| // Copyright 2026 Google LLC |
| // |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file or at |
| // https://developers.google.com/open-source/licenses/bsd |
| |
| // This is a generated file (see the discoveryapis_generator project). |
| |
| // ignore_for_file: camel_case_types |
| // ignore_for_file: comment_references |
| // ignore_for_file: deprecated_member_use_from_same_package |
| // ignore_for_file: doc_directive_unknown |
| // ignore_for_file: lines_longer_than_80_chars |
| // ignore_for_file: non_constant_identifier_names |
| // ignore_for_file: prefer_interpolation_to_compose_strings |
| // ignore_for_file: unintended_html_in_doc_comment |
| // ignore_for_file: unnecessary_brace_in_string_interps |
| // ignore_for_file: unnecessary_lambdas |
| // ignore_for_file: unnecessary_string_interpolations |
| |
| /// BigQuery Data Policy API - v2 |
| /// |
| /// Allows users to manage BigQuery data policies. |
| /// |
| /// For more information, see |
| /// <https://cloud.google.com/bigquery/docs/column-data-masking> |
| /// |
| /// Create an instance of [BigQueryDataPolicyServiceApi] to access these |
| /// resources: |
| /// |
| /// - [ProjectsResource] |
| /// - [ProjectsLocationsResource] |
| /// - [ProjectsLocationsDataPoliciesResource] |
| library; |
| |
| import 'dart:async' as async; |
| import 'dart:convert' as convert; |
| import 'dart:core' as core; |
| |
| import 'package:_discoveryapis_commons/_discoveryapis_commons.dart' as commons; |
| import 'package:http/http.dart' as http; |
| |
| import '../shared.dart'; |
| import '../src/user_agent.dart'; |
| |
| export 'package:_discoveryapis_commons/_discoveryapis_commons.dart' |
| show ApiRequestError, DetailedApiRequestError; |
| |
| /// Allows users to manage BigQuery data policies. |
| class BigQueryDataPolicyServiceApi { |
| /// View and manage your data in Google BigQuery and see the email address for |
| /// your Google Account |
| static const bigqueryScope = 'https://www.googleapis.com/auth/bigquery'; |
| |
| /// See, edit, configure, and delete your Google Cloud data and see the email |
| /// address for your Google Account. |
| static const cloudPlatformScope = |
| 'https://www.googleapis.com/auth/cloud-platform'; |
| |
| final commons.ApiRequester _requester; |
| |
| ProjectsResource get projects => ProjectsResource(_requester); |
| |
| BigQueryDataPolicyServiceApi( |
| http.Client client, { |
| core.String rootUrl = 'https://bigquerydatapolicy.googleapis.com/', |
| core.String servicePath = '', |
| }) : _requester = commons.ApiRequester( |
| client, |
| rootUrl, |
| servicePath, |
| requestHeaders, |
| ); |
| } |
| |
| class ProjectsResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsResource get locations => |
| ProjectsLocationsResource(_requester); |
| |
| ProjectsResource(commons.ApiRequester client) : _requester = client; |
| } |
| |
| class ProjectsLocationsResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsDataPoliciesResource get dataPolicies => |
| ProjectsLocationsDataPoliciesResource(_requester); |
| |
| ProjectsLocationsResource(commons.ApiRequester client) : _requester = client; |
| } |
| |
| class ProjectsLocationsDataPoliciesResource { |
| final commons.ApiRequester _requester; |
| |
| ProjectsLocationsDataPoliciesResource(commons.ApiRequester client) |
| : _requester = client; |
| |
| /// Adds new grantees to a data policy. |
| /// |
| /// The new grantees will be added to the existing grantees. If the request |
| /// contains a duplicate grantee, the grantee will be ignored. If the request |
| /// contains a grantee that already exists, the grantee will be ignored. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [dataPolicy] - Required. Resource name of this data policy, in the format |
| /// of |
| /// `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [DataPolicy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<DataPolicy> addGrantees( |
| AddGranteesRequest request, |
| core.String dataPolicy, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v2/' + core.Uri.encodeFull('$dataPolicy') + ':addGrantees'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return DataPolicy.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Creates a new data policy under a project with the given `data_policy_id` |
| /// (used as the display name), and data policy type. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. Resource name of the project that the data policy |
| /// will belong to. The format is |
| /// `projects/{project_number}/locations/{location_id}`. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [DataPolicy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<DataPolicy> create( |
| CreateDataPolicyRequest request, |
| core.String parent, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v2/' + core.Uri.encodeFull('$parent') + '/dataPolicies'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return DataPolicy.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Deletes the data policy specified by its resource name. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. Resource name of the data policy to delete. Format is |
| /// `projects/{project_number}/locations/{location_id}/dataPolicies/{id}`. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Empty]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Empty> delete(core.String name, {core.String? $fields}) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v2/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'DELETE', |
