chore: Update discovery artifacts (#1306)
## Deleted keys were detected in the following pre-stable discovery artifacts:
bigqueryreservationv1beta1[ [More details]](https://github.com/googleapis/google-api-python-client/commit/6a8b3c6bd7aef8c84d5ba64410b29cabf056102b)
## Discovery Artifact Change Summary:
adexchangebuyer2v2beta1[ [More details]](https://github.com/googleapis/google-api-python-client/commit/949754477e811a0b490a35e7e7313bbd22918d8a)
artifactregistryv1beta2[ [More details]](https://github.com/googleapis/google-api-python-client/commit/3811667db343c8e4ca5479b668a14b4bceddd981)
bigquerydatatransferv1[ [More details]](https://github.com/googleapis/google-api-python-client/commit/f0071f5468eaa0320920fbee1489dbc2cb5e195f)
bigqueryreservationv1[ [More details]](https://github.com/googleapis/google-api-python-client/commit/6a8b3c6bd7aef8c84d5ba64410b29cabf056102b)
bigqueryreservationv1beta1[ [More details]](https://github.com/googleapis/google-api-python-client/commit/6a8b3c6bd7aef8c84d5ba64410b29cabf056102b)
bigtableadminv2[ [More details]](https://github.com/googleapis/google-api-python-client/commit/d1ce2408cf8bf7deaab38f7ecff96e9cb5d5a02d)
containerv1beta1[ [More details]](https://github.com/googleapis/google-api-python-client/commit/60a23f0cafcca5473a829e8b11280733f76a8271)
displayvideov1[ [More details]](https://github.com/googleapis/google-api-python-client/commit/559fa7cf4c7d300947bb556eb8c2830a751c7b11)
loggingv2[ [More details]](https://github.com/googleapis/google-api-python-client/commit/a3c1055968a4d9ac2448b0540bf4e2005be2958f)
serviceusagev1[ [More details]](https://github.com/googleapis/google-api-python-client/commit/e2a86e92aa0ab7cce0b936a764ea5440b35a62e9)
serviceusagev1beta1[ [More details]](https://github.com/googleapis/google-api-python-client/commit/e2a86e92aa0ab7cce0b936a764ea5440b35a62e9)
diff --git a/docs/dyn/cloudasset_v1beta1.projects.html b/docs/dyn/cloudasset_v1beta1.projects.html
index 929cc7e..0b85da0 100644
--- a/docs/dyn/cloudasset_v1beta1.projects.html
+++ b/docs/dyn/cloudasset_v1beta1.projects.html
@@ -249,14 +249,14 @@
],
"egressPolicies": [ # List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
{ # Policy for egress from perimeter. EgressPolicies match requests based on `egress_from` and `egress_to` stanzas. For an EgressPolicy to match, both `egress_from` and `egress_to` stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). EgressPolicies are concerned with the *resources* that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of EgressFrom and EgressTo.
- "egressFrom": { # Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. # Defines conditions on the source of a request causing this EgressPolicy to apply.
+ "egressFrom": { # Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. # Defines conditions on the source of a request causing this EgressPolicy to apply.
"identities": [ # A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
"A String",
],
"identityType": "A String", # Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
},
- "egressTo": { # Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. # Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
- "operations": [ # A list of ApiOperations that this egress rule applies to. A request matches if it contains an operation/service in this list.
+ "egressTo": { # Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter. # Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
+ "operations": [ # A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
{ # Identification for an API Operation.
"methodSelectors": [ # API methods or permissions to allow. Method or permission must belong to the service specified by `service_name` field. A single MethodSelector entry with `*` specified for the `method` field will allow all methods AND permissions for the service specified in `service_name`.
{ # An allowed method or permission of a service specified in ApiOperation.
@@ -267,7 +267,7 @@
"serviceName": "A String", # The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with `service_name` field set to `*` will allow all methods AND permissions for all services.
},
],
- "resources": [ # A list of resources, currently only projects in the form `projects/`, that match this to stanza. A request matches if it contains a resource in this list. If `*` is specified for resources, then this EgressTo rule will authorize access to all resources outside the perimeter.
+ "resources": [ # A list of resources, currently only projects in the form `projects/`, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If `*` is specified for `resources`, then this EgressTo rule will authorize access to all resources outside the perimeter.
"A String",
],
},
@@ -275,20 +275,20 @@
],
"ingressPolicies": [ # List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
{ # Policy for ingress into ServicePerimeter. IngressPolicies match requests based on `ingress_from` and `ingress_to` stanzas. For an ingress policy to match, both the `ingress_from` and `ingress_to` stanzas must be matched. If an IngressPolicy matches a request, the request is allowed through the perimeter boundary from outside the perimeter. For example, access from the internet can be allowed either based on an AccessLevel or, for traffic hosted on Google Cloud, the project of the source network. For access from private networks, using the project of the hosting network is required. Individual ingress policies can be limited by restricting which services and/or actions they match using the `ingress_to` field.
