diff --git a/.flake8 b/.flake8
index 2e43874..87f6e40 100644
--- a/.flake8
+++ b/.flake8
@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
-# Copyright 2020 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
index 5fc5daa..2aefd0e 100644
--- a/.github/.OwlBot.lock.yaml
+++ b/.github/.OwlBot.lock.yaml
@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,4 +13,5 @@
# limitations under the License.
docker:
image: gcr.io/cloud-devrel-public-resources/owlbot-python:latest
- digest: sha256:8555f0e37e6261408f792bfd6635102d2da5ad73f8f09bcb24f25e6afb5fac97
+ digest: sha256:97b671488ad548ef783a452a9e1276ac10f144d5ae56d98cc4bf77ba504082b4
+# created: 2024-02-06T03:20:16.660474034Z
diff --git a/.github/auto-label.yaml b/.github/auto-label.yaml
index 41bff0b..b2016d1 100644
--- a/.github/auto-label.yaml
+++ b/.github/auto-label.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/.kokoro/build.sh b/.kokoro/build.sh
index fe62bc6..c362418 100755
--- a/.kokoro/build.sh
+++ b/.kokoro/build.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2018 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/.kokoro/docker/docs/Dockerfile b/.kokoro/docker/docs/Dockerfile
index f8137d0..8e39a2c 100644
--- a/.kokoro/docker/docs/Dockerfile
+++ b/.kokoro/docker/docs/Dockerfile
@@ -1,4 +1,4 @@
-# Copyright 2020 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/.kokoro/noxfile.py b/.kokoro/noxfile.py
index 7c8a639..483b559 100644
--- a/.kokoro/noxfile.py
+++ b/.kokoro/noxfile.py
@@ -89,7 +89,7 @@ def get_pytest_env_vars() -> Dict[str, str]:
# DO NOT EDIT - automatically generated.
# All versions used to test samples.
-ALL_VERSIONS = ["3.7", "3.8", "3.9", "3.10", "3.11"]
+ALL_VERSIONS = ["3.7", "3.8", "3.9", "3.10", "3.11", "3.12"]
# Any default versions that should be ignored.
IGNORED_VERSIONS = TEST_CONFIG["ignored_versions"]
diff --git a/.kokoro/populate-secrets.sh b/.kokoro/populate-secrets.sh
index f525142..6f39721 100755
--- a/.kokoro/populate-secrets.sh
+++ b/.kokoro/populate-secrets.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2020 Google LLC.
+# Copyright 2023 Google LLC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/.kokoro/publish-docs.sh b/.kokoro/publish-docs.sh
index 1c4d623..9eafe0b 100755
--- a/.kokoro/publish-docs.sh
+++ b/.kokoro/publish-docs.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2020 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/.kokoro/release.sh b/.kokoro/release.sh
index a208e96..e0d2f4f 100755
--- a/.kokoro/release.sh
+++ b/.kokoro/release.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2020 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/.kokoro/release/common.cfg b/.kokoro/release/common.cfg
index a192396..a8606b9 100644
--- a/.kokoro/release/common.cfg
+++ b/.kokoro/release/common.cfg
@@ -38,3 +38,12 @@ env_vars: {
key: "SECRET_MANAGER_KEYS"
value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem"
}
+
+# Store the packages we uploaded to PyPI. That way, we have a record of exactly
+# what we published, which we can use to generate SBOMs and attestations.
+action {
+ define_artifacts {
+ regex: "github/python-access-context-manager/**/*.tar.gz"
+ strip_prefix: "github/python-access-context-manager"
+ }
+}
diff --git a/.kokoro/requirements.in b/.kokoro/requirements.in
index 882178c..ec867d9 100644
--- a/.kokoro/requirements.in
+++ b/.kokoro/requirements.in
@@ -5,6 +5,6 @@ typing-extensions
twine
wheel
setuptools
-nox
+nox>=2022.11.21 # required to remove dependency on py
charset-normalizer<3
click<8.1.0
diff --git a/.kokoro/requirements.txt b/.kokoro/requirements.txt
index fa99c12..8c11c9f 100644
--- a/.kokoro/requirements.txt
+++ b/.kokoro/requirements.txt
@@ -1,94 +1,78 @@
#
-# This file is autogenerated by pip-compile with python 3.10
-# To update, run:
+# This file is autogenerated by pip-compile with Python 3.9
+# by the following command:
#
# pip-compile --allow-unsafe --generate-hashes requirements.in
#
-argcomplete==2.0.0 \
- --hash=sha256:6372ad78c89d662035101418ae253668445b391755cfe94ea52f1b9d22425b20 \
- --hash=sha256:cffa11ea77999bb0dd27bb25ff6dc142a6796142f68d45b1a26b11f58724561e
+argcomplete==3.1.4 \
+ --hash=sha256:72558ba729e4c468572609817226fb0a6e7e9a0a7d477b882be168c0b4a62b94 \
+ --hash=sha256:fbe56f8cda08aa9a04b307d8482ea703e96a6a801611acb4be9bf3942017989f
# via nox
-attrs==22.1.0 \
- --hash=sha256:29adc2665447e5191d0e7c568fde78b21f9672d344281d0c6e1ab085429b22b6 \
- --hash=sha256:86efa402f67bf2df34f51a335487cf46b1ec130d02b8d39fd248abfd30da551c
+attrs==23.1.0 \
+ --hash=sha256:1f28b4522cdc2fb4256ac1a020c78acf9cba2c6b461ccd2c126f3aa8e8335d04 \
+ --hash=sha256:6279836d581513a26f1bf235f9acd333bc9115683f14f7e8fae46c98fc50e015
# via gcp-releasetool
-bleach==5.0.1 \
- --hash=sha256:085f7f33c15bd408dd9b17a4ad77c577db66d76203e5984b1bd59baeee948b2a \
- --hash=sha256:0d03255c47eb9bd2f26aa9bb7f2107732e7e8fe195ca2f64709fcf3b0a4a085c
- # via readme-renderer
-cachetools==5.2.0 \
- --hash=sha256:6a94c6402995a99c3970cc7e4884bb60b4a8639938157eeed436098bf9831757 \
- --hash=sha256:f9f17d2aec496a9aa6b76f53e3b614c965223c061982d434d160f930c698a9db
+cachetools==5.3.2 \
+ --hash=sha256:086ee420196f7b2ab9ca2db2520aca326318b68fe5ba8bc4d49cca91add450f2 \
+ --hash=sha256:861f35a13a451f94e301ce2bec7cac63e881232ccce7ed67fab9b5df4d3beaa1
# via google-auth
-certifi==2022.12.7 \
- --hash=sha256:35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3 \
- --hash=sha256:4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18
+certifi==2023.7.22 \
+ --hash=sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082 \
+ --hash=sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9
# via requests
-cffi==1.15.1 \
- --hash=sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5 \
- --hash=sha256:03425bdae262c76aad70202debd780501fabeaca237cdfddc008987c0e0f59ef \
- --hash=sha256:04ed324bda3cda42b9b695d51bb7d54b680b9719cfab04227cdd1e04e5de3104 \
- --hash=sha256:0e2642fe3142e4cc4af0799748233ad6da94c62a8bec3a6648bf8ee68b1c7426 \
- --hash=sha256:173379135477dc8cac4bc58f45db08ab45d228b3363adb7af79436135d028405 \
- --hash=sha256:198caafb44239b60e252492445da556afafc7d1e3ab7a1fb3f0584ef6d742375 \
- --hash=sha256:1e74c6b51a9ed6589199c787bf5f9875612ca4a8a0785fb2d4a84429badaf22a \
- --hash=sha256:2012c72d854c2d03e45d06ae57f40d78e5770d252f195b93f581acf3ba44496e \
- --hash=sha256:21157295583fe8943475029ed5abdcf71eb3911894724e360acff1d61c1d54bc \
- --hash=sha256:2470043b93ff09bf8fb1d46d1cb756ce6132c54826661a32d4e4d132e1977adf \
- --hash=sha256:285d29981935eb726a4399badae8f0ffdff4f5050eaa6d0cfc3f64b857b77185 \
- --hash=sha256:30d78fbc8ebf9c92c9b7823ee18eb92f2e6ef79b45ac84db507f52fbe3ec4497 \
- --hash=sha256:320dab6e7cb2eacdf0e658569d2575c4dad258c0fcc794f46215e1e39f90f2c3 \
- --hash=sha256:33ab79603146aace82c2427da5ca6e58f2b3f2fb5da893ceac0c42218a40be35 \
- --hash=sha256:3548db281cd7d2561c9ad9984681c95f7b0e38881201e157833a2342c30d5e8c \
- --hash=sha256:3799aecf2e17cf585d977b780ce79ff0dc9b78d799fc694221ce814c2c19db83 \
- --hash=sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 \
- --hash=sha256:3b926aa83d1edb5aa5b427b4053dc420ec295a08e40911296b9eb1b6170f6cca \
- --hash=sha256:3bcde07039e586f91b45c88f8583ea7cf7a0770df3a1649627bf598332cb6984 \
- --hash=sha256:3d08afd128ddaa624a48cf2b859afef385b720bb4b43df214f85616922e6a5ac \
- --hash=sha256:3eb6971dcff08619f8d91607cfc726518b6fa2a9eba42856be181c6d0d9515fd \
- --hash=sha256:40f4774f5a9d4f5e344f31a32b5096977b5d48560c5592e2f3d2c4374bd543ee \
- --hash=sha256:4289fc34b2f5316fbb762d75362931e351941fa95fa18789191b33fc4cf9504a \
- --hash=sha256:470c103ae716238bbe698d67ad020e1db9d9dba34fa5a899b5e21577e6d52ed2 \
- --hash=sha256:4f2c9f67e9821cad2e5f480bc8d83b8742896f1242dba247911072d4fa94c192 \
- --hash=sha256:50a74364d85fd319352182ef59c5c790484a336f6db772c1a9231f1c3ed0cbd7 \
- --hash=sha256:54a2db7b78338edd780e7ef7f9f6c442500fb0d41a5a4ea24fff1c929d5af585 \
- --hash=sha256:5635bd9cb9731e6d4a1132a498dd34f764034a8ce60cef4f5319c0541159392f \
- --hash=sha256:59c0b02d0a6c384d453fece7566d1c7e6b7bae4fc5874ef2ef46d56776d61c9e \
- --hash=sha256:5d598b938678ebf3c67377cdd45e09d431369c3b1a5b331058c338e201f12b27 \
- --hash=sha256:5df2768244d19ab7f60546d0c7c63ce1581f7af8b5de3eb3004b9b6fc8a9f84b \
- --hash=sha256:5ef34d190326c3b1f822a5b7a45f6c4535e2f47ed06fec77d3d799c450b2651e \
- --hash=sha256:6975a3fac6bc83c4a65c9f9fcab9e47019a11d3d2cf7f3c0d03431bf145a941e \
- --hash=sha256:6c9a799e985904922a4d207a94eae35c78ebae90e128f0c4e521ce339396be9d \
- --hash=sha256:70df4e3b545a17496c9b3f41f5115e69a4f2e77e94e1d2a8e1070bc0c38c8a3c \
- --hash=sha256:7473e861101c9e72452f9bf8acb984947aa1661a7704553a9f6e4baa5ba64415 \
- --hash=sha256:8102eaf27e1e448db915d08afa8b41d6c7ca7a04b7d73af6514df10a3e74bd82 \
- --hash=sha256:87c450779d0914f2861b8526e035c5e6da0a3199d8f1add1a665e1cbc6fc6d02 \
- --hash=sha256:8b7ee99e510d7b66cdb6c593f21c043c248537a32e0bedf02e01e9553a172314 \
- --hash=sha256:91fc98adde3d7881af9b59ed0294046f3806221863722ba7d8d120c575314325 \
- --hash=sha256:94411f22c3985acaec6f83c6df553f2dbe17b698cc7f8ae751ff2237d96b9e3c \
- --hash=sha256:98d85c6a2bef81588d9227dde12db8a7f47f639f4a17c9ae08e773aa9c697bf3 \
- --hash=sha256:9ad5db27f9cabae298d151c85cf2bad1d359a1b9c686a275df03385758e2f914 \
- --hash=sha256:a0b71b1b8fbf2b96e41c4d990244165e2c9be83d54962a9a1d118fd8657d2045 \
- --hash=sha256:a0f100c8912c114ff53e1202d0078b425bee3649ae34d7b070e9697f93c5d52d \
- --hash=sha256:a591fe9e525846e4d154205572a029f653ada1a78b93697f3b5a8f1f2bc055b9 \
- --hash=sha256:a5c84c68147988265e60416b57fc83425a78058853509c1b0629c180094904a5 \
- --hash=sha256:a66d3508133af6e8548451b25058d5812812ec3798c886bf38ed24a98216fab2 \
- --hash=sha256:a8c4917bd7ad33e8eb21e9a5bbba979b49d9a97acb3a803092cbc1133e20343c \
- --hash=sha256:b3bbeb01c2b273cca1e1e0c5df57f12dce9a4dd331b4fa1635b8bec26350bde3 \
- --hash=sha256:cba9d6b9a7d64d4bd46167096fc9d2f835e25d7e4c121fb2ddfc6528fb0413b2 \
- --hash=sha256:cc4d65aeeaa04136a12677d3dd0b1c0c94dc43abac5860ab33cceb42b801c1e8 \
- --hash=sha256:ce4bcc037df4fc5e3d184794f27bdaab018943698f4ca31630bc7f84a7b69c6d \
- --hash=sha256:cec7d9412a9102bdc577382c3929b337320c4c4c4849f2c5cdd14d7368c5562d \
- --hash=sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9 \
- --hash=sha256:d61f4695e6c866a23a21acab0509af1cdfd2c013cf256bbf5b6b5e2695827162 \
- --hash=sha256:db0fbb9c62743ce59a9ff687eb5f4afbe77e5e8403d6697f7446e5f609976f76 \
- --hash=sha256:dd86c085fae2efd48ac91dd7ccffcfc0571387fe1193d33b6394db7ef31fe2a4 \
- --hash=sha256:e00b098126fd45523dd056d2efba6c5a63b71ffe9f2bbe1a4fe1716e1d0c331e \
- --hash=sha256:e229a521186c75c8ad9490854fd8bbdd9a0c9aa3a524326b55be83b54d4e0ad9 \
- --hash=sha256:e263d77ee3dd201c3a142934a086a4450861778baaeeb45db4591ef65550b0a6 \
- --hash=sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b \
- --hash=sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01 \
- --hash=sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0
+cffi==1.16.0 \
+ --hash=sha256:0c9ef6ff37e974b73c25eecc13952c55bceed9112be2d9d938ded8e856138bcc \
+ --hash=sha256:131fd094d1065b19540c3d72594260f118b231090295d8c34e19a7bbcf2e860a \
+ --hash=sha256:1b8ebc27c014c59692bb2664c7d13ce7a6e9a629be20e54e7271fa696ff2b417 \
+ --hash=sha256:2c56b361916f390cd758a57f2e16233eb4f64bcbeee88a4881ea90fca14dc6ab \
+ --hash=sha256:2d92b25dbf6cae33f65005baf472d2c245c050b1ce709cc4588cdcdd5495b520 \
+ --hash=sha256:31d13b0f99e0836b7ff893d37af07366ebc90b678b6664c955b54561fc36ef36 \
+ --hash=sha256:32c68ef735dbe5857c810328cb2481e24722a59a2003018885514d4c09af9743 \
+ --hash=sha256:3686dffb02459559c74dd3d81748269ffb0eb027c39a6fc99502de37d501faa8 \
+ --hash=sha256:582215a0e9adbe0e379761260553ba11c58943e4bbe9c36430c4ca6ac74b15ed \
+ --hash=sha256:5b50bf3f55561dac5438f8e70bfcdfd74543fd60df5fa5f62d94e5867deca684 \
+ --hash=sha256:5bf44d66cdf9e893637896c7faa22298baebcd18d1ddb6d2626a6e39793a1d56 \
+ --hash=sha256:6602bc8dc6f3a9e02b6c22c4fc1e47aa50f8f8e6d3f78a5e16ac33ef5fefa324 \
+ --hash=sha256:673739cb539f8cdaa07d92d02efa93c9ccf87e345b9a0b556e3ecc666718468d \
+ --hash=sha256:68678abf380b42ce21a5f2abde8efee05c114c2fdb2e9eef2efdb0257fba1235 \
+ --hash=sha256:68e7c44931cc171c54ccb702482e9fc723192e88d25a0e133edd7aff8fcd1f6e \
+ --hash=sha256:6b3d6606d369fc1da4fd8c357d026317fbb9c9b75d36dc16e90e84c26854b088 \
+ --hash=sha256:748dcd1e3d3d7cd5443ef03ce8685043294ad6bd7c02a38d1bd367cfd968e000 \
+ --hash=sha256:7651c50c8c5ef7bdb41108b7b8c5a83013bfaa8a935590c5d74627c047a583c7 \
+ --hash=sha256:7b78010e7b97fef4bee1e896df8a4bbb6712b7f05b7ef630f9d1da00f6444d2e \
+ --hash=sha256:7e61e3e4fa664a8588aa25c883eab612a188c725755afff6289454d6362b9673 \
+ --hash=sha256:80876338e19c951fdfed6198e70bc88f1c9758b94578d5a7c4c91a87af3cf31c \
+ --hash=sha256:8895613bcc094d4a1b2dbe179d88d7fb4a15cee43c052e8885783fac397d91fe \
+ --hash=sha256:88e2b3c14bdb32e440be531ade29d3c50a1a59cd4e51b1dd8b0865c54ea5d2e2 \
+ --hash=sha256:8f8e709127c6c77446a8c0a8c8bf3c8ee706a06cd44b1e827c3e6a2ee6b8c098 \
+ --hash=sha256:9cb4a35b3642fc5c005a6755a5d17c6c8b6bcb6981baf81cea8bfbc8903e8ba8 \
+ --hash=sha256:9f90389693731ff1f659e55c7d1640e2ec43ff725cc61b04b2f9c6d8d017df6a \
+ --hash=sha256:a09582f178759ee8128d9270cd1344154fd473bb77d94ce0aeb2a93ebf0feaf0 \
+ --hash=sha256:a6a14b17d7e17fa0d207ac08642c8820f84f25ce17a442fd15e27ea18d67c59b \
+ --hash=sha256:a72e8961a86d19bdb45851d8f1f08b041ea37d2bd8d4fd19903bc3083d80c896 \
+ --hash=sha256:abd808f9c129ba2beda4cfc53bde801e5bcf9d6e0f22f095e45327c038bfe68e \
+ --hash=sha256:ac0f5edd2360eea2f1daa9e26a41db02dd4b0451b48f7c318e217ee092a213e9 \
+ --hash=sha256:b29ebffcf550f9da55bec9e02ad430c992a87e5f512cd63388abb76f1036d8d2 \
+ --hash=sha256:b2ca4e77f9f47c55c194982e10f058db063937845bb2b7a86c84a6cfe0aefa8b \
+ --hash=sha256:b7be2d771cdba2942e13215c4e340bfd76398e9227ad10402a8767ab1865d2e6 \
+ --hash=sha256:b84834d0cf97e7d27dd5b7f3aca7b6e9263c56308ab9dc8aae9784abb774d404 \
+ --hash=sha256:b86851a328eedc692acf81fb05444bdf1891747c25af7529e39ddafaf68a4f3f \
+ --hash=sha256:bcb3ef43e58665bbda2fb198698fcae6776483e0c4a631aa5647806c25e02cc0 \
+ --hash=sha256:c0f31130ebc2d37cdd8e44605fb5fa7ad59049298b3f745c74fa74c62fbfcfc4 \
+ --hash=sha256:c6a164aa47843fb1b01e941d385aab7215563bb8816d80ff3a363a9f8448a8dc \
+ --hash=sha256:d8a9d3ebe49f084ad71f9269834ceccbf398253c9fac910c4fd7053ff1386936 \
+ --hash=sha256:db8e577c19c0fda0beb7e0d4e09e0ba74b1e4c092e0e40bfa12fe05b6f6d75ba \
+ --hash=sha256:dc9b18bf40cc75f66f40a7379f6a9513244fe33c0e8aa72e2d56b0196a7ef872 \
+ --hash=sha256:e09f3ff613345df5e8c3667da1d918f9149bd623cd9070c983c013792a9a62eb \
+ --hash=sha256:e4108df7fe9b707191e55f33efbcb2d81928e10cea45527879a4749cbe472614 \
+ --hash=sha256:e6024675e67af929088fda399b2094574609396b1decb609c55fa58b028a32a1 \
+ --hash=sha256:e70f54f1796669ef691ca07d046cd81a29cb4deb1e5f942003f401c0c4a2695d \
+ --hash=sha256:e715596e683d2ce000574bae5d07bd522c781a822866c20495e52520564f0969 \
+ --hash=sha256:e760191dd42581e023a68b758769e2da259b5d52e3103c6060ddc02c9edb8d7b \
+ --hash=sha256:ed86a35631f7bfbb28e108dd96773b9d5a6ce4811cf6ea468bb6a359b256b1e4 \
+ --hash=sha256:ee07e47c12890ef248766a6e55bd38ebfb2bb8edd4142d56db91b21ea68b7627 \
+ --hash=sha256:fa3a0128b152627161ce47201262d3140edb5a5c3da88d73a1b790a959126956 \
+ --hash=sha256:fcc8eb6d5902bb1cf6dc4f187ee3ea80a1eba0a89aba40a5cb20a5087d961357
# via cryptography
charset-normalizer==2.1.1 \
--hash=sha256:5a3d016c7c547f69d6f81fb0db9449ce888b418b5b9952cc5e6e66843e9dd845 \
@@ -109,76 +93,83 @@ colorlog==6.7.0 \
# via
# gcp-docuploader
# nox
-commonmark==0.9.1 \
- --hash=sha256:452f9dc859be7f06631ddcb328b6919c67984aca654e5fefb3914d54691aed60 \
- --hash=sha256:da2f38c92590f83de410ba1a3cbceafbc74fee9def35f9251ba9a971d6d66fd9
- # via rich
-cryptography==39.0.1 \
- --hash=sha256:0f8da300b5c8af9f98111ffd512910bc792b4c77392a9523624680f7956a99d4 \
- --hash=sha256:35f7c7d015d474f4011e859e93e789c87d21f6f4880ebdc29896a60403328f1f \
- --hash=sha256:5aa67414fcdfa22cf052e640cb5ddc461924a045cacf325cd164e65312d99502 \
- --hash=sha256:5d2d8b87a490bfcd407ed9d49093793d0f75198a35e6eb1a923ce1ee86c62b41 \
- --hash=sha256:6687ef6d0a6497e2b58e7c5b852b53f62142cfa7cd1555795758934da363a965 \
- --hash=sha256:6f8ba7f0328b79f08bdacc3e4e66fb4d7aab0c3584e0bd41328dce5262e26b2e \
- --hash=sha256:706843b48f9a3f9b9911979761c91541e3d90db1ca905fd63fee540a217698bc \
- --hash=sha256:807ce09d4434881ca3a7594733669bd834f5b2c6d5c7e36f8c00f691887042ad \
- --hash=sha256:83e17b26de248c33f3acffb922748151d71827d6021d98c70e6c1a25ddd78505 \
- --hash=sha256:96f1157a7c08b5b189b16b47bc9db2332269d6680a196341bf30046330d15388 \
- --hash=sha256:aec5a6c9864be7df2240c382740fcf3b96928c46604eaa7f3091f58b878c0bb6 \
- --hash=sha256:b0afd054cd42f3d213bf82c629efb1ee5f22eba35bf0eec88ea9ea7304f511a2 \
- --hash=sha256:ced4e447ae29ca194449a3f1ce132ded8fcab06971ef5f618605aacaa612beac \
- --hash=sha256:d1f6198ee6d9148405e49887803907fe8962a23e6c6f83ea7d98f1c0de375695 \
- --hash=sha256:e124352fd3db36a9d4a21c1aa27fd5d051e621845cb87fb851c08f4f75ce8be6 \
- --hash=sha256:e422abdec8b5fa8462aa016786680720d78bdce7a30c652b7fadf83a4ba35336 \
- --hash=sha256:ef8b72fa70b348724ff1218267e7f7375b8de4e8194d1636ee60510aae104cd0 \
- --hash=sha256:f0c64d1bd842ca2633e74a1a28033d139368ad959872533b1bab8c80e8240a0c \
- --hash=sha256:f24077a3b5298a5a06a8e0536e3ea9ec60e4c7ac486755e5fb6e6ea9b3500106 \
- --hash=sha256:fdd188c8a6ef8769f148f88f859884507b954cc64db6b52f66ef199bb9ad660a \
- --hash=sha256:fe913f20024eb2cb2f323e42a64bdf2911bb9738a15dba7d3cce48151034e3a8
+cryptography==42.0.0 \
+ --hash=sha256:0a68bfcf57a6887818307600c3c0ebc3f62fbb6ccad2240aa21887cda1f8df1b \
+ --hash=sha256:146e971e92a6dd042214b537a726c9750496128453146ab0ee8971a0299dc9bd \
+ --hash=sha256:14e4b909373bc5bf1095311fa0f7fcabf2d1a160ca13f1e9e467be1ac4cbdf94 \
+ --hash=sha256:206aaf42e031b93f86ad60f9f5d9da1b09164f25488238ac1dc488334eb5e221 \
+ --hash=sha256:3005166a39b70c8b94455fdbe78d87a444da31ff70de3331cdec2c568cf25b7e \
+ --hash=sha256:324721d93b998cb7367f1e6897370644751e5580ff9b370c0a50dc60a2003513 \
+ --hash=sha256:33588310b5c886dfb87dba5f013b8d27df7ffd31dc753775342a1e5ab139e59d \
+ --hash=sha256:35cf6ed4c38f054478a9df14f03c1169bb14bd98f0b1705751079b25e1cb58bc \
+ --hash=sha256:3ca482ea80626048975360c8e62be3ceb0f11803180b73163acd24bf014133a0 \
+ --hash=sha256:56ce0c106d5c3fec1038c3cca3d55ac320a5be1b44bf15116732d0bc716979a2 \
+ --hash=sha256:5a217bca51f3b91971400890905a9323ad805838ca3fa1e202a01844f485ee87 \
+ --hash=sha256:678cfa0d1e72ef41d48993a7be75a76b0725d29b820ff3cfd606a5b2b33fda01 \
+ --hash=sha256:69fd009a325cad6fbfd5b04c711a4da563c6c4854fc4c9544bff3088387c77c0 \
+ --hash=sha256:6cf9b76d6e93c62114bd19485e5cb003115c134cf9ce91f8ac924c44f8c8c3f4 \
+ --hash=sha256:74f18a4c8ca04134d2052a140322002fef535c99cdbc2a6afc18a8024d5c9d5b \
+ --hash=sha256:85f759ed59ffd1d0baad296e72780aa62ff8a71f94dc1ab340386a1207d0ea81 \
+ --hash=sha256:87086eae86a700307b544625e3ba11cc600c3c0ef8ab97b0fda0705d6db3d4e3 \
+ --hash=sha256:8814722cffcfd1fbd91edd9f3451b88a8f26a5fd41b28c1c9193949d1c689dc4 \
+ --hash=sha256:8fedec73d590fd30c4e3f0d0f4bc961aeca8390c72f3eaa1a0874d180e868ddf \
+ --hash=sha256:9515ea7f596c8092fdc9902627e51b23a75daa2c7815ed5aa8cf4f07469212ec \
+ --hash=sha256:988b738f56c665366b1e4bfd9045c3efae89ee366ca3839cd5af53eaa1401bce \
+ --hash=sha256:a2a8d873667e4fd2f34aedab02ba500b824692c6542e017075a2efc38f60a4c0 \
+ --hash=sha256:bd7cf7a8d9f34cc67220f1195884151426ce616fdc8285df9054bfa10135925f \
+ --hash=sha256:bdce70e562c69bb089523e75ef1d9625b7417c6297a76ac27b1b8b1eb51b7d0f \
+ --hash=sha256:be14b31eb3a293fc6e6aa2807c8a3224c71426f7c4e3639ccf1a2f3ffd6df8c3 \
+ --hash=sha256:be41b0c7366e5549265adf2145135dca107718fa44b6e418dc7499cfff6b4689 \
+ --hash=sha256:c310767268d88803b653fffe6d6f2f17bb9d49ffceb8d70aed50ad45ea49ab08 \
+ --hash=sha256:c58115384bdcfe9c7f644c72f10f6f42bed7cf59f7b52fe1bf7ae0a622b3a139 \
+ --hash=sha256:c640b0ef54138fde761ec99a6c7dc4ce05e80420262c20fa239e694ca371d434 \
+ --hash=sha256:ca20550bb590db16223eb9ccc5852335b48b8f597e2f6f0878bbfd9e7314eb17 \
+ --hash=sha256:d97aae66b7de41cdf5b12087b5509e4e9805ed6f562406dfcf60e8481a9a28f8 \
+ --hash=sha256:e9326ca78111e4c645f7e49cbce4ed2f3f85e17b61a563328c85a5208cf34440
# via
# gcp-releasetool
# secretstorage
-distlib==0.3.6 \
- --hash=sha256:14bad2d9b04d3a36127ac97f30b12a19268f211063d8f8ee4f47108896e11b46 \
- --hash=sha256:f35c4b692542ca110de7ef0bea44d73981caeb34ca0b9b6b2e6d7790dda8f80e
+distlib==0.3.7 \
+ --hash=sha256:2e24928bc811348f0feb63014e97aaae3037f2cf48712d51ae61df7fd6075057 \
+ --hash=sha256:9dafe54b34a028eafd95039d5e5d4851a13734540f1331060d31c9916e7147a8
# via virtualenv
-docutils==0.19 \
- --hash=sha256:33995a6753c30b7f577febfc2c50411fec6aac7f7ffeb7c4cfe5991072dcf9e6 \
- --hash=sha256:5e1de4d849fee02c63b040a4a3fd567f4ab104defd8a5511fbbc24a8a017efbc
+docutils==0.20.1 \
+ --hash=sha256:96f387a2c5562db4476f09f13bbab2192e764cac08ebbf3a34a95d9b1e4a59d6 \
+ --hash=sha256:f08a4e276c3a1583a86dce3e34aba3fe04d02bba2dd51ed16106244e8a923e3b
# via readme-renderer
-filelock==3.8.0 \
- --hash=sha256:55447caa666f2198c5b6b13a26d2084d26fa5b115c00d065664b2124680c4edc \
- --hash=sha256:617eb4e5eedc82fc5f47b6d61e4d11cb837c56cb4544e39081099fa17ad109d4
+filelock==3.13.1 \
+ --hash=sha256:521f5f56c50f8426f5e03ad3b281b490a87ef15bc6c526f168290f0c7148d44e \
+ --hash=sha256:57dbda9b35157b05fb3e58ee91448612eb674172fab98ee235ccb0b5bee19a1c
# via virtualenv
-gcp-docuploader==0.6.4 \
- --hash=sha256:01486419e24633af78fd0167db74a2763974765ee8078ca6eb6964d0ebd388af \
- --hash=sha256:70861190c123d907b3b067da896265ead2eeb9263969d6955c9e0bb091b5ccbf
+gcp-docuploader==0.6.5 \
+ --hash=sha256:30221d4ac3e5a2b9c69aa52fdbef68cc3f27d0e6d0d90e220fc024584b8d2318 \
+ --hash=sha256:b7458ef93f605b9d46a4bf3a8dc1755dad1f31d030c8679edf304e343b347eea
# via -r requirements.in
-gcp-releasetool==1.10.5 \
- --hash=sha256:174b7b102d704b254f2a26a3eda2c684fd3543320ec239baf771542a2e58e109 \
- --hash=sha256:e29d29927fe2ca493105a82958c6873bb2b90d503acac56be2c229e74de0eec9
+gcp-releasetool==1.16.0 \
+ --hash=sha256:27bf19d2e87aaa884096ff941aa3c592c482be3d6a2bfe6f06afafa6af2353e3 \
+ --hash=sha256:a316b197a543fd036209d0caba7a8eb4d236d8e65381c80cbc6d7efaa7606d63
# via -r requirements.in
-google-api-core==2.10.2 \
- --hash=sha256:10c06f7739fe57781f87523375e8e1a3a4674bf6392cd6131a3222182b971320 \
- --hash=sha256:34f24bd1d5f72a8c4519773d99ca6bf080a6c4e041b4e9f024fe230191dda62e
+google-api-core==2.12.0 \
+ --hash=sha256:c22e01b1e3c4dcd90998494879612c38d0a3411d1f7b679eb89e2abe3ce1f553 \
+ --hash=sha256:ec6054f7d64ad13b41e43d96f735acbd763b0f3b695dabaa2d579673f6a6e160
# via
# google-cloud-core
# google-cloud-storage
-google-auth==2.14.1 \
- --hash=sha256:ccaa901f31ad5cbb562615eb8b664b3dd0bf5404a67618e642307f00613eda4d \
- --hash=sha256:f5d8701633bebc12e0deea4df8abd8aff31c28b355360597f7f2ee60f2e4d016
+google-auth==2.23.4 \
+ --hash=sha256:79905d6b1652187def79d491d6e23d0cbb3a21d3c7ba0dbaa9c8a01906b13ff3 \
+ --hash=sha256:d4bbc92fe4b8bfd2f3e8d88e5ba7085935da208ee38a134fc280e7ce682a05f2
# via
# gcp-releasetool
# google-api-core
# google-cloud-core
# google-cloud-storage
-google-cloud-core==2.3.2 \
- --hash=sha256:8417acf6466be2fa85123441696c4badda48db314c607cf1e5d543fa8bdc22fe \
- --hash=sha256:b9529ee7047fd8d4bf4a2182de619154240df17fbe60ead399078c1ae152af9a
+google-cloud-core==2.3.3 \
+ --hash=sha256:37b80273c8d7eee1ae816b3a20ae43585ea50506cb0e60f3cf5be5f87f1373cb \
+ --hash=sha256:fbd11cad3e98a7e5b0343dc07cb1039a5ffd7a5bb96e1f1e27cee4bda4a90863
# via google-cloud-storage
-google-cloud-storage==2.6.0 \
- --hash=sha256:104ca28ae61243b637f2f01455cc8a05e8f15a2a18ced96cb587241cdd3820f5 \
- --hash=sha256:4ad0415ff61abdd8bb2ae81c1f8f7ec7d91a1011613f2db87c614c550f97bfe9
