From 8cea32a6c1c390314d8adb674818bb70692cfde5 Mon Sep 17 00:00:00 2001
From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com>
Date: Thu, 17 Nov 2022 03:30:23 +0000
Subject: [PATCH] feat: [accesscontextmanager] added AccessPolicy.scopes,
EgressTo.external_resources, and IAM methods (#8749)
- [ ] Regenerate this pull request now.
PiperOrigin-RevId: 487011241
Source-Link: https://togithub.com/googleapis/googleapis/commit/f31ec7d4d1f27fd76594165ae41a344465e9f228
Source-Link: https://togithub.com/googleapis/googleapis-gen/commit/ede3360c9fc0e8762e56a428d0e76e546efaccc9
Copy-Tag: eyJwIjoiamF2YS1hY2Nlc3Njb250ZXh0bWFuYWdlci8uT3dsQm90LnlhbWwiLCJoIjoiZWRlMzM2MGM5ZmMwZTg3NjJlNTZhNDI4ZDBlNzZlNTQ2ZWZhY2NjOSJ9
---
java-accesscontextmanager/README.md | 32 +-
.../v1/AccessContextManagerClient.java | 845 +-
.../v1/AccessContextManagerSettings.java | 37 +
.../v1/gapic_metadata.json | 9 +
.../accesscontextmanager/v1/package-info.java | 16 +-
.../v1/stub/AccessContextManagerStub.java | 18 +
.../AccessContextManagerStubSettings.java | 79 +-
.../v1/stub/GrpcAccessContextManagerStub.java | 97 +
.../HttpJsonAccessContextManagerStub.java | 169 +
...ccessContextManagerClientHttpJsonTest.java | 179 +
.../v1/AccessContextManagerClientTest.java | 164 +
.../v1/MockAccessContextManagerImpl.java | 67 +
.../v1/AccessContextManagerGrpc.java | 1285 ++-
.../pom.xml | 7 +-
.../v1/AccessContextManagerProto.java | 573 +-
.../accesscontextmanager/v1/AccessPolicy.java | 442 +
.../v1/AccessPolicyOrBuilder.java | 103 +
.../v1/CommitServicePerimetersRequest.java | 14 +-
...mmitServicePerimetersRequestOrBuilder.java | 4 +-
.../accesscontextmanager/v1/PolicyProto.java | 32 +-
.../v1/ServicePerimeterConfig.java | 8930 +++++++++--------
.../v1/ServicePerimeterProto.java | 134 +-
.../v1/access_context_manager.proto | 300 +-
.../v1/access_level.proto | 2 +-
.../v1/access_policy.proto | 18 +-
.../v1/gcp_user_access_binding.proto | 2 +-
.../v1/service_perimeter.proto | 166 +-
27 files changed, 8081 insertions(+), 5643 deletions(-)
diff --git a/java-accesscontextmanager/README.md b/java-accesscontextmanager/README.md
index 94e55329d991..5b4aec6ccd3b 100644
--- a/java-accesscontextmanager/README.md
+++ b/java-accesscontextmanager/README.md
@@ -19,20 +19,20 @@ If you are using Maven, add this to your pom.xml file:
Sample code: * @@ -253,8 +258,8 @@ public final ListAccessPoliciesPagedResponse listAccessPolicies( // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * List all [AccessPolicies] [google.identity.accesscontextmanager.v1.AccessPolicy] under a - * container. + * Lists all [access policies] [google.identity.accesscontextmanager.v1.AccessPolicy] in an + * organization. * *
Sample code: * @@ -288,8 +293,8 @@ public final ListAccessPoliciesPagedResponse listAccessPolicies( // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * List all [AccessPolicies] [google.identity.accesscontextmanager.v1.AccessPolicy] under a - * container. + * Lists all [access policies] [google.identity.accesscontextmanager.v1.AccessPolicy] in an + * organization. * *
Sample code: * @@ -330,7 +335,8 @@ public final ListAccessPoliciesPagedResponse listAccessPolicies( // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * Get an [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] by name. + * Returns an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] based on the + * name. * *
Sample code: * @@ -359,7 +365,8 @@ public final AccessPolicy getAccessPolicy(AccessPolicyName name) { // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * Get an [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] by name. + * Returns an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] based on the + * name. * *
Sample code: * @@ -387,7 +394,8 @@ public final AccessPolicy getAccessPolicy(String name) { // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * Get an [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] by name. + * Returns an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] based on the + * name. * *
Sample code: * @@ -416,7 +424,8 @@ public final AccessPolicy getAccessPolicy(GetAccessPolicyRequest request) { // AUTO-GENERATED DOCUMENTATION AND METHOD. /** - * Get an [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] by name. + * Returns an [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] based on the + * name. * *
Sample code:
*
@@ -445,9 +454,9 @@ public final UnaryCallable Sample code:
@@ -465,6 +474,7 @@ public final UnaryCallable Sample code:
@@ -503,6 +513,7 @@ public final UnaryCallable Sample code:
@@ -541,6 +552,7 @@ public final UnaryCallable Sample code:
*
@@ -594,11 +605,10 @@ public final UnaryCallable Sample code:
*
@@ -629,11 +639,10 @@ public final UnaryCallable Sample code:
*
@@ -665,11 +674,10 @@ public final UnaryCallable Sample code:
*
@@ -699,10 +707,9 @@ public final UnaryCallable Sample code:
*
@@ -734,10 +741,9 @@ public final UnaryCallable Sample code:
*
@@ -767,10 +773,9 @@ public final UnaryCallable Sample code:
*
@@ -800,10 +805,9 @@ public final UnaryCallable Sample code:
*
@@ -834,10 +838,9 @@ public final UnaryCallable Sample code:
*
@@ -866,7 +869,7 @@ public final UnaryCallable Sample code:
@@ -901,7 +904,7 @@ public final ListAccessLevelsPagedResponse listAccessLevels(AccessPolicyName par
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * List all [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel] for an access
+ * Lists all [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] for an access
* policy.
*
* Sample code:
@@ -934,7 +937,7 @@ public final ListAccessLevelsPagedResponse listAccessLevels(String parent) {
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * List all [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel] for an access
+ * Lists all [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] for an access
* policy.
*
* Sample code:
@@ -970,7 +973,7 @@ public final ListAccessLevelsPagedResponse listAccessLevels(ListAccessLevelsRequ
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * List all [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel] for an access
+ * Lists all [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] for an access
* policy.
*
* Sample code:
@@ -1006,7 +1009,7 @@ public final ListAccessLevelsPagedResponse listAccessLevels(ListAccessLevelsRequ
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * List all [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel] for an access
+ * Lists all [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] for an access
* policy.
*
* Sample code:
@@ -1049,7 +1052,8 @@ public final ListAccessLevelsPagedResponse listAccessLevels(ListAccessLevelsRequ
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Get an [Access Level] [google.identity.accesscontextmanager.v1.AccessLevel] by resource name.
+ * Gets an [access level] [google.identity.accesscontextmanager.v1.AccessLevel] based on the
+ * resource name.
*
* Sample code:
*
@@ -1079,7 +1083,8 @@ public final AccessLevel getAccessLevel(AccessLevelName name) {
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Get an [Access Level] [google.identity.accesscontextmanager.v1.AccessLevel] by resource name.
+ * Gets an [access level] [google.identity.accesscontextmanager.v1.AccessLevel] based on the
+ * resource name.
*
* Sample code:
*
@@ -1108,7 +1113,8 @@ public final AccessLevel getAccessLevel(String name) {
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Get an [Access Level] [google.identity.accesscontextmanager.v1.AccessLevel] by resource name.
+ * Gets an [access level] [google.identity.accesscontextmanager.v1.AccessLevel] based on the
+ * resource name.
*
* Sample code:
*
@@ -1138,7 +1144,8 @@ public final AccessLevel getAccessLevel(GetAccessLevelRequest request) {
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Get an [Access Level] [google.identity.accesscontextmanager.v1.AccessLevel] by resource name.
+ * Gets an [access level] [google.identity.accesscontextmanager.v1.AccessLevel] based on the
+ * resource name.
*
* Sample code:
*
@@ -1168,11 +1175,11 @@ public final UnaryCallable Sample code:
*
@@ -1212,11 +1219,11 @@ public final UnaryCallable Sample code:
*
@@ -1253,11 +1260,11 @@ public final UnaryCallable Sample code:
*
@@ -1288,11 +1295,11 @@ public final UnaryCallable Sample code:
*
@@ -1324,11 +1331,11 @@ public final UnaryCallable Sample code:
*
@@ -1358,11 +1365,11 @@ public final UnaryCallable Sample code:
*
@@ -1400,11 +1407,11 @@ public final UnaryCallable Sample code:
*
@@ -1435,11 +1442,11 @@ public final UnaryCallable Sample code:
*
@@ -1471,11 +1478,11 @@ public final UnaryCallable Sample code:
*
@@ -1505,10 +1512,10 @@ public final UnaryCallable Sample code:
*
@@ -1541,10 +1548,10 @@ public final OperationFuture Sample code:
*
@@ -1574,10 +1581,10 @@ public final OperationFuture Sample code:
*
@@ -1607,10 +1614,10 @@ public final OperationFuture Sample code:
*
@@ -1641,10 +1648,10 @@ public final OperationFuture Sample code:
*
@@ -1673,17 +1680,16 @@ public final UnaryCallable Sample code:
*
@@ -1716,17 +1722,16 @@ public final UnaryCallable Sample code:
*
@@ -1761,17 +1766,16 @@ public final UnaryCallable Sample code:
*
@@ -1802,8 +1806,8 @@ public final UnaryCallable Sample code:
*
@@ -1838,8 +1842,8 @@ public final ListServicePerimetersPagedResponse listServicePerimeters(AccessPoli
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * List all [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
- * access policy.
+ * Lists all [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for
+ * an access policy.
*
* Sample code:
*
@@ -1872,8 +1876,8 @@ public final ListServicePerimetersPagedResponse listServicePerimeters(String par
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * List all [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
- * access policy.
+ * Lists all [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for
+ * an access policy.
*
* Sample code:
*
@@ -1908,8 +1912,8 @@ public final ListServicePerimetersPagedResponse listServicePerimeters(
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * List all [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
- * access policy.
+ * Lists all [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for
+ * an access policy.
*
* Sample code:
*
@@ -1943,8 +1947,8 @@ public final ListServicePerimetersPagedResponse listServicePerimeters(
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * List all [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
- * access policy.
+ * Lists all [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] for
+ * an access policy.
*
* Sample code:
*
@@ -1985,8 +1989,8 @@ public final ListServicePerimetersPagedResponse listServicePerimeters(
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Get a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] by
- * resource name.
+ * Gets a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] based on
+ * the resource name.
*
* Sample code:
*
@@ -2018,8 +2022,8 @@ public final ServicePerimeter getServicePerimeter(ServicePerimeterName name) {
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Get a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] by
- * resource name.
+ * Gets a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] based on
+ * the resource name.
*
* Sample code:
*
@@ -2049,8 +2053,8 @@ public final ServicePerimeter getServicePerimeter(String name) {
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Get a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] by
- * resource name.
+ * Gets a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] based on
+ * the resource name.
*
* Sample code:
*
@@ -2079,8 +2083,8 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Get a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] by
- * resource name.
+ * Gets a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] based on
+ * the resource name.
*
* Sample code:
*
@@ -2110,11 +2114,11 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Create a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] has propagated to long-lasting
- * storage. [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
- * containing errors will result in an error response for the first error encountered.
+ * Creates a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+ * long-running operation from this RPC has a successful status after the [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] propagates to long-lasting storage.
+ * If a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
* Sample code:
*
@@ -2154,11 +2158,11 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Create a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] has propagated to long-lasting
- * storage. [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
- * containing errors will result in an error response for the first error encountered.
+ * Creates a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+ * long-running operation from this RPC has a successful status after the [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] propagates to long-lasting storage.
+ * If a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
* Sample code:
*
@@ -2198,11 +2202,11 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Create a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] has propagated to long-lasting
- * storage. [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
- * containing errors will result in an error response for the first error encountered.
+ * Creates a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+ * long-running operation from this RPC has a successful status after the [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] propagates to long-lasting storage.
+ * If a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
* Sample code:
*
@@ -2234,11 +2238,11 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Create a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] has propagated to long-lasting
- * storage. [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
- * containing errors will result in an error response for the first error encountered.
+ * Creates a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+ * long-running operation from this RPC has a successful status after the [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] propagates to long-lasting storage.
+ * If a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
* Sample code:
*
@@ -2270,11 +2274,11 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Create a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] has propagated to long-lasting
- * storage. [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
- * containing errors will result in an error response for the first error encountered.
+ * Creates a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+ * long-running operation from this RPC has a successful status after the [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] propagates to long-lasting storage.
+ * If a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
* Sample code:
*
@@ -2305,12 +2309,11 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Update a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the changes to the
- * [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] have propagated
- * to long-lasting storage. [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] containing errors will result in an
- * error response for the first error encountered.
+ * Updates a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+ * long-running operation from this RPC has a successful status after the [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] propagates to long-lasting storage.
+ * If a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
* Sample code:
*
@@ -2348,12 +2351,11 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Update a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the changes to the
- * [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] have propagated
- * to long-lasting storage. [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] containing errors will result in an
- * error response for the first error encountered.
+ * Updates a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+ * long-running operation from this RPC has a successful status after the [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] propagates to long-lasting storage.
+ * If a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
* Sample code:
*
@@ -2385,12 +2387,11 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Update a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the changes to the
- * [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] have propagated
- * to long-lasting storage. [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] containing errors will result in an
- * error response for the first error encountered.
+ * Updates a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+ * long-running operation from this RPC has a successful status after the [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] propagates to long-lasting storage.
+ * If a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
* Sample code:
*
@@ -2422,12 +2423,11 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Update a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the changes to the
- * [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] have propagated
- * to long-lasting storage. [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] containing errors will result in an
- * error response for the first error encountered.
+ * Updates a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+ * long-running operation from this RPC has a successful status after the [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] propagates to long-lasting storage.
+ * If a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
* Sample code:
*
@@ -2458,9 +2458,9 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Delete a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] by
- * resource name. The longrunning operation from this RPC will have a successful status once the
- * [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] has been removed
+ * Deletes a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] based
+ * on the resource name. The long-running operation from this RPC has a successful status after
+ * the [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed
* from long-lasting storage.
*
* Sample code:
@@ -2494,9 +2494,9 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Delete a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] by
- * resource name. The longrunning operation from this RPC will have a successful status once the
- * [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] has been removed
+ * Deletes a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] based
+ * on the resource name. The long-running operation from this RPC has a successful status after
+ * the [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed
* from long-lasting storage.
*
* Sample code:
@@ -2528,9 +2528,9 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Delete a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] by
- * resource name. The longrunning operation from this RPC will have a successful status once the
- * [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] has been removed
+ * Deletes a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] based
+ * on the resource name. The long-running operation from this RPC has a successful status after
+ * the [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed
* from long-lasting storage.
*
* Sample code:
@@ -2561,9 +2561,9 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Delete a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] by
- * resource name. The longrunning operation from this RPC will have a successful status once the
- * [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] has been removed
+ * Deletes a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] based
+ * on the resource name. The long-running operation from this RPC has a successful status after
+ * the [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed
* from long-lasting storage.
*
* Sample code:
@@ -2595,9 +2595,9 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Delete a [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] by
- * resource name. The longrunning operation from this RPC will have a successful status once the
- * [Service Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] has been removed
+ * Deletes a [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] based
+ * on the resource name. The long-running operation from this RPC has a successful status after
+ * the [service perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed
* from long-lasting storage.
*
* Sample code:
@@ -2628,15 +2628,15 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Replace all existing [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [Access Policy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] with the [Service Perimeters]
+ * Replace all existing [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] with the [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This is done atomically.
- * The longrunning operation from this RPC will have a successful status once all replacements
- * have propagated to long-lasting storage. Replacements containing errors will result in an error
- * response for the first error encountered. Replacement will be cancelled on error, existing
- * [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] will not be
- * affected. Operation.response field will contain ReplaceServicePerimetersResponse.
+ * The long-running operation from this RPC has a successful status after all replacements
+ * propagate to long-lasting storage. Replacements containing errors result in an error response
+ * for the first error encountered. Upon an error, replacement are cancelled and existing [service
+ * perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] are not affected. The
+ * Operation.response field contains ReplaceServicePerimetersResponse.
