 // NullFields is a list of field names (e.g. "Assets") to include in API 844 // requests with the JSON null value. By default, fields with empty 845 // values are omitted from API requests. However, any field with an 846 // empty value appearing in NullFields will be sent to the server as 847 // null. It is an error if a field in this list has a non-empty value. 848 // This may be used to include null fields in Patch requests. 849 NullFields []string `json:"-"` 850} 851 852func (s *GoogleCloudAssetV1p7beta1RelatedAssets) MarshalJSON() ([]byte, error) { 853 type NoMethod GoogleCloudAssetV1p7beta1RelatedAssets 854 raw := NoMethod(*s) 855 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 856} 857 858// GoogleCloudAssetV1p7beta1RelationshipAttributes: The relationship 859// attributes which include `type`, `source_resource_type`, 860// `target_resource_type` and `action`. 861type GoogleCloudAssetV1p7beta1RelationshipAttributes struct { 862 // Action: The detail of the relationship, e.g. `contains`, `attaches` 863 Action string `json:"action,omitempty"` 864 865 // SourceResourceType: The source asset type. Example: 866 // `compute.googleapis.com/Instance` 867 SourceResourceType string `json:"sourceResourceType,omitempty"` 868 869 // TargetResourceType: The target asset type. Example: 870 // `compute.googleapis.com/Disk` 871 TargetResourceType string `json:"targetResourceType,omitempty"` 872 873 // Type: The unique identifier of the relationship type. Example: 874 // `INSTANCE_TO_INSTANCEGROUP` 875 Type string `json:"type,omitempty"` 876 877 // ForceSendFields is a list of field names (e.g. "Action") to 878 // unconditionally include in API requests. By default, fields with 879 // empty or default values are omitted from API requests. However, any 880 // non-pointer, non-interface field appearing in ForceSendFields will be 881 // sent to the server regardless of whether the field is empty or not. 882 // This may be used to include empty fields in Patch requests. 883 ForceSendFields []string `json:"-"` 884 885 // NullFields is a list of field names (e.g. "Action") to include in API 886 // requests with the JSON null value. By default, fields with empty 887 // values are omitted from API requests. However, any field with an 888 // empty value appearing in NullFields will be sent to the server as 889 // null. It is an error if a field in this list has a non-empty value. 890 // This may be used to include null fields in Patch requests. 891 NullFields []string `json:"-"` 892} 893 894func (s *GoogleCloudAssetV1p7beta1RelationshipAttributes) MarshalJSON() ([]byte, error) { 895 type NoMethod GoogleCloudAssetV1p7beta1RelationshipAttributes 896 raw := NoMethod(*s) 897 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 898} 899 900// GoogleCloudAssetV1p7beta1Resource: A representation of a Google Cloud 901// resource. 902type GoogleCloudAssetV1p7beta1Resource struct { 903 // Data: The content of the resource, in which some sensitive fields are 904 // removed and may not be present. 905 Data googleapi.RawMessage `json:"data,omitempty"` 906 907 // DiscoveryDocumentUri: The URL of the discovery document containing 908 // the resource's JSON schema. Example: 909 // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This 910 // value is unspecified for resources that do not have an API based on a 911 // discovery document, such as Cloud Bigtable. 912 DiscoveryDocumentUri string `json:"discoveryDocumentUri,omitempty"` 913 914 // DiscoveryName: The JSON schema name listed in the discovery document. 915 // Example: `Project` This value is unspecified for resources that do 916 // not have an API based on a discovery document, such as Cloud 917 // Bigtable. 918 DiscoveryName string `json:"discoveryName,omitempty"` 919 920 // Location: The location of the resource in Google Cloud, such as its 921 // zone and region. For more information, see 922 // https://cloud.google.com/about/locations/. 923 Location string `json:"location,omitempty"` 924 925 // Parent: The full name of the immediate parent of this resource. See 926 // Resource Names 927 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) 928 // for more information. For Google Cloud assets, this value is the 929 // parent resource defined in the Cloud IAM policy hierarchy 930 // (https://cloud.google.com/iam/docs/overview#policy_hierarchy). 931 // Example: 932 // `//cloudresourcemanager.googleapis.com/projects/my_project_123` For 933 // third-party assets, this field may be set differently. 934 Parent string `json:"parent,omitempty"` 935 936 // ResourceUrl: The REST URL for accessing the resource. An HTTP `GET` 937 // request using this URL returns the resource itself. Example: 938 // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-12 939 // 3` This value is unspecified for resources without a REST API. 940 ResourceUrl string `json:"resourceUrl,omitempty"` 941 942 // Version: The API version. Example: `v1` 943 Version string `json:"version,omitempty"` 944 945 // ForceSendFields is a list of field names (e.g. "Data") to 946 // unconditionally include in API requests. By default, fields with 947 // empty or default values are omitted from API requests. However, any 948 // non-pointer, non-interface field appearing in ForceSendFields will be 949 // sent to the server regardless of whether the field is empty or not. 950 // This may be used to include empty fields in Patch requests. 951 ForceSendFields []string `json:"-"` 952 953 // NullFields is a list of field names (e.g. "Data") to include in API 954 // requests with the JSON null value. By default, fields with empty 955 // values are omitted from API requests. However, any field with an 956 // empty value appearing in NullFields will be sent to the server as 957 // null. It is an error if a field in this list has a non-empty value. 958 // This may be used to include null fields in Patch requests. 959 NullFields []string `json:"-"` 960} 961 962func (s *GoogleCloudAssetV1p7beta1Resource) MarshalJSON() ([]byte, error) { 963 type NoMethod GoogleCloudAssetV1p7beta1Resource 964 raw := NoMethod(*s) 965 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 966} 967 968// GoogleCloudOrgpolicyV1BooleanPolicy: Used in `policy_type` to specify 969// how `boolean_policy` will behave at this resource. 970type GoogleCloudOrgpolicyV1BooleanPolicy struct { 971 // Enforced: If `true`, then the `Policy` is enforced. If `false`, then 972 // any configuration is acceptable. Suppose you have a `Constraint` 973 // `constraints/compute.disableSerialPortAccess` with 974 // `constraint_default` set to `ALLOW`. A `Policy` for that `Constraint` 975 // exhibits the following behavior: - If the `Policy` at this resource 976 // has enforced set to `false`, serial port connection attempts will be 977 // allowed. - If the `Policy` at this resource has enforced set to 978 // `true`, serial port connection attempts will be refused. - If the 979 // `Policy` at this resource is `RestoreDefault`, serial port connection 980 // attempts will be allowed. - If no `Policy` is set at this resource or 981 // anywhere higher in the resource hierarchy, serial port connection 982 // attempts will be allowed. - If no `Policy` is set at this resource, 983 // but one exists higher in the resource hierarchy, the behavior is as 984 // if the`Policy` were set at this resource. The following examples 985 // demonstrate the different possible layerings: Example 1 (nearest 986 // `Constraint` wins): `organizations/foo` has a `Policy` with: 987 // {enforced: false} `projects/bar` has no `Policy` set. The constraint 988 // at `projects/bar` and `organizations/foo` will not be enforced. 989 // Example 2 (enforcement gets replaced): `organizations/foo` has a 990 // `Policy` with: {enforced: false} `projects/bar` has a `Policy` with: 991 // {enforced: true} The constraint at `organizations/foo` is not 992 // enforced. The constraint at `projects/bar` is enforced. Example 3 993 // (RestoreDefault): `organizations/foo` has a `Policy` with: {enforced: 994 // true} `projects/bar` has a `Policy` with: {RestoreDefault: {}} The 995 // constraint at `organizations/foo` is enforced. The constraint at 996 // `projects/bar` is not enforced, because `constraint_default` for the 997 // `Constraint` is `ALLOW`. 998 Enforced bool `json:"enforced,omitempty"` 999 1000 // ForceSendFields is a list of field names (e.g. "Enforced") to 1001 // unconditionally include in API requests. By default, fields with 1002 // empty or default values are omitted from API requests. However, any 1003 // non-pointer, non-interface field appearing in ForceSendFields will be 1004 // sent to the server regardless of whether the field is empty or not. 1005 // This may be used to include empty fields in Patch requests. 1006 ForceSendFields []string `json:"-"` 1007 1008 // NullFields is a list of field names (e.g. "Enforced") to include in 1009 // API requests with the JSON null value. By default, fields with empty 1010 // values are omitted from API requests. However, any field with an 1011 // empty value appearing in NullFields will be sent to the server as 1012 // null. It is an error if a field in this list has a non-empty value. 1013 // This may be used to include null fields in Patch requests. 1014 NullFields []string `json:"-"` 1015} 1016 1017func (s *GoogleCloudOrgpolicyV1BooleanPolicy) MarshalJSON() ([]byte, error) { 1018 type NoMethod GoogleCloudOrgpolicyV1BooleanPolicy 1019 raw := NoMethod(*s) 1020 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1021} 1022 1023// GoogleCloudOrgpolicyV1ListPolicy: Used in `policy_type` to specify 1024// how `list_policy` behaves at this resource. `ListPolicy` can define 1025// specific values and subtrees of Cloud Resource Manager resource 1026// hierarchy (`Organizations`, `Folders`, `Projects`) that are allowed 1027// or denied by setting the `allowed_values` and `denied_values` fields. 1028// This is achieved by using the `under:` and optional `is:` prefixes. 1029// The `under:` prefix is used to denote resource subtree values. The 1030// `is:` prefix is used to denote specific values, and is required only 1031// if the value contains a ":". Values prefixed with "is:" are treated 1032// the same as values with no prefix. Ancestry subtrees must be in one 1033// of the following formats: - "projects/", e.g. 1034// "projects/tokyo-rain-123" - "folders/", e.g. "folders/1234" - 1035// "organizations/", e.g. "organizations/1234" The `supports_under` 1036// field of the associated `Constraint` defines whether ancestry 1037// prefixes can be used. You can set `allowed_values` and 1038// `denied_values` in the same `Policy` if `all_values` is 1039// `ALL_VALUES_UNSPECIFIED`. `ALLOW` or `DENY` are used to allow or deny 1040// all values. If `all_values` is set to either `ALLOW` or `DENY`, 1041// `allowed_values` and `denied_values` must be unset. 1042type GoogleCloudOrgpolicyV1ListPolicy struct { 1043 // AllValues: The policy all_values state. 1044 // 1045 // Possible values: 1046 // "ALL_VALUES_UNSPECIFIED" - Indicates that allowed_values or 1047 // denied_values must be set. 1048 // "ALLOW" - A policy with this set allows all values. 1049 // "DENY" - A policy with this set denies all values. 1050 AllValues string `json:"allValues,omitempty"` 1051 1052 // AllowedValues: List of values allowed at this resource. Can only be 1053 // set if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. 1054 AllowedValues []string `json:"allowedValues,omitempty"` 1055 1056 // DeniedValues: List of values denied at this resource. Can only be set 1057 // if `all_values` is set to `ALL_VALUES_UNSPECIFIED`. 1058 DeniedValues []string `json:"deniedValues,omitempty"` 1059 1060 // InheritFromParent: Determines the inheritance behavior for this 1061 // `Policy`. By default, a `ListPolicy` set at a resource supersedes any 1062 // `Policy` set anywhere up the resource hierarchy. However, if 1063 // `inherit_from_parent` is set to `true`, then the values from the 1064 // effective `Policy` of the parent resource are inherited, meaning the 1065 // values set in this `Policy` are added to the values inherited up the 1066 // hierarchy. Setting `Policy` hierarchies that inherit both allowed 1067 // values and denied values isn't recommended in most circumstances to 1068 // keep the configuration simple and understandable. However, it is 1069 // possible to set a `Policy` with `allowed_values` set that inherits a 1070 // `Policy` with `denied_values` set. In this case, the values that are 1071 // allowed must be in `allowed_values` and not present in 1072 // `denied_values`. For example, suppose you have a `Constraint` 1073 // `constraints/serviceuser.services`, which has a `constraint_type` of 1074 // `list_constraint`, and with `constraint_default` set to `ALLOW`. 1075 // Suppose that at the Organization level, a `Policy` is applied that 1076 // restricts the allowed API activations to {`E1`, `E2`}. Then, if a 1077 // `Policy` is applied to a project below the Organization that has 1078 // `inherit_from_parent` set to `false` and field all_values set to 1079 // DENY, then an attempt to activate any API will be denied. The 1080 // following examples demonstrate different possible layerings for 1081 // `projects/bar` parented by `organizations/foo`: Example 1 (no 1082 // inherited values): `organizations/foo` has a `Policy` with values: 1083 // {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has 1084 // `inherit_from_parent` `false` and values: {allowed_values: "E3" 1085 // allowed_values: "E4"} The accepted values at `organizations/foo` are 1086 // `E1`, `E2`. The accepted values at `projects/bar` are `E3`, and `E4`. 1087 // Example 2 (inherited values): `organizations/foo` has a `Policy` with 1088 // values: {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has 1089 // a `Policy` with values: {value: "E3" value: "E4" inherit_from_parent: 1090 // true} The accepted values at `organizations/foo` are `E1`, `E2`. The 1091 // accepted values at `projects/bar` are `E1`, `E2`, `E3`, and `E4`. 1092 // Example 3 (inheriting both allowed and denied values): 1093 // `organizations/foo` has a `Policy` with values: {allowed_values: "E1" 1094 // allowed_values: "E2"} `projects/bar` has a `Policy` with: 1095 // {denied_values: "E1"} The accepted values at `organizations/foo` are 1096 // `E1`, `E2`. The value accepted at `projects/bar` is `E2`. Example 4 1097 // (RestoreDefault): `organizations/foo` has a `Policy` with values: 1098 // {allowed_values: "E1" allowed_values:"E2"} `projects/bar` has a 1099 // `Policy` with values: {RestoreDefault: {}} The accepted values at 1100 // `organizations/foo` are `E1`, `E2`. The accepted values at 1101 // `projects/bar` are either all or none depending on the value of 1102 // `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 5 1103 // (no policy inherits parent policy): `organizations/foo` has no 1104 // `Policy` set. `projects/bar` has no `Policy` set. The accepted values 1105 // at both levels are either all or none depending on the value of 1106 // `constraint_default` (if `ALLOW`, all; if `DENY`, none). Example 6 1107 // (ListConstraint allowing all): `organizations/foo` has a `Policy` 1108 // with values: {allowed_values: "E1" allowed_values: "E2"} 1109 // `projects/bar` has a `Policy` with: {all: ALLOW} The accepted values 1110 // at `organizations/foo` are `E1`, E2`. Any value is accepted at 1111 // `projects/bar`. Example 7 (ListConstraint allowing none): 1112 // `organizations/foo` has a `Policy` with values: {allowed_values: "E1" 1113 // allowed_values: "E2"} `projects/bar` has a `Policy` with: {all: DENY} 1114 // The accepted values at `organizations/foo` are `E1`, E2`. No value is 1115 // accepted at `projects/bar`. Example 10 (allowed and denied subtrees 1116 // of Resource Manager hierarchy): Given the following resource 1117 // hierarchy O1->{F1, F2}; F1->{P1}; F2->{P2, P3}, `organizations/foo` 1118 // has a `Policy` with values: {allowed_values: 1119 // "under:organizations/O1"} `projects/bar` has a `Policy` with: 1120 // {allowed_values: "under:projects/P3"} {denied_values: 1121 // "under:folders/F2"} The accepted values at `organizations/foo` are 1122 // `organizations/O1`, `folders/F1`, `folders/F2`, `projects/P1`, 1123 // `projects/P2`, `projects/P3`. The accepted values at `projects/bar` 1124 // are `organizations/O1`, `folders/F1`, `projects/P1`. 1125 InheritFromParent bool `json:"inheritFromParent,omitempty"` 1126 1127 // SuggestedValue: Optional. The Google Cloud Console will try to 1128 // default to a configuration that matches the value specified in this 1129 // `Policy`. If `suggested_value` is not set, it will inherit the value 1130 // specified higher in the hierarchy, unless `inherit_from_parent` is 1131 // `false`. 1132 SuggestedValue string `json:"suggestedValue,omitempty"` 1133 1134 // ForceSendFields is a list of field names (e.g. "AllValues") to 1135 // unconditionally include in API requests. By default, fields with 1136 // empty or default values are omitted from API requests. However, any 1137 // non-pointer, non-interface field appearing in ForceSendFields will be 1138 // sent to the server regardless of whether the field is empty or not. 1139 // This may be used to include empty fields in Patch requests. 1140 ForceSendFields []string `json:"-"` 1141 1142 // NullFields is a list of field names (e.g. "AllValues") to include in 1143 // API requests with the JSON null value. By default, fields with empty 1144 // values are omitted from API requests. However, any field with an 1145 // empty value appearing in NullFields will be sent to the server as 1146 // null. It is an error if a field in this list has a non-empty value. 1147 // This may be used to include null fields in Patch requests. 1148 NullFields []string `json:"-"` 1149} 1150 1151func (s *GoogleCloudOrgpolicyV1ListPolicy) MarshalJSON() ([]byte, error) { 1152 type NoMethod GoogleCloudOrgpolicyV1ListPolicy 1153 raw := NoMethod(*s) 1154 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1155} 1156 1157// GoogleCloudOrgpolicyV1Policy: Defines a Cloud Organization `Policy` 1158// which is used to specify `Constraints` for configurations of Cloud 1159// Platform resources. 