blob: 7bec6dfba5fd41cad7a0fb275e8262ef2313f886 [file] [edit]
// Copyright 2026 Google LLC
//
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file or at
// https://developers.google.com/open-source/licenses/bsd
// This is a generated file (see the discoveryapis_generator project).
// ignore_for_file: camel_case_types
// ignore_for_file: comment_references
// ignore_for_file: deprecated_member_use_from_same_package
// ignore_for_file: doc_directive_unknown
// ignore_for_file: lines_longer_than_80_chars
// ignore_for_file: non_constant_identifier_names
// ignore_for_file: prefer_interpolation_to_compose_strings
// ignore_for_file: unintended_html_in_doc_comment
// ignore_for_file: unnecessary_brace_in_string_interps
// ignore_for_file: unnecessary_lambdas
// ignore_for_file: unnecessary_string_interpolations
/// BigQuery Data Policy API - v2
///
/// Allows users to manage BigQuery data policies.
///
/// For more information, see
/// <https://cloud.google.com/bigquery/docs/column-data-masking>
///
/// Create an instance of [BigQueryDataPolicyServiceApi] to access these
/// resources:
///
/// - [ProjectsResource]
/// - [ProjectsLocationsResource]
/// - [ProjectsLocationsDataPoliciesResource]
library;
import 'dart:async' as async;
import 'dart:convert' as convert;
import 'dart:core' as core;
import 'package:_discoveryapis_commons/_discoveryapis_commons.dart' as commons;
import 'package:http/http.dart' as http;
import '../shared.dart';
import '../src/user_agent.dart';
export 'package:_discoveryapis_commons/_discoveryapis_commons.dart'
show ApiRequestError, DetailedApiRequestError;
/// Allows users to manage BigQuery data policies.
class BigQueryDataPolicyServiceApi {
/// View and manage your data in Google BigQuery and see the email address for
/// your Google Account
static const bigqueryScope = 'https://www.googleapis.com/auth/bigquery';
/// See, edit, configure, and delete your Google Cloud data and see the email
/// address for your Google Account.
static const cloudPlatformScope =
'https://www.googleapis.com/auth/cloud-platform';
final commons.ApiRequester _requester;
ProjectsResource get projects => ProjectsResource(_requester);
BigQueryDataPolicyServiceApi(
http.Client client, {
core.String rootUrl = 'https://bigquerydatapolicy.googleapis.com/',
core.String servicePath = '',
}) : _requester = commons.ApiRequester(
client,
rootUrl,
servicePath,
requestHeaders,
);
}
class ProjectsResource {
final commons.ApiRequester _requester;
ProjectsLocationsResource get locations =>
ProjectsLocationsResource(_requester);
ProjectsResource(commons.ApiRequester client) : _requester = client;
}
class ProjectsLocationsResource {
final commons.ApiRequester _requester;
ProjectsLocationsDataPoliciesResource get dataPolicies =>
ProjectsLocationsDataPoliciesResource(_requester);
ProjectsLocationsResource(commons.ApiRequester client) : _requester = client;
}
class ProjectsLocationsDataPoliciesResource {
final commons.ApiRequester _requester;
ProjectsLocationsDataPoliciesResource(commons.ApiRequester client)
: _requester = client;
/// Adds new grantees to a data policy.
///
/// The new grantees will be added to the existing grantees. If the request
/// contains a duplicate grantee, the grantee will be ignored. If the request
/// contains a grantee that already exists, the grantee will be ignored.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [dataPolicy] - Required. Resource name of this data policy, in the format
/// of
/// `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [DataPolicy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<DataPolicy> addGrantees(
AddGranteesRequest request,
core.String dataPolicy, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v2/' + core.Uri.encodeFull('$dataPolicy') + ':addGrantees';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return DataPolicy.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Creates a new data policy under a project with the given `data_policy_id`
/// (used as the display name), and data policy type.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [parent] - Required. Resource name of the project that the data policy
/// will belong to. The format is
/// `projects/{project_number}/locations/{location_id}`.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [DataPolicy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<DataPolicy> create(
CreateDataPolicyRequest request,
core.String parent, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v2/' + core.Uri.encodeFull('$parent') + '/dataPolicies';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return DataPolicy.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Deletes the data policy specified by its resource name.
