|
1083 | 1083 | } |
1084 | 1084 | } |
1085 | 1085 | }, |
1086 | | - "revision": "20210915", |
| 1086 | + "revision": "20211020", |
1087 | 1087 | "rootUrl": "https://apigateway.googleapis.com/", |
1088 | 1088 | "schemas": { |
1089 | 1089 | "ApigatewayApi": { |
|
1328 | 1328 | "type": "object" |
1329 | 1329 | }, |
1330 | 1330 | "ApigatewayBinding": { |
1331 | | - "description": "Associates `members` with a `role`.", |
| 1331 | + "description": "Associates `members`, or principals, with a `role`.", |
1332 | 1332 | "id": "ApigatewayBinding", |
1333 | 1333 | "properties": { |
1334 | 1334 | "condition": { |
1335 | 1335 | "$ref": "ApigatewayExpr", |
1336 | | - "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." |
| 1336 | + "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." |
1337 | 1337 | }, |
1338 | 1338 | "members": { |
1339 | | - "description": "Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, ` [email protected]` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, ` [email protected]`. * `group:{emailid}`: An email address that represents a Google group. For example, ` [email protected]`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, ` [email protected]?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, ` [email protected]?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, ` [email protected]?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ", |
| 1339 | + "description": "Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, ` [email protected]` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, ` [email protected]`. * `group:{emailid}`: An email address that represents a Google group. For example, ` [email protected]`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, ` [email protected]?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, ` [email protected]?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, ` [email protected]?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ", |
1340 | 1340 | "items": { |
1341 | 1341 | "type": "string" |
1342 | 1342 | }, |
1343 | 1343 | "type": "array" |
1344 | 1344 | }, |
1345 | 1345 | "role": { |
1346 | | - "description": "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.", |
| 1346 | + "description": "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.", |
1347 | 1347 | "type": "string" |
1348 | 1348 | } |
1349 | 1349 | }, |
|
1691 | 1691 | "type": "object" |
1692 | 1692 | }, |
1693 | 1693 | "ApigatewayPolicy": { |
1694 | | - "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user: [email protected]\", \"group: [email protected]\", \"domain:google.com\", \"serviceAccount: [email protected]\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user: [email protected]\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user: [email protected] - group: [email protected] - domain:google.com - serviceAccount: [email protected] role: roles/resourcemanager.organizationAdmin - members: - user: [email protected] role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).", |
| 1694 | + "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user: [email protected]\", \"group: [email protected]\", \"domain:google.com\", \"serviceAccount: [email protected]\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user: [email protected]\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user: [email protected] - group: [email protected] - domain:google.com - serviceAccount: [email protected] role: roles/resourcemanager.organizationAdmin - members: - user: [email protected] role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).", |
1695 | 1695 | "id": "ApigatewayPolicy", |
1696 | 1696 | "properties": { |
1697 | 1697 | "auditConfigs": { |
|
1702 | 1702 | "type": "array" |
1703 | 1703 | }, |
1704 | 1704 | "bindings": { |
1705 | | - "description": "Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member.", |
| 1705 | + "description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:[email protected]`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.", |
1706 | 1706 | "items": { |
1707 | 1707 | "$ref": "ApigatewayBinding" |
1708 | 1708 | }, |
|
0 commit comments