googleapis

import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosResponseWithHTTP2, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace config_v1 { export interface Options extends GlobalOptions { version: 'v1'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * Infrastructure Manager API * * Creates and manages Google Cloud Platform resources and infrastructure. * * @example * ```js * const {google} = require('googleapis'); * const config = google.config('v1'); * ``` */ export class Config { context: APIRequestContext; projects: Resource$Projects; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * Outputs and artifacts from applying a deployment. */ export interface Schema$ApplyResults { /** * Location of artifacts (e.g. logs) in Google Cloud Storage. Format: `gs://{bucket\}/{object\}` */ artifacts?: string | null; /** * Location of a blueprint copy and other manifests in Google Cloud Storage. Format: `gs://{bucket\}/{object\}` */ content?: string | null; /** * Map of output name to output info. */ outputs?: { [key: string]: Schema$TerraformOutput; } | null; } /** * Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \}, { "log_type": "ADMIN_READ" \} ] \}, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" \}, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] \} ] \} ] \} For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging. */ export interface Schema$AuditConfig { /** * The configuration for logging of each type of permission. */ auditLogConfigs?: Schema$AuditLogConfig[]; /** * Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services. */ service?: string | null; } /** * Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] \}, { "log_type": "DATA_WRITE" \} ] \} This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging. */ export interface Schema$AuditLogConfig { /** * Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. */ exemptedMembers?: string[] | null; /** * The log type that this config enables. */ logType?: string | null; } /** * AutoMigrationConfig contains the automigration configuration for a project. */ export interface Schema$AutoMigrationConfig { /** * Optional. Whether the auto migration is enabled for the project. */ autoMigrationEnabled?: boolean | null; /** * Identifier. The name of the AutoMigrationConfig. Format: 'projects/{project_id\}/locations/{location\}/AutoMigrationConfig'. */ name?: string | null; /** * Output only. Time the AutoMigrationConfig was last updated. */ updateTime?: string | null; } /** * Associates `members`, or principals, with a `role`. */ export interface Schema$Binding { /** * The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ condition?: Schema$Expr; /** * Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid\}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid\}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid\}.svc.id.goog[{namespace\}/{kubernetes-sa\}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid\}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain\}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/subject/{subject_attribute_value\}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/group/{group_id\}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/attribute.{attribute_name\}/{attribute_value\}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/x`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/subject/{subject_attribute_value\}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/group/{group_id\}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/attribute.{attribute_name\}/{attribute_value\}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number\}/locations/global/workloadIdentityPools/{pool_id\}/x`: All identities in a workload identity pool. * `deleted:user:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid\}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid\}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid\}?uid={uniqueid\}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid\}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id\}/subject/{subject_attribute_value\}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`. */ members?: string[] | null; /** * Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles). */ role?: string | null; } /** * The request message for Operations.CancelOperation. */ export interface Schema$CancelOperationRequest { } /** * A request to delete a state file passed to a 'DeleteStatefile' call. */ export interface Schema$DeleteStatefileRequest { /** * Required. Lock ID of the lock file to verify that the user who is deleting the state file previously locked the Deployment. */ lockId?: string | null; } /** * A Deployment is a group of resources and configs managed and provisioned by Infra Manager. */ export interface Schema$Deployment { /** * Optional. Arbitrary key-value metadata storage e.g. to help client tools identify deployments during automation. See https://google.aip.dev/148#annotations for details on format