1160type GoogleCloudOrgpolicyV1Policy struct { 1161 // BooleanPolicy: For boolean `Constraints`, whether to enforce the 1162 // `Constraint` or not. 1163 BooleanPolicy *GoogleCloudOrgpolicyV1BooleanPolicy `json:"booleanPolicy,omitempty"` 1164 1165 // Constraint: The name of the `Constraint` the `Policy` is configuring, 1166 // for example, `constraints/serviceuser.services`. A list of available 1167 // constraints 1168 // (/resource-manager/docs/organization-policy/org-policy-constraints) 1169 // is available. Immutable after creation. 1170 Constraint string `json:"constraint,omitempty"` 1171 1172 // Etag: An opaque tag indicating the current version of the `Policy`, 1173 // used for concurrency control. When the `Policy` is returned from 1174 // either a `GetPolicy` or a `ListOrgPolicy` request, this `etag` 1175 // indicates the version of the current `Policy` to use when executing a 1176 // read-modify-write loop. When the `Policy` is returned from a 1177 // `GetEffectivePolicy` request, the `etag` will be unset. When the 1178 // `Policy` is used in a `SetOrgPolicy` method, use the `etag` value 1179 // that was returned from a `GetOrgPolicy` request as part of a 1180 // read-modify-write loop for concurrency control. Not setting the 1181 // `etag`in a `SetOrgPolicy` request will result in an unconditional 1182 // write of the `Policy`. 1183 Etag string `json:"etag,omitempty"` 1184 1185 // ListPolicy: List of values either allowed or disallowed. 1186 ListPolicy *GoogleCloudOrgpolicyV1ListPolicy `json:"listPolicy,omitempty"` 1187 1188 // RestoreDefault: Restores the default behavior of the constraint; 1189 // independent of `Constraint` type. 1190 RestoreDefault *GoogleCloudOrgpolicyV1RestoreDefault `json:"restoreDefault,omitempty"` 1191 1192 // UpdateTime: The time stamp the `Policy` was previously updated. This 1193 // is set by the server, not specified by the caller, and represents the 1194 // last time a call to `SetOrgPolicy` was made for that `Policy`. Any 1195 // value set by the client will be ignored. 1196 UpdateTime string `json:"updateTime,omitempty"` 1197 1198 // Version: Version of the `Policy`. Default version is 0; 1199 Version int64 `json:"version,omitempty"` 1200 1201 // ForceSendFields is a list of field names (e.g. "BooleanPolicy") to 1202 // unconditionally include in API requests. By default, fields with 1203 // empty or default values are omitted from API requests. However, any 1204 // non-pointer, non-interface field appearing in ForceSendFields will be 1205 // sent to the server regardless of whether the field is empty or not. 1206 // This may be used to include empty fields in Patch requests. 1207 ForceSendFields []string `json:"-"` 1208 1209 // NullFields is a list of field names (e.g. "BooleanPolicy") to include 1210 // in API requests with the JSON null value. By default, fields with 1211 // empty values are omitted from API requests. However, any field with 1212 // an empty value appearing in NullFields will be sent to the server as 1213 // null. It is an error if a field in this list has a non-empty value. 1214 // This may be used to include null fields in Patch requests. 1215 NullFields []string `json:"-"` 1216} 1217 1218func (s *GoogleCloudOrgpolicyV1Policy) MarshalJSON() ([]byte, error) { 1219 type NoMethod GoogleCloudOrgpolicyV1Policy 1220 raw := NoMethod(*s) 1221 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1222} 1223 1224// GoogleCloudOrgpolicyV1RestoreDefault: Ignores policies set above this 1225// resource and restores the `constraint_default` enforcement behavior 1226// of the specific `Constraint` at this resource. Suppose that 1227// `constraint_default` is set to `ALLOW` for the `Constraint` 1228// `constraints/serviceuser.services`. Suppose that organization foo.com 1229// sets a `Policy` at their Organization resource node that restricts 1230// the allowed service activations to deny all service activations. They 1231// could then set a `Policy` with the `policy_type` `restore_default` on 1232// several experimental projects, restoring the `constraint_default` 1233// enforcement of the `Constraint` for only those projects, allowing 1234// those projects to have all services activated. 1235type GoogleCloudOrgpolicyV1RestoreDefault struct { 1236} 1237 1238// GoogleIdentityAccesscontextmanagerV1AccessLevel: An `AccessLevel` is 1239// a label that can be applied to requests to Google Cloud services, 1240// along with a list of requirements necessary for the label to be 1241// applied. 1242type GoogleIdentityAccesscontextmanagerV1AccessLevel struct { 1243 // Basic: A `BasicLevel` composed of `Conditions`. 1244 Basic *GoogleIdentityAccesscontextmanagerV1BasicLevel `json:"basic,omitempty"` 1245 1246 // Custom: A `CustomLevel` written in the Common Expression Language. 1247 Custom *GoogleIdentityAccesscontextmanagerV1CustomLevel `json:"custom,omitempty"` 1248 1249 // Description: Description of the `AccessLevel` and its use. Does not 1250 // affect behavior. 1251 Description string `json:"description,omitempty"` 1252 1253 // Name: Required. Resource name for the Access Level. The `short_name` 1254 // component must begin with a letter and only include alphanumeric and 1255 // '_'. Format: 1256 // `accessPolicies/{access_policy}/accessLevels/{access_level}`. The 1257 // maximum length of the `access_level` component is 50 characters. 1258 Name string `json:"name,omitempty"` 1259 1260 // Title: Human readable title. Must be unique within the Policy. 1261 Title string `json:"title,omitempty"` 1262 1263 // ForceSendFields is a list of field names (e.g. "Basic") to 1264 // unconditionally include in API requests. By default, fields with 1265 // empty or default values are omitted from API requests. However, any 1266 // non-pointer, non-interface field appearing in ForceSendFields will be 1267 // sent to the server regardless of whether the field is empty or not. 1268 // This may be used to include empty fields in Patch requests. 1269 ForceSendFields []string `json:"-"` 1270 1271 // NullFields is a list of field names (e.g. "Basic") to include in API 1272 // requests with the JSON null value. By default, fields with empty 1273 // values are omitted from API requests. However, any field with an 1274 // empty value appearing in NullFields will be sent to the server as 1275 // null. It is an error if a field in this list has a non-empty value. 1276 // This may be used to include null fields in Patch requests. 1277 NullFields []string `json:"-"` 1278} 1279 1280func (s *GoogleIdentityAccesscontextmanagerV1AccessLevel) MarshalJSON() ([]byte, error) { 1281 type NoMethod GoogleIdentityAccesscontextmanagerV1AccessLevel 1282 raw := NoMethod(*s) 1283 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1284} 1285 1286// GoogleIdentityAccesscontextmanagerV1AccessPolicy: `AccessPolicy` is a 1287// container for `AccessLevels` (which define the necessary attributes 1288// to use Google Cloud services) and `ServicePerimeters` (which define 1289// regions of services able to freely pass data within a perimeter). An 1290// access policy is globally visible within an organization, and the 1291// restrictions it specifies apply to all projects within an 1292// organization. 1293type GoogleIdentityAccesscontextmanagerV1AccessPolicy struct { 1294 // Etag: Output only. An opaque identifier for the current version of 1295 // the `AccessPolicy`. This will always be a strongly validated etag, 1296 // meaning that two Access Polices will be identical if and only if 1297 // their etags are identical. Clients should not expect this to be in 1298 // any specific format. 1299 Etag string `json:"etag,omitempty"` 1300 1301 // Name: Output only. Resource name of the `AccessPolicy`. Format: 1302 // `accessPolicies/{access_policy}` 1303 Name string `json:"name,omitempty"` 1304 1305 // Parent: Required. The parent of this `AccessPolicy` in the Cloud 1306 // Resource Hierarchy. Currently immutable once created. Format: 1307 // `organizations/{organization_id}` 1308 Parent string `json:"parent,omitempty"` 1309 1310 // Title: Required. Human readable title. Does not affect behavior. 1311 Title string `json:"title,omitempty"` 1312 1313 // ForceSendFields is a list of field names (e.g. "Etag") to 1314 // unconditionally include in API requests. By default, fields with 1315 // empty or default values are omitted from API requests. However, any 1316 // non-pointer, non-interface field appearing in ForceSendFields will be 1317 // sent to the server regardless of whether the field is empty or not. 1318 // This may be used to include empty fields in Patch requests. 1319 ForceSendFields []string `json:"-"` 1320 1321 // NullFields is a list of field names (e.g. "Etag") to include in API 1322 // requests with the JSON null value. By default, fields with empty 1323 // values are omitted from API requests. However, any field with an 1324 // empty value appearing in NullFields will be sent to the server as 1325 // null. It is an error if a field in this list has a non-empty value. 1326 // This may be used to include null fields in Patch requests. 1327 NullFields []string `json:"-"` 1328} 1329 1330func (s *GoogleIdentityAccesscontextmanagerV1AccessPolicy) MarshalJSON() ([]byte, error) { 1331 type NoMethod GoogleIdentityAccesscontextmanagerV1AccessPolicy 1332 raw := NoMethod(*s) 1333 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1334} 1335 1336// GoogleIdentityAccesscontextmanagerV1ApiOperation: Identification for 1337// an API Operation. 1338type GoogleIdentityAccesscontextmanagerV1ApiOperation struct { 1339 // MethodSelectors: API methods or permissions to allow. Method or 1340 // permission must belong to the service specified by `service_name` 1341 // field. A single MethodSelector entry with `*` specified for the 1342 // `method` field will allow all methods AND permissions for the service 1343 // specified in `service_name`. 1344 MethodSelectors []*GoogleIdentityAccesscontextmanagerV1MethodSelector `json:"methodSelectors,omitempty"` 1345 1346 // ServiceName: The name of the API whose methods or permissions the 1347 // IngressPolicy or EgressPolicy want to allow. A single ApiOperation 1348 // with `service_name` field set to `*` will allow all methods AND 1349 // permissions for all services. 1350 ServiceName string `json:"serviceName,omitempty"` 1351 1352 // ForceSendFields is a list of field names (e.g. "MethodSelectors") to 1353 // unconditionally include in API requests. By default, fields with 1354 // empty or default values are omitted from API requests. However, any 1355 // non-pointer, non-interface field appearing in ForceSendFields will be 1356 // sent to the server regardless of whether the field is empty or not. 1357 // This may be used to include empty fields in Patch requests. 1358 ForceSendFields []string `json:"-"` 1359 1360 // NullFields is a list of field names (e.g. "MethodSelectors") to 1361 // include in API requests with the JSON null value. By default, fields 1362 // with empty values are omitted from API requests. However, any field 1363 // with an empty value appearing in NullFields will be sent to the 1364 // server as null. It is an error if a field in this list has a 1365 // non-empty value. This may be used to include null fields in Patch 1366 // requests. 1367 NullFields []string `json:"-"` 1368} 1369 1370func (s *GoogleIdentityAccesscontextmanagerV1ApiOperation) MarshalJSON() ([]byte, error) { 1371 type NoMethod GoogleIdentityAccesscontextmanagerV1ApiOperation 1372 raw := NoMethod(*s) 1373 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1374} 1375 1376// GoogleIdentityAccesscontextmanagerV1BasicLevel: `BasicLevel` is an 1377// `AccessLevel` using a set of recommended features. 1378type GoogleIdentityAccesscontextmanagerV1BasicLevel struct { 1379 // CombiningFunction: How the `conditions` list should be combined to 1380 // determine if a request is granted this `AccessLevel`. If AND is used, 1381 // each `Condition` in `conditions` must be satisfied for the 1382 // `AccessLevel` to be applied. If OR is used, at least one `Condition` 1383 // in `conditions` must be satisfied for the `AccessLevel` to be 1384 // applied. Default behavior is AND. 1385 // 1386 // Possible values: 1387 // "AND" - All `Conditions` must be true for the `BasicLevel` to be 1388 // true. 1389 // "OR" - If at least one `Condition` is true, then the `BasicLevel` 1390 // is true. 1391 CombiningFunction string `json:"combiningFunction,omitempty"` 1392 1393 // Conditions: Required. A list of requirements for the `AccessLevel` to 1394 // be granted. 1395 Conditions []*GoogleIdentityAccesscontextmanagerV1Condition `json:"conditions,omitempty"` 1396 1397 // ForceSendFields is a list of field names (e.g. "CombiningFunction") 1398 // to unconditionally include in API requests. By default, fields with 1399 // empty or default values are omitted from API requests. However, any 1400 // non-pointer, non-interface field appearing in ForceSendFields will be 1401 // sent to the server regardless of whether the field is empty or not. 1402 // This may be used to include empty fields in Patch requests. 1403 ForceSendFields []string `json:"-"` 1404 1405 // NullFields is a list of field names (e.g. "CombiningFunction") to 1406 // include in API requests with the JSON null value. By default, fields 1407 // with empty values are omitted from API requests. However, any field 1408 // with an empty value appearing in NullFields will be sent to the 1409 // server as null. It is an error if a field in this list has a 1410 // non-empty value. This may be used to include null fields in Patch 1411 // requests. 1412 NullFields []string `json:"-"` 1413} 1414 1415func (s *GoogleIdentityAccesscontextmanagerV1BasicLevel) MarshalJSON() ([]byte, error) { 1416 type NoMethod GoogleIdentityAccesscontextmanagerV1BasicLevel 1417 raw := NoMethod(*s) 1418 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1419} 1420 1421// GoogleIdentityAccesscontextmanagerV1Condition: A condition necessary 1422// for an `AccessLevel` to be granted. The Condition is an AND over its 1423// fields. So a Condition is true if: 1) the request IP is from one of 1424// the listed subnetworks AND 2) the originating device complies with 1425// the listed device policy AND 3) all listed access levels are granted 1426// AND 4) the request was sent at a time allowed by the 1427// DateTimeRestriction. 1428type GoogleIdentityAccesscontextmanagerV1Condition struct { 1429 // DevicePolicy: Device specific restrictions, all restrictions must 1430 // hold for the Condition to be true. If not specified, all devices are 1431 // allowed. 1432 DevicePolicy *GoogleIdentityAccesscontextmanagerV1DevicePolicy `json:"devicePolicy,omitempty"` 1433 1434 // IpSubnetworks: CIDR block IP subnetwork specification. May be IPv4 or 1435 // IPv6. Note that for a CIDR IP address block, the specified IP address 1436 // portion must be properly truncated (i.e. all the host bits must be 1437 // zero) or the input is considered malformed. For example, 1438 // "192.0.2.0/24" is accepted but "192.0.2.1/24" is not. Similarly, for 1439 // IPv6, "2001:db8::/32" is accepted whereas "2001:db8::1/32" is not. 1440 // The originating IP of a request must be in one of the listed subnets 1441 // in order for this Condition to be true. If empty, all IP addresses 1442 // are allowed. 1443 IpSubnetworks []string `json:"ipSubnetworks,omitempty"` 1444 1445 // Members: The request must be made by one of the provided user or 1446 // service accounts. Groups are not supported. Syntax: `user:{emailid}` 1447 // `serviceAccount:{emailid}` If not specified, a request may come from 1448 // any user. 1449 Members []string `json:"members,omitempty"` 1450 1451 // Negate: Whether to negate the Condition. If true, the Condition 1452 // becomes a NAND over its non-empty fields, each field must be false 1453 // for the Condition overall to be satisfied. Defaults to false. 1454 Negate bool `json:"negate,omitempty"` 1455 1456 // Regions: The request must originate from one of the provided 1457 // countries/regions. Must be valid ISO 3166-1 alpha-2 codes. 1458 Regions []string `json:"regions,omitempty"` 1459 1460 // RequiredAccessLevels: A list of other access levels defined in the 1461 // same `Policy`, referenced by resource name. Referencing an 1462 // `AccessLevel` which does not exist is an error. All access levels 1463 // listed must be granted for the Condition to be true. Example: 1464 // "accessPolicies/MY_POLICY/accessLevels/LEVEL_NAME" 1465 RequiredAccessLevels []string `json:"requiredAccessLevels,omitempty"` 1466 1467 // ForceSendFields is a list of field names (e.g. "DevicePolicy") to 1468 // unconditionally include in API requests. By default, fields with 1469 // empty or default values are omitted from API requests. However, any 1470 // non-pointer, non-interface field appearing in ForceSendFields will be 1471 // sent to the server regardless of whether the field is empty or not. 1472 // This may be used to include empty fields in Patch requests. 1473 ForceSendFields []string `json:"-"` 1474 1475 // NullFields is a list of field names (e.g. "DevicePolicy") to include 1476 // in API requests with the JSON null value. By default, fields with 1477 // empty values are omitted from API requests. However, any field with 1478 // an empty value appearing in NullFields will be sent to the server as 1479 // null. It is an error if a field in this list has a non-empty value. 1480 // This may be used to include null fields in Patch requests. 1481 NullFields []string `json:"-"` 1482} 1483 1484func (s *GoogleIdentityAccesscontextmanagerV1Condition) MarshalJSON() ([]byte, error) { 1485 type NoMethod GoogleIdentityAccesscontextmanagerV1Condition 1486 raw := NoMethod(*s) 1487 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1488} 1489 1490// GoogleIdentityAccesscontextmanagerV1CustomLevel: `CustomLevel` is an 1491// `AccessLevel` using the Cloud Common Expression Language to represent 1492// the necessary conditions for the level to apply to a request. See CEL 1493// spec at: https://github.com/google/cel-spec 1494type GoogleIdentityAccesscontextmanagerV1CustomLevel struct { 1495 // Expr: Required. A Cloud CEL expression evaluating to a boolean. 1496 Expr *Expr `json:"expr,omitempty"` 1497 1498 // ForceSendFields is a list of field names (e.g. "Expr") to 1499 // unconditionally include in API requests. By default, fields with 1500 // empty or default values are omitted from API requests. However, any 1501 // non-pointer, non-interface field appearing in ForceSendFields will be 1502 // sent to the server regardless of whether the field is empty or not. 1503 // This may be used to include empty fields in Patch requests. 