diff --git a/discovery/accesscontextmanager-v1.json b/discovery/accesscontextmanager-v1.json index 4b76f959557..7988e99de79 100644 --- a/discovery/accesscontextmanager-v1.json +++ b/discovery/accesscontextmanager-v1.json @@ -943,7 +943,7 @@ } } }, - "revision": "20210319", + "revision": "20210412", "rootUrl": "https://accesscontextmanager.googleapis.com/", "schemas": { "AccessLevel": { @@ -1190,7 +1190,7 @@ "type": "object" }, "EgressFrom": { - "description": "Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed.", + "description": "Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed.", "id": "EgressFrom", "properties": { "identities": { @@ -1235,18 +1235,18 @@ "type": "object" }, "EgressTo": { - "description": "Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed.", + "description": "Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter.", "id": "EgressTo", "properties": { "operations": { - "description": "A list of ApiOperations that this egress rule applies to. A request matches if it contains an operation/service in this list.", + "description": "A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.", "items": { "$ref": "ApiOperation" }, "type": "array" }, "resources": { - "description": "A list of resources, currently only projects in the form `projects/`, that match this to stanza. A request matches if it contains a resource in this list. If `*` is specified for resources, then this EgressTo rule will authorize access to all resources outside the perimeter.", + "description": "A list of resources, currently only projects in the form `projects/`, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If `*` is specified for `resources`, then this EgressTo rule will authorize access to all resources outside the perimeter.", "items": { "type": "string" }, @@ -1307,7 +1307,7 @@ "type": "object" }, "IngressFrom": { - "description": "Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request.", + "description": "Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request. The request must satisfy what is defined in `sources` AND identity related fields in order to match.", "id": "IngressFrom", "properties": { "identities": { @@ -1363,7 +1363,7 @@ "id": "IngressSource", "properties": { "accessLevel": { - "description": "An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If `*` is specified, then all IngressSources will be allowed.", + "description": "An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all IngressSources will be allowed.", "type": "string" }, "resource": { @@ -1374,18 +1374,18 @@ "type": "object" }, "IngressTo": { - "description": "Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the destination of the request.", + "description": "Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the target resource of the request. The request must satisfy what is defined in `operations` AND `resources` in order to match.", "id": "IngressTo", "properties": { "operations": { - "description": "A list of ApiOperations the sources specified in corresponding IngressFrom are allowed to perform in this ServicePerimeter.", + "description": "A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.", "items": { "$ref": "ApiOperation" }, "type": "array" }, "resources": { - "description": "A list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. A request matches if it contains a resource in this list. If `*` is specified for resources, then this IngressTo rule will authorize access to all resources inside the perimeter, provided that the request also matches the `operations` field.", + "description": "A list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single `*` is specified, then access to all resources inside the perimeter are allowed.", "items": { "type": "string" }, diff --git a/src/apis/accesscontextmanager/v1.ts b/src/apis/accesscontextmanager/v1.ts index f7f354ea44f..3fc782e1203 100644 --- a/src/apis/accesscontextmanager/v1.ts +++ b/src/apis/accesscontextmanager/v1.ts @@ -291,7 +291,7 @@ export namespace accesscontextmanager_v1 { requireScreenlock?: boolean | null; } /** - * Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. + * Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. */ export interface Schema$EgressFrom { /** @@ -317,15 +317,15 @@ export namespace accesscontextmanager_v1 { egressTo?: Schema$EgressTo; } /** - * Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. + * Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter. */ export interface Schema$EgressTo { /** - * A list of ApiOperations that this egress rule applies to. A request matches if it contains an operation/service in this list. + * A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list. */ operations?: Schema$ApiOperation[]; /** - * A list of resources, currently only projects in the form `projects/`, that match this to stanza. A request matches if it contains a resource in this list. If `*` is specified for resources, then this EgressTo rule will authorize access to all resources outside the perimeter. + * A list of resources, currently only projects in the form `projects/`, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If `*` is specified for `resources`, then this EgressTo rule will authorize access to all resources outside the perimeter. */ resources?: string[] | null; } @@ -372,7 +372,7 @@ export namespace accesscontextmanager_v1 { name?: string | null; } /** - * Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request. + * Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request. The request must satisfy what is defined in `sources` AND identity related fields in order to match. */ export interface Schema$IngressFrom { /** @@ -406,7 +406,7 @@ export namespace accesscontextmanager_v1 { */ export interface Schema$IngressSource { /** - * An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If `*` is specified, then all IngressSources will be allowed. + * An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all IngressSources will be allowed. */ accessLevel?: string | null; /** @@ -415,15 +415,15 @@ export namespace accesscontextmanager_v1 { resource?: string | null; } /** - * Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the destination of the request. + * Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the target resource of the request. The request must satisfy what is defined in `operations` AND `resources` in order to match. */ export interface Schema$IngressTo { /** - * A list of ApiOperations the sources specified in corresponding IngressFrom are allowed to perform in this ServicePerimeter. + * A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter. */ operations?: Schema$ApiOperation[]; /** - * A list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. A request matches if it contains a resource in this list. If `*` is specified for resources, then this IngressTo rule will authorize access to all resources inside the perimeter, provided that the request also matches the `operations` field. + * A list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single `*` is specified, then access to all resources inside the perimeter are allowed. */ resources?: string[] | null; }