Skip to content

Commit

Permalink
feat(iam)!: update the API
Browse files Browse the repository at this point in the history
BREAKING CHANGE: This release has breaking changes.

#### iam:v1

The following keys were deleted:
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.description
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.flatPath
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.httpMethod
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.id
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.parameterOrder
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.parameters.name.description
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.parameters.name.location
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.parameters.name.pattern
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.parameters.name.required
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.parameters.name.type
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.path
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.request.$ref
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.response.$ref
- resources.projects.resources.serviceAccounts.resources.keys.methods.patch.scopes
- schemas.PatchServiceAccountKeyRequest.description
- schemas.PatchServiceAccountKeyRequest.id
- schemas.PatchServiceAccountKeyRequest.properties.serviceAccountKey.$ref
- schemas.PatchServiceAccountKeyRequest.properties.serviceAccountKey.description
- schemas.PatchServiceAccountKeyRequest.properties.updateMask.description
- schemas.PatchServiceAccountKeyRequest.properties.updateMask.format
- schemas.PatchServiceAccountKeyRequest.properties.updateMask.type
- schemas.PatchServiceAccountKeyRequest.type
- schemas.ServiceAccountKey.properties.contact.description
- schemas.ServiceAccountKey.properties.contact.type
- schemas.ServiceAccountKey.properties.creator.description
- schemas.ServiceAccountKey.properties.creator.readOnly
- schemas.ServiceAccountKey.properties.creator.type
- schemas.ServiceAccountKey.properties.description.description
- schemas.ServiceAccountKey.properties.description.type

