| Index: discovery/googleapis_beta/cloudkms__v1beta1.json
|
| diff --git a/discovery/googleapis_beta/cloudkms__v1beta1.json b/discovery/googleapis_beta/cloudkms__v1beta1.json
|
| index 0c344a0eb4a54c2ac2bdbeb1e83d4e12af0a816c..48d366e66dba4fca1271642da64759742ae0f799 100644
|
| --- a/discovery/googleapis_beta/cloudkms__v1beta1.json
|
| +++ b/discovery/googleapis_beta/cloudkms__v1beta1.json
|
| @@ -12,7 +12,7 @@
|
| "baseUrl": "https://cloudkms.googleapis.com/",
|
| "batchPath": "batch",
|
| "canonicalName": "Cloud KMS",
|
| - "description": "",
|
| + "description": "Manages encryption for your cloud services the same way you do on-premise. You can generate, use, rotate, and destroy AES256 encryption keys.",
|
| "discoveryVersion": "v1",
|
| "documentationLink": "https://cloud.google.com/kms/",
|
| "icons": {
|
| @@ -25,55 +25,18 @@
|
| "ownerDomain": "google.com",
|
| "ownerName": "Google",
|
| "parameters": {
|
| - "key": {
|
| - "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
|
| - "location": "query",
|
| - "type": "string"
|
| - },
|
| - "access_token": {
|
| - "description": "OAuth access token.",
|
| - "location": "query",
|
| - "type": "string"
|
| - },
|
| - "quotaUser": {
|
| - "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
|
| - "location": "query",
|
| - "type": "string"
|
| - },
|
| - "pp": {
|
| - "default": "true",
|
| - "description": "Pretty-print response.",
|
| - "location": "query",
|
| - "type": "boolean"
|
| - },
|
| - "oauth_token": {
|
| - "description": "OAuth 2.0 token for the current user.",
|
| - "location": "query",
|
| - "type": "string"
|
| - },
|
| - "bearer_token": {
|
| - "description": "OAuth bearer token.",
|
| - "location": "query",
|
| - "type": "string"
|
| - },
|
| - "upload_protocol": {
|
| - "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
|
| + "fields": {
|
| + "description": "Selector specifying which fields to include in a partial response.",
|
| "location": "query",
|
| "type": "string"
|
| },
|
| - "prettyPrint": {
|
| - "default": "true",
|
| - "description": "Returns response with indentations and line breaks.",
|
| - "location": "query",
|
| - "type": "boolean"
|
| - },
|
| "uploadType": {
|
| "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").",
|
| "location": "query",
|
| "type": "string"
|
| },
|
| - "fields": {
|
| - "description": "Selector specifying which fields to include in a partial response.",
|
| + "callback": {
|
| + "description": "JSONP",
|
| "location": "query",
|
| "type": "string"
|
| },
|
| @@ -90,11 +53,6 @@
|
| "location": "query",
|
| "type": "string"
|
| },
|
| - "callback": {
|
| - "description": "JSONP",
|
| - "location": "query",
|
| - "type": "string"
|
| - },
|
| "alt": {
|
| "default": "json",
|
| "description": "Data format for response.",
|
| @@ -110,6 +68,48 @@
|
| ],
|
| "location": "query",
|
| "type": "string"
|
| + },
|
| + "access_token": {
|
| + "description": "OAuth access token.",
|
| + "location": "query",
|
| + "type": "string"
|
| + },
|
| + "key": {
|
| + "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.",
|
| + "location": "query",
|
| + "type": "string"
|
| + },
|
| + "quotaUser": {
|
| + "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.",
|
| + "location": "query",
|
| + "type": "string"
|
| + },
|
| + "pp": {
|
| + "default": "true",
|
| + "description": "Pretty-print response.",
|
| + "location": "query",
|
| + "type": "boolean"
|
| + },
|
| + "bearer_token": {
|
| + "description": "OAuth bearer token.",
|
| + "location": "query",
|
| + "type": "string"
|
| + },
|
| + "oauth_token": {
|
| + "description": "OAuth 2.0 token for the current user.",
|
| + "location": "query",
|
| + "type": "string"
|
| + },
|
| + "upload_protocol": {
|
| + "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").",
|
| + "location": "query",
|
| + "type": "string"
|
| + },
|
| + "prettyPrint": {
|
| + "default": "true",
|
| + "description": "Returns response with indentations and line breaks.",
|
| + "location": "query",
|
| + "type": "boolean"
|
| }
|
| },
|
| "protocol": "rest",
|
| @@ -126,12 +126,6 @@
|
| "name"
|
| ],
|
| "parameters": {
|
| - "pageSize": {
|
| - "description": "The standard list page size.",
|
| - "format": "int32",
|
| - "location": "query",
|
| - "type": "integer"
|
| - },
|
| "filter": {
|
| "description": "The standard list filter.",
|
| "location": "query",
|
| @@ -148,6 +142,12 @@
|
| "description": "The standard list page token.",
|
| "location": "query",
|
| "type": "string"
|
| + },
|
| + "pageSize": {
|
| + "description": "The standard list page size.",
|
| + "format": "int32",
|
| + "location": "query",
|
| + "type": "integer"
|
| }
|
| },
|
| "path": "v1beta1/{+name}/locations",
|
| @@ -186,33 +186,6 @@
|
| "resources": {
|
| "keyRings": {
|
| "methods": {
|
| - "testIamPermissions": {
|
| - "description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.",
|
| - "httpMethod": "POST",
|
| - "id": "cloudkms.projects.locations.keyRings.testIamPermissions",
|
| - "parameterOrder": [
|
| - "resource"
|
| - ],
|
| - "parameters": {
|
| - "resource": {
|
| - "description": "REQUIRED: The resource for which the policy detail is being requested.\n`resource` is usually specified as a path. For example, a Project\nresource is specified as `projects/{project}`.",
|
| - "location": "path",
|
| - "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$",
|
| - "required": true,
|
| - "type": "string"
|
| - }
|
| - },
|
| - "path": "v1beta1/{+resource}:testIamPermissions",
|
| - "request": {
|
| - "$ref": "TestIamPermissionsRequest"
|
| - },
|
| - "response": {
|
| - "$ref": "TestIamPermissionsResponse"
|
| - },
|
| - "scopes": [
|
| - "https://www.googleapis.com/auth/cloud-platform"
|
| - ]
|
| - },
|
| "list": {
|
| "description": "Lists KeyRings.",
|
| "httpMethod": "GET",
|
| @@ -221,6 +194,13 @@
|
| "parent"
|
| ],
|
| "parameters": {
|
| + "parent": {
|
| + "description": "Required. The resource name of the location associated with the\nKeyRings, in the format `projects/*/locations/*`.",
|
| + "location": "path",
|
| + "pattern": "^projects/[^/]+/locations/[^/]+$",
|
| + "required": true,
|
| + "type": "string"
|
| + },
|
| "pageToken": {
|
| "description": "Optional pagination token, returned earlier via\nListKeyRingsResponse.next_page_token.",
|
| "location": "query",
|
| @@ -231,13 +211,6 @@
|
| "format": "int32",
|
| "location": "query",
|
| "type": "integer"
|
| - },
|
| - "parent": {
|
| - "description": "Required. The resource name of the location associated with the\nKeyRings, in the format `projects/*/locations/*`.",
|
| - "location": "path",
|
| - "pattern": "^projects/[^/]+/locations/[^/]+$",
|
| - "required": true,
|
| - "type": "string"
|
| }
|
| },
|
| "path": "v1beta1/{+parent}/keyRings",
