feat(storagetransfer): update the api

yoshi-automation · yoshi-automation · commit f0dd9b48a1f1 · 2025-05-20T07:09:33.000Z
#### storagetransfer:v1

The following keys were added:
- schemas.AzureBlobStorageData.properties.federatedIdentityConfig.$ref (Total Keys: 1)
- schemas.FederatedIdentityConfig (Total Keys: 4)
diff --git a/docs/dyn/storagetransfer_v1.transferJobs.html b/docs/dyn/storagetransfer_v1.transferJobs.html
@@ -240,6 +240,10 @@ <h3>Method Details</h3>
       },
       &quot;container&quot;: &quot;A String&quot;, # Required. The container to transfer from the Azure Storage account.
       &quot;credentialsSecret&quot;: &quot;A String&quot;, # Optional. The Resource name of a secret in Secret Manager. The Azure SAS token must be stored in Secret Manager in JSON format: { &quot;sas_token&quot; : &quot;SAS_TOKEN&quot; } GoogleServiceAccount must be granted `roles/secretmanager.secretAccessor` for the resource. See [Configure access to a source: Microsoft Azure Blob Storage] (https://cloud.google.com/storage-transfer/docs/source-microsoft-azure#secret_manager) for more information. If `credentials_secret` is specified, do not specify azure_credentials. Format: `projects/{project_number}/secrets/{secret_name}`
+      &quot;federatedIdentityConfig&quot;: { # Identities of a user registered Azure application that enables identity federation to trust tokens issued by the user&#x27;s Google service account. For more information about Azure application and identity federation, see [Register an application with the Microsoft identity platform] (https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app) Azure RBAC roles then need be assigned to the Azure application to authorize access to the user&#x27;s Azure data source. For more information about Azure RBAC roles for blobs, see [Manage Access Rights with RBAC] (https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#manage-access-rights-with-rbac) # Optional. Federated identity config of a user registered Azure application. If `federated_identity_config` is specified, do not specify azure_credentials or credentials_secret.
+        &quot;clientId&quot;: &quot;A String&quot;, # Required. Client (application) ID of the application with federated credentials.
+        &quot;tenantId&quot;: &quot;A String&quot;, # Required. Tenant (directory) ID of the application with federated credentials.
+      },
       &quot;path&quot;: &quot;A String&quot;, # Root path to transfer objects. Must be an empty string or full path name that ends with a &#x27;/&#x27;. This field is treated as an object prefix. As such, it should generally not begin with a &#x27;/&#x27;.
       &quot;storageAccount&quot;: &quot;A String&quot;, # Required. The name of the Azure Storage account.
     },
@@ -443,6 +447,10 @@ <h3>Method Details</h3>
       },
       &quot;container&quot;: &quot;A String&quot;, # Required. The container to transfer from the Azure Storage account.
       &quot;credentialsSecret&quot;: &quot;A String&quot;, # Optional. The Resource name of a secret in Secret Manager. The Azure SAS token must be stored in Secret Manager in JSON format: { &quot;sas_token&quot; : &quot;SAS_TOKEN&quot; } GoogleServiceAccount must be granted `roles/secretmanager.secretAccessor` for the resource. See [Configure access to a source: Microsoft Azure Blob Storage] (https://cloud.google.com/storage-transfer/docs/source-microsoft-azure#secret_manager) for more information. If `credentials_secret` is specified, do not specify azure_credentials. Format: `projects/{project_number}/secrets/{secret_name}`
+      &quot;federatedIdentityConfig&quot;: { # Identities of a user registered Azure application that enables identity federation to trust tokens issued by the user&#x27;s Google service account. For more information about Azure application and identity federation, see [Register an application with the Microsoft identity platform] (https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app) Azure RBAC roles then need be assigned to the Azure application to authorize access to the user&#x27;s Azure data source. For more information about Azure RBAC roles for blobs, see [Manage Access Rights with RBAC] (https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#manage-access-rights-with-rbac) # Optional. Federated identity config of a user registered Azure application. If `federated_identity_config` is specified, do not specify azure_credentials or credentials_secret.