| queryParams: queryParams_, |
| ); |
| return Empty.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Gets the data policy specified by its resource name. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Required. Resource name of the requested data policy. Format is |
| /// `projects/{project_number}/locations/{location_id}/dataPolicies/{id}`. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [DataPolicy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<DataPolicy> get(core.String name, {core.String? $fields}) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v2/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return DataPolicy.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Gets the IAM policy for the specified data policy. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy is being |
| /// requested. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Policy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Policy> getIamPolicy( |
| GetIamPolicyRequest request, |
| core.String resource, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v2/' + core.Uri.encodeFull('$resource') + ':getIamPolicy'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// List all of the data policies in the specified parent project. |
| /// |
| /// Request parameters: |
| /// |
| /// [parent] - Required. Resource name of the project for which to list data |
| /// policies. Format is `projects/{project_number}/locations/{location_id}`. |
| /// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`. |
| /// |
| /// [filter] - Optional. Filters the data policies by policy tags that they |
| /// are associated with. Currently filter only supports "policy_tag" based |
| /// filtering and OR based predicates. Sample filter can be "policy_tag: |
| /// projects/1/locations/us/taxonomies/2/policyTags/3". You may also use |
| /// wildcard such as "policy_tag: projects/1/locations/us/taxonomies/2*". |
| /// Please note that OR predicates cannot be used with wildcard filters. |
| /// |
| /// [pageSize] - Optional. The maximum number of data policies to return. Must |
| /// be a value between 1 and 1000. If not set, defaults to 50. |
| /// |
| /// [pageToken] - Optional. The `nextPageToken` value returned from a previous |
| /// list request, if any. If not set, defaults to an empty string. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [ListDataPoliciesResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<ListDataPoliciesResponse> list( |
| core.String parent, { |
| core.String? filter, |
| core.int? pageSize, |
| core.String? pageToken, |
| core.String? $fields, |
| }) async { |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'filter': ?filter == null ? null : [filter], |
| 'pageSize': ?pageSize == null ? null : ['${pageSize}'], |
| 'pageToken': ?pageToken == null ? null : [pageToken], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v2/' + core.Uri.encodeFull('$parent') + '/dataPolicies'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'GET', |
| queryParams: queryParams_, |
| ); |
| return ListDataPoliciesResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Updates the metadata for an existing data policy. |
| /// |
| /// The target data policy can be specified by the resource name. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [name] - Identifier. Resource name of this data policy, in the format of |
| /// `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`. |
| /// |
| /// [allowMissing] - Optional. If set to true, and the data policy is not |
| /// found, a new data policy will be created. In this situation, update_mask |
| /// is ignored. |
| /// |
| /// [updateMask] - Optional. The update mask applies to the resource. For the |
| /// `FieldMask` definition, see |
| /// https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask |
| /// If not set, defaults to all of the fields that are allowed to update. |
| /// Updates to the `name` and `dataPolicyId` fields are not allowed. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [DataPolicy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<DataPolicy> patch( |
| DataPolicy request, |
| core.String name, { |
| core.bool? allowMissing, |
| core.String? updateMask, |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'allowMissing': ?allowMissing == null ? null : ['${allowMissing}'], |
| 'updateMask': ?updateMask == null ? null : [updateMask], |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v2/' + core.Uri.encodeFull('$name'); |
| |
| final response_ = await _requester.request( |
| url_, |
| 'PATCH', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return DataPolicy.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Removes grantees from a data policy. |
| /// |
| /// The grantees will be removed from the existing grantees. If the request |
| /// contains a grantee that does not exist, the grantee will be ignored. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [dataPolicy] - Required. Resource name of this data policy, in the format |
| /// of |
| /// `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [DataPolicy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<DataPolicy> removeGrantees( |