|
| @@ -354,11 +327,95 @@
|
| "scopes": [
|
| "https://www.googleapis.com/auth/cloud-platform"
|
| ]
|
| + },
|
| + "testIamPermissions": {
|
| + "description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.",
|
| + "httpMethod": "POST",
|
| + "id": "cloudkms.projects.locations.keyRings.testIamPermissions",
|
| + "parameterOrder": [
|
| + "resource"
|
| + ],
|
| + "parameters": {
|
| + "resource": {
|
| + "description": "REQUIRED: The resource for which the policy detail is being requested.\n`resource` is usually specified as a path. For example, a Project\nresource is specified as `projects/{project}`.",
|
| + "location": "path",
|
| + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$",
|
| + "required": true,
|
| + "type": "string"
|
| + }
|
| + },
|
| + "path": "v1beta1/{+resource}:testIamPermissions",
|
| + "request": {
|
| + "$ref": "TestIamPermissionsRequest"
|
| + },
|
| + "response": {
|
| + "$ref": "TestIamPermissionsResponse"
|
| + },
|
| + "scopes": [
|
| + "https://www.googleapis.com/auth/cloud-platform"
|
| + ]
|
| }
|
| },
|
| "resources": {
|
| "cryptoKeys": {
|
| "methods": {
|
| + "patch": {
|
| + "description": "Update a CryptoKey.",
|
| + "httpMethod": "PATCH",
|
| + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.patch",
|
| + "parameterOrder": [
|
| + "name"
|
| + ],
|
| + "parameters": {
|
| + "updateMask": {
|
| + "description": "Required list of fields to be updated in this request.",
|
| + "format": "google-fieldmask",
|
| + "location": "query",
|
| + "type": "string"
|
| + },
|
| + "name": {
|
| + "description": "Output only. The resource name for this CryptoKey in the format\n`projects/*/locations/*/keyRings/*/cryptoKeys/*`.",
|
| + "location": "path",
|
| + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$",
|
| + "required": true,
|
| + "type": "string"
|
| + }
|
| + },
|
| + "path": "v1beta1/{+name}",
|
| + "request": {
|
| + "$ref": "CryptoKey"
|
| + },
|
| + "response": {
|
| + "$ref": "CryptoKey"
|
| + },
|
| + "scopes": [
|
| + "https://www.googleapis.com/auth/cloud-platform"
|
| + ]
|
| + },
|
| + "get": {
|
| + "description": "Returns metadata for a given CryptoKey, as well as its\nprimary CryptoKeyVersion.",
|
| + "httpMethod": "GET",
|
| + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.get",
|
| + "parameterOrder": [
|
| + "name"
|
| + ],
|
| + "parameters": {
|
| + "name": {
|
| + "description": "The name of the CryptoKey to get.",
|
| + "location": "path",
|
| + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$",
|
| + "required": true,
|
| + "type": "string"
|
| + }
|
| + },
|
| + "path": "v1beta1/{+name}",
|
| + "response": {
|
| + "$ref": "CryptoKey"
|
| + },
|
| + "scopes": [
|
| + "https://www.googleapis.com/auth/cloud-platform"
|
| + ]
|
| + },
|
| "testIamPermissions": {
|
| "description": "Returns permissions that a caller has on the specified resource.\nIf the resource does not exist, this will return an empty set of\npermissions, not a NOT_FOUND error.",
|
| "httpMethod": "POST",
|
| @@ -421,6 +478,11 @@
|
| "parent"
|
| ],
|
| "parameters": {
|
| + "pageToken": {
|
| + "description": "Optional pagination token, returned earlier via\nListCryptoKeysResponse.next_page_token.",
|
| + "location": "query",
|
| + "type": "string"
|
| + },
|
| "pageSize": {
|
| "description": "Optional limit on the number of CryptoKeys to include in the\nresponse. Further CryptoKeys can subsequently be obtained by\nincluding the ListCryptoKeysResponse.next_page_token in a subsequent\nrequest. If unspecified, the server will pick an appropriate default.",
|
| "format": "int32",
|
| @@ -433,11 +495,6 @@
|
| "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$",
|
| "required": true,
|
| "type": "string"
|
| - },
|
| - "pageToken": {
|
| - "description": "Optional pagination token, returned earlier via\nListCryptoKeysResponse.next_page_token.",
|
| - "location": "query",
|
| - "type": "string"
|
| }
|
| },
|
| "path": "v1beta1/{+parent}/cryptoKeys",
|
| @@ -475,60 +532,60 @@
|
| "https://www.googleapis.com/auth/cloud-platform"
|
| ]
|
| },
|
| - "setIamPolicy": {
|
| - "description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.",
|
| + "create": {
|
| + "description": "Create a new CryptoKey within a KeyRing.\n\nCryptoKey.purpose is required.",
|
| "httpMethod": "POST",
|
| - "id": "cloudkms.projects.locations.keyRings.cryptoKeys.setIamPolicy",
|
| + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.create",
|
| "parameterOrder": [
|
| - "resource"
|
| + "parent"
|
| ],
|
| "parameters": {
|
| - "resource": {
|
| - "description": "REQUIRED: The resource for which the policy is being specified.\n`resource` is usually specified as a path. For example, a Project\nresource is specified as `projects/{project}`.",
|
| + "parent": {
|
| + "description": "Required. The name of the KeyRing associated with the\nCryptoKeys.",
|
| "location": "path",
|
| - "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$",
|
| + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$",
|
| "required": true,
|
| "type": "string"
|
| - }
|
| - },
|
| - "path": "v1beta1/{+resource}:setIamPolicy",
|
| + },
|
| + "cryptoKeyId": {
|
| + "description": "Required. It must be unique within a KeyRing and match the regular\nexpression `[a-zA-Z0-9_-]{1,63}`",
|
| + "location": "query",
|
| + "type": "string"
|
| + }
|
| + },
|
| + "path": "v1beta1/{+parent}/cryptoKeys",
|
| "request": {
|
| - "$ref": "SetIamPolicyRequest"
|
| + "$ref": "CryptoKey"
|
| },
|
| "response": {
|
| - "$ref": "Policy"
|
| + "$ref": "CryptoKey"
|
| },
|
| "scopes": [
|
| "https://www.googleapis.com/auth/cloud-platform"
|
| ]
|
| },
|
| - "create": {
|
| - "description": "Create a new CryptoKey within a KeyRing.\n\nCryptoKey.purpose is required.",
|
| + "setIamPolicy": {
|
| + "description": "Sets the access control policy on the specified resource. Replaces any\nexisting policy.",
|
| "httpMethod": "POST",
|
| - "id": "cloudkms.projects.locations.keyRings.cryptoKeys.create",
|
| + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.setIamPolicy",
|
| "parameterOrder": [
|
| - "parent"
|
| + "resource"
|
| ],
|
| "parameters": {
|
| - "parent": {
|
| - "description": "Required. The name of the KeyRing associated with the\nCryptoKeys.",
|
| + "resource": {
|
| + "description": "REQUIRED: The resource for which the policy is being specified.\n`resource` is usually specified as a path. For example, a Project\nresource is specified as `projects/{project}`.",
|
| "location": "path",
|
| - "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+$",
|
| + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$",
|
| "required": true,
|
| "type": "string"
|
| - },
|
| - "cryptoKeyId": {
|
