diff --git a/discovery/cloudasset-v1.json b/discovery/cloudasset-v1.json index d9e2f05222..1450896fbd 100644 --- a/discovery/cloudasset-v1.json +++ b/discovery/cloudasset-v1.json @@ -1095,7 +1095,7 @@ } } }, - "revision": "20240831", + "revision": "20250104", "rootUrl": "https://cloudasset.googleapis.com/", "schemas": { "AccessSelector": { @@ -1170,7 +1170,7 @@ "description": "The main analysis that matches the original request." }, "serviceAccountImpersonationAnalysis": { - "description": "The service account impersonation analysis if AnalyzeIamPolicyRequest.analyze_service_account_impersonation is enabled.", + "description": "The service account impersonation analysis if IamPolicyAnalysisQuery.Options.analyze_service_account_impersonation is enabled.", "items": { "$ref": "IamPolicyAnalysis" }, @@ -1620,7 +1620,7 @@ "id": "EffectiveTagDetails", "properties": { "attachedResource": { - "description": "The [full resource name](https://cloud.google.com/asset-inventory/docs/resource-name-format) of the ancestor from which an effective_tag is inherited, according to [tag inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance).", + "description": "The [full resource name](https://cloud.google.com/asset-inventory/docs/resource-name-format) of the ancestor from which effective_tags are inherited, according to [tag inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance).", "type": "string" }, "effectiveTags": { @@ -1884,7 +1884,7 @@ "description": "A Google Cloud resource governed by the organization policies of the AnalyzeOrgPolicyGovernedAssetsRequest.constraint." }, "policyBundle": { - "description": "The ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.", + "description": "The ordered list of all organization policies from the consolidated_policy.attached_resource to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.", "items": { "$ref": "AnalyzerOrgPolicy" }, @@ -2174,7 +2174,7 @@ "type": "string" }, "policyBundle": { - "description": "The ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.", + "description": "The ordered list of all organization policies from the consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.", "items": { "$ref": "AnalyzerOrgPolicy" }, @@ -2871,6 +2871,10 @@ "egressTo": { "$ref": "GoogleIdentityAccesscontextmanagerV1EgressTo", "description": "Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply." + }, + "title": { + "description": "Optional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.", + "type": "string" } }, "type": "object" @@ -2882,6 +2886,10 @@ "accessLevel": { "description": "An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed.", "type": "string" + }, + "resource": { + "description": "A Google Cloud resource that you want to allow to egress the perimeter. These resources can access data outside the perimeter. This field only supports projects. The project format is `projects/{project_number}`. The resource can be in any Google Cloud organization, not just the organization where the perimeter is defined. You can't use `*` in this field to allow all Google Cloud resources.", + "type": "string" } }, "type": "object" @@ -2962,6 +2970,10 @@ "ingressTo": { "$ref": "GoogleIdentityAccesscontextmanagerV1IngressTo", "description": "Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply." + }, + "title": { + "description": "Optional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.", + "type": "string" } }, "type": "object" @@ -3062,6 +3074,10 @@ "description": "Description of the `ServicePerimeter` and its use. Does not affect behavior.", "type": "string" }, + "etag": { + "description": "Optional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided.", + "type": "string" + }, "name": { "description": "Identifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.", "type": "string" @@ -3658,7 +3674,7 @@ "properties": { "consolidatedPolicy": { "$ref": "AnalyzerOrgPolicy", - "description": "The consolidated organization policy for the analyzed resource. The consolidated organization policy is computed by merging and evaluating AnalyzeOrgPoliciesResponse.policy_bundle. The evaluation will respect the organization policy [hierarchy rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy)." + "description": "The consolidated organization policy for the analyzed resource. The consolidated organization policy is computed by merging and evaluating policy_bundle. The evaluation will respect the organization policy [hierarchy rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy)." }, "folders": { "description": "The