feat(gkehub): update the api

#### gkehub:v1 The following keys were added: - resources.projects.resources.locations.resources.scopes.methods.listMemberships (Total Keys: 18) - resources.projects.resources.locations.resources.scopes.methods.listPermitted (Total Keys: 16) - schemas.IdentityServiceAuthMethod.properties.ldapConfig.$ref (Total Keys: 1) - schemas.IdentityServiceGroupConfig (Total Keys: 5) - schemas.IdentityServiceLdapConfig (Total Keys: 6) - schemas.IdentityServiceServerConfig (Total Keys: 6) - schemas.IdentityServiceServiceAccountConfig (Total Keys: 3) - schemas.IdentityServiceSimpleBindCredentials (Total Keys: 7) - schemas.IdentityServiceUserConfig (Total Keys: 6) - schemas.ListBoundMembershipsResponse (Total Keys: 7) - schemas.ListPermittedScopesResponse (Total Keys: 5) #### gkehub:v1alpha The following keys were added: - schemas.IdentityServiceAuthMethod.properties.ldapConfig.$ref (Total Keys: 1) - schemas.IdentityServiceGroupConfig (Total Keys: 5) - schemas.IdentityServiceLdapConfig (Total Keys: 6) - schemas.IdentityServiceServerConfig (Total Keys: 6) - schemas.IdentityServiceServiceAccountConfig (Total Keys: 3) - schemas.IdentityServiceSimpleBindCredentials (Total Keys: 7) - schemas.IdentityServiceUserConfig (Total Keys: 6) #### gkehub:v1beta The following keys were added: - resources.projects.resources.locations.resources.scopes.methods.listMemberships (Total Keys: 18) - resources.projects.resources.locations.resources.scopes.methods.listPermitted (Total Keys: 16) - schemas.IdentityServiceAuthMethod.properties.ldapConfig.$ref (Total Keys: 1) - schemas.IdentityServiceGroupConfig (Total Keys: 5) - schemas.IdentityServiceLdapConfig (Total Keys: 6) - schemas.IdentityServiceServerConfig (Total Keys: 6) - schemas.IdentityServiceServiceAccountConfig (Total Keys: 3) - schemas.IdentityServiceSimpleBindCredentials (Total Keys: 7) - schemas.IdentityServiceUserConfig (Total Keys: 6) - schemas.ListBoundMembershipsResponse (Total Keys: 7) - schemas.ListPermittedScopesResponse (Total Keys: 5)
googleapis · Mar 26, 2024 · aa1658e · aa1658e
1 parent 9c4cd50
commit aa1658e
Show file tree

Hide file tree

Showing 10 changed files with 1,880 additions and 5 deletions.
diff --git a/docs/dyn/gkehub_v1.projects.locations.features.html b/docs/dyn/gkehub_v1.projects.locations.features.html
diff --git a/docs/dyn/gkehub_v1.projects.locations.scopes.html b/docs/dyn/gkehub_v1.projects.locations.scopes.html
diff --git a/docs/dyn/gkehub_v1alpha.projects.locations.features.html b/docs/dyn/gkehub_v1alpha.projects.locations.features.html
diff --git a/docs/dyn/gkehub_v1beta.projects.locations.features.html b/docs/dyn/gkehub_v1beta.projects.locations.features.html
diff --git a/docs/dyn/gkehub_v1beta.projects.locations.scopes.html b/docs/dyn/gkehub_v1beta.projects.locations.scopes.html
diff --git a/googleapiclient/discovery_cache/documents/gkehub.v1.json b/googleapiclient/discovery_cache/documents/gkehub.v1.json
@@ -1421,6 +1421,83 @@
 "https://www.googleapis.com/auth/cloud-platform"
 ]
 },
+"listMemberships": {
+"description": "Lists Memberships bound to a Scope. The response includes relevant Memberships from all regions.",
+"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/scopes/{scopesId}:listMemberships",
+"httpMethod": "GET",
+"id": "gkehub.projects.locations.scopes.listMemberships",
+"parameterOrder": [
+"scopeName"
+],
+"parameters": {
+"filter": {
+"description": "Optional. Lists Memberships that match the filter expression, following the syntax outlined in https://google.aip.dev/160. Currently, filtering can be done only based on Memberships's `name`, `labels`, `create_time`, `update_time`, and `unique_id`.",
+"location": "query",
+"type": "string"
+},
+"pageSize": {
+"description": "Optional. When requesting a 'page' of resources, `page_size` specifies number of resources to return. If unspecified or set to 0, all resources will be returned. Pagination is currently not supported; therefore, setting this field does not have any impact for now.",
+"format": "int32",
+"location": "query",
+"type": "integer"
+},
+"pageToken": {