| - "description": "Required. It must be unique within a KeyRing and match the regular\nexpression `[a-zA-Z0-9_-]{1,63}`",
|
| - "location": "query",
|
| - "type": "string"
|
| }
|
| },
|
| - "path": "v1beta1/{+parent}/cryptoKeys",
|
| + "path": "v1beta1/{+resource}:setIamPolicy",
|
| "request": {
|
| - "$ref": "CryptoKey"
|
| + "$ref": "SetIamPolicyRequest"
|
| },
|
| "response": {
|
| - "$ref": "CryptoKey"
|
| + "$ref": "Policy"
|
| },
|
| "scopes": [
|
| "https://www.googleapis.com/auth/cloud-platform"
|
| @@ -584,63 +641,6 @@
|
| "scopes": [
|
| "https://www.googleapis.com/auth/cloud-platform"
|
| ]
|
| - },
|
| - "get": {
|
| - "description": "Returns metadata for a given CryptoKey, as well as its\nprimary CryptoKeyVersion.",
|
| - "httpMethod": "GET",
|
| - "id": "cloudkms.projects.locations.keyRings.cryptoKeys.get",
|
| - "parameterOrder": [
|
| - "name"
|
| - ],
|
| - "parameters": {
|
| - "name": {
|
| - "description": "The name of the CryptoKey to get.",
|
| - "location": "path",
|
| - "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$",
|
| - "required": true,
|
| - "type": "string"
|
| - }
|
| - },
|
| - "path": "v1beta1/{+name}",
|
| - "response": {
|
| - "$ref": "CryptoKey"
|
| - },
|
| - "scopes": [
|
| - "https://www.googleapis.com/auth/cloud-platform"
|
| - ]
|
| - },
|
| - "patch": {
|
| - "description": "Update a CryptoKey.",
|
| - "httpMethod": "PATCH",
|
| - "id": "cloudkms.projects.locations.keyRings.cryptoKeys.patch",
|
| - "parameterOrder": [
|
| - "name"
|
| - ],
|
| - "parameters": {
|
| - "updateMask": {
|
| - "description": "Required list of fields to be updated in this request.",
|
| - "format": "google-fieldmask",
|
| - "location": "query",
|
| - "type": "string"
|
| - },
|
| - "name": {
|
| - "description": "Output only. The resource name for this CryptoKey in the format\n`projects/*/locations/*/keyRings/*/cryptoKeys/*`.",
|
| - "location": "path",
|
| - "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$",
|
| - "required": true,
|
| - "type": "string"
|
| - }
|
| - },
|
| - "path": "v1beta1/{+name}",
|
| - "request": {
|
| - "$ref": "CryptoKey"
|
| - },
|
| - "response": {
|
| - "$ref": "CryptoKey"
|
| - },
|
| - "scopes": [
|
| - "https://www.googleapis.com/auth/cloud-platform"
|
| - ]
|
| }
|
| },
|
| "resources": {
|
| @@ -681,25 +681,25 @@
|
| "https://www.googleapis.com/auth/cloud-platform"
|
| ]
|
| },
|
| - "create": {
|
| - "description": "Create a new CryptoKeyVersion in a CryptoKey.\n\nThe server will assign the next sequential id. If unset,\nstate will be set to\nENABLED.",
|
| + "destroy": {
|
| + "description": "Schedule a CryptoKeyVersion for destruction.\n\nUpon calling this method, CryptoKeyVersion.state will be set to\nDESTROY_SCHEDULED\nand destroy_time will be set to a time 24\nhours in the future, at which point the state\nwill be changed to\nDESTROYED, and the key\nmaterial will be irrevocably destroyed.\n\nBefore the destroy_time is reached,\nRestoreCryptoKeyVersion may be called to reverse the process.",
|
| "httpMethod": "POST",
|
| - "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.create",
|
| + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.destroy",
|
| "parameterOrder": [
|
| - "parent"
|
| + "name"
|
| ],
|
| "parameters": {
|
| - "parent": {
|
| - "description": "Required. The name of the CryptoKey associated with\nthe CryptoKeyVersions.",
|
| + "name": {
|
| + "description": "The resource name of the CryptoKeyVersion to destroy.",
|
| "location": "path",
|
| - "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$",
|
| + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$",
|
| "required": true,
|
| "type": "string"
|
| }
|
| },
|
| - "path": "v1beta1/{+parent}/cryptoKeyVersions",
|
| + "path": "v1beta1/{+name}:destroy",
|
| "request": {
|
| - "$ref": "CryptoKeyVersion"
|
| + "$ref": "DestroyCryptoKeyVersionRequest"
|
| },
|
| "response": {
|
| "$ref": "CryptoKeyVersion"
|
| @@ -708,25 +708,25 @@
|
| "https://www.googleapis.com/auth/cloud-platform"
|
| ]
|
| },
|
| - "destroy": {
|
| - "description": "Schedule a CryptoKeyVersion for destruction.\n\nUpon calling this method, CryptoKeyVersion.state will be set to\nDESTROY_SCHEDULED\nand destroy_time will be set to a time 24\nhours in the future, at which point the state\nwill be changed to\nDESTROYED, and the key\nmaterial will be irrevocably destroyed.\n\nBefore the destroy_time is reached,\nRestoreCryptoKeyVersion may be called to reverse the process.",
|
| + "create": {
|
| + "description": "Create a new CryptoKeyVersion in a CryptoKey.\n\nThe server will assign the next sequential id. If unset,\nstate will be set to\nENABLED.",
|
| "httpMethod": "POST",
|
| - "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.destroy",
|
| + "id": "cloudkms.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.create",
|
| "parameterOrder": [
|
| - "name"
|
| + "parent"
|
| ],
|
| "parameters": {
|
| - "name": {
|
| - "description": "The resource name of the CryptoKeyVersion to destroy.",
|
| + "parent": {
|
| + "description": "Required. The name of the CryptoKey associated with\nthe CryptoKeyVersions.",
|
| "location": "path",
|
| - "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+/cryptoKeyVersions/[^/]+$",
|
| + "pattern": "^projects/[^/]+/locations/[^/]+/keyRings/[^/]+/cryptoKeys/[^/]+$",
|
| "required": true,
|
| "type": "string"
|
| }
|
| },
|
| - "path": "v1beta1/{+name}:destroy",
|
| + "path": "v1beta1/{+parent}/cryptoKeyVersions",
|
| "request": {
|
| - "$ref": "DestroyCryptoKeyVersionRequest"
|
| + "$ref": "CryptoKeyVersion"
|
| },
|
| "response": {
|
| "$ref": "CryptoKeyVersion"
|
| @@ -830,329 +830,130 @@
|
| }
|
| }
|
| },
|
| - "revision": "20170117",
|
| + "revision": "20170201",
|
| "rootUrl": "https://cloudkms.googleapis.com/",
|
| "schemas": {
|
| - "SetIamPolicyRequest": {
|
| - "description": "Request message for `SetIamPolicy` method.",
|
| - "id": "SetIamPolicyRequest",
|
| + "DecryptResponse": {
|
| + "description": "Response message for KeyManagementService.Decrypt.",
|
| + "id": "DecryptResponse",
|
| "properties": {
|
| - "policy": {
|
| - "$ref": "Policy",
|
| - "description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
|
| - },
|
| - "updateMask": {
|
| - "description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, a default\nmask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
|
| - "format": "google-fieldmask",
|
| + "plaintext": {
|
| + "description": "The decrypted data originally supplied in EncryptRequest.plaintext.",
|
| + "format": "byte",
|
| "type": "string"
|
| }
|
| },
|
| "type": "object"
|
| },
|
| - "DecryptRequest": {
|
| - "description": "Request message for KeyManagementService.Decrypt.",
|
| - "id": "DecryptRequest",
|
| + "TestIamPermissionsRequest": {
|