and size limitations. */ annotations?: { [key: string]: string; } | null; /** * Optional. User-defined location of Cloud Build logs and artifacts in Google Cloud Storage. Format: `gs://{bucket\}/{folder\}` A default bucket will be bootstrapped if the field is not set or empty. Default bucket format: `gs://--blueprint-config` Constraints: - The bucket needs to be in the same project as the deployment - The path cannot be within the path of `gcs_source` - The field cannot be updated, including changing its presence */ artifactsGcsBucket?: string | null; /** * Output only. Time when the deployment was created. */ createTime?: string | null; /** * Output only. Cloud Build instance UUID associated with deleting this deployment. */ deleteBuild?: string | null; /** * Output only. Location of Cloud Build logs in Google Cloud Storage, populated when deleting this deployment. Format: `gs://{bucket\}/{object\}`. */ deleteLogs?: string | null; /** * Output only. Location of artifacts from a DeleteDeployment operation. */ deleteResults?: Schema$ApplyResults; /** * Output only. Error code describing errors that may have occurred. */ errorCode?: string | null; /** * Output only. Location of Terraform error logs in Google Cloud Storage. Format: `gs://{bucket\}/{object\}`. */ errorLogs?: string | null; /** * By default, Infra Manager will return a failure when Terraform encounters a 409 code (resource conflict error) during actuation. If this flag is set to true, Infra Manager will instead attempt to automatically import the resource into the Terraform state (for supported resource types) and continue actuation. Not all resource types are supported, refer to documentation. */ importExistingResources?: boolean | null; /** * Optional. User-defined metadata for the deployment. */ labels?: { [key: string]: string; } | null; /** * Output only. Revision name that was most recently applied. Format: `projects/{project\}/locations/{location\}/deployments/{deployment\}/ revisions/{revision\}` */ latestRevision?: string | null; /** * Output only. Current lock state of the deployment. */ lockState?: string | null; /** * Identifier. Resource name of the deployment. Format: `projects/{project\}/locations/{location\}/deployments/{deployment\}` */ name?: string | null; /** * Optional. This field specifies the provider configurations. */ providerConfig?: Schema$ProviderConfig; /** * Optional. Input to control quota checks for resources in terraform configuration files. There are limited resources on which quota validation applies. */ quotaValidation?: string | null; /** * Required. User-specified Service Account (SA) credentials to be used when actuating resources. Format: `projects/{projectID\}/serviceAccounts/{serviceAccount\}` */ serviceAccount?: string | null; /** * Output only. Current state of the deployment. */ state?: string | null; /** * Output only. Additional information regarding the current state. */ stateDetail?: string | null; /** * A blueprint described using Terraform's HashiCorp Configuration Language as a root module. */ terraformBlueprint?: Schema$TerraformBlueprint; /** * Output only. Errors encountered when deleting this deployment. Errors are truncated to 10 entries, see `delete_results` and `error_logs` for full details. */ tfErrors?: Schema$TerraformError[]; /** * Output only. The current Terraform version set on the deployment. It is in the format of "Major.Minor.Patch", for example, "1.3.10". */ tfVersion?: string | null; /** * Optional. The user-specified Terraform version constraint. Example: "=1.3.10". */ tfVersionConstraint?: string | null; /** * Output only. Time when the deployment was last modified. */ updateTime?: string | null; /** * Optional. The user-specified Cloud Build worker pool resource in which the Cloud Build job will execute. Format: `projects/{project\}/locations/{location\}/workerPools/{workerPoolId\}`. If this field is unspecified, the default Cloud Build worker pool will be used. */ workerPool?: string | null; } /** * Ephemeral metadata content describing the state of a deployment operation. */ export interface Schema$DeploymentOperationMetadata { /** * Outputs and artifacts from applying a deployment. */ applyResults?: Schema$ApplyResults; /** * Output only. Cloud Build instance UUID associated with this operation. */ build?: string | null; /** * Output only. Location of Deployment operations logs in `gs://{bucket\}/{object\}` format. */ logs?: string | null; /** * The current step the deployment operation is running. */ step?: string | null; } /** * A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); \} */ export interface Schema$Empty { } /** * A request to export a state file passed to a 'ExportDeploymentStatefile' call. */ export interface Schema$ExportDeploymentStatefileRequest { /** * Optional. If this flag is set to true, the exported deployment state file will be the draft state. This will enable the draft file to be validated before copying it over to the working state on unlock. */ draft?: boolean | null; } /** * A request to export preview results. */ export interface Schema$ExportPreviewResultRequest { } /** * A response to `ExportPreviewResult` call. Contains preview results. */ export interface Schema$ExportPreviewResultResponse { /** * Output only. Signed URLs for accessing the plan files. */ result?: Schema$PreviewResult; } /** * A request to export a state file passed to a 'ExportRevisionStatefile' call. */ export interface Schema$ExportRevisionStatefileRequest { } /** * Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. */ export interface Schema$Expr { /** * Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. */ description?: string | null; /** * Textual representation of an expression in Common Expression Language syntax. */ expression?: string | null; /** * Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. */ location?: string | null; /** * Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. */ title?: string | null; } /** * A set of files in a Git repository. */ export interface Schema$GitSource { /** * Optional. Subdirectory inside the repository. Example: 'staging/my-package' */ directory?: string | null; /** * Optional. Git reference (e.g. branch or tag). */ ref?: string | null; /** * Optional. Repository URL. Example: 'https://github.com/kubernetes/examples.git' */ repo?: string | null; } /** * A request to import a state file passed to a 'ImportStatefile' call. */ export interface Schema$ImportStatefileRequest { /** * Required. Lock ID of the lock file to verify that the user who is importing the state file previously locked the Deployment. */ lockId?: string | null; } export interface Schema$ListDeploymentsResponse { /** * List of Deployments. */ deployments?: Schema$Deployment[]; /** * Token to be supplied to the next ListDeployments request via `page_token` to obtain the next set of results. */ nextPageToken?: string | null; /** * Locations that could not be reached. */ unreachable?: string[] | null; } /** * The response message for Locations.ListLocations. */ export interface Schema$ListLocationsResponse { /** * A list of locations that matches the specified filter in the request. */ locations?: Schema$Location[]; /** * The standard List next-page token. */ nextPageToken?: string | null; } /** * The response message for Operations.ListOperations. */ export interface Schema$ListOperationsResponse { /** * The standard List next-page token. */ nextPageToken?: string | null; /** * A list of operations that matches the specified filter in the request. */ operations?: Schema$Operation[]; /** * Unordered list. Unreachable resources. Populated when the request sets `ListOperationsRequest.return_partial_success` and reads across collections. For example, when attempting to list all resources across all supported locations. */ unreachable?: string[] | null; } /** * A response to a `ListPreviews` call. Contains a list of Previews. */ export interface Schema$ListPreviewsResponse { /** * Token to be supplied to the next ListPreviews request via `page_token` to obtain the next set of results. */ nextPageToken?: string | null; /** * List of Previews. */ previews?: Schema$Preview[]; /** * Locations that could not be reached. */ unreachable?: string[] | null; } /** * A response to a 'ListResourceChanges' call. Contains a list of ResourceChanges. */ export interface Schema$ListResourceChangesResponse { /** * A token to request the next page of resources from the 'ListResourceChanges' method. The value of an empty string means that there are no more resources to return. */ nextPageToken?: string | null; /** * List of ResourceChanges. */ resourceChanges?: Schema$ResourceChange[]; /** * Unreachable resources, if any. */ unreachable?: string[] | null; } /** * A response to a 'ListResourceDrifts' call. Contains a list of ResourceDrifts. */ export interface Schema$ListResourceDriftsResponse { /** * A token to request the next page of resources from the 'ListResourceDrifts' method. The value of an empty string means that there are no more resources to return. */ nextPageToken?: string | null; /** * List of ResourceDrifts. */ resourceDrifts?: Schema$ResourceDrift[]; /** * Unreachable resources, if any. */ unreachable?: string[] | null; } /** * A response to a 'ListResources' call. Contains a list of Resources. */ export interface Schema$ListResourcesResponse { /** * A token to request the next page of resources from the 'ListResources' method. The value of an empty string means that there are no more resources to return. */ nextPageToken?: string | null; /** * List of Resources. */ resources?: Schema$Resource[]; /** * Locations that could not be reached. */ unreachable?: string[] | null; } /** * A response to a 'ListRevisions' call. Contains a list of Revisions. */ export interface Schema$ListRevisionsResponse { /** * A token to request the next page of resources from the 'ListRevisions' method. The value of an empty string means that there are no more resources to return. */ nextPageToken?: string | null; /** * List of Revisions. */ revisions?: Schema$Revision[]; /** * Locations that could not be reached. */ unreachable?: string[] | null; } /** * The response message for the `ListTerraformVersions` method. */ export interface Schema$ListTerraformVersionsResponse { /** * Token to be supplied to the next ListTerraformVersions request via `page_token` to obtain the next set of results. */ nextPageToken?: string | null; /** * List of TerraformVersions. */ terraformVersions?: Schema$TerraformVersion[]; /** * Unreachable resources, if any. */ unreachable?: string[] | null; } /** * A resource that represents a Google Cloud location. */ export interface Schema$Location { /** * The friendly name for this location, typically a nearby city name. For example, "Tokyo". */ displayName?: string | null; /** * Cross-service attributes for the location. For example {"cloud.googleapis.com/region": "us-east1"\} */ labels?: { [key: string]: string; } | null; /** * The canonical id for this location. For example: `"us-east1"`. */ locationId?: string | null; /** * Service-specific metadata. For example the available capacity at the given location. */ metadata?: { [key: string]: any; } | null; /** * Resource name for the location, which may vary between implementations. For example: `"projects/example-project/locations/us-east1"` */ name?: string | null; } /** * A request to lock a deployment passed to a 'LockDeployment' call. */ export interface Schema$LockDeploymentRequest { } /** * Details about the lock which locked the deployment. */ export interface Schema$LockInfo { /** * Time that the lock was taken. */ createTime?: string | null; /** * Extra information to store with the lock, provided by the caller. */ info?: string | null; /** * Unique ID for the lock to be overridden with generation ID in the backend. */ lockId?: string | null; /** * Terraform operation, provided by the caller. */ operation?: string | null; /** * Terraform version */ version?: string | null; /** * user@hostname when available */ who?: string | null; } /** * This resource represents a long-running operation that is the result of a network API call. */ export interface Schema$Operation { /** * If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available. */ done?: boolean | null; /** * The error result of the operation in case of failure or cancellation. */ error?: Schema$Status; /** * Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. */ metadata?: { [key: string]: any; } | null; /** * The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id\}`. */ name?: string | null; /** * The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`. */ response?: { [key: string]: any; } | null; } /** * Represents the metadata of the long-running operation. */ export interface Schema$OperationMetadata { /** * Output only. API version used to start the operation. */ apiVersion?: string | null; /** * Output only. Time when the operation was created. */ createTime?: string | null; /** * Output only. Metadata about the deployment operation state. */ deploymentMetadata?: Schema$DeploymentOperationMetadata; /** * Output only. Time when the operation finished running. */ endTime?: string | null; /** * Output only. Metadata about the preview operation state. */ previewMetadata?: Schema$PreviewOperationMetadata; /** * Output only. Identifies whether the user has requested cancellation of the operation. Operations that have successfully been cancelled have google.longrunning.Operation.error value with a google.rpc.Status.code of `1`, corresponding to `Code.CANCELLED`. */ requestedCancellation?: boolean | null; /** * Output only. Human-readable status of the operation, if any. */ statusMessage?: string | null; /** * Output only. Server-defined resource path for the target of the operation. */ target?: string | null; /** * Output only. Name of the verb executed by the operation. */ verb?: string | null; } /** * An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] \}, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", \} \} ], "etag": "BwWWja0YfJA=", "version": 3 \} ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/). */ export interface Schema$Policy { /** * Specifies cloud audit logging configuration for this policy. */ auditConfigs?: Schema$AuditConfig[]; /** * Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`. */ bindings?: Schema$Binding[]; /** * `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. */ etag?: string | null; /** * Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). */ version?: number | null; } /** * A preview represents a set of actions Infra Manager would perform to move the resources towards the desired state as specified in the configuration. */ export interface Schema$Preview { /** * Optional. Arbitrary key-value metadata storage e.g. to help client tools identify preview during automation. See https://google.aip.dev/148#annotations for details on format and size limitations. */ annotations?: { [key: string]: string; } | null; /** * Optional. User-defined location of Cloud Build logs, artifacts, and in Google Cloud Storage. Format: `gs://{bucket\}/{folder\}` A default bucket will be bootstrapped if the field is not set or empty Default Bucket Format: `gs://--blueprint-config` Constraints: - The bucket needs to be in the same project as the deployment - The path cannot be within the path of `gcs_source` If omitted and deployment resource ref provided has artifacts_gcs_bucket defined, that artifact bucket is used. */ artifactsGcsBucket?: string | null; /** * Output only. Cloud Build instance UUID associated with this preview. */ build?: string | null; /** * Output only. Time the preview was created. */ createTime?: string | null; /** * Optional. Optional deployment reference. If specified, the preview will be performed using the provided deployment's current state and use any relevant fields from the deployment unless explicitly specified in the preview create request. */ deployment?: string | null; /** * Output only. Code describing any errors that may have occurred. */ errorCode?: string | null; /** * Output only. Link to tf-error.ndjson file, which contains the full list of the errors encountered during a Terraform preview. Format: `gs://{bucket\}/{object\}`. */ errorLogs?: string | null; /** * Output only. Additional information regarding the current state. */ errorStatus?: Schema$Status; /** * Optional. User-defined labels for the preview. */ labels?: { [key: string]: string; } | null; /** * Output only. Location of preview logs in `gs://{bucket\}/{object\}` format. */ logs?: string | null; /** * Identifier. Resource name of the preview. Resource name can be user provided or server generated ID if unspecified. Format: `projects/{project\}/locations/{location\}/previews/{preview\}` */ name?: string | null; /** * Output only. Artifacts from preview. */ previewArtifacts?: Schema$PreviewArtifacts; /** * Optional. Current mode of preview. */ previewMode?: string | null; /** * Optional. This field specifies the provider configurations. */ providerConfig?: Schema$ProviderConfig; /** * Required. User-specified Service Account (SA) credentials to be used when previewing resources. Format: `projects/{projectID\}/serviceAccounts/{serviceAccount\}` */ serviceAccount?: string | null; /** * Output only. Current state of the preview. */ state?: string | null; /** * The terraform blueprint to preview. */ terraformBlueprint?: Schema$TerraformBlueprint; /** * Output only. Summary of errors encountered during Terraform preview. It has a size limit of 10, i.e. only top 10 errors will be summarized here. */ tfErrors?: Schema$TerraformError[]; /** * Output only. The current Terraform version set on the preview. It is in the format of "Major.Minor.Patch", for example, "1.3.10". */ tfVersion?: string | null; /** * Optional. The user-specified Terraform version constraint. Example: "=1.3.10". */ tfVersionConstraint?: string | null; /** * Optional. The user-specified Worker Pool resource in which the Cloud Build job will execute. Format projects/{project\}/locations/{location\}/workerPools/{workerPoolId\} If this field is unspecified, the default Cloud Build worker pool will be used. If omitted and deployment resource ref provided has worker_pool defined, that worker pool is used. */ workerPool?: string | null; } /** * Artifacts created by preview. */ export interface Schema$PreviewArtifacts { /** * Output only. Location of artifacts in Google Cloud Storage. Format: `gs://{bucket\}/{object\}` */ artifacts?: string | null; /** * Output only. Location of a blueprint copy and other content in Google Cloud Storage. Format: `gs://{bucket\}/{object\}` */ content?: string | null; } /** * Ephemeral metadata content describing the state of a preview operation. */ export interface Schema$PreviewOperationMetadata { /** * Output only. Cloud Build instance UUID associated with this preview. */ build?: string | null; /** * Output only. Location of preview logs in `gs://{bucket\}/{object\}` format. */ logs?: string | null; /** * Artifacts from preview. */ previewArtifacts?: Schema$PreviewArtifacts; /** * The current step the preview operation is running. */ step?: string | null; } /** * Contains a signed Cloud Storage URLs. */ export interface Schema$PreviewResult { /** * Output only. Plan binary signed URL */ binarySignedUri?: string | null; /** * Output only. Plan JSON signed URL */ jsonSignedUri?: string | null; } /** * A property change represents a change to a property in the state file. */ export interface Schema$PropertyChange { /** * Output only. Representations of the object value after the actions. */ after?: any | null; /** * Output only. The paths of sensitive fields in `after`. Paths are relative to `path`. */ afterSensitivePaths?: string[] | null; /** * Output only. Representations of the object value before the actions. */ before?: any | null; /** * Output only. The paths of sensitive fields in `before`. Paths are relative to `path`. */ beforeSensitivePaths?: string[] | null; /** * Output only. The path of the property change. */ path?: string | null; } /** * A property drift represents a drift to a property in the state file. */ export interface Schema$PropertyDrift { /** * Output only. Representations of the object value after the actions. */ after?: any | null; /** * Output only. The paths of sensitive fields in `after`. Paths are relative to `path`. */ afterSensitivePaths?: string[] | null; /** * Output only. Representations of the object value before the actions. */ before?: any | null; /** * Output only. The paths of sensitive fields in `before`. Paths are relative to `path`. */ beforeSensitivePaths?: string[] | null; /** * Output only. The path of the property drift. */ path?: string | null; } /** * ProviderConfig contains the provider configurations. */ export interface Schema$ProviderConfig { /** * Optional. ProviderSource specifies the source type of the provider. */ sourceType?: string | null; } /** * Resource represents a Google Cloud Platform resource actuated by IM. Resources are child resources of Revisions. */ export interface Schema$Resource { /** * Output only. Map of Cloud Asset Inventory (CAI) type to CAI info (e.g. CAI ID). CAI type format follows https://cloud.google.com/asset-inventory/docs/supported-asset-types */ caiAssets?: { [key: string]: Schema$ResourceCAIInfo; } | null; /** * Output only. Intent of the resource. */ intent?: string | null; /** * Output only. Resource name. Format: `projects/{project\}/locations/{location\}/deployments/{deployment\}/revisions/{revision\}/resources/{resource\}` */ name?: string | null; /** * Output only. Current state of the resource. */ state?: string | null; /** * Output only. Terraform-specific info if this resource was created using Terraform. */ terraformInfo?: Schema$ResourceTerraformInfo; } /** * CAI info of a Resource. */ export interface Schema$ResourceCAIInfo { /** * CAI resource name in the format following https://cloud.google.com/apis/design/resource_names#full_resource_name */ fullResourceName?: string | null; } /** * A resource change represents a change to a resource in the state file. */ export interface Schema$ResourceChange { /** * Output only. The intent of the resource change. */ intent?: string | null; /** * Identifier. The name of the resource change. Format: 'projects/{project_id\}/locations/{location\}/previews/{preview\}/resourceChanges/{resource_change\}'. */ name?: string | null; /** * Output only. The property changes of the resource change. */ propertyChanges?: Schema$PropertyChange[]; /** * Output only. Terraform info of the resource change. */ terraformInfo?: Schema$ResourceChangeTerraformInfo; } /** * Terraform info of a ResourceChange. */ export interface Schema$ResourceChangeTerraformInfo { /** * Output only. TF resource actions. */ actions?: string[] | null; /** * Output only. TF resource address that uniquely identifies the resource. */ address?: string | null; /** * Output only. TF resource provider. */ provider?: string | null; /** * Output only. TF resource name. */ resourceName?: string | null; /** * Output only. TF resource type. */ type?: string | null; } /** * A resource drift represents a drift to a resource in the state file. */ export interface Schema$ResourceDrift { /** * Identifier. The name of the resource drift. Format: 'projects/{project_id\}/locations/{location\}/previews/{preview\}/resourceDrifts/{resource_drift\}'. */ name?: string | null; /** * Output only. The property drifts of the resource drift. */ propertyDrifts?: Schema$PropertyDrift[]; /** * Output only. Terraform info of the resource drift. */ terraformInfo?: Schema$ResourceDriftTerraformInfo; } /** * Terraform info of a ResourceChange. */ export interface Schema$ResourceDriftTerraformInfo { /** * Output only. The address of the drifted resource. */ address?: string | null; /** * Output only. The provider of the drifted resource. */ provider?: string | null; /** * Output only. TF resource name. */ resourceName?: string | null; /** * Output only. The type of the drifted resource. */ type?: string | null; } /** * Terraform info of a Resource. */ export interface Schema$ResourceTerraformInfo { /** * TF resource address that uniquely identifies this resource within this deployment. */ address?: string | null; /** * ID attribute of the TF resource */ id?: string | null; /** * TF resource type */ type?: string | null; } /** * A child resource of a Deployment generated by a 'CreateDeployment' or 'UpdateDeployment' call. Each Revision contains metadata pertaining to a snapshot of a particular Deployment. */ export interface Schema$Revision { /** * Output only. The action which created this revision */ action?: string | null; /** * Output only. Outputs and artifacts from applying a deployment. */ applyResults?: Schema$ApplyResults; /** * Output only. Cloud Build instance UUID associated with this revision. */ build?: string | null; /** * Output only. Time when the revision was created. */