| RemoveGranteesRequest request, |
| core.String dataPolicy, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v2/' + core.Uri.encodeFull('$dataPolicy') + ':removeGrantees'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return DataPolicy.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| |
| /// Sets the IAM policy for the specified data policy. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy is being |
| /// specified. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [Policy]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<Policy> setIamPolicy( |
| SetIamPolicyRequest request, |
| core.String resource, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = 'v2/' + core.Uri.encodeFull('$resource') + ':setIamPolicy'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>); |
| } |
| |
| /// Returns the caller's permission on the specified data policy resource. |
| /// |
| /// [request] - The metadata request object. |
| /// |
| /// Request parameters: |
| /// |
| /// [resource] - REQUIRED: The resource for which the policy detail is being |
| /// requested. See |
| /// [Resource names](https://cloud.google.com/apis/design/resource_names) for |
| /// the appropriate value for this field. |
| /// Value must have pattern |
| /// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`. |
| /// |
| /// [$fields] - Selector specifying which fields to include in a partial |
| /// response. |
| /// |
| /// Completes with a [TestIamPermissionsResponse]. |
| /// |
| /// Completes with a [commons.ApiRequestError] if the API endpoint returned an |
| /// error. |
| /// |
| /// If the used [http.Client] completes with an error when making a REST call, |
| /// this method will complete with the same error. |
| async.Future<TestIamPermissionsResponse> testIamPermissions( |
| TestIamPermissionsRequest request, |
| core.String resource, { |
| core.String? $fields, |
| }) async { |
| final body_ = convert.json.encode(request); |
| final queryParams_ = <core.String, core.List<core.String>>{ |
| 'fields': ?$fields == null ? null : [$fields], |
| }; |
| |
| final url_ = |
| 'v2/' + core.Uri.encodeFull('$resource') + ':testIamPermissions'; |
| |
| final response_ = await _requester.request( |
| url_, |
| 'POST', |
| body: body_, |
| queryParams: queryParams_, |
| ); |
| return TestIamPermissionsResponse.fromJson( |
| response_ as core.Map<core.String, core.dynamic>, |
| ); |
| } |
| } |
| |
| /// Request message for the AddGrantees method. |
| class AddGranteesRequest { |
| /// IAM principal that should be granted Fine Grained Access to the underlying |
| /// data goverened by the data policy. |
| /// |
| /// The target data policy is determined by the `data_policy` field. Uses the |
| /// [IAM V2 principal syntax](https://cloud.google.com/iam/docs/principal-identifiers#v2). |
| /// Supported principal types: * User * Group * Service account |
| /// |
| /// Required. |
| core.List<core.String>? grantees; |
| |
| AddGranteesRequest({this.grantees}); |
| |
| AddGranteesRequest.fromJson(core.Map json_) |
| : this( |
| grantees: (json_['grantees'] as core.List?) |
| ?.map((value) => value as core.String) |
| .toList(), |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final grantees = this.grantees; |
| return {'grantees': ?grantees}; |
| } |
| } |
| |
| /// Specifies the audit configuration for a service. |
| /// |
| /// The configuration determines which permission types are logged, and what |
| /// identities, if any, are exempted from logging. An AuditConfig must have one |
| /// or more AuditLogConfigs. If there are AuditConfigs for both `allServices` |
| /// and a specific service, the union of the two AuditConfigs is used for that |
| /// service: the log_types specified in each AuditConfig are enabled, and the |
| /// exempted_members in each AuditLogConfig are exempted. Example Policy with |
| /// multiple AuditConfigs: { "audit_configs": \[ { "service": "allServices", |
| /// "audit_log_configs": \[ { "log_type": "DATA_READ", "exempted_members": \[ |
| /// "user:jose@example.com" \] }, { "log_type": "DATA_WRITE" }, { "log_type": |
| /// "ADMIN_READ" } \] }, { "service": "sampleservice.googleapis.com", |
| /// "audit_log_configs": \[ { "log_type": "DATA_READ" }, { "log_type": |
| /// "DATA_WRITE", "exempted_members": \[ "user:aliya@example.com" \] } \] } \] } |
| /// For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ |
| /// logging. It also exempts `jose@example.com` from DATA_READ logging, and |
| /// `aliya@example.com` from DATA_WRITE logging. |
| class AuditConfig { |
| /// The configuration for logging of each type of permission. |
| core.List<AuditLogConfig>? auditLogConfigs; |
| |
| /// Specifies a service that will be enabled for audit logging. |
| /// |
| /// For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. |
| /// `allServices` is a special value that covers all services. |
| core.String? service; |
| |
| AuditConfig({this.auditLogConfigs, this.service}); |
| |
| AuditConfig.fromJson(core.Map json_) |
| : this( |
| auditLogConfigs: (json_['auditLogConfigs'] as core.List?) |
| ?.map( |
| (value) => AuditLogConfig.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| service: json_['service'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final auditLogConfigs = this.auditLogConfigs; |