+        &quot;clientId&quot;: &quot;A String&quot;, # Required. Client (application) ID of the application with federated credentials.
+        &quot;tenantId&quot;: &quot;A String&quot;, # Required. Tenant (directory) ID of the application with federated credentials.
+      },
       &quot;path&quot;: &quot;A String&quot;, # Root path to transfer objects. Must be an empty string or full path name that ends with a &#x27;/&#x27;. This field is treated as an object prefix. As such, it should generally not begin with a &#x27;/&#x27;.
       &quot;storageAccount&quot;: &quot;A String&quot;, # Required. The name of the Azure Storage account.
     },
@@ -673,6 +681,10 @@ <h3>Method Details</h3>
       },
       &quot;container&quot;: &quot;A String&quot;, # Required. The container to transfer from the Azure Storage account.
       &quot;credentialsSecret&quot;: &quot;A String&quot;, # Optional. The Resource name of a secret in Secret Manager. The Azure SAS token must be stored in Secret Manager in JSON format: { &quot;sas_token&quot; : &quot;SAS_TOKEN&quot; } GoogleServiceAccount must be granted `roles/secretmanager.secretAccessor` for the resource. See [Configure access to a source: Microsoft Azure Blob Storage] (https://cloud.google.com/storage-transfer/docs/source-microsoft-azure#secret_manager) for more information. If `credentials_secret` is specified, do not specify azure_credentials. Format: `projects/{project_number}/secrets/{secret_name}`
+      &quot;federatedIdentityConfig&quot;: { # Identities of a user registered Azure application that enables identity federation to trust tokens issued by the user&#x27;s Google service account. For more information about Azure application and identity federation, see [Register an application with the Microsoft identity platform] (https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app) Azure RBAC roles then need be assigned to the Azure application to authorize access to the user&#x27;s Azure data source. For more information about Azure RBAC roles for blobs, see [Manage Access Rights with RBAC] (https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#manage-access-rights-with-rbac) # Optional. Federated identity config of a user registered Azure application. If `federated_identity_config` is specified, do not specify azure_credentials or credentials_secret.
+        &quot;clientId&quot;: &quot;A String&quot;, # Required. Client (application) ID of the application with federated credentials.
+        &quot;tenantId&quot;: &quot;A String&quot;, # Required. Tenant (directory) ID of the application with federated credentials.
+      },
       &quot;path&quot;: &quot;A String&quot;, # Root path to transfer objects. Must be an empty string or full path name that ends with a &#x27;/&#x27;. This field is treated as an object prefix. As such, it should generally not begin with a &#x27;/&#x27;.
       &quot;storageAccount&quot;: &quot;A String&quot;, # Required. The name of the Azure Storage account.
     },
@@ -888,6 +900,10 @@ <h3>Method Details</h3>
           },
           &quot;container&quot;: &quot;A String&quot;, # Required. The container to transfer from the Azure Storage account.
           &quot;credentialsSecret&quot;: &quot;A String&quot;, # Optional. The Resource name of a secret in Secret Manager. The Azure SAS token must be stored in Secret Manager in JSON format: { &quot;sas_token&quot; : &quot;SAS_TOKEN&quot; } GoogleServiceAccount must be granted `roles/secretmanager.secretAccessor` for the resource. See [Configure access to a source: Microsoft Azure Blob Storage] (https://cloud.google.com/storage-transfer/docs/source-microsoft-azure#secret_manager) for more information. If `credentials_secret` is specified, do not specify azure_credentials. Format: `projects/{project_number}/secrets/{secret_name}`
+          &quot;federatedIdentityConfig&quot;: { # Identities of a user registered Azure application that enables identity federation to trust tokens issued by the user&#x27;s Google service account. For more information about Azure application and identity federation, see [Register an application with the Microsoft identity platform] (https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app) Azure RBAC roles then need be assigned to the Azure application to authorize access to the user&#x27;s Azure data source. For more information about Azure RBAC roles for blobs, see [Manage Access Rights with RBAC] (https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#manage-access-rights-with-rbac) # Optional. Federated identity config of a user registered Azure application. If `federated_identity_config` is specified, do not specify azure_credentials or credentials_secret.