folder(s) that this consolidated policy belongs to, in the format of folders/{FOLDER_NUMBER}. This field is available when the consolidated policy belongs (directly or cascadingly) to one or more folders.", @@ -3672,7 +3688,7 @@ "type": "string" }, "policyBundle": { - "description": "The ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.", + "description": "The ordered list of all organization policies from the consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list.", "items": { "$ref": "AnalyzerOrgPolicy" }, diff --git a/discovery/cloudasset-v1beta1.json b/discovery/cloudasset-v1beta1.json index 3077e624e9..cba4cb94cf 100644 --- a/discovery/cloudasset-v1beta1.json +++ b/discovery/cloudasset-v1beta1.json @@ -411,7 +411,7 @@ } } }, - "revision": "20240803", + "revision": "20250104", "rootUrl": "https://cloudasset.googleapis.com/", "schemas": { "AnalyzeIamPolicyLongrunningMetadata": { @@ -1181,6 +1181,10 @@ "egressTo": { "$ref": "GoogleIdentityAccesscontextmanagerV1EgressTo", "description": "Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply." + }, + "title": { + "description": "Optional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.", + "type": "string" } }, "type": "object" @@ -1192,6 +1196,10 @@ "accessLevel": { "description": "An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed.", "type": "string" + }, + "resource": { + "description": "A Google Cloud resource that you want to allow to egress the perimeter. These resources can access data outside the perimeter. This field only supports projects. The project format is `projects/{project_number}`. The resource can be in any Google Cloud organization, not just the organization where the perimeter is defined. You can't use `*` in this field to allow all Google Cloud resources.", + "type": "string" } }, "type": "object" @@ -1272,6 +1280,10 @@ "ingressTo": { "$ref": "GoogleIdentityAccesscontextmanagerV1IngressTo", "description": "Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply." + }, + "title": { + "description": "Optional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.", + "type": "string" } }, "type": "object" @@ -1372,6 +1384,10 @@ "description": "Description of the `ServicePerimeter` and its use. Does not affect behavior.", "type": "string" }, + "etag": { + "description": "Optional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided.", + "type": "string" + }, "name": { "description": "Identifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.", "type": "string" diff --git a/discovery/cloudasset-v1p1beta1.json b/discovery/cloudasset-v1p1beta1.json index 5c07b414af..5b5f50fc53 100644 --- a/discovery/cloudasset-v1p1beta1.json +++ b/discovery/cloudasset-v1p1beta1.json @@ -207,7 +207,7 @@ } } }, - "revision": "20240803", + "revision": "20250104", "rootUrl": "https://cloudasset.googleapis.com/", "schemas": { "AnalyzeIamPolicyLongrunningMetadata": { @@ -883,6 +883,10 @@ "egressTo": { "$ref": "GoogleIdentityAccesscontextmanagerV1EgressTo", "description": "Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply." + }, + "title": { + "description": "Optional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.", + "type": "string" } }, "type": "object" @@ -894,6 +898,10 @@ "accessLevel": { "description": "An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed.", "type": "string" + }, + "resource": { + "description": "A Google Cloud resource that you want to allow to egress the perimeter. These resources can access data outside the perimeter. This field only supports projects. The project format is `projects/{project_number}`. The resource can be in any Google Cloud organization, not just the organization where the perimeter is defined. You can't use `*` in this field to allow all Google Cloud resources.", + "type": "string" } }, "type": "object" @@ -974,6 +982,10 @@ "ingressTo": { "$ref": "GoogleIdentityAccesscontextmanagerV1IngressTo", "description": "Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply." + }, + "title": { + "description": "Optional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.", + "type": "string" } }, "type": "object" @@ -1074,6 +1086,10 @@ "description": "Description of the `ServicePerimeter` and its use. Does not affect behavior.", "type": "string" }, + "etag": { + "description": "Optional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided.", + "type": "string" + }, "name": { "description": "Identifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.", "type": "string" diff --git