| final service = this.service; |
| return {'auditLogConfigs': ?auditLogConfigs, 'service': ?service}; |
| } |
| } |
| |
| /// Provides the configuration for logging a type of permissions. |
| /// |
| /// Example: { "audit_log_configs": \[ { "log_type": "DATA_READ", |
| /// "exempted_members": \[ "user:jose@example.com" \] }, { "log_type": |
| /// "DATA_WRITE" } \] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while |
| /// exempting jose@example.com from DATA_READ logging. |
| typedef AuditLogConfig = $AuditLogConfig; |
| |
| /// Associates `members`, or principals, with a `role`. |
| class Binding { |
| /// The condition that is associated with this binding. |
| /// |
| /// If the condition evaluates to `true`, then this binding applies to the |
| /// current request. If the condition evaluates to `false`, then this binding |
| /// does not apply to the current request. However, a different role binding |
| /// might grant the same role to one or more of the principals in this |
| /// binding. To learn which resources support conditions in their IAM |
| /// policies, see the |
| /// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| Expr? condition; |
| |
| /// Specifies the principals requesting access for a Google Cloud resource. |
| /// |
| /// `members` can have the following values: * `allUsers`: A special |
| /// identifier that represents anyone who is on the internet; with or without |
| /// a Google account. * `allAuthenticatedUsers`: A special identifier that |
| /// represents anyone who is authenticated with a Google account or a service |
| /// account. Does not include identities that come from external identity |
| /// providers (IdPs) through identity federation. * `user:{emailid}`: An email |
| /// address that represents a specific Google account. For example, |
| /// `alice@example.com` . * `serviceAccount:{emailid}`: An email address that |
| /// represents a Google service account. For example, |
| /// `my-other-app@appspot.gserviceaccount.com`. * |
| /// `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An |
| /// identifier for a |
| /// [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). |
| /// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * |
| /// `group:{emailid}`: An email address that represents a Google group. For |
| /// example, `admins@example.com`. * `domain:{domain}`: The G Suite domain |
| /// (primary) that represents all the users of that domain. For example, |
| /// `google.com` or `example.com`. * |
| /// `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: |
| /// A single identity in a workforce identity pool. * |
| /// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: |
| /// All workforce identities in a group. * |
| /// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: |
| /// All workforce identities with a specific attribute value. * |
| /// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id} |
| /// / * `: All identities in a workforce identity pool. * |
| /// `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: |
| /// A single identity in a workload identity pool. * |
| /// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: |
| /// A workload identity pool group. * |
| /// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: |
| /// All identities in a workload identity pool with a certain attribute. * |
| /// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id} |
| /// / * `: All identities in a workload identity pool. * |
| /// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique |
| /// identifier) representing a user that has been recently deleted. For |
| /// example, `alice@example.com?uid=123456789012345678901`. If the user is |
| /// recovered, this value reverts to `user:{emailid}` and the recovered user |
| /// retains the role in the binding. * |
| /// `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus |
| /// unique identifier) representing a service account that has been recently |
| /// deleted. For example, |
| /// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If |
| /// the service account is undeleted, this value reverts to |
| /// `serviceAccount:{emailid}` and the undeleted service account retains the |
| /// role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email |
| /// address (plus unique identifier) representing a Google group that has been |
| /// recently deleted. For example, |
| /// `admins@example.com?uid=123456789012345678901`. If the group is recovered, |
| /// this value reverts to `group:{emailid}` and the recovered group retains |
| /// the role in the binding. * |
| /// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: |
| /// Deleted single identity in a workforce identity pool. For example, |
| /// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. |
| core.List<core.String>? members; |
| |
| /// Role that is assigned to the list of `members`, or principals. |
| /// |
| /// For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an |
| /// overview of the IAM roles and permissions, see the |
| /// [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For |
| /// a list of the available pre-defined roles, see |
| /// [here](https://cloud.google.com/iam/docs/understanding-roles). |
| core.String? role; |
| |
| Binding({this.condition, this.members, this.role}); |
| |
| Binding.fromJson(core.Map json_) |