+google-cloud-storage==2.13.0 \
+ --hash=sha256:ab0bf2e1780a1b74cf17fccb13788070b729f50c252f0c94ada2aae0ca95437d \
+ --hash=sha256:f62dc4c7b6cd4360d072e3deb28035fbdad491ac3d9b0b1815a12daea10f37c7
# via gcp-docuploader
google-crc32c==1.5.0 \
--hash=sha256:024894d9d3cfbc5943f8f230e23950cd4906b2fe004c72e29b209420a1e6b05a \
@@ -249,29 +240,31 @@ google-crc32c==1.5.0 \
--hash=sha256:f583edb943cf2e09c60441b910d6a20b4d9d626c75a36c8fcac01a6c96c01183 \
--hash=sha256:fd8536e902db7e365f49e7d9029283403974ccf29b13fc7028b97e2295b33556 \
--hash=sha256:fe70e325aa68fa4b5edf7d1a4b6f691eb04bbccac0ace68e34820d283b5f80d4
- # via google-resumable-media
-google-resumable-media==2.4.0 \
- --hash=sha256:2aa004c16d295c8f6c33b2b4788ba59d366677c0a25ae7382436cb30f776deaa \
- --hash=sha256:8d5518502f92b9ecc84ac46779bd4f09694ecb3ba38a3e7ca737a86d15cbca1f
+ # via
+ # google-cloud-storage
+ # google-resumable-media
+google-resumable-media==2.6.0 \
+ --hash=sha256:972852f6c65f933e15a4a210c2b96930763b47197cdf4aa5f5bea435efb626e7 \
+ --hash=sha256:fc03d344381970f79eebb632a3c18bb1828593a2dc5572b5f90115ef7d11e81b
# via google-cloud-storage
-googleapis-common-protos==1.57.0 \
- --hash=sha256:27a849d6205838fb6cc3c1c21cb9800707a661bb21c6ce7fb13e99eb1f8a0c46 \
- --hash=sha256:a9f4a1d7f6d9809657b7f1316a1aa527f6664891531bcfcc13b6696e685f443c
+googleapis-common-protos==1.61.0 \
+ --hash=sha256:22f1915393bb3245343f6efe87f6fe868532efc12aa26b391b15132e1279f1c0 \
+ --hash=sha256:8a64866a97f6304a7179873a465d6eee97b7a24ec6cfd78e0f575e96b821240b
# via google-api-core
idna==3.4 \
--hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 \
--hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2
# via requests
-importlib-metadata==5.0.0 \
- --hash=sha256:da31db32b304314d044d3c12c79bd59e307889b287ad12ff387b3500835fc2ab \
- --hash=sha256:ddb0e35065e8938f867ed4928d0ae5bf2a53b7773871bfe6bcc7e4fcdc7dea43
+importlib-metadata==6.8.0 \
+ --hash=sha256:3ebb78df84a805d7698245025b975d9d67053cd94c79245ba4b3eb694abe68bb \
+ --hash=sha256:dbace7892d8c0c4ac1ad096662232f831d4e64f4c4545bd53016a3e9d4654743
# via
# -r requirements.in
# keyring
# twine
-jaraco-classes==3.2.3 \
- --hash=sha256:2353de3288bc6b82120752201c6b1c1a14b058267fa424ed5ce5984e3b922158 \
- --hash=sha256:89559fa5c1d3c34eff6f631ad80bb21f378dbcbb35dd161fd2c6b93f5be2f98a
+jaraco-classes==3.3.0 \
+ --hash=sha256:10afa92b6743f25c0cf5f37c6bb6e18e2c5bb84a16527ccfc0040ea377e7aaeb \
+ --hash=sha256:c063dd08e89217cee02c8d5e5ec560f2c8ce6cdc2fcdc2e68f7b2e5547ed3621
# via keyring
jeepney==0.8.0 \
--hash=sha256:5efe48d255973902f6badc3ce55e2aa6c5c3b3bc642059ef3a91247bcfcc5806 \
@@ -279,79 +272,125 @@ jeepney==0.8.0 \
# via
# keyring
# secretstorage
-jinja2==3.1.2 \
- --hash=sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852 \
- --hash=sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61
+jinja2==3.1.3 \
+ --hash=sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa \
+ --hash=sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90
# via gcp-releasetool
-keyring==23.11.0 \
- --hash=sha256:3dd30011d555f1345dec2c262f0153f2f0ca6bca041fb1dc4588349bb4c0ac1e \
- --hash=sha256:ad192263e2cdd5f12875dedc2da13534359a7e760e77f8d04b50968a821c2361
+keyring==24.2.0 \
+ --hash=sha256:4901caaf597bfd3bbd78c9a0c7c4c29fcd8310dab2cffefe749e916b6527acd6 \
+ --hash=sha256:ca0746a19ec421219f4d713f848fa297a661a8a8c1504867e55bfb5e09091509
# via
# gcp-releasetool
# twine
-markupsafe==2.1.1 \
- --hash=sha256:0212a68688482dc52b2d45013df70d169f542b7394fc744c02a57374a4207003 \
- --hash=sha256:089cf3dbf0cd6c100f02945abeb18484bd1ee57a079aefd52cffd17fba910b88 \
- --hash=sha256:10c1bfff05d95783da83491be968e8fe789263689c02724e0c691933c52994f5 \
- --hash=sha256:33b74d289bd2f5e527beadcaa3f401e0df0a89927c1559c8566c066fa4248ab7 \
- --hash=sha256:3799351e2336dc91ea70b034983ee71cf2f9533cdff7c14c90ea126bfd95d65a \
- --hash=sha256:3ce11ee3f23f79dbd06fb3d63e2f6af7b12db1d46932fe7bd8afa259a5996603 \
- --hash=sha256:421be9fbf0ffe9ffd7a378aafebbf6f4602d564d34be190fc19a193232fd12b1 \
- --hash=sha256:43093fb83d8343aac0b1baa75516da6092f58f41200907ef92448ecab8825135 \
- --hash=sha256:46d00d6cfecdde84d40e572d63735ef81423ad31184100411e6e3388d405e247 \
- --hash=sha256:4a33dea2b688b3190ee12bd7cfa29d39c9ed176bda40bfa11099a3ce5d3a7ac6 \
- --hash=sha256:4b9fe39a2ccc108a4accc2676e77da025ce383c108593d65cc909add5c3bd601 \
- --hash=sha256:56442863ed2b06d19c37f94d999035e15ee982988920e12a5b4ba29b62ad1f77 \
- --hash=sha256:671cd1187ed5e62818414afe79ed29da836dde67166a9fac6d435873c44fdd02 \
- --hash=sha256:694deca8d702d5db21ec83983ce0bb4b26a578e71fbdbd4fdcd387daa90e4d5e \
- --hash=sha256:6a074d34ee7a5ce3effbc526b7083ec9731bb3cbf921bbe1d3005d4d2bdb3a63 \
- --hash=sha256:6d0072fea50feec76a4c418096652f2c3238eaa014b2f94aeb1d56a66b41403f \
- --hash=sha256:6fbf47b5d3728c6aea2abb0589b5d30459e369baa772e0f37a0320185e87c980 \
- --hash=sha256:7f91197cc9e48f989d12e4e6fbc46495c446636dfc81b9ccf50bb0ec74b91d4b \
- --hash=sha256:86b1f75c4e7c2ac2ccdaec2b9022845dbb81880ca318bb7a0a01fbf7813e3812 \
- --hash=sha256:8dc1c72a69aa7e082593c4a203dcf94ddb74bb5c8a731e4e1eb68d031e8498ff \
- --hash=sha256:8e3dcf21f367459434c18e71b2a9532d96547aef8a871872a5bd69a715c15f96 \
- --hash=sha256:8e576a51ad59e4bfaac456023a78f6b5e6e7651dcd383bcc3e18d06f9b55d6d1 \
- --hash=sha256:96e37a3dc86e80bf81758c152fe66dbf60ed5eca3d26305edf01892257049925 \
- --hash=sha256:97a68e6ada378df82bc9f16b800ab77cbf4b2fada0081794318520138c088e4a \
- --hash=sha256:99a2a507ed3ac881b975a2976d59f38c19386d128e7a9a18b7df6fff1fd4c1d6 \
- --hash=sha256:a49907dd8420c5685cfa064a1335b6754b74541bbb3706c259c02ed65b644b3e \
- --hash=sha256:b09bf97215625a311f669476f44b8b318b075847b49316d3e28c08e41a7a573f \
- --hash=sha256:b7bd98b796e2b6553da7225aeb61f447f80a1ca64f41d83612e6139ca5213aa4 \
- --hash=sha256:b87db4360013327109564f0e591bd2a3b318547bcef31b468a92ee504d07ae4f \
- --hash=sha256:bcb3ed405ed3222f9904899563d6fc492ff75cce56cba05e32eff40e6acbeaa3 \
- --hash=sha256:d4306c36ca495956b6d568d276ac11fdd9c30a36f1b6eb928070dc5360b22e1c \
- --hash=sha256:d5ee4f386140395a2c818d149221149c54849dfcfcb9f1debfe07a8b8bd63f9a \
- --hash=sha256:dda30ba7e87fbbb7eab1ec9f58678558fd9a6b8b853530e176eabd064da81417 \
- --hash=sha256:e04e26803c9c3851c931eac40c695602c6295b8d432cbe78609649ad9bd2da8a \
- --hash=sha256:e1c0b87e09fa55a220f058d1d49d3fb8df88fbfab58558f1198e08c1e1de842a \
- --hash=sha256:e72591e9ecd94d7feb70c1cbd7be7b3ebea3f548870aa91e2732960fa4d57a37 \
- --hash=sha256:e8c843bbcda3a2f1e3c2ab25913c80a3c5376cd00c6e8c4a86a89a28c8dc5452 \
- --hash=sha256:efc1913fd2ca4f334418481c7e595c00aad186563bbc1ec76067848c7ca0a933 \
- --hash=sha256:f121a1420d4e173a5d96e47e9a0c0dcff965afdf1626d28de1460815f7c4ee7a \
- --hash=sha256:fc7b548b17d238737688817ab67deebb30e8073c95749d55538ed473130ec0c7
+markdown-it-py==3.0.0 \
+ --hash=sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1 \
+ --hash=sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb
+ # via rich
+markupsafe==2.1.3 \
+ --hash=sha256:05fb21170423db021895e1ea1e1f3ab3adb85d1c2333cbc2310f2a26bc77272e \
+ --hash=sha256:0a4e4a1aff6c7ac4cd55792abf96c915634c2b97e3cc1c7129578aa68ebd754e \
+ --hash=sha256:10bbfe99883db80bdbaff2dcf681dfc6533a614f700da1287707e8a5d78a8431 \
+ --hash=sha256:134da1eca9ec0ae528110ccc9e48041e0828d79f24121a1a146161103c76e686 \
+ --hash=sha256:14ff806850827afd6b07a5f32bd917fb7f45b046ba40c57abdb636674a8b559c \
+ --hash=sha256:1577735524cdad32f9f694208aa75e422adba74f1baee7551620e43a3141f559 \
+ --hash=sha256:1b40069d487e7edb2676d3fbdb2b0829ffa2cd63a2ec26c4938b2d34391b4ecc \
+ --hash=sha256:1b8dd8c3fd14349433c79fa8abeb573a55fc0fdd769133baac1f5e07abf54aeb \
+ --hash=sha256:1f67c7038d560d92149c060157d623c542173016c4babc0c1913cca0564b9939 \
+ --hash=sha256:282c2cb35b5b673bbcadb33a585408104df04f14b2d9b01d4c345a3b92861c2c \
+ --hash=sha256:2c1b19b3aaacc6e57b7e25710ff571c24d6c3613a45e905b1fde04d691b98ee0 \
+ --hash=sha256:2ef12179d3a291be237280175b542c07a36e7f60718296278d8593d21ca937d4 \
+ --hash=sha256:338ae27d6b8745585f87218a3f23f1512dbf52c26c28e322dbe54bcede54ccb9 \
+ --hash=sha256:3c0fae6c3be832a0a0473ac912810b2877c8cb9d76ca48de1ed31e1c68386575 \
+ --hash=sha256:3fd4abcb888d15a94f32b75d8fd18ee162ca0c064f35b11134be77050296d6ba \
+ --hash=sha256:42de32b22b6b804f42c5d98be4f7e5e977ecdd9ee9b660fda1a3edf03b11792d \
+ --hash=sha256:47d4f1c5f80fc62fdd7777d0d40a2e9dda0a05883ab11374334f6c4de38adffd \
+ --hash=sha256:504b320cd4b7eff6f968eddf81127112db685e81f7e36e75f9f84f0df46041c3 \
+ --hash=sha256:525808b8019e36eb524b8c68acdd63a37e75714eac50e988180b169d64480a00 \
+ --hash=sha256:56d9f2ecac662ca1611d183feb03a3fa4406469dafe241673d521dd5ae92a155 \
+ --hash=sha256:5bbe06f8eeafd38e5d0a4894ffec89378b6c6a625ff57e3028921f8ff59318ac \
+ --hash=sha256:65c1a9bcdadc6c28eecee2c119465aebff8f7a584dd719facdd9e825ec61ab52 \
+ --hash=sha256:68e78619a61ecf91e76aa3e6e8e33fc4894a2bebe93410754bd28fce0a8a4f9f \
+ --hash=sha256:69c0f17e9f5a7afdf2cc9fb2d1ce6aabdb3bafb7f38017c0b77862bcec2bbad8 \
+ --hash=sha256:6b2b56950d93e41f33b4223ead100ea0fe11f8e6ee5f641eb753ce4b77a7042b \
+ --hash=sha256:715d3562f79d540f251b99ebd6d8baa547118974341db04f5ad06d5ea3eb8007 \
+ --hash=sha256:787003c0ddb00500e49a10f2844fac87aa6ce977b90b0feaaf9de23c22508b24 \
+ --hash=sha256:7ef3cb2ebbf91e330e3bb937efada0edd9003683db6b57bb108c4001f37a02ea \
+ --hash=sha256:8023faf4e01efadfa183e863fefde0046de576c6f14659e8782065bcece22198 \
+ --hash=sha256:8758846a7e80910096950b67071243da3e5a20ed2546e6392603c096778d48e0 \
+ --hash=sha256:8afafd99945ead6e075b973fefa56379c5b5c53fd8937dad92c662da5d8fd5ee \
+ --hash=sha256:8c41976a29d078bb235fea9b2ecd3da465df42a562910f9022f1a03107bd02be \
+ --hash=sha256:8e254ae696c88d98da6555f5ace2279cf7cd5b3f52be2b5cf97feafe883b58d2 \
+ --hash=sha256:8f9293864fe09b8149f0cc42ce56e3f0e54de883a9de90cd427f191c346eb2e1 \
+ --hash=sha256:9402b03f1a1b4dc4c19845e5c749e3ab82d5078d16a2a4c2cd2df62d57bb0707 \
+ --hash=sha256:962f82a3086483f5e5f64dbad880d31038b698494799b097bc59c2edf392fce6 \
+ --hash=sha256:9aad3c1755095ce347e26488214ef77e0485a3c34a50c5a5e2471dff60b9dd9c \
+ --hash=sha256:9dcdfd0eaf283af041973bff14a2e143b8bd64e069f4c383416ecd79a81aab58 \
+ --hash=sha256:aa57bd9cf8ae831a362185ee444e15a93ecb2e344c8e52e4d721ea3ab6ef1823 \
+ --hash=sha256:aa7bd130efab1c280bed0f45501b7c8795f9fdbeb02e965371bbef3523627779 \
+ --hash=sha256:ab4a0df41e7c16a1392727727e7998a467472d0ad65f3ad5e6e765015df08636 \
+ --hash=sha256:ad9e82fb8f09ade1c3e1b996a6337afac2b8b9e365f926f5a61aacc71adc5b3c \
+ --hash=sha256:af598ed32d6ae86f1b747b82783958b1a4ab8f617b06fe68795c7f026abbdcad \
+ --hash=sha256:b076b6226fb84157e3f7c971a47ff3a679d837cf338547532ab866c57930dbee \
+ --hash=sha256:b7ff0f54cb4ff66dd38bebd335a38e2c22c41a8ee45aa608efc890ac3e3931bc \
+ --hash=sha256:bfce63a9e7834b12b87c64d6b155fdd9b3b96191b6bd334bf37db7ff1fe457f2 \
+ --hash=sha256:c011a4149cfbcf9f03994ec2edffcb8b1dc2d2aede7ca243746df97a5d41ce48 \
+ --hash=sha256:c9c804664ebe8f83a211cace637506669e7890fec1b4195b505c214e50dd4eb7 \
+ --hash=sha256:ca379055a47383d02a5400cb0d110cef0a776fc644cda797db0c5696cfd7e18e \
+ --hash=sha256:cb0932dc158471523c9637e807d9bfb93e06a95cbf010f1a38b98623b929ef2b \
+ --hash=sha256:cd0f502fe016460680cd20aaa5a76d241d6f35a1c3350c474bac1273803893fa \
+ --hash=sha256:ceb01949af7121f9fc39f7d27f91be8546f3fb112c608bc4029aef0bab86a2a5 \
+ --hash=sha256:d080e0a5eb2529460b30190fcfcc4199bd7f827663f858a226a81bc27beaa97e \
+ --hash=sha256:dd15ff04ffd7e05ffcb7fe79f1b98041b8ea30ae9234aed2a9168b5797c3effb \
+ --hash=sha256:df0be2b576a7abbf737b1575f048c23fb1d769f267ec4358296f31c2479db8f9 \
+ --hash=sha256:e09031c87a1e51556fdcb46e5bd4f59dfb743061cf93c4d6831bf894f125eb57 \
+ --hash=sha256:e4dd52d80b8c83fdce44e12478ad2e85c64ea965e75d66dbeafb0a3e77308fcc \
+ --hash=sha256:f698de3fd0c4e6972b92290a45bd9b1536bffe8c6759c62471efaa8acb4c37bc \
+ --hash=sha256:fec21693218efe39aa7f8599346e90c705afa52c5b31ae019b2e57e8f6542bb2 \
+ --hash=sha256:ffcc3f7c66b5f5b7931a5aa68fc9cecc51e685ef90282f4a82f0f5e9b704ad11
# via jinja2
-more-itertools==9.0.0 \
- --hash=sha256:250e83d7e81d0c87ca6bd942e6aeab8cc9daa6096d12c5308f3f92fa5e5c1f41 \
- --hash=sha256:5a6257e40878ef0520b1803990e3e22303a41b5714006c32a3fd8304b26ea1ab
+mdurl==0.1.2 \
+ --hash=sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8 \
+ --hash=sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba
+ # via markdown-it-py
+more-itertools==10.1.0 \
+ --hash=sha256:626c369fa0eb37bac0291bce8259b332fd59ac792fa5497b59837309cd5b114a \
+ --hash=sha256:64e0735fcfdc6f3464ea133afe8ea4483b1c5fe3a3d69852e6503b43a0b222e6
# via jaraco-classes
-nox==2022.8.7 \
- --hash=sha256:1b894940551dc5c389f9271d197ca5d655d40bdc6ccf93ed6880e4042760a34b \
- --hash=sha256:96cca88779e08282a699d672258ec01eb7c792d35bbbf538c723172bce23212c
+nh3==0.2.14 \
+ --hash=sha256:116c9515937f94f0057ef50ebcbcc10600860065953ba56f14473ff706371873 \
+ --hash=sha256:18415df36db9b001f71a42a3a5395db79cf23d556996090d293764436e98e8ad \
+ --hash=sha256:203cac86e313cf6486704d0ec620a992c8bc164c86d3a4fd3d761dd552d839b5 \
+ --hash=sha256:2b0be5c792bd43d0abef8ca39dd8acb3c0611052ce466d0401d51ea0d9aa7525 \
+ --hash=sha256:377aaf6a9e7c63962f367158d808c6a1344e2b4f83d071c43fbd631b75c4f0b2 \
+ --hash=sha256:525846c56c2bcd376f5eaee76063ebf33cf1e620c1498b2a40107f60cfc6054e \
+ --hash=sha256:5529a3bf99402c34056576d80ae5547123f1078da76aa99e8ed79e44fa67282d \
+ --hash=sha256:7771d43222b639a4cd9e341f870cee336b9d886de1ad9bec8dddab22fe1de450 \
+ --hash=sha256:88c753efbcdfc2644a5012938c6b9753f1c64a5723a67f0301ca43e7b85dcf0e \
+ --hash=sha256:93a943cfd3e33bd03f77b97baa11990148687877b74193bf777956b67054dcc6 \
+ --hash=sha256:9be2f68fb9a40d8440cbf34cbf40758aa7f6093160bfc7fb018cce8e424f0c3a \
+ --hash=sha256:a0c509894fd4dccdff557068e5074999ae3b75f4c5a2d6fb5415e782e25679c4 \
+ --hash=sha256:ac8056e937f264995a82bf0053ca898a1cb1c9efc7cd68fa07fe0060734df7e4 \
+ --hash=sha256:aed56a86daa43966dd790ba86d4b810b219f75b4bb737461b6886ce2bde38fd6 \
+ --hash=sha256:e8986f1dd3221d1e741fda0a12eaa4a273f1d80a35e31a1ffe579e7c621d069e \
+ --hash=sha256:f99212a81c62b5f22f9e7c3e347aa00491114a5647e1f13bbebd79c3e5f08d75
+ # via readme-renderer
+nox==2023.4.22 \
+ --hash=sha256:0b1adc619c58ab4fa57d6ab2e7823fe47a32e70202f287d78474adcc7bda1891 \
+ --hash=sha256:46c0560b0dc609d7d967dc99e22cb463d3c4caf54a5fda735d6c11b5177e3a9f
# via -r requirements.in
-packaging==21.3 \
- --hash=sha256:dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb \
- --hash=sha256:ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522
+packaging==23.2 \
+ --hash=sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 \
+ --hash=sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7
# via
# gcp-releasetool
# nox
-pkginfo==1.8.3 \
- --hash=sha256:848865108ec99d4901b2f7e84058b6e7660aae8ae10164e015a6dcf5b242a594 \
- --hash=sha256:a84da4318dd86f870a9447a8c98340aa06216bfc6f2b7bdc4b8766984ae1867c
+pkginfo==1.9.6 \
+ --hash=sha256:4b7a555a6d5a22169fcc9cf7bfd78d296b0361adad412a346c1226849af5e546 \
+ --hash=sha256:8fd5896e8718a4372f0ea9cc9d96f6417c9b986e23a4d116dda26b62cc29d046
# via twine
-platformdirs==2.5.4 \
- --hash=sha256:1006647646d80f16130f052404c6b901e80ee4ed6bef6792e1f238a8969106f7 \
- --hash=sha256:af0276409f9a02373d540bf8480021a048711d572745aef4b7842dad245eba10
+platformdirs==3.11.0 \
+ --hash=sha256:cf8ee52a3afdb965072dcc652433e0c7e3e40cf5ea1477cd4b3b1d2eb75495b3 \
+ --hash=sha256:e9d171d00af68be50e9202731309c4e658fd8bc76f55c11c7dd760d023bda68e
# via virtualenv
protobuf==3.20.3 \
--hash=sha256:03038ac1cfbc41aa21f6afcbcd357281d7521b4157926f30ebecc8d4ea59dcb7 \
@@ -380,38 +419,31 @@ protobuf==3.20.3 \
# gcp-docuploader
# gcp-releasetool
# google-api-core
-py==1.11.0 \
- --hash=sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719 \
- --hash=sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378
- # via nox
-pyasn1==0.4.8 \
- --hash=sha256:39c7e2ec30515947ff4e87fb6f456dfc6e84857d34be479c9d4a4ba4bf46aa5d \
- --hash=sha256:aef77c9fb94a3ac588e87841208bdec464471d9871bd5050a287cc9a475cd0ba
+ # googleapis-common-protos
+pyasn1==0.5.0 \
+ --hash=sha256:87a2121042a1ac9358cabcaf1d07680ff97ee6404333bacca15f76aa8ad01a57 \
+ --hash=sha256:97b7290ca68e62a832558ec3976f15cbf911bf5d7c7039d8b861c2a0ece69fde
# via
# pyasn1-modules
# rsa
-pyasn1-modules==0.2.8 \
- --hash=sha256:905f84c712230b2c592c19470d3ca8d552de726050d1d1716282a1f6146be65e \
- --hash=sha256:a50b808ffeb97cb3601dd25981f6b016cbb3d31fbf57a8b8a87428e6158d0c74
+pyasn1-modules==0.3.0 \
+ --hash=sha256:5bd01446b736eb9d31512a30d46c1ac3395d676c6f3cafa4c03eb54b9925631c \
+ --hash=sha256:d3ccd6ed470d9ffbc716be08bd90efbd44d0734bc9303818f7336070984a162d
# via google-auth
pycparser==2.21 \
--hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \
--hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206
# via cffi
-pygments==2.13.0 \
- --hash=sha256:56a8508ae95f98e2b9bdf93a6be5ae3f7d8af858b43e02c5a2ff083726be40c1 \
- --hash=sha256:f643f331ab57ba3c9d89212ee4a2dabc6e94f117cf4eefde99a0574720d14c42
+pygments==2.16.1 \
+ --hash=sha256:13fc09fa63bc8d8671a6d247e1eb303c4b343eaee81d861f3404db2935653692 \
+ --hash=sha256:1daff0494820c69bc8941e407aa20f577374ee88364ee10a98fdbe0aece96e29
# via
# readme-renderer
# rich
-pyjwt==2.6.0 \
- --hash=sha256:69285c7e31fc44f68a1feb309e948e0df53259d579295e6cfe2b1792329f05fd \
- --hash=sha256:d83c3d892a77bbb74d3e1a2cfa90afaadb60945205d1095d9221f04466f64c14
+pyjwt==2.8.0 \
+ --hash=sha256:57e28d156e3d5c10088e0c68abb90bfac3df82b40a71bd0daa20c65ccd5c23de \
+ --hash=sha256:59127c392cc44c2da5bb3192169a91f429924e17aff6534d70fdc02ab3e04320
# via gcp-releasetool
-pyparsing==3.0.9 \
- --hash=sha256:2b020ecf7d21b687f219b71ecad3631f644a47f01403fa1d1036b0c6416d70fb \
- --hash=sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc
- # via packaging
pyperclip==1.8.2 \
--hash=sha256:105254a8b04934f0bc84e9c24eb360a591aaf6535c9def5f29d92af107a9bf57
# via gcp-releasetool
@@ -419,30 +451,30 @@ python-dateutil==2.8.2 \
--hash=sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86 \
--hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9
# via gcp-releasetool
-readme-renderer==37.3 \
- --hash=sha256:cd653186dfc73055656f090f227f5cb22a046d7f71a841dfa305f55c9a513273 \
- --hash=sha256:f67a16caedfa71eef48a31b39708637a6f4664c4394801a7b0d6432d13907343
+readme-renderer==42.0 \
+ --hash=sha256:13d039515c1f24de668e2c93f2e877b9dbe6c6c32328b90a40a49d8b2b85f36d \
+ --hash=sha256:2d55489f83be4992fe4454939d1a051c33edbab778e82761d060c9fc6b308cd1
# via twine
-requests==2.28.1 \
- --hash=sha256:7c5599b102feddaa661c826c56ab4fee28bfd17f5abca1ebbe3e7f19d7c97983 \
- --hash=sha256:8fefa2a1a1365bf5520aac41836fbee479da67864514bdb821f31ce07ce65349
+requests==2.31.0 \
+ --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \
+ --hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1
# via
# gcp-releasetool
# google-api-core
# google-cloud-storage
# requests-toolbelt
# twine
-requests-toolbelt==0.10.1 \
- --hash=sha256:18565aa58116d9951ac39baa288d3adb5b3ff975c4f25eee78555d89e8f247f7 \
- --hash=sha256:62e09f7ff5ccbda92772a29f394a49c3ad6cb181d568b1337626b2abb628a63d
+requests-toolbelt==1.0.0 \
+ --hash=sha256:7681a0a3d047012b5bdc0ee37d7f8f07ebe76ab08caeccfc3921ce23c88d5bc6 \
+ --hash=sha256:cccfdd665f0a24fcf4726e690f65639d272bb0637b9b92dfd91a5568ccf6bd06
# via twine
rfc3986==2.0.0 \
--hash=sha256:50b1502b60e289cb37883f3dfd34532b8873c7de9f49bb546641ce9cbd256ebd \
--hash=sha256:97aacf9dbd4bfd829baad6e6309fa6573aaf1be3f6fa735c8ab05e46cecb261c
# via twine
-rich==12.6.0 \
- --hash=sha256:a4eb26484f2c82589bd9a17c73d32a010b1e29d89f1604cd9bf3a2097b81bb5e \
- --hash=sha256:ba3a3775974105c221d31141f2c116f4fd65c5ceb0698657a11e9f295ec93fd0
+rich==13.6.0 \
+ --hash=sha256:2b38e2fe9ca72c9a00170a1a2d20c63c790d0e10ef1fe35eba76e1e7b1d7d245 \
+ --hash=sha256:5c14d22737e6d5084ef4771b62d5d4363165b403455a30a1c8ca39dc7b644bef
# via twine
rsa==4.9 \
--hash=sha256:90260d9058e514786967344d0ef75fa8727eed8a7d2e43ce9f4bcf1b536174f7 \
@@ -456,43 +488,37 @@ six==1.16.0 \
--hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
--hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
# via
- # bleach
# gcp-docuploader
- # google-auth
# python-dateutil
-twine==4.0.1 \
- --hash=sha256:42026c18e394eac3e06693ee52010baa5313e4811d5a11050e7d48436cf41b9e \
- --hash=sha256:96b1cf12f7ae611a4a40b6ae8e9570215daff0611828f5fe1f37a16255ab24a0
+twine==4.0.2 \
+ --hash=sha256:929bc3c280033347a00f847236564d1c52a3e61b1ac2516c97c48f3ceab756d8 \
+ --hash=sha256:9e102ef5fdd5a20661eb88fad46338806c3bd32cf1db729603fe3697b1bc83c8
# via -r requirements.in
-typing-extensions==4.4.0 \
- --hash=sha256:1511434bb92bf8dd198c12b1cc812e800d4181cfcb867674e0f8279cc93087aa \
- --hash=sha256:16fa4864408f655d35ec496218b85f79b3437c829e93320c7c9215ccfd92489e
+typing-extensions==4.8.0 \
+ --hash=sha256:8f92fc8806f9a6b641eaa5318da32b44d401efaac0f6678c9bc448ba3605faa0 \
+ --hash=sha256:df8e4339e9cb77357558cbdbceca33c303714cf861d1eef15e1070055ae8b7ef
# via -r requirements.in
-urllib3==1.26.12 \
- --hash=sha256:3fa96cf423e6987997fc326ae8df396db2a8b7c667747d47ddd8ecba91f4a74e \
- --hash=sha256:b930dd878d5a8afb066a637fbb35144fe7901e3b209d1cd4f524bd0e9deee997
+urllib3==2.0.7 \
+ --hash=sha256:c97dfde1f7bd43a71c8d2a58e369e9b2bf692d1334ea9f9cae55add7d0dd0f84 \
+ --hash=sha256:fdb6d215c776278489906c2f8916e6e7d4f5a9b602ccbcfdf7f016fc8da0596e
# via
# requests
# twine
-virtualenv==20.16.7 \
- --hash=sha256:8691e3ff9387f743e00f6bb20f70121f5e4f596cae754531f2b3b3a1b1ac696e \
- --hash=sha256:efd66b00386fdb7dbe4822d172303f40cd05e50e01740b19ea42425cbe653e29
+virtualenv==20.24.6 \
+ --hash=sha256:02ece4f56fbf939dbbc33c0715159951d6bf14aaf5457b092e4548e1382455af \
+ --hash=sha256:520d056652454c5098a00c0f073611ccbea4c79089331f60bf9d7ba247bb7381
# via nox
-webencodings==0.5.1 \
- --hash=sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 \
- --hash=sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923
- # via bleach
-wheel==0.38.4 \
- --hash=sha256:965f5259b566725405b05e7cf774052044b1ed30119b5d586b2703aafe8719ac \
- --hash=sha256:b60533f3f5d530e971d6737ca6d58681ee434818fab630c83a734bb10c083ce8
+wheel==0.41.3 \
+ --hash=sha256:488609bc63a29322326e05560731bf7bfea8e48ad646e1f5e40d366607de0942 \
+ --hash=sha256:4d4987ce51a49370ea65c0bfd2234e8ce80a12780820d9dc462597a6e60d0841
# via -r requirements.in
-zipp==3.10.0 \
- --hash=sha256:4fcb6f278987a6605757302a6e40e896257570d11c51628968ccb2a47e80c6c1 \
- --hash=sha256:7a7262fd930bd3e36c50b9a64897aec3fafff3dfdeec9623ae22b40e93f99bb8
+zipp==3.17.0 \
+ --hash=sha256:0e923e726174922dce09c53c59ad483ff7bbb8e572e00c7f7c46b88556409f31 \
+ --hash=sha256:84e64a1c28cf7e91ed2078bb8cc8c259cb19b76942096c8d7b84947690cabaf0
# via importlib-metadata
# The following packages are considered to be unsafe in a requirements file:
-setuptools==65.5.1 \
- --hash=sha256:d0b9a8433464d5800cbe05094acf5c6d52a91bfac9b52bcfc4d41382be5d5d31 \
- --hash=sha256:e197a19aa8ec9722928f2206f8de752def0e4c9fc6953527360d1c36d94ddb2f
+setuptools==68.2.2 \
+ --hash=sha256:4ac1475276d2f1c48684874089fefcd83bd7162ddaafb81fac866ba0db282a87 \
+ --hash=sha256:b454a35605876da60632df1a60f736524eb73cc47bbc9f3f1ef1b644de74fd2a
# via -r requirements.in
diff --git a/.kokoro/samples/python3.12/common.cfg b/.kokoro/samples/python3.12/common.cfg
new file mode 100644
index 0000000..abe748e
--- /dev/null
+++ b/.kokoro/samples/python3.12/common.cfg
@@ -0,0 +1,40 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+# Build logs will be here
+action {
+ define_artifacts {
+ regex: "**/*sponge_log.xml"
+ }
+}
+
+# Specify which tests to run
+env_vars: {
+ key: "RUN_TESTS_SESSION"
+ value: "py-3.12"
+}
+
+# Declare build specific Cloud project.
