feat(admin): update the api

yoshi-automation · yoshi-automation · commit 579c1388ffcf · 2024-12-03T07:08:31.000Z
#### admin:directory_v1

The following keys were added:
- schemas.RoleAssignment.properties.condition.type (Total Keys: 1)
diff --git a/docs/dyn/admin_directory_v1.roleAssignments.html b/docs/dyn/admin_directory_v1.roleAssignments.html
@@ -130,6 +130,7 @@ <h3>Method Details</h3>
     { # Defines an assignment of a role.
   &quot;assignedTo&quot;: &quot;A String&quot;, # The unique ID of the entity this role is assigned to—either the `user_id` of a user, the `group_id` of a group, or the `uniqueId` of a service account as defined in [Identity and Access Management (IAM)](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts).
   &quot;assigneeType&quot;: &quot;A String&quot;, # Output only. The type of the assignee (`USER` or `GROUP`).
+  &quot;condition&quot;: &quot;A String&quot;, # Optional. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. No additional setup is needed to use the feature. The condition associated with this role assignment. A `RoleAssignment` with the `condition` field set will only take effect when the resource being accessed meets the condition. If `condition` is empty, the role (`role_id`) is applied to the actor (`assigned_to`) at the scope (`scope_type`) unconditionally. Currently, only two conditions are supported: - To make the `RoleAssignment` only applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` - To make the `RoleAssignment` not applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` Currently, the two condition strings have to be verbatim and they only work with the following [pre-built administrator roles](https://support.google.com/a/answer/2405986): - Groups Editor - Groups Reader The condition follows [Cloud IAM condition syntax](https://cloud.google.com/iam/docs/conditions-overview).
   &quot;etag&quot;: &quot;A String&quot;, # ETag of the resource.
   &quot;kind&quot;: &quot;admin#directory#roleAssignment&quot;, # The type of the API resource. This is always `admin#directory#roleAssignment`.
   &quot;orgUnitId&quot;: &quot;A String&quot;, # If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.
@@ -151,6 +152,7 @@ <h3>Method Details</h3>
 { # Defines an assignment of a role.
   &quot;assignedTo&quot;: &quot;A String&quot;, # The unique ID of the entity this role is assigned to—either the `user_id` of a user, the `group_id` of a group, or the `uniqueId` of a service account as defined in [Identity and Access Management (IAM)](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts).
   &quot;assigneeType&quot;: &quot;A String&quot;, # Output only. The type of the assignee (`USER` or `GROUP`).
+  &quot;condition&quot;: &quot;A String&quot;, # Optional. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. No additional setup is needed to use the feature. The condition associated with this role assignment. A `RoleAssignment` with the `condition` field set will only take effect when the resource being accessed meets the condition. If `condition` is empty, the role (`role_id`) is applied to the actor (`assigned_to`) at the scope (`scope_type`) unconditionally. Currently, only two conditions are supported: - To make the `RoleAssignment` only applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` - To make the `RoleAssignment` not applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` Currently, the two condition strings have to be verbatim and they only work with the following [pre-built administrator roles](https://support.google.com/a/answer/2405986): - Groups Editor - Groups Reader The condition follows [Cloud IAM condition syntax](https://cloud.google.com/iam/docs/conditions-overview).
   &quot;etag&quot;: &quot;A String&quot;, # ETag of the resource.
   &quot;kind&quot;: &quot;admin#directory#roleAssignment&quot;, # The type of the API resource. This is always `admin#directory#roleAssignment`.
   &quot;orgUnitId&quot;: &quot;A String&quot;, # If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.
@@ -170,6 +172,7 @@ <h3>Method Details</h3>
     { # Defines an assignment of a role.
   &quot;assignedTo&quot;: &quot;A String&quot;, # The unique ID of the entity this role is assigned to—either the `user_id` of a user, the `group_id` of a group, or the `uniqueId` of a service account as defined in [Identity and Access Management (IAM)](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts).
   &quot;assigneeType&quot;: &quot;A String&quot;, # Output only. The type of the assignee (`USER` or `GROUP`).