+            &quot;clientId&quot;: &quot;A String&quot;, # Required. Client (application) ID of the application with federated credentials.
+            &quot;tenantId&quot;: &quot;A String&quot;, # Required. Tenant (directory) ID of the application with federated credentials.
+          },
           &quot;path&quot;: &quot;A String&quot;, # Root path to transfer objects. Must be an empty string or full path name that ends with a &#x27;/&#x27;. This field is treated as an object prefix. As such, it should generally not begin with a &#x27;/&#x27;.
           &quot;storageAccount&quot;: &quot;A String&quot;, # Required. The name of the Azure Storage account.
         },
@@ -1111,6 +1127,10 @@ <h3>Method Details</h3>
         },
         &quot;container&quot;: &quot;A String&quot;, # Required. The container to transfer from the Azure Storage account.
         &quot;credentialsSecret&quot;: &quot;A String&quot;, # Optional. The Resource name of a secret in Secret Manager. The Azure SAS token must be stored in Secret Manager in JSON format: { &quot;sas_token&quot; : &quot;SAS_TOKEN&quot; } GoogleServiceAccount must be granted `roles/secretmanager.secretAccessor` for the resource. See [Configure access to a source: Microsoft Azure Blob Storage] (https://cloud.google.com/storage-transfer/docs/source-microsoft-azure#secret_manager) for more information. If `credentials_secret` is specified, do not specify azure_credentials. Format: `projects/{project_number}/secrets/{secret_name}`
+        &quot;federatedIdentityConfig&quot;: { # Identities of a user registered Azure application that enables identity federation to trust tokens issued by the user&#x27;s Google service account. For more information about Azure application and identity federation, see [Register an application with the Microsoft identity platform] (https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app) Azure RBAC roles then need be assigned to the Azure application to authorize access to the user&#x27;s Azure data source. For more information about Azure RBAC roles for blobs, see [Manage Access Rights with RBAC] (https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#manage-access-rights-with-rbac) # Optional. Federated identity config of a user registered Azure application. If `federated_identity_config` is specified, do not specify azure_credentials or credentials_secret.
+          &quot;clientId&quot;: &quot;A String&quot;, # Required. Client (application) ID of the application with federated credentials.
+          &quot;tenantId&quot;: &quot;A String&quot;, # Required. Tenant (directory) ID of the application with federated credentials.
+        },
         &quot;path&quot;: &quot;A String&quot;, # Root path to transfer objects. Must be an empty string or full path name that ends with a &#x27;/&#x27;. This field is treated as an object prefix. As such, it should generally not begin with a &#x27;/&#x27;.
         &quot;storageAccount&quot;: &quot;A String&quot;, # Required. The name of the Azure Storage account.
       },
@@ -1316,6 +1336,10 @@ <h3>Method Details</h3>
       },
       &quot;container&quot;: &quot;A String&quot;, # Required. The container to transfer from the Azure Storage account.