The following keys were changed:
- resources.organizations.resources.roles.methods.delete.description
- resources.projects.resources.roles.methods.delete.description
- schemas.QueryGrantableRolesRequest.properties.pageSize.description
yoshi-automation authored and sofisl committed Aug 16, 2024
1 parent 9fc351d commit 83f9f25
Showing 2 changed files with 7 additions and 189 deletions.
65 changes: 4 additions & 61 deletions discovery/iam-v1.json
Original file line number Diff line number Diff line change
@@ -988,7 +988,7 @@
]
},
"delete": {
"description": "Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a principal to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.",
"description": "Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a principal to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. A deleted custom role still counts toward the [custom role limit](https://cloud.google.com/iam/help/limits) until it is permanently deleted. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed. * The custom role no longer counts toward your custom role limit.",
"flatPath": "v1/organizations/{organizationsId}/roles/{rolesId}",
"httpMethod": "DELETE",
"id": "iam.organizations.roles.delete",
@@ -2288,7 +2288,7 @@
]
},
"delete": {
"description": "Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a principal to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.",
"description": "Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a principal to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. A deleted custom role still counts toward the [custom role limit](https://cloud.google.com/iam/help/limits) until it is permanently deleted. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed. * The custom role no longer counts toward your custom role limit.",
"flatPath": "v1/projects/{projectsId}/roles/{rolesId}",
"httpMethod": "DELETE",
"id": "iam.projects.roles.delete",
@@ -3056,34 +3056,6 @@
"https://www.googleapis.com/auth/cloud-platform"
]
},
"patch": {
"description": "Patches a ServiceAccountKey.",
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys/{keysId}:patch",
"httpMethod": "POST",
"id": "iam.projects.serviceAccounts.keys.patch",
"parameterOrder": [
"name"
],
"parameters": {
"name": {
"description": "The resource name of the service account key in the following format `projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}`.",
"location": "path",
"pattern": "^projects/[^/]+/serviceAccounts/[^/]+/keys/[^/]+$",
"required": true,
"type": "string"
}
},
"path": "v1/{+name}:patch",
"request": {
"$ref": "PatchServiceAccountKeyRequest"
},
"response": {
"$ref": "ServiceAccountKey"
},
"scopes": [
"https://www.googleapis.com/auth/cloud-platform"
]
},
"upload": {
"description": "Uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount. After you upload the public key, you can use the private key from the key pair as a service account key.",
"flatPath": "v1/projects/{projectsId}/serviceAccounts/{serviceAccountsId}/keys:upload",
@@ -3216,7 +3188,7 @@
}
}
},
"revision": "20240621",
"revision": "20240725",
"rootUrl": "https://iam.googleapis.com/",
"schemas": {
"AccessRestrictions": {
@@ -4271,22 +4243,6 @@
},
"type": "object"
},
"PatchServiceAccountKeyRequest": {
"description": "The service account key patch request.",
"id": "PatchServiceAccountKeyRequest",
"properties": {
"serviceAccountKey": {
"$ref": "ServiceAccountKey",
"description": "Required. The service account key to update."
},
"updateMask": {
"description": "Required. The update mask to apply to the service account key. Only the following fields are eligible for patching: - contact - description",
"format": "google-fieldmask",
"type": "string"
}
},
"type": "object"
},
"PatchServiceAccountRequest": {
"description": "The service account patch request. You can patch only the `display_name` and `description` fields. You must use the `update_mask` field to specify which of these fields you want to patch. Only the fields specified in the request are guaranteed to be returned in the response. Other fields may be empty in the response.",
"id": "PatchServiceAccountRequest",
@@ -4462,7 +4418,7 @@
"type": "string"
},
"pageSize": {
"description": "Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.",
"description": "Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 2,000.",
"format": "int32",
"type": "integer"
},
@@ -4691,19 +4647,6 @@
"description": "Represents a service account key. A service account has two sets of key-pairs: user-managed, and system-managed. User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key. System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime. If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing. Public keys for all service accounts are also published at the OAuth2 Service Account API.",
"id": "ServiceAccountKey",
"properties": {
"contact": {
"description": "Optional. A user provided email address as the point of contact for this service account key. Must be an email address. Limit 64 characters.",
"type": "string"
},
"creator": {
"description": "Output only. The cloud identity that created this service account key. Populated automatically when the key is created and not editable by the user.",
"readOnly": true,
"type": "string"
},
"description": {
"description": "Optional. A user provided description of this service account key.",
"type": "string"
},
"disableReason": {
"description": "Output only. optional. If the key is disabled, it may have a DisableReason describing why it was disabled.",
"enum": [
131 changes: 3 additions & 128 deletions src/apis/iam/v1.ts
Original file line number Diff line number Diff line change
@@ -830,19 +830,6 @@ export namespace iam_v1 {
*/
verb?: string | null;
}
/**
* The service account key patch request.
*/
export interface Schema$PatchServiceAccountKeyRequest {
/**
* Required. The service account key to update.
*/
serviceAccountKey?: Schema$ServiceAccountKey;
/**
* Required. The update mask to apply to the service account key. Only the following fields are eligible for patching: - contact - description
*/
updateMask?: string | null;
}
/**
* The service account patch request. You can patch only the `display_name` and `description` fields. You must use the `update_mask` field to specify which of these fields you want to patch. Only the fields specified in the request are guaranteed to be returned in the response. Other fields may be empty in the response.
*/
@@ -954,7 +941,7 @@ export namespace iam_v1 {
*/
fullResourceName?: string | null;
/**
* Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 1,000.
* Optional limit on the number of roles to include in the response. The default is 300, and the maximum is 2,000.
*/
pageSize?: number | null;
/**
@@ -1106,18 +1093,6 @@ export namespace iam_v1 {
* Represents a service account key. A service account has two sets of key-pairs: user-managed, and system-managed. User-managed key-pairs can be created and deleted by users. Users are responsible for rotating these keys periodically to ensure security of their service accounts. Users retain the private key of these key-pairs, and Google retains ONLY the public key. System-managed keys are automatically rotated by Google, and are used for signing for a maximum of two weeks. The rotation process is probabilistic, and usage of the new key will gradually ramp up and down over the key's lifetime. If you cache the public key set for a service account, we recommend that you update the cache every 15 minutes. User-managed keys can be added and removed at any time, so it is important to update the cache frequently. For Google-managed keys, Google will publish a key at least 6 hours before it is first used for signing and will keep publishing it for at least 6 hours after it was last used for signing. Public keys for all service accounts are also published at the OAuth2 Service Account API.
*/
export interface Schema$ServiceAccountKey {
/**
* Optional. A user provided email address as the point of contact for this service account key. Must be an email address. Limit 64 characters.
*/
contact?: string | null;
/**
* Output only. The cloud identity that created this service account key. Populated automatically when the key is created and not editable by the user.
*/
creator?: string | null;
/**
* Optional. A user provided description of this service account key.
*/
description?: string | null;
/**
* The key status.
*/
@@ -4567,7 +4542,7 @@ export namespace iam_v1 {
}

/**
* Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a principal to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.
* Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a principal to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. A deleted custom role still counts toward the [custom role limit](https://cloud.google.com/iam/help/limits) until it is permanently deleted. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed. * The custom role no longer counts toward your custom role limit.
*
* @param params - Parameters for request
* @param options - Optionally override request options, such as `url`, `method`, and `encoding`.
@@ -8906,7 +8881,7 @@ export namespace iam_v1 {
}