+"description": "Optional. Token returned by previous call to `ListBoundMemberships` which specifies the position in the list from where to continue listing the resources.",
+"location": "query",
+"type": "string"
+},
+"scopeName": {
+"description": "Required. Name of the Scope, in the format `projects/*/locations/global/scopes/*`, to which the Memberships are bound.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+/scopes/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1/{+scopeName}:listMemberships",
+"response": {
+"$ref": "ListBoundMembershipsResponse"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
+"listPermitted": {
+"description": "Lists permitted Scopes.",
+"flatPath": "v1/projects/{projectsId}/locations/{locationsId}/scopes:listPermitted",
+"httpMethod": "GET",
+"id": "gkehub.projects.locations.scopes.listPermitted",
+"parameterOrder": [
+"parent"
+],
+"parameters": {
+"pageSize": {
+"description": "Optional. When requesting a 'page' of resources, `page_size` specifies number of resources to return. If unspecified or set to 0, all resources will be returned.",
+"format": "int32",
+"location": "query",
+"type": "integer"
+},
+"pageToken": {
+"description": "Optional. Token returned by previous call to `ListPermittedScopes` which specifies the position in the list from where to continue listing the resources.",
+"location": "query",
+"type": "string"
+},
+"parent": {
+"description": "Required. The parent (project and location) where the Scope will be listed. Specified in the format `projects/*/locations/*`.",
+"location": "path",
+"pattern": "^projects/[^/]+/locations/[^/]+$",
+"required": true,
+"type": "string"
+}
+},
+"path": "v1/{+parent}/scopes:listPermitted",
+"response": {
+"$ref": "ListPermittedScopesResponse"
+},
+"scopes": [
+"https://www.googleapis.com/auth/cloud-platform"
+]
+},
 "patch": {
 "description": "Updates a scopes.",
 "flatPath": "v1/projects/{projectsId}/locations/{locationsId}/scopes/{scopesId}",
@@ -1834,7 +1911,7 @@
 }
 }
 },
-"revision": "20240307",
+"revision": "20240318",
 "rootUrl": "https://gkehub.googleapis.com/",
 "schemas": {
 "AppDevExperienceFeatureSpec": {
@@ -3722,6 +3799,10 @@
 "$ref": "IdentityServiceGoogleConfig",
 "description": "GoogleConfig specific configuration."
 },
+"ldapConfig": {
+"$ref": "IdentityServiceLdapConfig",
+"description": "LDAP specific configuration."
+},
 "name": {
 "description": "Identifier for auth config.",
 "type": "string"
@@ -3789,6 +3870,48 @@
 },
 "type": "object"
 },
+"IdentityServiceGroupConfig": {
+"description": "Contains the properties for locating and authenticating groups in the directory.",
+"id": "IdentityServiceGroupConfig",
+"properties": {
+"baseDn": {
+"description": "Required. The location of the subtree in the LDAP directory to search for group entries.",
+"type": "string"
+},
+"filter": {
+"description": "Optional. Optional filter to be used when searching for groups a user belongs to. This can be used to explicitly match only certain groups in order to reduce the amount of groups returned for each user. This defaults to \"(objectClass=Group)\".",
+"type": "string"
+},
+"idAttribute": {
+"description": "Optional. The identifying name of each group a user belongs to. For example, if this is set to \"distinguishedName\" then RBACs and other group expectations should be written as full DNs. This defaults to \"distinguishedName\".",
+"type": "string"
+}
+},
+"type": "object"
+},
+"IdentityServiceLdapConfig": {
+"description": "Configuration for the LDAP Auth flow.",
+"id": "IdentityServiceLdapConfig",
+"properties": {
+"group": {
+"$ref": "IdentityServiceGroupConfig",
+"description": "Optional. Contains the properties for locating and authenticating groups in the directory."
+},
+"server": {
+"$ref": "IdentityServiceServerConfig",
+"description": "Required. Server settings for the external LDAP server."
+},
+"serviceAccount": {
+"$ref": "IdentityServiceServiceAccountConfig",
+"description": "Required. Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate."
+},
+"user": {
+"$ref": "IdentityServiceUserConfig",
+"description": "Required. Defines where users exist in the LDAP directory."