| : this( |
| condition: json_.containsKey('condition') |
| ? Expr.fromJson( |
| json_['condition'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| members: (json_['members'] as core.List?) |
| ?.map((value) => value as core.String) |
| .toList(), |
| role: json_['role'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final condition = this.condition; |
| final members = this.members; |
| final role = this.role; |
| return {'condition': ?condition, 'members': ?members, 'role': ?role}; |
| } |
| } |
| |
| /// Request message for the CreateDataPolicy method. |
| class CreateDataPolicyRequest { |
| /// The data policy to create. |
| /// |
| /// The `name` field does not need to be provided for the data policy |
| /// creation. |
| /// |
| /// Required. |
| DataPolicy? dataPolicy; |
| |
| /// User-assigned (human readable) ID of the data policy that needs to be |
| /// unique within a project. |
| /// |
| /// Used as {data_policy_id} in part of the resource name. |
| /// |
| /// Required. |
| core.String? dataPolicyId; |
| |
| CreateDataPolicyRequest({this.dataPolicy, this.dataPolicyId}); |
| |
| CreateDataPolicyRequest.fromJson(core.Map json_) |
| : this( |
| dataPolicy: json_.containsKey('dataPolicy') |
| ? DataPolicy.fromJson( |
| json_['dataPolicy'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| dataPolicyId: json_['dataPolicyId'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final dataPolicy = this.dataPolicy; |
| final dataPolicyId = this.dataPolicyId; |
| return {'dataPolicy': ?dataPolicy, 'dataPolicyId': ?dataPolicyId}; |
| } |
| } |
| |
| /// The policy used to specify data masking rule. |
| class DataMaskingPolicy { |
| /// A predefined masking expression. |
| /// |
| /// Optional. |
| /// Possible string values are: |
| /// - "PREDEFINED_EXPRESSION_UNSPECIFIED" : Default, unspecified predefined |
| /// expression. No masking will take place since no expression is specified. |
| /// - "SHA256" : Masking expression to replace data with SHA-256 hash. |
| /// - "ALWAYS_NULL" : Masking expression to replace data with NULLs. |
| /// - "DEFAULT_MASKING_VALUE" : Masking expression to replace data with their |
| /// default masking values. The default masking values for each type listed as |
| /// below: * STRING: "" * BYTES: b'' * INTEGER: 0 * FLOAT: 0.0 * NUMERIC: 0 * |
| /// BOOLEAN: FALSE * TIMESTAMP: 1970-01-01 00:00:00 UTC * DATE: 1970-01-01 * |
| /// TIME: 00:00:00 * DATETIME: 1970-01-01T00:00:00 * GEOGRAPHY: POINT(0 0) * |
| /// BIGNUMERIC: 0 * ARRAY: \[\] * STRUCT: NOT_APPLICABLE * JSON: NULL |
| /// - "LAST_FOUR_CHARACTERS" : Masking expression shows the last four |
| /// characters of text. The masking behavior is as follows: * If text length |
| /// \> 4 characters: Replace text with XXXXX, append last four characters of |
| /// original text. * If text length \<= 4 characters: Apply SHA-256 hash. |
| /// - "FIRST_FOUR_CHARACTERS" : Masking expression shows the first four |
| /// characters of text. The masking behavior is as follows: * If text length |
| /// \> 4 characters: Replace text with XXXXX, prepend first four characters of |
| /// original text. * If text length \<= 4 characters: Apply SHA-256 hash. |
| /// - "EMAIL_MASK" : Masking expression for email addresses. The masking |
| /// behavior is as follows: * Syntax-valid email address: Replace username |
| /// with XXXXX. For example, cloudysanfrancisco@gmail.com becomes |
| /// XXXXX@gmail.com. * Syntax-invalid email address: Apply SHA-256 hash. For |
| /// more information, see |
| /// [Email mask](https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options). |
| /// - "DATE_YEAR_MASK" : Masking expression to only show the *year* of `Date`, |
| /// `DateTime` and `TimeStamp`. For example, with the year 2076: * DATE : |
| /// 2076-01-01 * DATETIME : 2076-01-01T00:00:00 * TIMESTAMP : 2076-01-01 |
| /// 00:00:00 UTC Truncation occurs according to the UTC time zone. To change |
| /// this, adjust the default time zone using the `time_zone` system variable. |
| /// For more information, see |
| /// [System variables reference](https://cloud.google.com/bigquery/docs/reference/system-variables). |
| /// - "RANDOM_HASH" : Masking expression that uses hashing to mask column |
| /// data. It differs from SHA256 in that a unique random value is generated |
| /// for each query and is added to the hash input, resulting in the hash / |
| /// masked result to be different for each query. Hence the name "random |
| /// hash". |
| core.String? predefinedExpression; |
| |
| /// The name of the BigQuery routine that contains the custom masking routine, |
| /// in the format of |
| /// `projects/{project_number}/datasets/{dataset_id}/routines/{routine_id}`. |
| /// |
| /// Optional. |
| core.String? routine; |
| |
| DataMaskingPolicy({this.predefinedExpression, this.routine}); |
| |
| DataMaskingPolicy.fromJson(core.Map json_) |
| : this( |
| predefinedExpression: json_['predefinedExpression'] as core.String?, |
| routine: json_['routine'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final predefinedExpression = this.predefinedExpression; |
| final routine = this.routine; |
| return {'predefinedExpression': ?predefinedExpression, 'routine': ?routine}; |
| } |
| } |
| |
| /// Represents the label-policy binding. |
| class DataPolicy { |