1504 ForceSendFields []string `json:"-"` 1505 1506 // NullFields is a list of field names (e.g. "Expr") to include in API 1507 // requests with the JSON null value. By default, fields with empty 1508 // values are omitted from API requests. However, any field with an 1509 // empty value appearing in NullFields will be sent to the server as 1510 // null. It is an error if a field in this list has a non-empty value. 1511 // This may be used to include null fields in Patch requests. 1512 NullFields []string `json:"-"` 1513} 1514 1515func (s *GoogleIdentityAccesscontextmanagerV1CustomLevel) MarshalJSON() ([]byte, error) { 1516 type NoMethod GoogleIdentityAccesscontextmanagerV1CustomLevel 1517 raw := NoMethod(*s) 1518 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1519} 1520 1521// GoogleIdentityAccesscontextmanagerV1DevicePolicy: `DevicePolicy` 1522// specifies device specific restrictions necessary to acquire a given 1523// access level. A `DevicePolicy` specifies requirements for requests 1524// from devices to be granted access levels, it does not do any 1525// enforcement on the device. `DevicePolicy` acts as an AND over all 1526// specified fields, and each repeated field is an OR over its elements. 1527// Any unset fields are ignored. For example, if the proto is { os_type 1528// : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status: 1529// ENCRYPTED}, then the DevicePolicy will be true for requests 1530// originating from encrypted Linux desktops and encrypted Windows 1531// desktops. 1532type GoogleIdentityAccesscontextmanagerV1DevicePolicy struct { 1533 // AllowedDeviceManagementLevels: Allowed device management levels, an 1534 // empty list allows all management levels. 1535 // 1536 // Possible values: 1537 // "MANAGEMENT_UNSPECIFIED" - The device's management level is not 1538 // specified or not known. 1539 // "NONE" - The device is not managed. 1540 // "BASIC" - Basic management is enabled, which is generally limited 1541 // to monitoring and wiping the corporate account. 1542 // "COMPLETE" - Complete device management. This includes more 1543 // thorough monitoring and the ability to directly manage the device 1544 // (such as remote wiping). This can be enabled through the Android 1545 // Enterprise Platform. 1546 AllowedDeviceManagementLevels []string `json:"allowedDeviceManagementLevels,omitempty"` 1547 1548 // AllowedEncryptionStatuses: Allowed encryptions statuses, an empty 1549 // list allows all statuses. 1550 // 1551 // Possible values: 1552 // "ENCRYPTION_UNSPECIFIED" - The encryption status of the device is 1553 // not specified or not known. 1554 // "ENCRYPTION_UNSUPPORTED" - The device does not support encryption. 1555 // "UNENCRYPTED" - The device supports encryption, but is currently 1556 // unencrypted. 1557 // "ENCRYPTED" - The device is encrypted. 1558 AllowedEncryptionStatuses []string `json:"allowedEncryptionStatuses,omitempty"` 1559 1560 // OsConstraints: Allowed OS versions, an empty list allows all types 1561 // and all versions. 1562 OsConstraints []*GoogleIdentityAccesscontextmanagerV1OsConstraint `json:"osConstraints,omitempty"` 1563 1564 // RequireAdminApproval: Whether the device needs to be approved by the 1565 // customer admin. 1566 RequireAdminApproval bool `json:"requireAdminApproval,omitempty"` 1567 1568 // RequireCorpOwned: Whether the device needs to be corp owned. 1569 RequireCorpOwned bool `json:"requireCorpOwned,omitempty"` 1570 1571 // RequireScreenlock: Whether or not screenlock is required for the 1572 // DevicePolicy to be true. Defaults to `false`. 1573 RequireScreenlock bool `json:"requireScreenlock,omitempty"` 1574 1575 // ForceSendFields is a list of field names (e.g. 1576 // "AllowedDeviceManagementLevels") to unconditionally include in API 1577 // requests. By default, fields with empty or default values are omitted 1578 // from API requests. However, any non-pointer, non-interface field 1579 // appearing in ForceSendFields will be sent to the server regardless of 1580 // whether the field is empty or not. This may be used to include empty 1581 // fields in Patch requests. 1582 ForceSendFields []string `json:"-"` 1583 1584 // NullFields is a list of field names (e.g. 1585 // "AllowedDeviceManagementLevels") to include in API requests with the 1586 // JSON null value. By default, fields with empty values are omitted 1587 // from API requests. However, any field with an empty value appearing 1588 // in NullFields will be sent to the server as null. It is an error if a 1589 // field in this list has a non-empty value. This may be used to include 1590 // null fields in Patch requests. 1591 NullFields []string `json:"-"` 1592} 1593 1594func (s *GoogleIdentityAccesscontextmanagerV1DevicePolicy) MarshalJSON() ([]byte, error) { 1595 type NoMethod GoogleIdentityAccesscontextmanagerV1DevicePolicy 1596 raw := NoMethod(*s) 1597 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1598} 1599 1600// GoogleIdentityAccesscontextmanagerV1EgressFrom: Defines the 1601// conditions under which an EgressPolicy matches a request. Conditions 1602// based on information about the source of the request. Note that if 1603// the destination of the request is also protected by a 1604// ServicePerimeter, then that ServicePerimeter must have an 1605// IngressPolicy which allows access in order for this request to 1606// succeed. 1607type GoogleIdentityAccesscontextmanagerV1EgressFrom struct { 1608 // Identities: A list of identities that are allowed access through this 1609 // [EgressPolicy]. Should be in the format of email address. The email 1610 // address should represent individual user or service account only. 1611 Identities []string `json:"identities,omitempty"` 1612 1613 // IdentityType: Specifies the type of identities that are allowed 1614 // access to outside the perimeter. If left unspecified, then members of 1615 // `identities` field will be allowed access. 1616 // 1617 // Possible values: 1618 // "IDENTITY_TYPE_UNSPECIFIED" - No blanket identity group specified. 1619 // "ANY_IDENTITY" - Authorize access from all identities outside the 1620 // perimeter. 1621 // "ANY_USER_ACCOUNT" - Authorize access from all human users outside 1622 // the perimeter. 1623 // "ANY_SERVICE_ACCOUNT" - Authorize access from all service accounts 1624 // outside the perimeter. 1625 IdentityType string `json:"identityType,omitempty"` 1626 1627 // ForceSendFields is a list of field names (e.g. "Identities") to 1628 // unconditionally include in API requests. By default, fields with 1629 // empty or default values are omitted from API requests. However, any 1630 // non-pointer, non-interface field appearing in ForceSendFields will be 1631 // sent to the server regardless of whether the field is empty or not. 1632 // This may be used to include empty fields in Patch requests. 1633 ForceSendFields []string `json:"-"` 1634 1635 // NullFields is a list of field names (e.g. "Identities") to include in 1636 // API requests with the JSON null value. By default, fields with empty 1637 // values are omitted from API requests. However, any field with an 1638 // empty value appearing in NullFields will be sent to the server as 1639 // null. It is an error if a field in this list has a non-empty value. 1640 // This may be used to include null fields in Patch requests. 1641 NullFields []string `json:"-"` 1642} 1643 1644func (s *GoogleIdentityAccesscontextmanagerV1EgressFrom) MarshalJSON() ([]byte, error) { 1645 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressFrom 1646 raw := NoMethod(*s) 1647 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1648} 1649 1650// GoogleIdentityAccesscontextmanagerV1EgressPolicy: Policy for egress 1651// from perimeter. EgressPolicies match requests based on `egress_from` 1652// and `egress_to` stanzas. For an EgressPolicy to match, both 1653// `egress_from` and `egress_to` stanzas must be matched. If an 1654// EgressPolicy matches a request, the request is allowed to span the 1655// ServicePerimeter boundary. For example, an EgressPolicy can be used 1656// to allow VMs on networks within the ServicePerimeter to access a 1657// defined set of projects outside the perimeter in certain contexts 1658// (e.g. to read data from a Cloud Storage bucket or query against a 1659// BigQuery dataset). EgressPolicies are concerned with the *resources* 1660// that a request relates as well as the API services and API actions 1661// being used. They do not related to the direction of data movement. 1662// More detailed documentation for this concept can be found in the 1663// descriptions of EgressFrom and EgressTo. 1664type GoogleIdentityAccesscontextmanagerV1EgressPolicy struct { 1665 // EgressFrom: Defines conditions on the source of a request causing 1666 // this EgressPolicy to apply. 1667 EgressFrom *GoogleIdentityAccesscontextmanagerV1EgressFrom `json:"egressFrom,omitempty"` 1668 1669 // EgressTo: Defines the conditions on the ApiOperation and destination 1670 // resources that cause this EgressPolicy to apply. 1671 EgressTo *GoogleIdentityAccesscontextmanagerV1EgressTo `json:"egressTo,omitempty"` 1672 1673 // ForceSendFields is a list of field names (e.g. "EgressFrom") to 1674 // unconditionally include in API requests. By default, fields with 1675 // empty or default values are omitted from API requests. However, any 1676 // non-pointer, non-interface field appearing in ForceSendFields will be 1677 // sent to the server regardless of whether the field is empty or not. 1678 // This may be used to include empty fields in Patch requests. 1679 ForceSendFields []string `json:"-"` 1680 1681 // NullFields is a list of field names (e.g. "EgressFrom") to include in 1682 // API requests with the JSON null value. By default, fields with empty 1683 // values are omitted from API requests. However, any field with an 1684 // empty value appearing in NullFields will be sent to the server as 1685 // null. It is an error if a field in this list has a non-empty value. 1686 // This may be used to include null fields in Patch requests. 1687 NullFields []string `json:"-"` 1688} 1689 1690func (s *GoogleIdentityAccesscontextmanagerV1EgressPolicy) MarshalJSON() ([]byte, error) { 1691 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressPolicy 1692 raw := NoMethod(*s) 1693 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1694} 1695 1696// GoogleIdentityAccesscontextmanagerV1EgressTo: Defines the conditions 1697// under which an EgressPolicy matches a request. Conditions are based 1698// on information about the ApiOperation intended to be performed on the 1699// `resources` specified. Note that if the destination of the request is 1700// also protected by a ServicePerimeter, then that ServicePerimeter must 1701// have an IngressPolicy which allows access in order for this request 1702// to succeed. The request must match `operations` AND `resources` 1703// fields in order to be allowed egress out of the perimeter. 1704type GoogleIdentityAccesscontextmanagerV1EgressTo struct { 1705 // Operations: A list of ApiOperations allowed to be performed by the 1706 // sources specified in the corresponding EgressFrom. A request matches 1707 // if it uses an operation/service in this list. 1708 Operations []*GoogleIdentityAccesscontextmanagerV1ApiOperation `json:"operations,omitempty"` 1709 1710 // Resources: A list of resources, currently only projects in the form 1711 // `projects/`, that are allowed to be accessed by sources defined in 1712 // the corresponding EgressFrom. A request matches if it contains a 1713 // resource in this list. If `*` is specified for `resources`, then this 1714 // EgressTo rule will authorize access to all resources outside the 1715 // perimeter. 1716 Resources []string `json:"resources,omitempty"` 1717 1718 // ForceSendFields is a list of field names (e.g. "Operations") to 1719 // unconditionally include in API requests. By default, fields with 1720 // empty or default values are omitted from API requests. However, any 1721 // non-pointer, non-interface field appearing in ForceSendFields will be 1722 // sent to the server regardless of whether the field is empty or not. 1723 // This may be used to include empty fields in Patch requests. 1724 ForceSendFields []string `json:"-"` 1725 1726 // NullFields is a list of field names (e.g. "Operations") to include in 1727 // API requests with the JSON null value. By default, fields with empty 1728 // values are omitted from API requests. However, any field with an 1729 // empty value appearing in NullFields will be sent to the server as 1730 // null. It is an error if a field in this list has a non-empty value. 1731 // This may be used to include null fields in Patch requests. 1732 NullFields []string `json:"-"` 1733} 1734 1735func (s *GoogleIdentityAccesscontextmanagerV1EgressTo) MarshalJSON() ([]byte, error) { 1736 type NoMethod GoogleIdentityAccesscontextmanagerV1EgressTo 1737 raw := NoMethod(*s) 1738 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1739} 1740 1741// GoogleIdentityAccesscontextmanagerV1IngressFrom: Defines the 1742// conditions under which an IngressPolicy matches a request. Conditions 1743// are based on information about the source of the request. The request 1744// must satisfy what is defined in `sources` AND identity related fields 1745// in order to match. 1746type GoogleIdentityAccesscontextmanagerV1IngressFrom struct { 1747 // Identities: A list of identities that are allowed access through this 1748 // ingress policy. Should be in the format of email address. The email 1749 // address should represent individual user or service account only. 1750 Identities []string `json:"identities,omitempty"` 1751 1752 // IdentityType: Specifies the type of identities that are allowed 1753 // access from outside the perimeter. If left unspecified, then members 1754 // of `identities` field will be allowed access. 1755 // 1756 // Possible values: 1757 // "IDENTITY_TYPE_UNSPECIFIED" - No blanket identity group specified. 1758 // "ANY_IDENTITY" - Authorize access from all identities outside the 1759 // perimeter. 1760 // "ANY_USER_ACCOUNT" - Authorize access from all human users outside 1761 // the perimeter. 1762 // "ANY_SERVICE_ACCOUNT" - Authorize access from all service accounts 1763 // outside the perimeter. 1764 IdentityType string `json:"identityType,omitempty"` 1765 1766 // Sources: Sources that this IngressPolicy authorizes access from. 1767 Sources []*GoogleIdentityAccesscontextmanagerV1IngressSource `json:"sources,omitempty"` 1768 1769 // ForceSendFields is a list of field names (e.g. "Identities") to 1770 // unconditionally include in API requests. By default, fields with 1771 // empty or default values are omitted from API requests. However, any 1772 // non-pointer, non-interface field appearing in ForceSendFields will be 1773 // sent to the server regardless of whether the field is empty or not. 1774 // This may be used to include empty fields in Patch requests. 1775 ForceSendFields []string `json:"-"` 1776 1777 // NullFields is a list of field names (e.g. "Identities") to include in 1778 // API requests with the JSON null value. By default, fields with empty 1779 // values are omitted from API requests. However, any field with an 1780 // empty value appearing in NullFields will be sent to the server as 1781 // null. It is an error if a field in this list has a non-empty value. 1782 // This may be used to include null fields in Patch requests. 1783 NullFields []string `json:"-"` 1784} 1785 1786func (s *GoogleIdentityAccesscontextmanagerV1IngressFrom) MarshalJSON() ([]byte, error) { 1787 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressFrom 1788 raw := NoMethod(*s) 1789 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1790} 1791 1792// GoogleIdentityAccesscontextmanagerV1IngressPolicy: Policy for ingress 1793// into ServicePerimeter. IngressPolicies match requests based on 1794// `ingress_from` and `ingress_to` stanzas. For an ingress policy to 1795// match, both the `ingress_from` and `ingress_to` stanzas must be 1796// matched. If an IngressPolicy matches a request, the request is 1797// allowed through the perimeter boundary from outside the perimeter. 1798// For example, access from the internet can be allowed either based on 1799// an AccessLevel or, for traffic hosted on Google Cloud, the project of 1800// the source network. For access from private networks, using the 1801// project of the hosting network is required. Individual ingress 1802// policies can be limited by restricting which services and/or actions 1803// they match using the `ingress_to` field. 1804type GoogleIdentityAccesscontextmanagerV1IngressPolicy struct { 1805 // IngressFrom: Defines the conditions on the source of a request 1806 // causing this IngressPolicy to apply. 1807 IngressFrom *GoogleIdentityAccesscontextmanagerV1IngressFrom `json:"ingressFrom,omitempty"` 1808 1809 // IngressTo: Defines the conditions on the ApiOperation and request 1810 // destination that cause this IngressPolicy to apply. 1811 IngressTo *GoogleIdentityAccesscontextmanagerV1IngressTo `json:"ingressTo,omitempty"` 1812 1813 // ForceSendFields is a list of field names (e.g. "IngressFrom") to 1814 // unconditionally include in API requests. By default, fields with 1815 // empty or default values are omitted from API requests. However, any 1816 // non-pointer, non-interface field appearing in ForceSendFields will be 1817 // sent to the server regardless of whether the field is empty or not. 1818 // This may be used to include empty fields in Patch requests. 1819 ForceSendFields []string `json:"-"` 1820 1821 // NullFields is a list of field names (e.g. "IngressFrom") to include 1822 // in API requests with the JSON null value. By default, fields with 1823 // empty values are omitted from API requests. However, any field with 1824 // an empty value appearing in NullFields will be sent to the server as 1825 // null. It is an error if a field in this list has a non-empty value. 1826 // This may be used to include null fields in Patch requests. 1827 NullFields []string `json:"-"` 1828} 1829 1830func (s *GoogleIdentityAccesscontextmanagerV1IngressPolicy) MarshalJSON() ([]byte, error) { 1831 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressPolicy 1832 raw := NoMethod(*s) 1833 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1834} 1835 1836// GoogleIdentityAccesscontextmanagerV1IngressSource: The source that 1837// IngressPolicy authorizes access from. 1838type GoogleIdentityAccesscontextmanagerV1IngressSource struct { 1839 // AccessLevel: An AccessLevel resource name that allow resources within 1840 // the ServicePerimeters to be accessed from the internet. AccessLevels 1841 // listed must be in the same policy as this ServicePerimeter. 