generated/google/apis/pubsub_v1beta2/classes.rb in google-api-client-0.32.0 vs generated/google/apis/pubsub_v1beta2/classes.rb in google-api-client-0.32.1

- old
+ new

@@ -327,49 +327,63 @@ end end # Defines an Identity and Access Management (IAM) policy. It is used to # specify access control policies for Cloud Platform resources. - # A `Policy` consists of a list of `bindings`. A `binding` binds a list of - # `members` to a `role`, where the members can be user accounts, Google groups, - # Google domains, and service accounts. A `role` is a named list of permissions - # defined by IAM. + # A `Policy` is a collection of `bindings`. A `binding` binds one or more + # `members` to a single `role`. Members can be user accounts, service accounts, + # Google groups, and domains (such as G Suite). A `role` is a named list of + # permissions (defined by IAM or configured by users). A `binding` can + # optionally specify a `condition`, which is a logic expression that further + # constrains the role binding based on attributes about the request and/or + # target resource. # **JSON Example** # ` # "bindings": [ # ` - # "role": "roles/owner", + # "role": "roles/resourcemanager.organizationAdmin", # "members": [ # "user:mike@example.com", # "group:admins@example.com", # "domain:google.com", - # "serviceAccount:my-other-app@appspot.gserviceaccount.com" + # "serviceAccount:my-project-id@appspot.gserviceaccount.com" # ] # `, # ` - # "role": "roles/viewer", - # "members": ["user:sean@example.com"] + # "role": "roles/resourcemanager.organizationViewer", + # "members": ["user:eve@example.com"], + # "condition": ` + # "title": "expirable access", + # "description": "Does not grant access after Sep 2020", + # "expression": "request.time < + # timestamp('2020-10-01T00:00:00.000Z')", # ` + # ` # ] # ` # **YAML Example** # bindings: # - members: # - user:mike@example.com # - group:admins@example.com # - domain:google.com - # - serviceAccount:my-other-app@appspot.gserviceaccount.com - # role: roles/owner + # - serviceAccount:my-project-id@appspot.gserviceaccount.com + # role: roles/resourcemanager.organizationAdmin # - members: - # - user:sean@example.com - # role: roles/viewer + # - user:eve@example.com + # role: roles/resourcemanager.organizationViewer + # condition: + # title: expirable access + # description: Does not grant access after Sep 2020 + # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') # For a description of IAM and its features, see the # [IAM developer's guide](https://cloud.google.com/iam/docs). class Policy include Google::Apis::Core::Hashable - # Associates a list of `members` to a `role`. + # Associates a list of `members` to a `role`. Optionally may specify a + # `condition` that determines when binding is in effect. # `bindings` with no members will result in an error. # Corresponds to the JSON property `bindings` # @return [Array<Google::Apis::PubsubV1beta2::Binding>] attr_accessor :bindings @@ -379,22 +393,28 @@ # read-modify-write cycle to perform policy updates in order to avoid race # conditions: An `etag` is returned in the response to `getIamPolicy`, and # systems are expected to put that etag in the request to `setIamPolicy` to # ensure that their change will be applied to the same version of the policy. # If no `etag` is provided in the call to `setIamPolicy`, then the existing - # policy is overwritten. + # policy is overwritten. Due to blind-set semantics of an etag-less policy, + # 'setIamPolicy' will not fail even if either of incoming or stored policy + # does not meet the version requirements. # Corresponds to the JSON property `etag` # NOTE: Values are automatically base64 encoded/decoded in the client library. # @return [String] attr_accessor :etag # Specifies the format of the policy. # Valid values are 0, 1, and 3. Requests specifying an invalid value will be # rejected. - # Policies with any conditional bindings must specify version 3. Policies - # without any conditional bindings may specify any valid value or leave the - # field unset. + # Operations affecting conditional bindings must specify version 3. This can + # be either setting a conditional policy, modifying a conditional binding, + # or removing a conditional binding from the stored conditional policy. + # Operations on non-conditional policies may specify any valid value or + # leave the field unset. + # If no etag is provided in the call to `setIamPolicy`, any version + # compliance checks on the incoming and/or stored policy is skipped. # Corresponds to the JSON property `version` # @return [Fixnum] attr_accessor :version def initialize(**args) @@ -627,42 +647,55 @@ class SetIamPolicyRequest include Google::Apis::Core::Hashable # Defines an Identity and Access Management (IAM) policy. It is used to # specify access control policies for Cloud Platform resources. - # A `Policy` consists of a list of `bindings`. A `binding` binds a list of - # `members` to a `role`, where the members can be user accounts, Google groups, - # Google domains, and service accounts. A `role` is a named list of permissions - # defined by IAM. + # A `Policy` is a collection of `bindings`. A `binding` binds one or more + # `members` to a single `role`. Members can be user accounts, service accounts, + # Google groups, and domains (such as G Suite). A `role` is a named list of + # permissions (defined by IAM or configured by users). A `binding` can + # optionally specify a `condition`, which is a logic expression that further + # constrains the role binding based on attributes about the request and/or + # target resource. # **JSON Example** # ` # "bindings": [ # ` - # "role": "roles/owner", + # "role": "roles/resourcemanager.organizationAdmin", # "members": [ # "user:mike@example.com", # "group:admins@example.com", # "domain:google.com", - # "serviceAccount:my-other-app@appspot.gserviceaccount.com" + # "serviceAccount:my-project-id@appspot.gserviceaccount.com" # ] # `, # ` - # "role": "roles/viewer", - # "members": ["user:sean@example.com"] + # "role": "roles/resourcemanager.organizationViewer", + # "members": ["user:eve@example.com"], + # "condition": ` + # "title": "expirable access", + # "description": "Does not grant access after Sep 2020", + # "expression": "request.time < + # timestamp('2020-10-01T00:00:00.000Z')", # ` + # ` # ] # ` # **YAML Example** # bindings: # - members: # - user:mike@example.com # - group:admins@example.com # - domain:google.com - # - serviceAccount:my-other-app@appspot.gserviceaccount.com - # role: roles/owner + # - serviceAccount:my-project-id@appspot.gserviceaccount.com + # role: roles/resourcemanager.organizationAdmin # - members: - # - user:sean@example.com - # role: roles/viewer + # - user:eve@example.com + # role: roles/resourcemanager.organizationViewer + # condition: + # title: expirable access + # description: Does not grant access after Sep 2020 + # expression: request.time < timestamp('2020-10-01T00:00:00.000Z') # For a description of IAM and its features, see the # [IAM developer's guide](https://cloud.google.com/iam/docs). # Corresponds to the JSON property `policy` # @return [Google::Apis::PubsubV1beta2::Policy] attr_accessor :policy