///
/// Request parameters:
///
/// [name] - Required. Resource name of the data policy to delete. Format is
/// `projects/{project_number}/locations/{location_id}/dataPolicies/{id}`.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Empty].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Empty> delete(core.String name, {core.String? $fields}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v2/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'DELETE',
queryParams: queryParams_,
);
return Empty.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Gets the data policy specified by its resource name.
///
/// Request parameters:
///
/// [name] - Required. Resource name of the requested data policy. Format is
/// `projects/{project_number}/locations/{location_id}/dataPolicies/{id}`.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [DataPolicy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<DataPolicy> get(core.String name, {core.String? $fields}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v2/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return DataPolicy.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Gets the IAM policy for the specified data policy.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> getIamPolicy(
GetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v2/' + core.Uri.encodeFull('$resource') + ':getIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// List all of the data policies in the specified parent project.
///
/// Request parameters:
///
/// [parent] - Required. Resource name of the project for which to list data
/// policies. Format is `projects/{project_number}/locations/{location_id}`.
/// Value must have pattern `^projects/\[^/\]+/locations/\[^/\]+$`.
///
/// [filter] - Optional. Filters the data policies by policy tags that they
/// are associated with. Currently filter only supports "policy_tag" based
/// filtering and OR based predicates. Sample filter can be "policy_tag:
/// projects/1/locations/us/taxonomies/2/policyTags/3". You may also use
/// wildcard such as "policy_tag: projects/1/locations/us/taxonomies/2*".
/// Please note that OR predicates cannot be used with wildcard filters.
///
/// [pageSize] - Optional. The maximum number of data policies to return. Must
/// be a value between 1 and 1000. If not set, defaults to 50.
///
/// [pageToken] - Optional. The `nextPageToken` value returned from a previous
/// list request, if any. If not set, defaults to an empty string.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [ListDataPoliciesResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<ListDataPoliciesResponse> list(
core.String parent, {
core.String? filter,
core.int? pageSize,
core.String? pageToken,
core.String? $fields,
}) async {
final queryParams_ = <core.String, core.List<core.String>>{
'filter': ?filter == null ? null : [filter],
'pageSize': ?pageSize == null ? null : ['${pageSize}'],
'pageToken': ?pageToken == null ? null : [pageToken],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v2/' + core.Uri.encodeFull('$parent') + '/dataPolicies';
final response_ = await _requester.request(
url_,
'GET',
queryParams: queryParams_,
);
return ListDataPoliciesResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Updates the metadata for an existing data policy.
///
/// The target data policy can be specified by the resource name.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [name] - Identifier. Resource name of this data policy, in the format of
/// `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`.
///
/// [allowMissing] - Optional. If set to true, and the data policy is not
/// found, a new data policy will be created. In this situation, update_mask
/// is ignored.
///
/// [updateMask] - Optional. The update mask applies to the resource. For the
/// `FieldMask` definition, see
/// https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask
/// If not set, defaults to all of the fields that are allowed to update.
/// Updates to the `name` and `dataPolicyId` fields are not allowed.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [DataPolicy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<DataPolicy> patch(
DataPolicy request,
core.String name, {
core.bool? allowMissing,
core.String? updateMask,
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'allowMissing': ?allowMissing == null ? null : ['${allowMissing}'],
'updateMask': ?updateMask == null ? null : [updateMask],
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v2/' + core.Uri.encodeFull('$name');
final response_ = await _requester.request(
url_,
'PATCH',
body: body_,
queryParams: queryParams_,
);
return DataPolicy.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Removes grantees from a data policy.
///
/// The grantees will be removed from the existing grantees. If the request
/// contains a grantee that does not exist, the grantee will be ignored.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [dataPolicy] - Required. Resource name of this data policy, in the format
/// of
/// `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [DataPolicy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<DataPolicy> removeGrantees(
RemoveGranteesRequest request,
core.String dataPolicy, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v2/' + core.Uri.encodeFull('$dataPolicy') + ':removeGrantees';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return DataPolicy.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
/// Sets the IAM policy for the specified data policy.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy is being
/// specified. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [Policy].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<Policy> setIamPolicy(
SetIamPolicyRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ = 'v2/' + core.Uri.encodeFull('$resource') + ':setIamPolicy';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return Policy.fromJson(response_ as core.Map<core.String, core.dynamic>);
}
/// Returns the caller's permission on the specified data policy resource.
///
/// [request] - The metadata request object.
