From cc26b91fe80ebde3d5720f895512bab427627af5 Mon Sep 17 00:00:00 2001 From: Yoshi Automation Date: Wed, 24 May 2023 18:27:10 +0000 Subject: [PATCH] feat(iam): update the api #### iam:v1 The following keys were added: - resources.projects.resources.serviceAccounts.methods.signBlob.deprecated (Total Keys: 1) - resources.projects.resources.serviceAccounts.methods.signJwt.deprecated (Total Keys: 1) - schemas.GoogleIamAdminV1WorkforcePoolProviderOidc.properties.webSsoConfig.$ref (Total Keys: 1) - schemas.GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig (Total Keys: 4) --- docs/dyn/iam_v1.locations.workforcePools.html | 8 ++-- ...v1.locations.workforcePools.providers.html | 24 +++++++++-- .../discovery_cache/documents/iam.v1.json | 43 +++++++++++++++++-- .../discovery_cache/documents/iam.v2.json | 2 +- .../discovery_cache/documents/iam.v2beta.json | 2 +- 5 files changed, 66 insertions(+), 13 deletions(-) diff --git a/docs/dyn/iam_v1.locations.workforcePools.html b/docs/dyn/iam_v1.locations.workforcePools.html index eea74c80e1f..e8b31d56b2e 100644 --- a/docs/dyn/iam_v1.locations.workforcePools.html +++ b/docs/dyn/iam_v1.locations.workforcePools.html @@ -139,7 +139,7 @@

Method Details

{ # Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies. "description": "A String", # A user-specified description of the pool. Cannot exceed 256 characters. - "disabled": True or False, # Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. + "disabled": True or False, # Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. "displayName": "A String", # A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters. "name": "A String", # Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}` "parent": "A String", # Immutable. The resource name of the parent. Format: `organizations/{org-id}`. @@ -228,7 +228,7 @@

Method Details

{ # Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies. "description": "A String", # A user-specified description of the pool. Cannot exceed 256 characters. - "disabled": True or False, # Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. + "disabled": True or False, # Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. "displayName": "A String", # A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters. "name": "A String", # Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}` "parent": "A String", # Immutable. The resource name of the parent. Format: `organizations/{org-id}`. @@ -316,7 +316,7 @@

Method Details

"workforcePools": [ # A list of pools. { # Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies. "description": "A String", # A user-specified description of the pool. Cannot exceed 256 characters. - "disabled": True or False, # Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. + "disabled": True or False, # Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. "displayName": "A String", # A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters. "name": "A String", # Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}` "parent": "A String", # Immutable. The resource name of the parent. Format: `organizations/{org-id}`. @@ -352,7 +352,7 @@

Method Details

{ # Represents a collection of external workforces. Provides namespaces for federated users that can be referenced in IAM policies. "description": "A String", # A user-specified description of the pool. Cannot exceed 256 characters. - "disabled": True or False, # Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. + "disabled": True or False, # Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again. "displayName": "A String", # A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters. "name": "A String", # Output only. The resource name of the pool. Format: `locations/{location}/workforcePools/{workforce_pool_id}` "parent": "A String", # Immutable. The resource name of the parent. Format: `organizations/{org-id}`. diff --git a/docs/dyn/iam_v1.locations.workforcePools.providers.html b/docs/dyn/iam_v1.locations.workforcePools.providers.html index ff60db3708a..116cbf7b7e2 100644 --- a/docs/dyn/iam_v1.locations.workforcePools.providers.html +++ b/docs/dyn/iam_v1.locations.workforcePools.providers.html @@ -129,12 +129,16 @@

Method Details

"a_key": "A String", }, "description": "A String", # A user-specified description of the provider. Cannot exceed 256 characters. - "disabled": True or False, # Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access. + "disabled": True or False, # Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access. "displayName": "A String", # A user-specified display name for the provider. Cannot exceed 32 characters. "name": "A String", # Output only. The resource name of the provider. Format: `locations/{location}/workforcePools/{workforce_pool_id}/providers/{provider_id}` "oidc": { # Represents an OpenId Connect 1.0 identity provider. # An OpenId Connect 1.0 identity provider configuration. "clientId": "A String", # Required. The client ID. Must match the audience claim of the JWT issued by the identity provider. "issuerUri": "A String", # Required. The OIDC issuer URI. Must be a valid URI using the 'https' scheme. + "webSsoConfig": { # Configuration for web single sign-on for the OIDC provider. # Required. Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser. + "assertionClaimsBehavior": "A String", # Required. The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition. + "responseType": "A String", # Required. The Response Type to request for in the OIDC Authorization Request for web sign-in. + }, }, "saml": { # Represents a SAML identity provider. # A SAML identity provider configuration. "idpMetadataXml": "A String", # Required. SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata. @@ -227,12 +231,16 @@