+env_vars: {
+ key: "BUILD_SPECIFIC_GCLOUD_PROJECT"
+ value: "python-docs-samples-tests-312"
+}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-access-context-manager/.kokoro/test-samples.sh"
+}
+
+# Configure the docker image for kokoro-trampoline.
+env_vars: {
+ key: "TRAMPOLINE_IMAGE"
+ value: "gcr.io/cloud-devrel-kokoro-resources/python-samples-testing-docker"
+}
+
+# Download secrets for samples
+gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/python-docs-samples"
+
+# Download trampoline resources.
+gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline"
+
+# Use the trampoline script to run in docker.
+build_file: "python-access-context-manager/.kokoro/trampoline_v2.sh"
\ No newline at end of file
diff --git a/.kokoro/samples/python3.12/continuous.cfg b/.kokoro/samples/python3.12/continuous.cfg
new file mode 100644
index 0000000..a1c8d97
--- /dev/null
+++ b/.kokoro/samples/python3.12/continuous.cfg
@@ -0,0 +1,6 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
\ No newline at end of file
diff --git a/.kokoro/samples/python3.12/periodic-head.cfg b/.kokoro/samples/python3.12/periodic-head.cfg
new file mode 100644
index 0000000..5c8e404
--- /dev/null
+++ b/.kokoro/samples/python3.12/periodic-head.cfg
@@ -0,0 +1,11 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
+
+env_vars: {
+ key: "TRAMPOLINE_BUILD_FILE"
+ value: "github/python-access-context-manager/.kokoro/test-samples-against-head.sh"
+}
diff --git a/.kokoro/samples/python3.12/periodic.cfg b/.kokoro/samples/python3.12/periodic.cfg
new file mode 100644
index 0000000..71cd1e5
--- /dev/null
+++ b/.kokoro/samples/python3.12/periodic.cfg
@@ -0,0 +1,6 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "False"
+}
diff --git a/.kokoro/samples/python3.12/presubmit.cfg b/.kokoro/samples/python3.12/presubmit.cfg
new file mode 100644
index 0000000..a1c8d97
--- /dev/null
+++ b/.kokoro/samples/python3.12/presubmit.cfg
@@ -0,0 +1,6 @@
+# Format: //devtools/kokoro/config/proto/build.proto
+
+env_vars: {
+ key: "INSTALL_LIBRARY_FROM_SOURCE"
+ value: "True"
+}
\ No newline at end of file
diff --git a/.kokoro/test-samples-against-head.sh b/.kokoro/test-samples-against-head.sh
index ba3a707..63ac41d 100755
--- a/.kokoro/test-samples-against-head.sh
+++ b/.kokoro/test-samples-against-head.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2020 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/.kokoro/test-samples-impl.sh b/.kokoro/test-samples-impl.sh
index 2c6500c..5a0f5fa 100755
--- a/.kokoro/test-samples-impl.sh
+++ b/.kokoro/test-samples-impl.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2021 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/.kokoro/test-samples.sh b/.kokoro/test-samples.sh
index 11c042d..50b35a4 100755
--- a/.kokoro/test-samples.sh
+++ b/.kokoro/test-samples.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2020 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/.kokoro/trampoline.sh b/.kokoro/trampoline.sh
index f39236e..d85b1f2 100755
--- a/.kokoro/trampoline.sh
+++ b/.kokoro/trampoline.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright 2017 Google Inc.
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/.kokoro/trampoline_v2.sh b/.kokoro/trampoline_v2.sh
index 4af6cdc..59a7cf3 100755
--- a/.kokoro/trampoline_v2.sh
+++ b/.kokoro/trampoline_v2.sh
@@ -1,5 +1,5 @@
#!/usr/bin/env bash
-# Copyright 2020 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 5405cc8..6a8e169 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,4 +1,4 @@
-# Copyright 2021 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,10 +22,10 @@ repos:
- id: end-of-file-fixer
- id: check-yaml
- repo: https://github.com/psf/black
- rev: 22.3.0
+ rev: 23.7.0
hooks:
- id: black
- repo: https://github.com/pycqa/flake8
- rev: 3.9.2
+ rev: 6.1.0
hooks:
- id: flake8
diff --git a/.trampolinerc b/.trampolinerc
index 0eee72a..a7dfeb4 100644
--- a/.trampolinerc
+++ b/.trampolinerc
@@ -1,4 +1,4 @@
-# Copyright 2020 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,8 +12,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-# Template for .trampolinerc
-
# Add required env vars here.
required_envvars+=(
)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 286f46b..4e40b48 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,21 @@
# Changelog
+## [0.2.0](https://github.com/googleapis/python-access-context-manager/compare/v0.1.16...v0.2.0) (2024-02-15)
+
+
+### Features
+
+* Add `egress_policies` and `ingress_policies` fields to `ServicePerimeter` [f31ec7d](https://github.com/googleapis/googleapis/commit/f31ec7d4d1f27fd76594165ae41a344465e9f228) ([eabf473](https://github.com/googleapis/python-access-context-manager/commit/eabf4737124074f8107a0dac716cb68134edf721))
+* Add `google/identity/accesscontextmanager/v1/access_context_manager_pb2.py` [0b261de](https://github.com/googleapis/googleapis/commit/0b261def1cb4c61a9ddbb8bf14b103ce6add1bce) ([eabf473](https://github.com/googleapis/python-access-context-manager/commit/eabf4737124074f8107a0dac716cb68134edf721))
+* Add support for Python 3.12 ([#188](https://github.com/googleapis/python-access-context-manager/issues/188)) ([c379c57](https://github.com/googleapis/python-access-context-manager/commit/c379c573573207ef6e6f355aa569e19149ef2824))
+* Introduce compatibility with native namespace packages ([#187](https://github.com/googleapis/python-access-context-manager/issues/187)) ([8ffdcd3](https://github.com/googleapis/python-access-context-manager/commit/8ffdcd31ecc4a4b8e18b8534257ff02c391339f7))
+
+
+### Bug Fixes
+
+* **deps:** Require google-api-core >= 1.34.1 ([eabf473](https://github.com/googleapis/python-access-context-manager/commit/eabf4737124074f8107a0dac716cb68134edf721))
+* Migrate to native namespace packages ([#193](https://github.com/googleapis/python-access-context-manager/issues/193)) ([5840132](https://github.com/googleapis/python-access-context-manager/commit/58401328a92f418cb43492459971a7f2b7d712f2))
+
## [0.1.16](https://github.com/googleapis/python-access-context-manager/compare/v0.1.15...v0.1.16) (2023-02-27)
diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index 4248bf0..2f40135 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -22,7 +22,7 @@ In order to add a feature:
documentation.
- The feature must work fully on the following CPython versions:
- 3.7, 3.8, 3.9, 3.10 and 3.11 on both UNIX and Windows.
+ 3.7, 3.8, 3.9, 3.10, 3.11 and 3.12 on both UNIX and Windows.
- The feature must not add unnecessary dependencies (where
"unnecessary" is of course subjective, but new dependencies should
@@ -72,7 +72,7 @@ We use `nox `__ to instrument our tests.
- To run a single unit test::
- $ nox -s unit-3.11 -- -k
+ $ nox -s unit-3.12 -- -k
.. note::
@@ -226,12 +226,14 @@ We support:
- `Python 3.9`_
- `Python 3.10`_
- `Python 3.11`_
+- `Python 3.12`_
.. _Python 3.7: https://docs.python.org/3.7/
.. _Python 3.8: https://docs.python.org/3.8/
.. _Python 3.9: https://docs.python.org/3.9/
.. _Python 3.10: https://docs.python.org/3.10/
.. _Python 3.11: https://docs.python.org/3.11/
+.. _Python 3.12: https://docs.python.org/3.12/
Supported versions can be found in our ``noxfile.py`` `config`_.
diff --git a/MANIFEST.in b/MANIFEST.in
index e783f4c..e0a6670 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
-# Copyright 2020 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/docs/conf.py b/docs/conf.py
index d7210b2..d897b04 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
-# Copyright 2021 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/google/identity/__init__.py b/google/identity/__init__.py
deleted file mode 100644
index 9a1b64a..0000000
--- a/google/identity/__init__.py
+++ /dev/null
@@ -1,24 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# Copyright 2020 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-try:
- import pkg_resources
-
- pkg_resources.declare_namespace(__name__)
-except ImportError:
- import pkgutil
-
- __path__ = pkgutil.extend_path(__path__, __name__)
diff --git a/google/identity/accesscontextmanager/type/device_resources.proto b/google/identity/accesscontextmanager/type/device_resources.proto
index f057910..a3f000c 100644
--- a/google/identity/accesscontextmanager/type/device_resources.proto
+++ b/google/identity/accesscontextmanager/type/device_resources.proto
@@ -16,10 +16,8 @@ syntax = "proto3";
package google.identity.accesscontextmanager.type;
-import "google/api/annotations.proto";
-
option csharp_namespace = "Google.Identity.AccessContextManager.Type";
-option go_package = "google.golang.org/genproto/googleapis/identity/accesscontextmanager/type;type";
+option go_package = "google.golang.org/genproto/googleapis/identity/accesscontextmanager/type";
option java_package = "com.google.identity.accesscontextmanager.type";
option java_multiple_files = true;
option java_outer_classname = "TypeProto";
diff --git a/google/identity/accesscontextmanager/type/device_resources_pb2.py b/google/identity/accesscontextmanager/type/device_resources_pb2.py
index 82ff78a..cb48d1e 100644
--- a/google/identity/accesscontextmanager/type/device_resources_pb2.py
+++ b/google/identity/accesscontextmanager/type/device_resources_pb2.py
@@ -29,11 +29,8 @@
_sym_db = _symbol_database.Default()
-from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2
-
-
DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(
- b"\n@google/identity/accesscontextmanager/type/device_resources.proto\x12)google.identity.accesscontextmanager.type\x1a\x1cgoogle/api/annotations.proto*p\n\x16\x44\x65viceEncryptionStatus\x12\x1a\n\x16\x45NCRYPTION_UNSPECIFIED\x10\x00\x12\x1a\n\x16\x45NCRYPTION_UNSUPPORTED\x10\x01\x12\x0f\n\x0bUNENCRYPTED\x10\x02\x12\r\n\tENCRYPTED\x10\x03*\x82\x01\n\x06OsType\x12\x12\n\x0eOS_UNSPECIFIED\x10\x00\x12\x0f\n\x0b\x44\x45SKTOP_MAC\x10\x01\x12\x13\n\x0f\x44\x45SKTOP_WINDOWS\x10\x02\x12\x11\n\rDESKTOP_LINUX\x10\x03\x12\x15\n\x11\x44\x45SKTOP_CHROME_OS\x10\x06\x12\x0b\n\x07\x41NDROID\x10\x04\x12\x07\n\x03IOS\x10\x05*V\n\x15\x44\x65viceManagementLevel\x12\x1a\n\x16MANAGEMENT_UNSPECIFIED\x10\x00\x12\x08\n\x04NONE\x10\x01\x12\t\n\x05\x42\x41SIC\x10\x02\x12\x0c\n\x08\x43OMPLETE\x10\x03\x42\x92\x02\n-com.google.identity.accesscontextmanager.typeB\tTypeProtoP\x01ZMgoogle.golang.org/genproto/googleapis/identity/accesscontextmanager/type;type\xaa\x02)Google.Identity.AccessContextManager.Type\xca\x02)Google\\Identity\\AccessContextManager\\Type\xea\x02,Google::Identity::AccessContextManager::Typeb\x06proto3"
+ b"\n@google/identity/accesscontextmanager/type/device_resources.proto\x12)google.identity.accesscontextmanager.type*p\n\x16\x44\x65viceEncryptionStatus\x12\x1a\n\x16\x45NCRYPTION_UNSPECIFIED\x10\x00\x12\x1a\n\x16\x45NCRYPTION_UNSUPPORTED\x10\x01\x12\x0f\n\x0bUNENCRYPTED\x10\x02\x12\r\n\tENCRYPTED\x10\x03*\x82\x01\n\x06OsType\x12\x12\n\x0eOS_UNSPECIFIED\x10\x00\x12\x0f\n\x0b\x44\x45SKTOP_MAC\x10\x01\x12\x13\n\x0f\x44\x45SKTOP_WINDOWS\x10\x02\x12\x11\n\rDESKTOP_LINUX\x10\x03\x12\x15\n\x11\x44\x45SKTOP_CHROME_OS\x10\x06\x12\x0b\n\x07\x41NDROID\x10\x04\x12\x07\n\x03IOS\x10\x05*V\n\x15\x44\x65viceManagementLevel\x12\x1a\n\x16MANAGEMENT_UNSPECIFIED\x10\x00\x12\x08\n\x04NONE\x10\x01\x12\t\n\x05\x42\x41SIC\x10\x02\x12\x0c\n\x08\x43OMPLETE\x10\x03\x42\x8d\x02\n-com.google.identity.accesscontextmanager.typeB\tTypeProtoP\x01ZHgoogle.golang.org/genproto/googleapis/identity/accesscontextmanager/type\xaa\x02)Google.Identity.AccessContextManager.Type\xca\x02)Google\\Identity\\AccessContextManager\\Type\xea\x02,Google::Identity::AccessContextManager::Typeb\x06proto3"
)
_DEVICEENCRYPTIONSTATUS = DESCRIPTOR.enum_types_by_name["DeviceEncryptionStatus"]
@@ -62,11 +59,11 @@
if _descriptor._USE_C_DESCRIPTORS == False:
DESCRIPTOR._options = None
- DESCRIPTOR._serialized_options = b"\n-com.google.identity.accesscontextmanager.typeB\tTypeProtoP\001ZMgoogle.golang.org/genproto/googleapis/identity/accesscontextmanager/type;type\252\002)Google.Identity.AccessContextManager.Type\312\002)Google\\Identity\\AccessContextManager\\Type\352\002,Google::Identity::AccessContextManager::Type"
- _DEVICEENCRYPTIONSTATUS._serialized_start = 141
- _DEVICEENCRYPTIONSTATUS._serialized_end = 253
- _OSTYPE._serialized_start = 256
- _OSTYPE._serialized_end = 386
- _DEVICEMANAGEMENTLEVEL._serialized_start = 388
- _DEVICEMANAGEMENTLEVEL._serialized_end = 474
+ DESCRIPTOR._serialized_options = b"\n-com.google.identity.accesscontextmanager.typeB\tTypeProtoP\001ZHgoogle.golang.org/genproto/googleapis/identity/accesscontextmanager/type\252\002)Google.Identity.AccessContextManager.Type\312\002)Google\\Identity\\AccessContextManager\\Type\352\002,Google::Identity::AccessContextManager::Type"
+ _DEVICEENCRYPTIONSTATUS._serialized_start = 111
+ _DEVICEENCRYPTIONSTATUS._serialized_end = 223
+ _OSTYPE._serialized_start = 226
+ _OSTYPE._serialized_end = 356
+ _DEVICEMANAGEMENTLEVEL._serialized_start = 358
+ _DEVICEMANAGEMENTLEVEL._serialized_end = 444
# @@protoc_insertion_point(module_scope)
diff --git a/google/identity/accesscontextmanager/v1/access_context_manager.proto b/google/identity/accesscontextmanager/v1/access_context_manager.proto
new file mode 100644
index 0000000..c2ea610
--- /dev/null
+++ b/google/identity/accesscontextmanager/v1/access_context_manager.proto
@@ -0,0 +1,986 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.identity.accesscontextmanager.v1;
+
+import "google/api/annotations.proto";
+import "google/api/client.proto";
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+import "google/iam/v1/iam_policy.proto";
+import "google/iam/v1/policy.proto";
+import "google/identity/accesscontextmanager/v1/access_level.proto";
+import "google/identity/accesscontextmanager/v1/access_policy.proto";
+import "google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto";
+import "google/identity/accesscontextmanager/v1/service_perimeter.proto";
+import "google/longrunning/operations.proto";
+import "google/protobuf/field_mask.proto";
+
+option csharp_namespace = "Google.Identity.AccessContextManager.V1";
+option go_package = "cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb";
+option java_multiple_files = true;
+option java_outer_classname = "AccessContextManagerProto";
+option java_package = "com.google.identity.accesscontextmanager.v1";
+option objc_class_prefix = "GACM";
+option php_namespace = "Google\\Identity\\AccessContextManager\\V1";
+option ruby_package = "Google::Identity::AccessContextManager::V1";
+
+// API for setting [access levels]
+// [google.identity.accesscontextmanager.v1.AccessLevel] and [service
+// perimeters] [google.identity.accesscontextmanager.v1.ServicePerimeter]
+// for Google Cloud projects. Each organization has one [access policy]
+// [google.identity.accesscontextmanager.v1.AccessPolicy] that contains the
+// [access levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+// and [service perimeters]
+// [google.identity.accesscontextmanager.v1.ServicePerimeter]. This
+// [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy] is
+// applicable to all resources in the organization.
+// AccessPolicies
+service AccessContextManager {
+ option (google.api.default_host) = "accesscontextmanager.googleapis.com";
+ option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";
+
+ // Lists all [access policies]
+ // [google.identity.accesscontextmanager.v1.AccessPolicy] in an
+ // organization.
+ rpc ListAccessPolicies(ListAccessPoliciesRequest) returns (ListAccessPoliciesResponse) {
+ option (google.api.http) = {
+ get: "/v1/accessPolicies"
+ };
+ }
+
+ // Returns an [access policy]
+ // [google.identity.accesscontextmanager.v1.AccessPolicy] based on the name.
+ rpc GetAccessPolicy(GetAccessPolicyRequest) returns (AccessPolicy) {
+ option (google.api.http) = {
+ get: "/v1/{name=accessPolicies/*}"
+ };
+ option (google.api.method_signature) = "name";
+ }
+
+ // Creates an access policy. This method fails if the organization already has
+ // an access policy. The long-running operation has a successful status
+ // after the access policy propagates to long-lasting storage.
+ // Syntactic and basic semantic errors are returned in `metadata` as a
+ // BadRequest proto.
+ rpc CreateAccessPolicy(AccessPolicy) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ post: "/v1/accessPolicies"
+ body: "*"
+ };
+ option (google.longrunning.operation_info) = {
+ response_type: "AccessPolicy"
+ metadata_type: "AccessContextManagerOperationMetadata"
+ };
+ }
+
+ // Updates an [access policy]
+ // [google.identity.accesscontextmanager.v1.AccessPolicy]. The
+ // long-running operation from this RPC has a successful status after the
+ // changes to the [access policy]
+ // [google.identity.accesscontextmanager.v1.AccessPolicy] propagate
+ // to long-lasting storage.
+ rpc UpdateAccessPolicy(UpdateAccessPolicyRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ patch: "/v1/{policy.name=accessPolicies/*}"
+ body: "policy"
+ };
+ option (google.api.method_signature) = "policy,update_mask";
+ option (google.longrunning.operation_info) = {
+ response_type: "AccessPolicy"
+ metadata_type: "AccessContextManagerOperationMetadata"
+ };
+ }
+
+ // Deletes an [access policy]
+ // [google.identity.accesscontextmanager.v1.AccessPolicy] based on the
+ // resource name. The long-running operation has a successful status after the
+ // [access policy] [google.identity.accesscontextmanager.v1.AccessPolicy]
+ // is removed from long-lasting storage.
+ rpc DeleteAccessPolicy(DeleteAccessPolicyRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ delete: "/v1/{name=accessPolicies/*}"
+ };
+ option (google.api.method_signature) = "name";
+ option (google.longrunning.operation_info) = {
+ response_type: "google.protobuf.Empty"
+ metadata_type: "AccessContextManagerOperationMetadata"
+ };
+ }
+
+ // Lists all [access levels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] for an access
+ // policy.
+ rpc ListAccessLevels(ListAccessLevelsRequest) returns (ListAccessLevelsResponse) {
+ option (google.api.http) = {
+ get: "/v1/{parent=accessPolicies/*}/accessLevels"
+ };
+ option (google.api.method_signature) = "parent";
+ }
+
+ // Gets an [access level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
+ // name.
+ rpc GetAccessLevel(GetAccessLevelRequest) returns (AccessLevel) {
+ option (google.api.http) = {
+ get: "/v1/{name=accessPolicies/*/accessLevels/*}"
+ };
+ option (google.api.method_signature) = "name";
+ }
+
+ // Creates an [access level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+ // operation from this RPC has a successful status after the [access
+ // level] [google.identity.accesscontextmanager.v1.AccessLevel]
+ // propagates to long-lasting storage. If [access levels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] contain
+ // errors, an error response is returned for the first error encountered.
+ rpc CreateAccessLevel(CreateAccessLevelRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ post: "/v1/{parent=accessPolicies/*}/accessLevels"
+ body: "access_level"
+ };
+ option (google.api.method_signature) = "parent,access_level";
+ option (google.longrunning.operation_info) = {
+ response_type: "AccessLevel"
+ metadata_type: "AccessContextManagerOperationMetadata"
+ };
+ }
+
+ // Updates an [access level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel]. The long-running
+ // operation from this RPC has a successful status after the changes to
+ // the [access level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] propagate
+ // to long-lasting storage. If [access levels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] contain
+ // errors, an error response is returned for the first error encountered.
+ rpc UpdateAccessLevel(UpdateAccessLevelRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ patch: "/v1/{access_level.name=accessPolicies/*/accessLevels/*}"
+ body: "access_level"
+ };
+ option (google.api.method_signature) = "access_level,update_mask";
+ option (google.longrunning.operation_info) = {
+ response_type: "AccessLevel"
+ metadata_type: "AccessContextManagerOperationMetadata"
+ };
+ }
+
+ // Deletes an [access level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] based on the resource
+ // name. The long-running operation from this RPC has a successful status
+ // after the [access level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] has been removed
+ // from long-lasting storage.
+ rpc DeleteAccessLevel(DeleteAccessLevelRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ delete: "/v1/{name=accessPolicies/*/accessLevels/*}"
+ };
+ option (google.api.method_signature) = "name";
+ option (google.longrunning.operation_info) = {
+ response_type: "google.protobuf.Empty"
+ metadata_type: "AccessContextManagerOperationMetadata"
+ };
+ }
+
+ // Replaces all existing [access levels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] in an [access
+ // policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with
+ // the [access levels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] provided. This
+ // is done atomically. The long-running operation from this RPC has a
+ // successful status after all replacements propagate to long-lasting
+ // storage. If the replacement contains errors, an error response is returned
+ // for the first error encountered. Upon error, the replacement is cancelled,
+ // and existing [access levels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] are not
+ // affected. The Operation.response field contains
+ // ReplaceAccessLevelsResponse. Removing [access levels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] contained in existing
+ // [service perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] result in an
+ // error.
+ rpc ReplaceAccessLevels(ReplaceAccessLevelsRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ post: "/v1/{parent=accessPolicies/*}/accessLevels:replaceAll"
+ body: "*"
+ };
+ option (google.longrunning.operation_info) = {
+ response_type: "ReplaceAccessLevelsResponse"
+ metadata_type: "AccessContextManagerOperationMetadata"
+ };
+ }
+
+ // Lists all [service perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] for an
+ // access policy.
+ rpc ListServicePerimeters(ListServicePerimetersRequest) returns (ListServicePerimetersResponse) {
+ option (google.api.http) = {
+ get: "/v1/{parent=accessPolicies/*}/servicePerimeters"
+ };
+ option (google.api.method_signature) = "parent";
+ }
+
+ // Gets a [service perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+ // resource name.
+ rpc GetServicePerimeter(GetServicePerimeterRequest) returns (ServicePerimeter) {
+ option (google.api.http) = {
+ get: "/v1/{name=accessPolicies/*/servicePerimeters/*}"
+ };
+ option (google.api.method_signature) = "name";
+ }
+
+ // Creates a [service perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+ // long-running operation from this RPC has a successful status after the
+ // [service perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ // propagates to long-lasting storage. If a [service perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ // errors, an error response is returned for the first error encountered.
+ rpc CreateServicePerimeter(CreateServicePerimeterRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ post: "/v1/{parent=accessPolicies/*}/servicePerimeters"
+ body: "service_perimeter"
+ };
+ option (google.api.method_signature) = "parent,service_perimeter";
+ option (google.longrunning.operation_info) = {
+ response_type: "ServicePerimeter"
+ metadata_type: "AccessContextManagerOperationMetadata"
+ };
+ }
+
+ // Updates a [service perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter]. The
+ // long-running operation from this RPC has a successful status after the
+ // [service perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter]
+ // propagates to long-lasting storage. If a [service perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] contains
+ // errors, an error response is returned for the first error encountered.
+ rpc UpdateServicePerimeter(UpdateServicePerimeterRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ patch: "/v1/{service_perimeter.name=accessPolicies/*/servicePerimeters/*}"
+ body: "service_perimeter"
+ };
+ option (google.api.method_signature) = "service_perimeter,update_mask";
+ option (google.longrunning.operation_info) = {
+ response_type: "ServicePerimeter"
+ metadata_type: "AccessContextManagerOperationMetadata"
+ };
+ }
+
+ // Deletes a [service perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] based on the
+ // resource name. The long-running operation from this RPC has a successful
+ // status after the [service perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] is removed from
+ // long-lasting storage.
+ rpc DeleteServicePerimeter(DeleteServicePerimeterRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ delete: "/v1/{name=accessPolicies/*/servicePerimeters/*}"
+ };
+ option (google.api.method_signature) = "name";
+ option (google.longrunning.operation_info) = {
+ response_type: "google.protobuf.Empty"
+ metadata_type: "AccessContextManagerOperationMetadata"
+ };
+ }
+
+ // Replace all existing [service perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] in an [access
+ // policy] [google.identity.accesscontextmanager.v1.AccessPolicy] with the
+ // [service perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] provided. This
+ // is done atomically. The long-running operation from this RPC has a
+ // successful status after all replacements propagate to long-lasting storage.