| + "description": "Request message for `TestIamPermissions` method.",
|
| + "id": "TestIamPermissionsRequest",
|
| "properties": {
|
| - "ciphertext": {
|
| - "description": "Required. The encrypted data originally returned in\nEncryptResponse.ciphertext.",
|
| - "format": "byte",
|
| - "type": "string"
|
| - },
|
| - "additionalAuthenticatedData": {
|
| - "description": "Optional data that must match the data originally supplied in\nEncryptRequest.additional_authenticated_data.",
|
| - "format": "byte",
|
| - "type": "string"
|
| + "permissions": {
|
| + "description": "The set of permissions to check for the `resource`. Permissions with\nwildcards (such as '*' or 'storage.*') are not allowed. For more\ninformation see\n[IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
|
| + "items": {
|
| + "type": "string"
|
| + },
|
| + "type": "array"
|
| }
|
| },
|
| "type": "object"
|
| },
|
| - "Location": {
|
| - "description": "A resource that represents Google Cloud Platform location.",
|
| - "id": "Location",
|
| + "Policy": {
|
| + "description": "Defines an Identity and Access Management (IAM) policy. It is used to\nspecify access control policies for Cloud Platform resources.\n\n\nA `Policy` consists of a list of `bindings`. A `Binding` binds a list of\n`members` to a `role`, where the members can be user accounts, Google groups,\nGoogle domains, and service accounts. A `role` is a named list of permissions\ndefined by IAM.\n\n**Example**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/owner\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-other-app@appspot.gserviceaccount.com\",\n ]\n },\n {\n \"role\": \"roles/viewer\",\n \"members\": [\"user:sean@example.com\"]\n }\n ]\n }\n\nFor a description of IAM and its features, see the\n[IAM developer's guide](https://cloud.google.com/iam).",
|
| + "id": "Policy",
|
| "properties": {
|
| - "locationId": {
|
| - "description": "The canonical id for this location. For example: `\"us-east1\"`.",
|
| + "etag": {
|
| + "description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\nIf no `etag` is provided in the call to `setIamPolicy`, then the existing\npolicy is overwritten blindly.",
|
| + "format": "byte",
|
| "type": "string"
|
| },
|
| - "metadata": {
|
| - "additionalProperties": {
|
| - "description": "Properties of the object. Contains field @type with type URL.",
|
| - "type": "any"
|
| + "iamOwned": {
|
| + "type": "boolean"
|
| + },
|
| + "rules": {
|
| + "description": "If more than one rule is specified, the rules are applied in the following\nmanner:\n- All matching LOG rules are always applied.\n- If any DENY/DENY_WITH_LOG rule matches, permission is denied.\n Logging will be applied if one or more matching rule requires logging.\n- Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is\n granted.\n Logging will be applied if one or more matching rule requires logging.\n- Otherwise, if no rule applies, permission is denied.",
|
| + "items": {
|
| + "$ref": "Rule"
|
| },
|
| - "description": "Service-specific metadata. For example the available capacity at the given\nlocation.",
|
| - "type": "object"
|
| + "type": "array"
|
| },
|
| - "labels": {
|
| - "additionalProperties": {
|
| - "type": "string"
|
| + "version": {
|
| + "description": "Version of the `Policy`. The default version is 0.",
|
| + "format": "int32",
|
| + "type": "integer"
|
| + },
|
| + "auditConfigs": {
|
| + "description": "Specifies cloud audit logging configuration for this policy.",
|
| + "items": {
|
| + "$ref": "AuditConfig"
|
| },
|
| - "description": "Cross-service attributes for the location. For example\n\n {\"cloud.googleapis.com/region\": \"us-east1\"}",
|
| - "type": "object"
|
| + "type": "array"
|
| },
|
| - "name": {
|
| - "description": "Resource name for the location, which may vary between implementations.\nFor example: `\"projects/example-project/locations/us-east1\"`",
|
| - "type": "string"
|
| + "bindings": {
|
| + "description": "Associates a list of `members` to a `role`.\nMultiple `bindings` must not be specified for the same `role`.\n`bindings` with no members will result in an error.",
|
| + "items": {
|
| + "$ref": "Binding"
|
| + },
|
| + "type": "array"
|
| }
|
| },
|
| "type": "object"
|
| },
|
| - "ListCryptoKeysResponse": {
|
| - "description": "Response message for KeyManagementService.ListCryptoKeys.",
|
| - "id": "ListCryptoKeysResponse",
|
| + "ListLocationsResponse": {
|
| + "description": "The response message for Locations.ListLocations.",
|
| + "id": "ListLocationsResponse",
|
| "properties": {
|
| - "nextPageToken": {
|
| - "description": "A token to retrieve next page of results. Pass this value in\nListCryptoKeysRequest.page_token to retrieve the next page of results.",
|
| - "type": "string"
|
| - },
|
| - "cryptoKeys": {
|
| - "description": "The list of CryptoKeys.",
|
| + "locations": {
|
| + "description": "A list of locations that matches the specified filter in the request.",
|
| "items": {
|
| - "$ref": "CryptoKey"
|
| + "$ref": "Location"
|
| },
|
| "type": "array"
|
| },
|
| - "totalSize": {
|
| - "description": "The total number of CryptoKeys that matched the query.",
|
| - "format": "int32",
|
| - "type": "integer"
|
| + "nextPageToken": {
|
| + "description": "The standard List next-page token.",
|
| + "type": "string"
|
| }
|
| },
|
| "type": "object"
|
| },
|
| - "Condition": {
|
| - "description": "A condition to be met.",
|
| - "id": "Condition",
|
| + "KeyRing": {
|
| + "description": "A KeyRing is a toplevel logical grouping of CryptoKeys.",
|
| + "id": "KeyRing",
|
| "properties": {
|
| - "sys": {
|
| - "description": "Trusted attributes supplied by any service that owns resources and uses\nthe IAM system for access control.",
|
| - "enum": [
|
| - "NO_ATTR",
|
| - "REGION",
|
| - "SERVICE",
|
| - "NAME",
|
| - "IP"
|
| - ],
|
| - "enumDescriptions": [
|
| - "Default non-attribute type",
|
| - "Region of the resource",
|
| - "Service name",
|
| - "Resource name",
|
| - "IP address of the caller"
|
| - ],
|
| - "type": "string"
|
| - },
|
| - "value": {
|
| - "description": "DEPRECATED. Use 'values' instead.",
|
| - "type": "string"
|
| - },
|
| - "values": {
|
| - "description": "The objects of the condition. This is mutually exclusive with 'value'.",
|
| - "items": {
|
| - "type": "string"
|
| - },
|
| - "type": "array"
|
| - },
|
| - "iam": {
|
| - "description": "Trusted attributes supplied by the IAM system.",
|
| - "enum": [
|
| - "NO_ATTR",
|
| - "AUTHORITY",
|
| - "ATTRIBUTION"
|
| - ],
|
| - "enumDescriptions": [
|
| - "Default non-attribute.",
|
| - "Either principal or (if present) authority selector.",
|
| - "The principal (even if an authority selector is present), which\nmust only be used for attribution, not authorization."