*
* Sample code:
*
@@ -2670,15 +2670,15 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Replace all existing [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [Access Policy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] with the [Service Perimeters]
+ * Replace all existing [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] with the [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This is done atomically.
- * The longrunning operation from this RPC will have a successful status once all replacements
- * have propagated to long-lasting storage. Replacements containing errors will result in an error
- * response for the first error encountered. Replacement will be cancelled on error, existing
- * [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] will not be
- * affected. Operation.response field will contain ReplaceServicePerimetersResponse.
+ * The long-running operation from this RPC has a successful status after all replacements
+ * propagate to long-lasting storage. Replacements containing errors result in an error response
+ * for the first error encountered. Upon an error, replacement are cancelled and existing [service
+ * perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] are not affected. The
+ * Operation.response field contains ReplaceServicePerimetersResponse.
*
* Sample code:
*
@@ -2716,15 +2716,15 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Replace all existing [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [Access Policy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] with the [Service Perimeters]
+ * Replace all existing [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] with the [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This is done atomically.
- * The longrunning operation from this RPC will have a successful status once all replacements
- * have propagated to long-lasting storage. Replacements containing errors will result in an error
- * response for the first error encountered. Replacement will be cancelled on error, existing
- * [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] will not be
- * affected. Operation.response field will contain ReplaceServicePerimetersResponse.
+ * The long-running operation from this RPC has a successful status after all replacements
+ * propagate to long-lasting storage. Replacements containing errors result in an error response
+ * for the first error encountered. Upon an error, replacement are cancelled and existing [service
+ * perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] are not affected. The
+ * Operation.response field contains ReplaceServicePerimetersResponse.
*
* Sample code:
*
@@ -2756,18 +2756,18 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Commit the dry-run spec for all the [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [Access
- * Policy][google.identity.accesscontextmanager.v1.AccessPolicy]. A commit operation on a Service
- * Perimeter involves copying its `spec` field to that Service Perimeter's `status` field. Only
- * [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] with
+ * Commits the dry-run specification for all the [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
+ * policy][google.identity.accesscontextmanager.v1.AccessPolicy]. A commit operation on a service
+ * perimeter involves copying its `spec` field to the `status` field of the service perimeter.
+ * Only [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] with
* `use_explicit_dry_run_spec` field set to true are affected by a commit operation. The
- * longrunning operation from this RPC will have a successful status once the dry-run specs for
- * all the [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] have
- * been committed. If a commit fails, it will cause the longrunning operation to return an error
- * response and the entire commit operation will be cancelled. When successful, Operation.response
- * field will contain CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will be
- * cleared after a successful commit operation.
+ * long-running operation from this RPC has a successful status after the dry-run specifications
+ * for all the [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * have been committed. If a commit fails, it causes the long-running operation to return an error
+ * response and the entire commit operation is cancelled. When successful, the Operation.response
+ * field contains CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are cleared
+ * after a successful commit operation.
*
* Sample code:
*
@@ -2800,18 +2800,18 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Commit the dry-run spec for all the [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [Access
- * Policy][google.identity.accesscontextmanager.v1.AccessPolicy]. A commit operation on a Service
- * Perimeter involves copying its `spec` field to that Service Perimeter's `status` field. Only
- * [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] with
+ * Commits the dry-run specification for all the [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
+ * policy][google.identity.accesscontextmanager.v1.AccessPolicy]. A commit operation on a service
+ * perimeter involves copying its `spec` field to the `status` field of the service perimeter.
+ * Only [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] with
* `use_explicit_dry_run_spec` field set to true are affected by a commit operation. The
- * longrunning operation from this RPC will have a successful status once the dry-run specs for
- * all the [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] have
- * been committed. If a commit fails, it will cause the longrunning operation to return an error
- * response and the entire commit operation will be cancelled. When successful, Operation.response
- * field will contain CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will be
- * cleared after a successful commit operation.
+ * long-running operation from this RPC has a successful status after the dry-run specifications
+ * for all the [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * have been committed. If a commit fails, it causes the long-running operation to return an error
+ * response and the entire commit operation is cancelled. When successful, the Operation.response
+ * field contains CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are cleared
+ * after a successful commit operation.
*
* Sample code:
*
@@ -2848,18 +2848,18 @@ public final ServicePerimeter getServicePerimeter(GetServicePerimeterRequest req
// AUTO-GENERATED DOCUMENTATION AND METHOD.
/**
- * Commit the dry-run spec for all the [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [Access
- * Policy][google.identity.accesscontextmanager.v1.AccessPolicy]. A commit operation on a Service
- * Perimeter involves copying its `spec` field to that Service Perimeter's `status` field. Only
- * [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] with
+ * Commits the dry-run specification for all the [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
+ * policy][google.identity.accesscontextmanager.v1.AccessPolicy]. A commit operation on a service
+ * perimeter involves copying its `spec` field to the `status` field of the service perimeter.
+ * Only [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] with
* `use_explicit_dry_run_spec` field set to true are affected by a commit operation. The
- * longrunning operation from this RPC will have a successful status once the dry-run specs for
- * all the [Service Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter] have
- * been committed. If a commit fails, it will cause the longrunning operation to return an error
- * response and the entire commit operation will be cancelled. When successful, Operation.response
- * field will contain CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will be
- * cleared after a successful commit operation.
+ * long-running operation from this RPC has a successful status after the dry-run specifications
+ * for all the [service perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * have been committed. If a commit fails, it causes the long-running operation to return an error
+ * response and the entire commit operation is cancelled. When successful, the Operation.response
+ * field contains CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are cleared
+ * after a successful commit operation.
*
* Sample code:
*
@@ -3201,8 +3201,8 @@ public final GcpUserAccessBinding getGcpUserAccessBinding(
/**
* Creates a [GcpUserAccessBinding]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the client specifies a
- * [name] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name], the server will
- * ignore it. Fails if a resource already exists with the same [group_key]
+ * [name] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name], the server ignores
+ * it. Fails if a resource already exists with the same [group_key]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key]. Completion of this
* long-running operation does not necessarily signify that the new binding is deployed onto all
* affected users, which may take more time.
@@ -3246,8 +3246,8 @@ public final GcpUserAccessBinding getGcpUserAccessBinding(
/**
* Creates a [GcpUserAccessBinding]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the client specifies a
- * [name] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name], the server will
- * ignore it. Fails if a resource already exists with the same [group_key]
+ * [name] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name], the server ignores
+ * it. Fails if a resource already exists with the same [group_key]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key]. Completion of this
* long-running operation does not necessarily signify that the new binding is deployed onto all
* affected users, which may take more time.
@@ -3290,8 +3290,8 @@ public final GcpUserAccessBinding getGcpUserAccessBinding(
/**
* Creates a [GcpUserAccessBinding]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the client specifies a
- * [name] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name], the server will
- * ignore it. Fails if a resource already exists with the same [group_key]
+ * [name] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name], the server ignores
+ * it. Fails if a resource already exists with the same [group_key]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key]. Completion of this
* long-running operation does not necessarily signify that the new binding is deployed onto all
* affected users, which may take more time.
@@ -3328,8 +3328,8 @@ public final GcpUserAccessBinding getGcpUserAccessBinding(
/**
* Creates a [GcpUserAccessBinding]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the client specifies a
- * [name] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name], the server will
- * ignore it. Fails if a resource already exists with the same [group_key]
+ * [name] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name], the server ignores
+ * it. Fails if a resource already exists with the same [group_key]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key]. Completion of this
* long-running operation does not necessarily signify that the new binding is deployed onto all
* affected users, which may take more time.
@@ -3370,8 +3370,8 @@ public final GcpUserAccessBinding getGcpUserAccessBinding(
/**
* Creates a [GcpUserAccessBinding]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the client specifies a
- * [name] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name], the server will
- * ignore it. Fails if a resource already exists with the same [group_key]
+ * [name] [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name], the server ignores
+ * it. Fails if a resource already exists with the same [group_key]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key]. Completion of this
* long-running operation does not necessarily signify that the new binding is deployed onto all
* affected users, which may take more time.
@@ -3731,6 +3731,209 @@ public final GcpUserAccessBinding getGcpUserAccessBinding(
return stub.deleteGcpUserAccessBindingCallable();
}
+ // AUTO-GENERATED DOCUMENTATION AND METHOD.
+ /**
+ * Sets the IAM policy for the specified Access Context Manager [access
+ * policy][google.identity.accesscontextmanager.v1.AccessPolicy]. This method replaces the
+ * existing IAM policy on the access policy. The IAM policy controls the set of users who can
+ * perform specific operations on the Access Context Manager [access
+ * policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ *
+ * Sample code:
+ *
+ * Sample code:
+ *
+ * Sample code:
+ *
+ * Sample code:
+ *
+ * Sample code:
+ *
+ * Sample code:
+ *
+ * The interfaces provided are listed below, along with usage samples.
*
* ======================= AccessContextManagerClient =======================
*
- * Service Description: API for setting [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] and [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud Projects. Each
- * organization has one [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy]
- * containing the [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
- * Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [AccessPolicy]
+ * Service Description: API for setting [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] and [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] for Google Cloud projects. Each
+ * organization has one [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] that
+ * contains the [access levels] [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+ * perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]. This [access policy]
* [google.identity.accesscontextmanager.v1.AccessPolicy] is applicable to all resources in the
* organization. AccessPolicies
*
diff --git a/java-accesscontextmanager/google-identity-accesscontextmanager/src/main/java/com/google/identity/accesscontextmanager/v1/stub/AccessContextManagerStub.java b/java-accesscontextmanager/google-identity-accesscontextmanager/src/main/java/com/google/identity/accesscontextmanager/v1/stub/AccessContextManagerStub.java
index 5ab449ae7541..454837097c49 100644
--- a/java-accesscontextmanager/google-identity-accesscontextmanager/src/main/java/com/google/identity/accesscontextmanager/v1/stub/AccessContextManagerStub.java
+++ b/java-accesscontextmanager/google-identity-accesscontextmanager/src/main/java/com/google/identity/accesscontextmanager/v1/stub/AccessContextManagerStub.java
@@ -24,6 +24,11 @@
import com.google.api.gax.core.BackgroundResource;
import com.google.api.gax.rpc.OperationCallable;
import com.google.api.gax.rpc.UnaryCallable;
+import com.google.iam.v1.GetIamPolicyRequest;
+import com.google.iam.v1.Policy;
+import com.google.iam.v1.SetIamPolicyRequest;
+import com.google.iam.v1.TestIamPermissionsRequest;
+import com.google.iam.v1.TestIamPermissionsResponse;
import com.google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata;
import com.google.identity.accesscontextmanager.v1.AccessLevel;
import com.google.identity.accesscontextmanager.v1.AccessPolicy;
@@ -320,6 +325,19 @@ public UnaryCallable{@code
+ * // This snippet has been automatically generated and should be regarded as a code template only.
+ * // It will require modifications to work:
+ * // - It may require correct/in-range values for request initialization.
+ * // - It may require specifying regional endpoints when creating the service client as shown in
+ * // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
+ * try (AccessContextManagerClient accessContextManagerClient =
+ * AccessContextManagerClient.create()) {
+ * SetIamPolicyRequest request =
+ * SetIamPolicyRequest.newBuilder()
+ * .setResource(AccessPolicyName.of("[ACCESS_POLICY]").toString())
+ * .setPolicy(Policy.newBuilder().build())
+ * .setUpdateMask(FieldMask.newBuilder().build())
+ * .build();
+ * Policy response = accessContextManagerClient.setIamPolicy(request);
+ * }
+ * }
+ *
+ * @param request The request object containing all of the parameters for the API call.
+ * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+ */
+ public final Policy setIamPolicy(SetIamPolicyRequest request) {
+ return setIamPolicyCallable().call(request);
+ }
+
+ // AUTO-GENERATED DOCUMENTATION AND METHOD.
+ /**
+ * Sets the IAM policy for the specified Access Context Manager [access
+ * policy][google.identity.accesscontextmanager.v1.AccessPolicy]. This method replaces the
+ * existing IAM policy on the access policy. The IAM policy controls the set of users who can
+ * perform specific operations on the Access Context Manager [access
+ * policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ *
+ * {@code
+ * // This snippet has been automatically generated and should be regarded as a code template only.
+ * // It will require modifications to work:
+ * // - It may require correct/in-range values for request initialization.
+ * // - It may require specifying regional endpoints when creating the service client as shown in
+ * // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
+ * try (AccessContextManagerClient accessContextManagerClient =
+ * AccessContextManagerClient.create()) {
+ * SetIamPolicyRequest request =
+ * SetIamPolicyRequest.newBuilder()
+ * .setResource(AccessPolicyName.of("[ACCESS_POLICY]").toString())
+ * .setPolicy(Policy.newBuilder().build())
+ * .setUpdateMask(FieldMask.newBuilder().build())
+ * .build();
+ * ApiFuture
+ */
+ public final UnaryCallable{@code
+ * // This snippet has been automatically generated and should be regarded as a code template only.
+ * // It will require modifications to work:
+ * // - It may require correct/in-range values for request initialization.
+ * // - It may require specifying regional endpoints when creating the service client as shown in
+ * // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
+ * try (AccessContextManagerClient accessContextManagerClient =
+ * AccessContextManagerClient.create()) {
+ * GetIamPolicyRequest request =
+ * GetIamPolicyRequest.newBuilder()
+ * .setResource(AccessPolicyName.of("[ACCESS_POLICY]").toString())
+ * .setOptions(GetPolicyOptions.newBuilder().build())
+ * .build();
+ * Policy response = accessContextManagerClient.getIamPolicy(request);
+ * }
+ * }
+ *
+ * @param request The request object containing all of the parameters for the API call.
+ * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+ */
+ public final Policy getIamPolicy(GetIamPolicyRequest request) {
+ return getIamPolicyCallable().call(request);
+ }
+
+ // AUTO-GENERATED DOCUMENTATION AND METHOD.
+ /**
+ * Gets the IAM policy for the specified Access Context Manager [access
+ * policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ *
+ * {@code
+ * // This snippet has been automatically generated and should be regarded as a code template only.
+ * // It will require modifications to work:
+ * // - It may require correct/in-range values for request initialization.
+ * // - It may require specifying regional endpoints when creating the service client as shown in
+ * // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
+ * try (AccessContextManagerClient accessContextManagerClient =
+ * AccessContextManagerClient.create()) {
+ * GetIamPolicyRequest request =
+ * GetIamPolicyRequest.newBuilder()
+ * .setResource(AccessPolicyName.of("[ACCESS_POLICY]").toString())
+ * .setOptions(GetPolicyOptions.newBuilder().build())
+ * .build();
+ * ApiFuture
+ */
+ public final UnaryCallable{@code
+ * // This snippet has been automatically generated and should be regarded as a code template only.
+ * // It will require modifications to work:
+ * // - It may require correct/in-range values for request initialization.
+ * // - It may require specifying regional endpoints when creating the service client as shown in
+ * // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
+ * try (AccessContextManagerClient accessContextManagerClient =
+ * AccessContextManagerClient.create()) {
+ * TestIamPermissionsRequest request =
+ * TestIamPermissionsRequest.newBuilder()
+ * .setResource(AccessLevelName.of("[ACCESS_POLICY]", "[ACCESS_LEVEL]").toString())
+ * .addAllPermissions(new ArrayList
+ *
+ * @param request The request object containing all of the parameters for the API call.
+ * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+ */
+ public final TestIamPermissionsResponse testIamPermissions(TestIamPermissionsRequest request) {
+ return testIamPermissionsCallable().call(request);
+ }
+
+ // AUTO-GENERATED DOCUMENTATION AND METHOD.
+ /**
+ * Returns the IAM permissions that the caller has on the specified Access Context Manager
+ * resource. The resource can be an
+ * [AccessPolicy][google.identity.accesscontextmanager.v1.AccessPolicy],
+ * [AccessLevel][google.identity.accesscontextmanager.v1.AccessLevel], or
+ * [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter ]. This method does
+ * not support other resources.
+ *
+ * {@code
+ * // This snippet has been automatically generated and should be regarded as a code template only.
+ * // It will require modifications to work:
+ * // - It may require correct/in-range values for request initialization.
+ * // - It may require specifying regional endpoints when creating the service client as shown in
+ * // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
+ * try (AccessContextManagerClient accessContextManagerClient =
+ * AccessContextManagerClient.create()) {
+ * TestIamPermissionsRequest request =
+ * TestIamPermissionsRequest.newBuilder()
+ * .setResource(AccessLevelName.of("[ACCESS_POLICY]", "[ACCESS_LEVEL]").toString())
+ * .addAllPermissions(new ArrayList
+ */
+ public final UnaryCallable
- * API for setting [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
- * Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
- * for Google Cloud Projects. Each organization has one [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] containing the
- * [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
- * and [Service Perimeters]
+ * API for setting [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+ * perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * for Google Cloud projects. Each organization has one [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+ * [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+ * and [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
- * [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+ * [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
* applicable to all resources in the organization.
