Skip to content
This repository has been archived by the owner on Jul 6, 2023. It is now read-only.

Commit

Permalink
feat: AuditConfig for IAM v1 (#147)
Browse files Browse the repository at this point in the history 
* feat: AuditConfig for IAM v1

PiperOrigin-RevId: 439356405

Source-Link: googleapis/googleapis@afa2ba1

Source-Link: googleapis/googleapis-gen@3e40c17
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiM2U0MGMxN2UxNTEwYzk1ZmFiNThmYzIxNDNjY2I2MWNjZWNhNTk4OSJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

* chore: set upper bounds for packages in setup.py

* revert upper bound for proto-plus

* fix(deps): require grpc-google-iam-v1 >=0.12.4

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: Anthonios Partheniou <partheniou@google.com>
  • Loading branch information
@gcf-owl-bot @parthea
3 people committed Apr 6, 2022
1 parent 0215295 commit c22893b
Show file tree
Hide file tree
Showing 12 changed files with 212 additions and 158 deletions.
88 changes: 50 additions & 38 deletions google/cloud/artifactregistry_v1/services/artifact_registry/async_client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2583,21 +2583,26 @@ def sample_set_iam_policy():
Returns:
google.iam.v1.policy_pb2.Policy:
Defines an Identity and Access Management (IAM) policy. It is used to
specify access control policies for Cloud Platform
resources.
An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources.
A Policy is a collection of bindings. A binding binds
one or more members to a single role. Members can be
user accounts, service accounts, Google groups, and
domains (such as G Suite). A role is a named list of
permissions (defined by IAM or configured by users).
A binding can optionally specify a condition, which
is a logic expression that further constrains the
role binding based on attributes about the request
and/or target resource.
**JSON Example**
one or more members, or principals, to a single role.
Principals can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A role
is a named list of permissions; each role can be an
IAM predefined role or a user-created custom role.
For some types of Google Cloud resources, a binding
can also specify a condition, which is a logical
expression that allows access to a resource only if
the expression evaluates to true. A condition can add
constraints based on attributes of the request, the
resource, or both. To learn which resources support
conditions in their IAM policies, see the [IAM
documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
**JSON example:**
{
"bindings": [
Expand All @@ -2612,17 +2617,17 @@ def sample_set_iam_policy():
}, { "role":
"roles/resourcemanager.organizationViewer",
"members": ["user:eve@example.com"],
"members": [ "user:eve@example.com" ],
"condition": { "title": "expirable access",
"description": "Does not grant access after
Sep 2020", "expression": "request.time <
timestamp('2020-10-01T00:00:00.000Z')", } }
]
], "etag": "BwWWja0YfJA=", "version": 3
}
**YAML Example**
**YAML example:**
bindings: - members: - user:\ mike@example.com -
group:\ admins@example.com - domain:google.com -
Expand All @@ -2633,11 +2638,12 @@ def sample_set_iam_policy():
condition: title: expirable access description:
Does not grant access after Sep 2020 expression:
request.time <
timestamp('2020-10-01T00:00:00.000Z')
timestamp('2020-10-01T00:00:00.000Z') etag:
BwWWja0YfJA= version: 3
For a description of IAM and its features, see the
[IAM developer's
guide](\ https://cloud.google.com/iam/docs).
[IAM
documentation](\ https://cloud.google.com/iam/docs/).
"""
# Create or coerce a protobuf request object.
Expand Down Expand Up @@ -2712,21 +2718,26 @@ def sample_get_iam_policy():
Returns:
google.iam.v1.policy_pb2.Policy:
Defines an Identity and Access Management (IAM) policy. It is used to
specify access control policies for Cloud Platform
resources.
An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources.
A Policy is a collection of bindings. A binding binds
one or more members to a single role. Members can be
user accounts, service accounts, Google groups, and
domains (such as G Suite). A role is a named list of
permissions (defined by IAM or configured by users).
A binding can optionally specify a condition, which
is a logic expression that further constrains the
role binding based on attributes about the request
and/or target resource.
**JSON Example**
one or more members, or principals, to a single role.
Principals can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A role
is a named list of permissions; each role can be an
IAM predefined role or a user-created custom role.
For some types of Google Cloud resources, a binding
can also specify a condition, which is a logical
expression that allows access to a resource only if
the expression evaluates to true. A condition can add
constraints based on attributes of the request, the
resource, or both. To learn which resources support
conditions in their IAM policies, see the [IAM
documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
**JSON example:**
{
"bindings": [
Expand All @@ -2741,17 +2752,17 @@ def sample_get_iam_policy():
}, { "role":
"roles/resourcemanager.organizationViewer",
"members": ["user:eve@example.com"],
"members": [ "user:eve@example.com" ],
"condition": { "title": "expirable access",
"description": "Does not grant access after
Sep 2020", "expression": "request.time <
timestamp('2020-10-01T00:00:00.000Z')", } }
]
], "etag": "BwWWja0YfJA=", "version": 3
}
**YAML Example**
**YAML example:**
bindings: - members: - user:\ mike@example.com -
group:\ admins@example.com - domain:google.com -
Expand All @@ -2762,11 +2773,12 @@ def sample_get_iam_policy():
condition: title: expirable access description:
Does not grant access after Sep 2020 expression:
request.time <
timestamp('2020-10-01T00:00:00.000Z')
timestamp('2020-10-01T00:00:00.000Z') etag:
BwWWja0YfJA= version: 3
For a description of IAM and its features, see the
[IAM developer's
guide](\ https://cloud.google.com/iam/docs).
[IAM
documentation](\ https://cloud.google.com/iam/docs/).
"""
# Create or coerce a protobuf request object.
Expand Down
88 changes: 50 additions & 38 deletions google/cloud/artifactregistry_v1/services/artifact_registry/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2952,21 +2952,26 @@ def sample_set_iam_policy():
Returns:
google.iam.v1.policy_pb2.Policy:
Defines an Identity and Access Management (IAM) policy. It is used to
specify access control policies for Cloud Platform
resources.
An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources.
A Policy is a collection of bindings. A binding binds
one or more members to a single role. Members can be
user accounts, service accounts, Google groups, and
domains (such as G Suite). A role is a named list of
permissions (defined by IAM or configured by users).
A binding can optionally specify a condition, which
is a logic expression that further constrains the
role binding based on attributes about the request
and/or target resource.
**JSON Example**
one or more members, or principals, to a single role.
Principals can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A role
is a named list of permissions; each role can be an
IAM predefined role or a user-created custom role.
For some types of Google Cloud resources, a binding
can also specify a condition, which is a logical
expression that allows access to a resource only if
the expression evaluates to true. A condition can add
constraints based on attributes of the request, the
resource, or both. To learn which resources support
conditions in their IAM policies, see the [IAM
documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
**JSON example:**
{
"bindings": [
Expand All @@ -2981,17 +2986,17 @@ def sample_set_iam_policy():
}, { "role":
"roles/resourcemanager.organizationViewer",
"members": ["user:eve@example.com"],
"members": [ "user:eve@example.com" ],
"condition": { "title": "expirable access",
"description": "Does not grant access after
Sep 2020", "expression": "request.time <
timestamp('2020-10-01T00:00:00.000Z')", } }
]
], "etag": "BwWWja0YfJA=", "version": 3
}
**YAML Example**
**YAML example:**
bindings: - members: - user:\ mike@example.com -
group:\ admins@example.com - domain:google.com -
Expand All @@ -3002,11 +3007,12 @@ def sample_set_iam_policy():
condition: title: expirable access description:
Does not grant access after Sep 2020 expression:
request.time <
timestamp('2020-10-01T00:00:00.000Z')
timestamp('2020-10-01T00:00:00.000Z') etag:
BwWWja0YfJA= version: 3
For a description of IAM and its features, see the
[IAM developer's
guide](\ https://cloud.google.com/iam/docs).
[IAM
documentation](\ https://cloud.google.com/iam/docs/).
"""
# Create or coerce a protobuf request object.
Expand Down Expand Up @@ -3080,21 +3086,26 @@ def sample_get_iam_policy():
Returns:
google.iam.v1.policy_pb2.Policy:
Defines an Identity and Access Management (IAM) policy. It is used to
specify access control policies for Cloud Platform
resources.
An Identity and Access Management (IAM) policy, which specifies access
controls for Google Cloud resources.
A Policy is a collection of bindings. A binding binds
one or more members to a single role. Members can be
user accounts, service accounts, Google groups, and
domains (such as G Suite). A role is a named list of
permissions (defined by IAM or configured by users).
A binding can optionally specify a condition, which
is a logic expression that further constrains the
role binding based on attributes about the request
and/or target resource.
**JSON Example**
one or more members, or principals, to a single role.
Principals can be user accounts, service accounts,
Google groups, and domains (such as G Suite). A role
is a named list of permissions; each role can be an
IAM predefined role or a user-created custom role.
For some types of Google Cloud resources, a binding
can also specify a condition, which is a logical
expression that allows access to a resource only if
the expression evaluates to true. A condition can add
constraints based on attributes of the request, the
resource, or both. To learn which resources support
conditions in their IAM policies, see the [IAM
documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
**JSON example:**
{
"bindings": [
Expand All @@ -3109,17 +3120,17 @@ def sample_get_iam_policy():
}, { "role":
"roles/resourcemanager.organizationViewer",
"members": ["user:eve@example.com"],
"members": [ "user:eve@example.com" ],
"condition": { "title": "expirable access",
"description": "Does not grant access after
Sep 2020", "expression": "request.time <
timestamp('2020-10-01T00:00:00.000Z')", } }
]
], "etag": "BwWWja0YfJA=", "version": 3
}
**YAML Example**
**YAML example:**
bindings: - members: - user:\ mike@example.com -
group:\ admins@example.com - domain:google.com -
Expand All @@ -3130,11 +3141,12 @@ def sample_get_iam_policy():
condition: title: expirable access description:
Does not grant access after Sep 2020 expression:
request.time <
timestamp('2020-10-01T00:00:00.000Z')
timestamp('2020-10-01T00:00:00.000Z') etag:
BwWWja0YfJA= version: 3
For a description of IAM and its features, see the
[IAM developer's
guide](\ https://cloud.google.com/iam/docs).
[IAM
documentation](\ https://cloud.google.com/iam/docs/).
"""
# Create or coerce a protobuf request object.
Expand Down
4 changes: 3 additions & 1 deletion google/cloud/artifactregistry_v1/types/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,9 @@
Repository,
UpdateRepositoryRequest,
)
from .service import OperationMetadata
from .service import (
OperationMetadata,
)
from .settings import (
GetProjectSettingsRequest,
ProjectSettings,
Expand Down
Loading

0 comments on commit c22893b

Please sign in to comment.