///
/// Request parameters:
///
/// [resource] - REQUIRED: The resource for which the policy detail is being
/// requested. See
/// [Resource names](https://cloud.google.com/apis/design/resource_names) for
/// the appropriate value for this field.
/// Value must have pattern
/// `^projects/\[^/\]+/locations/\[^/\]+/dataPolicies/\[^/\]+$`.
///
/// [$fields] - Selector specifying which fields to include in a partial
/// response.
///
/// Completes with a [TestIamPermissionsResponse].
///
/// Completes with a [commons.ApiRequestError] if the API endpoint returned an
/// error.
///
/// If the used [http.Client] completes with an error when making a REST call,
/// this method will complete with the same error.
async.Future<TestIamPermissionsResponse> testIamPermissions(
TestIamPermissionsRequest request,
core.String resource, {
core.String? $fields,
}) async {
final body_ = convert.json.encode(request);
final queryParams_ = <core.String, core.List<core.String>>{
'fields': ?$fields == null ? null : [$fields],
};
final url_ =
'v2/' + core.Uri.encodeFull('$resource') + ':testIamPermissions';
final response_ = await _requester.request(
url_,
'POST',
body: body_,
queryParams: queryParams_,
);
return TestIamPermissionsResponse.fromJson(
response_ as core.Map<core.String, core.dynamic>,
);
}
}
/// Request message for the AddGrantees method.
class AddGranteesRequest {
/// IAM principal that should be granted Fine Grained Access to the underlying
/// data goverened by the data policy.
///
/// The target data policy is determined by the `data_policy` field. Uses the
/// [IAM V2 principal syntax](https://cloud.google.com/iam/docs/principal-identifiers#v2).
/// Supported principal types: * User * Group * Service account
///
/// Required.
core.List<core.String>? grantees;
AddGranteesRequest({this.grantees});
AddGranteesRequest.fromJson(core.Map json_)
: this(
grantees: (json_['grantees'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final grantees = this.grantees;
return {'grantees': ?grantees};
}
}
/// Specifies the audit configuration for a service.
///
/// The configuration determines which permission types are logged, and what
/// identities, if any, are exempted from logging. An AuditConfig must have one
/// or more AuditLogConfigs. If there are AuditConfigs for both `allServices`
/// and a specific service, the union of the two AuditConfigs is used for that
/// service: the log_types specified in each AuditConfig are enabled, and the
/// exempted_members in each AuditLogConfig are exempted. Example Policy with
/// multiple AuditConfigs: { "audit_configs": \[ { "service": "allServices",
/// "audit_log_configs": \[ { "log_type": "DATA_READ", "exempted_members": \[
/// "user:jose@example.com" \] }, { "log_type": "DATA_WRITE" }, { "log_type":
/// "ADMIN_READ" } \] }, { "service": "sampleservice.googleapis.com",
/// "audit_log_configs": \[ { "log_type": "DATA_READ" }, { "log_type":
/// "DATA_WRITE", "exempted_members": \[ "user:aliya@example.com" \] } \] } \] }
/// For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
/// logging. It also exempts `jose@example.com` from DATA_READ logging, and
/// `aliya@example.com` from DATA_WRITE logging.
class AuditConfig {
/// The configuration for logging of each type of permission.
core.List<AuditLogConfig>? auditLogConfigs;
/// Specifies a service that will be enabled for audit logging.
///
/// For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
/// `allServices` is a special value that covers all services.
core.String? service;
AuditConfig({this.auditLogConfigs, this.service});
AuditConfig.fromJson(core.Map json_)
: this(
auditLogConfigs: (json_['auditLogConfigs'] as core.List?)
?.map(
(value) => AuditLogConfig.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
service: json_['service'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final auditLogConfigs = this.auditLogConfigs;
final service = this.service;
return {'auditLogConfigs': ?auditLogConfigs, 'service': ?service};
}
}
/// Provides the configuration for logging a type of permissions.
///
/// Example: { "audit_log_configs": \[ { "log_type": "DATA_READ",
/// "exempted_members": \[ "user:jose@example.com" \] }, { "log_type":
/// "DATA_WRITE" } \] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while
/// exempting jose@example.com from DATA_READ logging.
typedef AuditLogConfig = $AuditLogConfig;
/// Associates `members`, or principals, with a `role`.
class Binding {
/// The condition that is associated with this binding.