* AccessPolicies
*
@@ -1209,6 +1209,129 @@ private AccessContextManagerGrpc() {}
return getDeleteGcpUserAccessBindingMethod;
}
+ private static volatile io.grpc.MethodDescriptor<
+ com.google.iam.v1.SetIamPolicyRequest, com.google.iam.v1.Policy>
+ getSetIamPolicyMethod;
+
+ @io.grpc.stub.annotations.RpcMethod(
+ fullMethodName = SERVICE_NAME + '/' + "SetIamPolicy",
+ requestType = com.google.iam.v1.SetIamPolicyRequest.class,
+ responseType = com.google.iam.v1.Policy.class,
+ methodType = io.grpc.MethodDescriptor.MethodType.UNARY)
+ public static io.grpc.MethodDescriptor<
+ com.google.iam.v1.SetIamPolicyRequest, com.google.iam.v1.Policy>
+ getSetIamPolicyMethod() {
+ io.grpc.MethodDescriptor
- * API for setting [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
- * Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
- * for Google Cloud Projects. Each organization has one [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] containing the
- * [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
- * and [Service Perimeters]
+ * API for setting [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+ * perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * for Google Cloud projects. Each organization has one [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+ * [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+ * and [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
- * [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+ * [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
* applicable to all resources in the organization.
* AccessPolicies
*
@@ -1273,9 +1396,9 @@ public abstract static class AccessContextManagerImplBase implements io.grpc.Bin
*
*
*
- * List all [AccessPolicies]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] under a
- * container.
+ * Lists all [access policies]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] in an
+ * organization.
*
*/
public void listAccessPolicies(
@@ -1291,8 +1414,8 @@ public void listAccessPolicies(
*
*
*
- * Get an [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] by name.
+ * Returns an [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
*
*/
public void getAccessPolicy(
@@ -1307,10 +1430,10 @@ public void getAccessPolicy(
*
*
*
- * Create an `AccessPolicy`. Fails if this organization already has a
- * `AccessPolicy`. The longrunning Operation will have a successful status
- * once the `AccessPolicy` has propagated to long-lasting storage.
- * Syntactic and basic semantic errors will be returned in `metadata` as a
+ * Creates an access policy. This method fails if the organization already has
+ * an access policy. The long-running operation has a successful status
+ * after the access policy propagates to long-lasting storage.
+ * Syntactic and basic semantic errors are returned in `metadata` as a
* BadRequest proto.
*
*/
@@ -1325,13 +1448,12 @@ public void createAccessPolicy(
*
*
*
- * Update an [AccessPolicy]
+ * Updates an [access policy]
* [google.identity.accesscontextmanager.v1.AccessPolicy]. The
- * longrunning Operation from this RPC will have a successful status once the
- * changes to the [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] have propagated
- * to long-lasting storage. Syntactic and basic semantic errors will be
- * returned in `metadata` as a BadRequest proto.
+ * long-running operation from this RPC has a successful status after the
+ * changes to the [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
+ * to long-lasting storage.
*
*/
public void updateAccessPolicy(
@@ -1345,11 +1467,11 @@ public void updateAccessPolicy(
*
*
*
- * Delete an [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] by resource
- * name. The longrunning Operation will have a successful status once the
- * [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy]
- * has been removed from long-lasting storage.
+ * Deletes an [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
+ * resource name. The long-running operation has a successful status after the
+ * [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
+ * is removed from long-lasting storage.
*
*/
public void deleteAccessPolicy(
@@ -1363,7 +1485,7 @@ public void deleteAccessPolicy(
*
*
*
- * List all [Access Levels]
+ * Lists all [access levels]
* [google.identity.accesscontextmanager.v1.AccessLevel] for an access
* policy.
*
@@ -1381,8 +1503,8 @@ public void listAccessLevels(
*
*
*
- * Get an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel] by resource
+ * Gets an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
* name.
*
*/
@@ -1398,13 +1520,13 @@ public void getAccessLevel(
*
*
*
- * Create an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
- * operation from this RPC will have a successful status once the [Access
- * Level] [google.identity.accesscontextmanager.v1.AccessLevel] has
- * propagated to long-lasting storage. [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] containing
- * errors will result in an error response for the first error encountered.
+ * Creates an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+ * operation from this RPC has a successful status after the [access
+ * level] [google.identity.accesscontextmanager.v1.AccessLevel]
+ * propagates to long-lasting storage. If [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] contain
+ * errors, an error response is returned for the first error encountered.
*
*/
public void createAccessLevel(
@@ -1418,14 +1540,14 @@ public void createAccessLevel(
*
*
*
- * Update an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
- * operation from this RPC will have a successful status once the changes to
- * the [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel] have propagated
- * to long-lasting storage. [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] containing
- * errors will result in an error response for the first error encountered.
+ * Updates an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+ * operation from this RPC has a successful status after the changes to
+ * the [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] propagate
+ * to long-lasting storage. If [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] contain
+ * errors, an error response is returned for the first error encountered.
*
*/
public void updateAccessLevel(
@@ -1439,10 +1561,10 @@ public void updateAccessLevel(
*
*
*
- * Delete an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel] by resource
- * name. The longrunning operation from this RPC will have a successful status
- * once the [Access Level]
+ * Deletes an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
+ * name. The long-running operation from this RPC has a successful status
+ * after the [access level]
* [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
* from long-lasting storage.
*
@@ -1458,22 +1580,22 @@ public void deleteAccessLevel(
*
*
*
- * Replace all existing [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] in an [Access
- * Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
- * the [Access Levels]
+ * Replaces all existing [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
+ * policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
+ * the [access levels]
* [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
- * is done atomically. The longrunning operation from this RPC will have a
- * successful status once all replacements have propagated to long-lasting
- * storage. Replacements containing errors will result in an error response
- * for the first error encountered. Replacement will be cancelled on error,
- * existing [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] will not be
- * affected. Operation.response field will contain
- * ReplaceAccessLevelsResponse. Removing [Access Levels]
+ * is done atomically. The long-running operation from this RPC has a
+ * successful status after all replacements propagate to long-lasting
+ * storage. If the replacement contains errors, an error response is returned
+ * for the first error encountered. Upon error, the replacement is cancelled,
+ * and existing [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] are not
+ * affected. The Operation.response field contains
+ * ReplaceAccessLevelsResponse. Removing [access levels]
* [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
- * [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] will result in
+ * [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
* error.
*
*/
@@ -1488,7 +1610,7 @@ public void replaceAccessLevels(
*
*
*
- * List all [Service Perimeters]
+ * Lists all [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
* access policy.
*
@@ -1506,9 +1628,9 @@ public void listServicePerimeters(
*
*
*
- * Get a [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
- * name.
+ * Gets a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+ * resource name.
*
*/
public void getServicePerimeter(
@@ -1523,14 +1645,14 @@ public void getServicePerimeter(
*
*
*
- * Create a [Service Perimeter]
+ * Creates a [service perimeter]
* [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the
- * [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] has
- * propagated to long-lasting storage. [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
- * errors will result in an error response for the first error encountered.
+ * long-running operation from this RPC has a successful status after the
+ * [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * propagates to long-lasting storage. If a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
*/
public void createServicePerimeter(
@@ -1544,14 +1666,14 @@ public void createServicePerimeter(
*
*
*
- * Update a [Service Perimeter]
+ * Updates a [service perimeter]
* [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the
- * changes to the [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] have
- * propagated to long-lasting storage. [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
- * errors will result in an error response for the first error encountered.
+ * long-running operation from this RPC has a successful status after the
+ * [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * propagates to long-lasting storage. If a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
*/
public void updateServicePerimeter(
@@ -1565,12 +1687,12 @@ public void updateServicePerimeter(
*
*
*
- * Delete a [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
- * name. The longrunning operation from this RPC will have a successful status
- * once the [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] has been
- * removed from long-lasting storage.
+ * Deletes a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+ * resource name. The long-running operation from this RPC has a successful
+ * status after the [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
+ * long-lasting storage.
*
*/
public void deleteServicePerimeter(
@@ -1584,18 +1706,18 @@ public void deleteServicePerimeter(
*
*
*
- * Replace all existing [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
- * [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
- * with the [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] provided.
- * This is done atomically. The longrunning operation from this
- * RPC will have a successful status once all replacements have propagated to
- * long-lasting storage. Replacements containing errors will result in an
- * error response for the first error encountered. Replacement will be
- * cancelled on error, existing [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] will not be
- * affected. Operation.response field will contain
+ * Replace all existing [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
+ * policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
+ * [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
+ * is done atomically. The long-running operation from this RPC has a
+ * successful status after all replacements propagate to long-lasting storage.
+ * Replacements containing errors result in an error response for the first
+ * error encountered. Upon an error, replacement are cancelled and existing
+ * [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
+ * affected. The Operation.response field contains
* ReplaceServicePerimetersResponse.
*
*/
@@ -1610,21 +1732,21 @@ public void replaceServicePerimeters(
*
*
*
- * Commit the dry-run spec for all the [Service Perimeters]
+ * Commits the dry-run specification for all the [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
- * [Access Policy][google.identity.accesscontextmanager.v1.AccessPolicy].
- * A commit operation on a Service Perimeter involves copying its `spec` field
- * to that Service Perimeter's `status` field. Only [Service Perimeters]
+ * [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ * A commit operation on a service perimeter involves copying its `spec` field
+ * to the `status` field of the service perimeter. Only [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] with
* `use_explicit_dry_run_spec` field set to true are affected by a commit
- * operation. The longrunning operation from this RPC will have a successful
- * status once the dry-run specs for all the [Service Perimeters]
+ * operation. The long-running operation from this RPC has a successful
+ * status after the dry-run specifications for all the [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
- * committed. If a commit fails, it will cause the longrunning operation to
- * return an error response and the entire commit operation will be cancelled.
- * When successful, Operation.response field will contain
- * CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will
- * be cleared after a successful commit operation.
+ * committed. If a commit fails, it causes the long-running operation to
+ * return an error response and the entire commit operation is cancelled.
+ * When successful, the Operation.response field contains
+ * CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
+ * cleared after a successful commit operation.
*
*/
public void commitServicePerimeters(
@@ -1678,7 +1800,7 @@ public void getGcpUserAccessBinding(
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
* client specifies a [name]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
- * the server will ignore it. Fails if a resource already exists with the same
+ * the server ignores it. Fails if a resource already exists with the same
* [group_key]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
* Completion of this long-running operation does not necessarily signify that
@@ -1729,6 +1851,60 @@ public void deleteGcpUserAccessBinding(
getDeleteGcpUserAccessBindingMethod(), responseObserver);
}
+ /**
+ *
+ *
+ *
+ * Sets the IAM policy for the specified Access Context Manager
+ * [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ * This method replaces the existing IAM policy on the access policy. The IAM
+ * policy controls the set of users who can perform specific operations on the
+ * Access Context Manager [access
+ * policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ *
+ */
+ public void setIamPolicy(
+ com.google.iam.v1.SetIamPolicyRequest request,
+ io.grpc.stub.StreamObserver
+ * Gets the IAM policy for the specified Access Context Manager
+ * [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ *
+ */
+ public void getIamPolicy(
+ com.google.iam.v1.GetIamPolicyRequest request,
+ io.grpc.stub.StreamObserver
+ * Returns the IAM permissions that the caller has on the specified Access
+ * Context Manager resource. The resource can be an
+ * [AccessPolicy][google.identity.accesscontextmanager.v1.AccessPolicy],
+ * [AccessLevel][google.identity.accesscontextmanager.v1.AccessLevel], or
+ * [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
+ * ]. This method does not support other resources.
+ *
+ */
+ public void testIamPermissions(
+ com.google.iam.v1.TestIamPermissionsRequest request,
+ io.grpc.stub.StreamObserver
- * API for setting [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
- * Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
- * for Google Cloud Projects. Each organization has one [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] containing the
- * [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
- * and [Service Perimeters]
+ * API for setting [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+ * perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * for Google Cloud projects. Each organization has one [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+ * [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+ * and [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
- * [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+ * [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
* applicable to all resources in the organization.
* AccessPolicies
*
@@ -1919,9 +2114,9 @@ protected AccessContextManagerStub build(
*
*
*
- * List all [AccessPolicies]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] under a
- * container.
+ * Lists all [access policies]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] in an
+ * organization.
*
*/
public void listAccessPolicies(
@@ -1939,8 +2134,8 @@ public void listAccessPolicies(
*
*
*
- * Get an [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] by name.
+ * Returns an [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
*
*/
public void getAccessPolicy(
@@ -1957,10 +2152,10 @@ public void getAccessPolicy(
*
*
*
- * Create an `AccessPolicy`. Fails if this organization already has a
- * `AccessPolicy`. The longrunning Operation will have a successful status
- * once the `AccessPolicy` has propagated to long-lasting storage.
- * Syntactic and basic semantic errors will be returned in `metadata` as a
+ * Creates an access policy. This method fails if the organization already has
+ * an access policy. The long-running operation has a successful status
+ * after the access policy propagates to long-lasting storage.
+ * Syntactic and basic semantic errors are returned in `metadata` as a
* BadRequest proto.
*
*/
@@ -1977,13 +2172,12 @@ public void createAccessPolicy(
*
*
*
- * Update an [AccessPolicy]
+ * Updates an [access policy]
* [google.identity.accesscontextmanager.v1.AccessPolicy]. The
- * longrunning Operation from this RPC will have a successful status once the
- * changes to the [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] have propagated
- * to long-lasting storage. Syntactic and basic semantic errors will be
- * returned in `metadata` as a BadRequest proto.
+ * long-running operation from this RPC has a successful status after the
+ * changes to the [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
+ * to long-lasting storage.
*
*/
public void updateAccessPolicy(
@@ -1999,11 +2193,11 @@ public void updateAccessPolicy(
*
*
*
- * Delete an [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] by resource
- * name. The longrunning Operation will have a successful status once the
- * [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy]
- * has been removed from long-lasting storage.
+ * Deletes an [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
+ * resource name. The long-running operation has a successful status after the
+ * [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
+ * is removed from long-lasting storage.
*
*/
public void deleteAccessPolicy(
@@ -2019,7 +2213,7 @@ public void deleteAccessPolicy(
*
*
*
- * List all [Access Levels]
+ * Lists all [access levels]
* [google.identity.accesscontextmanager.v1.AccessLevel] for an access
* policy.
*
@@ -2039,8 +2233,8 @@ public void listAccessLevels(
*
*
*
- * Get an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel] by resource
+ * Gets an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
* name.
*
*/
@@ -2058,13 +2252,13 @@ public void getAccessLevel(
*
*
*
- * Create an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
- * operation from this RPC will have a successful status once the [Access
- * Level] [google.identity.accesscontextmanager.v1.AccessLevel] has
- * propagated to long-lasting storage. [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] containing
- * errors will result in an error response for the first error encountered.
+ * Creates an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+ * operation from this RPC has a successful status after the [access
+ * level] [google.identity.accesscontextmanager.v1.AccessLevel]
+ * propagates to long-lasting storage. If [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] contain
+ * errors, an error response is returned for the first error encountered.
*
*/
public void createAccessLevel(
@@ -2080,14 +2274,14 @@ public void createAccessLevel(
*
*
*
- * Update an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
- * operation from this RPC will have a successful status once the changes to
- * the [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel] have propagated
- * to long-lasting storage. [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] containing
- * errors will result in an error response for the first error encountered.
+ * Updates an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+ * operation from this RPC has a successful status after the changes to
+ * the [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] propagate
+ * to long-lasting storage. If [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] contain
+ * errors, an error response is returned for the first error encountered.
*
*/
public void updateAccessLevel(
@@ -2103,10 +2297,10 @@ public void updateAccessLevel(
*
*
*
- * Delete an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel] by resource
- * name. The longrunning operation from this RPC will have a successful status
- * once the [Access Level]
+ * Deletes an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
+ * name. The long-running operation from this RPC has a successful status
+ * after the [access level]
* [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
* from long-lasting storage.
