Skip to content

Commit fd74f2d

Browse files
feat: AuditConfig for IAM v1 (#194)
- [ ] Regenerate this pull request now. PiperOrigin-RevId: 439356405 Source-Link: googleapis/googleapis@afa2ba1 Source-Link: googleapis/googleapis-gen@3e40c17 Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiM2U0MGMxN2UxNTEwYzk1ZmFiNThmYzIxNDNjY2I2MWNjZWNhNTk4OSJ9 fix(deps): require grpc-google-iam-v1 >=0.12.4
1 parent cd0637c commit fd74f2d

6 files changed

Lines changed: 104 additions & 79 deletions

File tree

packages/google-cloud-bigquery-connection/google/cloud/bigquery_connection_v1/services/connection_service/async_client.py

Lines changed: 50 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -811,21 +811,26 @@ def sample_get_iam_policy():
811811
812812
Returns:
813813
google.iam.v1.policy_pb2.Policy:
814-
Defines an Identity and Access Management (IAM) policy. It is used to
815-
specify access control policies for Cloud Platform
816-
resources.
814+
An Identity and Access Management (IAM) policy, which specifies access
815+
controls for Google Cloud resources.
817816
818817
A Policy is a collection of bindings. A binding binds
819-
one or more members to a single role. Members can be
820-
user accounts, service accounts, Google groups, and
821-
domains (such as G Suite). A role is a named list of
822-
permissions (defined by IAM or configured by users).
823-
A binding can optionally specify a condition, which
824-
is a logic expression that further constrains the
825-
role binding based on attributes about the request
826-
and/or target resource.
827-
828-
**JSON Example**
818+
one or more members, or principals, to a single role.
819+
Principals can be user accounts, service accounts,
820+
Google groups, and domains (such as G Suite). A role
821+
is a named list of permissions; each role can be an
822+
IAM predefined role or a user-created custom role.
823+
824+
For some types of Google Cloud resources, a binding
825+
can also specify a condition, which is a logical
826+
expression that allows access to a resource only if
827+
the expression evaluates to true. A condition can add
828+
constraints based on attributes of the request, the
829+
resource, or both. To learn which resources support
830+
conditions in their IAM policies, see the [IAM
831+
documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
832+
833+
**JSON example:**
829834
830835
{
831836
"bindings": [
@@ -840,17 +845,17 @@ def sample_get_iam_policy():
840845
841846
}, { "role":
842847
"roles/resourcemanager.organizationViewer",
843-
"members": ["user:[email protected]"],
848+
"members": [ "user:[email protected]" ],
844849
"condition": { "title": "expirable access",
845850
"description": "Does not grant access after
846851
Sep 2020", "expression": "request.time <
847852
timestamp('2020-10-01T00:00:00.000Z')", } }
848853
849-
]
854+
], "etag": "BwWWja0YfJA=", "version": 3
850855
851856
}
852857
853-
**YAML Example**
858+
**YAML example:**
854859
855860
bindings: - members: - user:\ [email protected] -
856861
group:\ [email protected] - domain:google.com -
@@ -861,11 +866,12 @@ def sample_get_iam_policy():
861866
condition: title: expirable access description:
862867
Does not grant access after Sep 2020 expression:
863868
request.time <
864-
timestamp('2020-10-01T00:00:00.000Z')
869+
timestamp('2020-10-01T00:00:00.000Z') etag:
870+
BwWWja0YfJA= version: 3
865871
866872
For a description of IAM and its features, see the
867-
[IAM developer's
868-
guide](\ https://cloud.google.com/iam/docs).
873+
[IAM
874+
documentation](\ https://cloud.google.com/iam/docs/).
869875
870876
"""
871877
# Create or coerce a protobuf request object.
@@ -968,21 +974,26 @@ def sample_set_iam_policy():
968974
969975
Returns:
970976
google.iam.v1.policy_pb2.Policy:
971-
Defines an Identity and Access Management (IAM) policy. It is used to
972-
specify access control policies for Cloud Platform
973-
resources.
977+
An Identity and Access Management (IAM) policy, which specifies access
978+
controls for Google Cloud resources.
974979
975980
A Policy is a collection of bindings. A binding binds
976-
one or more members to a single role. Members can be
977-
user accounts, service accounts, Google groups, and
978-
domains (such as G Suite). A role is a named list of
979-
permissions (defined by IAM or configured by users).
980-
A binding can optionally specify a condition, which
981-
is a logic expression that further constrains the
982-
role binding based on attributes about the request
983-
and/or target resource.
984-
985-
**JSON Example**
981+
one or more members, or principals, to a single role.
982+
Principals can be user accounts, service accounts,
983+
Google groups, and domains (such as G Suite). A role
984+
is a named list of permissions; each role can be an
985+
IAM predefined role or a user-created custom role.
986+
987+
For some types of Google Cloud resources, a binding
988+
can also specify a condition, which is a logical
989+
expression that allows access to a resource only if
990+
the expression evaluates to true. A condition can add
991+
constraints based on attributes of the request, the
992+
resource, or both. To learn which resources support
993+
conditions in their IAM policies, see the [IAM
994+
documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
995+
996+
**JSON example:**
986997
987998
{
988999
"bindings": [
@@ -997,17 +1008,17 @@ def sample_set_iam_policy():
9971008
9981009
}, { "role":
9991010
"roles/resourcemanager.organizationViewer",
1000-
"members": ["user:[email protected]"],
1011+
"members": [ "user:[email protected]" ],
10011012
"condition": { "title": "expirable access",
10021013
"description": "Does not grant access after
10031014
Sep 2020", "expression": "request.time <
10041015
timestamp('2020-10-01T00:00:00.000Z')", } }
10051016
1006-
]
1017+
], "etag": "BwWWja0YfJA=", "version": 3
10071018
10081019
}
10091020
1010-
**YAML Example**
1021+
**YAML example:**
10111022
10121023
bindings: - members: - user:\ [email protected] -
10131024
group:\ [email protected] - domain:google.com -
@@ -1018,11 +1029,12 @@ def sample_set_iam_policy():
10181029
condition: title: expirable access description:
10191030
Does not grant access after Sep 2020 expression:
10201031
request.time <
1021-
timestamp('2020-10-01T00:00:00.000Z')
1032+
timestamp('2020-10-01T00:00:00.000Z') etag:
1033+
BwWWja0YfJA= version: 3
10221034
10231035
For a description of IAM and its features, see the
1024-
[IAM developer's
1025-
guide](\ https://cloud.google.com/iam/docs).
1036+
[IAM
1037+
documentation](\ https://cloud.google.com/iam/docs/).
10261038
10271039
"""
10281040
# Create or coerce a protobuf request object.

