Skip to content

Commit

Permalink
fix(accesscontextmanager): update the API
Browse files Browse the repository at this point in the history 
#### accesscontextmanager:v1beta

The following keys were changed:
- description

#### accesscontextmanager:v1

The following keys were changed:
- description
- resources.accessPolicies.resources.authorizedOrgsDescs.methods.create.description
- resources.accessPolicies.resources.authorizedOrgsDescs.methods.delete.description
- resources.accessPolicies.resources.authorizedOrgsDescs.methods.get.description
- resources.accessPolicies.resources.authorizedOrgsDescs.methods.patch.description
- resources.accessPolicies.resources.authorizedOrgsDescs.methods.patch.parameters.name.description
- schemas.AuthorizedOrgsDesc.description
- schemas.AuthorizedOrgsDesc.properties.assetType.description
- schemas.AuthorizedOrgsDesc.properties.assetType.enumDescriptions
- schemas.AuthorizedOrgsDesc.properties.authorizationDirection.description
- schemas.AuthorizedOrgsDesc.properties.authorizationDirection.enumDescriptions
- schemas.AuthorizedOrgsDesc.properties.authorizationType.description
- schemas.AuthorizedOrgsDesc.properties.name.description
- schemas.AuthorizedOrgsDesc.properties.orgs.description
- schemas.Binding.properties.members.description
- schemas.IngressSource.properties.resource.description
- schemas.ListAuthorizedOrgsDescsResponse.properties.authorizedOrgsDescs.description
- schemas.ServicePerimeter.description
- schemas.ServicePerimeter.properties.perimeterType.description
- schemas.ServicePerimeterConfig.properties.resources.description
  • Loading branch information
@yoshi-automation @sofisl
yoshi-automation authored and sofisl committed Feb 2, 2023
1 parent 5ea028c commit f3cc068
Show file tree
Hide file tree
Showing 5 changed files with 45 additions and 45 deletions.
44 changes: 22 additions & 22 deletions discovery/accesscontextmanager-v1.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"baseUrl": "https://accesscontextmanager.googleapis.com/",
"batchPath": "batch",
"canonicalName": "Access Context Manager",
"description": "An API for setting attribute based access control to requests to GCP services.",
"description": "An API for setting attribute based access control to requests to Google Cloud services.",
"discoveryVersion": "v1",
"documentationLink": "https://cloud.google.com/access-context-manager/docs/reference/rest/",
"fullyEncodeReservedExpansion": true,
Expand Down Expand Up @@ -568,7 +568,7 @@
"authorizedOrgsDescs": {
"methods": {
"create": {
"description": "Creates a authorized orgs desc. The long-running operation from this RPC has a successful status after the authorized orgs desc propagates to long-lasting storage. If a authorized orgs desc contains errors, an error response is returned for the first error encountered. The name of this `AuthorizedOrgsDesc` will be assigned during creation.",
"description": "Creates an authorized orgs desc. The long-running operation from this RPC has a successful status after the authorized orgs desc propagates to long-lasting storage. If a authorized orgs desc contains errors, an error response is returned for the first error encountered. The name of this `AuthorizedOrgsDesc` will be assigned during creation.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/authorizedOrgsDescs",
"httpMethod": "POST",
"id": "accesscontextmanager.accessPolicies.authorizedOrgsDescs.create",
Expand Down Expand Up @@ -596,7 +596,7 @@
]
},
"delete": {
"description": "Deletes a authorized orgs desc based on the resource name. The long-running operation from this RPC has a successful status after the authorized orgs desc is removed from long-lasting storage.",
"description": "Deletes an authorized orgs desc based on the resource name. The long-running operation from this RPC has a successful status after the authorized orgs desc is removed from long-lasting storage.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/authorizedOrgsDescs/{authorizedOrgsDescsId}",
"httpMethod": "DELETE",
"id": "accesscontextmanager.accessPolicies.authorizedOrgsDescs.delete",
Expand All @@ -621,7 +621,7 @@
]
},
"get": {
"description": "Gets a authorized orgs desc based on the resource name.",
"description": "Gets an authorized orgs desc based on the resource name.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/authorizedOrgsDescs/{authorizedOrgsDescsId}",
"httpMethod": "GET",
"id": "accesscontextmanager.accessPolicies.authorizedOrgsDescs.get",
Expand Down Expand Up @@ -682,7 +682,7 @@
]
},
"patch": {