///
/// If the condition evaluates to `true`, then this binding applies to the
/// current request. If the condition evaluates to `false`, then this binding
/// does not apply to the current request. However, a different role binding
/// might grant the same role to one or more of the principals in this
/// binding. To learn which resources support conditions in their IAM
/// policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
Expr? condition;
/// Specifies the principals requesting access for a Google Cloud resource.
///
/// `members` can have the following values: * `allUsers`: A special
/// identifier that represents anyone who is on the internet; with or without
/// a Google account. * `allAuthenticatedUsers`: A special identifier that
/// represents anyone who is authenticated with a Google account or a service
/// account. Does not include identities that come from external identity
/// providers (IdPs) through identity federation. * `user:{emailid}`: An email
/// address that represents a specific Google account. For example,
/// `alice@example.com` . * `serviceAccount:{emailid}`: An email address that
/// represents a Google service account. For example,
/// `my-other-app@appspot.gserviceaccount.com`. *
/// `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An
/// identifier for a
/// [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts).
/// For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. *
/// `group:{emailid}`: An email address that represents a Google group. For
/// example, `admins@example.com`. * `domain:{domain}`: The G Suite domain
/// (primary) that represents all the users of that domain. For example,
/// `google.com` or `example.com`. *
/// `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
/// A single identity in a workforce identity pool. *
/// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`:
/// All workforce identities in a group. *
/// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
/// All workforce identities with a specific attribute value. *
/// `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}
/// / * `: All identities in a workforce identity pool. *
/// `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`:
/// A single identity in a workload identity pool. *
/// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`:
/// A workload identity pool group. *
/// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`:
/// All identities in a workload identity pool with a certain attribute. *
/// `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}
/// / * `: All identities in a workload identity pool. *
/// `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique
/// identifier) representing a user that has been recently deleted. For
/// example, `alice@example.com?uid=123456789012345678901`. If the user is
/// recovered, this value reverts to `user:{emailid}` and the recovered user
/// retains the role in the binding. *
/// `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus
/// unique identifier) representing a service account that has been recently
/// deleted. For example,
/// `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If
/// the service account is undeleted, this value reverts to
/// `serviceAccount:{emailid}` and the undeleted service account retains the
/// role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email
/// address (plus unique identifier) representing a Google group that has been
/// recently deleted. For example,
/// `admins@example.com?uid=123456789012345678901`. If the group is recovered,
/// this value reverts to `group:{emailid}` and the recovered group retains
/// the role in the binding. *
/// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`:
/// Deleted single identity in a workforce identity pool. For example,
/// `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
core.List<core.String>? members;
/// Role that is assigned to the list of `members`, or principals.
///
/// For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an
/// overview of the IAM roles and permissions, see the
/// [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For
/// a list of the available pre-defined roles, see
/// [here](https://cloud.google.com/iam/docs/understanding-roles).
core.String? role;
Binding({this.condition, this.members, this.role});
Binding.fromJson(core.Map json_)
: this(
condition: json_.containsKey('condition')
? Expr.fromJson(
json_['condition'] as core.Map<core.String, core.dynamic>,
)
: null,
members: (json_['members'] as core.List?)
?.map((value) => value as core.String)
.toList(),
role: json_['role'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final condition = this.condition;
final members = this.members;
final role = this.role;
return {'condition': ?condition, 'members': ?members, 'role': ?role};
}
}
/// Request message for the CreateDataPolicy method.
class CreateDataPolicyRequest {
/// The data policy to create.
///
/// The `name` field does not need to be provided for the data policy
/// creation.
///
/// Required.
DataPolicy? dataPolicy;
/// User-assigned (human readable) ID of the data policy that needs to be
/// unique within a project.
///
/// Used as {data_policy_id} in part of the resource name.
///
/// Required.
core.String? dataPolicyId;
CreateDataPolicyRequest({this.dataPolicy, this.dataPolicyId});
CreateDataPolicyRequest.fromJson(core.Map json_)
: this(
dataPolicy: json_.containsKey('dataPolicy')
? DataPolicy.fromJson(
json_['dataPolicy'] as core.Map<core.String, core.dynamic>,
)
: null,
dataPolicyId: json_['dataPolicyId'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final dataPolicy = this.dataPolicy;
final dataPolicyId = this.dataPolicyId;
return {'dataPolicy': ?dataPolicy, 'dataPolicyId': ?dataPolicyId};
}
}
/// The policy used to specify data masking rule.
class DataMaskingPolicy {
/// A predefined masking expression.
///
/// Optional.