1842 // Referencing a nonexistent AccessLevel will cause an error. If no 1843 // AccessLevel names are listed, resources within the perimeter can only 1844 // be accessed via Google Cloud calls with request origins within the 1845 // perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. 1846 // If a single `*` is specified for `access_level`, then all 1847 // IngressSources will be allowed. 1848 AccessLevel string `json:"accessLevel,omitempty"` 1849 1850 // Resource: A Google Cloud resource that is allowed to ingress the 1851 // perimeter. Requests from these resources will be allowed to access 1852 // perimeter data. Currently only projects are allowed. Format: 1853 // `projects/{project_number}` The project may be in any Google Cloud 1854 // organization, not just the organization that the perimeter is defined 1855 // in. `*` is not allowed, the case of allowing all Google Cloud 1856 // resources only is not supported. 1857 Resource string `json:"resource,omitempty"` 1858 1859 // ForceSendFields is a list of field names (e.g. "AccessLevel") to 1860 // unconditionally include in API requests. By default, fields with 1861 // empty or default values are omitted from API requests. However, any 1862 // non-pointer, non-interface field appearing in ForceSendFields will be 1863 // sent to the server regardless of whether the field is empty or not. 1864 // This may be used to include empty fields in Patch requests. 1865 ForceSendFields []string `json:"-"` 1866 1867 // NullFields is a list of field names (e.g. "AccessLevel") to include 1868 // in API requests with the JSON null value. By default, fields with 1869 // empty values are omitted from API requests. However, any field with 1870 // an empty value appearing in NullFields will be sent to the server as 1871 // null. It is an error if a field in this list has a non-empty value. 1872 // This may be used to include null fields in Patch requests. 1873 NullFields []string `json:"-"` 1874} 1875 1876func (s *GoogleIdentityAccesscontextmanagerV1IngressSource) MarshalJSON() ([]byte, error) { 1877 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressSource 1878 raw := NoMethod(*s) 1879 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1880} 1881 1882// GoogleIdentityAccesscontextmanagerV1IngressTo: Defines the conditions 1883// under which an IngressPolicy matches a request. Conditions are based 1884// on information about the ApiOperation intended to be performed on the 1885// target resource of the request. The request must satisfy what is 1886// defined in `operations` AND `resources` in order to match. 1887type GoogleIdentityAccesscontextmanagerV1IngressTo struct { 1888 // Operations: A list of ApiOperations allowed to be performed by the 1889 // sources specified in corresponding IngressFrom in this 1890 // ServicePerimeter. 1891 Operations []*GoogleIdentityAccesscontextmanagerV1ApiOperation `json:"operations,omitempty"` 1892 1893 // Resources: A list of resources, currently only projects in the form 1894 // `projects/`, protected by this ServicePerimeter that are allowed to 1895 // be accessed by sources defined in the corresponding IngressFrom. If a 1896 // single `*` is specified, then access to all resources inside the 1897 // perimeter are allowed. 1898 Resources []string `json:"resources,omitempty"` 1899 1900 // ForceSendFields is a list of field names (e.g. "Operations") to 1901 // unconditionally include in API requests. By default, fields with 1902 // empty or default values are omitted from API requests. However, any 1903 // non-pointer, non-interface field appearing in ForceSendFields will be 1904 // sent to the server regardless of whether the field is empty or not. 1905 // This may be used to include empty fields in Patch requests. 1906 ForceSendFields []string `json:"-"` 1907 1908 // NullFields is a list of field names (e.g. "Operations") to include in 1909 // API requests with the JSON null value. By default, fields with empty 1910 // values are omitted from API requests. However, any field with an 1911 // empty value appearing in NullFields will be sent to the server as 1912 // null. It is an error if a field in this list has a non-empty value. 1913 // This may be used to include null fields in Patch requests. 1914 NullFields []string `json:"-"` 1915} 1916 1917func (s *GoogleIdentityAccesscontextmanagerV1IngressTo) MarshalJSON() ([]byte, error) { 1918 type NoMethod GoogleIdentityAccesscontextmanagerV1IngressTo 1919 raw := NoMethod(*s) 1920 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1921} 1922 1923// GoogleIdentityAccesscontextmanagerV1MethodSelector: An allowed method 1924// or permission of a service specified in ApiOperation. 1925type GoogleIdentityAccesscontextmanagerV1MethodSelector struct { 1926 // Method: Value for `method` should be a valid method name for the 1927 // corresponding `service_name` in ApiOperation. If `*` used as value 1928 // for `method`, then ALL methods and permissions are allowed. 1929 Method string `json:"method,omitempty"` 1930 1931 // Permission: Value for `permission` should be a valid Cloud IAM 1932 // permission for the corresponding `service_name` in ApiOperation. 1933 Permission string `json:"permission,omitempty"` 1934 1935 // ForceSendFields is a list of field names (e.g. "Method") to 1936 // unconditionally include in API requests. By default, fields with 1937 // empty or default values are omitted from API requests. However, any 1938 // non-pointer, non-interface field appearing in ForceSendFields will be 1939 // sent to the server regardless of whether the field is empty or not. 1940 // This may be used to include empty fields in Patch requests. 1941 ForceSendFields []string `json:"-"` 1942 1943 // NullFields is a list of field names (e.g. "Method") to include in API 1944 // requests with the JSON null value. By default, fields with empty 1945 // values are omitted from API requests. However, any field with an 1946 // empty value appearing in NullFields will be sent to the server as 1947 // null. It is an error if a field in this list has a non-empty value. 1948 // This may be used to include null fields in Patch requests. 1949 NullFields []string `json:"-"` 1950} 1951 1952func (s *GoogleIdentityAccesscontextmanagerV1MethodSelector) MarshalJSON() ([]byte, error) { 1953 type NoMethod GoogleIdentityAccesscontextmanagerV1MethodSelector 1954 raw := NoMethod(*s) 1955 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1956} 1957 1958// GoogleIdentityAccesscontextmanagerV1OsConstraint: A restriction on 1959// the OS type and version of devices making requests. 1960type GoogleIdentityAccesscontextmanagerV1OsConstraint struct { 1961 // MinimumVersion: The minimum allowed OS version. If not set, any 1962 // version of this OS satisfies the constraint. Format: 1963 // "major.minor.patch". Examples: "10.5.301", "9.2.1". 1964 MinimumVersion string `json:"minimumVersion,omitempty"` 1965 1966 // OsType: Required. The allowed OS type. 1967 // 1968 // Possible values: 1969 // "OS_UNSPECIFIED" - The operating system of the device is not 1970 // specified or not known. 1971 // "DESKTOP_MAC" - A desktop Mac operating system. 1972 // "DESKTOP_WINDOWS" - A desktop Windows operating system. 1973 // "DESKTOP_LINUX" - A desktop Linux operating system. 1974 // "DESKTOP_CHROME_OS" - A desktop ChromeOS operating system. 1975 // "ANDROID" - An Android operating system. 1976 // "IOS" - An iOS operating system. 1977 OsType string `json:"osType,omitempty"` 1978 1979 // RequireVerifiedChromeOs: Only allows requests from devices with a 1980 // verified Chrome OS. Verifications includes requirements that the 1981 // device is enterprise-managed, conformant to domain policies, and the 1982 // caller has permission to call the API targeted by the request. 1983 RequireVerifiedChromeOs bool `json:"requireVerifiedChromeOs,omitempty"` 1984 1985 // ForceSendFields is a list of field names (e.g. "MinimumVersion") to 1986 // unconditionally include in API requests. By default, fields with 1987 // empty or default values are omitted from API requests. However, any 1988 // non-pointer, non-interface field appearing in ForceSendFields will be 1989 // sent to the server regardless of whether the field is empty or not. 1990 // This may be used to include empty fields in Patch requests. 1991 ForceSendFields []string `json:"-"` 1992 1993 // NullFields is a list of field names (e.g. "MinimumVersion") to 1994 // include in API requests with the JSON null value. By default, fields 1995 // with empty values are omitted from API requests. However, any field 1996 // with an empty value appearing in NullFields will be sent to the 1997 // server as null. It is an error if a field in this list has a 1998 // non-empty value. This may be used to include null fields in Patch 1999 // requests. 2000 NullFields []string `json:"-"` 2001} 2002 2003func (s *GoogleIdentityAccesscontextmanagerV1OsConstraint) MarshalJSON() ([]byte, error) { 2004 type NoMethod GoogleIdentityAccesscontextmanagerV1OsConstraint 2005 raw := NoMethod(*s) 2006 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2007} 2008 2009// GoogleIdentityAccesscontextmanagerV1ServicePerimeter: 2010// `ServicePerimeter` describes a set of Google Cloud resources which 2011// can freely import and export data amongst themselves, but not export 2012// outside of the `ServicePerimeter`. If a request with a source within 2013// this `ServicePerimeter` has a target outside of the 2014// `ServicePerimeter`, the request will be blocked. Otherwise the 2015// request is allowed. There are two types of Service Perimeter - 2016// Regular and Bridge. Regular Service Perimeters cannot overlap, a 2017// single Google Cloud project can only belong to a single regular 2018// Service Perimeter. Service Perimeter Bridges can contain only Google 2019// Cloud projects as members, a single Google Cloud project may belong 2020// to multiple Service Perimeter Bridges. 2021type GoogleIdentityAccesscontextmanagerV1ServicePerimeter struct { 2022 // Description: Description of the `ServicePerimeter` and its use. Does 2023 // not affect behavior. 2024 Description string `json:"description,omitempty"` 2025 2026 // Name: Required. Resource name for the ServicePerimeter. The 2027 // `short_name` component must begin with a letter and only include 2028 // alphanumeric and '_'. Format: 2029 // `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}` 2030 Name string `json:"name,omitempty"` 2031 2032 // PerimeterType: Perimeter type indicator. A single project is allowed 2033 // to be a member of single regular perimeter, but multiple service 2034 // perimeter bridges. A project cannot be a included in a perimeter 2035 // bridge without being included in regular perimeter. For perimeter 2036 // bridges, the restricted service list as well as access level lists 2037 // must be empty. 2038 // 2039 // Possible values: 2040 // "PERIMETER_TYPE_REGULAR" - Regular Perimeter. 2041 // "PERIMETER_TYPE_BRIDGE" - Perimeter Bridge. 2042 PerimeterType string `json:"perimeterType,omitempty"` 2043 2044 // Spec: Proposed (or dry run) ServicePerimeter configuration. This 2045 // configuration allows to specify and test ServicePerimeter 2046 // configuration without enforcing actual access restrictions. Only 2047 // allowed to be set when the "use_explicit_dry_run_spec" flag is set. 2048 Spec *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig `json:"spec,omitempty"` 2049 2050 // Status: Current ServicePerimeter configuration. Specifies sets of 2051 // resources, restricted services and access levels that determine 2052 // perimeter content and boundaries. 2053 Status *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig `json:"status,omitempty"` 2054 2055 // Title: Human readable title. Must be unique within the Policy. 2056 Title string `json:"title,omitempty"` 2057 2058 // UseExplicitDryRunSpec: Use explicit dry run spec flag. Ordinarily, a 2059 // dry-run spec implicitly exists for all Service Perimeters, and that 2060 // spec is identical to the status for those Service Perimeters. When 2061 // this flag is set, it inhibits the generation of the implicit spec, 2062 // thereby allowing the user to explicitly provide a configuration 2063 // ("spec") to use in a dry-run version of the Service Perimeter. This 2064 // allows the user to test changes to the enforced config ("status") 2065 // without actually enforcing them. This testing is done through 2066 // analyzing the differences between currently enforced and suggested 2067 // restrictions. use_explicit_dry_run_spec must bet set to True if any 2068 // of the fields in the spec are set to non-default values. 2069 UseExplicitDryRunSpec bool `json:"useExplicitDryRunSpec,omitempty"` 2070 2071 // ForceSendFields is a list of field names (e.g. "Description") to 2072 // unconditionally include in API requests. By default, fields with 2073 // empty or default values are omitted from API requests. However, any 2074 // non-pointer, non-interface field appearing in ForceSendFields will be 2075 // sent to the server regardless of whether the field is empty or not. 2076 // This may be used to include empty fields in Patch requests. 2077 ForceSendFields []string `json:"-"` 2078 2079 // NullFields is a list of field names (e.g. "Description") to include 2080 // in API requests with the JSON null value. By default, fields with 2081 // empty values are omitted from API requests. However, any field with 2082 // an empty value appearing in NullFields will be sent to the server as 2083 // null. It is an error if a field in this list has a non-empty value. 2084 // This may be used to include null fields in Patch requests. 2085 NullFields []string `json:"-"` 2086} 2087 2088func (s *GoogleIdentityAccesscontextmanagerV1ServicePerimeter) MarshalJSON() ([]byte, error) { 2089 type NoMethod GoogleIdentityAccesscontextmanagerV1ServicePerimeter 2090 raw := NoMethod(*s) 2091 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2092} 2093 2094// GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig: 2095// `ServicePerimeterConfig` specifies a set of Google Cloud resources 2096// that describe specific Service Perimeter configuration. 2097type GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig struct { 2098 // AccessLevels: A list of `AccessLevel` resource names that allow 2099 // resources within the `ServicePerimeter` to be accessed from the 2100 // internet. `AccessLevels` listed must be in the same policy as this 2101 // `ServicePerimeter`. Referencing a nonexistent `AccessLevel` is a 2102 // syntax error. If no `AccessLevel` names are listed, resources within 2103 // the perimeter can only be accessed via Google Cloud calls with 2104 // request origins within the perimeter. Example: 2105 // "accessPolicies/MY_POLICY/accessLevels/MY_LEVEL". For Service 2106 // Perimeter Bridge, must be empty. 2107 AccessLevels []string `json:"accessLevels,omitempty"` 2108 2109 // EgressPolicies: List of EgressPolicies to apply to the perimeter. A 2110 // perimeter may have multiple EgressPolicies, each of which is 2111 // evaluated separately. Access is granted if any EgressPolicy grants 2112 // it. Must be empty for a perimeter bridge. 2113 EgressPolicies []*GoogleIdentityAccesscontextmanagerV1EgressPolicy `json:"egressPolicies,omitempty"` 2114 2115 // IngressPolicies: List of IngressPolicies to apply to the perimeter. A 2116 // perimeter may have multiple IngressPolicies, each of which is 2117 // evaluated separately. Access is granted if any Ingress Policy grants 2118 // it. Must be empty for a perimeter bridge. 2119 IngressPolicies []*GoogleIdentityAccesscontextmanagerV1IngressPolicy `json:"ingressPolicies,omitempty"` 2120 2121 // Resources: A list of Google Cloud resources that are inside of the 2122 // service perimeter. Currently only projects are allowed. Format: 2123 // `projects/{project_number}` 2124 Resources []string `json:"resources,omitempty"` 2125 2126 // RestrictedServices: Google Cloud services that are subject to the 2127 // Service Perimeter restrictions. For example, if 2128 // `storage.googleapis.com` is specified, access to the storage buckets 2129 // inside the perimeter must meet the perimeter's access restrictions. 2130 RestrictedServices []string `json:"restrictedServices,omitempty"` 2131 2132 // VpcAccessibleServices: Configuration for APIs allowed within 2133 // Perimeter. 2134 VpcAccessibleServices *GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices `json:"vpcAccessibleServices,omitempty"` 2135 2136 // ForceSendFields is a list of field names (e.g. "AccessLevels") to 2137 // unconditionally include in API requests. By default, fields with 2138 // empty or default values are omitted from API requests. However, any 2139 // non-pointer, non-interface field appearing in ForceSendFields will be 2140 // sent to the server regardless of whether the field is empty or not. 2141 // This may be used to include empty fields in Patch requests. 2142 ForceSendFields []string `json:"-"` 2143 2144 // NullFields is a list of field names (e.g. "AccessLevels") to include 2145 // in API requests with the JSON null value. By default, fields with 2146 // empty values are omitted from API requests. However, any field with 2147 // an empty value appearing in NullFields will be sent to the server as 2148 // null. It is an error if a field in this list has a non-empty value. 2149 // This may be used to include null fields in Patch requests. 2150 NullFields []string `json:"-"` 2151} 2152 2153func (s *GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig) MarshalJSON() ([]byte, error) { 2154 type NoMethod GoogleIdentityAccesscontextmanagerV1ServicePerimeterConfig 2155 raw := NoMethod(*s) 2156 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2157} 2158 2159// GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices: Specifies 2160// how APIs are allowed to communicate within the Service Perimeter. 2161type GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices struct { 2162 // AllowedServices: The list of APIs usable within the Service 2163 // Perimeter. Must be empty unless 'enable_restriction' is True. You can 2164 // specify a list of individual services, as well as include the 2165 // 'RESTRICTED-SERVICES' value, which automatically includes all of the 2166 // services protected by the perimeter. 