|
493 | 493 | } |
494 | 494 | } |
495 | 495 | }, |
496 | | - "revision": "20211002", |
| 496 | + "revision": "20211008", |
497 | 497 | "rootUrl": "https://policysimulator.googleapis.com/", |
498 | 498 | "schemas": { |
499 | 499 | "GoogleCloudPolicysimulatorV1AccessStateDiff": { |
|
1103 | 1103 | "type": "object" |
1104 | 1104 | }, |
1105 | 1105 | "GoogleIamV1Binding": { |
1106 | | - "description": "Associates `members` with a `role`.", |
| 1106 | + "description": "Associates `members`, or principals, with a `role`.", |
1107 | 1107 | "id": "GoogleIamV1Binding", |
1108 | 1108 | "properties": { |
1109 | 1109 | "condition": { |
1110 | 1110 | "$ref": "GoogleTypeExpr", |
1111 | | - "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the members in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." |
| 1111 | + "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." |
1112 | 1112 | }, |
1113 | 1113 | "members": { |
1114 | | - "description": "Specifies the identities requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, ` [email protected]` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, ` [email protected]`. * `group:{emailid}`: An email address that represents a Google group. For example, ` [email protected]`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, ` [email protected]?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, ` [email protected]?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, ` [email protected]?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ", |
| 1114 | + "description": "Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, ` [email protected]` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, ` [email protected]`. * `group:{emailid}`: An email address that represents a Google group. For example, ` [email protected]`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, ` [email protected]?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, ` [email protected]?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, ` [email protected]?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ", |
1115 | 1115 | "items": { |
1116 | 1116 | "type": "string" |
1117 | 1117 | }, |
1118 | 1118 | "type": "array" |
1119 | 1119 | }, |
1120 | 1120 | "role": { |
1121 | | - "description": "Role that is assigned to `members`. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.", |
| 1121 | + "description": "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.", |
1122 | 1122 | "type": "string" |
1123 | 1123 | } |
1124 | 1124 | }, |
1125 | 1125 | "type": "object" |
1126 | 1126 | }, |
1127 | 1127 | "GoogleIamV1Policy": { |
1128 | | - "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members` to a single `role`. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user: [email protected]\", \"group: [email protected]\", \"domain:google.com\", \"serviceAccount: [email protected]\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user: [email protected]\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user: [email protected] - group: [email protected] - domain:google.com - serviceAccount: [email protected] role: roles/resourcemanager.organizationAdmin - members: - user: [email protected] role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).", |
| 1128 | + "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user: [email protected]\", \"group: [email protected]\", \"domain:google.com\", \"serviceAccount: [email protected]\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user: [email protected]\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } **YAML example:** bindings: - members: - user: [email protected] - group: [email protected] - domain:google.com - serviceAccount: [email protected] role: roles/resourcemanager.organizationAdmin - members: - user: [email protected] role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).", |
1129 | 1129 | "id": "GoogleIamV1Policy", |
1130 | 1130 | "properties": { |
1131 | 1131 | "auditConfigs": { |
|
1136 | 1136 | "type": "array" |
1137 | 1137 | }, |
1138 | 1138 | "bindings": { |
1139 | | - "description": "Associates a list of `members` to a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one member. The `bindings` in a `Policy` can refer to up to 1,500 members; up to 250 of these members can be Google groups. Each occurrence of a member counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:[email protected]`, and not to any other member, then you can add another 1,450 members to the `bindings` in the `Policy`.", |
| 1139 | + "description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:[email protected]`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.", |
1140 | 1140 | "items": { |
1141 | 1141 | "$ref": "GoogleIamV1Binding" |
1142 | 1142 | }, |
|
0 commit comments