/// Possible string values are:
/// - "PREDEFINED_EXPRESSION_UNSPECIFIED" : Default, unspecified predefined
/// expression. No masking will take place since no expression is specified.
/// - "SHA256" : Masking expression to replace data with SHA-256 hash.
/// - "ALWAYS_NULL" : Masking expression to replace data with NULLs.
/// - "DEFAULT_MASKING_VALUE" : Masking expression to replace data with their
/// default masking values. The default masking values for each type listed as
/// below: * STRING: "" * BYTES: b'' * INTEGER: 0 * FLOAT: 0.0 * NUMERIC: 0 *
/// BOOLEAN: FALSE * TIMESTAMP: 1970-01-01 00:00:00 UTC * DATE: 1970-01-01 *
/// TIME: 00:00:00 * DATETIME: 1970-01-01T00:00:00 * GEOGRAPHY: POINT(0 0) *
/// BIGNUMERIC: 0 * ARRAY: \[\] * STRUCT: NOT_APPLICABLE * JSON: NULL
/// - "LAST_FOUR_CHARACTERS" : Masking expression shows the last four
/// characters of text. The masking behavior is as follows: * If text length
/// \> 4 characters: Replace text with XXXXX, append last four characters of
/// original text. * If text length \<= 4 characters: Apply SHA-256 hash.
/// - "FIRST_FOUR_CHARACTERS" : Masking expression shows the first four
/// characters of text. The masking behavior is as follows: * If text length
/// \> 4 characters: Replace text with XXXXX, prepend first four characters of
/// original text. * If text length \<= 4 characters: Apply SHA-256 hash.
/// - "EMAIL_MASK" : Masking expression for email addresses. The masking
/// behavior is as follows: * Syntax-valid email address: Replace username
/// with XXXXX. For example, cloudysanfrancisco@gmail.com becomes
/// XXXXX@gmail.com. * Syntax-invalid email address: Apply SHA-256 hash. For
/// more information, see
/// [Email mask](https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options).
/// - "DATE_YEAR_MASK" : Masking expression to only show the *year* of `Date`,
/// `DateTime` and `TimeStamp`. For example, with the year 2076: * DATE :
/// 2076-01-01 * DATETIME : 2076-01-01T00:00:00 * TIMESTAMP : 2076-01-01
/// 00:00:00 UTC Truncation occurs according to the UTC time zone. To change
/// this, adjust the default time zone using the `time_zone` system variable.
/// For more information, see
/// [System variables reference](https://cloud.google.com/bigquery/docs/reference/system-variables).
/// - "RANDOM_HASH" : Masking expression that uses hashing to mask column
/// data. It differs from SHA256 in that a unique random value is generated
/// for each query and is added to the hash input, resulting in the hash /
/// masked result to be different for each query. Hence the name "random
/// hash".
core.String? predefinedExpression;
/// The name of the BigQuery routine that contains the custom masking routine,
/// in the format of
/// `projects/{project_number}/datasets/{dataset_id}/routines/{routine_id}`.
///
/// Optional.
core.String? routine;
DataMaskingPolicy({this.predefinedExpression, this.routine});
DataMaskingPolicy.fromJson(core.Map json_)
: this(
predefinedExpression: json_['predefinedExpression'] as core.String?,
routine: json_['routine'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final predefinedExpression = this.predefinedExpression;
final routine = this.routine;
return {'predefinedExpression': ?predefinedExpression, 'routine': ?routine};
}
}
/// Represents the label-policy binding.
class DataPolicy {
/// The data masking policy that specifies the data masking rule to use.
///
/// It must be set if the data policy type is DATA_MASKING_POLICY.
///
/// Optional.
DataMaskingPolicy? dataMaskingPolicy;
/// User-assigned (human readable) ID of the data policy that needs to be
/// unique within a project.
///
/// Used as {data_policy_id} in part of the resource name.
///
/// Output only.
core.String? dataPolicyId;
/// Type of data policy.
///
/// Required.
/// Possible string values are:
/// - "DATA_POLICY_TYPE_UNSPECIFIED" : Default value for the data policy type.
/// This should not be used.
/// - "DATA_MASKING_POLICY" : Used to create a data policy for data masking.
/// - "RAW_DATA_ACCESS_POLICY" : Used to create a data policy for raw data
/// access.