+}
+},
+"type": "object"
+},
 "IdentityServiceMembershipSpec": {
 "description": "**Anthos Identity Service**: Configuration for a single Membership.",
 "id": "IdentityServiceMembershipSpec",
@@ -3946,6 +4069,81 @@
 },
 "type": "object"
 },
+"IdentityServiceServerConfig": {
+"description": "Server settings for the external LDAP server.",
+"id": "IdentityServiceServerConfig",
+"properties": {
+"certificateAuthorityData": {
+"description": "Optional. Contains a Base64 encoded, PEM formatted certificate authority certificate for the LDAP server. This must be provided for the \"ldaps\" and \"startTLS\" connections.",
+"format": "byte",
+"type": "string"
+},
+"connectionType": {
+"description": "Optional. Defines the connection type to communicate with the LDAP server. If `starttls` or `ldaps` is specified, the certificate_authority_data should not be empty.",
+"type": "string"
+},
+"host": {
+"description": "Required. Defines the hostname or IP of the LDAP server. Port is optional and will default to 389, if unspecified. For example, \"ldap.server.example\" or \"10.10.10.10:389\".",
+"type": "string"
+}
+},
+"type": "object"
+},
+"IdentityServiceServiceAccountConfig": {
+"description": "Contains the credentials of the service account which is authorized to perform the LDAP search in the directory. The credentials can be supplied by the combination of the DN and password or the client certificate.",
+"id": "IdentityServiceServiceAccountConfig",
+"properties": {
+"simpleBindCredentials": {
+"$ref": "IdentityServiceSimpleBindCredentials",
+"description": "Credentials for basic auth."
+}
+},
+"type": "object"
+},
+"IdentityServiceSimpleBindCredentials": {
+"description": "The structure holds the LDAP simple binding credential.",
+"id": "IdentityServiceSimpleBindCredentials",
+"properties": {
+"dn": {
+"description": "Required. The distinguished name(DN) of the service account object/user.",
+"type": "string"
+},
+"encryptedPassword": {
+"description": "Output only. The encrypted password of the service account object/user.",
+"format": "byte",
+"readOnly": true,
+"type": "string"
+},
+"password": {
+"description": "Required. Input only. The password of the service account object/user.",
+"type": "string"
+}
+},
+"type": "object"
+},
+"IdentityServiceUserConfig": {
+"description": "Defines where users exist in the LDAP directory.",
+"id": "IdentityServiceUserConfig",
+"properties": {
+"baseDn": {
+"description": "Required. The location of the subtree in the LDAP directory to search for user entries.",
+"type": "string"
+},
+"filter": {
+"description": "Optional. Filter to apply when searching for the user. This can be used to further restrict the user accounts which are allowed to login. This defaults to \"(objectClass=User)\".",
+"type": "string"
+},
+"idAttribute": {
+"description": "Optional. Determines which attribute to use as the user's identity after they are authenticated. This is distinct from the loginAttribute field to allow users to login with a username, but then have their actual identifier be an email address or full Distinguished Name (DN). For example, setting loginAttribute to \"sAMAccountName\" and identifierAttribute to \"userPrincipalName\" would allow a user to login as \"bsmith\", but actual RBAC policies for the user would be written as \"bsmith@example.com\". Using \"userPrincipalName\" is recommended since this will be unique for each user. This defaults to \"userPrincipalName\".",
+"type": "string"
+},
+"loginAttribute": {
+"description": "Optional. The name of the attribute which matches against the input username. This is used to find the user in the LDAP database e.g. \"(=)\" and is combined with the optional filter field. This defaults to \"userPrincipalName\".",
+"type": "string"
+}
+},
+"type": "object"
+},
 "KubernetesMetadata": {
 "description": "KubernetesMetadata provides informational metadata for Memberships representing Kubernetes clusters.",
 "id": "KubernetesMetadata",
@@ -4018,6 +4216,31 @@
 },
 "type": "object"
 },
+"ListBoundMembershipsResponse": {
+"description": "List of Memberships bound to a Scope.",
+"id": "ListBoundMembershipsResponse",
+"properties": {
+"memberships": {
+"description": "The list of Memberships bound to the given Scope.",
+"items": {
+"$ref": "Membership"
+},
+"type": "array"
+},
+"nextPageToken": {
+"description": "A token to request the next page of resources from the `ListBoundMemberships` method. The value of an empty string means that there are no more resources to return.",
+"type": "string"
+},
+"unreachable": {
+"description": "List of locations that could not be reached while fetching this list.",
+"items": {
+"type": "string"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
 "ListFeaturesResponse": {
 "description": "Response message for the `GkeHub.ListFeatures` method.",
 "id": "ListFeaturesResponse",
@@ -4133,6 +4356,24 @@
 },
 "type": "object"
 },
+"ListPermittedScopesResponse": {
+"description": "List of permitted Scopes.",
+"id": "ListPermittedScopesResponse",
+"properties": {
+"nextPageToken": {
+"description": "A token to request the next page of resources from the `ListPermittedScopes` method. The value of an empty string means that there are no more resources to return.",
+"type": "string"
+},
+"scopes": {
+"description": "The list of permitted Scopes",
+"items": {
+"$ref": "Scope"
+},
+"type": "array"
+}
+},
+"type": "object"
+},
 "ListScopeNamespacesResponse": {
 "description": "List of fleet namespaces.",
 "id": "ListScopeNamespacesResponse",