"description": "Updates a authorized orgs desc. The long-running operation from this RPC has a successful status after the authorized orgs desc propagates to long-lasting storage. If a authorized orgs desc contains errors, an error response is returned for the first error encountered. Only the organization list in `AuthorizedOrgsDesc` can be updated. The name, authorization_type, asset_type and authorization_direction cannot be updated.",
"description": "Updates an authorized orgs desc. The long-running operation from this RPC has a successful status after the authorized orgs desc propagates to long-lasting storage. If a authorized orgs desc contains errors, an error response is returned for the first error encountered. Only the organization list in `AuthorizedOrgsDesc` can be updated. The name, authorization_type, asset_type and authorization_direction cannot be updated.",
"flatPath": "v1/accessPolicies/{accessPoliciesId}/authorizedOrgsDescs/{authorizedOrgsDescsId}",
"httpMethod": "PATCH",
"id": "accesscontextmanager.accessPolicies.authorizedOrgsDescs.patch",
Expand All @@ -691,7 +691,7 @@
],
"parameters": {
"name": {
"description": "Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: \"accessPolicies/122256/authorizedOrgs/b3-BhcX_Ud5N\"",
"description": "Resource name for the `AuthorizedOrgsDesc`. Format: `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. The `authorized_orgs_desc` component must begin with a letter, followed by alphanumeric characters or `_`. After you create an `AuthorizedOrgsDesc`, you cannot change its `name`.",
"location": "path",
"pattern": "^accessPolicies/[^/]+/authorizedOrgsDescs/[^/]+$",
"required": true,
Expand Down Expand Up @@ -1235,7 +1235,7 @@
}
}
},
"revision": "20221218",
"revision": "20230130",
"rootUrl": "https://accesscontextmanager.googleapis.com/",
"schemas": {
"AccessContextManagerOperationMetadata": {
Expand Down Expand Up @@ -1368,11 +1368,11 @@
"type": "object"
},
"AuthorizedOrgsDesc": {
"description": "`AuthorizedOrgsDesc` is a resource that contains a list of organizations for a authorization type and asset type and its authorization direction.",
"description": "`AuthorizedOrgsDesc` contains data for an organization's authorization policy.",
"id": "AuthorizedOrgsDesc",
"properties": {
"assetType": {
"description": "The asset type of this authorized orgs desc. e.g. device, credential strength.",
"description": "The asset type of this authorized orgs desc. Valid values are `ASSET_TYPE_DEVICE`, and `ASSET_TYPE_CREDENTIAL_STRENGTH`.",
"enum": [
"ASSET_TYPE_UNSPECIFIED",
"ASSET_TYPE_DEVICE",
Expand All @@ -1381,26 +1381,26 @@
"enumDescriptions": [
"No asset type specified.",
"Device asset type.",
"credential strength asset type."
"Credential strength asset type."
],
"type": "string"
},
"authorizationDirection": {
"description": "Authorization direction of this authorization relationship. i.e. Whether to allow specified orgs to evaluate this org's traffic, or allow specified orgs' traffic to be evaluated by this org. Orgs specified as `AUTHORIZATION_DIRECTION_TO` in this AuthorizedOrgsDesc[com.google.identity.accesscontextmanager.v1.AuthorizedOrgsDesc] must also specify this org as the `AUTHORIZATION_DIRECTION_FROM` in their own AuthorizedOrgsDesc in order for this relationship to take effect. Orgs specified as `AUTHORIZATION_DIRECTION_FROM` in this AuthorizedOrgsDesc[com.google.identity.accesscontextmanager.v1.AuthorizedOrgsDesc] must also specify this org as the `AUTHORIZATION_DIRECTION_TO` in their own AuthorizedOrgsDesc in order for this relationship to take effect.",
"description": "The direction of the authorization relationship between this organization and the organizations listed in the `orgs` field. The valid values for this field include the following: `AUTHORIZATION_DIRECTION_FROM`: Allows this organization to evaluate traffic in the organizations listed in the `orgs` field. `AUTHORIZATION_DIRECTION_TO`: Allows the organizations listed in the `orgs` field to evaluate the traffic in this organization. For the authorization relationship to take effect, all of the organizations must authorize and specify the appropriate relationship direction. For example, if organization A authorized organization B and C to evaluate its traffic, by specifying `AUTHORIZATION_DIRECTION_TO` as the authorization direction, organizations B and C must specify `AUTHORIZATION_DIRECTION_FROM` as the authorization direction in their `AuthorizedOrgsDesc` resource.",
"enum": [
"AUTHORIZATION_DIRECTION_UNSPECIFIED",
"AUTHORIZATION_DIRECTION_TO",
"AUTHORIZATION_DIRECTION_FROM"
],
"enumDescriptions": [
"No direction specified.",
"Specified orgs will evaluate traffic.",
"Specified orgs' traffic will be evaluated."
"The specified organizations are authorized to evaluate traffic in this organization.",
"The traffic of the specified organizations can be evaluated by this organization."