+ // Replacements containing errors result in an error response for the first
+ // error encountered. Upon an error, replacement are cancelled and existing
+ // [service perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] are not
+ // affected. The Operation.response field contains
+ // ReplaceServicePerimetersResponse.
+ rpc ReplaceServicePerimeters(ReplaceServicePerimetersRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ post: "/v1/{parent=accessPolicies/*}/servicePerimeters:replaceAll"
+ body: "*"
+ };
+ option (google.longrunning.operation_info) = {
+ response_type: "ReplaceServicePerimetersResponse"
+ metadata_type: "AccessContextManagerOperationMetadata"
+ };
+ }
+
+ // Commits the dry-run specification for all the [service perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] in an
+ // [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ // A commit operation on a service perimeter involves copying its `spec` field
+ // to the `status` field of the service perimeter. Only [service perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] with
+ // `use_explicit_dry_run_spec` field set to true are affected by a commit
+ // operation. The long-running operation from this RPC has a successful
+ // status after the dry-run specifications for all the [service perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] have been
+ // committed. If a commit fails, it causes the long-running operation to
+ // return an error response and the entire commit operation is cancelled.
+ // When successful, the Operation.response field contains
+ // CommitServicePerimetersResponse. The `dry_run` and the `spec` fields are
+ // cleared after a successful commit operation.
+ rpc CommitServicePerimeters(CommitServicePerimetersRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ post: "/v1/{parent=accessPolicies/*}/servicePerimeters:commit"
+ body: "*"
+ };
+ option (google.longrunning.operation_info) = {
+ response_type: "CommitServicePerimetersResponse"
+ metadata_type: "AccessContextManagerOperationMetadata"
+ };
+ }
+
+ // Lists all [GcpUserAccessBindings]
+ // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] for a
+ // Google Cloud organization.
+ rpc ListGcpUserAccessBindings(ListGcpUserAccessBindingsRequest) returns (ListGcpUserAccessBindingsResponse) {
+ option (google.api.http) = {
+ get: "/v1/{parent=organizations/*}/gcpUserAccessBindings"
+ };
+ option (google.api.method_signature) = "parent";
+ }
+
+ // Gets the [GcpUserAccessBinding]
+ // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding] with
+ // the given name.
+ rpc GetGcpUserAccessBinding(GetGcpUserAccessBindingRequest) returns (GcpUserAccessBinding) {
+ option (google.api.http) = {
+ get: "/v1/{name=organizations/*/gcpUserAccessBindings/*}"
+ };
+ option (google.api.method_signature) = "name";
+ }
+
+ // Creates a [GcpUserAccessBinding]
+ // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]. If the
+ // client specifies a [name]
+ // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.name],
+ // the server ignores it. Fails if a resource already exists with the same
+ // [group_key]
+ // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding.group_key].
+ // Completion of this long-running operation does not necessarily signify that
+ // the new binding is deployed onto all affected users, which may take more
+ // time.
+ rpc CreateGcpUserAccessBinding(CreateGcpUserAccessBindingRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ post: "/v1/{parent=organizations/*}/gcpUserAccessBindings"
+ body: "gcp_user_access_binding"
+ };
+ option (google.api.method_signature) = "parent,gcp_user_access_binding";
+ option (google.longrunning.operation_info) = {
+ response_type: "GcpUserAccessBinding"
+ metadata_type: "GcpUserAccessBindingOperationMetadata"
+ };
+ }
+
+ // Updates a [GcpUserAccessBinding]
+ // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].
+ // Completion of this long-running operation does not necessarily signify that
+ // the changed binding is deployed onto all affected users, which may take
+ // more time.
+ rpc UpdateGcpUserAccessBinding(UpdateGcpUserAccessBindingRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ patch: "/v1/{gcp_user_access_binding.name=organizations/*/gcpUserAccessBindings/*}"
+ body: "gcp_user_access_binding"
+ };
+ option (google.api.method_signature) = "gcp_user_access_binding,update_mask";
+ option (google.longrunning.operation_info) = {
+ response_type: "GcpUserAccessBinding"
+ metadata_type: "GcpUserAccessBindingOperationMetadata"
+ };
+ }
+
+ // Deletes a [GcpUserAccessBinding]
+ // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding].
+ // Completion of this long-running operation does not necessarily signify that
+ // the binding deletion is deployed onto all affected users, which may take
+ // more time.
+ rpc DeleteGcpUserAccessBinding(DeleteGcpUserAccessBindingRequest) returns (google.longrunning.Operation) {
+ option (google.api.http) = {
+ delete: "/v1/{name=organizations/*/gcpUserAccessBindings/*}"
+ };
+ option (google.api.method_signature) = "name";
+ option (google.longrunning.operation_info) = {
+ response_type: "google.protobuf.Empty"
+ metadata_type: "GcpUserAccessBindingOperationMetadata"
+ };
+ }
+
+ // Sets the IAM policy for the specified Access Context Manager
+ // [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ // This method replaces the existing IAM policy on the access policy. The IAM
+ // policy controls the set of users who can perform specific operations on the
+ // Access Context Manager [access
+ // policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) {
+ option (google.api.http) = {
+ post: "/v1/{resource=accessPolicies/*}:setIamPolicy"
+ body: "*"
+ };
+ }
+
+ // Gets the IAM policy for the specified Access Context Manager
+ // [access policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+ rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) {
+ option (google.api.http) = {
+ post: "/v1/{resource=accessPolicies/*}:getIamPolicy"
+ body: "*"
+ };
+ }
+
+ // Returns the IAM permissions that the caller has on the specified Access
+ // Context Manager resource. The resource can be an
+ // [AccessPolicy][google.identity.accesscontextmanager.v1.AccessPolicy],
+ // [AccessLevel][google.identity.accesscontextmanager.v1.AccessLevel], or
+ // [ServicePerimeter][google.identity.accesscontextmanager.v1.ServicePerimeter
+ // ]. This method does not support other resources.
+ rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) {
+ option (google.api.http) = {
+ post: "/v1/{resource=accessPolicies/*}:testIamPermissions"
+ body: "*"
+ additional_bindings {
+ post: "/v1/{resource=accessPolicies/*/accessLevels/*}:testIamPermissions"
+ body: "*"
+ }
+ additional_bindings {
+ post: "/v1/{resource=accessPolicies/*/servicePerimeters/*}:testIamPermissions"
+ body: "*"
+ }
+ };
+ }
+}
+
+// A request to list all `AccessPolicies` for a container.
+message ListAccessPoliciesRequest {
+ // Required. Resource name for the container to list AccessPolicy instances
+ // from.
+ //
+ // Format:
+ // `organizations/{org_id}`
+ string parent = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "cloudresourcemanager.googleapis.com/Organization"
+ }
+ ];
+
+ // Number of AccessPolicy instances to include in the list. Default 100.
+ int32 page_size = 2;
+
+ // Next page token for the next batch of AccessPolicy instances. Defaults to
+ // the first page of results.
+ string page_token = 3;
+}
+
+// A response to `ListAccessPoliciesRequest`.
+message ListAccessPoliciesResponse {
+ // List of the AccessPolicy instances.
+ repeated AccessPolicy access_policies = 1;
+
+ // The pagination token to retrieve the next page of results. If the value is
+ // empty, no further results remain.
+ string next_page_token = 2;
+}
+
+// A request to get a particular `AccessPolicy`.
+message GetAccessPolicyRequest {
+ // Required. Resource name for the access policy to get.
+ //
+ // Format `accessPolicies/{policy_id}`
+ string name = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "accesscontextmanager.googleapis.com/AccessPolicy"
+ }
+ ];
+}
+
+// A request to update an `AccessPolicy`.
+message UpdateAccessPolicyRequest {
+ // Required. The updated AccessPolicy.
+ AccessPolicy policy = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // Required. Mask to control which fields get updated. Must be non-empty.
+ google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// A request to delete an `AccessPolicy`.
+message DeleteAccessPolicyRequest {
+ // Required. Resource name for the access policy to delete.
+ //
+ // Format `accessPolicies/{policy_id}`
+ string name = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "accesscontextmanager.googleapis.com/AccessPolicy"
+ }
+ ];
+}
+
+// A request to list all `AccessLevels` in an `AccessPolicy`.
+message ListAccessLevelsRequest {
+ // Required. Resource name for the access policy to list [Access Levels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] from.
+ //
+ // Format:
+ // `accessPolicies/{policy_id}`
+ string parent = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ child_type: "accesscontextmanager.googleapis.com/AccessLevel"
+ }
+ ];
+
+ // Number of [Access Levels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] to include in
+ // the list. Default 100.
+ int32 page_size = 2;
+
+ // Next page token for the next batch of [Access Level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] instances.
+ // Defaults to the first page of results.
+ string page_token = 3;
+
+ // Whether to return `BasicLevels` in the Cloud Common Expression language, as
+ // `CustomLevels`, rather than as `BasicLevels`. Defaults to returning
+ // `AccessLevels` in the format they were defined.
+ LevelFormat access_level_format = 4;
+}
+
+// A response to `ListAccessLevelsRequest`.
+message ListAccessLevelsResponse {
+ // List of the [Access Level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] instances.
+ repeated AccessLevel access_levels = 1;
+
+ // The pagination token to retrieve the next page of results. If the value is
+ // empty, no further results remain.
+ string next_page_token = 2;
+}
+
+// A request to get a particular `AccessLevel`.
+message GetAccessLevelRequest {
+ // Required. Resource name for the [Access Level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel].
+ //
+ // Format:
+ // `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+ string name = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "accesscontextmanager.googleapis.com/AccessLevel"
+ }
+ ];
+
+ // Whether to return `BasicLevels` in the Cloud Common Expression
+ // Language rather than as `BasicLevels`. Defaults to AS_DEFINED, where
+ // [Access Levels] [google.identity.accesscontextmanager.v1.AccessLevel]
+ // are returned as `BasicLevels` or `CustomLevels` based on how they were
+ // created. If set to CEL, all [Access Levels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] are returned as
+ // `CustomLevels`. In the CEL case, `BasicLevels` are translated to equivalent
+ // `CustomLevels`.
+ LevelFormat access_level_format = 2;
+}
+
+// A request to create an `AccessLevel`.
+message CreateAccessLevelRequest {
+ // Required. Resource name for the access policy which owns this [Access
+ // Level] [google.identity.accesscontextmanager.v1.AccessLevel].
+ //
+ // Format: `accessPolicies/{policy_id}`
+ string parent = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ child_type: "accesscontextmanager.googleapis.com/AccessLevel"
+ }
+ ];
+
+ // Required. The [Access Level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] to create.
+ // Syntactic correctness of the [Access Level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] is a
+ // precondition for creation.
+ AccessLevel access_level = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// A request to update an `AccessLevel`.
+message UpdateAccessLevelRequest {
+ // Required. The updated [Access Level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel]. Syntactic
+ // correctness of the [Access Level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] is a
+ // precondition for creation.
+ AccessLevel access_level = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // Required. Mask to control which fields get updated. Must be non-empty.
+ google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// A request to delete an `AccessLevel`.
+message DeleteAccessLevelRequest {
+ // Required. Resource name for the [Access Level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel].
+ //
+ // Format:
+ // `accessPolicies/{policy_id}/accessLevels/{access_level_id}`
+ string name = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "accesscontextmanager.googleapis.com/AccessLevel"
+ }
+ ];
+}
+
+// A request to replace all existing Access Levels in an Access Policy with
+// the Access Levels provided. This is done atomically.
+message ReplaceAccessLevelsRequest {
+ // Required. Resource name for the access policy which owns these
+ // [Access Levels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel].
+ //
+ // Format: `accessPolicies/{policy_id}`
+ string parent = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ child_type: "accesscontextmanager.googleapis.com/AccessLevel"
+ }
+ ];
+
+ // Required. The desired [Access Levels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] that should
+ // replace all existing [Access Levels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] in the
+ // [Access Policy]
+ // [google.identity.accesscontextmanager.v1.AccessPolicy].
+ repeated AccessLevel access_levels = 2 [(google.api.field_behavior) = REQUIRED];
+
+ // Optional. The etag for the version of the [Access Policy]
+ // [google.identity.accesscontextmanager.v1.AccessPolicy] that this
+ // replace operation is to be performed on. If, at the time of replace, the
+ // etag for the Access Policy stored in Access Context Manager is different
+ // from the specified etag, then the replace operation will not be performed
+ // and the call will fail. This field is not required. If etag is not
+ // provided, the operation will be performed as if a valid etag is provided.
+ string etag = 4;
+}
+
+// A response to ReplaceAccessLevelsRequest. This will be put inside of
+// Operation.response field.
+message ReplaceAccessLevelsResponse {
+ // List of the [Access Level]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] instances.
+ repeated AccessLevel access_levels = 1;
+}
+
+// A request to list all `ServicePerimeters` in an `AccessPolicy`.
+message ListServicePerimetersRequest {
+ // Required. Resource name for the access policy to list [Service Perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] from.
+ //
+ // Format:
+ // `accessPolicies/{policy_id}`
+ string parent = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ child_type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+ }
+ ];
+
+ // Number of [Service Perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] to include
+ // in the list. Default 100.
+ int32 page_size = 2;
+
+ // Next page token for the next batch of [Service Perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
+ // Defaults to the first page of results.
+ string page_token = 3;
+}
+
+// A response to `ListServicePerimetersRequest`.
+message ListServicePerimetersResponse {
+ // List of the [Service Perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
+ repeated ServicePerimeter service_perimeters = 1;
+
+ // The pagination token to retrieve the next page of results. If the value is
+ // empty, no further results remain.
+ string next_page_token = 2;
+}
+
+// A request to get a particular `ServicePerimeter`.
+message GetServicePerimeterRequest {
+ // Required. Resource name for the [Service Perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter].
+ //
+ // Format:
+ // `accessPolicies/{policy_id}/servicePerimeters/{service_perimeters_id}`
+ string name = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+ }
+ ];
+}
+
+// A request to create a `ServicePerimeter`.
+message CreateServicePerimeterRequest {
+ // Required. Resource name for the access policy which owns this [Service
+ // Perimeter] [google.identity.accesscontextmanager.v1.ServicePerimeter].
+ //
+ // Format: `accessPolicies/{policy_id}`
+ string parent = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ child_type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+ }
+ ];
+
+ // Required. The [Service Perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] to create.
+ // Syntactic correctness of the [Service Perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] is a
+ // precondition for creation.
+ ServicePerimeter service_perimeter = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// A request to update a `ServicePerimeter`.
+message UpdateServicePerimeterRequest {
+ // Required. The updated `ServicePerimeter`. Syntactic correctness of the
+ // `ServicePerimeter` is a precondition for creation.
+ ServicePerimeter service_perimeter = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // Required. Mask to control which fields get updated. Must be non-empty.
+ google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// A request to delete a `ServicePerimeter`.
+message DeleteServicePerimeterRequest {
+ // Required. Resource name for the [Service Perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter].
+ //
+ // Format:
+ // `accessPolicies/{policy_id}/servicePerimeters/{service_perimeter_id}`
+ string name = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+ }
+ ];
+}
+
+// A request to replace all existing Service Perimeters in an Access Policy
+// with the Service Perimeters provided. This is done atomically.
+message ReplaceServicePerimetersRequest {
+ // Required. Resource name for the access policy which owns these
+ // [Service Perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter].
+ //
+ // Format: `accessPolicies/{policy_id}`
+ string parent = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ child_type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+ }
+ ];
+
+ // Required. The desired [Service Perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] that should
+ // replace all existing [Service Perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] in the
+ // [Access Policy]
+ // [google.identity.accesscontextmanager.v1.AccessPolicy].
+ repeated ServicePerimeter service_perimeters = 2 [(google.api.field_behavior) = REQUIRED];
+
+ // Optional. The etag for the version of the [Access Policy]
+ // [google.identity.accesscontextmanager.v1.AccessPolicy] that this
+ // replace operation is to be performed on. If, at the time of replace, the
+ // etag for the Access Policy stored in Access Context Manager is different
+ // from the specified etag, then the replace operation will not be performed
+ // and the call will fail. This field is not required. If etag is not
+ // provided, the operation will be performed as if a valid etag is provided.
+ string etag = 3;
+}
+
+// A response to ReplaceServicePerimetersRequest. This will be put inside of
+// Operation.response field.
+message ReplaceServicePerimetersResponse {
+ // List of the [Service Perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] instances.
+ repeated ServicePerimeter service_perimeters = 1;
+}
+
+// A request to commit dry-run specs in all [Service Perimeters]
+// [google.identity.accesscontextmanager.v1.ServicePerimeter] belonging to
+// an [Access Policy][google.identity.accesscontextmanager.v1.AccessPolicy].
+message CommitServicePerimetersRequest {
+ // Required. Resource name for the parent [Access Policy]
+ // [google.identity.accesscontextmanager.v1.AccessPolicy] which owns all
+ // [Service Perimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] in scope for
+ // the commit operation.
+ //
+ // Format: `accessPolicies/{policy_id}`
+ string parent = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ child_type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+ }
+ ];
+
+ // Optional. The etag for the version of the [Access Policy]
+ // [google.identity.accesscontextmanager.v1.AccessPolicy] that this
+ // commit operation is to be performed on. If, at the time of commit, the
+ // etag for the Access Policy stored in Access Context Manager is different
+ // from the specified etag, then the commit operation will not be performed
+ // and the call will fail. This field is not required. If etag is not
+ // provided, the operation will be performed as if a valid etag is provided.
+ string etag = 2;
+}
+
+// A response to CommitServicePerimetersRequest. This will be put inside of
+// Operation.response field.
+message CommitServicePerimetersResponse {
+ // List of all the [Service Perimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] instances in
+ // the [Access Policy]
+ // [google.identity.accesscontextmanager.v1.AccessPolicy].
+ repeated ServicePerimeter service_perimeters = 1;
+}
+
+// The format used in an `AccessLevel`.
+enum LevelFormat {
+ // The format was not specified.
+ LEVEL_FORMAT_UNSPECIFIED = 0;
+
+ // Uses the format the resource was defined in. BasicLevels are returned as
+ // BasicLevels, CustomLevels are returned as CustomLevels.
+ AS_DEFINED = 1;
+
+ // Use Cloud Common Expression Language when returning the resource. Both
+ // BasicLevels and CustomLevels are returned as CustomLevels.
+ CEL = 2;
+}
+
+// Request of [ListGcpUserAccessBindings]
+// [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
+message ListGcpUserAccessBindingsRequest {
+ // Required. Example: "organizations/256"
+ string parent = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "cloudresourcemanager.googleapis.com/Organization"
+ }
+ ];
+
+ // Optional. Maximum number of items to return. The server may return fewer items.
+ // If left blank, the server may return any number of items.
+ int32 page_size = 2 [(google.api.field_behavior) = OPTIONAL];
+
+ // Optional. If left blank, returns the first page. To enumerate all items, use the
+ // [next_page_token]
+ // [google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse.next_page_token]
+ // from your previous list operation.
+ string page_token = 3 [(google.api.field_behavior) = OPTIONAL];
+}
+
+// Response of [ListGcpUserAccessBindings]
+// [google.identity.accesscontextmanager.v1.AccessContextManager.ListGcpUserAccessBindings].
+message ListGcpUserAccessBindingsResponse {
+ // [GcpUserAccessBinding]
+ // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
+ repeated GcpUserAccessBinding gcp_user_access_bindings = 1;
+
+ // Token to get the next page of items. If blank, there are no more items.
+ string next_page_token = 2;
+}
+
+// Request of [GetGcpUserAccessBinding]
+// [google.identity.accesscontextmanager.v1.AccessContextManager.GetGcpUserAccessBinding].
+message GetGcpUserAccessBindingRequest {
+ // Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
+ string name = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "accesscontextmanager.googleapis.com/GcpUserAccessBinding"
+ }
+ ];
+}
+
+// Request of [CreateGcpUserAccessBinding]
+// [google.identity.accesscontextmanager.v1.AccessContextManager.CreateGcpUserAccessBinding].
+message CreateGcpUserAccessBindingRequest {
+ // Required. Example: "organizations/256"
+ string parent = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "cloudresourcemanager.googleapis.com/Organization"
+ }
+ ];
+
+ // Required. [GcpUserAccessBinding]
+ // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
+ GcpUserAccessBinding gcp_user_access_binding = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// Request of [UpdateGcpUserAccessBinding]
+// [google.identity.accesscontextmanager.v1.AccessContextManager.UpdateGcpUserAccessBinding].
+message UpdateGcpUserAccessBindingRequest {
+ // Required. [GcpUserAccessBinding]
+ // [google.identity.accesscontextmanager.v1.GcpUserAccessBinding]
+ GcpUserAccessBinding gcp_user_access_binding = 1 [(google.api.field_behavior) = REQUIRED];
+
+ // Required. Only the fields specified in this mask are updated. Because name and
+ // group_key cannot be changed, update_mask is required and must always be:
+ //
+ // update_mask {
+ // paths: "access_levels"
+ // }
+ google.protobuf.FieldMask update_mask = 2 [(google.api.field_behavior) = REQUIRED];
+}
+
+// Request of [DeleteGcpUserAccessBinding]
+// [google.identity.accesscontextmanager.v1.AccessContextManager.DeleteGcpUserAccessBinding].
+message DeleteGcpUserAccessBindingRequest {
+ // Required. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
+ string name = 1 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "accesscontextmanager.googleapis.com/GcpUserAccessBinding"
+ }
+ ];
+}
+
+// Currently, a completed operation means nothing. In the future, this metadata
+// and a completed operation may indicate that the binding has taken effect and
+// is affecting access decisions for all users.
+message GcpUserAccessBindingOperationMetadata {
+
+}
+
+// Metadata of Access Context Manager's Long Running Operations.
+message AccessContextManagerOperationMetadata {
+
+}
diff --git a/google/identity/accesscontextmanager/v1/access_context_manager_pb2.py b/google/identity/accesscontextmanager/v1/access_context_manager_pb2.py
new file mode 100644
index 0000000..c0ccd6e
--- /dev/null
+++ b/google/identity/accesscontextmanager/v1/access_context_manager_pb2.py
@@ -0,0 +1,844 @@
+# -*- coding: utf-8 -*-
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Generated by the protocol buffer compiler. DO NOT EDIT!
+# source: google/identity/accesscontextmanager/v1/access_context_manager.proto
+"""Generated protocol buffer code."""