- "ingressFrom": { # Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request. # Defines the conditions on the source of a request causing this IngressPolicy to apply.
+ "ingressFrom": { # Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request. The request must satisfy what is defined in `sources` AND identity related fields in order to match. # Defines the conditions on the source of a request causing this IngressPolicy to apply.
"identities": [ # A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
"A String",
],
"identityType": "A String", # Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
"sources": [ # Sources that this IngressPolicy authorizes access from.
{ # The source that IngressPolicy authorizes access from.
- "accessLevel": "A String", # An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If `*` is specified, then all IngressSources will be allowed.
+ "accessLevel": "A String", # An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all IngressSources will be allowed.
"resource": "A String", # A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects are allowed. Format: `projects/{project_number}` The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in. `*` is not allowed, the case of allowing all Google Cloud resources only is not supported.
},
],
},
- "ingressTo": { # Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the destination of the request. # Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
- "operations": [ # A list of ApiOperations the sources specified in corresponding IngressFrom are allowed to perform in this ServicePerimeter.
+ "ingressTo": { # Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the target resource of the request. The request must satisfy what is defined in `operations` AND `resources` in order to match. # Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
+ "operations": [ # A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
{ # Identification for an API Operation.
"methodSelectors": [ # API methods or permissions to allow. Method or permission must belong to the service specified by `service_name` field. A single MethodSelector entry with `*` specified for the `method` field will allow all methods AND permissions for the service specified in `service_name`.
{ # An allowed method or permission of a service specified in ApiOperation.
@@ -299,7 +299,7 @@
"serviceName": "A String", # The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with `service_name` field set to `*` will allow all methods AND permissions for all services.
},
],
- "resources": [ # A list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. A request matches if it contains a resource in this list. If `*` is specified for resources, then this IngressTo rule will authorize access to all resources inside the perimeter, provided that the request also matches the `operations` field.
+ "resources": [ # A list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single `*` is specified, then access to all resources inside the perimeter are allowed.
"A String",
],
},
@@ -324,14 +324,14 @@
],
"egressPolicies": [ # List of EgressPolicies to apply to the perimeter. A perimeter may have multiple EgressPolicies, each of which is evaluated separately. Access is granted if any EgressPolicy grants it. Must be empty for a perimeter bridge.
{ # Policy for egress from perimeter. EgressPolicies match requests based on `egress_from` and `egress_to` stanzas. For an EgressPolicy to match, both `egress_from` and `egress_to` stanzas must be matched. If an EgressPolicy matches a request, the request is allowed to span the ServicePerimeter boundary. For example, an EgressPolicy can be used to allow VMs on networks within the ServicePerimeter to access a defined set of projects outside the perimeter in certain contexts (e.g. to read data from a Cloud Storage bucket or query against a BigQuery dataset). EgressPolicies are concerned with the *resources* that a request relates as well as the API services and API actions being used. They do not related to the direction of data movement. More detailed documentation for this concept can be found in the descriptions of EgressFrom and EgressTo.
- "egressFrom": { # Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. # Defines conditions on the source of a request causing this EgressPolicy to apply.
+ "egressFrom": { # Defines the conditions under which an EgressPolicy matches a request. Conditions based on information about the source of the request. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. # Defines conditions on the source of a request causing this EgressPolicy to apply.
"identities": [ # A list of identities that are allowed access through this [EgressPolicy]. Should be in the format of email address. The email address should represent individual user or service account only.
"A String",
],
"identityType": "A String", # Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
},
- "egressTo": { # Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. # Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
- "operations": [ # A list of ApiOperations that this egress rule applies to. A request matches if it contains an operation/service in this list.
+ "egressTo": { # Defines the conditions under which an EgressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the `resources` specified. Note that if the destination of the request is also protected by a ServicePerimeter, then that ServicePerimeter must have an IngressPolicy which allows access in order for this request to succeed. The request must match `operations` AND `resources` fields in order to be allowed egress out of the perimeter. # Defines the conditions on the ApiOperation and destination resources that cause this EgressPolicy to apply.
+ "operations": [ # A list of ApiOperations allowed to be performed by the sources specified in the corresponding EgressFrom. A request matches if it uses an operation/service in this list.
{ # Identification for an API Operation.
"methodSelectors": [ # API methods or permissions to allow. Method or permission must belong to the service specified by `service_name` field. A single MethodSelector entry with `*` specified for the `method` field will allow all methods AND permissions for the service specified in `service_name`.
{ # An allowed method or permission of a service specified in ApiOperation.
@@ -342,7 +342,7 @@
"serviceName": "A String", # The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with `service_name` field set to `*` will allow all methods AND permissions for all services.