/// - "COLUMN_LEVEL_SECURITY_POLICY" : Used to create a data policy for
/// column-level security, without data masking. This is deprecated in V2 api
/// and only present to support GET and LIST operations for V1 data policies
/// in V2 api.
core.String? dataPolicyType;
/// The etag for this Data Policy.
///
/// This field is used for UpdateDataPolicy calls. If Data Policy exists, this
/// field is required and must match the server's etag. It will also be
/// populated in the response of GetDataPolicy, CreateDataPolicy, and
/// UpdateDataPolicy calls.
core.String? etag;
/// The list of IAM principals that have Fine Grained Access to the underlying
/// data goverened by this data policy.
///
/// Uses the
/// [IAM V2 principal syntax](https://cloud.google.com/iam/docs/principal-identifiers#v2)
/// Only supports principal types users, groups, serviceaccounts,
/// cloudidentity. This field is supported in V2 Data Policy only. In case of
/// V1 data policies (i.e. verion = 1 and policy_tag is set), this field is
/// not populated.
///
/// Optional.
core.List<core.String>? grantees;
/// Identifier.
///
/// Resource name of this data policy, in the format of
/// `projects/{project_number}/locations/{location_id}/dataPolicies/{data_policy_id}`.
core.String? name;
/// Policy tag resource name, in the format of
/// `projects/{project_number}/locations/{location_id}/taxonomies/{taxonomy_id}/policyTags/{policyTag_id}`.
///
/// policy_tag is supported only for V1 data policies.
///
/// Output only.
core.String? policyTag;
/// The version of the Data Policy resource.
///
/// Output only.
/// Possible string values are:
/// - "VERSION_UNSPECIFIED" : Default value for the data policy version. This
/// should not be used.
/// - "V1" : V1 data policy version. V1 Data Policies will be present in V2
/// List api response, but can not be created/updated/deleted from V2 api.
/// - "V2" : V2 data policy version.
core.String? version;
DataPolicy({
this.dataMaskingPolicy,
this.dataPolicyId,
this.dataPolicyType,
this.etag,
this.grantees,
this.name,
this.policyTag,
this.version,
});
DataPolicy.fromJson(core.Map json_)
: this(
dataMaskingPolicy: json_.containsKey('dataMaskingPolicy')
? DataMaskingPolicy.fromJson(
json_['dataMaskingPolicy']
as core.Map<core.String, core.dynamic>,
)
: null,
dataPolicyId: json_['dataPolicyId'] as core.String?,
dataPolicyType: json_['dataPolicyType'] as core.String?,
etag: json_['etag'] as core.String?,
grantees: (json_['grantees'] as core.List?)
?.map((value) => value as core.String)
.toList(),
name: json_['name'] as core.String?,
policyTag: json_['policyTag'] as core.String?,
version: json_['version'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final dataMaskingPolicy = this.dataMaskingPolicy;
final dataPolicyId = this.dataPolicyId;
final dataPolicyType = this.dataPolicyType;
final etag = this.etag;
final grantees = this.grantees;
final name = this.name;
final policyTag = this.policyTag;
final version = this.version;
return {
'dataMaskingPolicy': ?dataMaskingPolicy,
'dataPolicyId': ?dataPolicyId,
'dataPolicyType': ?dataPolicyType,
'etag': ?etag,
'grantees': ?grantees,
'name': ?name,
'policyTag': ?policyTag,
'version': ?version,
};
}
}
/// A generic empty message that you can re-use to avoid defining duplicated
/// empty messages in your APIs.
///
/// A typical example is to use it as the request or the response type of an API
/// method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns
/// (google.protobuf.Empty); }
typedef Empty = $Empty;
/// Represents a textual expression in the Common Expression Language (CEL)
/// syntax.
///
/// CEL is a C-like expression language. The syntax and semantics of CEL are
/// documented at https://github.com/google/cel-spec. Example (Comparison):
/// title: "Summary size limit" description: "Determines if a summary is less
/// than 100 chars" expression: "document.summary.size() \< 100" Example
/// (Equality): title: "Requestor is owner" description: "Determines if
/// requestor is the document owner" expression: "document.owner ==
/// request.auth.claims.email" Example (Logic): title: "Public documents"
/// description: "Determine whether the document should be publicly visible"
/// expression: "document.type != 'private' && document.type != 'internal'"
/// Example (Data Manipulation): title: "Notification string" description:
/// "Create a notification string with a timestamp." expression: "'New message
/// received at ' + string(document.create_time)" The exact variables and
/// functions that may be referenced within an expression are determined by the
/// service that evaluates it. See the service documentation for additional
/// information.
typedef Expr = $Expr;
/// Request message for `GetIamPolicy` method.
class GetIamPolicyRequest {
/// OPTIONAL: A `GetPolicyOptions` object for specifying options to
/// `GetIamPolicy`.