/**
* Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a principal to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed.
* Deletes a custom Role. When you delete a custom role, the following changes occur immediately: * You cannot bind a principal to the custom role in an IAM Policy. * Existing bindings to the custom role are not changed, but they have no effect. * By default, the response from ListRoles does not include the custom role. A deleted custom role still counts toward the [custom role limit](https://cloud.google.com/iam/help/limits) until it is permanently deleted. You have 7 days to undelete the custom role. After 7 days, the following changes occur: * The custom role is permanently deleted and cannot be recovered. * If an IAM policy contains a binding to the custom role, the binding is permanently removed. * The custom role no longer counts toward your custom role limit.
*
* @param params - Parameters for request
* @param options - Optionally override request options, such as `url`, `method`, and `encoding`.
@@ -11367,94 +11342,6 @@ export namespace iam_v1 {
}
}

/**
* Patches a ServiceAccountKey.
*
* @param params - Parameters for request
* @param options - Optionally override request options, such as `url`, `method`, and `encoding`.
* @param callback - Optional callback that handles the response.
* @returns A promise if used with async/await, or void if used with a callback.
*/
patch(
params: Params$Resource$Projects$Serviceaccounts$Keys$Patch,
options: StreamMethodOptions
): GaxiosPromise<Readable>;
patch(
params?: Params$Resource$Projects$Serviceaccounts$Keys$Patch,
options?: MethodOptions
): GaxiosPromise<Schema$ServiceAccountKey>;
patch(
params: Params$Resource$Projects$Serviceaccounts$Keys$Patch,
options: StreamMethodOptions | BodyResponseCallback<Readable>,
callback: BodyResponseCallback<Readable>
): void;
patch(
params: Params$Resource$Projects$Serviceaccounts$Keys$Patch,
options: MethodOptions | BodyResponseCallback<Schema$ServiceAccountKey>,
callback: BodyResponseCallback<Schema$ServiceAccountKey>
): void;
patch(
params: Params$Resource$Projects$Serviceaccounts$Keys$Patch,
callback: BodyResponseCallback<Schema$ServiceAccountKey>
): void;
patch(callback: BodyResponseCallback<Schema$ServiceAccountKey>): void;
patch(
paramsOrCallback?:
| Params$Resource$Projects$Serviceaccounts$Keys$Patch
| BodyResponseCallback<Schema$ServiceAccountKey>
| BodyResponseCallback<Readable>,
optionsOrCallback?:
| MethodOptions
| StreamMethodOptions
| BodyResponseCallback<Schema$ServiceAccountKey>
| BodyResponseCallback<Readable>,
callback?:
| BodyResponseCallback<Schema$ServiceAccountKey>
| BodyResponseCallback<Readable>
):
| void
| GaxiosPromise<Schema$ServiceAccountKey>
| GaxiosPromise<Readable> {
let params = (paramsOrCallback ||
{}) as Params$Resource$Projects$Serviceaccounts$Keys$Patch;
let options = (optionsOrCallback || {}) as MethodOptions;

if (typeof paramsOrCallback === 'function') {
callback = paramsOrCallback;
params = {} as Params$Resource$Projects$Serviceaccounts$Keys$Patch;
options = {};
}

if (typeof optionsOrCallback === 'function') {
callback = optionsOrCallback;
options = {};
}

const rootUrl = options.rootUrl || 'https://iam.googleapis.com/';
const parameters = {
options: Object.assign(
{
url: (rootUrl + '/v1/{+name}:patch').replace(/([^:]\/)\/+/g, '$1'),
method: 'POST',
apiVersion: '',
},
options
),
params,
requiredParams: ['name'],
pathParams: ['name'],
context: this.context,
};
if (callback) {
createAPIRequest<Schema$ServiceAccountKey>(
parameters,
callback as BodyResponseCallback<unknown>
);
} else {
return createAPIRequest<Schema$ServiceAccountKey>(parameters);
}
}

/**
* Uploads the public key portion of a key pair that you manage, and associates the public key with a ServiceAccount. After you upload the public key, you can use the private key from the key pair as a service account key.
*
@@ -11612,18 +11499,6 @@ export namespace iam_v1 {
*/
name?: string;
}
export interface Params$Resource$Projects$Serviceaccounts$Keys$Patch
extends StandardParameters {
/**
* The resource name of the service account key in the following format `projects/{PROJECT_ID\}/serviceAccounts/{ACCOUNT\}/keys/{key\}`.
*/
name?: string;

/**
* Request body metadata
*/
requestBody?: Schema$PatchServiceAccountKeyRequest;
}
export interface Params$Resource$Projects$Serviceaccounts$Keys$Upload
extends StandardParameters {
/**

0 comments on commit 83f9f25

Please sign in to comment.