packages/google-cloud-bigquery-connection/google/cloud/bigquery_connection_v1/services/connection_service/client.py

Lines changed: 50 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -1007,21 +1007,26 @@ def sample_get_iam_policy():
10071007
10081008
Returns:
10091009
google.iam.v1.policy_pb2.Policy:
1010-
Defines an Identity and Access Management (IAM) policy. It is used to
1011-
specify access control policies for Cloud Platform
1012-
resources.
1010+
An Identity and Access Management (IAM) policy, which specifies access
1011+
controls for Google Cloud resources.
10131012
10141013
A Policy is a collection of bindings. A binding binds
1015-
one or more members to a single role. Members can be
1016-
user accounts, service accounts, Google groups, and
1017-
domains (such as G Suite). A role is a named list of
1018-
permissions (defined by IAM or configured by users).
1019-
A binding can optionally specify a condition, which
1020-
is a logic expression that further constrains the
1021-
role binding based on attributes about the request
1022-
and/or target resource.
1023-
1024-
**JSON Example**
1014+
one or more members, or principals, to a single role.
1015+
Principals can be user accounts, service accounts,
1016+
Google groups, and domains (such as G Suite). A role
1017+
is a named list of permissions; each role can be an
1018+
IAM predefined role or a user-created custom role.
1019+
1020+
For some types of Google Cloud resources, a binding
1021+
can also specify a condition, which is a logical
1022+
expression that allows access to a resource only if
1023+
the expression evaluates to true. A condition can add
1024+
constraints based on attributes of the request, the
1025+
resource, or both. To learn which resources support
1026+
conditions in their IAM policies, see the [IAM
1027+
documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
1028+
1029+
**JSON example:**
10251030
10261031
{
10271032
"bindings": [
@@ -1036,17 +1041,17 @@ def sample_get_iam_policy():
10361041
10371042
}, { "role":
10381043
"roles/resourcemanager.organizationViewer",
1039-
"members": ["user:[email protected]"],
1044+
"members": [ "user:[email protected]" ],
10401045
"condition": { "title": "expirable access",
10411046
"description": "Does not grant access after
10421047
Sep 2020", "expression": "request.time <
10431048
timestamp('2020-10-01T00:00:00.000Z')", } }
10441049
1045-
]
1050+
], "etag": "BwWWja0YfJA=", "version": 3
10461051
10471052
}
10481053
1049-
**YAML Example**
1054+
**YAML example:**
10501055
10511056
bindings: - members: - user:\ [email protected] -
10521057
group:\ [email protected] - domain:google.com -
@@ -1057,11 +1062,12 @@ def sample_get_iam_policy():
10571062
condition: title: expirable access description:
10581063
Does not grant access after Sep 2020 expression:
10591064
request.time <
1060-
timestamp('2020-10-01T00:00:00.000Z')
1065+
timestamp('2020-10-01T00:00:00.000Z') etag:
1066+
BwWWja0YfJA= version: 3
10611067
10621068
For a description of IAM and its features, see the
1063-
[IAM developer's
1064-
guide](\ https://cloud.google.com/iam/docs).
1069+
[IAM
1070+
documentation](\ https://cloud.google.com/iam/docs/).
10651071
10661072
"""
10671073
# Create or coerce a protobuf request object.
@@ -1161,21 +1167,26 @@ def sample_set_iam_policy():
11611167
11621168
Returns:
11631169
google.iam.v1.policy_pb2.Policy:
1164-
Defines an Identity and Access Management (IAM) policy. It is used to
1165-
specify access control policies for Cloud Platform
1166-
resources.
1170+
An Identity and Access Management (IAM) policy, which specifies access
1171+
controls for Google Cloud resources.
11671172
11681173
A Policy is a collection of bindings. A binding binds
1169-
one or more members to a single role. Members can be
1170-
user accounts, service accounts, Google groups, and
1171-
domains (such as G Suite). A role is a named list of
1172-
permissions (defined by IAM or configured by users).
1173-
A binding can optionally specify a condition, which
1174-
is a logic expression that further constrains the
1175-
role binding based on attributes about the request
1176-
and/or target resource.
1177-
1178-
**JSON Example**
1174+
one or more members, or principals, to a single role.
1175+
Principals can be user accounts, service accounts,
1176+
Google groups, and domains (such as G Suite). A role
1177+
is a named list of permissions; each role can be an
1178+
IAM predefined role or a user-created custom role.
1179+
1180+
For some types of Google Cloud resources, a binding
1181+
can also specify a condition, which is a logical
1182+
expression that allows access to a resource only if
1183+
the expression evaluates to true. A condition can add
1184+
constraints based on attributes of the request, the
1185+
resource, or both. To learn which resources support
1186+
conditions in their IAM policies, see the [IAM
1187+
documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies).
1188+
1189+
**JSON example:**
11791190
11801191
{
11811192
"bindings": [
@@ -1190,17 +1201,17 @@ def sample_set_iam_policy():
11901201
11911202
}, { "role":
11921203
"roles/resourcemanager.organizationViewer",
1193-
"members": ["user:[email protected]"],
1204+
"members": [ "user:[email protected]" ],
11941205
"condition": { "title": "expirable access",
11951206
"description": "Does not grant access after
11961207
Sep 2020", "expression": "request.time <
11971208
timestamp('2020-10-01T00:00:00.000Z')", } }
11981209
1199-
]
1210+
], "etag": "BwWWja0YfJA=", "version": 3
12001211
12011212
}
12021213
1203-
**YAML Example**
1214+
**YAML example:**
12041215
12051216
bindings: - members: - user:\ [email protected] -
12061217
group:\ [email protected] - domain:google.com -
@@ -1211,11 +1222,12 @@ def sample_set_iam_policy():
12111222
condition: title: expirable access description:
12121223
Does not grant access after Sep 2020 expression:
12131224
request.time <
1214-
timestamp('2020-10-01T00:00:00.000Z')
1225+
timestamp('2020-10-01T00:00:00.000Z') etag:
1226+
BwWWja0YfJA= version: 3
12151227
12161228
For a description of IAM and its features, see the
1217-
[IAM developer's
1218-
guide](\ https://cloud.google.com/iam/docs).
1229+
[IAM
1230+
documentation](\ https://cloud.google.com/iam/docs/).
12191231
12201232
"""
12211233
# Create or coerce a protobuf request object.