GetPolicyOptions? options;
GetIamPolicyRequest({this.options});
GetIamPolicyRequest.fromJson(core.Map json_)
: this(
options: json_.containsKey('options')
? GetPolicyOptions.fromJson(
json_['options'] as core.Map<core.String, core.dynamic>,
)
: null,
);
core.Map<core.String, core.dynamic> toJson() {
final options = this.options;
return {'options': ?options};
}
}
/// Encapsulates settings provided to GetIamPolicy.
typedef GetPolicyOptions = $GetPolicyOptions00;
/// Response message for the ListDataPolicies method.
class ListDataPoliciesResponse {
/// Data policies that belong to the requested project.
core.List<DataPolicy>? dataPolicies;
/// Token used to retrieve the next page of results, or empty if there are no
/// more results.
core.String? nextPageToken;
ListDataPoliciesResponse({this.dataPolicies, this.nextPageToken});
ListDataPoliciesResponse.fromJson(core.Map json_)
: this(
dataPolicies: (json_['dataPolicies'] as core.List?)
?.map(
(value) => DataPolicy.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
nextPageToken: json_['nextPageToken'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final dataPolicies = this.dataPolicies;
final nextPageToken = this.nextPageToken;
return {'dataPolicies': ?dataPolicies, 'nextPageToken': ?nextPageToken};
}
}
/// An Identity and Access Management (IAM) policy, which specifies access
/// controls for Google Cloud resources.
///
/// A `Policy` is a collection of `bindings`. A `binding` binds one or more
/// `members`, or principals, to a single `role`. Principals can be user
/// accounts, service accounts, Google groups, and domains (such as G Suite). A
/// `role` is a named list of permissions; each `role` can be an IAM predefined
/// role or a user-created custom role. For some types of Google Cloud
/// resources, a `binding` can also specify a `condition`, which is a logical
/// expression that allows access to a resource only if the expression evaluates
/// to `true`. A condition can add constraints based on attributes of the
/// request, the resource, or both. To learn which resources support conditions
/// in their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
/// **JSON example:** ``` { "bindings": [ { "role":
/// "roles/resourcemanager.organizationAdmin", "members": [
/// "user:mike@example.com", "group:admins@example.com", "domain:google.com",
/// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role":
/// "roles/resourcemanager.organizationViewer", "members": [
/// "user:eve@example.com" ], "condition": { "title": "expirable access",
/// "description": "Does not grant access after Sep 2020", "expression":
/// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag":
/// "BwWWja0YfJA=", "version": 3 } ``` **YAML example:** ``` bindings: -
/// members: - user:mike@example.com - group:admins@example.com -
/// domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com
/// role: roles/resourcemanager.organizationAdmin - members: -
/// user:eve@example.com role: roles/resourcemanager.organizationViewer
/// condition: title: expirable access description: Does not grant access after
/// Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z')
/// etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features,
/// see the [IAM documentation](https://cloud.google.com/iam/docs/).
class Policy {
/// Specifies cloud audit logging configuration for this policy.
core.List<AuditConfig>? auditConfigs;
/// Associates a list of `members`, or principals, with a `role`.
///
/// Optionally, may specify a `condition` that determines how and when the
/// `bindings` are applied. Each of the `bindings` must contain at least one
/// principal. The `bindings` in a `Policy` can refer to up to 1,500
/// principals; up to 250 of these principals can be Google groups. Each
/// occurrence of a principal counts towards these limits. For example, if the
/// `bindings` grant 50 different roles to `user:alice@example.com`, and not
/// to any other principal, then you can add another 1,450 principals to the
/// `bindings` in the `Policy`.
core.List<Binding>? bindings;
/// `etag` is used for optimistic concurrency control as a way to help prevent
/// simultaneous updates of a policy from overwriting each other.