2167 AllowedServices []string `json:"allowedServices,omitempty"` 2168 2169 // EnableRestriction: Whether to restrict API calls within the Service 2170 // Perimeter to the list of APIs specified in 'allowed_services'. 2171 EnableRestriction bool `json:"enableRestriction,omitempty"` 2172 2173 // ForceSendFields is a list of field names (e.g. "AllowedServices") to 2174 // unconditionally include in API requests. By default, fields with 2175 // empty or default values are omitted from API requests. However, any 2176 // non-pointer, non-interface field appearing in ForceSendFields will be 2177 // sent to the server regardless of whether the field is empty or not. 2178 // This may be used to include empty fields in Patch requests. 2179 ForceSendFields []string `json:"-"` 2180 2181 // NullFields is a list of field names (e.g. "AllowedServices") to 2182 // include in API requests with the JSON null value. By default, fields 2183 // with empty values are omitted from API requests. However, any field 2184 // with an empty value appearing in NullFields will be sent to the 2185 // server as null. It is an error if a field in this list has a 2186 // non-empty value. This may be used to include null fields in Patch 2187 // requests. 2188 NullFields []string `json:"-"` 2189} 2190 2191func (s *GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices) MarshalJSON() ([]byte, error) { 2192 type NoMethod GoogleIdentityAccesscontextmanagerV1VpcAccessibleServices 2193 raw := NoMethod(*s) 2194 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2195} 2196 2197// Operation: This resource represents a long-running operation that is 2198// the result of a network API call. 2199type Operation struct { 2200 // Done: If the value is `false`, it means the operation is still in 2201 // progress. If `true`, the operation is completed, and either `error` 2202 // or `response` is available. 2203 Done bool `json:"done,omitempty"` 2204 2205 // Error: The error result of the operation in case of failure or 2206 // cancellation. 2207 Error *Status `json:"error,omitempty"` 2208 2209 // Metadata: Service-specific metadata associated with the operation. It 2210 // typically contains progress information and common metadata such as 2211 // create time. Some services might not provide such metadata. Any 2212 // method that returns a long-running operation should document the 2213 // metadata type, if any. 2214 Metadata googleapi.RawMessage `json:"metadata,omitempty"` 2215 2216 // Name: The server-assigned name, which is only unique within the same 2217 // service that originally returns it. If you use the default HTTP 2218 // mapping, the `name` should be a resource name ending with 2219 // `operations/{unique_id}`. 2220 Name string `json:"name,omitempty"` 2221 2222 // Response: The normal response of the operation in case of success. If 2223 // the original method returns no data on success, such as `Delete`, the 2224 // response is `google.protobuf.Empty`. If the original method is 2225 // standard `Get`/`Create`/`Update`, the response should be the 2226 // resource. For other methods, the response should have the type 2227 // `XxxResponse`, where `Xxx` is the original method name. For example, 2228 // if the original method name is `TakeSnapshot()`, the inferred 2229 // response type is `TakeSnapshotResponse`. 2230 Response googleapi.RawMessage `json:"response,omitempty"` 2231 2232 // ServerResponse contains the HTTP response code and headers from the 2233 // server. 2234 googleapi.ServerResponse `json:"-"` 2235 2236 // ForceSendFields is a list of field names (e.g. "Done") to 2237 // unconditionally include in API requests. By default, fields with 2238 // empty or default values are omitted from API requests. However, any 2239 // non-pointer, non-interface field appearing in ForceSendFields will be 2240 // sent to the server regardless of whether the field is empty or not. 2241 // This may be used to include empty fields in Patch requests. 2242 ForceSendFields []string `json:"-"` 2243 2244 // NullFields is a list of field names (e.g. "Done") to include in API 2245 // requests with the JSON null value. By default, fields with empty 2246 // values are omitted from API requests. However, any field with an 2247 // empty value appearing in NullFields will be sent to the server as 2248 // null. It is an error if a field in this list has a non-empty value. 2249 // This may be used to include null fields in Patch requests. 2250 NullFields []string `json:"-"` 2251} 2252 2253func (s *Operation) MarshalJSON() ([]byte, error) { 2254 type NoMethod Operation 2255 raw := NoMethod(*s) 2256 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2257} 2258 2259// OutputConfig: Output configuration for export assets destination. 2260type OutputConfig struct { 2261 // GcsDestination: Destination on Cloud Storage. 2262 GcsDestination *GcsDestination `json:"gcsDestination,omitempty"` 2263 2264 // ForceSendFields is a list of field names (e.g. "GcsDestination") to 2265 // unconditionally include in API requests. By default, fields with 2266 // empty or default values are omitted from API requests. However, any 2267 // non-pointer, non-interface field appearing in ForceSendFields will be 2268 // sent to the server regardless of whether the field is empty or not. 2269 // This may be used to include empty fields in Patch requests. 2270 ForceSendFields []string `json:"-"` 2271 2272 // NullFields is a list of field names (e.g. "GcsDestination") to 2273 // include in API requests with the JSON null value. By default, fields 2274 // with empty values are omitted from API requests. However, any field 2275 // with an empty value appearing in NullFields will be sent to the 2276 // server as null. It is an error if a field in this list has a 2277 // non-empty value. This may be used to include null fields in Patch 2278 // requests. 2279 NullFields []string `json:"-"` 2280} 2281 2282func (s *OutputConfig) MarshalJSON() ([]byte, error) { 2283 type NoMethod OutputConfig 2284 raw := NoMethod(*s) 2285 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2286} 2287 2288// Policy: An Identity and Access Management (IAM) policy, which 2289// specifies access controls for Google Cloud resources. A `Policy` is a 2290// collection of `bindings`. A `binding` binds one or more `members`, or 2291// principals, to a single `role`. Principals can be user accounts, 2292// service accounts, Google groups, and domains (such as G Suite). A 2293// `role` is a named list of permissions; each `role` can be an IAM 2294// predefined role or a user-created custom role. For some types of 2295// Google Cloud resources, a `binding` can also specify a `condition`, 2296// which is a logical expression that allows access to a resource only 2297// if the expression evaluates to `true`. A condition can add 2298// constraints based on attributes of the request, the resource, or 2299// both. To learn which resources support conditions in their IAM 2300// policies, see the IAM documentation 2301// (https://cloud.google.com/iam/help/conditions/resource-policies). 2302// **JSON example:** { "bindings": [ { "role": 2303// "roles/resourcemanager.organizationAdmin", "members": [ 2304// "user:mike@example.com", "group:admins@example.com", 2305// "domain:google.com", 2306// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { 2307// "role": "roles/resourcemanager.organizationViewer", "members": [ 2308// "user:eve@example.com" ], "condition": { "title": "expirable access", 2309// "description": "Does not grant access after Sep 2020", "expression": 2310// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], 2311// "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - 2312// members: - user:mike@example.com - group:admins@example.com - 2313// domain:google.com - 2314// serviceAccount:my-project-id@appspot.gserviceaccount.com role: 2315// roles/resourcemanager.organizationAdmin - members: - 2316// user:eve@example.com role: roles/resourcemanager.organizationViewer 2317// condition: title: expirable access description: Does not grant access 2318// after Sep 2020 expression: request.time < 2319// timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 2320// For a description of IAM and its features, see the IAM documentation 2321// (https://cloud.google.com/iam/docs/). 2322type Policy struct { 2323 // AuditConfigs: Specifies cloud audit logging configuration for this 2324 // policy. 2325 AuditConfigs []*AuditConfig `json:"auditConfigs,omitempty"` 2326 2327 // Bindings: Associates a list of `members`, or principals, with a 2328 // `role`. Optionally, may specify a `condition` that determines how and 2329 // when the `bindings` are applied. Each of the `bindings` must contain 2330 // at least one principal. The `bindings` in a `Policy` can refer to up 2331 // to 1,500 principals; up to 250 of these principals can be Google 2332 // groups. Each occurrence of a principal counts towards these limits. 2333 // For example, if the `bindings` grant 50 different roles to 2334 // `user:alice@example.com`, and not to any other principal, then you 2335 // can add another 1,450 principals to the `bindings` in the `Policy`. 2336 Bindings []*Binding `json:"bindings,omitempty"` 2337 2338 // Etag: `etag` is used for optimistic concurrency control as a way to 2339 // help prevent simultaneous updates of a policy from overwriting each 2340 // other. It is strongly suggested that systems make use of the `etag` 2341 // in the read-modify-write cycle to perform policy updates in order to 2342 // avoid race conditions: An `etag` is returned in the response to 2343 // `getIamPolicy`, and systems are expected to put that etag in the 2344 // request to `setIamPolicy` to ensure that their change will be applied 2345 // to the same version of the policy. **Important:** If you use IAM 2346 // Conditions, you must include the `etag` field whenever you call 2347 // `setIamPolicy`. If you omit this field, then IAM allows you to 2348 // overwrite a version `3` policy with a version `1` policy, and all of 2349 // the conditions in the version `3` policy are lost. 2350 Etag string `json:"etag,omitempty"` 2351 2352 // Version: Specifies the format of the policy. Valid values are `0`, 2353 // `1`, and `3`. Requests that specify an invalid value are rejected. 2354 // Any operation that affects conditional role bindings must specify 2355 // version `3`. This requirement applies to the following operations: * 2356 // Getting a policy that includes a conditional role binding * Adding a 2357 // conditional role binding to a policy * Changing a conditional role 2358 // binding in a policy * Removing any role binding, with or without a 2359 // condition, from a policy that includes conditions **Important:** If 2360 // you use IAM Conditions, you must include the `etag` field whenever 2361 // you call `setIamPolicy`. If you omit this field, then IAM allows you 2362 // to overwrite a version `3` policy with a version `1` policy, and all 2363 // of the conditions in the version `3` policy are lost. If a policy 2364 // does not include any conditions, operations on that policy may 2365 // specify any valid version or leave the field unset. To learn which 2366 // resources support conditions in their IAM policies, see the IAM 2367 // documentation 2368 // (https://cloud.google.com/iam/help/conditions/resource-policies). 2369 Version int64 `json:"version,omitempty"` 2370 2371 // ForceSendFields is a list of field names (e.g. "AuditConfigs") to 2372 // unconditionally include in API requests. By default, fields with 2373 // empty or default values are omitted from API requests. However, any 2374 // non-pointer, non-interface field appearing in ForceSendFields will be 2375 // sent to the server regardless of whether the field is empty or not. 2376 // This may be used to include empty fields in Patch requests. 2377 ForceSendFields []string `json:"-"` 2378 2379 // NullFields is a list of field names (e.g. "AuditConfigs") to include 2380 // in API requests with the JSON null value. By default, fields with 2381 // empty values are omitted from API requests. However, any field with 2382 // an empty value appearing in NullFields will be sent to the server as 2383 // null. It is an error if a field in this list has a non-empty value. 2384 // This may be used to include null fields in Patch requests. 2385 NullFields []string `json:"-"` 2386} 2387 2388func (s *Policy) MarshalJSON() ([]byte, error) { 2389 type NoMethod Policy 2390 raw := NoMethod(*s) 2391 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2392} 2393 2394// Resource: A representation of a Google Cloud resource. 2395type Resource struct { 2396 // Data: The content of the resource, in which some sensitive fields are 2397 // removed and may not be present. 2398 Data googleapi.RawMessage `json:"data,omitempty"` 2399 2400 // DiscoveryDocumentUri: The URL of the discovery document containing 2401 // the resource's JSON schema. Example: 2402 // `https://www.googleapis.com/discovery/v1/apis/compute/v1/rest` This 2403 // value is unspecified for resources that do not have an API based on a 2404 // discovery document, such as Cloud Bigtable. 2405 DiscoveryDocumentUri string `json:"discoveryDocumentUri,omitempty"` 2406 2407 // DiscoveryName: The JSON schema name listed in the discovery document. 2408 // Example: `Project` This value is unspecified for resources that do 2409 // not have an API based on a discovery document, such as Cloud 2410 // Bigtable. 2411 DiscoveryName string `json:"discoveryName,omitempty"` 2412 2413 // Parent: The full name of the immediate parent of this resource. See 2414 // Resource Names 2415 // (https://cloud.google.com/apis/design/resource_names#full_resource_name) 2416 // for more information. For Google Cloud assets, this value is the 2417 // parent resource defined in the Cloud IAM policy hierarchy 2418 // (https://cloud.google.com/iam/docs/overview#policy_hierarchy). 2419 // Example: 2420 // `//cloudresourcemanager.googleapis.com/projects/my_project_123` For 2421 // third-party assets, this field may be set differently. 2422 Parent string `json:"parent,omitempty"` 2423 2424 // ResourceUrl: The REST URL for accessing the resource. An HTTP `GET` 2425 // request using this URL returns the resource itself. Example: 2426 // `https://cloudresourcemanager.googleapis.com/v1/projects/my-project-12 2427 // 3` This value is unspecified for resources without a REST API. 2428 ResourceUrl string `json:"resourceUrl,omitempty"` 2429 2430 // Version: The API version. Example: `v1` 2431 Version string `json:"version,omitempty"` 2432 2433 // ForceSendFields is a list of field names (e.g. "Data") to 2434 // unconditionally include in API requests. By default, fields with 2435 // empty or default values are omitted from API requests. However, any 2436 // non-pointer, non-interface field appearing in ForceSendFields will be 2437 // sent to the server regardless of whether the field is empty or not. 2438 // This may be used to include empty fields in Patch requests. 2439 ForceSendFields []string `json:"-"` 2440 2441 // NullFields is a list of field names (e.g. "Data") to include in API 2442 // requests with the JSON null value. By default, fields with empty 2443 // values are omitted from API requests. However, any field with an 2444 // empty value appearing in NullFields will be sent to the server as 2445 // null. It is an error if a field in this list has a non-empty value. 2446 // This may be used to include null fields in Patch requests. 2447 NullFields []string `json:"-"` 2448} 2449 2450func (s *Resource) MarshalJSON() ([]byte, error) { 2451 type NoMethod Resource 2452 raw := NoMethod(*s) 2453 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2454} 2455 2456// Status: The `Status` type defines a logical error model that is 2457// suitable for different programming environments, including REST APIs 2458// and RPC APIs. It is used by gRPC (https://github.com/grpc). Each 2459// `Status` message contains three pieces of data: error code, error 2460// message, and error details. You can find out more about this error 2461// model and how to work with it in the API Design Guide 2462// (https://cloud.google.com/apis/design/errors). 2463type Status struct { 2464 // Code: The status code, which should be an enum value of 2465 // google.rpc.Code. 2466 Code int64 `json:"code,omitempty"` 2467 2468 // Details: A list of messages that carry the error details. There is a 2469 // common set of message types for APIs to use. 2470 Details []googleapi.RawMessage `json:"details,omitempty"` 2471 2472 // Message: A developer-facing error message, which should be in 2473 // English. Any user-facing error message should be localized and sent 2474 // in the google.rpc.Status.details field, or localized by the client. 2475 Message string `json:"message,omitempty"` 2476 2477 // ForceSendFields is a list of field names (e.g. "Code") to 2478 // unconditionally include in API requests. By default, fields with 2479 // empty or default values are omitted from API requests. However, any 2480 // non-pointer, non-interface field appearing in ForceSendFields will be 2481 // sent to the server regardless of whether the field is empty or not. 2482 // This may be used to include empty fields in Patch requests. 2483 ForceSendFields []string `json:"-"` 2484 2485 // NullFields is a list of field names (e.g. "Code") to include in API 2486 // requests with the JSON null value. By default, fields with empty 2487 // values are omitted from API requests. However, any field with an 2488 // empty value appearing in NullFields will be sent to the server as 2489 // null. It is an error if a field in this list has a non-empty value. 2490 // This may be used to include null fields in Patch requests. 2491 NullFields []string `json:"-"` 2492} 2493 2494func (s *Status) MarshalJSON() ([]byte, error) { 2495 type NoMethod Status 2496 raw := NoMethod(*s) 2497 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2498} 2499 2500// TemporalAsset: An asset in Google Cloud and its temporal metadata, 2501// including the time window when it was observed and its status during 2502// that window. 2503type TemporalAsset struct { 2504 // Asset: An asset in Google Cloud. 2505 Asset *Asset `json:"asset,omitempty"` 2506 2507 // Deleted: Whether the asset has been deleted or not. 2508 Deleted bool `json:"deleted,omitempty"` 2509 2510 // Window: The time window when the asset data and state was observed. 