+  &quot;condition&quot;: &quot;A String&quot;, # Optional. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. No additional setup is needed to use the feature. The condition associated with this role assignment. A `RoleAssignment` with the `condition` field set will only take effect when the resource being accessed meets the condition. If `condition` is empty, the role (`role_id`) is applied to the actor (`assigned_to`) at the scope (`scope_type`) unconditionally. Currently, only two conditions are supported: - To make the `RoleAssignment` only applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` - To make the `RoleAssignment` not applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` Currently, the two condition strings have to be verbatim and they only work with the following [pre-built administrator roles](https://support.google.com/a/answer/2405986): - Groups Editor - Groups Reader The condition follows [Cloud IAM condition syntax](https://cloud.google.com/iam/docs/conditions-overview).
   &quot;etag&quot;: &quot;A String&quot;, # ETag of the resource.
   &quot;kind&quot;: &quot;admin#directory#roleAssignment&quot;, # The type of the API resource. This is always `admin#directory#roleAssignment`.
   &quot;orgUnitId&quot;: &quot;A String&quot;, # If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.
@@ -204,6 +207,7 @@ <h3>Method Details</h3>
     { # Defines an assignment of a role.
       &quot;assignedTo&quot;: &quot;A String&quot;, # The unique ID of the entity this role is assigned to—either the `user_id` of a user, the `group_id` of a group, or the `uniqueId` of a service account as defined in [Identity and Access Management (IAM)](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts).
       &quot;assigneeType&quot;: &quot;A String&quot;, # Output only. The type of the assignee (`USER` or `GROUP`).
+      &quot;condition&quot;: &quot;A String&quot;, # Optional. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. No additional setup is needed to use the feature. The condition associated with this role assignment. A `RoleAssignment` with the `condition` field set will only take effect when the resource being accessed meets the condition. If `condition` is empty, the role (`role_id`) is applied to the actor (`assigned_to`) at the scope (`scope_type`) unconditionally. Currently, only two conditions are supported: - To make the `RoleAssignment` only applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` - To make the `RoleAssignment` not applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute(&#x27;cloudidentity.googleapis.com/groups.labels&#x27;, []).hasAny([&#x27;groups.security&#x27;]) &amp;&amp; resource.type == &#x27;cloudidentity.googleapis.com/Group&#x27;` Currently, the two condition strings have to be verbatim and they only work with the following [pre-built administrator roles](https://support.google.com/a/answer/2405986): - Groups Editor - Groups Reader The condition follows [Cloud IAM condition syntax](https://cloud.google.com/iam/docs/conditions-overview).
       &quot;etag&quot;: &quot;A String&quot;, # ETag of the resource.
       &quot;kind&quot;: &quot;admin#directory#roleAssignment&quot;, # The type of the API resource. This is always `admin#directory#roleAssignment`.
       &quot;orgUnitId&quot;: &quot;A String&quot;, # If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.
diff --git a/googleapiclient/discovery_cache/documents/admin.directory_v1.json b/googleapiclient/discovery_cache/documents/admin.directory_v1.json
@@ -4671,7 +4671,7 @@
 }
 }
 },
-"revision": "20241113",
+"revision": "20241126",
 "rootUrl": "https://admin.googleapis.com/",
 "schemas": {
 "Alias": {
@@ -7493,6 +7493,10 @@ false
 "readOnly": true,
 "type": "string"
 },
+"condition": {
+"description": "Optional. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. No additional setup is needed to use the feature. The condition associated with this role assignment. A `RoleAssignment` with the `condition` field set will only take effect when the resource being accessed meets the condition. If `condition` is empty, the role (`role_id`) is applied to the actor (`assigned_to`) at the scope (`scope_type`) unconditionally. Currently, only two conditions are supported: - To make the `RoleAssignment` only applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'` - To make the `RoleAssignment` not applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'` Currently, the two condition strings have to be verbatim and they only work with the following [pre-built administrator roles](https://support.google.com/a/answer/2405986): - Groups Editor - Groups Reader The condition follows [Cloud IAM condition syntax](https://cloud.google.com/iam/docs/conditions-overview).",
+"type": "string"
+},
 "etag": {
 "description": "ETag of the resource.",
 "type": "string"