|
| - ],
|
| - "type": "string"
|
| - },
|
| - "op": {
|
| - "description": "An operator to apply the subject with.",
|
| - "enum": [
|
| - "NO_OP",
|
| - "EQUALS",
|
| - "NOT_EQUALS",
|
| - "IN",
|
| - "NOT_IN",
|
| - "DISCHARGED"
|
| - ],
|
| - "enumDescriptions": [
|
| - "Default no-op.",
|
| - "DEPRECATED. Use IN instead.",
|
| - "DEPRECATED. Use NOT_IN instead.",
|
| - "Set-inclusion check.",
|
| - "Set-exclusion check.",
|
| - "Subject is discharged"
|
| - ],
|
| - "type": "string"
|
| - },
|
| - "svc": {
|
| - "description": "Trusted attributes discharged by the service.",
|
| - "type": "string"
|
| - }
|
| - },
|
| - "type": "object"
|
| - },
|
| - "CounterOptions": {
|
| - "description": "Options for counters",
|
| - "id": "CounterOptions",
|
| - "properties": {
|
| - "metric": {
|
| - "description": "The metric to update.",
|
| - "type": "string"
|
| - },
|
| - "field": {
|
| - "description": "The field value to attribute.",
|
| + "createTime": {
|
| + "description": "Output only. The time at which this KeyRing was created.",
|
| + "format": "google-datetime",
|
| "type": "string"
|
| - }
|
| - },
|
| - "type": "object"
|
| - },
|
| - "AuditLogConfig": {
|
| - "description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\nfoo@gmail.com from DATA_READ logging.",
|
| - "id": "AuditLogConfig",
|
| - "properties": {
|
| - "exemptedMembers": {
|
| - "description": "Specifies the identities that do not cause logging for this type of\npermission.\nFollows the same format of Binding.members.",
|
| - "items": {
|
| - "type": "string"
|
| - },
|
| - "type": "array"
|
| },
|
| - "logType": {
|
| - "description": "The log type that this config enables.",
|
| - "enum": [
|
| - "LOG_TYPE_UNSPECIFIED",
|
| - "ADMIN_READ",
|
| - "DATA_WRITE",
|
| - "DATA_READ"
|
| - ],
|
| - "enumDescriptions": [
|
| - "Default case. Should never be this.",
|
| - "Admin reads. Example: CloudIAM getIamPolicy",
|
| - "Data writes. Example: CloudSQL Users create",
|
| - "Data reads. Example: CloudSQL Users list"
|
| - ],
|
| - "type": "string"
|
| - }
|
| - },
|
| - "type": "object"
|
| - },
|
| - "DecryptResponse": {
|
| - "description": "Response message for KeyManagementService.Decrypt.",
|
| - "id": "DecryptResponse",
|
| - "properties": {
|
| - "plaintext": {
|
| - "description": "The decrypted data originally supplied in EncryptRequest.plaintext.",
|
| - "format": "byte",
|
| + "name": {
|
| + "description": "Output only. The resource name for the KeyRing in the format\n`projects/*/locations/*/keyRings/*`.",
|
| "type": "string"
|
| }
|
| },
|
| "type": "object"
|
| },
|
| - "TestIamPermissionsRequest": {
|
| - "description": "Request message for `TestIamPermissions` method.",
|
| - "id": "TestIamPermissionsRequest",
|
| - "properties": {
|
| - "permissions": {
|
| - "description": "The set of permissions to check for the `resource`. Permissions with\nwildcards (such as '*' or 'storage.*') are not allowed. For more\ninformation see\n[IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
|
| - "items": {
|
| - "type": "string"
|
| - },
|
| - "type": "array"
|
| - }
|
| - },
|
| - "type": "object"
|
| - },
|
| "EncryptResponse": {
|
| "description": "Response message for KeyManagementService.Encrypt.",
|
| "id": "EncryptResponse",
|
| "properties": {
|
| - "ciphertext": {
|
| - "description": "The encrypted data.",
|
| - "format": "byte",
|
| - "type": "string"
|
| - },
|
| "name": {
|
| "description": "The resource name of the CryptoKeyVersion used in encryption.",
|
| "type": "string"
|
| - }
|
| - },
|
| - "type": "object"
|
| - },
|
| - "KeyRing": {
|
| - "description": "A KeyRing is a toplevel logical grouping of CryptoKeys.",
|
| - "id": "KeyRing",
|
| - "properties": {
|
| - "createTime": {
|
| - "description": "Output only. The time at which this KeyRing was created.",
|
| - "format": "google-datetime",
|
| - "type": "string"
|
| - },
|
| - "name": {
|
| - "description": "Output only. The resource name for the KeyRing in the format\n`projects/*/locations/*/keyRings/*`.",
|
| - "type": "string"
|
| - }
|
| - },
|
| - "type": "object"
|
| - },
|
| - "ListLocationsResponse": {
|
| - "description": "The response message for Locations.ListLocations.",
|
| - "id": "ListLocationsResponse",
|
| - "properties": {
|
| - "locations": {
|
| - "description": "A list of locations that matches the specified filter in the request.",
|
| - "items": {
|
| - "$ref": "Location"
|
| - },
|
| - "type": "array"
|
| },
|
| - "nextPageToken": {
|
| - "description": "The standard List next-page token.",
|
| + "ciphertext": {
|
| + "description": "The encrypted data.",
|
| + "format": "byte",
|
| "type": "string"
|
| }
|
| },
|
| "type": "object"
|
| },
|
| - "Policy": {
|
| - "description": "Defines an Identity and Access Management (IAM) policy. It is used to\nspecify access control policies for Cloud Platform resources.\n\n\nA `Policy` consists of a list of `bindings`. A `Binding` binds a list of\n`members` to a `role`, where the members can be user accounts, Google groups,\nGoogle domains, and service accounts. A `role` is a named list of permissions\ndefined by IAM.\n\n**Example**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/owner\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-other-app@appspot.gserviceaccount.com\",\n ]\n },\n {\n \"role\": \"roles/viewer\",\n \"members\": [\"user:sean@example.com\"]\n }\n ]\n }\n\nFor a description of IAM and its features, see the\n[IAM developer's guide](https://cloud.google.com/iam).",
|
| - "id": "Policy",
|
| - "properties": {
|
| - "etag": {
|
| - "description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\nIf no `etag` is provided in the call to `setIamPolicy`, then the existing\npolicy is overwritten blindly.",
|
| - "format": "byte",
|
| - "type": "string"
|
| - },
|
| - "iamOwned": {
|
| - "type": "boolean"
|
| - },
|
| - "rules": {
|
| - "description": "If more than one rule is specified, the rules are applied in the following\nmanner:\n- All matching LOG rules are always applied.\n- If any DENY/DENY_WITH_LOG rule matches, permission is denied.\n Logging will be applied if one or more matching rule requires logging.\n- Otherwise, if any ALLOW/ALLOW_WITH_LOG rule matches, permission is\n granted.\n Logging will be applied if one or more matching rule requires logging.\n- Otherwise, if no rule applies, permission is denied.",