| /// The data masking policy that specifies the data masking rule to use. |
| /// |
| /// It must be set if the data policy type is DATA_MASKING_POLICY. |
| /// |
| /// Optional. |
| DataMaskingPolicy? dataMaskingPolicy; |
| |
| /// User-assigned (human readable) ID of the data policy that needs to be |
| /// unique within a project. |
| /// |
| /// Used as {data_policy_id} in part of the resource name. |
| /// |
| /// Output only. |
| core.String? dataPolicyId; |
| |
| /// Type of data policy. |
| /// |
| /// Required. |
| /// Possible string values are: |
| /// - "DATA_POLICY_TYPE_UNSPECIFIED" : Default value for the data policy type. |
| /// This should not be used. |
| /// - "DATA_MASKING_POLICY" : Used to create a data policy for data masking. |
| /// - "RAW_DATA_ACCESS_POLICY" : Used to create a data policy for raw data |
| /// access. |
| /// - "COLUMN_LEVEL_SECURITY_POLICY" : Used to create a data policy for |
| /// column-level security, without data masking. This is deprecated in V2 api |
| /// and only present to support GET and LIST operations for V1 data policies |
| /// in V2 api. |
| core.String? dataPolicyType; |
| |
| /// The etag for this Data Policy. |
| /// |
| /// This field is used for UpdateDataPolicy calls. If Data Policy exists, this |
| /// field is required and must match the server's etag. It will also be |
| /// populated in the response of GetDataPolicy, CreateDataPolicy, and |
| /// UpdateDataPolicy calls. |
| core.String? etag; |
| |
| /// The list of IAM principals that have Fine Grained Access to the underlying |
| /// data goverened by this data policy. |
| /// |
| /// Uses the |
| /// [IAM V2 principal syntax](https://cloud.google.com/iam/docs/principal-identifiers#v2) |
| /// Only supports principal types users, groups, serviceaccounts, |
| /// cloudidentity. This field is supported in V2 Data Policy only. In case of |
| /// V1 data policies (i.e. verion = 1 and policy_tag is set), this field is |
| /// not populated. |
| /// |
| /// Optional. |
| core.List<core.String>? grantees; |
| |
| /// Identifier. |
| /// |
| /// Resource name of this data policy, in the format of |
| /// `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`. |
| core.String? name; |
| |
| /// Policy tag resource name, in the format of |
| /// `projects/{project_number}/locations/{location_id}/taxonomies/{taxonomy_id}/policyTags/{policyTag_id}`. |
| /// |
| /// policy_tag is supported only for V1 data policies. |
| /// |
| /// Output only. |
| core.String? policyTag; |
| |
| /// The version of the Data Policy resource. |
| /// |
| /// Output only. |
| /// Possible string values are: |
| /// - "VERSION_UNSPECIFIED" : Default value for the data policy version. This |
| /// should not be used. |
| /// - "V1" : V1 data policy version. V1 Data Policies will be present in V2 |
| /// List api response, but can not be created/updated/deleted from V2 api. |
| /// - "V2" : V2 data policy version. |
| core.String? version; |
| |
| DataPolicy({ |
| this.dataMaskingPolicy, |
| this.dataPolicyId, |
| this.dataPolicyType, |
| this.etag, |
| this.grantees, |
| this.name, |
| this.policyTag, |
| this.version, |
| }); |
| |
| DataPolicy.fromJson(core.Map json_) |
| : this( |
| dataMaskingPolicy: json_.containsKey('dataMaskingPolicy') |
| ? DataMaskingPolicy.fromJson( |
| json_['dataMaskingPolicy'] |
| as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| dataPolicyId: json_['dataPolicyId'] as core.String?, |
| dataPolicyType: json_['dataPolicyType'] as core.String?, |
| etag: json_['etag'] as core.String?, |
| grantees: (json_['grantees'] as core.List?) |
| ?.map((value) => value as core.String) |
| .toList(), |
| name: json_['name'] as core.String?, |
| policyTag: json_['policyTag'] as core.String?, |
| version: json_['version'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final dataMaskingPolicy = this.dataMaskingPolicy; |
| final dataPolicyId = this.dataPolicyId; |
| final dataPolicyType = this.dataPolicyType; |
| final etag = this.etag; |
| final grantees = this.grantees; |
| final name = this.name; |
| final policyTag = this.policyTag; |
| final version = this.version; |
| return { |
| 'dataMaskingPolicy': ?dataMaskingPolicy, |
| 'dataPolicyId': ?dataPolicyId, |
| 'dataPolicyType': ?dataPolicyType, |
| 'etag': ?etag, |
| 'grantees': ?grantees, |
| 'name': ?name, |
| 'policyTag': ?policyTag, |
| 'version': ?version, |
| }; |
| } |
| } |
| |
| /// A generic empty message that you can re-use to avoid defining duplicated |
| /// empty messages in your APIs. |
| /// |
| /// A typical example is to use it as the request or the response type of an API |
| /// method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns |
| /// (google.protobuf.Empty); } |
| typedef Empty = $Empty; |
| |
| /// Represents a textual expression in the Common Expression Language (CEL) |
| /// syntax. |
| /// |
| /// CEL is a C-like expression language. The syntax and semantics of CEL are |
| /// documented at https://github.com/google/cel-spec. Example (Comparison): |
| /// title: "Summary size limit" description: "Determines if a summary is less |
| /// than 100 chars" expression: "document.summary.size() \< 100" Example |
| /// (Equality): title: "Requestor is owner" description: "Determines if |
| /// requestor is the document owner" expression: "document.owner == |