*
@@ -2124,22 +2318,22 @@ public void deleteAccessLevel(
*
*
*
- * Replace all existing [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] in an [Access
- * Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
- * the [Access Levels]
+ * Replaces all existing [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
+ * policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
+ * the [access levels]
* [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
- * is done atomically. The longrunning operation from this RPC will have a
- * successful status once all replacements have propagated to long-lasting
- * storage. Replacements containing errors will result in an error response
- * for the first error encountered. Replacement will be cancelled on error,
- * existing [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] will not be
- * affected. Operation.response field will contain
- * ReplaceAccessLevelsResponse. Removing [Access Levels]
+ * is done atomically. The long-running operation from this RPC has a
+ * successful status after all replacements propagate to long-lasting
+ * storage. If the replacement contains errors, an error response is returned
+ * for the first error encountered. Upon error, the replacement is cancelled,
+ * and existing [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] are not
+ * affected. The Operation.response field contains
+ * ReplaceAccessLevelsResponse. Removing [access levels]
* [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
- * [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] will result in
+ * [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
* error.
*
*/
@@ -2156,7 +2350,7 @@ public void replaceAccessLevels(
*
*
*
- * List all [Service Perimeters]
+ * Lists all [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
* access policy.
*
@@ -2176,9 +2370,9 @@ public void listServicePerimeters(
*
*
*
- * Get a [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
- * name.
+ * Gets a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+ * resource name.
*
*/
public void getServicePerimeter(
@@ -2195,14 +2389,14 @@ public void getServicePerimeter(
*
*
*
- * Create a [Service Perimeter]
+ * Creates a [service perimeter]
* [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the
- * [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] has
- * propagated to long-lasting storage. [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
- * errors will result in an error response for the first error encountered.
+ * long-running operation from this RPC has a successful status after the
+ * [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * propagates to long-lasting storage. If a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
*/
public void createServicePerimeter(
@@ -2218,14 +2412,14 @@ public void createServicePerimeter(
*
*
*
- * Update a [Service Perimeter]
+ * Updates a [service perimeter]
* [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the
- * changes to the [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] have
- * propagated to long-lasting storage. [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
- * errors will result in an error response for the first error encountered.
+ * long-running operation from this RPC has a successful status after the
+ * [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * propagates to long-lasting storage. If a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
*/
public void updateServicePerimeter(
@@ -2241,12 +2435,12 @@ public void updateServicePerimeter(
*
*
*
- * Delete a [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
- * name. The longrunning operation from this RPC will have a successful status
- * once the [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] has been
- * removed from long-lasting storage.
+ * Deletes a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+ * resource name. The long-running operation from this RPC has a successful
+ * status after the [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
+ * long-lasting storage.
*
*/
public void deleteServicePerimeter(
@@ -2262,18 +2456,18 @@ public void deleteServicePerimeter(
*
*
*
- * Replace all existing [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
- * [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
- * with the [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] provided.
- * This is done atomically. The longrunning operation from this
- * RPC will have a successful status once all replacements have propagated to
- * long-lasting storage. Replacements containing errors will result in an
- * error response for the first error encountered. Replacement will be
- * cancelled on error, existing [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] will not be
- * affected. Operation.response field will contain
+ * Replace all existing [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
+ * policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
+ * [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
+ * is done atomically. The long-running operation from this RPC has a
+ * successful status after all replacements propagate to long-lasting storage.
+ * Replacements containing errors result in an error response for the first
+ * error encountered. Upon an error, replacement are cancelled and existing
+ * [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
+ * affected. The Operation.response field contains
* ReplaceServicePerimetersResponse.
*
*/
@@ -2290,21 +2484,21 @@ public void replaceServicePerimeters(
*
*
*
- * Commit the dry-run spec for all the [Service Perimeters]
+ * Commits the dry-run specification for all the [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
- * [Access Policy][google.identity.accesscontextmanager.v1.AccessPolicy].
- * A commit operation on a Service Perimeter involves copying its `spec` field
- * to that Service Perimeter's `status` field. Only [Service Perimeters]
+ * [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ * A commit operation on a service perimeter involves copying its `spec` field
+ * to the `status` field of the service perimeter. Only [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] with
* `use_explicit_dry_run_spec` field set to true are affected by a commit
- * operation. The longrunning operation from this RPC will have a successful
- * status once the dry-run specs for all the [Service Perimeters]
+ * operation. The long-running operation from this RPC has a successful
+ * status after the dry-run specifications for all the [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
- * committed. If a commit fails, it will cause the longrunning operation to
- * return an error response and the entire commit operation will be cancelled.
- * When successful, Operation.response field will contain
- * CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will
- * be cleared after a successful commit operation.
+ * committed. If a commit fails, it causes the long-running operation to
+ * return an error response and the entire commit operation is cancelled.
+ * When successful, the Operation.response field contains
+ * CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
+ * cleared after a successful commit operation.
*
*/
public void commitServicePerimeters(
@@ -2364,7 +2558,7 @@ public void getGcpUserAccessBinding(
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
* client specifies a [name]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
- * the server will ignore it. Fails if a resource already exists with the same
+ * the server ignores it. Fails if a resource already exists with the same
* [group_key]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
* Completion of this long-running operation does not necessarily signify that
@@ -2420,21 +2614,81 @@ public void deleteGcpUserAccessBinding(
request,
responseObserver);
}
+
+ /**
+ *
+ *
+ *
+ * Sets the IAM policy for the specified Access Context Manager
+ * [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ * This method replaces the existing IAM policy on the access policy. The IAM
+ * policy controls the set of users who can perform specific operations on the
+ * Access Context Manager [access
+ * policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ *
+ */
+ public void setIamPolicy(
+ com.google.iam.v1.SetIamPolicyRequest request,
+ io.grpc.stub.StreamObserver
+ * Gets the IAM policy for the specified Access Context Manager
+ * [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ *
+ */
+ public void getIamPolicy(
+ com.google.iam.v1.GetIamPolicyRequest request,
+ io.grpc.stub.StreamObserver
+ * Returns the IAM permissions that the caller has on the specified Access
+ * Context Manager resource. The resource can be an
+ * [AccessPolicy][google.identity.accesscontextmanager.v1.AccessPolicy],
+ * [AccessLevel][google.identity.accesscontextmanager.v1.AccessLevel], or
+ * [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
+ * ]. This method does not support other resources.
+ *
+ */
+ public void testIamPermissions(
+ com.google.iam.v1.TestIamPermissionsRequest request,
+ io.grpc.stub.StreamObserver
- * API for setting [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
- * Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
- * for Google Cloud Projects. Each organization has one [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] containing the
- * [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
- * and [Service Perimeters]
+ * API for setting [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+ * perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * for Google Cloud projects. Each organization has one [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+ * [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+ * and [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
- * [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+ * [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
* applicable to all resources in the organization.
* AccessPolicies
*
@@ -2456,9 +2710,9 @@ protected AccessContextManagerBlockingStub build(
*
*
*
- * List all [AccessPolicies]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] under a
- * container.
+ * Lists all [access policies]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] in an
+ * organization.
*
*/
public com.google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse
@@ -2472,8 +2726,8 @@ protected AccessContextManagerBlockingStub build(
*
*
*
- * Get an [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] by name.
+ * Returns an [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
*
*/
public com.google.identity.accesscontextmanager.v1.AccessPolicy getAccessPolicy(
@@ -2486,10 +2740,10 @@ public com.google.identity.accesscontextmanager.v1.AccessPolicy getAccessPolicy(
*
*
*
- * Create an `AccessPolicy`. Fails if this organization already has a
- * `AccessPolicy`. The longrunning Operation will have a successful status
- * once the `AccessPolicy` has propagated to long-lasting storage.
- * Syntactic and basic semantic errors will be returned in `metadata` as a
+ * Creates an access policy. This method fails if the organization already has
+ * an access policy. The long-running operation has a successful status
+ * after the access policy propagates to long-lasting storage.
+ * Syntactic and basic semantic errors are returned in `metadata` as a
* BadRequest proto.
*
*/
@@ -2503,13 +2757,12 @@ public com.google.longrunning.Operation createAccessPolicy(
*
*
*
- * Update an [AccessPolicy]
+ * Updates an [access policy]
* [google.identity.accesscontextmanager.v1.AccessPolicy]. The
- * longrunning Operation from this RPC will have a successful status once the
- * changes to the [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] have propagated
- * to long-lasting storage. Syntactic and basic semantic errors will be
- * returned in `metadata` as a BadRequest proto.
+ * long-running operation from this RPC has a successful status after the
+ * changes to the [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
+ * to long-lasting storage.
*
*/
public com.google.longrunning.Operation updateAccessPolicy(
@@ -2522,11 +2775,11 @@ public com.google.longrunning.Operation updateAccessPolicy(
*
*
*
- * Delete an [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] by resource
- * name. The longrunning Operation will have a successful status once the
- * [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy]
- * has been removed from long-lasting storage.
+ * Deletes an [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
+ * resource name. The long-running operation has a successful status after the
+ * [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
+ * is removed from long-lasting storage.
*
*/
public com.google.longrunning.Operation deleteAccessPolicy(
@@ -2539,7 +2792,7 @@ public com.google.longrunning.Operation deleteAccessPolicy(
*
*
*
- * List all [Access Levels]
+ * Lists all [access levels]
* [google.identity.accesscontextmanager.v1.AccessLevel] for an access
* policy.
*
@@ -2554,8 +2807,8 @@ public com.google.identity.accesscontextmanager.v1.ListAccessLevelsResponse list
*
*
*
- * Get an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel] by resource
+ * Gets an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
* name.
*
*/
@@ -2569,13 +2822,13 @@ public com.google.identity.accesscontextmanager.v1.AccessLevel getAccessLevel(
*
*
*
- * Create an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
- * operation from this RPC will have a successful status once the [Access
- * Level] [google.identity.accesscontextmanager.v1.AccessLevel] has
- * propagated to long-lasting storage. [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] containing
- * errors will result in an error response for the first error encountered.
+ * Creates an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+ * operation from this RPC has a successful status after the [access
+ * level] [google.identity.accesscontextmanager.v1.AccessLevel]
+ * propagates to long-lasting storage. If [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] contain
+ * errors, an error response is returned for the first error encountered.
*
*/
public com.google.longrunning.Operation createAccessLevel(
@@ -2588,14 +2841,14 @@ public com.google.longrunning.Operation createAccessLevel(
*
*
*
- * Update an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
- * operation from this RPC will have a successful status once the changes to
- * the [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel] have propagated
- * to long-lasting storage. [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] containing
- * errors will result in an error response for the first error encountered.
+ * Updates an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+ * operation from this RPC has a successful status after the changes to
+ * the [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] propagate
+ * to long-lasting storage. If [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] contain
+ * errors, an error response is returned for the first error encountered.
*
*/
public com.google.longrunning.Operation updateAccessLevel(
@@ -2608,10 +2861,10 @@ public com.google.longrunning.Operation updateAccessLevel(
*
*
*
- * Delete an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel] by resource
- * name. The longrunning operation from this RPC will have a successful status
- * once the [Access Level]
+ * Deletes an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
+ * name. The long-running operation from this RPC has a successful status
+ * after the [access level]
* [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
* from long-lasting storage.
*
@@ -2626,22 +2879,22 @@ public com.google.longrunning.Operation deleteAccessLevel(
*
*
*
- * Replace all existing [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] in an [Access
- * Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
- * the [Access Levels]
+ * Replaces all existing [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
+ * policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
+ * the [access levels]
* [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
- * is done atomically. The longrunning operation from this RPC will have a
- * successful status once all replacements have propagated to long-lasting
- * storage. Replacements containing errors will result in an error response
- * for the first error encountered. Replacement will be cancelled on error,
- * existing [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] will not be
- * affected. Operation.response field will contain
- * ReplaceAccessLevelsResponse. Removing [Access Levels]
+ * is done atomically. The long-running operation from this RPC has a
+ * successful status after all replacements propagate to long-lasting
+ * storage. If the replacement contains errors, an error response is returned
+ * for the first error encountered. Upon error, the replacement is cancelled,
+ * and existing [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] are not
+ * affected. The Operation.response field contains
+ * ReplaceAccessLevelsResponse. Removing [access levels]
* [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
- * [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] will result in
+ * [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
* error.
*
*/
@@ -2655,7 +2908,7 @@ public com.google.longrunning.Operation replaceAccessLevels(
*
*
*
- * List all [Service Perimeters]
+ * Lists all [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
* access policy.
*
@@ -2671,9 +2924,9 @@ public com.google.longrunning.Operation replaceAccessLevels(
*
*
*
- * Get a [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
- * name.
+ * Gets a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+ * resource name.
*
*/
public com.google.identity.accesscontextmanager.v1.ServicePerimeter getServicePerimeter(
@@ -2686,14 +2939,14 @@ public com.google.identity.accesscontextmanager.v1.ServicePerimeter getServicePe
*
*
*
- * Create a [Service Perimeter]
+ * Creates a [service perimeter]
* [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the
- * [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] has
- * propagated to long-lasting storage. [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
- * errors will result in an error response for the first error encountered.
+ * long-running operation from this RPC has a successful status after the
+ * [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * propagates to long-lasting storage. If a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
*/
public com.google.longrunning.Operation createServicePerimeter(
@@ -2706,14 +2959,14 @@ public com.google.longrunning.Operation createServicePerimeter(
*
*
*
- * Update a [Service Perimeter]
+ * Updates a [service perimeter]
* [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the
- * changes to the [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] have
- * propagated to long-lasting storage. [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
- * errors will result in an error response for the first error encountered.
+ * long-running operation from this RPC has a successful status after the
+ * [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * propagates to long-lasting storage. If a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
*/
public com.google.longrunning.Operation updateServicePerimeter(
@@ -2726,12 +2979,12 @@ public com.google.longrunning.Operation updateServicePerimeter(
*
*
*
- * Delete a [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
- * name. The longrunning operation from this RPC will have a successful status
- * once the [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] has been
- * removed from long-lasting storage.
+ * Deletes a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+ * resource name. The long-running operation from this RPC has a successful
+ * status after the [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
+ * long-lasting storage.
*
*/
public com.google.longrunning.Operation deleteServicePerimeter(
@@ -2744,18 +2997,18 @@ public com.google.longrunning.Operation deleteServicePerimeter(
*
*
*
- * Replace all existing [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
- * [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
- * with the [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] provided.
- * This is done atomically. The longrunning operation from this
- * RPC will have a successful status once all replacements have propagated to
- * long-lasting storage. Replacements containing errors will result in an
- * error response for the first error encountered. Replacement will be
- * cancelled on error, existing [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] will not be
- * affected. Operation.response field will contain
+ * Replace all existing [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
+ * policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
+ * [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
+ * is done atomically. The long-running operation from this RPC has a
+ * successful status after all replacements propagate to long-lasting storage.
+ * Replacements containing errors result in an error response for the first
+ * error encountered. Upon an error, replacement are cancelled and existing
+ * [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
+ * affected. The Operation.response field contains
* ReplaceServicePerimetersResponse.
*
*/
@@ -2769,21 +3022,21 @@ public com.google.longrunning.Operation replaceServicePerimeters(
*
*
*
- * Commit the dry-run spec for all the [Service Perimeters]
+ * Commits the dry-run specification for all the [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
- * [Access Policy][google.identity.accesscontextmanager.v1.AccessPolicy].
- * A commit operation on a Service Perimeter involves copying its `spec` field
- * to that Service Perimeter's `status` field. Only [Service Perimeters]
+ * [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ * A commit operation on a service perimeter involves copying its `spec` field
+ * to the `status` field of the service perimeter. Only [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] with
* `use_explicit_dry_run_spec` field set to true are affected by a commit
- * operation. The longrunning operation from this RPC will have a successful
- * status once the dry-run specs for all the [Service Perimeters]
+ * operation. The long-running operation from this RPC has a successful
+ * status after the dry-run specifications for all the [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
- * committed. If a commit fails, it will cause the longrunning operation to
- * return an error response and the entire commit operation will be cancelled.
- * When successful, Operation.response field will contain
- * CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will
- * be cleared after a successful commit operation.
+ * committed. If a commit fails, it causes the long-running operation to
+ * return an error response and the entire commit operation is cancelled.
+ * When successful, the Operation.response field contains
+ * CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
+ * cleared after a successful commit operation.