2511 Window *TimeWindow `json:"window,omitempty"` 2512 2513 // ForceSendFields is a list of field names (e.g. "Asset") to 2514 // unconditionally include in API requests. By default, fields with 2515 // empty or default values are omitted from API requests. However, any 2516 // non-pointer, non-interface field appearing in ForceSendFields will be 2517 // sent to the server regardless of whether the field is empty or not. 2518 // This may be used to include empty fields in Patch requests. 2519 ForceSendFields []string `json:"-"` 2520 2521 // NullFields is a list of field names (e.g. "Asset") to include in API 2522 // requests with the JSON null value. By default, fields with empty 2523 // values are omitted from API requests. However, any field with an 2524 // empty value appearing in NullFields will be sent to the server as 2525 // null. It is an error if a field in this list has a non-empty value. 2526 // This may be used to include null fields in Patch requests. 2527 NullFields []string `json:"-"` 2528} 2529 2530func (s *TemporalAsset) MarshalJSON() ([]byte, error) { 2531 type NoMethod TemporalAsset 2532 raw := NoMethod(*s) 2533 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2534} 2535 2536// TimeWindow: A time window specified by its `start_time` and 2537// `end_time`. 2538type TimeWindow struct { 2539 // EndTime: End time of the time window (inclusive). If not specified, 2540 // the current timestamp is used instead. 2541 EndTime string `json:"endTime,omitempty"` 2542 2543 // StartTime: Start time of the time window (exclusive). 2544 StartTime string `json:"startTime,omitempty"` 2545 2546 // ForceSendFields is a list of field names (e.g. "EndTime") to 2547 // unconditionally include in API requests. By default, fields with 2548 // empty or default values are omitted from API requests. However, any 2549 // non-pointer, non-interface field appearing in ForceSendFields will be 2550 // sent to the server regardless of whether the field is empty or not. 2551 // This may be used to include empty fields in Patch requests. 2552 ForceSendFields []string `json:"-"` 2553 2554 // NullFields is a list of field names (e.g. "EndTime") to include in 2555 // API requests with the JSON null value. By default, fields with empty 2556 // values are omitted from API requests. However, any field with an 2557 // empty value appearing in NullFields will be sent to the server as 2558 // null. It is an error if a field in this list has a non-empty value. 2559 // This may be used to include null fields in Patch requests. 2560 NullFields []string `json:"-"` 2561} 2562 2563func (s *TimeWindow) MarshalJSON() ([]byte, error) { 2564 type NoMethod TimeWindow 2565 raw := NoMethod(*s) 2566 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 2567} 2568 2569// method id "cloudasset.folders.exportAssets": 2570 2571type FoldersExportAssetsCall struct { 2572 s *Service 2573 parent string 2574 exportassetsrequest *ExportAssetsRequest 2575 urlParams_ gensupport.URLParams 2576 ctx_ context.Context 2577 header_ http.Header 2578} 2579 2580// ExportAssets: Exports assets with time and resource types to a given 2581// Cloud Storage location. The output format is newline-delimited JSON. 2582// This API implements the google.longrunning.Operation API allowing you 2583// to keep track of the export. We recommend intervals of at least 2 2584// seconds with exponential retry to poll the export operation result. 2585// For regular-size resource parent, the export operation usually 2586// finishes within 5 minutes. 2587// 2588// - parent: The relative name of the root asset. This can only be an 2589// organization number (such as "organizations/123"), a project ID 2590// (such as "projects/my-project-id"), a project number (such as 2591// "projects/12345"), or a folder number (such as "folders/123"). 2592func (r *FoldersService) ExportAssets(parent string, exportassetsrequest *ExportAssetsRequest) *FoldersExportAssetsCall { 2593 c := &FoldersExportAssetsCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2594 c.parent = parent 2595 c.exportassetsrequest = exportassetsrequest 2596 return c 2597} 2598 2599// Fields allows partial responses to be retrieved. See 2600// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2601// for more information. 2602func (c *FoldersExportAssetsCall) Fields(s ...googleapi.Field) *FoldersExportAssetsCall { 2603 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2604 return c 2605} 2606 2607// Context sets the context to be used in this call's Do method. Any 2608// pending HTTP request will be aborted if the provided context is 2609// canceled. 2610func (c *FoldersExportAssetsCall) Context(ctx context.Context) *FoldersExportAssetsCall { 2611 c.ctx_ = ctx 2612 return c 2613} 2614 2615// Header returns an http.Header that can be modified by the caller to 2616// add HTTP headers to the request. 2617func (c *FoldersExportAssetsCall) Header() http.Header { 2618 if c.header_ == nil { 2619 c.header_ = make(http.Header) 2620 } 2621 return c.header_ 2622} 2623 2624func (c *FoldersExportAssetsCall) doRequest(alt string) (*http.Response, error) { 2625 reqHeaders := make(http.Header) 2626 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211027") 2627 for k, v := range c.header_ { 2628 reqHeaders[k] = v 2629 } 2630 reqHeaders.Set("User-Agent", c.s.userAgent()) 2631 var body io.Reader = nil 2632 body, err := googleapi.WithoutDataWrapper.JSONReader(c.exportassetsrequest) 2633 if err != nil { 2634 return nil, err 2635 } 2636 reqHeaders.Set("Content-Type", "application/json") 2637 c.urlParams_.Set("alt", alt) 2638 c.urlParams_.Set("prettyPrint", "false") 2639 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+parent}:exportAssets") 2640 urls += "?" + c.urlParams_.Encode() 2641 req, err := http.NewRequest("POST", urls, body) 2642 if err != nil { 2643 return nil, err 2644 } 2645 req.Header = reqHeaders 2646 googleapi.Expand(req.URL, map[string]string{ 2647 "parent": c.parent, 2648 }) 2649 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2650} 2651 2652// Do executes the "cloudasset.folders.exportAssets" call. 2653// Exactly one of *Operation or error will be non-nil. Any non-2xx 2654// status code is an error. Response headers are in either 2655// *Operation.ServerResponse.Header or (if a response was returned at 2656// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 2657// to check whether the returned error was because 2658// http.StatusNotModified was returned. 2659func (c *FoldersExportAssetsCall) Do(opts ...googleapi.CallOption) (*Operation, error) { 2660 gensupport.SetOptions(c.urlParams_, opts...) 2661 res, err := c.doRequest("json") 2662 if res != nil && res.StatusCode == http.StatusNotModified { 2663 if res.Body != nil { 2664 res.Body.Close() 2665 } 2666 return nil, &googleapi.Error{ 2667 Code: res.StatusCode, 2668 Header: res.Header, 2669 } 2670 } 2671 if err != nil { 2672 return nil, err 2673 } 2674 defer googleapi.CloseBody(res) 2675 if err := googleapi.CheckResponse(res); err != nil { 2676 return nil, err 2677 } 2678 ret := &Operation{ 2679 ServerResponse: googleapi.ServerResponse{ 2680 Header: res.Header, 2681 HTTPStatusCode: res.StatusCode, 2682 }, 2683 } 2684 target := &ret 2685 if err := gensupport.DecodeResponse(target, res); err != nil { 2686 return nil, err 2687 } 2688 return ret, nil 2689 // { 2690 // "description": "Exports assets with time and resource types to a given Cloud Storage location. The output format is newline-delimited JSON. This API implements the google.longrunning.Operation API allowing you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result. For regular-size resource parent, the export operation usually finishes within 5 minutes.", 2691 // "flatPath": "v1beta1/folders/{foldersId}:exportAssets", 2692 // "httpMethod": "POST", 2693 // "id": "cloudasset.folders.exportAssets", 2694 // "parameterOrder": [ 2695 // "parent" 2696 // ], 2697 // "parameters": { 2698 // "parent": { 2699 // "description": "Required. The relative name of the root asset. This can only be an organization number (such as \"organizations/123\"), a project ID (such as \"projects/my-project-id\"), a project number (such as \"projects/12345\"), or a folder number (such as \"folders/123\").", 2700 // "location": "path", 2701 // "pattern": "^folders/[^/]+$", 2702 // "required": true, 2703 // "type": "string" 2704 // } 2705 // }, 2706 // "path": "v1beta1/{+parent}:exportAssets", 2707 // "request": { 2708 // "$ref": "ExportAssetsRequest" 2709 // }, 2710 // "response": { 2711 // "$ref": "Operation" 2712 // }, 2713 // "scopes": [ 2714 // "https://www.googleapis.com/auth/cloud-platform" 2715 // ] 2716 // } 2717 2718} 2719 2720// method id "cloudasset.folders.operations.get": 2721 2722type FoldersOperationsGetCall struct { 2723 s *Service 2724 name string 2725 urlParams_ gensupport.URLParams 2726 ifNoneMatch_ string 2727 ctx_ context.Context 2728 header_ http.Header 2729} 2730 2731// Get: Gets the latest state of a long-running operation. Clients can 2732// use this method to poll the operation result at intervals as 2733// recommended by the API service. 2734// 2735// - name: The name of the operation resource. 2736func (r *FoldersOperationsService) Get(name string) *FoldersOperationsGetCall { 2737 c := &FoldersOperationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2738 c.name = name 2739 return c 2740} 2741 2742// Fields allows partial responses to be retrieved. See 2743// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2744// for more information. 2745func (c *FoldersOperationsGetCall) Fields(s ...googleapi.Field) *FoldersOperationsGetCall { 2746 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2747 return c 2748} 2749 2750// IfNoneMatch sets the optional parameter which makes the operation 2751// fail if the object's ETag matches the given value. This is useful for 2752// getting updates only after the object has changed since the last 2753// request. Use googleapi.IsNotModified to check whether the response 2754// error from Do is the result of In-None-Match. 2755func (c *FoldersOperationsGetCall) IfNoneMatch(entityTag string) *FoldersOperationsGetCall { 2756 c.ifNoneMatch_ = entityTag 2757 return c 2758} 2759 2760// Context sets the context to be used in this call's Do method. Any 2761// pending HTTP request will be aborted if the provided context is 2762// canceled. 2763func (c *FoldersOperationsGetCall) Context(ctx context.Context) *FoldersOperationsGetCall { 2764 c.ctx_ = ctx 2765 return c 2766} 2767 2768// Header returns an http.Header that can be modified by the caller to 2769// add HTTP headers to the request. 2770func (c *FoldersOperationsGetCall) Header() http.Header { 2771 if c.header_ == nil { 2772 c.header_ = make(http.Header) 2773 } 2774 return c.header_ 2775} 2776 2777func (c *FoldersOperationsGetCall) doRequest(alt string) (*http.Response, error) { 2778 reqHeaders := make(http.Header) 2779 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211027") 2780 for k, v := range c.header_ { 2781 reqHeaders[k] = v 2782 } 2783 reqHeaders.Set("User-Agent", c.s.userAgent()) 2784 if c.ifNoneMatch_ != "" { 2785 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2786 } 2787 var body io.Reader = nil 2788 c.urlParams_.Set("alt", alt) 2789 c.urlParams_.Set("prettyPrint", "false") 2790 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 2791 urls += "?" + c.urlParams_.Encode() 2792 req, err := http.NewRequest("GET", urls, body) 2793 if err != nil { 2794 return nil, err 2795 } 2796 req.Header = reqHeaders 2797 googleapi.Expand(req.URL, map[string]string{ 2798 "name": c.name, 2799 }) 2800 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2801} 2802 2803// Do executes the "cloudasset.folders.operations.get" call. 2804// Exactly one of *Operation or error will be non-nil. Any non-2xx 2805// status code is an error. Response headers are in either 2806// *Operation.ServerResponse.Header or (if a response was returned at 2807// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 2808// to check whether the returned error was because 2809// http.StatusNotModified was returned. 2810func (c *FoldersOperationsGetCall) Do(opts ...googleapi.CallOption) (*Operation, error) { 2811 gensupport.SetOptions(c.urlParams_, opts...) 2812 res, err := c.doRequest("json") 2813 if res != nil && res.StatusCode == http.StatusNotModified { 2814 if res.Body != nil { 2815 res.Body.Close() 2816 } 2817 return nil, &googleapi.Error{ 2818 Code: res.StatusCode, 2819 Header: res.Header, 2820 } 2821 } 2822 if err != nil { 2823 return nil, err 2824 } 2825 defer googleapi.CloseBody(res) 2826 if err := googleapi.CheckResponse(res); err != nil { 2827 return nil, err 2828 } 2829 ret := &Operation{ 2830 ServerResponse: googleapi.ServerResponse{ 2831 Header: res.Header, 2832 HTTPStatusCode: res.StatusCode, 2833 }, 2834 } 2835 target := &ret 2836 if err := gensupport.DecodeResponse(target, res); err != nil { 2837 return nil, err 2838 } 2839 return ret, nil 2840 // { 2841 // "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.", 2842 // "flatPath": "v1beta1/folders/{foldersId}/operations/{operationsId}/{operationsId1}", 2843 // "httpMethod": "GET", 2844 // "id": "cloudasset.folders.operations.get", 2845 // "parameterOrder": [ 2846 // "name" 2847 // ], 2848 // "parameters": { 2849 // "name": { 2850 // "description": "The name of the operation resource.", 2851 // "location": "path", 2852 // "pattern": "^folders/[^/]+/operations/[^/]+/.*$", 2853 // "required": true, 2854 // "type": "string" 2855 // } 2856 // }, 2857 // "path": "v1beta1/{+name}", 2858 // "response": { 2859 // "$ref": "Operation" 2860 // }, 2861 // "scopes": [ 2862 // "https://www.googleapis.com/auth/cloud-platform" 2863 // ] 2864 // } 2865 2866} 2867 2868// method id "cloudasset.organizations.batchGetAssetsHistory": 2869 2870type OrganizationsBatchGetAssetsHistoryCall struct { 2871 s *Service 2872 parent string 2873 urlParams_ gensupport.URLParams 2874 ifNoneMatch_ string 2875 ctx_ context.Context 2876 header_ http.Header 2877} 2878 2879// BatchGetAssetsHistory: Batch gets the update history of assets that 2880// overlap a time window. For IAM_POLICY content, this API outputs 2881// history when the asset and its attached IAM POLICY both exist. This 2882// can create gaps in the output history. Otherwise, this API outputs 2883// history with asset in both non-delete or deleted status. If a 2884// specified asset does not exist, this API returns an INVALID_ARGUMENT 2885// error. 2886// 2887// - parent: The relative name of the root asset. It can only be an 2888// organization number (such as "organizations/123"), a project ID 2889// (such as "projects/my-project-id")", or a project number (such as 2890// "projects/12345"). 2891func (r *OrganizationsService) BatchGetAssetsHistory(parent string) *OrganizationsBatchGetAssetsHistoryCall { 2892 c := &OrganizationsBatchGetAssetsHistoryCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2893 c.parent = parent 2894 return c 2895} 2896 2897// AssetNames sets the optional parameter "assetNames": A list of the 2898// full names of the assets. For example: 2899// `//compute.googleapis.com/projects/my_project_123/zones/zone1/instance 2900// s/instance1`. See Resource Names 2901// (https://cloud.google.com/apis/design/resource_names#full_resource_name) 2902// for more info. The request becomes a no-op if the asset name list is 2903// empty, and the max size of the asset name list is 100 in one request. 2904func (c *OrganizationsBatchGetAssetsHistoryCall) AssetNames(assetNames ...string) *OrganizationsBatchGetAssetsHistoryCall { 2905 c.urlParams_.SetMulti("assetNames", append([]string{}, assetNames...)) 2906 return c 2907} 2908 2909// ContentType sets the optional parameter "contentType": The content 2910// type. 2911// 2912// Possible values: 2913// "CONTENT_TYPE_UNSPECIFIED" - Unspecified content type. 2914// "RESOURCE" - Resource metadata. 2915// "IAM_POLICY" - The actual IAM policy set on a resource. 2916func (c *OrganizationsBatchGetAssetsHistoryCall) ContentType(contentType string) *OrganizationsBatchGetAssetsHistoryCall { 2917 c.urlParams_.Set("contentType", contentType) 2918 return c 2919} 2920 2921// ReadTimeWindowEndTime sets the optional parameter 2922// "readTimeWindow.endTime": End time of the time window (inclusive). If 2923// not specified, the current timestamp is used instead. 2924func (c *OrganizationsBatchGetAssetsHistoryCall) ReadTimeWindowEndTime(readTimeWindowEndTime string) *OrganizationsBatchGetAssetsHistoryCall { 2925 c.urlParams_.Set("readTimeWindow.endTime", readTimeWindowEndTime) 2926 return c 2927} 2928 2929// ReadTimeWindowStartTime sets the optional parameter 2930// "readTimeWindow.startTime": Start time of the time window 2931// (exclusive). 2932func (c *OrganizationsBatchGetAssetsHistoryCall) ReadTimeWindowStartTime(readTimeWindowStartTime string) *OrganizationsBatchGetAssetsHistoryCall { 2933 c.urlParams_.Set("readTimeWindow.startTime", readTimeWindowStartTime) 2934 return c 2935} 2936 2937// Fields allows partial responses to be retrieved. See 2938// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2939// for more information. 2940func (c *OrganizationsBatchGetAssetsHistoryCall) Fields(s ...googleapi.Field) *OrganizationsBatchGetAssetsHistoryCall { 2941 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2942 return c 2943} 2944 2945// IfNoneMatch sets the optional parameter which makes the operation 2946// fail if the object's ETag matches the given value. This is useful for 2947// getting updates only after the object has changed since the last 2948// request. Use googleapi.IsNotModified to check whether the response 2949// error from Do is the result of In-None-Match. 2950func (c *OrganizationsBatchGetAssetsHistoryCall) IfNoneMatch(entityTag string) *OrganizationsBatchGetAssetsHistoryCall { 2951 c.ifNoneMatch_ = entityTag 2952 return c 2953} 2954 2955// Context sets the context to be used in this call's Do method. Any 2956// pending HTTP request will be aborted if the provided context is 2957// canceled. 2958func (c *OrganizationsBatchGetAssetsHistoryCall) Context(ctx context.Context) *OrganizationsBatchGetAssetsHistoryCall { 2959 c.ctx_ = ctx 2960 return c 2961} 2962 2963// Header returns an http.Header that can be modified by the caller to 2964// add HTTP headers to the request. 