|
| - "items": {
|
| - "$ref": "Rule"
|
| - },
|
| - "type": "array"
|
| - },
|
| - "version": {
|
| - "description": "Version of the `Policy`. The default version is 0.",
|
| - "format": "int32",
|
| - "type": "integer"
|
| - },
|
| - "auditConfigs": {
|
| - "description": "Specifies cloud audit logging configuration for this policy.",
|
| - "items": {
|
| - "$ref": "AuditConfig"
|
| - },
|
| - "type": "array"
|
| - },
|
| - "bindings": {
|
| - "description": "Associates a list of `members` to a `role`.\nMultiple `bindings` must not be specified for the same `role`.\n`bindings` with no members will result in an error.",
|
| - "items": {
|
| - "$ref": "Binding"
|
| - },
|
| - "type": "array"
|
| - }
|
| - },
|
| + "RestoreCryptoKeyVersionRequest": {
|
| + "description": "Request message for KeyManagementService.RestoreCryptoKeyVersion.",
|
| + "id": "RestoreCryptoKeyVersionRequest",
|
| + "properties": {},
|
| "type": "object"
|
| },
|
| "UpdateCryptoKeyPrimaryVersionRequest": {
|
| @@ -1166,18 +967,6 @@
|
| },
|
| "type": "object"
|
| },
|
| - "RestoreCryptoKeyVersionRequest": {
|
| - "description": "Request message for KeyManagementService.RestoreCryptoKeyVersion.",
|
| - "id": "RestoreCryptoKeyVersionRequest",
|
| - "properties": {},
|
| - "type": "object"
|
| - },
|
| - "DataAccessOptions": {
|
| - "description": "Write a Data Access (Gin) log",
|
| - "id": "DataAccessOptions",
|
| - "properties": {},
|
| - "type": "object"
|
| - },
|
| "ListKeyRingsResponse": {
|
| "description": "Response message for KeyManagementService.ListKeyRings.",
|
| "id": "ListKeyRingsResponse",
|
| @@ -1201,10 +990,20 @@
|
| },
|
| "type": "object"
|
| },
|
| + "DataAccessOptions": {
|
| + "description": "Write a Data Access (Gin) log",
|
| + "id": "DataAccessOptions",
|
| + "properties": {},
|
| + "type": "object"
|
| + },
|
| "AuditConfig": {
|
| "description": "Specifies the audit configuration for a service.\nIt consists of which permission types are logged, and what identities, if\nany, are exempted from logging.\nAn AuditConifg must have one or more AuditLogConfigs.",
|
| "id": "AuditConfig",
|
| "properties": {
|
| + "service": {
|
| + "description": "Specifies a service that will be enabled for audit logging.\nFor example, `resourcemanager`, `storage`, `compute`.\n`allServices` is a special value that covers all services.",
|
| + "type": "string"
|
| + },
|
| "auditLogConfigs": {
|
| "description": "The configuration for logging of each type of permission.\nNext ID: 4",
|
| "items": {
|
| @@ -1218,10 +1017,6 @@
|
| "type": "string"
|
| },
|
| "type": "array"
|
| - },
|
| - "service": {
|
| - "description": "Specifies a service that will be enabled for audit logging.\nFor example, `resourcemanager`, `storage`, `compute`.\n`allServices` is a special value that covers all services.",
|
| - "type": "string"
|
| }
|
| },
|
| "type": "object"
|
| @@ -1315,6 +1110,11 @@
|
| "description": "Response message for KeyManagementService.ListCryptoKeyVersions.",
|
| "id": "ListCryptoKeyVersionsResponse",
|
| "properties": {
|
| + "totalSize": {
|
| + "description": "The total number of CryptoKeyVersions that matched the\nquery.",
|
| + "format": "int32",
|
| + "type": "integer"
|
| + },
|
| "cryptoKeyVersions": {
|
| "description": "The list of CryptoKeyVersions.",
|
| "items": {
|
| @@ -1325,11 +1125,6 @@
|
| "nextPageToken": {
|
| "description": "A token to retrieve next page of results. Pass this value in\nListCryptoKeyVersionsRequest.page_token to retrieve the next page of\nresults.",
|
| "type": "string"
|
| - },
|
| - "totalSize": {
|
| - "description": "The total number of CryptoKeyVersions that matched the\nquery.",
|
| - "format": "int32",
|
| - "type": "integer"
|
| }
|
| },
|
| "type": "object"
|
| @@ -1354,17 +1149,52 @@
|
| "properties": {},
|
| "type": "object"
|
| },
|
| - "Rule": {
|
| - "description": "A rule to be applied in a Policy.",
|
| - "id": "Rule",
|
| + "CryptoKey": {
|
| + "description": "A CryptoKey represents a logical key that can be used for cryptographic\noperations.\n\nA CryptoKey is made up of one or more versions, which\nrepresent the actual key material used in cryptographic operations.",
|
| + "id": "CryptoKey",
|
| "properties": {
|
| - "notIn": {
|
| - "description": "If one or more 'not_in' clauses are specified, the rule matches\nif the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.\nThe format for in and not_in entries is the same as for members in a\nBinding (see google/iam/v1/policy.proto).",
|
| - "items": {
|
| - "type": "string"
|
| - },
|
| - "type": "array"
|
| + "createTime": {
|
| + "description": "Output only. The time at which this CryptoKey was created.",
|
| + "format": "google-datetime",
|
| + "type": "string"
|
| + },
|
| + "rotationPeriod": {
|
| + "description": "next_rotation_time will be advanced by this period when the service\nautomatically rotates a key. Must be at least one day.\n\nIf rotation_period is set, next_rotation_time must also be set.",
|
| + "format": "google-duration",
|
| + "type": "string"
|
| + },
|
| + "primary": {
|
| + "$ref": "CryptoKeyVersion",
|
| + "description": "Output only. A copy of the \"primary\" CryptoKeyVersion that will be used\nby Encrypt when this CryptoKey is given\nin EncryptRequest.name.\n\nThe CryptoKey's primary version can be updated via\nUpdateCryptoKeyPrimaryVersion."
|
| + },
|
| + "name": {
|
| + "description": "Output only. The resource name for this CryptoKey in the format\n`projects/*/locations/*/keyRings/*/cryptoKeys/*`.",
|
| + "type": "string"
|
| + },
|
| + "purpose": {
|
| + "description": "The immutable purpose of this CryptoKey. Currently, the only acceptable\npurpose is ENCRYPT_DECRYPT.",
|
| + "enum": [
|
| + "CRYPTO_KEY_PURPOSE_UNSPECIFIED",
|
| + "ENCRYPT_DECRYPT"
|
| + ],
|
| + "enumDescriptions": [
|
| + "Not specified.",
|
| + "CryptoKeys with this purpose may be used with\nEncrypt and\nDecrypt."