+from google.protobuf.internal import enum_type_wrapper
+from google.protobuf import descriptor as _descriptor
+from google.protobuf import descriptor_pool as _descriptor_pool
+from google.protobuf import message as _message
+from google.protobuf import reflection as _reflection
+from google.protobuf import symbol_database as _symbol_database
+
+# @@protoc_insertion_point(imports)
+
+_sym_db = _symbol_database.Default()
+
+
+from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2
+from google.api import client_pb2 as google_dot_api_dot_client__pb2
+from google.api import field_behavior_pb2 as google_dot_api_dot_field__behavior__pb2
+from google.api import resource_pb2 as google_dot_api_dot_resource__pb2
+from google.iam.v1 import iam_policy_pb2 as google_dot_iam_dot_v1_dot_iam__policy__pb2
+from google.iam.v1 import policy_pb2 as google_dot_iam_dot_v1_dot_policy__pb2
+from google.identity.accesscontextmanager.v1 import (
+ access_level_pb2 as google_dot_identity_dot_accesscontextmanager_dot_v1_dot_access__level__pb2,
+)
+from google.identity.accesscontextmanager.v1 import (
+ access_policy_pb2 as google_dot_identity_dot_accesscontextmanager_dot_v1_dot_access__policy__pb2,
+)
+from google.identity.accesscontextmanager.v1 import (
+ gcp_user_access_binding_pb2 as google_dot_identity_dot_accesscontextmanager_dot_v1_dot_gcp__user__access__binding__pb2,
+)
+from google.identity.accesscontextmanager.v1 import (
+ service_perimeter_pb2 as google_dot_identity_dot_accesscontextmanager_dot_v1_dot_service__perimeter__pb2,
+)
+from google.longrunning import (
+ operations_pb2 as google_dot_longrunning_dot_operations__pb2,
+)
+from google.protobuf import field_mask_pb2 as google_dot_protobuf_dot_field__mask__pb2
+
+
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(
+ b'\nDgoogle/identity/accesscontextmanager/v1/access_context_manager.proto\x12\'google.identity.accesscontextmanager.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1egoogle/iam/v1/iam_policy.proto\x1a\x1agoogle/iam/v1/policy.proto\x1a:google/identity/accesscontextmanager/v1/access_level.proto\x1a;google/identity/accesscontextmanager/v1/access_policy.proto\x1a\x45google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto\x1a?google/identity/accesscontextmanager/v1/service_perimeter.proto\x1a#google/longrunning/operations.proto\x1a google/protobuf/field_mask.proto"\x8c\x01\n\x19ListAccessPoliciesRequest\x12H\n\x06parent\x18\x01 \x01(\tB8\xe0\x41\x02\xfa\x41\x32\n0cloudresourcemanager.googleapis.com/Organization\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t"\x85\x01\n\x1aListAccessPoliciesResponse\x12N\n\x0f\x61\x63\x63\x65ss_policies\x18\x01 \x03(\x0b\x32\x35.google.identity.accesscontextmanager.v1.AccessPolicy\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t"`\n\x16GetAccessPolicyRequest\x12\x46\n\x04name\x18\x01 \x01(\tB8\xe0\x41\x02\xfa\x41\x32\n0accesscontextmanager.googleapis.com/AccessPolicy"\x9d\x01\n\x19UpdateAccessPolicyRequest\x12J\n\x06policy\x18\x01 \x01(\x0b\x32\x35.google.identity.accesscontextmanager.v1.AccessPolicyB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMaskB\x03\xe0\x41\x02"c\n\x19\x44\x65leteAccessPolicyRequest\x12\x46\n\x04name\x18\x01 \x01(\tB8\xe0\x41\x02\xfa\x41\x32\n0accesscontextmanager.googleapis.com/AccessPolicy"\xdc\x01\n\x17ListAccessLevelsRequest\x12G\n\x06parent\x18\x01 \x01(\tB7\xe0\x41\x02\xfa\x41\x31\x12/accesscontextmanager.googleapis.com/AccessLevel\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t\x12Q\n\x13\x61\x63\x63\x65ss_level_format\x18\x04 \x01(\x0e\x32\x34.google.identity.accesscontextmanager.v1.LevelFormat"\x80\x01\n\x18ListAccessLevelsResponse\x12K\n\raccess_levels\x18\x01 \x03(\x0b\x32\x34.google.identity.accesscontextmanager.v1.AccessLevel\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t"\xb1\x01\n\x15GetAccessLevelRequest\x12\x45\n\x04name\x18\x01 \x01(\tB7\xe0\x41\x02\xfa\x41\x31\n/accesscontextmanager.googleapis.com/AccessLevel\x12Q\n\x13\x61\x63\x63\x65ss_level_format\x18\x02 \x01(\x0e\x32\x34.google.identity.accesscontextmanager.v1.LevelFormat"\xb4\x01\n\x18\x43reateAccessLevelRequest\x12G\n\x06parent\x18\x01 \x01(\tB7\xe0\x41\x02\xfa\x41\x31\x12/accesscontextmanager.googleapis.com/AccessLevel\x12O\n\x0c\x61\x63\x63\x65ss_level\x18\x02 \x01(\x0b\x32\x34.google.identity.accesscontextmanager.v1.AccessLevelB\x03\xe0\x41\x02"\xa1\x01\n\x18UpdateAccessLevelRequest\x12O\n\x0c\x61\x63\x63\x65ss_level\x18\x01 \x01(\x0b\x32\x34.google.identity.accesscontextmanager.v1.AccessLevelB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMaskB\x03\xe0\x41\x02"a\n\x18\x44\x65leteAccessLevelRequest\x12\x45\n\x04name\x18\x01 \x01(\tB7\xe0\x41\x02\xfa\x41\x31\n/accesscontextmanager.googleapis.com/AccessLevel"\xc5\x01\n\x1aReplaceAccessLevelsRequest\x12G\n\x06parent\x18\x01 \x01(\tB7\xe0\x41\x02\xfa\x41\x31\x12/accesscontextmanager.googleapis.com/AccessLevel\x12P\n\raccess_levels\x18\x02 \x03(\x0b\x32\x34.google.identity.accesscontextmanager.v1.AccessLevelB\x03\xe0\x41\x02\x12\x0c\n\x04\x65tag\x18\x04 \x01(\t"j\n\x1bReplaceAccessLevelsResponse\x12K\n\raccess_levels\x18\x01 \x03(\x0b\x32\x34.google.identity.accesscontextmanager.v1.AccessLevel"\x93\x01\n\x1cListServicePerimetersRequest\x12L\n\x06parent\x18\x01 \x01(\tB<\xe0\x41\x02\xfa\x41\x36\x12\x34\x61\x63\x63\x65sscontextmanager.googleapis.com/ServicePerimeter\x12\x11\n\tpage_size\x18\x02 \x01(\x05\x12\x12\n\npage_token\x18\x03 \x01(\t"\x8f\x01\n\x1dListServicePerimetersResponse\x12U\n\x12service_perimeters\x18\x01 \x03(\x0b\x32\x39.google.identity.accesscontextmanager.v1.ServicePerimeter\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t"h\n\x1aGetServicePerimeterRequest\x12J\n\x04name\x18\x01 \x01(\tB<\xe0\x41\x02\xfa\x41\x36\n4accesscontextmanager.googleapis.com/ServicePerimeter"\xc8\x01\n\x1d\x43reateServicePerimeterRequest\x12L\n\x06parent\x18\x01 \x01(\tB<\xe0\x41\x02\xfa\x41\x36\x12\x34\x61\x63\x63\x65sscontextmanager.googleapis.com/ServicePerimeter\x12Y\n\x11service_perimeter\x18\x02 \x01(\x0b\x32\x39.google.identity.accesscontextmanager.v1.ServicePerimeterB\x03\xe0\x41\x02"\xb0\x01\n\x1dUpdateServicePerimeterRequest\x12Y\n\x11service_perimeter\x18\x01 \x01(\x0b\x32\x39.google.identity.accesscontextmanager.v1.ServicePerimeterB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMaskB\x03\xe0\x41\x02"k\n\x1d\x44\x65leteServicePerimeterRequest\x12J\n\x04name\x18\x01 \x01(\tB<\xe0\x41\x02\xfa\x41\x36\n4accesscontextmanager.googleapis.com/ServicePerimeter"\xd9\x01\n\x1fReplaceServicePerimetersRequest\x12L\n\x06parent\x18\x01 \x01(\tB<\xe0\x41\x02\xfa\x41\x36\x12\x34\x61\x63\x63\x65sscontextmanager.googleapis.com/ServicePerimeter\x12Z\n\x12service_perimeters\x18\x02 \x03(\x0b\x32\x39.google.identity.accesscontextmanager.v1.ServicePerimeterB\x03\xe0\x41\x02\x12\x0c\n\x04\x65tag\x18\x03 \x01(\t"y\n ReplaceServicePerimetersResponse\x12U\n\x12service_perimeters\x18\x01 \x03(\x0b\x32\x39.google.identity.accesscontextmanager.v1.ServicePerimeter"|\n\x1e\x43ommitServicePerimetersRequest\x12L\n\x06parent\x18\x01 \x01(\tB<\xe0\x41\x02\xfa\x41\x36\x12\x34\x61\x63\x63\x65sscontextmanager.googleapis.com/ServicePerimeter\x12\x0c\n\x04\x65tag\x18\x02 \x01(\t"x\n\x1f\x43ommitServicePerimetersResponse\x12U\n\x12service_perimeters\x18\x01 \x03(\x0b\x32\x39.google.identity.accesscontextmanager.v1.ServicePerimeter"\x9d\x01\n ListGcpUserAccessBindingsRequest\x12H\n\x06parent\x18\x01 \x01(\tB8\xe0\x41\x02\xfa\x41\x32\n0cloudresourcemanager.googleapis.com/Organization\x12\x16\n\tpage_size\x18\x02 \x01(\x05\x42\x03\xe0\x41\x01\x12\x17\n\npage_token\x18\x03 \x01(\tB\x03\xe0\x41\x01"\x9d\x01\n!ListGcpUserAccessBindingsResponse\x12_\n\x18gcp_user_access_bindings\x18\x01 \x03(\x0b\x32=.google.identity.accesscontextmanager.v1.GcpUserAccessBinding\x12\x17\n\x0fnext_page_token\x18\x02 \x01(\t"p\n\x1eGetGcpUserAccessBindingRequest\x12N\n\x04name\x18\x01 \x01(\tB@\xe0\x41\x02\xfa\x41:\n8accesscontextmanager.googleapis.com/GcpUserAccessBinding"\xd2\x01\n!CreateGcpUserAccessBindingRequest\x12H\n\x06parent\x18\x01 \x01(\tB8\xe0\x41\x02\xfa\x41\x32\n0cloudresourcemanager.googleapis.com/Organization\x12\x63\n\x17gcp_user_access_binding\x18\x02 \x01(\x0b\x32=.google.identity.accesscontextmanager.v1.GcpUserAccessBindingB\x03\xe0\x41\x02"\xbe\x01\n!UpdateGcpUserAccessBindingRequest\x12\x63\n\x17gcp_user_access_binding\x18\x01 \x01(\x0b\x32=.google.identity.accesscontextmanager.v1.GcpUserAccessBindingB\x03\xe0\x41\x02\x12\x34\n\x0bupdate_mask\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.FieldMaskB\x03\xe0\x41\x02"s\n!DeleteGcpUserAccessBindingRequest\x12N\n\x04name\x18\x01 \x01(\tB@\xe0\x41\x02\xfa\x41:\n8accesscontextmanager.googleapis.com/GcpUserAccessBinding"\'\n%GcpUserAccessBindingOperationMetadata"\'\n%AccessContextManagerOperationMetadata*D\n\x0bLevelFormat\x12\x1c\n\x18LEVEL_FORMAT_UNSPECIFIED\x10\x00\x12\x0e\n\nAS_DEFINED\x10\x01\x12\x07\n\x03\x43\x45L\x10\x02\x32\xf1\x32\n\x14\x41\x63\x63\x65ssContextManager\x12\xb9\x01\n\x12ListAccessPolicies\x12\x42.google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest\x1a\x43.google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse"\x1a\x82\xd3\xe4\x93\x02\x14\x12\x12/v1/accessPolicies\x12\xb5\x01\n\x0fGetAccessPolicy\x12?.google.identity.accesscontextmanager.v1.GetAccessPolicyRequest\x1a\x35.google.identity.accesscontextmanager.v1.AccessPolicy"*\x82\xd3\xe4\x93\x02\x1d\x12\x1b/v1/{name=accessPolicies/*}\xda\x41\x04name\x12\xc1\x01\n\x12\x43reateAccessPolicy\x12\x35.google.identity.accesscontextmanager.v1.AccessPolicy\x1a\x1d.google.longrunning.Operation"U\x82\xd3\xe4\x93\x02\x17"\x12/v1/accessPolicies:\x01*\xca\x41\x35\n\x0c\x41\x63\x63\x65ssPolicy\x12%AccessContextManagerOperationMetadata\x12\xf8\x01\n\x12UpdateAccessPolicy\x12\x42.google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest\x1a\x1d.google.longrunning.Operation"\x7f\x82\xd3\xe4\x93\x02,2"/v1/{policy.name=accessPolicies/*}:\x06policy\xda\x41\x12policy,update_mask\xca\x41\x35\n\x0c\x41\x63\x63\x65ssPolicy\x12%AccessContextManagerOperationMetadata\x12\xe4\x01\n\x12\x44\x65leteAccessPolicy\x12\x42.google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest\x1a\x1d.google.longrunning.Operation"k\x82\xd3\xe4\x93\x02\x1d*\x1b/v1/{name=accessPolicies/*}\xda\x41\x04name\xca\x41>\n\x15google.protobuf.Empty\x12%AccessContextManagerOperationMetadata\x12\xd4\x01\n\x10ListAccessLevels\x12@.google.identity.accesscontextmanager.v1.ListAccessLevelsRequest\x1a\x41.google.identity.accesscontextmanager.v1.ListAccessLevelsResponse";\x82\xd3\xe4\x93\x02,\x12*/v1/{parent=accessPolicies/*}/accessLevels\xda\x41\x06parent\x12\xc1\x01\n\x0eGetAccessLevel\x12>.google.identity.accesscontextmanager.v1.GetAccessLevelRequest\x1a\x34.google.identity.accesscontextmanager.v1.AccessLevel"9\x82\xd3\xe4\x93\x02,\x12*/v1/{name=accessPolicies/*/accessLevels/*}\xda\x41\x04name\x12\x85\x02\n\x11\x43reateAccessLevel\x12\x41.google.identity.accesscontextmanager.v1.CreateAccessLevelRequest\x1a\x1d.google.longrunning.Operation"\x8d\x01\x82\xd3\xe4\x93\x02:"*/v1/{parent=accessPolicies/*}/accessLevels:\x0c\x61\x63\x63\x65ss_level\xda\x41\x13parent,access_level\xca\x41\x34\n\x0b\x41\x63\x63\x65ssLevel\x12%AccessContextManagerOperationMetadata\x12\x97\x02\n\x11UpdateAccessLevel\x12\x41.google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest\x1a\x1d.google.longrunning.Operation"\x9f\x01\x82\xd3\xe4\x93\x02G27/v1/{access_level.name=accessPolicies/*/accessLevels/*}:\x0c\x61\x63\x63\x65ss_level\xda\x41\x18\x61\x63\x63\x65ss_level,update_mask\xca\x41\x34\n\x0b\x41\x63\x63\x65ssLevel\x12%AccessContextManagerOperationMetadata\x12\xf1\x01\n\x11\x44\x65leteAccessLevel\x12\x41.google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest\x1a\x1d.google.longrunning.Operation"z\x82\xd3\xe4\x93\x02,**/v1/{name=accessPolicies/*/accessLevels/*}\xda\x41\x04name\xca\x41>\n\x15google.protobuf.Empty\x12%AccessContextManagerOperationMetadata\x12\x83\x02\n\x13ReplaceAccessLevels\x12\x43.google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest\x1a\x1d.google.longrunning.Operation"\x87\x01\x82\xd3\xe4\x93\x02:"5/v1/{parent=accessPolicies/*}/accessLevels:replaceAll:\x01*\xca\x41\x44\n\x1bReplaceAccessLevelsResponse\x12%AccessContextManagerOperationMetadata\x12\xe8\x01\n\x15ListServicePerimeters\x12\x45.google.identity.accesscontextmanager.v1.ListServicePerimetersRequest\x1a\x46.google.identity.accesscontextmanager.v1.ListServicePerimetersResponse"@\x82\xd3\xe4\x93\x02\x31\x12//v1/{parent=accessPolicies/*}/servicePerimeters\xda\x41\x06parent\x12\xd5\x01\n\x13GetServicePerimeter\x12\x43.google.identity.accesscontextmanager.v1.GetServicePerimeterRequest\x1a\x39.google.identity.accesscontextmanager.v1.ServicePerimeter">\x82\xd3\xe4\x93\x02\x31\x12//v1/{name=accessPolicies/*/servicePerimeters/*}\xda\x41\x04name\x12\xa3\x02\n\x16\x43reateServicePerimeter\x12\x46.google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest\x1a\x1d.google.longrunning.Operation"\xa1\x01\x82\xd3\xe4\x93\x02\x44"//v1/{parent=accessPolicies/*}/servicePerimeters:\x11service_perimeter\xda\x41\x18parent,service_perimeter\xca\x41\x39\n\x10ServicePerimeter\x12%AccessContextManagerOperationMetadata\x12\xba\x02\n\x16UpdateServicePerimeter\x12\x46.google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest\x1a\x1d.google.longrunning.Operation"\xb8\x01\x82\xd3\xe4\x93\x02V2A/v1/{service_perimeter.name=accessPolicies/*/servicePerimeters/*}:\x11service_perimeter\xda\x41\x1dservice_perimeter,update_mask\xca\x41\x39\n\x10ServicePerimeter\x12%AccessContextManagerOperationMetadata\x12\x80\x02\n\x16\x44\x65leteServicePerimeter\x12\x46.google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest\x1a\x1d.google.longrunning.Operation"\x7f\x82\xd3\xe4\x93\x02\x31*//v1/{name=accessPolicies/*/servicePerimeters/*}\xda\x41\x04name\xca\x41>\n\x15google.protobuf.Empty\x12%AccessContextManagerOperationMetadata\x12\x97\x02\n\x18ReplaceServicePerimeters\x12H.google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest\x1a\x1d.google.longrunning.Operation"\x91\x01\x82\xd3\xe4\x93\x02?":/v1/{parent=accessPolicies/*}/servicePerimeters:replaceAll:\x01*\xca\x41I\n ReplaceServicePerimetersResponse\x12%AccessContextManagerOperationMetadata\x12\x90\x02\n\x17\x43ommitServicePerimeters\x12G.google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest\x1a\x1d.google.longrunning.Operation"\x8c\x01\x82\xd3\xe4\x93\x02;"6/v1/{parent=accessPolicies/*}/servicePerimeters:commit:\x01*\xca\x41H\n\x1f\x43ommitServicePerimetersResponse\x12%AccessContextManagerOperationMetadata\x12\xf7\x01\n\x19ListGcpUserAccessBindings\x12I.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest\x1aJ.google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse"C\x82\xd3\xe4\x93\x02\x34\x12\x32/v1/{parent=organizations/*}/gcpUserAccessBindings\xda\x41\x06parent\x12\xe4\x01\n\x17GetGcpUserAccessBinding\x12G.google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest\x1a=.google.identity.accesscontextmanager.v1.GcpUserAccessBinding"A\x82\xd3\xe4\x93\x02\x34\x12\x32/v1/{name=organizations/*/gcpUserAccessBindings/*}\xda\x41\x04name\x12\xbe\x02\n\x1a\x43reateGcpUserAccessBinding\x12J.google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest\x1a\x1d.google.longrunning.Operation"\xb4\x01\x82\xd3\xe4\x93\x02M"2/v1/{parent=organizations/*}/gcpUserAccessBindings:\x17gcp_user_access_binding\xda\x41\x1eparent,gcp_user_access_binding\xca\x41=\n\x14GcpUserAccessBinding\x12%GcpUserAccessBindingOperationMetadata\x12\xdb\x02\n\x1aUpdateGcpUserAccessBinding\x12J.google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest\x1a\x1d.google.longrunning.Operation"\xd1\x01\x82\xd3\xe4\x93\x02\x65\x32J/v1/{gcp_user_access_binding.name=organizations/*/gcpUserAccessBindings/*}:\x17gcp_user_access_binding\xda\x41#gcp_user_access_binding,update_mask\xca\x41=\n\x14GcpUserAccessBinding\x12%GcpUserAccessBindingOperationMetadata\x12\x8c\x02\n\x1a\x44\x65leteGcpUserAccessBinding\x12J.google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest\x1a\x1d.google.longrunning.Operation"\x82\x01\x82\xd3\xe4\x93\x02\x34*2/v1/{name=organizations/*/gcpUserAccessBindings/*}\xda\x41\x04name\xca\x41>\n\x15google.protobuf.Empty\x12%GcpUserAccessBindingOperationMetadata\x12\x82\x01\n\x0cSetIamPolicy\x12".google.iam.v1.SetIamPolicyRequest\x1a\x15.google.iam.v1.Policy"7\x82\xd3\xe4\x93\x02\x31",/v1/{resource=accessPolicies/*}:setIamPolicy:\x01*\x12\x82\x01\n\x0cGetIamPolicy\x12".google.iam.v1.GetIamPolicyRequest\x1a\x15.google.iam.v1.Policy"7\x82\xd3\xe4\x93\x02\x31",/v1/{resource=accessPolicies/*}:getIamPolicy:\x01*\x12\xbf\x02\n\x12TestIamPermissions\x12(.google.iam.v1.TestIamPermissionsRequest\x1a).google.iam.v1.TestIamPermissionsResponse"\xd3\x01\x82\xd3\xe4\x93\x02\xcc\x01"2/v1/{resource=accessPolicies/*}:testIamPermissions:\x01*ZF"A/v1/{resource=accessPolicies/*/accessLevels/*}:testIamPermissions:\x01*ZK"F/v1/{resource=accessPolicies/*/servicePerimeters/*}:testIamPermissions:\x01*\x1aW\xca\x41#accesscontextmanager.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\xb0\x02\n+com.google.identity.accesscontextmanager.v1B\x19\x41\x63\x63\x65ssContextManagerProtoP\x01Z\\cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb\xa2\x02\x04GACM\xaa\x02\'Google.Identity.AccessContextManager.V1\xca\x02\'Google\\Identity\\AccessContextManager\\V1\xea\x02*Google::Identity::AccessContextManager::V1b\x06proto3'
+)
+
+_LEVELFORMAT = DESCRIPTOR.enum_types_by_name["LevelFormat"]
+LevelFormat = enum_type_wrapper.EnumTypeWrapper(_LEVELFORMAT)
+LEVEL_FORMAT_UNSPECIFIED = 0
+AS_DEFINED = 1
+CEL = 2
+
+
+_LISTACCESSPOLICIESREQUEST = DESCRIPTOR.message_types_by_name[
+ "ListAccessPoliciesRequest"
+]
+_LISTACCESSPOLICIESRESPONSE = DESCRIPTOR.message_types_by_name[
+ "ListAccessPoliciesResponse"
+]
+_GETACCESSPOLICYREQUEST = DESCRIPTOR.message_types_by_name["GetAccessPolicyRequest"]
+_UPDATEACCESSPOLICYREQUEST = DESCRIPTOR.message_types_by_name[
+ "UpdateAccessPolicyRequest"
+]
+_DELETEACCESSPOLICYREQUEST = DESCRIPTOR.message_types_by_name[
+ "DeleteAccessPolicyRequest"
+]
+_LISTACCESSLEVELSREQUEST = DESCRIPTOR.message_types_by_name["ListAccessLevelsRequest"]
+_LISTACCESSLEVELSRESPONSE = DESCRIPTOR.message_types_by_name["ListAccessLevelsResponse"]
+_GETACCESSLEVELREQUEST = DESCRIPTOR.message_types_by_name["GetAccessLevelRequest"]
+_CREATEACCESSLEVELREQUEST = DESCRIPTOR.message_types_by_name["CreateAccessLevelRequest"]
+_UPDATEACCESSLEVELREQUEST = DESCRIPTOR.message_types_by_name["UpdateAccessLevelRequest"]
+_DELETEACCESSLEVELREQUEST = DESCRIPTOR.message_types_by_name["DeleteAccessLevelRequest"]
+_REPLACEACCESSLEVELSREQUEST = DESCRIPTOR.message_types_by_name[
+ "ReplaceAccessLevelsRequest"
+]
+_REPLACEACCESSLEVELSRESPONSE = DESCRIPTOR.message_types_by_name[
+ "ReplaceAccessLevelsResponse"
+]
+_LISTSERVICEPERIMETERSREQUEST = DESCRIPTOR.message_types_by_name[
+ "ListServicePerimetersRequest"
+]
+_LISTSERVICEPERIMETERSRESPONSE = DESCRIPTOR.message_types_by_name[
+ "ListServicePerimetersResponse"
+]
+_GETSERVICEPERIMETERREQUEST = DESCRIPTOR.message_types_by_name[
+ "GetServicePerimeterRequest"
+]
+_CREATESERVICEPERIMETERREQUEST = DESCRIPTOR.message_types_by_name[
+ "CreateServicePerimeterRequest"
+]
+_UPDATESERVICEPERIMETERREQUEST = DESCRIPTOR.message_types_by_name[
+ "UpdateServicePerimeterRequest"
+]
+_DELETESERVICEPERIMETERREQUEST = DESCRIPTOR.message_types_by_name[
+ "DeleteServicePerimeterRequest"
+]
+_REPLACESERVICEPERIMETERSREQUEST = DESCRIPTOR.message_types_by_name[
+ "ReplaceServicePerimetersRequest"
+]
+_REPLACESERVICEPERIMETERSRESPONSE = DESCRIPTOR.message_types_by_name[
+ "ReplaceServicePerimetersResponse"
+]
+_COMMITSERVICEPERIMETERSREQUEST = DESCRIPTOR.message_types_by_name[
+ "CommitServicePerimetersRequest"
+]
+_COMMITSERVICEPERIMETERSRESPONSE = DESCRIPTOR.message_types_by_name[
+ "CommitServicePerimetersResponse"
+]
+_LISTGCPUSERACCESSBINDINGSREQUEST = DESCRIPTOR.message_types_by_name[
+ "ListGcpUserAccessBindingsRequest"
+]
+_LISTGCPUSERACCESSBINDINGSRESPONSE = DESCRIPTOR.message_types_by_name[
+ "ListGcpUserAccessBindingsResponse"
+]
+_GETGCPUSERACCESSBINDINGREQUEST = DESCRIPTOR.message_types_by_name[
+ "GetGcpUserAccessBindingRequest"
+]
+_CREATEGCPUSERACCESSBINDINGREQUEST = DESCRIPTOR.message_types_by_name[
+ "CreateGcpUserAccessBindingRequest"
+]
+_UPDATEGCPUSERACCESSBINDINGREQUEST = DESCRIPTOR.message_types_by_name[
+ "UpdateGcpUserAccessBindingRequest"
+]
+_DELETEGCPUSERACCESSBINDINGREQUEST = DESCRIPTOR.message_types_by_name[
+ "DeleteGcpUserAccessBindingRequest"
+]
+_GCPUSERACCESSBINDINGOPERATIONMETADATA = DESCRIPTOR.message_types_by_name[
+ "GcpUserAccessBindingOperationMetadata"
+]
+_ACCESSCONTEXTMANAGEROPERATIONMETADATA = DESCRIPTOR.message_types_by_name[
+ "AccessContextManagerOperationMetadata"
+]
+ListAccessPoliciesRequest = _reflection.GeneratedProtocolMessageType(
+ "ListAccessPoliciesRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _LISTACCESSPOLICIESREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ListAccessPoliciesRequest)
+ },
+)
+_sym_db.RegisterMessage(ListAccessPoliciesRequest)
+
+ListAccessPoliciesResponse = _reflection.GeneratedProtocolMessageType(
+ "ListAccessPoliciesResponse",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _LISTACCESSPOLICIESRESPONSE,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ListAccessPoliciesResponse)
+ },
+)
+_sym_db.RegisterMessage(ListAccessPoliciesResponse)
+
+GetAccessPolicyRequest = _reflection.GeneratedProtocolMessageType(
+ "GetAccessPolicyRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _GETACCESSPOLICYREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.GetAccessPolicyRequest)
+ },
+)
+_sym_db.RegisterMessage(GetAccessPolicyRequest)
+
+UpdateAccessPolicyRequest = _reflection.GeneratedProtocolMessageType(
+ "UpdateAccessPolicyRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _UPDATEACCESSPOLICYREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.UpdateAccessPolicyRequest)
+ },
+)
+_sym_db.RegisterMessage(UpdateAccessPolicyRequest)
+
+DeleteAccessPolicyRequest = _reflection.GeneratedProtocolMessageType(
+ "DeleteAccessPolicyRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _DELETEACCESSPOLICYREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.DeleteAccessPolicyRequest)
+ },
+)
+_sym_db.RegisterMessage(DeleteAccessPolicyRequest)
+
+ListAccessLevelsRequest = _reflection.GeneratedProtocolMessageType(
+ "ListAccessLevelsRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _LISTACCESSLEVELSREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ListAccessLevelsRequest)
+ },
+)
+_sym_db.RegisterMessage(ListAccessLevelsRequest)
+
+ListAccessLevelsResponse = _reflection.GeneratedProtocolMessageType(
+ "ListAccessLevelsResponse",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _LISTACCESSLEVELSRESPONSE,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ListAccessLevelsResponse)
+ },
+)
+_sym_db.RegisterMessage(ListAccessLevelsResponse)
+
+GetAccessLevelRequest = _reflection.GeneratedProtocolMessageType(
+ "GetAccessLevelRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _GETACCESSLEVELREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.GetAccessLevelRequest)
+ },
+)
+_sym_db.RegisterMessage(GetAccessLevelRequest)
+
+CreateAccessLevelRequest = _reflection.GeneratedProtocolMessageType(
+ "CreateAccessLevelRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _CREATEACCESSLEVELREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.CreateAccessLevelRequest)
+ },
+)
+_sym_db.RegisterMessage(CreateAccessLevelRequest)
+
+UpdateAccessLevelRequest = _reflection.GeneratedProtocolMessageType(
+ "UpdateAccessLevelRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _UPDATEACCESSLEVELREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.UpdateAccessLevelRequest)
+ },
+)
+_sym_db.RegisterMessage(UpdateAccessLevelRequest)
+
+DeleteAccessLevelRequest = _reflection.GeneratedProtocolMessageType(
+ "DeleteAccessLevelRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _DELETEACCESSLEVELREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.DeleteAccessLevelRequest)
+ },
+)
+_sym_db.RegisterMessage(DeleteAccessLevelRequest)
+
+ReplaceAccessLevelsRequest = _reflection.GeneratedProtocolMessageType(
+ "ReplaceAccessLevelsRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _REPLACEACCESSLEVELSREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ReplaceAccessLevelsRequest)
+ },
+)
+_sym_db.RegisterMessage(ReplaceAccessLevelsRequest)
+
+ReplaceAccessLevelsResponse = _reflection.GeneratedProtocolMessageType(
+ "ReplaceAccessLevelsResponse",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _REPLACEACCESSLEVELSRESPONSE,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ReplaceAccessLevelsResponse)
+ },
+)
+_sym_db.RegisterMessage(ReplaceAccessLevelsResponse)
+
+ListServicePerimetersRequest = _reflection.GeneratedProtocolMessageType(
+ "ListServicePerimetersRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _LISTSERVICEPERIMETERSREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ListServicePerimetersRequest)
+ },
+)
+_sym_db.RegisterMessage(ListServicePerimetersRequest)
+
+ListServicePerimetersResponse = _reflection.GeneratedProtocolMessageType(
+ "ListServicePerimetersResponse",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _LISTSERVICEPERIMETERSRESPONSE,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ListServicePerimetersResponse)
+ },
+)
+_sym_db.RegisterMessage(ListServicePerimetersResponse)
+
+GetServicePerimeterRequest = _reflection.GeneratedProtocolMessageType(
+ "GetServicePerimeterRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _GETSERVICEPERIMETERREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.GetServicePerimeterRequest)
+ },
+)
+_sym_db.RegisterMessage(GetServicePerimeterRequest)
+
+CreateServicePerimeterRequest = _reflection.GeneratedProtocolMessageType(
+ "CreateServicePerimeterRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _CREATESERVICEPERIMETERREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.CreateServicePerimeterRequest)
+ },
+)
+_sym_db.RegisterMessage(CreateServicePerimeterRequest)
+
+UpdateServicePerimeterRequest = _reflection.GeneratedProtocolMessageType(
+ "UpdateServicePerimeterRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _UPDATESERVICEPERIMETERREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.UpdateServicePerimeterRequest)
+ },
+)
+_sym_db.RegisterMessage(UpdateServicePerimeterRequest)
+
+DeleteServicePerimeterRequest = _reflection.GeneratedProtocolMessageType(
+ "DeleteServicePerimeterRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _DELETESERVICEPERIMETERREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.DeleteServicePerimeterRequest)
+ },
+)
+_sym_db.RegisterMessage(DeleteServicePerimeterRequest)
+
+ReplaceServicePerimetersRequest = _reflection.GeneratedProtocolMessageType(
+ "ReplaceServicePerimetersRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _REPLACESERVICEPERIMETERSREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ReplaceServicePerimetersRequest)
+ },
+)
+_sym_db.RegisterMessage(ReplaceServicePerimetersRequest)
+
+ReplaceServicePerimetersResponse = _reflection.GeneratedProtocolMessageType(
+ "ReplaceServicePerimetersResponse",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _REPLACESERVICEPERIMETERSRESPONSE,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ReplaceServicePerimetersResponse)
+ },
+)
+_sym_db.RegisterMessage(ReplaceServicePerimetersResponse)
+
+CommitServicePerimetersRequest = _reflection.GeneratedProtocolMessageType(
+ "CommitServicePerimetersRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _COMMITSERVICEPERIMETERSREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.CommitServicePerimetersRequest)
+ },
+)
+_sym_db.RegisterMessage(CommitServicePerimetersRequest)
+
+CommitServicePerimetersResponse = _reflection.GeneratedProtocolMessageType(
+ "CommitServicePerimetersResponse",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _COMMITSERVICEPERIMETERSRESPONSE,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.CommitServicePerimetersResponse)
+ },
+)
+_sym_db.RegisterMessage(CommitServicePerimetersResponse)
+
+ListGcpUserAccessBindingsRequest = _reflection.GeneratedProtocolMessageType(
+ "ListGcpUserAccessBindingsRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _LISTGCPUSERACCESSBINDINGSREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsRequest)
+ },
+)
+_sym_db.RegisterMessage(ListGcpUserAccessBindingsRequest)
+
+ListGcpUserAccessBindingsResponse = _reflection.GeneratedProtocolMessageType(
+ "ListGcpUserAccessBindingsResponse",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _LISTGCPUSERACCESSBINDINGSRESPONSE,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ListGcpUserAccessBindingsResponse)
+ },
+)
+_sym_db.RegisterMessage(ListGcpUserAccessBindingsResponse)
+
+GetGcpUserAccessBindingRequest = _reflection.GeneratedProtocolMessageType(
+ "GetGcpUserAccessBindingRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _GETGCPUSERACCESSBINDINGREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.GetGcpUserAccessBindingRequest)
+ },
+)
+_sym_db.RegisterMessage(GetGcpUserAccessBindingRequest)
+
+CreateGcpUserAccessBindingRequest = _reflection.GeneratedProtocolMessageType(
+ "CreateGcpUserAccessBindingRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _CREATEGCPUSERACCESSBINDINGREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.CreateGcpUserAccessBindingRequest)
+ },
+)
+_sym_db.RegisterMessage(CreateGcpUserAccessBindingRequest)
+
+UpdateGcpUserAccessBindingRequest = _reflection.GeneratedProtocolMessageType(
+ "UpdateGcpUserAccessBindingRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _UPDATEGCPUSERACCESSBINDINGREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.UpdateGcpUserAccessBindingRequest)
+ },
+)
+_sym_db.RegisterMessage(UpdateGcpUserAccessBindingRequest)
+
+DeleteGcpUserAccessBindingRequest = _reflection.GeneratedProtocolMessageType(
+ "DeleteGcpUserAccessBindingRequest",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _DELETEGCPUSERACCESSBINDINGREQUEST,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.DeleteGcpUserAccessBindingRequest)
+ },
+)
+_sym_db.RegisterMessage(DeleteGcpUserAccessBindingRequest)
+
+GcpUserAccessBindingOperationMetadata = _reflection.GeneratedProtocolMessageType(
+ "GcpUserAccessBindingOperationMetadata",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _GCPUSERACCESSBINDINGOPERATIONMETADATA,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.GcpUserAccessBindingOperationMetadata)
+ },
+)
+_sym_db.RegisterMessage(GcpUserAccessBindingOperationMetadata)
+
+AccessContextManagerOperationMetadata = _reflection.GeneratedProtocolMessageType(
+ "AccessContextManagerOperationMetadata",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _ACCESSCONTEXTMANAGEROPERATIONMETADATA,
+ "__module__": "google.identity.accesscontextmanager.v1.access_context_manager_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.AccessContextManagerOperationMetadata)
+ },
+)
+_sym_db.RegisterMessage(AccessContextManagerOperationMetadata)
+
+_ACCESSCONTEXTMANAGER = DESCRIPTOR.services_by_name["AccessContextManager"]
+if _descriptor._USE_C_DESCRIPTORS == False:
+
+ DESCRIPTOR._options = None
+ DESCRIPTOR._serialized_options = b"\n+com.google.identity.accesscontextmanager.v1B\031AccessContextManagerProtoP\001Z\\cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb\242\002\004GACM\252\002'Google.Identity.AccessContextManager.V1\312\002'Google\\Identity\\AccessContextManager\\V1\352\002*Google::Identity::AccessContextManager::V1"