a/discovery/cloudasset-v1p5beta1.json b/discovery/cloudasset-v1p5beta1.json index 47071c688a..aad720eefd 100644 --- a/discovery/cloudasset-v1p5beta1.json +++ b/discovery/cloudasset-v1p5beta1.json @@ -177,7 +177,7 @@ } } }, - "revision": "20240803", + "revision": "20250104", "rootUrl": "https://cloudasset.googleapis.com/", "schemas": { "AnalyzeIamPolicyLongrunningMetadata": { @@ -888,6 +888,10 @@ "egressTo": { "$ref": "GoogleIdentityAccesscontextmanagerV1EgressTo", "description": "Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply." + }, + "title": { + "description": "Optional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.", + "type": "string" } }, "type": "object" @@ -899,6 +903,10 @@ "accessLevel": { "description": "An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed.", "type": "string" + }, + "resource": { + "description": "A Google Cloud resource that you want to allow to egress the perimeter. These resources can access data outside the perimeter. This field only supports projects. The project format is `projects/{project_number}`. The resource can be in any Google Cloud organization, not just the organization where the perimeter is defined. You can't use `*` in this field to allow all Google Cloud resources.", + "type": "string" } }, "type": "object" @@ -979,6 +987,10 @@ "ingressTo": { "$ref": "GoogleIdentityAccesscontextmanagerV1IngressTo", "description": "Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply." + }, + "title": { + "description": "Optional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.", + "type": "string" } }, "type": "object" @@ -1079,6 +1091,10 @@ "description": "Description of the `ServicePerimeter` and its use. Does not affect behavior.", "type": "string" }, + "etag": { + "description": "Optional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided.", + "type": "string" + }, "name": { "description": "Identifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.", "type": "string" diff --git a/discovery/cloudasset-v1p7beta1.json b/discovery/cloudasset-v1p7beta1.json index ea9b152752..5515f837f0 100644 --- a/discovery/cloudasset-v1p7beta1.json +++ b/discovery/cloudasset-v1p7beta1.json @@ -167,7 +167,7 @@ } } }, - "revision": "20240803", + "revision": "20250104", "rootUrl": "https://cloudasset.googleapis.com/", "schemas": { "AnalyzeIamPolicyLongrunningMetadata": { @@ -957,6 +957,10 @@ "egressTo": { "$ref": "GoogleIdentityAccesscontextmanagerV1EgressTo", "description": "Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply." + }, + "title": { + "description": "Optional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.", + "type": "string" } }, "type": "object" @@ -968,6 +972,10 @@ "accessLevel": { "description": "An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed.", "type": "string" + }, + "resource": { + "description": "A Google Cloud resource that you want to allow to egress the perimeter. These resources can access data outside the perimeter. This field only supports projects. The project format is `projects/{project_number}`. The resource can be in any Google Cloud organization, not just the organization where the perimeter is defined. You can't use `*` in this field to allow all Google Cloud resources.", + "type": "string" } }, "type": "object" @@ -1048,6 +1056,10 @@ "ingressTo": { "$ref": "GoogleIdentityAccesscontextmanagerV1IngressTo", "description": "Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply." + }, + "title": { + "description": "Optional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters.", + "type": "string" } }, "type": "object" @@ -1148,6 +1160,10 @@ "description": "Description of the `ServicePerimeter` and its use. Does not affect behavior.", "type": "string" }, + "etag": { + "description": "Optional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided.", + "type": "string" + }, "name": { "description": "Identifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`.", "type": "string" diff --git a/src/apis/cloudasset/v1.ts b/src/apis/cloudasset/v1.ts index 22e3190149..6b6cf635e8 100644 --- a/src/apis/cloudasset/v1.ts +++ b/src/apis/cloudasset/v1.ts @@ -192,7 +192,7 @@ export namespace cloudasset_v1 { */ mainAnalysis?: Schema$IamPolicyAnalysis; /** - * The service account impersonation analysis if AnalyzeIamPolicyRequest.analyze_service_account_impersonation is enabled. + * The service account impersonation analysis if IamPolicyAnalysisQuery.Options.analyze_service_account_impersonation is enabled. */ serviceAccountImpersonationAnalysis?: Schema$IamPolicyAnalysis[]; } @@ -525,7 +525,7 @@ export namespace cloudasset_v1 { */ export interface Schema$EffectiveTagDetails { /** - * The [full resource name](https://cloud.google.com/asset-inventory/docs/resource-name-format) of the ancestor from which an effective_tag is inherited, according to [tag inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance). + * The [full resource name](https://cloud.google.com/asset-inventory/docs/resource-name-format) of the ancestor from which effective_tags are inherited, according to [tag inheritance](https://cloud.google.com/resource-manager/docs/tags/tags-overview#inheritance). */ attachedResource?: string | null; /** @@ -702,7 +702,7 @@ export namespace cloudasset_v1 { */ governedResource?: Schema$GoogleCloudAssetV1AnalyzeOrgPolicyGovernedAssetsResponseGovernedResource; /** - * The ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list. + * The ordered list of all organization policies from the consolidated_policy.attached_resource to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list. */ policyBundle?: Schema$AnalyzerOrgPolicy[]; } @@ -906,7 +906,7 @@ export namespace cloudasset_v1 { */ parent?: string | null; /** - * The ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list. + * The ordered list of all organization policies from the consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list. */ policyBundle?: Schema$AnalyzerOrgPolicy[]; /** @@ -1409,6 +1409,10 @@ export namespace cloudasset_v1 { * Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply. */ egressTo?: Schema$GoogleIdentityAccesscontextmanagerV1EgressTo; + /** + * Optional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters. + */ + title?: string | null; } /** * The source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside the ServicePerimeter boundaries. @@ -1418,6 +1422,10 @@ export namespace cloudasset_v1 { * An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed. */ accessLevel?: string | null; + /** + * A Google Cloud resource that you want to allow to egress the perimeter. These resources can access data outside the perimeter. This field only supports projects. The project format is `projects/{project_number\}`. The resource can be in any Google Cloud organization, not just the organization where the perimeter is defined. You can't use `*` in this field to allow all Google Cloud resources. + */ + resource?: string | null; } /** * Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter. @@ -1465,6 +1473,10 @@ export namespace cloudasset_v1 { * Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply. */ ingressTo?: Schema$GoogleIdentityAccesscontextmanagerV1IngressTo; + /** + * Optional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters. + */ + title?: string | null; } /** * The source that IngressPolicy authorizes access from. @@ -1530,6 +1542,10 @@ export namespace cloudasset_v1 { * Description of the `ServicePerimeter` and its use. Does not affect behavior. */ description?: string | null; + /** + * Optional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided. + */ + etag?: string | null; /** * Identifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy\}/servicePerimeters/{service_perimeter\}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`. */ @@ -1950,7 +1966,7 @@ export namespace cloudasset_v1 { */ export interface Schema$OrgPolicyResult { /** - * The consolidated organization policy for the analyzed resource. The consolidated organization policy is computed by merging and evaluating AnalyzeOrgPoliciesResponse.policy_bundle. The evaluation will respect the organization policy [hierarchy rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy). + * The consolidated organization policy for the analyzed resource. The consolidated organization policy is computed by merging and evaluating policy_bundle. The evaluation will respect the organization policy [hierarchy rules](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-hierarchy). */ consolidatedPolicy?: Schema$AnalyzerOrgPolicy; /** @@ -1962,7 +1978,7 @@ export namespace cloudasset_v1 { */ organization?: string | null; /** - * The ordered list of all organization policies from the AnalyzeOrgPoliciesResponse.OrgPolicyResult.consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list. + * The ordered list of all organization policies from the consolidated_policy.attached_resource. to the scope specified in the request. If the constraint is defined with default policy, it will also appear in the list. */ policyBundle?: Schema$AnalyzerOrgPolicy[]; /** diff --git a/src/apis/cloudasset/v1beta1.ts b/src/apis/cloudasset/v1beta1.ts index 474ba58a01..85622ee3f6 100644 --- a/src/apis/cloudasset/v1beta1.ts +++ b/src/apis/cloudasset/v1beta1.ts @@ -669,6 +669,10 @@ export namespace cloudasset_v1beta1 { * Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply. */ egressTo?: Schema$GoogleIdentityAccesscontextmanagerV1EgressTo; + /** + * Optional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters. + */ + title?: string | null; } /** * The source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside the ServicePerimeter boundaries. @@ -678,6 +682,10 @@ export namespace cloudasset_v1beta1 { * An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed. */ accessLevel?: string | null; + /** + * A Google Cloud resource that you want to allow to egress the perimeter. These resources can access data outside the perimeter. This field only supports projects. The project format is `projects/{project_number\}`. The resource can be in any Google Cloud organization, not just the organization where the perimeter is defined. You can't use `*` in this field to allow all Google Cloud resources. + */ + resource?: string | null; } /** * Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter. @@ -725,6 +733,10 @@ export namespace cloudasset_v1beta1 { * Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply. */ ingressTo?: Schema$GoogleIdentityAccesscontextmanagerV1IngressTo; + /** + * Optional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters. + */ + title?: string | null; } /** * The source that IngressPolicy authorizes access from. @@ -790,6 +802,10 @@ export namespace cloudasset_v1beta1 { * Description of the `ServicePerimeter` and its use. Does not affect behavior. */ description?: string | null; + /** + * Optional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided. + */ + etag?: string | null; /** * Identifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy\}/servicePerimeters/{service_perimeter\}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`. */ diff --git a/src/apis/cloudasset/v1p1beta1.ts b/src/apis/cloudasset/v1p1beta1.ts index e9b33ec1e5..19cbf83fae 100644 --- a/src/apis/cloudasset/v1p1beta1.ts +++ b/src/apis/cloudasset/v1p1beta1.ts @@ -596,6 +596,10 @@ export namespace cloudasset_v1p1beta1 { * Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply. */ egressTo?: Schema$GoogleIdentityAccesscontextmanagerV1EgressTo; + /** + * Optional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters. + */ + title?: string | null; } /** * The source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside the ServicePerimeter boundaries. @@ -605,6 +609,10 @@ export namespace cloudasset_v1p1beta1 { * An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed. */ accessLevel?: string | null; + /** + * A Google Cloud resource that you want to allow to egress the perimeter. These resources can access data outside the perimeter. This field only supports projects. The project format is `projects/{project_number\}`. The resource can be in any Google Cloud organization, not just the organization where the perimeter is defined. You can't use `*` in this field to allow all Google Cloud resources. + */ + resource?: string | null; } /** * Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter. @@ -652,6 +660,10 @@ export namespace cloudasset_v1p1beta1 { * Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply. */ ingressTo?: Schema$GoogleIdentityAccesscontextmanagerV1IngressTo; + /** + * Optional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters. + */ + title?: string | null; } /** * The source that IngressPolicy authorizes access from. @@ -717,6 +729,10 @@ export namespace cloudasset_v1p1beta1 { * Description of the `ServicePerimeter` and its use. Does not affect behavior. */ description?: string | null; + /** + * Optional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided. + */ + etag?: string | null; /** * Identifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy\}/servicePerimeters/{service_perimeter\}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`. */ diff --git a/src/apis/cloudasset/v1p5beta1.ts b/src/apis/cloudasset/v1p5beta1.ts index a906ed9138..83f9397512 100644 --- a/src/apis/cloudasset/v1p5beta1.ts +++ b/src/apis/cloudasset/v1p5beta1.ts @@ -626,6 +626,10 @@ export namespace cloudasset_v1p5beta1 { * Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply. */ egressTo?: Schema$GoogleIdentityAccesscontextmanagerV1EgressTo; + /** + * Optional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters. + */ + title?: string | null; } /** * The source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside the ServicePerimeter boundaries. @@ -635,6 +639,10 @@ export namespace cloudasset_v1p5beta1 { * An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed. */ accessLevel?: string | null; + /** + * A Google Cloud resource that you want to allow to egress the perimeter. These resources can access data outside the perimeter. This field only supports projects. The project format is `projects/{project_number\}`. The resource can be in any Google Cloud organization, not just the organization where the perimeter is defined. You can't use `*` in this field to allow all Google Cloud resources. + */ + resource?: string | null; } /** * Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter. @@ -682,6 +690,10 @@ export namespace cloudasset_v1p5beta1 { * Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply. */ ingressTo?: Schema$GoogleIdentityAccesscontextmanagerV1IngressTo; + /** + * Optional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters. + */ + title?: string | null; } /** * The source that IngressPolicy authorizes access from. @@ -747,6 +759,10 @@ export namespace cloudasset_v1p5beta1 { * Description of the `ServicePerimeter` and its use. Does not affect behavior. */ description?: string | null; + /** + * Optional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided. + */ + etag?: string | null; /** * Identifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy\}/servicePerimeters/{service_perimeter\}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`. */ diff --git a/src/apis/cloudasset/v1p7beta1.ts b/src/apis/cloudasset/v1p7beta1.ts index 9c4d7c9e63..0c186b6092 100644 --- a/src/apis/cloudasset/v1p7beta1.ts +++ b/src/apis/cloudasset/v1p7beta1.ts @@ -672,6 +672,10 @@ export namespace cloudasset_v1p7beta1 { * Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply. */ egressTo?: Schema$GoogleIdentityAccesscontextmanagerV1EgressTo; + /** + * Optional. Human-readable title for the egress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters. + */ + title?: string | null; } /** * The source that EgressPolicy authorizes access from inside the ServicePerimeter to somewhere outside the ServicePerimeter boundaries. @@ -681,6 +685,10 @@ export namespace cloudasset_v1p7beta1 { * An AccessLevel resource name that allows protected resources inside the ServicePerimeters to access outside the ServicePerimeter boundaries. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If an AccessLevel name is not specified, only resources within the perimeter can be accessed through Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all EgressSources will be allowed. */ accessLevel?: string | null; + /** + * A Google Cloud resource that you want to allow to egress the perimeter. These resources can access data outside the perimeter. This field only supports projects. The project format is `projects/{project_number\}`. The resource can be in any Google Cloud organization, not just the organization where the perimeter is defined. You can't use `*` in this field to allow all Google Cloud resources. + */ + resource?: string | null; } /** * Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter. @@ -728,6 +736,10 @@ export namespace cloudasset_v1p7beta1 { * Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply. */ ingressTo?: Schema$GoogleIdentityAccesscontextmanagerV1IngressTo; + /** + * Optional. Human-readable title for the ingress rule. The title must be unique within the perimeter and can not exceed 100 characters. Within the access policy, the combined length of all rule titles must not exceed 240,000 characters. + */ + title?: string | null; } /** * The source that IngressPolicy authorizes access from. @@ -793,6 +805,10 @@ export namespace cloudasset_v1p7beta1 { * Description of the `ServicePerimeter` and its use. Does not affect behavior. */ description?: string | null; + /** + * Optional. An opaque identifier for the current version of the `ServicePerimeter`. This identifier does not follow any specific format. If an etag is not provided, the operation will be performed as if a valid etag is provided. + */ + etag?: string | null; /** * Identifier. Resource name for the `ServicePerimeter`. Format: `accessPolicies/{access_policy\}/servicePerimeters/{service_perimeter\}`. The `service_perimeter` component must begin with a letter, followed by alphanumeric characters or `_`. After you create a `ServicePerimeter`, you cannot change its `name`. */