2965func (c *OrganizationsBatchGetAssetsHistoryCall) Header() http.Header { 2966 if c.header_ == nil { 2967 c.header_ = make(http.Header) 2968 } 2969 return c.header_ 2970} 2971 2972func (c *OrganizationsBatchGetAssetsHistoryCall) doRequest(alt string) (*http.Response, error) { 2973 reqHeaders := make(http.Header) 2974 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211027") 2975 for k, v := range c.header_ { 2976 reqHeaders[k] = v 2977 } 2978 reqHeaders.Set("User-Agent", c.s.userAgent()) 2979 if c.ifNoneMatch_ != "" { 2980 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2981 } 2982 var body io.Reader = nil 2983 c.urlParams_.Set("alt", alt) 2984 c.urlParams_.Set("prettyPrint", "false") 2985 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+parent}:batchGetAssetsHistory") 2986 urls += "?" + c.urlParams_.Encode() 2987 req, err := http.NewRequest("GET", urls, body) 2988 if err != nil { 2989 return nil, err 2990 } 2991 req.Header = reqHeaders 2992 googleapi.Expand(req.URL, map[string]string{ 2993 "parent": c.parent, 2994 }) 2995 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2996} 2997 2998// Do executes the "cloudasset.organizations.batchGetAssetsHistory" call. 2999// Exactly one of *BatchGetAssetsHistoryResponse or error will be 3000// non-nil. Any non-2xx status code is an error. Response headers are in 3001// either *BatchGetAssetsHistoryResponse.ServerResponse.Header or (if a 3002// response was returned at all) in error.(*googleapi.Error).Header. Use 3003// googleapi.IsNotModified to check whether the returned error was 3004// because http.StatusNotModified was returned. 3005func (c *OrganizationsBatchGetAssetsHistoryCall) Do(opts ...googleapi.CallOption) (*BatchGetAssetsHistoryResponse, error) { 3006 gensupport.SetOptions(c.urlParams_, opts...) 3007 res, err := c.doRequest("json") 3008 if res != nil && res.StatusCode == http.StatusNotModified { 3009 if res.Body != nil { 3010 res.Body.Close() 3011 } 3012 return nil, &googleapi.Error{ 3013 Code: res.StatusCode, 3014 Header: res.Header, 3015 } 3016 } 3017 if err != nil { 3018 return nil, err 3019 } 3020 defer googleapi.CloseBody(res) 3021 if err := googleapi.CheckResponse(res); err != nil { 3022 return nil, err 3023 } 3024 ret := &BatchGetAssetsHistoryResponse{ 3025 ServerResponse: googleapi.ServerResponse{ 3026 Header: res.Header, 3027 HTTPStatusCode: res.StatusCode, 3028 }, 3029 } 3030 target := &ret 3031 if err := gensupport.DecodeResponse(target, res); err != nil { 3032 return nil, err 3033 } 3034 return ret, nil 3035 // { 3036 // "description": "Batch gets the update history of assets that overlap a time window. For IAM_POLICY content, this API outputs history when the asset and its attached IAM POLICY both exist. This can create gaps in the output history. Otherwise, this API outputs history with asset in both non-delete or deleted status. If a specified asset does not exist, this API returns an INVALID_ARGUMENT error.", 3037 // "flatPath": "v1beta1/organizations/{organizationsId}:batchGetAssetsHistory", 3038 // "httpMethod": "GET", 3039 // "id": "cloudasset.organizations.batchGetAssetsHistory", 3040 // "parameterOrder": [ 3041 // "parent" 3042 // ], 3043 // "parameters": { 3044 // "assetNames": { 3045 // "description": "A list of the full names of the assets. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more info. The request becomes a no-op if the asset name list is empty, and the max size of the asset name list is 100 in one request.", 3046 // "location": "query", 3047 // "repeated": true, 3048 // "type": "string" 3049 // }, 3050 // "contentType": { 3051 // "description": "Optional. The content type.", 3052 // "enum": [ 3053 // "CONTENT_TYPE_UNSPECIFIED", 3054 // "RESOURCE", 3055 // "IAM_POLICY" 3056 // ], 3057 // "enumDescriptions": [ 3058 // "Unspecified content type.", 3059 // "Resource metadata.", 3060 // "The actual IAM policy set on a resource." 3061 // ], 3062 // "location": "query", 3063 // "type": "string" 3064 // }, 3065 // "parent": { 3066 // "description": "Required. The relative name of the root asset. It can only be an organization number (such as \"organizations/123\"), a project ID (such as \"projects/my-project-id\")\", or a project number (such as \"projects/12345\").", 3067 // "location": "path", 3068 // "pattern": "^organizations/[^/]+$", 3069 // "required": true, 3070 // "type": "string" 3071 // }, 3072 // "readTimeWindow.endTime": { 3073 // "description": "End time of the time window (inclusive). If not specified, the current timestamp is used instead.", 3074 // "format": "google-datetime", 3075 // "location": "query", 3076 // "type": "string" 3077 // }, 3078 // "readTimeWindow.startTime": { 3079 // "description": "Start time of the time window (exclusive).", 3080 // "format": "google-datetime", 3081 // "location": "query", 3082 // "type": "string" 3083 // } 3084 // }, 3085 // "path": "v1beta1/{+parent}:batchGetAssetsHistory", 3086 // "response": { 3087 // "$ref": "BatchGetAssetsHistoryResponse" 3088 // }, 3089 // "scopes": [ 3090 // "https://www.googleapis.com/auth/cloud-platform" 3091 // ] 3092 // } 3093 3094} 3095 3096// method id "cloudasset.organizations.exportAssets": 3097 3098type OrganizationsExportAssetsCall struct { 3099 s *Service 3100 parent string 3101 exportassetsrequest *ExportAssetsRequest 3102 urlParams_ gensupport.URLParams 3103 ctx_ context.Context 3104 header_ http.Header 3105} 3106 3107// ExportAssets: Exports assets with time and resource types to a given 3108// Cloud Storage location. The output format is newline-delimited JSON. 3109// This API implements the google.longrunning.Operation API allowing you 3110// to keep track of the export. We recommend intervals of at least 2 3111// seconds with exponential retry to poll the export operation result. 3112// For regular-size resource parent, the export operation usually 3113// finishes within 5 minutes. 3114// 3115// - parent: The relative name of the root asset. This can only be an 3116// organization number (such as "organizations/123"), a project ID 3117// (such as "projects/my-project-id"), a project number (such as 3118// "projects/12345"), or a folder number (such as "folders/123"). 3119func (r *OrganizationsService) ExportAssets(parent string, exportassetsrequest *ExportAssetsRequest) *OrganizationsExportAssetsCall { 3120 c := &OrganizationsExportAssetsCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3121 c.parent = parent 3122 c.exportassetsrequest = exportassetsrequest 3123 return c 3124} 3125 3126// Fields allows partial responses to be retrieved. See 3127// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3128// for more information. 3129func (c *OrganizationsExportAssetsCall) Fields(s ...googleapi.Field) *OrganizationsExportAssetsCall { 3130 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3131 return c 3132} 3133 3134// Context sets the context to be used in this call's Do method. Any 3135// pending HTTP request will be aborted if the provided context is 3136// canceled. 3137func (c *OrganizationsExportAssetsCall) Context(ctx context.Context) *OrganizationsExportAssetsCall { 3138 c.ctx_ = ctx 3139 return c 3140} 3141 3142// Header returns an http.Header that can be modified by the caller to 3143// add HTTP headers to the request. 3144func (c *OrganizationsExportAssetsCall) Header() http.Header { 3145 if c.header_ == nil { 3146 c.header_ = make(http.Header) 3147 } 3148 return c.header_ 3149} 3150 3151func (c *OrganizationsExportAssetsCall) doRequest(alt string) (*http.Response, error) { 3152 reqHeaders := make(http.Header) 3153 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211027") 3154 for k, v := range c.header_ { 3155 reqHeaders[k] = v 3156 } 3157 reqHeaders.Set("User-Agent", c.s.userAgent()) 3158 var body io.Reader = nil 3159 body, err := googleapi.WithoutDataWrapper.JSONReader(c.exportassetsrequest) 3160 if err != nil { 3161 return nil, err 3162 } 3163 reqHeaders.Set("Content-Type", "application/json") 3164 c.urlParams_.Set("alt", alt) 3165 c.urlParams_.Set("prettyPrint", "false") 3166 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+parent}:exportAssets") 3167 urls += "?" + c.urlParams_.Encode() 3168 req, err := http.NewRequest("POST", urls, body) 3169 if err != nil { 3170 return nil, err 3171 } 3172 req.Header = reqHeaders 3173 googleapi.Expand(req.URL, map[string]string{ 3174 "parent": c.parent, 3175 }) 3176 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3177} 3178 3179// Do executes the "cloudasset.organizations.exportAssets" call. 3180// Exactly one of *Operation or error will be non-nil. Any non-2xx 3181// status code is an error. Response headers are in either 3182// *Operation.ServerResponse.Header or (if a response was returned at 3183// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 3184// to check whether the returned error was because 3185// http.StatusNotModified was returned. 3186func (c *OrganizationsExportAssetsCall) Do(opts ...googleapi.CallOption) (*Operation, error) { 3187 gensupport.SetOptions(c.urlParams_, opts...) 3188 res, err := c.doRequest("json") 3189 if res != nil && res.StatusCode == http.StatusNotModified { 3190 if res.Body != nil { 3191 res.Body.Close() 3192 } 3193 return nil, &googleapi.Error{ 3194 Code: res.StatusCode, 3195 Header: res.Header, 3196 } 3197 } 3198 if err != nil { 3199 return nil, err 3200 } 3201 defer googleapi.CloseBody(res) 3202 if err := googleapi.CheckResponse(res); err != nil { 3203 return nil, err 3204 } 3205 ret := &Operation{ 3206 ServerResponse: googleapi.ServerResponse{ 3207 Header: res.Header, 3208 HTTPStatusCode: res.StatusCode, 3209 }, 3210 } 3211 target := &ret 3212 if err := gensupport.DecodeResponse(target, res); err != nil { 3213 return nil, err 3214 } 3215 return ret, nil 3216 // { 3217 // "description": "Exports assets with time and resource types to a given Cloud Storage location. The output format is newline-delimited JSON. This API implements the google.longrunning.Operation API allowing you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result. For regular-size resource parent, the export operation usually finishes within 5 minutes.", 3218 // "flatPath": "v1beta1/organizations/{organizationsId}:exportAssets", 3219 // "httpMethod": "POST", 3220 // "id": "cloudasset.organizations.exportAssets", 3221 // "parameterOrder": [ 3222 // "parent" 3223 // ], 3224 // "parameters": { 3225 // "parent": { 3226 // "description": "Required. The relative name of the root asset. This can only be an organization number (such as \"organizations/123\"), a project ID (such as \"projects/my-project-id\"), a project number (such as \"projects/12345\"), or a folder number (such as \"folders/123\").", 3227 // "location": "path", 3228 // "pattern": "^organizations/[^/]+$", 3229 // "required": true, 3230 // "type": "string" 3231 // } 3232 // }, 3233 // "path": "v1beta1/{+parent}:exportAssets", 3234 // "request": { 3235 // "$ref": "ExportAssetsRequest" 3236 // }, 3237 // "response": { 3238 // "$ref": "Operation" 3239 // }, 3240 // "scopes": [ 3241 // "https://www.googleapis.com/auth/cloud-platform" 3242 // ] 3243 // } 3244 3245} 3246 3247// method id "cloudasset.organizations.operations.get": 3248 3249type OrganizationsOperationsGetCall struct { 3250 s *Service 3251 name string 3252 urlParams_ gensupport.URLParams 3253 ifNoneMatch_ string 3254 ctx_ context.Context 3255 header_ http.Header 3256} 3257 3258// Get: Gets the latest state of a long-running operation. Clients can 3259// use this method to poll the operation result at intervals as 3260// recommended by the API service. 3261// 3262// - name: The name of the operation resource. 3263func (r *OrganizationsOperationsService) Get(name string) *OrganizationsOperationsGetCall { 3264 c := &OrganizationsOperationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3265 c.name = name 3266 return c 3267} 3268 3269// Fields allows partial responses to be retrieved. See 3270// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3271// for more information. 3272func (c *OrganizationsOperationsGetCall) Fields(s ...googleapi.Field) *OrganizationsOperationsGetCall { 3273 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3274 return c 3275} 3276 3277// IfNoneMatch sets the optional parameter which makes the operation 3278// fail if the object's ETag matches the given value. This is useful for 3279// getting updates only after the object has changed since the last 3280// request. Use googleapi.IsNotModified to check whether the response 3281// error from Do is the result of In-None-Match. 3282func (c *OrganizationsOperationsGetCall) IfNoneMatch(entityTag string) *OrganizationsOperationsGetCall { 3283 c.ifNoneMatch_ = entityTag 3284 return c 3285} 3286 3287// Context sets the context to be used in this call's Do method. Any 3288// pending HTTP request will be aborted if the provided context is 3289// canceled. 3290func (c *OrganizationsOperationsGetCall) Context(ctx context.Context) *OrganizationsOperationsGetCall { 3291 c.ctx_ = ctx 3292 return c 3293} 3294 3295// Header returns an http.Header that can be modified by the caller to 3296// add HTTP headers to the request. 3297func (c *OrganizationsOperationsGetCall) Header() http.Header { 3298 if c.header_ == nil { 3299 c.header_ = make(http.Header) 3300 } 3301 return c.header_ 3302} 3303 3304func (c *OrganizationsOperationsGetCall) doRequest(alt string) (*http.Response, error) { 3305 reqHeaders := make(http.Header) 3306 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211027") 3307 for k, v := range c.header_ { 3308 reqHeaders[k] = v 3309 } 3310 reqHeaders.Set("User-Agent", c.s.userAgent()) 3311 if c.ifNoneMatch_ != "" { 3312 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 3313 } 3314 var body io.Reader = nil 3315 c.urlParams_.Set("alt", alt) 3316 c.urlParams_.Set("prettyPrint", "false") 3317 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 3318 urls += "?" + c.urlParams_.Encode() 3319 req, err := http.NewRequest("GET", urls, body) 3320 if err != nil { 3321 return nil, err 3322 } 3323 req.Header = reqHeaders 3324 googleapi.Expand(req.URL, map[string]string{ 3325 "name": c.name, 3326 }) 3327 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3328} 3329 3330// Do executes the "cloudasset.organizations.operations.get" call. 3331// Exactly one of *Operation or error will be non-nil. Any non-2xx 3332// status code is an error. Response headers are in either 3333// *Operation.ServerResponse.Header or (if a response was returned at 3334// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 3335// to check whether the returned error was because 3336// http.StatusNotModified was returned. 3337func (c *OrganizationsOperationsGetCall) Do(opts ...googleapi.CallOption) (*Operation, error) { 3338 gensupport.SetOptions(c.urlParams_, opts...) 3339 res, err := c.doRequest("json") 3340 if res != nil && res.StatusCode == http.StatusNotModified { 3341 if res.Body != nil { 3342 res.Body.Close() 3343 } 3344 return nil, &googleapi.Error{ 3345 Code: res.StatusCode, 3346 Header: res.Header, 3347 } 3348 } 3349 if err != nil { 3350 return nil, err 3351 } 3352 defer googleapi.CloseBody(res) 3353 if err := googleapi.CheckResponse(res); err != nil { 3354 return nil, err 3355 } 3356 ret := &Operation{ 3357 ServerResponse: googleapi.ServerResponse{ 3358 Header: res.Header, 3359 HTTPStatusCode: res.StatusCode, 3360 }, 3361 } 3362 target := &ret 3363 if err := gensupport.DecodeResponse(target, res); err != nil { 3364 return nil, err 3365 } 3366 return ret, nil 3367 // { 3368 // "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.", 3369 // "flatPath": "v1beta1/organizations/{organizationsId}/operations/{operationsId}/{operationsId1}", 3370 // "httpMethod": "GET", 3371 // "id": "cloudasset.organizations.operations.get", 3372 // "parameterOrder": [ 3373 // "name" 3374 // ], 3375 // "parameters": { 3376 // "name": { 3377 // "description": "The name of the operation resource.", 3378 // "location": "path", 3379 // "pattern": "^organizations/[^/]+/operations/[^/]+/.*$", 3380 // "required": true, 3381 // "type": "string" 3382 // } 3383 // }, 3384 // "path": "v1beta1/{+name}", 3385 // "response": { 3386 // "$ref": "Operation" 3387 // }, 3388 // "scopes": [ 3389 // "https://www.googleapis.com/auth/cloud-platform" 3390 // ] 3391 // } 3392 3393} 3394 3395// method id "cloudasset.projects.batchGetAssetsHistory": 3396 3397type ProjectsBatchGetAssetsHistoryCall struct { 3398 s *Service 3399 parent string 3400 urlParams_ gensupport.URLParams 3401 ifNoneMatch_ string 3402 ctx_ context.Context 3403 header_ http.Header 3404} 3405 3406// BatchGetAssetsHistory: Batch gets the update history of assets that 3407// overlap a time window. For IAM_POLICY content, this API outputs 3408// history when the asset and its attached IAM POLICY both exist. This 3409// can create gaps in the output history. Otherwise, this API outputs 3410// history with asset in both non-delete or deleted status. If a 3411// specified asset does not exist, this API returns an INVALID_ARGUMENT 3412// error. 3413// 3414// - parent: The relative name of the root asset. It can only be an 3415// organization number (such as "organizations/123"), a project ID 3416// (such as "projects/my-project-id")", or a project number (such as 3417// "projects/12345"). 3418func (r *ProjectsService) BatchGetAssetsHistory(parent string) *ProjectsBatchGetAssetsHistoryCall { 3419 c := &ProjectsBatchGetAssetsHistoryCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3420 c.parent = parent 3421 return c 3422} 3423 3424// AssetNames sets the optional parameter "assetNames": A list of the 3425// full names of the assets. For example: 3426// `//compute.googleapis.com/projects/my_project_123/zones/zone1/instance 3427// s/instance1`. See Resource Names 3428// (https://cloud.google.com/apis/design/resource_names#full_resource_name) 3429// for more info. The request becomes a no-op if the asset name list is 3430// empty, and the max size of the asset name list is 100 in one request. 3431func (c *ProjectsBatchGetAssetsHistoryCall) AssetNames(assetNames ...string) *ProjectsBatchGetAssetsHistoryCall { 3432 c.urlParams_.SetMulti("assetNames", append([]string{}, assetNames...)) 3433 return c 3434} 3435 3436// ContentType sets the optional parameter "contentType": The content 3437// type. 3438// 3439// Possible values: 3440// "CONTENT_TYPE_UNSPECIFIED" - Unspecified content type. 3441// "RESOURCE" - Resource metadata. 3442// "IAM_POLICY" - The actual IAM policy set on a resource. 