|
| + ],
|
| + "type": "string"
|
| },
|
| + "nextRotationTime": {
|
| + "description": "At next_rotation_time, the Key Management Service will automatically:\n\n1. Create a new version of this CryptoKey.\n2. Mark the new version as primary.\n\nKey rotations performed manually via\nCreateCryptoKeyVersion and\nUpdateCryptoKeyPrimaryVersion\ndo not affect next_rotation_time.",
|
| + "format": "google-datetime",
|
| + "type": "string"
|
| + }
|
| + },
|
| + "type": "object"
|
| + },
|
| + "Rule": {
|
| + "description": "A rule to be applied in a Policy.",
|
| + "id": "Rule",
|
| + "properties": {
|
| "description": {
|
| "description": "Human-readable description of the rule.",
|
| "type": "string"
|
| @@ -1416,73 +1246,243 @@
|
| "Matching 'Entries' tell IAM.Check callers to generate logs."
|
| ],
|
| "type": "string"
|
| + },
|
| + "notIn": {
|
| + "description": "If one or more 'not_in' clauses are specified, the rule matches\nif the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries.\nThe format for in and not_in entries is the same as for members in a\nBinding (see google/iam/v1/policy.proto).",
|
| + "items": {
|
| + "type": "string"
|
| + },
|
| + "type": "array"
|
| }
|
| },
|
| "type": "object"
|
| },
|
| - "CryptoKey": {
|
| - "description": "A CryptoKey represents a logical key that can be used for cryptographic\noperations.\n\nA CryptoKey is made up of one or more versions, which\nrepresent the actual key material used in cryptographic operations.",
|
| - "id": "CryptoKey",
|
| + "LogConfig": {
|
| + "description": "Specifies what kind of log the caller must write\nIncrement a streamz counter with the specified metric and field names.\n\nMetric names should start with a '/', generally be lowercase-only,\nand end in \"_count\". Field names should not contain an initial slash.\nThe actual exported metric names will have \"/iam/policy\" prepended.\n\nField names correspond to IAM request parameters and field values are\ntheir respective values.\n\nAt present the only supported field names are\n - \"iam_principal\", corresponding to IAMContext.principal;\n - \"\" (empty string), resulting in one aggretated counter with no field.\n\nExamples:\n counter { metric: \"/debug_access_count\" field: \"iam_principal\" }\n ==> increment counter /iam/policy/backend_debug_access_count\n {iam_principal=[value of IAMContext.principal]}\n\nAt this time we do not support:\n* multiple field names (though this may be supported in the future)\n* decrementing the counter\n* incrementing it by anything other than 1",
|
| + "id": "LogConfig",
|
| "properties": {
|
| - "purpose": {
|
| - "description": "The immutable purpose of this CryptoKey. Currently, the only acceptable\npurpose is ENCRYPT_DECRYPT.",
|
| + "dataAccess": {
|
| + "$ref": "DataAccessOptions",
|
| + "description": "Data access options."
|
| + },
|
| + "cloudAudit": {
|
| + "$ref": "CloudAuditOptions",
|
| + "description": "Cloud audit options."
|
| + },
|
| + "counter": {
|
| + "$ref": "CounterOptions",
|
| + "description": "Counter options."
|
| + }
|
| + },
|
| + "type": "object"
|
| + },
|
| + "SetIamPolicyRequest": {
|
| + "description": "Request message for `SetIamPolicy` method.",
|
| + "id": "SetIamPolicyRequest",
|
| + "properties": {
|
| + "updateMask": {
|
| + "description": "OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only\nthe fields in the mask will be modified. If no mask is provided, a default\nmask is used:\npaths: \"bindings, etag\"\nThis field is only used by Cloud IAM.",
|
| + "format": "google-fieldmask",
|
| + "type": "string"
|
| + },
|
| + "policy": {
|
| + "$ref": "Policy",
|
| + "description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them."
|
| + }
|
| + },
|
| + "type": "object"
|
| + },
|
| + "DecryptRequest": {
|
| + "description": "Request message for KeyManagementService.Decrypt.",
|
| + "id": "DecryptRequest",
|
| + "properties": {
|
| + "ciphertext": {
|
| + "description": "Required. The encrypted data originally returned in\nEncryptResponse.ciphertext.",
|
| + "format": "byte",
|
| + "type": "string"
|
| + },
|
| + "additionalAuthenticatedData": {
|
| + "description": "Optional data that must match the data originally supplied in\nEncryptRequest.additional_authenticated_data.",
|
| + "format": "byte",
|
| + "type": "string"
|
| + }
|
| + },
|
| + "type": "object"
|
| + },
|
| + "Location": {
|
| + "description": "A resource that represents Google Cloud Platform location.",
|
| + "id": "Location",
|
| + "properties": {
|
| + "name": {
|
| + "description": "Resource name for the location, which may vary between implementations.\nFor example: `\"projects/example-project/locations/us-east1\"`",
|
| + "type": "string"
|
| + },
|
| + "locationId": {
|
| + "description": "The canonical id for this location. For example: `\"us-east1\"`.",
|
| + "type": "string"
|
| + },
|
| + "metadata": {
|
| + "additionalProperties": {
|
| + "description": "Properties of the object. Contains field @type with type URL.",
|
| + "type": "any"
|
| + },
|
| + "description": "Service-specific metadata. For example the available capacity at the given\nlocation.",
|
| + "type": "object"
|
| + },
|
| + "labels": {
|
| + "additionalProperties": {
|
| + "type": "string"
|
| + },
|
| + "description": "Cross-service attributes for the location. For example\n\n {\"cloud.googleapis.com/region\": \"us-east1\"}",
|
| + "type": "object"
|
| + }
|
| + },
|
| + "type": "object"
|
| + },
|
| + "ListCryptoKeysResponse": {
|
| + "description": "Response message for KeyManagementService.ListCryptoKeys.",
|
| + "id": "ListCryptoKeysResponse",
|
| + "properties": {
|
| + "nextPageToken": {
|
| + "description": "A token to retrieve next page of results. Pass this value in\nListCryptoKeysRequest.page_token to retrieve the next page of results.",
|
| + "type": "string"
|
| + },
|
| + "cryptoKeys": {
|
| + "description": "The list of CryptoKeys.",
|
| + "items": {
|
| + "$ref": "CryptoKey"
|
| + },
|
| + "type": "array"
|
| + },
|
| + "totalSize": {
|
| + "description": "The total number of CryptoKeys that matched the query.",
|
| + "format": "int32",
|
| + "type": "integer"
|
| + }
|
| + },
|
| + "type": "object"
|
| + },
|
| + "Condition": {
|
| + "description": "A condition to be met.",
|
| + "id": "Condition",
|
| + "properties": {
|
| + "op": {
|
| + "description": "An operator to apply the subject with.",
|
| "enum": [
|
| - "CRYPTO_KEY_PURPOSE_UNSPECIFIED",
|
| - "ENCRYPT_DECRYPT"
|
| + "NO_OP",
|
| + "EQUALS",
|
| + "NOT_EQUALS",
|
| + "IN",
|
| + "NOT_IN",
|
| + "DISCHARGED"
|
| ],
|
| "enumDescriptions": [
|
| - "Not specified.",
|
| - "CryptoKeys with this purpose may be used with\nEncrypt and\nDecrypt."
