From 33b3134dd0b27afd58943b617e78b71775f66ffb Mon Sep 17 00:00:00 2001 From: Yoshi Automation Date: Thu, 22 Dec 2022 01:40:07 +0000 Subject: [PATCH] feat(assuredworkloads): update the API #### assuredworkloads:v1beta1 The following keys were changed: - schemas.GoogleCloudAssuredworkloadsV1beta1RestrictAllowedResourcesRequest.properties.restrictionType.enum - schemas.GoogleCloudAssuredworkloadsV1beta1RestrictAllowedResourcesRequest.properties.restrictionType.enumDescriptions - schemas.GoogleCloudAssuredworkloadsV1beta1Workload.properties.complianceRegime.enum - schemas.GoogleCloudAssuredworkloadsV1beta1Workload.properties.complianceRegime.enumDescriptions - schemas.GoogleCloudAssuredworkloadsV1beta1Workload.properties.partner.description - schemas.GoogleCloudAssuredworkloadsV1beta1Workload.properties.partner.enum - schemas.GoogleCloudAssuredworkloadsV1beta1Workload.properties.partner.enumDescriptions #### assuredworkloads:v1 The following keys were added: - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.description - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.flatPath - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.httpMethod - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.id - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.parameterOrder - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.parameters.name.description - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.parameters.name.location - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.parameters.name.pattern - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.parameters.name.required - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.parameters.name.type - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.path - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.request.$ref - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.response.$ref - resources.organizations.resources.locations.resources.workloads.methods.mutatePartnerPermissions.scopes - schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.description - schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.id - schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.etag.description - schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.etag.type - schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.partnerPermissions.$ref - schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.partnerPermissions.description - schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.updateMask.description - schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.updateMask.format - schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.properties.updateMask.type - schemas.GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest.type - schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.description - schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.id - schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.properties.dataLogsViewer.description - schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.properties.dataLogsViewer.type - schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.properties.remediateFolderViolations.description - schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.properties.remediateFolderViolations.type - schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.properties.serviceAccessApprover.description - schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.properties.serviceAccessApprover.type - schemas.GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions.type The following keys were changed: - schemas.GoogleCloudAssuredworkloadsV1CreateWorkloadOperationMetadata.properties.complianceRegime.enum - schemas.GoogleCloudAssuredworkloadsV1CreateWorkloadOperationMetadata.properties.complianceRegime.enumDescriptions - schemas.GoogleCloudAssuredworkloadsV1RestrictAllowedResourcesRequest.properties.restrictionType.enum - schemas.GoogleCloudAssuredworkloadsV1RestrictAllowedResourcesRequest.properties.restrictionType.enumDescriptions - schemas.GoogleCloudAssuredworkloadsV1Workload.properties.complianceRegime.enum - schemas.GoogleCloudAssuredworkloadsV1Workload.properties.complianceRegime.enumDescriptions - schemas.GoogleCloudAssuredworkloadsV1Workload.properties.partner.description - schemas.GoogleCloudAssuredworkloadsV1Workload.properties.partner.enum - schemas.GoogleCloudAssuredworkloadsV1Workload.properties.partner.enumDescriptions --- discovery/assuredworkloads-v1.json | 97 +++++++++-- discovery/assuredworkloads-v1beta1.json | 24 ++- src/apis/assuredworkloads/v1.ts | 217 +++++++++++++++++++++++- src/apis/assuredworkloads/v1beta1.ts | 2 +- 4 files changed, 318 insertions(+), 22 deletions(-) diff --git a/discovery/assuredworkloads-v1.json b/discovery/assuredworkloads-v1.json index fa29e0d4f7..b49c0244ab 100644 --- a/discovery/assuredworkloads-v1.json +++ b/discovery/assuredworkloads-v1.json @@ -310,6 +310,34 @@ "https://www.googleapis.com/auth/cloud-platform" ] }, + "mutatePartnerPermissions": { + "description": "Update the permissions settings for an existing partner workload. For force updates don't set etag field in the Workload. Only one update operation per workload can be in progress.", + "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/workloads/{workloadsId}:mutatePartnerPermissions", + "httpMethod": "PATCH", + "id": "assuredworkloads.organizations.locations.workloads.mutatePartnerPermissions", + "parameterOrder": [ + "name" + ], + "parameters": { + "name": { + "description": "Required. The `name` field is used to identify the workload. Format: organizations/{org_id}/locations/{location_id}/workloads/{workload_id}", + "location": "path", + "pattern": "^organizations/[^/]+/locations/[^/]+/workloads/[^/]+$", + "required": true, + "type": "string" + } + }, + "path": "v1/{+name}:mutatePartnerPermissions", + "request": { + "$ref": "GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest" + }, + "response": { + "$ref": "GoogleCloudAssuredworkloadsV1Workload" + }, + "scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ] + }, "patch": { "description": "Updates an existing workload. Currently allows updating of workload display_name and labels. For force updates don't set etag field in the Workload. Only one update operation per workload can be in progress.", "flatPath": "v1/organizations/{organizationsId}/locations/{locationsId}/workloads/{workloadsId}", @@ -491,7 +519,7 @@ } } }, - "revision": "20221020", + "revision": "20221212", "rootUrl": "https://assuredworkloads.googleapis.com/", "schemas": { "GoogleCloudAssuredworkloadsV1AcknowledgeViolationRequest": { @@ -534,7 +562,8 @@ "CA_REGIONS_AND_SUPPORT", "ITAR", "AU_REGIONS_AND_US_SUPPORT", - "ASSURED_WORKLOADS_FOR_PARTNERS" + "ASSURED_WORKLOADS_FOR_PARTNERS", + "ISR_REGIONS" ], "enumDescriptions": [ "Unknown compliance regime.", @@ -549,7 +578,8 @@ "Assured Workloads For Canada Regions and Support controls", "International Traffic in Arms Regulations", "Assured Workloads for Australia Regions and Support controls Available for public preview consumption. Don't create production workloads.", - "Assured Workloads for Partners" + "Assured Workloads for Partners", + "Assured Workloads for Israel Regions" ], "type": "string" }, @@ -605,6 +635,26 @@ }, "type": "object" }, + "GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest": { + "description": "Request of updating permission settings for a partner workload.", + "id": "GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest", + "properties": { + "etag": { + "description": "Optional. The etag of the workload. If this is provided, it must match the server's etag.", + "type": "string" + }, + "partnerPermissions": { + "$ref": "GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions", + "description": "Required. The partner permissions to be updated." + }, + "updateMask": { + "description": "Required. The list of fields to be updated. E.g. update_mask { paths: \"partner_permissions.data_logs_viewer\"}", + "format": "google-fieldmask", + "type": "string" + } + }, + "type": "object" + }, "GoogleCloudAssuredworkloadsV1RestrictAllowedResourcesRequest": { "description": "Request for restricting list of available resources in Workload environment.", "id": "GoogleCloudAssuredworkloadsV1RestrictAllowedResourcesRequest", @@ -614,12 +664,14 @@ "enum": [ "RESTRICTION_TYPE_UNSPECIFIED", "ALLOW_ALL_GCP_RESOURCES", - "ALLOW_COMPLIANT_RESOURCES" + "ALLOW_COMPLIANT_RESOURCES", + "APPEND_COMPLIANT_RESOURCES" ], "enumDescriptions": [ "Unknown restriction type.", "Allow the use all of all gcp products, irrespective of the compliance posture. This effectively removes gcp.restrictServiceUsage OrgPolicy on the AssuredWorkloads Folder.", - "Based on Workload's compliance regime, allowed list changes. See - https://cloud.google.com/assured-workloads/docs/supported-products for the list of supported resources." + "Based on Workload's compliance regime, allowed list