*
*/
public com.google.longrunning.Operation commitServicePerimeters(
@@ -2831,7 +3084,7 @@ public com.google.identity.accesscontextmanager.v1.GcpUserAccessBinding getGcpUs
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
* client specifies a [name]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
- * the server will ignore it. Fails if a resource already exists with the same
+ * the server ignores it. Fails if a resource already exists with the same
* [group_key]
* [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
* Completion of this long-running operation does not necessarily signify that
@@ -2878,21 +3131,69 @@ public com.google.longrunning.Operation deleteGcpUserAccessBinding(
return io.grpc.stub.ClientCalls.blockingUnaryCall(
getChannel(), getDeleteGcpUserAccessBindingMethod(), getCallOptions(), request);
}
+
+ /**
+ *
+ *
+ *
+ * Sets the IAM policy for the specified Access Context Manager
+ * [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ * This method replaces the existing IAM policy on the access policy. The IAM
+ * policy controls the set of users who can perform specific operations on the
+ * Access Context Manager [access
+ * policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ *
+ */
+ public com.google.iam.v1.Policy setIamPolicy(com.google.iam.v1.SetIamPolicyRequest request) {
+ return io.grpc.stub.ClientCalls.blockingUnaryCall(
+ getChannel(), getSetIamPolicyMethod(), getCallOptions(), request);
+ }
+
+ /**
+ *
+ *
+ *
+ * Gets the IAM policy for the specified Access Context Manager
+ * [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ *
+ */
+ public com.google.iam.v1.Policy getIamPolicy(com.google.iam.v1.GetIamPolicyRequest request) {
+ return io.grpc.stub.ClientCalls.blockingUnaryCall(
+ getChannel(), getGetIamPolicyMethod(), getCallOptions(), request);
+ }
+
+ /**
+ *
+ *
+ *
+ * Returns the IAM permissions that the caller has on the specified Access
+ * Context Manager resource. The resource can be an
+ * [AccessPolicy][google.identity.accesscontextmanager.v1.AccessPolicy],
+ * [AccessLevel][google.identity.accesscontextmanager.v1.AccessLevel], or
+ * [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
+ * ]. This method does not support other resources.
+ *
+ */
+ public com.google.iam.v1.TestIamPermissionsResponse testIamPermissions(
+ com.google.iam.v1.TestIamPermissionsRequest request) {
+ return io.grpc.stub.ClientCalls.blockingUnaryCall(
+ getChannel(), getTestIamPermissionsMethod(), getCallOptions(), request);
+ }
}
/**
*
*
*
- * API for setting [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] and [Service
- * Perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
- * for Google Cloud Projects. Each organization has one [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] containing the
- * [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
- * and [Service Perimeters]
+ * API for setting [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+ * perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * for Google Cloud projects. Each organization has one [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+ * [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+ * and [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
- * [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+ * [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
* applicable to all resources in the organization.
* AccessPolicies
*
@@ -2914,9 +3215,9 @@ protected AccessContextManagerFutureStub build(
*
*
*
- * List all [AccessPolicies]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] under a
- * container.
+ * Lists all [access policies]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] in an
+ * organization.
*
*/
public com.google.common.util.concurrent.ListenableFuture<
@@ -2931,8 +3232,8 @@ protected AccessContextManagerFutureStub build(
*
*
*
- * Get an [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] by name.
+ * Returns an [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
*
*/
public com.google.common.util.concurrent.ListenableFuture<
@@ -2947,10 +3248,10 @@ protected AccessContextManagerFutureStub build(
*
*
*
- * Create an `AccessPolicy`. Fails if this organization already has a
- * `AccessPolicy`. The longrunning Operation will have a successful status
- * once the `AccessPolicy` has propagated to long-lasting storage.
- * Syntactic and basic semantic errors will be returned in `metadata` as a
+ * Creates an access policy. This method fails if the organization already has
+ * an access policy. The long-running operation has a successful status
+ * after the access policy propagates to long-lasting storage.
+ * Syntactic and basic semantic errors are returned in `metadata` as a
* BadRequest proto.
*
*/
@@ -2964,13 +3265,12 @@ protected AccessContextManagerFutureStub build(
*
*
*
- * Update an [AccessPolicy]
+ * Updates an [access policy]
* [google.identity.accesscontextmanager.v1.AccessPolicy]. The
- * longrunning Operation from this RPC will have a successful status once the
- * changes to the [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] have propagated
- * to long-lasting storage. Syntactic and basic semantic errors will be
- * returned in `metadata` as a BadRequest proto.
+ * long-running operation from this RPC has a successful status after the
+ * changes to the [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
+ * to long-lasting storage.
*
*/
public com.google.common.util.concurrent.ListenableFuture
- * Delete an [AccessPolicy]
- * [google.identity.accesscontextmanager.v1.AccessPolicy] by resource
- * name. The longrunning Operation will have a successful status once the
- * [AccessPolicy] [google.identity.accesscontextmanager.v1.AccessPolicy]
- * has been removed from long-lasting storage.
+ * Deletes an [access policy]
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
+ * resource name. The long-running operation has a successful status after the
+ * [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
+ * is removed from long-lasting storage.
*
*/
public com.google.common.util.concurrent.ListenableFuture
- * List all [Access Levels]
+ * Lists all [access levels]
* [google.identity.accesscontextmanager.v1.AccessLevel] for an access
* policy.
*
@@ -3019,8 +3319,8 @@ protected AccessContextManagerFutureStub build(
*
*
*
- * Get an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel] by resource
+ * Gets an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
* name.
*
*/
@@ -3035,13 +3335,13 @@ protected AccessContextManagerFutureStub build(
*
*
*
- * Create an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
- * operation from this RPC will have a successful status once the [Access
- * Level] [google.identity.accesscontextmanager.v1.AccessLevel] has
- * propagated to long-lasting storage. [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] containing
- * errors will result in an error response for the first error encountered.
+ * Creates an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+ * operation from this RPC has a successful status after the [access
+ * level] [google.identity.accesscontextmanager.v1.AccessLevel]
+ * propagates to long-lasting storage. If [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] contain
+ * errors, an error response is returned for the first error encountered.
*
*/
public com.google.common.util.concurrent.ListenableFuture
- * Update an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel]. The longrunning
- * operation from this RPC will have a successful status once the changes to
- * the [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel] have propagated
- * to long-lasting storage. [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] containing
- * errors will result in an error response for the first error encountered.
+ * Updates an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+ * operation from this RPC has a successful status after the changes to
+ * the [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] propagate
+ * to long-lasting storage. If [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] contain
+ * errors, an error response is returned for the first error encountered.
*
*/
public com.google.common.util.concurrent.ListenableFuture
- * Delete an [Access Level]
- * [google.identity.accesscontextmanager.v1.AccessLevel] by resource
- * name. The longrunning operation from this RPC will have a successful status
- * once the [Access Level]
+ * Deletes an [access level]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
+ * name. The long-running operation from this RPC has a successful status
+ * after the [access level]
* [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
* from long-lasting storage.
*
@@ -3095,22 +3395,22 @@ protected AccessContextManagerFutureStub build(
*
*
*
- * Replace all existing [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] in an [Access
- * Policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
- * the [Access Levels]
+ * Replaces all existing [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
+ * policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
+ * the [access levels]
* [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
- * is done atomically. The longrunning operation from this RPC will have a
- * successful status once all replacements have propagated to long-lasting
- * storage. Replacements containing errors will result in an error response
- * for the first error encountered. Replacement will be cancelled on error,
- * existing [Access Levels]
- * [google.identity.accesscontextmanager.v1.AccessLevel] will not be
- * affected. Operation.response field will contain
- * ReplaceAccessLevelsResponse. Removing [Access Levels]
+ * is done atomically. The long-running operation from this RPC has a
+ * successful status after all replacements propagate to long-lasting
+ * storage. If the replacement contains errors, an error response is returned
+ * for the first error encountered. Upon error, the replacement is cancelled,
+ * and existing [access levels]
+ * [google.identity.accesscontextmanager.v1.AccessLevel] are not
+ * affected. The Operation.response field contains
+ * ReplaceAccessLevelsResponse. Removing [access levels]
* [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
- * [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] will result in
+ * [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
* error.
*
*/
@@ -3125,7 +3425,7 @@ protected AccessContextManagerFutureStub build(
*
*
*
- * List all [Service Perimeters]
+ * Lists all [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
* access policy.
*
@@ -3142,9 +3442,9 @@ protected AccessContextManagerFutureStub build(
*
*
*
- * Get a [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
- * name.
+ * Gets a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+ * resource name.
*
*/
public com.google.common.util.concurrent.ListenableFuture<
@@ -3159,14 +3459,14 @@ protected AccessContextManagerFutureStub build(
*
*
*
- * Create a [Service Perimeter]
+ * Creates a [service perimeter]
* [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the
- * [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] has
- * propagated to long-lasting storage. [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
- * errors will result in an error response for the first error encountered.
+ * long-running operation from this RPC has a successful status after the
+ * [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * propagates to long-lasting storage. If a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
*/
public com.google.common.util.concurrent.ListenableFuture
- * Update a [Service Perimeter]
+ * Updates a [service perimeter]
* [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
- * longrunning operation from this RPC will have a successful status once the
- * changes to the [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] have
- * propagated to long-lasting storage. [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] containing
- * errors will result in an error response for the first error encountered.
+ * long-running operation from this RPC has a successful status after the
+ * [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ * propagates to long-lasting storage. If a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ * errors, an error response is returned for the first error encountered.
*
*/
public com.google.common.util.concurrent.ListenableFuture
- * Delete a [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] by resource
- * name. The longrunning operation from this RPC will have a successful status
- * once the [Service Perimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] has been
- * removed from long-lasting storage.
+ * Deletes a [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+ * resource name. The long-running operation from this RPC has a successful
+ * status after the [service perimeter]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
+ * long-lasting storage.
*
*/
public com.google.common.util.concurrent.ListenableFuture
- * Replace all existing [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
- * [Access Policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
- * with the [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] provided.
- * This is done atomically. The longrunning operation from this
- * RPC will have a successful status once all replacements have propagated to
- * long-lasting storage. Replacements containing errors will result in an
- * error response for the first error encountered. Replacement will be
- * cancelled on error, existing [Service Perimeters]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] will not be
- * affected. Operation.response field will contain
+ * Replace all existing [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
+ * policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
+ * [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
+ * is done atomically. The long-running operation from this RPC has a
+ * successful status after all replacements propagate to long-lasting storage.
+ * Replacements containing errors result in an error response for the first
+ * error encountered. Upon an error, replacement are cancelled and existing
+ * [service perimeters]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
+ * affected. The Operation.response field contains
* ReplaceServicePerimetersResponse.
*
*/
@@ -3246,21 +3546,21 @@ protected AccessContextManagerFutureStub build(
*
*
*
- * Commit the dry-run spec for all the [Service Perimeters]
+ * Commits the dry-run specification for all the [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
- * [Access Policy][google.identity.accesscontextmanager.v1.AccessPolicy].
- * A commit operation on a Service Perimeter involves copying its `spec` field
- * to that Service Perimeter's `status` field. Only [Service Perimeters]
+ * [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ * A commit operation on a service perimeter involves copying its `spec` field
+ * to the `status` field of the service perimeter. Only [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] with
* `use_explicit_dry_run_spec` field set to true are affected by a commit
- * operation. The longrunning operation from this RPC will have a successful
- * status once the dry-run specs for all the [Service Perimeters]
+ * operation. The long-running operation from this RPC has a successful
+ * status after the dry-run specifications for all the [service perimeters]
* [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
- * committed. If a commit fails, it will cause the longrunning operation to
- * return an error response and the entire commit operation will be cancelled.
- * When successful, Operation.response field will contain
- * CommitServicePerimetersResponse. The `dry_run` and the `spec` fields will
- * be cleared after a successful commit operation.
+ * committed. If a commit fails, it causes the long-running operation to
+ * return an error response and the entire commit operation is cancelled.
+ * When successful, the Operation.response field contains
+ * CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
+ * cleared after a successful commit operation.
*
*/
public com.google.common.util.concurrent.ListenableFuture
+ * Sets the IAM policy for the specified Access Context Manager
+ * [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ * This method replaces the existing IAM policy on the access policy. The IAM
+ * policy controls the set of users who can perform specific operations on the
+ * Access Context Manager [access
+ * policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ *
+ */
+ public com.google.common.util.concurrent.ListenableFuture
+ * Gets the IAM policy for the specified Access Context Manager
+ * [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ *
+ */
+ public com.google.common.util.concurrent.ListenableFuture
+ * Returns the IAM permissions that the caller has on the specified Access
+ * Context Manager resource. The resource can be an
+ * [AccessPolicy][google.identity.accesscontextmanager.v1.AccessPolicy],
+ * [AccessLevel][google.identity.accesscontextmanager.v1.AccessLevel], or
+ * [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
+ * ]. This method does not support other resources.
+ *
+ */
+ public com.google.common.util.concurrent.ListenableFuture<
+ com.google.iam.v1.TestIamPermissionsResponse>
+ testIamPermissions(com.google.iam.v1.TestIamPermissionsRequest request) {
+ return io.grpc.stub.ClientCalls.futureUnaryCall(
+ getChannel().newCall(getTestIamPermissionsMethod(), getCallOptions()), request);
+ }
}
private static final int METHODID_LIST_ACCESS_POLICIES = 0;
@@ -3387,6 +3738,9 @@ protected AccessContextManagerFutureStub build(
private static final int METHODID_CREATE_GCP_USER_ACCESS_BINDING = 20;
private static final int METHODID_UPDATE_GCP_USER_ACCESS_BINDING = 21;
private static final int METHODID_DELETE_GCP_USER_ACCESS_BINDING = 22;
+ private static final int METHODID_SET_IAM_POLICY = 23;
+ private static final int METHODID_GET_IAM_POLICY = 24;
+ private static final int METHODID_TEST_IAM_PERMISSIONS = 25;
private static final class MethodHandlers
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @return A list containing the scopes.
+ */
+ public com.google.protobuf.ProtocolStringList getScopesList() {
+ return scopes_;
+ }
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @return The count of scopes.
+ */
+ public int getScopesCount() {
+ return scopes_.size();
+ }
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @param index The index of the element to return.
+ * @return The scopes at the given index.
+ */
+ public java.lang.String getScopes(int index) {
+ return scopes_.get(index);
+ }
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @param index The index of the value to return.
+ * @return The bytes of the scopes at the given index.