| /// request.auth.claims.email" Example (Logic): title: "Public documents" |
| /// description: "Determine whether the document should be publicly visible" |
| /// expression: "document.type != 'private' && document.type != 'internal'" |
| /// Example (Data Manipulation): title: "Notification string" description: |
| /// "Create a notification string with a timestamp." expression: "'New message |
| /// received at ' + string(document.create_time)" The exact variables and |
| /// functions that may be referenced within an expression are determined by the |
| /// service that evaluates it. See the service documentation for additional |
| /// information. |
| typedef Expr = $Expr; |
| |
| /// Request message for `GetIamPolicy` method. |
| class GetIamPolicyRequest { |
| /// OPTIONAL: A `GetPolicyOptions` object for specifying options to |
| /// `GetIamPolicy`. |
| GetPolicyOptions? options; |
| |
| GetIamPolicyRequest({this.options}); |
| |
| GetIamPolicyRequest.fromJson(core.Map json_) |
| : this( |
| options: json_.containsKey('options') |
| ? GetPolicyOptions.fromJson( |
| json_['options'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final options = this.options; |
| return {'options': ?options}; |
| } |
| } |
| |
| /// Encapsulates settings provided to GetIamPolicy. |
| typedef GetPolicyOptions = $GetPolicyOptions00; |
| |
| /// Response message for the ListDataPolicies method. |
| class ListDataPoliciesResponse { |
| /// Data policies that belong to the requested project. |
| core.List<DataPolicy>? dataPolicies; |
| |
| /// Token used to retrieve the next page of results, or empty if there are no |
| /// more results. |
| core.String? nextPageToken; |
| |
| ListDataPoliciesResponse({this.dataPolicies, this.nextPageToken}); |
| |
| ListDataPoliciesResponse.fromJson(core.Map json_) |
| : this( |
| dataPolicies: (json_['dataPolicies'] as core.List?) |
| ?.map( |
| (value) => DataPolicy.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| nextPageToken: json_['nextPageToken'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final dataPolicies = this.dataPolicies; |
| final nextPageToken = this.nextPageToken; |
| return {'dataPolicies': ?dataPolicies, 'nextPageToken': ?nextPageToken}; |
| } |
| } |
| |
| /// An Identity and Access Management (IAM) policy, which specifies access |
| /// controls for Google Cloud resources. |
| /// |
| /// A `Policy` is a collection of `bindings`. A `binding` binds one or more |
| /// `members`, or principals, to a single `role`. Principals can be user |
| /// accounts, service accounts, Google groups, and domains (such as G Suite). A |
| /// `role` is a named list of permissions; each `role` can be an IAM predefined |
| /// role or a user-created custom role. For some types of Google Cloud |
| /// resources, a `binding` can also specify a `condition`, which is a logical |
| /// expression that allows access to a resource only if the expression evaluates |
| /// to `true`. A condition can add constraints based on attributes of the |
| /// request, the resource, or both. To learn which resources support conditions |
| /// in their IAM policies, see the |
| /// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| /// **JSON example:** ``` { "bindings": [ { "role": |
| /// "roles/resourcemanager.organizationAdmin", "members": [ |
| /// "user:mike@example.com", "group:admins@example.com", "domain:google.com", |
| /// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": |
| /// "roles/resourcemanager.organizationViewer", "members": [ |
| /// "user:eve@example.com" ], "condition": { "title": "expirable access", |
| /// "description": "Does not grant access after Sep 2020", "expression": |
| /// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": |
| /// "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: - |
| /// members: - user:mike@example.com - group:admins@example.com - |
| /// domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com |
| /// role: roles/resourcemanager.organizationAdmin - members: - |
| /// user:eve@example.com role: roles/resourcemanager.organizationViewer |
| /// condition: title: expirable access description: Does not grant access after |
| /// Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') |
| /// etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, |
| /// see the [IAM documentation](https://cloud.google.com/iam/docs/). |
| class Policy { |
| /// Specifies cloud audit logging configuration for this policy. |
| core.List<AuditConfig>? auditConfigs; |
| |
| /// Associates a list of `members`, or principals, with a `role`. |
| /// |
| /// Optionally, may specify a `condition` that determines how and when the |
| /// `bindings` are applied. Each of the `bindings` must contain at least one |
| /// principal. The `bindings` in a `Policy` can refer to up to 1,500 |
| /// principals; up to 250 of these principals can be Google groups. Each |
| /// occurrence of a principal counts towards these limits. For example, if the |
| /// `bindings` grant 50 different roles to `user:alice@example.com`, and not |
| /// to any other principal, then you can add another 1,450 principals to the |
| /// `bindings` in the `Policy`. |
| core.List<Binding>? bindings; |
| |
| /// `etag` is used for optimistic concurrency control as a way to help prevent |
| /// simultaneous updates of a policy from overwriting each other. |