+ _LISTACCESSPOLICIESREQUEST.fields_by_name["parent"]._options = None
+ _LISTACCESSPOLICIESREQUEST.fields_by_name[
+ "parent"
+ ]._serialized_options = (
+ b"\340A\002\372A2\n0cloudresourcemanager.googleapis.com/Organization"
+ )
+ _GETACCESSPOLICYREQUEST.fields_by_name["name"]._options = None
+ _GETACCESSPOLICYREQUEST.fields_by_name[
+ "name"
+ ]._serialized_options = (
+ b"\340A\002\372A2\n0accesscontextmanager.googleapis.com/AccessPolicy"
+ )
+ _UPDATEACCESSPOLICYREQUEST.fields_by_name["policy"]._options = None
+ _UPDATEACCESSPOLICYREQUEST.fields_by_name[
+ "policy"
+ ]._serialized_options = b"\340A\002"
+ _UPDATEACCESSPOLICYREQUEST.fields_by_name["update_mask"]._options = None
+ _UPDATEACCESSPOLICYREQUEST.fields_by_name[
+ "update_mask"
+ ]._serialized_options = b"\340A\002"
+ _DELETEACCESSPOLICYREQUEST.fields_by_name["name"]._options = None
+ _DELETEACCESSPOLICYREQUEST.fields_by_name[
+ "name"
+ ]._serialized_options = (
+ b"\340A\002\372A2\n0accesscontextmanager.googleapis.com/AccessPolicy"
+ )
+ _LISTACCESSLEVELSREQUEST.fields_by_name["parent"]._options = None
+ _LISTACCESSLEVELSREQUEST.fields_by_name[
+ "parent"
+ ]._serialized_options = (
+ b"\340A\002\372A1\022/accesscontextmanager.googleapis.com/AccessLevel"
+ )
+ _GETACCESSLEVELREQUEST.fields_by_name["name"]._options = None
+ _GETACCESSLEVELREQUEST.fields_by_name[
+ "name"
+ ]._serialized_options = (
+ b"\340A\002\372A1\n/accesscontextmanager.googleapis.com/AccessLevel"
+ )
+ _CREATEACCESSLEVELREQUEST.fields_by_name["parent"]._options = None
+ _CREATEACCESSLEVELREQUEST.fields_by_name[
+ "parent"
+ ]._serialized_options = (
+ b"\340A\002\372A1\022/accesscontextmanager.googleapis.com/AccessLevel"
+ )
+ _CREATEACCESSLEVELREQUEST.fields_by_name["access_level"]._options = None
+ _CREATEACCESSLEVELREQUEST.fields_by_name[
+ "access_level"
+ ]._serialized_options = b"\340A\002"
+ _UPDATEACCESSLEVELREQUEST.fields_by_name["access_level"]._options = None
+ _UPDATEACCESSLEVELREQUEST.fields_by_name[
+ "access_level"
+ ]._serialized_options = b"\340A\002"
+ _UPDATEACCESSLEVELREQUEST.fields_by_name["update_mask"]._options = None
+ _UPDATEACCESSLEVELREQUEST.fields_by_name[
+ "update_mask"
+ ]._serialized_options = b"\340A\002"
+ _DELETEACCESSLEVELREQUEST.fields_by_name["name"]._options = None
+ _DELETEACCESSLEVELREQUEST.fields_by_name[
+ "name"
+ ]._serialized_options = (
+ b"\340A\002\372A1\n/accesscontextmanager.googleapis.com/AccessLevel"
+ )
+ _REPLACEACCESSLEVELSREQUEST.fields_by_name["parent"]._options = None
+ _REPLACEACCESSLEVELSREQUEST.fields_by_name[
+ "parent"
+ ]._serialized_options = (
+ b"\340A\002\372A1\022/accesscontextmanager.googleapis.com/AccessLevel"
+ )
+ _REPLACEACCESSLEVELSREQUEST.fields_by_name["access_levels"]._options = None
+ _REPLACEACCESSLEVELSREQUEST.fields_by_name[
+ "access_levels"
+ ]._serialized_options = b"\340A\002"
+ _LISTSERVICEPERIMETERSREQUEST.fields_by_name["parent"]._options = None
+ _LISTSERVICEPERIMETERSREQUEST.fields_by_name[
+ "parent"
+ ]._serialized_options = (
+ b"\340A\002\372A6\0224accesscontextmanager.googleapis.com/ServicePerimeter"
+ )
+ _GETSERVICEPERIMETERREQUEST.fields_by_name["name"]._options = None
+ _GETSERVICEPERIMETERREQUEST.fields_by_name[
+ "name"
+ ]._serialized_options = (
+ b"\340A\002\372A6\n4accesscontextmanager.googleapis.com/ServicePerimeter"
+ )
+ _CREATESERVICEPERIMETERREQUEST.fields_by_name["parent"]._options = None
+ _CREATESERVICEPERIMETERREQUEST.fields_by_name[
+ "parent"
+ ]._serialized_options = (
+ b"\340A\002\372A6\0224accesscontextmanager.googleapis.com/ServicePerimeter"
+ )
+ _CREATESERVICEPERIMETERREQUEST.fields_by_name["service_perimeter"]._options = None
+ _CREATESERVICEPERIMETERREQUEST.fields_by_name[
+ "service_perimeter"
+ ]._serialized_options = b"\340A\002"
+ _UPDATESERVICEPERIMETERREQUEST.fields_by_name["service_perimeter"]._options = None
+ _UPDATESERVICEPERIMETERREQUEST.fields_by_name[
+ "service_perimeter"
+ ]._serialized_options = b"\340A\002"
+ _UPDATESERVICEPERIMETERREQUEST.fields_by_name["update_mask"]._options = None
+ _UPDATESERVICEPERIMETERREQUEST.fields_by_name[
+ "update_mask"
+ ]._serialized_options = b"\340A\002"
+ _DELETESERVICEPERIMETERREQUEST.fields_by_name["name"]._options = None
+ _DELETESERVICEPERIMETERREQUEST.fields_by_name[
+ "name"
+ ]._serialized_options = (
+ b"\340A\002\372A6\n4accesscontextmanager.googleapis.com/ServicePerimeter"
+ )
+ _REPLACESERVICEPERIMETERSREQUEST.fields_by_name["parent"]._options = None
+ _REPLACESERVICEPERIMETERSREQUEST.fields_by_name[
+ "parent"
+ ]._serialized_options = (
+ b"\340A\002\372A6\0224accesscontextmanager.googleapis.com/ServicePerimeter"
+ )
+ _REPLACESERVICEPERIMETERSREQUEST.fields_by_name[
+ "service_perimeters"
+ ]._options = None
+ _REPLACESERVICEPERIMETERSREQUEST.fields_by_name[
+ "service_perimeters"
+ ]._serialized_options = b"\340A\002"
+ _COMMITSERVICEPERIMETERSREQUEST.fields_by_name["parent"]._options = None
+ _COMMITSERVICEPERIMETERSREQUEST.fields_by_name[
+ "parent"
+ ]._serialized_options = (
+ b"\340A\002\372A6\0224accesscontextmanager.googleapis.com/ServicePerimeter"
+ )
+ _LISTGCPUSERACCESSBINDINGSREQUEST.fields_by_name["parent"]._options = None
+ _LISTGCPUSERACCESSBINDINGSREQUEST.fields_by_name[
+ "parent"
+ ]._serialized_options = (
+ b"\340A\002\372A2\n0cloudresourcemanager.googleapis.com/Organization"
+ )
+ _LISTGCPUSERACCESSBINDINGSREQUEST.fields_by_name["page_size"]._options = None
+ _LISTGCPUSERACCESSBINDINGSREQUEST.fields_by_name[
+ "page_size"
+ ]._serialized_options = b"\340A\001"
+ _LISTGCPUSERACCESSBINDINGSREQUEST.fields_by_name["page_token"]._options = None
+ _LISTGCPUSERACCESSBINDINGSREQUEST.fields_by_name[
+ "page_token"
+ ]._serialized_options = b"\340A\001"
+ _GETGCPUSERACCESSBINDINGREQUEST.fields_by_name["name"]._options = None
+ _GETGCPUSERACCESSBINDINGREQUEST.fields_by_name[
+ "name"
+ ]._serialized_options = (
+ b"\340A\002\372A:\n8accesscontextmanager.googleapis.com/GcpUserAccessBinding"
+ )
+ _CREATEGCPUSERACCESSBINDINGREQUEST.fields_by_name["parent"]._options = None
+ _CREATEGCPUSERACCESSBINDINGREQUEST.fields_by_name[
+ "parent"
+ ]._serialized_options = (
+ b"\340A\002\372A2\n0cloudresourcemanager.googleapis.com/Organization"
+ )
+ _CREATEGCPUSERACCESSBINDINGREQUEST.fields_by_name[
+ "gcp_user_access_binding"
+ ]._options = None
+ _CREATEGCPUSERACCESSBINDINGREQUEST.fields_by_name[
+ "gcp_user_access_binding"
+ ]._serialized_options = b"\340A\002"
+ _UPDATEGCPUSERACCESSBINDINGREQUEST.fields_by_name[
+ "gcp_user_access_binding"
+ ]._options = None
+ _UPDATEGCPUSERACCESSBINDINGREQUEST.fields_by_name[
+ "gcp_user_access_binding"
+ ]._serialized_options = b"\340A\002"
+ _UPDATEGCPUSERACCESSBINDINGREQUEST.fields_by_name["update_mask"]._options = None
+ _UPDATEGCPUSERACCESSBINDINGREQUEST.fields_by_name[
+ "update_mask"
+ ]._serialized_options = b"\340A\002"
+ _DELETEGCPUSERACCESSBINDINGREQUEST.fields_by_name["name"]._options = None
+ _DELETEGCPUSERACCESSBINDINGREQUEST.fields_by_name[
+ "name"
+ ]._serialized_options = (
+ b"\340A\002\372A:\n8accesscontextmanager.googleapis.com/GcpUserAccessBinding"
+ )
+ _ACCESSCONTEXTMANAGER._options = None
+ _ACCESSCONTEXTMANAGER._serialized_options = b"\312A#accesscontextmanager.googleapis.com\322A.https://www.googleapis.com/auth/cloud-platform"
+ _ACCESSCONTEXTMANAGER.methods_by_name["ListAccessPolicies"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "ListAccessPolicies"
+ ]._serialized_options = b"\202\323\344\223\002\024\022\022/v1/accessPolicies"
+ _ACCESSCONTEXTMANAGER.methods_by_name["GetAccessPolicy"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "GetAccessPolicy"
+ ]._serialized_options = (
+ b"\202\323\344\223\002\035\022\033/v1/{name=accessPolicies/*}\332A\004name"
+ )
+ _ACCESSCONTEXTMANAGER.methods_by_name["CreateAccessPolicy"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "CreateAccessPolicy"
+ ]._serialized_options = b'\202\323\344\223\002\027"\022/v1/accessPolicies:\001*\312A5\n\014AccessPolicy\022%AccessContextManagerOperationMetadata'
+ _ACCESSCONTEXTMANAGER.methods_by_name["UpdateAccessPolicy"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "UpdateAccessPolicy"
+ ]._serialized_options = b'\202\323\344\223\002,2"/v1/{policy.name=accessPolicies/*}:\006policy\332A\022policy,update_mask\312A5\n\014AccessPolicy\022%AccessContextManagerOperationMetadata'
+ _ACCESSCONTEXTMANAGER.methods_by_name["DeleteAccessPolicy"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "DeleteAccessPolicy"
+ ]._serialized_options = b"\202\323\344\223\002\035*\033/v1/{name=accessPolicies/*}\332A\004name\312A>\n\025google.protobuf.Empty\022%AccessContextManagerOperationMetadata"
+ _ACCESSCONTEXTMANAGER.methods_by_name["ListAccessLevels"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "ListAccessLevels"
+ ]._serialized_options = b"\202\323\344\223\002,\022*/v1/{parent=accessPolicies/*}/accessLevels\332A\006parent"
+ _ACCESSCONTEXTMANAGER.methods_by_name["GetAccessLevel"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "GetAccessLevel"
+ ]._serialized_options = b"\202\323\344\223\002,\022*/v1/{name=accessPolicies/*/accessLevels/*}\332A\004name"
+ _ACCESSCONTEXTMANAGER.methods_by_name["CreateAccessLevel"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "CreateAccessLevel"
+ ]._serialized_options = b'\202\323\344\223\002:"*/v1/{parent=accessPolicies/*}/accessLevels:\014access_level\332A\023parent,access_level\312A4\n\013AccessLevel\022%AccessContextManagerOperationMetadata'
+ _ACCESSCONTEXTMANAGER.methods_by_name["UpdateAccessLevel"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "UpdateAccessLevel"
+ ]._serialized_options = b"\202\323\344\223\002G27/v1/{access_level.name=accessPolicies/*/accessLevels/*}:\014access_level\332A\030access_level,update_mask\312A4\n\013AccessLevel\022%AccessContextManagerOperationMetadata"
+ _ACCESSCONTEXTMANAGER.methods_by_name["DeleteAccessLevel"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "DeleteAccessLevel"
+ ]._serialized_options = b"\202\323\344\223\002,**/v1/{name=accessPolicies/*/accessLevels/*}\332A\004name\312A>\n\025google.protobuf.Empty\022%AccessContextManagerOperationMetadata"
+ _ACCESSCONTEXTMANAGER.methods_by_name["ReplaceAccessLevels"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "ReplaceAccessLevels"
+ ]._serialized_options = b'\202\323\344\223\002:"5/v1/{parent=accessPolicies/*}/accessLevels:replaceAll:\001*\312AD\n\033ReplaceAccessLevelsResponse\022%AccessContextManagerOperationMetadata'
+ _ACCESSCONTEXTMANAGER.methods_by_name["ListServicePerimeters"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "ListServicePerimeters"
+ ]._serialized_options = b"\202\323\344\223\0021\022//v1/{parent=accessPolicies/*}/servicePerimeters\332A\006parent"
+ _ACCESSCONTEXTMANAGER.methods_by_name["GetServicePerimeter"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "GetServicePerimeter"
+ ]._serialized_options = b"\202\323\344\223\0021\022//v1/{name=accessPolicies/*/servicePerimeters/*}\332A\004name"
+ _ACCESSCONTEXTMANAGER.methods_by_name["CreateServicePerimeter"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "CreateServicePerimeter"
+ ]._serialized_options = b'\202\323\344\223\002D"//v1/{parent=accessPolicies/*}/servicePerimeters:\021service_perimeter\332A\030parent,service_perimeter\312A9\n\020ServicePerimeter\022%AccessContextManagerOperationMetadata'
+ _ACCESSCONTEXTMANAGER.methods_by_name["UpdateServicePerimeter"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "UpdateServicePerimeter"
+ ]._serialized_options = b"\202\323\344\223\002V2A/v1/{service_perimeter.name=accessPolicies/*/servicePerimeters/*}:\021service_perimeter\332A\035service_perimeter,update_mask\312A9\n\020ServicePerimeter\022%AccessContextManagerOperationMetadata"
+ _ACCESSCONTEXTMANAGER.methods_by_name["DeleteServicePerimeter"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "DeleteServicePerimeter"
+ ]._serialized_options = b"\202\323\344\223\0021*//v1/{name=accessPolicies/*/servicePerimeters/*}\332A\004name\312A>\n\025google.protobuf.Empty\022%AccessContextManagerOperationMetadata"
+ _ACCESSCONTEXTMANAGER.methods_by_name["ReplaceServicePerimeters"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "ReplaceServicePerimeters"
+ ]._serialized_options = b'\202\323\344\223\002?":/v1/{parent=accessPolicies/*}/servicePerimeters:replaceAll:\001*\312AI\n ReplaceServicePerimetersResponse\022%AccessContextManagerOperationMetadata'
+ _ACCESSCONTEXTMANAGER.methods_by_name["CommitServicePerimeters"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "CommitServicePerimeters"
+ ]._serialized_options = b'\202\323\344\223\002;"6/v1/{parent=accessPolicies/*}/servicePerimeters:commit:\001*\312AH\n\037CommitServicePerimetersResponse\022%AccessContextManagerOperationMetadata'
+ _ACCESSCONTEXTMANAGER.methods_by_name["ListGcpUserAccessBindings"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "ListGcpUserAccessBindings"
+ ]._serialized_options = b"\202\323\344\223\0024\0222/v1/{parent=organizations/*}/gcpUserAccessBindings\332A\006parent"
+ _ACCESSCONTEXTMANAGER.methods_by_name["GetGcpUserAccessBinding"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "GetGcpUserAccessBinding"
+ ]._serialized_options = b"\202\323\344\223\0024\0222/v1/{name=organizations/*/gcpUserAccessBindings/*}\332A\004name"
+ _ACCESSCONTEXTMANAGER.methods_by_name["CreateGcpUserAccessBinding"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "CreateGcpUserAccessBinding"
+ ]._serialized_options = b'\202\323\344\223\002M"2/v1/{parent=organizations/*}/gcpUserAccessBindings:\027gcp_user_access_binding\332A\036parent,gcp_user_access_binding\312A=\n\024GcpUserAccessBinding\022%GcpUserAccessBindingOperationMetadata'
+ _ACCESSCONTEXTMANAGER.methods_by_name["UpdateGcpUserAccessBinding"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "UpdateGcpUserAccessBinding"
+ ]._serialized_options = b"\202\323\344\223\002e2J/v1/{gcp_user_access_binding.name=organizations/*/gcpUserAccessBindings/*}:\027gcp_user_access_binding\332A#gcp_user_access_binding,update_mask\312A=\n\024GcpUserAccessBinding\022%GcpUserAccessBindingOperationMetadata"
+ _ACCESSCONTEXTMANAGER.methods_by_name["DeleteGcpUserAccessBinding"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "DeleteGcpUserAccessBinding"
+ ]._serialized_options = b"\202\323\344\223\0024*2/v1/{name=organizations/*/gcpUserAccessBindings/*}\332A\004name\312A>\n\025google.protobuf.Empty\022%GcpUserAccessBindingOperationMetadata"
+ _ACCESSCONTEXTMANAGER.methods_by_name["SetIamPolicy"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "SetIamPolicy"
+ ]._serialized_options = (
+ b'\202\323\344\223\0021",/v1/{resource=accessPolicies/*}:setIamPolicy:\001*'
+ )
+ _ACCESSCONTEXTMANAGER.methods_by_name["GetIamPolicy"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "GetIamPolicy"
+ ]._serialized_options = (
+ b'\202\323\344\223\0021",/v1/{resource=accessPolicies/*}:getIamPolicy:\001*'
+ )
+ _ACCESSCONTEXTMANAGER.methods_by_name["TestIamPermissions"]._options = None
+ _ACCESSCONTEXTMANAGER.methods_by_name[
+ "TestIamPermissions"
+ ]._serialized_options = b'\202\323\344\223\002\314\001"2/v1/{resource=accessPolicies/*}:testIamPermissions:\001*ZF"A/v1/{resource=accessPolicies/*/accessLevels/*}:testIamPermissions:\001*ZK"F/v1/{resource=accessPolicies/*/servicePerimeters/*}:testIamPermissions:\001*'
+ _LEVELFORMAT._serialized_start = 5065
+ _LEVELFORMAT._serialized_end = 5133
+ _LISTACCESSPOLICIESREQUEST._serialized_start = 617
+ _LISTACCESSPOLICIESREQUEST._serialized_end = 757
+ _LISTACCESSPOLICIESRESPONSE._serialized_start = 760
+ _LISTACCESSPOLICIESRESPONSE._serialized_end = 893
+ _GETACCESSPOLICYREQUEST._serialized_start = 895
+ _GETACCESSPOLICYREQUEST._serialized_end = 991
+ _UPDATEACCESSPOLICYREQUEST._serialized_start = 994
+ _UPDATEACCESSPOLICYREQUEST._serialized_end = 1151
+ _DELETEACCESSPOLICYREQUEST._serialized_start = 1153
+ _DELETEACCESSPOLICYREQUEST._serialized_end = 1252
+ _LISTACCESSLEVELSREQUEST._serialized_start = 1255
+ _LISTACCESSLEVELSREQUEST._serialized_end = 1475
+ _LISTACCESSLEVELSRESPONSE._serialized_start = 1478
+ _LISTACCESSLEVELSRESPONSE._serialized_end = 1606
+ _GETACCESSLEVELREQUEST._serialized_start = 1609
+ _GETACCESSLEVELREQUEST._serialized_end = 1786
+ _CREATEACCESSLEVELREQUEST._serialized_start = 1789
+ _CREATEACCESSLEVELREQUEST._serialized_end = 1969
+ _UPDATEACCESSLEVELREQUEST._serialized_start = 1972
+ _UPDATEACCESSLEVELREQUEST._serialized_end = 2133
+ _DELETEACCESSLEVELREQUEST._serialized_start = 2135
+ _DELETEACCESSLEVELREQUEST._serialized_end = 2232
+ _REPLACEACCESSLEVELSREQUEST._serialized_start = 2235
+ _REPLACEACCESSLEVELSREQUEST._serialized_end = 2432
+ _REPLACEACCESSLEVELSRESPONSE._serialized_start = 2434
+ _REPLACEACCESSLEVELSRESPONSE._serialized_end = 2540
+ _LISTSERVICEPERIMETERSREQUEST._serialized_start = 2543
+ _LISTSERVICEPERIMETERSREQUEST._serialized_end = 2690
+ _LISTSERVICEPERIMETERSRESPONSE._serialized_start = 2693
+ _LISTSERVICEPERIMETERSRESPONSE._serialized_end = 2836
+ _GETSERVICEPERIMETERREQUEST._serialized_start = 2838
+ _GETSERVICEPERIMETERREQUEST._serialized_end = 2942
+ _CREATESERVICEPERIMETERREQUEST._serialized_start = 2945
+ _CREATESERVICEPERIMETERREQUEST._serialized_end = 3145
+ _UPDATESERVICEPERIMETERREQUEST._serialized_start = 3148
+ _UPDATESERVICEPERIMETERREQUEST._serialized_end = 3324
+ _DELETESERVICEPERIMETERREQUEST._serialized_start = 3326
+ _DELETESERVICEPERIMETERREQUEST._serialized_end = 3433
+ _REPLACESERVICEPERIMETERSREQUEST._serialized_start = 3436
+ _REPLACESERVICEPERIMETERSREQUEST._serialized_end = 3653
+ _REPLACESERVICEPERIMETERSRESPONSE._serialized_start = 3655
+ _REPLACESERVICEPERIMETERSRESPONSE._serialized_end = 3776
+ _COMMITSERVICEPERIMETERSREQUEST._serialized_start = 3778
+ _COMMITSERVICEPERIMETERSREQUEST._serialized_end = 3902
+ _COMMITSERVICEPERIMETERSRESPONSE._serialized_start = 3904
+ _COMMITSERVICEPERIMETERSRESPONSE._serialized_end = 4024
+ _LISTGCPUSERACCESSBINDINGSREQUEST._serialized_start = 4027
+ _LISTGCPUSERACCESSBINDINGSREQUEST._serialized_end = 4184
+ _LISTGCPUSERACCESSBINDINGSRESPONSE._serialized_start = 4187
+ _LISTGCPUSERACCESSBINDINGSRESPONSE._serialized_end = 4344
+ _GETGCPUSERACCESSBINDINGREQUEST._serialized_start = 4346
+ _GETGCPUSERACCESSBINDINGREQUEST._serialized_end = 4458
+ _CREATEGCPUSERACCESSBINDINGREQUEST._serialized_start = 4461
+ _CREATEGCPUSERACCESSBINDINGREQUEST._serialized_end = 4671
+ _UPDATEGCPUSERACCESSBINDINGREQUEST._serialized_start = 4674
+ _UPDATEGCPUSERACCESSBINDINGREQUEST._serialized_end = 4864
+ _DELETEGCPUSERACCESSBINDINGREQUEST._serialized_start = 4866
+ _DELETEGCPUSERACCESSBINDINGREQUEST._serialized_end = 4981
+ _GCPUSERACCESSBINDINGOPERATIONMETADATA._serialized_start = 4983
+ _GCPUSERACCESSBINDINGOPERATIONMETADATA._serialized_end = 5022
+ _ACCESSCONTEXTMANAGEROPERATIONMETADATA._serialized_start = 5024
+ _ACCESSCONTEXTMANAGEROPERATIONMETADATA._serialized_end = 5063
+ _ACCESSCONTEXTMANAGER._serialized_start = 5136
+ _ACCESSCONTEXTMANAGER._serialized_end = 11649
+# @@protoc_insertion_point(module_scope)
diff --git a/google/identity/accesscontextmanager/v1/access_level.proto b/google/identity/accesscontextmanager/v1/access_level.proto
index 0ebd193..9c2db6c 100644
--- a/google/identity/accesscontextmanager/v1/access_level.proto
+++ b/google/identity/accesscontextmanager/v1/access_level.proto
@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -16,28 +16,33 @@ syntax = "proto3";
package google.identity.accesscontextmanager.v1;
+import "google/api/resource.proto";
import "google/identity/accesscontextmanager/type/device_resources.proto";
import "google/protobuf/timestamp.proto";
import "google/type/expr.proto";
-import "google/api/annotations.proto";
option csharp_namespace = "Google.Identity.AccessContextManager.V1";
-option go_package = "google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager";
+option go_package = "cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb";
option java_multiple_files = true;
option java_outer_classname = "AccessLevelProto";
option java_package = "com.google.identity.accesscontextmanager.v1";
+option objc_class_prefix = "GACM";
option php_namespace = "Google\\Identity\\AccessContextManager\\V1";
option ruby_package = "Google::Identity::AccessContextManager::V1";
-option objc_class_prefix = "GACM";
// An `AccessLevel` is a label that can be applied to requests to Google Cloud
// services, along with a list of requirements necessary for the label to be
// applied.
message AccessLevel {
+ option (google.api.resource) = {
+ type: "accesscontextmanager.googleapis.com/AccessLevel"
+ pattern: "accessPolicies/{access_policy}/accessLevels/{access_level}"
+ };
+
// Required. Resource name for the Access Level. The `short_name` component
// must begin with a letter and only include alphanumeric and '_'. Format:
- // `accessPolicies/{policy_id}/accessLevels/{short_name}`. The maximum length
- // of the `short_name` component is 50 characters.
+ // `accessPolicies/{access_policy}/accessLevels/{access_level}`. The maximum
+ // length of the `access_level` component is 50 characters.
string name = 1;
// Human readable title. Must be unique within the Policy.
diff --git a/google/identity/accesscontextmanager/v1/access_level_pb2.py b/google/identity/accesscontextmanager/v1/access_level_pb2.py
index 88e96cc..35b4624 100644
--- a/google/identity/accesscontextmanager/v1/access_level_pb2.py
+++ b/google/identity/accesscontextmanager/v1/access_level_pb2.py
@@ -28,16 +28,16 @@
_sym_db = _symbol_database.Default()
+from google.api import resource_pb2 as google_dot_api_dot_resource__pb2
from google.identity.accesscontextmanager.type import (
device_resources_pb2 as google_dot_identity_dot_accesscontextmanager_dot_type_dot_device__resources__pb2,
)
from google.protobuf import timestamp_pb2 as google_dot_protobuf_dot_timestamp__pb2
from google.type import expr_pb2 as google_dot_type_dot_expr__pb2
-from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2
DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(
- b'\n:google/identity/accesscontextmanager/v1/access_level.proto\x12\'google.identity.accesscontextmanager.v1\x1a@google/identity/accesscontextmanager/type/device_resources.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x16google/type/expr.proto\x1a\x1cgoogle/api/annotations.proto"\xb8\x02\n\x0b\x41\x63\x63\x65ssLevel\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\r\n\x05title\x18\x02 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x03 \x01(\t\x12\x44\n\x05\x62\x61sic\x18\x04 \x01(\x0b\x32\x33.google.identity.accesscontextmanager.v1.BasicLevelH\x00\x12\x46\n\x06\x63ustom\x18\x05 \x01(\x0b\x32\x34.google.identity.accesscontextmanager.v1.CustomLevelH\x00\x12/\n\x0b\x63reate_time\x18\x06 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12/\n\x0bupdate_time\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x07\n\x05level"\xef\x01\n\nBasicLevel\x12\x46\n\nconditions\x18\x01 \x03(\x0b\x32\x32.google.identity.accesscontextmanager.v1.Condition\x12j\n\x12\x63ombining_function\x18\x02 \x01(\x0e\x32N.google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction"-\n\x1a\x43onditionCombiningFunction\x12\x07\n\x03\x41ND\x10\x00\x12\x06\n\x02OR\x10\x01"\xc3\x01\n\tCondition\x12\x16\n\x0eip_subnetworks\x18\x01 \x03(\t\x12L\n\rdevice_policy\x18\x02 \x01(\x0b\x32\x35.google.identity.accesscontextmanager.v1.DevicePolicy\x12\x1e\n\x16required_access_levels\x18\x03 \x03(\t\x12\x0e\n\x06negate\x18\x05 \x01(\x08\x12\x0f\n\x07members\x18\x06 \x03(\t\x12\x0f\n\x07regions\x18\x07 \x03(\t".\n\x0b\x43ustomLevel\x12\x1f\n\x04\x65xpr\x18\x01 \x01(\x0b\x32\x11.google.type.Expr"\x89\x03\n\x0c\x44\x65vicePolicy\x12\x1a\n\x12require_screenlock\x18\x01 \x01(\x08\x12\x66\n\x1b\x61llowed_encryption_statuses\x18\x02 \x03(\x0e\x32\x41.google.identity.accesscontextmanager.type.DeviceEncryptionStatus\x12M\n\x0eos_constraints\x18\x03 \x03(\x0b\x32\x35.google.identity.accesscontextmanager.v1.OsConstraint\x12j\n allowed_device_management_levels\x18\x06 \x03(\x0e\x32@.google.identity.accesscontextmanager.type.DeviceManagementLevel\x12\x1e\n\x16require_admin_approval\x18\x07 \x01(\x08\x12\x1a\n\x12require_corp_owned\x18\x08 \x01(\x08"\x8f\x01\n\x0cOsConstraint\x12\x42\n\x07os_type\x18\x01 \x01(\x0e\x32\x31.google.identity.accesscontextmanager.type.OsType\x12\x17\n\x0fminimum_version\x18\x02 \x01(\t\x12"\n\x1arequire_verified_chrome_os\x18\x03 \x01(\x08\x42\xa6\x02\n+com.google.identity.accesscontextmanager.v1B\x10\x41\x63\x63\x65ssLevelProtoP\x01Z[google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager\xa2\x02\x04GACM\xaa\x02\'Google.Identity.AccessContextManager.V1\xca\x02\'Google\\Identity\\AccessContextManager\\V1\xea\x02*Google::Identity::AccessContextManager::V1b\x06proto3'
+ b'\n:google/identity/accesscontextmanager/v1/access_level.proto\x12\'google.identity.accesscontextmanager.v1\x1a\x19google/api/resource.proto\x1a@google/identity/accesscontextmanager/type/device_resources.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x16google/type/expr.proto"\xaa\x03\n\x0b\x41\x63\x63\x65ssLevel\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\r\n\x05title\x18\x02 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x03 \x01(\t\x12\x44\n\x05\x62\x61sic\x18\x04 \x01(\x0b\x32\x33.google.identity.accesscontextmanager.v1.BasicLevelH\x00\x12\x46\n\x06\x63ustom\x18\x05 \x01(\x0b\x32\x34.google.identity.accesscontextmanager.v1.CustomLevelH\x00\x12/\n\x0b\x63reate_time\x18\x06 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12/\n\x0bupdate_time\x18\x07 \x01(\x0b\x32\x1a.google.protobuf.Timestamp:p\xea\x41m\n/accesscontextmanager.googleapis.com/AccessLevel\x12:accessPolicies/{access_policy}/accessLevels/{access_level}B\x07\n\x05level"\xef\x01\n\nBasicLevel\x12\x46\n\nconditions\x18\x01 \x03(\x0b\x32\x32.google.identity.accesscontextmanager.v1.Condition\x12j\n\x12\x63ombining_function\x18\x02 \x01(\x0e\x32N.google.identity.accesscontextmanager.v1.BasicLevel.ConditionCombiningFunction"-\n\x1a\x43onditionCombiningFunction\x12\x07\n\x03\x41ND\x10\x00\x12\x06\n\x02OR\x10\x01"\xc3\x01\n\tCondition\x12\x16\n\x0eip_subnetworks\x18\x01 \x03(\t\x12L\n\rdevice_policy\x18\x02 \x01(\x0b\x32\x35.google.identity.accesscontextmanager.v1.DevicePolicy\x12\x1e\n\x16required_access_levels\x18\x03 \x03(\t\x12\x0e\n\x06negate\x18\x05 \x01(\x08\x12\x0f\n\x07members\x18\x06 \x03(\t\x12\x0f\n\x07regions\x18\x07 \x03(\t".\n\x0b\x43ustomLevel\x12\x1f\n\x04\x65xpr\x18\x01 \x01(\x0b\x32\x11.google.type.Expr"\x89\x03\n\x0c\x44\x65vicePolicy\x12\x1a\n\x12require_screenlock\x18\x01 \x01(\x08\x12\x66\n\x1b\x61llowed_encryption_statuses\x18\x02 \x03(\x0e\x32\x41.google.identity.accesscontextmanager.type.DeviceEncryptionStatus\x12M\n\x0eos_constraints\x18\x03 \x03(\x0b\x32\x35.google.identity.accesscontextmanager.v1.OsConstraint\x12j\n allowed_device_management_levels\x18\x06 \x03(\x0e\x32@.google.identity.accesscontextmanager.type.DeviceManagementLevel\x12\x1e\n\x16require_admin_approval\x18\x07 \x01(\x08\x12\x1a\n\x12require_corp_owned\x18\x08 \x01(\x08"\x8f\x01\n\x0cOsConstraint\x12\x42\n\x07os_type\x18\x01 \x01(\x0e\x32\x31.google.identity.accesscontextmanager.type.OsType\x12\x17\n\x0fminimum_version\x18\x02 \x01(\t\x12"\n\x1arequire_verified_chrome_os\x18\x03 \x01(\x08\x42\xa7\x02\n+com.google.identity.accesscontextmanager.v1B\x10\x41\x63\x63\x65ssLevelProtoP\x01Z\\cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb\xa2\x02\x04GACM\xaa\x02\'Google.Identity.AccessContextManager.V1\xca\x02\'Google\\Identity\\AccessContextManager\\V1\xea\x02*Google::Identity::AccessContextManager::V1b\x06proto3'
)
@@ -119,19 +119,21 @@
if _descriptor._USE_C_DESCRIPTORS == False:
DESCRIPTOR._options = None
- DESCRIPTOR._serialized_options = b"\n+com.google.identity.accesscontextmanager.v1B\020AccessLevelProtoP\001Z[google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager\242\002\004GACM\252\002'Google.Identity.AccessContextManager.V1\312\002'Google\\Identity\\AccessContextManager\\V1\352\002*Google::Identity::AccessContextManager::V1"
- _ACCESSLEVEL._serialized_start = 257
- _ACCESSLEVEL._serialized_end = 569
- _BASICLEVEL._serialized_start = 572
- _BASICLEVEL._serialized_end = 811
- _BASICLEVEL_CONDITIONCOMBININGFUNCTION._serialized_start = 766
- _BASICLEVEL_CONDITIONCOMBININGFUNCTION._serialized_end = 811
- _CONDITION._serialized_start = 814
- _CONDITION._serialized_end = 1009
- _CUSTOMLEVEL._serialized_start = 1011
- _CUSTOMLEVEL._serialized_end = 1057
- _DEVICEPOLICY._serialized_start = 1060
- _DEVICEPOLICY._serialized_end = 1453
- _OSCONSTRAINT._serialized_start = 1456
- _OSCONSTRAINT._serialized_end = 1599
+ DESCRIPTOR._serialized_options = b"\n+com.google.identity.accesscontextmanager.v1B\020AccessLevelProtoP\001Z\\cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb\242\002\004GACM\252\002'Google.Identity.AccessContextManager.V1\312\002'Google\\Identity\\AccessContextManager\\V1\352\002*Google::Identity::AccessContextManager::V1"
+ _ACCESSLEVEL._options = None
+ _ACCESSLEVEL._serialized_options = b"\352Am\n/accesscontextmanager.googleapis.com/AccessLevel\022:accessPolicies/{access_policy}/accessLevels/{access_level}"
+ _ACCESSLEVEL._serialized_start = 254
+ _ACCESSLEVEL._serialized_end = 680
+ _BASICLEVEL._serialized_start = 683
+ _BASICLEVEL._serialized_end = 922
+ _BASICLEVEL_CONDITIONCOMBININGFUNCTION._serialized_start = 877
+ _BASICLEVEL_CONDITIONCOMBININGFUNCTION._serialized_end = 922
+ _CONDITION._serialized_start = 925
+ _CONDITION._serialized_end = 1120
+ _CUSTOMLEVEL._serialized_start = 1122
+ _CUSTOMLEVEL._serialized_end = 1168
+ _DEVICEPOLICY._serialized_start = 1171
+ _DEVICEPOLICY._serialized_end = 1564
+ _OSCONSTRAINT._serialized_start = 1567
+ _OSCONSTRAINT._serialized_end = 1710
# @@protoc_insertion_point(module_scope)
diff --git a/google/identity/accesscontextmanager/v1/access_policy.proto b/google/identity/accesscontextmanager/v1/access_policy.proto
index 9ec59d1..86d6541 100644
--- a/google/identity/accesscontextmanager/v1/access_policy.proto
+++ b/google/identity/accesscontextmanager/v1/access_policy.proto
@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -16,17 +16,17 @@ syntax = "proto3";
package google.identity.accesscontextmanager.v1;
+import "google/api/resource.proto";
import "google/protobuf/timestamp.proto";
-import "google/api/annotations.proto";
option csharp_namespace = "Google.Identity.AccessContextManager.V1";
-option go_package = "google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager";
+option go_package = "cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb";
option java_multiple_files = true;
option java_outer_classname = "PolicyProto";
option java_package = "com.google.identity.accesscontextmanager.v1";
+option objc_class_prefix = "GACM";
option php_namespace = "Google\\Identity\\AccessContextManager\\V1";
option ruby_package = "Google::Identity::AccessContextManager::V1";
-option objc_class_prefix = "GACM";
// `AccessPolicy` is a container for `AccessLevels` (which define the necessary
// attributes to use Google Cloud services) and `ServicePerimeters` (which
@@ -34,8 +34,13 @@ option objc_class_prefix = "GACM";
// access policy is globally visible within an organization, and the
// restrictions it specifies apply to all projects within an organization.