packages/google-cloud-bigquery-connection/scripts/fixup_bigquery_connection_v1_keywords.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ class bigquery_connectionCallTransformer(cst.CSTTransformer):
4444
'get_connection': ('name', ),
4545
'get_iam_policy': ('resource', 'options', ),
4646
'list_connections': ('parent', 'page_size', 'page_token', ),
47-
'set_iam_policy': ('resource', 'policy', ),
47+
'set_iam_policy': ('resource', 'policy', 'update_mask', ),
4848
'test_iam_permissions': ('resource', 'permissions', ),
4949
'update_connection': ('name', 'connection', 'update_mask', ),
5050
}

packages/google-cloud-bigquery-connection/setup.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@
4949
# https://github.com/googleapis/google-cloud-python/issues/10566
5050
"google-api-core >= 1.31.5, <3.0.0dev,!=2.0.*,!=2.1.*,!=2.2.*,!=2.3.0",
5151
"proto-plus >= 1.15.0",
52-
"grpc-google-iam-v1 >= 0.12.3, < 0.13.0dev",
52+
"grpc-google-iam-v1 >= 0.12.4, <1.0.0dev",
5353
),
5454
python_requires=">=3.6",
5555
classifiers=[

packages/google-cloud-bigquery-connection/testing/constraints-3.6.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,4 +7,4 @@
77
# Then this file should have foo==1.14.0
88
google-api-core==1.31.5
99
proto-plus==1.15.0
10-
grpc-google-iam-v1==0.12.3
10+
grpc-google-iam-v1==0.12.4

packages/google-cloud-bigquery-connection/tests/unit/gapic/bigquery_connection_v1/test_connection_service.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2563,6 +2563,7 @@ def test_set_iam_policy_from_dict_foreign():
25632563
request={
25642564
"resource": "resource_value",
25652565
"policy": policy_pb2.Policy(version=774),
2566+
"update_mask": field_mask_pb2.FieldMask(paths=["paths_value"]),
25662567
}
25672568
)
25682569
call.assert_called()

0 commit comments

Comments
 (0)