| /// |
| /// It is strongly suggested that systems make use of the `etag` in the |
| /// read-modify-write cycle to perform policy updates in order to avoid race |
| /// conditions: An `etag` is returned in the response to `getIamPolicy`, and |
| /// systems are expected to put that etag in the request to `setIamPolicy` to |
| /// ensure that their change will be applied to the same version of the |
| /// policy. **Important:** If you use IAM Conditions, you must include the |
| /// `etag` field whenever you call `setIamPolicy`. If you omit this field, |
| /// then IAM allows you to overwrite a version `3` policy with a version `1` |
| /// policy, and all of the conditions in the version `3` policy are lost. |
| core.String? etag; |
| core.List<core.int> get etagAsBytes => convert.base64.decode(etag!); |
| |
| set etagAsBytes(core.List<core.int> bytes_) { |
| etag = convert.base64 |
| .encode(bytes_) |
| .replaceAll('/', '_') |
| .replaceAll('+', '-'); |
| } |
| |
| /// Specifies the format of the policy. |
| /// |
| /// Valid values are `0`, `1`, and `3`. Requests that specify an invalid value |
| /// are rejected. Any operation that affects conditional role bindings must |
| /// specify version `3`. This requirement applies to the following operations: |
| /// * Getting a policy that includes a conditional role binding * Adding a |
| /// conditional role binding to a policy * Changing a conditional role binding |
| /// in a policy * Removing any role binding, with or without a condition, from |
| /// a policy that includes conditions **Important:** If you use IAM |
| /// Conditions, you must include the `etag` field whenever you call |
| /// `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a |
| /// version `3` policy with a version `1` policy, and all of the conditions in |
| /// the version `3` policy are lost. If a policy does not include any |
| /// conditions, operations on that policy may specify any valid version or |
| /// leave the field unset. To learn which resources support conditions in |
| /// their IAM policies, see the |
| /// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). |
| core.int? version; |
| |
| Policy({this.auditConfigs, this.bindings, this.etag, this.version}); |
| |
| Policy.fromJson(core.Map json_) |
| : this( |
| auditConfigs: (json_['auditConfigs'] as core.List?) |
| ?.map( |
| (value) => AuditConfig.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| bindings: (json_['bindings'] as core.List?) |
| ?.map( |
| (value) => Binding.fromJson( |
| value as core.Map<core.String, core.dynamic>, |
| ), |
| ) |
| .toList(), |
| etag: json_['etag'] as core.String?, |
| version: json_['version'] as core.int?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final auditConfigs = this.auditConfigs; |
| final bindings = this.bindings; |
| final etag = this.etag; |
| final version = this.version; |
| return { |
| 'auditConfigs': ?auditConfigs, |
| 'bindings': ?bindings, |
| 'etag': ?etag, |
| 'version': ?version, |
| }; |
| } |
| } |
| |
| /// Request message for the RemoveGrantees method. |
| class RemoveGranteesRequest { |
| /// IAM principal that should be revoked from Fine Grained Access to the |
| /// underlying data goverened by the data policy. |
| /// |
| /// The target data policy is determined by the `data_policy` field. Uses the |
| /// [IAM V2 principal syntax](https://cloud.google.com/iam/docs/principal-identifiers#v2). |
| /// Supported principal types: * User * Group * Service account |
| /// |
| /// Required. |
| core.List<core.String>? grantees; |
| |
| RemoveGranteesRequest({this.grantees}); |
| |
| RemoveGranteesRequest.fromJson(core.Map json_) |
| : this( |
| grantees: (json_['grantees'] as core.List?) |
| ?.map((value) => value as core.String) |
| .toList(), |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final grantees = this.grantees; |
| return {'grantees': ?grantees}; |
| } |
| } |
| |
| /// Request message for `SetIamPolicy` method. |
| class SetIamPolicyRequest { |
| /// REQUIRED: The complete policy to be applied to the `resource`. |
| /// |
| /// The size of the policy is limited to a few 10s of KB. An empty policy is a |
| /// valid policy but certain Google Cloud services (such as Projects) might |
| /// reject them. |
| Policy? policy; |
| |
| /// OPTIONAL: A FieldMask specifying which fields of the policy to modify. |
| /// |
| /// Only the fields in the mask will be modified. If no mask is provided, the |
| /// following default mask is used: `paths: "bindings, etag"` |
| core.String? updateMask; |
| |
| SetIamPolicyRequest({this.policy, this.updateMask}); |
| |
| SetIamPolicyRequest.fromJson(core.Map json_) |
| : this( |
| policy: json_.containsKey('policy') |
| ? Policy.fromJson( |
| json_['policy'] as core.Map<core.String, core.dynamic>, |
| ) |
| : null, |
| updateMask: json_['updateMask'] as core.String?, |
| ); |
| |
| core.Map<core.String, core.dynamic> toJson() { |
| final policy = this.policy; |
| final updateMask = this.updateMask; |
| return {'policy': ?policy, 'updateMask': ?updateMask}; |
| } |
| } |
| |
| /// Request message for `TestIamPermissions` method. |
| typedef TestIamPermissionsRequest = $TestIamPermissionsRequest00; |
| |
| /// Response message for `TestIamPermissions` method. |
| typedef TestIamPermissionsResponse = $PermissionsResponse; |