changes. See - https://cloud.google.com/assured-workloads/docs/supported-products for the list of supported resources.", + "Similar to ALLOW_COMPLIANT_RESOURCES but adds the list of compliant resources to the existing list of resources. Effective org-policy of the Folder is considered to ensure there is no disruption to the existing customer workflows." ], "type": "string" } @@ -854,7 +906,8 @@ "CA_REGIONS_AND_SUPPORT", "ITAR", "AU_REGIONS_AND_US_SUPPORT", - "ASSURED_WORKLOADS_FOR_PARTNERS" + "ASSURED_WORKLOADS_FOR_PARTNERS", + "ISR_REGIONS" ], "enumDescriptions": [ "Unknown compliance regime.", @@ -869,7 +922,8 @@ "Assured Workloads For Canada Regions and Support controls", "International Traffic in Arms Regulations", "Assured Workloads for Australia Regions and Support controls Available for public preview consumption. Don't create production workloads.", - "Assured Workloads for Partners" + "Assured Workloads for Partners", + "Assured Workloads for Israel Regions" ], "type": "string" }, @@ -935,14 +989,16 @@ "type": "string" }, "partner": { - "description": "Optional. Compliance Regime associated with this workload.", + "description": "Optional. Partner regime associated with this workload.", "enum": [ "PARTNER_UNSPECIFIED", - "LOCAL_CONTROLS_BY_S3NS" + "LOCAL_CONTROLS_BY_S3NS", + "SOVEREIGN_CONTROLS_BY_T_SYSTEMS" ], "enumDescriptions": [ - "Unknown partner regime/controls.", - "S3NS regime/controls." + "", + "Enum representing S3NS partner.", + "Enum representing T_SYSTEM partner." ], "type": "string" }, @@ -1007,6 +1063,25 @@ }, "type": "object" }, + "GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions": { + "description": "Permissions granted to the AW Partner SA account for the customer workload", + "id": "GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions", + "properties": { + "dataLogsViewer": { + "description": "Allow partner to view data and logs", + "type": "boolean" + }, + "remediateFolderViolations": { + "description": "Allow partner to monitor folder and remediate violations", + "type": "boolean" + }, + "serviceAccessApprover": { + "description": "Allow partner to approve or reject Service Access requests", + "type": "boolean" + } + }, + "type": "object" + }, "GoogleCloudAssuredworkloadsV1WorkloadResourceInfo": { "description": "Represent the resources that are children of this Workload.", "id": "GoogleCloudAssuredworkloadsV1WorkloadResourceInfo", diff --git a/discovery/assuredworkloads-v1beta1.json b/discovery/assuredworkloads-v1beta1.json index 60019b96fb..db7155c1ec 100644 --- a/discovery/assuredworkloads-v1beta1.json +++ b/discovery/assuredworkloads-v1beta1.json @@ -595,7 +595,7 @@ } } }, - "revision": "20221020", + "revision": "20221212", "rootUrl": "https://assuredworkloads.googleapis.com/", "schemas": { "GoogleCloudAssuredworkloadsV1beta1AcknowledgeViolationRequest": { @@ -678,12 +678,14 @@ "enum": [ "RESTRICTION_TYPE_UNSPECIFIED", "ALLOW_ALL_GCP_RESOURCES", - "ALLOW_COMPLIANT_RESOURCES" + "ALLOW_COMPLIANT_RESOURCES", + "APPEND_COMPLIANT_RESOURCES" ], "enumDescriptions": [ "Unknown restriction type.", "Allow the use all of all gcp products, irrespective of the compliance posture. This effectively removes gcp.restrictServiceUsage OrgPolicy on the AssuredWorkloads Folder.", - "Based on Workload's compliance regime, allowed list changes. See - https://cloud.google.com/assured-workloads/docs/supported-products for the list of supported resources." + "Based on Workload's compliance regime, allowed list changes. See - https://cloud.google.com/assured-workloads/docs/supported-products for the list of supported resources.", + "Similar to ALLOW_COMPLIANT_RESOURCES but adds the list of compliant resources to the existing list of compliant resources. Effective org-policy of the Folder is considered to ensure there is no disruption to the existing customer workflows." ], "type": "string" } @@ -922,7 +924,8 @@ "CA_REGIONS_AND_SUPPORT", "ITAR", "AU_REGIONS_AND_US_SUPPORT", - "ASSURED_WORKLOADS_FOR_PARTNERS" + "ASSURED_WORKLOADS_FOR_PARTNERS", + "ISR_REGIONS" ], "enumDescriptions": [ "Unknown compliance regime.", @@ -937,7 +940,8 @@ "Assured Workloads For Canada Regions and Support controls", "International Traffic in Arms Regulations", "Assured Workloads for Australia Regions and Support controls Available for public preview consumption. Don't create production workloads.", - "Assured Workloads for Partners;" + "Assured Workloads for Partners;", + "Assured Workloads for