Method Details

"a_key": "A String", }, "description": "A String", # A user-specified description of the provider. Cannot exceed 256 characters. - "disabled": True or False, # Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access. + "disabled": True or False, # Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access. "displayName": "A String", # A user-specified display name for the provider. Cannot exceed 32 characters. "name": "A String", # Output only. The resource name of the provider. Format: `locations/{location}/workforcePools/{workforce_pool_id}/providers/{provider_id}` "oidc": { # Represents an OpenId Connect 1.0 identity provider. # An OpenId Connect 1.0 identity provider configuration. "clientId": "A String", # Required. The client ID. Must match the audience claim of the JWT issued by the identity provider. "issuerUri": "A String", # Required. The OIDC issuer URI. Must be a valid URI using the 'https' scheme. + "webSsoConfig": { # Configuration for web single sign-on for the OIDC provider. # Required. Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser. + "assertionClaimsBehavior": "A String", # Required. The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition. + "responseType": "A String", # Required. The Response Type to request for in the OIDC Authorization Request for web sign-in. + }, }, "saml": { # Represents a SAML identity provider. # A SAML identity provider configuration. "idpMetadataXml": "A String", # Required. SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata. @@ -267,12 +275,16 @@

Method Details

"a_key": "A String", }, "description": "A String", # A user-specified description of the provider. Cannot exceed 256 characters. - "disabled": True or False, # Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access. + "disabled": True or False, # Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access. "displayName": "A String", # A user-specified display name for the provider. Cannot exceed 32 characters. "name": "A String", # Output only. The resource name of the provider. Format: `locations/{location}/workforcePools/{workforce_pool_id}/providers/{provider_id}` "oidc": { # Represents an OpenId Connect 1.0 identity provider. # An OpenId Connect 1.0 identity provider configuration. "clientId": "A String", # Required. The client ID. Must match the audience claim of the JWT issued by the identity provider. "issuerUri": "A String", # Required. The OIDC issuer URI. Must be a valid URI using the 'https' scheme. + "webSsoConfig": { # Configuration for web single sign-on for the OIDC provider. # Required. Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser. + "assertionClaimsBehavior": "A String", # Required. The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition. + "responseType": "A String", # Required. The Response Type to request for in the OIDC Authorization Request for web sign-in. + }, }, "saml": { # Represents a SAML identity provider. # A SAML identity provider configuration. "idpMetadataXml": "A String", # Required. SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata. @@ -312,12 +324,16 @@

