You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/dyn/iap_v1.v1.html
+9Lines changed: 9 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -190,6 +190,9 @@ <h3>Method Details</h3>
190
190
"type": "A String", # Resource type. Types are defined in IAM's .service files. Valid values for type might be 'gce', 'gcs', 'project', 'account' etc.
191
191
},
192
192
"resource": { # IAM resource to check permission on
193
+
"expectedNextState": { # The proto or JSON formatted expected next state of the resource, wrapped in a google.protobuf.Any proto, against which the policy rules are evaluated. Services not integrated with custom org policy can omit this field. Services integrated with custom org policy must populate this field for all requests where the API call changes the state of the resource. Custom org policy backend uses these attributes to enforce custom org policies. When a proto is wrapped, it is generally the One Platform API proto. When a JSON string is wrapped, use `google.protobuf.StringValue` for the inner value. It is sufficient to pass just the max set of attributes that are allowed for use in custom constraints; other attributes can be omitted. See go/custom-constraints-org-policy-integration-guide for additional details.
194
+
"a_key": "", # Properties of the object. Contains field @type with type URL.
195
+
},
193
196
"labels": { # The service defined labels of the resource on which the conditions will be evaluated. The semantics - including the key names - are vague to IAM. If the effective condition has a reference to a `resource.labels[foo]` construct, IAM consults with this map to retrieve the values associated with `foo` key for Conditions evaluation. If the provided key is not found in the labels map, the condition would evaluate to false. This field is in limited use. If your intended use case is not expected to express resource.labels attribute in IAM Conditions, leave this field empty. Before planning on using this attribute please: * Read go/iam-conditions-labels-comm and ensure your service can meet the data availability and management requirements. * Talk to iam-conditions-eng@ about your use case.
194
197
"a_key": "A String",
195
198
},
@@ -355,6 +358,9 @@ <h3>Method Details</h3>
355
358
"type": "A String", # Resource type. Types are defined in IAM's .service files. Valid values for type might be 'gce', 'gcs', 'project', 'account' etc.
356
359
},
357
360
"resource": { # IAM resource to check permission on
361
+
"expectedNextState": { # The proto or JSON formatted expected next state of the resource, wrapped in a google.protobuf.Any proto, against which the policy rules are evaluated. Services not integrated with custom org policy can omit this field. Services integrated with custom org policy must populate this field for all requests where the API call changes the state of the resource. Custom org policy backend uses these attributes to enforce custom org policies. When a proto is wrapped, it is generally the One Platform API proto. When a JSON string is wrapped, use `google.protobuf.StringValue` for the inner value. It is sufficient to pass just the max set of attributes that are allowed for use in custom constraints; other attributes can be omitted. See go/custom-constraints-org-policy-integration-guide for additional details.
362
+
"a_key": "", # Properties of the object. Contains field @type with type URL.
363
+
},
358
364
"labels": { # The service defined labels of the resource on which the conditions will be evaluated. The semantics - including the key names - are vague to IAM. If the effective condition has a reference to a `resource.labels[foo]` construct, IAM consults with this map to retrieve the values associated with `foo` key for Conditions evaluation. If the provided key is not found in the labels map, the condition would evaluate to false. This field is in limited use. If your intended use case is not expected to express resource.labels attribute in IAM Conditions, leave this field empty. Before planning on using this attribute please: * Read go/iam-conditions-labels-comm and ensure your service can meet the data availability and management requirements. * Talk to iam-conditions-eng@ about your use case.
359
365
"a_key": "A String",
360
366
},
@@ -431,6 +437,9 @@ <h3>Method Details</h3>
431
437
"type": "A String", # Resource type. Types are defined in IAM's .service files. Valid values for type might be 'gce', 'gcs', 'project', 'account' etc.
432
438
},
433
439
"resource": { # IAM resource to check permission on
440
+
"expectedNextState": { # The proto or JSON formatted expected next state of the resource, wrapped in a google.protobuf.Any proto, against which the policy rules are evaluated. Services not integrated with custom org policy can omit this field. Services integrated with custom org policy must populate this field for all requests where the API call changes the state of the resource. Custom org policy backend uses these attributes to enforce custom org policies. When a proto is wrapped, it is generally the One Platform API proto. When a JSON string is wrapped, use `google.protobuf.StringValue` for the inner value. It is sufficient to pass just the max set of attributes that are allowed for use in custom constraints; other attributes can be omitted. See go/custom-constraints-org-policy-integration-guide for additional details.
441
+
"a_key": "", # Properties of the object. Contains field @type with type URL.
442
+
},
434
443
"labels": { # The service defined labels of the resource on which the conditions will be evaluated. The semantics - including the key names - are vague to IAM. If the effective condition has a reference to a `resource.labels[foo]` construct, IAM consults with this map to retrieve the values associated with `foo` key for Conditions evaluation. If the provided key is not found in the labels map, the condition would evaluate to false. This field is in limited use. If your intended use case is not expected to express resource.labels attribute in IAM Conditions, leave this field empty. Before planning on using this attribute please: * Read go/iam-conditions-labels-comm and ensure your service can meet the data availability and management requirements. * Talk to iam-conditions-eng@ about your use case.
Copy file name to clipboardExpand all lines: googleapiclient/discovery_cache/documents/iap.v1.json
+9-1Lines changed: 9 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -682,7 +682,7 @@
682
682
}
683
683
}
684
684
},
685
-
"revision": "20230922",
685
+
"revision": "20231006",
686
686
"rootUrl": "https://iap.googleapis.com/",
687
687
"schemas": {
688
688
"AccessDeniedPageSettings": {
@@ -1183,6 +1183,14 @@
1183
1183
"Resource": {
1184
1184
"id": "Resource",
1185
1185
"properties": {
1186
+
"expectedNextState": {
1187
+
"additionalProperties": {
1188
+
"description": "Properties of the object. Contains field @type with type URL.",
1189
+
"type": "any"
1190
+
},
1191
+
"description": "The proto or JSON formatted expected next state of the resource, wrapped in a google.protobuf.Any proto, against which the policy rules are evaluated. Services not integrated with custom org policy can omit this field. Services integrated with custom org policy must populate this field for all requests where the API call changes the state of the resource. Custom org policy backend uses these attributes to enforce custom org policies. When a proto is wrapped, it is generally the One Platform API proto. When a JSON string is wrapped, use `google.protobuf.StringValue` for the inner value. It is sufficient to pass just the max set of attributes that are allowed for use in custom constraints; other attributes can be omitted. See go/custom-constraints-org-policy-integration-guide for additional details.",
0 commit comments