message AccessPolicy {
+ option (google.api.resource) = {
+ type: "accesscontextmanager.googleapis.com/AccessPolicy"
+ pattern: "accessPolicies/{access_policy}"
+ };
+
// Output only. Resource name of the `AccessPolicy`. Format:
- // `accessPolicies/{policy_id}`
+ // `accessPolicies/{access_policy}`
string name = 1;
// Required. The parent of this `AccessPolicy` in the Cloud Resource
@@ -46,6 +51,22 @@ message AccessPolicy {
// Required. Human readable title. Does not affect behavior.
string title = 3;
+ // The scopes of a policy define which resources an ACM policy can restrict,
+ // and where ACM resources can be referenced.
+ // For example, a policy with scopes=["folders/123"] has the following
+ // behavior:
+ // - vpcsc perimeters can only restrict projects within folders/123
+ // - access levels can only be referenced by resources within folders/123.
+ // If empty, there are no limitations on which resources can be restricted by
+ // an ACM policy, and there are no limitations on where ACM resources can be
+ // referenced.
+ // Only one policy can include a given scope (attempting to create a second
+ // policy which includes "folders/123" will result in an error).
+ // Currently, scopes cannot be modified after a policy is created.
+ // Currently, policies can only have a single scope.
+ // Format: list of `folders/{folder_number}` or `projects/{project_number}`
+ repeated string scopes = 7;
+
// Output only. Time the `AccessPolicy` was created in UTC.
google.protobuf.Timestamp create_time = 4;
diff --git a/google/identity/accesscontextmanager/v1/access_policy_pb2.py b/google/identity/accesscontextmanager/v1/access_policy_pb2.py
index 90e0776..965776c 100644
--- a/google/identity/accesscontextmanager/v1/access_policy_pb2.py
+++ b/google/identity/accesscontextmanager/v1/access_policy_pb2.py
@@ -28,12 +28,12 @@
_sym_db = _symbol_database.Default()
+from google.api import resource_pb2 as google_dot_api_dot_resource__pb2
from google.protobuf import timestamp_pb2 as google_dot_protobuf_dot_timestamp__pb2
-from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2
DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(
- b"\n;google/identity/accesscontextmanager/v1/access_policy.proto\x12'google.identity.accesscontextmanager.v1\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1cgoogle/api/annotations.proto\"\xab\x01\n\x0c\x41\x63\x63\x65ssPolicy\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0e\n\x06parent\x18\x02 \x01(\t\x12\r\n\x05title\x18\x03 \x01(\t\x12/\n\x0b\x63reate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12/\n\x0bupdate_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x0c\n\x04\x65tag\x18\x06 \x01(\tB\xa1\x02\n+com.google.identity.accesscontextmanager.v1B\x0bPolicyProtoP\x01Z[google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager\xa2\x02\x04GACM\xaa\x02'Google.Identity.AccessContextManager.V1\xca\x02'Google\\Identity\\AccessContextManager\\V1\xea\x02*Google::Identity::AccessContextManager::V1b\x06proto3"
+ b"\n;google/identity/accesscontextmanager/v1/access_policy.proto\x12'google.identity.accesscontextmanager.v1\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\x92\x02\n\x0c\x41\x63\x63\x65ssPolicy\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0e\n\x06parent\x18\x02 \x01(\t\x12\r\n\x05title\x18\x03 \x01(\t\x12\x0e\n\x06scopes\x18\x07 \x03(\t\x12/\n\x0b\x63reate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12/\n\x0bupdate_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12\x0c\n\x04\x65tag\x18\x06 \x01(\t:U\xea\x41R\n0accesscontextmanager.googleapis.com/AccessPolicy\x12\x1e\x61\x63\x63\x65ssPolicies/{access_policy}B\xa2\x02\n+com.google.identity.accesscontextmanager.v1B\x0bPolicyProtoP\x01Z\\cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb\xa2\x02\x04GACM\xaa\x02'Google.Identity.AccessContextManager.V1\xca\x02'Google\\Identity\\AccessContextManager\\V1\xea\x02*Google::Identity::AccessContextManager::V1b\x06proto3"
)
@@ -52,7 +52,9 @@
if _descriptor._USE_C_DESCRIPTORS == False:
DESCRIPTOR._options = None
- DESCRIPTOR._serialized_options = b"\n+com.google.identity.accesscontextmanager.v1B\013PolicyProtoP\001Z[google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager\242\002\004GACM\252\002'Google.Identity.AccessContextManager.V1\312\002'Google\\Identity\\AccessContextManager\\V1\352\002*Google::Identity::AccessContextManager::V1"
- _ACCESSPOLICY._serialized_start = 168
- _ACCESSPOLICY._serialized_end = 339
+ DESCRIPTOR._serialized_options = b"\n+com.google.identity.accesscontextmanager.v1B\013PolicyProtoP\001Z\\cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb\242\002\004GACM\252\002'Google.Identity.AccessContextManager.V1\312\002'Google\\Identity\\AccessContextManager\\V1\352\002*Google::Identity::AccessContextManager::V1"
+ _ACCESSPOLICY._options = None
+ _ACCESSPOLICY._serialized_options = b"\352AR\n0accesscontextmanager.googleapis.com/AccessPolicy\022\036accessPolicies/{access_policy}"
+ _ACCESSPOLICY._serialized_start = 165
+ _ACCESSPOLICY._serialized_end = 439
# @@protoc_insertion_point(module_scope)
diff --git a/google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto b/google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto
new file mode 100644
index 0000000..4a296d5
--- /dev/null
+++ b/google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto
@@ -0,0 +1,68 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.identity.accesscontextmanager.v1;
+
+import "google/api/field_behavior.proto";
+import "google/api/resource.proto";
+
+option csharp_namespace = "Google.Identity.AccessContextManager.V1";
+option go_package = "cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb";
+option java_multiple_files = true;
+option java_outer_classname = "GcpUserAccessBindingProto";
+option java_package = "com.google.identity.accesscontextmanager.v1";
+option objc_class_prefix = "GACM";
+option php_namespace = "Google\\Identity\\AccessContextManager\\V1";
+option ruby_package = "Google::Identity::AccessContextManager::V1";
+
+// Restricts access to Cloud Console and Google Cloud APIs for a set of users
+// using Context-Aware Access.
+message GcpUserAccessBinding {
+ option (google.api.resource) = {
+ type: "accesscontextmanager.googleapis.com/GcpUserAccessBinding"
+ pattern: "organizations/{organization}/gcpUserAccessBindings/{gcp_user_access_binding}"
+ };
+
+ // Immutable. Assigned by the server during creation. The last segment has an arbitrary
+ // length and has only URI unreserved characters (as defined by
+ // [RFC 3986 Section 2.3](https://tools.ietf.org/html/rfc3986#section-2.3)).
+ // Should not be specified by the client during creation.
+ // Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"
+ string name = 1 [(google.api.field_behavior) = IMMUTABLE];
+
+ // Required. Immutable. Google Group id whose members are subject to this binding's restrictions.
+ // See "id" in the [G Suite Directory API's Groups resource]
+ // (https://developers.google.com/admin-sdk/directory/v1/reference/groups#resource).
+ // If a group's email address/alias is changed, this resource will continue
+ // to point at the changed group. This field does not accept group email
+ // addresses or aliases.
+ // Example: "01d520gv4vjcrht"
+ string group_key = 2 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.field_behavior) = IMMUTABLE
+ ];
+
+ // Required. Access level that a user must have to be granted access. Only one access
+ // level is supported, not multiple. This repeated field must have exactly
+ // one element.
+ // Example: "accessPolicies/9522/accessLevels/device_trusted"
+ repeated string access_levels = 3 [
+ (google.api.field_behavior) = REQUIRED,
+ (google.api.resource_reference) = {
+ type: "accesscontextmanager.googleapis.com/AccessLevel"
+ }
+ ];
+}
diff --git a/google/identity/accesscontextmanager/v1/gcp_user_access_binding_pb2.py b/google/identity/accesscontextmanager/v1/gcp_user_access_binding_pb2.py
new file mode 100644
index 0000000..67e850a
--- /dev/null
+++ b/google/identity/accesscontextmanager/v1/gcp_user_access_binding_pb2.py
@@ -0,0 +1,72 @@
+# -*- coding: utf-8 -*-
+
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Generated by the protocol buffer compiler. DO NOT EDIT!
+# source: google/identity/accesscontextmanager/v1/gcp_user_access_binding.proto
+"""Generated protocol buffer code."""
+from google.protobuf import descriptor as _descriptor
+from google.protobuf import descriptor_pool as _descriptor_pool
+from google.protobuf import message as _message
+from google.protobuf import reflection as _reflection
+from google.protobuf import symbol_database as _symbol_database
+
+# @@protoc_insertion_point(imports)
+
+_sym_db = _symbol_database.Default()
+
+
+from google.api import field_behavior_pb2 as google_dot_api_dot_field__behavior__pb2
+from google.api import resource_pb2 as google_dot_api_dot_resource__pb2
+
+
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(
+ b"\nEgoogle/identity/accesscontextmanager/v1/gcp_user_access_binding.proto\x12'google.identity.accesscontextmanager.v1\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\"\xa3\x02\n\x14GcpUserAccessBinding\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x05\x12\x19\n\tgroup_key\x18\x02 \x01(\tB\x06\xe0\x41\x02\xe0\x41\x05\x12N\n\raccess_levels\x18\x03 \x03(\tB7\xe0\x41\x02\xfa\x41\x31\n/accesscontextmanager.googleapis.com/AccessLevel:\x8c\x01\xea\x41\x88\x01\n8accesscontextmanager.googleapis.com/GcpUserAccessBinding\x12Lorganizations/{organization}/gcpUserAccessBindings/{gcp_user_access_binding}B\xb0\x02\n+com.google.identity.accesscontextmanager.v1B\x19GcpUserAccessBindingProtoP\x01Z\\cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb\xa2\x02\x04GACM\xaa\x02'Google.Identity.AccessContextManager.V1\xca\x02'Google\\Identity\\AccessContextManager\\V1\xea\x02*Google::Identity::AccessContextManager::V1b\x06proto3"
+)
+
+
+_GCPUSERACCESSBINDING = DESCRIPTOR.message_types_by_name["GcpUserAccessBinding"]
+GcpUserAccessBinding = _reflection.GeneratedProtocolMessageType(
+ "GcpUserAccessBinding",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _GCPUSERACCESSBINDING,
+ "__module__": "google.identity.accesscontextmanager.v1.gcp_user_access_binding_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.GcpUserAccessBinding)
+ },
+)
+_sym_db.RegisterMessage(GcpUserAccessBinding)
+
+if _descriptor._USE_C_DESCRIPTORS == False:
+
+ DESCRIPTOR._options = None
+ DESCRIPTOR._serialized_options = b"\n+com.google.identity.accesscontextmanager.v1B\031GcpUserAccessBindingProtoP\001Z\\cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb\242\002\004GACM\252\002'Google.Identity.AccessContextManager.V1\312\002'Google\\Identity\\AccessContextManager\\V1\352\002*Google::Identity::AccessContextManager::V1"
+ _GCPUSERACCESSBINDING.fields_by_name["name"]._options = None
+ _GCPUSERACCESSBINDING.fields_by_name["name"]._serialized_options = b"\340A\005"
+ _GCPUSERACCESSBINDING.fields_by_name["group_key"]._options = None
+ _GCPUSERACCESSBINDING.fields_by_name[
+ "group_key"
+ ]._serialized_options = b"\340A\002\340A\005"
+ _GCPUSERACCESSBINDING.fields_by_name["access_levels"]._options = None
+ _GCPUSERACCESSBINDING.fields_by_name[
+ "access_levels"
+ ]._serialized_options = (
+ b"\340A\002\372A1\n/accesscontextmanager.googleapis.com/AccessLevel"
+ )
+ _GCPUSERACCESSBINDING._options = None
+ _GCPUSERACCESSBINDING._serialized_options = b"\352A\210\001\n8accesscontextmanager.googleapis.com/GcpUserAccessBinding\022Lorganizations/{organization}/gcpUserAccessBindings/{gcp_user_access_binding}"
+ _GCPUSERACCESSBINDING._serialized_start = 175
+ _GCPUSERACCESSBINDING._serialized_end = 466
+# @@protoc_insertion_point(module_scope)
diff --git a/google/identity/accesscontextmanager/v1/service_perimeter.proto b/google/identity/accesscontextmanager/v1/service_perimeter.proto
index 89d7681..03c324d 100644
--- a/google/identity/accesscontextmanager/v1/service_perimeter.proto
+++ b/google/identity/accesscontextmanager/v1/service_perimeter.proto
@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@@ -16,17 +16,17 @@ syntax = "proto3";
package google.identity.accesscontextmanager.v1;
+import "google/api/resource.proto";
import "google/protobuf/timestamp.proto";
-import "google/api/annotations.proto";
option csharp_namespace = "Google.Identity.AccessContextManager.V1";
-option go_package = "google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager";
+option go_package = "cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb";
option java_multiple_files = true;
option java_outer_classname = "ServicePerimeterProto";
option java_package = "com.google.identity.accesscontextmanager.v1";
+option objc_class_prefix = "GACM";
option php_namespace = "Google\\Identity\\AccessContextManager\\V1";
option ruby_package = "Google::Identity::AccessContextManager::V1";
-option objc_class_prefix = "GACM";
// `ServicePerimeter` describes a set of Google Cloud resources which can freely
// import and export data amongst themselves, but not export outside of the
@@ -39,6 +39,11 @@ option objc_class_prefix = "GACM";
// a single Google Cloud project may belong to multiple Service Perimeter
// Bridges.
message ServicePerimeter {
+ option (google.api.resource) = {
+ type: "accesscontextmanager.googleapis.com/ServicePerimeter"
+ pattern: "accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}"
+ };
+
// Specifies the type of the Perimeter. There are two types: regular and
// bridge. Regular Service Perimeter contains resources, access levels, and
// restricted services. Every resource can be in at most ONE
@@ -64,7 +69,8 @@ message ServicePerimeter {
// Required. Resource name for the ServicePerimeter. The `short_name`
// component must begin with a letter and only include alphanumeric and '_'.
- // Format: `accessPolicies/{policy_id}/servicePerimeters/{short_name}`
+ // Format:
+ // `accessPolicies/{access_policy}/servicePerimeters/{service_perimeter}`
string name = 1;
// Human readable title. Must be unique within the Policy.
@@ -123,10 +129,304 @@ message ServicePerimeterConfig {
bool enable_restriction = 1;
// The list of APIs usable within the Service Perimeter. Must be empty
- // unless 'enable_restriction' is True.
+ // unless 'enable_restriction' is True. You can specify a list of individual
+ // services, as well as include the 'RESTRICTED-SERVICES' value, which
+ // automatically includes all of the services protected by the perimeter.
repeated string allowed_services = 2;
}
+ // Specifies the types of identities that are allowed access in either
+ // [IngressFrom]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom]
+ // or [EgressFrom]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]
+ // rules.
+ enum IdentityType {
+ // No blanket identity group specified.
+ IDENTITY_TYPE_UNSPECIFIED = 0;
+
+ // Authorize access from all identities outside the perimeter.
+ ANY_IDENTITY = 1;
+
+ // Authorize access from all human users outside the perimeter.
+ ANY_USER_ACCOUNT = 2;
+
+ // Authorize access from all service accounts outside the perimeter.
+ ANY_SERVICE_ACCOUNT = 3;
+ }
+
+ // An allowed method or permission of a service specified in [ApiOperation]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
+ message MethodSelector {
+ // The API method name or Cloud IAM permission name to allow.
+ oneof kind {
+ // Value for `method` should be a valid method name for the corresponding
+ // `service_name` in [ApiOperation]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
+ // If `*` used as value for `method`, then ALL methods and permissions are
+ // allowed.
+ string method = 1;
+
+ // Value for `permission` should be a valid Cloud IAM permission for the
+ // corresponding `service_name` in [ApiOperation]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation].
+ string permission = 2;
+ }
+ }
+
+ // Identification for an API Operation.
+ message ApiOperation {
+ // The name of the API whose methods or permissions the [IngressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ // or [EgressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+ // want to allow. A single [ApiOperation]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+ // with `service_name` field set to `*` will allow all methods AND
+ // permissions for all services.
+ string service_name = 1;
+
+ // API methods or permissions to allow. Method or permission must belong to
+ // the service specified by `service_name` field. A single [MethodSelector]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector]
+ // entry with `*` specified for the `method` field will allow all methods
+ // AND permissions for the service specified in `service_name`.
+ repeated MethodSelector method_selectors = 2;
+ }
+
+ // The source that [IngressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ // authorizes access from.
+ message IngressSource {
+ // Allowed ingress source. It can be one of [AccessLevel]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] or Google
+ // Cloud resource.
+ oneof source {
+ // An [AccessLevel]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] resource
+ // name that allow resources within the [ServicePerimeters]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] to be
+ // accessed from the internet. [AccessLevels]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] listed must
+ // be in the same policy as this [ServicePerimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter].
+ // Referencing a nonexistent [AccessLevel]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] will cause
+ // an error. If no [AccessLevel]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] names are
+ // listed, resources within the perimeter can only be accessed via Google
+ // Cloud calls with request origins within the perimeter. Example:
+ // `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is
+ // specified for `access_level`, then all [IngressSources]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource]
+ // will be allowed.
+ string access_level = 1;
+
+ // A Google Cloud resource that is allowed to ingress the perimeter.
+ // Requests from these resources will be allowed to access perimeter data.
+ // Currently only projects are allowed.
+ // Format: `projects/{project_number}`
+ // The project may be in any Google Cloud organization, not just the
+ // organization that the perimeter is defined in. `*` is not allowed, the
+ // case of allowing all Google Cloud resources only is not supported.
+ string resource = 2;
+ }
+ }
+
+ // Defines the conditions under which an [IngressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ // matches a request. Conditions are based on information about the source of
+ // the request. The request must satisfy what is defined in `sources` AND
+ // identity related fields in order to match.
+ message IngressFrom {
+ // Sources that this [IngressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ // authorizes access from.
+ repeated IngressSource sources = 1;
+
+ // A list of identities that are allowed access through this ingress
+ // policy. Should be in the format of email address. The email address
+ // should represent individual user or service account only.
+ repeated string identities = 2;
+
+ // Specifies the type of identities that are allowed access from outside the
+ // perimeter. If left unspecified, then members of `identities` field will
+ // be allowed access.
+ IdentityType identity_type = 3;
+ }
+
+ // Defines the conditions under which an [IngressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ // matches a request. Conditions are based on information about the
+ // [ApiOperation]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+ // intended to be performed on the target resource of the request. The request
+ // must satisfy what is defined in `operations` AND `resources` in order to
+ // match.
+ message IngressTo {
+ // A list of [ApiOperations]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+ // allowed to be performed by the sources specified in corresponding
+ // [IngressFrom]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom]
+ // in this [ServicePerimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter].
+ repeated ApiOperation operations = 1;
+
+ // A list of resources, currently only projects in the form
+ // `projects/`, protected by this [ServicePerimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] that are
+ // allowed to be accessed by sources defined in the corresponding
+ // [IngressFrom]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom].
+ // If a single `*` is specified, then access to all resources inside the
+ // perimeter are allowed.
+ repeated string resources = 2;
+ }
+
+ // Policy for ingress into [ServicePerimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter].
+ //
+ // [IngressPolicies]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ // match requests based on `ingress_from` and `ingress_to` stanzas. For an
+ // ingress policy to match, both the `ingress_from` and `ingress_to` stanzas
+ // must be matched. If an [IngressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ // matches a request, the request is allowed through the perimeter boundary
+ // from outside the perimeter.
+ //
+ // For example, access from the internet can be allowed either
+ // based on an [AccessLevel]
+ // [google.identity.accesscontextmanager.v1.AccessLevel] or, for traffic
+ // hosted on Google Cloud, the project of the source network. For access from
+ // private networks, using the project of the hosting network is required.
+ //
+ // Individual ingress policies can be limited by restricting which
+ // services and/or actions they match using the `ingress_to` field.
+ message IngressPolicy {
+ // Defines the conditions on the source of a request causing this
+ // [IngressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ // to apply.
+ IngressFrom ingress_from = 1;
+
+ // Defines the conditions on the [ApiOperation]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+ // and request destination that cause this [IngressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ // to apply.
+ IngressTo ingress_to = 2;
+ }
+
+ // Defines the conditions under which an [EgressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+ // matches a request. Conditions based on information about the source of the
+ // request. Note that if the destination of the request is also protected by a
+ // [ServicePerimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter], then that
+ // [ServicePerimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] must have
+ // an [IngressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ // which allows access in order for this request to succeed.
+ message EgressFrom {
+ // A list of identities that are allowed access through this [EgressPolicy].
+ // Should be in the format of email address. The email address should
+ // represent individual user or service account only.
+ repeated string identities = 1;
+
+ // Specifies the type of identities that are allowed access to outside the
+ // perimeter. If left unspecified, then members of `identities` field will
+ // be allowed access.
+ IdentityType identity_type = 2;
+ }
+
+ // Defines the conditions under which an [EgressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+ // matches a request. Conditions are based on information about the
+ // [ApiOperation]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+ // intended to be performed on the `resources` specified. Note that if the
+ // destination of the request is also protected by a [ServicePerimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter], then that
+ // [ServicePerimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] must have
+ // an [IngressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ // which allows access in order for this request to succeed. The request must
+ // match `operations` AND `resources` fields in order to be allowed egress out
+ // of the perimeter.
+ message EgressTo {
+ // A list of resources, currently only projects in the form
+ // `projects/`, that are allowed to be accessed by sources
+ // defined in the corresponding [EgressFrom]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
+ // A request matches if it contains a resource in this list. If `*` is
+ // specified for `resources`, then this [EgressTo]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo]
+ // rule will authorize access to all resources outside the perimeter.
+ repeated string resources = 1;
+
+ // A list of [ApiOperations]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+ // allowed to be performed by the sources specified in the corresponding
+ // [EgressFrom]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom].
+ // A request matches if it uses an operation/service in this list.
+ repeated ApiOperation operations = 2;
+
+ // A list of external resources that are allowed to be accessed. Only AWS
+ // and Azure resources are supported. For Amazon S3, the supported format is
+ // s3://BUCKET_NAME. For Azure Storage, the supported format is
+ // azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches
+ // if it contains an external resource in this list (Example:
+ // s3://bucket/path). Currently '*' is not allowed.
+ repeated string external_resources = 3;
+ }
+
+ // Policy for egress from perimeter.
+ //
+ // [EgressPolicies]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+ // match requests based on `egress_from` and `egress_to` stanzas. For an
+ // [EgressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+ // to match, both `egress_from` and `egress_to` stanzas must be matched. If an
+ // [EgressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+ // matches a request, the request is allowed to span the [ServicePerimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] boundary.
+ // For example, an [EgressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+ // can be used to allow VMs on networks within the [ServicePerimeter]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeter] to access a
+ // defined set of projects outside the perimeter in certain contexts (e.g. to
+ // read data from a Cloud Storage bucket or query against a BigQuery dataset).
+ //
+ // [EgressPolicies]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+ // are concerned with the *resources* that a request relates as well as the
+ // API services and API actions being used. They do not related to the
+ // direction of data movement. More detailed documentation for this concept
+ // can be found in the descriptions of [EgressFrom]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]
+ // and [EgressTo]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo].
+ message EgressPolicy {
+ // Defines conditions on the source of a request causing this [EgressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+ // to apply.
+ EgressFrom egress_from = 1;
+
+ // Defines the conditions on the [ApiOperation]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
+ // and destination resources that cause this [EgressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+ // to apply.
+ EgressTo egress_to = 2;
+ }
+
// A list of Google Cloud resources that are inside of the service perimeter.
// Currently only projects are allowed. Format: `projects/{project_number}`
repeated string resources = 1;
@@ -149,4 +449,24 @@ message ServicePerimeterConfig {
// Configuration for APIs allowed within Perimeter.
VpcAccessibleServices vpc_accessible_services = 10;
+
+ // List of [IngressPolicies]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ // to apply to the perimeter. A perimeter may have multiple [IngressPolicies]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy],
+ // each of which is evaluated separately. Access is granted if any [Ingress
+ // Policy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
+ // grants it. Must be empty for a perimeter bridge.
+ repeated IngressPolicy ingress_policies = 8;
+
+ // List of [EgressPolicies]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+ // to apply to the perimeter. A perimeter may have multiple [EgressPolicies]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy],
+ // each of which is evaluated separately. Access is granted if any
+ // [EgressPolicy]
+ // [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
+ // grants it. Must be empty for a perimeter bridge.
