{ "auth": { "oauth2": { "scopes": { "https://www.googleapis.com/auth/cloud-platform": { "description": "View and manage your data across Google Cloud Platform services" } } } }, "basePath": "", "baseUrl": "https://iap.googleapis.com/", "batchPath": "batch", "canonicalName": "Cloud IAP", "description": "Controls access to cloud applications running on Google Cloud Platform.", "discoveryVersion": "v1", "documentationLink": "https://cloud.google.com/iap", "fullyEncodeReservedExpansion": true, "icons": { "x16": "http://www.google.com/images/icons/product/search-16.gif", "x32": "http://www.google.com/images/icons/product/search-32.gif" }, "id": "iap:v1", "kind": "discovery#restDescription", "name": "iap", "ownerDomain": "google.com", "ownerName": "Google", "parameters": { "$.xgafv": { "description": "V1 error format.", "enum": [ "1", "2" ], "enumDescriptions": [ "v1 error format", "v2 error format" ], "location": "query", "type": "string" }, "access_token": { "description": "OAuth access token.", "location": "query", "type": "string" }, "alt": { "default": "json", "description": "Data format for response.", "enum": [ "json", "media", "proto" ], "enumDescriptions": [ "Responses with Content-Type of application/json", "Media download with context-dependent Content-Type", "Responses with Content-Type of application/x-protobuf" ], "location": "query", "type": "string" }, "callback": { "description": "JSONP", "location": "query", "type": "string" }, "fields": { "description": "Selector specifying which fields to include in a partial response.", "location": "query", "type": "string" }, "key": { "description": "API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.", "location": "query", "type": "string" }, "oauth_token": { "description": "OAuth 2.0 token for the current user.", "location": "query", "type": "string" }, "prettyPrint": { "default": "true", "description": "Returns response with indentations and line breaks.", "location": "query", "type": "boolean" }, "quotaUser": { "description": "Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.", "location": "query", "type": "string" }, "uploadType": { "description": "Legacy upload protocol for media (e.g. \"media\", \"multipart\").", "location": "query", "type": "string" }, "upload_protocol": { "description": "Upload protocol for media (e.g. \"raw\", \"multipart\").", "location": "query", "type": "string" } }, "protocol": "rest", "resources": { "v1": { "methods": { "getIamPolicy": { "description": "Gets the access control policy for an Identity-Aware Proxy protected\nresource.\nMore information about managing access via IAP can be found at:\nhttps://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api", "flatPath": "v1/{v1Id}:getIamPolicy", "httpMethod": "POST", "id": "iap.getIamPolicy", "parameterOrder": [ "resource" ], "parameters": { "resource": { "description": "REQUIRED: The resource for which the policy is being requested.\nSee the operation documentation for the appropriate value for this field.", "location": "path", "pattern": "^.+$", "required": true, "type": "string" } }, "path": "v1/{+resource}:getIamPolicy", "request": { "$ref": "GetIamPolicyRequest" }, "response": { "$ref": "Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "setIamPolicy": { "description": "Sets the access control policy for an Identity-Aware Proxy protected\nresource. Replaces any existing policy.\nMore information about managing access via IAP can be found at:\nhttps://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api", "flatPath": "v1/{v1Id}:setIamPolicy", "httpMethod": "POST", "id": "iap.setIamPolicy", "parameterOrder": [ "resource" ], "parameters": { "resource": { "description": "REQUIRED: The resource for which the policy is being specified.\nSee the operation documentation for the appropriate value for this field.", "location": "path", "pattern": "^.+$", "required": true, "type": "string" } }, "path": "v1/{+resource}:setIamPolicy", "request": { "$ref": "SetIamPolicyRequest" }, "response": { "$ref": "Policy" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] }, "testIamPermissions": { "description": "Returns permissions that a caller has on the Identity-Aware Proxy protected\nresource.\nMore information about managing access via IAP can be found at:\nhttps://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api", "flatPath": "v1/{v1Id}:testIamPermissions", "httpMethod": "POST", "id": "iap.testIamPermissions", "parameterOrder": [ "resource" ], "parameters": { "resource": { "description": "REQUIRED: The resource for which the policy detail is being requested.\nSee the operation documentation for the appropriate value for this field.", "location": "path", "pattern": "^.+$", "required": true, "type": "string" } }, "path": "v1/{+resource}:testIamPermissions", "request": { "$ref": "TestIamPermissionsRequest" }, "response": { "$ref": "TestIamPermissionsResponse" }, "scopes": [ "https://www.googleapis.com/auth/cloud-platform" ] } } } }, "revision": "20190306", "rootUrl": "https://iap.googleapis.com/", "schemas": { "Binding": { "description": "Associates `members` with a `role`.", "id": "Binding", "properties": { "condition": { "$ref": "Expr", "description": "Unimplemented. The condition that is associated with this binding.\nNOTE: an unsatisfied condition will not allow user access via current\nbinding. Different bindings, including their conditions, are examined\nindependently." }, "members": { "description": "Specifies the identities requesting access for a Cloud Platform resource.