///
/// It is strongly suggested that systems make use of the `etag` in the
/// read-modify-write cycle to perform policy updates in order to avoid race
/// conditions: An `etag` is returned in the response to `getIamPolicy`, and
/// systems are expected to put that etag in the request to `setIamPolicy` to
/// ensure that their change will be applied to the same version of the
/// policy. **Important:** If you use IAM Conditions, you must include the
/// `etag` field whenever you call `setIamPolicy`. If you omit this field,
/// then IAM allows you to overwrite a version `3` policy with a version `1`
/// policy, and all of the conditions in the version `3` policy are lost.
core.String? etag;
core.List<core.int> get etagAsBytes => convert.base64.decode(etag!);
set etagAsBytes(core.List<core.int> bytes_) {
etag = convert.base64
.encode(bytes_)
.replaceAll('/', '_')
.replaceAll('+', '-');
}
/// Specifies the format of the policy.
///
/// Valid values are `0`, `1`, and `3`. Requests that specify an invalid value
/// are rejected. Any operation that affects conditional role bindings must
/// specify version `3`. This requirement applies to the following operations:
/// * Getting a policy that includes a conditional role binding * Adding a
/// conditional role binding to a policy * Changing a conditional role binding
/// in a policy * Removing any role binding, with or without a condition, from
/// a policy that includes conditions **Important:** If you use IAM
/// Conditions, you must include the `etag` field whenever you call
/// `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a
/// version `3` policy with a version `1` policy, and all of the conditions in
/// the version `3` policy are lost. If a policy does not include any
/// conditions, operations on that policy may specify any valid version or
/// leave the field unset. To learn which resources support conditions in
/// their IAM policies, see the
/// [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
core.int? version;
Policy({this.auditConfigs, this.bindings, this.etag, this.version});
Policy.fromJson(core.Map json_)
: this(
auditConfigs: (json_['auditConfigs'] as core.List?)
?.map(
(value) => AuditConfig.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
bindings: (json_['bindings'] as core.List?)
?.map(
(value) => Binding.fromJson(
value as core.Map<core.String, core.dynamic>,
),
)
.toList(),
etag: json_['etag'] as core.String?,
version: json_['version'] as core.int?,
);
core.Map<core.String, core.dynamic> toJson() {
final auditConfigs = this.auditConfigs;
final bindings = this.bindings;
final etag = this.etag;
final version = this.version;
return {
'auditConfigs': ?auditConfigs,
'bindings': ?bindings,
'etag': ?etag,
'version': ?version,
};
}
}
/// Request message for the RemoveGrantees method.
class RemoveGranteesRequest {
/// IAM principal that should be revoked from Fine Grained Access to the
/// underlying data goverened by the data policy.
///
/// The target data policy is determined by the `data_policy` field. Uses the
/// [IAM V2 principal syntax](https://cloud.google.com/iam/docs/principal-identifiers#v2).
/// Supported principal types: * User * Group * Service account
///
/// Required.
core.List<core.String>? grantees;
RemoveGranteesRequest({this.grantees});
RemoveGranteesRequest.fromJson(core.Map json_)
: this(
grantees: (json_['grantees'] as core.List?)
?.map((value) => value as core.String)
.toList(),
);
core.Map<core.String, core.dynamic> toJson() {
final grantees = this.grantees;
return {'grantees': ?grantees};
}
}
/// Request message for `SetIamPolicy` method.
class SetIamPolicyRequest {
/// REQUIRED: The complete policy to be applied to the `resource`.
///
/// The size of the policy is limited to a few 10s of KB. An empty policy is a
/// valid policy but certain Google Cloud services (such as Projects) might
/// reject them.
Policy? policy;
/// OPTIONAL: A FieldMask specifying which fields of the policy to modify.
///
/// Only the fields in the mask will be modified. If no mask is provided, the
/// following default mask is used: `paths: "bindings, etag"`
core.String? updateMask;
SetIamPolicyRequest({this.policy, this.updateMask});
SetIamPolicyRequest.fromJson(core.Map json_)
: this(
policy: json_.containsKey('policy')
? Policy.fromJson(
json_['policy'] as core.Map<core.String, core.dynamic>,
)
: null,
updateMask: json_['updateMask'] as core.String?,
);
core.Map<core.String, core.dynamic> toJson() {
final policy = this.policy;
final updateMask = this.updateMask;
return {'policy': ?policy, 'updateMask': ?updateMask};
}
}
/// Request message for `TestIamPermissions` method.
typedef TestIamPermissionsRequest = $TestIamPermissionsRequest00;
/// Response message for `TestIamPermissions` method.
typedef TestIamPermissionsResponse = $PermissionsResponse;