},
],
- "resources": [ # A list of resources, currently only projects in the form `projects/`, that match this to stanza. A request matches if it contains a resource in this list. If `*` is specified for resources, then this EgressTo rule will authorize access to all resources outside the perimeter.
+ "resources": [ # A list of resources, currently only projects in the form `projects/`, that are allowed to be accessed by sources defined in the corresponding EgressFrom. A request matches if it contains a resource in this list. If `*` is specified for `resources`, then this EgressTo rule will authorize access to all resources outside the perimeter.
"A String",
],
},
@@ -350,20 +350,20 @@
],
"ingressPolicies": [ # List of IngressPolicies to apply to the perimeter. A perimeter may have multiple IngressPolicies, each of which is evaluated separately. Access is granted if any Ingress Policy grants it. Must be empty for a perimeter bridge.
{ # Policy for ingress into ServicePerimeter. IngressPolicies match requests based on `ingress_from` and `ingress_to` stanzas. For an ingress policy to match, both the `ingress_from` and `ingress_to` stanzas must be matched. If an IngressPolicy matches a request, the request is allowed through the perimeter boundary from outside the perimeter. For example, access from the internet can be allowed either based on an AccessLevel or, for traffic hosted on Google Cloud, the project of the source network. For access from private networks, using the project of the hosting network is required. Individual ingress policies can be limited by restricting which services and/or actions they match using the `ingress_to` field.
- "ingressFrom": { # Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request. # Defines the conditions on the source of a request causing this IngressPolicy to apply.
+ "ingressFrom": { # Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the source of the request. The request must satisfy what is defined in `sources` AND identity related fields in order to match. # Defines the conditions on the source of a request causing this IngressPolicy to apply.
"identities": [ # A list of identities that are allowed access through this ingress policy. Should be in the format of email address. The email address should represent individual user or service account only.
"A String",
],
"identityType": "A String", # Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of `identities` field will be allowed access.
"sources": [ # Sources that this IngressPolicy authorizes access from.
{ # The source that IngressPolicy authorizes access from.
- "accessLevel": "A String", # An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If `*` is specified, then all IngressSources will be allowed.
+ "accessLevel": "A String", # An AccessLevel resource name that allow resources within the ServicePerimeters to be accessed from the internet. AccessLevels listed must be in the same policy as this ServicePerimeter. Referencing a nonexistent AccessLevel will cause an error. If no AccessLevel names are listed, resources within the perimeter can only be accessed via Google Cloud calls with request origins within the perimeter. Example: `accessPolicies/MY_POLICY/accessLevels/MY_LEVEL`. If a single `*` is specified for `access_level`, then all IngressSources will be allowed.
"resource": "A String", # A Google Cloud resource that is allowed to ingress the perimeter. Requests from these resources will be allowed to access perimeter data. Currently only projects are allowed. Format: `projects/{project_number}` The project may be in any Google Cloud organization, not just the organization that the perimeter is defined in. `*` is not allowed, the case of allowing all Google Cloud resources only is not supported.
},
],
},
- "ingressTo": { # Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the destination of the request. # Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
- "operations": [ # A list of ApiOperations the sources specified in corresponding IngressFrom are allowed to perform in this ServicePerimeter.
+ "ingressTo": { # Defines the conditions under which an IngressPolicy matches a request. Conditions are based on information about the ApiOperation intended to be performed on the target resource of the request. The request must satisfy what is defined in `operations` AND `resources` in order to match. # Defines the conditions on the ApiOperation and request destination that cause this IngressPolicy to apply.
+ "operations": [ # A list of ApiOperations allowed to be performed by the sources specified in corresponding IngressFrom in this ServicePerimeter.
{ # Identification for an API Operation.
"methodSelectors": [ # API methods or permissions to allow. Method or permission must belong to the service specified by `service_name` field. A single MethodSelector entry with `*` specified for the `method` field will allow all methods AND permissions for the service specified in `service_name`.
{ # An allowed method or permission of a service specified in ApiOperation.
@@ -374,7 +374,7 @@
"serviceName": "A String", # The name of the API whose methods or permissions the IngressPolicy or EgressPolicy want to allow. A single ApiOperation with `service_name` field set to `*` will allow all methods AND permissions for all services.
},
],
- "resources": [ # A list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. A request matches if it contains a resource in this list. If `*` is specified for resources, then this IngressTo rule will authorize access to all resources inside the perimeter, provided that the request also matches the `operations` field.
+ "resources": [ # A list of resources, currently only projects in the form `projects/`, protected by this ServicePerimeter that are allowed to be accessed by sources defined in the corresponding IngressFrom. If a single `*` is specified, then access to all resources inside the perimeter are allowed.
"A String",
],
},