|
| + "Default no-op.",
|
| + "DEPRECATED. Use IN instead.",
|
| + "DEPRECATED. Use NOT_IN instead.",
|
| + "Set-inclusion check.",
|
| + "Set-exclusion check.",
|
| + "Subject is discharged"
|
| ],
|
| "type": "string"
|
| },
|
| - "nextRotationTime": {
|
| - "description": "At next_rotation_time, the Key Management Service will automatically:\n\n1. Create a new version of this CryptoKey.\n2. Mark the new version as primary.\n\nKey rotations performed manually via\nCreateCryptoKeyVersion and\nUpdateCryptoKeyPrimaryVersion\ndo not affect next_rotation_time.",
|
| - "format": "google-datetime",
|
| + "svc": {
|
| + "description": "Trusted attributes discharged by the service.",
|
| "type": "string"
|
| },
|
| - "createTime": {
|
| - "description": "Output only. The time at which this CryptoKey was created.",
|
| - "format": "google-datetime",
|
| + "sys": {
|
| + "description": "Trusted attributes supplied by any service that owns resources and uses\nthe IAM system for access control.",
|
| + "enum": [
|
| + "NO_ATTR",
|
| + "REGION",
|
| + "SERVICE",
|
| + "NAME",
|
| + "IP"
|
| + ],
|
| + "enumDescriptions": [
|
| + "Default non-attribute type",
|
| + "Region of the resource",
|
| + "Service name",
|
| + "Resource name",
|
| + "IP address of the caller"
|
| + ],
|
| "type": "string"
|
| },
|
| - "rotationPeriod": {
|
| - "description": "next_rotation_time will be advanced by this period when the service\nautomatically rotates a key. Must be at least one day.\n\nIf rotation_period is set, next_rotation_time must also be set.",
|
| - "format": "google-duration",
|
| + "value": {
|
| + "description": "DEPRECATED. Use 'values' instead.",
|
| "type": "string"
|
| },
|
| - "primary": {
|
| - "$ref": "CryptoKeyVersion",
|
| - "description": "Output only. A copy of the \"primary\" CryptoKeyVersion that will be used\nby Encrypt when this CryptoKey is given\nin EncryptRequest.name.\n\nThe CryptoKey's primary version can be updated via\nUpdateCryptoKeyPrimaryVersion."
|
| + "values": {
|
| + "description": "The objects of the condition. This is mutually exclusive with 'value'.",
|
| + "items": {
|
| + "type": "string"
|
| + },
|
| + "type": "array"
|
| },
|
| - "name": {
|
| - "description": "Output only. The resource name for this CryptoKey in the format\n`projects/*/locations/*/keyRings/*/cryptoKeys/*`.",
|
| + "iam": {
|
| + "description": "Trusted attributes supplied by the IAM system.",
|
| + "enum": [
|
| + "NO_ATTR",
|
| + "AUTHORITY",
|
| + "ATTRIBUTION"
|
| + ],
|
| + "enumDescriptions": [
|
| + "Default non-attribute.",
|
| + "Either principal or (if present) authority selector.",
|
| + "The principal (even if an authority selector is present), which\nmust only be used for attribution, not authorization."
|
| + ],
|
| "type": "string"
|
| }
|
| },
|
| "type": "object"
|
| },
|
| - "LogConfig": {
|
| - "description": "Specifies what kind of log the caller must write\nIncrement a streamz counter with the specified metric and field names.\n\nMetric names should start with a '/', generally be lowercase-only,\nand end in \"_count\". Field names should not contain an initial slash.\nThe actual exported metric names will have \"/iam/policy\" prepended.\n\nField names correspond to IAM request parameters and field values are\ntheir respective values.\n\nAt present the only supported field names are\n - \"iam_principal\", corresponding to IAMContext.principal;\n - \"\" (empty string), resulting in one aggretated counter with no field.\n\nExamples:\n counter { metric: \"/debug_access_count\" field: \"iam_principal\" }\n ==> increment counter /iam/policy/backend_debug_access_count\n {iam_principal=[value of IAMContext.principal]}\n\nAt this time we do not support:\n* multiple field names (though this may be supported in the future)\n* decrementing the counter\n* incrementing it by anything other than 1",
|
| - "id": "LogConfig",
|
| + "CounterOptions": {
|
| + "description": "Options for counters",
|
| + "id": "CounterOptions",
|
| "properties": {
|
| - "counter": {
|
| - "$ref": "CounterOptions",
|
| - "description": "Counter options."
|
| + "metric": {
|
| + "description": "The metric to update.",
|
| + "type": "string"
|
| },
|
| - "dataAccess": {
|
| - "$ref": "DataAccessOptions",
|
| - "description": "Data access options."
|
| + "field": {
|
| + "description": "The field value to attribute.",
|
| + "type": "string"
|
| + }
|
| + },
|
| + "type": "object"
|
| + },
|
| + "AuditLogConfig": {
|
| + "description": "Provides the configuration for logging a type of permissions.\nExample:\n\n {\n \"audit_log_configs\": [\n {\n \"log_type\": \"DATA_READ\",\n \"exempted_members\": [\n \"user:foo@gmail.com\"\n ]\n },\n {\n \"log_type\": \"DATA_WRITE\",\n }\n ]\n }\n\nThis enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting\nfoo@gmail.com from DATA_READ logging.",
|
| + "id": "AuditLogConfig",
|
| + "properties": {
|
| + "exemptedMembers": {
|
| + "description": "Specifies the identities that do not cause logging for this type of\npermission.\nFollows the same format of Binding.members.",
|
| + "items": {
|
| + "type": "string"
|
| + },
|
| + "type": "array"
|
| },
|
| - "cloudAudit": {
|
| - "$ref": "CloudAuditOptions",
|
| - "description": "Cloud audit options."
|
| + "logType": {
|
| + "description": "The log type that this config enables.",
|
| + "enum": [
|
| + "LOG_TYPE_UNSPECIFIED",
|
| + "ADMIN_READ",
|
| + "DATA_WRITE",
|
| + "DATA_READ"
|
| + ],
|
| + "enumDescriptions": [
|
| + "Default case. Should never be this.",
|
| + "Admin reads. Example: CloudIAM getIamPolicy",
|
| + "Data writes. Example: CloudSQL Users create",
|
| + "Data reads. Example: CloudSQL Users list"
|
| + ],
|
| + "type": "string"
|
| }
|
| },
|
| "type": "object"
|
| }
|
| },
|
| "servicePath": "",
|
| - "title": "Google Cloud KMS API",
|
| + "title": "Google Cloud Key Management Service (KMS) API",
|
| "version": "v1beta1"
|
| }
|
|
|
Chromium Code Reviews
Issue 2695743002:
Api-roll 45: 2017-02-13 (Closed)