\n`members` can have the following values:\n\n* `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n* `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n* `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@gmail.com` .\n\n\n* `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n* `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n\n* `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n", "items": { "type": "string" }, "type": "array" }, "role": { "description": "Role that is assigned to `members`.\nFor example, `roles/viewer`, `roles/editor`, or `roles/owner`.", "type": "string" } }, "type": "object" }, "Expr": { "description": "Represents an expression text. Example:\n\n title: \"User account presence\"\n description: \"Determines whether the request has a user account\"\n expression: \"size(request.user) \u003e 0\"", "id": "Expr", "properties": { "description": { "description": "An optional description of the expression. This is a longer text which\ndescribes the expression, e.g. when hovered over it in a UI.", "type": "string" }, "expression": { "description": "Textual representation of an expression in\nCommon Expression Language syntax.\n\nThe application context of the containing message determines which\nwell-known feature set of CEL is supported.", "type": "string" }, "location": { "description": "An optional string indicating the location of the expression for error\nreporting, e.g. a file name and a position in the file.", "type": "string" }, "title": { "description": "An optional title for the expression, i.e. a short string describing\nits purpose. This can be used e.g. in UIs which allow to enter the\nexpression.", "type": "string" } }, "type": "object" }, "GetIamPolicyRequest": { "description": "Request message for `GetIamPolicy` method.", "id": "GetIamPolicyRequest", "properties": {}, "type": "object" }, "Policy": { "description": "Defines an Identity and Access Management (IAM) policy. It is used to\nspecify access control policies for Cloud Platform resources.\n\n\nA `Policy` consists of a list of `bindings`. A `binding` binds a list of\n`members` to a `role`, where the members can be user accounts, Google groups,\nGoogle domains, and service accounts. A `role` is a named list of permissions\ndefined by IAM.\n\n**JSON Example**\n\n {\n \"bindings\": [\n {\n \"role\": \"roles/owner\",\n \"members\": [\n \"user:mike@example.com\",\n \"group:admins@example.com\",\n \"domain:google.com\",\n \"serviceAccount:my-other-app@appspot.gserviceaccount.com\"\n ]\n },\n {\n \"role\": \"roles/viewer\",\n \"members\": [\"user:sean@example.com\"]\n }\n ]\n }\n\n**YAML Example**\n\n bindings:\n - members:\n - user:mike@example.com\n - group:admins@example.com\n - domain:google.com\n - serviceAccount:my-other-app@appspot.gserviceaccount.com\n role: roles/owner\n - members:\n - user:sean@example.com\n role: roles/viewer\n\n\nFor a description of IAM and its features, see the\n[IAM developer's guide](https://cloud.google.com/iam/docs).", "id": "Policy", "properties": { "bindings": { "description": "Associates a list of `members` to a `role`.\n`bindings` with no members will result in an error.", "items": { "$ref": "Binding" }, "type": "array" }, "etag": { "description": "`etag` is used for optimistic concurrency control as a way to help\nprevent simultaneous updates of a policy from overwriting each other.\nIt is strongly suggested that systems make use of the `etag` in the\nread-modify-write cycle to perform policy updates in order to avoid race\nconditions: An `etag` is returned in the response to `getIamPolicy`, and\nsystems are expected to put that etag in the request to `setIamPolicy` to\nensure that their change will be applied to the same version of the policy.\n\nIf no `etag` is provided in the call to `setIamPolicy`, then the existing\npolicy is overwritten blindly.", "format": "byte", "type": "string" }, "version": { "description": "Deprecated.", "format": "int32", "type": "integer" } }, "type": "object" }, "SetIamPolicyRequest": { "description": "Request message for `SetIamPolicy` method.", "id": "SetIamPolicyRequest", "properties": { "policy": { "$ref": "Policy", "description": "REQUIRED: The complete policy to be applied to the `resource`. The size of\nthe policy is limited to a few 10s of KB. An empty policy is a\nvalid policy but certain Cloud Platform services (such as Projects)\nmight reject them." } }, "type": "object" }, "TestIamPermissionsRequest": { "description": "Request message for `TestIamPermissions` method.", "id": "TestIamPermissionsRequest", "properties": { "permissions": { "description": "The set of permissions to check for the `resource`. Permissions with\nwildcards (such as '*' or 'storage.*') are not allowed. For more\ninformation see\n[IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).", "items": { "type": "string" }, "type": "array" } }, "type": "object" }, "TestIamPermissionsResponse": { "description": "Response message for `TestIamPermissions` method.", "id": "TestIamPermissionsResponse", "properties": { "permissions": { "description": "A subset of `TestPermissionsRequest.permissions` that the caller is\nallowed.", "items": { "type": "string" }, "type": "array" } }, "type": "object" } }, "servicePath": "", "title": "Cloud Identity-Aware Proxy API", "version": "v1", "version_module": true }