       &quot;credentialsSecret&quot;: &quot;A String&quot;, # Optional. The Resource name of a secret in Secret Manager. The Azure SAS token must be stored in Secret Manager in JSON format: { &quot;sas_token&quot; : &quot;SAS_TOKEN&quot; } GoogleServiceAccount must be granted `roles/secretmanager.secretAccessor` for the resource. See [Configure access to a source: Microsoft Azure Blob Storage] (https://cloud.google.com/storage-transfer/docs/source-microsoft-azure#secret_manager) for more information. If `credentials_secret` is specified, do not specify azure_credentials. Format: `projects/{project_number}/secrets/{secret_name}`
+      &quot;federatedIdentityConfig&quot;: { # Identities of a user registered Azure application that enables identity federation to trust tokens issued by the user&#x27;s Google service account. For more information about Azure application and identity federation, see [Register an application with the Microsoft identity platform] (https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app) Azure RBAC roles then need be assigned to the Azure application to authorize access to the user&#x27;s Azure data source. For more information about Azure RBAC roles for blobs, see [Manage Access Rights with RBAC] (https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#manage-access-rights-with-rbac) # Optional. Federated identity config of a user registered Azure application. If `federated_identity_config` is specified, do not specify azure_credentials or credentials_secret.
+        &quot;clientId&quot;: &quot;A String&quot;, # Required. Client (application) ID of the application with federated credentials.
+        &quot;tenantId&quot;: &quot;A String&quot;, # Required. Tenant (directory) ID of the application with federated credentials.
+      },
       &quot;path&quot;: &quot;A String&quot;, # Root path to transfer objects. Must be an empty string or full path name that ends with a &#x27;/&#x27;. This field is treated as an object prefix. As such, it should generally not begin with a &#x27;/&#x27;.
       &quot;storageAccount&quot;: &quot;A String&quot;, # Required. The name of the Azure Storage account.
     },
diff --git a/googleapiclient/discovery_cache/documents/storagetransfer.v1.json b/googleapiclient/discovery_cache/documents/storagetransfer.v1.json
@@ -632,7 +632,7 @@
 }
 }
 },
-"revision": "20250503",
+"revision": "20250510",
 "rootUrl": "https://storagetransfer.googleapis.com/",
 "schemas": {
 "AgentPool": {
@@ -764,6 +764,10 @@
 "description": "Optional. The Resource name of a secret in Secret Manager. The Azure SAS token must be stored in Secret Manager in JSON format: { \"sas_token\" : \"SAS_TOKEN\" } GoogleServiceAccount must be granted `roles/secretmanager.secretAccessor` for the resource. See [Configure access to a source: Microsoft Azure Blob Storage] (https://cloud.google.com/storage-transfer/docs/source-microsoft-azure#secret_manager) for more information. If `credentials_secret` is specified, do not specify azure_credentials. Format: `projects/{project_number}/secrets/{secret_name}`",
 "type": "string"
 },
+"federatedIdentityConfig": {
+"$ref": "FederatedIdentityConfig",
+"description": "Optional. Federated identity config of a user registered Azure application. If `federated_identity_config` is specified, do not specify azure_credentials or credentials_secret."
+},
 "path": {
 "description": "Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'.",
 "type": "string"
@@ -932,6 +936,21 @@
 },
 "type": "object"
 },
+"FederatedIdentityConfig": {
+"description": "Identities of a user registered Azure application that enables identity federation to trust tokens issued by the user's Google service account. For more information about Azure application and identity federation, see [Register an application with the Microsoft identity platform] (https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app) Azure RBAC roles then need be assigned to the Azure application to authorize access to the user's Azure data source. For more information about Azure RBAC roles for blobs, see [Manage Access Rights with RBAC] (https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory#manage-access-rights-with-rbac)",
+"id": "FederatedIdentityConfig",
+"properties": {
+"clientId": {
+"description": "Required. Client (application) ID of the application with federated credentials.",
+"type": "string"
+},
+"tenantId": {
+"description": "Required. Tenant (directory) ID of the application with federated credentials.",
+"type": "string"
+}
+},
+"type": "object"
+},
 "GcsData": {
 "description": "In a GcsData resource, an object's name is the Cloud Storage object's name and its \"last modification time\" refers to the object's `updated` property of Cloud Storage objects, which changes when the content or the metadata of the object is updated.",
 "id": "GcsData",