+ */
+ public com.google.protobuf.ByteString getScopesBytes(int index) {
+ return scopes_.getByteString(index);
+ }
+
public static final int CREATE_TIME_FIELD_NUMBER = 4;
private com.google.protobuf.Timestamp createTime_;
/**
@@ -406,6 +520,9 @@ public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io
if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(etag_)) {
com.google.protobuf.GeneratedMessageV3.writeString(output, 6, etag_);
}
+ for (int i = 0; i < scopes_.size(); i++) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 7, scopes_.getRaw(i));
+ }
getUnknownFields().writeTo(output);
}
@@ -433,6 +550,14 @@ public int getSerializedSize() {
if (!com.google.protobuf.GeneratedMessageV3.isStringEmpty(etag_)) {
size += com.google.protobuf.GeneratedMessageV3.computeStringSize(6, etag_);
}
+ {
+ int dataSize = 0;
+ for (int i = 0; i < scopes_.size(); i++) {
+ dataSize += computeStringSizeNoTag(scopes_.getRaw(i));
+ }
+ size += dataSize;
+ size += 1 * getScopesList().size();
+ }
size += getUnknownFields().getSerializedSize();
memoizedSize = size;
return size;
@@ -452,6 +577,7 @@ public boolean equals(final java.lang.Object obj) {
if (!getName().equals(other.getName())) return false;
if (!getParent().equals(other.getParent())) return false;
if (!getTitle().equals(other.getTitle())) return false;
+ if (!getScopesList().equals(other.getScopesList())) return false;
if (hasCreateTime() != other.hasCreateTime()) return false;
if (hasCreateTime()) {
if (!getCreateTime().equals(other.getCreateTime())) return false;
@@ -478,6 +604,10 @@ public int hashCode() {
hash = (53 * hash) + getParent().hashCode();
hash = (37 * hash) + TITLE_FIELD_NUMBER;
hash = (53 * hash) + getTitle().hashCode();
+ if (getScopesCount() > 0) {
+ hash = (37 * hash) + SCOPES_FIELD_NUMBER;
+ hash = (53 * hash) + getScopesList().hashCode();
+ }
if (hasCreateTime()) {
hash = (37 * hash) + CREATE_TIME_FIELD_NUMBER;
hash = (53 * hash) + getCreateTime().hashCode();
@@ -637,6 +767,8 @@ public Builder clear() {
title_ = "";
+ scopes_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ bitField0_ = (bitField0_ & ~0x00000001);
if (createTimeBuilder_ == null) {
createTime_ = null;
} else {
@@ -678,9 +810,15 @@ public com.google.identity.accesscontextmanager.v1.AccessPolicy build() {
public com.google.identity.accesscontextmanager.v1.AccessPolicy buildPartial() {
com.google.identity.accesscontextmanager.v1.AccessPolicy result =
new com.google.identity.accesscontextmanager.v1.AccessPolicy(this);
+ int from_bitField0_ = bitField0_;
result.name_ = name_;
result.parent_ = parent_;
result.title_ = title_;
+ if (((bitField0_ & 0x00000001) != 0)) {
+ scopes_ = scopes_.getUnmodifiableView();
+ bitField0_ = (bitField0_ & ~0x00000001);
+ }
+ result.scopes_ = scopes_;
if (createTimeBuilder_ == null) {
result.createTime_ = createTime_;
} else {
@@ -754,6 +892,16 @@ public Builder mergeFrom(com.google.identity.accesscontextmanager.v1.AccessPolic
title_ = other.title_;
onChanged();
}
+ if (!other.scopes_.isEmpty()) {
+ if (scopes_.isEmpty()) {
+ scopes_ = other.scopes_;
+ bitField0_ = (bitField0_ & ~0x00000001);
+ } else {
+ ensureScopesIsMutable();
+ scopes_.addAll(other.scopes_);
+ }
+ onChanged();
+ }
if (other.hasCreateTime()) {
mergeCreateTime(other.getCreateTime());
}
@@ -826,6 +974,13 @@ public Builder mergeFrom(
break;
} // case 50
+ case 58:
+ {
+ java.lang.String s = input.readStringRequireUtf8();
+ ensureScopesIsMutable();
+ scopes_.add(s);
+ break;
+ } // case 58
default:
{
if (!super.parseUnknownField(input, extensionRegistry, tag)) {
@@ -843,6 +998,8 @@ public Builder mergeFrom(
return this;
}
+ private int bitField0_;
+
private java.lang.Object name_ = "";
/**
*
@@ -1176,6 +1333,291 @@ public Builder setTitleBytes(com.google.protobuf.ByteString value) {
return this;
}
+ private com.google.protobuf.LazyStringList scopes_ =
+ com.google.protobuf.LazyStringArrayList.EMPTY;
+
+ private void ensureScopesIsMutable() {
+ if (!((bitField0_ & 0x00000001) != 0)) {
+ scopes_ = new com.google.protobuf.LazyStringArrayList(scopes_);
+ bitField0_ |= 0x00000001;
+ }
+ }
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @return A list containing the scopes.
+ */
+ public com.google.protobuf.ProtocolStringList getScopesList() {
+ return scopes_.getUnmodifiableView();
+ }
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @return The count of scopes.
+ */
+ public int getScopesCount() {
+ return scopes_.size();
+ }
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @param index The index of the element to return.
+ * @return The scopes at the given index.
+ */
+ public java.lang.String getScopes(int index) {
+ return scopes_.get(index);
+ }
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @param index The index of the value to return.
+ * @return The bytes of the scopes at the given index.
+ */
+ public com.google.protobuf.ByteString getScopesBytes(int index) {
+ return scopes_.getByteString(index);
+ }
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @param index The index to set the value at.
+ * @param value The scopes to set.
+ * @return This builder for chaining.
+ */
+ public Builder setScopes(int index, java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureScopesIsMutable();
+ scopes_.set(index, value);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @param value The scopes to add.
+ * @return This builder for chaining.
+ */
+ public Builder addScopes(java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureScopesIsMutable();
+ scopes_.add(value);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @param values The scopes to add.
+ * @return This builder for chaining.
+ */
+ public Builder addAllScopes(java.lang.Iterable
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @return This builder for chaining.
+ */
+ public Builder clearScopes() {
+ scopes_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ bitField0_ = (bitField0_ & ~0x00000001);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @param value The bytes of the scopes to add.
+ * @return This builder for chaining.
+ */
+ public Builder addScopesBytes(com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+ ensureScopesIsMutable();
+ scopes_.add(value);
+ onChanged();
+ return this;
+ }
+
private com.google.protobuf.Timestamp createTime_;
private com.google.protobuf.SingleFieldBuilderV3<
com.google.protobuf.Timestamp,
diff --git a/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/AccessPolicyOrBuilder.java b/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/AccessPolicyOrBuilder.java
index ba712950e671..d14d40515ba0 100644
--- a/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/AccessPolicyOrBuilder.java
+++ b/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/AccessPolicyOrBuilder.java
@@ -104,6 +104,109 @@ public interface AccessPolicyOrBuilder
*/
com.google.protobuf.ByteString getTitleBytes();
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @return A list containing the scopes.
+ */
+ java.util.List
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @return The count of scopes.
+ */
+ int getScopesCount();
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @param index The index of the element to return.
+ * @return The scopes at the given index.
+ */
+ java.lang.String getScopes(int index);
+ /**
+ *
+ *
+ *
+ * The scopes of a policy define which resources an ACM policy can restrict,
+ * and where ACM resources can be referenced.
+ * For example, a policy with scopes=["folders/123"] has the following
+ * behavior:
+ * - vpcsc perimeters can only restrict projects within folders/123
+ * - access levels can only be referenced by resources within folders/123.
+ * If empty, there are no limitations on which resources can be restricted by
+ * an ACM policy, and there are no limitations on where ACM resources can be
+ * referenced.
+ * Only one policy can include a given scope (attempting to create a second
+ * policy which includes "folders/123" will result in an error).
+ * Currently, scopes cannot be modified after a policy is created.
+ * Currently, policies can only have a single scope.
+ * Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ *
+ *
+ * repeated string scopes = 7;
+ *
+ * @param index The index of the value to return.
+ * @return The bytes of the scopes at the given index.
+ */
+ com.google.protobuf.ByteString getScopesBytes(int index);
+
/**
*
*
diff --git a/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/CommitServicePerimetersRequest.java b/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/CommitServicePerimetersRequest.java
index 4f78bbd09a26..4c882086f456 100644
--- a/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/CommitServicePerimetersRequest.java
+++ b/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/CommitServicePerimetersRequest.java
@@ -142,7 +142,7 @@ public com.google.protobuf.ByteString getParentBytes() {
*
*
* Optional. The etag for the version of the [Access Policy]
- * [google.identity.accesscontextmanager.v1alpha.AccessPolicy] that this
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that this
* commit operation is to be performed on. If, at the time of commit, the
* etag for the Access Policy stored in Access Context Manager is different
* from the specified etag, then the commit operation will not be performed
@@ -171,7 +171,7 @@ public java.lang.String getEtag() {
*
*
* Optional. The etag for the version of the [Access Policy]
- * [google.identity.accesscontextmanager.v1alpha.AccessPolicy] that this
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that this
* commit operation is to be performed on. If, at the time of commit, the
* etag for the Access Policy stored in Access Context Manager is different
* from the specified etag, then the commit operation will not be performed
@@ -715,7 +715,7 @@ public Builder setParentBytes(com.google.protobuf.ByteString value) {
*
*
* Optional. The etag for the version of the [Access Policy]
- * [google.identity.accesscontextmanager.v1alpha.AccessPolicy] that this
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that this
* commit operation is to be performed on. If, at the time of commit, the
* etag for the Access Policy stored in Access Context Manager is different
* from the specified etag, then the commit operation will not be performed
@@ -743,7 +743,7 @@ public java.lang.String getEtag() {
*
*
* Optional. The etag for the version of the [Access Policy]
- * [google.identity.accesscontextmanager.v1alpha.AccessPolicy] that this
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that this
* commit operation is to be performed on. If, at the time of commit, the
* etag for the Access Policy stored in Access Context Manager is different
* from the specified etag, then the commit operation will not be performed
@@ -771,7 +771,7 @@ public com.google.protobuf.ByteString getEtagBytes() {
*
*
* Optional. The etag for the version of the [Access Policy]
- * [google.identity.accesscontextmanager.v1alpha.AccessPolicy] that this
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that this
* commit operation is to be performed on. If, at the time of commit, the
* etag for the Access Policy stored in Access Context Manager is different
* from the specified etag, then the commit operation will not be performed
@@ -798,7 +798,7 @@ public Builder setEtag(java.lang.String value) {
*
*
* Optional. The etag for the version of the [Access Policy]
- * [google.identity.accesscontextmanager.v1alpha.AccessPolicy] that this
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that this
* commit operation is to be performed on. If, at the time of commit, the
* etag for the Access Policy stored in Access Context Manager is different
* from the specified etag, then the commit operation will not be performed
@@ -821,7 +821,7 @@ public Builder clearEtag() {
*
*
* Optional. The etag for the version of the [Access Policy]
- * [google.identity.accesscontextmanager.v1alpha.AccessPolicy] that this
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that this
* commit operation is to be performed on. If, at the time of commit, the
* etag for the Access Policy stored in Access Context Manager is different
* from the specified etag, then the commit operation will not be performed
diff --git a/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/CommitServicePerimetersRequestOrBuilder.java b/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/CommitServicePerimetersRequestOrBuilder.java
index dfe98d035696..ded2c1921f6f 100644
--- a/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/CommitServicePerimetersRequestOrBuilder.java
+++ b/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/CommitServicePerimetersRequestOrBuilder.java
@@ -67,7 +67,7 @@ public interface CommitServicePerimetersRequestOrBuilder
*
*
* Optional. The etag for the version of the [Access Policy]
- * [google.identity.accesscontextmanager.v1alpha.AccessPolicy] that this
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that this
* commit operation is to be performed on. If, at the time of commit, the
* etag for the Access Policy stored in Access Context Manager is different
* from the specified etag, then the commit operation will not be performed
@@ -85,7 +85,7 @@ public interface CommitServicePerimetersRequestOrBuilder
*
*
* Optional. The etag for the version of the [Access Policy]
- * [google.identity.accesscontextmanager.v1alpha.AccessPolicy] that this
+ * [google.identity.accesscontextmanager.v1.AccessPolicy] that this
* commit operation is to be performed on. If, at the time of commit, the
* etag for the Access Policy stored in Access Context Manager is different
* from the specified etag, then the commit operation will not be performed
diff --git a/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/PolicyProto.java b/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/PolicyProto.java
index 531c1b7dcf74..66dc867a4eb0 100644
--- a/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/PolicyProto.java
+++ b/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/PolicyProto.java
@@ -44,21 +44,21 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
+ "1/access_policy.proto\022\'google.identity.a"
+ "ccesscontextmanager.v1\032\031google/api/resou"
+ "rce.proto\032\037google/protobuf/timestamp.pro"
- + "to\"\202\002\n\014AccessPolicy\022\014\n\004name\030\001 \001(\t\022\016\n\006par"
- + "ent\030\002 \001(\t\022\r\n\005title\030\003 \001(\t\022/\n\013create_time\030"
- + "\004 \001(\0132\032.google.protobuf.Timestamp\022/\n\013upd"
- + "ate_time\030\005 \001(\0132\032.google.protobuf.Timesta"
- + "mp\022\014\n\004etag\030\006 \001(\t:U\352AR\n0accesscontextmana"
- + "ger.googleapis.com/AccessPolicy\022\036accessP"
- + "olicies/{access_policy}B\241\002\n+com.google.i"
- + "dentity.accesscontextmanager.v1B\013PolicyP"
- + "rotoP\001Z[google.golang.org/genproto/googl"
- + "eapis/identity/accesscontextmanager/v1;a"
- + "ccesscontextmanager\242\002\004GACM\252\002\'Google.Iden"
- + "tity.AccessContextManager.V1\312\002\'Google\\Id"
- + "entity\\AccessContextManager\\V1\352\002*Google:"
- + ":Identity::AccessContextManager::V1b\006pro"
- + "to3"
+ + "to\"\222\002\n\014AccessPolicy\022\014\n\004name\030\001 \001(\t\022\016\n\006par"
+ + "ent\030\002 \001(\t\022\r\n\005title\030\003 \001(\t\022\016\n\006scopes\030\007 \003(\t"
+ + "\022/\n\013create_time\030\004 \001(\0132\032.google.protobuf."
+ + "Timestamp\022/\n\013update_time\030\005 \001(\0132\032.google."
+ + "protobuf.Timestamp\022\014\n\004etag\030\006 \001(\t:U\352AR\n0a"
+ + "ccesscontextmanager.googleapis.com/Acces"
+ + "sPolicy\022\036accessPolicies/{access_policy}B"
+ + "\241\002\n+com.google.identity.accesscontextman"
+ + "ager.v1B\013PolicyProtoP\001Z[google.golang.or"
+ + "g/genproto/googleapis/identity/accesscon"
+ + "textmanager/v1;accesscontextmanager\242\002\004GA"
+ + "CM\252\002\'Google.Identity.AccessContextManage"
+ + "r.V1\312\002\'Google\\Identity\\AccessContextMana"
+ + "ger\\V1\352\002*Google::Identity::AccessContext"
+ + "Manager::V1b\006proto3"
};
descriptor =
com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
@@ -73,7 +73,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
internal_static_google_identity_accesscontextmanager_v1_AccessPolicy_descriptor,
new java.lang.String[] {
- "Name", "Parent", "Title", "CreateTime", "UpdateTime", "Etag",
+ "Name", "Parent", "Title", "Scopes", "CreateTime", "UpdateTime", "Etag",
});
com.google.protobuf.ExtensionRegistry registry =
com.google.protobuf.ExtensionRegistry.newInstance();
diff --git a/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/ServicePerimeterConfig.java b/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/ServicePerimeterConfig.java
index 9d09306abba8..74ae22f85e7b 100644
--- a/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/ServicePerimeterConfig.java
+++ b/java-accesscontextmanager/proto-google-identity-accesscontextmanager-v1/src/main/java/com/google/identity/accesscontextmanager/v1/ServicePerimeterConfig.java
@@ -5268,225 +5268,216 @@ public com.google.protobuf.Parser
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @return A list containing the resources.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- java.util.List
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
+ */
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource getSources(
+ int index);
+ /**
*
- * @return The count of resources.
+ *
+ *
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
+ *
+ *
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- int getResourcesCount();
+ int getSourcesCount();
/**
*
*
*
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
+ */
+ java.util.List<
+ ? extends
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+ .IngressSourceOrBuilder>
+ getSourcesOrBuilderList();
+ /**
*
- * @param index The index of the element to return.
- * @return The resources at the given index.
+ *
+ *
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
+ *
+ *
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- java.lang.String getResources(int index);
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSourceOrBuilder
+ getSourcesOrBuilder(int index);
+
/**
*
*
*
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
*
*
- * repeated string resources = 1;
+ * repeated string identities = 2;
*
- * @param index The index of the value to return.
- * @return The bytes of the resources at the given index.
+ * @return A list containing the identities.
*/
- com.google.protobuf.ByteString getResourcesBytes(int index);
-
+ java.util.List
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
*
*
- *
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
- *
+ * repeated string identities = 2;
+ *
+ * @return The count of identities.
*/
- java.util.List
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
*
*
- *
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
- *
+ * repeated string identities = 2;
+ *
+ * @param index The index of the element to return.
+ * @return The identities at the given index.
*/
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation getOperations(
- int index);
+ java.lang.String getIdentities(int index);
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
*
*
- *
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
- *
+ * repeated string identities = 2;
+ *
+ * @param index The index of the value to return.
+ * @return The bytes of the identities at the given index.
*/
- int getOperationsCount();
+ com.google.protobuf.ByteString getIdentitiesBytes(int index);
+
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Specifies the type of identities that are allowed access from outside the
+ * perimeter. If left unspecified, then members of `identities` field will
+ * be allowed access.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType identity_type = 3;
*
+ *
+ * @return The enum numeric value on the wire for identityType.
*/
- java.util.List<
- ? extends
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
- .ApiOperationOrBuilder>
- getOperationsOrBuilderList();
+ int getIdentityTypeValue();
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Specifies the type of identities that are allowed access from outside the
+ * perimeter. If left unspecified, then members of `identities` field will
+ * be allowed access.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType identity_type = 3;
*
+ *
+ * @return The identityType.
*/
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperationOrBuilder
- getOperationsOrBuilder(int index);
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType
+ getIdentityType();
}
/**
*
*
*
- * Defines the conditions under which an [EgressPolicy]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
- * matches a request. Conditions are based on information about the
- * [ApiOperation]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * intended to be performed on the `resources` specified. Note that if the
- * destination of the request is also protected by a [ServicePerimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter], then that
- * [ServicePerimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] must have
- * an [IngressPolicy]
+ * Defines the conditions under which an [IngressPolicy]
* [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
- * which allows access in order for this request to succeed. The request must
- * match `operations` AND `resources` fields in order to be allowed egress out
- * of the perimeter.