+ repeated EgressPolicy egress_policies = 9;
}
diff --git a/google/identity/accesscontextmanager/v1/service_perimeter_pb2.py b/google/identity/accesscontextmanager/v1/service_perimeter_pb2.py
index 7635d8f..1478a3f 100644
--- a/google/identity/accesscontextmanager/v1/service_perimeter_pb2.py
+++ b/google/identity/accesscontextmanager/v1/service_perimeter_pb2.py
@@ -28,12 +28,12 @@
_sym_db = _symbol_database.Default()
+from google.api import resource_pb2 as google_dot_api_dot_resource__pb2
from google.protobuf import timestamp_pb2 as google_dot_protobuf_dot_timestamp__pb2
-from google.api import annotations_pb2 as google_dot_api_dot_annotations__pb2
DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(
- b"\n?google/identity/accesscontextmanager/v1/service_perimeter.proto\x12'google.identity.accesscontextmanager.v1\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x1cgoogle/api/annotations.proto\"\x92\x04\n\x10ServicePerimeter\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\r\n\x05title\x18\x02 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x03 \x01(\t\x12/\n\x0b\x63reate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12/\n\x0bupdate_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12_\n\x0eperimeter_type\x18\x06 \x01(\x0e\x32G.google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType\x12O\n\x06status\x18\x07 \x01(\x0b\x32?.google.identity.accesscontextmanager.v1.ServicePerimeterConfig\x12M\n\x04spec\x18\x08 \x01(\x0b\x32?.google.identity.accesscontextmanager.v1.ServicePerimeterConfig\x12!\n\x19use_explicit_dry_run_spec\x18\t \x01(\x08\"F\n\rPerimeterType\x12\x1a\n\x16PERIMETER_TYPE_REGULAR\x10\x00\x12\x19\n\x15PERIMETER_TYPE_BRIDGE\x10\x01\"\xa6\x02\n\x16ServicePerimeterConfig\x12\x11\n\tresources\x18\x01 \x03(\t\x12\x15\n\raccess_levels\x18\x02 \x03(\t\x12\x1b\n\x13restricted_services\x18\x04 \x03(\t\x12v\n\x17vpc_accessible_services\x18\n \x01(\x0b\x32U.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices\x1aM\n\x15VpcAccessibleServices\x12\x1a\n\x12\x65nable_restriction\x18\x01 \x01(\x08\x12\x18\n\x10\x61llowed_services\x18\x02 \x03(\tB\xab\x02\n+com.google.identity.accesscontextmanager.v1B\x15ServicePerimeterProtoP\x01Z[google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager\xa2\x02\x04GACM\xaa\x02'Google.Identity.AccessContextManager.V1\xca\x02'Google\\Identity\\AccessContextManager\\V1\xea\x02*Google::Identity::AccessContextManager::V1b\x06proto3"
+ b'\n?google/identity/accesscontextmanager/v1/service_perimeter.proto\x12\'google.identity.accesscontextmanager.v1\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto"\x93\x05\n\x10ServicePerimeter\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\r\n\x05title\x18\x02 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x03 \x01(\t\x12/\n\x0b\x63reate_time\x18\x04 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12/\n\x0bupdate_time\x18\x05 \x01(\x0b\x32\x1a.google.protobuf.Timestamp\x12_\n\x0eperimeter_type\x18\x06 \x01(\x0e\x32G.google.identity.accesscontextmanager.v1.ServicePerimeter.PerimeterType\x12O\n\x06status\x18\x07 \x01(\x0b\x32?.google.identity.accesscontextmanager.v1.ServicePerimeterConfig\x12M\n\x04spec\x18\x08 \x01(\x0b\x32?.google.identity.accesscontextmanager.v1.ServicePerimeterConfig\x12!\n\x19use_explicit_dry_run_spec\x18\t \x01(\x08"F\n\rPerimeterType\x12\x1a\n\x16PERIMETER_TYPE_REGULAR\x10\x00\x12\x19\n\x15PERIMETER_TYPE_BRIDGE\x10\x01:\x7f\xea\x41|\n4accesscontextmanager.googleapis.com/ServicePerimeter\x12\x44\x61\x63\x63\x65ssPolicies/{access_policy}/servicePerimeters/{service_perimeter}"\xb5\x0f\n\x16ServicePerimeterConfig\x12\x11\n\tresources\x18\x01 \x03(\t\x12\x15\n\raccess_levels\x18\x02 \x03(\t\x12\x1b\n\x13restricted_services\x18\x04 \x03(\t\x12v\n\x17vpc_accessible_services\x18\n \x01(\x0b\x32U.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices\x12g\n\x10ingress_policies\x18\x08 \x03(\x0b\x32M.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy\x12\x65\n\x0f\x65gress_policies\x18\t \x03(\x0b\x32L.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy\x1aM\n\x15VpcAccessibleServices\x12\x1a\n\x12\x65nable_restriction\x18\x01 \x01(\x08\x12\x18\n\x10\x61llowed_services\x18\x02 \x03(\t\x1a@\n\x0eMethodSelector\x12\x10\n\x06method\x18\x01 \x01(\tH\x00\x12\x14\n\npermission\x18\x02 \x01(\tH\x00\x42\x06\n\x04kind\x1a\x8e\x01\n\x0c\x41piOperation\x12\x14\n\x0cservice_name\x18\x01 \x01(\t\x12h\n\x10method_selectors\x18\x02 \x03(\x0b\x32N.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector\x1a\x45\n\rIngressSource\x12\x16\n\x0c\x61\x63\x63\x65ss_level\x18\x01 \x01(\tH\x00\x12\x12\n\x08resource\x18\x02 \x01(\tH\x00\x42\x08\n\x06source\x1a\xe6\x01\n\x0bIngressFrom\x12^\n\x07sources\x18\x01 \x03(\x0b\x32M.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource\x12\x12\n\nidentities\x18\x02 \x03(\t\x12\x63\n\ridentity_type\x18\x03 \x01(\x0e\x32L.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType\x1a\x80\x01\n\tIngressTo\x12`\n\noperations\x18\x01 \x03(\x0b\x32L.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation\x12\x11\n\tresources\x18\x02 \x03(\t\x1a\xd1\x01\n\rIngressPolicy\x12\x61\n\x0cingress_from\x18\x01 \x01(\x0b\x32K.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom\x12]\n\ningress_to\x18\x02 \x01(\x0b\x32I.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo\x1a\x85\x01\n\nEgressFrom\x12\x12\n\nidentities\x18\x01 \x03(\t\x12\x63\n\ridentity_type\x18\x02 \x01(\x0e\x32L.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IdentityType\x1a\x9b\x01\n\x08\x45gressTo\x12\x11\n\tresources\x18\x01 \x03(\t\x12`\n\noperations\x18\x02 \x03(\x0b\x32L.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation\x12\x1a\n\x12\x65xternal_resources\x18\x03 \x03(\t\x1a\xcc\x01\n\x0c\x45gressPolicy\x12_\n\x0b\x65gress_from\x18\x01 \x01(\x0b\x32J.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom\x12[\n\tegress_to\x18\x02 \x01(\x0b\x32H.google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo"n\n\x0cIdentityType\x12\x1d\n\x19IDENTITY_TYPE_UNSPECIFIED\x10\x00\x12\x10\n\x0c\x41NY_IDENTITY\x10\x01\x12\x14\n\x10\x41NY_USER_ACCOUNT\x10\x02\x12\x17\n\x13\x41NY_SERVICE_ACCOUNT\x10\x03\x42\xac\x02\n+com.google.identity.accesscontextmanager.v1B\x15ServicePerimeterProtoP\x01Z\\cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb\xa2\x02\x04GACM\xaa\x02\'Google.Identity.AccessContextManager.V1\xca\x02\'Google\\Identity\\AccessContextManager\\V1\xea\x02*Google::Identity::AccessContextManager::V1b\x06proto3'
)
@@ -42,7 +42,37 @@
_SERVICEPERIMETERCONFIG_VPCACCESSIBLESERVICES = (
_SERVICEPERIMETERCONFIG.nested_types_by_name["VpcAccessibleServices"]
)
+_SERVICEPERIMETERCONFIG_METHODSELECTOR = _SERVICEPERIMETERCONFIG.nested_types_by_name[
+ "MethodSelector"
+]
+_SERVICEPERIMETERCONFIG_APIOPERATION = _SERVICEPERIMETERCONFIG.nested_types_by_name[
+ "ApiOperation"
+]
+_SERVICEPERIMETERCONFIG_INGRESSSOURCE = _SERVICEPERIMETERCONFIG.nested_types_by_name[
+ "IngressSource"
+]
+_SERVICEPERIMETERCONFIG_INGRESSFROM = _SERVICEPERIMETERCONFIG.nested_types_by_name[
+ "IngressFrom"
+]
+_SERVICEPERIMETERCONFIG_INGRESSTO = _SERVICEPERIMETERCONFIG.nested_types_by_name[
+ "IngressTo"
+]
+_SERVICEPERIMETERCONFIG_INGRESSPOLICY = _SERVICEPERIMETERCONFIG.nested_types_by_name[
+ "IngressPolicy"
+]
+_SERVICEPERIMETERCONFIG_EGRESSFROM = _SERVICEPERIMETERCONFIG.nested_types_by_name[
+ "EgressFrom"
+]
+_SERVICEPERIMETERCONFIG_EGRESSTO = _SERVICEPERIMETERCONFIG.nested_types_by_name[
+ "EgressTo"
+]
+_SERVICEPERIMETERCONFIG_EGRESSPOLICY = _SERVICEPERIMETERCONFIG.nested_types_by_name[
+ "EgressPolicy"
+]
_SERVICEPERIMETER_PERIMETERTYPE = _SERVICEPERIMETER.enum_types_by_name["PerimeterType"]
+_SERVICEPERIMETERCONFIG_IDENTITYTYPE = _SERVICEPERIMETERCONFIG.enum_types_by_name[
+ "IdentityType"
+]
ServicePerimeter = _reflection.GeneratedProtocolMessageType(
"ServicePerimeter",
(_message.Message,),
@@ -67,6 +97,87 @@
# @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.VpcAccessibleServices)
},
),
+ "MethodSelector": _reflection.GeneratedProtocolMessageType(
+ "MethodSelector",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _SERVICEPERIMETERCONFIG_METHODSELECTOR,
+ "__module__": "google.identity.accesscontextmanager.v1.service_perimeter_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.MethodSelector)
+ },
+ ),
+ "ApiOperation": _reflection.GeneratedProtocolMessageType(
+ "ApiOperation",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _SERVICEPERIMETERCONFIG_APIOPERATION,
+ "__module__": "google.identity.accesscontextmanager.v1.service_perimeter_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation)
+ },
+ ),
+ "IngressSource": _reflection.GeneratedProtocolMessageType(
+ "IngressSource",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _SERVICEPERIMETERCONFIG_INGRESSSOURCE,
+ "__module__": "google.identity.accesscontextmanager.v1.service_perimeter_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressSource)
+ },
+ ),
+ "IngressFrom": _reflection.GeneratedProtocolMessageType(
+ "IngressFrom",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _SERVICEPERIMETERCONFIG_INGRESSFROM,
+ "__module__": "google.identity.accesscontextmanager.v1.service_perimeter_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressFrom)
+ },
+ ),
+ "IngressTo": _reflection.GeneratedProtocolMessageType(
+ "IngressTo",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _SERVICEPERIMETERCONFIG_INGRESSTO,
+ "__module__": "google.identity.accesscontextmanager.v1.service_perimeter_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressTo)
+ },
+ ),
+ "IngressPolicy": _reflection.GeneratedProtocolMessageType(
+ "IngressPolicy",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _SERVICEPERIMETERCONFIG_INGRESSPOLICY,
+ "__module__": "google.identity.accesscontextmanager.v1.service_perimeter_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy)
+ },
+ ),
+ "EgressFrom": _reflection.GeneratedProtocolMessageType(
+ "EgressFrom",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _SERVICEPERIMETERCONFIG_EGRESSFROM,
+ "__module__": "google.identity.accesscontextmanager.v1.service_perimeter_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom)
+ },
+ ),
+ "EgressTo": _reflection.GeneratedProtocolMessageType(
+ "EgressTo",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _SERVICEPERIMETERCONFIG_EGRESSTO,
+ "__module__": "google.identity.accesscontextmanager.v1.service_perimeter_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo)
+ },
+ ),
+ "EgressPolicy": _reflection.GeneratedProtocolMessageType(
+ "EgressPolicy",
+ (_message.Message,),
+ {
+ "DESCRIPTOR": _SERVICEPERIMETERCONFIG_EGRESSPOLICY,
+ "__module__": "google.identity.accesscontextmanager.v1.service_perimeter_pb2"
+ # @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy)
+ },
+ ),
"DESCRIPTOR": _SERVICEPERIMETERCONFIG,
"__module__": "google.identity.accesscontextmanager.v1.service_perimeter_pb2"
# @@protoc_insertion_point(class_scope:google.identity.accesscontextmanager.v1.ServicePerimeterConfig)
@@ -74,17 +185,48 @@
)
_sym_db.RegisterMessage(ServicePerimeterConfig)
_sym_db.RegisterMessage(ServicePerimeterConfig.VpcAccessibleServices)
+_sym_db.RegisterMessage(ServicePerimeterConfig.MethodSelector)
+_sym_db.RegisterMessage(ServicePerimeterConfig.ApiOperation)
+_sym_db.RegisterMessage(ServicePerimeterConfig.IngressSource)
+_sym_db.RegisterMessage(ServicePerimeterConfig.IngressFrom)
+_sym_db.RegisterMessage(ServicePerimeterConfig.IngressTo)
+_sym_db.RegisterMessage(ServicePerimeterConfig.IngressPolicy)
+_sym_db.RegisterMessage(ServicePerimeterConfig.EgressFrom)
+_sym_db.RegisterMessage(ServicePerimeterConfig.EgressTo)
+_sym_db.RegisterMessage(ServicePerimeterConfig.EgressPolicy)
if _descriptor._USE_C_DESCRIPTORS == False:
DESCRIPTOR._options = None
- DESCRIPTOR._serialized_options = b"\n+com.google.identity.accesscontextmanager.v1B\025ServicePerimeterProtoP\001Z[google.golang.org/genproto/googleapis/identity/accesscontextmanager/v1;accesscontextmanager\242\002\004GACM\252\002'Google.Identity.AccessContextManager.V1\312\002'Google\\Identity\\AccessContextManager\\V1\352\002*Google::Identity::AccessContextManager::V1"
- _SERVICEPERIMETER._serialized_start = 172
- _SERVICEPERIMETER._serialized_end = 702
- _SERVICEPERIMETER_PERIMETERTYPE._serialized_start = 632
- _SERVICEPERIMETER_PERIMETERTYPE._serialized_end = 702
- _SERVICEPERIMETERCONFIG._serialized_start = 705
- _SERVICEPERIMETERCONFIG._serialized_end = 999
- _SERVICEPERIMETERCONFIG_VPCACCESSIBLESERVICES._serialized_start = 922
- _SERVICEPERIMETERCONFIG_VPCACCESSIBLESERVICES._serialized_end = 999
+ DESCRIPTOR._serialized_options = b"\n+com.google.identity.accesscontextmanager.v1B\025ServicePerimeterProtoP\001Z\\cloud.google.com/go/accesscontextmanager/apiv1/accesscontextmanagerpb;accesscontextmanagerpb\242\002\004GACM\252\002'Google.Identity.AccessContextManager.V1\312\002'Google\\Identity\\AccessContextManager\\V1\352\002*Google::Identity::AccessContextManager::V1"
+ _SERVICEPERIMETER._options = None
+ _SERVICEPERIMETER._serialized_options = b"\352A|\n4accesscontextmanager.googleapis.com/ServicePerimeter\022DaccessPolicies/{access_policy}/servicePerimeters/{service_perimeter}"
+ _SERVICEPERIMETER._serialized_start = 169
+ _SERVICEPERIMETER._serialized_end = 828
+ _SERVICEPERIMETER_PERIMETERTYPE._serialized_start = 629
+ _SERVICEPERIMETER_PERIMETERTYPE._serialized_end = 699
+ _SERVICEPERIMETERCONFIG._serialized_start = 831
+ _SERVICEPERIMETERCONFIG._serialized_end = 2804
+ _SERVICEPERIMETERCONFIG_VPCACCESSIBLESERVICES._serialized_start = 1256
+ _SERVICEPERIMETERCONFIG_VPCACCESSIBLESERVICES._serialized_end = 1333
+ _SERVICEPERIMETERCONFIG_METHODSELECTOR._serialized_start = 1335
+ _SERVICEPERIMETERCONFIG_METHODSELECTOR._serialized_end = 1399
+ _SERVICEPERIMETERCONFIG_APIOPERATION._serialized_start = 1402
+ _SERVICEPERIMETERCONFIG_APIOPERATION._serialized_end = 1544
+ _SERVICEPERIMETERCONFIG_INGRESSSOURCE._serialized_start = 1546
+ _SERVICEPERIMETERCONFIG_INGRESSSOURCE._serialized_end = 1615
+ _SERVICEPERIMETERCONFIG_INGRESSFROM._serialized_start = 1618
+ _SERVICEPERIMETERCONFIG_INGRESSFROM._serialized_end = 1848
+ _SERVICEPERIMETERCONFIG_INGRESSTO._serialized_start = 1851
+ _SERVICEPERIMETERCONFIG_INGRESSTO._serialized_end = 1979
+ _SERVICEPERIMETERCONFIG_INGRESSPOLICY._serialized_start = 1982
+ _SERVICEPERIMETERCONFIG_INGRESSPOLICY._serialized_end = 2191
+ _SERVICEPERIMETERCONFIG_EGRESSFROM._serialized_start = 2194
+ _SERVICEPERIMETERCONFIG_EGRESSFROM._serialized_end = 2327
+ _SERVICEPERIMETERCONFIG_EGRESSTO._serialized_start = 2330
+ _SERVICEPERIMETERCONFIG_EGRESSTO._serialized_end = 2485
+ _SERVICEPERIMETERCONFIG_EGRESSPOLICY._serialized_start = 2488
+ _SERVICEPERIMETERCONFIG_EGRESSPOLICY._serialized_end = 2692
+ _SERVICEPERIMETERCONFIG_IDENTITYTYPE._serialized_start = 2694
+ _SERVICEPERIMETERCONFIG_IDENTITYTYPE._serialized_end = 2804
# @@protoc_insertion_point(module_scope)
diff --git a/noxfile.py b/noxfile.py
index a741df2..7b1fd9b 100644
--- a/noxfile.py
+++ b/noxfile.py
@@ -36,7 +36,7 @@
DEFAULT_PYTHON_VERSION = "3.8"
-UNIT_TEST_PYTHON_VERSIONS = ["3.7", "3.8", "3.9", "3.10"]
+UNIT_TEST_PYTHON_VERSIONS = ["3.7", "3.8", "3.9", "3.10", "3.11", "3.12"]
UNIT_TEST_STANDARD_DEPENDENCIES = [
"mock",
"asyncmock",
@@ -68,10 +68,11 @@
nox.options.sessions = [
"system",
"lint",
- "test",
+ "integration_test",
"lint_setup_py",
"blacken",
"docs",
+ "unit",
]
# Error if a python version is missing
@@ -183,11 +184,6 @@ def default(session):
)
-def unit(session):
- """Run the unit test suite."""
- default(session)
-
-
def install_systemtest_dependencies(session, *constraints):
# Use pre-release gRPC for system tests.
@@ -217,19 +213,24 @@ def install_systemtest_dependencies(session, *constraints):
session.install("-e", ".", *constraints)
-@nox.session(python=["3.7", "3.8", "3.9"])
+@nox.session(python=UNIT_TEST_PYTHON_VERSIONS)
@nox.parametrize(
"library",
- ["python-asset"],
+ [
+ ("google-cloud-python", "google-cloud-asset"),
+ ],
ids=["asset"],
)
-def test(session, library):
+def integration_test(session, library):
"""Run tests from a downstream libraries.
To verify that any changes we make here will not break downstream libraries, clone
a few and run their unit and system tests.
NOTE: The unit and system test functions above are copied from the templates.
They will need to be updated when the templates change.
"""
+ package = ""
+ if type(library) == tuple:
+ library, package = library
try:
session.run("git", "-C", library, "pull", external=True)
except nox.command.CommandFailed:
@@ -242,7 +243,9 @@ def test(session, library):
)
session.cd(library)
- unit(session)
+ if package:
+ session.cd(f"packages/{package}")
+ default(session)
# system tests are run 3.7 only
if session.python == "3.7":
system(session)
@@ -315,12 +318,25 @@ def system(session):
)
-@nox.session(python=DEFAULT_PYTHON_VERSION)
+@nox.session(python="3.9")
def docs(session):
"""Build the docs for this library."""
session.install("-e", ".")
- session.install("sphinx==4.0.1", "alabaster", "recommonmark")
+ session.install(
+ # We need to pin to specific versions of the `sphinxcontrib-*` packages
+ # which still support sphinx 4.x.
+ # See https://github.com/googleapis/sphinx-docfx-yaml/issues/344
+ # and https://github.com/googleapis/sphinx-docfx-yaml/issues/345.
+ "sphinxcontrib-applehelp==1.0.4",
+ "sphinxcontrib-devhelp==1.0.2",
+ "sphinxcontrib-htmlhelp==2.0.1",
+ "sphinxcontrib-qthelp==1.0.3",
+ "sphinxcontrib-serializinghtml==1.1.5",
+ "sphinx==4.5.0",
+ "alabaster",
+ "recommonmark",
+ )
shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True)
session.run(
@@ -337,13 +353,24 @@ def docs(session):
)
-@nox.session(python=DEFAULT_PYTHON_VERSION)
+@nox.session(python="3.10")
def docfx(session):
"""Build the docfx yaml files for this library."""
session.install("-e", ".")
session.install(
- "sphinx==4.0.1", "alabaster", "recommonmark", "gcp-sphinx-docfx-yaml"
+ # We need to pin to specific versions of the `sphinxcontrib-*` packages
+ # which still support sphinx 4.x.
+ # See https://github.com/googleapis/sphinx-docfx-yaml/issues/344
+ # and https://github.com/googleapis/sphinx-docfx-yaml/issues/345.
+ "sphinxcontrib-applehelp==1.0.4",
+ "sphinxcontrib-devhelp==1.0.2",
+ "sphinxcontrib-htmlhelp==2.0.1",
+ "sphinxcontrib-qthelp==1.0.3",
+ "sphinxcontrib-serializinghtml==1.1.5",
+ "gcp-sphinx-docfx-yaml",
+ "alabaster",
+ "recommonmark",
)
shutil.rmtree(os.path.join("docs", "_build"), ignore_errors=True)
@@ -370,3 +397,9 @@ def docfx(session):
os.path.join("docs", ""),
os.path.join("docs", "_build", "html", ""),
)
+
+
+@nox.session(python=UNIT_TEST_PYTHON_VERSIONS)
+def unit(session):
+ """Run the unit test suite."""
+ default(session)
diff --git a/owlbot.py b/owlbot.py
index f5bb734..9562802 100644
--- a/owlbot.py
+++ b/owlbot.py
@@ -34,12 +34,29 @@
# This is required in order for s.copy() to work
s._tracked_paths.add("googleapis")
-os.makedirs("google/api", exist_ok=True)
-os.makedirs("google/type", exist_ok=True)
-
-s.copy("googleapis/google/api/annotations.proto", "google/api")
-s.copy("googleapis/google/api/http.proto", "google/api")
-s.copy("googleapis/google/type/expr.proto", "google/type")
+common_apis = [
+ "google/api",
+ "google/iam/v1",
+ "google/longrunning",
+ "google/rpc",
+ "google/type",
+]
+
+# Create folders for dependencies of the protos that we want to compile
+_ = [os.makedirs(dir, exist_ok=True) for dir in common_apis]
+
+# Copy dependencies of the protos that we want to compile from googleapis
+_ = [s.copy(f"googleapis/{dir}/*.proto", dir) for dir in common_apis]
+
+# Copy the protos that we want to compile from googleapis
+s.copy(
+ "googleapis/google/identity/accesscontextmanager/v1/*.proto",
+ "google/identity/accesscontextmanager/v1",
+)
+s.copy(
+ "googleapis/google/identity/accesscontextmanager/type/*.proto",
+ "google/identity/accesscontextmanager/type",
+)
# Clean up googleapis
shutil.rmtree("googleapis")
@@ -66,35 +83,14 @@
# Generate _pb2.py files and format them
s.shell.run(["nox", "-s", "generate_protos"])
-# Clean up
-shutil.rmtree("google/api")
-shutil.rmtree("google/type")
+# Clean up the folders for dependencies which are shipped via `googleapis-common-protos`
+# We should not ship them via this repository
+_ = [shutil.rmtree(dir) for dir in common_apis]
+
+# Also clean up "google/iam" directory
+shutil.rmtree("google/iam")
s.shell.run(["nox", "-s", "blacken"], hide_output=False)
# Add license headers
python.fix_pb2_headers()
-
-LICENSE = """
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License."""
-
-PB2_GRPC_HEADER = r"""(\# Generated by the gRPC Python protocol compiler plugin\. DO NOT EDIT!$)
-(.*?$)"""
-
-s.replace(
- "**/*_pb2_grpc.py",
- PB2_GRPC_HEADER,
- rf"{LICENSE}\n\n\g<1>\n\n\g<2>", # add line breaks to avoid stacking replacements
-)
diff --git a/scripts/decrypt-secrets.sh b/scripts/decrypt-secrets.sh
index 21f6d2a..0018b42 100755
--- a/scripts/decrypt-secrets.sh
+++ b/scripts/decrypt-secrets.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2015 Google Inc. All rights reserved.
+# Copyright 2023 Google LLC All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/scripts/readme-gen/readme_gen.py b/scripts/readme-gen/readme_gen.py
index 91b5967..1acc119 100644
--- a/scripts/readme-gen/readme_gen.py
+++ b/scripts/readme-gen/readme_gen.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python
-# Copyright 2016 Google Inc
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -33,17 +33,17 @@
autoescape=True,
)
-README_TMPL = jinja_env.get_template('README.tmpl.rst')
+README_TMPL = jinja_env.get_template("README.tmpl.rst")
def get_help(file):
- return subprocess.check_output(['python', file, '--help']).decode()
+ return subprocess.check_output(["python", file, "--help"]).decode()
def main():
parser = argparse.ArgumentParser()
- parser.add_argument('source')
- parser.add_argument('--destination', default='README.rst')
+ parser.add_argument("source")
+ parser.add_argument("--destination", default="README.rst")
args = parser.parse_args()
@@ -51,9 +51,9 @@ def main():
root = os.path.dirname(source)
destination = os.path.join(root, args.destination)
- jinja_env.globals['get_help'] = get_help
+ jinja_env.globals["get_help"] = get_help
- with io.open(source, 'r') as f:
+ with io.open(source, "r") as f:
config = yaml.load(f)
# This allows get_help to execute in the right directory.
@@ -61,9 +61,9 @@ def main():
output = README_TMPL.render(config)
- with io.open(destination, 'w') as f:
+ with io.open(destination, "w") as f:
f.write(output)
-if __name__ == '__main__':
+if __name__ == "__main__":
main()
diff --git a/setup.cfg b/setup.cfg
index c3a2b39..0523500 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
-# Copyright 2020 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/setup.py b/setup.py
index 72517dd..9fefb46 100644
--- a/setup.py
+++ b/setup.py
@@ -16,19 +16,20 @@
import os
import setuptools
+from setuptools import find_namespace_packages
# Package metadata.
name = "google-cloud-access-context-manager"
description = "Google Cloud Access Context Manager Protobufs"
-version = "0.1.16"
+version = "0.2.0"
# Should be one of:
# 'Development Status :: 3 - Alpha'
# 'Development Status :: 4 - Beta'
# 'Development Status :: 5 - Production/Stable'
release_status = "Development Status :: 4 - Beta"
dependencies = [
- "google-api-core[grpc] >= 1.34.0, <3.0.0dev,!=2.0.*,!=2.1.*,!=2.2.*,!=2.3.*,!=2.4.*,!=2.5.*,!=2.6.*,!=2.7.*,!=2.8.*,!=2.9.*,!=2.10.*",
+ "google-api-core[grpc] >= 1.34.1, <3.0.0dev,!=2.0.*,!=2.1.*,!=2.2.*,!=2.3.*,!=2.4.*,!=2.5.*,!=2.6.*,!=2.7.*,!=2.8.*,!=2.9.*,!=2.10.*",
"protobuf>=3.19.5,<5.0.0dev,!=3.20.0,!=3.20.1,!=4.21.1,!=4.21.2,!=4.21.3,!=4.21.4,!=4.21.5",
]
@@ -39,16 +40,6 @@
with io.open(readme_filename, encoding="utf-8") as readme_file:
readme = readme_file.read()
-# Only include packages under the 'google' namespace. Do not include tests,
-# benchmarks, etc.
-packages = [
- package for package in setuptools.find_packages() if package.startswith("google")
-]
-
-# Determine which namespaces are needed.
-namespaces = ["google"]
-namespaces.append("google.identity")
-
setuptools.setup(
name=name,
version=version,
@@ -67,12 +58,14 @@
"Programming Language :: Python :: 3.7",
"Programming Language :: Python :: 3.8",
"Programming Language :: Python :: 3.9",
+ "Programming Language :: Python :: 3.10",
+ "Programming Language :: Python :: 3.11",
+ "Programming Language :: Python :: 3.12",
"Operating System :: OS Independent",
"Topic :: Internet",
],
platforms="Posix; MacOS X; Windows",
- packages=packages,
- namespace_packages=namespaces,
+ packages=find_namespace_packages(exclude=("tests*", "testing*")),
install_requires=dependencies,
python_requires=">=3.7",
include_package_data=True,
diff --git a/google/identity/accesscontextmanager/__init__.py b/testing/constraints-3.11.txt
similarity index 100%
rename from google/identity/accesscontextmanager/__init__.py
rename to testing/constraints-3.11.txt
diff --git a/tests/.gitkeep b/testing/constraints-3.12.txt
similarity index 100%
rename from tests/.gitkeep
rename to testing/constraints-3.12.txt
diff --git a/testing/constraints-3.7.txt b/testing/constraints-3.7.txt
index 3c2947a..7a1c665 100644
--- a/testing/constraints-3.7.txt
+++ b/testing/constraints-3.7.txt
@@ -6,4 +6,4 @@
# e.g., if setup.py has "foo >= 1.14.0, < 2.0.0dev",
# Then this file should have foo==1.14.0
protobuf==3.19.5
-google-api-core==1.34.0
+google-api-core==1.34.1
diff --git a/google/__init__.py b/tests/unit/test_import.py
similarity index 66%
rename from google/__init__.py
rename to tests/unit/test_import.py
index 9a1b64a..d32d192 100644
--- a/google/__init__.py
+++ b/tests/unit/test_import.py
@@ -1,12 +1,12 @@
# -*- coding: utf-8 -*-
-#
+
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# https://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -14,11 +14,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-try:
- import pkg_resources
- pkg_resources.declare_namespace(__name__)
-except ImportError:
- import pkgutil
+from google.identity.accesscontextmanager.v1 import access_level_pb2
+
- __path__ = pkgutil.extend_path(__path__, __name__)
+def test_create_audit_log():
+ # just check that the import works
+ # and that an AuditLog instance can be instantiated
+ access_level_pb2.BasicLevel()
diff --git a/tests/unit/test_packaging.py b/tests/unit/test_packaging.py
new file mode 100644
index 0000000..01905d7
--- /dev/null
+++ b/tests/unit/test_packaging.py
@@ -0,0 +1,48 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+import subprocess
+import sys
+
+
+def test_namespace_package_compat(tmp_path):
+ # The ``google`` namespace package should not be masked
+ # by the presence of ``google-cloud-access-context-manager``.
+ google = tmp_path / "google"
+ google.mkdir()
+ google.joinpath("othermod.py").write_text("")
+ env = dict(os.environ, PYTHONPATH=str(tmp_path))
+ cmd = [sys.executable, "-m", "google.othermod"]
+ subprocess.check_call(cmd, env=env)
+
+ # The ``google.identity`` namespace package should not be masked
+ # by the presence of ``google-cloud-access-context-manager``.
+ google_identity = tmp_path / "google" / "identity"
+ google_identity.mkdir()
+ google_identity.joinpath("othermod.py").write_text("")
+ env = dict(os.environ, PYTHONPATH=str(tmp_path))
+ cmd = [sys.executable, "-m", "google.identity.othermod"]
+ subprocess.check_call(cmd, env=env)
+
+ # The ``google.identity.accesscontextmanager`` namespace package should not be masked
+ # by the presence of ``google-cloud-access-context-manager``.
+ google_identity_accesscontextmanager = (
+ tmp_path / "google" / "identity" / "accesscontextmanager"
+ )
+ google_identity_accesscontextmanager.mkdir()
+ google_identity_accesscontextmanager.joinpath("othermod.py").write_text("")
+ env = dict(os.environ, PYTHONPATH=str(tmp_path))
+ cmd = [sys.executable, "-m", "google.identity.accesscontextmanager.othermod"]
+ subprocess.check_call(cmd, env=env)