3443func (c *ProjectsBatchGetAssetsHistoryCall) ContentType(contentType string) *ProjectsBatchGetAssetsHistoryCall { 3444 c.urlParams_.Set("contentType", contentType) 3445 return c 3446} 3447 3448// ReadTimeWindowEndTime sets the optional parameter 3449// "readTimeWindow.endTime": End time of the time window (inclusive). If 3450// not specified, the current timestamp is used instead. 3451func (c *ProjectsBatchGetAssetsHistoryCall) ReadTimeWindowEndTime(readTimeWindowEndTime string) *ProjectsBatchGetAssetsHistoryCall { 3452 c.urlParams_.Set("readTimeWindow.endTime", readTimeWindowEndTime) 3453 return c 3454} 3455 3456// ReadTimeWindowStartTime sets the optional parameter 3457// "readTimeWindow.startTime": Start time of the time window 3458// (exclusive). 3459func (c *ProjectsBatchGetAssetsHistoryCall) ReadTimeWindowStartTime(readTimeWindowStartTime string) *ProjectsBatchGetAssetsHistoryCall { 3460 c.urlParams_.Set("readTimeWindow.startTime", readTimeWindowStartTime) 3461 return c 3462} 3463 3464// Fields allows partial responses to be retrieved. See 3465// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3466// for more information. 3467func (c *ProjectsBatchGetAssetsHistoryCall) Fields(s ...googleapi.Field) *ProjectsBatchGetAssetsHistoryCall { 3468 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3469 return c 3470} 3471 3472// IfNoneMatch sets the optional parameter which makes the operation 3473// fail if the object's ETag matches the given value. This is useful for 3474// getting updates only after the object has changed since the last 3475// request. Use googleapi.IsNotModified to check whether the response 3476// error from Do is the result of In-None-Match. 3477func (c *ProjectsBatchGetAssetsHistoryCall) IfNoneMatch(entityTag string) *ProjectsBatchGetAssetsHistoryCall { 3478 c.ifNoneMatch_ = entityTag 3479 return c 3480} 3481 3482// Context sets the context to be used in this call's Do method. Any 3483// pending HTTP request will be aborted if the provided context is 3484// canceled. 3485func (c *ProjectsBatchGetAssetsHistoryCall) Context(ctx context.Context) *ProjectsBatchGetAssetsHistoryCall { 3486 c.ctx_ = ctx 3487 return c 3488} 3489 3490// Header returns an http.Header that can be modified by the caller to 3491// add HTTP headers to the request. 3492func (c *ProjectsBatchGetAssetsHistoryCall) Header() http.Header { 3493 if c.header_ == nil { 3494 c.header_ = make(http.Header) 3495 } 3496 return c.header_ 3497} 3498 3499func (c *ProjectsBatchGetAssetsHistoryCall) doRequest(alt string) (*http.Response, error) { 3500 reqHeaders := make(http.Header) 3501 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211027") 3502 for k, v := range c.header_ { 3503 reqHeaders[k] = v 3504 } 3505 reqHeaders.Set("User-Agent", c.s.userAgent()) 3506 if c.ifNoneMatch_ != "" { 3507 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 3508 } 3509 var body io.Reader = nil 3510 c.urlParams_.Set("alt", alt) 3511 c.urlParams_.Set("prettyPrint", "false") 3512 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+parent}:batchGetAssetsHistory") 3513 urls += "?" + c.urlParams_.Encode() 3514 req, err := http.NewRequest("GET", urls, body) 3515 if err != nil { 3516 return nil, err 3517 } 3518 req.Header = reqHeaders 3519 googleapi.Expand(req.URL, map[string]string{ 3520 "parent": c.parent, 3521 }) 3522 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3523} 3524 3525// Do executes the "cloudasset.projects.batchGetAssetsHistory" call. 3526// Exactly one of *BatchGetAssetsHistoryResponse or error will be 3527// non-nil. Any non-2xx status code is an error. Response headers are in 3528// either *BatchGetAssetsHistoryResponse.ServerResponse.Header or (if a 3529// response was returned at all) in error.(*googleapi.Error).Header. Use 3530// googleapi.IsNotModified to check whether the returned error was 3531// because http.StatusNotModified was returned. 3532func (c *ProjectsBatchGetAssetsHistoryCall) Do(opts ...googleapi.CallOption) (*BatchGetAssetsHistoryResponse, error) { 3533 gensupport.SetOptions(c.urlParams_, opts...) 3534 res, err := c.doRequest("json") 3535 if res != nil && res.StatusCode == http.StatusNotModified { 3536 if res.Body != nil { 3537 res.Body.Close() 3538 } 3539 return nil, &googleapi.Error{ 3540 Code: res.StatusCode, 3541 Header: res.Header, 3542 } 3543 } 3544 if err != nil { 3545 return nil, err 3546 } 3547 defer googleapi.CloseBody(res) 3548 if err := googleapi.CheckResponse(res); err != nil { 3549 return nil, err 3550 } 3551 ret := &BatchGetAssetsHistoryResponse{ 3552 ServerResponse: googleapi.ServerResponse{ 3553 Header: res.Header, 3554 HTTPStatusCode: res.StatusCode, 3555 }, 3556 } 3557 target := &ret 3558 if err := gensupport.DecodeResponse(target, res); err != nil { 3559 return nil, err 3560 } 3561 return ret, nil 3562 // { 3563 // "description": "Batch gets the update history of assets that overlap a time window. For IAM_POLICY content, this API outputs history when the asset and its attached IAM POLICY both exist. This can create gaps in the output history. Otherwise, this API outputs history with asset in both non-delete or deleted status. If a specified asset does not exist, this API returns an INVALID_ARGUMENT error.", 3564 // "flatPath": "v1beta1/projects/{projectsId}:batchGetAssetsHistory", 3565 // "httpMethod": "GET", 3566 // "id": "cloudasset.projects.batchGetAssetsHistory", 3567 // "parameterOrder": [ 3568 // "parent" 3569 // ], 3570 // "parameters": { 3571 // "assetNames": { 3572 // "description": "A list of the full names of the assets. For example: `//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1`. See [Resource Names](https://cloud.google.com/apis/design/resource_names#full_resource_name) for more info. The request becomes a no-op if the asset name list is empty, and the max size of the asset name list is 100 in one request.", 3573 // "location": "query", 3574 // "repeated": true, 3575 // "type": "string" 3576 // }, 3577 // "contentType": { 3578 // "description": "Optional. The content type.", 3579 // "enum": [ 3580 // "CONTENT_TYPE_UNSPECIFIED", 3581 // "RESOURCE", 3582 // "IAM_POLICY" 3583 // ], 3584 // "enumDescriptions": [ 3585 // "Unspecified content type.", 3586 // "Resource metadata.", 3587 // "The actual IAM policy set on a resource." 3588 // ], 3589 // "location": "query", 3590 // "type": "string" 3591 // }, 3592 // "parent": { 3593 // "description": "Required. The relative name of the root asset. It can only be an organization number (such as \"organizations/123\"), a project ID (such as \"projects/my-project-id\")\", or a project number (such as \"projects/12345\").", 3594 // "location": "path", 3595 // "pattern": "^projects/[^/]+$", 3596 // "required": true, 3597 // "type": "string" 3598 // }, 3599 // "readTimeWindow.endTime": { 3600 // "description": "End time of the time window (inclusive). If not specified, the current timestamp is used instead.", 3601 // "format": "google-datetime", 3602 // "location": "query", 3603 // "type": "string" 3604 // }, 3605 // "readTimeWindow.startTime": { 3606 // "description": "Start time of the time window (exclusive).", 3607 // "format": "google-datetime", 3608 // "location": "query", 3609 // "type": "string" 3610 // } 3611 // }, 3612 // "path": "v1beta1/{+parent}:batchGetAssetsHistory", 3613 // "response": { 3614 // "$ref": "BatchGetAssetsHistoryResponse" 3615 // }, 3616 // "scopes": [ 3617 // "https://www.googleapis.com/auth/cloud-platform" 3618 // ] 3619 // } 3620 3621} 3622 3623// method id "cloudasset.projects.exportAssets": 3624 3625type ProjectsExportAssetsCall struct { 3626 s *Service 3627 parent string 3628 exportassetsrequest *ExportAssetsRequest 3629 urlParams_ gensupport.URLParams 3630 ctx_ context.Context 3631 header_ http.Header 3632} 3633 3634// ExportAssets: Exports assets with time and resource types to a given 3635// Cloud Storage location. The output format is newline-delimited JSON. 3636// This API implements the google.longrunning.Operation API allowing you 3637// to keep track of the export. We recommend intervals of at least 2 3638// seconds with exponential retry to poll the export operation result. 3639// For regular-size resource parent, the export operation usually 3640// finishes within 5 minutes. 3641// 3642// - parent: The relative name of the root asset. This can only be an 3643// organization number (such as "organizations/123"), a project ID 3644// (such as "projects/my-project-id"), a project number (such as 3645// "projects/12345"), or a folder number (such as "folders/123"). 3646func (r *ProjectsService) ExportAssets(parent string, exportassetsrequest *ExportAssetsRequest) *ProjectsExportAssetsCall { 3647 c := &ProjectsExportAssetsCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3648 c.parent = parent 3649 c.exportassetsrequest = exportassetsrequest 3650 return c 3651} 3652 3653// Fields allows partial responses to be retrieved. See 3654// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3655// for more information. 3656func (c *ProjectsExportAssetsCall) Fields(s ...googleapi.Field) *ProjectsExportAssetsCall { 3657 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3658 return c 3659} 3660 3661// Context sets the context to be used in this call's Do method. Any 3662// pending HTTP request will be aborted if the provided context is 3663// canceled. 3664func (c *ProjectsExportAssetsCall) Context(ctx context.Context) *ProjectsExportAssetsCall { 3665 c.ctx_ = ctx 3666 return c 3667} 3668 3669// Header returns an http.Header that can be modified by the caller to 3670// add HTTP headers to the request. 3671func (c *ProjectsExportAssetsCall) Header() http.Header { 3672 if c.header_ == nil { 3673 c.header_ = make(http.Header) 3674 } 3675 return c.header_ 3676} 3677 3678func (c *ProjectsExportAssetsCall) doRequest(alt string) (*http.Response, error) { 3679 reqHeaders := make(http.Header) 3680 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211027") 3681 for k, v := range c.header_ { 3682 reqHeaders[k] = v 3683 } 3684 reqHeaders.Set("User-Agent", c.s.userAgent()) 3685 var body io.Reader = nil 3686 body, err := googleapi.WithoutDataWrapper.JSONReader(c.exportassetsrequest) 3687 if err != nil { 3688 return nil, err 3689 } 3690 reqHeaders.Set("Content-Type", "application/json") 3691 c.urlParams_.Set("alt", alt) 3692 c.urlParams_.Set("prettyPrint", "false") 3693 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+parent}:exportAssets") 3694 urls += "?" + c.urlParams_.Encode() 3695 req, err := http.NewRequest("POST", urls, body) 3696 if err != nil { 3697 return nil, err 3698 } 3699 req.Header = reqHeaders 3700 googleapi.Expand(req.URL, map[string]string{ 3701 "parent": c.parent, 3702 }) 3703 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3704} 3705 3706// Do executes the "cloudasset.projects.exportAssets" call. 3707// Exactly one of *Operation or error will be non-nil. Any non-2xx 3708// status code is an error. Response headers are in either 3709// *Operation.ServerResponse.Header or (if a response was returned at 3710// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 3711// to check whether the returned error was because 3712// http.StatusNotModified was returned. 3713func (c *ProjectsExportAssetsCall) Do(opts ...googleapi.CallOption) (*Operation, error) { 3714 gensupport.SetOptions(c.urlParams_, opts...) 3715 res, err := c.doRequest("json") 3716 if res != nil && res.StatusCode == http.StatusNotModified { 3717 if res.Body != nil { 3718 res.Body.Close() 3719 } 3720 return nil, &googleapi.Error{ 3721 Code: res.StatusCode, 3722 Header: res.Header, 3723 } 3724 } 3725 if err != nil { 3726 return nil, err 3727 } 3728 defer googleapi.CloseBody(res) 3729 if err := googleapi.CheckResponse(res); err != nil { 3730 return nil, err 3731 } 3732 ret := &Operation{ 3733 ServerResponse: googleapi.ServerResponse{ 3734 Header: res.Header, 3735 HTTPStatusCode: res.StatusCode, 3736 }, 3737 } 3738 target := &ret 3739 if err := gensupport.DecodeResponse(target, res); err != nil { 3740 return nil, err 3741 } 3742 return ret, nil 3743 // { 3744 // "description": "Exports assets with time and resource types to a given Cloud Storage location. The output format is newline-delimited JSON. This API implements the google.longrunning.Operation API allowing you to keep track of the export. We recommend intervals of at least 2 seconds with exponential retry to poll the export operation result. For regular-size resource parent, the export operation usually finishes within 5 minutes.", 3745 // "flatPath": "v1beta1/projects/{projectsId}:exportAssets", 3746 // "httpMethod": "POST", 3747 // "id": "cloudasset.projects.exportAssets", 3748 // "parameterOrder": [ 3749 // "parent" 3750 // ], 3751 // "parameters": { 3752 // "parent": { 3753 // "description": "Required. The relative name of the root asset. This can only be an organization number (such as \"organizations/123\"), a project ID (such as \"projects/my-project-id\"), a project number (such as \"projects/12345\"), or a folder number (such as \"folders/123\").", 3754 // "location": "path", 3755 // "pattern": "^projects/[^/]+$", 3756 // "required": true, 3757 // "type": "string" 3758 // } 3759 // }, 3760 // "path": "v1beta1/{+parent}:exportAssets", 3761 // "request": { 3762 // "$ref": "ExportAssetsRequest" 3763 // }, 3764 // "response": { 3765 // "$ref": "Operation" 3766 // }, 3767 // "scopes": [ 3768 // "https://www.googleapis.com/auth/cloud-platform" 3769 // ] 3770 // } 3771 3772} 3773 3774// method id "cloudasset.projects.operations.get": 3775 3776type ProjectsOperationsGetCall struct { 3777 s *Service 3778 name string 3779 urlParams_ gensupport.URLParams 3780 ifNoneMatch_ string 3781 ctx_ context.Context 3782 header_ http.Header 3783} 3784 3785// Get: Gets the latest state of a long-running operation. Clients can 3786// use this method to poll the operation result at intervals as 3787// recommended by the API service. 3788// 3789// - name: The name of the operation resource. 3790func (r *ProjectsOperationsService) Get(name string) *ProjectsOperationsGetCall { 3791 c := &ProjectsOperationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3792 c.name = name 3793 return c 3794} 3795 3796// Fields allows partial responses to be retrieved. See 3797// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3798// for more information. 3799func (c *ProjectsOperationsGetCall) Fields(s ...googleapi.Field) *ProjectsOperationsGetCall { 3800 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3801 return c 3802} 3803 3804// IfNoneMatch sets the optional parameter which makes the operation 3805// fail if the object's ETag matches the given value. This is useful for 3806// getting updates only after the object has changed since the last 3807// request. Use googleapi.IsNotModified to check whether the response 3808// error from Do is the result of In-None-Match. 3809func (c *ProjectsOperationsGetCall) IfNoneMatch(entityTag string) *ProjectsOperationsGetCall { 3810 c.ifNoneMatch_ = entityTag 3811 return c 3812} 3813 3814// Context sets the context to be used in this call's Do method. Any 3815// pending HTTP request will be aborted if the provided context is 3816// canceled. 3817func (c *ProjectsOperationsGetCall) Context(ctx context.Context) *ProjectsOperationsGetCall { 3818 c.ctx_ = ctx 3819 return c 3820} 3821 3822// Header returns an http.Header that can be modified by the caller to 3823// add HTTP headers to the request. 3824func (c *ProjectsOperationsGetCall) Header() http.Header { 3825 if c.header_ == nil { 3826 c.header_ = make(http.Header) 3827 } 3828 return c.header_ 3829} 3830 3831func (c *ProjectsOperationsGetCall) doRequest(alt string) (*http.Response, error) { 3832 reqHeaders := make(http.Header) 3833 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211027") 3834 for k, v := range c.header_ { 3835 reqHeaders[k] = v 3836 } 3837 reqHeaders.Set("User-Agent", c.s.userAgent()) 3838 if c.ifNoneMatch_ != "" { 3839 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 3840 } 3841 var body io.Reader = nil 3842 c.urlParams_.Set("alt", alt) 3843 c.urlParams_.Set("prettyPrint", "false") 3844 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 3845 urls += "?" + c.urlParams_.Encode() 3846 req, err := http.NewRequest("GET", urls, body) 3847 if err != nil { 3848 return nil, err 3849 } 3850 req.Header = reqHeaders 3851 googleapi.Expand(req.URL, map[string]string{ 3852 "name": c.name, 3853 }) 3854 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3855} 3856 3857// Do executes the "cloudasset.projects.operations.get" call. 3858// Exactly one of *Operation or error will be non-nil. Any non-2xx 3859// status code is an error. Response headers are in either 3860// *Operation.ServerResponse.Header or (if a response was returned at 3861// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 3862// to check whether the returned error was because 3863// http.StatusNotModified was returned. 3864func (c *ProjectsOperationsGetCall) Do(opts ...googleapi.CallOption) (*Operation, error) { 3865 gensupport.SetOptions(c.urlParams_, opts...) 3866 res, err := c.doRequest("json") 3867 if res != nil && res.StatusCode == http.StatusNotModified { 3868 if res.Body != nil { 3869 res.Body.Close() 3870 } 3871 return nil, &googleapi.Error{ 3872 Code: res.StatusCode, 3873 Header: res.Header, 3874 } 3875 } 3876 if err != nil { 3877 return nil, err 3878 } 3879 defer googleapi.CloseBody(res) 3880 if err := googleapi.CheckResponse(res); err != nil { 3881 return nil, err 3882 } 3883 ret := &Operation{ 3884 ServerResponse: googleapi.ServerResponse{ 3885 Header: res.Header, 3886 HTTPStatusCode: res.StatusCode, 3887 }, 3888 } 3889 target := &ret 3890 if err := gensupport.DecodeResponse(target, res); err != nil { 3891 return nil, err 3892 } 3893 return ret, nil 3894 // { 3895 // "description": "Gets the latest state of a long-running operation. Clients can use this method to poll the operation result at intervals as recommended by the API service.", 3896 // "flatPath": "v1beta1/projects/{projectsId}/operations/{operationsId}/{operationsId1}", 3897 // "httpMethod": "GET", 3898 // "id": "cloudasset.projects.operations.get", 3899 // "parameterOrder": [ 3900 // "name" 3901 // ], 3902 // "parameters": { 3903 // "name": { 3904 // "description": "The name of the operation resource.", 3905 // "location": "path", 3906 // "pattern": "^projects/[^/]+/operations/[^/]+/.*$", 3907 // "required": true, 3908 // "type": "string" 3909 // } 3910 // }, 3911 // "path": "v1beta1/{+name}", 3912 // "response": { 3913 // "$ref": "Operation" 3914 // }, 3915 // "scopes": [ 3916 // "https://www.googleapis.com/auth/cloud-platform" 3917 // ] 3918 // } 3919 3920} 3921