+ * matches a request. Conditions are based on information about the source of
+ * the request. The request must satisfy what is defined in `sources` AND
+ * identity related fields in order to match.
*
*
- * Protobuf type {@code google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo}
+ * Protobuf type {@code
+ * google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom}
*/
- public static final class EgressTo extends com.google.protobuf.GeneratedMessageV3
+ public static final class IngressFrom extends com.google.protobuf.GeneratedMessageV3
implements
- // @@protoc_insertion_point(message_implements:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo)
- EgressToOrBuilder {
+ // @@protoc_insertion_point(message_implements:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom)
+ IngressFromOrBuilder {
private static final long serialVersionUID = 0L;
- // Use EgressTo.newBuilder() to construct.
- private EgressTo(com.google.protobuf.GeneratedMessageV3.Builder> builder) {
+ // Use IngressFrom.newBuilder() to construct.
+ private IngressFrom(com.google.protobuf.GeneratedMessageV3.Builder> builder) {
super(builder);
}
- private EgressTo() {
- resources_ = com.google.protobuf.LazyStringArrayList.EMPTY;
- operations_ = java.util.Collections.emptyList();
+ private IngressFrom() {
+ sources_ = java.util.Collections.emptyList();
+ identities_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ identityType_ = 0;
}
@java.lang.Override
@SuppressWarnings({"unused"})
protected java.lang.Object newInstance(UnusedPrivateParameter unused) {
- return new EgressTo();
+ return new IngressFrom();
}
@java.lang.Override
@@ -5496,220 +5487,234 @@ public final com.google.protobuf.UnknownFieldSet getUnknownFields() {
public static final com.google.protobuf.Descriptors.Descriptor getDescriptor() {
return com.google.identity.accesscontextmanager.v1.ServicePerimeterProto
- .internal_static_google_identity_accesscontextmanager_v1_ServicePerimeterConfig_EgressTo_descriptor;
+ .internal_static_google_identity_accesscontextmanager_v1_ServicePerimeterConfig_IngressFrom_descriptor;
}
@java.lang.Override
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable
internalGetFieldAccessorTable() {
return com.google.identity.accesscontextmanager.v1.ServicePerimeterProto
- .internal_static_google_identity_accesscontextmanager_v1_ServicePerimeterConfig_EgressTo_fieldAccessorTable
+ .internal_static_google_identity_accesscontextmanager_v1_ServicePerimeterConfig_IngressFrom_fieldAccessorTable
.ensureFieldAccessorsInitialized(
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.class,
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo.Builder
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.class,
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom.Builder
.class);
}
- public static final int RESOURCES_FIELD_NUMBER = 1;
- private com.google.protobuf.LazyStringList resources_;
- /**
+ public static final int SOURCES_FIELD_NUMBER = 1;
+ private java.util.List<
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource>
+ sources_;
+ /**
*
*
*
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @return A list containing the resources.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- public com.google.protobuf.ProtocolStringList getResourcesList() {
- return resources_;
+ @java.lang.Override
+ public java.util.List<
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource>
+ getSourcesList() {
+ return sources_;
}
/**
*
*
*
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @return The count of resources.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- public int getResourcesCount() {
- return resources_.size();
+ @java.lang.Override
+ public java.util.List<
+ ? extends
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+ .IngressSourceOrBuilder>
+ getSourcesOrBuilderList() {
+ return sources_;
}
/**
*
*
*
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @param index The index of the element to return.
- * @return The resources at the given index.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- public java.lang.String getResources(int index) {
- return resources_.get(index);
+ @java.lang.Override
+ public int getSourcesCount() {
+ return sources_.size();
}
/**
*
*
*
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @param index The index of the value to return.
- * @return The bytes of the resources at the given index.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- public com.google.protobuf.ByteString getResourcesBytes(int index) {
- return resources_.getByteString(index);
+ @java.lang.Override
+ public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+ getSources(int index) {
+ return sources_.get(index);
}
-
- public static final int OPERATIONS_FIELD_NUMBER = 2;
- private java.util.List<
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation>
- operations_;
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
*
*/
@java.lang.Override
- public java.util.List<
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation>
- getOperationsList() {
- return operations_;
+ public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSourceOrBuilder
+ getSourcesOrBuilder(int index) {
+ return sources_.get(index);
+ }
+
+ public static final int IDENTITIES_FIELD_NUMBER = 2;
+ private com.google.protobuf.LazyStringList identities_;
+ /**
+ *
+ *
+ *
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
+ *
+ *
+ * repeated string identities = 2;
+ *
+ * @return A list containing the identities.
+ */
+ public com.google.protobuf.ProtocolStringList getIdentitiesList() {
+ return identities_;
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
*
*
- *
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
- *
+ * repeated string identities = 2;
+ *
+ * @return The count of identities.
*/
- @java.lang.Override
- public java.util.List<
- ? extends
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
- .ApiOperationOrBuilder>
- getOperationsOrBuilderList() {
- return operations_;
+ public int getIdentitiesCount() {
+ return identities_.size();
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
*
*
- *
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
- *
+ * repeated string identities = 2;
+ *
+ * @param index The index of the element to return.
+ * @return The identities at the given index.
*/
- @java.lang.Override
- public int getOperationsCount() {
- return operations_.size();
+ public java.lang.String getIdentities(int index) {
+ return identities_.get(index);
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
+ *
+ *
+ * repeated string identities = 2;
+ *
+ * @param index The index of the value to return.
+ * @return The bytes of the identities at the given index.
+ */
+ public com.google.protobuf.ByteString getIdentitiesBytes(int index) {
+ return identities_.getByteString(index);
+ }
+
+ public static final int IDENTITY_TYPE_FIELD_NUMBER = 3;
+ private int identityType_;
+ /**
+ *
+ *
+ *
+ * Specifies the type of identities that are allowed access from outside the
+ * perimeter. If left unspecified, then members of `identities` field will
+ * be allowed access.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType identity_type = 3;
*
+ *
+ * @return The enum numeric value on the wire for identityType.
*/
@java.lang.Override
- public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
- getOperations(int index) {
- return operations_.get(index);
+ public int getIdentityTypeValue() {
+ return identityType_;
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Specifies the type of identities that are allowed access from outside the
+ * perimeter. If left unspecified, then members of `identities` field will
+ * be allowed access.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType identity_type = 3;
*
+ *
+ * @return The identityType.
*/
@java.lang.Override
- public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperationOrBuilder
- getOperationsOrBuilder(int index) {
- return operations_.get(index);
+ public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType
+ getIdentityType() {
+ @SuppressWarnings("deprecation")
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType result =
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType.valueOf(
+ identityType_);
+ return result == null
+ ? com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType
+ .UNRECOGNIZED
+ : result;
}
private byte memoizedIsInitialized = -1;
@@ -5726,11 +5731,17 @@ public final boolean isInitialized() {
@java.lang.Override
public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io.IOException {
- for (int i = 0; i < resources_.size(); i++) {
- com.google.protobuf.GeneratedMessageV3.writeString(output, 1, resources_.getRaw(i));
- }
- for (int i = 0; i < operations_.size(); i++) {
- output.writeMessage(2, operations_.get(i));
+ for (int i = 0; i < sources_.size(); i++) {
+ output.writeMessage(1, sources_.get(i));
+ }
+ for (int i = 0; i < identities_.size(); i++) {
+ com.google.protobuf.GeneratedMessageV3.writeString(output, 2, identities_.getRaw(i));
+ }
+ if (identityType_
+ != com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType
+ .IDENTITY_TYPE_UNSPECIFIED
+ .getNumber()) {
+ output.writeEnum(3, identityType_);
}
getUnknownFields().writeTo(output);
}
@@ -5741,16 +5752,22 @@ public int getSerializedSize() {
if (size != -1) return size;
size = 0;
+ for (int i = 0; i < sources_.size(); i++) {
+ size += com.google.protobuf.CodedOutputStream.computeMessageSize(1, sources_.get(i));
+ }
{
int dataSize = 0;
- for (int i = 0; i < resources_.size(); i++) {
- dataSize += computeStringSizeNoTag(resources_.getRaw(i));
+ for (int i = 0; i < identities_.size(); i++) {
+ dataSize += computeStringSizeNoTag(identities_.getRaw(i));
}
size += dataSize;
- size += 1 * getResourcesList().size();
+ size += 1 * getIdentitiesList().size();
}
- for (int i = 0; i < operations_.size(); i++) {
- size += com.google.protobuf.CodedOutputStream.computeMessageSize(2, operations_.get(i));
+ if (identityType_
+ != com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType
+ .IDENTITY_TYPE_UNSPECIFIED
+ .getNumber()) {
+ size += com.google.protobuf.CodedOutputStream.computeEnumSize(3, identityType_);
}
size += getUnknownFields().getSerializedSize();
memoizedSize = size;
@@ -5763,14 +5780,16 @@ public boolean equals(final java.lang.Object obj) {
return true;
}
if (!(obj
- instanceof com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo)) {
+ instanceof
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom)) {
return super.equals(obj);
}
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo other =
- (com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo) obj;
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom other =
+ (com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom) obj;
- if (!getResourcesList().equals(other.getResourcesList())) return false;
- if (!getOperationsList().equals(other.getOperationsList())) return false;
+ if (!getSourcesList().equals(other.getSourcesList())) return false;
+ if (!getIdentitiesList().equals(other.getIdentitiesList())) return false;
+ if (identityType_ != other.identityType_) return false;
if (!getUnknownFields().equals(other.getUnknownFields())) return false;
return true;
}
@@ -5782,39 +5801,41 @@ public int hashCode() {
}
int hash = 41;
hash = (19 * hash) + getDescriptor().hashCode();
- if (getResourcesCount() > 0) {
- hash = (37 * hash) + RESOURCES_FIELD_NUMBER;
- hash = (53 * hash) + getResourcesList().hashCode();
+ if (getSourcesCount() > 0) {
+ hash = (37 * hash) + SOURCES_FIELD_NUMBER;
+ hash = (53 * hash) + getSourcesList().hashCode();
}
- if (getOperationsCount() > 0) {
- hash = (37 * hash) + OPERATIONS_FIELD_NUMBER;
- hash = (53 * hash) + getOperationsList().hashCode();
+ if (getIdentitiesCount() > 0) {
+ hash = (37 * hash) + IDENTITIES_FIELD_NUMBER;
+ hash = (53 * hash) + getIdentitiesList().hashCode();
}
+ hash = (37 * hash) + IDENTITY_TYPE_FIELD_NUMBER;
+ hash = (53 * hash) + identityType_;
hash = (29 * hash) + getUnknownFields().hashCode();
memoizedHashCode = hash;
return hash;
}
- public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
parseFrom(java.nio.ByteBuffer data)
throws com.google.protobuf.InvalidProtocolBufferException {
return PARSER.parseFrom(data);
}
- public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
parseFrom(
java.nio.ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
throws com.google.protobuf.InvalidProtocolBufferException {
return PARSER.parseFrom(data, extensionRegistry);
}
- public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
parseFrom(com.google.protobuf.ByteString data)
throws com.google.protobuf.InvalidProtocolBufferException {
return PARSER.parseFrom(data);
}
- public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
parseFrom(
com.google.protobuf.ByteString data,
com.google.protobuf.ExtensionRegistryLite extensionRegistry)
@@ -5822,23 +5843,23 @@ public int hashCode() {
return PARSER.parseFrom(data, extensionRegistry);
}
- public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException {
return PARSER.parseFrom(data);
}
- public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
throws com.google.protobuf.InvalidProtocolBufferException {
return PARSER.parseFrom(data, extensionRegistry);
}
- public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
parseFrom(java.io.InputStream input) throws java.io.IOException {
return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
}
- public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
parseFrom(
java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
throws java.io.IOException {
@@ -5846,12 +5867,12 @@ public int hashCode() {
PARSER, input, extensionRegistry);
}
- public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
parseDelimitedFrom(java.io.InputStream input) throws java.io.IOException {
return com.google.protobuf.GeneratedMessageV3.parseDelimitedWithIOException(PARSER, input);
}
- public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
parseDelimitedFrom(
java.io.InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
throws java.io.IOException {
@@ -5859,12 +5880,12 @@ public int hashCode() {
PARSER, input, extensionRegistry);
}
- public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
parseFrom(com.google.protobuf.CodedInputStream input) throws java.io.IOException {
return com.google.protobuf.GeneratedMessageV3.parseWithIOException(PARSER, input);
}
- public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
parseFrom(
com.google.protobuf.CodedInputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry)
@@ -5883,7 +5904,7 @@ public static Builder newBuilder() {
}
public static Builder newBuilder(
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo prototype) {
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom prototype) {
return DEFAULT_INSTANCE.toBuilder().mergeFrom(prototype);
}
@@ -5902,48 +5923,40 @@ protected Builder newBuilderForType(
*
*
*
- * Defines the conditions under which an [EgressPolicy]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
- * matches a request. Conditions are based on information about the
- * [ApiOperation]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * intended to be performed on the `resources` specified. Note that if the
- * destination of the request is also protected by a [ServicePerimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter], then that
- * [ServicePerimeter]
- * [google.identity.accesscontextmanager.v1.ServicePerimeter] must have
- * an [IngressPolicy]
+ * Defines the conditions under which an [IngressPolicy]
* [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
- * which allows access in order for this request to succeed. The request must
- * match `operations` AND `resources` fields in order to be allowed egress out
- * of the perimeter.
+ * matches a request. Conditions are based on information about the source of
+ * the request. The request must satisfy what is defined in `sources` AND
+ * identity related fields in order to match.
*
*
- * Protobuf type {@code google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo}
+ * Protobuf type {@code
+ * google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom}
*/
public static final class Builder
extends com.google.protobuf.GeneratedMessageV3.Builder
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @return A list containing the resources.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- public com.google.protobuf.ProtocolStringList getResourcesList() {
- return resources_.getUnmodifiableView();
+ public java.util.List<
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource>
+ getSourcesList() {
+ if (sourcesBuilder_ == null) {
+ return java.util.Collections.unmodifiableList(sources_);
+ } else {
+ return sourcesBuilder_.getMessageList();
+ }
}
/**
*
*
*
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @return The count of resources.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- public int getResourcesCount() {
- return resources_.size();
+ public int getSourcesCount() {
+ if (sourcesBuilder_ == null) {
+ return sources_.size();
+ } else {
+ return sourcesBuilder_.getCount();
+ }
}
/**
*
*
*
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @param index The index of the element to return.
- * @return The resources at the given index.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- public java.lang.String getResources(int index) {
- return resources_.get(index);
+ public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+ getSources(int index) {
+ if (sourcesBuilder_ == null) {
+ return sources_.get(index);
+ } else {
+ return sourcesBuilder_.getMessage(index);
+ }
}
/**
*
*
*
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @param index The index of the value to return.
- * @return The bytes of the resources at the given index.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- public com.google.protobuf.ByteString getResourcesBytes(int index) {
- return resources_.getByteString(index);
+ public Builder setSources(
+ int index,
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource value) {
+ if (sourcesBuilder_ == null) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureSourcesIsMutable();
+ sources_.set(index, value);
+ onChanged();
+ } else {
+ sourcesBuilder_.setMessage(index, value);
+ }
+ return this;
}
/**
*
*
*
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @param index The index to set the value at.
- * @param value The resources to set.
- * @return This builder for chaining.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- public Builder setResources(int index, java.lang.String value) {
- if (value == null) {
- throw new NullPointerException();
+ public Builder setSources(
+ int index,
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource.Builder
+ builderForValue) {
+ if (sourcesBuilder_ == null) {
+ ensureSourcesIsMutable();
+ sources_.set(index, builderForValue.build());
+ onChanged();
+ } else {
+ sourcesBuilder_.setMessage(index, builderForValue.build());
}
- ensureResourcesIsMutable();
- resources_.set(index, value);
- onChanged();
return this;
}
/**
*
*
*
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @param value The resources to add.
- * @return This builder for chaining.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- public Builder addResources(java.lang.String value) {
- if (value == null) {
- throw new NullPointerException();
+ public Builder addSources(
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource value) {
+ if (sourcesBuilder_ == null) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ ensureSourcesIsMutable();
+ sources_.add(value);
+ onChanged();
+ } else {
+ sourcesBuilder_.addMessage(value);
}
- ensureResourcesIsMutable();
- resources_.add(value);
- onChanged();
return this;
}
/**
*
*
*
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @param values The resources to add.