],
"type": "string"
},
"authorizationType": {
"description": "The authorization type of this authorized orgs desc. e.g.authorization, troubleshooting or logging.",
"description": "A granular control type for authorization levels. Valid value is `AUTHORIZATION_TYPE_TRUST`.",
"enum": [
"AUTHORIZATION_TYPE_UNSPECIFIED",
"AUTHORIZATION_TYPE_TRUST"
Expand All @@ -1412,11 +1412,11 @@
"type": "string"
},
"name": {
"description": "Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)). Should not be specified by the client during creation. Example: \"accessPolicies/122256/authorizedOrgs/b3-BhcX_Ud5N\"",
"description": "Resource name for the `AuthorizedOrgsDesc`. Format: `accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}`. The `authorized_orgs_desc` component must begin with a letter, followed by alphanumeric characters or `_`. After you create an `AuthorizedOrgsDesc`, you cannot change its `name`.",
"type": "string"
},
"orgs": {
"description": "The list of organization ids in this AuthorizedOrgsDesc.",
"description": "The list of organization ids in this AuthorizedOrgsDesc. Format: `organizations/` Example: `organizations/123456`",
"items": {
"type": "string"
},
Expand Down Expand Up @@ -1460,7 +1460,7 @@
"description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)."
},
"members": {
"description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
"description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.",
"items": {
"type": "string"
},
Expand Down Expand Up @@ -1836,7 +1836,7 @@
"type": "string"
},
"resource": {
"description": "A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects are allowed. Format: `projects/{project_number}` The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in. `*` is not allowed, the case of allowing all Google Cloud resources only is not supported.",
"description": "A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects and VPCs are allowed. Project format: `projects/{project_number}` VPC network format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`. The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in. `*` is not allowed, the case of allowing all Google Cloud resources only is not supported.",
"type": "string"
}
},
Expand Down Expand Up @@ -1904,7 +1904,7 @@
"id": "ListAuthorizedOrgsDescsResponse",
"properties": {
"authorizedOrgsDescs": {
"description": "List of the Authorized Orgs Desc instances.",
"description": "List of all the Authorized Orgs Desc instances.",
"items": {
"$ref": "AuthorizedOrgsDesc"
},
Expand Down Expand Up @@ -2154,7 +2154,7 @@
"type": "object"
},
"ServicePerimeter": {
"description": "`ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.",
"description": "`ServicePerimeter` describes a set of Google Cloud resources which can freely import and export data amongst themselves, but not export outside of the `ServicePerimeter`. If a request with a source within this `ServicePerimeter` has a target outside of the `ServicePerimeter`, the request will be blocked. Otherwise the request is allowed. There are two types of Service Perimeter - Regular and Bridge. Regular Service Perimeters cannot overlap, a single Google Cloud project or VPC network can only belong to a single regular Service Perimeter. Service Perimeter Bridges can contain only Google Cloud projects as members, a single Google Cloud project may belong to multiple Service Perimeter Bridges.",
"id": "ServicePerimeter",
"properties": {
"description": {
Expand All @@ -2166,7 +2166,7 @@
"type": "string"
},
"perimeterType": {
"description": "Perimeter type indicator. A single project is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.",
"description": "Perimeter type indicator. A single project or VPC network is allowed to be a member of single regular perimeter, but multiple service perimeter bridges. A project cannot be a included in a perimeter bridge without being included in regular perimeter. For perimeter bridges, the restricted service list as well as access level lists must be empty.",
"enum": [
"PERIMETER_TYPE_REGULAR",
"PERIMETER_TYPE_BRIDGE"
Expand Down Expand Up @@ -2222,7 +2222,7 @@
"type": "array"
},
"resources": {
"description": "A list of Google Cloud resources that are inside of the service perimeter. Currently only projects are allowed. Format: `projects/{project_number}`",
"description": "A list of Google Cloud resources that are inside of the service perimeter. Currently only projects and VPCs are allowed. Project format: `projects/{project_number}` VPC network format: `//compute.googleapis.com/projects/{PROJECT_ID}/global/networks/{NAME}`.",
"items": {
"type": "string"
},
Expand Down

0 comments on commit f3cc068

Please sign in to comment.