Israel" ], "type": "string" }, @@ -1015,14 +1019,16 @@ "type": "string" }, "partner": { - "description": "Optional. Compliance Regime associated with this workload.", + "description": "Optional. Partner regime associated with this workload.", "enum": [ "PARTNER_UNSPECIFIED", - "LOCAL_CONTROLS_BY_S3NS" + "LOCAL_CONTROLS_BY_S3NS", + "SOVEREIGN_CONTROLS_BY_T_SYSTEMS" ], "enumDescriptions": [ - "Unknown partner regime/controls.", - "S3NS regime/controls." + "", + "Enum representing S3NS partner.", + "Enum representing T_SYSTEM partner." ], "type": "string" }, diff --git a/src/apis/assuredworkloads/v1.ts b/src/apis/assuredworkloads/v1.ts index 32579685cc..2387fc6b30 100644 --- a/src/apis/assuredworkloads/v1.ts +++ b/src/apis/assuredworkloads/v1.ts @@ -188,6 +188,23 @@ export namespace assuredworkloads_v1 { */ workloads?: Schema$GoogleCloudAssuredworkloadsV1Workload[]; } + /** + * Request of updating permission settings for a partner workload. + */ + export interface Schema$GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest { + /** + * Optional. The etag of the workload. If this is provided, it must match the server's etag. + */ + etag?: string | null; + /** + * Required. The partner permissions to be updated. + */ + partnerPermissions?: Schema$GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions; + /** + * Required. The list of fields to be updated. E.g. update_mask { paths: "partner_permissions.data_logs_viewer"\} + */ + updateMask?: string | null; + } /** * Request for restricting list of available resources in Workload environment. */ @@ -379,7 +396,7 @@ export namespace assuredworkloads_v1 { */ name?: string | null; /** - * Optional. Compliance Regime associated with this workload. + * Optional. Partner regime associated with this workload. */ partner?: string | null; /** @@ -425,6 +442,23 @@ export namespace assuredworkloads_v1 { */ rotationPeriod?: string | null; } + /** + * Permissions granted to the AW Partner SA account for the customer workload + */ + export interface Schema$GoogleCloudAssuredworkloadsV1WorkloadPartnerPermissions { + /** + * Allow partner to view data and logs + */ + dataLogsViewer?: boolean | null; + /** + * Allow partner to monitor folder and remediate violations + */ + remediateFolderViolations?: boolean | null; + /** + * Allow partner to approve or reject Service Access requests + */ + serviceAccessApprover?: boolean | null; + } /** * Represent the resources that are children of this Workload. */ @@ -1474,6 +1508,175 @@ export namespace assuredworkloads_v1 { } } + /** + * Update the permissions settings for an existing partner workload. For force updates don't set etag field in the Workload. Only one update operation per workload can be in progress. + * @example + * ```js + * // Before running the sample: + * // - Enable the API at: + * // https://console.developers.google.com/apis/api/assuredworkloads.googleapis.com + * // - Login into gcloud by running: + * // `$ gcloud auth application-default login` + * // - Install the npm module by running: + * // `$ npm install googleapis` + * + * const {google} = require('googleapis'); + * const assuredworkloads = google.assuredworkloads('v1'); + * + * async function main() { + * const auth = new google.auth.GoogleAuth({ + * // Scopes can be specified either as an array or as a single, space-delimited string. + * scopes: ['https://www.googleapis.com/auth/cloud-platform'], + * }); + * + * // Acquire an auth client, and bind it to all future calls + * const authClient = await auth.getClient(); + * google.options({auth: authClient}); + * + * // Do the magic + * const res = + * await assuredworkloads.organizations.locations.workloads.mutatePartnerPermissions( + * { + * // Required. The `name` field is used to identify the workload. Format: organizations/{org_id\}/locations/{location_id\}/workloads/{workload_id\} + * name: 'organizations/my-organization/locations/my-location/workloads/my-workload', + * + * // Request body metadata + * requestBody: { + * // request body parameters + * // { + * // "etag": "my_etag", + * // "partnerPermissions": {}, + * // "updateMask": "my_updateMask" + * // } + * }, + * } + * ); + * console.log(res.data); + * + * // Example response + * // { + * // "billingAccount": "my_billingAccount", + * // "complianceRegime": "my_complianceRegime", + * // "complianceStatus": {}, + * // "compliantButDisallowedServices": [], + * // "createTime": "my_createTime", + * // "displayName": "my_displayName", + * // "enableSovereignControls": false, + * // "etag": "my_etag", + * // "kajEnrollmentState": "my_kajEnrollmentState", + * // "kmsSettings": {}, + * // "labels": {}, + * // "name": "my_name", + * // "partner": "my_partner", + * // "provisionedResourcesParent": "my_provisionedResourcesParent", + * // "resourceSettings": [], + * // "resources": [], + * // "saaEnrollmentResponse": {} + * // } + * } + * + * main().catch(e => { + * console.error(e); + * throw e; + * }); + * + * ``` + * + * @param params - Parameters for request + * @param options - Optionally override request options, such as `url`, `method`, and `encoding`. + * @param callback - Optional callback that handles the response. + * @returns A promise if used with async/await, or void if used with a callback. + */ + mutatePartnerPermissions( + params: Params$Resource$Organizations$Locations$Workloads$Mutatepartnerpermissions, + options: StreamMethodOptions + ): GaxiosPromise; + mutatePartnerPermissions( + params?: Params$Resource$Organizations$Locations$Workloads$Mutatepartnerpermissions, + options?: MethodOptions + ): GaxiosPromise; + mutatePartnerPermissions( + params: Params$Resource$Organizations$Locations$Workloads$Mutatepartnerpermissions, + options: StreamMethodOptions | BodyResponseCallback, + callback: BodyResponseCallback + ): void; + mutatePartnerPermissions( + params: Params$Resource$Organizations$Locations$Workloads$Mutatepartnerpermissions, + options: + | MethodOptions + | BodyResponseCallback, + callback: BodyResponseCallback + ): void; + mutatePartnerPermissions( + params: Params$Resource$Organizations$Locations$Workloads$Mutatepartnerpermissions, + callback: BodyResponseCallback + ): void; + mutatePartnerPermissions( + callback: BodyResponseCallback + ): void; + mutatePartnerPermissions( + paramsOrCallback?: + | Params$Resource$Organizations$Locations$Workloads$Mutatepartnerpermissions + | BodyResponseCallback + | BodyResponseCallback, + optionsOrCallback?: + | MethodOptions + | StreamMethodOptions + | BodyResponseCallback + | BodyResponseCallback, + callback?: + | BodyResponseCallback + | BodyResponseCallback + ): + | void + | GaxiosPromise + | GaxiosPromise { + let params = (paramsOrCallback || + {}) as Params$Resource$Organizations$Locations$Workloads$Mutatepartnerpermissions; + let options = (optionsOrCallback || {}) as MethodOptions; + + if (typeof paramsOrCallback === 'function') { + callback = paramsOrCallback; + params = + {} as Params$Resource$Organizations$Locations$Workloads$Mutatepartnerpermissions; + options = {}; + } + + if (typeof optionsOrCallback === 'function') { + callback = optionsOrCallback; + options = {}; + } + + const rootUrl = + options.rootUrl || 'https://assuredworkloads.googleapis.com/'; + const parameters = { + options: Object.assign( + { + url: (rootUrl + '/v1/{+name}:mutatePartnerPermissions').replace( + /([^:]\/)\/+/g, + '$1' + ), + method: 'PATCH', + }, + options + ), + params, + requiredParams: ['name'], + pathParams: ['name'], + context: this.context, + }; + if (callback) { + createAPIRequest( + parameters, + callback as BodyResponseCallback + ); + } else { + return createAPIRequest( + parameters + ); + } + } + /** * Updates an existing workload. Currently allows updating of workload display_name and labels. For force updates don't set etag field in the Workload. Only one update operation per workload can be in progress. * @example @@ -1855,6 +2058,18 @@ export namespace assuredworkloads_v1 { */ parent?: string; } + export interface Params$Resource$Organizations$Locations$Workloads$Mutatepartnerpermissions + extends StandardParameters { + /** + * Required. The `name` field is used to identify the workload. Format: organizations/{org_id\}/locations/{location_id\}/workloads/{workload_id\} + */ + name?: string; + + /** + * Request body metadata + */ + requestBody?: Schema$GoogleCloudAssuredworkloadsV1MutatePartnerPermissionsRequest; + } export interface Params$Resource$Organizations$Locations$Workloads$Patch extends StandardParameters { /** diff --git a/src/apis/assuredworkloads/v1beta1.ts b/src/apis/assuredworkloads/v1beta1.ts index 2ff8574360..a617a6dbea 100644 --- a/src/apis/assuredworkloads/v1beta1.ts +++ b/src/apis/assuredworkloads/v1beta1.ts @@ -385,7 +385,7 @@ export namespace assuredworkloads_v1beta1 { */ name?: string | null; /** - * Optional. Compliance Regime associated with this workload. + * Optional. Partner regime associated with this workload. */ partner?: string | null; /**