- * @return This builder for chaining.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- public Builder addAllResources(java.lang.Iterable
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @return This builder for chaining.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- public Builder clearResources() {
- resources_ = com.google.protobuf.LazyStringArrayList.EMPTY;
- bitField0_ = (bitField0_ & ~0x00000001);
- onChanged();
+ public Builder addSources(
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource.Builder
+ builderForValue) {
+ if (sourcesBuilder_ == null) {
+ ensureSourcesIsMutable();
+ sources_.add(builderForValue.build());
+ onChanged();
+ } else {
+ sourcesBuilder_.addMessage(builderForValue.build());
+ }
return this;
}
/**
*
*
*
- * A list of resources, currently only projects in the form
- * `projects/<projectnumber>`, that are allowed to be accessed by sources
- * defined in the corresponding [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it contains a resource in this list. If `*` is
- * specified for `resources`, then this [EgressTo]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
- * rule will authorize access to all resources outside the perimeter.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
- * repeated string resources = 1;
- *
- * @param value The bytes of the resources to add.
- * @return This builder for chaining.
+ *
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
+ *
*/
- public Builder addResourcesBytes(com.google.protobuf.ByteString value) {
- if (value == null) {
- throw new NullPointerException();
+ public Builder addSources(
+ int index,
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource.Builder
+ builderForValue) {
+ if (sourcesBuilder_ == null) {
+ ensureSourcesIsMutable();
+ sources_.add(index, builderForValue.build());
+ onChanged();
+ } else {
+ sourcesBuilder_.addMessage(index, builderForValue.build());
}
- checkByteStringIsUtf8(value);
- ensureResourcesIsMutable();
- resources_.add(value);
- onChanged();
return this;
}
-
- private java.util.List<
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation>
- operations_ = java.util.Collections.emptyList();
-
- private void ensureOperationsIsMutable() {
- if (!((bitField0_ & 0x00000002) != 0)) {
- operations_ =
- new java.util.ArrayList<
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation>(
- operations_);
- bitField0_ |= 0x00000002;
- }
- }
-
- private com.google.protobuf.RepeatedFieldBuilderV3<
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation,
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
- .Builder,
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
- .ApiOperationOrBuilder>
- operationsBuilder_;
-
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
*
*/
- public java.util.List<
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation>
- getOperationsList() {
- if (operationsBuilder_ == null) {
- return java.util.Collections.unmodifiableList(operations_);
+ public Builder addAllSources(
+ java.lang.Iterable<
+ ? extends
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+ .IngressSource>
+ values) {
+ if (sourcesBuilder_ == null) {
+ ensureSourcesIsMutable();
+ com.google.protobuf.AbstractMessageLite.Builder.addAll(values, sources_);
+ onChanged();
} else {
- return operationsBuilder_.getMessageList();
+ sourcesBuilder_.addAllMessages(values);
}
+ return this;
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
*
*/
- public int getOperationsCount() {
- if (operationsBuilder_ == null) {
- return operations_.size();
+ public Builder clearSources() {
+ if (sourcesBuilder_ == null) {
+ sources_ = java.util.Collections.emptyList();
+ bitField0_ = (bitField0_ & ~0x00000001);
+ onChanged();
} else {
- return operationsBuilder_.getCount();
+ sourcesBuilder_.clear();
}
+ return this;
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
*
*/
- public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
- getOperations(int index) {
- if (operationsBuilder_ == null) {
- return operations_.get(index);
+ public Builder removeSources(int index) {
+ if (sourcesBuilder_ == null) {
+ ensureSourcesIsMutable();
+ sources_.remove(index);
+ onChanged();
} else {
- return operationsBuilder_.getMessage(index);
+ sourcesBuilder_.remove(index);
}
+ return this;
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
*
*/
- public Builder setOperations(
- int index,
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation value) {
- if (operationsBuilder_ == null) {
- if (value == null) {
- throw new NullPointerException();
- }
- ensureOperationsIsMutable();
- operations_.set(index, value);
- onChanged();
- } else {
- operationsBuilder_.setMessage(index, value);
- }
- return this;
+ public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+ .Builder
+ getSourcesBuilder(int index) {
+ return getSourcesFieldBuilder().getBuilder(index);
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
*
*/
- public Builder setOperations(
- int index,
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.Builder
- builderForValue) {
- if (operationsBuilder_ == null) {
- ensureOperationsIsMutable();
- operations_.set(index, builderForValue.build());
- onChanged();
+ public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+ .IngressSourceOrBuilder
+ getSourcesOrBuilder(int index) {
+ if (sourcesBuilder_ == null) {
+ return sources_.get(index);
} else {
- operationsBuilder_.setMessage(index, builderForValue.build());
+ return sourcesBuilder_.getMessageOrBuilder(index);
}
- return this;
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
*
*/
- public Builder addOperations(
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation value) {
- if (operationsBuilder_ == null) {
- if (value == null) {
- throw new NullPointerException();
- }
- ensureOperationsIsMutable();
- operations_.add(value);
- onChanged();
+ public java.util.List<
+ ? extends
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+ .IngressSourceOrBuilder>
+ getSourcesOrBuilderList() {
+ if (sourcesBuilder_ != null) {
+ return sourcesBuilder_.getMessageOrBuilderList();
} else {
- operationsBuilder_.addMessage(value);
+ return java.util.Collections.unmodifiableList(sources_);
}
- return this;
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
*
*/
- public Builder addOperations(
- int index,
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation value) {
- if (operationsBuilder_ == null) {
- if (value == null) {
- throw new NullPointerException();
- }
- ensureOperationsIsMutable();
- operations_.add(index, value);
- onChanged();
- } else {
- operationsBuilder_.addMessage(index, value);
- }
- return this;
+ public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+ .Builder
+ addSourcesBuilder() {
+ return getSourcesFieldBuilder()
+ .addBuilder(
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+ .getDefaultInstance());
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
*
*/
- public Builder addOperations(
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.Builder
- builderForValue) {
- if (operationsBuilder_ == null) {
- ensureOperationsIsMutable();
- operations_.add(builderForValue.build());
- onChanged();
- } else {
- operationsBuilder_.addMessage(builderForValue.build());
- }
- return this;
+ public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+ .Builder
+ addSourcesBuilder(int index) {
+ return getSourcesFieldBuilder()
+ .addBuilder(
+ index,
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+ .getDefaultInstance());
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Sources that this [IngressPolicy]
+ * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ * authorizes access from.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource sources = 1;
*
*/
- public Builder addOperations(
- int index,
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.Builder
- builderForValue) {
- if (operationsBuilder_ == null) {
- ensureOperationsIsMutable();
- operations_.add(index, builderForValue.build());
- onChanged();
- } else {
- operationsBuilder_.addMessage(index, builderForValue.build());
+ public java.util.List<
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+ .Builder>
+ getSourcesBuilderList() {
+ return getSourcesFieldBuilder().getBuilderList();
+ }
+
+ private com.google.protobuf.RepeatedFieldBuilderV3<
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource,
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+ .Builder,
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+ .IngressSourceOrBuilder>
+ getSourcesFieldBuilder() {
+ if (sourcesBuilder_ == null) {
+ sourcesBuilder_ =
+ new com.google.protobuf.RepeatedFieldBuilderV3<
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource,
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource
+ .Builder,
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+ .IngressSourceOrBuilder>(
+ sources_, ((bitField0_ & 0x00000001) != 0), getParentForChildren(), isClean());
+ sources_ = null;
+ }
+ return sourcesBuilder_;
+ }
+
+ private com.google.protobuf.LazyStringList identities_ =
+ com.google.protobuf.LazyStringArrayList.EMPTY;
+
+ private void ensureIdentitiesIsMutable() {
+ if (!((bitField0_ & 0x00000002) != 0)) {
+ identities_ = new com.google.protobuf.LazyStringArrayList(identities_);
+ bitField0_ |= 0x00000002;
}
- return this;
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
*
*
- *
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
- *
+ * repeated string identities = 2;
+ *
+ * @return A list containing the identities.
*/
- public Builder addAllOperations(
- java.lang.Iterable<
- ? extends
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
- .ApiOperation>
- values) {
- if (operationsBuilder_ == null) {
- ensureOperationsIsMutable();
- com.google.protobuf.AbstractMessageLite.Builder.addAll(values, operations_);
- onChanged();
- } else {
- operationsBuilder_.addAllMessages(values);
- }
- return this;
+ public com.google.protobuf.ProtocolStringList getIdentitiesList() {
+ return identities_.getUnmodifiableView();
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
*
*
- *
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
- *
+ * repeated string identities = 2;
+ *
+ * @return The count of identities.
*/
- public Builder clearOperations() {
- if (operationsBuilder_ == null) {
- operations_ = java.util.Collections.emptyList();
- bitField0_ = (bitField0_ & ~0x00000002);
- onChanged();
- } else {
- operationsBuilder_.clear();
- }
- return this;
+ public int getIdentitiesCount() {
+ return identities_.size();
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
*
*
- *
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
- *
+ * repeated string identities = 2;
+ *
+ * @param index The index of the element to return.
+ * @return The identities at the given index.
*/
- public Builder removeOperations(int index) {
- if (operationsBuilder_ == null) {
- ensureOperationsIsMutable();
- operations_.remove(index);
- onChanged();
- } else {
- operationsBuilder_.remove(index);
- }
- return this;
+ public java.lang.String getIdentities(int index) {
+ return identities_.get(index);
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
*
*
- *
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
- *
+ * repeated string identities = 2;
+ *
+ * @param index The index of the value to return.
+ * @return The bytes of the identities at the given index.
*/
- public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.Builder
- getOperationsBuilder(int index) {
- return getOperationsFieldBuilder().getBuilder(index);
+ public com.google.protobuf.ByteString getIdentitiesBytes(int index) {
+ return identities_.getByteString(index);
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
*
*
- *
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
- *
+ * repeated string identities = 2;
+ *
+ * @param index The index to set the value at.
+ * @param value The identities to set.
+ * @return This builder for chaining.
*/
- public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
- .ApiOperationOrBuilder
- getOperationsOrBuilder(int index) {
- if (operationsBuilder_ == null) {
- return operations_.get(index);
- } else {
- return operationsBuilder_.getMessageOrBuilder(index);
+ public Builder setIdentities(int index, java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
}
+ ensureIdentitiesIsMutable();
+ identities_.set(index, value);
+ onChanged();
+ return this;
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
*
*
- *
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
- *
+ * repeated string identities = 2;
+ *
+ * @param value The identities to add.
+ * @return This builder for chaining.
*/
- public java.util.List<
- ? extends
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
- .ApiOperationOrBuilder>
- getOperationsOrBuilderList() {
- if (operationsBuilder_ != null) {
- return operationsBuilder_.getMessageOrBuilderList();
- } else {
- return java.util.Collections.unmodifiableList(operations_);
+ public Builder addIdentities(java.lang.String value) {
+ if (value == null) {
+ throw new NullPointerException();
}
+ ensureIdentitiesIsMutable();
+ identities_.add(value);
+ onChanged();
+ return this;
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
+ *
+ *
+ * repeated string identities = 2;
+ *
+ * @param values The identities to add.
+ * @return This builder for chaining.
+ */
+ public Builder addAllIdentities(java.lang.Iterable
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
+ *
+ *
+ * repeated string identities = 2;
+ *
+ * @return This builder for chaining.
+ */
+ public Builder clearIdentities() {
+ identities_ = com.google.protobuf.LazyStringArrayList.EMPTY;
+ bitField0_ = (bitField0_ & ~0x00000002);
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * A list of identities that are allowed access through this ingress
+ * policy. Should be in the format of email address. The email address
+ * should represent individual user or service account only.
+ *
+ *
+ * repeated string identities = 2;
+ *
+ * @param value The bytes of the identities to add.
+ * @return This builder for chaining.
+ */
+ public Builder addIdentitiesBytes(com.google.protobuf.ByteString value) {
+ if (value == null) {
+ throw new NullPointerException();
+ }
+ checkByteStringIsUtf8(value);
+ ensureIdentitiesIsMutable();
+ identities_.add(value);
+ onChanged();
+ return this;
+ }
+
+ private int identityType_ = 0;
+ /**
+ *
+ *
+ *
+ * Specifies the type of identities that are allowed access from outside the
+ * perimeter. If left unspecified, then members of `identities` field will
+ * be allowed access.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType identity_type = 3;
*
+ *
+ * @return The enum numeric value on the wire for identityType.
*/
- public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.Builder
- addOperationsBuilder() {
- return getOperationsFieldBuilder()
- .addBuilder(
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
- .getDefaultInstance());
+ @java.lang.Override
+ public int getIdentityTypeValue() {
+ return identityType_;
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Specifies the type of identities that are allowed access from outside the
+ * perimeter. If left unspecified, then members of `identities` field will
+ * be allowed access.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType identity_type = 3;
*
+ *
+ * @param value The enum numeric value on the wire for identityType to set.
+ * @return This builder for chaining.
*/
- public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation.Builder
- addOperationsBuilder(int index) {
- return getOperationsFieldBuilder()
- .addBuilder(
- index,
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
- .getDefaultInstance());
+ public Builder setIdentityTypeValue(int value) {
+
+ identityType_ = value;
+ onChanged();
+ return this;
}
/**
*
*
*
- * A list of [ApiOperations]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
- * allowed to be performed by the sources specified in the corresponding
- * [EgressFrom]
- * [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
- * A request matches if it uses an operation/service in this list.
+ * Specifies the type of identities that are allowed access from outside the
+ * perimeter. If left unspecified, then members of `identities` field will
+ * be allowed access.
*
*
*
- * repeated .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation operations = 2;
+ * .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType identity_type = 3;
*
+ *
+ * @return The identityType.
*/
- public java.util.List<
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
- .Builder>
- getOperationsBuilderList() {
- return getOperationsFieldBuilder().getBuilderList();
+ @java.lang.Override
+ public com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType
+ getIdentityType() {
+ @SuppressWarnings("deprecation")
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType result =
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType.valueOf(
+ identityType_);
+ return result == null
+ ? com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType
+ .UNRECOGNIZED
+ : result;
}
-
- private com.google.protobuf.RepeatedFieldBuilderV3<
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation,
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
- .Builder,
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
- .ApiOperationOrBuilder>
- getOperationsFieldBuilder() {
- if (operationsBuilder_ == null) {
- operationsBuilder_ =
- new com.google.protobuf.RepeatedFieldBuilderV3<
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation,
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation
- .Builder,
- com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
- .ApiOperationOrBuilder>(
- operations_, ((bitField0_ & 0x00000002) != 0), getParentForChildren(), isClean());
- operations_ = null;
+ /**
+ *
+ *
+ *
+ * Specifies the type of identities that are allowed access from outside the
+ * perimeter. If left unspecified, then members of `identities` field will
+ * be allowed access.
+ *
+ *
+ *
+ * .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType identity_type = 3;
+ *
+ *
+ * @param value The identityType to set.
+ * @return This builder for chaining.
+ */
+ public Builder setIdentityType(
+ com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType value) {
+ if (value == null) {
+ throw new NullPointerException();
}
- return operationsBuilder_;
+
+ identityType_ = value.getNumber();
+ onChanged();
+ return this;
+ }
+ /**
+ *
+ *
+ *
+ * Specifies the type of identities that are allowed access from outside the
+ * perimeter. If left unspecified, then members of `identities` field will
+ * be allowed access.
+ *
+ *
+ *
+ * .google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType identity_type = 3;
+ *
+ *
+ * @return This builder for chaining.
+ */
+ public Builder clearIdentityType() {
+
+ identityType_ = 0;
+ onChanged();
+ return this;
}
@java.lang.Override
@@ -6931,27 +6980,28 @@ public final Builder mergeUnknownFields(
return super.mergeUnknownFields(unknownFields);
}
- // @@protoc_insertion_point(builder_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo)
+ // @@protoc_insertion_point(builder_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom)
}
- // @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo)
- private static final com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ // @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom)
+ private static final com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig
+ .IngressFrom
DEFAULT_INSTANCE;
static {
DEFAULT_INSTANCE =
- new com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo();
+ new com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom();
}
- public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo
+ public static com.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom
getDefaultInstance() {
return DEFAULT_INSTANCE;
}
- private static final com.google.protobuf.Parser