Method Details

"a_key": "A String", }, "description": "A String", # A user-specified description of the provider. Cannot exceed 256 characters. - "disabled": True or False, # Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access. + "disabled": True or False, # Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access. "displayName": "A String", # A user-specified display name for the provider. Cannot exceed 32 characters. "name": "A String", # Output only. The resource name of the provider. Format: `locations/{location}/workforcePools/{workforce_pool_id}/providers/{provider_id}` "oidc": { # Represents an OpenId Connect 1.0 identity provider. # An OpenId Connect 1.0 identity provider configuration. "clientId": "A String", # Required. The client ID. Must match the audience claim of the JWT issued by the identity provider. "issuerUri": "A String", # Required. The OIDC issuer URI. Must be a valid URI using the 'https' scheme. + "webSsoConfig": { # Configuration for web single sign-on for the OIDC provider. # Required. Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser. + "assertionClaimsBehavior": "A String", # Required. The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition. + "responseType": "A String", # Required. The Response Type to request for in the OIDC Authorization Request for web sign-in. + }, }, "saml": { # Represents a SAML identity provider. # A SAML identity provider configuration. "idpMetadataXml": "A String", # Required. SAML Identity provider configuration metadata xml doc. The xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf). The max size of the acceptable xml document will be bounded to 128k characters. The metadata xml document should satisfy the following constraints: 1) Must contain an Identity Provider Entity ID. 2) Must contain at least one non-expired signing key certificate. 3) For each signing key: a) Valid from should be no more than 7 days from now. b) Valid to should be no more than 14 years in the future. 4) Up to 3 IdP signing keys are allowed in the metadata xml. When updating the provider's metadata xml, at least one non-expired signing key must overlap with the existing metadata. This requirement is skipped if there are no non-expired signing keys present in the existing metadata. diff --git a/googleapiclient/discovery_cache/documents/iam.v1.json b/googleapiclient/discovery_cache/documents/iam.v1.json index 5b5517930be..f20f87b392d 100644 --- a/googleapiclient/discovery_cache/documents/iam.v1.json +++ b/googleapiclient/discovery_cache/documents/iam.v1.json @@ -2284,6 +2284,7 @@ ] }, "signBlob": { + "deprecated": true, "description": "**Note:** This method is deprecated. Use the [`signBlob`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signBlob) method in the IAM Service Account Credentials API instead. If you currently use this method, see the [migration guide](https://cloud.google.com/iam/help/credentials/migrate-api) for instructions. Signs a blob using the system-managed private key for a ServiceAccount.", "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signBlob", "httpMethod": "POST", @@ -2312,6 +2313,7 @@ ] }, "signJwt": { + "deprecated": true, "description": "**Note:** This method is deprecated. Use the [`signJwt`](https://cloud.google.com/iam/help/rest-credentials/v1/projects.serviceAccounts/signJwt) method in the IAM Service Account Credentials API instead. If you currently use this method, see the [migration guide](https://cloud.google.com/iam/help/credentials/migrate-api) for instructions. Signs a JSON Web Token (JWT) using the system-managed private key for a ServiceAccount.", "flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}:signJwt", "httpMethod": "POST", @@ -2749,7 +2751,7 @@ } } }, - "revision": "20230406", + "revision": "20230511", "rootUrl": "https://iam.googleapis.com/", "schemas": { "AdminAuditData": { @@ -3051,6 +3053,41 @@ "issuerUri": { "description": "Required. The OIDC issuer URI. Must be a valid URI using the 'https' scheme.", "type": "string" + }, + "webSsoConfig": { + "$ref": "GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig", + "description": "Required. Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser." + } + }, + "type": "object" + }, + "GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig": { + "description": "Configuration for web single sign-on for the OIDC provider.", + "id": "GoogleIamAdminV1WorkforcePoolProviderOidcWebSsoConfig", + "properties": { + "assertionClaimsBehavior": { + "description": "Required. The behavior for how OIDC Claims are included in the `assertion` object used for attribute mapping and attribute condition.", + "enum": [ + "ASSERTION_CLAIMS_BEHAVIOR_UNSPECIFIED", + "ONLY_ID_TOKEN_CLAIMS" + ], + "enumDescriptions": [ + "No assertion claims behavior specified.", + "Only include ID Token Claims." + ], + "type": "string" + }, + "responseType": { + "description": "Required. The Response Type to request for in the OIDC Authorization Request for web sign-in.", + "enum": [ + "RESPONSE_TYPE_UNSPECIFIED", + "ID_TOKEN" + ], + "enumDescriptions": [ + "No Response Type specified.", + "The `response_type=id_token` selection uses the Implicit Flow for web sign-in." + ], + "type": "string" } }, "type": "object" @@ -4089,7 +4126,7 @@ "type": "string" }, "disabled": { - "description": "Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.", + "description": "Disables the workforce pool. You cannot use a disabled pool to exchange tokens, or use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.", "type": "boolean" }, "displayName": { @@ -4148,7 +4185,7 @@ "type": "string" }, "disabled": { - "description": "Whether the provider is disabled. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.", + "description": "Disables the workforce pool provider. You cannot use a disabled provider to exchange tokens. However, existing tokens still grant access.", "type": "boolean" }, "displayName": { diff --git a/googleapiclient/discovery_cache/documents/iam.v2.json b/googleapiclient/discovery_cache/documents/iam.v2.json index 03ce2707261..47bea667f87 100644 --- a/googleapiclient/discovery_cache/documents/iam.v2.json +++ b/googleapiclient/discovery_cache/documents/iam.v2.json @@ -293,7 +293,7 @@ } } }, - "revision": "20230406", + "revision": "20230511", "rootUrl": "https://iam.googleapis.com/", "schemas": { "GoogleIamAdminV1AuditData": { diff --git a/googleapiclient/discovery_cache/documents/iam.v2beta.json b/googleapiclient/discovery_cache/documents/iam.v2beta.json index 5ab7c17e6bf..e651e20b465 100644 --- a/googleapiclient/discovery_cache/documents/iam.v2beta.json +++ b/googleapiclient/discovery_cache/documents/iam.v2beta.json @@ -293,7 +293,7 @@ } } }, - "revision": "20230406", + "revision": "20230511", "rootUrl": "https://iam.googleapis.com/", "schemas": { "GoogleIamAdminV1AuditData": {